Browse Source

Update 'rb_latest_config_srx'

master
ylmcc 2 years ago
parent
commit
6defb9028b
1 changed files with 457 additions and 457 deletions
  1. +457
    -457
      rb_latest_config_srx

rb_latest_config.txt → rb_latest_config_srx View File

@@ -1,457 +1,457 @@
version 12.1X46-D40.2;
system {
host-name cerberus;
time-zone GMT;
root-authentication {
encrypted-password "$1$5a81bcLc$1iBwYxR5QREg0cGBty1G.1"; ## SECRET-DATA
}
name-server {
208.67.222.222;
208.67.220.220;
}
name-resolution {
no-resolve-on-input;
}
login {
message "#############################################################################################################################\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t All connections are monitored and recorded \t\t \n\t\t Disconnect IMMEDIATELY if you are not an authorized user!\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t \n##############################################################################################################################";
user admin {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$PhkoFBjA$ljDz7mgHnfwgFjcEH1lUo0"; ## SECRET-DATA
}
}
user kyle {
uid 2002;
class super-user;
authentication {
encrypted-password "$1$TXCvgFds$SFfnLuVj1EDmkfJeYh5Rk0"; ## SECRET-DATA
}
}
}
services {
ssh;
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
host log.internal {
explicit-priority;
structured-data {
brief;
}
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
source-address 192.168.0.30;
}
max-configurations-on-flash 49;
max-configuration-rollbacks 49;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
ntp {
server time.dcu.ie;
}
}
interfaces {
ge-0/0/0 {
description "Link to DCU Core";
unit 0 {
family inet {
address 136.206.33.142/26;
}
}
}
ge-0/0/1 {
description "Trunk Link to Sebastian";
vlan-tagging;
unit 0 {
vlan-id 0;
}
unit 1 {
vlan-id 3;
family inet {
address 192.168.0.254/24;
}
}
unit 2 {
vlan-id 4;
family inet {
address 192.168.1.254/24;
}
}
unit 16 {
vlan-id 16;
family inet {
address 136.206.16.254/24;
}
}
unit 122 {
vlan-id 122;
family inet {
address 136.206.15.254/24;
}
}
unit 999 {
vlan-id 999;
family inet {
address 172.168.1.1/24;
}
}
}
ge-0/0/5 {
description "VPN Management";
unit 0 {
family inet {
address 136.206.16.254/24;
}
}
}
ge-0/0/7 {
vlan-tagging;
unit 0 {
vlan-id 0;
}
unit 30 {
vlan-id 30;
family inet {
address 1.1.1.1/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 136.206.33.190;
}
resolution;
}
protocols {
lldp {
interface all;
}
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
pool nat_EMAIL {
address {
136.206.15.5/32;
}
}
rule-set OUT-TEST {
from zone trust;
to zone WAN;
rule EMAIL_OUT {
match {
source-address 192.168.0.135/32;
}
then {
source-nat {
pool {
nat_EMAIL;
}
}
}
}
inactive: rule r1 {
match {
source-address [ 172.168.1.0/24 192.168.0.1/24 ];
}
then {
source-nat {
interface;
}
}
}
}
}
destination {
pool nat_Test {
address 192.168.0.135/32;
}
rule-set rs1 {
from interface ge-0/0/0.0;
rule r1 {
match {
destination-address 136.206.15.5/32;
}
then {
destination-nat {
pool {
nat_Test;
}
}
}
}
}
}
}
policies {
from-zone WAN to-zone ServersPublic {
policy dcu_access {
match {
source-address dcu_supernet;
destination-address redbrick_primary_subnet;
application [ junos-http junos-https junos-dns-udp junos-dns-tcp junos-ldap LDAPS ];
}
then {
permit;
}
}
inactive: policy MOSH {
match {
source-address any;
destination-address MOSH_ACCESS;
application junos-ssh;
}
then {
permit;
}
}
policy GAME_SOC_ACCESS {
match {
source-address any;
destination-address GAME_SOC_SERVER;
application any;
}
then {
permit;
}
}
policy internet_access {
match {
source-address any;
destination-address redbrick_primary_subnet;
application [ junos-http junos-https junos-ssh junos-smtp junos-pop3 junos-imap junos-imaps junos-dns-tcp junos-dns-udp irc_peering_tcp_6668 irc_tls_tcp_6697 irc_tcp_6667 pop3s_tcp_995 tcp_465 ];
}
then {
permit;
}
}
policy drop_and_log {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
log {
session-init;
session-close;
}
}
}
}
from-zone ServersPublic to-zone WAN {
policy DENY_MOSH {
match {
source-address MOSH_ACCESS;
destination-address any;
application junos-ssh;
}
then {
permit;
}
}
policy Internet {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone WAN {
policy Allow-All {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone WAN to-zone trust {
policy test_inbound {
match {
source-address any;
destination-address test;
application any;
}
then {
permit;
log {
session-close;
}
}
}
}
from-zone VPN to-zone WAN {
policy Management_ACCESS {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
log {
session-close;
}
}
}
}
from-zone WAN to-zone VPN {
policy VPN_IN {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
log {
session-close;
}
}
}
}
}
zones {
security-zone ServersPublic {
address-book {
address redbrick_primary_subnet 136.206.15.0/24;
address GAME_SOC_SERVER 136.206.15.41/32;
address MOSH_ACCESS 136.206.15.73/32;
}
interfaces {
ge-0/0/1.0 {
host-inbound-traffic {
system-services {
ping;
}
}
}
ge-0/0/1.122;
ge-0/0/1.16;
}
}
security-zone WAN {
address-book {
address dcu_supernet 136.206.0.0/16;
address GAME_SOC_SERVER 136.206.15.41/32;
address MOSH_ACCESS 136.206.15.73/32;
}
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
ssh;
ping;
}
}
}
}
}
security-zone trust {
address-book {
address test 192.168.0.135/32;
}
host-inbound-traffic {
system-services {
ping;
ssh;
}
}
interfaces {
ge-0/0/1.1;
ge-0/0/1.2;
ge-0/0/1.999;
ge-0/0/7.30;
}
}
security-zone VPN {
host-inbound-traffic {
system-services {
ping;
ssh;
}
}
interfaces {
ge-0/0/5.0;
}
}
}
}
applications {
application irc_peering_tcp_6668 {
protocol tcp;
destination-port 6668;
description "IRC Peering";
}
application irc_tcp_6667 {
protocol tcp;
destination-port 6667;
description IRC;
}
application irc_tls_tcp_6697 {
protocol tcp;
destination-port 6697;
description "IRC TLS";
}
application tcp_465 {
protocol tcp;
destination-port 465;
description "Mail? d_fens requested";
}
application pop3s_tcp_995 {
protocol tcp;
destination-port 995;
description POP3S;
}
application LDAPS {
protocol tcp;
destination-port 636;
description LDAPS;
}
}
version 12.1X46-D40.2;
system {
host-name cerberus;
time-zone GMT;
root-authentication {
encrypted-password "$1$5a81bcLc$1iBwYxR5QREg0cGBty1G.1"; ## SECRET-DATA
}
name-server {
208.67.222.222;
208.67.220.220;
}
name-resolution {
no-resolve-on-input;
}
login {
message "#############################################################################################################################\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t All connections are monitored and recorded \t\t \n\t\t Disconnect IMMEDIATELY if you are not an authorized user!\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t \n##############################################################################################################################";
user admin {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$PhkoFBjA$ljDz7mgHnfwgFjcEH1lUo0"; ## SECRET-DATA
}
}
user kyle {
uid 2002;
class super-user;
authentication {
encrypted-password "$1$TXCvgFds$SFfnLuVj1EDmkfJeYh5Rk0"; ## SECRET-DATA
}
}
}
services {
ssh;
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
host log.internal {
explicit-priority;
structured-data {
brief;
}
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
source-address 192.168.0.30;
}
max-configurations-on-flash 49;
max-configuration-rollbacks 49;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
ntp {
server time.dcu.ie;
}
}
interfaces {
ge-0/0/0 {
description "Link to DCU Core";
unit 0 {
family inet {
address 136.206.33.142/26;
}
}
}
ge-0/0/1 {
description "Trunk Link to Sebastian";
vlan-tagging;
unit 0 {
vlan-id 0;
}
unit 1 {
vlan-id 3;
family inet {
address 192.168.0.254/24;
}
}
unit 2 {
vlan-id 4;
family inet {
address 192.168.1.254/24;
}
}
unit 16 {
vlan-id 16;
family inet {
address 136.206.16.254/24;
}
}
unit 122 {
vlan-id 122;
family inet {
address 136.206.15.254/24;
}
}
unit 999 {
vlan-id 999;
family inet {
address 172.168.1.1/24;
}
}
}
ge-0/0/5 {
description "VPN Management";
unit 0 {
family inet {
address 136.206.16.254/24;
}
}
}
ge-0/0/7 {
vlan-tagging;
unit 0 {
vlan-id 0;
}
unit 30 {
vlan-id 30;
family inet {
address 1.1.1.1/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 136.206.33.190;
}
resolution;
}
protocols {
lldp {
interface all;
}
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
pool nat_EMAIL {
address {
136.206.15.5/32;
}
}
rule-set OUT-TEST {
from zone trust;
to zone WAN;
rule EMAIL_OUT {
match {
source-address 192.168.0.135/32;
}
then {
source-nat {
pool {
nat_EMAIL;
}
}
}
}
inactive: rule r1 {
match {
source-address [ 172.168.1.0/24 192.168.0.1/24 ];
}
then {
source-nat {
interface;
}
}
}
}
}
destination {
pool nat_Test {
address 192.168.0.135/32;
}
rule-set rs1 {
from interface ge-0/0/0.0;
rule r1 {
match {
destination-address 136.206.15.5/32;
}
then {
destination-nat {
pool {
nat_Test;
}
}
}
}
}
}
}
policies {
from-zone WAN to-zone ServersPublic {
policy dcu_access {
match {
source-address dcu_supernet;
destination-address redbrick_primary_subnet;
application [ junos-http junos-https junos-dns-udp junos-dns-tcp junos-ldap LDAPS ];
}
then {
permit;
}
}
inactive: policy MOSH {
match {
source-address any;
destination-address MOSH_ACCESS;
application junos-ssh;
}
then {
permit;
}
}
policy GAME_SOC_ACCESS {
match {
source-address any;
destination-address GAME_SOC_SERVER;
application any;
}
then {
permit;
}
}
policy internet_access {
match {
source-address any;
destination-address redbrick_primary_subnet;
application [ junos-http junos-https junos-ssh junos-smtp junos-pop3 junos-imap junos-imaps junos-dns-tcp junos-dns-udp irc_peering_tcp_6668 irc_tls_tcp_6697 irc_tcp_6667 pop3s_tcp_995 tcp_465 ];
}
then {
permit;
}
}
policy drop_and_log {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
log {
session-init;
session-close;
}
}
}
}
from-zone ServersPublic to-zone WAN {
policy DENY_MOSH {
match {
source-address MOSH_ACCESS;
destination-address any;
application junos-ssh;
}
then {
permit;
}
}
policy Internet {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone WAN {
policy Allow-All {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone WAN to-zone trust {
policy test_inbound {
match {
source-address any;
destination-address test;
application any;
}
then {
permit;
log {
session-close;
}
}
}
}
from-zone VPN to-zone WAN {
policy Management_ACCESS {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
log {
session-close;
}
}
}
}
from-zone WAN to-zone VPN {
policy VPN_IN {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
log {
session-close;
}
}
}
}
}
zones {
security-zone ServersPublic {
address-book {
address redbrick_primary_subnet 136.206.15.0/24;
address GAME_SOC_SERVER 136.206.15.41/32;
address MOSH_ACCESS 136.206.15.73/32;
}
interfaces {
ge-0/0/1.0 {
host-inbound-traffic {
system-services {
ping;
}
}
}
ge-0/0/1.122;
ge-0/0/1.16;
}
}
security-zone WAN {
address-book {
address dcu_supernet 136.206.0.0/16;
address GAME_SOC_SERVER 136.206.15.41/32;
address MOSH_ACCESS 136.206.15.73/32;
}
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
ssh;
ping;
}
}
}
}
}
security-zone trust {
address-book {
address test 192.168.0.135/32;
}
host-inbound-traffic {
system-services {
ping;
ssh;
}
}
interfaces {
ge-0/0/1.1;
ge-0/0/1.2;
ge-0/0/1.999;
ge-0/0/7.30;
}
}
security-zone VPN {
host-inbound-traffic {
system-services {
ping;
ssh;
}
}
interfaces {
ge-0/0/5.0;
}
}
}
}
applications {
application irc_peering_tcp_6668 {
protocol tcp;
destination-port 6668;
description "IRC Peering";
}
application irc_tcp_6667 {
protocol tcp;
destination-port 6667;
description IRC;
}
application irc_tls_tcp_6697 {
protocol tcp;
destination-port 6697;
description "IRC TLS";
}
application tcp_465 {
protocol tcp;
destination-port 465;
description "Mail? d_fens requested";
}
application pop3s_tcp_995 {
protocol tcp;
destination-port 995;
description POP3S;
}
application LDAPS {
protocol tcp;
destination-port 636;
description LDAPS;
}
}

Loading…
Cancel
Save