=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.05.30 17:09:03 =~=~=~=~=~=~=~=~=~=~=~= our_test_firewall (ttyu0)login: root Password: --- JUNOS 11.2R4.3 built 2011-11-24 08:11:51 UTC HHHHHHHHH root@our_test_firewall% cliroot@our_test_firewall> show interfaces all error: device all not found root@our_test_firewall> root@our_test_firewall> show interfaces all       Physical interface: fe-0/0/0, Enabled, Physical link is Down Interface index: 134, SNMP ifIndex: 509 Link-level type: Ethernet, MTU: 1514, Link-mode: Half-duplex, Speed: 10m, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x0 CoS queues : 8 supported, 8 maximum usable queues Current address: 08:81:f4:b9:22:d3, Hardware address: 08:81:f4:b9:22:d3 Last flapped : 2013-05-30 16:53:49 CDT (00:12:47 ago) Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) Active alarms : LINK Active defects : LINK Interface transmit statistics: Disabled Logical interface fe-0/0/0.0 (Index 69) (SNMP ifIndex 510) Flags: Device-Down SNMP-Traps 0x0 Encapsulation: ENET2 Input packets : 0 Output packets: 0 Security: Zone: untrust Allowed host-inbound traffic : bootp bfd bgp dns dvmrp igmp ldp msdp nhrp ospf pgm pim rip router-discovery rsvp sap vrrp dhcp finger ftp tftp ---(more)--- ident-reset http https ike netconf ping reverse-telnet reverse-ssh rlogin rpm rsh snmp snmp-trap ssh telnet traceroute xnm-clear-text xnm-ssl lsping ntp sip r2cp Protocol inet, MTU: 1500 Flags: Sendbcast-pkt-to-re Addresses, Flags: Is-Primary Local: 63.54.121.97 Physical interface: gr-0/0/0, Enabled, Physical link is Up Interface index: 143, SNMP ifIndex: 527 Type: GRE, Link-level type: GRE, MTU: Unlimited, Speed: 800mbps Link flags : Scheduler Keepalives DTE Device flags : Present Running Interface flags: Point-To-Point Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) Physical interface: ip-0/0/0, Enabled, Physical link is Up Interface index: 144, SNMP ifIndex: 528 Type: IPIP, Link-level type: IP-over-IP, MTU: Unlimited, Speed: 800mbps Link flags : Scheduler Keepalives DTE Device flags : Present Running Input rate : 0 bps (0 pps) ---(more 10%)--- Output rate : 0 bps (0 pps) Physical interface: lt-0/0/0, Enabled, Physical link is Up Interface index: 146, SNMP ifIndex: 529 Type: Logical-tunnel, Link-level type: Logical-tunnel, MTU: Unlimited, Speed: 800mbps Device flags : Present Running Interface flags: Point-To-Point SNMP-Traps Link flags : None Physical info : 13 Current address: 08:81:f4:b9:22:d3, Hardware address: 08:81:f4:b9:22:d3 Last flapped : Never Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) Physical interface: mt-0/0/0, Enabled, Physical link is Up Interface index: 145, SNMP ifIndex: 531 Type: Multicast-GRE, Link-level type: GRE, MTU: Unlimited, Speed: 800mbps Link flags : Keepalives DTE Device flags : Present Running Interface flags: SNMP-Traps Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) ---(more 15%)--- Physical interface: sp-0/0/0, Enabled, Physical link is Up Interface index: 142, SNMP ifIndex: 525 Type: Adaptive-Services, Link-level type: Adaptive-Services, MTU: 9192, Speed: 800mbps Device flags : Present Running Interface flags: Point-To-Point SNMP-Traps Internal: 0x0 Link type : Full-Duplex Link flags : None Last flapped : 2013-05-30 16:53:49 CDT (00:12:47 ago) Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) Logical interface sp-0/0/0.0 (Index 77) (SNMP ifIndex 526) Flags: Point-To-Point SNMP-Traps Encapsulation: Adaptive-Services Input packets : 0 Output packets: 0 Security: Zone: Null Protocol inet, MTU: 9192 Flags: Receive-options, Receive-TTL-Exceeded Logical interface sp-0/0/0.16383 (Index 78) (SNMP ifIndex 530) Flags: Point-To-Point SNMP-Traps Encapsulation: Adaptive-Services ---(more 20%)--- Input packets : 0 Output packets: 0 Security: Zone: Null Protocol inet, MTU: 9192 Flags: Is-Primary, Receive-options, Receive-TTL-Exceeded Addresses, Flags: Is-Preferred Is-Primary Destination: 10.0.0.16, Local: 10.0.0.1 Addresses Local: 10.0.0.6 Addresses, Flags: Is-Preferred Destination: 128.0.1.16, Local: 128.0.0.1 Addresses Local: 128.0.0.6 Physical interface: fe-0/0/1, Enabled, Physical link is Up Interface index: 135, SNMP ifIndex: 511 Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 100mbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x0 CoS queues : 8 supported, 8 maximum usable queues Current address: 08:81:f4:b3:77:e1, Hardware address: 08:81:f4:b3:77:e1 ---(more 25%)--- Last flapped : 2013-05-30 17:01:21 CDT (00:05:15 ago) Input rate : 864 bps (1 pps) Output rate : 200 bps (0 pps) Active alarms : None Active defects : None Interface transmit statistics: Disabled Logical interface fe-0/0/1.0 (Index 70) (SNMP ifIndex 512) Flags: SNMP-Traps 0x0 Encapsulation: ENET2 Input packets : 1456 Output packets: 1483 Security: Zone: Null Protocol eth-switch, MTU: 0 Flags: Is-Primary Physical interface: fe-0/0/2, Enabled, Physical link is Down Interface index: 136, SNMP ifIndex: 513 Link-level type: Ethernet, MTU: 1514, Link-mode: Half-duplex, Speed: 10m, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x0 CoS queues : 8 supported, 8 maximum usable queues ---(more 30%)--- Current address: 08:81:f4:b2:44:f2, Hardware address: 08:81:f4:b2:44:f2 Last flapped : 2013-05-30 16:53:49 CDT (00:12:47 ago) Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) Active alarms : LINK Active defects : LINK Interface transmit statistics: Disabled Logical interface fe-0/0/2.0 (Index 73) (SNMP ifIndex 514) Flags: Device-Down SNMP-Traps 0x0 Encapsulation: ENET2 Input packets : 0 Output packets: 0 Security: Zone: Null Protocol eth-switch, MTU: 0 Flags: None Physical interface: fe-0/0/3, Enabled, Physical link is Down Interface index: 137, SNMP ifIndex: 515 Link-level type: Ethernet, MTU: 1514, Link-mode: Half-duplex, Speed: 10m, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x0 ---(more 35%)--- CoS queues : 8 supported, 8 maximum usable queues Current address: 08:81:f4:b7:11:h3, Hardware address: 08:81:f4:b7:11:h3 Last flapped : 2013-05-30 16:53:49 CDT (00:12:47 ago) Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) Active alarms : LINK Active defects : LINK Interface transmit statistics: Disabled Logical interface fe-0/0/3.0 (Index 71) (SNMP ifIndex 516) Flags: Device-Down SNMP-Traps 0x0 Encapsulation: ENET2 Input packets : 0 Output packets: 0 Security: Zone: Null Protocol eth-switch, MTU: 0 Flags: None Physical interface: fe-0/0/4, Enabled, Physical link is Down Interface index: 138, SNMP ifIndex: 517 Link-level type: Ethernet, MTU: 1514, Link-mode: Half-duplex, Speed: 10m, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled Device flags : Present Running Down ---(more 40%)--- Interface flags: Hardware-Down SNMP-Traps Internal: 0x0 CoS queues : 8 supported, 8 maximum usable queues Current address: 08:81:f4:b1:55:g4, Hardware address: 08:81:f4:b1:55:g4 Last flapped : 2013-05-30 16:53:49 CDT (00:12:47 ago) Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) Active alarms : LINK Active defects : LINK Interface transmit statistics: Disabled Logical interface fe-0/0/4.0 (Index 72) (SNMP ifIndex 518) Flags: Device-Down SNMP-Traps 0x0 Encapsulation: ENET2 Input packets : 0 Output packets: 0 Security: Zone: Null Protocol eth-switch, MTU: 0 Flags: None Physical interface: fe-0/0/5, Enabled, Physical link is Down Interface index: 139, SNMP ifIndex: 519 Link-level type: Ethernet, MTU: 1514, Link-mode: Half-duplex, Speed: 10m, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled ---(more 45%)--- Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x0 CoS queues : 8 supported, 8 maximum usable queues Current address: 08:81:f4:b6:88:c5, Hardware address: 08:81:f4:b6:88:c5 Last flapped : 2013-05-30 16:53:49 CDT (00:12:47 ago) Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) Active alarms : LINK Active defects : LINK Interface transmit statistics: Disabled Logical interface fe-0/0/5.0 (Index 75) (SNMP ifIndex 520) Flags: Device-Down SNMP-Traps 0x0 Encapsulation: ENET2 Input packets : 0 Output packets: 0 Security: Zone: Null Protocol eth-switch, MTU: 0 Flags: None Physical interface: fe-0/0/6, Enabled, Physical link is Down Interface index: 140, SNMP ifIndex: 521 Link-level type: Ethernet, MTU: 1514, Link-mode: Half-duplex, Speed: 10m, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, ---(more 50%)--- Source filtering: Disabled, Flow control: Enabled Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x0 CoS queues : 8 supported, 8 maximum usable queues Current address: 08:81:f4:b6:88:c6, Hardware address: 08:81:f4:b6:88:c6 Last flapped : 2013-05-30 16:53:49 CDT (00:12:47 ago) Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) Active alarms : LINK Active defects : LINK Interface transmit statistics: Disabled Logical interface fe-0/0/6.0 (Index 74) (SNMP ifIndex 522) Flags: Device-Down SNMP-Traps 0x0 Encapsulation: ENET2 Input packets : 0 Output packets: 0 Security: Zone: Null Protocol eth-switch, MTU: 0 Flags: None Physical interface: fe-0/0/7, Enabled, Physical link is Down Interface index: 141, SNMP ifIndex: 523 Link-level type: Ethernet, MTU: 1514, Link-mode: Half-duplex, Speed: 10m, ---(more 56%)--- BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x0 CoS queues : 8 supported, 8 maximum usable queues Current address: 08:81:f4:b6:88:c7, Hardware address: 08:81:f4:b6:88:c7 Last flapped : 2013-05-30 16:53:49 CDT (00:12:47 ago) Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) Active alarms : LINK Active defects : LINK Interface transmit statistics: Disabled Logical interface fe-0/0/7.0 (Index 76) (SNMP ifIndex 524) Flags: Device-Down SNMP-Traps 0x0 Encapsulation: ENET2 Input packets : 0 Output packets: 0 Security: Zone: Null Protocol eth-switch, MTU: 0 Flags: None Physical interface: gre, Enabled, Physical link is Up Interface index: 10, SNMP ifIndex: 8 ---(more 61%)--- Type: GRE, Link-level type: GRE, MTU: Unlimited, Speed: Unlimited Link flags : Keepalives DTE Device flags : Present Running Interface flags: Point-To-Point SNMP-Traps Input packets : 0 Output packets: 0 Physical interface: ipip, Enabled, Physical link is Up Interface index: 11, SNMP ifIndex: 9 Type: IPIP, Link-level type: IP-over-IP, MTU: Unlimited, Speed: Unlimited Link flags : Keepalives DTE Device flags : Present Running Interface flags: SNMP-Traps Input packets : 0 Output packets: 0 Physical interface: irb, Enabled, Physical link is Up Interface index: 129, SNMP ifIndex: 503 Type: Ethernet, Link-level type: Ethernet, MTU: 1514 Device flags : Present Running Interface flags: SNMP-Traps Link type : Full-Duplex Link flags : None ---(more 66%)--- Current address: 08:81:f4:b6:89:30, Hardware address: 08:81:f4:b6:89:30 Last flapped : Never Input packets : 0 Output packets: 0 Physical interface: lo0, Enabled, Physical link is Up Interface index: 6, SNMP ifIndex: 6 Type: Loopback, MTU: Unlimited Device flags : Present Running Loopback Interface flags: SNMP-Traps Link flags : None Last flapped : Never Input packets : 62 Output packets: 62 Logical interface lo0.16384 (Index 65) (SNMP ifIndex 21) Flags: SNMP-Traps Encapsulation: Unspecified Input packets : 0 Output packets: 0 Security: Zone: Null Protocol inet, MTU: Unlimited Flags: None Addresses ---(more 71%)--- Local: 127.0.0.1 Logical interface lo0.16385 (Index 66) (SNMP ifIndex 22) Flags: SNMP-Traps Encapsulation: Unspecified Input packets : 62 Output packets: 62 Security: Zone: Null Protocol inet, MTU: Unlimited Flags: None Addresses, Flags: Is-Default Is-Primary Local: 10.0.0.1 Addresses Local: 10.0.0.16 Addresses Local: 128.0.0.1 Addresses Local: 128.0.1.16 Logical interface lo0.32768 (Index 64) (SNMP ifIndex 501) Flags: Encapsulation: Unspecified Input packets : 0 Output packets: 0 Security: Zone: Null ---(more 76%)--- Physical interface: lsi, Enabled, Physical link is Up Interface index: 4, SNMP ifIndex: 4 Type: Software-Pseudo, Link-level type: LSI, MTU: 1496, Speed: Unlimited Device flags : Present Running Link flags : None Last flapped : Never Input packets : 0 Output packets: 0 Physical interface: mtun, Enabled, Physical link is Up Interface index: 64, SNMP ifIndex: 12 Type: Multicast-GRE, Link-level type: GRE, MTU: Unlimited, Speed: Unlimited Link flags : Keepalives DTE Device flags : Present Running Interface flags: SNMP-Traps Input packets : 0 Output packets: 0 Physical interface: pimd, Enabled, Physical link is Up Interface index: 26, SNMP ifIndex: 11 Type: PIMD, Link-level type: PIM-Decapsulator, MTU: Unlimited, Speed: Unlimited ---(more 81%)--- Device flags : Present Running Input packets : 0 Output packets: 0 Physical interface: pime, Enabled, Physical link is Up Interface index: 25, SNMP ifIndex: 10 Type: PIME, Link-level type: PIM-Encapsulator, MTU: Unlimited, Speed: Unlimited Device flags : Present Running Input packets : 0 Output packets: 0 Physical interface: pp0, Enabled, Physical link is Up Interface index: 128, SNMP ifIndex: 502 Type: PPPoE, Link-level type: PPPoE, MTU: 1532 Device flags : Present Running Interface flags: Point-To-Point SNMP-Traps Link type : Full-Duplex Link flags : None Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) Physical interface: ppd0, Enabled, Physical link is Up ---(more 86%)--- Interface index: 131, SNMP ifIndex: 505 Type: PIMD, Link-level type: PIM-Decapsulator, MTU: Unlimited, Speed: 800mbps Device flags : Present Running Interface flags: SNMP-Traps Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) Physical interface: ppe0, Enabled, Physical link is Up Interface index: 132, SNMP ifIndex: 506 Type: PIME, Link-level type: PIM-Encapsulator, MTU: Unlimited, Speed: 800mbps Device flags : Present Running Interface flags: SNMP-Traps Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) Physical interface: st0, Enabled, Physical link is Up Interface index: 130, SNMP ifIndex: 504 Type: Secure-Tunnel, Link-level type: Secure-Tunnel, MTU: 9192 Device flags : Present Running Interface flags: Point-To-Point Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) ---(more 91%)--- Physical interface: tap, Enabled, Physical link is Up Interface index: 12, SNMP ifIndex: 7 Type: Software-Pseudo, Link-level type: Interface-Specific, MTU: Unlimited, Speed: Unlimited Device flags : Present Running Interface flags: SNMP-Traps Link flags : None Last flapped : Never Input packets : 0 Output packets: 0 Physical interface: vlan, Enabled, Physical link is Up Interface index: 133, SNMP ifIndex: 507 Type: VLAN, Link-level type: VLAN, MTU: 1518, Speed: 1000mbps Device flags : Present Running Link type : Full-Duplex Current address: 08:81:f4:b6:88:c8, Hardware address: 08:81:f4:b6:88:c8 Last flapped : 2013-05-30 16:53:43 CDT (00:12:53 ago) Input rate : 992 bps (1 pps) Output rate : 0 bps (0 pps) Logical interface vlan.0 (Index 68) (SNMP ifIndex 508) Flags: SNMP-Traps 0x0 VLAN-Tag [ 0x8100.3 ] Encapsulation: ENET2 ---(more 96%)--- Bandwidth: 0 Input packets : 1267 Output packets: 719 Security: Zone: trust Allowed host-inbound traffic : bootp bfd bgp dns dvmrp igmp ldp msdp nhrp ospf pgm pim rip router-discovery rsvp sap vrrp dhcp finger ftp tftp ident-reset http https ike netconf ping reverse-telnet reverse-ssh rlogin rpm rsh snmp snmp-trap ssh telnet traceroute xnm-clear-text xnm-ssl lsping ntp sip r2cp Protocol inet, MTU: 1500 Flags: Sendbcast-pkt-to-re, Is-Primary Addresses, Flags: Is-Default Is-Preferred Is-Primary Destination: 63.54.121.92/29, Local: 63.54.121.96, Broadcast: 63.54.121.99 r oot@our_test_firewall> show configuration ## Last commit: 2013-05-30 16:37:08 CDT by root version 11.2R4.3; system { host-name our_test_firewall; time-zone America/Chicago; root-authentication { encrypted-password "xxxxxxxxxxxxxxxxxxx"; ## SECRET-DATA } name-server { 204.81.116.2; 64.20.133.50; 208.67.222.222; 208.67.220.220; } services { ssh; telnet; xnm-clear-text; web-management { http { interface [ vlan.0 fe-0/0/0.0 ]; } https { ---(more)--- system-generated-certificate; interface [ vlan.0 fe-0/0/0.0 ]; } } dhcp { router { 192.168.1.1; } propagate-settings fe-0/0/0.0; } } syslog { archive size 100k files 3; user * { any emergency; } file messages { any critical; authorization info; } file interactive-commands { interactive-commands error; } ---(more 18%)--- } max-configurations-on-flash 5; max-configuration-rollbacks 5; license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } } interfaces { fe-0/0/0 { unit 0 { family inet { address 63.54.121.97/32; } } } fe-0/0/1 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } ---(more 27%)--- } } } fe-0/0/2 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } fe-0/0/3 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } fe-0/0/4 { unit 0 { ---(more 37%)--- family ethernet-switching { vlan { members vlan-trust; } } } } fe-0/0/5 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } fe-0/0/6 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } ---(more 46%)--- } } fe-0/0/7 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } vlan { unit 0 { family inet { address 63.54.121.96/29; } } } } routing-options { static { route 0.0.0.0/0 next-hop 63.54.121.93; } ---(more 55%)--- } protocols { stp; } security { screen { ids-option untrust-screen { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; timeout 20; } land; ---(more 64%)--- } } } policies { from-zone trust to-zone untrust { policy trust-to-untrust { match { source-address any; destination-address any; application any; } then { permit; } } policy test2 { match { source-address any-ipv4; destination-address any-ipv4; application any; } then { permit; ---(more 74%)--- } } } from-zone untrust to-zone trust { policy test { match { source-address any; destination-address any; application any; } then { permit; } } } } zones { security-zone trust { host-inbound-traffic { system-services { all; } protocols { ---(more 83%)--- all; } } interfaces { vlan.0 { host-inbound-traffic { system-services { all; } protocols { all; } } } } } security-zone untrust { screen untrust-screen; interfaces { fe-0/0/0.0 { host-inbound-traffic { system-services { dhcp; ---(more 92%)--- tftp; all; } protocols { all; } } } } } } } vlans { vlan-trust { vlan-id 3; l3-interface vlan.0; } }