Context Navigation

Back to Realisations/2006-2007/Projet/Entreprise2/Firewall1

Firewall1: config_SSG20_2007-01-19.cfg

File config_SSG20_2007-01-19.cfg, 3.5 KB (added by alladoum, 18 years ago)

Line
1	# saved_cfg_timestamp:317141427 ##############################################################################################
2	set clock dst-off
3	set clock timezone 1
4	set vrouter trust-vr sharable
5	set vrouter "untrust-vr"
6	exit
7	set vrouter "trust-vr"
8	unset auto-route-export
9	exit
10	set auth-server "Local" id 0
11	set auth-server "Local" server-name "Local"
12	set auth default auth server "Local"
13	set auth radius accounting port 1646
14	set admin name "netscreen"
15	set admin password "nKVUM2rwMUzPcrkG5sWIHdCtqkAibn"
16	set admin auth timeout 10
17	set admin auth server "Local"
18	set admin format dos
19	set zone "Trust" vrouter "trust-vr"
20	set zone "Untrust" vrouter "trust-vr"
21	set zone "DMZ" vrouter "trust-vr"
22	set zone "VLAN" vrouter "trust-vr"
23	set zone "Untrust-Tun" vrouter "trust-vr"
24	set zone "Trust" tcp-rst
25	set zone "Untrust" block
26	unset zone "Untrust" tcp-rst
27	set zone "DMZ" tcp-rst
28	set zone "VLAN" block
29	unset zone "VLAN" tcp-rst
30	set zone "Untrust" screen tear-drop
31	set zone "Untrust" screen syn-flood
32	set zone "Untrust" screen ping-death
33	set zone "Untrust" screen ip-filter-src
34	set zone "Untrust" screen land
35	set zone "V1-Untrust" screen tear-drop
36	set zone "V1-Untrust" screen syn-flood
37	set zone "V1-Untrust" screen ping-death
38	set zone "V1-Untrust" screen ip-filter-src
39	set zone "V1-Untrust" screen land
40	set interface "ethernet0/0" zone "Untrust"
41	set interface "ethernet0/1" zone "DMZ"
42	set interface "bgroup0" zone "Trust"
43	set interface bgroup0 port ethernet0/2
44	set interface bgroup0 port ethernet0/3
45	set interface bgroup0 port ethernet0/4
46	unset interface vlan1 ip
47	set interface ethernet0/0 ip 10.40.0.1/30
48	set interface ethernet0/0 route
49	set interface bgroup0 ip 10.40.0.14/30
50	set interface bgroup0 nat
51	set interface ethernet0/0 gateway 10.40.0.2
52	unset interface vlan1 bypass-others-ipsec
53	unset interface vlan1 bypass-non-ip
54	set interface ethernet0/0 ip manageable
55	set interface bgroup0 ip manageable
56	set interface bgroup0 manage mtrace
57	set interface ethernet0/1 dhcp client enable
58	set interface "serial0/0" modem settings "USR" init "AT&F"
59	set interface "serial0/0" modem settings "USR" active
60	set interface "serial0/0" modem speed 115200
61	set interface "serial0/0" modem retry 3
62	set interface "serial0/0" modem interval 10
63	set interface "serial0/0" modem idle-time 10
64	set flow tcp-mss
65	unset flow tcp-syn-check
66	set pki authority default scep mode "auto"
67	set pki x509 default cert-path partial
68	set ike respond-bad-spi 1
69	unset ike ikeid-enumeration
70	unset ipsec access-session enable
71	set ipsec access-session maximum 5000
72	set ipsec access-session upper-threshold 0
73	set ipsec access-session lower-threshold 0
74	set ipsec access-session dead-p2-sa-timeout 0
75	unset ipsec access-session log-error
76	unset ipsec access-session info-exch-connected
77	unset ipsec access-session use-error-log
78	set url protocol websense
79	exit
80	set policy id 1 from "Trust" to "Untrust" "Any" "Any" "ANY" permit
81	set policy id 1
82	exit
83	set policy id 2 from "Untrust" to "Trust" "Any" "Any" "ANY" permit
84	set policy id 2
85	exit
86	set monitor cpu 100
87	set global-pro policy-manager primary outgoing-interface ethernet0/0
88	set global-pro policy-manager secondary outgoing-interface ethernet0/0
89	set nsmgmt bulkcli reboot-timeout 60
90	set ssh version v2
91	set config lock timeout 5
92	set ntp server "10.40.0.13"
93	set ntp server backup1 "0.0.0.0"
94	set ntp server backup2 "0.0.0.0"
95	set snmp port listen 161
96	set snmp port trap 162
97	set vrouter "untrust-vr"
98	exit
99	set vrouter "trust-vr"
100	unset add-default-route
101	exit
102	set vrouter "untrust-vr"
103	exit
104	set vrouter "trust-vr"
105	exit

Download in other formats:

Original Format