API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 2nd, 2019
265
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
TCL 7.92 KB | None | 0 0
raw download clone embed print report
  1.  
  2. set version 10.4R4.5
  3. set system host-name RemoteOffice_FW
  4. set system time-zone GMT-8
  5. set system root-authentication encrypted-password "dont be looking here"
  6. set system name-server 208.67.222.222
  7. set system name-server 208.67.220.220
  8. set system services ssh
  9. set system services telnet
  10. set system services web-management https
  11. set system services web-management https system-generated-certificate
  12. set system services web-management https interface st0.0
  13. set system services web-management https interface fe-0/0/0.0
  14. set system services dhcp pool 10.20.35.0/24 address-range low 10.20.35.100
  15. set system services dhcp pool 10.20.35.0/24 address-range high 10.20.35.254
  16. set system services dhcp pool 10.20.35.0/24 default-lease-time 86400
  17. set system services dhcp pool 10.20.35.0/24 domain-name ourdomain.gov
  18. set system services dhcp pool 10.20.35.0/24 name-server 10.10.1.23
  19. set system services dhcp pool 10.20.35.0/24 name-server 10.10.1.14
  20. set system services dhcp pool 10.20.35.0/24 router 10.20.35.1
  21. set system services dhcp pool 10.20.35.0/24 option 242 string MCIPADD=10.20.1.215,10.18.1.215,HTTPSRVR=10.10.11.119,L2Q=1,L2QVLAN=35,VLANTEST=20
  22. set system syslog archive size 100k
  23. set system syslog archive files 3
  24. set system syslog user * any emergency
  25. set system syslog file messages any critical
  26. set system syslog file messages authorization info
  27. set system syslog file interactive-commands interactive-commands error
  28. set system max-configurations-on-flash 5
  29. set system max-configuration-rollbacks 5
  30. set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
  31. set interfaces fe-0/0/0 unit 0 description External
  32. set interfaces fe-0/0/0 unit 0 family inet address 200.1.1.74/29
  33. set interfaces fe-0/0/1 vlan-tagging
  34. set interfaces fe-0/0/1 unit 0 description internal
  35. set interfaces fe-0/0/1 unit 0 vlan-id 1
  36. set interfaces fe-0/0/1 unit 20 description RemoteOffice_Mgmt
  37. set interfaces fe-0/0/1 unit 20 vlan-id 20
  38. set interfaces fe-0/0/1 unit 20 family inet address 10.20.20.1/24
  39. set interfaces fe-0/0/1 unit 35 description VoIP_RemoteOffice
  40. set interfaces fe-0/0/1 unit 35 vlan-id 35
  41. set interfaces fe-0/0/1 unit 35 family inet address 10.20.35.1/24
  42. set interfaces lo0 unit 0 family inet address 127.0.0.1/32
  43. set interfaces st0 unit 0 family inet
  44. set interfaces vlan unit 0
  45. set snmp description "Remote Office Firewall"
  46. set snmp location "Remote Office"
  47. set snmp community SNMPReadString authorization read-only
  48. set routing-options static route 0.0.0.0/0 next-hop 200.1.1.78
  49. set routing-options static route 10.0.0.0/8 next-hop st0.0
  50. set security ike proposal RemoteOffice-Phase1-Prop authentication-method pre-shared-keys
  51. set security ike proposal RemoteOffice-Phase1-Prop dh-group group2
  52. set security ike proposal RemoteOffice-Phase1-Prop authentication-algorithm sha1
  53. set security ike proposal RemoteOffice-Phase1-Prop encryption-algorithm aes-192-cbc
  54. set security ike proposal RemoteOffice-Phase1-Prop lifetime-seconds 28800
  55. set security ike policy RemoteOffice-IKE-Policy mode main
  56. set security ike policy RemoteOffice-IKE-Policy proposals RemoteOffice-Phase1-Prop
  57. set security ike policy RemoteOffice-IKE-Policy pre-shared-key ascii-text "some key"
  58. set security ike gateway RemoteOffice-VPN-Gateway ike-policy RemoteOffice-IKE-Policy
  59. set security ike gateway RemoteOffice-VPN-Gateway address 100.50.10.33
  60. set security ike gateway RemoteOffice-VPN-Gateway local-identity inet 200.1.1.74
  61. set security ike gateway RemoteOffice-VPN-Gateway external-interface fe-0/0/0
  62. set security ipsec proposal RemoteOffice-Phase2-Prop protocol esp
  63. set security ipsec proposal RemoteOffice-Phase2-Prop authentication-algorithm hmac-sha1-96
  64. set security ipsec proposal RemoteOffice-Phase2-Prop encryption-algorithm aes-192-cbc
  65. set security ipsec proposal RemoteOffice-Phase2-Prop lifetime-seconds 28000
  66. set security ipsec policy RemoteOffice-IPSEC-Policy perfect-forward-secrecy keys group2
  67. set security ipsec policy RemoteOffice-IPSEC-Policy proposals RemoteOffice-Phase2-Prop
  68. set security ipsec vpn RemoteOffice bind-interface st0.0
  69. set security ipsec vpn RemoteOffice ike gateway RemoteOffice-VPN-Gateway
  70. set security ipsec vpn RemoteOffice ike ipsec-policy RemoteOffice-IPSEC-Policy
  71. set security ipsec vpn RemoteOffice establish-tunnels immediately
  72. set security zones security-zone trust host-inbound-traffic system-services all
  73. set security zones security-zone trust host-inbound-traffic protocols all
  74. set security zones security-zone trust interfaces fe-0/0/1.0 host-inbound-traffic system-services all
  75. set security zones security-zone trust interfaces fe-0/0/1.0 host-inbound-traffic protocols all
  76. set security zones security-zone trust interfaces fe-0/0/1.20 host-inbound-traffic system-services all
  77. set security zones security-zone trust interfaces fe-0/0/1.20 host-inbound-traffic protocols all
  78. set security zones security-zone trust interfaces fe-0/0/1.35 host-inbound-traffic system-services all
  79. set security zones security-zone trust interfaces fe-0/0/1.35 host-inbound-traffic protocols all
  80. set security zones security-zone vpn host-inbound-traffic system-services all
  81. set security zones security-zone vpn host-inbound-traffic protocols all
  82. set security zones security-zone vpn interfaces st0.0 host-inbound-traffic system-services all
  83. set security zones security-zone vpn interfaces st0.0 host-inbound-traffic protocols all
  84. set security zones security-zone untrust host-inbound-traffic system-services ike
  85. set security zones security-zone untrust host-inbound-traffic protocols all
  86. set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services ike
  87. set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services ssh
  88. set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services ping
  89. set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic protocols all
  90. set security policies from-zone trust to-zone untrust policy trust-to-untrust match source-address any
  91. set security policies from-zone trust to-zone untrust policy trust-to-untrust match destination-address any
  92. set security policies from-zone trust to-zone untrust policy trust-to-untrust match application any
  93. set security policies from-zone trust to-zone untrust policy trust-to-untrust then permit
  94. set security policies from-zone trust to-zone vpn policy trust-to-vpn match source-address any
  95. set security policies from-zone trust to-zone vpn policy trust-to-vpn match destination-address any
  96. set security policies from-zone trust to-zone vpn policy trust-to-vpn match application any
  97. set security policies from-zone trust to-zone vpn policy trust-to-vpn then permit
  98. set security policies from-zone vpn to-zone trust policy vpn-to-trust match source-address any
  99. set security policies from-zone vpn to-zone trust policy vpn-to-trust match destination-address any
  100. set security policies from-zone vpn to-zone trust policy vpn-to-trust match application any
  101. set security policies from-zone vpn to-zone trust policy vpn-to-trust then permit
  102. set security policies from-zone trust to-zone trust policy trust-to-trust match source-address any
  103. set security policies from-zone trust to-zone trust policy trust-to-trust match destination-address any
  104. set security policies from-zone trust to-zone trust policy trust-to-trust match application any
  105. set security policies from-zone trust to-zone trust policy trust-to-trust then permit
  106. set security alg dns disable
  107. set security alg ftp disable
  108. set security alg h323 disable
  109. set security alg mgcp disable
  110. set security alg msrpc disable
  111. set security alg sunrpc disable
  112. set security alg rsh disable
  113. set security alg rtsp disable
  114. set security alg sccp disable
  115. set security alg sip disable
  116. set security alg sql disable
  117. set security alg talk disable
  118. set security alg tftp disable
  119. set security alg pptp disable
  120. set security flow tcp-mss ipsec-vpn mss 1350
  121. set security flow tcp-mss gre-in mss 1350
  122. set security flow tcp-mss gre-out mss 1350
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!