Realisations/2006-2007/Projet/Entreprise2/Firewall2: config_SSG20_2007-03-09.cfg

File config_SSG20_2007-03-09.cfg, 4.7 KB (added by alladoum, 18 years ago)
Line 
1set clock dst-off
2set clock ntp
3set clock timezone 1
4set vrouter trust-vr sharable
5set vrouter "untrust-vr"
6exit
7set vrouter "trust-vr"
8unset auto-route-export
9exit
10set auth-server "Local" id 0
11set auth-server "Local" server-name "Local"
12set auth default auth server "Local"
13set auth radius accounting port 1646
14set admin name "netscreen"
15set admin password "nKVUM2rwMUzPcrkG5sWIHdCtqkAibn"
16set admin user "geraldine" password "nC2ALar7NXGBcfaLzsYG1qKtwMP8pn" privilege "all"
17set admin user "christophe" password "nMc9KxrRNSZMcnmIAsIIfUHtdRJPwn" privilege "all"
18set admin http redirect
19set admin mail alert
20set admin mail server-name "10.40.0.9"
21set admin mail mail-addr1 "lagege1983@hotmail.com"
22set admin mail mail-addr2 "christophe.alladoum@rp.lip6.fr"
23set admin mail traffic-log
24set admin auth timeout 10
25set admin auth server "Local"
26set admin auth banner telnet login "Bienvenue sur FIREWALL2.ENT2"
27set admin auth banner console login "Bienvenue sur FIREWALL2.ENT2"
28set admin format dos
29set zone "Trust" vrouter "trust-vr"
30set zone "Untrust" vrouter "trust-vr"
31set zone "DMZ" vrouter "trust-vr"
32set zone "VLAN" vrouter "trust-vr"
33set zone "Untrust-Tun" vrouter "trust-vr"
34set zone "Trust" tcp-rst
35set zone "Untrust" block
36unset zone "Untrust" tcp-rst
37set zone "DMZ" tcp-rst
38set zone "VLAN" block
39unset zone "VLAN" tcp-rst
40set zone "Untrust" screen tear-drop
41set zone "Untrust" screen syn-flood
42set zone "Untrust" screen ping-death
43set zone "Untrust" screen ip-filter-src
44set zone "Untrust" screen land
45set zone "V1-Untrust" screen tear-drop
46set zone "V1-Untrust" screen syn-flood
47set zone "V1-Untrust" screen ping-death
48set zone "V1-Untrust" screen ip-filter-src
49set zone "V1-Untrust" screen land
50set interface "ethernet0/0" zone "Untrust"
51set interface "ethernet0/1" zone "DMZ"
52set interface "bgroup0" zone "Trust"
53set interface bgroup0 port ethernet0/2
54set interface bgroup0 port ethernet0/3
55set interface bgroup0 port ethernet0/4
56unset interface vlan1 ip
57set interface ethernet0/0 ip 10.40.0.5/30
58set interface ethernet0/0 route
59set interface bgroup0 ip 10.40.0.10/30
60set interface bgroup0 route
61set interface ethernet0/0 gateway 10.40.0.6
62unset interface vlan1 bypass-others-ipsec
63unset interface vlan1 bypass-non-ip
64set interface ethernet0/0 ip manageable
65set interface bgroup0 ip manageable
66set interface ethernet0/0 manage ping
67set interface ethernet0/0 manage ssh
68set interface ethernet0/0 manage ssl
69unset interface bgroup0 manage telnet
70unset interface bgroup0 manage web
71set interface bgroup0 manage mtrace
72set interface ethernet0/1 dhcp client enable
73set interface "serial0/0" modem settings "USR" init "AT&F"
74set interface "serial0/0" modem settings "USR" active
75set interface "serial0/0" modem speed 115200
76set interface "serial0/0" modem retry 3
77set interface "serial0/0" modem interval 10
78set interface "serial0/0" modem idle-time 10
79set flow tcp-mss
80unset flow tcp-syn-check
81set pki authority default scep mode "auto"
82set pki x509 default cert-path partial
83set ike respond-bad-spi 1
84unset ike ikeid-enumeration
85unset ipsec access-session enable
86set ipsec access-session maximum 5000
87set ipsec access-session upper-threshold 0
88set ipsec access-session lower-threshold 0
89set ipsec access-session dead-p2-sa-timeout 0
90unset ipsec access-session log-error
91unset ipsec access-session info-exch-connected
92unset ipsec access-session use-error-log
93set url protocol websense
94exit
95set policy id 1 from "Trust" to "Untrust"  "Any" "Any" "ANY" permit
96set policy id 1
97exit
98set policy id 2 from "Untrust" to "Trust"  "Any" "Any" "ANY" permit
99set policy id 2
100exit
101set monitor cpu 100
102unset log module system level emergency destination NSM
103unset log module system level alert destination NSM
104unset log module system level critical destination NSM
105unset log module system level error destination NSM
106unset log module system level warning destination NSM
107unset log module system level notification destination NSM
108unset log module system level information destination NSM
109unset log module system level debugging destination NSM
110set global-pro policy-manager primary outgoing-interface ethernet0/0
111set global-pro policy-manager secondary outgoing-interface ethernet0/0
112set nsmgmt bulkcli reboot-timeout 60
113set ssh version v2
114set ssh enable
115set scp enable
116set config lock timeout 5
117set ntp server "10.40.253.10"
118set ntp server backup1 "0.0.0.0"
119set ntp server backup2 "0.0.0.0"
120set snmp location "Paris,France"
121set snmp contact "Geraldine,Christophe"
122set snmp name "FIREWALL2.ENT2"
123set snmp port listen 161
124set snmp port trap 162
125set vrouter "untrust-vr"
126exit
127set vrouter "trust-vr"
128unset add-default-route
129exit
130set vrouter "untrust-vr"
131exit
132set vrouter "trust-vr"
133exit