mckin/mckin-idf1-a6300-sw1.cfg Wed Jan 21 07:42:58 PM EST 2026

fortigate-backup Wed Jan 21 07:42:58 PM EST 2026
fortigate Wed Jan 21 07:42:58 PM EST 2026
2026-01-21 19:43:00 -05:00 · 2026-01-21 19:42:58 -05:00 · 2026-01-21 19:42:58 -05:00
4 changed files with 829 additions and 467 deletions
--- a/configs/fortigate/fortigate.conf
+++ b/configs/fortigate/fortigate.conf
--- a/configs/fortigate/vdom_scsd/firewall.cfg
+++ b/configs/fortigate/vdom_scsd/firewall.cfg
@ -2818,6 +2818,12 @@ config firewall address
        set associated-interface "outside"
        set subnet 147.154.0.0 255.255.192.0
    next
+    edit "CNYWorks_10.68.0.0/16"
+        set subnet 10.68.0.0 255.255.0.0
+    next
+    edit "CNYWorks_MGMT"
+        set subnet 192.168.68.0 255.255.255.0
+    next
 end
 config firewall multicast-address
    edit "all_hosts"
@ -5885,6 +5891,24 @@ config firewall policy
        set application-list "App_Ctrl_1"
        set logtraffic all
    next
+    edit 124
+        set status disable
+        set name "CNYWorks>SCSD"
+        set srcintf "CNYWorks"
+        set dstintf "inside"
+        set action accept
+        set srcaddr "CNYWorks_10.68.0.0/16" "CNYWorks_MGMT"
+        set dstaddr "all"
+        set schedule "always"
+        set service "ALL"
+        set utm-status enable
+        set ssl-ssh-profile "certificate-inspection"
+        set av-profile "g-default"
+        set ips-sensor "Incoming_IPS"
+        set application-list "App_Ctrl_1"
+        set logtraffic all
+        set comments " (Copy of RAP>Inside>DCs) (Copy of )"
+    next
    edit 10150
        set name "Tableau"
        set srcintf "outside"
@ -6007,6 +6031,24 @@ config firewall policy
        set logtraffic all
        set comments " (Copy of RAP>Inside>DCs) (Reverse of RAP>Inside>DCs)"
    next
+    edit 123
+        set status disable
+        set name "Servers>CNYWorks"
+        set srcintf "inside"
+        set dstintf "CNYWorks"
+        set action accept
+        set srcaddr "all"
+        set dstaddr "CNYWorks_10.68.0.0/16" "CNYWorks_MGMT"
+        set schedule "always"
+        set service "ALL"
+        set utm-status enable
+        set ssl-ssh-profile "certificate-inspection"
+        set av-profile "g-default"
+        set ips-sensor "Incoming_IPS"
+        set application-list "App_Ctrl_1"
+        set logtraffic all
+        set comments "Allow traffic from internal network to remote network at CNYWorks"
+    next
    edit 95
        set name "SCSD -> DPS"
        set srcintf "inside"
@ -6040,6 +6082,26 @@ config firewall policy
        set ippool enable
        set poolname "ippool-198.36.23.253"
    next
+    edit 125
+        set status disable
+        set name "CNYWorks Internet Access"
+        set srcintf "CNYWorks" "inside"
+        set dstintf "outside"
+        set action accept
+        set srcaddr "IPv4-Private-All-RFC1918" "VPN-Range"
+        set dstaddr "all"
+        set schedule "always"
+        set service "ALL"
+        set utm-status enable
+        set ssl-ssh-profile "certificate-inspection"
+        set av-profile "g-default"
+        set ips-sensor "Outgoing_IPS"
+        set application-list "App_Ctrl_1"
+        set logtraffic all
+        set nat enable
+        set ippool enable
+        set poolname "ippool-198.36.23.251" "ippool-198.36.23.252" "ippool-198.36.23.253" "ippool-198.36.23.254"
+    next
 end
 config firewall DoS-policy
    edit 1
--- a/configs/fortigate/vdom_scsd/router.cfg
+++ b/configs/fortigate/vdom_scsd/router.cfg
@ -241,6 +241,14 @@ config router static
        set dst 192.168.167.0 255.255.255.0
        set device "RAP"
    next
+    edit 39
+        set dst 10.68.0.0 255.255.0.0
+        set device "CNYWorks"
+    next
+    edit 40
+        set dst 192.168.68.0 255.255.255.0
+        set device "CNYWorks"
+    next
 end
 config router ospf
    config redistribute "connected"
--- a/configs/mckin/mckin-idf1-a6300-sw1.cfg
+++ b/configs/mckin/mckin-idf1-a6300-sw1.cfg
@ -3467,30 +3467,16 @@ interface 3/1/23
    client track ip update-interval 120
    power-over-ethernet pre-std-detect
 interface 3/1/24
-    description Auto
+    description -TO Bosch Intrusion-
    no shutdown
    no routing
-    vlan access 168
+    vlan access 70
    spanning-tree bpdu-guard
    spanning-tree port-type admin-edge
    spanning-tree root-guard
    spanning-tree tcn-guard
    loop-protect
    port-access onboarding-method concurrent enable
-    aaa authentication port-access allow-cdp-bpdu
-    aaa authentication port-access allow-lldp-bpdu
-    aaa authentication port-access client-limit 3
-    aaa authentication port-access dot1x authenticator
-        cached-reauth
-        cached-reauth-period 86400
-        reauth
-        enable
-    aaa authentication port-access mac-auth
-        cached-reauth
-        cached-reauth-period 86400
-        quiet-period 30
-        reauth
-        enable
    client track ip enable
    client track ip update-interval 120
    power-over-ethernet pre-std-detect
Author	SHA1	Message	Date
John Poland	1170aeba0d	mckin/mckin-idf1-a6300-sw1.cfg Wed Jan 21 07:42:58 PM EST 2026	2026-01-21 19:43:00 -05:00
John Poland	0a856be6c9	fortigate-backup Wed Jan 21 07:42:58 PM EST 2026	2026-01-21 19:42:58 -05:00
John Poland	651684ad05	fortigate Wed Jan 21 07:42:58 PM EST 2026	2026-01-21 19:42:58 -05:00