API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 12th, 2025
37
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.49 KB | None | 0 0
raw download clone embed print report
  1. HUB
  2. config system interface
  3. edit "wan1"
  4. set vdom "root"
  5. set ip 192.168.1.201 255.255.255.0
  6. set allowaccess ping
  7. next
  8. edit "internal2"
  9. set vdom "root"
  10. set ip 192.168.2.201 255.255.255.0
  11. set allowaccess ping
  12. next
  13. edit "lo.BGP"
  14. set vdom "root"
  15. set ip 172.16.32.254 255.255.255.255
  16. set allowaccess ping
  17. next
  18. edit "lo.HC"
  19. set vdom "root"
  20. set ip 10.10.100.1 255.255.255.0
  21. set allowaccess ping
  22. set type loopback
  23. next
  24. end
  25. config vpn ipsec phase1-interface
  26. edit "ISP1"
  27. set type dynamic
  28. set interface "wan1"
  29. set ike-version 2
  30. set peertype any
  31. set net-device disable
  32. set exchange-ip-addr4 172.16.32.254
  33. set proposal aes256-sha256
  34. set add-route disable
  35. set dpd on-idle
  36. set dhgrp 21
  37. set auto-discovery-sender enable
  38. set network-overlay enable
  39. set network-id 1
  40. set psksecret ENC sSsg8ojzOY6Tl4YtCfLs/uuALOV9r/ZQ3WC047vpuFdhi8Ou230UfwfeUw+LRAMrWzlobOpcEzJHxSMgn8y/fsyzcBoxct1Cvib3PZ9KH8qRdRcOMcvWxZZvmRoLhUDSa5TyrL16Lyd/EnJ6NVNR6pcPF8J7LFI41kjR+Cg4rOZyPl6autXb7o2GvqNut82iULZWL1lmMjY3dkVA
  41. set dpd-retryinterval 5
  42. next
  43. edit "ISP2"
  44. set type dynamic
  45. set interface "internal2"
  46. set ike-version 2
  47. set peertype any
  48. set net-device disable
  49. set exchange-ip-addr4 172.16.32.254
  50. set proposal aes256-sha256
  51. set add-route disable
  52. set dpd on-idle
  53. set dhgrp 21
  54. set auto-discovery-sender enable
  55. set network-overlay enable
  56. set network-id 2
  57. set psksecret ENC 8Nt7m6hCNAUKdUdvXpYBWJiKFj5buf6tCfdZh0IuVtvOpge2jzkOvpDfOnb0Az5/1K8b9b7UzhZ/U7o+PQjYpi5npYq0wPvDJ8dRM3cMgFccgcJlc6fDsCFmd7z3wofc7bziAc7EYy/wDwfMn10siPOUdb3nxZjcDB42EGdIznZfZbayPNxaKsMrvXNcnMwGiyjVEVlmMjY3dkVA
  58. set dpd-retryinterval 5
  59. next
  60. end
  61. config vpn ipsec phase2-interface
  62. edit "ISP1"
  63. set phase1name "ISP1"
  64. set proposal aes256-sha256
  65. set dhgrp 21
  66. set keepalive enable
  67. next
  68. edit "ISP2"
  69. set phase1name "ISP2"
  70. set proposal aes256-sha256
  71. set dhgrp 21
  72. set keepalive enable
  73. next
  74. end
  75. config router bgp
  76. set as 65001
  77. set router-id 172.16.32.254
  78. set recursive-next-hop enable
  79. set recursive-inherit-priority enable
  80. config neighbor-group
  81. edit "SPOKES"
  82. set capability-graceful-restart enable
  83. set soft-reconfiguration enable
  84. set remote-as 65001
  85. set update-source "lo.BGP"
  86. set route-reflector-client enable
  87. next
  88. end
  89. config neighbor-range
  90. edit 0
  91. set prefix 172.16.32.0 255.255.255.0
  92. set neighbor-group "SPOKES"
  93. next
  94. end
  95. config network
  96. edit 0
  97. set prefix 10.10.100.0 255.255.255.0
  98. next
  99. edit 0
  100. set prefix 172.16.32.0 255.255.255.0
  101. next
  102. end
  103. end
  104. config system sdwan
  105. set status enable
  106. config zone
  107. edit "ADVPN"
  108. next
  109. end
  110. config members
  111. edit 0
  112. set interface "ISP1"
  113. set zone "ADVPN"
  114. next
  115. edit 0
  116. set interface "ISP2"
  117. set zone "ADVPN"
  118. next
  119. end
  120. edit "EMB_1"
  121. set detect-mode remote
  122. set probe-timeout 60000
  123. set recoverytime 1
  124. set sla-id-redistribute 1
  125. set members 1 2
  126. config sla
  127. edit 0
  128. set link-cost-factor packet-loss
  129. set packetloss-threshold 1
  130. set priority-in-sla 10
  131. set priority-out-sla 25
  132. next
  133. end
  134. next
  135. end
  136. end
  137. config firewall policy
  138. edit 0
  139. set name "ADVPN 2 LO"
  140. set srcintf "ADVPN"
  141. set dstintf "lo.HC" "lo.BGP"
  142. set action accept
  143. set srcaddr "all"
  144. set dstaddr "all"
  145. set schedule "always"
  146. set service "BGP" "PING"
  147. set logtraffic all
  148. next
  149. edit 0
  150. set name "ADVPN 2 ADVPN"
  151. set srcintf "ADVPN"
  152. set dstintf "ADVPN"
  153. set action accept
  154. set srcaddr "all"
  155. set dstaddr "all"
  156. set schedule "always"
  157. set service "ALL"
  158. set logtraffic all
  159. next
  160. end
  161.  
  162. SPOKE
  163. config system interface
  164. edit "wan1"
  165. set vdom "root"
  166. set ip 192.168.1.200 255.255.255.0
  167. set allowaccess ping
  168. next
  169. edit "internal2"
  170. set vdom "root"
  171. set ip 192.168.2.200 255.255.255.0
  172. set allowaccess ping
  173. next
  174. edit "lo.BGP"
  175. set vdom "root"
  176. set ip 172.16.32.1 255.255.255.255
  177. set allowaccess ping
  178. next
  179. end
  180.  
  181. config vpn ipsec phase1-interface
  182. edit "ISP1"
  183. set interface "wan1"
  184. set ike-version 2
  185. set peertype any
  186. set net-device enable
  187. set exchange-ip-addr4 172.16.32.1
  188. set proposal aes256-sha256
  189. set add-route disable
  190. set dhgrp 21
  191. set idle-timeout enable
  192. set idle-timeoutinterval 5
  193. set auto-discovery-receiver enable
  194. set network-overlay enable
  195. set network-id 1
  196. set remote-gw 192.168.1.201
  197. set psksecret ENC hSmPpgQ4VZq7nJh3EtLTsHuKUZkjtPNnXXl0w+DpSZgSABOmWWOJNDtG1s8rlwLYT+PuGT8AOX4qRcKqrlN582yhaEDLjJHwp2aIPthN+REwbQLkC4pjFgroTXNVnhBrppzyQP7SILmdWTDjUHc0nqfhczJ2f1AyLtCDFat3nJtKROvjggorrQdZrFp4dAVB8c8wqVlmMjY3dkVA
  198. set dpd-retryinterval 5
  199. next
  200. edit "ISP2"
  201. set interface "internal2"
  202. set ike-version 2
  203. set peertype any
  204. set net-device enable
  205. set exchange-ip-addr4 172.16.32.1
  206. set proposal aes256-sha256
  207. set add-route disable
  208. set dhgrp 21
  209. set idle-timeout enable
  210. set idle-timeoutinterval 5
  211. set auto-discovery-receiver enable
  212. set network-overlay enable
  213. set network-id 2
  214. set remote-gw 192.168.2.201
  215. set psksecret ENC d52XDkkYdMPaJce1gs/IaZ6NnDgOsJtGAaiQHy6ZvYas+19Zp3ivt9omAWTDhcBP3FbJYEzYJm75h1JwwfLPpHXxYfUJt/nS+a72Sv8F9PUvSrrWghB7XRdzT1iZC0OWC1C9we0kLO9e5UHISpYRF3c/EsRD6T0uw/KXBu4OwSt0/8drCiIjWfSpulceR3XPCHk3P1lmMjY3dkVA
  216. set dpd-retryinterval 5
  217. next
  218. end
  219. config vpn ipsec phase2-interface
  220. edit "ISP1"
  221. set phase1name "ISP1"
  222. set proposal aes256-sha256
  223. set dhgrp 21
  224. set auto-negotiate enable
  225. next
  226. edit "ISP2"
  227. set phase1name "ISP2"
  228. set proposal aes256-sha256
  229. set dhgrp 21
  230. set auto-negotiate enable
  231. next
  232. end
  233. config router bgp
  234. set as 65001
  235. set router-id 172.16.32.1
  236. set recursive-next-hop enable
  237. config neighbor
  238. edit "172.16.32.254"
  239. set advertisement-interval 5
  240. set capability-graceful-restart enable
  241. set soft-reconfiguration enable
  242. set interface "lo.BGP"
  243. set remote-as 65001
  244. set update-source "lo.BGP"
  245. next
  246. end
  247. config network
  248. edit 0
  249. set prefix 100.100.100.0 255.255.255.0
  250. next
  251. edit 0
  252. set prefix 10.10.1.0 255.255.255.0
  253. next
  254. end
  255. end
  256. config system sdwan
  257. set status enable
  258. config zone
  259. edit "ADVPN"
  260. set advpn-select enable
  261. set advpn-health-check "HUB_HC"
  262. next
  263. end
  264. config members
  265. edit 0
  266. set interface "ISP1"
  267. set zone "ADVPN"
  268. set cost 100
  269. set transport-group 1
  270. next
  271. edit 0
  272. set interface "ISP2"
  273. set zone "ADVPN"
  274. set transport-group 2
  275. next
  276. end
  277. config health-check
  278. edit "HUB_HC"
  279. set server "10.10.100.1"
  280. set update-static-route disable
  281. set embed-measured-health enable
  282. set source 172.16.32.1
  283. set members 1 2
  284. config sla
  285. edit 0
  286. set link-cost-factor packet-loss
  287. set packetloss-threshold 1
  288. next
  289. end
  290. next
  291. end
  292. config service
  293. edit 0
  294. set name "ADVPN20"
  295. set mode sla
  296. set shortcut-priority enable
  297. set dst "all"
  298. set src "all"
  299. config sla
  300. edit "HUB_HC"
  301. set id 1
  302. next
  303. end
  304. set priority-members 1 2
  305. next
  306. end
  307. end
  308. config firewall policy
  309. edit 0
  310. set name "ADVPN INBOUND"
  311. set srcintf "internal1"
  312. set dstintf "ADVPN"
  313. set action accept
  314. set srcaddr "all"
  315. set dstaddr "all"
  316. set schedule "always"
  317. set service "ALL"
  318. set logtraffic all
  319. next
  320. edit 0
  321. set name "ADVPN OUTBOUND"
  322. set srcintf "ADVPN"
  323. set dstintf "internal1"
  324. set action accept
  325. set srcaddr "all"
  326. set dstaddr "all"
  327. set schedule "always"
  328. set service "ALL"
  329. set logtraffic all
  330. next
  331. edit 0
  332. set name "ADVPN HC"
  333. set srcintf "ADVPN"
  334. set dstintf "lo.BGP"
  335. set action accept
  336. set srcaddr "all"
  337. set dstaddr "all"
  338. set schedule "always"
  339. set service "PING"
  340. set logtraffic all
  341. next
  342. end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!