Realisations/2006-2007/Projet/Entreprise2/Firewall2: config_SSG20_2007-03-30.cfg

File config_SSG20_2007-03-30.cfg, 5.3 KB (added by alladoum, 18 years ago)
Line 
1set clock dst-off
2set clock ntp
3set clock timezone 1
4set vrouter trust-vr sharable
5set vrouter "untrust-vr"
6exit
7set vrouter "trust-vr"
8unset auto-route-export
9set protocol rip
10set enable
11set reject-default-route
12exit
13exit
14set auth-server "Local" id 0
15set auth-server "Local" server-name "Local"
16set auth default auth server "Local"
17set auth radius accounting port 1646
18set admin name "netscreen"
19set admin password "nI2aKIrXMqTJcydDVslDSvJtm4Jubn"
20set admin user "geraldine" password "nC2ALar7NXGBcfaLzsYG1qKtwMP8pn" privilege "all"
21set admin user "christophe" password "nMc9KxrRNSZMcnmIAsIIfUHtdRJPwn" privilege "all"
22set admin http redirect
23set admin mail server-name "132.227.74.2"
24set admin mail mail-addr1 "andre@tibre"
25set admin mail mail-addr2 "alladoum@tibre"
26set admin mail traffic-log
27set admin auth timeout 10
28set admin auth server "Local"
29set admin auth banner telnet login "Bienvenue sur FIREWALL2.ENT2"
30set admin auth banner console login "Bienvenue sur FIREWALL2.ENT2"
31set admin format dos
32set zone "Trust" vrouter "trust-vr"
33set zone "Untrust" vrouter "trust-vr"
34set zone "DMZ" vrouter "trust-vr"
35set zone "VLAN" vrouter "trust-vr"
36set zone "Untrust-Tun" vrouter "trust-vr"
37set zone "Trust" tcp-rst
38set zone "Untrust" block
39unset zone "Untrust" tcp-rst
40set zone "DMZ" tcp-rst
41set zone "VLAN" block
42unset zone "VLAN" tcp-rst
43set zone "Untrust" screen tear-drop
44set zone "Untrust" screen syn-flood
45set zone "Untrust" screen ping-death
46set zone "Untrust" screen ip-filter-src
47set zone "Untrust" screen land
48set zone "V1-Untrust" screen tear-drop
49set zone "V1-Untrust" screen syn-flood
50set zone "V1-Untrust" screen ping-death
51set zone "V1-Untrust" screen ip-filter-src
52set zone "V1-Untrust" screen land
53set interface "ethernet0/0" zone "Untrust"
54set interface "ethernet0/1" zone "DMZ"
55set interface "bgroup0" zone "Trust"
56set interface bgroup0 port ethernet0/2
57set interface bgroup0 port ethernet0/3
58set interface bgroup0 port ethernet0/4
59unset interface vlan1 ip
60set interface ethernet0/0 ip 10.40.0.5/30
61set interface ethernet0/0 route
62set interface bgroup0 ip 10.40.0.10/30
63set interface bgroup0 route
64set interface ethernet0/0 gateway 10.40.0.6
65unset interface vlan1 bypass-others-ipsec
66unset interface vlan1 bypass-non-ip
67set interface ethernet0/0 ip manageable
68set interface bgroup0 ip manageable
69set interface ethernet0/0 manage ping
70set interface ethernet0/0 manage ssh
71set interface ethernet0/0 manage ssl
72unset interface bgroup0 manage telnet
73unset interface bgroup0 manage web
74set interface bgroup0 manage mtrace
75set interface ethernet0/1 dhcp client enable
76set interface "serial0/0" modem settings "USR" init "AT&F"
77set interface "serial0/0" modem settings "USR" active
78set interface "serial0/0" modem speed 115200
79set interface "serial0/0" modem retry 3
80set interface "serial0/0" modem interval 10
81set interface "serial0/0" modem idle-time 10
82set flow tcp-mss
83unset flow tcp-syn-check
84set pki authority default scep mode "auto"
85set pki x509 default cert-path partial
86set ike respond-bad-spi 1
87unset ike ikeid-enumeration
88unset ipsec access-session enable
89set ipsec access-session maximum 5000
90set ipsec access-session upper-threshold 0
91set ipsec access-session lower-threshold 0
92set ipsec access-session dead-p2-sa-timeout 0
93unset ipsec access-session log-error
94unset ipsec access-session info-exch-connected
95unset ipsec access-session use-error-log
96set url protocol websense
97exit
98set policy id 1 from "Trust" to "Untrust"  "Any" "Any" "ANY" permit
99set policy id 1
100exit
101set policy id 2 from "Untrust" to "Trust"  "Any" "Any" "ANY" permit
102set policy id 2
103exit
104set monitor cpu 100
105unset log module system level emergency destination NSM
106unset log module system level alert destination NSM
107unset log module system level critical destination NSM
108unset log module system level error destination NSM
109unset log module system level warning destination NSM
110unset log module system level notification destination NSM
111unset log module system level information destination NSM
112unset log module system level debugging destination NSM
113set global-pro policy-manager primary outgoing-interface ethernet0/0
114set global-pro policy-manager secondary outgoing-interface ethernet0/0
115set nsmgmt bulkcli reboot-timeout 60
116set ssh version v2
117set ssh enable
118set scp enable
119set config lock timeout 5
120set ntp server "10.40.253.10"
121set ntp server backup1 "0.0.0.0"
122set ntp server backup2 "0.0.0.0"
123set snmp community "entreprise2" Read-Only Trap-on  version v1
124set snmp location "LIP6"
125set snmp contact "Geraldine,Christophe"
126set snmp name "FIREWALL2.ENT2"
127set snmp port listen 161
128set snmp port trap 162
129set vrouter "untrust-vr"
130exit
131set vrouter "trust-vr"
132unset add-default-route
133exit
134set interface bgroup0 protocol rip
135set interface bgroup0 protocol rip enable
136set interface bgroup0 protocol rip split-horizon poison-reverse
137set interface bgroup0 protocol rip send-version v1v2
138set interface bgroup0 protocol rip receive-version v1v2
139set interface ethernet0/0 protocol rip
140set interface ethernet0/0 protocol rip enable
141set interface ethernet0/0 protocol rip split-horizon poison-reverse
142set interface ethernet0/0 protocol rip send-version v1v2
143set interface ethernet0/0 protocol rip receive-version v1v2
144set vrouter "untrust-vr"
145exit
146set vrouter "trust-vr"
147exit