Last active
October 22, 2017 19:37
-
-
Save pinggit/311b2b192deddcfefbab84f41659a05f to your computer and use it in GitHub Desktop.
firefly transparent config
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Last changed: 2017-10-18 14:01:25 UTC | |
| version 12.1X47-D20.7; | |
| system { | |
| root-authentication { | |
| encrypted-password "$1$mHqxe3ff$hUWAehCCnLSDF.kcaAiSN1"; ## SECRET-DATA | |
| ## Last changed: 2017-10-22 18:19:28 UTC | |
| version 12.1X47-D20.7; | |
| system { | |
| root-authentication { | |
| encrypted-password "$1$mHqxe3ff$hUWAehCCnLSDF.kcaAiSN1"; ## SECRET-DATA | |
| } | |
| services { | |
| ssh; | |
| web-management { | |
| http { | |
| interface ge-0/0/0.0; | |
| } | |
| } | |
| } | |
| syslog { | |
| user * { | |
| any emergency; | |
| } | |
| file messages { | |
| any any; | |
| authorization info; | |
| } | |
| file interactive-commands { | |
| interactive-commands any; | |
| } | |
| } | |
| license { | |
| autoupdate { | |
| url https://ae1.juniper.net/junos/key_retrieval; | |
| } | |
| } | |
| } | |
| interfaces { | |
| ge-0/0/0 { | |
| unit 0 { | |
| family bridge { | |
| interface-mode access; | |
| vlan-id 1; | |
| } | |
| } | |
| } | |
| ge-0/0/1 { | |
| unit 0 { | |
| family bridge { | |
| interface-mode trunk; | |
| vlan-id-list 1-200; | |
| } | |
| } | |
| } | |
| ge-0/0/2 { | |
| unit 0 { | |
| family bridge { | |
| interface-mode trunk; | |
| vlan-id-list 1-200; | |
| } | |
| } | |
| } | |
| irb { | |
| unit 0 { | |
| family inet { | |
| dhcp-client; | |
| } | |
| } | |
| } | |
| } | |
| security { | |
| screen { | |
| ids-option untrust-screen { | |
| icmp { | |
| ping-death; | |
| } | |
| ip { | |
| source-route-option; | |
| tear-drop; | |
| } | |
| tcp { | |
| syn-flood { | |
| alarm-threshold 1024; | |
| attack-threshold 200; | |
| source-threshold 1024; | |
| destination-threshold 2048; | |
| queue-size 2000; | |
| timeout 20; | |
| } | |
| land; | |
| } | |
| } | |
| } | |
| policies { | |
| from-zone trust to-zone trust { | |
| policy default-permit { | |
| match { | |
| source-address any; | |
| destination-address any; | |
| application any; | |
| } | |
| then { | |
| permit; | |
| } | |
| } | |
| } | |
| from-zone trust to-zone untrust { | |
| policy default-permit { | |
| match { | |
| source-address any; | |
| destination-address any; | |
| application any; | |
| } | |
| then { | |
| permit; | |
| } | |
| } | |
| } | |
| from-zone untrust to-zone trust { | |
| policy default-deny { | |
| match { | |
| source-address any; | |
| destination-address any; | |
| application any; | |
| } | |
| then { | |
| deny; | |
| } | |
| } | |
| } | |
| } | |
| zones { | |
| functional-zone management { | |
| interfaces { | |
| ge-0/0/0.0 { | |
| host-inbound-traffic { | |
| system-services { | |
| all; | |
| } | |
| } | |
| } | |
| } | |
| } | |
| security-zone trust { | |
| tcp-rst; | |
| interfaces { | |
| ge-0/0/1.0 { | |
| host-inbound-traffic { | |
| system-services { | |
| dhcp; | |
| ping; | |
| ssh; | |
| } | |
| protocols { | |
| all; | |
| } | |
| } | |
| } | |
| ge-0/0/2.0 { | |
| host-inbound-traffic { | |
| system-services { | |
| dhcp; | |
| ping; | |
| ssh; | |
| } | |
| protocols { | |
| all; | |
| } | |
| } | |
| } | |
| } | |
| } | |
| security-zone untrust { | |
| screen untrust-screen; | |
| } | |
| } | |
| } | |
| bridge-domains { | |
| sc1 { | |
| domain-type bridge; | |
| vlan-id 1; | |
| routing-interface irb.0; | |
| } | |
| } | |
| } | |
| services { | |
| ssh; | |
| web-management { | |
| http { | |
| interface ge-0/0/0.0; | |
| } | |
| } | |
| } | |
| syslog { | |
| user * { | |
| any emergency; | |
| } | |
| file messages { | |
| any any; | |
| authorization info; | |
| } | |
| file interactive-commands { | |
| interactive-commands any; | |
| } | |
| } | |
| license { | |
| autoupdate { | |
| url https://ae1.juniper.net/junos/key_retrieval; | |
| } | |
| } | |
| } | |
| interfaces { | |
| ge-0/0/0 { | |
| unit 0 { | |
| family inet { | |
| dhcp-client; | |
| } | |
| } | |
| } | |
| ge-0/0/1 { | |
| unit 0 { | |
| family inet { | |
| dhcp-client; | |
| } | |
| } | |
| } | |
| ge-0/0/2 { | |
| unit 0 { | |
| family inet { | |
| dhcp-client; | |
| } | |
| } | |
| } | |
| } | |
| security { | |
| screen { | |
| ids-option untrust-screen { | |
| icmp { | |
| ping-death; | |
| } | |
| ip { | |
| source-route-option; | |
| tear-drop; | |
| } | |
| tcp { | |
| syn-flood { | |
| alarm-threshold 1024; | |
| attack-threshold 200; | |
| source-threshold 1024; | |
| destination-threshold 2048; | |
| queue-size 2000; | |
| timeout 20; | |
| } | |
| land; | |
| } | |
| } | |
| } | |
| policies { | |
| from-zone trust to-zone trust { | |
| policy default-permit { | |
| match { | |
| source-address any; | |
| destination-address any; | |
| application any; | |
| } | |
| then { | |
| permit; | |
| } | |
| } | |
| } | |
| from-zone trust to-zone untrust { | |
| policy default-permit { | |
| match { | |
| source-address any; | |
| destination-address any; | |
| application any; | |
| } | |
| then { | |
| permit; | |
| } | |
| } | |
| } | |
| from-zone untrust to-zone trust { | |
| policy default-deny { | |
| match { | |
| source-address any; | |
| destination-address any; | |
| application any; | |
| } | |
| then { | |
| deny; | |
| } | |
| } | |
| } | |
| } | |
| zones { | |
| security-zone trust { | |
| tcp-rst; | |
| interfaces { | |
| ge-0/0/1.0 { | |
| host-inbound-traffic { | |
| system-services { | |
| dhcp; | |
| ping; | |
| ssh; | |
| } | |
| protocols { | |
| all; | |
| } | |
| } | |
| } | |
| ge-0/0/2.0 { | |
| host-inbound-traffic { | |
| system-services { | |
| dhcp; | |
| ping; | |
| ssh; | |
| } | |
| protocols { | |
| all; | |
| } | |
| } | |
| } | |
| } | |
| } | |
| security-zone untrust { | |
| screen untrust-screen; | |
| interfaces { | |
| ge-0/0/0.0 { | |
| host-inbound-traffic { | |
| system-services { | |
| http; | |
| https; | |
| ssh; | |
| telnet; | |
| dhcp; | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment