Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## Last commit: 2023-07-17 13:51:03 UTC by bob
- version 12.1X46-D50.4;
- groups {
- node0 {
- system {
- host-name srx210-A;
- }
- interfaces {
- fxp0 {
- unit 0 {
- family inet {
- address 192.168.1.2/24;
- }
- }
- }
- }
- }
- node1 {
- system {
- host-name srx210-B;
- }
- interfaces {
- fxp0 {
- unit 0 {
- family inet {
- address 192.168.1.3/24;
- }
- }
- }
- }
- }
- }
- apply-groups "${node}";
- system {
- root-authentication {
- encrypted-password "SECRET_HASH_OF_SECRETS"; ## SECRET-DATA
- }
- name-server {
- 8.8.8.8;
- 8.8.4.4;
- }
- login {
- user bob{
- uid 2001;
- class super-user;
- authentication {
- encrypted-password "SSSHHHHHH_ITS_A_SECRET"; ## SECA
- }
- }
- }
- services {
- ssh;
- xnm-clear-text;
- web-management {
- http {
- interface vlan.0;
- }
- https {
- system-generated-certificate;
- interface vlan.0;
- }
- }
- dhcp {
- router {
- 192.168.1.1;
- }
- pool 192.168.1.0/24 {
- address-range low 192.168.1.10 high 192.168.1.50;
- }
- propagate-settings reth1;
- }
- }
- syslog {
- archive size 100k files 3;
- user * {
- any emergency;
- }
- file messages {
- any critical;
- authorization info;
- }
- file interactive-commands {
- interactive-commands error;
- }
- }
- max-configurations-on-flash 5;
- max-configuration-rollbacks 5;
- license {
- autoupdate {
- url https://ae1.juniper.net/junos/key_retrieval;
- }
- }
- }
- chassis {
- cluster {
- reth-count 2;
- redundancy-group 0 {
- node 0 priority 100;
- node 1 priority 1;
- }
- redundancy-group 1 {
- node 0 priority 100;
- node 1 priority 1;
- interface-monitor {
- ge-0/0/0 weight 255;
- fe-0/0/2 weight 255;
- ge-2/0/0 weight 255;
- fe-2/0/2 weight 255;
- }
- }
- }
- }
- interfaces {
- ge-0/0/0 {
- gigether-options {
- redundant-parent reth0;
- }
- }
- fe-0/0/2 {
- fastether-options {
- redundant-parent reth1;
- }
- }
- ge-2/0/0 {
- gigether-options {
- redundant-parent reth0;
- }
- }
- fe-2/0/2 {
- fastether-options {
- redundant-parent reth1;
- }
- }
- fab0 {
- fabric-options {
- member-interfaces {
- ge-0/0/1;
- }
- }
- }
- fab1 {
- fabric-options {
- member-interfaces {
- ge-2/0/1;
- }
- }
- }
- reth0 {
- redundant-ether-options {
- redundancy-group 1;
- }
- unit 0 {
- family inet {
- address WAN_ADDRESS/NM;
- }
- }
- }
- reth1 {
- redundant-ether-options {
- redundancy-group 1;
- }
- unit 0 {
- family inet {
- address 192.168.1.1/24;
- }
- }
- }
- }
- routing-options {
- static {
- route 0.0.0.0/0 next-hop WAN_DEFAULT_GW;
- }
- }
- protocols {
- stp;
- }
- security {
- screen {
- ids-option untrust-screen {
- icmp {
- ping-death;
- }
- ip {
- source-route-option;
- tear-drop;
- }
- tcp {
- syn-flood {
- alarm-threshold 1024;
- attack-threshold 200;
- source-threshold 1024;
- destination-threshold 2048;
- timeout 20;
- }
- land;
- }
- }
- }
- nat {
- source {
- rule-set trust-to-untrust {
- from zone trust;
- to zone untrust;
- rule source-nat-rule {
- match {
- source-address 0.0.0.0/0;
- }
- then {
- source-nat {
- interface;
- }
- }
- }
- }
- }
- }
- policies {
- from-zone trust to-zone untrust {
- policy trust-to-untrust {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- }
- zones {
- security-zone trust {
- host-inbound-traffic {
- system-services {
- all;
- }
- protocols {
- all;
- }
- }
- interfaces {
- reth1.0;
- }
- }
- security-zone untrust {
- screen untrust-screen;
- interfaces {
- reth0.0;
- }
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
