Scribd Logo
Upload

Welcome to Scribd!

  • SRXC 2

    Uploaded by

    ufkazim2722
    18 views5 pages
    zxv

    Original Title

    SRXC-2

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    zxv

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    18 views5 pages

    SRXC 2

    Uploaded by

    ufkazim2722
    zxv

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    system {

    host-name srxC-2;
    root-authentication {
    encrypted-password "$1$KI99zGk6$MbYFuBbpLffu9tn2.sI7l1";
    ssh-dsa "ssh-dss AAAAB3NzaC1kc3MAAACBAMQrfP2bZyBXJ6PC7XXZ+MzErI8Jl6jah5L
    4/O8BsfP2hC7EvRfNoX7MqbrtCX/9gUH9gChVuBCB+ERULMdgRvM5uGhC/gs4UX+4dBbfBgKYYwgmisM
    8EoT25m7qI8ybpl2YZvHNznvO8h7kr4kpYuQEpKvgsTdH/Jle4Uqnjv7DAAAAFQDZaqA6QAgbW3O/zve
    aLCIDj6p0dwAAAIB1iL+krWrXiD8NPpY+w4dWXEqaV3bnobzPC4eyxQKBUCOr80Q5YBlWXVBHx9elwBW
    Zwj0SF4hLKHznExnLerVsMuTMA846RbQmSz62vM6kGM13HFonWeQvWia0TDr78+rOEgWF2KHBSIxL51l
    mIDW8Gql9hJfD/Dr/NKP97w3L0wAAAIEAr3FkWU8XbYytQYEKxsIN9P1UQ1ERXB3G40YwqFO484SlyKy
    YCfaz+yNsaAJu2C8UebDIR3GieyNcOAKf3inCG8jQwjLvZskuZwrvlsz/xtcxSoAh9axJcdUfSJYMW/g
    +mD26JK1Cliw5rwp2nH9kUrJxeI7IReDp4egNkM4i15o= configurator@server1.he"; ## SECRE
    T-DATA
    }
    login {
    user lab {
    uid 2000;
    class super-user;
    authentication {
    encrypted-password "$1$84J5Maes$cni5Hrazbd/IEHr/50oY30";
    }
    }
    }
    services {
    ssh;
    telnet;
    web-management {
    http;
    }
    }
    syslog {
    file messages {
    any any;
    authorization info;
    }
    file interactive-commands {
    interactive-commands any;
    }
    }
    }
    interfaces {
    ge-0/0/0 {
    description "MGMT Interface - DO NOT DELETE";
    unit 0 {
    family inet {
    address 10.210.12.136/26;
    }
    }
    }
    ge-0/0/3 {
    unit 0 {
    family inet {
    address 172.18.2.2/30;
    }
    }
    }
    ge-0/0/4 {
    vlan-tagging;
    unit 106 {
    vlan-id 106;
    family inet {
    address 172.20.106.1/24;
    }
    }
    unit 206 {
    vlan-id 206;
    family inet {
    address 172.20.206.1/24;
    }
    }
    }
    lo0 {
    unit 0 {
    family inet {
    address 192.168.2.1/32;
    }
    }
    }
    }
    routing-options {
    static {
    route 0.0.0.0/0 next-hop 172.18.2.1;
    }
    }
    security {
    address-book {
    untrust {
    address vr105 172.20.105.0/24;
    address vr205 172.20.205.0/24;
    address srxC-1 172.18.1.0/30;
    attach {
    zone untrust;
    }
    }
    global {
    address internet-host 172.31.15.1/32;
    }
    Juniper-WF {
    address vr106 172.20.106.0/24;
    attach {
    zone Juniper-WF;
    }
    }
    ACME-WF {
    address vr206 172.20.206.0/24;
    attach {
    zone ACME-WF;
    }
    }
    }
    policies {
    from-zone Juniper-WF to-zone Juniper-WF {
    policy intrazone-Juniper-WF {
    match {
    source-address any;
    destination-address any;
    application any;
    }
    then {
    permit;
    }
    }
    }
    from-zone ACME-WF to-zone ACME-WF {
    policy intrazone-ACME-WF {
    match {
    source-address any;
    destination-address any;
    application any;
    }
    then {
    permit;
    }
    }
    }
    from-zone Juniper-WF to-zone untrust {
    policy outbound-ftp-auth {
    match {
    source-address vr106;
    destination-address vr105;
    application junos-ftp;
    }
    then {
    permit;
    }
    }
    policy deny-ftp-Juniper-WF {
    match {
    source-address any;
    destination-address any;
    application junos-ftp;
    }
    then {
    reject;
    }
    }
    policy internet-Juniper-WF {
    match {
    source-address vr106;
    destination-address any;
    application any;
    }
    then {
    permit;
    }
    }
    }
    from-zone ACME-WF to-zone untrust {
    policy internet-ACME-WF {
    match {
    source-address vr206;
    destination-address any;
    application any;
    }
    then {
    permit;
    }
    }
    }
    from-zone untrust to-zone Juniper-WF {
    policy Juniper-SV-to-Juniper-WF {
    match {
    source-address vr105;
    destination-address vr106;
    application internal-apps;
    }
    then {
    permit;
    log {
    session-init;
    session-close;
    }
    }
    scheduler-name internal-apps-scheduler;
    }
    policy inbound-ftp-auth {
    match {
    source-address vr105;
    destination-address vr106;
    application junos-ftp;
    }
    then {
    permit {
    firewall-authentication {
    pass-through {
    client-match ftp-group;
    }
    }
    }
    }
    }
    }
    }
    zones {
    functional-zone management {
    interfaces {
    ge-0/0/0.0;
    }
    host-inbound-traffic {
    system-services {
    ssh;
    telnet;
    ping;
    traceroute;
    http;
    snmp;
    }
    }
    }
    security-zone Juniper-WF {
    interfaces {
    ge-0/0/4.106;
    }
    }
    security-zone ACME-WF {
    interfaces {
    ge-0/0/4.206;
    }
    }
    security-zone untrust {
    interfaces {
    ge-0/0/3.0;
    }
    }
    }
    }
    access {
    profile ftp-users {
    client nancy {
    firewall-user {
    password "$9$7bds4aJDmfz-VQn/9pu8XxdYg"; ## SECRET-DATA
    }
    }
    client walter {
    firewall-user {
    password "$9$8S67wgoaUk.5GD.5zFtpM8L7bs4aZ"; ## SECRET-DATA
    }
    }
    session-options {
    client-group ftp-group;
    }
    }
    firewall-authentication {
    pass-through {
    default-profile ftp-users;
    ftp {
    banner {
    login "Junos Rocks!";
    }
    }
    }
    }
    }
    applications {
    application Juniper-gizmo {
    protocol udp;
    source-port 50000;
    destination-port 50001;
    }
    application-set internal-apps {
    application Juniper-gizmo;
    application junos-telnet;
    application junos-ping;
    }
    }
    schedulers {
    scheduler internal-apps-scheduler {
    daily {
    start-time 03:00:00 stop-time 23:00:00;
    }
    sunday exclude;
    saturday exclude;
    }
    }

    You might also like