Created
August 11, 2014 08:58
-
-
Save thetooth/04860af2bd1911106f40 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Last changed: 2014-08-11 18:41:38 EST | |
| version 12.1X46-D20.5; | |
| groups { | |
| wiz_PPPoE_0 { | |
| system { | |
| services { | |
| dhcp { | |
| propagate-ppp-settings pp0.0; | |
| } | |
| } | |
| } | |
| interfaces { | |
| pp0 { | |
| unit 0 { | |
| description TPG; | |
| ppp-options { | |
| chap { | |
| default-chap-secret ""; | |
| local-name n; | |
| no-rfc2486; | |
| passive; | |
| } | |
| pap { | |
| local-name n; | |
| no-rfc2486; | |
| local-password ""; | |
| passive; | |
| } | |
| } | |
| pppoe-options { | |
| underlying-interface ge-0/0/0.0; | |
| } | |
| family inet { | |
| negotiate-address; | |
| } | |
| } | |
| } | |
| ge-0/0/0 { | |
| unit 0 { | |
| encapsulation ppp-over-ether; | |
| } | |
| } | |
| } | |
| routing-options { | |
| static { | |
| route 0.0.0.0/0 { | |
| qualified-next-hop pp0.0 { | |
| metric 1; | |
| } | |
| } | |
| } | |
| } | |
| security { | |
| zones { | |
| security-zone untrust { | |
| interfaces { | |
| pp0.0; | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| apply-groups wiz_PPPoE_0; | |
| system { | |
| host-name SRX; | |
| time-zone Australia/Brisbane; | |
| root-authentication { | |
| encrypted-password ""; | |
| } | |
| name-server { | |
| 10.0.1.2; | |
| } | |
| login { | |
| user thetooth { | |
| uid 2000; | |
| class super-user; | |
| authentication { | |
| encrypted-password ""; | |
| } | |
| } | |
| } | |
| services { | |
| ssh; | |
| telnet; | |
| xnm-clear-text; | |
| web-management { | |
| http { | |
| interface vlan.0; | |
| } | |
| https { | |
| system-generated-certificate; | |
| interface vlan.0; | |
| } | |
| } | |
| dhcp { | |
| domain-name hamtaro.ameoto.com; | |
| router { | |
| 10.0.1.254; | |
| } | |
| pool 10.0.1.0/24 { | |
| address-range low 10.0.1.100 high 10.0.1.200; | |
| name-server { | |
| 10.0.1.2; | |
| } | |
| } | |
| } | |
| } | |
| syslog { | |
| archive size 100k files 3; | |
| user * { | |
| any emergency; | |
| } | |
| file messages { | |
| any critical; | |
| authorization info; | |
| } | |
| file interactive-commands { | |
| interactive-commands error; | |
| } | |
| } | |
| max-configurations-on-flash 5; | |
| max-configuration-rollbacks 5; | |
| license { | |
| autoupdate { | |
| url https://ae1.juniper.net/junos/key_retrieval; | |
| } | |
| } | |
| ntp { | |
| server 150.101.254.110 version 4 prefer; | |
| } | |
| } | |
| interfaces { | |
| ge-0/0/1 { | |
| unit 0 { | |
| family ethernet-switching { | |
| vlan { | |
| members vlan-trust; | |
| } | |
| } | |
| } | |
| } | |
| fe-0/0/2 { | |
| unit 0 { | |
| family ethernet-switching { | |
| vlan { | |
| members vlan-trust; | |
| } | |
| } | |
| } | |
| } | |
| fe-0/0/3 { | |
| unit 0 { | |
| family ethernet-switching { | |
| vlan { | |
| members vlan-trust; | |
| } | |
| } | |
| } | |
| } | |
| fe-0/0/4 { | |
| unit 0 { | |
| family ethernet-switching { | |
| vlan { | |
| members vlan-trust; | |
| } | |
| } | |
| } | |
| } | |
| fe-0/0/5 { | |
| unit 0 { | |
| family ethernet-switching { | |
| vlan { | |
| members vlan-trust; | |
| } | |
| } | |
| } | |
| } | |
| fe-0/0/6 { | |
| unit 0 { | |
| family ethernet-switching { | |
| vlan { | |
| members vlan-trust; | |
| } | |
| } | |
| } | |
| } | |
| fe-0/0/7 { | |
| unit 0 { | |
| family ethernet-switching { | |
| vlan { | |
| members vlan-trust; | |
| } | |
| } | |
| } | |
| } | |
| vlan { | |
| unit 0 { | |
| family inet { | |
| sampling { | |
| input; | |
| } | |
| address 192.168.1.1/24; | |
| address 10.0.1.254/24; | |
| } | |
| } | |
| } | |
| } | |
| forwarding-options { | |
| sampling { | |
| input { | |
| rate 1; | |
| run-length 0; | |
| } | |
| family inet { | |
| output { | |
| flow-server 10.0.1.1 { | |
| port 2222; | |
| version9 { | |
| template { | |
| ipv4-test; | |
| } | |
| } | |
| } | |
| inline-jflow { | |
| source-address 10.0.1.254; | |
| } | |
| } | |
| } | |
| } | |
| } | |
| snmp { | |
| community public { | |
| authorization read-only; | |
| } | |
| } | |
| protocols { | |
| stp; | |
| } | |
| security { | |
| screen { | |
| ids-option untrust-screen { | |
| icmp { | |
| ping-death; | |
| } | |
| ip { | |
| source-route-option; | |
| tear-drop; | |
| } | |
| tcp { | |
| syn-flood { | |
| alarm-threshold 1024; | |
| attack-threshold 200; | |
| source-threshold 1024; | |
| destination-threshold 2048; | |
| timeout 20; | |
| } | |
| land; | |
| } | |
| } | |
| } | |
| nat { | |
| source { | |
| rule-set trust-to-untrust { | |
| from zone trust; | |
| to zone untrust; | |
| rule source-nat-rule { | |
| match { | |
| source-address 0.0.0.0/0; | |
| } | |
| then { | |
| source-nat { | |
| interface; | |
| } | |
| } | |
| } | |
| } | |
| } | |
| destination { | |
| pool POOL-ASTERISK { | |
| address 10.0.1.252/32; | |
| } | |
| pool POOL-HTTP { | |
| address 10.0.1.2/32 port 80; | |
| } | |
| rule-set NAT-UNTRUST-TO-TRUST { | |
| from zone untrust; | |
| rule DEST-NAT { | |
| match { | |
| source-address [ 202.43.66.1/32 202.43.66.2/32 202.43.66.3/32 202.43.66.4/32 202.43.66.5/32 ]; | |
| destination-address 0.0.0.0/0; | |
| } | |
| then { | |
| destination-nat { | |
| pool { | |
| POOL-ASTERISK; | |
| } | |
| } | |
| } | |
| } | |
| rule HTTP { | |
| match { | |
| destination-address 0.0.0.0/0; | |
| destination-port 80; | |
| } | |
| then { | |
| destination-nat { | |
| pool { | |
| POOL-HTTP; | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| policies { | |
| from-zone trust to-zone untrust { | |
| policy trust-to-untrust { | |
| match { | |
| source-address any; | |
| destination-address any; | |
| application any; | |
| } | |
| then { | |
| permit; | |
| } | |
| } | |
| } | |
| from-zone untrust to-zone trust { | |
| policy trust-services { | |
| match { | |
| source-address any; | |
| destination-address any; | |
| application [ junos-http junos-sip ]; | |
| } | |
| then { | |
| permit; | |
| } | |
| } | |
| } | |
| } | |
| zones { | |
| security-zone trust { | |
| host-inbound-traffic { | |
| system-services { | |
| all; | |
| } | |
| protocols { | |
| all; | |
| } | |
| } | |
| interfaces { | |
| vlan.0 { | |
| host-inbound-traffic { | |
| system-services { | |
| all; | |
| } | |
| protocols { | |
| all; | |
| } | |
| } | |
| } | |
| } | |
| } | |
| security-zone untrust { | |
| screen untrust-screen; | |
| } | |
| security-zone junos-host; | |
| } | |
| } | |
| services { | |
| flow-monitoring { | |
| version9 { | |
| template ipv4-test { | |
| ipv4-template; | |
| } | |
| } | |
| } | |
| } | |
| vlans { | |
| vlan-trust { | |
| vlan-id 3; | |
| l3-interface vlan.0; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment