API tools faq
paste
Advertisement
Guest User

CE03

a guest
Sep 19th, 2017
828
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.63 KB | None | 0 0
raw download clone embed print report
  1. root@CE03# show | display set
  2. set version 15.1X49-D100.6
  3. set system host-name CE03
  4. set system domain-name testlab.com
  5. set system root-authentication encrypted-password "$5$X8Ngj67O$ku31G8Xy8lt.VdEuvOESu54ntlGViRevxrPS1QYLHMB"
  6. set system login user the-packet-thrower uid 2000
  7. set system login user the-packet-thrower class super-user
  8. set system login user the-packet-thrower authentication encrypted-password "$5$Usz/ClKp$tOPBJe47yg9I12GiMgEp9MRpyLVkd6BQhn.QryfMzc8"
  9. set system services ssh
  10. set system services web-management http interface fxp0.0
  11. set system syslog user * any emergency
  12. set system syslog file messages any any
  13. set system syslog file messages authorization info
  14. set system syslog file interactive-commands interactive-commands any
  15. set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
  16. set security log mode stream
  17. set security log report
  18. set security screen ids-option unMGMT-screen icmp ping-death
  19. set security screen ids-option unMGMT-screen ip source-route-option
  20. set security screen ids-option unMGMT-screen ip tear-drop
  21. set security screen ids-option unMGMT-screen tcp syn-flood alarm-threshold 1024
  22. set security screen ids-option unMGMT-screen tcp syn-flood attack-threshold 200
  23. set security screen ids-option unMGMT-screen tcp syn-flood source-threshold 1024
  24. set security screen ids-option unMGMT-screen tcp syn-flood destination-threshold 2048
  25. set security screen ids-option unMGMT-screen tcp syn-flood queue-size 2000
  26. set security screen ids-option unMGMT-screen tcp syn-flood timeout 20
  27. set security screen ids-option unMGMT-screen tcp land
  28. set security policies from-zone MGMT to-zone MGMT policy default-permit match source-address any
  29. set security policies from-zone MGMT to-zone MGMT policy default-permit match destination-address any
  30. set security policies from-zone MGMT to-zone MGMT policy default-permit match application any
  31. set security policies from-zone MGMT to-zone MGMT policy default-permit then permit
  32. set security policies from-zone MGMT to-zone unMGMT policy default-permit match source-address any
  33. set security policies from-zone MGMT to-zone unMGMT policy default-permit match destination-address any
  34. set security policies from-zone MGMT to-zone unMGMT policy default-permit match application any
  35. set security policies from-zone MGMT to-zone unMGMT policy default-permit then permit
  36. set security policies from-zone trust to-zone trust policy default-permit match source-address any
  37. set security policies from-zone trust to-zone trust policy default-permit match destination-address any
  38. set security policies from-zone trust to-zone trust policy default-permit match application any
  39. set security policies from-zone trust to-zone trust policy default-permit then permit
  40. set security policies from-zone trust to-zone untrust policy default-permit match source-address any
  41. set security policies from-zone trust to-zone untrust policy default-permit match destination-address any
  42. set security policies from-zone trust to-zone untrust policy default-permit match application any
  43. set security policies from-zone trust to-zone untrust policy default-permit then permit
  44. set security zones security-zone MGMT tcp-rst
  45. set security zones security-zone MGMT host-inbound-traffic system-services all
  46. set security zones security-zone MGMT host-inbound-traffic protocols all
  47. set security zones security-zone MGMT interfaces ge-0/0/0.0
  48. set security zones security-zone unMGMT screen unMGMT-screen
  49. set security zones security-zone trust tcp-rst
  50. set security zones security-zone trust host-inbound-traffic system-services all
  51. set security zones security-zone trust host-inbound-traffic protocols all
  52. set security zones security-zone trust interfaces ge-0/0/1.0
  53. set security zones security-zone trust interfaces ge-0/0/2.0
  54. set security zones security-zone untrust
  55. set interfaces ge-0/0/0 unit 0 family inet address 10.20.2.217/24
  56. set interfaces ge-0/0/1 unit 0 family inet address 192.168.3.3/24
  57. set interfaces ge-0/0/2 unit 0 family inet address 172.16.31.1/24
  58. set interfaces ge-0/0/2 unit 0 family inet address 172.16.32.1/24
  59. set interfaces ge-0/0/2 unit 0 family inet address 172.16.33.1/24
  60. set interfaces ge-0/0/2 unit 0 family inet address 172.16.34.1/24
  61. set interfaces fxp0 unit 0
  62. set interfaces lo0 unit 0 family mpls
  63. set protocols ospf area 0.0.0.0 interface all
  64. set protocols ospf area 0.0.0.0 interface lo0.0 passive
  65. set protocols lldp interface all
  66. set routing-instances MGMT instance-type virtual-router
  67. set routing-instances MGMT interface ge-0/0/0.0
  68. set routing-instances MGMT routing-options static route 0.0.0.0/0 next-hop 10.20.2.1
  69.  
  70. [edit]
  71. root@CE03#
  72.  
  73. [edit]
  74. root@CE03# show
  75. ## Last changed: 2017-09-19 05:58:11 UTC
  76. version 15.1X49-D100.6;
  77. system {
  78. host-name CE03;
  79. domain-name testlab.com;
  80. root-authentication {
  81. encrypted-password "$5$X8Ngj67O$ku31G8Xy8lt.VdEuvOESu54ntlGViRevxrPS1QYLHMB"; ## SECRET-DATA
  82. }
  83. login {
  84. user the-packet-thrower {
  85. uid 2000;
  86. class super-user;
  87. authentication {
  88. encrypted-password "$5$Usz/ClKp$tOPBJe47yg9I12GiMgEp9MRpyLVkd6BQhn.QryfMzc8"; ## SECRET-DATA
  89. }
  90. }
  91. }
  92. services {
  93. ssh;
  94. web-management {
  95. http {
  96. interface fxp0.0;
  97. }
  98. }
  99. }
  100. syslog {
  101. user * {
  102. any emergency;
  103. }
  104. file messages {
  105. any any;
  106. authorization info;
  107. }
  108. file interactive-commands {
  109. interactive-commands any;
  110. }
  111. }
  112. license {
  113. autoupdate {
  114. url https://ae1.juniper.net/junos/key_retrieval;
  115. }
  116. }
  117. }
  118. security {
  119. log {
  120. mode stream;
  121. report;
  122. }
  123. screen {
  124. ids-option unMGMT-screen {
  125. icmp {
  126. ping-death;
  127. }
  128. ip {
  129. source-route-option;
  130. tear-drop;
  131. }
  132. tcp {
  133. syn-flood {
  134. alarm-threshold 1024;
  135. attack-threshold 200;
  136. source-threshold 1024;
  137. destination-threshold 2048;
  138. queue-size 2000; ## Warning: 'queue-size' is deprecated
  139. timeout 20;
  140. }
  141. land;
  142. }
  143. }
  144. }
  145. policies {
  146. from-zone MGMT to-zone MGMT {
  147. policy default-permit {
  148. match {
  149. source-address any;
  150. destination-address any;
  151. application any;
  152. }
  153. then {
  154. permit;
  155. }
  156. }
  157. }
  158. from-zone MGMT to-zone unMGMT {
  159. policy default-permit {
  160. match {
  161. source-address any;
  162. destination-address any;
  163. application any;
  164. }
  165. then {
  166. permit;
  167. }
  168. }
  169. }
  170. from-zone trust to-zone trust {
  171. policy default-permit {
  172. match {
  173. source-address any;
  174. destination-address any;
  175. application any;
  176. }
  177. then {
  178. permit;
  179. }
  180. }
  181. }
  182. from-zone trust to-zone untrust {
  183. policy default-permit {
  184. match {
  185. source-address any;
  186. destination-address any;
  187. application any;
  188. }
  189. then {
  190. permit;
  191. }
  192. }
  193. }
  194. }
  195. zones {
  196. security-zone MGMT {
  197. tcp-rst;
  198. host-inbound-traffic {
  199. system-services {
  200. all;
  201. }
  202. protocols {
  203. all;
  204. }
  205. }
  206. interfaces {
  207. ge-0/0/0.0;
  208. }
  209. }
  210. security-zone unMGMT {
  211. screen unMGMT-screen;
  212. }
  213. security-zone trust {
  214. tcp-rst;
  215. host-inbound-traffic {
  216. system-services {
  217. all;
  218. }
  219. protocols {
  220. all;
  221. }
  222. }
  223. interfaces {
  224. ge-0/0/1.0;
  225. ge-0/0/2.0;
  226. }
  227. }
  228. security-zone untrust;
  229. }
  230. }
  231. interfaces {
  232. ge-0/0/0 {
  233. unit 0 {
  234. family inet {
  235. address 10.20.2.217/24;
  236. }
  237. }
  238. }
  239. ge-0/0/1 {
  240. unit 0 {
  241. family inet {
  242. address 192.168.3.3/24;
  243. }
  244. }
  245. }
  246. ge-0/0/2 {
  247. unit 0 {
  248. family inet {
  249. address 172.16.31.1/24;
  250. address 172.16.32.1/24;
  251. address 172.16.33.1/24;
  252. address 172.16.34.1/24;
  253. }
  254. }
  255. }
  256. fxp0 {
  257. unit 0;
  258. }
  259. lo0 {
  260. unit 0 {
  261. family mpls;
  262. }
  263. }
  264. }
  265. protocols {
  266. ospf {
  267. area 0.0.0.0 {
  268. interface all;
  269. interface lo0.0 {
  270. passive;
  271. }
  272. }
  273. }
  274. lldp {
  275. interface all;
  276. }
  277. }
  278. routing-instances {
  279. MGMT {
  280. instance-type virtual-router;
  281. interface ge-0/0/0.0;
  282. routing-options {
  283. static {
  284. route 0.0.0.0/0 next-hop 10.20.2.1;
  285. }
  286. }
  287. }
  288. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!