JOB-SRX100

admin@egress-fw# run show configuration | display set
set version 12.1R7.9
set system host-name egress-fw
set system root-authentication encrypted-password "$1$C7.5pCRR$6HOvaI8fdX6KngfxFGZqz1"
set system name-server 208.67.222.222
set system name-server 208.67.220.220
set system login retry-options tries-before-disconnect 5
set system login class admin idle-timeout 5
set system login class admin permissions all
set system login user admin uid 2000
set system login user admin class super-user
set system login user admin authentication encrypted-password "$1$iEgCh3WC$8WnVoLFFpmZXfs6DKR3QK1"
set system login deny-sources address 123.183.208.142
set system services ssh
set system services telnet
set system services xnm-clear-text
set system services web-management http interface vlan.0
set system services web-management http interface fe-0/0/0.0
set system services web-management http interface fe-0/0/1.0
set system services web-management https system-generated-certificate
set system services web-management https interface vlan.0
set system services web-management https interface fe-0/0/1.0
set system services web-management https interface fe-0/0/0.0
set system services dhcp pool 172.21.1.0/24 address-range low 172.21.1.20
set system services dhcp pool 172.21.1.0/24 address-range high 172.21.1.100
set system services dhcp pool 172.21.1.0/24 exclude-address 172.21.1.80
set system services dhcp pool 172.21.1.0/24 exclude-address 172.21.1.31
set system services dhcp pool 172.21.1.0/24 name-server 114.114.114.114
set system services dhcp pool 172.21.1.0/24 name-server 208.67.222.222
set system services dhcp pool 172.21.1.0/24 router 172.21.1.254
set system services dhcp pool 172.21.1.0/24 propagate-settings fe-0/0/1.0
set system services dhcp pool 192.168.100.0/24 address-range low 192.168.100.10
set system services dhcp pool 192.168.100.0/24 address-range high 192.168.100.100
set system services dhcp pool 192.168.100.0/24 router 192.168.100.1
set system services dhcp pool 192.168.100.0/24 propagate-settings fe-0/0/2
set system syslog archive size 100k
set system syslog archive files 3
set system syslog user * any emergency
set system syslog file messages any critical
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands error
set system syslog file policy_session user info
set system syslog file policy_session match RT_FLOW
set system syslog file policy_session archive size 1000k
set system syslog file policy_session archive world-readable
set system syslog file policy_session structured-data
set system max-configurations-on-flash 5
set system max-configuration-rollbacks 5
set system license autoupdate url https://https://www.360docs.net/doc/1d374866.html,/junos/key_retrieval
set interfaces fe-0/0/0 unit 0 family inet address 211.157.146.73/27
set interfaces fe-0/0/1 description L3-2-4200
set interfaces fe-0/0/1 unit 0 family inet address 10.0.0.1/24
set interfa

ces fe-0/0/2 unit 0 family inet address 20.0.0.1/24
set interfaces st0 unit 0
set routing-options static route 0.0.0.0/0 next-hop 211.157.146.65
set routing-options static route 172.21.0.0/16 next-hop 10.0.0.2
set routing-options static route 172.20.0.0/16 next-hop 10.0.0.2
set routing-options static route 192.168.100.0/24 next-hop 20.0.0.2
set protocols ospf area 0.0.0.0 interface fe-0/0/1.0
set protocols lldp interface all
set protocols stp
set security ike traceoptions file ike-debug
set security ike traceoptions flag all
set security ike proposal ike-pro authentication-method pre-shared-keys
set security ike proposal ike-pro dh-group group2
set security ike proposal ike-pro authentication-algorithm md5
set security ike proposal ike-pro encryption-algorithm 3des-cbc
set security ike policy ike-pol mode main
set security ike policy ike-pol proposals ike-pro
set security ike policy ike-pol pre-shared-key ascii-text "$9$ZwDHmQz6Au1Ujn/CA0OX7NbgoUjHfQFkq"
set security ike gateway ike-gw ike-policy ike-pol
set security ike gateway ike-gw address 211.151.8.76
set security ike gateway ike-gw external-interface fe-0/0/0
set security ipsec proposal ipsec-pro protocol esp
set security ipsec proposal ipsec-pro authentication-algorithm hmac-md5-96
set security ipsec proposal ipsec-pro encryption-algorithm 3des-cbc
set security ipsec policy ipsec-pol proposals ipsec-pro
set security ipsec vpn vpn-beichen ike gateway ike-gw
set security ipsec vpn vpn-beichen ike ipsec-policy ipsec-pol
set security ipsec vpn vpn-beichen establish-tunnels immediately
set security alg ike-esp-nat enable
set security flow tcp-mss ipsec-vpn mss 1350
set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip tear-drop
set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
set security screen ids-option untrust-screen tcp syn-flood timeout 20
set security screen ids-option untrust-screen tcp land
set security nat source rule-set trust-to-untrust from zone trust
set security nat source rule-set trust-to-untrust to zone untrust
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule match destination-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface
set security nat source rule-set trust-to-trust from zone trust
set security nat source rule-set trust-to-trust to zone trust
set security nat source rule-set trust-to-trust rule portal-video match destination-address 172.21

.1.110/32
set security nat source rule-set trust-to-trust rule portal-video match destination-address 172.21.1.111/32
set security nat source rule-set trust-to-trust rule portal-video match destination-address 172.21.1.31/32
set security nat source rule-set trust-to-trust rule portal-video then source-nat interface
set security nat destination pool 1-250 address 172.21.1.250/32
set security nat destination pool 1-250 address port 3389
set security nat destination pool 211pool address 10.255.255.101/17
set security nat destination pool ceshi-address-nat address 172.21.1.171/24
set security nat destination pool 171 address 172.21.1.171/32
set security nat destination pool 171 address port 3389
set security nat destination pool 171-20007 address 172.21.1.171/32
set security nat destination pool 171-20007 address port 20007
set security nat destination pool web address 172.21.1.123/32
set security nat destination pool web address port 7777
set security nat destination pool 6666 address 172.21.1.123/32
set security nat destination pool 6666 address port 6666
set security nat destination pool 7777 address 172.21.1.123/32
set security nat destination pool 7777 address port 7777
set security nat destination rule-set dnat from zone untrust
set security nat destination rule-set dnat rule 76-171-3389 match source-address 0.0.0.0/0
set security nat destination rule-set dnat rule 76-171-3389 match destination-address 211.157.146.76/32
set security nat destination rule-set dnat rule 76-171-3389 match destination-port 20001
set security nat destination rule-set dnat rule 76-171-3389 then destination-nat pool 171
set security nat destination rule-set dnat rule 76-171-20007 match source-address 0.0.0.0/0
set security nat destination rule-set dnat rule 76-171-20007 match destination-address 211.157.146.76/32
set security nat destination rule-set dnat rule 76-171-20007 match destination-port 20007
set security nat destination rule-set dnat rule 76-171-20007 then destination-nat pool 171-20007
set security nat destination rule-set dnat rule 6666 match source-address 0.0.0.0/0
set security nat destination rule-set dnat rule 6666 match destination-address 211.157.146.73/32
set security nat destination rule-set dnat rule 6666 match destination-port 6666
set security nat destination rule-set dnat rule 6666 then destination-nat pool 6666
set security nat destination rule-set dnat rule 7777 match source-address 0.0.0.0/0
set security nat destination rule-set dnat rule 7777 match destination-address 211.157.146.73/32
set security nat destination rule-set dnat rule 7777 match destination-port 7777
set security nat destination rule-set dnat rule 7777 then destination-nat pool 7777
set security nat static rule-set portal from zone trust
set security nat static rule-set portal from zone untrust
set security nat static rule-set portal rule callcenter match destination-address 211.157.146.74/32
set security nat static rule-set portal rule ca

llcenter then static-nat prefix 172.21.1.31/32
set security nat static rule-set portal rule portal match destination-address 211.157.146.75/32
set security nat static rule-set portal rule portal then static-nat prefix 172.21.1.176/32
set security nat static rule-set staticnat from zone untrust
set security nat static rule-set staticnat rule 77-179 match destination-address 211.157.146.77/32
set security nat static rule-set staticnat rule 77-179 then static-nat prefix 172.21.1.180/32
set security nat static rule-set staticnat rule 78-111 match destination-address 211.157.146.78/32
set security nat static rule-set staticnat rule 78-111 then static-nat prefix 172.21.1.111/32
set security nat proxy-arp interface fe-0/0/0.0 address 211.157.146.75/32
set security nat proxy-arp interface fe-0/0/0.0 address 211.157.146.74/32
set security nat proxy-arp interface fe-0/0/0.0 address 211.157.146.76/32
set security nat proxy-arp interface fe-0/0/0.0 address 211.157.146.77/32
set security nat proxy-arp interface fe-0/0/0.0 address 211.157.146.78/32
set security policies from-zone trust to-zone untrust policy trust-to-untrust match source-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match destination-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match application any
set security policies from-zone trust to-zone untrust policy trust-to-untrust then permit
set security policies from-zone trust to-zone untrust policy trust-to-untrust then log session-init
set security policies from-zone trust to-zone untrust policy trust-to-untrust then log session-close
set security policies from-zone trust to-zone untrust policy trust-to-untrust then count
set security policies from-zone untrust to-zone trust policy 111 match source-address any
set security policies from-zone untrust to-zone trust policy 111 match destination-address 172.21.1.111/32
set security policies from-zone untrust to-zone trust policy 111 match application any
set security policies from-zone untrust to-zone trust policy 111 then permit
set security policies from-zone untrust to-zone trust policy 171 match source-address any
set security policies from-zone untrust to-zone trust policy 171 match destination-address 172.21.1.171/32
set security policies from-zone untrust to-zone trust policy 171 match application any
set security policies from-zone untrust to-zone trust policy 171 then permit
set security policies from-zone untrust to-zone trust policy 150 match source-address any
set security policies from-zone untrust to-zone trust policy 150 match destination-address 172.21.1.150
set security policies from-zone untrust to-zone trust policy 150 match application any
set security policies from-zone untrust to-zone trust policy 150 then permit
set security policies from-zone untrust to-zone trust policy 222 match source-address any
set security policies from-zone untrust to-zone trust p

olicy 222 match destination-address 172.21.1.222/32
set security policies from-zone untrust to-zone trust policy 222 match application any
set security policies from-zone untrust to-zone trust policy 222 then permit
set security policies from-zone untrust to-zone trust policy 1-250 match source-address any
set security policies from-zone untrust to-zone trust policy 1-250 match destination-address 172.21.1.250
set security policies from-zone untrust to-zone trust policy 1-250 match application any
set security policies from-zone untrust to-zone trust policy 1-250 then permit
set security policies from-zone untrust to-zone trust policy 95 match source-address any
set security policies from-zone untrust to-zone trust policy 95 match destination-address 172.21.1.95/32
set security policies from-zone untrust to-zone trust policy 95 match application any
set security policies from-zone untrust to-zone trust policy 95 then permit
set security policies from-zone untrust to-zone trust policy 78 match source-address any
set security policies from-zone untrust to-zone trust policy 78 match destination-address 172.21.1.176
set security policies from-zone untrust to-zone trust policy 78 match destination-address 172.21.1.31
set security policies from-zone untrust to-zone trust policy 78 match application any
set security policies from-zone untrust to-zone trust policy 78 then permit
set security policies from-zone untrust to-zone trust policy 31 match source-address any
set security policies from-zone untrust to-zone trust policy 31 match destination-address 172.21.1.31
set security policies from-zone untrust to-zone trust policy 31 match application any
set security policies from-zone untrust to-zone trust policy 31 then permit
set security policies from-zone untrust to-zone trust policy 179 match source-address any
set security policies from-zone untrust to-zone trust policy 179 match destination-address 172.21.1.179/32
set security policies from-zone untrust to-zone trust policy 179 match application any
set security policies from-zone untrust to-zone trust policy 179 then permit
set security policies from-zone untrust to-zone trust policy 1000 match source-address any
set security policies from-zone untrust to-zone trust policy 1000 match destination-address 172.21.1.123/32
set security policies from-zone untrust to-zone trust policy 1000 match application any
set security policies from-zone untrust to-zone trust policy 1000 then permit
set security policies from-zone untrust to-zone trust policy 1 match source-address any
set security policies from-zone untrust to-zone trust policy 1 match destination-address web
set security policies from-zone untrust to-zone trust policy 1 match application junos-http
set security policies from-zone untrust to-zone trust policy 1 then permit
set security policies default-policy permit-all
set security traceoptions file 123
set security zones security-zone trust address-book address 17

2.21.1.150 172.21.1.150/32
set security zones security-zone trust address-book address 172.21.1.222/32 172.21.1.222/32
set security zones security-zone trust address-book address 172.21.1.250 172.21.1.250/32
set security zones security-zone trust address-book address local 172.21.1.0/24
set security zones security-zone trust address-book address 172.21.1.110 172.21.1.110/32
set security zones security-zone trust address-book address 177 172.21.1.177/32
set security zones security-zone trust address-book address 172.21.1.111 172.21.1.111/32
set security zones security-zone trust address-book address localnet 172.21.0.0/16
set security zones security-zone trust address-book address 172.21.1.95/32 172.21.1.95/32
set security zones security-zone trust address-book address 172.21.1.0_24 172.21.1.0/24
set security zones security-zone trust address-book address 172.21.1.176 172.21.1.176/32
set security zones security-zone trust address-book address 172.21.1.131 172.21.1.131/32
set security zones security-zone trust address-book address 172.21.1.31 172.21.1.31/32
set security zones security-zone trust address-book address 172.21.1.179/32 172.21.1.179/32
set security zones security-zone trust address-book address 172.21.1.171/32 172.21.1.171/32
set security zones security-zone trust address-book address 172.21.1.111/32 172.21.1.111/32
set security zones security-zone trust address-book address web 172.21.1.123/32
set security zones security-zone trust address-book address 172.21.1.123/32 172.21.1.123/32
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces fe-0/0/1.0 host-inbound-traffic system-services all
set security zones security-zone trust interfaces fe-0/0/2.0 host-inbound-traffic system-services all
set security zones security-zone untrust address-book address wuzi 172.19.0.0/16
set security zones security-zone untrust address-book address 172.23.128.0_17 172.23.128.0/17
set security zones security-zone untrust address-book address 172.21.1.31 172.21.1.31/32
set security zones security-zone untrust screen untrust-screen
set security zones security-zone untrust host-inbound-traffic system-services all
set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services dhcp
set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services tftp
set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services all
set services rpm probe Probe-Payment-Server test paysvr target address 3.3.3.3
set services rpm probe Probe-Payment-Server test paysvr probe-count 10
set services rpm probe Probe-Payment-Server test paysvr probe-interval 5
set services rpm probe Probe-Payment-Server test paysvr test-interval 5
set services rpm probe Probe-Payment-Server test paysvr thresholds suc

cessive-loss 10
set services rpm probe Probe-Payment-Server test paysvr next-hop 1.1.1.2
set services rpm probe 123 test paysvr target address 3.3.3.3
set services rpm probe 123 test paysvr probe-count 10
set services rpm probe 123 test paysvr probe-interval 5
set services rpm probe 123 test paysvr test-interval 5
set services rpm probe 123 test paysvr thresholds successive-loss 10
set services rpm probe 123 test paysvr next-hop 2.2.2.2
set services ip-monitoring policy Payment-Server-Tracking match rpm-probe Probe-Payment-Server
set services ip-monitoring policy Payment-Server-Tracking then preferred-route route 3.3.3.3/32 next-hop 2.2.2.2
set services ip-monitoring policy 123 match rpm-probe Probe-Payment-Server
set services ip-monitoring policy 123 then preferred-route route 3.3.3.3/32 next-hop 1.1.1.2
set applications application 7777 protocol tcp
set applications application 7777 source-port 1-65535
set applications application 7777 destination-port 7777-7777
set applications application 7777 inactivity-timeout 3600
set applications application 6666 protocol tcp
set applications application 6666 source-port 1-65535
set applications application 6666 destination-port 6666-6666
set applications application 6666 inactivity-timeout 3600

[edit]

相关主题
相关文档
最新文档