Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@CE04# show | display set
- set version 15.1X49-D100.6
- set system host-name CE04
- set system domain-name testlab.com
- set system root-authentication encrypted-password "$5$aXOF4Rhz$u3sb/C.vJi7H3vjU/N6olLjZuQ09zNqA6PqdKz8HpwB"
- set system login user the-packet-thrower uid 2000
- set system login user the-packet-thrower class super-user
- set system login user the-packet-thrower authentication encrypted-password "$5$VcE.BCnj$WJBB1VHaO8gsUZ/WOa6yZGPsfcE2oDSdgsoT.FrW8r0"
- set system services ssh
- set system services web-management http interface fxp0.0
- set system syslog user * any emergency
- set system syslog file messages any any
- set system syslog file messages authorization info
- set system syslog file interactive-commands interactive-commands any
- set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
- set security log mode stream
- set security log report
- set security screen ids-option unMGMT-screen icmp ping-death
- set security screen ids-option unMGMT-screen ip source-route-option
- set security screen ids-option unMGMT-screen ip tear-drop
- set security screen ids-option unMGMT-screen tcp syn-flood alarm-threshold 1024
- set security screen ids-option unMGMT-screen tcp syn-flood attack-threshold 200
- set security screen ids-option unMGMT-screen tcp syn-flood source-threshold 1024
- set security screen ids-option unMGMT-screen tcp syn-flood destination-threshold 2048
- set security screen ids-option unMGMT-screen tcp syn-flood queue-size 2000
- set security screen ids-option unMGMT-screen tcp syn-flood timeout 20
- set security screen ids-option unMGMT-screen tcp land
- set security policies from-zone MGMT to-zone MGMT policy default-permit match source-address any
- set security policies from-zone MGMT to-zone MGMT policy default-permit match destination-address any
- set security policies from-zone MGMT to-zone MGMT policy default-permit match application any
- set security policies from-zone MGMT to-zone MGMT policy default-permit then permit
- set security policies from-zone MGMT to-zone unMGMT policy default-permit match source-address any
- set security policies from-zone MGMT to-zone unMGMT policy default-permit match destination-address any
- set security policies from-zone MGMT to-zone unMGMT policy default-permit match application any
- set security policies from-zone MGMT to-zone unMGMT policy default-permit then permit
- set security policies from-zone trust to-zone trust policy default-permit match source-address any
- set security policies from-zone trust to-zone trust policy default-permit match destination-address any
- set security policies from-zone trust to-zone trust policy default-permit match application any
- set security policies from-zone trust to-zone trust policy default-permit then permit
- set security policies from-zone trust to-zone untrust policy default-permit match source-address any
- set security policies from-zone trust to-zone untrust policy default-permit match destination-address any
- set security policies from-zone trust to-zone untrust policy default-permit match application any
- set security policies from-zone trust to-zone untrust policy default-permit then permit
- set security zones security-zone MGMT tcp-rst
- set security zones security-zone MGMT host-inbound-traffic system-services all
- set security zones security-zone MGMT host-inbound-traffic protocols all
- set security zones security-zone MGMT interfaces ge-0/0/0.0
- set security zones security-zone unMGMT screen unMGMT-screen
- set security zones security-zone trust tcp-rst
- set security zones security-zone trust host-inbound-traffic system-services all
- set security zones security-zone trust host-inbound-traffic protocols all
- set security zones security-zone trust interfaces ge-0/0/1.0
- set security zones security-zone trust interfaces ge-0/0/2.0
- set security zones security-zone untrust
- set interfaces ge-0/0/0 unit 0 family inet address 10.20.2.218/24
- set interfaces ge-0/0/1 unit 0 family inet address 192.168.4.4/24
- set interfaces ge-0/0/2 unit 0 family inet address 172.16.41.1/24
- set interfaces ge-0/0/2 unit 0 family inet address 172.16.42.1/24
- set interfaces ge-0/0/2 unit 0 family inet address 172.16.43.1/24
- set interfaces ge-0/0/2 unit 0 family inet address 172.16.44.1/24
- set interfaces fxp0 unit 0
- set interfaces lo0 unit 0 family mpls
- set protocols ospf export EXPORT-OSPF
- set protocols ospf area 0.0.0.0 interface ge-0/0/1.0
- set policy-options policy-statement EXPORT-OSPF from protocol direct
- set policy-options policy-statement EXPORT-OSPF then accept
- set routing-instances MGMT instance-type virtual-router
- set routing-instances MGMT interface ge-0/0/0.0
- set routing-instances MGMT routing-options static route 0.0.0.0/0 next-hop 10.20.2.1
- [edit]
- root@CE04#
- [edit]
- root@CE04# show
- ## Last changed: 2017-09-19 18:06:16 UTC
- version 15.1X49-D100.6;
- system {
- host-name CE04;
- domain-name testlab.com;
- root-authentication {
- encrypted-password "$5$aXOF4Rhz$u3sb/C.vJi7H3vjU/N6olLjZuQ09zNqA6PqdKz8HpwB"; ## SECRET-DATA
- }
- login {
- user the-packet-thrower {
- uid 2000;
- class super-user;
- authentication {
- encrypted-password "$5$VcE.BCnj$WJBB1VHaO8gsUZ/WOa6yZGPsfcE2oDSdgsoT.FrW8r0"; ## SECRET-DATA
- }
- }
- }
- services {
- ssh;
- web-management {
- http {
- interface fxp0.0;
- }
- }
- }
- syslog {
- user * {
- any emergency;
- }
- file messages {
- any any;
- authorization info;
- }
- file interactive-commands {
- interactive-commands any;
- }
- }
- license {
- autoupdate {
- url https://ae1.juniper.net/junos/key_retrieval;
- }
- }
- }
- security {
- log {
- mode stream;
- report;
- }
- screen {
- ids-option unMGMT-screen {
- icmp {
- ping-death;
- }
- ip {
- source-route-option;
- tear-drop;
- }
- tcp {
- syn-flood {
- alarm-threshold 1024;
- attack-threshold 200;
- source-threshold 1024;
- destination-threshold 2048;
- queue-size 2000; ## Warning: 'queue-size' is deprecated
- timeout 20;
- }
- land;
- }
- }
- }
- policies {
- from-zone MGMT to-zone MGMT {
- policy default-permit {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone MGMT to-zone unMGMT {
- policy default-permit {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone trust to-zone trust {
- policy default-permit {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone trust to-zone untrust {
- policy default-permit {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- }
- zones {
- security-zone MGMT {
- tcp-rst;
- host-inbound-traffic {
- system-services {
- all;
- }
- protocols {
- all;
- }
- }
- interfaces {
- ge-0/0/0.0;
- }
- }
- security-zone unMGMT {
- screen unMGMT-screen;
- }
- security-zone trust {
- tcp-rst;
- host-inbound-traffic {
- system-services {
- all;
- }
- protocols {
- all;
- }
- }
- interfaces {
- ge-0/0/1.0;
- ge-0/0/2.0;
- }
- }
- security-zone untrust;
- }
- }
- interfaces {
- ge-0/0/0 {
- unit 0 {
- family inet {
- address 10.20.2.218/24;
- }
- }
- }
- ge-0/0/1 {
- unit 0 {
- family inet {
- address 192.168.4.4/24;
- }
- }
- }
- ge-0/0/2 {
- unit 0 {
- family inet {
- address 172.16.41.1/24;
- address 172.16.42.1/24;
- address 172.16.43.1/24;
- address 172.16.44.1/24;
- }
- }
- }
- fxp0 {
- unit 0;
- }
- lo0 {
- unit 0 {
- family mpls;
- }
- }
- }
- protocols {
- ospf {
- export EXPORT-OSPF;
- area 0.0.0.0 {
- interface ge-0/0/1.0;
- }
- }
- }
- policy-options {
- policy-statement EXPORT-OSPF {
- from protocol direct;
- then accept;
- }
- }
- routing-instances {
- MGMT {
- instance-type virtual-router;
- interface ge-0/0/0.0;
- routing-options {
- static {
- route 0.0.0.0/0 next-hop 10.20.2.1;
- }
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
