admin@ROUTER-GUE> show configuration
version 7.6R1.9;
system {
host-name ROUTER-GUE;
domain-name router-gue.gue.com;
domain-search [ 202.134.0.155 203.130.193.74 ];
authentication-order radius;
root-authentication {
encrypted-password "$1$RVFdx7eI$Ud424y17wLT88AiePhIF01"; ## SECRET-DATA
}
radius-server {
192.168.217.27 {
port 1812;
accounting-port 1813;
secret "$9$b4w4ZHqfznCP5nCuBSy"; ## SECRET-DATA
timeout 10;
retry 3;
source-address 192.168.161.73;
}
192.168.223.12 {
port 1812;
accounting-port 1813;
secret "$9$XFmxVYJGi.fzjHfz6CB1"; ## SECRET-DATA
timeout 10;
retry 3;
source-address 192.168.161.73;
}
}
login {
class level1 {
idle-timeout 20;
permissions [ admin interface network routing snmp system trace trace-control view ];
}
class level2 {
idle-timeout 20;
permissions all;
}
user User1 {
full-name "Tim TPG";
uid 2001;
class level1;
}
user user2 {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$evwPspko$TakoJ0nn.QXLu5ch736vb1"; ## SECRET-DATA
}
}
user user3 {
full-name "user3";
uid 2002;
class level2;
}
user user4 {
full-name "user4";
uid 2004;
class level1;
}
user user5 {
full-name "user5";
uid 2003;
class level2;
}
user user6 {
full-name "user6";
uid 2005;
class level1;
}
user user7 {
full-name "user7";
uid 2006;
class level1;
}
}
services {
telnet;
web-management {
http {
interface [ fe-0/0/0.0 fe-0/0/1.0 ];
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
console {
any any;
}
}
}
interfaces {
fe-0/0/0 {
description "LAN Connection";
unit 0 {
family inet {
filter {
input virus;
output virus;
}
address 192.168.161.25/29;
}
}
}
sp-0/0/0 {
unit 0 {
family inet;
}
}
fe-0/0/1 {
description "Wan Connection";
unit 0 {
family inet {
filter {
input virus;
output virus;
}
address 192.168.136.142/30;
}
}
}
fxp0 {
unit 0;
}
lo0 {
unit 0 {
family inet {
address 127.0.0.1/32;
}
}
}
}
snmp {
location "ROuter GUe";
contact "Harry Chan";
community gue.com {
authorization read-write;
}
trap-group diknas {
categories {
chassis;
link;
}
targets {
10.0.0.4;
10.10.204.2;
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 192.168.136.141;
}
}
firewall {
family inet {
filter virus {
term virus {
from {
source-address {
0.0.0.0/0;
}
destination-address {
0.0.0.0/0;
}
protocol [ tcp udp ];
source-port [ netbios-dgm netbios-ns netbios-ssn 445 135 136 137 138 139 ];
destination-port [ 135 136 137 138 139 netbios-dgm netbios-ns netbios-ssn ];
tcp-established;
interface fe-0/0/0.0;
interface fe-0/0/1.0;
}
then {
log;
reject;
}
}
term default-term {
then accept;
}
}
}
}
services {
stateful-firewall {
rule jweb-sfw-to-wan {
match-direction output;
term jweb-apply-alg {
from {
application-sets junos-algs-outbound;
}
then {
accept;
}
}
term jweb-accept-all {
then {
accept;
}
}
}
rule jweb-sfw-from-wan {
match-direction input;
term jweb-discard-all {
then {
discard;
}
}
}
}
service-set jweb-wan-sfw-service-set {
stateful-firewall-rules jweb-sfw-to-wan;
stateful-firewall-rules jweb-sfw-from-wan;
interface-service {
service-interface sp-0/0/0;
}
}
}
version 7.6R1.9;
system {
host-name ROUTER-GUE;
domain-name router-gue.gue.com;
domain-search [ 202.134.0.155 203.130.193.74 ];
authentication-order radius;
root-authentication {
encrypted-password "$1$RVFdx7eI$Ud424y17wLT88AiePhIF01"; ## SECRET-DATA
}
radius-server {
192.168.217.27 {
port 1812;
accounting-port 1813;
secret "$9$b4w4ZHqfznCP5nCuBSy"; ## SECRET-DATA
timeout 10;
retry 3;
source-address 192.168.161.73;
}
192.168.223.12 {
port 1812;
accounting-port 1813;
secret "$9$XFmxVYJGi.fzjHfz6CB1"; ## SECRET-DATA
timeout 10;
retry 3;
source-address 192.168.161.73;
}
}
login {
class level1 {
idle-timeout 20;
permissions [ admin interface network routing snmp system trace trace-control view ];
}
class level2 {
idle-timeout 20;
permissions all;
}
user User1 {
full-name "Tim TPG";
uid 2001;
class level1;
}
user user2 {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$evwPspko$TakoJ0nn.QXLu5ch736vb1"; ## SECRET-DATA
}
}
user user3 {
full-name "user3";
uid 2002;
class level2;
}
user user4 {
full-name "user4";
uid 2004;
class level1;
}
user user5 {
full-name "user5";
uid 2003;
class level2;
}
user user6 {
full-name "user6";
uid 2005;
class level1;
}
user user7 {
full-name "user7";
uid 2006;
class level1;
}
}
services {
telnet;
web-management {
http {
interface [ fe-0/0/0.0 fe-0/0/1.0 ];
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
console {
any any;
}
}
}
interfaces {
fe-0/0/0 {
description "LAN Connection";
unit 0 {
family inet {
filter {
input virus;
output virus;
}
address 192.168.161.25/29;
}
}
}
sp-0/0/0 {
unit 0 {
family inet;
}
}
fe-0/0/1 {
description "Wan Connection";
unit 0 {
family inet {
filter {
input virus;
output virus;
}
address 192.168.136.142/30;
}
}
}
fxp0 {
unit 0;
}
lo0 {
unit 0 {
family inet {
address 127.0.0.1/32;
}
}
}
}
snmp {
location "ROuter GUe";
contact "Harry Chan";
community gue.com {
authorization read-write;
}
trap-group diknas {
categories {
chassis;
link;
}
targets {
10.0.0.4;
10.10.204.2;
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 192.168.136.141;
}
}
firewall {
family inet {
filter virus {
term virus {
from {
source-address {
0.0.0.0/0;
}
destination-address {
0.0.0.0/0;
}
protocol [ tcp udp ];
source-port [ netbios-dgm netbios-ns netbios-ssn 445 135 136 137 138 139 ];
destination-port [ 135 136 137 138 139 netbios-dgm netbios-ns netbios-ssn ];
tcp-established;
interface fe-0/0/0.0;
interface fe-0/0/1.0;
}
then {
log;
reject;
}
}
term default-term {
then accept;
}
}
}
}
services {
stateful-firewall {
rule jweb-sfw-to-wan {
match-direction output;
term jweb-apply-alg {
from {
application-sets junos-algs-outbound;
}
then {
accept;
}
}
term jweb-accept-all {
then {
accept;
}
}
}
rule jweb-sfw-from-wan {
match-direction input;
term jweb-discard-all {
then {
discard;
}
}
}
}
service-set jweb-wan-sfw-service-set {
stateful-firewall-rules jweb-sfw-to-wan;
stateful-firewall-rules jweb-sfw-from-wan;
interface-service {
service-interface sp-0/0/0;
}
}
}
No comments:
Post a Comment