Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- set system name-server 10.0.10.254
- set system name-server 10.0.1.254
- set system name-server 8.8.8.8
- set system name-server 8.8.4.4
- set system services ssh
- set system services telnet
- set system services xnm-clear-text
- set system services web-management http interface vlan.1
- set system services web-management http interface vlan.2
- set system services web-management http interface vlan.3
- set system services web-management http interface fxp2.0
- set system services web-management http interface lo0.16384
- set system services web-management https system-generated-certificate
- set system services dhcp pool 192.168.11.0/24 address-range low 192.168.11.1
- set system services dhcp pool 192.168.11.0/24 address-range high 192.168.11.253
- set system services dhcp pool 192.168.11.0/24 maximum-lease-time 86400
- set system services dhcp pool 192.168.11.0/24 router 192.168.11.254
- set system services dhcp pool 192.168.11.0/24 propagate-settings vlan.1
- set system services dhcp pool 192.168.22.0/24 address-range low 192.168.22.1
- set system services dhcp pool 192.168.22.0/24 address-range high 192.168.22.253
- set system services dhcp pool 192.168.22.0/24 maximum-lease-time 86400
- set system services dhcp pool 192.168.22.0/24 router 192.168.22.254
- set system services dhcp pool 192.168.22.0/24 propagate-settings vlan.2
- set system services dhcp pool 192.168.33.0/24 address-range low 192.168.33.1
- set system services dhcp pool 192.168.33.0/24 address-range high 192.168.33.253
- set system services dhcp pool 192.168.33.0/24 maximum-lease-time 86400
- set system services dhcp pool 192.168.33.0/24 router 192.168.33.254
- set system services dhcp pool 192.168.33.0/24 propagate-settings vlan.3
- set system syslog archive size 100k
- set system syslog archive files 3
- set system syslog user * any emergency
- set system syslog file messages any critical
- set system syslog file messages authorization info
- set system syslog file interactive-commands interactive-commands error
- set system max-configurations-on-flash 5
- set system max-configuration-rollbacks 20
- set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
- set interfaces ge-0/0/0 unit 0 family inet address 178.19.246.155/29
- set interfaces ge-0/0/1 unit 0 family inet address 178.19.242.225/29
- set interfaces ge-0/0/2 unit 0 family inet address 178.19.242.226/29
- set interfaces ge-0/0/3 unit 0 family inet address 217.77.50.130/29
- set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members server
- set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members minedu
- set interfaces ge-0/0/6 unit 0 family ethernet-switching vlan members buhedu
- set interfaces ge-0/0/7 unit 0 family ethernet-switching vlan members unset
- set interfaces ge-0/0/8 unit 0 family ethernet-switching vlan members unset
- set interfaces ge-0/0/9 unit 0 family ethernet-switching vlan members unset
- set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members unset
- set interfaces ge-0/0/11 unit 0 family ethernet-switching vlan members unset
- set interfaces ge-0/0/12 unit 0 family ethernet-switching vlan members unset
- set interfaces ge-0/0/13 unit 0 family ethernet-switching vlan members unset
- set interfaces ge-0/0/14 unit 0 family ethernet-switching vlan members unset
- set interfaces ge-0/0/15 unit 0 family inet address 192.168.26.237/24
- set interfaces vlan unit 0 family inet address 192.168.1.254/24
- set interfaces vlan unit 1 family inet address 192.168.11.254/24
- set interfaces vlan unit 2 family inet address 192.168.22.254/24
- set interfaces vlan unit 3 family inet address 192.168.33.254/24
- set protocols stp
- set security certificates local remote "r-sys-adm\n "
- set security address-book global address srv-ad-11 192.168.11.11/32
- set security address-book global address srv-net 192.168.11.0/24
- set security address-book global address minedu-net 192.168.22.0/24
- set security address-book global address buhedu-net 192.168.33.0/24
- set security address-book global address old-net 192.168.26.0/24
- set security alg dns disable
- set security alg ike-esp-nat enable
- set security flow allow-dns-reply
- set security screen ids-option untrust-screen icmp ping-death
- set security screen ids-option untrust-screen ip source-route-option
- set security screen ids-option untrust-screen ip tear-drop
- set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
- set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
- set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
- set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
- set security screen ids-option untrust-screen tcp syn-flood timeout 20
- set security screen ids-option untrust-screen tcp land
- set security nat source rule-set srv-trust from zone server
- set security nat source rule-set srv-trust to interface ge-0/0/15.0
- set security nat source rule-set srv-trust rule srv-trust match source-address 192.168.11.0/24
- set security nat source rule-set srv-trust rule srv-trust match destination-address 192.168.26.0/24
- set security nat source rule-set srv-trust rule srv-trust then source-nat interface
- set security nat source rule-set srv-to-isp1p1 from zone server
- set security nat source rule-set srv-to-isp1p1 to zone isp1p1
- set security nat source rule-set srv-to-isp1p1 rule rl-srv-to-isp1p1 match source-address-name srv-net
- set security nat source rule-set srv-to-isp1p1 rule rl-srv-to-isp1p1 match destination-address 0.0.0.0/0
- set security nat source rule-set srv-to-isp1p1 rule rl-srv-to-isp1p1 then source-nat interface
- set security policies from-zone server to-zone isp1p1 policy srv-to-isp1p1 match source-address srv-net
- set security policies from-zone server to-zone isp1p1 policy srv-to-isp1p1 match destination-address any
- set security policies from-zone server to-zone isp1p1 policy srv-to-isp1p1 match application any
- set security policies from-zone server to-zone isp1p1 policy srv-to-isp1p1 then permit
- set security policies from-zone server to-zone oldnet policy srv-to-oldnet match source-address srv-net
- set security policies from-zone server to-zone oldnet policy srv-to-oldnet match destination-address old-net
- set security policies from-zone server to-zone oldnet policy srv-to-oldnet match application any
- set security policies from-zone server to-zone oldnet policy srv-to-oldnet then permit
- set security policies from-zone oldnet to-zone server policy 111 match source-address any
- set security policies from-zone oldnet to-zone server policy 111 match destination-address srv-ad-11
- set security policies from-zone oldnet to-zone server policy 111 match application rdp
- set security policies from-zone oldnet to-zone server policy 111 then permit
- set security zones security-zone server host-inbound-traffic system-services all
- set security zones security-zone server host-inbound-traffic protocols all
- set security zones security-zone server interfaces vlan.1
- set security zones security-zone minedu host-inbound-traffic system-services all
- set security zones security-zone minedu host-inbound-traffic protocols all
- set security zones security-zone minedu interfaces vlan.2
- set security zones security-zone edubuh host-inbound-traffic system-services all
- set security zones security-zone edubuh host-inbound-traffic protocols all
- set security zones security-zone edubuh interfaces vlan.3
- set security zones security-zone isp1p1 host-inbound-traffic system-services all
- set security zones security-zone isp1p1 host-inbound-traffic protocols all
- set security zones security-zone isp1p1 interfaces ge-0/0/0.0 host-inbound-traffic system-services all
- set security zones security-zone isp1p1 interfaces ge-0/0/0.0 host-inbound-traffic protocols all
- set security zones security-zone oldnet host-inbound-traffic system-services all
- set security zones security-zone oldnet host-inbound-traffic protocols all
- set security zones security-zone oldnet interfaces ge-0/0/15.0 host-inbound-traffic system-services all
- set security zones security-zone oldnet interfaces ge-0/0/15.0 host-inbound-traffic system-services dhcp except
- set security zones security-zone oldnet interfaces ge-0/0/15.0 host-inbound-traffic system-services dns except
- set security zones security-zone oldnet interfaces ge-0/0/15.0 host-inbound-traffic protocols all
- set routing-instances isp1p1 instance-type virtual-router
- set routing-instances isp1p1 interface ge-0/0/0.0
- set routing-instances isp1p1 routing-options static route 0.0.0.0/0 next-hop 178.19.246.158
- set routing-instances isp1p2 instance-type virtual-router
- set routing-instances isp1p2 interface ge-0/0/1.0
- set routing-instances isp1p2 routing-options static route 0.0.0.0/0 next-hop 178.19.242.230
- set routing-instances isp1p3 instance-type virtual-router
- set routing-instances isp1p3 interface ge-0/0/2.0
- set routing-instances isp1p3 routing-options static route 0.0.0.0/0 next-hop 178.19.242.230
- set routing-instances isp2p4 instance-type virtual-router
- set routing-instances isp2p4 interface ge-0/0/3.0
- set routing-instances isp2p4 routing-options static route 0.0.0.0/0 next-hop 217.77.50.135
- set applications application rdp protocol tcp
- set applications application rdp destination-port 3389
- set vlans buhedu vlan-id 33
- set vlans buhedu l3-interface vlan.3
- set vlans minedu vlan-id 22
- set vlans minedu l3-interface vlan.2
- set vlans server vlan-id 11
- set vlans server l3-interface vlan.1
- set vlans unset vlan-id 5
- set vlans unset l3-interface vlan.0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement