Advertisement
the-packet-thrower

CE04

Sep 19th, 2017
975
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.76 KB | None | 0 0
  1. root@CE04# show | display set
  2. set version 15.1X49-D100.6
  3. set system host-name CE04
  4. set system domain-name testlab.com
  5. set system root-authentication encrypted-password "$5$aXOF4Rhz$u3sb/C.vJi7H3vjU/N6olLjZuQ09zNqA6PqdKz8HpwB"
  6. set system login user the-packet-thrower uid 2000
  7. set system login user the-packet-thrower class super-user
  8. set system login user the-packet-thrower authentication encrypted-password "$5$VcE.BCnj$WJBB1VHaO8gsUZ/WOa6yZGPsfcE2oDSdgsoT.FrW8r0"
  9. set system services ssh
  10. set system services web-management http interface fxp0.0
  11. set system syslog user * any emergency
  12. set system syslog file messages any any
  13. set system syslog file messages authorization info
  14. set system syslog file interactive-commands interactive-commands any
  15. set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
  16. set security log mode stream
  17. set security log report
  18. set security screen ids-option unMGMT-screen icmp ping-death
  19. set security screen ids-option unMGMT-screen ip source-route-option
  20. set security screen ids-option unMGMT-screen ip tear-drop
  21. set security screen ids-option unMGMT-screen tcp syn-flood alarm-threshold 1024
  22. set security screen ids-option unMGMT-screen tcp syn-flood attack-threshold 200
  23. set security screen ids-option unMGMT-screen tcp syn-flood source-threshold 1024
  24. set security screen ids-option unMGMT-screen tcp syn-flood destination-threshold 2048
  25. set security screen ids-option unMGMT-screen tcp syn-flood queue-size 2000
  26. set security screen ids-option unMGMT-screen tcp syn-flood timeout 20
  27. set security screen ids-option unMGMT-screen tcp land
  28. set security policies from-zone MGMT to-zone MGMT policy default-permit match source-address any
  29. set security policies from-zone MGMT to-zone MGMT policy default-permit match destination-address any
  30. set security policies from-zone MGMT to-zone MGMT policy default-permit match application any
  31. set security policies from-zone MGMT to-zone MGMT policy default-permit then permit
  32. set security policies from-zone MGMT to-zone unMGMT policy default-permit match source-address any
  33. set security policies from-zone MGMT to-zone unMGMT policy default-permit match destination-address any
  34. set security policies from-zone MGMT to-zone unMGMT policy default-permit match application any
  35. set security policies from-zone MGMT to-zone unMGMT policy default-permit then permit
  36. set security policies from-zone trust to-zone trust policy default-permit match source-address any
  37. set security policies from-zone trust to-zone trust policy default-permit match destination-address any
  38. set security policies from-zone trust to-zone trust policy default-permit match application any
  39. set security policies from-zone trust to-zone trust policy default-permit then permit
  40. set security policies from-zone trust to-zone untrust policy default-permit match source-address any
  41. set security policies from-zone trust to-zone untrust policy default-permit match destination-address any
  42. set security policies from-zone trust to-zone untrust policy default-permit match application any
  43. set security policies from-zone trust to-zone untrust policy default-permit then permit
  44. set security zones security-zone MGMT tcp-rst
  45. set security zones security-zone MGMT host-inbound-traffic system-services all
  46. set security zones security-zone MGMT host-inbound-traffic protocols all
  47. set security zones security-zone MGMT interfaces ge-0/0/0.0
  48. set security zones security-zone unMGMT screen unMGMT-screen
  49. set security zones security-zone trust tcp-rst
  50. set security zones security-zone trust host-inbound-traffic system-services all
  51. set security zones security-zone trust host-inbound-traffic protocols all
  52. set security zones security-zone trust interfaces ge-0/0/1.0
  53. set security zones security-zone trust interfaces ge-0/0/2.0
  54. set security zones security-zone untrust
  55. set interfaces ge-0/0/0 unit 0 family inet address 10.20.2.218/24
  56. set interfaces ge-0/0/1 unit 0 family inet address 192.168.4.4/24
  57. set interfaces ge-0/0/2 unit 0 family inet address 172.16.41.1/24
  58. set interfaces ge-0/0/2 unit 0 family inet address 172.16.42.1/24
  59. set interfaces ge-0/0/2 unit 0 family inet address 172.16.43.1/24
  60. set interfaces ge-0/0/2 unit 0 family inet address 172.16.44.1/24
  61. set interfaces fxp0 unit 0
  62. set interfaces lo0 unit 0 family mpls
  63. set protocols ospf export EXPORT-OSPF
  64. set protocols ospf area 0.0.0.0 interface ge-0/0/1.0
  65. set policy-options policy-statement EXPORT-OSPF from protocol direct
  66. set policy-options policy-statement EXPORT-OSPF then accept
  67. set routing-instances MGMT instance-type virtual-router
  68. set routing-instances MGMT interface ge-0/0/0.0
  69. set routing-instances MGMT routing-options static route 0.0.0.0/0 next-hop 10.20.2.1
  70.  
  71. [edit]
  72. root@CE04#
  73.  
  74. [edit]
  75. root@CE04# show
  76. ## Last changed: 2017-09-19 18:06:16 UTC
  77. version 15.1X49-D100.6;
  78. system {
  79. host-name CE04;
  80. domain-name testlab.com;
  81. root-authentication {
  82. encrypted-password "$5$aXOF4Rhz$u3sb/C.vJi7H3vjU/N6olLjZuQ09zNqA6PqdKz8HpwB"; ## SECRET-DATA
  83. }
  84. login {
  85. user the-packet-thrower {
  86. uid 2000;
  87. class super-user;
  88. authentication {
  89. encrypted-password "$5$VcE.BCnj$WJBB1VHaO8gsUZ/WOa6yZGPsfcE2oDSdgsoT.FrW8r0"; ## SECRET-DATA
  90. }
  91. }
  92. }
  93. services {
  94. ssh;
  95. web-management {
  96. http {
  97. interface fxp0.0;
  98. }
  99. }
  100. }
  101. syslog {
  102. user * {
  103. any emergency;
  104. }
  105. file messages {
  106. any any;
  107. authorization info;
  108. }
  109. file interactive-commands {
  110. interactive-commands any;
  111. }
  112. }
  113. license {
  114. autoupdate {
  115. url https://ae1.juniper.net/junos/key_retrieval;
  116. }
  117. }
  118. }
  119. security {
  120. log {
  121. mode stream;
  122. report;
  123. }
  124. screen {
  125. ids-option unMGMT-screen {
  126. icmp {
  127. ping-death;
  128. }
  129. ip {
  130. source-route-option;
  131. tear-drop;
  132. }
  133. tcp {
  134. syn-flood {
  135. alarm-threshold 1024;
  136. attack-threshold 200;
  137. source-threshold 1024;
  138. destination-threshold 2048;
  139. queue-size 2000; ## Warning: 'queue-size' is deprecated
  140. timeout 20;
  141. }
  142. land;
  143. }
  144. }
  145. }
  146. policies {
  147. from-zone MGMT to-zone MGMT {
  148. policy default-permit {
  149. match {
  150. source-address any;
  151. destination-address any;
  152. application any;
  153. }
  154. then {
  155. permit;
  156. }
  157. }
  158. }
  159. from-zone MGMT to-zone unMGMT {
  160. policy default-permit {
  161. match {
  162. source-address any;
  163. destination-address any;
  164. application any;
  165. }
  166. then {
  167. permit;
  168. }
  169. }
  170. }
  171. from-zone trust to-zone trust {
  172. policy default-permit {
  173. match {
  174. source-address any;
  175. destination-address any;
  176. application any;
  177. }
  178. then {
  179. permit;
  180. }
  181. }
  182. }
  183. from-zone trust to-zone untrust {
  184. policy default-permit {
  185. match {
  186. source-address any;
  187. destination-address any;
  188. application any;
  189. }
  190. then {
  191. permit;
  192. }
  193. }
  194. }
  195. }
  196. zones {
  197. security-zone MGMT {
  198. tcp-rst;
  199. host-inbound-traffic {
  200. system-services {
  201. all;
  202. }
  203. protocols {
  204. all;
  205. }
  206. }
  207. interfaces {
  208. ge-0/0/0.0;
  209. }
  210. }
  211. security-zone unMGMT {
  212. screen unMGMT-screen;
  213. }
  214. security-zone trust {
  215. tcp-rst;
  216. host-inbound-traffic {
  217. system-services {
  218. all;
  219. }
  220. protocols {
  221. all;
  222. }
  223. }
  224. interfaces {
  225. ge-0/0/1.0;
  226. ge-0/0/2.0;
  227. }
  228. }
  229. security-zone untrust;
  230. }
  231. }
  232. interfaces {
  233. ge-0/0/0 {
  234. unit 0 {
  235. family inet {
  236. address 10.20.2.218/24;
  237. }
  238. }
  239. }
  240. ge-0/0/1 {
  241. unit 0 {
  242. family inet {
  243. address 192.168.4.4/24;
  244. }
  245. }
  246. }
  247. ge-0/0/2 {
  248. unit 0 {
  249. family inet {
  250. address 172.16.41.1/24;
  251. address 172.16.42.1/24;
  252. address 172.16.43.1/24;
  253. address 172.16.44.1/24;
  254. }
  255. }
  256. }
  257. fxp0 {
  258. unit 0;
  259. }
  260. lo0 {
  261. unit 0 {
  262. family mpls;
  263. }
  264. }
  265. }
  266. protocols {
  267. ospf {
  268. export EXPORT-OSPF;
  269. area 0.0.0.0 {
  270. interface ge-0/0/1.0;
  271. }
  272. }
  273. }
  274. policy-options {
  275. policy-statement EXPORT-OSPF {
  276. from protocol direct;
  277. then accept;
  278. }
  279. }
  280. routing-instances {
  281. MGMT {
  282. instance-type virtual-router;
  283. interface ge-0/0/0.0;
  284. routing-options {
  285. static {
  286. route 0.0.0.0/0 next-hop 10.20.2.1;
  287. }
  288. }
  289. }
  290. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement