=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2017.03.22 01:40:05 =~=~=~=~=~=~=~=~=~=~=~=
 
set version 15.1X49-D45
set system time-zone America/Chicago
set system name-server 8.8.8.8
set system services ssh root-login allow
set system services ssh connection-limit 3
set system services ssh rate-limit 3
set system services telnet
set system services xnm-clear-text
set system services netconf ssh
set system services dhcp-local-server group FFFF-dhcp overrides
set system services dhcp-local-server group FFFF-dhcp interface irb.200
set system services web-management http interface ge-0/0/1.0
set system services web-management http interface ge-0/0/2.0
set system services web-management http interface ge-0/0/3.0
set system services web-management http interface ge-0/0/4.0
set system services web-management http interface irb.0
set system services web-management http interface irb.2
set system services web-management http interface irb.4
set system services web-management https system-generated-certificate
set system services web-management https interface ge-0/0/1.0
set system services web-management https interface ge-0/0/2.0
set system services web-management https interface ge-0/0/3.0
set system services web-management https interface ge-0/0/4.0
set system services web-management https interface irb.0
set system services web-management https interface irb.2
set system services web-management https interface irb.4
set system syslog archive size 100k
set system syslog archive files 3
set system syslog user * any emergency
set system syslog file messages any critical
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands error
set system max-configurations-on-flash 5
set system max-configuration-rollbacks 5
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval

set security alg ftp disable
set security alg ftp ftps-extension
set security alg h323 disable
set security alg sip disable
set security utm feature-profile anti-virus type sophos-engine
set security utm feature-profile anti-virus sophos-engine pattern-update url http://update.juniper-updates.net/AV/SRX300
set security utm feature-profile anti-virus sophos-engine pattern-update interval 30
set security utm feature-profile anti-virus sophos-engine profile sophos-eav-defaults scan-options uri-check
set security utm utm-policy default-av-policy anti-virus http-profile junos-sophos-av-defaults
set security utm utm-policy default-av-policy anti-virus ftp upload-profile junos-sophos-av-defaults
set security utm utm-policy default-av-policy anti-virus ftp download-profile junos-sophos-av-defaults
set security utm utm-policy default-av-policy anti-virus smtp-profile junos-sophos-av-defaults
set security utm utm-policy default-av-policy anti-virus pop3-profile junos-sophos-av-defaults
set security utm utm-policy default-av-policy anti-virus imap-profile junos-sophos-av-defaults

set security flow aging early-ageout 3600
set security flow tcp-session time-wait-state session-timeout 600
set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip tear-drop
set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
set security screen ids-option untrust-screen tcp syn-flood timeout 20
set security screen ids-option untrust-screen tcp land
set security nat source rule-set trust-to-untrust from zone trust
set security nat source rule-set trust-to-untrust to zone untrust
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface
set security nat source rule-set trust-to-internet from zone trust
set security nat source rule-set trust-to-internet to zone internet
set security nat source rule-set trust-to-internet rule source_nat_trust_internet match source-address 0.0.0.0/0
set security nat source rule-set trust-to-internet rule source_nat_trust_internet match destination-address 0.0.0.0/0
set security nat source rule-set trust-to-internet rule source_nat_trust_internet then source-nat interface
set security nat source rule-set workstations-to-internet from zone workstations
set security nat source rule-set workstations-to-internet to zone internet
set security nat source rule-set workstations-to-internet rule source_workstations match source-address 0.0.0.0/0
set security nat source rule-set workstations-to-internet rule source_workstations match destination-address 0.0.0.0/0
set security nat source rule-set workstations-to-internet rule source_workstations then source-nat interface
set security nat source rule-set servers-to-internet from zone servers
set security nat source rule-set servers-to-internet to zone internet
set security nat source rule-set servers-to-internet rule BBPL_no_nat match source-address 192.168.2.35/32
set security nat source rule-set servers-to-internet rule BBPL_no_nat match destination-address 192.168.20.103/32
set security nat source rule-set servers-to-internet rule BBPL_no_nat then source-nat off
set security nat source rule-set servers-to-internet rule source_servers match source-address 0.0.0.0/0
set security nat source rule-set servers-to-internet rule source_servers match destination-address 0.0.0.0/0
set security nat source rule-set servers-to-internet rule source_servers then source-nat interface
set security nat source rule-set iscsi-to-internet from zone iscsi
set security nat source rule-set iscsi-to-internet to zone internet
set security nat source rule-set iscsi-to-internet rule source_iscsi match source-address 0.0.0.0/0
set security nat source rule-set iscsi-to-internet rule source_iscsi match destination-address 0.0.0.0/0
set security nat source rule-set iscsi-to-internet rule source_iscsi then source-nat interface
set security nat source rule-set workstations-to-servers from zone workstations
set security nat source rule-set workstations-to-servers to zone servers
set security nat source rule-set workstations-to-servers rule MDSuite match source-address 192.168.4.0/24
set security nat source rule-set workstations-to-servers rule MDSuite match destination-address 192.168.2.35/32
set security nat source rule-set workstations-to-servers rule MDSuite match destination-port 443
set security nat source rule-set workstations-to-servers rule MDSuite then source-nat interface
set security nat source rule-set Guest-to-Internet from zone Guest-Wireless
set security nat source rule-set Guest-to-Internet to zone internet
set security nat source rule-set Guest-to-Internet rule Guest-to-Inet match source-address 0.0.0.0/0
set security nat source rule-set Guest-to-Internet rule Guest-to-Inet match destination-address 0.0.0.0/0
set security nat source rule-set Guest-to-Internet rule Guest-to-Inet then source-nat interface
set security nat destination pool WebView_HTTPS address 192.168.2.15/32
set security nat destination pool WebView_HTTPS address port 443
set security nat destination pool SunLink_9140 address 192.168.2.32/32
set security nat destination pool MDSuite address 192.168.2.35/32
set security nat destination pool MDSuite address port 443
set security nat destination pool SecurityPanel-XR150 address 192.168.4.251/32
set security nat destination pool SecurityPanel-XR150 address port 2001

set security nat proxy-arp interface ge-0/0/5.0 address 198.153.81.205/32
set security policies from-zone trust to-zone trust policy trust-to-trust match source-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match destination-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match application any
set security policies from-zone trust to-zone trust policy trust-to-trust then permit
set security policies from-zone trust to-zone untrust policy trust-to-untrust match source-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match destination-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match application any
set security policies from-zone trust to-zone untrust policy trust-to-untrust then permit
set security policies from-zone trust to-zone internet policy trust-to-internet match source-address any
set security policies from-zone trust to-zone internet policy trust-to-internet match destination-address any
set security policies from-zone trust to-zone internet policy trust-to-internet match application any
set security policies from-zone trust to-zone internet policy trust-to-internet then permit

set security policies from-zone servers to-zone internet policy servers-internet match source-address any
set security policies from-zone servers to-zone internet policy servers-internet match destination-address any
set security policies from-zone servers to-zone internet policy servers-internet match application any
set security policies from-zone servers to-zone internet policy servers-internet then permit application-services utm-policy default-av-policy
set security policies from-zone workstations to-zone internet policy workstations-internet match source-address any
set security policies from-zone workstations to-zone internet policy workstations-internet match destination-address any
set security policies from-zone workstations to-zone internet policy workstations-internet match application any
set security policies from-zone workstations to-zone internet policy workstations-internet then permit application-services utm-policy default-av-policy
set security policies from-zone workstations to-zone servers policy workstations-servers match source-address any
set security policies from-zone workstations to-zone servers policy workstations-servers match destination-address any
set security policies from-zone workstations to-zone servers policy workstations-servers match application any
set security policies from-zone workstations to-zone servers policy workstations-servers then permit

set security policies from-zone internet to-zone servers policy internet-to-mdsuite match source-address any
set security policies from-zone internet to-zone servers policy internet-to-mdsuite match destination-address MDSuite
set security policies from-zone internet to-zone servers policy internet-to-mdsuite match application junos-https
set security policies from-zone internet to-zone servers policy internet-to-mdsuite then permit
set security policies from-zone internet to-zone servers policy server-32 match source-address SunLinkHealth_Server1
set security policies from-zone internet to-zone servers policy server-32 match source-address SunLinkHealth_Server2
set security policies from-zone internet to-zone servers policy server-32 match source-address SunLinkHealth_XPConsole
set security policies from-zone internet to-zone servers policy server-32 match destination-address Server_32
set security policies from-zone internet to-zone servers policy server-32 match application any
set security policies from-zone internet to-zone servers policy server-32 then permit

set security policies from-zone trust to-zone servers policy trust-servers match source-address any
set security policies from-zone trust to-zone servers policy trust-servers match destination-address any
set security policies from-zone trust to-zone servers policy trust-servers match application any
set security policies from-zone trust to-zone servers policy trust-servers then permit
set security policies from-zone servers to-zone workstations policy servers-workstations match source-address any
set security policies from-zone servers to-zone workstations policy servers-workstations match destination-address any
set security policies from-zone servers to-zone workstations policy servers-workstations match application any
set security policies from-zone servers to-zone workstations policy servers-workstations then permit
set security policies from-zone servers to-zone iscsi policy servers-to-iscsi match source-address Server_Network
set security policies from-zone servers to-zone iscsi policy servers-to-iscsi match destination-address iSCSI_Network
set security policies from-zone servers to-zone iscsi policy servers-to-iscsi match application any
set security policies from-zone servers to-zone iscsi policy servers-to-iscsi then permit
set security policies from-zone servers to-zone NetworkMgmt policy servers-to-management match source-address Server_Network
set security policies from-zone servers to-zone NetworkMgmt policy servers-to-management match destination-address any
set security policies from-zone servers to-zone NetworkMgmt policy servers-to-management match application any
set security policies from-zone servers to-zone NetworkMgmt policy servers-to-management then permit
set security policies from-zone trust to-zone NetworkMgmt policy trust-to-management match source-address any
set security policies from-zone trust to-zone NetworkMgmt policy trust-to-management match destination-address any
set security policies from-zone trust to-zone NetworkMgmt policy trust-to-management match application any
set security policies from-zone trust to-zone NetworkMgmt policy trust-to-management then permit
set security policies from-zone workstations to-zone iscsi policy workstations_to_iomega_mgmt match source-address Workstation_Network
set security policies from-zone workstations to-zone iscsi policy workstations_to_iomega_mgmt match destination-address iSCSI_Network
set security policies from-zone workstations to-zone iscsi policy workstations_to_iomega_mgmt match application any
set security policies from-zone workstations to-zone iscsi policy workstations_to_iomega_mgmt then permit
set security policies from-zone iscsi to-zone internet policy iscsi-to-internet match source-address iSCSI_Network
set security policies from-zone iscsi to-zone internet policy iscsi-to-internet match destination-address any
set security policies from-zone iscsi to-zone internet policy iscsi-to-internet match application any
set security policies from-zone iscsi to-zone internet policy iscsi-to-internet then permit
set security policies from-zone internet to-zone workstations policy internet-to-security match source-address any
set security policies from-zone internet to-zone workstations policy internet-to-security match destination-address SecurityPanel-XR150
set security policies from-zone internet to-zone workstations policy internet-to-security match application TCP-2001
set security policies from-zone internet to-zone workstations policy internet-to-security then permit
set security policies from-zone Guest-Wireless to-zone internet policy GuestW-to-Internet match source-address Guest-Network
set security policies from-zone Guest-Wireless to-zone internet policy GuestW-to-Internet match destination-address any
set security policies from-zone Guest-Wireless to-zone internet policy GuestW-to-Internet match application any
set security policies from-zone Guest-Wireless to-zone internet policy GuestW-to-Internet then permit
set security zones security-zone trust address-book address Trust_Network 192.168.1.0/24
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces irb.0

set security zones security-zone untrust screen untrust-screen
set security zones security-zone untrust host-inbound-traffic system-services ike
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services dhcp
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services tftp

set security zones security-zone internet screen untrust-screen
set security zones security-zone internet interfaces ge-0/0/5.0 host-inbound-traffic system-services ssh
set security zones security-zone internet interfaces ge-0/0/5.0 host-inbound-traffic system-services ike
set security zones security-zone internet interfaces ge-0/0/5.0 host-inbound-traffic system-services https
set security zones security-zone workstations address-book address Workstation_Network 192.168.4.0/24
set security zones security-zone workstations address-book address Android-1 192.168.4.200/32
set security zones security-zone workstations address-book address Android-2 192.168.4.201/32
set security zones security-zone workstations address-book address Android-3 192.168.4.202/32
set security zones security-zone workstations address-book address Android-4 192.168.4.203/32
set security zones security-zone workstations address-book address SecurityPanel-XR150 192.168.4.251/32
set security zones security-zone workstations address-book address-set Android-Set address Android-1
set security zones security-zone workstations address-book address-set Android-Set address Android-2
set security zones security-zone workstations address-book address-set Android-Set address Android-3
set security zones security-zone workstations address-book address-set Android-Set address Android-4
set security zones security-zone workstations host-inbound-traffic system-services all
set security zones security-zone workstations host-inbound-traffic protocols all
set security zones security-zone workstations interfaces irb.4 host-inbound-traffic system-services all

set security zones security-zone servers host-inbound-traffic system-services all
set security zones security-zone servers interfaces irb.2 host-inbound-traffic system-services http
set security zones security-zone servers interfaces irb.2 host-inbound-traffic system-services https
set security zones security-zone servers interfaces irb.2 host-inbound-traffic system-services ssh
set security zones security-zone servers interfaces irb.2 host-inbound-traffic system-services ping
set security zones security-zone servers interfaces irb.2 host-inbound-traffic system-services dhcp
set security zones security-zone iscsi address-book address iSCSI_Network 192.168.5.0/24
set security zones security-zone iscsi interfaces irb.5 host-inbound-traffic system-services all
set security zones security-zone NetworkMgmt address-book address Management_Network 192.168.6.0/24
set security zones security-zone NetworkMgmt interfaces irb.6 host-inbound-traffic system-services all
set security zones security-zone NextLevel
set security zones security-zone Guest-Wireless address-book address Guest-Network 192.168.200.0/24
set security zones security-zone Guest-Wireless interfaces irb.200 host-inbound-traffic system-services ping
set security zones security-zone Guest-Wireless interfaces irb.200 host-inbound-traffic system-services dhcp
set interfaces ge-0/0/0 unit 0 family inet address 75.130.14.142/28
set interfaces ge-0/0/1 description "EX4200 - FFFF-SW1"
set interfaces ge-0/0/1 unit 0 description "Unit 0 - EX4200 - FFFF-SW1"
set interfaces ge-0/0/1 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members vlan-servers
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members vlan-worstations
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members vlan-iscsi
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members vlan-mgmt
set interfaces ge-0/0/2 description "Juniper AP for Guest Wireless"
set interfaces ge-0/0/2 unit 0 family ethernet-switching
set interfaces ge-0/0/3 unit 0 family ethernet-switching 
set interfaces ge-0/0/4 description "Ruckus AP"
set interfaces ge-0/0/4 native-vlan-id 4
set interfaces ge-0/0/4 unit 0 description "Ruckus AP"
set interfaces ge-0/0/4 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/4 unit 0 family ethernet-switching inner-vlan members vlan-Guest
set interfaces ge-0/0/4 unit 0 family ethernet-switching inner-vlan members vlan-worstations
set interfaces ge-0/0/5 unit 0 description Internet
set interfaces ge-0/0/5 unit 0 family inet address /24
set interfaces ge-0/0/6 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces irb unit 0 family inet address 192.168.1.1/24
set interfaces irb unit 2 family inet address 192.168.2.254/24
set interfaces irb unit 4 family inet address 192.168.4.1/24
set interfaces irb unit 5 family inet address 192.168.5.1/24
set interfaces irb unit 6 family inet address 192.168.6.1/24
set interfaces irb unit 200 family inet address 192.168.200.1/24
set interfaces lo0 unit 0 family inet filter input SSH-filter
set interfaces lo0 unit 0 family inet address 127.0.0.1/32
set interfaces st0 unit 0
set routing-options static route 10.0.102.0/24 next-hop st0.0
set routing-options static route 0.0.0.0/0 next-hop 198.153.81.1
set protocols l2-learning global-mode switching
set policy-options prefix-list Trusted-SSH-IP-Addresses 10.0.0.0/24

set policy-options prefix-list Trusted-SSH 24.240.194.0/24
set policy-options prefix-list Trusted-SSH 216.106.41.86/32
set firewall family inet filter SSH-filter term allow-SSH from source-prefix-list Trusted-SSH-IP-Addresses
set firewall family inet filter SSH-filter term allow-SSH from protocol tcp
set firewall family inet filter SSH-filter term allow-SSH from destination-port ssh
set firewall family inet filter SSH-filter term allow-SSH then accept
set firewall family inet filter SSH-filter term deny-SSH from source-address 0.0.0.0/0
set firewall family inet filter SSH-filter term deny-SSH from destination-port ssh
set firewall family inet filter SSH-filter term deny-SSH then discard
set firewall family inet filter SSH-filter term allow-all then accept

set access address-assignment pool dynamic-vpn-address-pool family inet network 192.168.6.0/24
set access address-assignment pool dynamic-vpn-address-pool family inet range dynamic-vpn-range low 192.168.6.2
set access address-assignment pool dynamic-vpn-address-pool family inet range dynamic-vpn-range high 192.168.6.20
set access address-assignment pool dynamic-vpn-address-pool family inet dhcp-attributes domain-name FFFF.com
set access address-assignment pool dynamic-vpn-address-pool family inet xauth-attributes primary-dns 192.168.2.2/32
set access address-assignment pool guestwifi family inet network 192.168.200.0/24
set access address-assignment pool guestwifi family inet range guest-range low 192.168.200.100
set access address-assignment pool guestwifi family inet range guest-range high 192.168.200.199
set access address-assignment pool guestwifi family inet dhcp-attributes domain-name FFFF.com
set access address-assignment pool guestwifi family inet dhcp-attributes name-server 8.8.8.8
set access address-assignment pool guestwifi family inet dhcp-attributes router 192.168.200.1
set access address-assignment pool guestwifi family inet dhcp-attributes propagate-settings irb.200
set access address-assignment pool guestwifi family inet dhcp-attributes option 3 ip-address 192.168.200.1
set access firewall-authentication web-authentication default-profile dynamic-vpn-access-profile
set applications application TCP-2001 protocol tcp
set applications application TCP-2001 destination-port 2001
set vlans vlan-Guest description "Guest Wireless VLAN200"
set vlans vlan-Guest vlan-id 200
set vlans vlan-Guest l3-interface irb.200
set vlans vlan-iscsi vlan-id 5
set vlans vlan-iscsi l3-interface irb.5
set vlans vlan-mgmt vlan-id 6
set vlans vlan-mgmt l3-interface irb.6
set vlans vlan-servers vlan-id 2
set vlans vlan-servers l3-interface irb.2
set vlans vlan-trust vlan-id 3
set vlans vlan-trust l3-interface irb.0
set vlans vlan-worstations vlan-id 4
set vlans vlan-worstations l3-interface irb.4

[edit]
nladmin@FFFF-300#