scsd/scsd-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
scsd-configs/configs/fortigate/vdom_scsd/firewall.cfg

6389 lines
194 KiB
INI
Raw Blame History

config firewall address
edit "EMS_ALL_UNKNOWN_CLIENTS"
set type dynamic
set sub-type ems-tag
next
edit "EMS_ALL_UNMANAGEABLE_CLIENTS"
set type dynamic
set sub-type ems-tag
next
edit "SSLVPN_TUNNEL_ADDR1"
set type iprange
set start-ip 10.212.134.200
set end-ip 10.212.134.210
next
edit "all"
next
edit "FIREWALL_AUTH_PORTAL_ADDRESS"
next
edit "FABRIC_DEVICE"
set comment "IPv4 addresses of Fabric Devices."
next
edit "SRIC_BOCES_Firewall"
set comment "SRIC BOCES - Firewall"
set subnet 170.161.52.25 255.255.255.255
next
edit "SRIC_BOCES_Server02"
set comment "SRIC BOCES - Server"
set subnet 170.161.52.27 255.255.255.255
next
edit "Barracuda_Internal"
set comment "Barracuda Email Internal"
set subnet 10.1.40.7 255.255.255.255
next
edit "Nimble_Inside_1"
set subnet 192.168.1.98 255.255.255.255
next
edit "Nimble_Inside_2"
set subnet 192.168.1.1 255.255.255.255
next
edit "Nimble_Inside_4"
set subnet 172.16.176.98 255.255.255.255
next
edit "Nimble_Support"
set subnet 198.54.168.5 255.255.255.255
next
edit "ReverseProxy"
set comment "Reverseproxy.scsd.ad for ess.scsd.us"
set subnet 10.1.18.126 255.255.255.255
next
edit "SafeSchools_01"
set comment "IP address for Safe Schools video training. Used to access LDAP authentication."
set subnet 52.27.21.77 255.255.255.255
next
edit "SPD_20_DrKing"
set comment "SPD Firewall STEAM at Dr King"
set color 2
set subnet 10.20.70.10 255.255.255.255
next
edit "SPD_21_Danforth"
set comment "SPD Firewall Brighton Academy"
set color 2
set subnet 10.21.70.10 255.255.255.255
next
edit "SPD_25_Frazer"
set comment "SPD Firewall Frazer"
set color 2
set subnet 10.25.70.10 255.255.255.255
next
edit "SPD_44_Seymour"
set comment "SPD Firewall Seymour"
set color 2
set subnet 10.44.70.10 255.255.255.255
next
edit "SPD_48_Beard"
set comment "SPD Firewall McCarthy at Beard"
set color 2
set subnet 10.48.70.10 255.255.255.255
next
edit "SPD_53_Blodgett"
set comment "SPD Firewall Syracuse STEM at Blodgett"
set color 2
set subnet 10.53.70.10 255.255.255.255
next
edit "SPD_56_SSC"
set comment "SPD Firewall School Service Center"
set color 2
set subnet 10.56.70.10 255.255.255.255
next
edit "SPD_09_Grant"
set comment "SPD Firewall Grant"
set color 2
set subnet 10.9.70.10 255.255.255.255
next
edit "z_BlockIP_001"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 103.117.232.198 255.255.255.255
next
edit "z_BlockIP_002"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 103.122.33.58 255.255.255.255
next
edit "z_BlockIP_003"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 103.207.169.78 255.255.255.255
next
edit "z_BlockIP_004"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 104.139.74.25 255.255.255.255
next
edit "z_BlockIP_005"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 107.173.6.251 255.255.255.255
next
edit "z_BlockIP_006"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 107.175.69.34 255.255.255.255
next
edit "z_BlockIP_007"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 119.92.23.203 255.255.255.255
next
edit "z_BlockIP_103"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 13.111.22.133 255.255.255.255
next
edit "z_BlockIP_008"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 131.0.142.120 255.255.255.255
next
edit "z_BlockIP_009"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 131.196.184.141 255.255.255.255
next
edit "z_BlockIP_010"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 138.121.24.78 255.255.255.255
next
edit "z_BlockIP_011"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 138.59.233.5 255.255.255.255
next
edit "z_BlockIP_012"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 146.185.219.45 255.255.255.255
next
edit "z_BlockIP_013"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 146.196.122.152 255.255.255.255
next
edit "z_BlockIP_014"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 146.196.122.167 255.255.255.255
next
edit "z_BlockIP_015"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 149.154.70.202 255.255.255.255
next
edit "z_BlockIP_104"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 151.80.88.253 255.255.255.255
next
edit "z_BlockIP_105"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 152.89.245.207 255.255.255.255
next
edit "z_BlockIP_106"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 152.89.245.212 255.255.255.255
next
edit "z_BlockIP_016"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 158.69.85.206 255.255.255.255
next
edit "z_BlockIP_107"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 162.255.119.159 255.255.255.255
next
edit "z_BlockIP_017"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 163.121.188.3 255.255.255.255
next
edit "z_BlockIP_108"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 164.132.138.130 255.255.255.255
next
edit "z_BlockIP_018"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 164.132.216.41 255.255.255.255
next
edit "z_BlockIP_019"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 168.227.229.112 255.255.255.255
next
edit "z_BlockIP_020"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 170.78.99.190 255.255.255.255
next
edit "z_BlockIP_021"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 170.84.78.186 255.255.255.255
next
edit "z_BlockIP_109"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 176.126.83.149 255.255.255.255
next
edit "z_BlockIP_022"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 177.103.240.149 255.255.255.255
next
edit "z_BlockIP_023"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 177.107.51.162 255.255.255.255
next
edit "z_BlockIP_024"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 177.124.37.208 255.255.255.255
next
edit "z_BlockIP_025"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 177.36.5.7 255.255.255.255
next
edit "z_BlockIP_026"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 177.52.79.29 255.255.255.255
next
edit "z_BlockIP_027"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 177.8.172.86 255.255.255.255
next
edit "z_BlockIP_111"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 178.157.82.145 255.255.255.255
next
edit "z_BlockIP_112"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 178.157.82.80 255.255.255.255
next
edit "z_BlockIP_028"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 179.189.241.254 255.255.255.255
next
edit "z_BlockIP_029"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 180.250.197.188 255.255.255.255
next
edit "z_BlockIP_030"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 181.115.168.69 255.255.255.255
next
edit "z_BlockIP_031"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 181.129.140.140 255.255.255.255
next
edit "z_BlockIP_032"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 181.129.49.98 255.255.255.255
next
edit "z_BlockIP_033"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 181.129.93.226 255.255.255.255
next
edit "z_BlockIP_034"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 181.196.61.110 255.255.255.255
next
edit "z_BlockIP_035"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 185.117.119.163 255.255.255.255
next
edit "z_BlockIP_113"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 185.117.73.76 255.255.255.255
next
edit "z_BlockIP_114"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 185.135.81.147 255.255.255.255
next
edit "z_BlockIP_115"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 185.141.27.243 255.255.255.255
next
edit "z_BlockIP_116"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 185.172.129.147 255.255.255.255
next
edit "z_BlockIP_117"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 185.175.156.13 255.255.255.255
next
edit "z_BlockIP_118"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 185.180.198.141 255.255.255.255
next
edit "z_BlockIP_119"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 185.224.134.124 255.255.255.255
next
edit "z_BlockIP_036"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 185.251.39.9 255.255.255.255
next
edit "z_BlockIP_037"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 185.43.6.87 255.255.255.255
next
edit "z_BlockIP_120"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 185.65.202.115 255.255.255.255
next
edit "z_BlockIP_038"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 185.86.150.130 255.255.255.255
next
edit "z_BlockIP_039"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 186.138.152.228 255.255.255.255
next
edit "z_BlockIP_040"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 186.183.199.114 255.255.255.255
next
edit "z_BlockIP_041"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 186.226.188.105 255.255.255.255
next
edit "z_BlockIP_042"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 186.42.186.202 255.255.255.255
next
edit "z_BlockIP_043"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 186.42.226.46 255.255.255.255
next
edit "z_BlockIP_044"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 187.110.100.122 255.255.255.255
next
edit "z_BlockIP_045"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 187.58.56.26 255.255.255.255
next
edit "z_BlockIP_046"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 189.80.134.122 255.255.255.255
next
edit "z_BlockIP_047"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 190.13.160.19 255.255.255.255
next
edit "z_BlockIP_048"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 190.152.4.210 255.255.255.255
next
edit "z_BlockIP_049"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 190.154.203.218 255.255.255.255
next
edit "z_BlockIP_122"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 191.101.251.141 255.255.255.255
next
edit "z_BlockIP_050"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 191.101.251.146 255.255.255.255
next
edit "z_BlockIP_051"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 191.37.181.152 255.255.255.255
next
edit "z_BlockIP_125"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 193.187.172.99 255.255.255.255
next
edit "z_BlockIP_126"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 193.9.60.148 255.255.255.255
next
edit "z_BlockIP_052"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 194.1.237.76 255.255.255.255
next
edit "z_BlockIP_053"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 195.123.212.139 255.255.255.255
next
edit "z_BlockIP_054"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 195.123.238.13 255.255.255.255
next
edit "z_BlockIP_055"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 195.123.243.167 255.255.255.255
next
edit "z_BlockIP_056"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 195.123.245.47 255.255.255.255
next
edit "z_BlockIP_057"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 195.123.246.188 255.255.255.255
next
edit "z_BlockIP_127"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 195.161.114.191 255.255.255.255
next
edit "z_BlockIP_128"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 195.161.62.25 255.255.255.255
next
edit "z_BlockIP_129"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 198.23.208.16 255.255.255.255
next
edit "z_BlockIP_130"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 198.46.190.37 255.255.255.255
next
edit "z_BlockIP_131"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 200.35.56.81 255.255.255.255
next
edit "z_BlockIP_058"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 201.184.69.50 255.255.255.255
next
edit "z_BlockIP_059"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 212.80.216.167 255.255.255.255
next
edit "z_BlockIP_060"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 240.0.0.1 255.255.255.255
next
edit "z_BlockIP_132"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 31.184.255.100 255.255.255.255
next
edit "z_BlockIP_133"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 36.66.115.180 255.255.255.255
next
edit "z_BlockIP_061"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 36.89.85.103 255.255.255.255
next
edit "z_BlockIP_062"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 37.18.30.99 255.255.255.255
next
edit "z_BlockIP_063"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 37.44.215.169 255.255.255.255
next
edit "z_BlockIP_064"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 45.127.222.53 255.255.255.255
next
edit "z_BlockIP_065"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 45.160.145.102 255.255.255.255
next
edit "z_BlockIP_066"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 45.160.145.109 255.255.255.255
next
edit "z_BlockIP_067"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 45.160.145.179 255.255.255.255
next
edit "z_BlockIP_068"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 45.160.145.18 255.255.255.255
next
edit "z_BlockIP_069"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 45.160.145.203 255.255.255.255
next
edit "z_BlockIP_070"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 45.160.145.216 255.255.255.255
next
edit "z_BlockIP_071"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 45.160.145.222 255.255.255.255
next
edit "z_BlockIP_072"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 45.160.145.53 255.255.255.255
next
edit "z_BlockIP_073"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 45.160.145.58 255.255.255.255
next
edit "z_BlockIP_074"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 45.160.145.8 255.255.255.255
next
edit "z_BlockIP_075"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 45.230.176.158 255.255.255.255
next
edit "z_BlockIP_076"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 45.67.228.192 255.255.255.255
next
edit "z_BlockIP_077"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 47.27.175.168 255.255.255.255
next
edit "z_BlockIP_078"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 5.189.224.172 255.255.255.255
next
edit "z_BlockIP_079"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 5.253.63.106 255.255.255.255
next
edit "z_BlockIP_080"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 5.4.5.4 255.255.255.255
next
edit "z_BlockIP_081"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 64.44.51.108 255.255.255.255
next
edit "z_BlockIP_082"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 64.44.51.79 255.255.255.255
next
edit "z_BlockIP_083"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 68.186.167.196 255.255.255.255
next
edit "z_BlockIP_084"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 78.155.206.85 255.255.255.255
next
edit "z_BlockIP_085"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 78.155.207.139 255.255.255.255
next
edit "z_BlockIP_086"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 80.173.224.81 255.255.255.255
next
edit "z_BlockIP_087"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 81.177.22.238 255.255.255.255
next
edit "z_BlockIP_088"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 82.118.22.57 255.255.255.255
next
edit "z_BlockIP_089"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 82.118.22.71 255.255.255.255
next
edit "z_BlockIP_090"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 82.146.46.153 255.255.255.255
next
edit "z_BlockIP_091"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 82.202.221.160 255.255.255.255
next
edit "z_BlockIP_092"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 85.10.234.175 255.255.255.255
next
edit "z_BlockIP_093"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 87.246.7.228 255.255.255.255
next
edit "z_BlockIP_094"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 91.235.129.166 255.255.255.255
next
edit "z_BlockIP_095"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 91.240.84.159 255.255.255.255
next
edit "z_BlockIP_096"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 91.240.85.19 255.255.255.255
next
edit "z_BlockIP_097"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 92.223.105.86 255.255.255.255
next
edit "z_BlockIP_098"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 92.38.160.64 255.255.255.255
next
edit "z_BlockIP_099"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 93.189.42.220 255.255.255.255
next
edit "z_BlockIP_100"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 96.36.253.146 255.255.255.255
next
edit "z_BlockIP_101"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 97.87.160.98 255.255.255.255
next
edit "Internal_10.0.0.0_8"
set comment "Internal 10.0.0.0/8 Network"
set subnet 10.0.0.0 255.0.0.0
next
edit "SCHC_Remote_Subnet_01"
set comment "Syracuse Community Health Center Remote Subnet"
set color 8
set subnet 10.107.100.0 255.255.255.0
next
edit "SCHC_Remote_Subnet_02"
set comment "Syracuse Community Health Center Remote Subnet"
set color 8
set subnet 10.107.49.0 255.255.255.0
next
edit "SCHC_Remote_Subnet_03"
set comment "Syracuse Community Health Center Remote Subnet"
set color 8
set subnet 10.107.50.0 255.255.255.0
next
edit "SCHC_15_HWSmith"
set comment "Syracuse Community Health Center HW Smith Subnet"
set color 8
set subnet 10.15.107.0 255.255.255.0
next
edit "SCHC_20_DrKing"
set comment "Syracuse Community Health Center Dr King Subnet"
set color 8
set subnet 10.20.107.0 255.255.255.0
next
edit "SCHC_22_Delaware"
set comment "Syracuse Community Health Center Delaware Subnet"
set color 8
set subnet 10.22.107.0 255.255.255.0
next
edit "SCHC_24_Franklin"
set comment "Syracuse Community Health Center Franklin Subnet"
set color 8
set subnet 10.24.107.0 255.255.255.0
next
edit "SCHC_03_PSLA"
set comment "Syracuse Community Health Center PSLA Subnet"
set color 8
set subnet 10.3.107.0 255.255.255.0
next
edit "SCHC_34_DrWeeks"
set comment "Syracuse Community Health Center Dr Weeks Subnet"
set color 8
set subnet 10.34.107.0 255.255.255.0
next
edit "SCHC_53_Blodgett"
set comment "Syracuse Community Health Center Blodgett Subnet"
set color 8
set subnet 10.53.107.0 255.255.255.0
next
edit "SCHC_09_Grant"
set comment "Syracuse Community Health Center Grant Subnet"
set color 8
set subnet 10.9.107.0 255.255.255.0
next
edit "z_BlockSub_001"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 103.139.219.0 255.255.255.0
next
edit "z_BlockSub_002"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 103.89.88.0 255.255.252.0
next
edit "z_BlockSub_003"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 104.140.0.0 255.255.0.0
next
edit "z_BlockSub_004"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 104.143.83.0 255.255.255.0
next
edit "z_BlockSub_005"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 104.206.0.0 255.255.0.0
next
edit "z_BlockSub_006"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 107.189.8.0 255.255.252.0
next
edit "z_BlockSub_007"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 108.179.192.0 255.255.192.0
next
edit "z_BlockSub_008"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 112.24.0.0 255.248.0.0
next
edit "z_BlockSub_009"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 115.220.0.0 255.255.0.0
next
edit "z_BlockSub_010"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 120.52.0.0 255.255.0.0
next
edit "z_BlockSub_011"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 120.55.0.0 255.255.0.0
next
edit "z_BlockSub_012"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 125.64.0.0 255.248.0.0
next
edit "z_BlockSub_013"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 150.107.103.0 255.255.255.0
next
edit "z_BlockSub_014"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 162.244.80.0 255.255.252.0
next
edit "z_BlockSub_015"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 162.247.72.0 255.255.252.0
next
edit "z_BlockSub_016"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 162.255.116.0 255.255.252.0
next
edit "z_BlockSub_017"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 170.130.184.0 255.255.252.0
next
edit "Internal_172.16.0.0_12"
set comment "Internal_172.16.0.0_12 Network"
set subnet 172.16.0.0 255.240.0.0
next
edit "z_BlockSub_019"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 172.246.0.0 255.255.0.0
next
edit "z_BlockSub_020"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 177.0.0.0 255.0.0.0
next
edit "z_BlockSub_021"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 184.104.0.0 255.254.0.0
next
edit "Internal_192.168.0.0_16"
set comment "Internal_192.168.0.0_16 Network"
set subnet 192.168.0.0 255.255.0.0
next
edit "z_BlockSub_022"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 198.108.0.0 255.252.0.0
next
edit "z_BlockSub_024"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 199.249.230.0 255.255.255.0
next
edit "z_BlockSub_025"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 199.59.240.0 255.255.252.0
next
edit "z_BlockSub_026"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 202.28.0.0 255.254.0.0
next
edit "z_BlockSub_027"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 209.141.32.0 255.255.224.0
next
edit "z_BlockSub_028"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 209.53.0.0 255.255.0.0
next
edit "z_BlockSub_029"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 217.0.0.0 255.0.0.0
next
edit "z_BlockSub_030"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 218.102.96.0 255.255.224.0
next
edit "z_BlockSub_031"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 23.129.64.0 255.255.255.0
next
edit "z_BlockSub_032"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 23.227.128.0 255.255.224.0
next
edit "z_BlockSub_033"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 35.0.0.0 255.255.0.0
next
edit "z_BlockSub_034"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 38.39.24.0 255.255.248.0
next
edit "z_BlockSub_035"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 45.224.0.0 255.240.0.0
next
edit "z_BlockSub_037"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 71.244.60.224 255.255.255.240
next
edit "z_BlockSub_038"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 71.64.0.0 255.240.0.0
next
edit "z_BlockSub_039"
set comment "Malicious Subnet"
set associated-interface "outside"
set color 6
set subnet 80.0.0.0 255.0.0.0
next
edit "nimble_Inside_3"
set subnet 172.16.175.98 255.255.255.255
next
edit "ntss-inside"
set comment "NTSS"
set subnet 10.1.48.68 255.255.255.255
next
edit "city_permited_subnet_1"
set comment "***Needs to be narrowed***"
set color 28
set subnet 10.1.0.0 255.255.0.0
next
edit "city_permited_subnet_3"
set comment "***Needs to be examined***"
set color 28
set subnet 10.1.50.0 255.255.255.0
next
edit "city_permited_subnet_4"
set comment "***Needs to be examined***"
set color 28
set subnet 10.1.150.0 255.255.255.0
next
edit "city_permited_subnet_5"
set comment "***Needs to be examined***"
set color 28
set subnet 10.21.150.0 255.255.255.0
next
edit "city_permited_subnet_7"
set comment "***Needs to be examined***"
set color 28
set subnet 10.1.7.0 255.255.255.0
next
edit "City_Side_Subnet_1"
set comment "City\'s Subnet on their side"
set color 28
set subnet 10.250.0.0 255.255.0.0
next
edit "City_Side_CGR_01"
set comment "City Lights CGR Subnet on City Side"
set color 28
set allow-routing enable
set subnet 10.253.17.0 255.255.255.0
next
edit "City_Side_CGR_02"
set comment "City Lights CGR Subnet on City Side"
set color 28
set allow-routing enable
set subnet 10.253.18.0 255.255.255.0
next
edit "VPN-Range"
set type iprange
set start-ip 172.16.251.1
set end-ip 172.16.251.127
next
edit "SPD_Network"
set type iprange
set comment "Syracuse Police Department Network Range"
set color 2
set start-ip 10.250.100.80
set end-ip 10.250.100.89
next
edit "FCTEMS_ALL_FORTICLOUD_SERVERS"
set type dynamic
set sub-type ems-tag
next
edit "Russia"
set type geography
set color 7
set country "RU"
next
edit "China"
set type geography
set color 6
set country "CN"
next
edit "Iran"
set type geography
set color 6
set country "IR"
next
edit "Belarus"
set type geography
set color 6
set country "BY"
next
edit "North Korea"
set type geography
set color 6
set country "KP"
next
edit "SSL_VPN_Range"
set comment "Remote Access VPN IP Range"
set associated-interface "ssl.scsd"
set subnet 10.212.134.0 255.255.255.0
next
edit "United_States"
set type geography
set associated-interface "outside"
set country "US"
next
edit "SRIC_BOCES_Server01"
set comment "SRIC BOCES - Server"
set subnet 170.161.72.15 255.255.255.255
next
edit "z_Ryuk_01"
set comment "Block IP from Ransomware Attack"
set associated-interface "outside"
set color 6
set subnet 177.103.240.149 255.255.255.255
next
edit "z_Ryuk_02"
set comment "Block IP from Ransomware Attack"
set associated-interface "outside"
set color 6
set subnet 93.189.42.220 255.255.255.255
next
edit "z_BlockIP_134"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 138.68.50.218 255.255.255.255
next
edit "411App_WebPage"
set type fqdn
set fqdn "411app.scsd.us"
next
edit "City_Side_Parks_Phone_Subnet"
set comment "City Parks & Rec Phones and SIP Trunk Subnet"
set color 28
set allow-routing enable
set subnet 10.250.229.0 255.255.255.0
next
edit "Nigeria"
set type geography
set color 6
set country "NG"
next
edit "Afghanistan"
set type geography
set color 6
set country "AF"
next
edit "Brazil"
set type geography
set color 6
set country "BR"
next
edit "Columbia"
set type geography
set color 6
set country "CO"
next
edit "India"
set type geography
set color 6
set country "IN"
next
edit "Indonesia"
set type geography
set color 6
set country "ID"
next
edit "Romania"
set type geography
set color 6
set country "RO"
next
edit "Thailand"
set type geography
set color 6
set country "TH"
next
edit "Turkey"
set type geography
set color 6
set country "TR"
next
edit "Vietnam"
set type geography
set color 6
set country "VN"
next
edit "SPD_22_Delaware"
set comment "SPD Firewall Delaware"
set color 2
set subnet 10.22.70.10 255.255.255.255
next
edit "SPD_24_Franklin"
set comment "SPD Firewall Franklin"
set color 2
set subnet 10.24.70.10 255.255.255.255
next
edit "z_BlockIP_135"
set comment "Malicious IP Address"
set associated-interface "outside"
set color 6
set subnet 108.174.5.112 255.255.255.255
next
edit "SPD_Side_Genetec"
set comment "Genetec Server Range on SPD Side"
set associated-interface "city_phones"
set color 2
set allow-routing enable
set subnet 10.211.21.16 255.255.255.240
next
edit "ST_External_1"
set comment "SchoolTool IIS #3"
set allow-routing enable
set subnet 172.30.45.30 255.255.255.255
next
edit "ST_External_2"
set comment "SchoolTool Reporting"
set allow-routing enable
set subnet 172.30.45.109 255.255.255.255
next
edit "ST_External_3"
set comment "SchoolTool SQL"
set allow-routing enable
set subnet 172.30.45.25 255.255.255.255
next
edit "PrintOC-Outside"
set color 1
set subnet 198.36.26.119 255.255.255.255
next
edit "ST_External_4"
set comment "SchoolTool IIS #4"
set allow-routing enable
set subnet 172.30.45.35 255.255.255.255
next
edit "ST_External_5"
set comment "SchoolTool IIS #2"
set allow-routing enable
set subnet 172.30.45.84 255.255.255.255
next
edit "ST_External_6"
set comment "SchoolTool IIS #1"
set allow-routing enable
set subnet 172.30.45.107 255.255.255.255
next
edit "SchoolTool_External_Range"
set subnet 172.30.44.0 255.255.254.0
next
edit "z_BlockIP_141"
set comment "now.gg"
set associated-interface "outside"
set color 6
set subnet 18.238.49.122 255.255.255.255
next
edit "Webosphere_Inside"
set comment "SCSD Website"
set associated-interface "inside"
set subnet 10.1.48.117 255.255.255.255
next
edit "Day_Enterprise_Server"
set comment "Day Automation"
set associated-interface "inside"
set color 10
set subnet 10.1.40.108 255.255.255.255
next
edit "Day_VM_Server"
set comment "Day Automation"
set associated-interface "inside"
set color 10
set subnet 10.1.40.173 255.255.255.255
next
edit "WebCRD"
set comment "printshop.scsd.us"
set associated-interface "inside"
set subnet 10.1.48.96 255.255.255.255
next
edit "Security_01_NOC"
set associated-interface "inside"
set color 25
set subnet 10.1.70.0 255.255.254.0
next
edit "Security_02_ITC"
set associated-interface "inside"
set color 25
set subnet 10.2.70.0 255.255.254.0
next
edit "Security_03_PSLA"
set associated-interface "inside"
set color 25
set subnet 10.3.70.0 255.255.254.0
next
edit "Security_04_Nottingham"
set associated-interface "inside"
set color 25
set subnet 10.4.70.0 255.255.254.0
next
edit "Security_06_Henninger"
set associated-interface "inside"
set color 25
set subnet 10.6.70.0 255.255.254.0
next
edit "Security_07_Corcoran"
set associated-interface "inside"
set color 25
set subnet 10.7.70.0 255.255.254.0
next
edit "Security_08_Clary"
set associated-interface "inside"
set color 25
set subnet 10.8.70.0 255.255.254.0
next
edit "Security_09_Grant"
set associated-interface "inside"
set color 25
set subnet 10.9.70.0 255.255.254.0
next
edit "Security_10_Levy"
set associated-interface "inside"
set color 25
set subnet 10.10.70.0 255.255.254.0
next
edit "Security_13_Lincoln"
set associated-interface "inside"
set color 25
set subnet 10.13.70.0 255.255.254.0
next
edit "Security_14_Shea"
set associated-interface "inside"
set color 25
set subnet 10.14.70.0 255.255.254.0
next
edit "Security_15_HWSmith"
set associated-interface "inside"
set color 25
set subnet 10.15.70.0 255.255.254.0
next
edit "Security_16_Bellevue"
set associated-interface "inside"
set color 25
set subnet 10.16.70.0 255.255.254.0
next
edit "Security_20_DrKing"
set associated-interface "inside"
set color 25
set subnet 10.20.70.0 255.255.254.0
next
edit "Security_21_Danforth"
set associated-interface "inside"
set color 25
set subnet 10.21.70.0 255.255.254.0
next
edit "Security_22_Delaware"
set associated-interface "inside"
set color 25
set subnet 10.22.70.0 255.255.254.0
next
edit "Security_23_Elmwood"
set associated-interface "inside"
set color 25
set subnet 10.23.70.0 255.255.254.0
next
edit "Security_24_Franklin"
set associated-interface "inside"
set color 25
set subnet 10.24.70.0 255.255.254.0
next
edit "Security_25_Frazer"
set associated-interface "inside"
set color 25
set subnet 10.25.70.0 255.255.254.0
next
edit "Security_27_Elmcrest"
set associated-interface "inside"
set color 25
set subnet 10.27.70.0 255.255.254.0
next
edit "Security_28_Latin"
set associated-interface "inside"
set color 25
set subnet 10.28.70.0 255.255.254.0
next
edit "Security_29_Huntington"
set associated-interface "inside"
set color 25
set subnet 10.29.70.0 255.255.254.0
next
edit "Security_30_SalemHyde"
set associated-interface "inside"
set color 25
set subnet 10.30.70.0 255.255.254.0
next
edit "Security_33_LeMoyne"
set associated-interface "inside"
set color 25
set subnet 10.33.70.0 255.255.254.0
next
edit "Security_34_DrWeeks"
set associated-interface "inside"
set color 25
set subnet 10.34.70.0 255.255.254.0
next
edit "Security_36_McKinley"
set associated-interface "inside"
set color 25
set subnet 10.36.70.0 255.255.254.0
next
edit "Security_37_Meachem"
set associated-interface "inside"
set color 25
set subnet 10.37.70.0 255.255.254.0
next
edit "Security_40_Porter"
set associated-interface "inside"
set color 25
set subnet 10.40.70.0 255.255.254.0
next
edit "Security_41_BOVA"
set associated-interface "inside"
set color 25
set subnet 10.41.70.0 255.255.254.0
next
edit "Security_42_Roberts"
set associated-interface "inside"
set color 25
set subnet 10.42.70.0 255.255.254.0
next
edit "Security_44_Seymour"
set associated-interface "inside"
set color 25
set subnet 10.44.70.0 255.255.254.0
next
edit "Security_45_EdSmith"
set associated-interface "inside"
set color 25
set subnet 10.45.70.0 255.255.254.0
next
edit "Security_46_Phoenix"
set associated-interface "inside"
set color 25
set subnet 10.46.70.0 255.255.254.0
next
edit "Security_47_McCarthy"
set associated-interface "inside"
set color 25
set subnet 10.47.70.0 255.255.254.0
next
edit "Security_48_Beard"
set associated-interface "inside"
set color 25
set subnet 10.48.70.0 255.255.254.0
next
edit "Security_49_VanDuyn"
set associated-interface "inside"
set color 25
set subnet 10.49.70.0 255.255.254.0
next
edit "Security_51_Webster"
set associated-interface "inside"
set color 25
set subnet 10.51.70.0 255.255.254.0
next
edit "Security_53_Blodgett"
set associated-interface "inside"
set color 25
set subnet 10.53.70.0 255.255.254.0
next
edit "Security_54_JVC"
set associated-interface "inside"
set color 25
set subnet 10.54.70.0 255.255.254.0
next
edit "Security_55_CentralOffice"
set associated-interface "inside"
set color 25
set subnet 10.55.70.0 255.255.254.0
next
edit "Security_56_SSC"
set associated-interface "inside"
set color 25
set subnet 10.56.70.0 255.255.254.0
next
edit "Security_57_Transportation"
set associated-interface "inside"
set color 25
set subnet 10.57.70.0 255.255.254.0
next
edit "Security_60_PDC"
set associated-interface "inside"
set color 25
set subnet 10.60.70.0 255.255.254.0
next
edit "Security_86_StLucy"
set associated-interface "inside"
set color 25
set subnet 10.86.70.0 255.255.254.0
next
edit "psdevdb1"
set comment "Peoplesoft"
set associated-interface "inside"
set color 20
set subnet 10.1.18.136 255.255.255.255
next
edit "hypprodweb1"
set comment "Hyperion"
set associated-interface "inside"
set color 22
set subnet 10.1.18.84 255.255.255.255
next
edit "psprddb1"
set comment "Peoplesoft"
set associated-interface "inside"
set color 20
set subnet 10.1.18.138 255.255.255.255
next
edit "psqasdb1"
set comment "Peoplesoft"
set associated-interface "inside"
set color 20
set subnet 10.1.18.137 255.255.255.255
next
edit "psdevfin"
set comment "Peoplesoft"
set associated-interface "inside"
set color 20
set subnet 10.1.18.122 255.255.255.255
next
edit "psdevhcm"
set comment "Peoplesoft"
set associated-interface "inside"
set color 20
set subnet 10.1.18.125 255.255.255.255
next
edit "psprdess"
set comment "Peoplesoft"
set associated-interface "inside"
set color 20
set subnet 10.1.18.200 255.255.255.255
next
edit "psprdfin"
set comment "Peoplesoft"
set associated-interface "inside"
set color 20
set subnet 10.1.18.120 255.255.255.255
next
edit "psprdhcm"
set comment "Peoplesoft"
set associated-interface "inside"
set color 20
set subnet 10.1.18.123 255.255.255.255
next
edit "psprdrpx"
set comment "Peoplesoft"
set associated-interface "inside"
set color 20
set subnet 10.1.18.201 255.255.255.255
next
edit "psqasfin"
set comment "Peoplesoft"
set associated-interface "inside"
set color 20
set subnet 10.1.18.121 255.255.255.255
next
edit "psqashcm"
set comment "Peoplesoft"
set associated-interface "inside"
set color 20
set subnet 10.1.18.124 255.255.255.255
next
edit "pstools"
set comment "Peoplesoft"
set associated-interface "inside"
set color 20
set subnet 10.1.18.130 255.255.255.255
next
edit "hypprodweb2"
set comment "Hyperion"
set associated-interface "inside"
set color 22
set subnet 10.1.18.85 255.255.255.255
next
edit "hypprodess"
set comment "Hyperion"
set associated-interface "inside"
set color 22
set subnet 10.1.18.83 255.255.255.255
next
edit "hypprodwin7"
set comment "Hyperion"
set associated-interface "inside"
set color 22
set subnet 10.1.18.86 255.255.255.255
next
edit "psnagus"
set comment "Peoplesoft"
set associated-interface "inside"
set color 20
set subnet 10.1.18.131 255.255.255.255
next
edit "psupgfin"
set comment "Peoplesoft"
set associated-interface "inside"
set color 20
set subnet 10.1.18.150 255.255.255.255
next
edit "psupghcm"
set comment "Peoplesoft"
set associated-interface "inside"
set color 20
set subnet 10.1.18.151 255.255.255.255
next
edit "hypdeveb"
set comment "Hyperion"
set associated-interface "inside"
set color 22
set subnet 10.1.18.50 255.255.255.255
next
edit "hypdevw1"
set comment "Hyperion"
set associated-interface "inside"
set color 22
set subnet 10.1.18.51 255.255.255.255
next
edit "hypdevw3"
set comment "Hyperion"
set associated-interface "inside"
set color 22
set subnet 10.1.18.59 255.255.255.255
next
edit "hypprdeb"
set comment "Hyperion"
set associated-interface "inside"
set color 22
set subnet 10.1.18.53 255.255.255.255
next
edit "hypprdw1"
set comment "Hyperion"
set associated-interface "inside"
set color 22
set subnet 10.1.18.54 255.255.255.255
next
edit "hypprdw2"
set comment "Hyperion"
set associated-interface "inside"
set color 22
set subnet 10.1.18.55 255.255.255.255
next
edit "hypqaeb"
set comment "Hyperion"
set associated-interface "inside"
set color 22
set subnet 10.1.18.56 255.255.255.255
next
edit "hypqaw1"
set comment "Hyperion"
set associated-interface "inside"
set color 22
set subnet 10.1.18.57 255.255.255.255
next
edit "hypqaw2"
set comment "Hyperion"
set associated-interface "inside"
set color 22
set subnet 10.1.18.58 255.255.255.255
next
edit "Nighttime_Inside"
set comment "Nighttime sends backups"
set associated-interface "inside"
set subnet 10.1.40.191 255.255.255.255
next
edit "411app"
set associated-interface "inside"
set subnet 10.1.40.216 255.255.255.255
next
edit "411sql"
set associated-interface "inside"
set subnet 10.1.40.225 255.255.255.255
next
edit "DocHolliday"
set comment "WebCRD Server"
set associated-interface "inside"
set subnet 10.1.48.78 255.255.255.255
next
edit "Day_Continuum_Server"
set comment "Day Automation"
set associated-interface "inside"
set color 10
set subnet 10.1.40.188 255.255.255.255
next
edit "Genetec"
set associated-interface "inside"
set subnet 10.1.70.30 255.255.255.255
next
edit "DC01_A"
set comment "Domain Controller for DNS and LDAP"
set associated-interface "inside"
set color 14
set subnet 10.1.40.10 255.255.255.255
next
edit "DC01_B"
set comment "Domain Controller for DNS and LDAP"
set associated-interface "inside"
set color 14
set subnet 10.1.40.95 255.255.255.255
next
edit "DC01_C"
set comment "Domain Controller for DNS and LDAP"
set associated-interface "inside"
set color 14
set subnet 10.1.48.120 255.255.255.255
next
edit "HVDC02"
set comment "Domain Controller for DNS and LDAP"
set associated-interface "inside"
set color 14
set subnet 10.21.48.10 255.255.255.255
next
edit "HVDC03_A"
set comment "Domain Controller for DNS and LDAP"
set associated-interface "inside"
set color 14
set subnet 10.1.48.95 255.255.255.255
next
edit "HVDC03_B"
set comment "Domain Controller for DNS and LDAP"
set associated-interface "inside"
set color 14
set subnet 10.1.48.10 255.255.255.255
next
edit "Tim PC"
set associated-interface "inside"
set subnet 10.1.7.137 255.255.255.255
next
edit "CGR_16_Bellevue"
set comment "City Lights CGR - 16_Bellevue"
set associated-interface "inside"
set color 28
set subnet 10.16.233.11 255.255.255.255
next
edit "CGR_55_CentralOffice"
set comment "City Lights CGR - 55_Central Offices"
set associated-interface "inside"
set color 28
set subnet 10.55.233.11 255.255.255.255
next
edit "CGR_45_EdSmith"
set comment "City Lights CGR - 45_EdSmith"
set associated-interface "inside"
set color 28
set subnet 10.45.233.11 255.255.255.255
next
edit "CGR_23_Elmwood"
set comment "City Lights CGR - 23_Elmwood"
set associated-interface "inside"
set color 28
set subnet 10.23.233.11 255.255.255.255
next
edit "CGR_24_Franklin"
set comment "City Lights CGR - 24_Franklin"
set associated-interface "inside"
set color 28
set subnet 10.24.233.11 255.255.255.255
next
edit "CGR_29_Huntington"
set comment "City Lights CGR - 29_Huntington"
set associated-interface "inside"
set color 28
set subnet 10.29.233.11 255.255.255.255
next
edit "CGR_15_HWSmith"
set comment "City Lights CGR - 15_HWSmith"
set associated-interface "inside"
set color 28
set subnet 10.15.233.11 255.255.255.255
next
edit "CGR_48_Beard"
set comment "City Lights CGR - 48_Beard"
set associated-interface "inside"
set color 28
set subnet 10.48.233.11 255.255.255.255
next
edit "CGR_36_McKinley"
set comment "City Lights CGR - 36_McKinley"
set associated-interface "inside"
set color 28
set subnet 10.36.233.11 255.255.255.255
next
edit "CGR_37_Meachem"
set comment "City Lights CGR - 37_Meachem"
set associated-interface "inside"
set color 28
set subnet 10.37.233.11 255.255.255.255
next
edit "CGR_40_Porter"
set comment "City Lights CGR - 40_Porter"
set associated-interface "inside"
set color 28
set subnet 10.40.233.11 255.255.255.255
next
edit "CGR_30_SalemHyde"
set comment "City Lights CGR - 30_SalemHyde"
set associated-interface "inside"
set color 28
set subnet 10.30.233.11 255.255.255.255
next
edit "CGR_44_Seymour"
set comment "City Lights CGR - 44_Seymour"
set associated-interface "inside"
set color 28
set subnet 10.44.233.11 255.255.255.255
next
edit "CGR_49_VanDuyn"
set comment "City Lights CGR - 49_VanDuyn"
set associated-interface "inside"
set color 28
set subnet 10.49.233.11 255.255.255.255
next
edit "CGR_51_Webster"
set comment "City Lights CGR - 51_Webster"
set associated-interface "inside"
set color 28
set subnet 10.51.233.11 255.255.255.255
next
edit "z_BlockIP_000"
set associated-interface "outside"
set color 6
set subnet 103.117.232.199 255.255.255.255
next
edit "hypdevw2"
set comment "Hyperion"
set associated-interface "inside"
set color 22
set subnet 10.1.18.52 255.255.255.255
next
edit "Access_Control_01_NOC"
set comment "01_NOC_Access_Control"
set associated-interface "inside"
set color 29
set subnet 10.1.72.0 255.255.255.0
next
edit "Access_Control_02_ITC"
set comment "02_ITC_Access_Control"
set associated-interface "inside"
set color 29
set subnet 10.2.72.0 255.255.255.0
next
edit "Access_Control_03_PSLA"
set comment "Access Control PSLA at Fowler"
set associated-interface "inside"
set color 29
set subnet 10.3.72.0 255.255.255.0
next
edit "Access_Control_04_Nottingham"
set comment "Access Control Nottingham"
set associated-interface "inside"
set color 29
set subnet 10.4.72.0 255.255.255.0
next
edit "Access_Control_06_Henninger"
set comment "Access Control Henninger"
set associated-interface "inside"
set color 29
set subnet 10.6.72.0 255.255.255.0
next
edit "Access_Control_07_Corcoran"
set comment "Access Control Corcoran"
set associated-interface "inside"
set color 29
set subnet 10.7.72.0 255.255.255.0
next
edit "Access_Control_08_Clary"
set comment "Access Control Clary"
set associated-interface "inside"
set color 29
set subnet 10.8.72.0 255.255.255.0
next
edit "Access_Control_09_Grant"
set comment "Access Control Grant"
set associated-interface "inside"
set color 29
set subnet 10.9.72.0 255.255.255.0
next
edit "Access_Control_10_Levy"
set comment "Access Control Levy"
set associated-interface "inside"
set color 29
set subnet 10.10.72.0 255.255.255.0
next
edit "Access_Control_40_Porter"
set comment "Access Control Porter"
set associated-interface "inside"
set color 29
set subnet 10.40.72.0 255.255.255.0
next
edit "PeopleTools"
set comment "Peoplesoft"
set associated-interface "inside"
set color 20
set subnet 10.1.18.100 255.255.255.255
next
edit "psupgfin2"
set comment "Peoplesoft"
set associated-interface "inside"
set color 20
set subnet 10.1.18.117 255.255.255.255
next
edit "psupghcm2"
set comment "Peoplesoft"
set associated-interface "inside"
set color 20
set subnet 10.1.18.116 255.255.255.255
next
edit "pum_a"
set comment "Peoplesoft"
set associated-interface "inside"
set color 20
set subnet 10.1.18.111 255.255.255.255
next
edit "pum_b"
set comment "Peoplesoft"
set associated-interface "inside"
set color 20
set subnet 10.1.18.112 255.255.255.255
next
edit "SMTP_Office365_a"
set comment "Microsoft to Barracuda Archivers"
set associated-interface "outside"
set subnet 104.47.0.0 255.255.128.0
next
edit "SMTP_Office365_b"
set comment "Microsoft to Barracuda Archivers"
set associated-interface "outside"
set subnet 40.92.0.0 255.254.0.0
next
edit "SMTP_Office365_c"
set comment "Microsoft to Barracuda Archivers"
set associated-interface "outside"
set subnet 40.107.0.0 255.255.0.0
next
edit "SMTP_Office365_d"
set comment "Microsoft to Barracuda Archivers"
set associated-interface "outside"
set subnet 52.100.0.0 255.252.0.0
next
edit "City_Side_VoIP_30"
set comment "City Side VoIP"
set associated-interface "city_phones"
set color 28
set allow-routing enable
set subnet 10.250.30.0 255.255.255.0
next
edit "City_Side_VoIP_56"
set comment "City Side VoIP"
set associated-interface "city_phones"
set color 28
set allow-routing enable
set subnet 10.250.56.0 255.255.255.0
next
edit "City_Side_VoIP_61"
set comment "City Side VoIP"
set associated-interface "city_phones"
set color 28
set allow-routing enable
set subnet 10.250.61.0 255.255.255.0
next
edit "City_Side_VoIP_62"
set comment "City Side VoIP"
set associated-interface "city_phones"
set color 28
set allow-routing enable
set subnet 10.250.62.0 255.255.255.0
next
edit "City_Side_VoIP_63"
set comment "City Side VoIP"
set associated-interface "city_phones"
set color 28
set allow-routing enable
set subnet 10.250.63.0 255.255.255.0
next
edit "City_Side_VoIP_64"
set comment "City Side VoIP"
set associated-interface "city_phones"
set color 28
set allow-routing enable
set subnet 10.250.64.0 255.255.255.0
next
edit "City_Side_VoIP_65"
set comment "City Side VoIP"
set associated-interface "city_phones"
set color 28
set allow-routing enable
set subnet 10.250.65.0 255.255.255.0
next
edit "City_Side_VoIP_66"
set comment "City Side VoIP"
set associated-interface "city_phones"
set color 28
set allow-routing enable
set subnet 10.250.66.0 255.255.255.0
next
edit "City_Side_VoIP_67"
set comment "City Side VoIP"
set associated-interface "city_phones"
set color 28
set allow-routing enable
set subnet 10.250.67.0 255.255.255.0
next
edit "City_Side_VoIP_68"
set comment "City Side VoIP"
set associated-interface "city_phones"
set color 28
set allow-routing enable
set subnet 10.250.68.0 255.255.255.0
next
edit "City_Side_VoIP_72"
set comment "City Side VoIP"
set associated-interface "city_phones"
set color 28
set allow-routing enable
set subnet 10.250.72.0 255.255.255.0
next
edit "City_Side_VoIP_74"
set comment "City Side VoIP"
set associated-interface "city_phones"
set color 28
set allow-routing enable
set subnet 10.250.74.0 255.255.255.0
next
edit "City_Side_VoIP_75"
set comment "City Side VoIP"
set associated-interface "city_phones"
set color 28
set allow-routing enable
set subnet 10.250.75.0 255.255.255.0
next
edit "City_Side_VoIP_76"
set comment "City Side VoIP"
set associated-interface "city_phones"
set color 28
set allow-routing enable
set subnet 10.250.76.0 255.255.255.0
next
edit "City_Side_VoIP_77"
set comment "City Side VoIP - Includes DPW Router"
set associated-interface "city_phones"
set color 28
set allow-routing enable
set subnet 10.250.77.0 255.255.255.0
next
edit "City_Side_VoIP_88"
set comment "City Side VoIP"
set associated-interface "city_phones"
set color 28
set allow-routing enable
set subnet 10.250.88.0 255.255.255.0
next
edit "City_Side_VoIP_132"
set comment "City Side VoIP"
set associated-interface "city_phones"
set color 28
set allow-routing enable
set subnet 10.250.132.0 255.255.255.0
next
edit "City_Side_VoIP_1_Park_Place_A"
set comment "City Side VoIP"
set associated-interface "city_phones"
set color 28
set allow-routing enable
set subnet 10.249.0.44 255.255.255.255
next
edit "CUCM_BRIGHTON"
set comment "SCSD Cisco Call Managers"
set associated-interface "inside"
set color 5
set subnet 10.21.150.0 255.255.255.0
next
edit "CUCM_ITC_NOC"
set comment "SCSD Cisco Call Managers"
set associated-interface "inside"
set color 5
set subnet 10.1.150.0 255.255.255.0
next
edit "City_Side_VoIP_1_Park_Place_B"
set comment "City Side VoIP"
set associated-interface "city_phones"
set color 28
set allow-routing enable
set subnet 10.235.40.0 255.255.248.0
next
edit "City_Side_VoIP_Router_A"
set comment "City Side VoIP Router"
set associated-interface "city_phones"
set color 28
set allow-routing enable
set subnet 10.250.51.21 255.255.255.255
next
edit "City_Side_VoIP_Router_B"
set comment "City Side VoIP Router"
set associated-interface "city_phones"
set color 28
set allow-routing enable
set subnet 10.250.51.23 255.255.255.255
next
edit "SPD_Side_A"
set comment "SPD Side Firewall"
set associated-interface "city_phones"
set color 2
set allow-routing enable
set subnet 10.250.100.80 255.255.255.248
next
edit "SPD_Side_B"
set comment "SPD Side Firewall"
set associated-interface "city_phones"
set color 2
set allow-routing enable
set subnet 10.250.100.88 255.255.255.254
next
edit "County_Network"
set comment "Onondaga County Purchasing Department"
set associated-interface "city_phones"
set allow-routing enable
set subnet 10.250.100.90 255.255.255.255
next
edit "City_Side_VoIP_Water_DPW_Recorder"
set comment "City Side VoIP"
set associated-interface "city_phones"
set color 28
set allow-routing enable
set subnet 10.249.0.46 255.255.255.255
next
edit "Microsoft 1"
set comment "Located in India"
set associated-interface "outside"
set subnet 13.71.55.58 255.255.255.255
next
edit "NVR-NOC"
set comment "NVR ITC Data Center"
set associated-interface "inside"
set color 2
set allow-routing enable
set subnet 10.1.70.38 255.255.255.255
next
edit "NVR-FAILOVER"
set comment "NVR ITC Data Center"
set associated-interface "inside"
set color 2
set allow-routing enable
set subnet 10.1.70.27 255.255.255.255
next
edit "NVR-RING1-CLAR"
set comment "NVR Clary MDF"
set associated-interface "inside"
set color 2
set allow-routing enable
set subnet 10.8.70.11 255.255.255.255
next
edit "NVR-RING1-CLAR2"
set comment "NVR Clary MDF"
set associated-interface "inside"
set color 2
set allow-routing enable
set subnet 10.8.70.14 255.255.255.255
next
edit "NVR-RING1-CORC"
set comment "NVR Corcoran MDF"
set associated-interface "inside"
set color 2
set allow-routing enable
set subnet 10.7.70.11 255.255.255.255
next
edit "NVR-RING1-CORC2"
set comment "NVR Corcoran MDF"
set associated-interface "inside"
set color 2
set allow-routing enable
set subnet 10.7.70.14 255.255.255.255
next
edit "NVR-RING2-DANF"
set comment "NVR Danforth MDF"
set associated-interface "inside"
set color 2
set allow-routing enable
set subnet 10.21.70.11 255.255.255.255
next
edit "NVR-RING2-DANF2"
set comment "NVR Danforth MDF"
set associated-interface "inside"
set color 2
set allow-routing enable
set subnet 10.21.70.14 255.255.255.255
next
edit "NVR-RING3-PSLA"
set comment "NVR PSLA MDF"
set associated-interface "inside"
set color 2
set allow-routing enable
set subnet 10.3.70.11 255.255.255.255
next
edit "NVR-RING3-PSLA2"
set comment "NVR PSLA MDF"
set associated-interface "inside"
set color 2
set allow-routing enable
set subnet 10.3.70.14 255.255.255.255
next
edit "NVR-RING4-BLOD"
set comment "NVR Blodgett MDF"
set associated-interface "inside"
set color 2
set allow-routing enable
set subnet 10.53.70.11 255.255.255.255
next
edit "NVR-RING4-FRAZ"
set comment "NVR Frazier MDF"
set associated-interface "inside"
set color 2
set allow-routing enable
set subnet 10.25.70.11 255.255.255.255
next
edit "NVR-RING5-CENT"
set comment "NVR Central Offices MDF"
set associated-interface "inside"
set color 2
set allow-routing enable
set subnet 10.55.70.11 255.255.255.255
next
edit "NVR-RING6-EDSM"
set comment "NVR Ed Smith MDF"
set associated-interface "inside"
set color 2
set allow-routing enable
set subnet 10.45.70.11 255.255.255.255
next
edit "NVR-RING6-HWSM"
set comment "NVR HW Smith MDF"
set associated-interface "inside"
set color 2
set allow-routing enable
set subnet 10.15.70.11 255.255.255.255
next
edit "NVR-RING6-HWSM2"
set comment "NVR HW Smith MDF"
set associated-interface "inside"
set color 2
set allow-routing enable
set subnet 10.15.70.14 255.255.255.255
next
edit "NVR-RING6-NOTT"
set comment "NVR Nottingham MDF"
set associated-interface "inside"
set color 2
set allow-routing enable
set subnet 10.4.70.11 255.255.255.255
next
edit "NVR-RING7-BELL"
set comment "NVR Bellevue MDF"
set associated-interface "inside"
set color 2
set allow-routing enable
set subnet 10.16.70.11 255.255.255.255
next
edit "NVR-RING7-GRAN"
set comment "NVR Grant 2nd Floor IDF"
set associated-interface "inside"
set color 2
set allow-routing enable
set subnet 10.9.70.11 255.255.255.255
next
edit "NVR-RING7-GRAN2"
set comment "NVR Grant 2nd Floor IDF"
set associated-interface "inside"
set color 2
set allow-routing enable
set subnet 10.9.70.14 255.255.255.255
next
edit "NVR-RING8-HENN"
set comment "NVR Henninger MDF"
set associated-interface "inside"
set color 2
set allow-routing enable
set subnet 10.6.70.11 255.255.255.255
next
edit "NVR-RING8-HENN2"
set comment "NVR Henninger MDF"
set associated-interface "inside"
set color 2
set allow-routing enable
set subnet 10.6.70.14 255.255.255.255
next
edit "NVR-RING8-HUNT"
set comment "NVR Huntington MDF"
set associated-interface "inside"
set color 2
set allow-routing enable
set subnet 10.29.70.11 255.255.255.255
next
edit "Genetec-Dir"
set comment "Genetec Directory"
set associated-interface "inside"
set color 2
set allow-routing enable
set subnet 10.1.70.141 255.255.255.255
next
edit "Genetec-DirBU"
set comment "Genetec Directory Backup"
set associated-interface "inside"
set color 2
set allow-routing enable
set subnet 10.1.70.22 255.255.255.255
next
edit "Genetec-Media"
set comment "Genetec Media Server"
set associated-interface "inside"
set color 2
set allow-routing enable
set subnet 10.1.70.143 255.255.255.255
next
edit "Genetec-MRouter"
set comment "Genetec Media Server"
set associated-interface "inside"
set color 2
set allow-routing enable
set subnet 10.1.70.145 255.255.255.255
next
edit "MS_Teams_External_A"
set comment "MS Teams for SBC"
set associated-interface "outside"
set subnet 13.107.64.0 255.255.192.0
next
edit "MS_Teams_External_B"
set comment "MS Teams for SBC"
set associated-interface "outside"
set subnet 52.112.0.0 255.252.0.0
next
edit "SBC-NOC"
set associated-interface "inside"
set allow-routing enable
set subnet 10.1.150.21 255.255.255.255
next
edit "SBC-DAN"
set comment "Moved to Brighton Academy 09FEB2024"
set associated-interface "inside"
set allow-routing enable
set subnet 10.1.150.22 255.255.255.255
next
edit "DataTools"
set comment "ODBC Connection to ST DB"
set associated-interface "inside"
set allow-routing enable
set subnet 10.1.48.67 255.255.255.255
next
edit "ST_Internal_2"
set associated-interface "inside"
set allow-routing enable
set subnet 10.1.40.191 255.255.255.255
next
edit "Tableau"
set comment "ODBC connections to ST DB"
set associated-interface "inside"
set subnet 10.1.48.61 255.255.255.255
next
edit "21JumpSt"
set comment "Jumpbox for SchoolTool"
set associated-interface "inside"
set subnet 10.1.48.128 255.255.255.255
next
edit "Fileserver03"
set comment "Cloud ST to write SMB Here"
set associated-interface "inside"
set subnet 10.1.48.97 255.255.255.255
next
edit "SchoolTool webjs"
set comment "SchoolTool"
set associated-interface "inside"
set color 18
set subnet 10.1.40.102 255.255.255.255
next
edit "Safeschools_02"
set comment "IP address for Safe Schools video training. Used to access LDAP authentication."
set subnet 18.219.244.165 255.255.255.255
next
edit "Server_40"
set associated-interface "inside"
set subnet 10.1.40.0 255.255.255.0
next
edit "Server_48"
set associated-interface "inside"
set subnet 10.1.48.0 255.255.255.0
next
edit "Test_10.10.1.20"
set subnet 10.10.1.20 255.255.255.255
next
edit "AW_inbound.us002-prod.arcticwolf.net"
set type iprange
set comment "Arctic Wolf"
set associated-interface "outside"
set start-ip 3.145.238.128
set end-ip 3.145.238.159
next
edit "AW_device-activation.us-global-prod.arcticwolf.net"
set type iprange
set comment "Arctic Wolf"
set associated-interface "outside"
set start-ip 35.84.197.208
set end-ip 35.84.197.228
next
edit "AW_drs.us-global-prod.arcticwolf.net"
set type iprange
set comment "Arctic Wolf"
set associated-interface "outside"
set start-ip 44.239.235.232
set end-ip 44.239.235.239
next
edit "AW_auth.arcticwolf.com"
set type fqdn
set comment "Arctic Wolf"
set associated-interface "outside"
set fqdn "auth.arcticwolf.com"
next
edit "AW_Scanner_MerryChristmas"
set associated-interface "inside"
set subnet 10.1.40.222 255.255.255.255
next
edit "DPS_local_subnet_1"
set allow-routing enable
next
edit "DPS_remote_subnet_1"
set allow-routing enable
next
edit "Schroeder _CT_NOC_CVM"
set comment "Nutanix CVM"
set associated-interface "inside"
set subnet 10.1.40.181 255.255.255.255
next
edit "Pigpen_CT_NOC_CVM"
set comment "Nutanix CVM"
set associated-interface "inside"
set subnet 10.101.180.26 255.255.255.255
next
edit "RedBaron_CT_NOC_CVM"
set comment "Nutanix CVM"
set associated-interface "inside"
set subnet 10.101.180.27 255.255.255.255
next
edit "Sally_CT_NOC_CVM"
set comment "Nutanix CVM"
set associated-interface "inside"
set subnet 10.101.180.29 255.255.255.255
next
edit "Patty_CT_NOC_CVM"
set comment "Nutanix CVM"
set associated-interface "inside"
set subnet 10.101.180.30 255.255.255.255
next
edit "Nutanix_Support1"
set type fqdn
set associated-interface "outside"
set fqdn "nsc01.nutanix.net"
next
edit "Nutanix_Support2"
set type fqdn
set associated-interface "outside"
set fqdn "nsc02.nutanix.net"
next
edit "z_BlockIP_138"
set associated-interface "outside"
set color 6
set subnet 172.86.91.155 255.255.255.255
next
edit "z_BlockIP_139"
set associated-interface "outside"
set color 6
set subnet 103.35.189.221 255.255.255.255
next
edit "z_BlockIP_140"
set associated-interface "outside"
set color 6
set subnet 94.131.101.15 255.255.255.255
next
edit "z_BlockIP_142"
set associated-interface "outside"
set color 6
set subnet 103.35.189.104 255.255.255.255
next
edit "z_BlockIP_143"
set associated-interface "outside"
set color 6
set subnet 172.86.112.56 255.255.255.255
next
edit "z_BlockIP_144"
set associated-interface "outside"
set color 6
set subnet 194.116.173.199 255.255.255.255
next
edit "z_BlockIP_145"
set associated-interface "outside"
set color 6
set subnet 172.86.84.61 255.255.255.255
next
edit "z_BlockIP_146"
set associated-interface "outside"
set color 6
set subnet 103.35.188.34 255.255.255.255
next
edit "z_BlockIP_147"
set associated-interface "outside"
set color 6
set subnet 74.119.194.18 255.255.255.255
next
edit "z_BlockIP_148"
set associated-interface "outside"
set color 6
set subnet 141.98.168.11 255.255.255.255
next
edit "z_BlockIP_149"
set associated-interface "outside"
set color 6
set subnet 103.35.188.74 255.255.255.255
next
edit "z_BlockIP_150"
set associated-interface "outside"
set color 6
set subnet 5.180.24.94 255.255.255.255
next
edit "z_BlockIP_151"
set associated-interface "outside"
set color 6
set subnet 141.98.168.14 255.255.255.255
next
edit "z_BlockIP_"
set associated-interface "outside"
set color 6
set subnet 45.150.65.206 255.255.255.255
next
edit "z_BlockRange_01"
set type iprange
set associated-interface "outside"
set color 6
set start-ip 103.35.188.0
set end-ip 103.35.189.255
next
edit "z_BlockRange_02"
set type iprange
set associated-interface "outside"
set color 6
set start-ip 172.86.84.0
set end-ip 172.86.84.255
next
edit "z_BlockRange_03"
set type iprange
set associated-interface "outside"
set color 6
set start-ip 194.116.173.0
set end-ip 194.116.173.255
next
edit "z_BlockSub_040"
set associated-interface "outside"
set color 6
set subnet 74.119.194.0 255.255.255.0
next
edit "z_BlockSub_041"
set associated-interface "outside"
set color 6
set subnet 141.98.168.0 255.255.255.0
next
edit "z_BlockSub_042"
set associated-interface "outside"
set color 6
set subnet 5.180.24.0 255.255.255.0
next
edit "ITC_Cafe_POS"
set comment "Point of Sale"
set associated-interface "inside"
set subnet 10.2.4.125 255.255.255.255
next
edit "Clary_POS"
set comment "Point of Sale"
set associated-interface "inside"
set subnet 10.8.1.47 255.255.255.255
next
edit "Porter_POS"
set comment "Point of Sale"
set associated-interface "inside"
set subnet 10.40.1.69 255.255.255.255
next
edit "AW_Scanner _HappyHalloween"
set comment "Scanner for Servers Only"
set associated-interface "inside"
set subnet 10.1.40.211 255.255.255.255
next
edit "AW_Scanner_HappyNewYear"
set associated-interface "inside"
set subnet 10.1.40.23 255.255.255.255
next
edit "AW_Scanner_DiaDeLosMuertos"
set associated-interface "inside"
set subnet 10.1.40.223 255.255.255.255
next
edit "AW_Scanner_LaborDay"
set associated-interface "inside"
set subnet 10.1.40.241 255.255.255.255
next
edit "RAP_10.67.0.0/16"
set associated-interface "RAP"
set allow-routing enable
set subnet 10.67.0.0 255.255.0.0
next
edit "RAP-MGMT"
set allow-routing enable
set subnet 192.168.67.0 255.255.255.0
next
edit "Sys-Net-Admins"
set allow-routing enable
set subnet 10.1.6.0 255.255.255.0
next
edit "Elastic"
set subnet 10.1.48.121 255.255.255.255
next
edit "DPS_10.46.0.0/16"
set allow-routing enable
set subnet 10.46.0.0 255.255.0.0
next
edit "DPS_Mgmt"
set subnet 192.168.46.0 255.255.255.0
next
edit "DPS_192.168.146.0/24"
set allow-routing enable
set subnet 192.168.146.0 255.255.255.0
next
edit "z_BlockIP_152"
set associated-interface "outside"
set color 6
set subnet 107.172.59.44 255.255.255.255
next
edit "IoT - Core"
set allow-routing enable
set subnet 10.1.30.0 255.255.254.0
next
edit "ipad_test"
set subnet 10.14.112.94 255.255.255.255
next
edit "RAPpublic"
set subnet 24.105.188.54 255.255.255.255
next
edit "RAP-FW-Inside"
set allow-routing enable
set subnet 192.168.167.0 255.255.255.0
next
edit "NOCTI"
set type fqdn
set associated-interface "outside"
set fqdn "nocti.org"
next
edit "Shea_Secure_Wireless"
set type iprange
set comment "Test nocti.org"
set associated-interface "inside"
set start-ip 10.14.112.11
set end-ip 10.14.127.254
next
edit "Shea_VLAN_6"
set type iprange
set comment "Test nocti.org"
set associated-interface "inside"
set start-ip 10.1.6.20
set end-ip 10.1.6.254
next
edit "Corcoran_VLAN_20"
set type iprange
set associated-interface "inside"
set start-ip 10.7.1.20
set end-ip 10.7.7.254
next
edit "Corcoran_Secure_Wireless"
set type iprange
set start-ip 10.7.112.11
set end-ip 10.7.127.254
next
edit "Oracle Cloud IP"
set comment "Oracle Cloud IP\'s"
set associated-interface "outside"
set subnet 147.154.0.0 255.255.192.0
next
end
config firewall multicast-address
edit "all_hosts"
set start-ip 224.0.0.1
set end-ip 224.0.0.1
next
edit "all_routers"
set start-ip 224.0.0.2
set end-ip 224.0.0.2
next
edit "Bonjour"
set start-ip 224.0.0.251
set end-ip 224.0.0.251
next
edit "EIGRP"
set start-ip 224.0.0.10
set end-ip 224.0.0.10
next
edit "OSPF"
set start-ip 224.0.0.5
set end-ip 224.0.0.6
next
edit "all"
set start-ip 224.0.0.0
set end-ip 239.255.255.255
next
end
config firewall address6
edit "all"
next
edit "none"
set ip6 ::/128
next
edit "SSLVPN_TUNNEL_IPv6_ADDR1"
set ip6 fdff:ffff::/120
next
end
config firewall multicast-address6
edit "all"
set ip6 ff00::/8
next
end
config firewall addrgrp
edit "IPv4-Private-All-RFC1918"
set member "Internal_10.0.0.0_8" "Internal_172.16.0.0_12" "Internal_192.168.0.0_16"
next
edit "SCHC_Local_Subnets_Group"
set member "SCHC_03_PSLA" "SCHC_09_Grant" "SCHC_15_HWSmith" "SCHC_20_DrKing" "SCHC_22_Delaware" "SCHC_24_Franklin" "SCHC_34_DrWeeks" "SCHC_53_Blodgett"
set color 8
next
edit "SCHC_Remote_Subnets_Group"
set member "SCHC_Remote_Subnet_02" "SCHC_Remote_Subnet_01" "SCHC_Remote_Subnet_03"
set comment "Syracuse Community Health Center Remote Subnets Group"
set color 8
next
edit "Country Block"
set member "China" "Russia" "Iran" "Belarus" "North Korea" "Nigeria" "Afghanistan" "Brazil" "Columbia" "India" "Indonesia" "Romania" "Thailand" "Turkey" "Vietnam"
set color 6
next
edit "City_Side_VoIP_Park_Place_Group"
set allow-routing enable
set member "City_Side_VoIP_1_Park_Place_A" "City_Side_VoIP_1_Park_Place_B"
set color 28
next
edit "SchoolTool_Cloud_Internal"
set member "21JumpSt" "DataTools" "Fileserver03" "Nighttime_Inside" "Tableau" "DC01_A" "DC01_B" "DC01_C" "HVDC02" "HVDC03_A" "HVDC03_B" "DocHolliday" "SchoolTool webjs" "Elastic"
set comment "Access for SchoolTool Cloud"
next
edit "Nimble_Inside_Grp"
set member "Nimble_Inside_4" "Nimble_Inside_2" "Nimble_Inside_1" "nimble_Inside_3"
next
edit "SRICBOCES-OUTSIDE"
set member "SRIC_BOCES_Server02" "SRIC_BOCES_Firewall" "SRIC_BOCES_Server01"
set comment "Eastern Suffolk BOCES"
next
edit "SPD_Firewalls_Our_Side"
set member "SPD_09_Grant" "SPD_48_Beard" "SPD_56_SSC" "SPD_21_Danforth" "SPD_25_Frazer" "SPD_53_Blodgett" "SPD_20_DrKing" "SPD_44_Seymour" "SPD_22_Delaware" "SPD_24_Franklin"
set comment "SPD firewalls on our internal network."
set color 2
next
edit "City_Permited_Subnets_Group"
set member "city_permited_subnet_4" "city_permited_subnet_1" "city_permited_subnet_5" "city_permited_subnet_3" "city_permited_subnet_7"
set comment "Subnets City is allowed to on our side"
set color 28
next
edit "City_Subnets_Group"
set member "City_Side_Subnet_1" "City_Side_CGR_01" "City_Side_CGR_02" "City_Side_VoIP_Water_DPW_Recorder"
set comment "City subnets on their side"
set color 28
next
edit "Day_Server_Group"
set member "Day_Enterprise_Server" "Day_VM_Server" "Day_Continuum_Server"
set color 10
next
edit "Security_VLAN_70_Group"
set member "Security_01_NOC" "Security_02_ITC" "Security_03_PSLA" "Security_04_Nottingham" "Security_06_Henninger" "Security_07_Corcoran" "Security_08_Clary" "Security_09_Grant" "Security_10_Levy" "Security_13_Lincoln" "Security_14_Shea" "Security_15_HWSmith" "Security_16_Bellevue" "Security_20_DrKing" "Security_21_Danforth" "Security_22_Delaware" "Security_23_Elmwood" "Security_24_Franklin" "Security_25_Frazer" "Security_27_Elmcrest" "Security_28_Latin" "Security_29_Huntington" "Security_30_SalemHyde" "Security_33_LeMoyne" "Security_34_DrWeeks" "Security_36_McKinley" "Security_37_Meachem" "Security_40_Porter" "Security_41_BOVA" "Security_42_Roberts" "Security_44_Seymour" "Security_45_EdSmith" "Security_46_Phoenix" "Security_47_McCarthy" "Security_48_Beard" "Security_49_VanDuyn" "Security_51_Webster" "Security_53_Blodgett" "Security_54_JVC" "Security_55_CentralOffice" "Security_56_SSC" "Security_57_Transportation" "Security_60_PDC" "Security_86_StLucy"
set color 25
next
edit "Peoplesoft_RDP_Group"
set member "psdevfin" "psdevhcm" "psprdess" "psprdfin" "psprdhcm" "psprdrpx" "psqasfin" "psqashcm" "pstools" "psnagus" "psupgfin" "psupghcm" "PeopleTools" "psdevdb1" "psprddb1" "psqasdb1" "psupgfin2" "psupghcm2" "pum_a" "pum_b"
set color 20
next
edit "Hyperion_Server_Group"
set member "hypprodess" "hypprodweb1" "hypprodweb2" "hypprodwin7" "hypdeveb" "hypdevw1" "hypdevw3" "hypprdeb" "hypprdw1" "hypprdw2" "hypqaeb" "hypqaw1" "hypqaw2" "hypdevw2"
set color 22
next
edit "Peoplesoft_SSH_Group"
set member "psdevdb1" "psprddb1" "psqasdb1"
set color 21
next
edit "Safeschools_Group"
set member "SafeSchools_01" "Safeschools_02"
next
edit "411_Group"
set member "411app" "411sql" "411App_WebPage"
next
edit "Domain_Controller_Group"
set member "DC01_A" "DC01_B" "DC01_C" "HVDC02" "HVDC03_A" "HVDC03_B"
set color 14
next
edit "City_CGRs_Group"
set member "CGR_16_Bellevue" "CGR_55_CentralOffice" "CGR_45_EdSmith" "CGR_23_Elmwood" "CGR_24_Franklin" "CGR_29_Huntington" "CGR_15_HWSmith" "CGR_48_Beard" "CGR_36_McKinley" "CGR_37_Meachem" "CGR_40_Porter" "CGR_30_SalemHyde" "CGR_44_Seymour" "CGR_49_VanDuyn" "CGR_51_Webster"
set comment "City CGRs on our side"
set color 28
next
edit "Block_List_Group"
set member "z_BlockIP_001" "z_BlockIP_002" "z_BlockIP_003" "z_BlockIP_004" "z_BlockIP_005" "z_BlockIP_006" "z_BlockIP_008" "z_BlockIP_009" "z_BlockIP_010" "z_BlockIP_011" "z_BlockIP_012" "z_BlockIP_013" "z_BlockIP_014" "z_BlockIP_015" "z_BlockIP_016" "z_BlockIP_017" "z_BlockIP_018" "z_BlockIP_019" "z_BlockIP_020" "z_BlockIP_021" "z_BlockIP_022" "z_BlockIP_024" "z_BlockIP_025" "z_BlockIP_026" "z_BlockIP_027" "z_BlockIP_028" "z_BlockIP_030" "z_BlockIP_031" "z_BlockIP_032" "z_BlockIP_033" "z_BlockIP_034" "z_BlockIP_035" "z_BlockIP_036" "z_BlockIP_037" "z_BlockIP_038" "z_BlockIP_039" "z_BlockIP_040" "z_BlockIP_041" "z_BlockIP_042" "z_BlockIP_043" "z_BlockIP_044" "z_BlockIP_045" "z_BlockIP_046" "z_BlockIP_047" "z_BlockIP_048" "z_BlockIP_052" "z_BlockIP_053" "z_BlockIP_054" "z_BlockIP_055" "z_BlockIP_056" "z_BlockIP_057" "z_BlockIP_058" "z_BlockIP_059" "z_BlockIP_060" "z_BlockIP_061" "z_BlockIP_062" "z_BlockIP_063" "z_BlockIP_064" "z_BlockIP_065" "z_BlockIP_066" "z_BlockIP_067" "z_BlockIP_068" "z_BlockIP_069" "z_BlockIP_070" "z_BlockIP_071" "z_BlockIP_072" "z_BlockIP_073" "z_BlockIP_074" "z_BlockIP_075" "z_BlockIP_076" "z_BlockIP_077" "z_BlockIP_078" "z_BlockIP_079" "z_BlockIP_080" "z_BlockIP_081" "z_BlockIP_082" "z_BlockIP_083" "z_BlockIP_084" "z_BlockIP_085" "z_BlockIP_086" "z_BlockIP_087" "z_BlockIP_088" "z_BlockIP_089" "z_BlockIP_090" "z_BlockIP_091" "z_BlockIP_092" "z_BlockIP_093" "z_BlockIP_094" "z_BlockIP_095" "z_BlockIP_096" "z_BlockIP_097" "z_BlockIP_098" "z_BlockIP_099" "z_BlockIP_100" "z_BlockIP_101" "z_BlockIP_007" "z_BlockIP_049" "z_BlockIP_050" "z_BlockIP_051" "z_BlockIP_103" "z_BlockIP_104" "z_BlockIP_105" "z_BlockIP_106" "z_BlockIP_107" "z_BlockIP_108" "z_BlockIP_109" "z_BlockIP_111" "z_BlockIP_112" "z_BlockIP_113" "z_BlockIP_114" "z_BlockIP_115" "z_BlockIP_116" "z_BlockIP_117" "z_BlockIP_118" "z_BlockIP_119" "z_BlockIP_120" "z_BlockIP_122" "z_BlockIP_125" "z_BlockIP_126" "z_BlockIP_127" "z_BlockIP_128" "z_BlockIP_129" "z_BlockIP_130" "z_BlockIP_131" "z_BlockIP_132" "z_BlockIP_133" "z_BlockSub_001" "z_BlockSub_002" "z_BlockSub_003" "z_BlockSub_004" "z_BlockSub_005" "z_BlockSub_006" "z_BlockSub_007" "z_BlockSub_008" "z_BlockSub_009" "z_BlockSub_010" "z_BlockSub_011" "z_BlockSub_012" "z_BlockSub_013" "z_BlockSub_014" "z_BlockSub_015" "z_BlockSub_016" "z_BlockSub_017" "z_BlockSub_019" "z_BlockSub_020" "z_BlockSub_021" "z_BlockSub_022" "z_BlockSub_024" "z_BlockSub_025" "z_BlockSub_026" "z_BlockSub_027" "z_BlockSub_028" "z_BlockSub_030" "z_BlockSub_031" "z_BlockSub_032" "z_BlockSub_033" "z_BlockSub_034" "z_BlockSub_035" "z_BlockSub_037" "z_BlockSub_038" "z_BlockSub_039" "z_Ryuk_01" "z_Ryuk_02" "z_BlockIP_023" "z_BlockIP_029" "z_BlockIP_134" "z_BlockIP_135" "z_BlockIP_000" "z_BlockIP_138" "z_BlockIP_139" "z_BlockIP_140" "z_BlockIP_141" "z_BlockIP_142" "z_BlockIP_143" "z_BlockIP_144" "z_BlockIP_145" "z_BlockIP_146" "z_BlockIP_147" "z_BlockIP_148" "z_BlockIP_149" "z_BlockIP_150" "z_BlockRange_01" "z_BlockRange_02" "z_BlockRange_03" "z_BlockSub_040" "z_BlockSub_041" "z_BlockSub_042" "z_BlockIP_152"
set comment "IPs and Subnets to be blocked as Malicious"
set color 6
next
edit "City_Side_CGR_Group"
set allow-routing enable
set member "City_Side_CGR_01" "City_Side_CGR_02"
set comment "City Lights CGR Subnets on their side."
set color 28
next
edit "Access_Control_VLAN_72_Group"
set member "Access_Control_40_Porter" "Access_Control_01_NOC" "Access_Control_02_ITC" "Access_Control_03_PSLA" "Access_Control_04_Nottingham" "Access_Control_06_Henninger" "Access_Control_07_Corcoran" "Access_Control_08_Clary" "Access_Control_09_Grant" "Access_Control_10_Levy"
set color 25
next
edit "SMTP_Office365_Group"
set member "SMTP_Office365_a" "SMTP_Office365_b" "SMTP_Office365_c" "SMTP_Office365_d"
set comment "Microsoft to Barracuda Archivers"
next
edit "City_Side_VoIP_Group"
set allow-routing enable
set member "City_Side_VoIP_30" "City_Side_VoIP_56" "City_Side_VoIP_61" "City_Side_VoIP_62" "City_Side_VoIP_63" "City_Side_VoIP_64" "City_Side_VoIP_65" "City_Side_VoIP_66" "City_Side_VoIP_67" "City_Side_VoIP_68" "City_Side_VoIP_72" "City_Side_VoIP_74" "City_Side_VoIP_75" "City_Side_VoIP_76" "City_Side_VoIP_77" "City_Side_VoIP_88" "City_Side_VoIP_132" "City_Side_VoIP_1_Park_Place_A" "City_Side_VoIP_1_Park_Place_B" "City_Side_VoIP_Router_A" "City_Side_VoIP_Router_B"
set comment "City VoIP Group - except Parks and Water Recorder"
set color 28
next
edit "SPD_Side_Firewall_Group"
set allow-routing enable
set member "SPD_Side_A" "SPD_Side_B"
set comment "IP Range of SPD Side Firewalls"
set color 2
next
edit "Country Allow"
set member "Microsoft 1"
next
edit "Peoplesoft_Audit_Group"
set member "psdevfin" "psdevhcm" "psprdfin" "psprdhcm" "psqasfin" "psqashcm"
set comment "Group allowed for PS Auditors"
set color 20
next
edit "Genetec_Inside_Group"
set allow-routing enable
set member "NVR-NOC" "NVR-FAILOVER" "NVR-RING1-CLAR" "NVR-RING1-CLAR2" "NVR-RING1-CORC" "NVR-RING1-CORC2" "NVR-RING2-DANF" "NVR-RING2-DANF2" "NVR-RING3-PSLA" "NVR-RING3-PSLA2" "NVR-RING4-BLOD" "NVR-RING4-FRAZ" "NVR-RING5-CENT" "NVR-RING6-EDSM" "NVR-RING6-HWSM" "NVR-RING6-HWSM2" "NVR-RING6-NOTT" "NVR-RING7-BELL" "NVR-RING7-GRAN" "NVR-RING7-GRAN2" "NVR-RING8-HENN" "NVR-RING8-HENN2" "NVR-RING8-HUNT" "Genetec-Dir" "Genetec-DirBU" "Genetec-Media" "Genetec-MRouter"
set comment "District NVRs and Genetec Servers for SPD Federation"
set color 2
next
edit "MS_Teams_External_Group"
set member "MS_Teams_External_A" "MS_Teams_External_B"
next
edit "SchoolTool_AWS_Internal"
set allow-routing enable
set member "DataTools" "ST_Internal_2"
next
edit "SchoolTool_AWS_External"
set allow-routing enable
set member "ST_External_4" "ST_External_5" "ST_External_6" "ST_External_1" "ST_External_2" "ST_External_3"
next
edit "HighStreet_Local"
set member "DataTools" "Nighttime_Inside"
set comment "Internal IPs for Highstreet Tunnel"
next
edit "DPS_local"
set allow-routing enable
set member "DPS_local_subnet_1"
set comment "VPN: DPS (Created by VPN wizard)"
next
edit "DPS_remote"
set allow-routing enable
set member "DPS_remote_subnet_1"
set comment "VPN: DPS (Created by VPN wizard)"
next
edit "Nutanix_CVM"
set member "Patty_CT_NOC_CVM" "Pigpen_CT_NOC_CVM" "RedBaron_CT_NOC_CVM" "Sally_CT_NOC_CVM" "Schroeder _CT_NOC_CVM"
set comment "Nutanix CVM"
next
edit "Nutanix_Remote_Support"
set member "Nutanix_Support1" "Nutanix_Support2"
set comment "Nutanix Remote Support Web addresses"
next
edit "POS_Machines"
set member "Clary_POS" "ITC_Cafe_POS" "Porter_POS"
set comment "Point of Sale Machines"
next
edit "NOCTI_Inside"
set member "Shea_Secure_Wireless" "Shea_VLAN_6" "Corcoran_VLAN_20" "Corcoran_Secure_Wireless"
next
end
config firewall wildcard-fqdn custom
edit "g-Adobe Login"
set wildcard-fqdn "*.adobelogin.com"
next
edit "g-Gotomeeting"
set wildcard-fqdn "*.gotomeeting.com"
next
edit "g-Windows update 2"
set wildcard-fqdn "*.windowsupdate.com"
next
edit "g-adobe"
set wildcard-fqdn "*.adobe.com"
next
edit "g-android"
set wildcard-fqdn "*.android.com"
next
edit "g-apple"
set wildcard-fqdn "*.apple.com"
next
edit "g-appstore"
set wildcard-fqdn "*.appstore.com"
next
edit "g-auth.gfx.ms"
set wildcard-fqdn "*.auth.gfx.ms"
next
edit "g-autoupdate.opera.com"
set wildcard-fqdn "*autoupdate.opera.com"
next
edit "g-cdn-apple"
set wildcard-fqdn "*.cdn-apple.com"
next
edit "g-citrix"
set wildcard-fqdn "*.citrixonline.com"
next
edit "g-dropbox.com"
set wildcard-fqdn "*.dropbox.com"
next
edit "g-eease"
set wildcard-fqdn "*.eease.com"
next
edit "g-firefox update server"
set wildcard-fqdn "aus*.mozilla.org"
next
edit "g-fortinet"
set wildcard-fqdn "*.fortinet.com"
next
edit "g-google-drive"
set wildcard-fqdn "*drive.google.com"
next
edit "g-google-play"
set wildcard-fqdn "*play.google.com"
next
edit "g-google-play2"
set wildcard-fqdn "*.ggpht.com"
next
edit "g-google-play3"
set wildcard-fqdn "*.books.google.com"
next
edit "g-googleapis.com"
set wildcard-fqdn "*.googleapis.com"
next
edit "g-icloud"
set wildcard-fqdn "*.icloud.com"
next
edit "g-itunes"
set wildcard-fqdn "*itunes.apple.com"
next
edit "g-live.com"
set wildcard-fqdn "*.live.com"
next
edit "g-microsoft"
set wildcard-fqdn "*.microsoft.com"
next
edit "g-mzstatic-apple"
set wildcard-fqdn "*.mzstatic.com"
next
edit "g-skype"
set wildcard-fqdn "*.messenger.live.com"
next
edit "g-softwareupdate.vmware.com"
set wildcard-fqdn "*.softwareupdate.vmware.com"
next
edit "g-swscan.apple.com"
set wildcard-fqdn "*swscan.apple.com"
next
edit "g-update.microsoft.com"
set wildcard-fqdn "*update.microsoft.com"
next
edit "g-verisign"
set wildcard-fqdn "*.verisign.com"
next
edit "YouTube"
set wildcard-fqdn "*youtube.com*"
next
end
config firewall service category
edit "General"
set comment "General services."
next
edit "Web Access"
set comment "Web access."
next
edit "File Access"
set comment "File access."
next
edit "Email"
set comment "Email services."
next
edit "Network Services"
set comment "Network services."
next
edit "Authentication"
set comment "Authentication service."
next
edit "Remote Access"
set comment "Remote access."
next
edit "Tunneling"
set comment "Tunneling service."
next
edit "VoIP, Messaging & Other Applications"
set comment "VoIP, messaging, and other applications."
next
edit "Web Proxy"
set comment "Explicit web proxy."
next
end
config firewall service custom
edit "ALL"
set category "General"
set protocol IP
next
edit "FTP"
set category "File Access"
set protocol IP
set protocol-number 22
next
edit "FTP_GET"
set category "File Access"
set tcp-portrange 21
next
edit "FTP_PUT"
set category "File Access"
set tcp-portrange 21
next
edit "DNS"
set category "Network Services"
set tcp-portrange 53
set udp-portrange 53
next
edit "HTTP"
set category "Web Access"
set tcp-portrange 80
next
edit "HTTPS"
set category "Web Access"
set tcp-portrange 443
next
edit "IMAP"
set category "Email"
set tcp-portrange 143
next
edit "IMAPS"
set category "Email"
set tcp-portrange 993
next
edit "LDAP"
set category "Authentication"
set tcp-portrange 389
next
edit "DCE-RPC"
set category "Remote Access"
set tcp-portrange 135
set udp-portrange 135
next
edit "POP3"
set category "Email"
set tcp-portrange 110
next
edit "POP3S"
set category "Email"
set tcp-portrange 995
next
edit "SAMBA"
set category "File Access"
set tcp-portrange 139
next
edit "SMTP"
set category "Email"
set tcp-portrange 25
next
edit "SMTPS"
set category "Email"
set tcp-portrange 465
next
edit "KERBEROS"
set category "Authentication"
set tcp-portrange 88 464
set udp-portrange 88 464
next
edit "LDAP_UDP"
set category "Authentication"
set udp-portrange 389
next
edit "SMB"
set category "File Access"
set tcp-portrange 445
next
edit "ALL_TCP"
set category "General"
set tcp-portrange 1-65535
next
edit "ALL_UDP"
set category "General"
set udp-portrange 1-65535
next
edit "ALL_ICMP"
set category "General"
set protocol ICMP
unset icmptype
next
edit "ALL_ICMP6"
set category "General"
set protocol ICMP6
unset icmptype
next
edit "GRE"
set category "Tunneling"
set protocol IP
set protocol-number 47
next
edit "AH"
set category "Tunneling"
set protocol IP
set protocol-number 51
next
edit "ESP"
set category "Tunneling"
set protocol IP
set protocol-number 50
next
edit "AOL"
set tcp-portrange 5190-5194
next
edit "BGP"
set category "Network Services"
set tcp-portrange 179
next
edit "DHCP"
set category "Network Services"
set udp-portrange 67-68
next
edit "FINGER"
set tcp-portrange 79
next
edit "GOPHER"
set tcp-portrange 70
next
edit "H323"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1720 1503
set udp-portrange 1719
next
edit "IKE"
set category "Tunneling"
set udp-portrange 500 4500
next
edit "Internet-Locator-Service"
set tcp-portrange 389
next
edit "IRC"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 6660-6669
next
edit "L2TP"
set category "Tunneling"
set tcp-portrange 1701
set udp-portrange 1701
next
edit "NetMeeting"
set tcp-portrange 1720
next
edit "NFS"
set category "File Access"
set tcp-portrange 111 2049
set udp-portrange 111 2049
next
edit "NNTP"
set tcp-portrange 119
next
edit "NTP"
set category "Network Services"
set tcp-portrange 123
set udp-portrange 123
next
edit "OSPF"
set category "Network Services"
set protocol IP
set protocol-number 89
next
edit "PC-Anywhere"
set category "Remote Access"
set tcp-portrange 5631
set udp-portrange 5632
next
edit "PING"
set category "Network Services"
set protocol ICMP
set icmptype 8
unset icmpcode
next
edit "TIMESTAMP"
set protocol ICMP
set icmptype 13
unset icmpcode
next
edit "INFO_REQUEST"
set protocol ICMP
set icmptype 15
unset icmpcode
next
edit "INFO_ADDRESS"
set protocol ICMP
set icmptype 17
unset icmpcode
next
edit "ONC-RPC"
set category "Remote Access"
set tcp-portrange 111
set udp-portrange 111
next
edit "PPTP"
set category "Tunneling"
set tcp-portrange 1723
next
edit "QUAKE"
set udp-portrange 26000 27000 27910 27960
next
edit "RAUDIO"
set udp-portrange 7070
next
edit "REXEC"
set tcp-portrange 512
next
edit "RIP"
set category "Network Services"
set udp-portrange 520
next
edit "RLOGIN"
set tcp-portrange 513:512-1023
next
edit "RSH"
set tcp-portrange 514:512-1023
next
edit "SCCP"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 2000
next
edit "SIP"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 5060
set udp-portrange 5060
next
edit "SIP-MSNmessenger"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1863
next
edit "SNMP"
set category "Network Services"
set tcp-portrange 161-162
set udp-portrange 161-162
next
edit "SSH"
set category "Remote Access"
set tcp-portrange 22
next
edit "SYSLOG"
set category "Network Services"
set udp-portrange 514
next
edit "TALK"
set udp-portrange 517-518
next
edit "TELNET"
set category "Remote Access"
set tcp-portrange 23
next
edit "TFTP"
set category "File Access"
set udp-portrange 69
next
edit "MGCP"
set udp-portrange 2427 2727
next
edit "UUCP"
set tcp-portrange 540
next
edit "VDOLIVE"
set tcp-portrange 7000-7010
next
edit "WAIS"
set tcp-portrange 210
next
edit "WINFRAME"
set tcp-portrange 1494 2598
next
edit "X-WINDOWS"
set category "Remote Access"
set tcp-portrange 6000-6063
next
edit "PING6"
set protocol ICMP6
set icmptype 128
unset icmpcode
next
edit "MS-SQL"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1433 1434
next
edit "MYSQL"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 3306
next
edit "RDP"
set category "Remote Access"
set tcp-portrange 3389
next
edit "VNC"
set category "Remote Access"
set tcp-portrange 5900
next
edit "DHCP6"
set category "Network Services"
set udp-portrange 546 547
next
edit "SQUID"
set category "Tunneling"
set tcp-portrange 3128
next
edit "SOCKS"
set category "Tunneling"
set tcp-portrange 1080
set udp-portrange 1080
next
edit "WINS"
set category "Remote Access"
set tcp-portrange 1512
set udp-portrange 1512
next
edit "RADIUS"
set category "Authentication"
set udp-portrange 1812 1813
next
edit "RADIUS-OLD"
set udp-portrange 1645 1646
next
edit "CVSPSERVER"
set tcp-portrange 2401
set udp-portrange 2401
next
edit "AFS3"
set category "File Access"
set tcp-portrange 7000-7009
set udp-portrange 7000-7009
next
edit "TRACEROUTE"
set category "Network Services"
set udp-portrange 33434-33535
next
edit "RTSP"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 554 7070 8554
set udp-portrange 554
next
edit "MMS"
set tcp-portrange 1755
set udp-portrange 1024-5000
next
edit "NONE"
set tcp-portrange 0
next
edit "webproxy"
set proxy enable
set category "Web Proxy"
set protocol ALL
set tcp-portrange 0-65535:0-65535
next
edit "TCP-109"
set tcp-portrange 109
next
edit "TCP-1433"
set tcp-portrange 1433
next
edit "TCP-15000-19999"
set tcp-portrange 15000-19999
next
edit "TCP-1521"
set tcp-portrange 1521
next
edit "TCP-1859"
set tcp-portrange 1859
next
edit "TCP-1935"
set tcp-portrange 1935
next
edit "TCP-20"
set tcp-portrange 20
next
edit "TCP-2195"
set tcp-portrange 2195
next
edit "TCP-2196"
set tcp-portrange 2196
next
edit "TCP-2525"
set tcp-portrange 2525
next
edit "TCP-3268"
set tcp-portrange 3268
next
edit "TCP-3269"
set tcp-portrange 3269
next
edit "TCP-3520"
set tcp-portrange 3520
next
edit "TCP-389"
set tcp-portrange 389
next
edit "TCP-49152-65535"
set tcp-portrange 49152-65535
next
edit "TCP-5001"
set tcp-portrange 5001
next
edit "TCP-5060"
set tcp-portrange 5060
next
edit "TCP-5061"
set tcp-portrange 5061
next
edit "TCP-5120"
set tcp-portrange 5120
next
edit "TCP-5122-5127"
set tcp-portrange 5122-5127
next
edit "TCP-587"
set tcp-portrange 587
next
edit "TCP-5901"
set tcp-portrange 5901
next
edit "TCP-5937"
set tcp-portrange 5937
next
edit "TCP-623"
set tcp-portrange 623
next
edit "TCP-636"
set tcp-portrange 636
next
edit "TCP-6502-6510"
set tcp-portrange 6502-6510
next
edit "TCP-7578"
set tcp-portrange 7578
next
edit "TCP-7582"
set tcp-portrange 7582
next
edit "TCP-8000"
set tcp-portrange 8000
next
edit "TCP-8080"
set tcp-portrange 8080
next
edit "TCP-8082"
set tcp-portrange 8082
next
edit "TCP-809"
set tcp-portrange 809
next
edit "UDP-110"
set udp-portrange 110
next
edit "UDP-143"
set udp-portrange 143
next
edit "UDP-1433"
set udp-portrange 1433
next
edit "UDP-25"
set udp-portrange 25
next
edit "UDP-2525"
set udp-portrange 2525
next
edit "UDP-3389"
set udp-portrange 3389
next
edit "UDP-3478"
set udp-portrange 3478
next
edit "UDP-443"
set udp-portrange 443
next
edit "UDP-465"
set udp-portrange 465
next
edit "UDP-50000-52399"
set udp-portrange 50000-52399
next
edit "UDP-5001"
set udp-portrange 5001
next
edit "UDP-587"
set udp-portrange 587
next
edit "UDP-60000-61799"
set udp-portrange 60000-61799
next
edit "UDP-623"
set udp-portrange 623
next
edit "UDP-80"
set udp-portrange 80
next
edit "UDP-993"
set udp-portrange 993
next
edit "UDP-995"
set udp-portrange 995
next
edit "UDP-SRC-1025-65535-DST-3544"
set udp-portrange 3544:1025-65535
next
edit "UDP-SRC-3544-DST-1025-65535"
set udp-portrange 1025-65535:3544
next
edit "IP-27"
set protocol IP
set protocol-number 27
next
edit "IP-4"
set protocol IP
set protocol-number 4
next
edit "IP-41"
set protocol IP
set protocol-number 41
next
edit "Webosphere_Data"
set category "File Access"
set tcp-portrange 41000-41500
next
edit "TCP-9000-9100"
set tcp-portrange 9000-9100
next
edit "TCP_UDP-18443"
set comment "VDI desktop"
set tcp-portrange 18443
set udp-portrange 18443
next
edit "TCP-19000"
set tcp-portrange 19000
next
edit "TCP_UDP-8100"
set tcp-portrange 8100
set udp-portrange 8100
next
edit "TCP 5500"
set category "General"
set comment "SPD Genetec Federation"
set tcp-portrange 5500
next
edit "TCP 4502"
set category "General"
set comment "SPD Genetec Federation"
set color 2
set tcp-portrange 4502
next
edit "Genetec Federation"
set category "Network Services"
set comment "SPD Genetec Federation"
set color 2
set tcp-portrange 5500 4502 554 560 960 5004
next
edit "SBC-UDP-Range"
set category "Network Services"
set comment "For SBC"
set udp-portrange 3478-3481
next
edit "Zoom UDP Ports"
set category "VoIP, Messaging & Other Applications"
set comment "Firewall rules for Zoom Phone"
set color 2
set fqdn "static.zdassets.com"
set udp-portrange 20000-64000:390 20000-64000:5091 49152-65535:8801-8810 49152-65535:3478 49152-65535:3479
next
edit "TCP-8443"
set tcp-portrange 8443
next
edit "TCP-8013"
set tcp-portrange 8013
next
end
config firewall service group
edit "Email Access"
set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
next
edit "Web Access"
set member "DNS" "HTTP" "HTTPS"
next
edit "Windows AD"
set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
next
edit "Exchange Server"
set member "DCE-RPC" "DNS" "HTTPS"
next
edit "ContentKeeper-IPMI-Ports_tcp_3520_2"
set member "TCP-3520"
next
edit "ContentKeeper-IPMI-Ports_tcp_5120_3"
set member "TCP-5120"
next
edit "ContentKeeper-IPMI-Ports_tcp_5122_5127_4"
set member "TCP-5122-5127"
next
edit "ContentKeeper-IPMI-Ports_tcp_5900_5"
set member "VNC"
next
edit "ContentKeeper-IPMI-Ports_tcp_5901_6"
set member "TCP-5901"
next
edit "ContentKeeper-IPMI-Ports_tcp_623_7"
set member "TCP-623"
next
edit "ContentKeeper-IPMI-Ports_tcp_7578_8"
set member "TCP-7578"
next
edit "ContentKeeper-IPMI-Ports_tcp_7582_9"
set member "TCP-7582"
next
edit "ContentKeeper-IPMI-Ports_tcp_www_10"
set member "HTTP"
next
edit "ContentKeeper-Mobility_tcp_8080_2"
set member "TCP-8080"
next
edit "ContentKeeper-Mobility_tcp_993_3"
set member "IMAPS"
next
edit "ContentKeeper_UDP_4500"
set member "IKE"
next
edit "ContentKeeper_UDP_500"
set member "IKE"
next
edit "Day-Server_tcp_6502_6510_2"
set member "TCP-6502-6510"
next
edit "Oracle-SQL_tcp_sqlnet_2"
set member "TCP-1521"
next
edit "POP-2"
set member "TCP-109"
next
edit "POP-3"
set member "POP3"
next
edit "ContentKeeper-IPMI-Ports_tcp_https_11"
set member "HTTPS"
next
edit "ContentKeeper-MGMT-Ports_tcp_https_2"
set member "HTTPS"
next
edit "ContentKeeper-MGMT-Ports_tcp_ssh_3"
set member "SSH"
next
edit "ContentKeeper-Mobility_tcp_https_4"
set member "HTTPS"
next
edit "Airwatch_Services_Group"
set member "HTTP" "HTTPS" "Internet-Locator-Service" "SMTP" "SMTPS" "TCP-1433" "TCP-2195" "TCP-2196" "TCP-3268" "TCP-3269" "TCP-636"
set comment "Air watch service group"
next
edit "ContentKeeper-IPMI-Ports"
set member "ContentKeeper-IPMI-Ports_tcp_3520_2" "ContentKeeper-IPMI-Ports_tcp_5120_3" "ContentKeeper-IPMI-Ports_tcp_5122_5127_4" "ContentKeeper-IPMI-Ports_tcp_5900_5" "ContentKeeper-IPMI-Ports_tcp_5901_6" "ContentKeeper-IPMI-Ports_tcp_623_7" "ContentKeeper-IPMI-Ports_tcp_7578_8" "ContentKeeper-IPMI-Ports_tcp_7582_9" "ContentKeeper-IPMI-Ports_tcp_www_10" "ContentKeeper-IPMI-Ports_tcp_https_11"
set comment "Content Keeper IPMI Ports"
next
edit "Email_Services_Group"
set member "HTTP" "HTTPS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS" "TCP-2525" "TCP-587" "UDP-110" "UDP-143" "UDP-25" "UDP-2525" "UDP-465" "UDP-587" "UDP-993" "UDP-995"
next
edit "CK_Mobile_Services_Group"
set member "HTTPS" "IMAPS" "TCP-8080" "IKE"
set color 19
next
edit "CK_Support_Services_Group"
set member "HTTP" "HTTPS" "SSH" "TCP-3520" "TCP-5120" "TCP-5122-5127" "TCP-5901" "TCP-623" "TCP-7578" "TCP-7582" "VNC"
set color 19
next
end
config firewall internet-service-group
edit "Microsoft_ISDB_Both"
set member "Microsoft-Azure" "Microsoft-Azure.AD" "Microsoft-Azure.Data.Factory" "Microsoft-Azure.Monitor" "Microsoft-Azure.Power.BI" "Microsoft-Azure.SQL" "Microsoft-Azure.Virtual.Desktop" "Microsoft-Dynamics" "Microsoft-Office365.Published" "Microsoft-Office365.Published.Allow" "Microsoft-Office365.Published.Optimize" "Microsoft-Office365.Published.USGOV" "Microsoft-Outlook" "Microsoft-Skype_Teams" "Microsoft-Teams.Published.Worldwide.Allow" "Microsoft-Teams.Published.Worldwide.Optimize" "Microsoft-WNS"
next
edit "Microsoft_ISDB_Destination"
set direction destination
set member "Microsoft-DNS" "Microsoft-FTP" "Microsoft-ICMP" "Microsoft-Inbound_Email" "Microsoft-Intune" "Microsoft-Microsoft.Update" "Microsoft-NetBIOS.Name.Service" "Microsoft-NetBIOS.Session.Service" "Microsoft-NTP" "Microsoft-Office365" "Microsoft-Other" "Microsoft-Outbound_Email" "Microsoft-RTMP" "Microsoft-SSH" "Microsoft-Web"
next
end
config firewall shaper traffic-shaper
edit "high-priority"
set maximum-bandwidth 1048576
set per-policy enable
next
edit "medium-priority"
set maximum-bandwidth 1048576
set priority medium
set per-policy enable
next
edit "low-priority"
set maximum-bandwidth 1048576
set priority low
set per-policy enable
next
edit "guarantee-100kbps"
set guaranteed-bandwidth 100
set maximum-bandwidth 1048576
set per-policy enable
next
edit "shared-1M-pipe"
set maximum-bandwidth 1024
next
end
config firewall proxy-address
edit "IPv4-address"
set type host-regex
set host-regex "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}$"
next
edit "IPv6-address"
set type host-regex
set host-regex "^\\[(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\\]$"
next
end
config firewall schedule recurring
edit "always"
set day sunday monday tuesday wednesday thursday friday saturday
next
edit "none"
next
edit "default-darrp-optimize"
set start 01:00
set end 01:30
set day sunday monday tuesday wednesday thursday friday saturday
next
end
config firewall ippool
edit "ippool-198.36.23.251"
set startip 198.36.23.251
set endip 198.36.23.251
next
edit "ippool-198.36.23.252"
set startip 198.36.23.252
set endip 198.36.23.252
next
edit "ippool-198.36.23.253"
set startip 198.36.23.253
set endip 198.36.23.253
next
edit "ippool-198.36.23.254"
set startip 198.36.23.254
set endip 198.36.23.254
next
edit "NTSS_Outside"
set startip 198.36.24.68
set endip 198.36.24.68
next
edit "Nighttime_Outside"
set startip 198.36.24.191
set endip 198.36.24.191
next
edit "MailOut_Outside"
set startip 198.36.22.227
set endip 198.36.22.227
next
edit "SBC-NOC-Outside"
set startip 198.36.26.37
set endip 198.36.26.37
next
edit "SBC-DAN-Outside"
set startip 198.36.26.38
set endip 198.36.26.38
next
end
config firewall vip
edit "vip-ntss"
set comment "SRIC BOCES Tunnel
170.161.52.27 (SRIC Server) - This is the source address needed for the tunnel
170.161.52.25 (SRIC Firewall)
description Eastern Suffolk BOCES access to NTSS.scsd.ad"
set src-filter "170.161.52.27-170.161.52.27"
set extip 198.36.24.68
set mappedip "10.1.48.68"
set extintf "SRIC_BOCES"
set nat-source-vip enable
set srcintf-filter "outside lag"
next
edit "vip-scsdess"
set comment "ESS"
set extip 198.36.24.100
set mappedip "10.1.140.14"
set extintf "outside lag"
set nat-source-vip enable
set srcintf-filter "outside lag"
next
edit "vip-applecaching"
set comment "Apple caching server for managing Apple device updates"
set extip 198.36.24.57
set mappedip "10.1.40.107"
set extintf "outside lag"
set nat-source-vip enable
set srcintf-filter "outside lag"
next
edit "vip-DC01"
set comment "Domain Controller for LDAP"
set extip 198.36.25.45
set mappedip "10.1.40.95"
set extintf "outside lag"
set nat-source-vip enable
set srcintf-filter "outside lag"
set color 14
next
edit "vip-tableau"
set comment "Tableau"
set extip 198.36.24.61
set mappedip "10.1.140.12"
set extintf "outside lag"
set nat-source-vip enable
set srcintf-filter "outside lag"
next
edit "vip-ns1"
set comment "DNS External"
set extip 198.36.22.245
set mappedip "10.1.48.45"
set extintf "outside lag"
set nat-source-vip enable
set srcintf-filter "outside lag"
next
edit "vip-ns2"
set comment "DNS External"
set extip 198.36.22.19
set mappedip "10.1.40.41"
set extintf "outside lag"
set nat-source-vip enable
set srcintf-filter "outside lag"
next
edit "vip-webhelpdesk"
set comment "Web Help Desk"
set extip 198.36.25.20
set mappedip "10.1.140.6"
set extintf "outside lag"
set nat-source-vip enable
next
edit "vip-Airwatchapp"
set comment "Airwatch (Workspace One) MDM"
set extip 198.36.24.56
set mappedip "10.1.140.9"
set extintf "outside lag"
set nat-source-vip enable
set srcintf-filter "outside lag"
next
edit "vip-Webosphere"
set comment "SCSD Website"
set extip 198.36.24.16
set mappedip "10.1.140.11"
set extintf "outside lag"
set nat-source-vip enable
set srcintf-filter "outside lag"
next
edit "vip-Neutrons"
set comment "Address Lookup"
set extip 198.36.24.210
set mappedip "10.1.40.210"
set extintf "outside lag"
set nat-source-vip enable
next
edit "vip-Barracuda-Archive-2"
set comment "Barracuda Email"
set extip 198.36.22.229
set mappedip "10.1.40.17"
set extintf "outside lag"
set nat-source-vip enable
set srcintf-filter "outside lag"
next
edit "vip-Barracuda-Archive-1"
set comment "Barracuda Email"
set extip 198.36.22.228
set mappedip "10.1.40.16"
set extintf "outside lag"
set nat-source-vip enable
set srcintf-filter "outside lag"
next
edit "vip-hybrid-email"
set comment "Email"
set extip 198.36.22.143
set mappedip "10.1.48.49"
set extintf "outside lag"
next
edit "vip-sbc-noc"
set comment "Ribbon ITC NOC"
set extip 198.36.26.37
set mappedip "10.1.150.21"
set extintf "outside lag"
next
edit "vip-sbc-dan"
set comment "Ribbon Shea-NOC"
set extip 198.36.26.38
set mappedip "10.1.150.22"
set extintf "outside lag"
next
edit "vip-PrintOC"
set comment "Oracle Printer"
set extip 198.36.26.119
set mappedip "10.1.40.219"
set extintf "outside lag"
next
edit "vip-EMS"
set comment "FortiClient EMS"
set extip 198.36.24.202
set mappedip "10.1.40.22"
set extintf "outside lag"
next
end
config firewall vipgrp
edit "vip-grp-barracuda_Archivers"
set interface "outside lag"
set member "vip-Barracuda-Archive-1" "vip-Barracuda-Archive-2"
next
end
config firewall ssh local-key
edit "g-Fortinet_SSH_DSA1024"
set password ENC *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_ECDSA256"
set password ENC *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_ECDSA384"
set password ENC *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_ECDSA521"
set password ENC *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_ED25519"
set password ENC *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_RSA2048"
set password ENC *HIDDEN*
set source built-in
next
end
config firewall ssh local-ca
edit "g-Fortinet_SSH_CA"
set password ENC *HIDDEN*
set source built-in
next
edit "g-Fortinet_SSH_CA_Untrusted"
set password ENC *HIDDEN*
set source built-in
next
end
config firewall ssh setting
set caname "g-Fortinet_SSH_CA"
set untrusted-caname "g-Fortinet_SSH_CA_Untrusted"
set hostkey-rsa2048 "g-Fortinet_SSH_RSA2048"
set hostkey-dsa1024 "g-Fortinet_SSH_DSA1024"
set hostkey-ecdsa256 "g-Fortinet_SSH_ECDSA256"
set hostkey-ecdsa384 "g-Fortinet_SSH_ECDSA384"
set hostkey-ecdsa521 "g-Fortinet_SSH_ECDSA521"
set hostkey-ed25519 "g-Fortinet_SSH_ED25519"
end
config firewall profile-protocol-options
edit "default"
set comment "All default services."
config http
set ports 80
unset options
unset post-lang
end
config ftp
set ports 21
set options splice
end
config imap
set ports 143
set options fragmail
end
config mapi
set ports 135
set options fragmail
end
config pop3
set ports 110
set options fragmail
end
config smtp
set ports 25
set options fragmail splice
end
config nntp
set ports 119
set options splice
end
config ssh
unset options
end
config dns
set ports 53
end
config cifs
set ports 445
unset options
end
next
end
config firewall ssl-ssh-profile
edit "certificate-inspection"
set comment "Read-only SSL handshake inspection profile."
config https
set ports 443
set status certificate-inspection
set quic inspect
set unsupported-ssl-version allow
end
config ftps
set status disable
set unsupported-ssl-version allow
end
config imaps
set status disable
set unsupported-ssl-version allow
end
config pop3s
set status disable
set unsupported-ssl-version allow
end
config smtps
set status disable
set unsupported-ssl-version allow
end
config ssh
set ports 22
set status disable
end
config dot
set status disable
set quic inspect
end
next
edit "deep-inspection"
set comment "Read-only deep inspection profile."
config https
set ports 443
set status deep-inspection
set quic inspect
set unsupported-ssl-version allow
end
config ftps
set ports 990
set status deep-inspection
set unsupported-ssl-version allow
end
config imaps
set ports 993
set status deep-inspection
set unsupported-ssl-version allow
end
config pop3s
set ports 995
set status deep-inspection
set unsupported-ssl-version allow
end
config smtps
set ports 465
set status deep-inspection
set unsupported-ssl-version allow
end
config ssh
set ports 22
set status disable
end
config dot
set status disable
set quic inspect
end
config ssl-exempt
edit 1
set fortiguard-category 31
next
edit 2
set fortiguard-category 33
next
edit 3
set type wildcard-fqdn
set wildcard-fqdn "g-adobe"
next
edit 4
set type wildcard-fqdn
set wildcard-fqdn "g-Adobe Login"
next
edit 5
set type wildcard-fqdn
set wildcard-fqdn "g-android"
next
edit 6
set type wildcard-fqdn
set wildcard-fqdn "g-apple"
next
edit 7
set type wildcard-fqdn
set wildcard-fqdn "g-appstore"
next
edit 8
set type wildcard-fqdn
set wildcard-fqdn "g-auth.gfx.ms"
next
edit 9
set type wildcard-fqdn
set wildcard-fqdn "g-citrix"
next
edit 10
set type wildcard-fqdn
set wildcard-fqdn "g-dropbox.com"
next
edit 11
set type wildcard-fqdn
set wildcard-fqdn "g-eease"
next
edit 12
set type wildcard-fqdn
set wildcard-fqdn "g-firefox update server"
next
edit 13
set type wildcard-fqdn
set wildcard-fqdn "g-fortinet"
next
edit 14
set type wildcard-fqdn
set wildcard-fqdn "g-googleapis.com"
next
edit 15
set type wildcard-fqdn
set wildcard-fqdn "g-google-drive"
next
edit 16
set type wildcard-fqdn
set wildcard-fqdn "g-google-play2"
next
edit 17
set type wildcard-fqdn
set wildcard-fqdn "g-google-play3"
next
edit 18
set type wildcard-fqdn
set wildcard-fqdn "g-Gotomeeting"
next
edit 19
set type wildcard-fqdn
set wildcard-fqdn "g-icloud"
next
edit 20
set type wildcard-fqdn
set wildcard-fqdn "g-itunes"
next
edit 21
set type wildcard-fqdn
set wildcard-fqdn "g-microsoft"
next
edit 22
set type wildcard-fqdn
set wildcard-fqdn "g-skype"
next
edit 23
set type wildcard-fqdn
set wildcard-fqdn "g-softwareupdate.vmware.com"
next
edit 24
set type wildcard-fqdn
set wildcard-fqdn "g-verisign"
next
edit 25
set type wildcard-fqdn
set wildcard-fqdn "g-Windows update 2"
next
edit 26
set type wildcard-fqdn
set wildcard-fqdn "g-live.com"
next
edit 27
set type wildcard-fqdn
set wildcard-fqdn "g-google-play"
next
edit 28
set type wildcard-fqdn
set wildcard-fqdn "g-update.microsoft.com"
next
edit 29
set type wildcard-fqdn
set wildcard-fqdn "g-swscan.apple.com"
next
edit 30
set type wildcard-fqdn
set wildcard-fqdn "g-autoupdate.opera.com"
next
edit 31
set type wildcard-fqdn
set wildcard-fqdn "g-cdn-apple"
next
edit 32
set type wildcard-fqdn
set wildcard-fqdn "g-mzstatic-apple"
next
end
next
edit "custom-deep-inspection"
set comment "Customizable deep inspection profile."
config https
set ports 443
set status deep-inspection
set quic inspect
set unsupported-ssl-version allow
end
config ftps
set ports 990
set status deep-inspection
set unsupported-ssl-version allow
end
config imaps
set ports 993
set status deep-inspection
set unsupported-ssl-version allow
end
config pop3s
set ports 995
set status deep-inspection
set unsupported-ssl-version allow
end
config smtps
set ports 465
set status deep-inspection
set unsupported-ssl-version allow
end
config ssh
set ports 22
set status disable
end
config dot
set status disable
set quic inspect
end
config ssl-exempt
edit 1
set type wildcard-fqdn
set wildcard-fqdn "g-adobe"
next
edit 2
set type wildcard-fqdn
set wildcard-fqdn "g-Adobe Login"
next
edit 3
set type wildcard-fqdn
set wildcard-fqdn "g-android"
next
edit 4
set type wildcard-fqdn
set wildcard-fqdn "g-apple"
next
edit 5
set type wildcard-fqdn
set wildcard-fqdn "g-appstore"
next
edit 6
set type wildcard-fqdn
set wildcard-fqdn "g-auth.gfx.ms"
next
edit 7
set type wildcard-fqdn
set wildcard-fqdn "g-autoupdate.opera.com"
next
edit 8
set type wildcard-fqdn
set wildcard-fqdn "g-citrix"
next
edit 9
set type wildcard-fqdn
set wildcard-fqdn "g-dropbox.com"
next
edit 10
set type wildcard-fqdn
set wildcard-fqdn "g-eease"
next
edit 11
set type wildcard-fqdn
set wildcard-fqdn "g-firefox update server"
next
edit 12
set type wildcard-fqdn
set wildcard-fqdn "g-fortinet"
next
edit 13
set type wildcard-fqdn
set wildcard-fqdn "g-google-drive"
next
edit 14
set type wildcard-fqdn
set wildcard-fqdn "g-google-play"
next
edit 15
set type wildcard-fqdn
set wildcard-fqdn "g-google-play2"
next
edit 16
set type wildcard-fqdn
set wildcard-fqdn "g-google-play3"
next
edit 17
set type wildcard-fqdn
set wildcard-fqdn "g-googleapis.com"
next
edit 18
set type wildcard-fqdn
set wildcard-fqdn "g-Gotomeeting"
next
edit 19
set type wildcard-fqdn
set wildcard-fqdn "g-icloud"
next
edit 20
set type wildcard-fqdn
set wildcard-fqdn "g-itunes"
next
edit 21
set type wildcard-fqdn
set wildcard-fqdn "g-live.com"
next
edit 22
set type wildcard-fqdn
set wildcard-fqdn "g-microsoft"
next
edit 23
set type wildcard-fqdn
set wildcard-fqdn "g-skype"
next
edit 24
set type wildcard-fqdn
set wildcard-fqdn "g-softwareupdate.vmware.com"
next
edit 25
set type wildcard-fqdn
set wildcard-fqdn "g-swscan.apple.com"
next
edit 26
set type wildcard-fqdn
set wildcard-fqdn "g-update.microsoft.com"
next
edit 27
set type wildcard-fqdn
set wildcard-fqdn "g-verisign"
next
edit 28
set type wildcard-fqdn
set wildcard-fqdn "g-Windows update 2"
next
edit 29
set fortiguard-category 31
next
edit 30
set fortiguard-category 33
next
edit 31
set fortiguard-category 25
next
edit 32
set type wildcard-fqdn
set wildcard-fqdn "g-cdn-apple"
next
edit 33
set type wildcard-fqdn
set wildcard-fqdn "g-mzstatic-apple"
next
end
next
edit "no-inspection"
set comment "Read-only profile that does no inspection."
config https
set status disable
set quic bypass
set unsupported-ssl-version allow
end
config ftps
set status disable
set unsupported-ssl-version allow
end
config imaps
set status disable
set unsupported-ssl-version allow
end
config pop3s
set status disable
set unsupported-ssl-version allow
end
config smtps
set status disable
set unsupported-ssl-version allow
end
config ssh
set ports 22
set status disable
end
config dot
set status disable
set quic bypass
end
next
edit "custom-cert-inspection"
set comment "Read-only SSL handshake inspection profile."
config https
set ports 443
set status certificate-inspection
set quic inspect
set unsupported-ssl-version allow
end
config ftps
set status disable
set unsupported-ssl-version allow
end
config imaps
set status disable
set unsupported-ssl-version allow
end
config pop3s
set status disable
set unsupported-ssl-version allow
end
config smtps
set status disable
set unsupported-ssl-version allow
end
config ssh
set ports 22
set status disable
end
config dot
set status disable
set quic inspect
end
next
edit "SCSD custom-deep-inspection"
set comment "Customizable deep inspection profile."
config https
set ports 443
set status deep-inspection
set quic inspect
set unsupported-ssl-version allow
end
config ftps
set ports 990
set status deep-inspection
set unsupported-ssl-version allow
end
config imaps
set ports 993
set status deep-inspection
set unsupported-ssl-version allow
end
config pop3s
set ports 995
set status deep-inspection
set unsupported-ssl-version allow
end
config smtps
set ports 465
set status deep-inspection
set unsupported-ssl-version allow
end
config ssh
set ports 22
set status disable
end
config dot
set status disable
set quic inspect
end
config ssl-exempt
edit 1
set type wildcard-fqdn
set wildcard-fqdn "g-adobe"
next
edit 2
set type wildcard-fqdn
set wildcard-fqdn "g-Adobe Login"
next
edit 3
set type wildcard-fqdn
set wildcard-fqdn "g-android"
next
edit 4
set type wildcard-fqdn
set wildcard-fqdn "g-apple"
next
edit 5
set type wildcard-fqdn
set wildcard-fqdn "g-appstore"
next
edit 6
set type wildcard-fqdn
set wildcard-fqdn "g-auth.gfx.ms"
next
edit 7
set type wildcard-fqdn
set wildcard-fqdn "g-autoupdate.opera.com"
next
edit 8
set type wildcard-fqdn
set wildcard-fqdn "g-citrix"
next
edit 9
set type wildcard-fqdn
set wildcard-fqdn "g-dropbox.com"
next
edit 10
set type wildcard-fqdn
set wildcard-fqdn "g-eease"
next
edit 11
set type wildcard-fqdn
set wildcard-fqdn "g-firefox update server"
next
edit 12
set type wildcard-fqdn
set wildcard-fqdn "g-fortinet"
next
edit 13
set type wildcard-fqdn
set wildcard-fqdn "g-google-drive"
next
edit 14
set type wildcard-fqdn
set wildcard-fqdn "g-google-play"
next
edit 15
set type wildcard-fqdn
set wildcard-fqdn "g-google-play2"
next
edit 16
set type wildcard-fqdn
set wildcard-fqdn "g-google-play3"
next
edit 17
set type wildcard-fqdn
set wildcard-fqdn "g-googleapis.com"
next
edit 18
set type wildcard-fqdn
set wildcard-fqdn "g-Gotomeeting"
next
edit 19
set type wildcard-fqdn
set wildcard-fqdn "g-icloud"
next
edit 20
set type wildcard-fqdn
set wildcard-fqdn "g-itunes"
next
edit 21
set type wildcard-fqdn
set wildcard-fqdn "g-live.com"
next
edit 22
set type wildcard-fqdn
set wildcard-fqdn "g-microsoft"
next
edit 23
set type wildcard-fqdn
set wildcard-fqdn "g-skype"
next
edit 24
set type wildcard-fqdn
set wildcard-fqdn "g-softwareupdate.vmware.com"
next
edit 25
set type wildcard-fqdn
set wildcard-fqdn "g-swscan.apple.com"
next
edit 26
set type wildcard-fqdn
set wildcard-fqdn "g-update.microsoft.com"
next
edit 27
set type wildcard-fqdn
set wildcard-fqdn "g-verisign"
next
edit 28
set type wildcard-fqdn
set wildcard-fqdn "g-Windows update 2"
next
edit 29
set fortiguard-category 31
next
edit 30
set fortiguard-category 33
next
edit 31
set fortiguard-category 25
next
end
next
end
config firewall policy
edit 89
set status disable
set name "Country Allow In->Out"
set srcintf "inside"
set dstintf "outside"
set action accept
set srcaddr "all"
set dstaddr "Country Allow"
set schedule "always"
set service "HTTPS"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "g-default"
next
edit 90
set status disable
set name "Country Allow Out->In"
set srcintf "outside"
set dstintf "inside"
set action accept
set srcaddr "Country Allow"
set dstaddr "all"
set schedule "always"
set service "HTTPS"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "g-default"
set comments " (Copy of NVIDEA_LICENSING) (Reverse of NVIDEA_LICENSING)"
next
edit 107
set status disable
set name "NOCTI In->Out"
set srcintf "inside"
set dstintf "outside"
set action accept
set srcaddr "NOCTI_Inside"
set dstaddr "NOCTI"
set schedule "always"
set service "HTTP" "HTTPS"
set logtraffic all
set nat enable
set comments "Allow nocti.org"
next
edit 121
set status disable
set name "NOCTI Out->In"
set srcintf "outside"
set dstintf "inside"
set action accept
set srcaddr "NOCTI"
set dstaddr "NOCTI_Inside"
set schedule "always"
set service "HTTP" "HTTPS"
set logtraffic all
set comments "Allow nocti.org (Reverse of NOCTI_In->Out) (Copy of )"
next
edit 109
set name "Block Countries Out -> In"
set srcintf "outside"
set dstintf "inside"
set srcaddr "Country Block"
set dstaddr "all"
set schedule "always"
set service "ALL"
set logtraffic all
set comments "Block specific countries"
next
edit 110
set name "Block Countries In -> Out"
set srcintf "inside"
set dstintf "outside"
set srcaddr "all"
set dstaddr "Country Block"
set schedule "always"
set service "ALL"
set logtraffic all
set comments "Block specific countries"
next
edit 10020
set name "Deny_List_In"
set srcintf "outside"
set dstintf "inside"
set srcaddr "Block_List_Group"
set dstaddr "all"
set schedule "always"
set service "ALL"
set logtraffic all
set comments "Block Known Attachers"
next
edit 10022
set name "Deny_List_Out"
set srcintf "inside"
set dstintf "outside"
set srcaddr "all"
set dstaddr "Block_List_Group"
set schedule "always"
set service "ALL"
set logtraffic all
set comments "Block Known Attachers"
next
edit 112
set name "SSL_VPN_FULL"
set srcintf "ssl.scsd"
set dstintf "inside"
set action accept
set srcaddr "SSL_VPN_Range"
set dstaddr "IPv4-Private-All-RFC1918"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set groups "SSL_VPN_Full_Access" "FortiGateAccess"
set comments "Remote Access VPN - Full Access"
next
edit 59
set name "VPN_Security_VLAN_70"
set srcintf "ssl.scsd"
set dstintf "inside"
set action accept
set srcaddr "SSL_VPN_Range"
set dstaddr "Security_VLAN_70_Group"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set groups "VPN_Security_Group"
set comments "Remote Access VPN - Security VLAN 70"
next
edit 78
set name "VPN_Access_Control_VLAN_72"
set srcintf "ssl.scsd"
set dstintf "inside"
set action accept
set srcaddr "SSL_VPN_Range"
set dstaddr "Access_Control_VLAN_72_Group"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set groups "VPN_Access_Control_Group"
set comments "Remote Access VPN - Access Control VLAN 72"
next
edit 63
set name "VPN_Hyperion_Servers"
set srcintf "ssl.scsd"
set dstintf "inside"
set action accept
set srcaddr "SSL_VPN_Range"
set dstaddr "Hyperion_Server_Group"
set schedule "always"
set service "RDP" "UDP-3389" "HTTP" "HTTPS" "TCP-19000"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set groups "VPN_Hyperion_Group"
set comments "Remote Access VPN - Hyperion Servers"
next
edit 57
set name "VPN_Website_Server"
set srcintf "ssl.scsd"
set dstintf "inside"
set action accept
set srcaddr "SSL_VPN_Range"
set dstaddr "Webosphere_Inside"
set schedule "always"
set service "RDP" "UDP-3389" "FTP" "FTP_GET" "FTP_PUT" "TFTP" "Webosphere_Data" "HTTP" "HTTPS"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set groups "VPN_Web_Servers_Group"
set comments "Remote Access VPN - SCSD Website"
next
edit 58
set name "VPN_DayAutomation_Servers"
set srcintf "ssl.scsd"
set dstintf "inside"
set action accept
set srcaddr "SSL_VPN_Range"
set dstaddr "Day_Server_Group"
set schedule "always"
set service "RDP" "UDP-3389" "HTTPS" "TCP-6502-6510"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set groups "VPN_DayAuto_Group"
set comments "Remote Access VPN - Day Automation Servers"
next
edit 80
set name "VPN_Auditors"
set srcintf "ssl.scsd"
set dstintf "inside"
set action accept
set srcaddr "SSL_VPN_Range"
set dstaddr "psprdfin" "psprdhcm"
set schedule "always"
set service "HTTP" "HTTPS" "UDP-3389"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set groups "VPN_Auditor_Group"
set comments "Remote Access VPN - Auditors"
next
edit 66
set name "VPN_WebCRD_Server"
set srcintf "ssl.scsd"
set dstintf "inside"
set action accept
set srcaddr "SSL_VPN_Range"
set dstaddr "WebCRD"
set schedule "always"
set service "HTTPS" "SSH"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set groups "VPN_WebCRD_Group"
set comments "Remote Access VPN - webCRD"
next
edit 69
set name "VPN_DocHolliday"
set srcintf "ssl.scsd"
set dstintf "inside"
set action accept
set srcaddr "SSL_VPN_Range"
set dstaddr "DocHolliday"
set schedule "always"
set service "RDP" "UDP-3389" "SMB" "HTTP" "HTTPS" "PING"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set groups "VPN_DocHolliday_Group"
set comments "Remote Access VPN - DocHolliday for Katapult User"
next
edit 105
set name "DNS_FOR_SSL_VPN"
set srcintf "ssl.scsd"
set dstintf "inside"
set action accept
set srcaddr "SSL_VPN_Range"
set dstaddr "Domain_Controller_Group"
set schedule "always"
set service "DNS"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set groups "VPN_DocHolliday_Group"
set comments "Remote Access VPN - DocHolliday for Katapult User (Copy of VPN_DocHolliday)"
next
edit 120
set name "VPN411-Web-Portal"
set srcintf "ssl.scsd"
set dstintf "inside"
set action accept
set srcaddr "all"
set dstaddr "411app" "411sql"
set schedule "always"
set service "RDP" "Web Access"
set logtraffic all
set nat enable
set port-preserve disable
set groups "VPN_Access411_Group"
next
edit 68
set name "VPN_Access411_Servers"
set srcintf "ssl.scsd"
set dstintf "inside"
set action accept
set srcaddr "SSL_VPN_Range"
set dstaddr "411_Group"
set schedule "always"
set service "RDP" "UDP-3389" "HTTP" "HTTPS"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set groups "VPN_Access411_Group"
set comments "Remote Access VPN - Access411 RDP"
next
edit 91
set name "VPN_Peoplesoft_Audit"
set srcintf "ssl.scsd"
set dstintf "inside"
set action accept
set srcaddr "SSL_VPN_Range"
set dstaddr "Peoplesoft_Audit_Group"
set schedule "always"
set service "HTTP" "HTTPS" "TCP_UDP-8100"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set groups "VPN_Peoplesoft_Group"
set comments "Remote Access VPN - Peoplesoft Auditors"
next
edit 64
set name "VPN_Peoplesoft_RDP"
set srcintf "ssl.scsd"
set dstintf "inside"
set action accept
set srcaddr "SSL_VPN_Range"
set dstaddr "Peoplesoft_RDP_Group"
set schedule "always"
set service "RDP" "UDP-3389"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set groups "VPN_Peoplesoft_Group"
set comments "Remote Access VPN - Peoplesoft RDP"
next
edit 65
set name "VPN_Peoplesoft_SSH"
set srcintf "ssl.scsd"
set dstintf "inside"
set action accept
set srcaddr "SSL_VPN_Range"
set dstaddr "Peoplesoft_SSH_Group"
set schedule "always"
set service "SSH"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set groups "VPN_Peoplesoft_Group"
set comments "Remote Access VPN - Peoplesoft SSH"
next
edit 10009
set name "Nimble_Sup_Out"
set srcintf "inside"
set dstintf "outside"
set action accept
set srcaddr "Nimble_Inside_Grp"
set dstaddr "Nimble_Support"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set nat enable
set ippool enable
set poolname "ippool-198.36.23.251" "ippool-198.36.23.253" "ippool-198.36.23.254" "ippool-198.36.23.252"
set comments "Nimble Support"
next
edit 10010
set name "Nimble_Sup_In"
set srcintf "outside"
set dstintf "inside"
set action accept
set srcaddr "Nimble_Support"
set dstaddr "Nimble_Inside_Grp"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "Nimble Support"
next
edit 10026
set name "Barracuda In->Out"
set srcintf "inside"
set dstintf "outside"
set action accept
set srcaddr "Barracuda_Internal"
set dstaddr "all"
set schedule "always"
set service "SMTP" "SMTPS"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set nat enable
set ippool enable
set poolname "MailOut_Outside"
set comments "Barracuda Internal Email"
next
edit 67
set name "Nighttime In->Out"
set srcintf "inside"
set dstintf "outside"
set action accept
set srcaddr "Nighttime_Inside"
set dstaddr "all"
set schedule "always"
set service "FTP" "SSH" "TFTP"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set nat enable
set ippool enable
set poolname "Nighttime_Outside"
set comments "Forces nighttime to use specific external IP"
next
edit 10070
set name "Reverse_Proxy"
set srcintf "outside"
set dstintf "inside"
set action accept
set srcaddr "United_States"
set dstaddr "ReverseProxy"
set schedule "always"
set service "HTTPS"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "Need to examine - Reverse Proxy"
next
edit 94
set name "SBC_NOC_In->Out"
set srcintf "inside"
set dstintf "outside"
set action accept
set srcaddr "SBC-NOC"
set dstaddr "MS_Teams_External_Group"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Outgoing_IPS"
set logtraffic all
set nat enable
set ippool enable
set poolname "SBC-NOC-Outside"
set comments "SBC Ribbon"
next
edit 100
set name "SBC_DAN_In->Out"
set srcintf "inside"
set dstintf "outside"
set action accept
set srcaddr "SBC-DAN"
set dstaddr "MS_Teams_External_Group"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Outgoing_IPS"
set logtraffic all
set nat enable
set ippool enable
set poolname "SBC-DAN-Outside"
set comments "SBC Ribbon"
next
edit 10046
set name "SRIC_BOCES_Allow"
set srcintf "SRIC_BOCES"
set dstintf "inside"
set action accept
set srcaddr "SRICBOCES-OUTSIDE"
set dstaddr "vip-ntss"
set schedule "always"
set service "ALL_ICMP" "HTTP" "HTTPS" "TCP-1521" "TCP-9000-9100"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "Site to Site VPN - SRIC BOCES NTSS"
next
edit 10174
set name "NTSS In->Out"
set srcintf "inside"
set dstintf "SRIC_BOCES"
set action accept
set srcaddr "ntss-inside"
set dstaddr "SRICBOCES-OUTSIDE"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set nat enable
set ippool enable
set poolname "NTSS_Outside"
set comments "Site to Site VPN - SRIC BOCES NTSS"
next
edit 72
set name "SCHC_In->Out"
set srcintf "inside"
set dstintf "SCHC"
set action accept
set srcaddr "SCHC_Local_Subnets_Group"
set dstaddr "SCHC_Remote_Subnets_Group"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "g-default"
set logtraffic all
set comments "Site to Site VPN - SCHC"
next
edit 73
set name "SCHC_Out->In"
set srcintf "SCHC"
set dstintf "inside"
set action accept
set srcaddr "SCHC_Remote_Subnets_Group"
set dstaddr "SCHC_Local_Subnets_Group"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "g-default"
set logtraffic all
set comments "Site to Site VPN - SCHC"
next
edit 102
set name "eScholar In->Out"
set srcintf "inside"
set dstintf "vpn-0403e61"
set action accept
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "Site to Site VPN - AWS eScholar"
next
edit 108
set status disable
set name "eScholar Out->In"
set srcintf "vpn-0403e61"
set dstintf "inside"
set action accept
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "Site to Site VPN - AWS eScholar"
next
edit 101
set name "testing highstreet"
set srcintf "inside"
set dstintf "Highstreet"
set action accept
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ALL"
set ssl-ssh-profile "certificate-inspection"
set logtraffic all
set comments "Site to Site VPN - Highstreet (Copy of Highstreet_Tunnel_In->Out)"
next
edit 111
set name "Highstreet_Tunnel_In->Out"
set srcintf "inside"
set dstintf "Highstreet"
set action accept
set srcaddr "Server_40" "Server_48"
set dstaddr "all"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "Site to Site VPN - Highstreet"
next
edit 113
set name "Highstreet_2_Tunnel_In->Out"
set srcintf "inside"
set dstintf "Highstreet_2"
set action accept
set srcaddr "Server_40" "Server_48"
set dstaddr "all"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "VPN - Highstreet 2"
next
edit 61
set name "AWS_VPN_In->Out"
set srcintf "inside"
set dstintf "vpn-042e9903"
set action accept
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "Site to Site VPN - AWS"
next
edit 96
set name "SchoolTool_AWS_In->Out"
set srcintf "inside"
set dstintf "vpn-0fc50345"
set action accept
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "SchoolTool Tunnel In -> Out"
next
edit 97
set name "SchoolTool_AWS_Out->In"
set srcintf "vpn-0fc50345"
set dstintf "inside"
set action accept
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "Reverse of SchoolTool_AWS_In->Out"
next
edit 62
set status disable
set name "Test Cert Decrypt"
set srcintf "inside"
set dstintf "outside"
set action accept
set srcaddr "Tim PC"
set dstaddr "all"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "SCSD custom-deep-inspection"
set av-profile "g-default"
set ips-sensor "Incoming_IPS"
set application-list "App_Ctrl_1"
set logtraffic all
set nat enable
set ippool enable
set poolname "ippool-198.36.23.251" "ippool-198.36.23.253" "ippool-198.36.23.254" "ippool-198.36.23.252"
set tcp-mss-sender 1400
set tcp-mss-receiver 1400
set comments "Internet Access (Copy of Internet Access)"
next
edit 98
set name "AW_Scanner_Allow"
set srcintf "inside"
set dstintf "outside"
set action accept
set srcaddr "AW_Scanner_MerryChristmas" "AW_Scanner _HappyHalloween" "AW_Scanner_DiaDeLosMuertos" "AW_Scanner_HappyNewYear" "AW_Scanner_LaborDay"
set dstaddr "AW_device-activation.us-global-prod.arcticwolf.net" "AW_drs.us-global-prod.arcticwolf.net" "AW_inbound.us002-prod.arcticwolf.net"
set schedule "always"
set service "ALL"
set nat enable
next
edit 116
set name "POS Test"
set srcintf "inside"
set dstintf "outside"
set action accept
set srcaddr "POS_Machines"
set dstaddr "all"
set schedule "always"
set service "ALL"
set logtraffic all
set nat enable
set ippool enable
set poolname "ippool-198.36.23.251" "ippool-198.36.23.253" "ippool-198.36.23.254" "ippool-198.36.23.252"
set tcp-mss-sender 1400
set tcp-mss-receiver 1400
set comments "Test Point of Sale"
next
edit 119
set name "IoT>Open VPN"
set srcintf "inside"
set dstintf "outside"
set action accept
set srcaddr "IoT - Core"
set dstaddr "all"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set av-profile "g-default"
set ips-sensor "Outgoing_IPS"
set application-list "IoT"
set logtraffic all
set nat enable
set ippool enable
set poolname "ippool-198.36.23.251"
next
edit 106
set name "Internet Access"
set srcintf "inside" "RAP"
set dstintf "outside"
set action accept
set srcaddr "IPv4-Private-All-RFC1918" "VPN-Range"
set dstaddr "all"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set av-profile "g-default"
set ips-sensor "Outgoing_IPS"
set application-list "App_Ctrl_1"
set logtraffic all
set nat enable
set ippool enable
set poolname "ippool-198.36.23.251" "ippool-198.36.23.253" "ippool-198.36.23.254" "ippool-198.36.23.252"
set tcp-mss-sender 1400
set tcp-mss-receiver 1400
set comments "Internet Access"
next
edit 71
set name "County->Peoplesoft"
set srcintf "city_phones"
set dstintf "inside"
set action accept
set srcaddr "County_Network"
set dstaddr "psprdfin"
set schedule "always"
set service "HTTP" "HTTPS"
set ssl-ssh-profile "certificate-inspection"
set logtraffic all
next
edit 82
set name "Peoplesoft -> County"
set srcintf "inside"
set dstintf "city_phones"
set action accept
set srcaddr "psprdfin"
set dstaddr "County_Network"
set schedule "always"
set service "HTTP" "HTTPS"
set ssl-ssh-profile "certificate-inspection"
set logtraffic all
set comments " (Copy of County->Peoplesoft) (Reverse of County->Peoplesoft)"
next
edit 81
set name "County -> DNS"
set srcintf "city_phones"
set dstintf "inside"
set action accept
set srcaddr "County_Network"
set dstaddr "Domain_Controller_Group"
set schedule "always"
set service "DNS"
set ssl-ssh-profile "certificate-inspection"
set logtraffic all
set comments " (Copy of County->Peoplesoft)"
next
edit 76
set name "City_CGRs_Out->In"
set srcintf "city_phones"
set dstintf "inside"
set action accept
set srcaddr "City_Side_CGR_01" "City_Side_CGR_02"
set dstaddr "City_CGRs_Group"
set schedule "always"
set service "ESP" "IKE" "PING" "SSH"
set ssl-ssh-profile "certificate-inspection"
set logtraffic all
set comments "City Lights - CGR - Allow Ping and SSH from City-Side Subnets"
next
edit 77
set name "City_CGRs_In->Out"
set srcintf "inside"
set dstintf "city_phones"
set action accept
set srcaddr "City_CGRs_Group"
set dstaddr "City_Side_CGR_01" "City_Side_CGR_02"
set schedule "always"
set service "ESP" "IKE" "PING" "SSH"
set ssl-ssh-profile "certificate-inspection"
set logtraffic all
set comments "Allow City Lights CGR to City Side Subnets"
next
edit 85
set name "City_VoIP_Out->In"
set srcintf "city_phones"
set dstintf "inside"
set action accept
set srcaddr "City_Side_VoIP_Group"
set dstaddr "CUCM_BRIGHTON" "CUCM_ITC_NOC"
set schedule "always"
set service "ALL"
set logtraffic all
set comments "City Allowed Networks From them to Us (Copy of City_Phones_Out->In)"
next
edit 86
set name "City_VoIP_In->Out"
set srcintf "inside"
set dstintf "city_phones"
set action accept
set srcaddr "CUCM_BRIGHTON" "CUCM_ITC_NOC"
set dstaddr "City_Side_VoIP_Group"
set schedule "always"
set service "ALL"
set logtraffic all
set comments "City Allowed Networks From them to Us (Copy of City_Phones_Out->In) (Copy of City_VoIP_Out->In) (Reverse of City_VoIP_Out->In)"
next
edit 84
set name "City_Water_DPW_Recorder_Out->In"
set srcintf "city_phones"
set dstintf "inside"
set action accept
set srcaddr "City_Side_VoIP_Water_DPW_Recorder"
set dstaddr "CUCM_BRIGHTON" "CUCM_ITC_NOC"
set schedule "always"
set service "ALL"
set inspection-mode proxy
set logtraffic all
set auto-asic-offload disable
set np-acceleration disable
set comments "City Allowed Networks From them to Us (Copy of City_Phones_Out->In) (Copy of City_Parks_Phones_Out->In)"
next
edit 88
set name "City_Water_DPW_Recorder_In->Out"
set srcintf "inside"
set dstintf "city_phones"
set action accept
set srcaddr "CUCM_BRIGHTON" "CUCM_ITC_NOC"
set dstaddr "City_Side_VoIP_Water_DPW_Recorder"
set schedule "always"
set service "ALL"
set inspection-mode proxy
set logtraffic all
set auto-asic-offload disable
set np-acceleration disable
set comments "City Allowed Networks From them to Us (Copy of City_Phones_Out->In) (Copy of City_Parks_Phones_Out->In) (Copy of City_Water_DPW_Recorder_Out->In) (Reverse of City_Water_DPW_Recorder_Out->In)"
next
edit 60
set name "City_Parks_Phones_Out->In"
set srcintf "city_phones"
set dstintf "inside"
set action accept
set srcaddr "City_Side_Parks_Phone_Subnet" "City_Side_VoIP_Water_DPW_Recorder"
set dstaddr "CUCM_BRIGHTON" "CUCM_ITC_NOC"
set schedule "always"
set service "ALL"
set inspection-mode proxy
set logtraffic all
set auto-asic-offload disable
set np-acceleration disable
set comments "City Allowed Networks From them to Us (Copy of City_Phones_Out->In)"
next
edit 79
set name "City_Parks_Phones_In->Out"
set srcintf "inside"
set dstintf "city_phones"
set action accept
set srcaddr "CUCM_BRIGHTON" "CUCM_ITC_NOC"
set dstaddr "City_Side_Parks_Phone_Subnet" "City_Side_VoIP_Water_DPW_Recorder"
set schedule "always"
set service "ALL"
set inspection-mode proxy
set logtraffic all
set comments "City Allowed Networks From Us to Them (Copy of City_Phones_In->Out)"
next
edit 70
set status disable
set name "Block SPD DNS ACCESS"
set srcintf "city_phones"
set dstintf "inside"
set srcaddr "SPD_Network"
set dstaddr "all"
set schedule "always"
set service "DNS"
set logtraffic disable
set match-vip disable
set comments "Deny SPD DNS"
next
edit 55
set name "SPD_Out->In"
set srcintf "city_phones"
set dstintf "inside"
set action accept
set srcaddr "SPD_Network"
set dstaddr "SPD_Firewalls_Our_Side"
set schedule "always"
set service "ESP" "IKE" "SNMP" "SSH" "ALL_ICMP" "HTTPS" "HTTP"
set ssl-ssh-profile "certificate-inspection"
set logtraffic all
set comments "SPD Access"
next
edit 87
set name "SPD_In->Out"
set srcintf "inside"
set dstintf "city_phones"
set action accept
set srcaddr "SPD_Firewalls_Our_Side"
set dstaddr "SPD_Network"
set schedule "always"
set service "ESP" "IKE" "SNMP" "SSH" "ALL_ICMP" "HTTPS" "HTTP"
set ssl-ssh-profile "certificate-inspection"
set logtraffic all
set comments "SPD Access (Copy of SPD_Out->In) (Reverse of SPD_Out->In)"
next
edit 83
set name "SPD_ Genetec_Out->In"
set srcintf "city_phones"
set dstintf "inside"
set action accept
set srcaddr "SPD_Side_Genetec"
set dstaddr "Genetec_Inside_Group"
set schedule "always"
set service "Genetec Federation"
set ssl-ssh-profile "certificate-inspection"
set logtraffic all
set comments "SPD Access for Genetec Federation"
next
edit 92
set name "SPD_ Genetec_In->Out"
set srcintf "inside"
set dstintf "city_phones"
set action accept
set srcaddr "Genetec_Inside_Group"
set dstaddr "SPD_Side_Genetec"
set schedule "always"
set service "Genetec Federation"
set ssl-ssh-profile "certificate-inspection"
set logtraffic all
set comments "SPD Access for Genetec Federation"
next
edit 54
set name "City_Phones_Out->In"
set srcintf "city_phones"
set dstintf "inside"
set action accept
set srcaddr "City_Subnets_Group"
set dstaddr "City_Permited_Subnets_Group"
set schedule "always"
set service "ALL"
set logtraffic all
set comments "City Allowed Networks From them to Us"
next
edit 75
set name "City_Phones_In->Out"
set srcintf "inside"
set dstintf "city_phones"
set action accept
set srcaddr "City_Permited_Subnets_Group"
set dstaddr "City_Subnets_Group"
set schedule "always"
set service "ALL"
set logtraffic all
set comments "City Allowed Networks From Us to Them"
next
edit 10024
set name "Email_Hybrid_Allow"
set srcintf "outside"
set dstintf "inside"
set action accept
set srcaddr "all"
set dstaddr "vip-hybrid-email"
set schedule "always"
set service "HTTP" "HTTPS" "SMTP" "SMTPS"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "Hybrid Email - Robert Johnson"
next
edit 10027
set name "Barracuda_Archivers"
set srcintf "outside"
set dstintf "inside"
set action accept
set dstaddr "vip-grp-barracuda_Archivers"
set internet-service-src enable
set internet-service-src-group "Microsoft_ISDB_Both"
set schedule "always"
set service "HTTP" "HTTPS" "SMTP" "SMTPS"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "Barracuda Archivers from Microsoft"
next
edit 115
set name "Nutanix_Remote_Support"
set srcintf "inside"
set dstintf "outside"
set action accept
set srcaddr "Nutanix_CVM"
set dstaddr "Nutanix_Remote_Support"
set schedule "always"
set service "HTTP" "HTTPS"
set logtraffic all
next
edit 10076
set status disable
set name "Apple_Cache"
set srcintf "outside"
set dstintf "inside"
set action accept
set srcaddr "all"
set dstaddr "vip-applecaching"
set schedule "always"
set service "ALL_TCP"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "Apple Caching Server Access"
next
edit 10094
set name "DNS_ns1"
set srcintf "outside"
set dstintf "inside"
set action accept
set srcaddr "all"
set dstaddr "vip-ns1"
set schedule "always"
set service "DNS"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "DNS - External"
next
edit 10092
set name "DNS_ns2"
set srcintf "outside"
set dstintf "inside"
set action accept
set srcaddr "all"
set dstaddr "vip-ns2"
set schedule "always"
set service "DNS"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "DNS - External"
next
edit 10108
set name "LDAP_Access"
set srcintf "outside"
set dstintf "inside"
set action accept
set srcaddr "Safeschools_Group"
set dstaddr "vip-DC01"
set schedule "always"
set service "LDAP" "LDAP_UDP" "TCP-636"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "LDAP"
next
edit 10130
set name "Airwatch"
set srcintf "outside"
set dstintf "inside"
set action accept
set srcaddr "all"
set dstaddr "vip-Airwatchapp"
set schedule "always"
set service "Airwatch_Services_Group"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "Airwatch Access"
next
edit 10054
set name "SCSD_Website"
set srcintf "outside"
set dstintf "inside"
set action accept
set srcaddr "United_States"
set dstaddr "vip-Webosphere"
set schedule "always"
set service "HTTP" "HTTPS"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "Website - scsd.us"
next
edit 10138
set name "WebHelpDesk"
set srcintf "outside"
set dstintf "inside"
set action accept
set srcaddr "United_States"
set dstaddr "vip-webhelpdesk"
set schedule "always"
set service "HTTPS"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "Webpage - helpdesk.scsd.us"
next
edit 117
set name "RAP>Inside>DCs"
set srcintf "RAP"
set dstintf "inside"
set action accept
set srcaddr "RAP_10.67.0.0/16" "RAP-MGMT"
set dstaddr "all"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set av-profile "g-default"
set ips-sensor "Incoming_IPS"
set application-list "App_Ctrl_1"
set logtraffic all
next
edit 10150
set name "Tableau"
set srcintf "outside"
set dstintf "inside"
set action accept
set srcaddr "United_States"
set dstaddr "vip-tableau"
set schedule "always"
set service "HTTP" "HTTPS"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "Webpage - tableau.scsd.us"
next
edit 99
set name "PrintOC"
set srcintf "outside"
set dstintf "inside"
set action accept
set srcaddr "United_States"
set dstaddr "vip-PrintOC"
set schedule "always"
set service "HTTPS"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "Oracle Web Printer"
next
edit 122
set name "Print-OC_SFTP"
set srcintf "outside"
set dstintf "inside"
set action accept
set srcaddr "Oracle Cloud IP"
set dstaddr "vip-PrintOC"
set schedule "always"
set service "SSH"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "Oracle Web Printer (Copy of PrintOC) (Copy of )"
next
edit 10184
set name "ESS"
set srcintf "outside"
set dstintf "inside"
set action accept
set srcaddr "United_States"
set dstaddr "vip-scsdess"
set schedule "always"
set service "HTTP" "HTTPS"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "Employee Self Service"
next
edit 10182
set name "Address_Lookup"
set srcintf "outside"
set dstintf "inside"
set action accept
set srcaddr "United_States"
set dstaddr "vip-Neutrons"
set schedule "always"
set service "HTTPS"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "Address Lookup for parents"
next
edit 93
set name "SBC_Ribbon_Out->In"
set srcintf "outside"
set dstintf "inside"
set action accept
set srcaddr "MS_Teams_External_Group"
set dstaddr "vip-sbc-noc" "vip-sbc-dan"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "SBC Ribbon"
next
edit 114
set name "EMS_Out->In"
set srcintf "outside"
set dstintf "inside"
set action accept
set srcaddr "all"
set dstaddr "vip-EMS"
set schedule "always"
set service "HTTP" "HTTPS" "TCP-8443" "TCP-8013"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set ips-sensor "Incoming_IPS"
set logtraffic all
set comments "SBC Ribbon (Copy of SBC_Ribbon_Out->In)"
next
edit 118
set name "Servers->RAP"
set srcintf "inside"
set dstintf "RAP"
set action accept
set srcaddr "all"
set dstaddr "RAP_10.67.0.0/16" "RAP-MGMT" "RAP-FW-Inside"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set av-profile "g-default"
set ips-sensor "Incoming_IPS"
set application-list "App_Ctrl_1"
set logtraffic all
set comments " (Copy of RAP>Inside>DCs) (Reverse of RAP>Inside>DCs)"
next
edit 95
set name "SCSD -> DPS"
set srcintf "inside"
set dstintf "DPS"
set action accept
set srcaddr "all"
set dstaddr "DPS_10.46.0.0/16" "DPS_Mgmt" "DPS_192.168.146.0/24"
set schedule "always"
set service "ALL"
next
edit 103
set name "DPS-> SCSD"
set srcintf "DPS"
set dstintf "inside"
set action accept
set srcaddr "DPS_10.46.0.0/16" "DPS_192.168.146.0/24" "DPS_Mgmt"
set dstaddr "all"
set schedule "always"
set service "ALL"
next
edit 104
set name "DPS-> Outside"
set srcintf "DPS"
set dstintf "outside"
set action accept
set srcaddr "DPS_10.46.0.0/16"
set dstaddr "all"
set schedule "always"
set service "ALL"
set nat enable
set ippool enable
set poolname "ippool-198.36.23.253"
next
end
config firewall DoS-policy
edit 1
set name "Country_Block_DOS"
set comments "Thresholds set to 1 to block all traffic from specific countries."
set interface "outside"
set srcaddr "Country Block"
set dstaddr "all"
set service "ALL"
config anomaly
edit "tcp_syn_flood"
set status enable
set action block
set threshold 1
next
edit "tcp_port_scan"
set status enable
set action block
set threshold 1
next
edit "tcp_src_session"
set status enable
set action block
set threshold 1
next
edit "tcp_dst_session"
set status enable
set action block
set threshold 1
next
edit "udp_flood"
set status enable
set action block
set threshold 1
next
edit "udp_scan"
set status enable
set action block
set threshold 1
next
edit "udp_src_session"
set status enable
set action block
set threshold 1
next
edit "udp_dst_session"
set status enable
set action block
set threshold 1
next
edit "icmp_flood"
set status enable
set action block
set threshold 1
next
edit "icmp_sweep"
set status enable
set action block
set threshold 1
next
edit "icmp_src_session"
set status enable
set action block
set threshold 1
next
edit "icmp_dst_session"
set status enable
set action block
set threshold 1
next
edit "ip_src_session"
set status enable
set action block
set threshold 1
next
edit "ip_dst_session"
set status enable
set action block
set threshold 1
next
edit "sctp_flood"
set status enable
set action block
set threshold 1
next
edit "sctp_scan"
set status enable
set action block
set threshold 1
next
edit "sctp_src_session"
set status enable
set action block
set threshold 1
next
edit "sctp_dst_session"
set status enable
set action block
set threshold 1
next
end
next
edit 3
set name "Zoom-bypass"
set interface "outside"
set srcaddr "all"
set dstaddr "all"
set service "Zoom UDP Ports"
config anomaly
edit "tcp_syn_flood"
set threshold 2000
next
edit "tcp_port_scan"
set threshold 1000
next
edit "tcp_src_session"
set threshold 5000
next
edit "tcp_dst_session"
set threshold 5000
next
edit "udp_flood"
set status enable
set log enable
set threshold 2000
next
edit "udp_scan"
set threshold 2000
next
edit "udp_src_session"
set threshold 5000
next
edit "udp_dst_session"
set threshold 5000
next
edit "icmp_flood"
set threshold 250
next
edit "icmp_sweep"
set threshold 100
next
edit "icmp_src_session"
set threshold 300
next
edit "icmp_dst_session"
set threshold 1000
next
edit "ip_src_session"
set threshold 5000
next
edit "ip_dst_session"
set threshold 5000
next
edit "sctp_flood"
set threshold 2000
next
edit "sctp_scan"
set threshold 1000
next
edit "sctp_src_session"
set threshold 5000
next
edit "sctp_dst_session"
set threshold 5000
next
end
next
edit 2
set name "DoS_Default"
set interface "outside"
set srcaddr "all"
set dstaddr "all"
set service "ALL"
config anomaly
edit "tcp_syn_flood"
set status enable
set log enable
set action block
set threshold 2000
next
edit "tcp_port_scan"
set status enable
set log enable
set action block
set threshold 1000
next
edit "tcp_src_session"
set status enable
set log enable
set action block
set threshold 5000
next
edit "tcp_dst_session"
set status enable
set log enable
set action block
set threshold 5000
next
edit "udp_flood"
set status enable
set log enable
set action block
set threshold 20000
next
edit "udp_scan"
set status enable
set log enable
set action block
set threshold 2000
next
edit "udp_src_session"
set status enable
set log enable
set action block
set threshold 5000
next
edit "udp_dst_session"
set status enable
set log enable
set action block
set threshold 5000
next
edit "icmp_flood"
set status enable
set log enable
set action block
set threshold 250
next
edit "icmp_sweep"
set status enable
set log enable
set action block
set threshold 100
next
edit "icmp_src_session"
set status enable
set log enable
set action block
set threshold 300
next
edit "icmp_dst_session"
set status enable
set log enable
set action block
set threshold 1000
next
edit "ip_src_session"
set status enable
set log enable
set action block
set threshold 5000
next
edit "ip_dst_session"
set status enable
set log enable
set action block
set threshold 5000
next
edit "sctp_flood"
set status enable
set log enable
set action block
set threshold 2000
next
edit "sctp_scan"
set status enable
set log enable
set action block
set threshold 1000
next
edit "sctp_src_session"
set status enable
set log enable
set action block
set threshold 5000
next
edit "sctp_dst_session"
set status enable
set log enable
set action block
set threshold 5000
next
end
next
end
config firewall sniffer
edit 8
set interface "vpn-0fc50345"
set host "172.30.45.35"
set port "3389"
next
edit 4
set interface "city_phones lag"
set host "10.250.229.0/24"
next
edit 6
set interface "city_phones lag"
set host "10.1.150.20"
set port "8445"
next
edit 5
set interface "vpn-0403e61"
next
edit 7
set interface "outside lag"
set host "3.20.191.182"
next
edit 9
set interface "Highstreet"
next
edit 10
set interface "inside lag"
set host "192.168.79.2"
next
edit 11
set interface "inside lag"
set host "10.46.1.1"
next
edit 12
set interface "DPS"
set host "10.46.1.1"
next
edit 13
set interface "port17"
set host "192.168.146.5"
next
edit 14
set interface "port19"
set host "192.168.146.5"
next
edit 15
set interface "RAP"
set host "192.168.79.2"
next
edit 16
set interface "city_phones lag"
next
end
config firewall on-demand-sniffer
edit "outside lag_scsd"
set interface "outside lag"
set max-packet-count 100
set hosts "24.105.188.54"
set protocols 17
next
end
Reference in New Issue View Git Blame Copy Permalink