delaware/delaware-mdf-4507.cfg Mon Mar 9 08:32:36 PM EDT 2026

corcoran/corcoran-mdf-4507.cfg Mon Mar 9 08:32:36 PM EDT 2026
shea/shea-4507-1.cfg Mon Mar 9 08:32:36 PM EDT 2026
2026-03-09 20:32:38 -04:00 · 2026-03-09 20:32:37 -04:00 · 2026-03-09 20:32:37 -04:00 · 2026-03-09 20:32:37 -04:00 · 2026-03-09 20:32:37 -04:00
5 changed files with 546 additions and 466 deletions
--- a/configs/corcoran/corcoran-mdf-4507.cfg
+++ b/configs/corcoran/corcoran-mdf-4507.cfg
@ -1,9 +1,9 @@
 Building configuration...

-Current configuration : 32633 bytes
+Current configuration : 33447 bytes
 !
-! Last configuration change at 14:08:58 EST Fri Mar 6 2026 by estein66.admin
-! NVRAM config last updated at 14:09:28 EST Fri Mar 6 2026 by estein66.admin
+! Last configuration change at 08:19:58 EDT Mon Mar 9 2026 by estein66.admin
+! NVRAM config last updated at 08:26:47 EDT Mon Mar 9 2026 by estein66.admin
 !
 version 15.2
 no service pad
@ -115,6 +115,20 @@ archive
 path bootflash:
 maximum 5
 file privilege 10
+object-group network day-enterprise-servers 
+ description day-enterprise-servers
+ host 10.1.230.11
+ host 10.1.40.108
+!
+object-group network dns-servers 
+ description Internal-DNS-Servers
+ host 10.1.40.10
+ host 10.1.48.11
+!
+object-group network ntp-servers 
+ host 10.1.40.154
+ host 10.1.48.103
+!
 !
 spanning-tree mode rapid-pvst
 spanning-tree loopguard default
@ -975,6 +989,7 @@ interface Vlan107
 !
 interface Vlan230
 ip address 10.7.230.1 255.255.255.224
+ ip access-group hvac in
 !
 interface Vlan501
 description to Ring #1 CCF Service #S200279
@ -1076,6 +1091,16 @@ ip access-list extended AutoQos-4.0-ACL-Transactional-Data
 ip access-list extended dhcpcap
 permit udp host 10.1.40.20 any
 permit udp host 10.21.48.20 any
+ip access-list extended hvac
+ permit ip 10.7.230.0 0.0.0.31 object-group day-enterprise-servers
+ permit udp 10.7.230.0 0.0.0.31 object-group dns-servers eq domain
+ permit udp 10.7.230.0 0.0.0.31 object-group ntp-servers eq ntp
+ permit icmp 10.7.230.0 0.0.0.31 host 10.7.230.1
+ permit icmp host 10.7.230.1 10.7.230.0 0.0.0.31
+ deny   ip any 10.0.0.0 0.255.255.255
+ deny   ip any 192.168.0.0 0.0.255.255
+ deny   ip any 172.16.0.0 0.15.255.255
+ permit tcp 10.7.230.0 0.0.0.31 any eq 587 log-input
 ip access-list extended users
 deny   ip any 192.168.0.0 0.0.255.255
 permit ip any any
--- a/configs/delaware/delaware-mdf-4507.cfg
+++ b/configs/delaware/delaware-mdf-4507.cfg
@ -1,8 +1,9 @@
 Building configuration...

-Current configuration : 36756 bytes
+Current configuration : 37672 bytes
 !
-! Last configuration change at 05:56:13 EDT Mon Oct 20 2025
+! Last configuration change at 16:13:28 EDT Mon Mar 9 2026 by estein66.admin
+! NVRAM config last updated at 16:13:32 EDT Mon Mar 9 2026 by estein66.admin
 !
 version 15.2
 no service pad
@ -129,6 +130,16 @@ archive
 path bootflash:
 maximum 5
 file privilege 10
+object-group network day-enterprise-servers 
+ description day-enterprise-servers
+ host 10.1.230.11
+ host 10.1.40.108
+!
+object-group network dns-servers 
+ description Internal-DNS-Servers
+ host 10.1.40.10
+ host 10.1.48.11
+!
 object-group network netadmin-hosts 
 description SCSD Network Administrators Hosts
 !
@ -138,6 +149,10 @@ object-group network netadmins-hosts
 host 10.1.6.126
 host 10.1.6.32
 !
+object-group network ntp-servers 
+ host 10.1.40.154
+ host 10.1.48.103
+!
 !
 spanning-tree mode rapid-pvst
 spanning-tree loopguard default
@ -1120,6 +1135,7 @@ interface Vlan107
 !
 interface Vlan230
 ip address 10.22.230.1 255.255.255.224
+ ip access-group hvac in
 !
 interface Vlan503
 description to Ring #3 CCF Service #S200281
@ -1223,6 +1239,16 @@ ip access-list extended AutoQos-4.0-ACL-Transactional-Data
 permit udp any any eq 1575
 permit tcp any any eq 1630
 permit udp any any eq 1630
+ip access-list extended hvac
+ permit ip 10.22.230.0 0.0.0.31 object-group day-enterprise-servers
+ permit udp 10.22.230.0 0.0.0.31 object-group dns-servers eq domain
+ permit udp 10.22.230.0 0.0.0.31 object-group ntp-servers eq ntp
+ permit icmp 10.22.230.0 0.0.0.31 host 10.22.230.1
+ permit icmp host 10.22.230.1 10.22.230.0 0.0.0.31
+ deny   ip any 10.0.0.0 0.255.255.255
+ deny   ip any 192.168.0.0 0.0.255.255
+ deny   ip any 172.16.0.0 0.15.255.255
+ permit tcp 10.22.230.0 0.0.0.31 any eq 587 log-input
 ip access-list extended sbhc-acl
 permit ip 10.22.107.0 0.0.0.255 10.107.50.0 0.0.0.255
 permit tcp 10.22.107.0 0.0.0.255 any eq 443
--- a/configs/fortigate/fortigate.conf
+++ b/configs/fortigate/fortigate.conf
--- a/configs/fortigate/vdom_scsd/firewall.cfg
+++ b/configs/fortigate/vdom_scsd/firewall.cfg
@ -2837,6 +2837,12 @@ config firewall address
    edit "SheaVLAN230"
        set subnet 10.14.230.0 255.255.255.224
    next
+    edit "CorcoranVLAN230"
+        set subnet 10.7.230.0 255.255.255.224
+    next
+    edit "DelawareVLAN230"
+        set subnet 10.22.230.0 255.255.255.224
+    next
 end
 config firewall multicast-address
    edit "all_hosts"
@ -3048,7 +3054,7 @@ config firewall addrgrp
        set member "Shea_Secure_Wireless" "Shea_VLAN_6" "Corcoran_VLAN_20" "Corcoran_Secure_Wireless"
    next
    edit "VLAN230AddrGroup"
-        set member "SheaVLAN230"
+        set member "SheaVLAN230" "CorcoranVLAN230" "DelawareVLAN230"
    next
 end
 config firewall wildcard-fqdn custom
@ -4811,6 +4817,7 @@ config firewall policy
        set comments " (Copy of NVIDEA_LICENSING) (Reverse of NVIDEA_LICENSING)"
    next
    edit 107
+        set status disable
        set name "NOCTI In->Out"
        set srcintf "inside"
        set dstintf "outside"
@ -4824,6 +4831,7 @@ config firewall policy
        set comments "Allow nocti.org"
    next
    edit 121
+        set status disable
        set name "NOCTI Out->In"
        set srcintf "outside"
        set dstintf "inside"
--- a/configs/shea/shea-4507-1.cfg
+++ b/configs/shea/shea-4507-1.cfg
@ -1,9 +1,9 @@
 Building configuration...

-Current configuration : 35730 bytes
+Current configuration : 35781 bytes
 !
-! Last configuration change at 15:42:07 EST Fri Mar 6 2026 by estein66.admin
-! NVRAM config last updated at 15:42:18 EST Fri Mar 6 2026 by estein66.admin
+! Last configuration change at 13:37:58 EDT Mon Mar 9 2026 by estein66.admin
+! NVRAM config last updated at 13:37:59 EDT Mon Mar 9 2026 by estein66.admin
 !
 version 15.2
 no service pad
@ -859,8 +859,9 @@ interface GigabitEthernet5/32
 service-policy output AutoQos-VoIP-Output-Policy
 !
 interface GigabitEthernet5/33
- description Trunk Test Port
- switchport trunk native vlan 525
+ description ***   To Wireless APs   ***
+ switchport trunk allowed vlan 35,59,999
+ switchport trunk native vlan 35
 switchport mode trunk
 !
 interface GigabitEthernet5/34
@ -1303,6 +1304,6 @@ line vty 5 15
 transport input ssh
 !
 scheduler runtime netinput 100
-ntp server 10.1.1.2 prefer
-ntp server 10.1.1.3
+ntp server 10.1.40.154
+ntp server 10.1.48.103
 end
Author	SHA1	Message	Date
John Poland	7848a85ead	delaware/delaware-mdf-4507.cfg Mon Mar 9 08:32:36 PM EDT 2026	2026-03-09 20:32:38 -04:00
John Poland	5befe24235	corcoran/corcoran-mdf-4507.cfg Mon Mar 9 08:32:36 PM EDT 2026	2026-03-09 20:32:37 -04:00
John Poland	2c6ceae105	shea/shea-4507-1.cfg Mon Mar 9 08:32:36 PM EDT 2026	2026-03-09 20:32:37 -04:00
John Poland	daa2df4cc8	fortigate-backup Mon Mar 9 08:32:36 PM EDT 2026	2026-03-09 20:32:37 -04:00
John Poland	e0ec019bf9	fortigate Mon Mar 9 08:32:36 PM EDT 2026	2026-03-09 20:32:37 -04:00