Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #junos-config
- ## Last commit: 2018-07-03 09:06:54 UTC by root
- # NOTE: the first line must be "#junos-config", see https://www.juniper.net/documentation/en_US/vsrx/topics/task/configuration/security-vsrx-cloud-init-support.html
- version 15.1X49-D140.2;
- system {
- host-name test-vsrx;
- root-authentication {
- encrypted-password "__encrypted_pw_goes_here__"; ## SECRET-DATA
- }
- services {
- ssh;
- web-management {
- http {
- interface fxp0.0;
- }
- }
- }
- syslog {
- user * {
- any emergency;
- }
- file messages {
- any any;
- authorization info;
- }
- file interactive-commands {
- interactive-commands any;
- }
- }
- license {
- autoupdate {
- url https://ae1.juniper.net/junos/key_retrieval;
- }
- }
- }
- security {
- log {
- mode stream;
- report;
- }
- screen {
- ids-option untrust-screen {
- icmp {
- ping-death;
- }
- ip {
- source-route-option;
- tear-drop;
- }
- tcp {
- syn-flood {
- alarm-threshold 1024;
- attack-threshold 200;
- source-threshold 1024;
- destination-threshold 2048;
- queue-size 2000; ## Warning: 'queue-size' is deprecated
- timeout 20;
- }
- land;
- }
- }
- }
- policies {
- from-zone trust to-zone trust {
- policy default-permit {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone trust to-zone untrust {
- policy default-permit {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- }
- zones {
- security-zone trust {
- tcp-rst;
- interfaces {
- ge-0/0/0.0;
- }
- }
- security-zone untrust {
- screen untrust-screen;
- }
- }
- }
- interfaces {
- ge-0/0/0 {
- unit 0 {
- family inet {
- dhcp-client;
- }
- }
- }
- fxp0 {
- unit 0 {
- family inet {
- address $fxp0_ip/22;
- }
- }
- }
- }
- routing-options {
- static {
- route 0.0.0.0/0 next-hop 10.22.212.1;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
