Last active
August 23, 2023 20:16
-
-
Save jflemer/029636c4535bbf6f045b85fd25ab9154 to your computer and use it in GitHub Desktop.
Juniper SRX240H Home/Office IPv6 dual stack (NAT)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## TRUST LAN on ge-0/0/0 (Private IPv4 & ULA IPv6 w/ Internet via NAT) | |
| ## GUEST LAN on ge-0/0/1 (Private IPv4 w/ Internet via NAT) | |
| ## ISP/INTERNET (Cable Modem) on ge-0/0/15 (Public IPv4 and Public IPv6) | |
| ## No IPv6 prefix delegation (PD) since SRX240H will not run JunOS 12.3 | |
| version 12.1X46-D71; | |
| system { | |
| host-name srx; | |
| authentication-order password; | |
| ports { | |
| console log-out-on-disconnect; | |
| } | |
| root-authentication { | |
| #encrypted-password "$sha1$xxx"; | |
| } | |
| name-server { | |
| 2001:558:feed::2; | |
| 2001:558:feed::1; | |
| 75.75.76.76; | |
| 75.75.75.75; | |
| } | |
| login { | |
| retry-options { | |
| tries-before-disconnect 2; | |
| backoff-threshold 1; | |
| backoff-factor 5; | |
| } | |
| class idle-super-user { | |
| idle-timeout 30; | |
| login-alarms; | |
| permissions all; | |
| } | |
| user admin { | |
| uid 2222; | |
| class idle-super-user; | |
| authentication { | |
| #encrypted-password "$sha1$xxx"; | |
| #ssh-rsa "ssh-rsa xxx"; | |
| } | |
| } | |
| user monitor { | |
| uid 2333; | |
| class read-only; | |
| authentication { | |
| #ssh-rsa "ssh-rsa xxx"; | |
| } | |
| } | |
| password { | |
| format sha1; | |
| } | |
| } | |
| services { | |
| ssh { | |
| root-login deny; | |
| tcp-forwarding; | |
| protocol-version v2; | |
| ciphers [ aes256-ctr aes256-cbc ]; | |
| macs [ hmac-sha2-256 hmac-sha2-512 ]; | |
| key-exchange [ dh-group14-sha1 ecdh-sha2-nistp256 ecdh-sha2-nistp384 group-exchange-sha2 group-exchange-sha1 ]; | |
| client-alive-count-max 15; | |
| client-alive-interval 60; | |
| hostkey-algorithm { | |
| no-ssh-dss; | |
| no-ssh-rsa; | |
| ssh-ecdsa; | |
| no-ssh-ed25519; | |
| } | |
| rate-limit 3; | |
| } | |
| dns { | |
| traceoptions { | |
| file named size 1m; | |
| flag all; | |
| } | |
| dnssec; | |
| dns-proxy { | |
| interface { | |
| lo0.0; | |
| } | |
| default-domain * { | |
| forwarders { | |
| 2001:558:feed::2; | |
| 2001:558:feed::1; | |
| 75.75.76.76; | |
| 75.75.75.75; | |
| } | |
| } | |
| cache { | |
| modem.example inet 192.168.100.1; | |
| ntp.example inet 192.168.255.1; | |
| router.example inet 192.168.255.1; | |
| } | |
| } | |
| } | |
| dhcp-local-server { | |
| dhcpv6 { | |
| reconfigure { | |
| attempts 10; | |
| timeout 10; | |
| #token xxx; | |
| } | |
| overrides { | |
| interface-client-limit 128; | |
| rapid-commit; | |
| process-inform; | |
| } | |
| group TRUST-IPV6-DHCP { | |
| interface vlan.1; | |
| } | |
| } | |
| group TRUST-DHCP { | |
| interface vlan.1; | |
| } | |
| group GUEST-DHCP { | |
| interface vlan.900; | |
| } | |
| } | |
| web-management { | |
| https { | |
| interface [ lo0.0 vlan.1 ge-0/0/15.0 ]; | |
| } | |
| } | |
| } | |
| syslog { | |
| archive size 100k files 3; | |
| user * { | |
| any emergency; | |
| } | |
| file messages { | |
| any critical; | |
| authorization info; | |
| } | |
| file interactive-commands { | |
| interactive-commands error; | |
| } | |
| file traffic-log { | |
| any any; | |
| match RT_FLOW_SESSION; | |
| archive size 2m files 5; | |
| } | |
| } | |
| max-configurations-on-flash 30; | |
| max-configuration-rollbacks 30; | |
| license { | |
| autoupdate { | |
| url https://ae1.juniper.net/junos/key_retrieval; | |
| } | |
| } | |
| processes { | |
| general-authentication-service { | |
| traceoptions { | |
| file auth size 1m files 5; | |
| flag all; | |
| } | |
| } | |
| dhcp-service { | |
| traceoptions { | |
| file dhcp-service size 1m files 5; | |
| level notice; | |
| flag all; | |
| } | |
| } | |
| } | |
| ntp { | |
| server 0.pool.ntp.org version 4; | |
| server 1.pool.ntp.org version 4; | |
| server 2.pool.ntp.org version 4; | |
| } | |
| } | |
| interfaces { | |
| ge-0/0/0 { | |
| description TRUST-LAN; | |
| unit 0 { | |
| family ethernet-switching { | |
| vlan { | |
| members VLAN-TRUST; | |
| } | |
| } | |
| } | |
| } | |
| ge-0/0/1 { | |
| description GUEST-LAN; | |
| unit 0 { | |
| family ethernet-switching { | |
| vlan { | |
| members VLAN-GUEST; | |
| } | |
| } | |
| } | |
| } | |
| ge-0/0/15 { | |
| description INTERNET; | |
| unit 0 { | |
| bandwidth 30m; | |
| arp-resp unrestricted; | |
| family inet { | |
| no-redirects; | |
| dhcp-client { | |
| options { | |
| no-hostname; | |
| } | |
| lease-time infinite; | |
| update-server; | |
| vendor-id ""; | |
| } | |
| } | |
| family inet6 { | |
| dhcpv6-client { | |
| client-type statefull; | |
| client-ia-type ia-na; | |
| client-identifier duid-type duid-ll; | |
| req-option dns-server; | |
| req-option fqdn; | |
| req-option domain; | |
| req-option vendor-spec; | |
| } | |
| } | |
| } | |
| } | |
| lo0 { | |
| unit 0 { | |
| family inet { | |
| filter { | |
| input RE-PROTECT; | |
| } | |
| address 192.168.255.1/32 { | |
| primary; | |
| } | |
| } | |
| family inet6 { | |
| address fd00:0867:5309:ff::1/128; | |
| } | |
| } | |
| } | |
| vlan { | |
| unit 1 { | |
| description "TRUST VLAN"; | |
| family inet { | |
| address 192.168.1.1/24; | |
| } | |
| family inet6 { | |
| address fc00:0867:5309:1::1/64; | |
| } | |
| } | |
| unit 900 { | |
| description "GUEST VLAN"; | |
| family inet { | |
| address 192.168.0.1/24; | |
| } | |
| } | |
| } | |
| } | |
| routing-options { | |
| static { | |
| route 10.0.0.0/8 discard; | |
| route 172.16.0.0/12 discard; | |
| route 192.168.49.0/24 discard; | |
| route 169.254.0.0/16 discard; | |
| } | |
| } | |
| protocols { | |
| router-advertisement { | |
| traceoptions { | |
| file ipv6-ra size 1m files 2; | |
| flag all; | |
| } | |
| interface ge-0/0/15.0; | |
| interface vlan.1 { | |
| max-advertisement-interval 300; | |
| min-advertisement-interval 10; | |
| managed-configuration; | |
| other-stateful-configuration; | |
| link-mtu; | |
| prefix fc00:0867:5309:1::/64; | |
| } | |
| } | |
| neighbor-discovery { | |
| onlink-subnet-only; | |
| } | |
| stp { | |
| max-age 40; | |
| hello-time 10; | |
| forward-delay 30; | |
| } | |
| } | |
| security { | |
| ike { | |
| policy IKE-POLICY { | |
| mode aggressive; | |
| proposal-set standard; | |
| #pre-shared-key ascii-text "$9$xxx" | |
| } | |
| gateway VPN-GATEWAY { | |
| ike-policy IKE-POLICY; | |
| dynamic { | |
| hostname router; | |
| connections-limit 2; | |
| ike-user-type group-ike-id; | |
| } | |
| dead-peer-detection { | |
| optimized; | |
| interval 60; | |
| } | |
| external-interface ge-0/0/15.0; | |
| xauth access-profile VPN-PROFILE; | |
| } | |
| } | |
| ipsec { | |
| policy IPSEC-POLICY { | |
| proposal-set standard; | |
| } | |
| vpn DYNAMIC-VPN { | |
| ike { | |
| gateway VPN-GATEWAY; | |
| ipsec-policy IPSEC-POLICY; | |
| } | |
| } | |
| } | |
| address-book { | |
| global { | |
| address HOST-DNS 192.168.255.1/32; | |
| address HOST-MODEM 192.168.100.1/32; | |
| address HOST-NTP 192.168.255.1/32; | |
| address NET-TRUST 192.168.1.0/24; | |
| address NET-DYNAMIC-VPN 192.168.2.0/24; | |
| address NET-GUEST 192.168.0.0/24; | |
| address NET-LINKLOCAL 169.254.0.0/16; | |
| address NET-LOOPBACK 127.0.0.0/8; | |
| address NET-MCAST 224.0.0.0/4; | |
| address NET-MCAST-LOCAL 224.0.0.0/24; | |
| address NET-PRIV-10 10.0.0.0/8; | |
| address NET-PRIV-172 172.16.0.0/12; | |
| address NET-PRIV-192 192.168.0.0/16; | |
| address NET-RESV-192-24 192.0.0.0/24; | |
| address NET-RESV-240-4 240.0.0.0/4; | |
| address NET-ZERO-8 0.0.0.0/8; | |
| address-set NET-ROUTED { | |
| address NET-TRUST; | |
| address NET-GUEST; | |
| } | |
| address-set NET-PRIVATE { | |
| address NET-PRIV-10; | |
| address NET-PRIV-192; | |
| address NET-PRIV-172; | |
| address NET-LINKLOCAL; | |
| } | |
| address-set NET-MARTIAN { | |
| address NET-ZERO-8; | |
| address NET-LOOPBACK; | |
| address NET-RESV-192-24; | |
| address NET-RESV-240-4; | |
| address NET-MCAST; | |
| address NET-MCAST-LOCAL; | |
| address-set NET-PRIVATE; | |
| } | |
| } | |
| } | |
| alg { | |
| dns oversize-message-drop; | |
| } | |
| dynamic-vpn { | |
| access-profile VPN-PROFILE; | |
| clients { | |
| all { | |
| remote-protected-resources { | |
| 10.0.0.0/8; | |
| 192.168.0.0/16; | |
| 172.16.0.0/12; | |
| } | |
| remote-exceptions { | |
| 0.0.0.0/0; | |
| } | |
| ipsec-vpn DYNAMIC-VPN; | |
| user { | |
| vpnuser; | |
| } | |
| } | |
| } | |
| } | |
| forwarding-options { | |
| family { | |
| inet6 { | |
| mode flow-based; | |
| } | |
| } | |
| } | |
| screen { | |
| ids-option untrust-screen { | |
| icmp { | |
| ip-sweep; | |
| flood; | |
| ping-death; | |
| } | |
| ip { | |
| source-route-option; | |
| tear-drop; | |
| } | |
| tcp { | |
| syn-flood { | |
| alarm-threshold 1024; | |
| attack-threshold 200; | |
| source-threshold 1024; | |
| destination-threshold 2048; | |
| timeout 20; | |
| } | |
| land; | |
| } | |
| } | |
| } | |
| nat { | |
| source { | |
| rule-set INTERNET-SOURCE-NAT { | |
| from zone [ GUEST trust ]; | |
| to zone untrust; | |
| rule INTERNET-NAT { | |
| match { | |
| source-address-name NET-ROUTED; | |
| } | |
| then { | |
| source-nat { | |
| interface; | |
| } | |
| } | |
| } | |
| } | |
| rule-set INTERNET-IPV6-SOURCE-NAT { | |
| from zone trust; | |
| to zone untrust; | |
| rule INTERNET-IPV6-NAT { | |
| match { | |
| source-address-name any-ipv6; | |
| } | |
| then { | |
| source-nat { | |
| interface; | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| policies { | |
| from-zone trust to-zone untrust { | |
| policy MODEM-OUT { | |
| match { | |
| source-address NET-TRUST; | |
| destination-address HOST-MODEM; | |
| application [ junos-http junos-https junos-icmp-ping ]; | |
| } | |
| then { | |
| permit; | |
| } | |
| } | |
| policy NET-MARTIANS { | |
| match { | |
| source-address any; | |
| destination-address NET-MARTIAN; | |
| application any; | |
| } | |
| then { | |
| deny; | |
| log { | |
| session-init; | |
| } | |
| count; | |
| } | |
| } | |
| policy INTERNET-IPV6 { | |
| match { | |
| source-address any-ipv6; | |
| destination-address any-ipv6; | |
| application any; | |
| } | |
| then { | |
| permit; | |
| count; | |
| } | |
| } | |
| policy INTERNET { | |
| match { | |
| source-address NET-TRUST; | |
| destination-address any; | |
| application any; | |
| } | |
| then { | |
| permit; | |
| } | |
| } | |
| } | |
| from-zone trust to-zone LOOPBACK { | |
| policy ANY-IPV6 { | |
| match { | |
| source-address any-ipv6; | |
| destination-address any-ipv6; | |
| application any; | |
| } | |
| then { | |
| permit; | |
| count; | |
| } | |
| } | |
| policy ANY { | |
| match { | |
| source-address any; | |
| destination-address any; | |
| application any; | |
| } | |
| then { | |
| permit; | |
| } | |
| } | |
| } | |
| from-zone GUEST to-zone untrust { | |
| policy NET-MARTIANS { | |
| match { | |
| source-address any; | |
| destination-address NET-MARTIAN; | |
| application any; | |
| } | |
| then { | |
| deny; | |
| count; | |
| } | |
| } | |
| policy INTERNET { | |
| match { | |
| source-address NET-GUEST; | |
| destination-address any; | |
| application [ Internet Tunnels ]; | |
| } | |
| then { | |
| permit; | |
| } | |
| } | |
| policy OTHER { | |
| match { | |
| source-address NET-GUEST; | |
| destination-address any; | |
| application any; | |
| } | |
| then { | |
| permit; | |
| log { | |
| session-init; | |
| } | |
| count; | |
| } | |
| } | |
| } | |
| from-zone untrust to-zone trust { | |
| policy NET-MARTIANS { | |
| match { | |
| source-address NET-MARTIAN; | |
| destination-address any; | |
| application any; | |
| } | |
| then { | |
| deny; | |
| count; | |
| } | |
| } | |
| policy DYNAMIC-VPN-POLICY { | |
| match { | |
| source-address any; | |
| destination-address any; | |
| application any; | |
| } | |
| then { | |
| permit { | |
| tunnel { | |
| ipsec-vpn DYNAMIC-VPN; | |
| } | |
| } | |
| count; | |
| } | |
| } | |
| policy DENY { | |
| match { | |
| source-address any; | |
| destination-address any; | |
| application any; | |
| } | |
| then { | |
| deny; | |
| count; | |
| } | |
| } | |
| } | |
| from-zone untrust to-zone LOOPBACK { | |
| policy VPN-TO-LOOPBACK { | |
| match { | |
| source-address NET-DYNAMIC-VPN; | |
| destination-address any; | |
| application any; | |
| } | |
| then { | |
| permit; | |
| log { | |
| session-init; | |
| } | |
| count; | |
| } | |
| } | |
| } | |
| from-zone GUEST to-zone trust { | |
| policy DENY { | |
| match { | |
| source-address any; | |
| destination-address any; | |
| application any; | |
| } | |
| then { | |
| deny; | |
| count; | |
| } | |
| } | |
| } | |
| from-zone untrust to-zone GUEST { | |
| policy NET-MARTIANS { | |
| match { | |
| source-address NET-MARTIAN; | |
| destination-address any; | |
| application any; | |
| } | |
| then { | |
| deny; | |
| count; | |
| } | |
| } | |
| } | |
| global { | |
| policy DENY-ALL { | |
| match { | |
| source-address any; | |
| destination-address any; | |
| application any; | |
| } | |
| then { | |
| deny; | |
| log { | |
| session-init; | |
| } | |
| } | |
| } | |
| } | |
| default-policy { | |
| deny-all; | |
| } | |
| } | |
| zones { | |
| security-zone trust { | |
| host-inbound-traffic { | |
| system-services { | |
| dns; | |
| ntp; | |
| ping; | |
| traceroute; | |
| dhcp; | |
| dhcpv6; | |
| } | |
| protocols { | |
| router-discovery; | |
| } | |
| } | |
| interfaces { | |
| vlan.1; | |
| } | |
| } | |
| security-zone untrust { | |
| screen untrust-screen; | |
| interfaces { | |
| ge-0/0/15.0 { | |
| host-inbound-traffic { | |
| system-services { | |
| dhcp; | |
| ping; | |
| https; | |
| ike; | |
| dhcpv6; | |
| } | |
| protocols { | |
| router-discovery; | |
| } | |
| } | |
| } | |
| } | |
| } | |
| security-zone GUEST { | |
| host-inbound-traffic { | |
| system-services { | |
| dhcp; | |
| ping; | |
| traceroute; | |
| } | |
| } | |
| interfaces { | |
| vlan.900; | |
| } | |
| } | |
| security-zone LOOPBACK { | |
| host-inbound-traffic { | |
| system-services { | |
| dns; | |
| https; | |
| ntp; | |
| ping; | |
| ssh; | |
| } | |
| } | |
| interfaces { | |
| lo0.0; | |
| } | |
| } | |
| } | |
| } | |
| firewall { | |
| family inet { | |
| filter GUEST-RATELIMIT-FILTER { | |
| term RATELIMIT { | |
| then { | |
| policer NETWORK-BW-CONTROL-2M; | |
| count GUEST-PACKETS; | |
| loss-priority low; | |
| forwarding-class network-control; | |
| accept; | |
| } | |
| } | |
| } | |
| } | |
| policer NETWORK-BW-CONTROL-2M { | |
| if-exceeding { | |
| bandwidth-limit 2m; | |
| burst-size-limit 15m; | |
| } | |
| then out-of-profile; | |
| } | |
| filter RE-PROTECT { | |
| term ALLOW-SSH { | |
| from { | |
| source-address { | |
| 192.168.1.0/24; | |
| } | |
| protocol tcp; | |
| port 22; | |
| } | |
| then { | |
| count ALLOW-SSH-COUNT; | |
| accept; | |
| } | |
| } | |
| term DENY-SSH { | |
| from { | |
| protocol tcp; | |
| port 22; | |
| } | |
| then { | |
| count DENY-SSH-COUNT; | |
| reject; | |
| } | |
| } | |
| term ACCEPT { | |
| then { | |
| count ACCEPT-COUNT; | |
| accept; | |
| } | |
| } | |
| } | |
| } | |
| access { | |
| profile VPN-PROFILE { | |
| authentication-order password; | |
| client vpnuser { | |
| firewall-user { | |
| #password "$9$xxx"; | |
| } | |
| } | |
| address-assignment { | |
| pool VPN-POOL; | |
| } | |
| } | |
| address-assignment { | |
| pool TRUST-POOL { | |
| family inet { | |
| network 192.168.1.0/24; | |
| range TRUST-RANGE { | |
| low 192.168.1.16; | |
| high 192.168.1.223; | |
| } | |
| dhcp-attributes { | |
| maximum-lease-time 1296000; | |
| domain-name example; | |
| name-server { | |
| 192.168.255.1; | |
| } | |
| router { | |
| 192.168.1.1; | |
| } | |
| option 42 array ip-address 192.168.255.1; | |
| } | |
| host host1 { | |
| hardware-address 00:11:11:11:11:11; | |
| ip-address 192.168.1.224; | |
| } | |
| } | |
| } | |
| pool GUEST-POOL { | |
| family inet { | |
| network 192.168.0.0/24; | |
| range GUEST-RANGE { | |
| low 192.168.0.16; | |
| high 192.168.0.223; | |
| } | |
| dhcp-attributes { | |
| maximum-lease-time 14400; | |
| name-server { | |
| 8.8.8.8; | |
| 8.8.4.4; | |
| } | |
| router { | |
| 192.168.0.1; | |
| } | |
| } | |
| } | |
| } | |
| pool VPN-POOL { | |
| family inet { | |
| network 192.168.2.0/24; | |
| range VPN-RANGE { | |
| low 192.168.2.16; | |
| high 192.168.2.223; | |
| } | |
| dhcp-attributes { | |
| option 42 array ip-address 192.168.255.1; | |
| } | |
| xauth-attributes { | |
| primary-dns 192.168.255.1/32; | |
| } | |
| } | |
| } | |
| pool TRUST-IPV6-POOL { | |
| family inet6 { | |
| prefix fc00:0867:5309:1::/64; | |
| range TRUST-IPV6-RANGE { | |
| low fc00:0867:5309:1::1000/128; | |
| high fc00:0867:5309:1::7fff/128; | |
| } | |
| dhcp-attributes { | |
| dns-server { | |
| fc00:0867:5309:ff::1; | |
| } | |
| option 42 array ipv6-address fc00:0867:5309:ff::1; | |
| } | |
| } | |
| } | |
| } | |
| address-protection; | |
| firewall-authentication { | |
| web-authentication { | |
| default-profile VPN-PROFILE; | |
| } | |
| } | |
| } | |
| applications { | |
| application mdns { | |
| application-protocol dns; | |
| protocol udp; | |
| destination-port 5353; | |
| description "Mulitcast DNS (mDNS/RFC6762) [224.0.0.251:udp/5353]"; | |
| } | |
| application ssdp { | |
| protocol udp; | |
| destination-port 1900; | |
| description "Simple Service Discovery Protocol (ssdp) [239.255.255.250:udp/1900]"; | |
| } | |
| application llmnr { | |
| application-protocol dns; | |
| protocol udp; | |
| destination-port 5355; | |
| description "Link-Local Multicast Name Resolution (llmnr/RFC4795) [224.0.0.252:udp/5355]"; | |
| } | |
| application http-8000 { | |
| application-protocol http; | |
| protocol tcp; | |
| destination-port 8000; | |
| description "HTTP tcp/8000"; | |
| } | |
| application http-8080 { | |
| application-protocol http; | |
| protocol tcp; | |
| destination-port 8080; | |
| description "HTTP tcp/8080"; | |
| } | |
| application http-8088 { | |
| application-protocol http; | |
| protocol tcp; | |
| destination-port 8088; | |
| } | |
| application apns { | |
| description "Apple Push Notification Service [tcp/2195 tcp/2196 tcp/5223]"; | |
| term t1 protocol tcp destination-port 2195 inactivity-timeout 1800; | |
| term t2 protocol tcp destination-port 2196 inactivity-timeout 1800; | |
| term t3 protocol tcp destination-port 5223 inactivity-timeout 1800; | |
| } | |
| application xmpp { | |
| protocol tcp; | |
| destination-port 5222; | |
| } | |
| application apple-rtp-facetime { | |
| description "Real-Time Transport Protocol (rtp) [udp/16384–16387 udp/16393-16402]"; | |
| term t1 protocol udp destination-port 16384-16387; | |
| term t2 protocol udp destination-port 16394-16402; | |
| } | |
| application google-fcm { | |
| protocol tcp; | |
| destination-port 5228-5230; | |
| inactivity-timeout 1800; | |
| description "Google Firebase Cloud Messaging (fcm) [tcp/5228 tcp/5229 tcp/5230]"; | |
| } | |
| application-set Internet { | |
| application junos-dns-tcp; | |
| application junos-dns-udp; | |
| application junos-ntp; | |
| application junos-ssh; | |
| application junos-aol; | |
| application junos-ftp; | |
| application junos-imap; | |
| application junos-imaps; | |
| application junos-msn; | |
| application junos-pop3; | |
| application junos-realaudio; | |
| application junos-rtsp; | |
| application junos-sip; | |
| application junos-telnet; | |
| application junos-vnc; | |
| application junos-ymsg; | |
| application junos-stun; | |
| application xmpp; | |
| application junos-icmp-ping; | |
| application-set Web; | |
| application-set Apple; | |
| application-set Google; | |
| } | |
| application-set Tunnels { | |
| application junos-ike; | |
| application junos-ike-nat; | |
| application junos-l2tp; | |
| application junos-gre; | |
| } | |
| application-set Media { | |
| application ssdp; | |
| application mdns; | |
| application llmnr; | |
| } | |
| application-set Web { | |
| application junos-http; | |
| application junos-https; | |
| application http-8000; | |
| application http-8080; | |
| application http-8088; | |
| } | |
| application-set apple-facetime { | |
| application junos-http; | |
| application junos-https; | |
| application junos-stun; | |
| application apns; | |
| application apple-rtp-facetime; | |
| } | |
| application-set apple-imessage { | |
| application junos-http; | |
| application junos-https; | |
| application apns; | |
| } | |
| application-set Apple { | |
| application-set apple-facetime; | |
| application-set apple-imessage; | |
| } | |
| application-set Google { | |
| application google-fcm; | |
| } | |
| } | |
| vlans { | |
| VLAN-TRUST { | |
| vlan-id 1; | |
| l3-interface vlan.1; | |
| } | |
| VLAN-GUEST { | |
| vlan-id 900; | |
| l3-interface vlan.900; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment