unset key protection enable set clock ntp set clock timezone -6 set clock dst recurring start-weekday 2 0 3 02:00 end-weekday 1 0 11 02:00 set vrouter trust-vr sharable set vrouter "untrust-vr" exit set vrouter "trust-vr" unset auto-route-export exit set service "ECARE" protocol tcp src-port 0-65535 dst-port 1527-1527 set service "CITRIX" protocol tcp src-port 0-65535 dst-port 1494-1494 set service "CITRIX" + tcp src-port 0-65535 dst-port 1604-1604 set service "ETI TRADING" protocol tcp src-port 0-65535 dst-port 8038-8038 set service "NORTHSTAR" protocol tcp src-port 0-65535 dst-port 28001-28001 set service "NORTHSTAR" + tcp src-port 0-65535 dst-port 58001-58001 set service "NORTHSTAR" timeout never set service "NAVILINE" protocol tcp src-port 0-65535 dst-port 2100-2100 set service "COMMVAULT" protocol tcp src-port 0-65535 dst-port 8400-8401 set service "COMMVAULT" + tcp src-port 0-65535 dst-port 8600-8620 set service "COMMVAULT" timeout never set service "FleetNet" protocol tcp src-port 0-65535 dst-port 9402-9402 set service "TAVIS" protocol tcp src-port 0-65535 dst-port 80-80 set service "TAVIS" + tcp src-port 0-65535 dst-port 443-443 set service "TAVIS" + tcp src-port 0-65535 dst-port 402-402 set service "sympro" protocol tcp src-port 0-65535 dst-port 60001-60001 set service "WSUS" protocol tcp src-port 0-65535 dst-port 8530-8530 set service "HTTP-EXT2" protocol tcp src-port 0-65535 dst-port 8080-8080 set service "CHARIOT" protocol tcp src-port 0-65535 dst-port 10115-10115 timeout never set service "RDP" protocol tcp src-port 0-65535 dst-port 3389-3389 timeout never set service "BES-web" protocol tcp src-port 0-65535 dst-port 8443-8443 set service "IDS-SSL-VPN" protocol tcp src-port 0-65535 dst-port 5011-5011 set service "Telog" protocol tcp src-port 0-65535 dst-port 4020-4020 set service "ECARE631" protocol tcp src-port 0-65535 dst-port 1529-1529 set service "Itron FDM" protocol tcp src-port 0-65535 dst-port 8731-8731 set alg appleichat enable unset alg appleichat re-assembly enable set alg sctp enable set auth-server "Local" id 0 set auth-server "Local" server-name "Local" set auth-server "Local" timeout 0 set auth-server "nbu" id 1 set auth-server "nbu" server-name "192.168.200.4" set auth-server "nbu" account-type auth l2tp xauth set auth-server "nbu" timeout 0 set auth-server "nbu" radius secret "[redacted]" set auth-server "nbu" radius timeout 60 set auth-server "nbu" radius retries 10 set auth-server "nbu2" id 2 set auth-server "nbu2" server-name "192.168.200.4" set auth-server "nbu2" account-type admin set auth-server "nbu2" timeout 0 set auth-server "nbu2" radius secret "[redacted]" set auth-server "Tesla" id 3 set auth-server "Tesla" server-name "192.168.200.42" set auth-server "Tesla" account-type auth l2tp xauth set auth-server "Tesla" fail-over revert-interval 90 set auth-server "Tesla" radius secret "[redacted]" set auth default auth server "Local" set auth radius accounting port 1646 set admin name "root" set admin password "nFXsL5rkDc4GcziCEstGx6CtOZKHEn" set admin port 8080 set admin http redirect set admin mail alert set admin mail server-name "proteus.MyDomain.com" set admin mail mail-addr2 "kknettel@MyDomain.com" set admin mail traffic-log set admin auth web timeout 0 set admin auth dial-in timeout 3 set admin auth server "nbu2" set admin privilege read-write set admin format dos set zone "Trust" vrouter "trust-vr" set zone "Untrust" vrouter "trust-vr" set zone "DMZ" vrouter "trust-vr" set zone "VLAN" vrouter "trust-vr" set zone id 100 "Electric" set zone id 101 "Water/WW" set zone "Untrust-Tun" vrouter "trust-vr" set zone "Trust" tcp-rst set zone "Untrust" block unset zone "Untrust" tcp-rst set zone "MGT" block unset zone "V1-Trust" tcp-rst unset zone "V1-Untrust" tcp-rst set zone "DMZ" tcp-rst unset zone "V1-DMZ" tcp-rst unset zone "VLAN" tcp-rst set zone "Electric" tcp-rst set zone "Water/WW" tcp-rst set zone "Untrust" screen tear-drop set zone "Untrust" screen syn-flood set zone "Untrust" screen ping-death set zone "Untrust" screen ip-filter-src set zone "Untrust" screen land set zone "V1-Untrust" screen tear-drop set zone "V1-Untrust" screen syn-flood set zone "V1-Untrust" screen ping-death set zone "V1-Untrust" screen ip-filter-src set zone "V1-Untrust" screen land set zone "DMZ" screen tear-drop set interface ethernet0/6 phy full 100mb set interface "ethernet0/0" zone "Untrust" set interface "ethernet0/1" zone "DMZ" set interface "ethernet0/5" zone "Electric" set interface "bgroup0" zone "Trust" set interface "bgroup1" zone "Water/WW" set interface "tunnel.1" zone "Untrust" set interface bgroup0 port ethernet0/2 set interface bgroup0 port ethernet0/3 set interface bgroup1 port ethernet0/4 set interface bgroup1 port ethernet0/6 unset interface vlan1 ip set interface ethernet0/0 ip 1.2.3.141/28 set interface ethernet0/0 route set interface ethernet0/1 ip 1.2.3.158/28 set interface ethernet0/1 route set interface ethernet0/5 ip 10.1.1.7/24 set interface ethernet0/5 route set interface bgroup0 ip 192.168.200.7/16 set interface bgroup0 route set interface bgroup1 ip 10.2.2.7/23 set interface bgroup1 route set interface tunnel.1 ip unnumbered interface ethernet0/0 set interface ethernet0/0 gateway 1.2.3.129 set interface "ethernet0/1" pmtu ipv4 set interface "ethernet0/5" pmtu ipv4 set interface "bgroup0" pmtu ipv4 set interface "bgroup1" pmtu ipv4 unset interface vlan1 bypass-others-ipsec unset interface vlan1 bypass-non-ip unset interface ethernet0/0 ip manageable unset interface ethernet0/1 ip manageable unset interface ethernet0/5 ip manageable set interface bgroup0 ip manageable set interface bgroup1 ip manageable set interface ethernet0/0 manage ident-reset set interface ethernet0/1 manage ssh set interface ethernet0/1 manage telnet set interface ethernet0/1 manage ssl set interface ethernet0/5 manage ping set interface ethernet0/5 manage ssh set interface ethernet0/5 manage telnet set interface ethernet0/5 manage snmp set interface ethernet0/5 manage ssl set interface bgroup1 manage ping set interface bgroup1 manage ssh set interface bgroup1 manage telnet set interface bgroup1 manage snmp set interface bgroup1 manage ssl set interface bgroup1 manage web set interface ethernet0/0 monitor track-ip ip unset interface ethernet0/0 monitor track-ip dynamic set auth-server "nbu" src-interface "bgroup0" set auth-server "Tesla" src-interface "bgroup0" set interface "ethernet0/0" mip 1.2.3.141 host 192.168.200.7 netmask 255.255.255.255 vr "trust-vr" set interface "ethernet0/0" mip 1.2.3.138 host 192.168.200.55 netmask 255.255.255.255 vr "trust-vr" set interface "ethernet0/0" mip 1.2.3.139 host 192.168.16.5 netmask 255.255.255.255 vr "trust-vr" set interface "ethernet0/0" mip 1.2.3.137 host 192.168.155.6 netmask 255.255.255.255 vr "trust-vr" set interface "ethernet0/0" mip 1.2.3.136 host 192.168.200.3 netmask 255.255.255.255 vr "trust-vr" set interface "ethernet0/0" mip 1.2.3.135 host 192.168.155.8 netmask 255.255.255.255 vr "trust-vr" set interface "ethernet0/0" mip 1.2.3.134 host 192.168.200.5 netmask 255.255.255.255 vr "trust-vr" set interface "serial0/0" modem settings "USR" init "AT&F" set interface "serial0/0" modem settings "USR" active set interface "serial0/0" modem speed 115200 set interface "serial0/0" modem retry 3 set interface "serial0/0" modem interval 10 set interface "serial0/0" modem idle-time 10 set flow tcp-mss unset flow no-tcp-seq-check set flow tcp-syn-check unset flow tcp-syn-bit-check set flow reverse-route clear-text prefer set flow reverse-route tunnel always set domain MyDomain.com set hostname nbu-fwl2 set pki authority default scep mode "auto" set pki x509 default cert-path partial set pki x509 dn country-name "US" set pki x509 dn state-name "TX" set pki x509 dn local-name "Our City" set pki x509 dn org-name "Our Organization" set pki x509 dn org-unit-name "Information Technology" set pki x509 dn name "nbu-fwl1.MyDomain.com" set pki x509 dn email "helpdesk@MyDomain.com" set pki x509 dn ip 192.168.200.7 set dns host dns1 192.168.200.15 src-interface bgroup0 set dns host dns2 192.168.200.42 src-interface bgroup0 set dns host dns3 192.168.200.9 src-interface bgroup0 set dns host schedule 06:28 set address "Trust" "192.168.16.1/24" 192.168.16.1 255.255.255.0 set address "Trust" "192.168.16.50/32" 192.168.16.50 255.255.255.255 set address "Trust" "192.168.20.128/32" 192.168.20.128 255.255.255.255 set address "Trust" "ampere" 192.168.200.37 255.255.255.255 set address "Trust" "andrew martinez" 192.168.16.121 255.255.255.255 set address "Trust" "andrew schwartz" 192.168.16.125 255.255.255.255 set address "Trust" "CCU (temp)" 192.168.16.56 255.255.255.255 set address "Trust" "commserv" 192.168.200.45 255.255.255.255 set address "Trust" "compellent1" 192.168.36.20 255.255.255.255 set address "Trust" "compellent2" 192.168.36.19 255.255.255.255 set address "Trust" "compellent3" 192.168.36.18 255.255.255.255 set address "Trust" "Coulomb (NAS)" 192.168.200.58 255.255.255.255 "Celeros NAS device" set address "Trust" "dewey" 192.168.200.15 255.255.255.255 set address "Trust" "franklin" 192.168.155.7 255.255.255.255 set address "Trust" "grant glass" 192.168.16.124 255.255.255.255 set address "Trust" "harris" 192.168.200.5 255.255.255.255 set address "Trust" "helpdesk" 192.168.200.2 255.255.255.255 set address "Trust" "hte" 192.168.200.201 255.255.255.255 set address "Trust" "intranet" intranet.MyDomain.com set address "Trust" "kelvin" 192.168.155.6 255.255.255.255 set address "Trust" "maxwell" 192.168.200.33 255.255.255.255 set address "Trust" "michael finn" 192.168.16.122 255.255.255.255 set address "Trust" "milsoft" 192.168.200.16 255.255.255.255 set address "Trust" "mssql" 192.168.200.14 255.255.255.255 set address "Trust" "musivr-newbr" 192.168.200.18 255.255.255.255 "Porch" set address "Trust" "mysql" 192.168.200.21 255.255.255.255 set address "Trust" "naviline" 192.168.200.13 255.255.255.255 set address "Trust" "nbrauns1" 192.168.200.177 255.255.255.255 set address "Trust" "nbuesx1" 192.168.40.3 255.255.255.255 set address "Trust" "nbuesx2" 192.168.40.4 255.255.255.255 set address "Trust" "nbuesx3" 192.168.40.5 255.255.255.255 set address "Trust" "nbus1" 192.168.200.153 255.255.255.255 set address "Trust" "nbuvcenter" 192.168.200.126 255.255.255.255 set address "Trust" "northstar" 192.168.200.27 255.255.255.255 set address "Trust" "ohm" 192.168.200.121 255.255.255.255 set address "Trust" "old-tesla" 192.168.200.4 255.255.255.255 set address "Trust" "onbase" 192.168.200.8 255.255.255.255 set address "Trust" "polaris" 192.168.200.50 255.255.255.255 "Harris Northstar 6.3.1" set address "Trust" "porche2k-newbr" 192.168.200.233 255.255.255.255 set address "Trust" "proteus" 192.168.200.3 255.255.255.255 set address "Trust" "quigley" 192.168.200.167 255.255.255.255 set address "Trust" "SAN subnet" 192.168.36.1 255.255.255.0 set address "Trust" "sandbox" sandbox.MyDomain.com "IT Linux testing platform" set address "Trust" "security" security.MyDomain.com set address "Trust" "sentinel" 192.168.16.50 255.255.255.255 "ManageEngine Server" set address "Trust" "Server_subnet" 192.168.200.1 255.255.255.0 set address "Trust" "spectrat50" 192.168.200.134 255.255.255.255 set address "Trust" "Steven Merz" 192.168.20.110 255.255.255.255 set address "Trust" "taskesrv" 192.168.200.40 255.255.255.255 set address "Trust" "tesla" 192.168.200.42 255.255.255.255 set address "Trust" "volta" 192.168.155.5 255.255.255.255 set address "Trust" "VPN Users" 192.168.203.0 255.255.255.0 set address "Trust" "watt" 192.168.200.9 255.255.255.255 set address "Trust" "WinPETest" 192.168.200.25 255.255.255.255 set address "Trust" "worms" 192.168.200.163 255.255.255.255 set address "Untrust" "168.75.203.234/32" 168.75.203.234 255.255.255.255 set address "Untrust" "209.163.151.182/32" 209.163.151.182 255.255.255.255 set address "Untrust" "216.191.142.197/32" 216.191.142.197 255.255.255.255 set address "Untrust" "64.143.96.169/32" 64.143.96.169 255.255.255.255 set address "Untrust" "74.52.118.58/32" 74.52.118.58 255.255.255.255 set address "Untrust" "Aegisys1" 172.16.80.0 255.255.255.0 set address "Untrust" "Aegisys2" 172.16.91.0 255.255.255.0 set address "Untrust" "Aegisys3" 172.16.50.50 255.255.255.255 set address "Untrust" "China221_12" 221.12.0.0 255.255.0.0 set address "Untrust" "China221_192" 221.192.0.0 255.255.0.0 set address "Untrust" "China58_53" 58.53.0.0 255.255.0.0 set address "Untrust" "China61_183" 61.183.0.0 255.255.0.0 set address "Untrust" "Compellent_Inc" 76.164.8.141 255.255.255.255 set address "Untrust" "fdm.itron-hosting.com" fdm.itron-hosting.com "Itron Dield Device Management" set address "Untrust" "Firewall" 1.2.3.141 255.255.255.255 set address "Untrust" "Frost VPN" 209.184.178.187 255.255.255.255 set address "Untrust" "Halogen" 1.2.3.140 255.255.255.255 set address "Untrust" "Harris VPN" 209.29.10.182 255.255.255.255 set address "Untrust" "Helpdesk" 1.2.3.133 255.255.255.255 set address "Untrust" "Icommm.net" services20.icommm.net "Trino Pedraza" set address "Untrust" "Navman Wireless" 64.106.209.162 255.255.255.255 set address "Untrust" "ndaw" 216.191.142.194 255.255.255.255 "ndimension per Andrew Wright" set address "Untrust" "ndcs" 10.161.48.0 255.255.255.0 "ndimension Customer Segment" set address "Untrust" "ndhd" 10.161.226.0 255.255.255.0 "ndimension HD Supply" set address "Untrust" "ndimension" 216.191.142.197 255.255.255.255 set address "Untrust" "ndtes" 10.161.54.0 255.255.255.0 "ndimension Tech Emergency Seg" set address "Untrust" "ndts" 10.161.50.0 255.255.255.0 "ndimension tech segment" set address "Untrust" "southamerica200_45" 200.45.0.0 255.255.0.0 set address "Untrust" "Taiwan203_123" 203.123.0.0 255.255.0.0 set address "Untrust" "Taiwan60_198" 60.198.0.0 255.255.0.0 set address "Untrust" "Telvent VPN" 63.253.242.130 255.255.255.255 set address "DMZ" "1.2.3.158/32" 1.2.3.158 255.255.255.255 set address "DMZ" "ecare" 1.2.3.152 255.255.255.255 set address "DMZ" "IDS" 1.2.3.157 255.255.255.255 set address "DMZ" "proxy_1" 1.2.3.146 255.255.255.255 set address "DMZ" "proxy_2" 1.2.3.149 255.255.255.255 set address "Electric" "10.1.1.1/24" 10.1.1.1 255.255.255.0 set address "Electric" "10.1.1.88/32" 10.1.1.88 255.255.255.255 set group address "Trust" "compellent" set group address "Trust" "compellent" add "compellent1" set group address "Trust" "compellent" add "compellent2" set group address "Trust" "compellent" add "compellent3" set group address "Trust" "compellent" add "SAN subnet" set group address "Trust" "it users" set group address "Trust" "it users" add "michael finn" set group address "Trust" "trusted servers" set group address "Trust" "trusted servers" add "ampere" set group address "Trust" "trusted servers" add "commserv" set group address "Trust" "trusted servers" add "dewey" set group address "Trust" "trusted servers" add "franklin" set group address "Trust" "trusted servers" add "harris" set group address "Trust" "trusted servers" add "helpdesk" set group address "Trust" "trusted servers" add "hte" set group address "Trust" "trusted servers" add "intranet" set group address "Trust" "trusted servers" add "kelvin" set group address "Trust" "trusted servers" add "maxwell" set group address "Trust" "trusted servers" add "milsoft" set group address "Trust" "trusted servers" add "mssql" set group address "Trust" "trusted servers" add "musivr-newbr" set group address "Trust" "trusted servers" add "mysql" set group address "Trust" "trusted servers" add "naviline" set group address "Trust" "trusted servers" add "nbuesx1" set group address "Trust" "trusted servers" add "nbuesx2" set group address "Trust" "trusted servers" add "nbuesx3" set group address "Trust" "trusted servers" add "nbus1" set group address "Trust" "trusted servers" add "nbuvcenter" set group address "Trust" "trusted servers" add "ohm" set group address "Trust" "trusted servers" add "old-tesla" set group address "Trust" "trusted servers" add "onbase" set group address "Trust" "trusted servers" add "porche2k-newbr" set group address "Trust" "trusted servers" add "proteus" set group address "Trust" "trusted servers" add "sandbox" set group address "Trust" "trusted servers" add "sentinel" set group address "Trust" "trusted servers" add "taskesrv" set group address "Trust" "trusted servers" add "tesla" set group address "Trust" "trusted servers" add "volta" set group address "Trust" "trusted servers" add "watt" set group address "Trust" "trusted servers" add "worms" set group address "Trust" "trusted servers 2" comment "reached limit of 32 in 1st list" set group address "Trust" "trusted servers 2" add "Coulomb (NAS)" set group address "Trust" "trusted servers 2" add "polaris" set group address "Untrust" "ChinaGroup" set group address "Untrust" "ChinaGroup" add "China221_12" set group address "Untrust" "ChinaGroup" add "China221_192" set group address "Untrust" "ChinaGroup" add "China58_53" set group address "Untrust" "ChinaGroup" add "China61_183" set group address "Untrust" "ndgroup" comment "ndimension group" set group address "Untrust" "ndgroup" add "ndaw" set group address "Untrust" "ndgroup" add "ndcs" set group address "Untrust" "ndgroup" add "ndhd" set group address "Untrust" "ndgroup" add "ndimension" set group address "Untrust" "ndgroup" add "ndtes" set group address "Untrust" "ndgroup" add "ndts" set group address "Untrust" "southamericangroup" set group address "Untrust" "southamericangroup" add "southamerica200_45" set group address "Untrust" "TaiwanGroup" set group address "Untrust" "TaiwanGroup" add "Taiwan203_123" set group address "Untrust" "TaiwanGroup" add "Taiwan60_198" set group address "DMZ" "proxy" set group address "DMZ" "proxy" add "proxy_1" set group address "DMZ" "proxy" add "proxy_2" set ippool "our_vpn_pool" 192.168.203.1 192.168.203.254 set user "kknetteljup" uid 3 set user "kknetteljup" ike-id fqdn "kknetteladm" share-limit 1 set user "kknetteljup" type ike l2tp set user "kknetteljup" password "sqh0UraPNv1SVLskvmC+efioq2ngOy059w==" unset user "kknetteljup" type auth set user "kknetteljup" "enable" set user-group "firewall_admins" id 3 set user-group "firewall_admins" location external set user-group "firewall_admins" type auth set user-group "test" id 4 set user-group "vpn_users" id 1 set user-group "vpn_users" location external set user-group "vpn_users" type auth l2tp xauth set crypto-policy exit set ike gateway "Aegisys" address 216.223.125.15 id "216.223.125.15" Main local-id "1.2.3.141" outgoing-interface "ethernet0/0" preshare "[redacted]" proposal "pre-g2-3des-sha" set ike gateway "Aegisys" cert peer-ca-hash 0E9290B27AA8BAF65D3C9229AFE8F31DB953B2DA set ike respond-bad-spi 1 set ike ikev2 ike-sa-soft-lifetime 60 unset ike ikeid-enumeration unset ike dos-protection unset ipsec access-session enable set ipsec access-session maximum 5000 set ipsec access-session upper-threshold 0 set ipsec access-session lower-threshold 0 set ipsec access-session dead-p2-sa-timeout 0 unset ipsec access-session log-error unset ipsec access-session info-exch-connected unset ipsec access-session use-error-log set xauth lifetime 60 set xauth default ippool "our_vpn_pool" set xauth default dns1 192.168.200.15 set xauth default dns2 192.168.200.42 set xauth default wins1 192.168.200.153 set xauth default auth server "nbu" chap set xauth default accounting server "nbu" set vpn "Aegisys" gateway "Aegisys" no-replay tunnel idletime 0 proposal "nopfs-esp-3des-sha" set vpn "Aegisys" monitor set l2tp default auth server "Tesla" set l2tp default accounting server "Tesla" set l2tp default dns1 192.168.200.15 set l2tp default dns2 192.168.200.42 set l2tp default ippool "our_vpn_pool" set l2tp default ppp-auth chap set l2tp "l2tp" id 1 outgoing-interface ethernet0/0 keepalive 30 set l2tp "l2tp" remote-setting ippool "our_vpn_pool" set arp nat-dst set traffic-shaping mode off set di service ICMP flood_packets 2500 set url protocol websense exit set policy id 114 name "AttackFromSouthAmerica" from "Untrust" to "Trust" "southamericangroup" "Any" "ANY" deny set policy id 114 exit set policy id 107 name "Attack From Taiwan" from "Untrust" to "Trust" "TaiwanGroup" "Any" "ANY" deny set policy id 107 exit set policy id 108 name "AttackfromChina" from "Untrust" to "Trust" "ChinaGroup" "Any" "ANY" deny set policy id 108 exit set policy id 3 from "Untrust" to "Trust" "Dial-Up VPN" "Any" "ANY" tunnel l2tp "l2tp" log set policy id 3 exit set policy id 110 name "ChinaOutgoingblock" from "Trust" to "Untrust" "Any" "ChinaGroup" "ANY" deny set policy id 110 exit set policy id 38 from "Trust" to "Untrust" "Server_subnet" "Any" "ANY" nat src permit traffic gbw 1000 priority 1 mbw 10000 set policy id 38 set src-address "spectrat50" set src-address "VPN Users" set src-address "WinPETest" set src-address "trusted servers" set src-address "trusted servers 2" exit set policy id 89 name "Allow Compellent SAN Out" from "Trust" to "Untrust" "compellent" "Any" "ANY" nat src permit set policy id 89 exit set policy id 43 from "Trust" to "Untrust" "Any" "Any" "CITRIX" nat src permit log set policy id 43 set service "ETI TRADING" set service "FTP" set service "PING" exit set policy id 115 name "AttackFromSouthAmericaviaDMZ" from "Untrust" to "DMZ" "southamericangroup" "ecare" "ANY" deny set policy id 115 set dst-address "proxy" exit set policy id 112 from "Untrust" to "DMZ" "TaiwanGroup" "ecare" "ANY" deny set policy id 112 set dst-address "proxy" exit set policy id 111 from "Untrust" to "DMZ" "ChinaGroup" "ecare" "ANY" deny set policy id 111 set dst-address "proxy" exit set policy id 45 from "Untrust" to "DMZ" "Any" "proxy" "HTTP" permit log set policy id 45 set service "PING" set service "SMTP" exit set policy id 46 from "DMZ" to "Trust" "proxy" "helpdesk" "SMTP" permit set policy id 46 set dst-address "nbus1" set dst-address "proteus" exit set policy id 47 from "DMZ" to "Trust" "ecare" "harris" "ECARE" permit log set policy id 47 set log session-init exit set policy id 49 from "DMZ" to "Trust" "ecare" "old-tesla" "DNS" permit set policy id 49 set src-address "proxy" set dst-address "watt" set service "NTP" exit set policy id 53 from "Untrust" to "DMZ" "Any" "ecare" "HTTP" permit log set policy id 53 set service "HTTPS" set service "PING" set service "SSH" exit set policy id 57 from "DMZ" to "Untrust" "proxy" "Any" "ANY" permit set policy id 57 exit set policy id 58 from "Trust" to "DMZ" "Any" "ecare" "ANY" permit set policy id 58 set dst-address "proxy" exit set policy id 62 from "DMZ" to "Trust" "proxy" "harris" "NORTHSTAR" permit set policy id 62 set dst-address "maxwell" set dst-address "northstar" exit set policy id 63 from "DMZ" to "Trust" "proxy" "naviline" "NAVILINE" permit set policy id 63 exit set policy id 65 from "DMZ" to "Trust" "proxy" "Any" "HTTP" permit set policy id 65 set service "HTTP-EXT" set service "HTTPS" exit set policy id 66 from "DMZ" to "Untrust" "ecare" "Any" "ANY" permit log set policy id 66 exit set policy id 67 from "DMZ" to "Trust" "proxy" "security" "ANY" permit set policy id 67 exit set policy id 70 from "Untrust" to "DMZ" "Dial-Up VPN" "Any" "ANY" tunnel l2tp "l2tp" set policy id 70 exit set policy id 72 from "DMZ" to "Trust" "ecare" "andrew martinez" "DNS" permit log set policy id 72 set dst-address "dewey" set dst-address "ohm" set dst-address "old-tesla" set dst-address "watt" set service "ICMP-ANY" set service "NNTP" set service "NTP" set service "PING" set service "SMB" set log session-init exit set policy id 73 from "Trust" to "Untrust" "Any" "Firewall" "ANY" nat src permit set policy id 73 exit set policy id 75 from "Trust" to "Untrust" "Any" "Any" "FleetNet" nat src permit log set policy id 75 set log session-init exit set policy id 76 from "DMZ" to "Trust" "proxy" "ampere" "ANY" permit log set policy id 76 set dst-address "commserv" set dst-address "ohm" set log session-init exit set policy id 77 name "TAVIS" from "Trust" to "Untrust" "192.168.20.128/32" "Any" "TAVIS" nat src permit set policy id 77 exit set policy id 78 from "Trust" to "Untrust" "Any" "Any" "sympro" nat src permit set policy id 78 exit set policy id 79 from "Untrust" to "Trust" "Any" "MIP(1.2.3.138)" "FTP" permit set policy id 79 exit set policy id 80 name "WSUS policy" from "DMZ" to "Trust" "proxy" "watt" "WSUS" permit set policy id 80 exit set policy id 81 name "Dataprose" from "Trust" to "Untrust" "Any" "168.75.203.234/32" "ANY" nat src permit set policy id 81 exit set policy id 82 name "UsageNow" from "DMZ" to "Trust" "ecare" "volta" "MS-SQL" permit set policy id 82 exit set policy id 84 from "Untrust" to "Untrust" "Any" "Halogen" "HTTP" nat dst ip 192.168.200.19 permit set policy id 84 set service "HTTP-EXT" exit set policy id 86 from "Trust" to "Untrust" "Any" "Dial-Up VPN" "ANY" nat src tunnel l2tp "l2tp" log set policy id 86 exit set policy id 88 from "Untrust" to "Trust" "Any" "MIP(1.2.3.139)" "ANY" permit log set policy id 88 disable set policy id 88 set log session-init exit set policy id 90 from "Untrust" to "Trust" "Any" "MIP(1.2.3.137)" "HTTP" permit log set policy id 90 set service "HTTPS" set service "PING" exit set policy id 91 from "Trust" to "Untrust" "Any" "MIP(1.2.3.137)" "ANY" nat src permit log set policy id 91 set log session-init exit set policy id 93 name "IT Remote Desktop" from "Trust" to "Untrust" "it users" "Any" "RDP" nat src permit set policy id 93 exit set policy id 94 name "Network Time Protocol" from "Trust" to "Untrust" "Any" "74.52.118.58/32" "NTP" nat src permit set policy id 94 exit set policy id 95 name "OWA" from "Untrust" to "Trust" "Any" "MIP(1.2.3.136)" "BES-web" permit set policy id 95 set service "HTTP" set service "HTTPS" exit set policy id 96 name "Sparky OWA" from "Untrust" to "Trust" "Any" "MIP(1.2.3.141)" "HTTP" permit set policy id 96 disable set policy id 96 set service "HTTPS" exit set policy id 97 name "DDI" from "Trust" to "Untrust" "192.168.16.50/32" "209.163.151.182/32" "SSH" nat src permit set policy id 97 exit set policy id 98 name "Aegisys" from "Trust" to "Untrust" "harris" "Aegisys3" "ANY" tunnel vpn "Aegisys" id 0x1 pair-policy 99 set policy id 98 disable set policy id 98 exit set policy id 99 name "Aegisys" from "Untrust" to "Trust" "Aegisys3" "harris" "ANY" tunnel vpn "Aegisys" id 0x1 pair-policy 98 set policy id 99 disable set policy id 99 exit set policy id 100 name "LDAP lookup" from "DMZ" to "Trust" "proxy" "dewey" "LDAP" permit set policy id 100 set dst-address "old-tesla" set dst-address "watt" exit set policy id 101 name "OnlineAVL 2" from "Trust" to "Untrust" "Any" "Navman Wireless" "HTTP" nat src permit set policy id 101 set service "HTTPS" exit set policy id 102 name "VPN to Harris" from "Trust" to "Untrust" "Any" "168.75.203.234/32" "ANY" permit set policy id 102 exit set policy id 103 name "Harris VPN" from "Trust" to "Untrust" "Any" "Harris VPN" "ANY" nat src permit set policy id 103 set dst-address "Telvent VPN" exit set policy id 104 name "IDS" from "Untrust" to "DMZ" "ndgroup" "IDS" "HTTPS" permit set policy id 104 set service "IDS-SSL-VPN" set service "SSH" exit set policy id 105 name "IDS" from "DMZ" to "Untrust" "IDS" "Any" "ANY" permit set policy id 105 exit set policy id 106 name "Icommm.net" from "Trust" to "Untrust" "Any" "Icommm.net" "ANY" nat src permit set policy id 106 exit set policy id 113 name "Telog" from "Untrust" to "Trust" "Any" "MIP(1.2.3.135)" "HTTP" permit log set policy id 113 set service "Telog" exit set policy id 116 name "SNMP" from "DMZ" to "Trust" "Any" "sentinel" "SNMP" permit log set policy id 116 exit set policy id 117 name "proxyTest" from "DMZ" to "Trust" "proxy" "Any" "ANY" permit log set policy id 117 exit set policy id 118 name "Harris SSH" from "Untrust" to "Trust" "Any" "MIP(1.2.3.134)" "SSH" permit log set policy id 118 disable set policy id 118 exit set policy id 119 from "DMZ" to "Trust" "ecare" "polaris" "ECARE631" permit log set policy id 119 set log session-init exit set policy id 120 name "All access" from "Trust" to "Electric" "Any" "Any" "ANY" permit log set policy id 120 exit set policy id 121 name "All access" from "Trust" to "Water/WW" "Any" "Any" "ANY" permit log set policy id 121 exit set policy id 122 name "All access" from "Electric" to "Trust" "Any" "Any" "ANY" permit log set policy id 122 exit set policy id 123 name "All access" from "Water/WW" to "Trust" "Any" "Any" "ANY" permit log set policy id 123 exit set policy id 124 name "All access" from "Electric" to "Water/WW" "Any" "Any" "ANY" permit log set policy id 124 exit set policy id 125 name "Electric Internet access" from "Electric" to "DMZ" "Any" "proxy" "ANY" permit set policy id 125 exit set policy id 126 name "proxy" from "DMZ" to "Electric" "proxy" "Any" "ANY" permit set policy id 126 exit set policy id 127 name "VPN to Water" from "Untrust" to "Water/WW" "Dial-Up VPN" "Any" "ANY" tunnel l2tp "l2tp" set policy id 127 exit set policy id 128 name "Helpdesk" from "Untrust" to "Untrust" "Any" "Helpdesk" "HTTP" nat dst ip 192.168.200.2 permit log set policy id 128 set service "HTTP-EXT" exit set policy id 129 name "Itron FDM" from "Trust" to "Untrust" "Any" "fdm.itron-hosting.com" "Itron FDM" nat src permit set policy id 129 exit set nsmgmt bulkcli reboot-timeout 60 set ssh version v2 set ssh enable set config lock timeout 5 unset license-key auto-update set telnet client enable set ntp server "192.168.200.15" set ntp server src-interface "bgroup0" set ntp server backup1 "192.168.200.42" set ntp server backup1 src-interface "bgroup0" set ntp server backup2 "0.0.0.0" set ntp interval 60 set ntp max-adjustment 5 set snmp community "firewall" Read-Only Trap-on traffic version v1 set snmp community "public" Read-Write Trap-on traffic version v1 set snmp host "public" 192.168.16.121/32 trap v1 set snmp host "firewall" 192.168.16.50/32 src-interface bgroup0 trap v1 set snmp name "nbu-fwl2" set snmp port listen 161 set snmp port trap 162 set snmpv3 local-engine id "0162032007004981" set vrouter "untrust-vr" exit set vrouter "trust-vr" set source-routing enable unset add-default-route exit set vrouter "untrust-vr" exit set vrouter "trust-vr" exit