Context Navigation

Back to Realisations/2006-2007/Projet/Entreprise2/Firewall1

Firewall1: config_SSG20_2007-05-19.cfg

File config_SSG20_2007-05-19.cfg, 8.6 KB (added by alladoum, 18 years ago)

Line
1	set clock ntp
2	set clock timezone 1
3	set vrouter trust-vr sharable
4	set vrouter "untrust-vr"
5	exit
6	set vrouter "trust-vr"
7	unset auto-route-export
8	set protocol rip
9	set enable
10	set reject-default-route
11	set no-source-validation
12	set summary-ip 10.40.254.0/24 metric 2
13	exit
14	set preference ebgp 250
15	set preference ibgp 40
16	exit
17	set service "NetPerf_sortant" protocol tcp src-port 10987-10987 dst-port 0-65535
18	set service "NetPerf_sortant" + tcp src-port 10985-10985 dst-port 0-65535
19	set service "NetPerf_entrant" protocol tcp src-port 0-65535 dst-port 10987-10987
20	set service "NetPerf_entrant" + tcp src-port 0-65535 dst-port 10985-10985
21	set service "OpenVPN_sortant" protocol tcp src-port 1194-1194 dst-port 0-65535
22	set service "OpenVPN_entrant" protocol tcp src-port 0-65535 dst-port 1194-1194
23	set service "Iperf_sortant" protocol udp src-port 10985-10989 dst-port 0-65535
24	set service "Iperf_entrant" protocol udp src-port 0-65535 dst-port 10985-10989
25	set service "zabbix_entrant" protocol tcp src-port 0-65535 dst-port 10050-10051
26	set service "zabbix_sortant" protocol tcp src-port 10050-10051 dst-port 0-65535
27	set service "QoS_DITG_entrant" protocol udp src-port 0-65535 dst-port 10000-10010
28	set service "QoS_DITG_entrant_2" protocol tcp src-port 0-65535 dst-port 9000-9000
29	set auth-server "Local" id 0
30	set auth-server "Local" server-name "Local"
31	set auth default auth server "Local"
32	set auth radius accounting port 1646
33	set admin name "netscreen"
34	set admin password "nI2aKIrXMqTJcydDVslDSvJtm4Jubn"
35	set admin user "geraldine" password "nC2ALar7NXGBcfaLzsYG1qKtwMP8pn" privilege "all"
36	set admin user "christophe" password "nMc9KxrRNSZMcnmIAsIIfUHtdRJPwn" privilege "all"
37	set admin http redirect
38	set admin mail server-name "132.227.74.2"
39	set admin mail mail-addr1 "andre@tibre"
40	set admin mail mail-addr2 "alladoum@tibre"
41	set admin mail traffic-log
42	set admin auth timeout 10
43	set admin auth server "Local"
44	set admin auth banner telnet login "Bienvenue sur FIREWALL1.ENT2"
45	set admin auth banner console login "Bienvenue sur FIREWALL1.ENT2"
46	set admin privilege read-write
47	set admin format dos
48	set zone "Trust" vrouter "trust-vr"
49	set zone "Untrust" vrouter "trust-vr"
50	set zone "DMZ" vrouter "trust-vr"
51	set zone "VLAN" vrouter "trust-vr"
52	set zone "Untrust-Tun" vrouter "trust-vr"
53	set zone "Trust" tcp-rst
54	set zone "Untrust" block
55	unset zone "Untrust" tcp-rst
56	set zone "DMZ" tcp-rst
57	set zone "VLAN" block
58	unset zone "VLAN" tcp-rst
59	set zone "Trust" screen icmp-flood
60	set zone "Trust" screen udp-flood
61	set zone "Trust" screen winnuke
62	set zone "Trust" screen port-scan
63	set zone "Trust" screen syn-flood
64	set zone "Trust" screen ping-death
65	set zone "Untrust" screen tear-drop
66	set zone "Untrust" screen syn-flood
67	set zone "Untrust" screen ping-death
68	set zone "Untrust" screen ip-filter-src
69	set zone "Untrust" screen land
70	set zone "V1-Untrust" screen tear-drop
71	set zone "V1-Untrust" screen syn-flood
72	set zone "V1-Untrust" screen ping-death
73	set zone "V1-Untrust" screen ip-filter-src
74	set zone "V1-Untrust" screen land
75	set interface "ethernet0/0" zone "Untrust"
76	set interface "ethernet0/1" zone "DMZ"
77	set interface "bgroup0" zone "Trust"
78	set interface bgroup0 port ethernet0/2
79	set interface bgroup0 port ethernet0/3
80	set interface bgroup0 port ethernet0/4
81	unset interface vlan1 ip
82	set interface ethernet0/0 ip 10.40.0.1/30
83	set interface "ethernet0/0" ipv6 mode "router"
84	set interface "ethernet0/0" ipv6 interface-id 0000000000000002
85	set interface "ethernet0/0" ipv6 ip 2001:db8:4:10::1/64
86	set interface "ethernet0/0" ipv6 enable
87	set interface ethernet0/0 route
88	set interface bgroup0 ip 10.40.0.14/30
89	set interface "bgroup0" ipv6 mode "router"
90	set interface "bgroup0" ipv6 ip 2001:db8:4:11::1/64
91	set interface "bgroup0" ipv6 enable
92	set interface bgroup0 route
93	unset interface vlan1 bypass-others-ipsec
94	unset interface vlan1 bypass-non-ip
95	set interface ethernet0/0 ip manageable
96	set interface bgroup0 ip manageable
97	set interface ethernet0/0 manage ping
98	set interface ethernet0/0 manage ssh
99	set interface ethernet0/0 manage telnet
100	set interface ethernet0/0 manage snmp
101	set interface ethernet0/0 manage ssl
102	set interface ethernet0/0 manage web
103	set interface bgroup0 manage mtrace
104	set interface ethernet0/0 ipv6 ra link-mtu
105	set interface ethernet0/0 ipv6 ra link-address
106	set interface ethernet0/0 ipv6 ra transmit
107	set interface bgroup0 ipv6 ra link-mtu
108	set interface bgroup0 ipv6 ra link-address
109	set interface bgroup0 ipv6 ra retransmit-time
110	set interface bgroup0 ipv6 ra reachable-time
111	set interface bgroup0 ipv6 ra transmit
112	set interface ethernet0/0 ipv6 nd nud
113	set interface bgroup0 ipv6 nd nud
114	set interface ethernet0/1 dhcp client enable
115	set interface "serial0/0" modem settings "USR" init "AT&F"
116	set interface "serial0/0" modem settings "USR" active
117	set interface "serial0/0" modem speed 115200
118	set interface "serial0/0" modem retry 3
119	set interface "serial0/0" modem interval 10
120	set interface "serial0/0" modem idle-time 10
121	set flow tcp-mss
122	unset flow tcp-syn-check
123	set domain ent2.p6
124	set hostname firewall1
125	set pki authority default scep mode "auto"
126	set pki x509 default cert-path partial
127	set dns host dns1 10.40.0.9 src-interface ethernet0/0
128	set dns host dns2 0.0.0.0
129	set dns host dns3 0.0.0.0
130	set address "Trust" "10.40.0.5/32" 10.40.0.5 255.255.255.255
131	set address "Trust" "10.40.0.9/32" 10.40.0.9 255.255.255.255
132	set address "Trust" "10.40.253.1/32" 10.40.253.1 255.255.255.255
133	set address "Untrust" "10.10.0.0/16" 10.10.0.0 255.255.0.0
134	set address "Untrust" "10.40.0.5/32" 10.40.0.5 255.255.255.255
135	set address "Untrust" "10.40.0.9/32" 10.40.0.9 255.255.255.255
136	set address "Untrust" "10.40.253.1/32" 10.40.253.1 255.255.255.255
137	set address "Untrust" "10.40.253.10/32" 10.40.253.10 255.255.255.255
138	set user "christophe" uid 1
139	set user "christophe" type auth
140	set user "christophe" hash-password "02PrIj9I081CRLVmc/8B+TNYdSf22msniLh6s="
141	set user "christophe" "enable"
142	set ike respond-bad-spi 1
143	unset ike ikeid-enumeration
144	unset ipsec access-session enable
145	set ipsec access-session maximum 5000
146	set ipsec access-session upper-threshold 0
147	set ipsec access-session lower-threshold 0
148	set ipsec access-session dead-p2-sa-timeout 0
149	unset ipsec access-session log-error
150	unset ipsec access-session info-exch-connected
151	unset ipsec access-session use-error-log
152	set url protocol websense
153	exit
154	set policy id 20 from "Trust" to "Untrust" "Any-IPv6" "Any-IPv6" "ANY" permit
155	set policy id 20
156	exit
157	set policy id 22 from "Untrust" to "Trust" "Any-IPv6" "Any-IPv6" "ANY" permit
158	set policy id 22
159	exit
160	set policy id 13 from "Untrust" to "Trust" "Any-IPv4" "Any-IPv4" "ANY" permit
161	set policy id 13
162	exit
163	set policy id 14 from "Trust" to "Untrust" "Any-IPv4" "Any-IPv4" "ANY" permit
164	set policy id 14
165	exit
166	set monitor cpu 100
167	unset log module system level emergency destination NSM
168	unset log module system level alert destination NSM
169	unset log module system level critical destination NSM
170	unset log module system level error destination NSM
171	unset log module system level warning destination NSM
172	unset log module system level notification destination NSM
173	unset log module system level information destination NSM
174	unset log module system level debugging destination NSM
175	set global-pro policy-manager primary outgoing-interface ethernet0/0
176	set global-pro policy-manager secondary outgoing-interface ethernet0/0
177	set nsmgmt bulkcli reboot-timeout 60
178	set ssh version v2
179	set ssh enable
180	set scp enable
181	set config lock timeout 5
182	set ntp server "10.40.253.10"
183	set ntp server backup1 "0.0.0.0"
184	set ntp server backup2 "0.0.0.0"
185	set snmp community "entreprise2" Read-Only Trap-on version v1
186	set snmp location "LIP6"
187	set snmp contact "Geraldine,Christophe"
188	set snmp name "FIREWALL2.ENT2"
189	set snmp port listen 161
190	set snmp port trap 162
191	set vrouter "untrust-vr"
192	exit
193	set vrouter "trust-vr"
194	set adv-inact-interface
195	set access-list 20
196	set access-list 20 permit ip 10.40.254.0/24 1
197	set route-map name "vpnmap" permit 1
198	set match ip 20
199	exit
200	unset add-default-route
201	set protocol rip
202	set redistribute route-map "vpnmap" protocol static
203	exit
204	set protocol ripng
205	set enable
206	set reject-default-route
207	exit
208	exit
209	set interface ethernet0/0 protocol rip
210	set interface ethernet0/0 protocol rip enable
211	set interface ethernet0/0 protocol rip send-version v2
212	set interface ethernet0/0 protocol rip receive-version v2
213	set interface ethernet0/0 protocol rip summary-enable
214	set interface bgroup0 protocol rip
215	set interface bgroup0 protocol rip enable
216	set interface bgroup0 protocol rip send-version v2
217	set interface bgroup0 protocol rip receive-version v2
218	set interface bgroup0 protocol rip summary-enable
219	set vrouter "untrust-vr"
220	exit
221	set vrouter "trust-vr"
222	exit

Download in other formats:

Original Format