Campus IPv6 WikiAttachment 'netscreen_config_ipv6_firewall.txt'
Download 1 ns5gt->
2 ns5gt-> get config
3 Total Config size 7058:
4 set clock timezone 1
5 set vrouter trust-vr sharable
6 set vrouter "untrust-vr"
7 exit
8 set vrouter "trust-vr"
9 unset auto-route-export
10 exit
11 set auth-server "Local" id 0
12 set auth-server "Local" server-name "Local"
13 set auth default auth server "Local"
14 set auth radius accounting port 1646
15 set admin name "netscreen"
16 set admin password "nKVUM2rwMUzPcrkG5sWIHdCtqkAibn"
17 set admin auth timeout 10
18 set admin auth server "Local"
19 set admin format dos
20 set zone "Trust" vrouter "trust-vr"
21 set zone "Untrust" vrouter "trust-vr"
22 set zone "VLAN" vrouter "trust-vr"
23 set zone "Untrust-Tun" vrouter "trust-vr"
24 unset zone "Trust" tcp-rst
25 unset zone "Untrust" block
26 unset zone "Untrust" tcp-rst
27 set zone "MGT" block
28 set zone "VLAN" block
29 unset zone "VLAN" tcp-rst
30 set zone "Untrust" screen tear-drop
31 set zone "Untrust" screen syn-flood
32 set zone "Untrust" screen ping-death
33 set zone "Untrust" screen ip-filter-src
34 set zone "Untrust" screen land
35 set zone "V1-Untrust" screen tear-drop
36 set zone "V1-Untrust" screen syn-flood
37 set zone "V1-Untrust" screen ping-death
38 set zone "V1-Untrust" screen ip-filter-src
39 set zone "V1-Untrust" screen land
40 set interface "trust" zone "Trust"
41 set interface "untrust" zone "Untrust"
42 set interface "loopback.1" zone "Trust"
43 unset interface vlan1 ip
44 set interface trust ip 192.168.1.1/24
45 set interface "trust" ipv6 mode "router"
46 set interface "trust" ipv6 ip 2001:738:10:1:210:dbff:fe6d:cb52/64
47 set interface "trust" ipv6 enable
48 set interface trust route
49 set interface untrust ip 192.168.101.61/24
50 set interface "untrust" ipv6 mode "router"
51 set interface "untrust" ipv6 ip 2001:738:10:2:210:dbff:fe6d:cb51/64
52 set interface "untrust" ipv6 enable
53 set interface untrust route
54 set interface loopback.1 ip 1.1.1.1/24
55 set interface loopback.1 nat
56 unset interface vlan1 bypass-others-ipsec
57 unset interface vlan1 bypass-non-ip
58 set interface trust ip manageable
59 set interface untrust ip manageable
60 set interface loopback.1 ip manageable
61 set interface untrust manage ping
62 unset interface loopback.1 manage ssh
63 unset interface loopback.1 manage telnet
64 unset interface loopback.1 manage snmp
65 unset interface loopback.1 manage ssl
66 unset interface loopback.1 manage web
67 set interface trust ipv6 ra link-address
68 set interface trust ipv6 ra transmit
69 set interface untrust ipv6 ra link-address
70 set interface untrust ipv6 ra max-adv-int 60
71 set interface untrust ipv6 ra min-adv-int 30
72 set interface untrust ipv6 ra transmit
73 set interface trust ipv6 nd nud
74 set interface untrust ipv6 nd nud
75 set interface trust dhcp server service
76 set interface trust dhcp server enable
77 set interface trust dhcp server option lease 1440000
78 set interface trust dhcp server option dns1 213.163.34.66
79 set interface trust dhcp server option dns2 62.77.203.10
80 set interface trust dhcp server ip 192.168.1.30 to 192.168.1.39
81 unset interface trust dhcp server config next-server-ip
82 unset interface trust dhcp server config updatable
83 set pak-poll p1queue pak-threshold 96
84 set pak-poll p2queue pak-threshold 32
85 set flow tcp-mss
86 unset flow no-tcp-seq-check
87 set flow tcp-syn-check
88 set domain icnlab
89
90 set pki authority default scep mode "auto"
91 set pki x509 default cert-path partial
92 set dns proxy
93 set dns proxy enable
94 set address "Trust" "192.168.1.100/32" 192.168.1.100 255.255.255.255
95 set address "Trust" "pool00" 192.168.1.0 255.255.255.0
96 set address "Untrust" "pool01" 192.168.101.32 255.255.255.0
97 set address "Global" "ftp1" 211.20.1.10 255.255.255.255
98 set group address "Untrust" "group01"
99 set group address "Untrust" "group01" add "pool01"
100 set user "user01" uid 1
101 set user "user01" type auth
102 set user "user01" hash-password "021ns+AmAYZjnejTh2blo0DtnDESapo84T3sE="
103 set user "user01" "enable"
104 set ike respond-bad-spi 1
105 unset ike ikeid-enumeration
106 unset ipsec access-session enable
107 set ipsec access-session maximum 5000
108 set ipsec access-session upper-threshold 0
109 set ipsec access-session lower-threshold 0
110 set ipsec access-session dead-p2-sa-timeout 0
111 unset ipsec access-session log-error
112 unset ipsec access-session info-exch-connected
113 unset ipsec access-session use-error-log
114 set av profile "scan-mgr"
115 set ftp scan-mode scan-all
116 set ftp decompress-layer 2
117 set http scan-mode scan-all
118 set imap scan-mode scan-all
119 set imap decompress-layer 2
120 set pop3 scan-mode scan-all
121 set pop3 decompress-layer 2
122 set smtp scan-mode scan-all
123 set smtp decompress-layer 2
124 exit
125 set url protocol websense
126 exit
127 set policy id 7 name "ipv6" from "Trust" to "Untrust" "Any-IPv6" "Any-IPv6" "ANY" pe
128 rmit
129 set policy id 7
130 exit
131 set policy id 1 from "Trust" to "Untrust" "Any-IPv4" "Any-IPv4" "ANY" permit traffic
132 mbw 100
133 set policy id 1
134 exit
135 set policy id 8 from "Untrust" to "Trust" "Any-IPv6" "Any-IPv6" "ANY" permit
136 set policy id 8 disable
137 set policy id 8
138 exit
139 set policy id 9 from "Untrust" to "Trust" "Any-IPv4" "Any-IPv4" "ANY" permit
140 set policy id 9 disable
141 set policy id 9
142 exit
143 set policy id 11 name "FTP" from "Trust" to "Untrust" "Any-IPv4" "Any-IPv4" "FTP" pe
144 rmit no-session-backup traffic mbw 100
145 set policy id 11 disable
146 set policy id 11
147 exit
148 set policy id 12 name "TELNET" from "Trust" to "Untrust" "Any-IPv4" "Any-IPv4" "TELN
149 ET" permit no-session-backup traffic mbw 100
150 set policy id 12 disable
151 set policy id 12
152 exit
153 set policy id 13 name "SSH" from "Trust" to "Untrust" "Any-IPv4" "Any-IPv4" "SSH" pe
154 rmit no-session-backup traffic mbw 100
155 set policy id 13 disable
156 set policy id 13
157 exit
158 set policy id 14 name "HTTP" from "Trust" to "Untrust" "Any-IPv4" "Any-IPv4" "HTTP"
159 permit no-session-backup traffic mbw 100
160 set policy id 14 disable
161 set policy id 14
162 exit
163 set policy id 15 name "FTP-IPv6" from "Trust" to "Untrust" "Any-IPv6" "Any-IPv6" "FT
164 P" permit no-session-backup traffic mbw 100
165 set policy id 15 disable
166 set policy id 15
167 exit
168 set policy id 16 name "TELNET-IPv6" from "Trust" to "Untrust" "Any-IPv6" "Any-IPv6"
169 "TELNET" permit no-session-backup traffic mbw 100
170 set policy id 16 disable
171 set policy id 16
172 exit
173 set policy id 17 name "SSH-IPv6" from "Trust" to "Untrust" "Any-IPv6" "Any-IPv6" "SS
174 H" permit no-session-backup traffic mbw 100
175 set policy id 17 disable
176 set policy id 17
177 exit
178 set policy id 18 name "HTTP-IPv6" from "Trust" to "Untrust" "Any-IPv6" "Any-IPv6" "H
179 TTP" permit no-session-backup traffic mbw 100
180 set policy id 18 disable
181 set policy id 18
182 exit
183 set monitor cpu 100
184 set global-pro policy-manager primary outgoing-interface untrust
185 set global-pro policy-manager secondary outgoing-interface untrust
186 set nsmgmt bulkcli reboot-timeout 60
187 set ssh version v2
188 set config lock timeout 5
189 set ntp server "0.0.0.0"
190 set ntp server backup1 "0.0.0.0"
191 set ntp server backup2 "0.0.0.0"
192 set modem speed 115200
193 set modem retry 3
194 set modem interval 10
195 set modem idle-time 10
196 set snmp port listen 161
197 set snmp port trap 162
198 set vrouter "untrust-vr"
199 exit
200 set vrouter "trust-vr"
201 unset add-default-route
202 exit
203 set vrouter "untrust-vr"
204 exit
205 set vrouter "trust-vr"
206 exit
Attached Files
To refer to attachments on a page, use attachment:filename, as shown below in the list of files. Do NOT use the URL of the [get] link, since this is subject to change and can break easily.You are not allowed to attach a file to this page.
Supported by GVOP AKF