# saved_cfg_timestamp:355661138 ############################################################################################## set clock timezone 0 set vrouter trust-vr sharable set vrouter "untrust-vr" exit set vrouter "trust-vr" unset auto-route-export exit set service "Printing-TCP-9100" protocol tcp src-port 0-65535 dst-port 9100-9100 set auth-server "Local" id 0 set auth-server "Local" server-name "Local" set auth default auth server "Local" set auth radius accounting port 1646 set admin name "netscreen" set admin password "nJvcETr9HhQCcpuAIsNC0PHtAfOgsn" set admin manager-ip 45.0.0.0 255.0.0.0 set admin auth timeout 10 set admin auth server "Local" set admin format dos set zone "Trust" vrouter "trust-vr" set zone "Untrust" vrouter "trust-vr" set zone "DMZ" vrouter "trust-vr" set zone "Wzone1" vrouter "trust-vr" set zone "Wzone2" vrouter "trust-vr" set zone "VLAN" vrouter "trust-vr" set zone "Untrust-Tun" vrouter "trust-vr" set zone "Trust" tcp-rst set zone "Untrust" block unset zone "Untrust" tcp-rst set zone "MGT" block set zone "DMZ" tcp-rst set zone "Wzone1" tcp-rst set zone "Wzone2" tcp-rst set zone "VLAN" block unset zone "VLAN" tcp-rst set zone "Untrust" screen tear-drop set zone "Untrust" screen syn-flood set zone "Untrust" screen ping-death set zone "Untrust" screen ip-filter-src set zone "Untrust" screen land set zone "V1-Untrust" screen tear-drop set zone "V1-Untrust" screen syn-flood set zone "V1-Untrust" screen ping-death set zone "V1-Untrust" screen ip-filter-src set zone "V1-Untrust" screen land set interface "ethernet1" zone "Trust" set interface "ethernet2" zone "DMZ" set interface "ethernet3" zone "Untrust" set interface "wireless1" zone "Wzone1" set interface "wireless2" zone "Trust" set interface "wireless3" zone "DMZ" set interface "wireless4" zone "Wzone2" set interface ethernet1 ip 45.200.1.1/24 set interface ethernet1 route set interface ethernet3 ip 45.129.200.2/24 set interface ethernet3 route unset interface vlan1 ip set interface ethernet3 gateway 45.129.200.1 unset interface vlan1 bypass-others-ipsec unset interface vlan1 bypass-non-ip set interface ethernet1 ip manageable set interface ethernet3 ip manageable set interface ethernet1 manage mtrace set interface ethernet2 dhcp client enable set flow tcp-mss unset flow tcp-syn-check set pki authority default scep mode "auto" set pki x509 default cert-path partial set address "Trust" "Avocent Analog" 45.200.1.25 255.255.255.255 set address "Trust" "Avocent DSVIEW" 45.200.1.24 255.255.255.255 set address "Trust" "greatbay" 45.200.1.75 255.255.255.255 set address "Trust" "hp 4050 ilabs printer" 45.200.1.14 255.255.255.255 set address "Trust" "Infrasun" 45.200.1.2 255.255.255.255 set address "Trust" "SMS Server" 45.200.1.7 255.255.255.255 "Lynn Haney/TippingPoint" set address "Untrust" "141.71.31.233/32" 141.71.31.233 255.255.255.255 set address "Untrust" "Access Ether" 45.2.0.0 255.255.0.0 set address "Untrust" "FHH freeradius another guy" 87.162.253.190 255.255.255.255 "see Craig" set address "Untrust" "FHH freeradius German guys" 82.83.229.0 255.255.255.0 "see Craig" set address "Untrust" "greatbay inbound" 70.88.211.149 255.255.255.255 "see Charles from GreatBay" set address "Untrust" "netops wireless net" 199.45.0.0 255.255.0.0 set address "Untrust" "NOC network" 45.0.0.0 255.255.0.0 set address "Untrust" "TippingPoint HQ" 66.179.208.36 255.255.255.255 "per Lynn" set address "Untrust" "UC Labs Team" 45.210.0.0 255.255.0.0 set ike respond-bad-spi 1 unset ike ikeid-enumeration unset ipsec access-session enable set ipsec access-session maximum 5000 set ipsec access-session upper-threshold 0 set ipsec access-session lower-threshold 0 set ipsec access-session dead-p2-sa-timeout 0 unset ipsec access-session log-error unset ipsec access-session info-exch-connected unset ipsec access-session use-error-log set av profile "scan-mgr" set ftp scan-mode scan-all set ftp decompress-layer 2 set http scan-mode scan-all set imap scan-mode scan-all set imap decompress-layer 2 set pop3 scan-mode scan-all set pop3 decompress-layer 2 set smtp scan-mode scan-all set smtp decompress-layer 2 exit set url protocol websense exit set anti-spam profile ns-profile set sbl default-server enable exit set policy id 1 from "Trust" to "Untrust" "Any" "Any" "ANY" permit set policy id 1 exit set policy id 4 from "Untrust" to "Trust" "netops wireless net" "hp 4050 ilabs printer" "Printing-TCP-9100" permit log set policy id 4 exit set policy id 2 from "Untrust" to "Trust" "141.71.31.233/32" "Any" "RADIUS" permit log set policy id 2 set service "SSH" exit set policy id 5 name "Allow any to DNS to us" from "Untrust" to "Trust" "Any" "Infrasun" "DNS" permit log set policy id 5 application "DNS" set policy id 5 exit set policy id 6 name "Allow UC to us" from "Untrust" to "Trust" "UC Labs Team" "Any" "ANY" permit log set policy id 6 exit set policy id 7 name "let tp talk to own server per L" from "Untrust" to "Trust" "TippingPoint HQ" "SMS Server" "ANY" permit log set policy id 7 exit set policy id 8 from "Untrust" to "Trust" "FHH freeradius another guy" "Any" "RADIUS" permit log set policy id 8 set src-address "FHH freeradius German guys" set service "SSH" exit set policy id 9 name "Let SSH in for switches" from "Untrust" to "Trust" "NOC network" "Any" "SSH" permit log set policy id 9 exit set policy id 10 from "Untrust" to "Trust" "Access Ether" "Avocent Analog" "ANY" permit log set policy id 10 set src-address "NOC network" set dst-address "Avocent DSVIEW" exit set policy id 11 from "Untrust" to "Trust" "greatbay inbound" "greatbay" "SSH" permit log set policy id 11 exit set monitor cpu 100 set syslog config "45.200.1.2" set syslog config "45.200.1.2" facilities local6 local6 set syslog config "45.200.1.2" log traffic set syslog src-interface ethernet1 set syslog enable set global-pro policy-manager primary outgoing-interface ethernet3 set global-pro policy-manager secondary outgoing-interface ethernet3 set nsmgmt bulkcli reboot-timeout 60 set ssh version v2 set ssh enable set config lock timeout 5 set modem speed 115200 set modem retry 3 set modem interval 10 set modem idle-time 10 set wlan channel auto set wlan mode 11g 11g-only set wlan transmit power minimum set wlan advanced cts-type cts-rts set snmp port listen 161 set snmp port trap 162 set vrouter "untrust-vr" exit set vrouter "trust-vr" unset add-default-route set route 45.200.0.0/16 interface ethernet1 gateway 45.200.1.3 set route 45.200.40.0/24 interface ethernet1 gateway 45.200.1.83 preference 20 exit set vrouter "untrust-vr" exit set vrouter "trust-vr" exit