Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- show security
- policies {
- from-zone DC to-zone DC {
- policy insideDC {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone IT to-zone IT {
- policy insideIT {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone DC to-zone untrust {
- policy DC2untrust {
- match {
- source-address vr104;
- destination-address [ Internet vr103 vr203 B1 ];
- application junos-ftp;
- }
- then {
- reject;
- }
- }
- policy DC2untrustALL {
- match {
- source-address vr104;
- destination-address [ Internet vr103 vr203 B1 ];
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone IT to-zone untrust {
- policy IT2untrust {
- match {
- source-address vr204;
- destination-address [ Internet B1 vr103 vr203 ];
- application any;
- }
- then {
- permit;
- }
- }
- }
- }
- zones {
- functional-zone management {
- interfaces {
- ge-0/0/0.0 {
- host-inbound-traffic {
- system-services {
- ftp;
- telnet;
- all;
- }
- }
- }
- }
- }
- security-zone untrust {
- address-book {
- address Internet 172.31.15.1/32;
- address B1 172.18.1.0/30;
- address vr103 172.20.103.0/24;
- address vr203 172.20.203.0/24;
- }
- interfaces {
- ge-0/0/1.304;
- }
- }
- security-zone DC {
- address-book {
- address vr104 172.20.104.0/24;
- }
- interfaces {
- ge-0/0/2.104;
- }
- }
- security-zone IT {
- address-book {
- address vr204 172.20.204.0/24;
- }
- interfaces {
- ge-0/0/2.204;
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
