bright/bright-mdf-a6300-sw1.cfg Thu Jan 15 07:51:48 PM EST 2026

fortigate-backup Thu Jan 15 07:51:48 PM EST 2026
fortigate Thu Jan 15 07:51:48 PM EST 2026
2026-01-15 19:51:51 -05:00 · 2026-01-15 19:51:49 -05:00 · 2026-01-15 19:51:49 -05:00
3 changed files with 755 additions and 472 deletions
--- a/configs/bright/bright-mdf-a6300-sw1.cfg
+++ b/configs/bright/bright-mdf-a6300-sw1.cfg
@ -390,12 +390,27 @@ interface 1/1/9
    description Auto
    no shutdown
    no routing
-    vlan access 539
+    vlan access 168
+    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    port-access onboarding-method concurrent enable
+    aaa authentication port-access allow-cdp-bpdu
+    aaa authentication port-access allow-lldp-bpdu
+    aaa authentication port-access client-limit 3
+    aaa authentication port-access dot1x authenticator
+        cached-reauth
+        cached-reauth-period 86400
+        reauth
+        enable
+    aaa authentication port-access mac-auth
+        cached-reauth
+        cached-reauth-period 86400
+        quiet-period 30
+        reauth
+        enable
    client track ip enable
    client track ip update-interval 120
    power-over-ethernet pre-std-detect
@ -431,12 +446,27 @@ interface 1/1/11
    description Auto
    no shutdown
    no routing
-    vlan access 539
+    vlan access 168
+    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    port-access onboarding-method concurrent enable
+    aaa authentication port-access allow-cdp-bpdu
+    aaa authentication port-access allow-lldp-bpdu
+    aaa authentication port-access client-limit 3
+    aaa authentication port-access dot1x authenticator
+        cached-reauth
+        cached-reauth-period 86400
+        reauth
+        enable
+    aaa authentication port-access mac-auth
+        cached-reauth
+        cached-reauth-period 86400
+        quiet-period 30
+        reauth
+        enable
    client track ip enable
    client track ip update-interval 120
    power-over-ethernet pre-std-detect
@ -444,12 +474,27 @@ interface 1/1/12
    description Auto
    no shutdown
    no routing
-    vlan access 539
+    vlan access 168
+    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    port-access onboarding-method concurrent enable
+    aaa authentication port-access allow-cdp-bpdu
+    aaa authentication port-access allow-lldp-bpdu
+    aaa authentication port-access client-limit 3
+    aaa authentication port-access dot1x authenticator
+        cached-reauth
+        cached-reauth-period 86400
+        reauth
+        enable
+    aaa authentication port-access mac-auth
+        cached-reauth
+        cached-reauth-period 86400
+        quiet-period 30
+        reauth
+        enable
    client track ip enable
    client track ip update-interval 120
    power-over-ethernet pre-std-detect
@ -457,12 +502,27 @@ interface 1/1/13
    description Auto
    no shutdown
    no routing
-    vlan access 539
+    vlan access 168
+    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    port-access onboarding-method concurrent enable
+    aaa authentication port-access allow-cdp-bpdu
+    aaa authentication port-access allow-lldp-bpdu
+    aaa authentication port-access client-limit 3
+    aaa authentication port-access dot1x authenticator
+        cached-reauth
+        cached-reauth-period 86400
+        reauth
+        enable
+    aaa authentication port-access mac-auth
+        cached-reauth
+        cached-reauth-period 86400
+        quiet-period 30
+        reauth
+        enable
    client track ip enable
    client track ip update-interval 120
    power-over-ethernet pre-std-detect
@ -638,12 +698,27 @@ interface 1/1/20
    description Auto
    no shutdown
    no routing
-    vlan access 539
+    vlan access 168
+    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    port-access onboarding-method concurrent enable
+    aaa authentication port-access allow-cdp-bpdu
+    aaa authentication port-access allow-lldp-bpdu
+    aaa authentication port-access client-limit 3
+    aaa authentication port-access dot1x authenticator
+        cached-reauth
+        cached-reauth-period 86400
+        reauth
+        enable
+    aaa authentication port-access mac-auth
+        cached-reauth
+        cached-reauth-period 86400
+        quiet-period 30
+        reauth
+        enable
    client track ip enable
    client track ip update-interval 120
    power-over-ethernet pre-std-detect
@ -744,6 +819,7 @@ interface 1/1/24
    port-access onboarding-method concurrent enable
    aaa authentication port-access allow-cdp-bpdu
    aaa authentication port-access allow-lldp-bpdu
+    aaa authentication port-access client-limit 3
    aaa authentication port-access dot1x authenticator
        cached-reauth
        cached-reauth-period 86400
@ -762,12 +838,27 @@ interface 1/1/25
    description Auto
    no shutdown
    no routing
-    vlan access 539
+    vlan access 168
+    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    port-access onboarding-method concurrent enable
+    aaa authentication port-access allow-cdp-bpdu
+    aaa authentication port-access allow-lldp-bpdu
+    aaa authentication port-access client-limit 3
+    aaa authentication port-access dot1x authenticator
+        cached-reauth
+        cached-reauth-period 86400
+        reauth
+        enable
+    aaa authentication port-access mac-auth
+        cached-reauth
+        cached-reauth-period 86400
+        quiet-period 30
+        reauth
+        enable
    client track ip enable
    client track ip update-interval 120
    power-over-ethernet pre-std-detect
@ -803,12 +894,27 @@ interface 1/1/27
    description Auto
    no shutdown
    no routing
-    vlan access 539
+    vlan access 168
+    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    port-access onboarding-method concurrent enable
+    aaa authentication port-access allow-cdp-bpdu
+    aaa authentication port-access allow-lldp-bpdu
+    aaa authentication port-access client-limit 3
+    aaa authentication port-access dot1x authenticator
+        cached-reauth
+        cached-reauth-period 86400
+        reauth
+        enable
+    aaa authentication port-access mac-auth
+        cached-reauth
+        cached-reauth-period 86400
+        quiet-period 30
+        reauth
+        enable
    client track ip enable
    client track ip update-interval 120
    power-over-ethernet pre-std-detect
@ -816,12 +922,27 @@ interface 1/1/28
    description Auto
    no shutdown
    no routing
-    vlan access 539
+    vlan access 168
+    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    port-access onboarding-method concurrent enable
+    aaa authentication port-access allow-cdp-bpdu
+    aaa authentication port-access allow-lldp-bpdu
+    aaa authentication port-access client-limit 3
+    aaa authentication port-access dot1x authenticator
+        cached-reauth
+        cached-reauth-period 86400
+        reauth
+        enable
+    aaa authentication port-access mac-auth
+        cached-reauth
+        cached-reauth-period 86400
+        quiet-period 30
+        reauth
+        enable
    client track ip enable
    client track ip update-interval 120
    power-over-ethernet pre-std-detect
@ -969,12 +1090,27 @@ interface 1/1/34
    description Auto
    no shutdown
    no routing
-    vlan access 539
+    vlan access 168
+    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    port-access onboarding-method concurrent enable
+    aaa authentication port-access allow-cdp-bpdu
+    aaa authentication port-access allow-lldp-bpdu
+    aaa authentication port-access client-limit 3
+    aaa authentication port-access dot1x authenticator
+        cached-reauth
+        cached-reauth-period 86400
+        reauth
+        enable
+    aaa authentication port-access mac-auth
+        cached-reauth
+        cached-reauth-period 86400
+        quiet-period 30
+        reauth
+        enable
    client track ip enable
    client track ip update-interval 120
    power-over-ethernet pre-std-detect
@ -1318,21 +1454,56 @@ interface 1/1/47
    description Auto
    no shutdown
    no routing
-    vlan access 3046
-    spanning-tree port-type admin-edge
-    loop-protect
-    dhcpv4-snooping trust
-    power-over-ethernet pre-std-detect
-interface 1/1/48
-    description Auto
-    no shutdown
-    no routing
-    vlan access 539
+    vlan access 168
+    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    port-access onboarding-method concurrent enable
+    aaa authentication port-access allow-cdp-bpdu
+    aaa authentication port-access allow-lldp-bpdu
+    aaa authentication port-access client-limit 3
+    aaa authentication port-access dot1x authenticator
+        cached-reauth
+        cached-reauth-period 86400
+        reauth
+        enable
+    aaa authentication port-access mac-auth
+        cached-reauth
+        cached-reauth-period 86400
+        quiet-period 30
+        reauth
+        enable
+    dhcpv4-snooping trust
+    client track ip enable
+    client track ip update-interval 120
+    power-over-ethernet pre-std-detect
+interface 1/1/48
+    description Auto
+    no shutdown
+    no routing
+    vlan access 168
+    spanning-tree bpdu-guard
+    spanning-tree port-type admin-edge
+    spanning-tree root-guard
+    spanning-tree tcn-guard
+    loop-protect
+    port-access onboarding-method concurrent enable
+    aaa authentication port-access allow-cdp-bpdu
+    aaa authentication port-access allow-lldp-bpdu
+    aaa authentication port-access client-limit 3
+    aaa authentication port-access dot1x authenticator
+        cached-reauth
+        cached-reauth-period 86400
+        reauth
+        enable
+    aaa authentication port-access mac-auth
+        cached-reauth
+        cached-reauth-period 86400
+        quiet-period 30
+        reauth
+        enable
    client track ip enable
    client track ip update-interval 120
    power-over-ethernet pre-std-detect
--- a/configs/fortigate/fortigate.conf
+++ b/configs/fortigate/fortigate.conf
--- a/configs/fortigate/vdom_scsd/firewall.cfg
+++ b/configs/fortigate/vdom_scsd/firewall.cfg
@ -2813,6 +2813,11 @@ config firewall address
        set start-ip 10.7.112.11
        set end-ip 10.7.127.254
    next
+    edit "Oracle Cloud IP"
+        set comment "Oracle Cloud IP\'s"
+        set associated-interface "outside"
+        set subnet 147.154.0.0 255.255.192.0
+    next
 end
 config firewall multicast-address
    edit "all_hosts"
@ -5903,13 +5908,28 @@ config firewall policy
        set srcaddr "United_States"
        set dstaddr "vip-PrintOC"
        set schedule "always"
-        set service "HTTPS" "SSH"
+        set service "HTTPS"
        set utm-status enable
        set ssl-ssh-profile "certificate-inspection"
        set ips-sensor "Incoming_IPS"
        set logtraffic all
        set comments "Oracle Web Printer"
    next
+    edit 122
+        set name "Print-OC_SFTP"
+        set srcintf "outside"
+        set dstintf "inside"
+        set action accept
+        set srcaddr "Oracle Cloud IP"
+        set dstaddr "vip-PrintOC"
+        set schedule "always"
+        set service "SSH"
+        set utm-status enable
+        set ssl-ssh-profile "certificate-inspection"
+        set ips-sensor "Incoming_IPS"
+        set logtraffic all
+        set comments "Oracle Web Printer (Copy of PrintOC) (Copy of )"
+    next
    edit 10184
        set name "ESS"
        set srcintf "outside"
Author	SHA1	Message	Date
John Poland	f7d36e09ab	bright/bright-mdf-a6300-sw1.cfg Thu Jan 15 07:51:48 PM EST 2026	2026-01-15 19:51:51 -05:00
John Poland	49becc85d8	fortigate-backup Thu Jan 15 07:51:48 PM EST 2026	2026-01-15 19:51:49 -05:00
John Poland	c063b3072e	fortigate Thu Jan 15 07:51:48 PM EST 2026	2026-01-15 19:51:49 -05:00