Scribd Logo
Hochladen

Willkommen bei Scribd!

  • SRXB 1

    Hochgeladen von

    ufkazim2722
    56 Ansichten5 Seiten

    Originaltitel

    SRXB-1

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    TXT, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden

    Copyright:

    © All Rights Reserved
    Als TXT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    56 Ansichten5 Seiten

    SRXB 1

    Hochgeladen von

    ufkazim2722

    Copyright:

    © All Rights Reserved
    Als TXT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 5

    system {

    host-name srxB-1;
    root-authentication {
    encrypted-password "$1$KI99zGk6$MbYFuBbpLffu9tn2.sI7l1";
    ssh-dsa "ssh-dss AAAAB3NzaC1kc3MAAACBAMQrfP2bZyBXJ6PC7XXZ+MzErI8Jl6jah5L
    4/O8BsfP2hC7EvRfNoX7MqbrtCX/9gUH9gChVuBCB+ERULMdgRvM5uGhC/gs4UX+4dBbfBgKYYwgmisM
    8EoT25m7qI8ybpl2YZvHNznvO8h7kr4kpYuQEpKvgsTdH/Jle4Uqnjv7DAAAAFQDZaqA6QAgbW3O/zve
    aLCIDj6p0dwAAAIB1iL+krWrXiD8NPpY+w4dWXEqaV3bnobzPC4eyxQKBUCOr80Q5YBlWXVBHx9elwBW
    Zwj0SF4hLKHznExnLerVsMuTMA846RbQmSz62vM6kGM13HFonWeQvWia0TDr78+rOEgWF2KHBSIxL51l
    mIDW8Gql9hJfD/Dr/NKP97w3L0wAAAIEAr3FkWU8XbYytQYEKxsIN9P1UQ1ERXB3G40YwqFO484SlyKy
    YCfaz+yNsaAJu2C8UebDIR3GieyNcOAKf3inCG8jQwjLvZskuZwrvlsz/xtcxSoAh9axJcdUfSJYMW/g
    +mD26JK1Cliw5rwp2nH9kUrJxeI7IReDp4egNkM4i15o= configurator@server1.he"; ## SECRE
    T-DATA
    }
    login {
    user lab {
    uid 2000;
    class super-user;
    authentication {
    encrypted-password "$1$84J5Maes$cni5Hrazbd/IEHr/50oY30";
    }
    }
    }
    services {
    ssh;
    telnet;
    web-management {
    http;
    }
    }
    syslog {
    file messages {
    any any;
    authorization info;
    }
    file interactive-commands {
    interactive-commands any;
    }
    }
    }
    interfaces {
    ge-0/0/0 {
    description "MGMT Interface - DO NOT DELETE";
    unit 0 {
    family inet {
    address 10.210.12.133/26;
    }
    }
    }
    ge-0/0/3 {
    unit 0 {
    family inet {
    address 172.18.1.2/30;
    }
    }
    }
    ge-0/0/4 {
    vlan-tagging;
    unit 103 {
    vlan-id 103;
    family inet {
    address 172.20.103.1/24;
    }
    }
    unit 203 {
    vlan-id 203;
    family inet {
    address 172.20.203.1/24;
    }
    }
    }
    lo0 {
    unit 0 {
    family inet {
    address 192.168.1.1/32;
    }
    }
    }
    }
    routing-options {
    static {
    route 0.0.0.0/0 next-hop 172.18.1.1;
    }
    }
    security {
    address-book {
    untrust {
    address vr104 172.20.104.0/24;
    address vr204 172.20.204.0/24;
    address srxB-2 172.18.2.0/30;
    attach {
    zone untrust;
    }
    }
    global {
    address internet-host 172.31.15.1/32;
    }
    Juniper-SV {
    address vr103 172.20.103.0/24;
    attach {
    zone Juniper-SV;
    }
    }
    ACME-SV {
    address vr203 172.20.203.0/24;
    attach {
    zone ACME-SV;
    }
    }
    }
    policies {
    from-zone Juniper-SV to-zone Juniper-SV {
    policy intrazone-Juniper-SV {
    match {
    source-address any;
    destination-address any;
    application any;
    }
    then {
    permit;
    }
    }
    }
    from-zone ACME-SV to-zone ACME-SV {
    policy intrazone-ACME-SV {
    match {
    source-address any;
    destination-address any;
    application any;
    }
    then {
    permit;
    }
    }
    }
    from-zone Juniper-SV to-zone untrust {
    policy outbound-ftp-auth {
    match {
    source-address vr103;
    destination-address vr104;
    application junos-ftp;
    }
    then {
    permit;
    }
    }
    policy deny-ftp-Juniper-SV {
    match {
    source-address any;
    destination-address any;
    application junos-ftp;
    }
    then {
    reject;
    }
    }
    policy internet-Juniper-SV {
    match {
    source-address vr103;
    destination-address any;
    application any;
    }
    then {
    permit;
    }
    }
    }
    from-zone ACME-SV to-zone untrust {
    policy internet-ACME-SV {
    match {
    source-address vr203;
    destination-address any;
    application any;
    }
    then {
    permit;
    }
    }
    }
    from-zone untrust to-zone Juniper-SV {
    policy Juniper-WF-to-Juniper-SV {
    match {
    source-address vr104;
    destination-address vr103;
    application internal-apps;
    }
    then {
    permit;
    log {
    session-init;
    session-close;
    }
    }
    scheduler-name internal-apps-scheduler;
    }
    policy inbound-ftp-auth {
    match {
    source-address vr104;
    destination-address vr103;
    application junos-ftp;
    }
    then {
    permit {
    firewall-authentication {
    pass-through {
    client-match ftp-group;
    }
    }
    }
    }
    }
    }
    }
    zones {
    functional-zone management {
    interfaces {
    ge-0/0/0.0;
    }
    host-inbound-traffic {
    system-services {
    ssh;
    telnet;
    ping;
    traceroute;
    http;
    snmp;
    }
    }
    }
    security-zone Juniper-SV {
    interfaces {
    ge-0/0/4.103;
    }
    }
    security-zone ACME-SV {
    interfaces {
    ge-0/0/4.203;
    }
    }
    security-zone untrust {
    interfaces {
    ge-0/0/3.0;
    }
    }
    }
    }
    access {
    profile ftp-users {
    client nancy {
    firewall-user {
    password "$9$7bds4aJDmfz-VQn/9pu8XxdYg"; ## SECRET-DATA
    }
    }
    client walter {
    firewall-user {
    password "$9$8S67wgoaUk.5GD.5zFtpM8L7bs4aZ"; ## SECRET-DATA
    }
    }
    session-options {
    client-group ftp-group;
    }
    }
    firewall-authentication {
    pass-through {
    default-profile ftp-users;
    ftp {
    banner {
    login "Junos Rocks!";
    }
    }
    }
    }
    }
    applications {
    application Juniper-gizmo {
    protocol udp;
    source-port 50000;
    destination-port 50001;
    }
    application-set internal-apps {
    application Juniper-gizmo;
    application junos-telnet;
    application junos-ping;
    }
    }
    schedulers {
    scheduler internal-apps-scheduler {
    daily {
    start-time 03:00:00 stop-time 23:00:00;
    }
    sunday exclude;
    saturday exclude;
    }
    }

    Das könnte Ihnen auch gefallen