Skip to content

Instantly share code, notes, and snippets.

@virtuald

virtuald/test.cfg

Last active September 6, 2017 21:44
Show Gist options
  • Save virtuald/6350eeb4870efa467abf5b88ed49127b to your computer and use it in GitHub Desktop.
Save virtuald/6350eeb4870efa467abf5b88ed49127b to your computer and use it in GitHub Desktop.
Download ZIP
ns2html netscreen config file (GPL, from http://ns2html.sourceforge.net/download.html)
Raw
test.cfg
set clock timezone 0
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
exit
set service "TCP_123" protocol tcp src-port 0-65535 dst-port 123-123
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set auth radius accounting port 1646
set admin name "netscreen"
set admin password "nKVUM2rwMUzPcrkG5sWIHdCtqkAibn"
set admin auth timeout 10
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
set zone "DMZ" tcp-rst
set zone "VLAN" block
unset zone "VLAN" tcp-rst
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "ethernet1" zone "Untrust"
set interface "ethernet2" zone "Trust"
set interface "ethernet3" zone "MGT"
set interface "ethernet4" zone "HA"
unset interface vlan1 ip
set interface ethernet1 ip 200.200.200.200/28
set interface ethernet1 route
set interface ethernet2 ip 172.23.23.23/28
set interface ethernet2 nat
set interface ethernet3 ip 172.30.100.2/24
set interface ethernet3 route
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet1 ip manageable
set interface ethernet2 ip manageable
set interface "ethernet1" mip 200.200.200.201 host 172.23.23.24 netmask 255.255.255.255 vr "trust-vr"
unset flow no-tcp-seq-check
set flow tcp-syn-check
set console page 0
set hostname firewall-test
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set address "Trust" "172.23.23.24/28" 172.23.23.24 255.255.255.240
set group address "Trust" "SAIDA_FULL"
set group address "Trust" "SAIDA_FULL" add "172.23.23.24/28"
set ike respond-bad-spi 1
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set nsrp cluster id 1
set nsrp vsd-group id 0 priority 100
set nsrp secondary-path ethernet2
set nsrp monitor interface ethernet1
set nsrp monitor interface ethernet2
set url protocol websense
exit
set policy id 1 from "Trust" to "Untrust" "SAIDA_FULL" "Any" "ANY" permit log
set policy id 1
exit
set policy id 2 from "Untrust" to "Trust" "Any" "MIP(200.200.200.201)" "HTTP" permit log
set policy id 2
exit
set nsmgmt bulkcli reboot-timeout 60
set ssh version v2
set config lock timeout 5
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
exit
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment