config firewall address edit "EMS_ALL_UNKNOWN_CLIENTS" set type dynamic set sub-type ems-tag next edit "EMS_ALL_UNMANAGEABLE_CLIENTS" set type dynamic set sub-type ems-tag next edit "SSLVPN_TUNNEL_ADDR1" set type iprange set start-ip 10.212.134.200 set end-ip 10.212.134.210 next edit "all" next edit "FIREWALL_AUTH_PORTAL_ADDRESS" next edit "FABRIC_DEVICE" set comment "IPv4 addresses of Fabric Devices." next edit "SRIC_BOCES_Firewall" set comment "SRIC BOCES - Firewall" set subnet 170.161.52.25 255.255.255.255 next edit "SRIC_BOCES_Server02" set comment "SRIC BOCES - Server" set subnet 170.161.52.27 255.255.255.255 next edit "Barracuda_Internal" set comment "Barracuda Email Internal" set subnet 10.1.40.7 255.255.255.255 next edit "Nimble_Inside_1" set subnet 192.168.1.98 255.255.255.255 next edit "Nimble_Inside_2" set subnet 192.168.1.1 255.255.255.255 next edit "Nimble_Inside_4" set subnet 172.16.176.98 255.255.255.255 next edit "Nimble_Support" set subnet 198.54.168.5 255.255.255.255 next edit "ReverseProxy" set comment "Reverseproxy.scsd.ad for ess.scsd.us" set subnet 10.1.18.126 255.255.255.255 next edit "SafeSchools_01" set comment "IP address for Safe Schools video training. Used to access LDAP authentication." set subnet 52.27.21.77 255.255.255.255 next edit "SPD_20_DrKing" set comment "SPD Firewall STEAM at Dr King" set color 2 set subnet 10.20.70.10 255.255.255.255 next edit "SPD_21_Danforth" set comment "SPD Firewall Brighton Academy" set color 2 set subnet 10.21.70.10 255.255.255.255 next edit "SPD_25_Frazer" set comment "SPD Firewall Frazer" set color 2 set subnet 10.25.70.10 255.255.255.255 next edit "SPD_44_Seymour" set comment "SPD Firewall Seymour" set color 2 set subnet 10.44.70.10 255.255.255.255 next edit "SPD_48_Beard" set comment "SPD Firewall McCarthy at Beard" set color 2 set subnet 10.48.70.10 255.255.255.255 next edit "SPD_53_Blodgett" set comment "SPD Firewall Syracuse STEM at Blodgett" set color 2 set subnet 10.53.70.10 255.255.255.255 next edit "SPD_56_SSC" set comment "SPD Firewall School Service Center" set color 2 set subnet 10.56.70.10 255.255.255.255 next edit "SPD_09_Grant" set comment "SPD Firewall Grant" set color 2 set subnet 10.9.70.10 255.255.255.255 next edit "z_BlockIP_001" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 103.117.232.198 255.255.255.255 next edit "z_BlockIP_002" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 103.122.33.58 255.255.255.255 next edit "z_BlockIP_003" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 103.207.169.78 255.255.255.255 next edit "z_BlockIP_004" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 104.139.74.25 255.255.255.255 next edit "z_BlockIP_005" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 107.173.6.251 255.255.255.255 next edit "z_BlockIP_006" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 107.175.69.34 255.255.255.255 next edit "z_BlockIP_007" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 119.92.23.203 255.255.255.255 next edit "z_BlockIP_103" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 13.111.22.133 255.255.255.255 next edit "z_BlockIP_008" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 131.0.142.120 255.255.255.255 next edit "z_BlockIP_009" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 131.196.184.141 255.255.255.255 next edit "z_BlockIP_010" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 138.121.24.78 255.255.255.255 next edit "z_BlockIP_011" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 138.59.233.5 255.255.255.255 next edit "z_BlockIP_012" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 146.185.219.45 255.255.255.255 next edit "z_BlockIP_013" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 146.196.122.152 255.255.255.255 next edit "z_BlockIP_014" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 146.196.122.167 255.255.255.255 next edit "z_BlockIP_015" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 149.154.70.202 255.255.255.255 next edit "z_BlockIP_104" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 151.80.88.253 255.255.255.255 next edit "z_BlockIP_105" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 152.89.245.207 255.255.255.255 next edit "z_BlockIP_106" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 152.89.245.212 255.255.255.255 next edit "z_BlockIP_016" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 158.69.85.206 255.255.255.255 next edit "z_BlockIP_107" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 162.255.119.159 255.255.255.255 next edit "z_BlockIP_017" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 163.121.188.3 255.255.255.255 next edit "z_BlockIP_108" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 164.132.138.130 255.255.255.255 next edit "z_BlockIP_018" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 164.132.216.41 255.255.255.255 next edit "z_BlockIP_019" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 168.227.229.112 255.255.255.255 next edit "z_BlockIP_020" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 170.78.99.190 255.255.255.255 next edit "z_BlockIP_021" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 170.84.78.186 255.255.255.255 next edit "z_BlockIP_109" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 176.126.83.149 255.255.255.255 next edit "z_BlockIP_022" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 177.103.240.149 255.255.255.255 next edit "z_BlockIP_023" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 177.107.51.162 255.255.255.255 next edit "z_BlockIP_024" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 177.124.37.208 255.255.255.255 next edit "z_BlockIP_025" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 177.36.5.7 255.255.255.255 next edit "z_BlockIP_026" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 177.52.79.29 255.255.255.255 next edit "z_BlockIP_027" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 177.8.172.86 255.255.255.255 next edit "z_BlockIP_111" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 178.157.82.145 255.255.255.255 next edit "z_BlockIP_112" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 178.157.82.80 255.255.255.255 next edit "z_BlockIP_028" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 179.189.241.254 255.255.255.255 next edit "z_BlockIP_029" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 180.250.197.188 255.255.255.255 next edit "z_BlockIP_030" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 181.115.168.69 255.255.255.255 next edit "z_BlockIP_031" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 181.129.140.140 255.255.255.255 next edit "z_BlockIP_032" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 181.129.49.98 255.255.255.255 next edit "z_BlockIP_033" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 181.129.93.226 255.255.255.255 next edit "z_BlockIP_034" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 181.196.61.110 255.255.255.255 next edit "z_BlockIP_035" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 185.117.119.163 255.255.255.255 next edit "z_BlockIP_113" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 185.117.73.76 255.255.255.255 next edit "z_BlockIP_114" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 185.135.81.147 255.255.255.255 next edit "z_BlockIP_115" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 185.141.27.243 255.255.255.255 next edit "z_BlockIP_116" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 185.172.129.147 255.255.255.255 next edit "z_BlockIP_117" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 185.175.156.13 255.255.255.255 next edit "z_BlockIP_118" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 185.180.198.141 255.255.255.255 next edit "z_BlockIP_119" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 185.224.134.124 255.255.255.255 next edit "z_BlockIP_036" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 185.251.39.9 255.255.255.255 next edit "z_BlockIP_037" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 185.43.6.87 255.255.255.255 next edit "z_BlockIP_120" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 185.65.202.115 255.255.255.255 next edit "z_BlockIP_038" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 185.86.150.130 255.255.255.255 next edit "z_BlockIP_039" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 186.138.152.228 255.255.255.255 next edit "z_BlockIP_040" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 186.183.199.114 255.255.255.255 next edit "z_BlockIP_041" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 186.226.188.105 255.255.255.255 next edit "z_BlockIP_042" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 186.42.186.202 255.255.255.255 next edit "z_BlockIP_043" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 186.42.226.46 255.255.255.255 next edit "z_BlockIP_044" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 187.110.100.122 255.255.255.255 next edit "z_BlockIP_045" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 187.58.56.26 255.255.255.255 next edit "z_BlockIP_046" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 189.80.134.122 255.255.255.255 next edit "z_BlockIP_047" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 190.13.160.19 255.255.255.255 next edit "z_BlockIP_048" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 190.152.4.210 255.255.255.255 next edit "z_BlockIP_049" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 190.154.203.218 255.255.255.255 next edit "z_BlockIP_122" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 191.101.251.141 255.255.255.255 next edit "z_BlockIP_050" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 191.101.251.146 255.255.255.255 next edit "z_BlockIP_051" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 191.37.181.152 255.255.255.255 next edit "z_BlockIP_125" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 193.187.172.99 255.255.255.255 next edit "z_BlockIP_126" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 193.9.60.148 255.255.255.255 next edit "z_BlockIP_052" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 194.1.237.76 255.255.255.255 next edit "z_BlockIP_053" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 195.123.212.139 255.255.255.255 next edit "z_BlockIP_054" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 195.123.238.13 255.255.255.255 next edit "z_BlockIP_055" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 195.123.243.167 255.255.255.255 next edit "z_BlockIP_056" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 195.123.245.47 255.255.255.255 next edit "z_BlockIP_057" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 195.123.246.188 255.255.255.255 next edit "z_BlockIP_127" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 195.161.114.191 255.255.255.255 next edit "z_BlockIP_128" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 195.161.62.25 255.255.255.255 next edit "z_BlockIP_129" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 198.23.208.16 255.255.255.255 next edit "z_BlockIP_130" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 198.46.190.37 255.255.255.255 next edit "z_BlockIP_131" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 200.35.56.81 255.255.255.255 next edit "z_BlockIP_058" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 201.184.69.50 255.255.255.255 next edit "z_BlockIP_059" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 212.80.216.167 255.255.255.255 next edit "z_BlockIP_060" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 240.0.0.1 255.255.255.255 next edit "z_BlockIP_132" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 31.184.255.100 255.255.255.255 next edit "z_BlockIP_133" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 36.66.115.180 255.255.255.255 next edit "z_BlockIP_061" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 36.89.85.103 255.255.255.255 next edit "z_BlockIP_062" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 37.18.30.99 255.255.255.255 next edit "z_BlockIP_063" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 37.44.215.169 255.255.255.255 next edit "z_BlockIP_064" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 45.127.222.53 255.255.255.255 next edit "z_BlockIP_065" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 45.160.145.102 255.255.255.255 next edit "z_BlockIP_066" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 45.160.145.109 255.255.255.255 next edit "z_BlockIP_067" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 45.160.145.179 255.255.255.255 next edit "z_BlockIP_068" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 45.160.145.18 255.255.255.255 next edit "z_BlockIP_069" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 45.160.145.203 255.255.255.255 next edit "z_BlockIP_070" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 45.160.145.216 255.255.255.255 next edit "z_BlockIP_071" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 45.160.145.222 255.255.255.255 next edit "z_BlockIP_072" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 45.160.145.53 255.255.255.255 next edit "z_BlockIP_073" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 45.160.145.58 255.255.255.255 next edit "z_BlockIP_074" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 45.160.145.8 255.255.255.255 next edit "z_BlockIP_075" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 45.230.176.158 255.255.255.255 next edit "z_BlockIP_076" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 45.67.228.192 255.255.255.255 next edit "z_BlockIP_077" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 47.27.175.168 255.255.255.255 next edit "z_BlockIP_078" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 5.189.224.172 255.255.255.255 next edit "z_BlockIP_079" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 5.253.63.106 255.255.255.255 next edit "z_BlockIP_080" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 5.4.5.4 255.255.255.255 next edit "z_BlockIP_081" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 64.44.51.108 255.255.255.255 next edit "z_BlockIP_082" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 64.44.51.79 255.255.255.255 next edit "z_BlockIP_083" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 68.186.167.196 255.255.255.255 next edit "z_BlockIP_084" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 78.155.206.85 255.255.255.255 next edit "z_BlockIP_085" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 78.155.207.139 255.255.255.255 next edit "z_BlockIP_086" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 80.173.224.81 255.255.255.255 next edit "z_BlockIP_087" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 81.177.22.238 255.255.255.255 next edit "z_BlockIP_088" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 82.118.22.57 255.255.255.255 next edit "z_BlockIP_089" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 82.118.22.71 255.255.255.255 next edit "z_BlockIP_090" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 82.146.46.153 255.255.255.255 next edit "z_BlockIP_091" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 82.202.221.160 255.255.255.255 next edit "z_BlockIP_092" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 85.10.234.175 255.255.255.255 next edit "z_BlockIP_093" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 87.246.7.228 255.255.255.255 next edit "z_BlockIP_094" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 91.235.129.166 255.255.255.255 next edit "z_BlockIP_095" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 91.240.84.159 255.255.255.255 next edit "z_BlockIP_096" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 91.240.85.19 255.255.255.255 next edit "z_BlockIP_097" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 92.223.105.86 255.255.255.255 next edit "z_BlockIP_098" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 92.38.160.64 255.255.255.255 next edit "z_BlockIP_099" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 93.189.42.220 255.255.255.255 next edit "z_BlockIP_100" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 96.36.253.146 255.255.255.255 next edit "z_BlockIP_101" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 97.87.160.98 255.255.255.255 next edit "Internal_10.0.0.0_8" set comment "Internal 10.0.0.0/8 Network" set subnet 10.0.0.0 255.0.0.0 next edit "SCHC_Remote_Subnet_01" set comment "Syracuse Community Health Center Remote Subnet" set color 8 set subnet 10.107.100.0 255.255.255.0 next edit "SCHC_Remote_Subnet_02" set comment "Syracuse Community Health Center Remote Subnet" set color 8 set subnet 10.107.49.0 255.255.255.0 next edit "SCHC_Remote_Subnet_03" set comment "Syracuse Community Health Center Remote Subnet" set color 8 set subnet 10.107.50.0 255.255.255.0 next edit "SCHC_15_HWSmith" set comment "Syracuse Community Health Center HW Smith Subnet" set color 8 set subnet 10.15.107.0 255.255.255.0 next edit "SCHC_20_DrKing" set comment "Syracuse Community Health Center Dr King Subnet" set color 8 set subnet 10.20.107.0 255.255.255.0 next edit "SCHC_22_Delaware" set comment "Syracuse Community Health Center Delaware Subnet" set color 8 set subnet 10.22.107.0 255.255.255.0 next edit "SCHC_24_Franklin" set comment "Syracuse Community Health Center Franklin Subnet" set color 8 set subnet 10.24.107.0 255.255.255.0 next edit "SCHC_03_PSLA" set comment "Syracuse Community Health Center PSLA Subnet" set color 8 set subnet 10.3.107.0 255.255.255.0 next edit "SCHC_34_DrWeeks" set comment "Syracuse Community Health Center Dr Weeks Subnet" set color 8 set subnet 10.34.107.0 255.255.255.0 next edit "SCHC_53_Blodgett" set comment "Syracuse Community Health Center Blodgett Subnet" set color 8 set subnet 10.53.107.0 255.255.255.0 next edit "SCHC_09_Grant" set comment "Syracuse Community Health Center Grant Subnet" set color 8 set subnet 10.9.107.0 255.255.255.0 next edit "z_BlockSub_001" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 103.139.219.0 255.255.255.0 next edit "z_BlockSub_002" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 103.89.88.0 255.255.252.0 next edit "z_BlockSub_003" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 104.140.0.0 255.255.0.0 next edit "z_BlockSub_004" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 104.143.83.0 255.255.255.0 next edit "z_BlockSub_005" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 104.206.0.0 255.255.0.0 next edit "z_BlockSub_006" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 107.189.8.0 255.255.252.0 next edit "z_BlockSub_007" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 108.179.192.0 255.255.192.0 next edit "z_BlockSub_008" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 112.24.0.0 255.248.0.0 next edit "z_BlockSub_009" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 115.220.0.0 255.255.0.0 next edit "z_BlockSub_010" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 120.52.0.0 255.255.0.0 next edit "z_BlockSub_011" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 120.55.0.0 255.255.0.0 next edit "z_BlockSub_012" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 125.64.0.0 255.248.0.0 next edit "z_BlockSub_013" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 150.107.103.0 255.255.255.0 next edit "z_BlockSub_014" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 162.244.80.0 255.255.252.0 next edit "z_BlockSub_015" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 162.247.72.0 255.255.252.0 next edit "z_BlockSub_016" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 162.255.116.0 255.255.252.0 next edit "z_BlockSub_017" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 170.130.184.0 255.255.252.0 next edit "Internal_172.16.0.0_12" set comment "Internal_172.16.0.0_12 Network" set subnet 172.16.0.0 255.240.0.0 next edit "z_BlockSub_019" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 172.246.0.0 255.255.0.0 next edit "z_BlockSub_020" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 177.0.0.0 255.0.0.0 next edit "z_BlockSub_021" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 184.104.0.0 255.254.0.0 next edit "Internal_192.168.0.0_16" set comment "Internal_192.168.0.0_16 Network" set subnet 192.168.0.0 255.255.0.0 next edit "z_BlockSub_022" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 198.108.0.0 255.252.0.0 next edit "z_BlockSub_024" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 199.249.230.0 255.255.255.0 next edit "z_BlockSub_025" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 199.59.240.0 255.255.252.0 next edit "z_BlockSub_026" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 202.28.0.0 255.254.0.0 next edit "z_BlockSub_027" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 209.141.32.0 255.255.224.0 next edit "z_BlockSub_028" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 209.53.0.0 255.255.0.0 next edit "z_BlockSub_029" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 217.0.0.0 255.0.0.0 next edit "z_BlockSub_030" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 218.102.96.0 255.255.224.0 next edit "z_BlockSub_031" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 23.129.64.0 255.255.255.0 next edit "z_BlockSub_032" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 23.227.128.0 255.255.224.0 next edit "z_BlockSub_033" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 35.0.0.0 255.255.0.0 next edit "z_BlockSub_034" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 38.39.24.0 255.255.248.0 next edit "z_BlockSub_035" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 45.224.0.0 255.240.0.0 next edit "z_BlockSub_037" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 71.244.60.224 255.255.255.240 next edit "z_BlockSub_038" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 71.64.0.0 255.240.0.0 next edit "z_BlockSub_039" set comment "Malicious Subnet" set associated-interface "outside" set color 6 set subnet 80.0.0.0 255.0.0.0 next edit "nimble_Inside_3" set subnet 172.16.175.98 255.255.255.255 next edit "ntss-inside" set comment "NTSS" set subnet 10.1.48.68 255.255.255.255 next edit "city_permited_subnet_1" set comment "***Needs to be narrowed***" set color 28 set subnet 10.1.0.0 255.255.0.0 next edit "city_permited_subnet_3" set comment "***Needs to be examined***" set color 28 set subnet 10.1.50.0 255.255.255.0 next edit "city_permited_subnet_4" set comment "***Needs to be examined***" set color 28 set subnet 10.1.150.0 255.255.255.0 next edit "city_permited_subnet_5" set comment "***Needs to be examined***" set color 28 set subnet 10.21.150.0 255.255.255.0 next edit "city_permited_subnet_7" set comment "***Needs to be examined***" set color 28 set subnet 10.1.7.0 255.255.255.0 next edit "City_Side_Subnet_1" set comment "City\'s Subnet on their side" set color 28 set subnet 10.250.0.0 255.255.0.0 next edit "City_Side_CGR_01" set comment "City Lights CGR Subnet on City Side" set color 28 set allow-routing enable set subnet 10.253.17.0 255.255.255.0 next edit "City_Side_CGR_02" set comment "City Lights CGR Subnet on City Side" set color 28 set allow-routing enable set subnet 10.253.18.0 255.255.255.0 next edit "VPN-Range" set type iprange set start-ip 172.16.251.1 set end-ip 172.16.251.127 next edit "SPD_Network" set type iprange set comment "Syracuse Police Department Network Range" set color 2 set start-ip 10.250.100.80 set end-ip 10.250.100.89 next edit "FCTEMS_ALL_FORTICLOUD_SERVERS" set type dynamic set sub-type ems-tag next edit "Russia" set type geography set color 7 set country "RU" next edit "China" set type geography set color 6 set country "CN" next edit "Iran" set type geography set color 6 set country "IR" next edit "Belarus" set type geography set color 6 set country "BY" next edit "North Korea" set type geography set color 6 set country "KP" next edit "SSL_VPN_Range" set comment "Remote Access VPN IP Range" set associated-interface "ssl.scsd" set subnet 10.212.134.0 255.255.255.0 next edit "United_States" set type geography set associated-interface "outside" set country "US" next edit "SRIC_BOCES_Server01" set comment "SRIC BOCES - Server" set subnet 170.161.72.15 255.255.255.255 next edit "z_Ryuk_01" set comment "Block IP from Ransomware Attack" set associated-interface "outside" set color 6 set subnet 177.103.240.149 255.255.255.255 next edit "z_Ryuk_02" set comment "Block IP from Ransomware Attack" set associated-interface "outside" set color 6 set subnet 93.189.42.220 255.255.255.255 next edit "z_BlockIP_134" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 138.68.50.218 255.255.255.255 next edit "411App_WebPage" set type fqdn set fqdn "411app.scsd.us" next edit "City_Side_Parks_Phone_Subnet" set comment "City Parks & Rec Phones and SIP Trunk Subnet" set color 28 set allow-routing enable set subnet 10.250.229.0 255.255.255.0 next edit "Nigeria" set type geography set color 6 set country "NG" next edit "Afghanistan" set type geography set color 6 set country "AF" next edit "Brazil" set type geography set color 6 set country "BR" next edit "Columbia" set type geography set color 6 set country "CO" next edit "India" set type geography set color 6 set country "IN" next edit "Indonesia" set type geography set color 6 set country "ID" next edit "Romania" set type geography set color 6 set country "RO" next edit "Thailand" set type geography set color 6 set country "TH" next edit "Turkey" set type geography set color 6 set country "TR" next edit "Vietnam" set type geography set color 6 set country "VN" next edit "SPD_22_Delaware" set comment "SPD Firewall Delaware" set color 2 set subnet 10.22.70.10 255.255.255.255 next edit "SPD_24_Franklin" set comment "SPD Firewall Franklin" set color 2 set subnet 10.24.70.10 255.255.255.255 next edit "z_BlockIP_135" set comment "Malicious IP Address" set associated-interface "outside" set color 6 set subnet 108.174.5.112 255.255.255.255 next edit "SPD_Side_Genetec" set comment "Genetec Server Range on SPD Side" set associated-interface "city_phones" set color 2 set allow-routing enable set subnet 10.211.21.16 255.255.255.240 next edit "ST_External_1" set comment "SchoolTool IIS #3" set allow-routing enable set subnet 172.30.45.30 255.255.255.255 next edit "ST_External_2" set comment "SchoolTool Reporting" set allow-routing enable set subnet 172.30.45.109 255.255.255.255 next edit "ST_External_3" set comment "SchoolTool SQL" set allow-routing enable set subnet 172.30.45.25 255.255.255.255 next edit "PrintOC-Outside" set color 1 set subnet 198.36.26.119 255.255.255.255 next edit "ST_External_4" set comment "SchoolTool IIS #4" set allow-routing enable set subnet 172.30.45.35 255.255.255.255 next edit "ST_External_5" set comment "SchoolTool IIS #2" set allow-routing enable set subnet 172.30.45.84 255.255.255.255 next edit "ST_External_6" set comment "SchoolTool IIS #1" set allow-routing enable set subnet 172.30.45.107 255.255.255.255 next edit "SchoolTool_External_Range" set subnet 172.30.44.0 255.255.254.0 next edit "z_BlockIP_141" set comment "now.gg" set associated-interface "outside" set color 6 set subnet 18.238.49.122 255.255.255.255 next edit "Webosphere_Inside" set comment "SCSD Website" set associated-interface "inside" set subnet 10.1.48.117 255.255.255.255 next edit "Day_Enterprise_Server" set comment "Day Automation" set associated-interface "inside" set color 10 set subnet 10.1.40.108 255.255.255.255 next edit "Day_VM_Server" set comment "Day Automation" set associated-interface "inside" set color 10 set subnet 10.1.40.173 255.255.255.255 next edit "WebCRD" set comment "printshop.scsd.us" set associated-interface "inside" set subnet 10.1.48.96 255.255.255.255 next edit "Security_01_NOC" set associated-interface "inside" set color 25 set subnet 10.1.70.0 255.255.254.0 next edit "Security_02_ITC" set associated-interface "inside" set color 25 set subnet 10.2.70.0 255.255.254.0 next edit "Security_03_PSLA" set associated-interface "inside" set color 25 set subnet 10.3.70.0 255.255.254.0 next edit "Security_04_Nottingham" set associated-interface "inside" set color 25 set subnet 10.4.70.0 255.255.254.0 next edit "Security_06_Henninger" set associated-interface "inside" set color 25 set subnet 10.6.70.0 255.255.254.0 next edit "Security_07_Corcoran" set associated-interface "inside" set color 25 set subnet 10.7.70.0 255.255.254.0 next edit "Security_08_Clary" set associated-interface "inside" set color 25 set subnet 10.8.70.0 255.255.254.0 next edit "Security_09_Grant" set associated-interface "inside" set color 25 set subnet 10.9.70.0 255.255.254.0 next edit "Security_10_Levy" set associated-interface "inside" set color 25 set subnet 10.10.70.0 255.255.254.0 next edit "Security_13_Lincoln" set associated-interface "inside" set color 25 set subnet 10.13.70.0 255.255.254.0 next edit "Security_14_Shea" set associated-interface "inside" set color 25 set subnet 10.14.70.0 255.255.254.0 next edit "Security_15_HWSmith" set associated-interface "inside" set color 25 set subnet 10.15.70.0 255.255.254.0 next edit "Security_16_Bellevue" set associated-interface "inside" set color 25 set subnet 10.16.70.0 255.255.254.0 next edit "Security_20_DrKing" set associated-interface "inside" set color 25 set subnet 10.20.70.0 255.255.254.0 next edit "Security_21_Danforth" set associated-interface "inside" set color 25 set subnet 10.21.70.0 255.255.254.0 next edit "Security_22_Delaware" set associated-interface "inside" set color 25 set subnet 10.22.70.0 255.255.254.0 next edit "Security_23_Elmwood" set associated-interface "inside" set color 25 set subnet 10.23.70.0 255.255.254.0 next edit "Security_24_Franklin" set associated-interface "inside" set color 25 set subnet 10.24.70.0 255.255.254.0 next edit "Security_25_Frazer" set associated-interface "inside" set color 25 set subnet 10.25.70.0 255.255.254.0 next edit "Security_27_Elmcrest" set associated-interface "inside" set color 25 set subnet 10.27.70.0 255.255.254.0 next edit "Security_28_Latin" set associated-interface "inside" set color 25 set subnet 10.28.70.0 255.255.254.0 next edit "Security_29_Huntington" set associated-interface "inside" set color 25 set subnet 10.29.70.0 255.255.254.0 next edit "Security_30_SalemHyde" set associated-interface "inside" set color 25 set subnet 10.30.70.0 255.255.254.0 next edit "Security_33_LeMoyne" set associated-interface "inside" set color 25 set subnet 10.33.70.0 255.255.254.0 next edit "Security_34_DrWeeks" set associated-interface "inside" set color 25 set subnet 10.34.70.0 255.255.254.0 next edit "Security_36_McKinley" set associated-interface "inside" set color 25 set subnet 10.36.70.0 255.255.254.0 next edit "Security_37_Meachem" set associated-interface "inside" set color 25 set subnet 10.37.70.0 255.255.254.0 next edit "Security_40_Porter" set associated-interface "inside" set color 25 set subnet 10.40.70.0 255.255.254.0 next edit "Security_41_BOVA" set associated-interface "inside" set color 25 set subnet 10.41.70.0 255.255.254.0 next edit "Security_42_Roberts" set associated-interface "inside" set color 25 set subnet 10.42.70.0 255.255.254.0 next edit "Security_44_Seymour" set associated-interface "inside" set color 25 set subnet 10.44.70.0 255.255.254.0 next edit "Security_45_EdSmith" set associated-interface "inside" set color 25 set subnet 10.45.70.0 255.255.254.0 next edit "Security_46_Phoenix" set associated-interface "inside" set color 25 set subnet 10.46.70.0 255.255.254.0 next edit "Security_47_McCarthy" set associated-interface "inside" set color 25 set subnet 10.47.70.0 255.255.254.0 next edit "Security_48_Beard" set associated-interface "inside" set color 25 set subnet 10.48.70.0 255.255.254.0 next edit "Security_49_VanDuyn" set associated-interface "inside" set color 25 set subnet 10.49.70.0 255.255.254.0 next edit "Security_51_Webster" set associated-interface "inside" set color 25 set subnet 10.51.70.0 255.255.254.0 next edit "Security_53_Blodgett" set associated-interface "inside" set color 25 set subnet 10.53.70.0 255.255.254.0 next edit "Security_54_JVC" set associated-interface "inside" set color 25 set subnet 10.54.70.0 255.255.254.0 next edit "Security_55_CentralOffice" set associated-interface "inside" set color 25 set subnet 10.55.70.0 255.255.254.0 next edit "Security_56_SSC" set associated-interface "inside" set color 25 set subnet 10.56.70.0 255.255.254.0 next edit "Security_57_Transportation" set associated-interface "inside" set color 25 set subnet 10.57.70.0 255.255.254.0 next edit "Security_60_PDC" set associated-interface "inside" set color 25 set subnet 10.60.70.0 255.255.254.0 next edit "Security_86_StLucy" set associated-interface "inside" set color 25 set subnet 10.86.70.0 255.255.254.0 next edit "psdevdb1" set comment "Peoplesoft" set associated-interface "inside" set color 20 set subnet 10.1.18.136 255.255.255.255 next edit "hypprodweb1" set comment "Hyperion" set associated-interface "inside" set color 22 set subnet 10.1.18.84 255.255.255.255 next edit "psprddb1" set comment "Peoplesoft" set associated-interface "inside" set color 20 set subnet 10.1.18.138 255.255.255.255 next edit "psqasdb1" set comment "Peoplesoft" set associated-interface "inside" set color 20 set subnet 10.1.18.137 255.255.255.255 next edit "psdevfin" set comment "Peoplesoft" set associated-interface "inside" set color 20 set subnet 10.1.18.122 255.255.255.255 next edit "psdevhcm" set comment "Peoplesoft" set associated-interface "inside" set color 20 set subnet 10.1.18.125 255.255.255.255 next edit "psprdess" set comment "Peoplesoft" set associated-interface "inside" set color 20 set subnet 10.1.18.200 255.255.255.255 next edit "psprdfin" set comment "Peoplesoft" set associated-interface "inside" set color 20 set subnet 10.1.18.120 255.255.255.255 next edit "psprdhcm" set comment "Peoplesoft" set associated-interface "inside" set color 20 set subnet 10.1.18.123 255.255.255.255 next edit "psprdrpx" set comment "Peoplesoft" set associated-interface "inside" set color 20 set subnet 10.1.18.201 255.255.255.255 next edit "psqasfin" set comment "Peoplesoft" set associated-interface "inside" set color 20 set subnet 10.1.18.121 255.255.255.255 next edit "psqashcm" set comment "Peoplesoft" set associated-interface "inside" set color 20 set subnet 10.1.18.124 255.255.255.255 next edit "pstools" set comment "Peoplesoft" set associated-interface "inside" set color 20 set subnet 10.1.18.130 255.255.255.255 next edit "hypprodweb2" set comment "Hyperion" set associated-interface "inside" set color 22 set subnet 10.1.18.85 255.255.255.255 next edit "hypprodess" set comment "Hyperion" set associated-interface "inside" set color 22 set subnet 10.1.18.83 255.255.255.255 next edit "hypprodwin7" set comment "Hyperion" set associated-interface "inside" set color 22 set subnet 10.1.18.86 255.255.255.255 next edit "psnagus" set comment "Peoplesoft" set associated-interface "inside" set color 20 set subnet 10.1.18.131 255.255.255.255 next edit "psupgfin" set comment "Peoplesoft" set associated-interface "inside" set color 20 set subnet 10.1.18.150 255.255.255.255 next edit "psupghcm" set comment "Peoplesoft" set associated-interface "inside" set color 20 set subnet 10.1.18.151 255.255.255.255 next edit "hypdeveb" set comment "Hyperion" set associated-interface "inside" set color 22 set subnet 10.1.18.50 255.255.255.255 next edit "hypdevw1" set comment "Hyperion" set associated-interface "inside" set color 22 set subnet 10.1.18.51 255.255.255.255 next edit "hypdevw3" set comment "Hyperion" set associated-interface "inside" set color 22 set subnet 10.1.18.59 255.255.255.255 next edit "hypprdeb" set comment "Hyperion" set associated-interface "inside" set color 22 set subnet 10.1.18.53 255.255.255.255 next edit "hypprdw1" set comment "Hyperion" set associated-interface "inside" set color 22 set subnet 10.1.18.54 255.255.255.255 next edit "hypprdw2" set comment "Hyperion" set associated-interface "inside" set color 22 set subnet 10.1.18.55 255.255.255.255 next edit "hypqaeb" set comment "Hyperion" set associated-interface "inside" set color 22 set subnet 10.1.18.56 255.255.255.255 next edit "hypqaw1" set comment "Hyperion" set associated-interface "inside" set color 22 set subnet 10.1.18.57 255.255.255.255 next edit "hypqaw2" set comment "Hyperion" set associated-interface "inside" set color 22 set subnet 10.1.18.58 255.255.255.255 next edit "Nighttime_Inside" set comment "Nighttime sends backups" set associated-interface "inside" set subnet 10.1.40.191 255.255.255.255 next edit "411app" set associated-interface "inside" set subnet 10.1.40.216 255.255.255.255 next edit "411sql" set associated-interface "inside" set subnet 10.1.40.225 255.255.255.255 next edit "DocHolliday" set comment "WebCRD Server" set associated-interface "inside" set subnet 10.1.48.78 255.255.255.255 next edit "Day_Continuum_Server" set comment "Day Automation" set associated-interface "inside" set color 10 set subnet 10.1.40.188 255.255.255.255 next edit "Genetec" set associated-interface "inside" set subnet 10.1.70.30 255.255.255.255 next edit "DC01_A" set comment "Domain Controller for DNS and LDAP" set associated-interface "inside" set color 14 set subnet 10.1.40.10 255.255.255.255 next edit "DC01_B" set comment "Domain Controller for DNS and LDAP" set associated-interface "inside" set color 14 set subnet 10.1.40.95 255.255.255.255 next edit "DC01_C" set comment "Domain Controller for DNS and LDAP" set associated-interface "inside" set color 14 set subnet 10.1.48.120 255.255.255.255 next edit "HVDC02" set comment "Domain Controller for DNS and LDAP" set associated-interface "inside" set color 14 set subnet 10.21.48.10 255.255.255.255 next edit "HVDC03_A" set comment "Domain Controller for DNS and LDAP" set associated-interface "inside" set color 14 set subnet 10.1.48.95 255.255.255.255 next edit "HVDC03_B" set comment "Domain Controller for DNS and LDAP" set associated-interface "inside" set color 14 set subnet 10.1.48.10 255.255.255.255 next edit "Tim PC" set associated-interface "inside" set subnet 10.1.7.137 255.255.255.255 next edit "CGR_16_Bellevue" set comment "City Lights CGR - 16_Bellevue" set associated-interface "inside" set color 28 set subnet 10.16.233.11 255.255.255.255 next edit "CGR_55_CentralOffice" set comment "City Lights CGR - 55_Central Offices" set associated-interface "inside" set color 28 set subnet 10.55.233.11 255.255.255.255 next edit "CGR_45_EdSmith" set comment "City Lights CGR - 45_EdSmith" set associated-interface "inside" set color 28 set subnet 10.45.233.11 255.255.255.255 next edit "CGR_23_Elmwood" set comment "City Lights CGR - 23_Elmwood" set associated-interface "inside" set color 28 set subnet 10.23.233.11 255.255.255.255 next edit "CGR_24_Franklin" set comment "City Lights CGR - 24_Franklin" set associated-interface "inside" set color 28 set subnet 10.24.233.11 255.255.255.255 next edit "CGR_29_Huntington" set comment "City Lights CGR - 29_Huntington" set associated-interface "inside" set color 28 set subnet 10.29.233.11 255.255.255.255 next edit "CGR_15_HWSmith" set comment "City Lights CGR - 15_HWSmith" set associated-interface "inside" set color 28 set subnet 10.15.233.11 255.255.255.255 next edit "CGR_48_Beard" set comment "City Lights CGR - 48_Beard" set associated-interface "inside" set color 28 set subnet 10.48.233.11 255.255.255.255 next edit "CGR_36_McKinley" set comment "City Lights CGR - 36_McKinley" set associated-interface "inside" set color 28 set subnet 10.36.233.11 255.255.255.255 next edit "CGR_37_Meachem" set comment "City Lights CGR - 37_Meachem" set associated-interface "inside" set color 28 set subnet 10.37.233.11 255.255.255.255 next edit "CGR_40_Porter" set comment "City Lights CGR - 40_Porter" set associated-interface "inside" set color 28 set subnet 10.40.233.11 255.255.255.255 next edit "CGR_30_SalemHyde" set comment "City Lights CGR - 30_SalemHyde" set associated-interface "inside" set color 28 set subnet 10.30.233.11 255.255.255.255 next edit "CGR_44_Seymour" set comment "City Lights CGR - 44_Seymour" set associated-interface "inside" set color 28 set subnet 10.44.233.11 255.255.255.255 next edit "CGR_49_VanDuyn" set comment "City Lights CGR - 49_VanDuyn" set associated-interface "inside" set color 28 set subnet 10.49.233.11 255.255.255.255 next edit "CGR_51_Webster" set comment "City Lights CGR - 51_Webster" set associated-interface "inside" set color 28 set subnet 10.51.233.11 255.255.255.255 next edit "z_BlockIP_000" set associated-interface "outside" set color 6 set subnet 103.117.232.199 255.255.255.255 next edit "hypdevw2" set comment "Hyperion" set associated-interface "inside" set color 22 set subnet 10.1.18.52 255.255.255.255 next edit "Access_Control_01_NOC" set comment "01_NOC_Access_Control" set associated-interface "inside" set color 29 set subnet 10.1.72.0 255.255.255.0 next edit "Access_Control_02_ITC" set comment "02_ITC_Access_Control" set associated-interface "inside" set color 29 set subnet 10.2.72.0 255.255.255.0 next edit "Access_Control_03_PSLA" set comment "Access Control PSLA at Fowler" set associated-interface "inside" set color 29 set subnet 10.3.72.0 255.255.255.0 next edit "Access_Control_04_Nottingham" set comment "Access Control Nottingham" set associated-interface "inside" set color 29 set subnet 10.4.72.0 255.255.255.0 next edit "Access_Control_06_Henninger" set comment "Access Control Henninger" set associated-interface "inside" set color 29 set subnet 10.6.72.0 255.255.255.0 next edit "Access_Control_07_Corcoran" set comment "Access Control Corcoran" set associated-interface "inside" set color 29 set subnet 10.7.72.0 255.255.255.0 next edit "Access_Control_08_Clary" set comment "Access Control Clary" set associated-interface "inside" set color 29 set subnet 10.8.72.0 255.255.255.0 next edit "Access_Control_09_Grant" set comment "Access Control Grant" set associated-interface "inside" set color 29 set subnet 10.9.72.0 255.255.255.0 next edit "Access_Control_10_Levy" set comment "Access Control Levy" set associated-interface "inside" set color 29 set subnet 10.10.72.0 255.255.255.0 next edit "Access_Control_40_Porter" set comment "Access Control Porter" set associated-interface "inside" set color 29 set subnet 10.40.72.0 255.255.255.0 next edit "PeopleTools" set comment "Peoplesoft" set associated-interface "inside" set color 20 set subnet 10.1.18.100 255.255.255.255 next edit "psupgfin2" set comment "Peoplesoft" set associated-interface "inside" set color 20 set subnet 10.1.18.117 255.255.255.255 next edit "psupghcm2" set comment "Peoplesoft" set associated-interface "inside" set color 20 set subnet 10.1.18.116 255.255.255.255 next edit "pum_a" set comment "Peoplesoft" set associated-interface "inside" set color 20 set subnet 10.1.18.111 255.255.255.255 next edit "pum_b" set comment "Peoplesoft" set associated-interface "inside" set color 20 set subnet 10.1.18.112 255.255.255.255 next edit "SMTP_Office365_a" set comment "Microsoft to Barracuda Archivers" set associated-interface "outside" set subnet 104.47.0.0 255.255.128.0 next edit "SMTP_Office365_b" set comment "Microsoft to Barracuda Archivers" set associated-interface "outside" set subnet 40.92.0.0 255.254.0.0 next edit "SMTP_Office365_c" set comment "Microsoft to Barracuda Archivers" set associated-interface "outside" set subnet 40.107.0.0 255.255.0.0 next edit "SMTP_Office365_d" set comment "Microsoft to Barracuda Archivers" set associated-interface "outside" set subnet 52.100.0.0 255.252.0.0 next edit "City_Side_VoIP_30" set comment "City Side VoIP" set associated-interface "city_phones" set color 28 set allow-routing enable set subnet 10.250.30.0 255.255.255.0 next edit "City_Side_VoIP_56" set comment "City Side VoIP" set associated-interface "city_phones" set color 28 set allow-routing enable set subnet 10.250.56.0 255.255.255.0 next edit "City_Side_VoIP_61" set comment "City Side VoIP" set associated-interface "city_phones" set color 28 set allow-routing enable set subnet 10.250.61.0 255.255.255.0 next edit "City_Side_VoIP_62" set comment "City Side VoIP" set associated-interface "city_phones" set color 28 set allow-routing enable set subnet 10.250.62.0 255.255.255.0 next edit "City_Side_VoIP_63" set comment "City Side VoIP" set associated-interface "city_phones" set color 28 set allow-routing enable set subnet 10.250.63.0 255.255.255.0 next edit "City_Side_VoIP_64" set comment "City Side VoIP" set associated-interface "city_phones" set color 28 set allow-routing enable set subnet 10.250.64.0 255.255.255.0 next edit "City_Side_VoIP_65" set comment "City Side VoIP" set associated-interface "city_phones" set color 28 set allow-routing enable set subnet 10.250.65.0 255.255.255.0 next edit "City_Side_VoIP_66" set comment "City Side VoIP" set associated-interface "city_phones" set color 28 set allow-routing enable set subnet 10.250.66.0 255.255.255.0 next edit "City_Side_VoIP_67" set comment "City Side VoIP" set associated-interface "city_phones" set color 28 set allow-routing enable set subnet 10.250.67.0 255.255.255.0 next edit "City_Side_VoIP_68" set comment "City Side VoIP" set associated-interface "city_phones" set color 28 set allow-routing enable set subnet 10.250.68.0 255.255.255.0 next edit "City_Side_VoIP_72" set comment "City Side VoIP" set associated-interface "city_phones" set color 28 set allow-routing enable set subnet 10.250.72.0 255.255.255.0 next edit "City_Side_VoIP_74" set comment "City Side VoIP" set associated-interface "city_phones" set color 28 set allow-routing enable set subnet 10.250.74.0 255.255.255.0 next edit "City_Side_VoIP_75" set comment "City Side VoIP" set associated-interface "city_phones" set color 28 set allow-routing enable set subnet 10.250.75.0 255.255.255.0 next edit "City_Side_VoIP_76" set comment "City Side VoIP" set associated-interface "city_phones" set color 28 set allow-routing enable set subnet 10.250.76.0 255.255.255.0 next edit "City_Side_VoIP_77" set comment "City Side VoIP - Includes DPW Router" set associated-interface "city_phones" set color 28 set allow-routing enable set subnet 10.250.77.0 255.255.255.0 next edit "City_Side_VoIP_88" set comment "City Side VoIP" set associated-interface "city_phones" set color 28 set allow-routing enable set subnet 10.250.88.0 255.255.255.0 next edit "City_Side_VoIP_132" set comment "City Side VoIP" set associated-interface "city_phones" set color 28 set allow-routing enable set subnet 10.250.132.0 255.255.255.0 next edit "City_Side_VoIP_1_Park_Place_A" set comment "City Side VoIP" set associated-interface "city_phones" set color 28 set allow-routing enable set subnet 10.249.0.44 255.255.255.255 next edit "CUCM_BRIGHTON" set comment "SCSD Cisco Call Managers" set associated-interface "inside" set color 5 set subnet 10.21.150.0 255.255.255.0 next edit "CUCM_ITC_NOC" set comment "SCSD Cisco Call Managers" set associated-interface "inside" set color 5 set subnet 10.1.150.0 255.255.255.0 next edit "City_Side_VoIP_1_Park_Place_B" set comment "City Side VoIP" set associated-interface "city_phones" set color 28 set allow-routing enable set subnet 10.235.40.0 255.255.248.0 next edit "City_Side_VoIP_Router_A" set comment "City Side VoIP Router" set associated-interface "city_phones" set color 28 set allow-routing enable set subnet 10.250.51.21 255.255.255.255 next edit "City_Side_VoIP_Router_B" set comment "City Side VoIP Router" set associated-interface "city_phones" set color 28 set allow-routing enable set subnet 10.250.51.23 255.255.255.255 next edit "SPD_Side_A" set comment "SPD Side Firewall" set associated-interface "city_phones" set color 2 set allow-routing enable set subnet 10.250.100.80 255.255.255.248 next edit "SPD_Side_B" set comment "SPD Side Firewall" set associated-interface "city_phones" set color 2 set allow-routing enable set subnet 10.250.100.88 255.255.255.254 next edit "County_Network" set comment "Onondaga County Purchasing Department" set associated-interface "city_phones" set allow-routing enable set subnet 10.250.100.90 255.255.255.255 next edit "City_Side_VoIP_Water_DPW_Recorder" set comment "City Side VoIP" set associated-interface "city_phones" set color 28 set allow-routing enable set subnet 10.249.0.46 255.255.255.255 next edit "Microsoft 1" set comment "Located in India" set associated-interface "outside" set subnet 13.71.55.58 255.255.255.255 next edit "NVR-NOC" set comment "NVR ITC Data Center" set associated-interface "inside" set color 2 set allow-routing enable set subnet 10.1.70.38 255.255.255.255 next edit "NVR-FAILOVER" set comment "NVR ITC Data Center" set associated-interface "inside" set color 2 set allow-routing enable set subnet 10.1.70.27 255.255.255.255 next edit "NVR-RING1-CLAR" set comment "NVR Clary MDF" set associated-interface "inside" set color 2 set allow-routing enable set subnet 10.8.70.11 255.255.255.255 next edit "NVR-RING1-CLAR2" set comment "NVR Clary MDF" set associated-interface "inside" set color 2 set allow-routing enable set subnet 10.8.70.14 255.255.255.255 next edit "NVR-RING1-CORC" set comment "NVR Corcoran MDF" set associated-interface "inside" set color 2 set allow-routing enable set subnet 10.7.70.11 255.255.255.255 next edit "NVR-RING1-CORC2" set comment "NVR Corcoran MDF" set associated-interface "inside" set color 2 set allow-routing enable set subnet 10.7.70.14 255.255.255.255 next edit "NVR-RING2-DANF" set comment "NVR Danforth MDF" set associated-interface "inside" set color 2 set allow-routing enable set subnet 10.21.70.11 255.255.255.255 next edit "NVR-RING2-DANF2" set comment "NVR Danforth MDF" set associated-interface "inside" set color 2 set allow-routing enable set subnet 10.21.70.14 255.255.255.255 next edit "NVR-RING3-PSLA" set comment "NVR PSLA MDF" set associated-interface "inside" set color 2 set allow-routing enable set subnet 10.3.70.11 255.255.255.255 next edit "NVR-RING3-PSLA2" set comment "NVR PSLA MDF" set associated-interface "inside" set color 2 set allow-routing enable set subnet 10.3.70.14 255.255.255.255 next edit "NVR-RING4-BLOD" set comment "NVR Blodgett MDF" set associated-interface "inside" set color 2 set allow-routing enable set subnet 10.53.70.11 255.255.255.255 next edit "NVR-RING4-FRAZ" set comment "NVR Frazier MDF" set associated-interface "inside" set color 2 set allow-routing enable set subnet 10.25.70.11 255.255.255.255 next edit "NVR-RING5-CENT" set comment "NVR Central Offices MDF" set associated-interface "inside" set color 2 set allow-routing enable set subnet 10.55.70.11 255.255.255.255 next edit "NVR-RING6-EDSM" set comment "NVR Ed Smith MDF" set associated-interface "inside" set color 2 set allow-routing enable set subnet 10.45.70.11 255.255.255.255 next edit "NVR-RING6-HWSM" set comment "NVR HW Smith MDF" set associated-interface "inside" set color 2 set allow-routing enable set subnet 10.15.70.11 255.255.255.255 next edit "NVR-RING6-HWSM2" set comment "NVR HW Smith MDF" set associated-interface "inside" set color 2 set allow-routing enable set subnet 10.15.70.14 255.255.255.255 next edit "NVR-RING6-NOTT" set comment "NVR Nottingham MDF" set associated-interface "inside" set color 2 set allow-routing enable set subnet 10.4.70.11 255.255.255.255 next edit "NVR-RING7-BELL" set comment "NVR Bellevue MDF" set associated-interface "inside" set color 2 set allow-routing enable set subnet 10.16.70.11 255.255.255.255 next edit "NVR-RING7-GRAN" set comment "NVR Grant 2nd Floor IDF" set associated-interface "inside" set color 2 set allow-routing enable set subnet 10.9.70.11 255.255.255.255 next edit "NVR-RING7-GRAN2" set comment "NVR Grant 2nd Floor IDF" set associated-interface "inside" set color 2 set allow-routing enable set subnet 10.9.70.14 255.255.255.255 next edit "NVR-RING8-HENN" set comment "NVR Henninger MDF" set associated-interface "inside" set color 2 set allow-routing enable set subnet 10.6.70.11 255.255.255.255 next edit "NVR-RING8-HENN2" set comment "NVR Henninger MDF" set associated-interface "inside" set color 2 set allow-routing enable set subnet 10.6.70.14 255.255.255.255 next edit "NVR-RING8-HUNT" set comment "NVR Huntington MDF" set associated-interface "inside" set color 2 set allow-routing enable set subnet 10.29.70.11 255.255.255.255 next edit "Genetec-Dir" set comment "Genetec Directory" set associated-interface "inside" set color 2 set allow-routing enable set subnet 10.1.70.141 255.255.255.255 next edit "Genetec-DirBU" set comment "Genetec Directory Backup" set associated-interface "inside" set color 2 set allow-routing enable set subnet 10.1.70.22 255.255.255.255 next edit "Genetec-Media" set comment "Genetec Media Server" set associated-interface "inside" set color 2 set allow-routing enable set subnet 10.1.70.143 255.255.255.255 next edit "Genetec-MRouter" set comment "Genetec Media Server" set associated-interface "inside" set color 2 set allow-routing enable set subnet 10.1.70.145 255.255.255.255 next edit "MS_Teams_External_A" set comment "MS Teams for SBC" set associated-interface "outside" set subnet 13.107.64.0 255.255.192.0 next edit "MS_Teams_External_B" set comment "MS Teams for SBC" set associated-interface "outside" set subnet 52.112.0.0 255.252.0.0 next edit "SBC-NOC" set associated-interface "inside" set allow-routing enable set subnet 10.1.150.21 255.255.255.255 next edit "SBC-DAN" set comment "Moved to Brighton Academy 09FEB2024" set associated-interface "inside" set allow-routing enable set subnet 10.1.150.22 255.255.255.255 next edit "DataTools" set comment "ODBC Connection to ST DB" set associated-interface "inside" set allow-routing enable set subnet 10.1.48.67 255.255.255.255 next edit "ST_Internal_2" set associated-interface "inside" set allow-routing enable set subnet 10.1.40.191 255.255.255.255 next edit "Tableau" set comment "ODBC connections to ST DB" set associated-interface "inside" set subnet 10.1.48.61 255.255.255.255 next edit "21JumpSt" set comment "Jumpbox for SchoolTool" set associated-interface "inside" set subnet 10.1.48.128 255.255.255.255 next edit "Fileserver03" set comment "Cloud ST to write SMB Here" set associated-interface "inside" set subnet 10.1.48.97 255.255.255.255 next edit "SchoolTool webjs" set comment "SchoolTool" set associated-interface "inside" set color 18 set subnet 10.1.40.102 255.255.255.255 next edit "Safeschools_02" set comment "IP address for Safe Schools video training. Used to access LDAP authentication." set subnet 18.219.244.165 255.255.255.255 next edit "Server_40" set associated-interface "inside" set subnet 10.1.40.0 255.255.255.0 next edit "Server_48" set associated-interface "inside" set subnet 10.1.48.0 255.255.255.0 next edit "Test_10.10.1.20" set subnet 10.10.1.20 255.255.255.255 next edit "AW_inbound.us002-prod.arcticwolf.net" set type iprange set comment "Arctic Wolf" set associated-interface "outside" set start-ip 3.145.238.128 set end-ip 3.145.238.159 next edit "AW_device-activation.us-global-prod.arcticwolf.net" set type iprange set comment "Arctic Wolf" set associated-interface "outside" set start-ip 35.84.197.208 set end-ip 35.84.197.228 next edit "AW_drs.us-global-prod.arcticwolf.net" set type iprange set comment "Arctic Wolf" set associated-interface "outside" set start-ip 44.239.235.232 set end-ip 44.239.235.239 next edit "AW_auth.arcticwolf.com" set type fqdn set comment "Arctic Wolf" set associated-interface "outside" set fqdn "auth.arcticwolf.com" next edit "AW_Scanner_MerryChristmas" set associated-interface "inside" set subnet 10.1.40.222 255.255.255.255 next edit "DPS_local_subnet_1" set allow-routing enable next edit "DPS_remote_subnet_1" set allow-routing enable next edit "Schroeder _CT_NOC_CVM" set comment "Nutanix CVM" set associated-interface "inside" set subnet 10.1.40.181 255.255.255.255 next edit "Pigpen_CT_NOC_CVM" set comment "Nutanix CVM" set associated-interface "inside" set subnet 10.101.180.26 255.255.255.255 next edit "RedBaron_CT_NOC_CVM" set comment "Nutanix CVM" set associated-interface "inside" set subnet 10.101.180.27 255.255.255.255 next edit "Sally_CT_NOC_CVM" set comment "Nutanix CVM" set associated-interface "inside" set subnet 10.101.180.29 255.255.255.255 next edit "Patty_CT_NOC_CVM" set comment "Nutanix CVM" set associated-interface "inside" set subnet 10.101.180.30 255.255.255.255 next edit "Nutanix_Support1" set type fqdn set associated-interface "outside" set fqdn "nsc01.nutanix.net" next edit "Nutanix_Support2" set type fqdn set associated-interface "outside" set fqdn "nsc02.nutanix.net" next edit "z_BlockIP_138" set associated-interface "outside" set color 6 set subnet 172.86.91.155 255.255.255.255 next edit "z_BlockIP_139" set associated-interface "outside" set color 6 set subnet 103.35.189.221 255.255.255.255 next edit "z_BlockIP_140" set associated-interface "outside" set color 6 set subnet 94.131.101.15 255.255.255.255 next edit "z_BlockIP_142" set associated-interface "outside" set color 6 set subnet 103.35.189.104 255.255.255.255 next edit "z_BlockIP_143" set associated-interface "outside" set color 6 set subnet 172.86.112.56 255.255.255.255 next edit "z_BlockIP_144" set associated-interface "outside" set color 6 set subnet 194.116.173.199 255.255.255.255 next edit "z_BlockIP_145" set associated-interface "outside" set color 6 set subnet 172.86.84.61 255.255.255.255 next edit "z_BlockIP_146" set associated-interface "outside" set color 6 set subnet 103.35.188.34 255.255.255.255 next edit "z_BlockIP_147" set associated-interface "outside" set color 6 set subnet 74.119.194.18 255.255.255.255 next edit "z_BlockIP_148" set associated-interface "outside" set color 6 set subnet 141.98.168.11 255.255.255.255 next edit "z_BlockIP_149" set associated-interface "outside" set color 6 set subnet 103.35.188.74 255.255.255.255 next edit "z_BlockIP_150" set associated-interface "outside" set color 6 set subnet 5.180.24.94 255.255.255.255 next edit "z_BlockIP_151" set associated-interface "outside" set color 6 set subnet 141.98.168.14 255.255.255.255 next edit "z_BlockIP_" set associated-interface "outside" set color 6 set subnet 45.150.65.206 255.255.255.255 next edit "z_BlockRange_01" set type iprange set associated-interface "outside" set color 6 set start-ip 103.35.188.0 set end-ip 103.35.189.255 next edit "z_BlockRange_02" set type iprange set associated-interface "outside" set color 6 set start-ip 172.86.84.0 set end-ip 172.86.84.255 next edit "z_BlockRange_03" set type iprange set associated-interface "outside" set color 6 set start-ip 194.116.173.0 set end-ip 194.116.173.255 next edit "z_BlockSub_040" set associated-interface "outside" set color 6 set subnet 74.119.194.0 255.255.255.0 next edit "z_BlockSub_041" set associated-interface "outside" set color 6 set subnet 141.98.168.0 255.255.255.0 next edit "z_BlockSub_042" set associated-interface "outside" set color 6 set subnet 5.180.24.0 255.255.255.0 next edit "ITC_Cafe_POS" set comment "Point of Sale" set associated-interface "inside" set subnet 10.2.4.125 255.255.255.255 next edit "Clary_POS" set comment "Point of Sale" set associated-interface "inside" set subnet 10.8.1.47 255.255.255.255 next edit "Porter_POS" set comment "Point of Sale" set associated-interface "inside" set subnet 10.40.1.69 255.255.255.255 next edit "AW_Scanner _HappyHalloween" set comment "Scanner for Servers Only" set associated-interface "inside" set subnet 10.1.40.211 255.255.255.255 next edit "AW_Scanner_HappyNewYear" set associated-interface "inside" set subnet 10.1.40.23 255.255.255.255 next edit "AW_Scanner_DiaDeLosMuertos" set associated-interface "inside" set subnet 10.1.40.223 255.255.255.255 next edit "AW_Scanner_LaborDay" set associated-interface "inside" set subnet 10.1.40.241 255.255.255.255 next edit "RAP_10.67.0.0/16" set associated-interface "RAP" set allow-routing enable set subnet 10.67.0.0 255.255.0.0 next edit "RAP-MGMT" set allow-routing enable set subnet 192.168.67.0 255.255.255.0 next edit "Sys-Net-Admins" set allow-routing enable set subnet 10.1.6.0 255.255.255.0 next edit "Elastic" set subnet 10.1.48.121 255.255.255.255 next edit "DPS_10.46.0.0/16" set allow-routing enable set subnet 10.46.0.0 255.255.0.0 next edit "DPS_Mgmt" set subnet 192.168.46.0 255.255.255.0 next edit "DPS_192.168.146.0/24" set allow-routing enable set subnet 192.168.146.0 255.255.255.0 next edit "z_BlockIP_152" set associated-interface "outside" set color 6 set subnet 107.172.59.44 255.255.255.255 next edit "IoT - Core" set allow-routing enable set subnet 10.1.30.0 255.255.254.0 next edit "ipad_test" set subnet 10.14.112.94 255.255.255.255 next edit "RAPpublic" set subnet 24.105.188.54 255.255.255.255 next edit "RAP-FW-Inside" set allow-routing enable set subnet 192.168.167.0 255.255.255.0 next edit "NOCTI" set type fqdn set associated-interface "outside" set fqdn "nocti.org" next edit "Shea_Secure_Wireless" set type iprange set comment "Test nocti.org" set associated-interface "inside" set start-ip 10.14.112.11 set end-ip 10.14.127.254 next edit "Shea_VLAN_6" set type iprange set comment "Test nocti.org" set associated-interface "inside" set start-ip 10.1.6.20 set end-ip 10.1.6.254 next edit "Corcoran_VLAN_20" set type iprange set associated-interface "inside" set start-ip 10.7.1.20 set end-ip 10.7.7.254 next edit "Corcoran_Secure_Wireless" set type iprange set start-ip 10.7.112.11 set end-ip 10.7.127.254 next edit "Oracle Cloud IP" set comment "Oracle Cloud IP\'s" set associated-interface "outside" set subnet 147.154.0.0 255.255.192.0 next edit "CNYWorks_10.68.0.0/16" set subnet 10.68.0.0 255.255.0.0 next edit "CNYWorks_MGMT" set subnet 192.168.68.0 255.255.255.0 next edit "Centro" set comment "For 411SQL Connection" set associated-interface "outside" set subnet 67.216.0.66 255.255.255.255 next edit "Amazon SMTP East-1" set type fqdn set comment "used for Day Automation/HVAC notifications" set fqdn "email-smtp.us-east-1.amazonaws.com" next edit "SheaVLAN230" set subnet 10.14.230.0 255.255.255.224 next edit "CorcoranVLAN230" set subnet 10.7.230.0 255.255.255.224 next edit "DelawareVLAN230" set subnet 10.22.230.0 255.255.255.224 next edit "ElmwoodVLAN230" set subnet 10.23.230.0 255.255.255.224 next edit "FranklinVLAN230" set subnet 10.24.230.0 255.255.255.224 next edit "LatinVLAN230" set subnet 10.28.230.0 255.255.255.224 next edit "SalemVLAN230" set subnet 10.30.230.0 255.255.255.224 next edit "SeymourVLAN230" set subnet 10.44.230.0 255.255.255.224 next edit "WebsterVLAN230" set subnet 10.51.230.0 255.255.255.224 next edit "FrazerVLAN230" set subnet 10.25.230.0 255.255.255.224 next edit "NottinghamVLAN230" set subnet 10.4.230.0 255.255.255.224 next edit "HenningerVLAN230" set subnet 10.6.230.0 255.255.255.224 next edit "GrantVLAN230" set subnet 10.9.230.0 255.255.255.224 next edit "LincolnVLAN230" set subnet 10.13.230.0 255.255.255.224 next edit "BellevueVLAN230" set subnet 10.16.230.0 255.255.255.224 next edit "KingVLAN230" set subnet 10.20.230.0 255.255.255.224 next edit "BrightonVLAN230" set subnet 10.21.230.0 255.255.255.224 next edit "HuntingtonVLAN230" set subnet 10.29.230.0 255.255.255.224 next edit "EdSmithVLAN230" set subnet 10.45.230.0 255.255.255.224 next edit "BeardVLAN230" set subnet 10.48.230.0 255.255.255.224 next edit "BlodgettVLAN230" set subnet 10.53.230.0 255.255.255.224 next edit "CoVLAN230" set subnet 10.55.230.0 255.255.255.224 next edit "SscVLAN230" set subnet 10.56.230.0 255.255.255.224 next end config firewall multicast-address edit "all_hosts" set start-ip 224.0.0.1 set end-ip 224.0.0.1 next edit "all_routers" set start-ip 224.0.0.2 set end-ip 224.0.0.2 next edit "Bonjour" set start-ip 224.0.0.251 set end-ip 224.0.0.251 next edit "EIGRP" set start-ip 224.0.0.10 set end-ip 224.0.0.10 next edit "OSPF" set start-ip 224.0.0.5 set end-ip 224.0.0.6 next edit "all" set start-ip 224.0.0.0 set end-ip 239.255.255.255 next end config firewall address6 edit "all" next edit "none" set ip6 ::/128 next edit "SSLVPN_TUNNEL_IPv6_ADDR1" set ip6 fdff:ffff::/120 next end config firewall multicast-address6 edit "all" set ip6 ff00::/8 next end config firewall addrgrp edit "IPv4-Private-All-RFC1918" set member "Internal_10.0.0.0_8" "Internal_172.16.0.0_12" "Internal_192.168.0.0_16" next edit "SCHC_Local_Subnets_Group" set member "SCHC_03_PSLA" "SCHC_09_Grant" "SCHC_15_HWSmith" "SCHC_20_DrKing" "SCHC_22_Delaware" "SCHC_24_Franklin" "SCHC_34_DrWeeks" "SCHC_53_Blodgett" set color 8 next edit "SCHC_Remote_Subnets_Group" set member "SCHC_Remote_Subnet_02" "SCHC_Remote_Subnet_01" "SCHC_Remote_Subnet_03" set comment "Syracuse Community Health Center Remote Subnets Group" set color 8 next edit "Country Block" set member "China" "Russia" "Iran" "Belarus" "North Korea" "Nigeria" "Afghanistan" "Brazil" "Columbia" "India" "Indonesia" "Romania" "Thailand" "Turkey" "Vietnam" set color 6 next edit "City_Side_VoIP_Park_Place_Group" set allow-routing enable set member "City_Side_VoIP_1_Park_Place_A" "City_Side_VoIP_1_Park_Place_B" set color 28 next edit "SchoolTool_Cloud_Internal" set member "21JumpSt" "DataTools" "Fileserver03" "Nighttime_Inside" "Tableau" "DC01_A" "DC01_B" "DC01_C" "HVDC03_A" "HVDC03_B" "DocHolliday" "SchoolTool webjs" "Elastic" set comment "Access for SchoolTool Cloud" next edit "Nimble_Inside_Grp" set member "Nimble_Inside_4" "Nimble_Inside_2" "Nimble_Inside_1" "nimble_Inside_3" next edit "SRICBOCES-OUTSIDE" set member "SRIC_BOCES_Server02" "SRIC_BOCES_Firewall" "SRIC_BOCES_Server01" set comment "Eastern Suffolk BOCES" next edit "SPD_Firewalls_Our_Side" set member "SPD_09_Grant" "SPD_48_Beard" "SPD_56_SSC" "SPD_21_Danforth" "SPD_25_Frazer" "SPD_53_Blodgett" "SPD_20_DrKing" "SPD_44_Seymour" "SPD_22_Delaware" "SPD_24_Franklin" set comment "SPD firewalls on our internal network." set color 2 next edit "City_Permited_Subnets_Group" set member "city_permited_subnet_4" "city_permited_subnet_1" "city_permited_subnet_5" "city_permited_subnet_3" "city_permited_subnet_7" set comment "Subnets City is allowed to on our side" set color 28 next edit "City_Subnets_Group" set member "City_Side_Subnet_1" "City_Side_CGR_01" "City_Side_CGR_02" "City_Side_VoIP_Water_DPW_Recorder" set comment "City subnets on their side" set color 28 next edit "Day_Server_Group" set member "Day_Enterprise_Server" "Day_VM_Server" "Day_Continuum_Server" set color 10 next edit "Security_VLAN_70_Group" set member "Security_01_NOC" "Security_02_ITC" "Security_03_PSLA" "Security_04_Nottingham" "Security_06_Henninger" "Security_07_Corcoran" "Security_08_Clary" "Security_09_Grant" "Security_10_Levy" "Security_13_Lincoln" "Security_14_Shea" "Security_15_HWSmith" "Security_16_Bellevue" "Security_20_DrKing" "Security_21_Danforth" "Security_22_Delaware" "Security_23_Elmwood" "Security_24_Franklin" "Security_25_Frazer" "Security_27_Elmcrest" "Security_28_Latin" "Security_29_Huntington" "Security_30_SalemHyde" "Security_33_LeMoyne" "Security_34_DrWeeks" "Security_36_McKinley" "Security_37_Meachem" "Security_40_Porter" "Security_41_BOVA" "Security_42_Roberts" "Security_44_Seymour" "Security_45_EdSmith" "Security_46_Phoenix" "Security_47_McCarthy" "Security_48_Beard" "Security_49_VanDuyn" "Security_51_Webster" "Security_53_Blodgett" "Security_54_JVC" "Security_55_CentralOffice" "Security_56_SSC" "Security_57_Transportation" "Security_60_PDC" "Security_86_StLucy" set color 25 next edit "Peoplesoft_RDP_Group" set member "psdevfin" "psdevhcm" "psprdess" "psprdfin" "psprdhcm" "psprdrpx" "psqasfin" "psqashcm" "pstools" "psnagus" "psupgfin" "psupghcm" "PeopleTools" "psdevdb1" "psprddb1" "psqasdb1" "psupgfin2" "psupghcm2" "pum_a" "pum_b" set color 20 next edit "Hyperion_Server_Group" set member "hypprodess" "hypprodweb1" "hypprodweb2" "hypprodwin7" "hypdeveb" "hypdevw1" "hypdevw3" "hypprdeb" "hypprdw1" "hypprdw2" "hypqaeb" "hypqaw1" "hypqaw2" "hypdevw2" set color 22 next edit "Peoplesoft_SSH_Group" set member "psdevdb1" "psprddb1" "psqasdb1" set color 21 next edit "Safeschools_Group" set member "SafeSchools_01" "Safeschools_02" next edit "411_Group" set member "411app" "411sql" "411App_WebPage" next edit "Domain_Controller_Group" set member "DC01_A" "DC01_B" "DC01_C" "HVDC03_A" "HVDC03_B" set color 14 next edit "City_CGRs_Group" set member "CGR_16_Bellevue" "CGR_55_CentralOffice" "CGR_45_EdSmith" "CGR_23_Elmwood" "CGR_24_Franklin" "CGR_29_Huntington" "CGR_15_HWSmith" "CGR_48_Beard" "CGR_36_McKinley" "CGR_37_Meachem" "CGR_40_Porter" "CGR_30_SalemHyde" "CGR_44_Seymour" "CGR_49_VanDuyn" "CGR_51_Webster" set comment "City CGRs on our side" set color 28 next edit "Block_List_Group" set member "z_BlockIP_001" "z_BlockIP_002" "z_BlockIP_003" "z_BlockIP_004" "z_BlockIP_005" "z_BlockIP_006" "z_BlockIP_008" "z_BlockIP_009" "z_BlockIP_010" "z_BlockIP_011" "z_BlockIP_012" "z_BlockIP_013" "z_BlockIP_014" "z_BlockIP_015" "z_BlockIP_016" "z_BlockIP_017" "z_BlockIP_018" "z_BlockIP_019" "z_BlockIP_020" "z_BlockIP_021" "z_BlockIP_022" "z_BlockIP_024" "z_BlockIP_025" "z_BlockIP_026" "z_BlockIP_027" "z_BlockIP_028" "z_BlockIP_030" "z_BlockIP_031" "z_BlockIP_032" "z_BlockIP_033" "z_BlockIP_034" "z_BlockIP_035" "z_BlockIP_036" "z_BlockIP_037" "z_BlockIP_038" "z_BlockIP_039" "z_BlockIP_040" "z_BlockIP_041" "z_BlockIP_042" "z_BlockIP_043" "z_BlockIP_044" "z_BlockIP_045" "z_BlockIP_046" "z_BlockIP_047" "z_BlockIP_048" "z_BlockIP_052" "z_BlockIP_053" "z_BlockIP_054" "z_BlockIP_055" "z_BlockIP_056" "z_BlockIP_057" "z_BlockIP_058" "z_BlockIP_059" "z_BlockIP_060" "z_BlockIP_061" "z_BlockIP_062" "z_BlockIP_063" "z_BlockIP_064" "z_BlockIP_065" "z_BlockIP_066" "z_BlockIP_067" "z_BlockIP_068" "z_BlockIP_069" "z_BlockIP_070" "z_BlockIP_071" "z_BlockIP_072" "z_BlockIP_073" "z_BlockIP_074" "z_BlockIP_075" "z_BlockIP_076" "z_BlockIP_077" "z_BlockIP_078" "z_BlockIP_079" "z_BlockIP_080" "z_BlockIP_081" "z_BlockIP_082" "z_BlockIP_083" "z_BlockIP_084" "z_BlockIP_085" "z_BlockIP_086" "z_BlockIP_087" "z_BlockIP_088" "z_BlockIP_089" "z_BlockIP_090" "z_BlockIP_091" "z_BlockIP_092" "z_BlockIP_093" "z_BlockIP_094" "z_BlockIP_095" "z_BlockIP_096" "z_BlockIP_097" "z_BlockIP_098" "z_BlockIP_099" "z_BlockIP_100" "z_BlockIP_101" "z_BlockIP_007" "z_BlockIP_049" "z_BlockIP_050" "z_BlockIP_051" "z_BlockIP_103" "z_BlockIP_104" "z_BlockIP_105" "z_BlockIP_106" "z_BlockIP_107" "z_BlockIP_108" "z_BlockIP_109" "z_BlockIP_111" "z_BlockIP_112" "z_BlockIP_113" "z_BlockIP_114" "z_BlockIP_115" "z_BlockIP_116" "z_BlockIP_117" "z_BlockIP_118" "z_BlockIP_119" "z_BlockIP_120" "z_BlockIP_122" "z_BlockIP_125" "z_BlockIP_126" "z_BlockIP_127" "z_BlockIP_128" "z_BlockIP_129" "z_BlockIP_130" "z_BlockIP_131" "z_BlockIP_132" "z_BlockIP_133" "z_BlockSub_001" "z_BlockSub_002" "z_BlockSub_003" "z_BlockSub_004" "z_BlockSub_005" "z_BlockSub_006" "z_BlockSub_007" "z_BlockSub_008" "z_BlockSub_009" "z_BlockSub_010" "z_BlockSub_011" "z_BlockSub_012" "z_BlockSub_013" "z_BlockSub_014" "z_BlockSub_015" "z_BlockSub_016" "z_BlockSub_017" "z_BlockSub_019" "z_BlockSub_020" "z_BlockSub_021" "z_BlockSub_022" "z_BlockSub_024" "z_BlockSub_025" "z_BlockSub_026" "z_BlockSub_027" "z_BlockSub_028" "z_BlockSub_030" "z_BlockSub_031" "z_BlockSub_032" "z_BlockSub_033" "z_BlockSub_034" "z_BlockSub_035" "z_BlockSub_037" "z_BlockSub_038" "z_BlockSub_039" "z_Ryuk_01" "z_Ryuk_02" "z_BlockIP_023" "z_BlockIP_029" "z_BlockIP_134" "z_BlockIP_135" "z_BlockIP_000" "z_BlockIP_138" "z_BlockIP_139" "z_BlockIP_140" "z_BlockIP_141" "z_BlockIP_142" "z_BlockIP_143" "z_BlockIP_144" "z_BlockIP_145" "z_BlockIP_146" "z_BlockIP_147" "z_BlockIP_148" "z_BlockIP_149" "z_BlockIP_150" "z_BlockRange_01" "z_BlockRange_02" "z_BlockRange_03" "z_BlockSub_040" "z_BlockSub_041" "z_BlockSub_042" "z_BlockIP_152" set comment "IPs and Subnets to be blocked as Malicious" set color 6 next edit "City_Side_CGR_Group" set allow-routing enable set member "City_Side_CGR_01" "City_Side_CGR_02" set comment "City Lights CGR Subnets on their side." set color 28 next edit "Access_Control_VLAN_72_Group" set member "Access_Control_40_Porter" "Access_Control_01_NOC" "Access_Control_02_ITC" "Access_Control_03_PSLA" "Access_Control_04_Nottingham" "Access_Control_06_Henninger" "Access_Control_07_Corcoran" "Access_Control_08_Clary" "Access_Control_09_Grant" "Access_Control_10_Levy" set color 25 next edit "SMTP_Office365_Group" set member "SMTP_Office365_a" "SMTP_Office365_b" "SMTP_Office365_c" "SMTP_Office365_d" set comment "Microsoft to Barracuda Archivers" next edit "City_Side_VoIP_Group" set allow-routing enable set member "City_Side_VoIP_30" "City_Side_VoIP_56" "City_Side_VoIP_61" "City_Side_VoIP_62" "City_Side_VoIP_63" "City_Side_VoIP_64" "City_Side_VoIP_65" "City_Side_VoIP_66" "City_Side_VoIP_67" "City_Side_VoIP_68" "City_Side_VoIP_72" "City_Side_VoIP_74" "City_Side_VoIP_75" "City_Side_VoIP_76" "City_Side_VoIP_77" "City_Side_VoIP_88" "City_Side_VoIP_132" "City_Side_VoIP_1_Park_Place_A" "City_Side_VoIP_1_Park_Place_B" "City_Side_VoIP_Router_A" "City_Side_VoIP_Router_B" set comment "City VoIP Group - except Parks and Water Recorder" set color 28 next edit "SPD_Side_Firewall_Group" set allow-routing enable set member "SPD_Side_A" "SPD_Side_B" set comment "IP Range of SPD Side Firewalls" set color 2 next edit "Country Allow" set member "Microsoft 1" next edit "Peoplesoft_Audit_Group" set member "psdevfin" "psdevhcm" "psprdfin" "psprdhcm" "psqasfin" "psqashcm" set comment "Group allowed for PS Auditors" set color 20 next edit "Genetec_Inside_Group" set allow-routing enable set member "NVR-NOC" "NVR-FAILOVER" "NVR-RING1-CLAR" "NVR-RING1-CLAR2" "NVR-RING1-CORC" "NVR-RING1-CORC2" "NVR-RING2-DANF" "NVR-RING2-DANF2" "NVR-RING3-PSLA" "NVR-RING3-PSLA2" "NVR-RING4-BLOD" "NVR-RING4-FRAZ" "NVR-RING5-CENT" "NVR-RING6-EDSM" "NVR-RING6-HWSM" "NVR-RING6-HWSM2" "NVR-RING6-NOTT" "NVR-RING7-BELL" "NVR-RING7-GRAN" "NVR-RING7-GRAN2" "NVR-RING8-HENN" "NVR-RING8-HENN2" "NVR-RING8-HUNT" "Genetec-Dir" "Genetec-DirBU" "Genetec-Media" "Genetec-MRouter" set comment "District NVRs and Genetec Servers for SPD Federation" set color 2 next edit "MS_Teams_External_Group" set member "MS_Teams_External_A" "MS_Teams_External_B" next edit "SchoolTool_AWS_Internal" set allow-routing enable set member "DataTools" "ST_Internal_2" next edit "SchoolTool_AWS_External" set allow-routing enable set member "ST_External_4" "ST_External_5" "ST_External_6" "ST_External_1" "ST_External_2" "ST_External_3" next edit "HighStreet_Local" set member "DataTools" "Nighttime_Inside" set comment "Internal IPs for Highstreet Tunnel" next edit "DPS_local" set allow-routing enable set member "DPS_local_subnet_1" set comment "VPN: DPS (Created by VPN wizard)" next edit "DPS_remote" set allow-routing enable set member "DPS_remote_subnet_1" set comment "VPN: DPS (Created by VPN wizard)" next edit "Nutanix_CVM" set member "Patty_CT_NOC_CVM" "Pigpen_CT_NOC_CVM" "RedBaron_CT_NOC_CVM" "Sally_CT_NOC_CVM" "Schroeder _CT_NOC_CVM" set comment "Nutanix CVM" next edit "Nutanix_Remote_Support" set member "Nutanix_Support1" "Nutanix_Support2" set comment "Nutanix Remote Support Web addresses" next edit "POS_Machines" set member "Clary_POS" "ITC_Cafe_POS" "Porter_POS" set comment "Point of Sale Machines" next edit "NOCTI_Inside" set member "Shea_Secure_Wireless" "Shea_VLAN_6" "Corcoran_VLAN_20" "Corcoran_Secure_Wireless" next edit "VLAN230AddrGroup" set member "SheaVLAN230" "CorcoranVLAN230" "DelawareVLAN230" "ElmwoodVLAN230" "FranklinVLAN230" "LatinVLAN230" "SalemVLAN230" "SeymourVLAN230" "WebsterVLAN230" "FrazerVLAN230" "NottinghamVLAN230" "HenningerVLAN230" "GrantVLAN230" "LincolnVLAN230" "BellevueVLAN230" "KingVLAN230" "BrightonVLAN230" "HuntingtonVLAN230" "EdSmithVLAN230" "BeardVLAN230" "BlodgettVLAN230" "CoVLAN230" "SscVLAN230" next end config firewall wildcard-fqdn custom edit "g-Adobe Login" set wildcard-fqdn "*.adobelogin.com" next edit "g-Gotomeeting" set wildcard-fqdn "*.gotomeeting.com" next edit "g-Windows update 2" set wildcard-fqdn "*.windowsupdate.com" next edit "g-adobe" set wildcard-fqdn "*.adobe.com" next edit "g-android" set wildcard-fqdn "*.android.com" next edit "g-apple" set wildcard-fqdn "*.apple.com" next edit "g-appstore" set wildcard-fqdn "*.appstore.com" next edit "g-auth.gfx.ms" set wildcard-fqdn "*.auth.gfx.ms" next edit "g-autoupdate.opera.com" set wildcard-fqdn "*autoupdate.opera.com" next edit "g-cdn-apple" set wildcard-fqdn "*.cdn-apple.com" next edit "g-citrix" set wildcard-fqdn "*.citrixonline.com" next edit "g-dropbox.com" set wildcard-fqdn "*.dropbox.com" next edit "g-eease" set wildcard-fqdn "*.eease.com" next edit "g-firefox update server" set wildcard-fqdn "aus*.mozilla.org" next edit "g-fortinet" set wildcard-fqdn "*.fortinet.com" next edit "g-google-drive" set wildcard-fqdn "*drive.google.com" next edit "g-google-play" set wildcard-fqdn "*play.google.com" next edit "g-google-play2" set wildcard-fqdn "*.ggpht.com" next edit "g-google-play3" set wildcard-fqdn "*.books.google.com" next edit "g-googleapis.com" set wildcard-fqdn "*.googleapis.com" next edit "g-icloud" set wildcard-fqdn "*.icloud.com" next edit "g-itunes" set wildcard-fqdn "*itunes.apple.com" next edit "g-live.com" set wildcard-fqdn "*.live.com" next edit "g-microsoft" set wildcard-fqdn "*.microsoft.com" next edit "g-mzstatic-apple" set wildcard-fqdn "*.mzstatic.com" next edit "g-skype" set wildcard-fqdn "*.messenger.live.com" next edit "g-softwareupdate.vmware.com" set wildcard-fqdn "*.softwareupdate.vmware.com" next edit "g-swscan.apple.com" set wildcard-fqdn "*swscan.apple.com" next edit "g-update.microsoft.com" set wildcard-fqdn "*update.microsoft.com" next edit "g-verisign" set wildcard-fqdn "*.verisign.com" next edit "YouTube" set wildcard-fqdn "*youtube.com*" next end config firewall service category edit "General" set comment "General services." next edit "Web Access" set comment "Web access." next edit "File Access" set comment "File access." next edit "Email" set comment "Email services." next edit "Network Services" set comment "Network services." next edit "Authentication" set comment "Authentication service." next edit "Remote Access" set comment "Remote access." next edit "Tunneling" set comment "Tunneling service." next edit "VoIP, Messaging & Other Applications" set comment "VoIP, messaging, and other applications." next edit "Web Proxy" set comment "Explicit web proxy." next end config firewall service custom edit "ALL" set category "General" set protocol IP next edit "FTP" set category "File Access" set protocol IP set protocol-number 22 next edit "FTP_GET" set category "File Access" set tcp-portrange 21 next edit "FTP_PUT" set category "File Access" set tcp-portrange 21 next edit "DNS" set category "Network Services" set tcp-portrange 53 set udp-portrange 53 next edit "HTTP" set category "Web Access" set tcp-portrange 80 next edit "HTTPS" set category "Web Access" set tcp-portrange 443 next edit "IMAP" set category "Email" set tcp-portrange 143 next edit "IMAPS" set category "Email" set tcp-portrange 993 next edit "LDAP" set category "Authentication" set tcp-portrange 389 next edit "DCE-RPC" set category "Remote Access" set tcp-portrange 135 set udp-portrange 135 next edit "POP3" set category "Email" set tcp-portrange 110 next edit "POP3S" set category "Email" set tcp-portrange 995 next edit "SAMBA" set category "File Access" set tcp-portrange 139 next edit "SMTP" set category "Email" set tcp-portrange 25 next edit "SMTPS" set category "Email" set tcp-portrange 465 next edit "KERBEROS" set category "Authentication" set tcp-portrange 88 464 set udp-portrange 88 464 next edit "LDAP_UDP" set category "Authentication" set udp-portrange 389 next edit "SMB" set category "File Access" set tcp-portrange 445 next edit "ALL_TCP" set category "General" set tcp-portrange 1-65535 next edit "ALL_UDP" set category "General" set udp-portrange 1-65535 next edit "ALL_ICMP" set category "General" set protocol ICMP unset icmptype next edit "ALL_ICMP6" set category "General" set protocol ICMP6 unset icmptype next edit "GRE" set category "Tunneling" set protocol IP set protocol-number 47 next edit "AH" set category "Tunneling" set protocol IP set protocol-number 51 next edit "ESP" set category "Tunneling" set protocol IP set protocol-number 50 next edit "AOL" set tcp-portrange 5190-5194 next edit "BGP" set category "Network Services" set tcp-portrange 179 next edit "DHCP" set category "Network Services" set udp-portrange 67-68 next edit "FINGER" set tcp-portrange 79 next edit "GOPHER" set tcp-portrange 70 next edit "H323" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1720 1503 set udp-portrange 1719 next edit "IKE" set category "Tunneling" set udp-portrange 500 4500 next edit "Internet-Locator-Service" set tcp-portrange 389 next edit "IRC" set category "VoIP, Messaging & Other Applications" set tcp-portrange 6660-6669 next edit "L2TP" set category "Tunneling" set tcp-portrange 1701 set udp-portrange 1701 next edit "NetMeeting" set tcp-portrange 1720 next edit "NFS" set category "File Access" set tcp-portrange 111 2049 set udp-portrange 111 2049 next edit "NNTP" set tcp-portrange 119 next edit "NTP" set category "Network Services" set tcp-portrange 123 set udp-portrange 123 next edit "OSPF" set category "Network Services" set protocol IP set protocol-number 89 next edit "PC-Anywhere" set category "Remote Access" set tcp-portrange 5631 set udp-portrange 5632 next edit "PING" set category "Network Services" set protocol ICMP set icmptype 8 unset icmpcode next edit "TIMESTAMP" set protocol ICMP set icmptype 13 unset icmpcode next edit "INFO_REQUEST" set protocol ICMP set icmptype 15 unset icmpcode next edit "INFO_ADDRESS" set protocol ICMP set icmptype 17 unset icmpcode next edit "ONC-RPC" set category "Remote Access" set tcp-portrange 111 set udp-portrange 111 next edit "PPTP" set category "Tunneling" set tcp-portrange 1723 next edit "QUAKE" set udp-portrange 26000 27000 27910 27960 next edit "RAUDIO" set udp-portrange 7070 next edit "REXEC" set tcp-portrange 512 next edit "RIP" set category "Network Services" set udp-portrange 520 next edit "RLOGIN" set tcp-portrange 513:512-1023 next edit "RSH" set tcp-portrange 514:512-1023 next edit "SCCP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 2000 next edit "SIP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 5060 set udp-portrange 5060 next edit "SIP-MSNmessenger" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1863 next edit "SNMP" set category "Network Services" set tcp-portrange 161-162 set udp-portrange 161-162 next edit "SSH" set category "Remote Access" set tcp-portrange 22 next edit "SYSLOG" set category "Network Services" set udp-portrange 514 next edit "TALK" set udp-portrange 517-518 next edit "TELNET" set category "Remote Access" set tcp-portrange 23 next edit "TFTP" set category "File Access" set udp-portrange 69 next edit "MGCP" set udp-portrange 2427 2727 next edit "UUCP" set tcp-portrange 540 next edit "VDOLIVE" set tcp-portrange 7000-7010 next edit "WAIS" set tcp-portrange 210 next edit "WINFRAME" set tcp-portrange 1494 2598 next edit "X-WINDOWS" set category "Remote Access" set tcp-portrange 6000-6063 next edit "PING6" set protocol ICMP6 set icmptype 128 unset icmpcode next edit "MS-SQL" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1433 1434 next edit "MYSQL" set category "VoIP, Messaging & Other Applications" set tcp-portrange 3306 next edit "RDP" set category "Remote Access" set tcp-portrange 3389 next edit "VNC" set category "Remote Access" set tcp-portrange 5900 next edit "DHCP6" set category "Network Services" set udp-portrange 546 547 next edit "SQUID" set category "Tunneling" set tcp-portrange 3128 next edit "SOCKS" set category "Tunneling" set tcp-portrange 1080 set udp-portrange 1080 next edit "WINS" set category "Remote Access" set tcp-portrange 1512 set udp-portrange 1512 next edit "RADIUS" set category "Authentication" set udp-portrange 1812 1813 next edit "RADIUS-OLD" set udp-portrange 1645 1646 next edit "CVSPSERVER" set tcp-portrange 2401 set udp-portrange 2401 next edit "AFS3" set category "File Access" set tcp-portrange 7000-7009 set udp-portrange 7000-7009 next edit "TRACEROUTE" set category "Network Services" set udp-portrange 33434-33535 next edit "RTSP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 554 7070 8554 set udp-portrange 554 next edit "MMS" set tcp-portrange 1755 set udp-portrange 1024-5000 next edit "NONE" set tcp-portrange 0 next edit "webproxy" set proxy enable set category "Web Proxy" set protocol ALL set tcp-portrange 0-65535:0-65535 next edit "TCP-109" set tcp-portrange 109 next edit "TCP-1433" set tcp-portrange 1433 next edit "TCP-15000-19999" set tcp-portrange 15000-19999 next edit "TCP-1521" set tcp-portrange 1521 next edit "TCP-1859" set tcp-portrange 1859 next edit "TCP-1935" set tcp-portrange 1935 next edit "TCP-20" set tcp-portrange 20 next edit "TCP-2195" set tcp-portrange 2195 next edit "TCP-2196" set tcp-portrange 2196 next edit "TCP-2525" set tcp-portrange 2525 next edit "TCP-3268" set tcp-portrange 3268 next edit "TCP-3269" set tcp-portrange 3269 next edit "TCP-3520" set tcp-portrange 3520 next edit "TCP-389" set tcp-portrange 389 next edit "TCP-49152-65535" set tcp-portrange 49152-65535 next edit "TCP-5001" set tcp-portrange 5001 next edit "TCP-5060" set tcp-portrange 5060 next edit "TCP-5061" set tcp-portrange 5061 next edit "TCP-5120" set tcp-portrange 5120 next edit "TCP-5122-5127" set tcp-portrange 5122-5127 next edit "TCP-587" set tcp-portrange 587 next edit "TCP-5901" set tcp-portrange 5901 next edit "TCP-5937" set tcp-portrange 5937 next edit "TCP-623" set tcp-portrange 623 next edit "TCP-636" set tcp-portrange 636 next edit "TCP-6502-6510" set tcp-portrange 6502-6510 next edit "TCP-7578" set tcp-portrange 7578 next edit "TCP-7582" set tcp-portrange 7582 next edit "TCP-8000" set tcp-portrange 8000 next edit "TCP-8080" set tcp-portrange 8080 next edit "TCP-8082" set tcp-portrange 8082 next edit "TCP-809" set tcp-portrange 809 next edit "UDP-110" set udp-portrange 110 next edit "UDP-143" set udp-portrange 143 next edit "UDP-1433" set udp-portrange 1433 next edit "UDP-25" set udp-portrange 25 next edit "UDP-2525" set udp-portrange 2525 next edit "UDP-3389" set udp-portrange 3389 next edit "UDP-3478" set udp-portrange 3478 next edit "UDP-443" set udp-portrange 443 next edit "UDP-465" set udp-portrange 465 next edit "UDP-50000-52399" set udp-portrange 50000-52399 next edit "UDP-5001" set udp-portrange 5001 next edit "UDP-587" set udp-portrange 587 next edit "UDP-60000-61799" set udp-portrange 60000-61799 next edit "UDP-623" set udp-portrange 623 next edit "UDP-80" set udp-portrange 80 next edit "UDP-993" set udp-portrange 993 next edit "UDP-995" set udp-portrange 995 next edit "UDP-SRC-1025-65535-DST-3544" set udp-portrange 3544:1025-65535 next edit "UDP-SRC-3544-DST-1025-65535" set udp-portrange 1025-65535:3544 next edit "IP-27" set protocol IP set protocol-number 27 next edit "IP-4" set protocol IP set protocol-number 4 next edit "IP-41" set protocol IP set protocol-number 41 next edit "Webosphere_Data" set category "File Access" set tcp-portrange 41000-41500 next edit "TCP-9000-9100" set tcp-portrange 9000-9100 next edit "TCP_UDP-18443" set comment "VDI desktop" set tcp-portrange 18443 set udp-portrange 18443 next edit "TCP-19000" set tcp-portrange 19000 next edit "TCP_UDP-8100" set tcp-portrange 8100 set udp-portrange 8100 next edit "TCP 5500" set category "General" set comment "SPD Genetec Federation" set tcp-portrange 5500 next edit "TCP 4502" set category "General" set comment "SPD Genetec Federation" set color 2 set tcp-portrange 4502 next edit "Genetec Federation" set category "Network Services" set comment "SPD Genetec Federation" set color 2 set tcp-portrange 5500 4502 554 560 960 5004 next edit "SBC-UDP-Range" set category "Network Services" set comment "For SBC" set udp-portrange 3478-3481 next edit "Zoom UDP Ports" set category "VoIP, Messaging & Other Applications" set comment "Firewall rules for Zoom Phone" set color 2 set fqdn "static.zdassets.com" set udp-portrange 20000-64000:390 20000-64000:5091 49152-65535:8801-8810 49152-65535:3478 49152-65535:3479 next edit "TCP-8443" set tcp-portrange 8443 next edit "TCP-8013" set tcp-portrange 8013 next end config firewall service group edit "Email Access" set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS" next edit "Web Access" set member "DNS" "HTTP" "HTTPS" next edit "Windows AD" set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB" next edit "Exchange Server" set member "DCE-RPC" "DNS" "HTTPS" next edit "ContentKeeper-IPMI-Ports_tcp_3520_2" set member "TCP-3520" next edit "ContentKeeper-IPMI-Ports_tcp_5120_3" set member "TCP-5120" next edit "ContentKeeper-IPMI-Ports_tcp_5122_5127_4" set member "TCP-5122-5127" next edit "ContentKeeper-IPMI-Ports_tcp_5900_5" set member "VNC" next edit "ContentKeeper-IPMI-Ports_tcp_5901_6" set member "TCP-5901" next edit "ContentKeeper-IPMI-Ports_tcp_623_7" set member "TCP-623" next edit "ContentKeeper-IPMI-Ports_tcp_7578_8" set member "TCP-7578" next edit "ContentKeeper-IPMI-Ports_tcp_7582_9" set member "TCP-7582" next edit "ContentKeeper-IPMI-Ports_tcp_www_10" set member "HTTP" next edit "ContentKeeper-Mobility_tcp_8080_2" set member "TCP-8080" next edit "ContentKeeper-Mobility_tcp_993_3" set member "IMAPS" next edit "ContentKeeper_UDP_4500" set member "IKE" next edit "ContentKeeper_UDP_500" set member "IKE" next edit "Day-Server_tcp_6502_6510_2" set member "TCP-6502-6510" next edit "Oracle-SQL_tcp_sqlnet_2" set member "TCP-1521" next edit "POP-2" set member "TCP-109" next edit "POP-3" set member "POP3" next edit "ContentKeeper-IPMI-Ports_tcp_https_11" set member "HTTPS" next edit "ContentKeeper-MGMT-Ports_tcp_https_2" set member "HTTPS" next edit "ContentKeeper-MGMT-Ports_tcp_ssh_3" set member "SSH" next edit "ContentKeeper-Mobility_tcp_https_4" set member "HTTPS" next edit "Airwatch_Services_Group" set member "HTTP" "HTTPS" "Internet-Locator-Service" "SMTP" "SMTPS" "TCP-1433" "TCP-2195" "TCP-2196" "TCP-3268" "TCP-3269" "TCP-636" set comment "Air watch service group" next edit "ContentKeeper-IPMI-Ports" set member "ContentKeeper-IPMI-Ports_tcp_3520_2" "ContentKeeper-IPMI-Ports_tcp_5120_3" "ContentKeeper-IPMI-Ports_tcp_5122_5127_4" "ContentKeeper-IPMI-Ports_tcp_5900_5" "ContentKeeper-IPMI-Ports_tcp_5901_6" "ContentKeeper-IPMI-Ports_tcp_623_7" "ContentKeeper-IPMI-Ports_tcp_7578_8" "ContentKeeper-IPMI-Ports_tcp_7582_9" "ContentKeeper-IPMI-Ports_tcp_www_10" "ContentKeeper-IPMI-Ports_tcp_https_11" set comment "Content Keeper IPMI Ports" next edit "Email_Services_Group" set member "HTTP" "HTTPS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS" "TCP-2525" "TCP-587" "UDP-110" "UDP-143" "UDP-25" "UDP-2525" "UDP-465" "UDP-587" "UDP-993" "UDP-995" next edit "CK_Mobile_Services_Group" set member "HTTPS" "IMAPS" "TCP-8080" "IKE" set color 19 next edit "CK_Support_Services_Group" set member "HTTP" "HTTPS" "SSH" "TCP-3520" "TCP-5120" "TCP-5122-5127" "TCP-5901" "TCP-623" "TCP-7578" "TCP-7582" "VNC" set color 19 next end config firewall internet-service-group edit "Microsoft_ISDB_Both" set member "Microsoft-Azure" "Microsoft-Azure.AD" "Microsoft-Azure.Data.Factory" "Microsoft-Azure.Monitor" "Microsoft-Azure.Power.BI" "Microsoft-Azure.SQL" "Microsoft-Azure.Virtual.Desktop" "Microsoft-Dynamics" "Microsoft-Office365.Published" "Microsoft-Office365.Published.Allow" "Microsoft-Office365.Published.Optimize" "Microsoft-Office365.Published.USGOV" "Microsoft-Outlook" "Microsoft-Skype_Teams" "Microsoft-Teams.Published.Worldwide.Allow" "Microsoft-Teams.Published.Worldwide.Optimize" "Microsoft-WNS" next edit "Microsoft_ISDB_Destination" set direction destination set member "Microsoft-DNS" "Microsoft-FTP" "Microsoft-ICMP" "Microsoft-Inbound_Email" "Microsoft-Intune" "Microsoft-Microsoft.Update" "Microsoft-NetBIOS.Name.Service" "Microsoft-NetBIOS.Session.Service" "Microsoft-NTP" "Microsoft-Office365" "Microsoft-Other" "Microsoft-Outbound_Email" "Microsoft-RTMP" "Microsoft-SSH" "Microsoft-Web" next end config firewall shaper traffic-shaper edit "high-priority" set maximum-bandwidth 1048576 set per-policy enable next edit "medium-priority" set maximum-bandwidth 1048576 set priority medium set per-policy enable next edit "low-priority" set maximum-bandwidth 1048576 set priority low set per-policy enable next edit "guarantee-100kbps" set guaranteed-bandwidth 100 set maximum-bandwidth 1048576 set per-policy enable next edit "shared-1M-pipe" set maximum-bandwidth 1024 next end config firewall proxy-address edit "IPv4-address" set type host-regex set host-regex "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}$" next edit "IPv6-address" set type host-regex set host-regex "^\\[(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\\]$" next end config firewall schedule recurring edit "always" set day sunday monday tuesday wednesday thursday friday saturday next edit "none" next edit "default-darrp-optimize" set start 01:00 set end 01:30 set day sunday monday tuesday wednesday thursday friday saturday next end config firewall ippool edit "ippool-198.36.23.251" set startip 198.36.23.251 set endip 198.36.23.251 next edit "ippool-198.36.23.252" set startip 198.36.23.252 set endip 198.36.23.252 next edit "ippool-198.36.23.253" set startip 198.36.23.253 set endip 198.36.23.253 next edit "ippool-198.36.23.254" set startip 198.36.23.254 set endip 198.36.23.254 next edit "NTSS_Outside" set startip 198.36.24.68 set endip 198.36.24.68 next edit "Nighttime_Outside" set startip 198.36.24.191 set endip 198.36.24.191 next edit "MailOut_Outside" set startip 198.36.22.227 set endip 198.36.22.227 next edit "SBC-NOC-Outside" set startip 198.36.26.37 set endip 198.36.26.37 next edit "SBC-DAN-Outside" set startip 198.36.26.38 set endip 198.36.26.38 next end config firewall vip edit "vip-ntss" set comment "SRIC BOCES Tunnel 170.161.52.27 (SRIC Server) - This is the source address needed for the tunnel 170.161.52.25 (SRIC Firewall) description Eastern Suffolk BOCES access to NTSS.scsd.ad" set src-filter "170.161.52.27-170.161.52.27" set extip 198.36.24.68 set mappedip "10.1.48.68" set extintf "SRIC_BOCES" set nat-source-vip enable set srcintf-filter "outside lag" next edit "vip-scsdess" set comment "ESS" set extip 198.36.24.100 set mappedip "10.1.140.14" set extintf "outside lag" set nat-source-vip enable set srcintf-filter "outside lag" next edit "vip-applecaching" set comment "Apple caching server for managing Apple device updates" set extip 198.36.24.57 set mappedip "10.1.40.107" set extintf "outside lag" set nat-source-vip enable set srcintf-filter "outside lag" next edit "vip-DC01" set comment "Domain Controller for LDAP" set extip 198.36.25.45 set mappedip "10.1.40.95" set extintf "outside lag" set nat-source-vip enable set srcintf-filter "outside lag" set color 14 next edit "vip-tableau" set comment "Tableau" set extip 198.36.24.61 set mappedip "10.1.140.12" set extintf "outside lag" set nat-source-vip enable set srcintf-filter "outside lag" next edit "vip-ns1" set comment "DNS External" set extip 198.36.22.245 set mappedip "10.1.48.45" set extintf "outside lag" set nat-source-vip enable set srcintf-filter "outside lag" next edit "vip-ns2" set comment "DNS External" set extip 198.36.22.19 set mappedip "10.1.40.41" set extintf "outside lag" set nat-source-vip enable set srcintf-filter "outside lag" next edit "vip-webhelpdesk" set comment "Web Help Desk" set extip 198.36.25.20 set mappedip "10.1.140.6" set extintf "outside lag" set nat-source-vip enable next edit "vip-Airwatchapp" set comment "Airwatch (Workspace One) MDM" set extip 198.36.24.56 set mappedip "10.1.140.9" set extintf "outside lag" set nat-source-vip enable set srcintf-filter "outside lag" next edit "vip-Webosphere" set comment "SCSD Website" set extip 198.36.24.16 set mappedip "10.1.140.11" set extintf "outside lag" set nat-source-vip enable set srcintf-filter "outside lag" next edit "vip-Neutrons" set comment "Address Lookup" set extip 198.36.24.210 set mappedip "10.1.40.210" set extintf "outside lag" set nat-source-vip enable next edit "vip-Barracuda-Archive-2" set comment "Barracuda Email" set extip 198.36.22.229 set mappedip "10.1.40.17" set extintf "outside lag" set nat-source-vip enable set srcintf-filter "outside lag" next edit "vip-Barracuda-Archive-1" set comment "Barracuda Email" set extip 198.36.22.228 set mappedip "10.1.40.16" set extintf "outside lag" set nat-source-vip enable set srcintf-filter "outside lag" next edit "vip-hybrid-email" set comment "Email" set extip 198.36.22.143 set mappedip "10.1.48.49" set extintf "outside lag" next edit "vip-sbc-noc" set comment "Ribbon ITC NOC" set extip 198.36.26.37 set mappedip "10.1.150.21" set extintf "outside lag" next edit "vip-sbc-dan" set comment "Ribbon Shea-NOC" set extip 198.36.26.38 set mappedip "10.1.150.22" set extintf "outside lag" next edit "vip-PrintOC" set comment "Oracle Printer" set extip 198.36.26.119 set mappedip "10.1.40.219" set extintf "outside lag" next edit "vip-EMS" set comment "FortiClient EMS" set extip 198.36.24.202 set mappedip "10.1.40.22" set extintf "outside lag" next edit "VIP-411SQL" set extip 198.36.24.225 set mappedip "10.1.40.225" set extintf "outside lag" next end config firewall vipgrp edit "vip-grp-barracuda_Archivers" set interface "outside lag" set member "vip-Barracuda-Archive-1" "vip-Barracuda-Archive-2" next end config firewall ssh local-key edit "g-Fortinet_SSH_DSA1024" set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_ECDSA256" set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_ECDSA384" set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_ECDSA521" set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_ED25519" set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_RSA2048" set password ENC *HIDDEN* set source built-in next end config firewall ssh local-ca edit "g-Fortinet_SSH_CA" set password ENC *HIDDEN* set source built-in next edit "g-Fortinet_SSH_CA_Untrusted" set password ENC *HIDDEN* set source built-in next end config firewall ssh setting set caname "g-Fortinet_SSH_CA" set untrusted-caname "g-Fortinet_SSH_CA_Untrusted" set hostkey-rsa2048 "g-Fortinet_SSH_RSA2048" set hostkey-dsa1024 "g-Fortinet_SSH_DSA1024" set hostkey-ecdsa256 "g-Fortinet_SSH_ECDSA256" set hostkey-ecdsa384 "g-Fortinet_SSH_ECDSA384" set hostkey-ecdsa521 "g-Fortinet_SSH_ECDSA521" set hostkey-ed25519 "g-Fortinet_SSH_ED25519" end config firewall profile-protocol-options edit "default" set comment "All default services." config http set ports 80 unset options unset post-lang end config ftp set ports 21 set options splice end config imap set ports 143 set options fragmail end config mapi set ports 135 set options fragmail end config pop3 set ports 110 set options fragmail end config smtp set ports 25 set options fragmail splice end config nntp set ports 119 set options splice end config ssh unset options end config dns set ports 53 end config cifs set ports 445 unset options end next end config firewall ssl-ssh-profile edit "certificate-inspection" set comment "Read-only SSL handshake inspection profile." config https set ports 443 set status certificate-inspection set quic inspect set unsupported-ssl-version allow end config ftps set status disable set unsupported-ssl-version allow end config imaps set status disable set unsupported-ssl-version allow end config pop3s set status disable set unsupported-ssl-version allow end config smtps set status disable set unsupported-ssl-version allow end config ssh set ports 22 set status disable end config dot set status disable set quic inspect end next edit "deep-inspection" set comment "Read-only deep inspection profile." config https set ports 443 set status deep-inspection set quic inspect set unsupported-ssl-version allow end config ftps set ports 990 set status deep-inspection set unsupported-ssl-version allow end config imaps set ports 993 set status deep-inspection set unsupported-ssl-version allow end config pop3s set ports 995 set status deep-inspection set unsupported-ssl-version allow end config smtps set ports 465 set status deep-inspection set unsupported-ssl-version allow end config ssh set ports 22 set status disable end config dot set status disable set quic inspect end config ssl-exempt edit 1 set fortiguard-category 31 next edit 2 set fortiguard-category 33 next edit 3 set type wildcard-fqdn set wildcard-fqdn "g-adobe" next edit 4 set type wildcard-fqdn set wildcard-fqdn "g-Adobe Login" next edit 5 set type wildcard-fqdn set wildcard-fqdn "g-android" next edit 6 set type wildcard-fqdn set wildcard-fqdn "g-apple" next edit 7 set type wildcard-fqdn set wildcard-fqdn "g-appstore" next edit 8 set type wildcard-fqdn set wildcard-fqdn "g-auth.gfx.ms" next edit 9 set type wildcard-fqdn set wildcard-fqdn "g-citrix" next edit 10 set type wildcard-fqdn set wildcard-fqdn "g-dropbox.com" next edit 11 set type wildcard-fqdn set wildcard-fqdn "g-eease" next edit 12 set type wildcard-fqdn set wildcard-fqdn "g-firefox update server" next edit 13 set type wildcard-fqdn set wildcard-fqdn "g-fortinet" next edit 14 set type wildcard-fqdn set wildcard-fqdn "g-googleapis.com" next edit 15 set type wildcard-fqdn set wildcard-fqdn "g-google-drive" next edit 16 set type wildcard-fqdn set wildcard-fqdn "g-google-play2" next edit 17 set type wildcard-fqdn set wildcard-fqdn "g-google-play3" next edit 18 set type wildcard-fqdn set wildcard-fqdn "g-Gotomeeting" next edit 19 set type wildcard-fqdn set wildcard-fqdn "g-icloud" next edit 20 set type wildcard-fqdn set wildcard-fqdn "g-itunes" next edit 21 set type wildcard-fqdn set wildcard-fqdn "g-microsoft" next edit 22 set type wildcard-fqdn set wildcard-fqdn "g-skype" next edit 23 set type wildcard-fqdn set wildcard-fqdn "g-softwareupdate.vmware.com" next edit 24 set type wildcard-fqdn set wildcard-fqdn "g-verisign" next edit 25 set type wildcard-fqdn set wildcard-fqdn "g-Windows update 2" next edit 26 set type wildcard-fqdn set wildcard-fqdn "g-live.com" next edit 27 set type wildcard-fqdn set wildcard-fqdn "g-google-play" next edit 28 set type wildcard-fqdn set wildcard-fqdn "g-update.microsoft.com" next edit 29 set type wildcard-fqdn set wildcard-fqdn "g-swscan.apple.com" next edit 30 set type wildcard-fqdn set wildcard-fqdn "g-autoupdate.opera.com" next edit 31 set type wildcard-fqdn set wildcard-fqdn "g-cdn-apple" next edit 32 set type wildcard-fqdn set wildcard-fqdn "g-mzstatic-apple" next end next edit "custom-deep-inspection" set comment "Customizable deep inspection profile." config https set ports 443 set status deep-inspection set quic inspect set unsupported-ssl-version allow end config ftps set ports 990 set status deep-inspection set unsupported-ssl-version allow end config imaps set ports 993 set status deep-inspection set unsupported-ssl-version allow end config pop3s set ports 995 set status deep-inspection set unsupported-ssl-version allow end config smtps set ports 465 set status deep-inspection set unsupported-ssl-version allow end config ssh set ports 22 set status disable end config dot set status disable set quic inspect end config ssl-exempt edit 1 set type wildcard-fqdn set wildcard-fqdn "g-adobe" next edit 2 set type wildcard-fqdn set wildcard-fqdn "g-Adobe Login" next edit 3 set type wildcard-fqdn set wildcard-fqdn "g-android" next edit 4 set type wildcard-fqdn set wildcard-fqdn "g-apple" next edit 5 set type wildcard-fqdn set wildcard-fqdn "g-appstore" next edit 6 set type wildcard-fqdn set wildcard-fqdn "g-auth.gfx.ms" next edit 7 set type wildcard-fqdn set wildcard-fqdn "g-autoupdate.opera.com" next edit 8 set type wildcard-fqdn set wildcard-fqdn "g-citrix" next edit 9 set type wildcard-fqdn set wildcard-fqdn "g-dropbox.com" next edit 10 set type wildcard-fqdn set wildcard-fqdn "g-eease" next edit 11 set type wildcard-fqdn set wildcard-fqdn "g-firefox update server" next edit 12 set type wildcard-fqdn set wildcard-fqdn "g-fortinet" next edit 13 set type wildcard-fqdn set wildcard-fqdn "g-google-drive" next edit 14 set type wildcard-fqdn set wildcard-fqdn "g-google-play" next edit 15 set type wildcard-fqdn set wildcard-fqdn "g-google-play2" next edit 16 set type wildcard-fqdn set wildcard-fqdn "g-google-play3" next edit 17 set type wildcard-fqdn set wildcard-fqdn "g-googleapis.com" next edit 18 set type wildcard-fqdn set wildcard-fqdn "g-Gotomeeting" next edit 19 set type wildcard-fqdn set wildcard-fqdn "g-icloud" next edit 20 set type wildcard-fqdn set wildcard-fqdn "g-itunes" next edit 21 set type wildcard-fqdn set wildcard-fqdn "g-live.com" next edit 22 set type wildcard-fqdn set wildcard-fqdn "g-microsoft" next edit 23 set type wildcard-fqdn set wildcard-fqdn "g-skype" next edit 24 set type wildcard-fqdn set wildcard-fqdn "g-softwareupdate.vmware.com" next edit 25 set type wildcard-fqdn set wildcard-fqdn "g-swscan.apple.com" next edit 26 set type wildcard-fqdn set wildcard-fqdn "g-update.microsoft.com" next edit 27 set type wildcard-fqdn set wildcard-fqdn "g-verisign" next edit 28 set type wildcard-fqdn set wildcard-fqdn "g-Windows update 2" next edit 29 set fortiguard-category 31 next edit 30 set fortiguard-category 33 next edit 31 set fortiguard-category 25 next edit 32 set type wildcard-fqdn set wildcard-fqdn "g-cdn-apple" next edit 33 set type wildcard-fqdn set wildcard-fqdn "g-mzstatic-apple" next end next edit "no-inspection" set comment "Read-only profile that does no inspection." config https set status disable set quic bypass set unsupported-ssl-version allow end config ftps set status disable set unsupported-ssl-version allow end config imaps set status disable set unsupported-ssl-version allow end config pop3s set status disable set unsupported-ssl-version allow end config smtps set status disable set unsupported-ssl-version allow end config ssh set ports 22 set status disable end config dot set status disable set quic bypass end next edit "custom-cert-inspection" set comment "Read-only SSL handshake inspection profile." config https set ports 443 set status certificate-inspection set quic inspect set unsupported-ssl-version allow end config ftps set status disable set unsupported-ssl-version allow end config imaps set status disable set unsupported-ssl-version allow end config pop3s set status disable set unsupported-ssl-version allow end config smtps set status disable set unsupported-ssl-version allow end config ssh set ports 22 set status disable end config dot set status disable set quic inspect end next edit "SCSD custom-deep-inspection" set comment "Customizable deep inspection profile." config https set ports 443 set status deep-inspection set quic inspect set unsupported-ssl-version allow end config ftps set ports 990 set status deep-inspection set unsupported-ssl-version allow end config imaps set ports 993 set status deep-inspection set unsupported-ssl-version allow end config pop3s set ports 995 set status deep-inspection set unsupported-ssl-version allow end config smtps set ports 465 set status deep-inspection set unsupported-ssl-version allow end config ssh set ports 22 set status disable end config dot set status disable set quic inspect end config ssl-exempt edit 1 set type wildcard-fqdn set wildcard-fqdn "g-adobe" next edit 2 set type wildcard-fqdn set wildcard-fqdn "g-Adobe Login" next edit 3 set type wildcard-fqdn set wildcard-fqdn "g-android" next edit 4 set type wildcard-fqdn set wildcard-fqdn "g-apple" next edit 5 set type wildcard-fqdn set wildcard-fqdn "g-appstore" next edit 6 set type wildcard-fqdn set wildcard-fqdn "g-auth.gfx.ms" next edit 7 set type wildcard-fqdn set wildcard-fqdn "g-autoupdate.opera.com" next edit 8 set type wildcard-fqdn set wildcard-fqdn "g-citrix" next edit 9 set type wildcard-fqdn set wildcard-fqdn "g-dropbox.com" next edit 10 set type wildcard-fqdn set wildcard-fqdn "g-eease" next edit 11 set type wildcard-fqdn set wildcard-fqdn "g-firefox update server" next edit 12 set type wildcard-fqdn set wildcard-fqdn "g-fortinet" next edit 13 set type wildcard-fqdn set wildcard-fqdn "g-google-drive" next edit 14 set type wildcard-fqdn set wildcard-fqdn "g-google-play" next edit 15 set type wildcard-fqdn set wildcard-fqdn "g-google-play2" next edit 16 set type wildcard-fqdn set wildcard-fqdn "g-google-play3" next edit 17 set type wildcard-fqdn set wildcard-fqdn "g-googleapis.com" next edit 18 set type wildcard-fqdn set wildcard-fqdn "g-Gotomeeting" next edit 19 set type wildcard-fqdn set wildcard-fqdn "g-icloud" next edit 20 set type wildcard-fqdn set wildcard-fqdn "g-itunes" next edit 21 set type wildcard-fqdn set wildcard-fqdn "g-live.com" next edit 22 set type wildcard-fqdn set wildcard-fqdn "g-microsoft" next edit 23 set type wildcard-fqdn set wildcard-fqdn "g-skype" next edit 24 set type wildcard-fqdn set wildcard-fqdn "g-softwareupdate.vmware.com" next edit 25 set type wildcard-fqdn set wildcard-fqdn "g-swscan.apple.com" next edit 26 set type wildcard-fqdn set wildcard-fqdn "g-update.microsoft.com" next edit 27 set type wildcard-fqdn set wildcard-fqdn "g-verisign" next edit 28 set type wildcard-fqdn set wildcard-fqdn "g-Windows update 2" next edit 29 set fortiguard-category 31 next edit 30 set fortiguard-category 33 next edit 31 set fortiguard-category 25 next end next end config firewall policy edit 89 set status disable set name "Country Allow In->Out" set srcintf "inside" set dstintf "outside" set action accept set srcaddr "all" set dstaddr "Country Allow" set schedule "always" set service "HTTPS" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "g-default" next edit 90 set status disable set name "Country Allow Out->In" set srcintf "outside" set dstintf "inside" set action accept set srcaddr "Country Allow" set dstaddr "all" set schedule "always" set service "HTTPS" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "g-default" set comments " (Copy of NVIDEA_LICENSING) (Reverse of NVIDEA_LICENSING)" next edit 107 set status disable set name "NOCTI In->Out" set srcintf "inside" set dstintf "outside" set action accept set srcaddr "NOCTI_Inside" set dstaddr "NOCTI" set schedule "always" set service "HTTP" "HTTPS" set logtraffic all set nat enable set comments "Allow nocti.org" next edit 121 set status disable set name "NOCTI Out->In" set srcintf "outside" set dstintf "inside" set action accept set srcaddr "NOCTI" set dstaddr "NOCTI_Inside" set schedule "always" set service "HTTP" "HTTPS" set logtraffic all set comments "Allow nocti.org (Reverse of NOCTI_In->Out) (Copy of )" next edit 109 set name "Block Countries Out -> In" set srcintf "outside" set dstintf "inside" set srcaddr "Country Block" set dstaddr "all" set schedule "always" set service "ALL" set logtraffic all set comments "Block specific countries" next edit 110 set name "Block Countries In -> Out" set srcintf "inside" set dstintf "outside" set srcaddr "all" set dstaddr "Country Block" set schedule "always" set service "ALL" set logtraffic all set comments "Block specific countries" next edit 10020 set name "Deny_List_In" set srcintf "outside" set dstintf "inside" set srcaddr "Block_List_Group" set dstaddr "all" set schedule "always" set service "ALL" set logtraffic all set comments "Block Known Attachers" next edit 10022 set name "Deny_List_Out" set srcintf "inside" set dstintf "outside" set srcaddr "all" set dstaddr "Block_List_Group" set schedule "always" set service "ALL" set logtraffic all set comments "Block Known Attachers" next edit 112 set name "SSL_VPN_FULL" set srcintf "ssl.scsd" set dstintf "inside" set action accept set srcaddr "SSL_VPN_Range" set dstaddr "IPv4-Private-All-RFC1918" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set groups "SSL_VPN_Full_Access" "FortiGateAccess" set comments "Remote Access VPN - Full Access" next edit 59 set name "VPN_Security_VLAN_70" set srcintf "ssl.scsd" set dstintf "inside" set action accept set srcaddr "SSL_VPN_Range" set dstaddr "Security_VLAN_70_Group" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set groups "VPN_Security_Group" set comments "Remote Access VPN - Security VLAN 70" next edit 78 set name "VPN_Access_Control_VLAN_72" set srcintf "ssl.scsd" set dstintf "inside" set action accept set srcaddr "SSL_VPN_Range" set dstaddr "Access_Control_VLAN_72_Group" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set groups "VPN_Access_Control_Group" set comments "Remote Access VPN - Access Control VLAN 72" next edit 63 set name "VPN_Hyperion_Servers" set srcintf "ssl.scsd" set dstintf "inside" set action accept set srcaddr "SSL_VPN_Range" set dstaddr "Hyperion_Server_Group" set schedule "always" set service "RDP" "UDP-3389" "HTTP" "HTTPS" "TCP-19000" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set groups "VPN_Hyperion_Group" set comments "Remote Access VPN - Hyperion Servers" next edit 57 set name "VPN_Website_Server" set srcintf "ssl.scsd" set dstintf "inside" set action accept set srcaddr "SSL_VPN_Range" set dstaddr "Webosphere_Inside" set schedule "always" set service "RDP" "UDP-3389" "FTP" "FTP_GET" "FTP_PUT" "TFTP" "Webosphere_Data" "HTTP" "HTTPS" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set groups "VPN_Web_Servers_Group" set comments "Remote Access VPN - SCSD Website" next edit 58 set name "VPN_DayAutomation_Servers" set srcintf "ssl.scsd" set dstintf "inside" set action accept set srcaddr "SSL_VPN_Range" set dstaddr "Day_Server_Group" set schedule "always" set service "RDP" "UDP-3389" "HTTPS" "TCP-6502-6510" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set groups "VPN_DayAuto_Group" set comments "Remote Access VPN - Day Automation Servers" next edit 80 set name "VPN_Auditors" set srcintf "ssl.scsd" set dstintf "inside" set action accept set srcaddr "SSL_VPN_Range" set dstaddr "psprdfin" "psprdhcm" set schedule "always" set service "HTTP" "HTTPS" "UDP-3389" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set groups "VPN_Auditor_Group" set comments "Remote Access VPN - Auditors" next edit 66 set name "VPN_WebCRD_Server" set srcintf "ssl.scsd" set dstintf "inside" set action accept set srcaddr "SSL_VPN_Range" set dstaddr "WebCRD" set schedule "always" set service "HTTPS" "SSH" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set groups "VPN_WebCRD_Group" set comments "Remote Access VPN - webCRD" next edit 69 set name "VPN_DocHolliday" set srcintf "ssl.scsd" set dstintf "inside" set action accept set srcaddr "SSL_VPN_Range" set dstaddr "DocHolliday" set schedule "always" set service "RDP" "UDP-3389" "SMB" "HTTP" "HTTPS" "PING" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set groups "VPN_DocHolliday_Group" set comments "Remote Access VPN - DocHolliday for Katapult User" next edit 105 set name "DNS_FOR_SSL_VPN" set srcintf "ssl.scsd" set dstintf "inside" set action accept set srcaddr "SSL_VPN_Range" set dstaddr "Domain_Controller_Group" set schedule "always" set service "DNS" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set groups "VPN_DocHolliday_Group" set comments "Remote Access VPN - DocHolliday for Katapult User (Copy of VPN_DocHolliday)" next edit 120 set name "VPN411-Web-Portal" set srcintf "ssl.scsd" set dstintf "inside" set action accept set srcaddr "all" set dstaddr "411app" "411sql" set schedule "always" set service "RDP" "Web Access" set logtraffic all set nat enable set port-preserve disable set groups "VPN_Access411_Group" next edit 68 set name "VPN_Access411_Servers" set srcintf "ssl.scsd" set dstintf "inside" set action accept set srcaddr "SSL_VPN_Range" set dstaddr "411_Group" set schedule "always" set service "RDP" "UDP-3389" "HTTP" "HTTPS" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set groups "VPN_Access411_Group" set comments "Remote Access VPN - Access411 RDP" next edit 91 set name "VPN_Peoplesoft_Audit" set srcintf "ssl.scsd" set dstintf "inside" set action accept set srcaddr "SSL_VPN_Range" set dstaddr "Peoplesoft_Audit_Group" set schedule "always" set service "HTTP" "HTTPS" "TCP_UDP-8100" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set groups "VPN_Peoplesoft_Group" set comments "Remote Access VPN - Peoplesoft Auditors" next edit 64 set name "VPN_Peoplesoft_RDP" set srcintf "ssl.scsd" set dstintf "inside" set action accept set srcaddr "SSL_VPN_Range" set dstaddr "Peoplesoft_RDP_Group" set schedule "always" set service "RDP" "UDP-3389" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set groups "VPN_Peoplesoft_Group" set comments "Remote Access VPN - Peoplesoft RDP" next edit 65 set name "VPN_Peoplesoft_SSH" set srcintf "ssl.scsd" set dstintf "inside" set action accept set srcaddr "SSL_VPN_Range" set dstaddr "Peoplesoft_SSH_Group" set schedule "always" set service "SSH" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set groups "VPN_Peoplesoft_Group" set comments "Remote Access VPN - Peoplesoft SSH" next edit 10009 set name "Nimble_Sup_Out" set srcintf "inside" set dstintf "outside" set action accept set srcaddr "Nimble_Inside_Grp" set dstaddr "Nimble_Support" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set nat enable set ippool enable set poolname "ippool-198.36.23.251" "ippool-198.36.23.253" "ippool-198.36.23.254" "ippool-198.36.23.252" set comments "Nimble Support" next edit 10010 set name "Nimble_Sup_In" set srcintf "outside" set dstintf "inside" set action accept set srcaddr "Nimble_Support" set dstaddr "Nimble_Inside_Grp" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set comments "Nimble Support" next edit 10026 set name "Barracuda In->Out" set srcintf "inside" set dstintf "outside" set action accept set srcaddr "Barracuda_Internal" set dstaddr "all" set schedule "always" set service "SMTP" "SMTPS" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set nat enable set ippool enable set poolname "MailOut_Outside" set comments "Barracuda Internal Email" next edit 67 set name "Nighttime In->Out" set srcintf "inside" set dstintf "outside" set action accept set srcaddr "Nighttime_Inside" set dstaddr "all" set schedule "always" set service "FTP" "SSH" "TFTP" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set nat enable set ippool enable set poolname "Nighttime_Outside" set comments "Forces nighttime to use specific external IP" next edit 10070 set name "Reverse_Proxy" set srcintf "outside" set dstintf "inside" set action accept set srcaddr "United_States" set dstaddr "ReverseProxy" set schedule "always" set service "HTTPS" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set comments "Need to examine - Reverse Proxy" next edit 94 set name "SBC_NOC_In->Out" set srcintf "inside" set dstintf "outside" set action accept set srcaddr "SBC-NOC" set dstaddr "MS_Teams_External_Group" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Outgoing_IPS" set logtraffic all set nat enable set ippool enable set poolname "SBC-NOC-Outside" set comments "SBC Ribbon" next edit 100 set name "SBC_DAN_In->Out" set srcintf "inside" set dstintf "outside" set action accept set srcaddr "SBC-DAN" set dstaddr "MS_Teams_External_Group" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Outgoing_IPS" set logtraffic all set nat enable set ippool enable set poolname "SBC-DAN-Outside" set comments "SBC Ribbon" next edit 10046 set name "SRIC_BOCES_Allow" set srcintf "SRIC_BOCES" set dstintf "inside" set action accept set srcaddr "SRICBOCES-OUTSIDE" set dstaddr "vip-ntss" set schedule "always" set service "ALL_ICMP" "HTTP" "HTTPS" "TCP-1521" "TCP-9000-9100" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set comments "Site to Site VPN - SRIC BOCES NTSS" next edit 10174 set name "NTSS In->Out" set srcintf "inside" set dstintf "SRIC_BOCES" set action accept set srcaddr "ntss-inside" set dstaddr "SRICBOCES-OUTSIDE" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set nat enable set ippool enable set poolname "NTSS_Outside" set comments "Site to Site VPN - SRIC BOCES NTSS" next edit 72 set name "SCHC_In->Out" set srcintf "inside" set dstintf "SCHC" set action accept set srcaddr "SCHC_Local_Subnets_Group" set dstaddr "SCHC_Remote_Subnets_Group" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "g-default" set logtraffic all set comments "Site to Site VPN - SCHC" next edit 73 set name "SCHC_Out->In" set srcintf "SCHC" set dstintf "inside" set action accept set srcaddr "SCHC_Remote_Subnets_Group" set dstaddr "SCHC_Local_Subnets_Group" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "g-default" set logtraffic all set comments "Site to Site VPN - SCHC" next edit 102 set name "eScholar In->Out" set srcintf "inside" set dstintf "vpn-0403e61" set action accept set srcaddr "all" set dstaddr "all" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set comments "Site to Site VPN - AWS eScholar" next edit 108 set status disable set name "eScholar Out->In" set srcintf "vpn-0403e61" set dstintf "inside" set action accept set srcaddr "all" set dstaddr "all" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set comments "Site to Site VPN - AWS eScholar" next edit 101 set name "testing highstreet" set srcintf "inside" set dstintf "Highstreet" set action accept set srcaddr "all" set dstaddr "all" set schedule "always" set service "ALL" set ssl-ssh-profile "certificate-inspection" set logtraffic all set comments "Site to Site VPN - Highstreet (Copy of Highstreet_Tunnel_In->Out)" next edit 111 set name "Highstreet_Tunnel_In->Out" set srcintf "inside" set dstintf "Highstreet" set action accept set srcaddr "Server_40" "Server_48" set dstaddr "all" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set comments "Site to Site VPN - Highstreet" next edit 113 set name "Highstreet_2_Tunnel_In->Out" set srcintf "inside" set dstintf "Highstreet_2" set action accept set srcaddr "Server_40" "Server_48" set dstaddr "all" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set comments "VPN - Highstreet 2" next edit 61 set name "AWS_VPN_In->Out" set srcintf "inside" set dstintf "vpn-042e9903" set action accept set srcaddr "all" set dstaddr "all" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set comments "Site to Site VPN - AWS" next edit 96 set name "SchoolTool_AWS_In->Out" set srcintf "inside" set dstintf "vpn-0fc50345" set action accept set srcaddr "all" set dstaddr "all" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set comments "SchoolTool Tunnel In -> Out" next edit 97 set name "SchoolTool_AWS_Out->In" set srcintf "vpn-0fc50345" set dstintf "inside" set action accept set srcaddr "all" set dstaddr "all" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set comments "Reverse of SchoolTool_AWS_In->Out" next edit 62 set status disable set name "Test Cert Decrypt" set srcintf "inside" set dstintf "outside" set action accept set srcaddr "Tim PC" set dstaddr "all" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "SCSD custom-deep-inspection" set av-profile "g-default" set ips-sensor "Incoming_IPS" set application-list "App_Ctrl_1" set logtraffic all set nat enable set ippool enable set poolname "ippool-198.36.23.251" "ippool-198.36.23.253" "ippool-198.36.23.254" "ippool-198.36.23.252" set tcp-mss-sender 1400 set tcp-mss-receiver 1400 set comments "Internet Access (Copy of Internet Access)" next edit 98 set name "AW_Scanner_Allow" set srcintf "inside" set dstintf "outside" set action accept set srcaddr "AW_Scanner_MerryChristmas" "AW_Scanner _HappyHalloween" "AW_Scanner_DiaDeLosMuertos" "AW_Scanner_HappyNewYear" "AW_Scanner_LaborDay" set dstaddr "AW_device-activation.us-global-prod.arcticwolf.net" "AW_drs.us-global-prod.arcticwolf.net" "AW_inbound.us002-prod.arcticwolf.net" set schedule "always" set service "ALL" set nat enable next edit 116 set name "POS Test" set srcintf "inside" set dstintf "outside" set action accept set srcaddr "POS_Machines" set dstaddr "all" set schedule "always" set service "ALL" set logtraffic all set nat enable set ippool enable set poolname "ippool-198.36.23.251" "ippool-198.36.23.253" "ippool-198.36.23.254" "ippool-198.36.23.252" set tcp-mss-sender 1400 set tcp-mss-receiver 1400 set comments "Test Point of Sale" next edit 119 set name "IoT>Open VPN" set srcintf "inside" set dstintf "outside" set action accept set srcaddr "IoT - Core" set dstaddr "all" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "certificate-inspection" set av-profile "g-default" set ips-sensor "Outgoing_IPS" set application-list "IoT" set logtraffic all set nat enable set ippool enable set poolname "ippool-198.36.23.251" next edit 127 set name "DAY-AUTO-EMAIL-ALERTS" set srcintf "inside" set dstintf "outside" set action accept set srcaddr "VLAN230AddrGroup" set dstaddr "Amazon SMTP East-1" set schedule "always" set service "TCP-587" set utm-status enable set ssl-ssh-profile "certificate-inspection" set av-profile "g-default" set ips-sensor "Outgoing_IPS" set application-list "App_Ctrl_1" set logtraffic all set nat enable set ippool enable set poolname "ippool-198.36.23.251" "ippool-198.36.23.252" "ippool-198.36.23.253" "ippool-198.36.23.254" next edit 106 set name "Internet Access" set srcintf "inside" "RAP" set dstintf "outside" set action accept set srcaddr "IPv4-Private-All-RFC1918" "VPN-Range" set dstaddr "all" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "certificate-inspection" set av-profile "g-default" set ips-sensor "Outgoing_IPS" set application-list "App_Ctrl_1" set logtraffic all set nat enable set ippool enable set poolname "ippool-198.36.23.251" "ippool-198.36.23.253" "ippool-198.36.23.254" "ippool-198.36.23.252" set tcp-mss-sender 1400 set tcp-mss-receiver 1400 set comments "Internet Access" next edit 71 set name "County->Peoplesoft" set srcintf "city_phones" set dstintf "inside" set action accept set srcaddr "County_Network" set dstaddr "psprdfin" set schedule "always" set service "HTTP" "HTTPS" set ssl-ssh-profile "certificate-inspection" set logtraffic all next edit 82 set name "Peoplesoft -> County" set srcintf "inside" set dstintf "city_phones" set action accept set srcaddr "psprdfin" set dstaddr "County_Network" set schedule "always" set service "HTTP" "HTTPS" set ssl-ssh-profile "certificate-inspection" set logtraffic all set comments " (Copy of County->Peoplesoft) (Reverse of County->Peoplesoft)" next edit 81 set name "County -> DNS" set srcintf "city_phones" set dstintf "inside" set action accept set srcaddr "County_Network" set dstaddr "Domain_Controller_Group" set schedule "always" set service "DNS" set ssl-ssh-profile "certificate-inspection" set logtraffic all set comments " (Copy of County->Peoplesoft)" next edit 76 set name "City_CGRs_Out->In" set srcintf "city_phones" set dstintf "inside" set action accept set srcaddr "City_Side_CGR_01" "City_Side_CGR_02" set dstaddr "City_CGRs_Group" set schedule "always" set service "ESP" "IKE" "PING" "SSH" set ssl-ssh-profile "certificate-inspection" set logtraffic all set comments "City Lights - CGR - Allow Ping and SSH from City-Side Subnets" next edit 77 set name "City_CGRs_In->Out" set srcintf "inside" set dstintf "city_phones" set action accept set srcaddr "City_CGRs_Group" set dstaddr "City_Side_CGR_01" "City_Side_CGR_02" set schedule "always" set service "ESP" "IKE" "PING" "SSH" set ssl-ssh-profile "certificate-inspection" set logtraffic all set comments "Allow City Lights CGR to City Side Subnets" next edit 85 set name "City_VoIP_Out->In" set srcintf "city_phones" set dstintf "inside" set action accept set srcaddr "City_Side_VoIP_Group" set dstaddr "CUCM_BRIGHTON" "CUCM_ITC_NOC" set schedule "always" set service "ALL" set logtraffic all set comments "City Allowed Networks From them to Us (Copy of City_Phones_Out->In)" next edit 86 set name "City_VoIP_In->Out" set srcintf "inside" set dstintf "city_phones" set action accept set srcaddr "CUCM_BRIGHTON" "CUCM_ITC_NOC" set dstaddr "City_Side_VoIP_Group" set schedule "always" set service "ALL" set logtraffic all set comments "City Allowed Networks From them to Us (Copy of City_Phones_Out->In) (Copy of City_VoIP_Out->In) (Reverse of City_VoIP_Out->In)" next edit 84 set name "City_Water_DPW_Recorder_Out->In" set srcintf "city_phones" set dstintf "inside" set action accept set srcaddr "City_Side_VoIP_Water_DPW_Recorder" set dstaddr "CUCM_BRIGHTON" "CUCM_ITC_NOC" set schedule "always" set service "ALL" set inspection-mode proxy set logtraffic all set auto-asic-offload disable set np-acceleration disable set comments "City Allowed Networks From them to Us (Copy of City_Phones_Out->In) (Copy of City_Parks_Phones_Out->In)" next edit 88 set name "City_Water_DPW_Recorder_In->Out" set srcintf "inside" set dstintf "city_phones" set action accept set srcaddr "CUCM_BRIGHTON" "CUCM_ITC_NOC" set dstaddr "City_Side_VoIP_Water_DPW_Recorder" set schedule "always" set service "ALL" set inspection-mode proxy set logtraffic all set auto-asic-offload disable set np-acceleration disable set comments "City Allowed Networks From them to Us (Copy of City_Phones_Out->In) (Copy of City_Parks_Phones_Out->In) (Copy of City_Water_DPW_Recorder_Out->In) (Reverse of City_Water_DPW_Recorder_Out->In)" next edit 60 set name "City_Parks_Phones_Out->In" set srcintf "city_phones" set dstintf "inside" set action accept set srcaddr "City_Side_Parks_Phone_Subnet" "City_Side_VoIP_Water_DPW_Recorder" set dstaddr "CUCM_BRIGHTON" "CUCM_ITC_NOC" set schedule "always" set service "ALL" set inspection-mode proxy set logtraffic all set auto-asic-offload disable set np-acceleration disable set comments "City Allowed Networks From them to Us (Copy of City_Phones_Out->In)" next edit 79 set name "City_Parks_Phones_In->Out" set srcintf "inside" set dstintf "city_phones" set action accept set srcaddr "CUCM_BRIGHTON" "CUCM_ITC_NOC" set dstaddr "City_Side_Parks_Phone_Subnet" "City_Side_VoIP_Water_DPW_Recorder" set schedule "always" set service "ALL" set inspection-mode proxy set logtraffic all set comments "City Allowed Networks From Us to Them (Copy of City_Phones_In->Out)" next edit 70 set status disable set name "Block SPD DNS ACCESS" set srcintf "city_phones" set dstintf "inside" set srcaddr "SPD_Network" set dstaddr "all" set schedule "always" set service "DNS" set logtraffic disable set match-vip disable set comments "Deny SPD DNS" next edit 55 set name "SPD_Out->In" set srcintf "city_phones" set dstintf "inside" set action accept set srcaddr "SPD_Network" set dstaddr "SPD_Firewalls_Our_Side" set schedule "always" set service "ESP" "IKE" "SNMP" "SSH" "ALL_ICMP" "HTTPS" "HTTP" set ssl-ssh-profile "certificate-inspection" set logtraffic all set comments "SPD Access" next edit 87 set name "SPD_In->Out" set srcintf "inside" set dstintf "city_phones" set action accept set srcaddr "SPD_Firewalls_Our_Side" set dstaddr "SPD_Network" set schedule "always" set service "ESP" "IKE" "SNMP" "SSH" "ALL_ICMP" "HTTPS" "HTTP" set ssl-ssh-profile "certificate-inspection" set logtraffic all set comments "SPD Access (Copy of SPD_Out->In) (Reverse of SPD_Out->In)" next edit 83 set name "SPD_ Genetec_Out->In" set srcintf "city_phones" set dstintf "inside" set action accept set srcaddr "SPD_Side_Genetec" set dstaddr "Genetec_Inside_Group" set schedule "always" set service "Genetec Federation" set ssl-ssh-profile "certificate-inspection" set logtraffic all set comments "SPD Access for Genetec Federation" next edit 92 set name "SPD_ Genetec_In->Out" set srcintf "inside" set dstintf "city_phones" set action accept set srcaddr "Genetec_Inside_Group" set dstaddr "SPD_Side_Genetec" set schedule "always" set service "Genetec Federation" set ssl-ssh-profile "certificate-inspection" set logtraffic all set comments "SPD Access for Genetec Federation" next edit 54 set name "City_Phones_Out->In" set srcintf "city_phones" set dstintf "inside" set action accept set srcaddr "City_Subnets_Group" set dstaddr "City_Permited_Subnets_Group" set schedule "always" set service "ALL" set logtraffic all set comments "City Allowed Networks From them to Us" next edit 75 set name "City_Phones_In->Out" set srcintf "inside" set dstintf "city_phones" set action accept set srcaddr "City_Permited_Subnets_Group" set dstaddr "City_Subnets_Group" set schedule "always" set service "ALL" set logtraffic all set comments "City Allowed Networks From Us to Them" next edit 10024 set name "Email_Hybrid_Allow" set srcintf "outside" set dstintf "inside" set action accept set srcaddr "all" set dstaddr "vip-hybrid-email" set schedule "always" set service "HTTP" "HTTPS" "SMTP" "SMTPS" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set comments "Hybrid Email - Robert Johnson" next edit 10027 set name "Barracuda_Archivers" set srcintf "outside" set dstintf "inside" set action accept set dstaddr "vip-grp-barracuda_Archivers" set internet-service-src enable set internet-service-src-group "Microsoft_ISDB_Both" set schedule "always" set service "HTTP" "HTTPS" "SMTP" "SMTPS" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set comments "Barracuda Archivers from Microsoft" next edit 115 set name "Nutanix_Remote_Support" set srcintf "inside" set dstintf "outside" set action accept set srcaddr "Nutanix_CVM" set dstaddr "Nutanix_Remote_Support" set schedule "always" set service "HTTP" "HTTPS" set logtraffic all next edit 10076 set status disable set name "Apple_Cache" set srcintf "outside" set dstintf "inside" set action accept set srcaddr "all" set dstaddr "vip-applecaching" set schedule "always" set service "ALL_TCP" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set comments "Apple Caching Server Access" next edit 10094 set name "DNS_ns1" set srcintf "outside" set dstintf "inside" set action accept set srcaddr "all" set dstaddr "vip-ns1" set schedule "always" set service "DNS" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set comments "DNS - External" next edit 10092 set name "DNS_ns2" set srcintf "outside" set dstintf "inside" set action accept set srcaddr "all" set dstaddr "vip-ns2" set schedule "always" set service "DNS" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set comments "DNS - External" next edit 10108 set name "LDAP_Access" set srcintf "outside" set dstintf "inside" set action accept set srcaddr "Safeschools_Group" set dstaddr "vip-DC01" set schedule "always" set service "LDAP" "LDAP_UDP" "TCP-636" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set comments "LDAP" next edit 10130 set name "Airwatch" set srcintf "outside" set dstintf "inside" set action accept set srcaddr "all" set dstaddr "vip-Airwatchapp" set schedule "always" set service "Airwatch_Services_Group" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set comments "Airwatch Access" next edit 10054 set name "SCSD_Website" set srcintf "outside" set dstintf "inside" set action accept set srcaddr "United_States" set dstaddr "vip-Webosphere" set schedule "always" set service "HTTP" "HTTPS" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set comments "Website - scsd.us" next edit 10138 set name "WebHelpDesk" set srcintf "outside" set dstintf "inside" set action accept set srcaddr "United_States" set dstaddr "vip-webhelpdesk" set schedule "always" set service "HTTPS" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set comments "Webpage - helpdesk.scsd.us" next edit 117 set name "RAP>Inside>DCs" set srcintf "RAP" set dstintf "inside" set action accept set srcaddr "RAP_10.67.0.0/16" "RAP-MGMT" set dstaddr "all" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "certificate-inspection" set av-profile "g-default" set ips-sensor "Incoming_IPS" set application-list "App_Ctrl_1" set logtraffic all next edit 124 set name "CNYWorks>SCSD" set srcintf "CNYWorks" set dstintf "inside" set action accept set srcaddr "CNYWorks_10.68.0.0/16" "CNYWorks_MGMT" set dstaddr "all" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "certificate-inspection" set av-profile "g-default" set ips-sensor "Incoming_IPS" set application-list "App_Ctrl_1" set logtraffic all set comments " (Copy of RAP>Inside>DCs) (Copy of )" next edit 10150 set name "Tableau" set srcintf "outside" set dstintf "inside" set action accept set srcaddr "United_States" set dstaddr "vip-tableau" set schedule "always" set service "HTTP" "HTTPS" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set comments "Webpage - tableau.scsd.us" next edit 99 set name "PrintOC" set srcintf "outside" set dstintf "inside" set action accept set srcaddr "United_States" set dstaddr "vip-PrintOC" set schedule "always" set service "HTTPS" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set comments "Oracle Web Printer" next edit 122 set name "Print-OC_SFTP" set srcintf "outside" set dstintf "inside" set action accept set srcaddr "Oracle Cloud IP" set dstaddr "vip-PrintOC" set schedule "always" set service "SSH" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set comments "Oracle Web Printer (Copy of PrintOC) (Copy of )" next edit 10184 set name "ESS" set srcintf "outside" set dstintf "inside" set action accept set srcaddr "United_States" set dstaddr "vip-scsdess" set schedule "always" set service "HTTP" "HTTPS" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set comments "Employee Self Service" next edit 10182 set name "Address_Lookup" set srcintf "outside" set dstintf "inside" set action accept set srcaddr "United_States" set dstaddr "vip-Neutrons" set schedule "always" set service "HTTPS" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set comments "Address Lookup for parents" next edit 126 set name "Centro->411SQL Out->In" set srcintf "outside" set dstintf "inside" set action accept set srcaddr "Centro" set dstaddr "VIP-411SQL" set schedule "always" set service "SSH" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set comments "Allow Centro to SFTP to Access 411 SQL Server" next edit 93 set name "SBC_Ribbon_Out->In" set srcintf "outside" set dstintf "inside" set action accept set srcaddr "MS_Teams_External_Group" set dstaddr "vip-sbc-noc" "vip-sbc-dan" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set comments "SBC Ribbon" next edit 114 set name "EMS_Out->In" set srcintf "outside" set dstintf "inside" set action accept set srcaddr "all" set dstaddr "vip-EMS" set schedule "always" set service "HTTP" "HTTPS" "TCP-8443" "TCP-8013" set utm-status enable set ssl-ssh-profile "certificate-inspection" set ips-sensor "Incoming_IPS" set logtraffic all set comments "EMS" next edit 118 set name "Servers->RAP" set srcintf "inside" set dstintf "RAP" set action accept set srcaddr "all" set dstaddr "RAP_10.67.0.0/16" "RAP-MGMT" "RAP-FW-Inside" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "certificate-inspection" set av-profile "g-default" set ips-sensor "Incoming_IPS" set application-list "App_Ctrl_1" set logtraffic all set comments " (Copy of RAP>Inside>DCs) (Reverse of RAP>Inside>DCs)" next edit 123 set name "Servers>CNYWorks" set srcintf "inside" set dstintf "CNYWorks" set action accept set srcaddr "all" set dstaddr "CNYWorks_10.68.0.0/16" "CNYWorks_MGMT" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "certificate-inspection" set av-profile "g-default" set ips-sensor "Incoming_IPS" set application-list "App_Ctrl_1" set logtraffic all set comments "Allow traffic from internal network to remote network at CNYWorks" next edit 95 set name "SCSD -> DPS" set srcintf "inside" set dstintf "DPS" set action accept set srcaddr "all" set dstaddr "DPS_10.46.0.0/16" "DPS_Mgmt" "DPS_192.168.146.0/24" set schedule "always" set service "ALL" next edit 103 set name "DPS-> SCSD" set srcintf "DPS" set dstintf "inside" set action accept set srcaddr "DPS_10.46.0.0/16" "DPS_192.168.146.0/24" "DPS_Mgmt" set dstaddr "all" set schedule "always" set service "ALL" next edit 104 set name "DPS-> Outside" set srcintf "DPS" set dstintf "outside" set action accept set srcaddr "DPS_10.46.0.0/16" set dstaddr "all" set schedule "always" set service "ALL" set nat enable set ippool enable set poolname "ippool-198.36.23.253" next edit 125 set name "CNYWorks Internet Access" set srcintf "CNYWorks" "inside" set dstintf "outside" set action accept set srcaddr "IPv4-Private-All-RFC1918" "VPN-Range" set dstaddr "all" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "certificate-inspection" set av-profile "g-default" set ips-sensor "Outgoing_IPS" set application-list "App_Ctrl_1" set logtraffic all set nat enable set ippool enable set poolname "ippool-198.36.23.251" "ippool-198.36.23.252" "ippool-198.36.23.253" "ippool-198.36.23.254" next end config firewall DoS-policy edit 1 set name "Country_Block_DOS" set comments "Thresholds set to 1 to block all traffic from specific countries." set interface "outside" set srcaddr "Country Block" set dstaddr "all" set service "ALL" config anomaly edit "tcp_syn_flood" set status enable set action block set threshold 1 next edit "tcp_port_scan" set status enable set action block set threshold 1 next edit "tcp_src_session" set status enable set action block set threshold 1 next edit "tcp_dst_session" set status enable set action block set threshold 1 next edit "udp_flood" set status enable set action block set threshold 1 next edit "udp_scan" set status enable set action block set threshold 1 next edit "udp_src_session" set status enable set action block set threshold 1 next edit "udp_dst_session" set status enable set action block set threshold 1 next edit "icmp_flood" set status enable set action block set threshold 1 next edit "icmp_sweep" set status enable set action block set threshold 1 next edit "icmp_src_session" set status enable set action block set threshold 1 next edit "icmp_dst_session" set status enable set action block set threshold 1 next edit "ip_src_session" set status enable set action block set threshold 1 next edit "ip_dst_session" set status enable set action block set threshold 1 next edit "sctp_flood" set status enable set action block set threshold 1 next edit "sctp_scan" set status enable set action block set threshold 1 next edit "sctp_src_session" set status enable set action block set threshold 1 next edit "sctp_dst_session" set status enable set action block set threshold 1 next end next edit 3 set name "Zoom-bypass" set interface "outside" set srcaddr "all" set dstaddr "all" set service "Zoom UDP Ports" config anomaly edit "tcp_syn_flood" set threshold 2000 next edit "tcp_port_scan" set threshold 1000 next edit "tcp_src_session" set threshold 5000 next edit "tcp_dst_session" set threshold 5000 next edit "udp_flood" set status enable set log enable set threshold 2000 next edit "udp_scan" set threshold 2000 next edit "udp_src_session" set threshold 5000 next edit "udp_dst_session" set threshold 5000 next edit "icmp_flood" set threshold 250 next edit "icmp_sweep" set threshold 100 next edit "icmp_src_session" set threshold 300 next edit "icmp_dst_session" set threshold 1000 next edit "ip_src_session" set threshold 5000 next edit "ip_dst_session" set threshold 5000 next edit "sctp_flood" set threshold 2000 next edit "sctp_scan" set threshold 1000 next edit "sctp_src_session" set threshold 5000 next edit "sctp_dst_session" set threshold 5000 next end next edit 2 set name "DoS_Default" set interface "outside" set srcaddr "all" set dstaddr "all" set service "ALL" config anomaly edit "tcp_syn_flood" set status enable set log enable set action block set threshold 2000 next edit "tcp_port_scan" set status enable set log enable set action block set threshold 1000 next edit "tcp_src_session" set status enable set log enable set action block set threshold 5000 next edit "tcp_dst_session" set status enable set log enable set action block set threshold 5000 next edit "udp_flood" set status enable set log enable set action block set threshold 20000 next edit "udp_scan" set status enable set log enable set action block set threshold 2000 next edit "udp_src_session" set status enable set log enable set action block set threshold 5000 next edit "udp_dst_session" set status enable set log enable set action block set threshold 5000 next edit "icmp_flood" set status enable set log enable set action block set threshold 250 next edit "icmp_sweep" set status enable set log enable set action block set threshold 100 next edit "icmp_src_session" set status enable set log enable set action block set threshold 300 next edit "icmp_dst_session" set status enable set log enable set action block set threshold 1000 next edit "ip_src_session" set status enable set log enable set action block set threshold 5000 next edit "ip_dst_session" set status enable set log enable set action block set threshold 5000 next edit "sctp_flood" set status enable set log enable set action block set threshold 2000 next edit "sctp_scan" set status enable set log enable set action block set threshold 1000 next edit "sctp_src_session" set status enable set log enable set action block set threshold 5000 next edit "sctp_dst_session" set status enable set log enable set action block set threshold 5000 next end next end config firewall sniffer edit 8 set interface "vpn-0fc50345" set host "172.30.45.35" set port "3389" next edit 4 set interface "city_phones lag" set host "10.250.229.0/24" next edit 6 set interface "city_phones lag" set host "10.1.150.20" set port "8445" next edit 5 set interface "vpn-0403e61" next edit 7 set interface "outside lag" set host "3.20.191.182" next edit 9 set interface "Highstreet" next edit 10 set interface "inside lag" set host "192.168.79.2" next edit 11 set interface "inside lag" set host "10.46.1.1" next edit 12 set interface "DPS" set host "10.46.1.1" next edit 13 set interface "port17" set host "192.168.146.5" next edit 14 set interface "port19" set host "192.168.146.5" next edit 15 set interface "RAP" set host "192.168.79.2" next edit 16 set interface "city_phones lag" next end config firewall on-demand-sniffer edit "outside lag_scsd" set interface "outside lag" set max-packet-count 100 set hosts "24.105.188.54" set protocols 17 next edit "RAP_scsd" set interface "RAP" set max-packet-count 10000 next edit "SSL VPN" set interface "outside lag" set max-packet-count 10000 set hosts "174.197.201.25" next edit "inside lag_scsd" set interface "inside lag" set max-packet-count 10000 set hosts "10.1.70.153" next end