scsd/scsd-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: scsd:b22faf1d23e7cc15340e759cb5a31dfd506701a0
Branches Tags
scsd:main
...
compare: scsd:1170aeba0d8c3d6cd9ed25c0d28e67364899f756
Branches Tags
scsd:main

3 Commits
b22faf1d23 ... 1170aeba0d

Author SHA1 Message Date
John Poland
1170aeba0d mckin/mckin-idf1-a6300-sw1.cfg Wed Jan 21 07:42:58 PM EST 2026 2026-01-21 19:43:00 -05:00
John Poland
0a856be6c9 fortigate-backup Wed Jan 21 07:42:58 PM EST 2026 2026-01-21 19:42:58 -05:00
John Poland
651684ad05 fortigate Wed Jan 21 07:42:58 PM EST 2026 2026-01-21 19:42:58 -05:00
4 changed files with 829 additions and 467 deletions
Show Stats Expand all files Collapse all files

1208
configs/fortigate/fortigate.conf
View File

File diff suppressed because it is too large Load Diff

62
configs/fortigate/vdom_scsd/firewall.cfg
View File

@ -2818,6 +2818,12 @@ config firewall address
set associated-interface "outside" set associated-interface "outside"
set subnet 147.154.0.0 255.255.192.0 set subnet 147.154.0.0 255.255.192.0
next next
edit "CNYWorks_10.68.0.0/16"
set subnet 10.68.0.0 255.255.0.0
next
edit "CNYWorks_MGMT"
set subnet 192.168.68.0 255.255.255.0
next
end end
config firewall multicast-address config firewall multicast-address
edit "all_hosts" edit "all_hosts"
@ -5885,6 +5891,24 @@ config firewall policy
set application-list "App_Ctrl_1" set application-list "App_Ctrl_1"
set logtraffic all set logtraffic all
next next
edit 124
set status disable
set name "CNYWorks>SCSD"
set srcintf "CNYWorks"
set dstintf "inside"
set action accept
set srcaddr "CNYWorks_10.68.0.0/16" "CNYWorks_MGMT"
set dstaddr "all"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set av-profile "g-default"
set ips-sensor "Incoming_IPS"
set application-list "App_Ctrl_1"
set logtraffic all
set comments " (Copy of RAP>Inside>DCs) (Copy of )"
next
edit 10150 edit 10150
set name "Tableau" set name "Tableau"
set srcintf "outside" set srcintf "outside"
@ -6007,6 +6031,24 @@ config firewall policy
set logtraffic all set logtraffic all
set comments " (Copy of RAP>Inside>DCs) (Reverse of RAP>Inside>DCs)" set comments " (Copy of RAP>Inside>DCs) (Reverse of RAP>Inside>DCs)"
next next
edit 123
set status disable
set name "Servers>CNYWorks"
set srcintf "inside"
set dstintf "CNYWorks"
set action accept
set srcaddr "all"
set dstaddr "CNYWorks_10.68.0.0/16" "CNYWorks_MGMT"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set av-profile "g-default"
set ips-sensor "Incoming_IPS"
set application-list "App_Ctrl_1"
set logtraffic all
set comments "Allow traffic from internal network to remote network at CNYWorks"
next
edit 95 edit 95
set name "SCSD -> DPS" set name "SCSD -> DPS"
set srcintf "inside" set srcintf "inside"
@ -6040,6 +6082,26 @@ config firewall policy
set ippool enable set ippool enable
set poolname "ippool-198.36.23.253" set poolname "ippool-198.36.23.253"
next next
edit 125
set status disable
set name "CNYWorks Internet Access"
set srcintf "CNYWorks" "inside"
set dstintf "outside"
set action accept
set srcaddr "IPv4-Private-All-RFC1918" "VPN-Range"
set dstaddr "all"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set av-profile "g-default"
set ips-sensor "Outgoing_IPS"
set application-list "App_Ctrl_1"
set logtraffic all
set nat enable
set ippool enable
set poolname "ippool-198.36.23.251" "ippool-198.36.23.252" "ippool-198.36.23.253" "ippool-198.36.23.254"
next
end end
config firewall DoS-policy config firewall DoS-policy
edit 1 edit 1

8
configs/fortigate/vdom_scsd/router.cfg
View File

@ -241,6 +241,14 @@ config router static
set dst 192.168.167.0 255.255.255.0 set dst 192.168.167.0 255.255.255.0
set device "RAP" set device "RAP"
next next
edit 39
set dst 10.68.0.0 255.255.0.0
set device "CNYWorks"
next
edit 40
set dst 192.168.68.0 255.255.255.0
set device "CNYWorks"
next
end end
config router ospf config router ospf
config redistribute "connected" config redistribute "connected"

18
configs/mckin/mckin-idf1-a6300-sw1.cfg
View File

@ -3467,30 +3467,16 @@ interface 3/1/23
client track ip update-interval 120 client track ip update-interval 120
power-over-ethernet pre-std-detect power-over-ethernet pre-std-detect
interface 3/1/24 interface 3/1/24
description Auto description -TO Bosch Intrusion-
no shutdown no shutdown
no routing no routing
vlan access 168 vlan access 70
spanning-tree bpdu-guard spanning-tree bpdu-guard
spanning-tree port-type admin-edge spanning-tree port-type admin-edge
spanning-tree root-guard spanning-tree root-guard
spanning-tree tcn-guard spanning-tree tcn-guard
loop-protect loop-protect
port-access onboarding-method concurrent enable port-access onboarding-method concurrent enable
aaa authentication port-access allow-cdp-bpdu
aaa authentication port-access allow-lldp-bpdu
aaa authentication port-access client-limit 3
aaa authentication port-access dot1x authenticator
cached-reauth
cached-reauth-period 86400
reauth
enable
aaa authentication port-access mac-auth
cached-reauth
cached-reauth-period 86400
quiet-period 30
reauth
enable
client track ip enable client track ip enable
client track ip update-interval 120 client track ip update-interval 120
power-over-ethernet pre-std-detect power-over-ethernet pre-std-detect