scsd/scsd-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
scsd-configs/configs/fortigate/vdom_scsd/vpn.cfg

1024 lines
33 KiB
INI
Raw Blame History

config vpn certificate ca
end
config vpn certificate remote
edit "REMOTE_Cert_2"
next
end
config vpn certificate local
edit "Fortinet_CA_SSL"
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
set range global
set source factory
next
edit "Fortinet_CA_Untrusted"
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
set range global
set source factory
next
edit "Fortinet_SSL"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
next
edit "Fortinet_GUI_Server"
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
set range global
set source factory
next
edit "Fortinet_SSL_RSA1024"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
next
edit "Fortinet_SSL_RSA2048"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
next
edit "Fortinet_SSL_RSA4096"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
next
edit "Fortinet_SSL_DSA1024"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
next
edit "Fortinet_SSL_DSA2048"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
next
edit "Fortinet_SSL_ECDSA256"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
next
edit "Fortinet_SSL_ECDSA384"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
next
edit "Fortinet_SSL_ECDSA521"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
next
edit "Fortinet_SSL_ED25519"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
next
edit "Fortinet_SSL_ED448"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
next
edit "Star Cert Expire 4-24"
set password ENC *HIDDEN*
next
edit "StartCert-Expire042025"
set password ENC *HIDDEN*
next
edit "StarCert-Expire03202026"
set password ENC *HIDDEN*
next
end
config vpn ssl web host-check-software
edit "FortiClient-AV"
set guid "1A0271D5-3D4F-46DB-0C2C-AB37BA90D9F7"
next
edit "FortiClient-FW"
set type fw
set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
next
edit "FortiClient-AV-Vista"
set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
next
edit "FortiClient-FW-Vista"
set type fw
set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
next
edit "FortiClient5-AV"
set guid "5EEDDB8C-C27A-6714-3657-DBD811D1F1B7"
next
edit "AVG-Internet-Security-AV"
set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
next
edit "AVG-Internet-Security-FW"
set type fw
set guid "8DECF618-9569-4340-B34A-D78D28969B66"
next
edit "AVG-Internet-Security-AV-Vista-Win7"
set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
next
edit "AVG-Internet-Security-FW-Vista-Win7"
set type fw
set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
next
edit "CA-Anti-Virus"
set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
next
edit "CA-Internet-Security-AV"
set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
next
edit "CA-Internet-Security-FW"
set type fw
set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
next
edit "CA-Internet-Security-AV-Vista-Win7"
set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
next
edit "CA-Internet-Security-FW-Vista-Win7"
set type fw
set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
next
edit "CA-Personal-Firewall"
set type fw
set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
next
edit "F-Secure-Internet-Security-AV"
set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
next
edit "F-Secure-Internet-Security-FW"
set type fw
set guid "D4747503-0346-49EB-9262-997542F79BF4"
next
edit "F-Secure-Internet-Security-AV-Vista-Win7"
set guid "15414183-282E-D62C-CA37-EF24860A2F17"
next
edit "F-Secure-Internet-Security-FW-Vista-Win7"
set type fw
set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
next
edit "Kaspersky-AV"
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
next
edit "Kaspersky-FW"
set type fw
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
next
edit "Kaspersky-AV-Vista-Win7"
set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
next
edit "Kaspersky-FW-Vista-Win7"
set type fw
set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
next
edit "McAfee-Internet-Security-Suite-AV"
set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
next
edit "McAfee-Internet-Security-Suite-FW"
set type fw
set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
next
edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
next
edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
set type fw
set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
next
edit "McAfee-Virus-Scan-Enterprise"
set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
next
edit "Norton-360-2.0-AV"
set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
next
edit "Norton-360-2.0-FW"
set type fw
set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
next
edit "Norton-360-3.0-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-360-3.0-FW"
set type fw
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
next
edit "Norton-Internet-Security-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-Internet-Security-FW"
set type fw
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
next
edit "Norton-Internet-Security-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Norton-Internet-Security-FW-Vista-Win7"
set type fw
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
next
edit "Symantec-Endpoint-Protection-AV"
set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
next
edit "Symantec-Endpoint-Protection-FW"
set type fw
set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
next
edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
set type fw
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
next
edit "Panda-Antivirus+Firewall-2008-AV"
set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
next
edit "Panda-Antivirus+Firewall-2008-FW"
set type fw
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
next
edit "Panda-Internet-Security-AV"
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
next
edit "Panda-Internet-Security-2006~2007-FW"
set type fw
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
next
edit "Panda-Internet-Security-2008~2009-FW"
set type fw
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
next
edit "Sophos-Anti-Virus"
set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW"
set type fw
set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
next
edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
set type fw
set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
next
edit "Trend-Micro-AV"
set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
next
edit "Trend-Micro-FW"
set type fw
set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
next
edit "Trend-Micro-AV-Vista-Win7"
set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
next
edit "Trend-Micro-FW-Vista-Win7"
set type fw
set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
next
edit "ZoneAlarm-AV"
set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
next
edit "ZoneAlarm-FW"
set type fw
set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
next
edit "ZoneAlarm-AV-Vista-Win7"
set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
next
edit "ZoneAlarm-FW-Vista-Win7"
set type fw
set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
next
edit "ESET-Smart-Security-AV"
set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
next
edit "ESET-Smart-Security-FW"
set type fw
set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
next
end
config vpn ssl web portal
edit "full-access"
set tunnel-mode enable
set ipv6-tunnel-mode enable
set web-mode enable
set ip-pools "SSLVPN_TUNNEL_ADDR1"
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
config bookmark-group
edit "gui-bookmarks"
next
end
set customize-forticlient-download-url enable
set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent"
next
edit "web-access"
set web-mode enable
next
edit "tunnel-access"
set tunnel-mode enable
set ipv6-tunnel-mode enable
set ip-pools "SSLVPN_TUNNEL_ADDR1"
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
next
edit "SCSD_VPN_FULL_Portal"
set tunnel-mode enable
set web-mode enable
set ip-pools "SSL_VPN_Range"
set split-tunneling-routing-address "IPv4-Private-All-RFC1918"
config bookmark-group
edit "gui-bookmarks"
next
end
set customize-forticlient-download-url enable
set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent"
set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent"
next
edit "SchoolTool_Portal"
set tunnel-mode enable
set web-mode enable
set forticlient-download disable
set ip-pools "SSL_VPN_Range"
set split-tunneling-routing-address "Internal_10.0.0.0_8"
set user-bookmark disable
config bookmark-group
edit "gui-bookmarks"
config bookmarks
edit "Obiwan_RDP"
set apptype rdp
set host "10.1.48.202"
set port 3389
set sso auto
next
edit "HanSolo_RDP"
set apptype rdp
set host "10.1.48.201"
set port 3389
set sso auto
next
edit "C3PO_RDP"
set apptype rdp
set host "10.1.48.133"
set port 3389
set sso auto
next
edit "Chewbacca_RDP"
set apptype rdp
set host "10.1.48.129"
set port 3389
set sso auto
next
edit "Skywalker_RDP"
set apptype rdp
set host "10.1.48.63"
set port 3389
set sso auto
next
edit "Yoda_RDP"
set apptype rdp
set host "10.1.48.103"
set port 3389
set sso auto
next
edit "MANDO_RDP"
set apptype rdp
set host "10.1.40.72"
set port 3389
set sso auto
next
edit "GROGU_RDP"
set apptype rdp
set host "10.1.40.224"
set port 3389
set sso auto
next
end
next
end
set display-connection-tools disable
set display-history disable
set heading "SCSD SchoolTool VPN"
next
edit "Website_Server_Portal"
set tunnel-mode enable
set web-mode enable
set ip-pools "SSL_VPN_Range"
set split-tunneling-routing-address "Internal_10.0.0.0_8"
set user-bookmark disable
config bookmark-group
edit "gui-bookmarks"
config bookmarks
edit "Webosphere_RDP"
set apptype rdp
set host "10.1.48.117"
set port 3389
set sso auto
next
edit "Webosphere_FTP"
set apptype ftp
set folder "10.1.48.117"
set sso auto
next
end
next
end
set display-connection-tools disable
set display-history disable
set display-status disable
set heading "SCSD Website VPN Portal"
set theme mariner
set customize-forticlient-download-url enable
set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent"
set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent"
next
edit "DayAutomation_Portal"
set tunnel-mode enable
set web-mode enable
set ip-pools "SSL_VPN_Range"
set split-tunneling-routing-address "Internal_10.0.0.0_8"
config bookmark-group
edit "gui-bookmarks"
config bookmarks
edit "Day_Enterprise_Server"
set apptype rdp
set host "10.1.40.108"
set port 3389
set sso auto
next
edit "Day_VM_Server"
set apptype rdp
set host "10.1.40.173"
set port 3389
set sso auto
next
edit "Day_Continuum_Server"
set apptype rdp
set host "10.1.40.188"
set port 3389
set sso auto
next
end
next
end
set display-connection-tools disable
set display-history disable
set display-status disable
set heading "SCSD Day Automation VPN Portal"
set theme melongene
set customize-forticlient-download-url enable
set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent"
set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent"
next
edit "Security_Portal"
set tunnel-mode enable
set web-mode enable
set ip-pools "SSL_VPN_Range"
set split-tunneling-routing-address "Internal_10.0.0.0_8"
config bookmark-group
edit "gui-bookmarks"
next
end
set display-history disable
set display-status disable
set heading "SCSD Security VPN Portal"
set theme mariner
set customize-forticlient-download-url enable
set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent"
set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent"
next
edit "Hyperion_Portal"
set tunnel-mode enable
set web-mode enable
set ip-pools "SSL_VPN_Range"
set split-tunneling-routing-address "Internal_10.0.0.0_8"
config bookmark-group
edit "gui-bookmarks"
next
end
set display-history disable
set display-status disable
set heading "SCSD_Hyperion_VPN_Portal"
set customize-forticlient-download-url enable
set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent"
set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent"
next
edit "Peoplesoft_Portal"
set tunnel-mode enable
set web-mode enable
set ip-pools "SSL_VPN_Range"
set split-tunneling-routing-address "Internal_10.0.0.0_8"
config bookmark-group
edit "gui-bookmarks"
next
end
set display-history disable
set display-status disable
set heading "SCSD_Peoplesoft_VPN_Portal"
set customize-forticlient-download-url enable
set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent"
set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent"
next
edit "WebCRD_Portal"
set tunnel-mode enable
set web-mode enable
set ip-pools "SSL_VPN_Range"
set split-tunneling-routing-address "Internal_10.0.0.0_8"
config bookmark-group
edit "gui-bookmarks"
next
end
set display-history disable
set display-status disable
set heading "SCSD_WebCRD_VPN_Portal"
set customize-forticlient-download-url enable
set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent"
set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent"
next
edit "Access411_Portal"
set tunnel-mode enable
set web-mode enable
set forticlient-download disable
set ip-pools "SSL_VPN_Range"
set split-tunneling-routing-address "Internal_10.0.0.0_8"
set user-bookmark disable
config bookmark-group
edit "gui-bookmarks"
config bookmarks
edit "411app"
set apptype rdp
set host "10.1.40.216"
set port 3389
set sso auto
next
edit "411sql"
set apptype rdp
set host "10.1.40.225"
set port 3389
set sso auto
next
edit "411app HomePage"
set url "https://411app.scsd.us"
next
end
next
end
set display-connection-tools disable
set display-history disable
set display-status disable
set heading "SCSD Access411 VPN Portal"
next
edit "DocHolliday_Portal"
set tunnel-mode enable
set web-mode enable
set ip-pools "SSL_VPN_Range"
set split-tunneling-routing-address "Internal_10.0.0.0_8"
config bookmark-group
edit "gui-bookmarks"
next
end
set display-history disable
set display-status disable
set heading "SCSD DocHolliday Portal"
set customize-forticlient-download-url enable
set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent"
set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent"
next
edit "AccessControl_Portal"
set tunnel-mode enable
set web-mode enable
set ip-pools "SSL_VPN_Range"
set split-tunneling-routing-address "Internal_10.0.0.0_8"
config bookmark-group
edit "gui-bookmarks"
next
end
set display-history disable
set display-status disable
set heading "SCSD Access Control VPN Portal"
set customize-forticlient-download-url enable
set windows-forticlient-download-url "https://links.fortinet.com/forticlient/win/vpnagent"
set macos-forticlient-download-url "https://links.fortinet.com/forticlient/mac/vpnagent"
next
edit "Auditor_Portal"
set tunnel-mode enable
set web-mode enable
set forticlient-download disable
set ip-pools "SSL_VPN_Range"
set split-tunneling-routing-address "Internal_10.0.0.0_8"
config bookmark-group
edit "gui-bookmarks"
config bookmarks
edit "Finance"
set url "http://psprdfin.scsd.ad/psp/FPRD/"
next
edit "HR"
set url "http://psprdhcm.scsd.ad/psp/HPRD"
next
end
next
end
set clipboard disable
next
edit "Azure_Test_Portal"
set tunnel-mode enable
set web-mode enable
set ip-pools "SSL_VPN_Range"
set split-tunneling-routing-address "Internal_10.0.0.0_8" "IPv4-Private-All-RFC1918"
config bookmark-group
edit "gui-bookmarks"
next
end
set heading "Azure-VPN Portal"
next
edit "SCSD_USER_PORTAL"
set tunnel-mode enable
set web-mode enable
set forticlient-download disable
set ip-pools "SSL_VPN_Range"
set split-tunneling-routing-address "Internal_10.0.0.0_8" "IPv4-Private-All-RFC1918"
config bookmark-group
edit "gui-bookmarks"
next
end
set heading "SCSD-USER-PORTAL"
next
end
config vpn ssl settings
set banned-cipher SHA1 SHA256 SHA384
set servercert "StarCert-Expire03202026"
set idle-timeout 3600
set auth-timeout 36000
set login-timeout 180
set tunnel-ip-pools "SSL_VPN_Range"
set dns-server1 10.1.40.10
set dns-server2 10.21.48.10
set source-interface "outside"
set source-address "all"
set source-address6 "all"
set default-portal "tunnel-access"
config authentication-rule
edit 1
set groups "SSL_VPN_Full_Access"
set portal "SCSD_VPN_FULL_Portal"
next
edit 2
set groups "VPN_SchoolTool_Group"
set portal "SchoolTool_Portal"
next
edit 4
set groups "VPN_Web_Servers_Group"
set portal "Website_Server_Portal"
next
edit 5
set groups "VPN_DayAuto_Group"
set portal "DayAutomation_Portal"
next
edit 6
set groups "VPN_Security_Group"
set portal "Security_Portal"
next
edit 7
set groups "VPN_Hyperion_Group"
set portal "Hyperion_Portal"
next
edit 8
set groups "VPN_Peoplesoft_Group"
set portal "Peoplesoft_Portal"
next
edit 9
set groups "VPN_WebCRD_Group"
set portal "WebCRD_Portal"
next
edit 10
set groups "VPN_Access411_Group"
set portal "Access411_Portal"
next
edit 11
set groups "VPN_DocHolliday_Group"
set portal "DocHolliday_Portal"
next
edit 12
set groups "VPN_Access_Control_Group"
set portal "AccessControl_Portal"
next
edit 13
set groups "VPN_Auditor_Group"
set portal "Auditor_Portal"
next
edit 14
set groups "FortiGateAccess"
set portal "Azure_Test_Portal"
next
edit 15
set groups "SSL_VPN_SCSD_USER"
set portal "SCSD_USER_PORTAL"
next
edit 16
set groups "SSL_VPN_SCSD_USER2"
set portal "SCSD_USER_PORTAL"
next
end
set http-request-header-timeout 60
set http-request-body-timeout 60
end
config vpn ssl web user-bookmark
edit "vpn_user1#SSL_VPN_Full_Access"
next
edit "tmarri81#SSL_VPN_Full_Access"
config bookmarks
edit "TimMac_FTP"
set apptype ftp
set folder "10.1.7.110"
next
edit "My_PC"
set apptype rdp
set host "10.1.7.137"
set port 3389
set sso auto
next
edit "My Mac"
set apptype vnc
set host "10.1.7.110"
set port 5900
set logon-user "tmarris"
set logon-password ENC *HIDDEN*
next
end
next
edit "tmarri81.admin#VPN_SchoolTool_Group"
next
edit "dteacher#VPN_PrintServer_Group"
next
edit "gdaniels.admin#VPN_PrintServer_Group"
next
edit "gdaniels#SSL_VPN_Full_Access"
next
edit "tmarri81.admin#SSL_VPN_Full_Access"
config bookmarks
edit "MrRobot_FTP"
set apptype ftp
set folder "10.1.40.101"
set sso auto
next
edit "Obiwan_RDP"
set apptype rdp
set host "10.1.48.202"
set port 3389
set sso auto
next
end
next
edit "tmarri81.la#SSL_VPN_Full_Access"
config bookmarks
edit "MrRobot_FTP"
set apptype ftp
set folder "10.1.40.101"
set sso auto
next
end
next
edit "hrice.oa#SSL_VPN_Full_Access"
next
edit "tmarri81#VPN_Security_Group"
next
edit "timoon67#SSL_VPN_Full_Access"
next
edit "tmarri81.la#VPN_Hyperion_Group"
next
edit "tmarri81.la#VPN_Peoplesoft_Group"
next
edit "tmarri81.la#VPN_WebCRD_Group"
next
edit "webcrdsupport#VPN_WebCRD_Group"
next
edit "tmarri81.la#VPN_DocHolliday_Group"
next
edit "mnichols.oa#VPN_DayAuto_Group"
next
edit "ddunn.oa#VPN_DayAuto_Group"
next
edit "jgriffin.oa#VPN_DayAuto_Group"
next
edit "swalts49#SSL_VPN_Full_Access"
next
edit "Bstrohm_admin#SSL_VPN_Full_Access"
next
edit "jgumpert#VPN_Peoplesoft_Group"
next
edit "gedelstein#VPN_DayAuto_Group"
next
edit "tmarri81.la#VPN_DayAuto_Group"
next
edit "wlakie.oa#VPN_DayAuto_Group"
next
edit "Katapult.oa#VPN_DocHolliday_Group"
next
edit "aolEVA60#SSL_VPN_Full_Access"
next
edit "aoleva60#SSL_VPN_Full_Access"
next
edit "hebuck02#SSL_VPN_Full_Access"
next
edit "kcampion.oa#VPN_DayAuto_Group"
next
edit "jchapman.oa#VPN_Hyperion_Group"
next
edit "btrzaskos.oa#VPN_DayAuto_Group"
next
edit "ysun.oa#VPN_Hyperion_Group"
next
edit "sreddy.OA#VPN_Hyperion_Group"
next
edit "bstrohm_admin#SSL_VPN_Full_Access"
next
edit "navd.oa#VPN_Peoplesoft_Group"
config bookmarks
edit "SCSD PS DEV"
set url "http://psdevhcm.scsd.ad/psp/HDEV/?cmd=login&languageCd=ENG&"
next
end
next
end
config vpn ipsec phase1-interface
edit "SRIC_BOCES"
set interface "outside lag"
set ike-version 2
set peertype any
set net-device disable
set proposal aes256-sha256
set dhgrp 14
set nattraversal disable
set remote-gw 170.161.52.25
set psksecret ENC *HIDDEN*
next
edit "vpn-042e9903"
set interface "outside lag"
set ike-version 2
set local-gw 198.36.24.5
set keylife 28800
set peertype any
set net-device disable
set proposal aes256-sha256
set dhgrp 19
set remote-gw 52.61.115.188
set psksecret ENC *HIDDEN*
set dpd-retryinterval 30
next
edit "SCHC"
set interface "outside lag"
set ike-version 2
set peertype any
set net-device disable
set proposal aes256-sha256
set remote-gw 209.217.202.173
set psksecret ENC *HIDDEN*
next
edit "vpn-0fc50345"
set interface "outside lag"
set local-gw 198.36.24.5
set keylife 28800
set peertype any
set net-device disable
set proposal aes128-sha1
set comments "SchoolTool Tunnel"
set dhgrp 2
set remote-gw 34.194.174.170
set psksecret ENC *HIDDEN*
next
edit "vpn-0403e61"
set interface "outside lag"
set ike-version 2
set local-gw 198.36.24.5
set keylife 28800
set peertype any
set net-device disable
set proposal aes256-sha256
set comments "eScholar Tunnel"
set dhgrp 19
set remote-gw 44.216.12.227
set psksecret ENC *HIDDEN*
set dpd-retryinterval 30
next
edit "Highstreet"
set interface "outside lag"
set ike-version 2
set local-gw 198.36.24.5
set keylife 28800
set peertype any
set net-device disable
set proposal aes128-sha1
set dhgrp 2
set nattraversal disable
set remote-gw 3.20.191.182
set psksecret ENC *HIDDEN*
next
edit "Highstreet_2"
set interface "outside lag"
set ike-version 2
set keylife 28800
set peertype any
set net-device disable
set proposal aes128-sha1
set dhgrp 2
set nattraversal disable
set remote-gw 3.146.135.243
set psksecret ENC *HIDDEN*
next
edit "DPS"
set interface "outside lag"
set ike-version 2
set peertype any
set net-device disable
set proposal aes256-sha256
set comments "VPN: DPS"
set remote-gw 24.39.213.214
set psksecret ENC *HIDDEN*
next
edit "RAP"
set interface "outside lag"
set ike-version 2
set peertype any
set net-device disable
set proposal aes256-sha256
set comments "RAP->SCSD"
set nattraversal disable
set transport udp-fallback-tcp
set remote-gw 24.105.188.54
set psksecret ENC *HIDDEN*
next
end
config vpn ipsec phase2-interface
edit "SRIC_BOCES"
set phase1name "SRIC_BOCES"
set proposal aes256-sha256
set dhgrp 14
set auto-negotiate enable
set src-addr-type ip
set dst-addr-type ip
set keylifeseconds 28800
set src-start-ip 198.36.24.68
set dst-start-ip 170.161.52.27
next
edit "vpn-042e9903"
set phase1name "vpn-042e9903"
set proposal aes256-sha256
set dhgrp 16
set auto-negotiate enable
set keylifeseconds 3600
set src-subnet 10.1.48.0 255.255.255.0
set dst-subnet 10.222.0.0 255.255.0.0
next
edit "SCHC"
set phase1name "SCHC"
set proposal aes256-sha256
set dhgrp 14
set src-addr-type name
set dst-addr-type name
set keylifeseconds 28800
set src-name "SCHC_Local_Subnets_Group"
set dst-name "SCHC_Remote_Subnets_Group"
next
edit "vpn-0fc50345"
set phase1name "vpn-0fc50345"
set proposal aes128-sha1
set dhgrp 2
set auto-negotiate enable
set src-addr-type name
set dst-addr-type name
set keylifeseconds 3600
set src-name "SchoolTool_Cloud_Internal"
set dst-name "SchoolTool_External_Range"
next
edit "vpn-0403e61"
set phase1name "vpn-0403e61"
set proposal aes256-sha256
set dhgrp 16
set auto-negotiate enable
set keylifeseconds 3600
set src-subnet 10.1.48.0 255.255.255.0
set dst-subnet 10.11.0.0 255.255.240.0
next
edit "Highstreet"
set phase1name "Highstreet"
set proposal aes128-sha1
set dhgrp 2
set auto-negotiate enable
set keylifeseconds 3600
set src-subnet 10.1.0.0 255.255.192.0
set dst-subnet 10.51.62.0 255.255.255.0
next
edit "Highstreet_2"
set phase1name "Highstreet_2"
set proposal aes128-sha1
set dhgrp 2
set auto-negotiate enable
set keylifeseconds 3600
set src-subnet 10.1.0.0 255.255.0.0
set dst-subnet 10.51.62.32 255.255.255.240
next
edit "DPS"
set phase1name "DPS"
set proposal aes256-sha256
set comments "VPN: DPS"
next
edit "RAP"
set phase1name "RAP"
set proposal aes256-sha256
next
end
Reference in New Issue View Git Blame Copy Permalink