shadowbrokers-exploits/swift/00503_0_254.242_2013mar02
2017-04-14 11:45:07 +02:00

446 lines
22 KiB
Text

unset key protection enable
set clock dst-off
set clock timezone 4
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
set protocol ospf
set enable
set area 0.0.0.1
exit
exit
set service "NSM_Managed_Client_TCP" protocol tcp src-port 0-65535 dst-port 7800-7800
set service "NSM_GUI_Client_TCP" protocol tcp src-port 0-65535 dst-port 7801-7801
set service "NSM_HA_TCP" protocol tcp src-port 0-65535 dst-port 7802-7802
set service "NSM_Managed_IDP_TCP" protocol tcp src-port 0-65535 dst-port 7803-7803
set service "NSM_GUI_Client_7808_TCP" protocol tcp src-port 0-65535 dst-port 7808-7808
set service "NSM_SSLVPN_TCP" protocol tcp src-port 0-65535 dst-port 7804-7804
set service "NSM_7804" protocol tcp src-port 0-65535 dst-port 7804-7804
set service "OpManager" protocol tcp src-port 0-65535 dst-port 8060-8060
set service "OpManagerVIP" protocol tcp src-port 0-65535 dst-port 9090-9090
set service "IT360_8100_TCP" protocol tcp src-port 0-65535 dst-port 8100-8100
set service "IT360_8443_TCP" protocol tcp src-port 0-65535 dst-port 8443-8443
set service "IT360_8400_TCP" protocol tcp src-port 0-65535 dst-port 8400-8400
set service "IT360_9996_UDP" protocol udp src-port 0-65535 dst-port 9996-9996
set service "IT360_9443_TCP" protocol tcp src-port 0-65535 dst-port 9443-9443
set alg appleichat enable
unset alg appleichat re-assembly enable
set alg sctp enable
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth-server "RSA Ace/Server" id 1
set auth-server "RSA Ace/Server" server-name "192.168.206.100"
set auth-server "RSA Ace/Server" backup1 "192.168.206.101"
set auth-server "RSA Ace/Server" account-type xauth
set auth-server "RSA Ace/Server" type securid
set auth default auth server "Local"
set auth radius accounting port 1646
set admin name "netscreen"
set admin password "nHr9JSr5KZ9PcKREMsvHkCEtGSDrpn"
set admin user "msaeed" password "nF3dKrrkHDHCckxALsfARkBtenLoAn" privilege "all"
set admin user "adesear" password "nIVbOVrXL41KckIARs+ARwJteKFZYn" privilege "all"
set admin user "juy" password "nGB6DqrpKxQAc4pI/sxHVLIt1aEskn" privilege "all"
set admin user "kbaluyot" password "nMSQP4rHLyxHcWqBmsqP9pMtnMGPYn" privilege "all"
set admin ssh port 2194
set admin http redirect
set admin auth web timeout 10
set admin auth dial-in timeout 3
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
unset zone "V1-Trust" tcp-rst
unset zone "V1-Untrust" tcp-rst
set zone "DMZ" tcp-rst
unset zone "V1-DMZ" tcp-rst
set zone "VLAN" block
unset zone "VLAN" tcp-rst
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "bri0/0" zone "Untrust"
set interface "ethernet0/0" zone "Untrust"
set interface "ethernet0/1" zone "DMZ"
set interface "ethernet0/6" zone "HA"
set interface "bgroup0" zone "Trust"
set interface "tunnel.4" zone "Untrust"
set interface "tunnel.7" zone "Untrust"
set interface bgroup0 port ethernet0/2
set interface bgroup0 port ethernet0/3
set interface bgroup0 port ethernet0/4
set interface bgroup0 port ethernet0/5
unset interface vlan1 ip
set interface ethernet0/0 ip 80.227.254.242/27
set interface ethernet0/0 route
set interface bgroup0 ip 192.168.196.5/24
set interface bgroup0 nat
set interface tunnel.4 ip 10.40.0.20/16
set interface tunnel.7 ip 10.70.0.20/16
set interface tunnel.4 mtu 1500
set interface tunnel.7 mtu 1500
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface bgroup0 manage-ip 192.168.196.6
set interface ethernet0/0 ip manageable
unset interface bgroup0 ip manageable
set interface ethernet0/0 manage ping
set interface ethernet0/0 manage ssh
set interface ethernet0/0 manage snmp
set interface ethernet0/0 manage ssl
set interface ethernet0/0 vip interface-ip 9090 "OpManager" 192.168.196.35 manual
set interface ethernet0/0 vip interface-ip 8100 "IT360_8100_TCP" 192.168.196.35 manual
set interface ethernet0/0 vip interface-ip 8400 "IT360_8400_TCP" 192.168.196.35 manual
set interface ethernet0/0 vip interface-ip 9443 "IT360_9443_TCP" 192.168.196.35 manual
set interface "ethernet0/0" mip 80.227.254.241 host 192.168.196.25 netmask 255.255.255.255 vr "trust-vr"
set flow tcp-mss
unset flow no-tcp-seq-check
set flow tcp-syn-check
unset flow tcp-syn-bit-check
set flow reverse-route clear-text prefer
set flow reverse-route tunnel always
set hostname ENSBNVPN1
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set nsrp cluster id 7
set nsrp vsd-group id 0 priority 50
set nsrp vsd-group id 0 preempt
set nsrp interface bgroup0
set nsrp monitor interface ethernet0/0
set nsrp monitor interface bgroup0
set dns host dns1 0.0.0.0
set dns host dns2 0.0.0.0
set dns host dns3 0.0.0.0
set address "Trust" "ENSB-NOC-NW" 192.168.196.0 255.255.255.0 "NOC Network"
set address "Trust" "ENSBNNSM1" 192.168.196.25 255.255.255.0 "NSM SERVER"
set address "Trust" "NOC-SRV01" 192.168.196.35 255.255.255.255
set address "Untrust" "CPMSP-NW" 192.168.150.0 255.255.255.0
set address "Untrust" "EN SMTP" 80.227.254.251 255.255.255.255
set address "Untrust" "ENSB-AE-NW" 192.168.206.0 255.255.254.0 "UAE DC Network"
set address "Untrust" "ENSB-AE2-NW" 192.168.211.0 255.255.255.0 "AE DC2 Network"
set address "Untrust" "ENSB-BH-HW" 192.168.236.0 255.255.255.0 "Bahrain DC Network"
set address "Untrust" "ENSB-JO-NW" 192.168.216.0 255.255.255.0
set address "Untrust" "ENSB-PK-NW" 192.168.246.0 255.255.255.0 "Pakistan DC Network"
set address "Untrust" "ENSB-TR-NW" 192.168.216.0 255.255.254.0 "Turkey DC NW"
set address "Untrust" "ENSB-US-DR-NW" 192.168.112.0 255.255.255.0 "US DC DR Network"
set address "Untrust" "ENSB-US-PR-NW" 192.168.111.0 255.255.255.0 "US DC Primary Network"
set address "Untrust" "QI-AE-NW" 192.168.160.0 255.255.255.0
set address "Untrust" "QI-BH-NW" 192.168.60.0 255.255.255.0
set group address "Untrust" "ENSB NW" comment "ALL ENSB NW"
set group address "Untrust" "ENSB NW" add "ENSB-AE-NW"
set group address "Untrust" "ENSB NW" add "ENSB-AE2-NW"
set group address "Untrust" "ENSB NW" add "ENSB-BH-HW"
set group address "Untrust" "ENSB NW" add "ENSB-PK-NW"
set group address "Untrust" "ENSB NW" add "ENSB-TR-NW"
set group address "Untrust" "ENSB NW" add "ENSB-US-PR-NW"
set group service "IT360"
set group service "IT360" add "IT360_8100_TCP"
set group service "IT360" add "IT360_8400_TCP"
set group service "IT360" add "IT360_8443_TCP"
set group service "IT360" add "IT360_9996_UDP"
set group service "NSM_IN" comment "NSM Incoming ports"
set group service "NSM_IN" add "NSM_7804"
set group service "NSM_IN" add "NSM_GUI_Client_7808_TCP"
set group service "NSM_IN" add "NSM_GUI_Client_TCP"
set group service "NSM_IN" add "NSM_HA_TCP"
set group service "NSM_IN" add "NSM_Managed_Client_TCP"
set group service "NSM_IN" add "NSM_Managed_IDP_TCP"
set group service "NSM_IN" add "NSM_SSLVPN_TCP"
set group service "NSM_IN" add "SSH"
set group service "NSM_IN" add "TELNET"
set group service "NSM_OUT" comment "NSM OUtbound ports"
set group service "NSM_OUT" add "DNS"
set group service "NSM_OUT" add "FTP"
set group service "NSM_OUT" add "HTTP"
set group service "NSM_OUT" add "HTTPS"
set group service "NSM_OUT" add "NSM_7804"
set group service "NSM_OUT" add "NSM_SSLVPN_TCP"
set group service "NSM_OUT" add "NTP"
set group service "NSM_OUT" add "SSH"
set group service "NSM_OUT" add "TELNET"
set ippool "ENSB-NOC-NW" 10.149.121.1 10.149.121.254
set ippool "ENSB-NOC-FA" 10.149.122.1 10.149.122.20
set ippool "ENSB-NOC-IS" 10.149.123.1 10.149.123.20
set ippool "ENSB-NOC-PG" 10.149.124.1 10.149.124.20
set ippool "ENSB-NOC-FINMEX" 10.149.125.1 10.149.125.20
set ippool "ENSB-NOC-UNIRISX" 10.149.126.1 10.149.126.20
set ippool "ENSB-NOC-PK" 10.149.127.1 10.149.127.20
set ippool "ENSB-NOC-JO" 10.149.129.1 10.149.129.20
set ippool "ENSB-NOC-US" 10.149.128.1 10.149.128.20
set user "adesear" uid 1
set user "adesear" ike-id u-fqdn "adesear@eastnets.com" share-limit 1
set user "adesear" type ike xauth
set user "adesear" remote ippool "ENSB-NOC-NW"
set user "adesear" password "0TjLvUu6NJOBFMscuOCnptfiZunhWoleCw=="
unset user "adesear" type auth
set user "adesear" "enable"
set user "juy" uid 2
set user "juy" ike-id u-fqdn "juy@eastnets.com" share-limit 1
set user "juy" type ike xauth
set user "juy" remote ippool "ENSB-NOC-NW"
set user "juy" password "dT36Q1nRN3lwBVsZl7ChVzTZeKn4gG9ILQ=="
unset user "juy" type auth
set user "juy" "enable"
set user "kbaluyot" uid 3
set user "kbaluyot" ike-id u-fqdn "kbaluyot@eastnets.com" share-limit 1
set user "kbaluyot" type ike xauth
set user "kbaluyot" remote ippool "ENSB-NOC-NW"
set user "kbaluyot" password "9b9kpb/wNk+WRis5FpCBSHbKiKnb9KBWbA=="
unset user "kbaluyot" type auth
set user "kbaluyot" "enable"
set user "msaeed" uid 4
set user "msaeed" ike-id u-fqdn "msaeed@eastnets.com" share-limit 1
set user "msaeed" type ike xauth
set user "msaeed" remote ippool "ENSB-NOC-NW"
set user "msaeed" password "fqtlGLWGNmiGA5s6JNChAlywkEnncJxQqw=="
unset user "msaeed" type auth
set user "msaeed" "enable"
set user-group "NW Group" id 1
set user-group "NW Group" user "adesear"
set user-group "NW Group" user "juy"
set user-group "NW Group" user "kbaluyot"
set user-group "NW Group" user "msaeed"
set crypto-policy
exit
set ike gateway "DC-AE-SWIFT" address 80.227.254.201 Main outgoing-interface "ethernet0/0" preshare "vfrvuNKbNcnK5fsgHdCgOu/+/UnyByPUGsKh3QIx9bY5aKxXi8SSRj0=" proposal "pre-g2-3des-sha"
set ike gateway "DC-AE-SWIFT" nat-traversal
set ike gateway "DC-AE-SWIFT" nat-traversal udp-checksum
set ike gateway "DC-AE-SWIFT" nat-traversal keepalive-frequency 0
set ike gateway "DC-TR-LL" address 193.23.156.220 Main outgoing-interface "ethernet0/0" preshare "4315J1cuNwFhTSsmHzCDr1jPlInuTQyMLXzBBCtoVKzcPGxgaStKIWo=" proposal "pre-g2-3des-sha"
set ike gateway "DC-BH-LL" address 81.22.17.35 Main outgoing-interface "ethernet0/0" preshare "i5zERIcXNU+UCFsHJjCbqjRxQ0nDm5gMmT56nOLRfW+B4an+3f3OTBo=" proposal "pre-g2-3des-sha"
set ike gateway "ENSB NW Dialup Group" dialup "NW Group" Aggr outgoing-interface "ethernet0/0" preshare "Jes1xtBgNkX60MsJH3C5nRUVWXn2x4b+xHsehqVUTTOK6+hqZY7ZSgo=" proposal "pre-g2-3des-sha"
set ike gateway "ENSB NW Dialup Group" nat-traversal udp-checksum
set ike gateway "ENSB NW Dialup Group" nat-traversal keepalive-frequency 0
set ike gateway "ENSB NW Dialup Group" xauth
unset ike gateway "ENSB NW Dialup Group" xauth do-edipi-auth
set ike gateway "DC-JO-LL" address 77.245.10.172 Main outgoing-interface "ethernet0/0" preshare "3XTJ38KPNkf7YEsKTECeXuQndSngJbege91bsmpEFsJ66MoY+h/B9+I=" proposal "pre-g2-3des-sha"
set ike gateway "DC-CPMS-EHDF-LL" address 80.227.254.228 Main outgoing-interface "ethernet0/0" preshare "ua9iMfeVNPDvvps6/UC7x5WGLFn2UfaApemIcX9NK3X1OYdfZ951I3Q=" proposal "pre-g2-3des-sha"
set ike gateway "QI-AE-LL" address 80.227.254.219 Main outgoing-interface "ethernet0/0" preshare "Nv5infAQNdMPBoscgLC/UiQIAOnbrqYWfL9Oi9nJ2gGhM2NGfQdWOCQ=" proposal "pre-g2-3des-sha"
set ike gateway "QI-BH-LL" address 81.22.17.38 Main outgoing-interface "ethernet0/0" preshare "0mH2B2wON9Vgpws+hHCmLdeeZvnWqJEL0RevcxgMoLz7b948MRA8Tig=" proposal "pre-g2-3des-sha"
set ike gateway "DC-US-LL-PR" address 209.123.80.7 Main outgoing-interface "ethernet0/0" preshare "lMnqKp8WNS3yhMsk5WCK4a3xkjnuL/uzSCNas+LowZPsDzrl3o81Cwk=" proposal "pre-g2-3des-sha"
set ike gateway "DC-US-LL-PR" nat-traversal
set ike gateway "DC-US-LL-PR" nat-traversal udp-checksum
set ike gateway "DC-US-LL-PR" nat-traversal keepalive-frequency 5
set ike gateway "DC-US-LL-DR" address 69.167.70.242 Main outgoing-interface "ethernet0/0" preshare "YqGIDy8pNXfKQ8sBVvC/7ed/BDnFt6wh/lUjGGu9hnHnse3nmp87DyY=" proposal "pre-g2-3des-sha"
set ike gateway "DC-US-LL-DR" nat-traversal
set ike gateway "DC-US-LL-DR" nat-traversal udp-checksum
set ike gateway "DC-US-LL-DR" nat-traversal keepalive-frequency 5
set ike gateway "DC-PK-LL" address 202.63.216.20 Main outgoing-interface "ethernet0/0" preshare "xSmBxsRmN0khN8sXPQCrkG9AkUnfX03Bs3JmXSN0grNpN/YO9YsU8Jc=" proposal "pre-g2-3des-sha"
set ike gateway "DC-CPMS-ETISALAT" address 213.42.22.136 Main outgoing-interface "ethernet0/0" preshare "gv2S3jdqNjwhp2sUf1CLNPKqwpndYkbbisyL5dX8TcAMUgHhekq6zjI=" proposal "pre-g2-3des-sha"
set ike gateway "DC-AE-HOST" address 80.227.254.205 Main outgoing-interface "ethernet0/0" preshare "DyiejXENNvmC7Ps7bJCy9TBzKZn3x9f+b2dMA7uam+YkPNVOsTjRfJM=" proposal "pre-g2-3des-sha"
set ike respond-bad-spi 1
set ike ikev2 ike-sa-soft-lifetime 60
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set vpn "DC-AE-SWIFT" gateway "DC-AE-SWIFT" replay tunnel idletime 0 proposal "g2-esp-3des-sha"
set vpn "DC-AE-SWIFT" monitor optimized rekey
set vpn "DC-AE-SWIFT" id 0xb bind interface tunnel.4
set vpn "DC-AE-SWIFT" dscp-mark 0
set vpn "DC-TR-LL" gateway "DC-TR-LL" replay tunnel idletime 0 proposal "g2-esp-3des-sha"
set vpn "DC-TR-LL" monitor optimized rekey
set vpn "DC-TR-LL" id 0xa bind interface tunnel.4
set vpn "DC-BH-LL" gateway "DC-BH-LL" replay tunnel idletime 0 proposal "g2-esp-3des-sha"
set vpn "DC-BH-LL" monitor optimized rekey
set vpn "DC-BH-LL" id 0x9 bind interface tunnel.4
set vpn "ENSB NW Dialup Group" gateway "ENSB NW Dialup Group" replay tunnel idletime 0 proposal "g2-esp-3des-sha"
set vpn "DC-JO-LL" gateway "DC-JO-LL" replay tunnel idletime 0 proposal "g2-esp-3des-sha"
set vpn "DC-JO-LL" monitor optimized rekey
set vpn "DC-JO-LL" id 0xc bind interface tunnel.4
set vpn "DC-CPMS-PRI-LL" gateway "DC-CPMS-EHDF-LL" replay tunnel idletime 0 proposal "g2-esp-3des-sha"
set vpn "DC-CPMS-PRI-LL" monitor optimized rekey
set vpn "DC-CPMS-PRI-LL" id 0xd bind interface tunnel.4
set vpn "DC-CPMS-PRI-LL" dscp-mark 0
set vpn "QI-AE-LL" gateway "QI-AE-LL" replay tunnel idletime 0 proposal "g2-esp-3des-sha"
set vpn "QI-AE-LL" monitor optimized rekey
set vpn "QI-AE-LL" id 0x18 bind interface tunnel.4
set vpn "QI-BH-LL" gateway "QI-BH-LL" replay tunnel idletime 0 proposal "g2-esp-3des-sha"
set vpn "QI-BH-LL" monitor optimized rekey
set vpn "QI-BH-LL" id 0x10 bind interface tunnel.4
set vpn "DC-US-LL-PR" gateway "DC-US-LL-PR" replay tunnel idletime 0 proposal "g2-esp-3des-sha"
set vpn "DC-US-LL-PR" monitor optimized rekey
set vpn "DC-US-LL-PR" id 0x12 bind interface tunnel.7
set vpn "DC-US-LL-DR" gateway "DC-US-LL-DR" replay tunnel idletime 0 proposal "g2-esp-3des-sha"
set vpn "DC-US-LL-DR" monitor optimized rekey
set vpn "DC-US-LL-DR" id 0x13 bind interface tunnel.7
set vpn "DC-PK-LL" gateway "DC-PK-LL" replay tunnel idletime 0 proposal "g2-esp-3des-sha"
set vpn "DC-PK-LL" monitor optimized rekey
set vpn "DC-PK-LL" id 0x14 bind interface tunnel.4
set vpn "DC-CPMS-ETISALAT-LL" gateway "DC-CPMS-ETISALAT" replay tunnel idletime 0 proposal "g2-esp-3des-sha"
set vpn "DC-CPMS-ETISALAT-LL" monitor optimized rekey
set vpn "DC-CPMS-ETISALAT-LL" id 0x15 bind interface tunnel.4
set vpn "DC-AE-HOST" gateway "DC-AE-HOST" replay tunnel idletime 0 proposal "g2-esp-3des-sha"
set vpn "DC-AE-HOST" monitor optimized rekey
set vpn "DC-AE-HOST" id 0x17 bind interface tunnel.7
set vrouter "untrust-vr"
set protocol nhrp
set protocol nhrp retry-interval 30
set protocol nhrp max-query 12
exit
set vrouter "trust-vr"
set protocol nhrp
set protocol nhrp retry-interval 30
set protocol nhrp max-query 12
exit
set url protocol websense
exit
set policy id 21 name "Monitoring System" from "Untrust" to "Trust" "Any" "VIP(ethernet0/0)" "IT360_8100_TCP" permit log
set policy id 21
set service "IT360_8400_TCP"
set service "IT360_9443_TCP"
set service "IT360_9996_UDP"
set service "OpManagerVIP"
set log session-init
exit
set policy id 16 from "Trust" to "Untrust" "NOC-SRV01" "EN SMTP" "SMTP" permit log
set policy id 16
set log session-init
exit
set policy id 12 from "Trust" to "Untrust" "ENSB-NOC-NW" "QI-AE-NW" "ANY" permit log
set policy id 12
set log session-init
exit
set policy id 14 from "Trust" to "Untrust" "ENSB-NOC-NW" "QI-BH-NW" "ANY" permit log
set policy id 14
set log session-init
exit
set policy id 4 from "Untrust" to "Trust" "Any" "MIP(80.227.254.241)" "HTTPS" permit log
set policy id 4
set service "ICMP-ANY"
set service "TELNET"
set service "NSM_IN"
set log session-init
exit
set policy id 2 from "Untrust" to "Trust" "ENSB-AE-NW" "ENSB-NOC-NW" "ANY" permit log
set policy id 2
exit
set policy id 8 from "Untrust" to "Trust" "ENSB-BH-HW" "ENSB-NOC-NW" "ANY" permit log
set policy id 8
exit
set policy id 9 from "Untrust" to "Trust" "ENSB-JO-NW" "ENSB-NOC-NW" "ANY" permit log
set policy id 9
exit
set policy id 3 from "Trust" to "Untrust" "ENSBNNSM1" "Any" "ICMP-ANY" permit log
set policy id 3
set service "NSM_OUT"
exit
set policy id 1 from "Trust" to "Untrust" "ENSB-NOC-NW" "ENSB NW" "ANY" permit log
set policy id 1
exit
set policy id 6 from "Untrust" to "Trust" "Dial-Up VPN" "ENSB-NOC-NW" "ANY" tunnel vpn "ENSB NW Dialup Group" id 0xe pair-policy 7 log
set policy id 6
exit
set policy id 7 from "Trust" to "Untrust" "ENSB-NOC-NW" "Dial-Up VPN" "ANY" tunnel vpn "ENSB NW Dialup Group" id 0xe pair-policy 6 log
set policy id 7
exit
set policy id 10 from "Trust" to "Untrust" "ENSB-NOC-NW" "CPMSP-NW" "ANY" permit log
set policy id 10
exit
set policy id 11 from "Untrust" to "Trust" "CPMSP-NW" "ENSB-NOC-NW" "ANY" permit log
set policy id 11
exit
set policy id 13 from "Untrust" to "Trust" "QI-AE-NW" "ENSB-NOC-NW" "ANY" permit log
set policy id 13
set log session-init
exit
set policy id 15 from "Untrust" to "Trust" "QI-BH-NW" "ENSB-NOC-NW" "ANY" permit log
set policy id 15
set log session-init
exit
set policy id 17 from "Trust" to "Untrust" "ENSB-NOC-NW" "ENSB-US-PR-NW" "ANY" permit log
set policy id 17
set log session-init
exit
set policy id 18 from "Trust" to "Untrust" "ENSB-NOC-NW" "ENSB-US-DR-NW" "ANY" permit log
set policy id 18
set log session-init
exit
set policy id 19 from "Untrust" to "Trust" "ENSB-US-PR-NW" "ENSB-NOC-NW" "ANY" permit log
set policy id 19
set log session-init
exit
set policy id 20 from "Untrust" to "Trust" "ENSB-US-DR-NW" "ENSB-NOC-NW" "ANY" permit log
set policy id 20
set log session-init
exit
set syslog config "192.168.206.111"
set syslog config "192.168.206.111" facilities local0 local0
set syslog config "192.168.206.111" port 1514
set syslog config "192.168.206.111" log traffic
set syslog enable
set nsmgmt report proto-dist enable
set nsmgmt report statistics ethernet enable
set nsmgmt report statistics attack enable
set nsmgmt report statistics flow enable
set nsmgmt report statistics policy enable
set nsmgmt report alarm traffic enable
set nsmgmt report alarm attack enable
set nsmgmt report alarm other enable
set nsmgmt report alarm di enable
set nsmgmt report log config enable
set nsmgmt report log info enable
set nsmgmt report log self enable
set nsmgmt report log traffic enable
set nsmgmt init id C2DD45C0C360D0EBB64B767EDB4516983964644200
set nsmgmt server primary 192.168.196.25 port 7800
set nsmgmt bulkcli reboot-timeout 60
set nsmgmt hb-interval 20
set nsmgmt hb-threshold 5
set nsmgmt enable
set ssh version v2
set ssh enable
set config lock timeout 5
unset license-key auto-update
set ssl port 2443
set snmp community "EastNets-SNMP" Read-Write Trap-on traffic version v2c
set snmp host "EastNets-SNMP" 192.168.206.111 255.255.255.255 trap v2
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
set route 192.168.150.0/24 interface tunnel.4 gateway 10.40.0.25 description "CPMS-PRI-LL"
set route 192.168.160.0/24 interface tunnel.4 gateway 10.40.0.35 metric 10 description "QI-AE-LL"
set route 192.168.60.0/24 interface tunnel.4 gateway 10.40.0.40 metric 10 description "QI-BH-LL"
set route 192.168.206.0/23 interface tunnel.4 gateway 10.40.0.1 description "ENSB-AE"
set route 0.0.0.0/0 interface ethernet0/0 gateway 80.227.254.225 description "Defualt Route"
set route 192.168.236.0/24 interface tunnel.4 gateway 10.40.0.10 permanent description "ENSB BH"
set route 192.168.111.0/24 interface tunnel.7 gateway 10.70.0.65 description "DC-US-LL-PR"
set route 192.168.112.0/24 interface tunnel.7 gateway 10.70.0.70 description "DC-US-LL-DR"
set route 192.168.216.0/23 interface tunnel.4 gateway 10.40.0.15 description "ENSB JO"
set route 192.168.246.0/24 interface tunnel.4 gateway 10.40.0.50 description "DC PK"
set route 192.168.50.0/24 interface tunnel.4 gateway 10.40.0.30 description "CPMS ETISALAT VPN3 "
set route 192.168.211.0/24 interface tunnel.7 gateway 10.70.0.55 description "DC AE HOST"
exit
set interface tunnel.4 protocol ospf area 0.0.0.0
set interface tunnel.4 protocol ospf demand-circuit
set interface tunnel.4 protocol ospf link-type p2mp
set interface tunnel.4 protocol ospf enable
set interface tunnel.4 protocol ospf cost 10
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit