config vpn certificate ca end config vpn certificate remote edit "REMOTE_Cert_2" next end config vpn certificate local edit "Fortinet_CA_SSL" set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set range global set source factory next edit "Fortinet_CA_Untrusted" set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set range global set source factory next edit "Fortinet_SSL" set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set range global set source factory next edit "Fortinet_GUI_Server" set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set range global set source factory next edit "Fortinet_SSL_RSA1024" set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set range global set source factory next edit "Fortinet_SSL_RSA2048" set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set range global set source factory next edit "Fortinet_SSL_RSA4096" set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set range global set source factory next edit "Fortinet_SSL_DSA1024" set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set range global set source factory next edit "Fortinet_SSL_DSA2048" set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set range global set source factory next edit "Fortinet_SSL_ECDSA256" set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set range global set source factory next edit "Fortinet_SSL_ECDSA384" set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set range global set source factory next edit "Fortinet_SSL_ECDSA521" set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set range global set source factory next edit "Fortinet_SSL_ED25519" set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set range global set source factory next edit "Fortinet_SSL_ED448" set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set range global set source factory next edit "Star Cert Expire 4-24" set password ENC *HIDDEN* next edit "StartCert-Expire042025" set password ENC *HIDDEN* next edit "StarCert-Expire03202026" set password ENC *HIDDEN* next end config vpn ssl web host-check-software edit "FortiClient-AV" set guid "1A0271D5-3D4F-46DB-0C2C-AB37BA90D9F7" next edit "FortiClient-FW" set type fw set guid "528CB157-D384-4593-AAAA-E42DFF111CED" next edit "FortiClient-AV-Vista" set guid "385618A6-2256-708E-3FB9-7E98B93F91F9" next edit "FortiClient-FW-Vista" set type fw set guid "006D9983-6839-71D6-14E6-D7AD47ECD682" next edit "FortiClient5-AV" set guid "5EEDDB8C-C27A-6714-3657-DBD811D1F1B7" next edit "AVG-Internet-Security-AV" set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF" next edit "AVG-Internet-Security-FW" set type fw set guid "8DECF618-9569-4340-B34A-D78D28969B66" next edit "AVG-Internet-Security-AV-Vista-Win7" set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82" next edit "AVG-Internet-Security-FW-Vista-Win7" set type fw set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9" next edit "CA-Anti-Virus" set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93" next edit "CA-Internet-Security-AV" set guid "6B98D35F-BB76-41C0-876B-A50645ED099A" next edit "CA-Internet-Security-FW" set type fw set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3" next edit "CA-Internet-Security-AV-Vista-Win7" set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F" next edit "CA-Internet-Security-FW-Vista-Win7" set type fw set guid "06D680B0-4024-4FAB-E710-E675E50F6324" next edit "CA-Personal-Firewall" set type fw set guid "14CB4B80-8E52-45EA-905E-67C1267B4160" next edit "F-Secure-Internet-Security-AV" set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15" next edit "F-Secure-Internet-Security-FW" set type fw set guid "D4747503-0346-49EB-9262-997542F79BF4" next edit "F-Secure-Internet-Security-AV-Vista-Win7" set guid "15414183-282E-D62C-CA37-EF24860A2F17" next edit "F-Secure-Internet-Security-FW-Vista-Win7" set type fw set guid "2D7AC0A6-6241-D774-E168-461178D9686C" next edit "Kaspersky-AV" set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" next edit "Kaspersky-FW" set type fw set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" next edit "Kaspersky-AV-Vista-Win7" set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE" next edit "Kaspersky-FW-Vista-Win7" set type fw set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5" next edit "McAfee-Internet-Security-Suite-AV" set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83" next edit "McAfee-Internet-Security-Suite-FW" set type fw set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8" next edit "McAfee-Internet-Security-Suite-AV-Vista-Win7" set guid "86355677-4064-3EA7-ABB3-1B136EB04637" next edit "McAfee-Internet-Security-Suite-FW-Vista-Win7" set type fw set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C" next edit "McAfee-Virus-Scan-Enterprise" set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0" next edit "Norton-360-2.0-AV" set guid "A5F1BC7C-EA33-4247-961C-0217208396C4" next edit "Norton-360-2.0-FW" set type fw set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3" next edit "Norton-360-3.0-AV" set guid "E10A9785-9598-4754-B552-92431C1C35F8" next edit "Norton-360-3.0-FW" set type fw set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" next edit "Norton-Internet-Security-AV" set guid "E10A9785-9598-4754-B552-92431C1C35F8" next edit "Norton-Internet-Security-FW" set type fw set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" next edit "Norton-Internet-Security-AV-Vista-Win7" set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" next edit "Norton-Internet-Security-FW-Vista-Win7" set type fw set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" next edit "Symantec-Endpoint-Protection-AV" set guid "FB06448E-52B8-493A-90F3-E43226D3305C" next edit "Symantec-Endpoint-Protection-FW" set type fw set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6" next edit "Symantec-Endpoint-Protection-AV-Vista-Win7" set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" next edit "Symantec-Endpoint-Protection-FW-Vista-Win7" set type fw set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" next edit "Panda-Antivirus+Firewall-2008-AV" set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A" next edit "Panda-Antivirus+Firewall-2008-FW" set type fw set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" next edit "Panda-Internet-Security-AV" set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" next edit "Panda-Internet-Security-2006~2007-FW" set type fw set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" next edit "Panda-Internet-Security-2008~2009-FW" set type fw set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" next edit "Sophos-Anti-Virus" set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD" next edit "Sophos-Enpoint-Secuirty-and-Control-FW" set type fw set guid "0786E95E-326A-4524-9691-41EF88FB52EA" next edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7" set guid "479CCF92-4960-B3E0-7373-BF453B467D2C" next edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7" set type fw set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57" next edit "Trend-Micro-AV" set guid "7D2296BC-32CC-4519-917E-52E652474AF5" next edit "Trend-Micro-FW" set type fw set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6" next edit "Trend-Micro-AV-Vista-Win7" set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50" next edit "Trend-Micro-FW-Vista-Win7" set type fw set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B" next edit "ZoneAlarm-AV" set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF" next edit "ZoneAlarm-FW" set type fw set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B" next edit "ZoneAlarm-AV-Vista-Win7" set guid "D61596DF-D219-341C-49B3-AD30538CBC5B" next edit "ZoneAlarm-FW-Vista-Win7" set type fw set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20" next edit "ESET-Smart-Security-AV" set guid "19259FAE-8396-A113-46DB-15B0E7DFA289" next edit "ESET-Smart-Security-FW" set type fw set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2" next end config vpn ssl web portal edit "full-access" set tunnel-mode enable set ipv6-tunnel-mode enable set web-mode enable set ip-pools "SSLVPN_TUNNEL_ADDR1" set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" config bookmark-group edit "gui-bookmarks" next end set customize-forticlient-download-url enable set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent" next edit "web-access" set web-mode enable next edit "tunnel-access" set tunnel-mode enable set ipv6-tunnel-mode enable set ip-pools "SSLVPN_TUNNEL_ADDR1" set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" next edit "SCSD_VPN_FULL_Portal" set tunnel-mode enable set web-mode enable set ip-pools "SSL_VPN_Range" set split-tunneling-routing-address "IPv4-Private-All-RFC1918" config bookmark-group edit "gui-bookmarks" next end set customize-forticlient-download-url enable set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent" set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent" next edit "SchoolTool_Portal" set tunnel-mode enable set web-mode enable set forticlient-download disable set ip-pools "SSL_VPN_Range" set split-tunneling-routing-address "Internal_10.0.0.0_8" set user-bookmark disable config bookmark-group edit "gui-bookmarks" config bookmarks edit "Obiwan_RDP" set apptype rdp set host "10.1.48.202" set port 3389 set sso auto next edit "HanSolo_RDP" set apptype rdp set host "10.1.48.201" set port 3389 set sso auto next edit "C3PO_RDP" set apptype rdp set host "10.1.48.133" set port 3389 set sso auto next edit "Chewbacca_RDP" set apptype rdp set host "10.1.48.129" set port 3389 set sso auto next edit "Skywalker_RDP" set apptype rdp set host "10.1.48.63" set port 3389 set sso auto next edit "Yoda_RDP" set apptype rdp set host "10.1.48.103" set port 3389 set sso auto next edit "MANDO_RDP" set apptype rdp set host "10.1.40.72" set port 3389 set sso auto next edit "GROGU_RDP" set apptype rdp set host "10.1.40.224" set port 3389 set sso auto next end next end set display-connection-tools disable set display-history disable set heading "SCSD SchoolTool VPN" next edit "Website_Server_Portal" set tunnel-mode enable set web-mode enable set ip-pools "SSL_VPN_Range" set split-tunneling-routing-address "Internal_10.0.0.0_8" set user-bookmark disable config bookmark-group edit "gui-bookmarks" config bookmarks edit "Webosphere_RDP" set apptype rdp set host "10.1.48.117" set port 3389 set sso auto next edit "Webosphere_FTP" set apptype ftp set folder "10.1.48.117" set sso auto next end next end set display-connection-tools disable set display-history disable set display-status disable set heading "SCSD Website VPN Portal" set theme mariner set customize-forticlient-download-url enable set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent" set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent" next edit "DayAutomation_Portal" set tunnel-mode enable set web-mode enable set ip-pools "SSL_VPN_Range" set split-tunneling-routing-address "Internal_10.0.0.0_8" config bookmark-group edit "gui-bookmarks" config bookmarks edit "Day_Enterprise_Server" set apptype rdp set host "10.1.40.108" set port 3389 set sso auto next edit "Day_VM_Server" set apptype rdp set host "10.1.40.173" set port 3389 set sso auto next edit "Day_Continuum_Server" set apptype rdp set host "10.1.40.188" set port 3389 set sso auto next end next end set display-connection-tools disable set display-history disable set display-status disable set heading "SCSD Day Automation VPN Portal" set theme melongene set customize-forticlient-download-url enable set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent" set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent" next edit "Security_Portal" set tunnel-mode enable set web-mode enable set ip-pools "SSL_VPN_Range" set split-tunneling-routing-address "Internal_10.0.0.0_8" config bookmark-group edit "gui-bookmarks" next end set display-history disable set display-status disable set heading "SCSD Security VPN Portal" set theme mariner set customize-forticlient-download-url enable set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent" set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent" next edit "Hyperion_Portal" set tunnel-mode enable set web-mode enable set ip-pools "SSL_VPN_Range" set split-tunneling-routing-address "Internal_10.0.0.0_8" config bookmark-group edit "gui-bookmarks" next end set display-history disable set display-status disable set heading "SCSD_Hyperion_VPN_Portal" set customize-forticlient-download-url enable set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent" set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent" next edit "Peoplesoft_Portal" set tunnel-mode enable set web-mode enable set ip-pools "SSL_VPN_Range" set split-tunneling-routing-address "Internal_10.0.0.0_8" config bookmark-group edit "gui-bookmarks" next end set display-history disable set display-status disable set heading "SCSD_Peoplesoft_VPN_Portal" set customize-forticlient-download-url enable set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent" set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent" next edit "WebCRD_Portal" set tunnel-mode enable set web-mode enable set ip-pools "SSL_VPN_Range" set split-tunneling-routing-address "Internal_10.0.0.0_8" config bookmark-group edit "gui-bookmarks" next end set display-history disable set display-status disable set heading "SCSD_WebCRD_VPN_Portal" set customize-forticlient-download-url enable set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent" set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent" next edit "Access411_Portal" set tunnel-mode enable set web-mode enable set forticlient-download disable set ip-pools "SSL_VPN_Range" set split-tunneling-routing-address "Internal_10.0.0.0_8" set user-bookmark disable config bookmark-group edit "gui-bookmarks" config bookmarks edit "411app" set apptype rdp set host "10.1.40.216" set port 3389 set sso auto next edit "411sql" set apptype rdp set host "10.1.40.225" set port 3389 set sso auto next edit "411app HomePage" set url "https://411app.scsd.us" next end next end set display-connection-tools disable set display-history disable set display-status disable set heading "SCSD Access411 VPN Portal" next edit "DocHolliday_Portal" set tunnel-mode enable set web-mode enable set ip-pools "SSL_VPN_Range" set split-tunneling-routing-address "Internal_10.0.0.0_8" config bookmark-group edit "gui-bookmarks" next end set display-history disable set display-status disable set heading "SCSD DocHolliday Portal" set customize-forticlient-download-url enable set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent" set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent" next edit "AccessControl_Portal" set tunnel-mode enable set web-mode enable set ip-pools "SSL_VPN_Range" set split-tunneling-routing-address "Internal_10.0.0.0_8" config bookmark-group edit "gui-bookmarks" next end set display-history disable set display-status disable set heading "SCSD Access Control VPN Portal" set customize-forticlient-download-url enable set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent" set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent" next edit "Auditor_Portal" set tunnel-mode enable set web-mode enable set forticlient-download disable set ip-pools "SSL_VPN_Range" set split-tunneling-routing-address "Internal_10.0.0.0_8" config bookmark-group edit "gui-bookmarks" config bookmarks edit "Finance" set url "http://psprdfin.scsd.ad/psp/FPRD/" next edit "HR" set url "http://psprdhcm.scsd.ad/psp/HPRD" next end next end set clipboard disable next edit "Azure_Test_Portal" set tunnel-mode enable set web-mode enable set ip-pools "SSL_VPN_Range" set split-tunneling-routing-address "Internal_10.0.0.0_8" "IPv4-Private-All-RFC1918" config bookmark-group edit "gui-bookmarks" next end set heading "Azure-VPN Portal" next edit "SCSD_USER_PORTAL" set tunnel-mode enable set web-mode enable set forticlient-download disable set ip-pools "SSL_VPN_Range" set split-tunneling-routing-address "Internal_10.0.0.0_8" "IPv4-Private-All-RFC1918" config bookmark-group edit "gui-bookmarks" next end set heading "SCSD-USER-PORTAL" next end config vpn ssl settings set banned-cipher SHA1 SHA256 SHA384 set servercert "StarCert-Expire03202026" set idle-timeout 3600 set auth-timeout 36000 set login-timeout 180 set tunnel-ip-pools "SSL_VPN_Range" set dns-server1 10.1.40.10 set dns-server2 10.21.48.10 set source-interface "outside" set source-address "all" set source-address6 "all" set default-portal "tunnel-access" config authentication-rule edit 1 set groups "SSL_VPN_Full_Access" set portal "SCSD_VPN_FULL_Portal" next edit 2 set groups "VPN_SchoolTool_Group" set portal "SchoolTool_Portal" next edit 4 set groups "VPN_Web_Servers_Group" set portal "Website_Server_Portal" next edit 5 set groups "VPN_DayAuto_Group" set portal "DayAutomation_Portal" next edit 6 set groups "VPN_Security_Group" set portal "Security_Portal" next edit 7 set groups "VPN_Hyperion_Group" set portal "Hyperion_Portal" next edit 8 set groups "VPN_Peoplesoft_Group" set portal "Peoplesoft_Portal" next edit 9 set groups "VPN_WebCRD_Group" set portal "WebCRD_Portal" next edit 10 set groups "VPN_Access411_Group" set portal "Access411_Portal" next edit 11 set groups "VPN_DocHolliday_Group" set portal "DocHolliday_Portal" next edit 12 set groups "VPN_Access_Control_Group" set portal "AccessControl_Portal" next edit 13 set groups "VPN_Auditor_Group" set portal "Auditor_Portal" next edit 14 set groups "FortiGateAccess" set portal "Azure_Test_Portal" next edit 15 set groups "SSL_VPN_SCSD_USER" set portal "SCSD_USER_PORTAL" next edit 16 set groups "SSL_VPN_SCSD_USER2" set portal "SCSD_USER_PORTAL" next end set http-request-header-timeout 60 set http-request-body-timeout 60 end config vpn ssl web user-bookmark edit "vpn_user1#SSL_VPN_Full_Access" next edit "tmarri81#SSL_VPN_Full_Access" config bookmarks edit "TimMac_FTP" set apptype ftp set folder "10.1.7.110" next edit "My_PC" set apptype rdp set host "10.1.7.137" set port 3389 set sso auto next edit "My Mac" set apptype vnc set host "10.1.7.110" set port 5900 set logon-user "tmarris" set logon-password ENC *HIDDEN* next end next edit "tmarri81.admin#VPN_SchoolTool_Group" next edit "dteacher#VPN_PrintServer_Group" next edit "gdaniels.admin#VPN_PrintServer_Group" next edit "gdaniels#SSL_VPN_Full_Access" next edit "tmarri81.admin#SSL_VPN_Full_Access" config bookmarks edit "MrRobot_FTP" set apptype ftp set folder "10.1.40.101" set sso auto next edit "Obiwan_RDP" set apptype rdp set host "10.1.48.202" set port 3389 set sso auto next end next edit "tmarri81.la#SSL_VPN_Full_Access" config bookmarks edit "MrRobot_FTP" set apptype ftp set folder "10.1.40.101" set sso auto next end next edit "hrice.oa#SSL_VPN_Full_Access" next edit "tmarri81#VPN_Security_Group" next edit "timoon67#SSL_VPN_Full_Access" next edit "tmarri81.la#VPN_Hyperion_Group" next edit "tmarri81.la#VPN_Peoplesoft_Group" next edit "tmarri81.la#VPN_WebCRD_Group" next edit "webcrdsupport#VPN_WebCRD_Group" next edit "tmarri81.la#VPN_DocHolliday_Group" next edit "mnichols.oa#VPN_DayAuto_Group" next edit "ddunn.oa#VPN_DayAuto_Group" next edit "jgriffin.oa#VPN_DayAuto_Group" next edit "swalts49#SSL_VPN_Full_Access" next edit "Bstrohm_admin#SSL_VPN_Full_Access" next edit "jgumpert#VPN_Peoplesoft_Group" next edit "gedelstein#VPN_DayAuto_Group" next edit "tmarri81.la#VPN_DayAuto_Group" next edit "wlakie.oa#VPN_DayAuto_Group" next edit "Katapult.oa#VPN_DocHolliday_Group" next edit "aolEVA60#SSL_VPN_Full_Access" next edit "aoleva60#SSL_VPN_Full_Access" next edit "hebuck02#SSL_VPN_Full_Access" next edit "kcampion.oa#VPN_DayAuto_Group" next edit "jchapman.oa#VPN_Hyperion_Group" next edit "btrzaskos.oa#VPN_DayAuto_Group" next edit "ysun.oa#VPN_Hyperion_Group" next edit "sreddy.OA#VPN_Hyperion_Group" next edit "bstrohm_admin#SSL_VPN_Full_Access" next edit "navd.oa#VPN_Peoplesoft_Group" config bookmarks edit "SCSD PS DEV" set url "http://psdevhcm.scsd.ad/psp/HDEV/?cmd=login&languageCd=ENG&" next end next end config vpn ipsec phase1-interface edit "SRIC_BOCES" set interface "outside lag" set ike-version 2 set peertype any set net-device disable set proposal aes256-sha256 set dhgrp 14 set nattraversal disable set remote-gw 170.161.52.25 set psksecret ENC *HIDDEN* next edit "vpn-042e9903" set interface "outside lag" set ike-version 2 set local-gw 198.36.24.5 set keylife 28800 set peertype any set net-device disable set proposal aes256-sha256 set dhgrp 19 set remote-gw 52.61.115.188 set psksecret ENC *HIDDEN* set dpd-retryinterval 30 next edit "SCHC" set interface "outside lag" set ike-version 2 set peertype any set net-device disable set proposal aes256-sha256 set remote-gw 209.217.202.173 set psksecret ENC *HIDDEN* next edit "vpn-0fc50345" set interface "outside lag" set local-gw 198.36.24.5 set keylife 28800 set peertype any set net-device disable set proposal aes128-sha1 set comments "SchoolTool Tunnel" set dhgrp 2 set remote-gw 34.194.174.170 set psksecret ENC *HIDDEN* next edit "vpn-0403e61" set interface "outside lag" set ike-version 2 set local-gw 198.36.24.5 set keylife 28800 set peertype any set net-device disable set proposal aes256-sha256 set comments "eScholar Tunnel" set dhgrp 19 set remote-gw 44.216.12.227 set psksecret ENC *HIDDEN* set dpd-retryinterval 30 next edit "Highstreet" set interface "outside lag" set ike-version 2 set local-gw 198.36.24.5 set keylife 28800 set peertype any set net-device disable set proposal aes128-sha1 set dhgrp 2 set nattraversal disable set remote-gw 3.20.191.182 set psksecret ENC *HIDDEN* next edit "Highstreet_2" set interface "outside lag" set ike-version 2 set keylife 28800 set peertype any set net-device disable set proposal aes128-sha1 set dhgrp 2 set nattraversal disable set remote-gw 3.146.135.243 set psksecret ENC *HIDDEN* next edit "DPS" set interface "outside lag" set ike-version 2 set peertype any set net-device disable set proposal aes256-sha256 set comments "VPN: DPS" set remote-gw 24.39.213.214 set psksecret ENC *HIDDEN* next edit "RAP" set interface "outside lag" set ike-version 2 set peertype any set net-device disable set proposal aes256-sha256 set comments "SCSD->RAP" set nattraversal disable set transport udp-fallback-tcp set remote-gw 24.105.188.54 set psksecret ENC *HIDDEN* next end config vpn ipsec phase2-interface edit "SRIC_BOCES" set phase1name "SRIC_BOCES" set proposal aes256-sha256 set dhgrp 14 set auto-negotiate enable set src-addr-type ip set dst-addr-type ip set keylifeseconds 28800 set src-start-ip 198.36.24.68 set dst-start-ip 170.161.52.27 next edit "vpn-042e9903" set phase1name "vpn-042e9903" set proposal aes256-sha256 set dhgrp 16 set auto-negotiate enable set keylifeseconds 3600 set src-subnet 10.1.48.0 255.255.255.0 set dst-subnet 10.222.0.0 255.255.0.0 next edit "SCHC" set phase1name "SCHC" set proposal aes256-sha256 set dhgrp 14 set src-addr-type name set dst-addr-type name set keylifeseconds 28800 set src-name "SCHC_Local_Subnets_Group" set dst-name "SCHC_Remote_Subnets_Group" next edit "vpn-0fc50345" set phase1name "vpn-0fc50345" set proposal aes128-sha1 set dhgrp 2 set auto-negotiate enable set src-addr-type name set dst-addr-type name set keylifeseconds 3600 set src-name "SchoolTool_Cloud_Internal" set dst-name "SchoolTool_External_Range" next edit "vpn-0403e61" set phase1name "vpn-0403e61" set proposal aes256-sha256 set dhgrp 16 set auto-negotiate enable set keylifeseconds 3600 set src-subnet 10.1.48.0 255.255.255.0 set dst-subnet 10.11.0.0 255.255.240.0 next edit "Highstreet" set phase1name "Highstreet" set proposal aes128-sha1 set dhgrp 2 set auto-negotiate enable set keylifeseconds 3600 set src-subnet 10.1.0.0 255.255.192.0 set dst-subnet 10.51.62.0 255.255.255.0 next edit "Highstreet_2" set phase1name "Highstreet_2" set proposal aes128-sha1 set dhgrp 2 set auto-negotiate enable set keylifeseconds 3600 set src-subnet 10.1.0.0 255.255.0.0 set dst-subnet 10.51.62.32 255.255.255.240 next edit "DPS" set phase1name "DPS" set proposal aes256-sha256 set comments "VPN: DPS" next edit "RAP" set phase1name "RAP" set proposal aes256-sha256 next end