ASKER
ASKER
ASKER
ASKER
ASKER
ASKER
ASKER
ASKER
ASKER
Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.
TRUSTED BY
ASKER
set clock timezone 11
set vrouter trust-me sharable
unset vrouter "trust-me" auto-route-export
set service "Deskbank" protocol tcp src-port 0-65535 dst-port 6025-6025
set service "Freeparking" protocol tcp src-port 81-81 dst-port 81-81
set service "FTP - 20" protocol tcp src-port 0-65535 dst-port 20-20
set service "OpenVPN" protocol udp src-port 0-65535 dst-port 1194-1194
set service "PASV FTP" protocol tcp src-port 0-65535 dst-port 40000-45000
set service "RWW-4125" protocol tcp src-port 0-65535 dst-port 4125-4125
set service "smtp" protocol tcp src-port 0-65535 dst-port 25-25
set service "TSE" protocol tcp src-port 0-65535 dst-port 3389-3389
set service "Printing" protocol tcp src-port 0-65535 dst-port 515-515
set service "Printing" + tcp src-port 0-65535 dst-port 9100-9100
set service "ADomain" protocol udp src-port 0-65535 dst-port 48129-48137 timeout 30
set service "ADomain" + tcp src-port 0-65535 dst-port 8194-8294
set service "ADomain IN" protocol udp src-port 48129-48137 dst-port 48129-48137 timeout 30
set service "ADomain IN" + tcp src-port 0-65535 dst-port 8194-8294
set service "New FTP" protocol tcp src-port 0-65535 dst-port 2121-2121
set service "New FTP" + tcp src-port 0-65535 dst-port 50000-50050
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set admin name "netscreen"
set admin password "xxxx"
set admin port 8081
set admin ssh port 2002
set admin scs password disable username netscreen
set admin auth timeout 10
set admin auth server "Local"
set admin format dos
set vip multi-port
set zone "Trust" vrouter "trust-me"
set zone "Untrust" vrouter "trust-me"
set zone "VLAN" vrouter "trust-me"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
set zone "VLAN" block
set zone "VLAN" tcp-rst
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "trust" zone "Trust"
set interface "untrust" zone "Untrust"
set interface "tunnel.1" zone "Untrust"
set interface "tunnel.2" zone "Untrust"
set interface "tunnel.3" zone "Untrust"
unset interface vlan1 ip
set interface trust ip 192.168.44.254/24
set interface trust route
set interface untrust ip xxx.xxx.86.45/24
set interface untrust route
set interface tunnel.1 ip unnumbered interface trust
set interface tunnel.2 ip unnumbered interface untrust
set interface tunnel.3 ip 192.168.15.50/24
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface trust ip manageable
set interface untrust ip manageable
set interface untrust manage ping
set interface untrust manage telnet
set interface untrust manage web
set interface untrust vip untrust 25 "smtp" 192.168.44.20
set interface untrust vip untrust 22 "SSH" 192.168.44.20
set interface untrust vip untrust 21 "FTP" 192.168.44.20
set interface untrust vip untrust 4125 "RWW-4125" 192.168.44.20
set interface untrust vip untrust 443 "HTTPS" 192.168.44.20
set interface untrust vip untrust 2121 "New FTP" 192.168.44.20
set interface untrust dhcp-client enable
set interface tunnel.3 dip 4 192.168.15.51 192.168.15.100
set interface untrust ext ip 192.168.44.0 255.255.255.0 dip 5 192.168.44.61 192.168.44.61 fix-port
set interface "trust" mip 192.168.44.69 host 192.168.11.12 netmask 255.255.255.255 vrouter "trust-me"
set interface "trust" mip 192.168.44.70 host 192.168.11.254 netmask 255.255.255.255 vrouter "trust-me"
set interface "tunnel.3" mip 192.168.15.5 host 192.168.44.250 netmask 255.255.255.255 vrouter "trust-me"
set flow tcp-mss
set domain lan
set hostname HOSTNAME01
set dns host dns1 10.0.0.138
set dns host dns2 xxx.xx.xxx.40
set address "Trust" "192.168.44.20/32" 192.168.44.20 255.255.255.255
set address "Trust" "MMc 192.168.15.0" 192.168.15.0 255.255.255.0
set address "Trust" "MMC Lan-192.168.44.0/24" 192.168.44.0 255.255.255.0
set address "Trust" "VirtualVax-192.168.44.69/
set address "Untrust" "xx.xx.xx.82/32" xx.xx.xx.82 255.255.255.255
set address "Untrust" "BT_PIE Network" xxx.xx.xxx.0 255.255.255.0
set address "Untrust" "Kauri Lan-192.168.11.0/24" 192.168.11.0 255.255.255.0
set address "Untrust" "Kauri Systems Firewall" xx.xxx.xx.66 255.255.255.255
set address "Untrust" "Kauri Vax Firewall" xx.xxx.xx.36 255.255.255.255
set address "Untrust" "KauriServer-192.168.11.12
set address "Untrust" "peter-10.10.200.103/32" 10.10.200.103 255.255.255.255
set address "Untrust" "robert-10.10.200.101/32" 10.10.200.101 255.255.255.255
set address "Untrust" "shayne-10.10.200.104/32" 10.10.200.104 255.255.255.255
set address "Untrust" "tom-10.10.200.102/32" 10.10.200.102 255.255.255.255
set user "Ceiba" uid 5
set user "Ceiba" ike-id u-fqdn "user1@domain.co.nz" share-limit 1
set user "Ceiba" type auth ike xauth
set user "Ceiba" password "password"
set user "Ceiba" "enable"
set user "peter" uid 17
set user "peter" ike-id u-fqdn "user2@domain.co.nz" share-limit 1
set user "peter" type auth ike xauth
set user "peter" password "password"
set user "peter" "enable"
set user "robert" uid 15
set user "robert" ike-id u-fqdn "user3@domain.co.nz" share-limit 1
set user "robert" type auth ike xauth
set user "robert" password "password"
set user "robert" "enable"
set user "shayne" uid 18
set user "shayne" ike-id u-fqdn "user4@domain.co.nz" share-limit 1
set user "shayne" type auth ike xauth
set user "shayne" password "password"
set user "shayne" "enable"
set user "tom" uid 16
set user "tom" ike-id u-fqdn "user5@domain.co.nz" share-limit 1
set user "tom" type auth ike xauth
set user "tom" password "password"
set user "tom" "enable"
set user-group "NSRemoteUsers" id 9
set user-group "NSRemoteUsers" user "user1"
set user-group "NSRemoteUsers" user "user2"
set user-group "NSRemoteUsers" user "user3"
set user-group "NSRemoteUsers" user "user4"
set user-group "NSRemoteUsers" user "user5"
set ike p1-proposal "BT_P1" preshare group5 esp aes256 sha-1 second 86400
set ike p2-proposal "BT_P2" group5 esp aes256 sha-1 second 86400
set ike gateway "Kauri-Gateway" address xx.xxx.xx.66 Main outgoing-interface "untrust" preshare "/RNLClOKNUgcl4s0i1CqcRZvO
set ike gateway "Gateway-NSRemote" address 0.0.0.0 id "nsremote@domain.co.nz" Main local-id "mmcnz.co.nz" outgoing-interface "untrust" preshare "Nywq5g8yNgr01qsxxxxxxV3v+
set ike gateway "Gateway-NSRemote" cert peer-ca all
unset ike gateway "Gateway-NSRemote" nat-traversal
set ike gateway "BT_PIE GW" address 203.10.111.10 Main outgoing-interface "untrust" preshare "HM6hBEyhNha4ezsaVdCWJDzOl
set ike respond-bad-spi 1
set vpn "Tunnel-user2" gateway "Gateway-NSRemote" no-replay tunnel idletime 0 sec-level standard
set vpn "Tunnel-user2" id 20 bind interface tunnel.2
set interface tunnel.2 nhtb 10.10.200.103 vpn "Tunnel-user2"
set vpn "Tunnel-user3" gateway "Gateway-NSRemote" no-replay tunnel idletime 0 sec-level standard
set vpn "Tunnel-user3" id 21 bind interface tunnel.2
set interface tunnel.2 nhtb 10.10.200.101 vpn "Tunnel-user3"
set vpn "Tunnel-user4" gateway "Gateway-NSRemote" no-replay tunnel idletime 0 sec-level standard
set vpn "Tunnel-user4" id 22 bind interface tunnel.2
set interface tunnel.2 nhtb 10.10.200.102 vpn "Tunnel-user4"
set vpn "Tunnel-user5" gateway "Gateway-NSRemote" no-replay tunnel idletime 0 sec-level standard
set vpn "Tunnel-user5" id 23 bind interface tunnel.2
set vpn "Kauri-Tunnel" gateway "Kauri-Gateway" no-replay tunnel idletime 0 proposal "nopfs-esp-3des-md5"
set vpn "Kauri-Tunnel" id 1 bind interface tunnel.1
set vpn "BT_VPN" gateway "BT_PIE GW" no-replay tunnel idletime 0 proposal "BT_P2"
set vpn "BT_VPN" id 25 bind interface tunnel.3
set vpn "Tunnel-Ceiba" gateway "Gateway-NSRemote" no-replay tunnel idletime 0 sec-level standard
set vpn "Tunnel-Ceiba" id 26 bind interface tunnel.2
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set group address "Untrust" "MMC-NSremoteUsers-10.10.2
set group address "Untrust" "MMC-NSremoteUsers-10.10.2
set group address "Untrust" "MMC-NSremoteUsers-10.10.2
set group address "Untrust" "MMC-NSremoteUsers-10.10.2
set group address "Untrust" "MMC-NSremoteUsers-10.10.2
set group service "Web Surfing"
set group service "Web Surfing" add "DNS"
set group service "Web Surfing" add "FTP"
set group service "Web Surfing" add "FTP-Get"
set group service "Web Surfing" add "FTP-Put"
set group service "Web Surfing" add "HTTP"
set group service "Web Surfing" add "HTTPS"
set group service "Web Surfing" add "MAIL"
set group service "Web Surfing" add "PING"
set group service "Web Surfing" add "POP3"
set group service "Web Surfing" add "TSE"
set policy id 13 from "Untrust" to "Trust" "MMC-NSremoteUsers-10.10.2
set policy id 15 from "Untrust" to "Trust" "Any" "MMC Lan-192.168.44.0/24" "ANY" permit
set policy id 31 name "Deskbank" from "Trust" to "Untrust" "Any" "Any" "Deskbank" nat src permit
set policy id 32 name "OpenVPN" from "Trust" to "Untrust" "MMC Lan-192.168.44.0/24" "Any" "OpenVPN" nat src permit
set policy id 29 from "Trust" to "Untrust" "Any" "Any" "PPTP" nat src permit
set policy id 20 name "ADomain" from "Trust" to "Untrust" "Any" "Any" "ADomain" nat src permit
set policy id 19 name "FTP" from "Trust" to "Untrust" "MMC Lan-192.168.44.0/24" "Any" "FTP" nat src permit
set policy id 19 application "FTP"
set policy id 1 name "MMC Internet Access" from "Trust" to "Untrust" "MMC Lan-192.168.44.0/24" "Any" "Web Surfing" nat src permit
set policy id 14 from "Trust" to "Untrust" "MMC Lan-192.168.44.0/24" "Any" "ANY" permit
set policy id 9 from "Untrust" to "Trust" "MMC-NSremoteUsers-10.10.2
set policy id 8 from "Trust" to "Untrust" "MMC Lan-192.168.44.0/24" "MMC-NSremoteUsers-10.10.2
set policy id 2 from "Trust" to "Untrust" "MMC Lan-192.168.44.0/24" "Kauri Lan-192.168.11.0/24" "ANY" permit
set policy id 7 from "Trust" to "Untrust" "MMC Lan-192.168.44.0/24" "Kauri Vax Firewall" "TELNET" nat src permit log
set policy id 17 from "Trust" to "Untrust" "MMC Lan-192.168.44.0/24" "BT_PIE Network" "ANY" nat src dip-id 4 permit log
set policy id 3 from "Trust" to "Untrust" "Any" "Any" "ANY" deny log
set policy id 6 from "Untrust" to "Trust" "Kauri Lan-192.168.11.0/24" "MMC Lan-192.168.44.0/24" "ANY" permit
set policy id 4 from "Untrust" to "Trust" "Kauri Lan-192.168.11.0/24" "MMC Lan-192.168.44.0/24" "Printing" permit log
set policy id 16 from "Untrust" to "Trust" "BT_PIE Network" "MIP(192.168.15.5)" "ANY" nat src permit
set policy id 18 name "SMTP" from "Untrust" to "Trust" "Any" "VIP::1" "smtp" permit
set policy id 21 name "SFTP" from "Untrust" to "Trust" "Any" "VIP::1" "SSH" permit
set policy id 21 disable
set policy id 25 name "FTP" from "Untrust" to "Trust" "Any" "VIP::1" "FTP" permit
set policy id 25 disable
set policy id 23 name "RWW-4125" from "Untrust" to "Trust" "Any" "VIP::1" "RWW-4125" permit
set policy id 24 name "HTTPS" from "Untrust" to "Trust" "Any" "VIP::1" "HTTPS" permit
set policy id 30 name "FTP + 50 PASV" from "Untrust" to "Trust" "Any" "VIP::1" "New FTP" permit
set policy id 5 from "Untrust" to "Trust" "Any" "Any" "ANY" deny log
set policy id 11 from "Trust" to "Trust" "MMC Lan-192.168.44.0/24" "MIP(192.168.44.69)" "ANY" permit
set vpn "Tunnel-peter" proxy-id local-ip 192.168.44.0/24 remote-ip 10.10.200.103/32 "ANY"
set vpn "Tunnel-robert" proxy-id local-ip 192.168.44.0/24 remote-ip 10.10.200.101/32 "ANY"
set vpn "Tunnel-tom" proxy-id local-ip 192.168.44.0/24 remote-ip 10.10.200.102/32 "ANY"
set vpn "Tunnel-shayne" proxy-id local-ip 192.168.44.0/24 remote-ip 10.10.200.104/32 "ANY"
set vpn "Kauri-Tunnel" proxy-id local-ip 192.168.44.0/24 remote-ip 192.168.11.0/24 "ANY"
set vpn "BT_VPN" proxy-id local-ip 192.168.15.0/24 remote-ip 172.24.205.0/24 "ANY"
set vpn "Tunnel-Ceiba" proxy-id local-ip 192.168.44.0/24 remote-ip 10.10.200.106/32 "ANY"
set global-pro policy-manager primary outgoing-interface untrust
set global-pro policy-manager secondary outgoing-interface untrust
set ssh version v2
set config lock timeout 5
set ntp server "0.0.0.0"
set ntp server backup1 "0.0.0.0"
set ntp server backup2 "0.0.0.0"
set modem speed 115200
set modem retry 3
set modem interval 10
set modem idle-time 10
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-me"
exit
set vrouter "trust-me"
unset add-default-route
set route 192.168.11.0/24 interface tunnel.1
set route 10.10.200.0/24 interface tunnel.2
set route xxx.xx.xxx.0/24 interface tunnel.3 gateway 192.168.15.50
set route xxx.xx.xx.0/24 interface trust gateway 192.168.44.253
set route xxx.xx.xx.0/24 interface trust gateway 192.168.44.253
exit