API tools faq
paste
Advertisement
IWTB

Untitled

IWTB
Aug 12th, 2018
185
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.29 KB | None | 0 0
raw download clone embed print report
  1. root# show
  2. ## Last changed: 2018-08-13 09:36:07 UTC
  3. version 11.4R6.6;
  4. system {
  5. root-authentication {
  6. encrypted-password "****"; ## SECRET-DATA
  7. }
  8. name-server {
  9. ***.**.***.***;
  10. ***.**.***.***;
  11. }
  12. login {
  13. user **** {
  14. uid ****;
  15. class super-user;
  16. authentication {
  17. encrypted-password "****"; ## SECRET-DATA
  18. }
  19. }
  20. }
  21. services {
  22. ssh;
  23. telnet;
  24. xnm-clear-text;
  25. dhcp-local-server {
  26. ##
  27. ## Warning: configuration block ignored: unsupported platform (srx220h-poe)
  28. ##
  29. group INT_DHCP {
  30. interface vlan.12;
  31. }
  32. ##
  33. ## Warning: configuration block ignored: unsupported platform (srx220h-poe)
  34. ##
  35. group MAN_DHCP {
  36. interface vlan.15;
  37. }
  38. ##
  39. ## Warning: configuration block ignored: unsupported platform (srx220h-poe)
  40. ##
  41. group IOT_DHCP {
  42. interface vlan.4;
  43. }
  44. ##
  45. ## Warning: configuration block ignored: unsupported platform (srx220h-poe)
  46. ##
  47. group GST_DHCP {
  48. interface vlan.30;
  49. }
  50. }
  51. web-management {
  52. http {
  53. interface vlan.0;
  54. }
  55. https {
  56. system-generated-certificate;
  57. interface vlan.0;
  58. }
  59. }
  60. dhcp {
  61. router {
  62. 192.168.1.1;
  63. }
  64. pool 192.168.1.0/24 {
  65. address-range low 192.168.1.2 high 192.168.1.254;
  66. }
  67. propagate-settings ge-0/0/0.0;
  68. }
  69. }
  70. syslog {
  71. archive size 100k files 3;
  72. user * {
  73. any emergency;
  74. }
  75. file messages {
  76. any critical;
  77. authorization info;
  78. }
  79. file interactive-commands {
  80. interactive-commands error;
  81. }
  82. }
  83. max-configurations-on-flash 5;
  84. max-configuration-rollbacks 5;
  85. license {
  86. autoupdate {
  87. url https://ae1.juniper.net/junos/key_retrieval;
  88. }
  89. }
  90. }
  91. interfaces {
  92. ge-0/0/0 {
  93. unit 0 {
  94. family inet {
  95. dhcp;
  96. }
  97. }
  98. }
  99. ge-0/0/2 {
  100. vlan-tagging;
  101. unit 0;
  102. unit 15 {
  103. vlan-id 15;
  104. family inet;
  105. }
  106. }
  107. ge-0/0/6 {
  108. unit 0 {
  109. family ethernet-switching {
  110. port-mode trunk;
  111. vlan {
  112. members [ v12 v15 v4 v30 ];
  113. }
  114. native-vlan-id v15;
  115. }
  116. }
  117. }
  118. vlan {
  119. unit 0 {
  120. family inet {
  121. address 192.168.1.1/24;
  122. }
  123. }
  124. unit 4 {
  125. family inet {
  126. address 192.168.4.1/24;
  127. }
  128. }
  129. unit 15 {
  130. family inet {
  131. address 192.168.15.1/24;
  132. }
  133. }
  134. unit 30 {
  135. family inet {
  136. address 192.168.30.1/24;
  137. }
  138. }
  139. unit 12 {
  140. family inet {
  141. address 192.168.12.1/24;
  142. }
  143. }
  144. }
  145. }
  146. protocols {
  147. stp;
  148. }
  149. security {
  150. address-book {
  151. INT_SUBNET {
  152. address 192.168.12.0/24 192.168.12.0/24;
  153. attach {
  154. zone INT;
  155. }
  156. }
  157. MAN_SUBNET {
  158. address 192.168.15.0/24 192.168.15.0/24;
  159. attach {
  160. zone MAN;
  161. }
  162. }
  163. IOT_SUBNET {
  164. address 192.168.4.0/24 192.168.4.0/24;
  165. attach {
  166. zone IOT;
  167. }
  168. }
  169. GST_SUBNET {
  170. address 192.168.30.0/24 192.168.30.0/24;
  171. attach {
  172. zone GST;
  173. }
  174. }
  175. }
  176. screen {
  177. ids-option untrust-screen {
  178. icmp {
  179. ping-death;
  180. }
  181. ip {
  182. source-route-option;
  183. tear-drop;
  184. }
  185. tcp {
  186. syn-flood {
  187. alarm-threshold 1024;
  188. attack-threshold 200;
  189. source-threshold 1024;
  190. destination-threshold 2048;
  191. timeout 20;
  192. }
  193. land;
  194. }
  195. }
  196. }
  197. nat {
  198. source {
  199. rule-set trust-to-untrust {
  200. from zone trust;
  201. to zone untrust;
  202. rule source-nat-rule {
  203. match {
  204. source-address 0.0.0.0/0;
  205. }
  206. then {
  207. source-nat {
  208. interface;
  209. }
  210. }
  211. }
  212. }
  213. rule-set NAT {
  214. from zone [ GST INT IOT MAN ];
  215. to zone EXT;
  216. rule PAT {
  217. match {
  218. source-address [ 192.168.12.0/24 192.168.15.0/24 192.168.4.0/24 192.168.30.0/24 ];
  219. destination-address 0.0.0.0/0;
  220. }
  221. then {
  222. source-nat {
  223. interface;
  224. }
  225. }
  226. }
  227. }
  228. }
  229. }
  230. policies {
  231. from-zone trust to-zone untrust {
  232. policy trust-to-untrust {
  233. match {
  234. source-address any;
  235. destination-address any;
  236. application any;
  237. }
  238. then {
  239. permit;
  240. }
  241. }
  242. }
  243. from-zone INT to-zone EXT {
  244. policy INT-EXT {
  245. match {
  246. source-address 192.168.12.0/24;
  247. destination-address any;
  248. application any;
  249. }
  250. then {
  251. permit;
  252. log {
  253. session-close;
  254. }
  255. }
  256. }
  257. }
  258. from-zone INT to-zone INT {
  259. policy INTRA_INT {
  260. match {
  261. source-address 192.168.12.0/24;
  262. destination-address 192.168.12.0/24;
  263. application any;
  264. }
  265. then {
  266. permit;
  267. }
  268. }
  269. }
  270. from-zone INT to-zone IOT {
  271. policy INT-IOT {
  272. match {
  273. source-address 192.168.12.0/24;
  274. destination-address 192.168.4.0/24;
  275. application any;
  276. }
  277. then {
  278. permit;
  279. }
  280. }
  281. }
  282. from-zone IOT to-zone EXT {
  283. policy IOT-EXT {
  284. match {
  285. source-address 192.168.4.0/24;
  286. destination-address any;
  287. application any;
  288. }
  289. then {
  290. permit;
  291. log {
  292. session-close;
  293. }
  294. }
  295. }
  296. }
  297. from-zone MAN to-zone MAN {
  298. policy INTRA_MAN {
  299. match {
  300. source-address 192.168.15.0/24;
  301. destination-address 192.168.15.0/24;
  302. application any;
  303. }
  304. then {
  305. permit;
  306. }
  307. }
  308. }
  309. from-zone MAN to-zone EXT {
  310. policy MAN-EXT {
  311. match {
  312. source-address 192.168.15.0/24;
  313. destination-address any;
  314. application any;
  315. }
  316. then {
  317. permit;
  318. log {
  319. session-close;
  320. }
  321. }
  322. }
  323. }
  324. from-zone GST to-zone EXT {
  325. policy GST-EXT {
  326. match {
  327. source-address 192.168.30.0/24;
  328. destination-address any;
  329. application any;
  330. }
  331. then {
  332. permit;
  333. log {
  334. session-close;
  335. }
  336. }
  337. }
  338. }
  339. }
  340. zones {
  341. security-zone trust {
  342. host-inbound-traffic {
  343. system-services {
  344. all;
  345. }
  346. protocols {
  347. all;
  348. }
  349. }
  350. interfaces {
  351. vlan.0;
  352. }
  353. }
  354. security-zone untrust {
  355. screen untrust-screen;
  356. interfaces {
  357. ge-0/0/0.0 {
  358. host-inbound-traffic {
  359. system-services {
  360. dhcp;
  361. tftp;
  362. }
  363. }
  364. }
  365. }
  366. }
  367. security-zone EXT {
  368. interfaces {
  369. ge-0/0/0.0 {
  370. host-inbound-traffic {
  371. system-services {
  372. dhcp;
  373. ping;
  374. traceroute;
  375. }
  376. }
  377. }
  378. }
  379. }
  380. security-zone INT {
  381. interfaces {
  382. vlan.12 {
  383. host-inbound-traffic {
  384. system-services {
  385. dhcp;
  386. ping;
  387. traceroute;
  388. }
  389. }
  390. }
  391. }
  392. }
  393. security-zone MAN {
  394. interfaces {
  395. vlan.15 {
  396. host-inbound-traffic {
  397. system-services {
  398. dhcp;
  399. ssh;
  400. ping;
  401. traceroute;
  402. }
  403. }
  404. }
  405. }
  406. }
  407. security-zone IOT {
  408. interfaces {
  409. vlan.4 {
  410. host-inbound-traffic {
  411. system-services {
  412. dhcp;
  413. ping;
  414. traceroute;
  415. }
  416. }
  417. }
  418. }
  419. }
  420. security-zone GST {
  421. interfaces {
  422. vlan.30 {
  423. host-inbound-traffic {
  424. system-services {
  425. dhcp;
  426. ping;
  427. traceroute;
  428. }
  429. }
  430. }
  431. }
  432. }
  433. }
  434. }
  435. access {
  436. address-assignment {
  437. pool INT_DHCP_POOL {
  438. family inet {
  439. network 192.168.12.0/24;
  440. range INT_DHCP_RANGE {
  441. low 192.168.12.20;
  442. high 192.168.12.200;
  443. }
  444. dhcp-attributes {
  445. name-server {
  446. 1.1.1.1;
  447. }
  448. router {
  449. 192.168.12.1;
  450. }
  451. }
  452. }
  453. }
  454. pool IOT_DHCP_POOL {
  455. family inet {
  456. network 192.168.4.0/24;
  457. range DMZ_DHCP_RANGE {
  458. low 192.168.4.20;
  459. high 192.168.4.200;
  460. }
  461. dhcp-attributes {
  462. name-server {
  463. 1.1.1.1;
  464. }
  465. router {
  466. 192.168.4.1;
  467. }
  468. }
  469. }
  470. }
  471. pool GST_DHCP_POOL {
  472. family inet {
  473. network 192.168.30.0/24;
  474. range DMZ_DHCP_RANGE {
  475. low 192.168.30.20;
  476. high 192.168.30.200;
  477. }
  478. dhcp-attributes {
  479. name-server {
  480. 1.1.1.1;
  481. }
  482. router {
  483. 192.168.30.1;
  484. }
  485. }
  486. }
  487. }
  488. }
  489. }
  490. poe {
  491. interface all;
  492. }
  493. vlans {
  494. v15 {
  495. description MANAGEMENT;
  496. vlan-id 15;
  497. l3-interface vlan.15;
  498. }
  499. v30 {
  500. description GUEST;
  501. vlan-id 30;
  502. l3-interface vlan.30;
  503. }
  504. v4 {
  505. description IOT;
  506. vlan-id 4;
  507. l3-interface vlan.4;
  508. }
  509. v12 {
  510. description INTERNAL;
  511. vlan-id 12;
  512. l3-interface vlan.12;
  513. }
  514. vlan-trust {
  515. vlan-id 3;
  516. l3-interface vlan.0;
  517. }
  518. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!