Realisations/2011-2012/Projet/Entreprise2: ssg201-ent2-cfg.txt

File ssg201-ent2-cfg.txt, 5.2 KB (added by bbaron, 13 years ago)
Line 
1unset key protection enable
2set clock timezone 0
3set vrouter trust-vr sharable
4set vrouter "untrust-vr"
5exit
6set vrouter "trust-vr"
7unset auto-route-export
8exit
9set alg appleichat enable
10unset alg appleichat re-assembly enable
11set alg sctp enable
12set auth-server "Local" id 0
13set auth-server "Local" server-name "Local"
14set auth default auth server "Local"
15set auth radius accounting port 1646
16set admin name "netscreen"
17set admin password "nKVUM2rwMUzPcrkG5sWIHdCtqkAibn"
18set admin auth web timeout 10
19set admin auth dial-in timeout 3
20set admin auth server "Local"
21set admin format dos
22set zone "Trust" vrouter "trust-vr"
23set zone "Untrust" vrouter "trust-vr"
24set zone "DMZ" vrouter "trust-vr"
25set zone "VLAN" vrouter "trust-vr"
26set zone "Untrust-Tun" vrouter "trust-vr"
27set zone "Trust" tcp-rst
28set zone "Untrust" block
29unset zone "Untrust" tcp-rst
30set zone "MGT" block
31unset zone "V1-Trust" tcp-rst
32unset zone "V1-Untrust" tcp-rst
33set zone "DMZ" tcp-rst
34unset zone "V1-DMZ" tcp-rst
35unset zone "VLAN" tcp-rst
36set zone "Untrust" screen tear-drop
37set zone "Untrust" screen syn-flood
38set zone "Untrust" screen ping-death
39set zone "Untrust" screen ip-filter-src
40set zone "Untrust" screen land
41set zone "V1-Untrust" screen tear-drop
42set zone "V1-Untrust" screen syn-flood
43set zone "V1-Untrust" screen ping-death
44set zone "V1-Untrust" screen ip-filter-src
45set zone "V1-Untrust" screen land
46set interface "ethernet0/0" zone "Untrust"
47set interface "ethernet0/1" zone "V1-Trust"
48set interface "ethernet0/2" zone "V1-Untrust"
49set interface "bgroup0" zone "Trust"
50set interface bgroup0 port ethernet0/3
51set interface bgroup0 port ethernet0/4
52set interface vlan1 ip 28.5.254.8/30
53set interface ethernet0/0 ip 4.11.100.36/28
54set interface ethernet0/0 route
55set interface bgroup0 ip 192.168.1.1/24
56set interface bgroup0 nat
57unset interface vlan1 bypass-others-ipsec
58unset interface vlan1 bypass-non-ip
59unset interface vlan1 bypass-ipv6-others-ipsec
60set interface vlan1 bypass-icmpv6-ndp
61set interface vlan1 bypass-icmpv6-mld
62unset interface vlan1 bypass-icmpv6-mrd
63unset interface vlan1 bypass-icmpv6-msp
64set interface vlan1 bypass-icmpv6-snd
65set interface vlan1 ip manageable
66set interface ethernet0/0 ip manageable
67set interface bgroup0 ip manageable
68set interface ethernet0/0 manage ping
69set interface ethernet0/0 manage ssh
70set interface ethernet0/0 manage telnet
71set interface ethernet0/0 manage snmp
72set interface ethernet0/0 manage ssl
73set interface ethernet0/0 manage web
74set interface ethernet0/0 manage mtrace
75set interface bgroup0 dhcp server service
76set interface bgroup0 dhcp server auto
77set interface bgroup0 dhcp server option gateway 192.168.1.1
78set interface bgroup0 dhcp server option netmask 255.255.255.0
79set interface bgroup0 dhcp server ip 192.168.1.33 to 192.168.1.126
80unset interface bgroup0 dhcp server config next-server-ip
81set interface "serial0/0" modem settings "USR" init "AT&F"
82set interface "serial0/0" modem settings "USR" active
83set interface "serial0/0" modem speed 115200
84set interface "serial0/0" modem retry 3
85set interface "serial0/0" modem interval 10
86set interface "serial0/0" modem idle-time 10
87set flow tcp-mss
88unset flow no-tcp-seq-check
89set flow tcp-syn-check
90unset flow tcp-syn-bit-check
91set flow reverse-route clear-text prefer
92set flow reverse-route tunnel always
93set pki authority default scep mode "auto"
94set pki x509 default cert-path partial
95set crypto-policy
96exit
97set ike respond-bad-spi 1
98set ike ikev2 ike-sa-soft-lifetime 60
99unset ike ikeid-enumeration
100unset ike dos-protection
101unset ipsec access-session enable
102set ipsec access-session maximum 5000
103set ipsec access-session upper-threshold 0
104set ipsec access-session lower-threshold 0
105set ipsec access-session dead-p2-sa-timeout 0
106unset ipsec access-session log-error
107unset ipsec access-session info-exch-connected
108unset ipsec access-session use-error-log
109set vrouter "untrust-vr"
110exit
111set vrouter "trust-vr"
112exit
113set url protocol websense
114exit
115set policy id 1 from "Trust" to "Untrust"  "Any-IPv4" "Any-IPv4" "ANY" permit
116set policy id 1
117exit
118set policy id 2 from "V1-Trust" to "V1-Untrust"  "Any-IPv4" "Any-IPv4" "ANY" permit
119set policy id 2
120exit
121set policy id 3 from "V1-Untrust" to "V1-Trust"  "Any-IPv4" "Any-IPv4" "ANY" permit
122set policy id 3
123exit
124set policy id 4 from "V1-Trust" to "V1-Untrust"  "Any-IPv6" "Any-IPv6" "ANY" permit
125set policy id 4
126exit
127set policy id 5 from "V1-Untrust" to "V1-Trust"  "Any-IPv6" "Any-IPv6" "ANY" permit
128set policy id 5
129exit
130set nsmgmt bulkcli reboot-timeout 60
131set ssh version v2
132set config lock timeout 5
133set license-key auto-update
134set telnet client enable
135set snmp community "public" Read-Only Trap-on traffic version any 
136set snmp community "test" Read-Write Trap-on traffic version v1 
137set snmp location "Paris"
138set snmp contact "Olivier Fourmaux"
139set snmp name "firewall1"
140unset snmp auth-trap enable
141set snmp port listen 161
142set snmp port trap 162
143set vrouter "untrust-vr"
144exit
145set vrouter "trust-vr"
146unset add-default-route
147set route 4.11.100.0/2 interface vlan1 gateway 28.5.254.10
148set route 0.0.0.0/0 interface vlan1 gateway 28.5.254.9
149exit
150set vrouter "untrust-vr"
151exit
152set vrouter "trust-vr"
153exit