jcamues@fw02> show configuration ## Last commit: 2015-04-22 13:40:45 COT by jcamues version 12.1X44-D35.5; groups { node0 { system { host-name fw01; } interfaces { fxp0 { unit 0 { family inet { address 172.32.255.1/29; } } } } } node1 { system { host-name fw02; } interfaces { fxp0 { unit 0 { family inet { address 172.32.255.2/29; } } } } } } apply-groups "${node}"; services { ssh; web-management { https { system-generated-certificate; interface [ fxp0.0 reth1.0 reth2.0 ]; } } } syslog { archive size 100k files 3; inactive: user * { any emergency; } file messages { any critical; authorization info; } file interactive-commands { interactive-commands error; } file policy_session { user info; match RT_FLOW; archive size 1000k world-readable; structured-data; } inactive: file WebFilter { any any; match WEBFILTER; archive size 500m files 8 world-readable; } } max-configurations-on-flash 5; max-configuration-rollbacks 5; license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } ntp { server 165.193.126.229 prefer; } } chassis { cluster { reth-count 8; redundancy-group 1 { node 0 priority 100; node 1 priority 1; interface-monitor { ge-0/0/4 weight 255; ge-5/0/4 weight 255; ge-0/0/5 weight 255; ge-5/0/5 weight 255; ge-0/0/6 weight 255; ge-5/0/6 weight 255; ge-0/0/7 weight 255; ge-5/0/7 weight 255; ge-0/0/8 weight 255; ge-5/0/8 weight 255; ge-0/0/9 weight 255; ge-5/0/9 weight 255; ge-0/0/10 weight 255; ge-5/0/10 weight 255; ge-0/0/11 weight 255; ge-5/0/11 weight 255; } } } } interfaces { ge-0/0/4 { gigether-options { redundant-parent reth0; } } ge-0/0/5 { gigether-options { redundant-parent reth1; } } ge-0/0/6 { gigether-options { redundant-parent reth2; } } ge-0/0/7 { gigether-options { redundant-parent reth3; } } ge-0/0/8 { gigether-options { redundant-parent reth4; } } ge-0/0/9 { gigether-options { redundant-parent reth5; } } ge-0/0/10 { gigether-options { redundant-parent reth6; } } ge-0/0/11 { gigether-options { no-auto-negotiation; redundant-parent reth7; } } ge-0/0/12 { description ruta_sol; } ge-5/0/4 { gigether-options { redundant-parent reth0; } } ge-5/0/5 { gigether-options { redundant-parent reth1; } } ge-5/0/6 { gigether-options { redundant-parent reth2; } } ge-5/0/7 { gigether-options { redundant-parent reth3; } } ge-5/0/8 { gigether-options { redundant-parent reth4; } } ge-5/0/9 { gigether-options { redundant-parent reth5; } } ge-5/0/10 { gigether-options { redundant-parent reth6; } } ge-5/0/11 { gigether-options { redundant-parent reth7; } } fab0 { fabric-options { member-interfaces { ge-0/0/2; } } } fab1 { fabric-options { member-interfaces { ge-5/0/2; } } } reth0 { redundant-ether-options { redundancy-group 1; } unit 0 { family inet { address 10.14.2.19/29; } } } reth1 { redundant-ether-options { redundancy-group 1; } unit 0 { family inet { address 10.14.70.99/23; } } } reth2 { redundant-ether-options { redundancy-group 1; } unit 0 { family inet { filter { input PCAP; output PCAP; } address 190.254.14.101/29; } } } reth3 { redundant-ether-options { redundancy-group 1; } unit 0 { description VPN_Dynamic; family inet { address 186.28.228.211/28; } } } reth4 { redundant-ether-options { redundancy-group 1; } unit 0 { family inet { address 10.14.6.20/24; } } } reth5 { redundant-ether-options { redundancy-group 1; } unit 0 { family inet { address 192.168.61.2/24; } } } reth6 { redundant-ether-options { redundancy-group 1; } unit 0 { family inet { address 190.66.21.37/29; } } } reth7 { redundant-ether-options { redundancy-group 1; } unit 0 { family inet { address 10.14.40.2/23; } } } } forwarding-options { packet-capture { file filename caputura_ruta_sol; maximum-capture-size 1500; } } snmp { description Firewall; location "Bogotá"; contact "cperez@rutadelsol.com.co"; community Olimpo { authorization read-only; } health-monitor { interval 50; rising-threshold 80; falling-threshold 20; } } routing-options { static { route 10.14.91.0/29 next-hop 10.14.2.17; route 10.14.41.0/29 next-hop 10.14.2.17; route 10.14.24.0/29 next-hop 10.14.2.17; route 10.14.51.0/28 next-hop 10.14.2.17; route 10.14.62.0/24 next-hop 10.14.2.17; route 10.14.92.0/24 next-hop 10.14.2.17; route 10.14.94.0/24 next-hop 10.14.2.17; route 10.14.78.0/24 next-hop 10.14.2.17; route 10.14.90.0/24 next-hop 10.14.2.17; route 10.14.98.0/23 next-hop 10.14.2.17; route 10.14.20.0/23 next-hop 10.14.2.17; route 10.14.50.0/23 next-hop 10.14.2.17; route 10.14.30.0/23 next-hop 10.14.2.17; route 10.14.60.0/23 next-hop 10.14.2.17; route 10.14.7.0/24 next-hop 10.14.6.1; route 10.19.142.0/24 next-hop 10.14.6.1; route 10.14.96.0/24 next-hop 10.14.6.1; route 10.14.95.0/24 next-hop 10.14.6.1; route 10.14.45.0/24 next-hop 10.14.6.1; route 10.14.43.0/24 next-hop 10.14.6.1; route 10.14.8.0/24 next-hop 10.14.6.1; route 10.14.6.0/23 next-hop 10.14.6.1; route 10.14.86.0/23 next-hop 10.14.6.1; route 10.80.0.0/16 next-hop 10.14.6.1; route 10.90.0.0/16 next-hop 10.14.6.1; route 10.70.0.0/16 next-hop 10.14.6.1; route 10.118.0.0/16 next-hop 10.14.6.1; route 10.121.0.0/16 next-hop 10.14.6.1; route 10.120.0.0/16 next-hop 10.14.6.1; route 10.122.0.0/16 next-hop 10.14.6.1; route 10.124.0.0/16 next-hop 10.14.6.1; route 10.100.0.0/16 next-hop 10.14.6.1; route 10.18.0.0/16 next-hop 10.14.6.1; route 10.19.0.0/16 next-hop 10.14.6.1; route 10.16.0.0/16 next-hop 10.14.6.1; route 10.22.0.0/16 next-hop 10.14.6.1; route 10.20.0.0/16 next-hop 10.14.6.1; route 10.26.0.0/16 next-hop 10.14.6.1; route 10.24.0.0/16 next-hop 10.14.6.1; route 10.30.0.0/16 next-hop 10.14.6.1; route 10.28.0.0/16 next-hop 10.14.6.1; route 10.1.0.0/16 next-hop 10.14.6.1; route 10.2.0.0/16 next-hop 10.14.6.1; route 10.4.0.0/16 next-hop 10.14.6.1; route 10.8.0.0/16 next-hop 10.14.6.1; route 10.9.0.0/16 next-hop 10.14.6.1; route 10.12.0.0/16 next-hop 10.14.6.1; route 10.50.0.0/16 next-hop 10.14.6.1; route 10.56.0.0/16 next-hop 10.14.6.1; route 10.60.0.0/16 next-hop 10.14.6.1; route 10.32.0.0/16 next-hop 10.14.6.1; route 10.40.0.0/16 next-hop 10.14.6.1; route 10.44.0.0/16 next-hop 10.14.6.1; route 10.156.0.0/16 next-hop 10.14.6.1; route 10.152.0.0/16 next-hop 10.14.6.1; route 10.160.0.0/12 next-hop 10.14.6.1; route 10.192.0.0/10 next-hop 10.14.6.1; route 192.168.4.0/24 next-hop 192.168.61.1; route 192.168.3.0/24 next-hop 192.168.61.1; route 192.168.62.0/24 next-hop 192.168.61.1; route 192.168.63.0/24 next-hop 192.168.61.1; route 192.168.60.0/24 next-hop 192.168.61.1; route 192.168.61.0/24 next-hop 192.168.61.1; route 192.168.120.0/24 next-hop 192.168.61.1; route 192.168.56.0/24 next-hop 192.168.61.1; route 0.0.0.0/0 { next-hop 190.254.14.97; qualified-next-hop 186.28.228.209 { preference 7; } preference 5; } route 10.14.47.0/24 next-hop 10.14.6.1; route 10.119.0.0/16 next-hop 10.14.6.1; route 10.143.0.0/16 next-hop 10.14.6.1; route 10.14.25.0/27 next-hop 10.14.2.17; route 10.14.80.0/22 next-hop 10.14.2.17; route 10.14.100.0/24 next-hop 10.14.6.1; route 10.14.48.0/23 next-hop 10.14.6.1; route 10.154.0.0/16 next-hop 10.14.6.1; route 10.14.50.0/24 next-hop 10.14.6.1; route 10.14.52.0/24 next-hop 10.14.6.1; route 10.120.201.0/24 next-hop 10.14.6.1; route 10.14.65.0/26 next-hop 10.14.2.17; route 10.14.200.0/24 next-hop 10.14.6.1; route 10.14.201.0/24 next-hop 10.14.6.1; route 10.14.40.0/23 next-hop 10.14.6.1; } } protocols { stp; } security { ike { policy ike_pol_dyn_vpn { mode aggressive; proposal-set standard; } gateway gw_dyn_vpn { ike-policy ike_pol_dyn_vpn; dynamic { hostname FW_ODB; connections-limit 50; ike-user-type group-ike-id; } dead-peer-detection; external-interface reth3.0; xauth access-profile remote_access_profile; } } ipsec { policy ipsec_pol_dyn_vpn { proposal-set standard; } vpn dyn_vpn { ike { gateway gw_dyn_vpn; ipsec-policy ipsec_pol_dyn_vpn; } } } alg { h323 { application-screen { unknown-message { permit-nat-applied; permit-routed; } } } sip { application-screen { unknown-message { permit-nat-applied; permit-routed; } } } ike-esp-nat { enable; } } application-firewall { rule-sets BLOCKED-APPS { rule FACEBOOK { match { dynamic-application [ junos:FACEBOOK-ACCESS junos:FACEBOOK-ACCESS-SSL junos:FACEBOOK-APP junos:FACEBOOK-APPLICAT IONBUILDER junos:FACEBOOK-BIGPHOTO junos:FACEBOOK-BUMPERSTICKER junos:FACEBOOK-CARICATURE junos:FACEBOOK-CAUSES junos:FACEBOOK-CDN-S SL junos:FACEBOOK-CHAT junos:FACEBOOK-CIRCLEOFMOMS junos:FACEBOOK-COLLECTHEARTS junos:FACEBOOK-CONTESTS junos:FACEBOOK-DAILYHOROSCOP E junos:FACEBOOK-DECORATIVEWRITING junos:FACEBOOK-DOGBOOK junos:FACEBOOK-EXTENDEDINFO junos:FACEBOOK-FAMILYLINK junos:FACEBOOK-FAMIL YTREE junos:FACEBOOK-FANAPPZ junos:FACEBOOK-FARMVILLE junos:FACEBOOK-FLIXSTER junos:FACEBOOK-FRASESDIARIAS junos :FACEBOOK-FUNNYPHOTO junos:FACEBOOK-GALLETASDELAFORTUNA junos:FACEBOOK-GODWANTSYOUTOKNOW junos:FACEBOOK-HALLMARKSOCIALCALENDAR junos :FACEBOOK-HONESTYBOX junos:FACEBOOK-HUGGED junos:FACEBOOK-ICAST junos:FACEBOOK-IKARMA junos:FACEBOOK-ILIKE-MUSIC junos:FACEBOOK-ILIK ETHISARTIST junos:FACEBOOK-MAIL junos:FACEBOOK-MARKETPLACE junos:FACEBOOK-MIXPODMUSIC junos:FACEBOOK-MOBILE-CHAT junos:FACEBOOK-MUSI KGW junos:FACEBOOK-MYARABICNAME junos:FACEBOOK-MYBAND junos:FACEBOOK-MYBESTFRIENDS junos:FACEBOOK-MYPERSONALITY junos:FACEBOOK-MYTOPFANS junos:FACEBOOK-NETWORKEDBLOGS junos:FACEBOOK-PHOTOOFTHEDAY junos:FACEBOOK-PICNIK junos:FACEBOOK-PROFILEBOX junos:FACEBOOK-PROFILEHTML junos:FACEBOOK-QUIZMONSTER junos:FACEBOOK-ROCKYOULIVE junos:FACEBOOK-SKETCHME junos:FACEBOOK-SLIDEFUNSPAC E junos:FACEBOOK-SOCIALRSS junos:FACEBOOK-SUPERPOKE junos:FACEBOOK-SWEEPSTAKES junos:FACEBOOK-TOPFRIENDS junos:FACEBOOK-UPLOAD junos :FACEBOOK-VIDEO-STREAM junos:FACEBOOK-VISUALBOOKSHELF junos:FACEBOOK-WELCOMETAB junos:FACEBOOK-WINDOWSLIVEMESSEN GER junos:FACEBOOK-YEARBOOK junos:FACEBOOK-YOURJAPANESENAME junos:FACEBOOK-YOUTUBEBOX junos:FACEBOOK-YOUTUBEVIDEOBOX junos:FACEBOOK- ZOOSK ]; } then { deny; } } rule YOUTUBE { match { dynamic-application [ junos:YOUTUBE junos:YOUTUBE-COMMENT junos:YOUTUBE-STREAM ]; } then { deny; } } rule SOCIAL { match { dynamic-application junos:GOOGLE-PLUS-SSL; dynamic-application-group [ junos:social-networking junos:social-networking:applications junos:social-networking :business junos:web:social-networking junos:web:social-networking:applications junos:web:social-networking:business junos:web:social -networking:facebook junos:web:social-networking:linkedin junos:web:social-networking:myspace ]; } then { deny; } } rule GAMING { match { dynamic-application-group [ junos:gaming junos:gaming:protocols junos:gaming:web-based junos:web:gaming junos:we b:gaming:protocols junos:web:gaming:web-based ]; } then { deny; } } rule PROXY { match { dynamic-application [ junos:AIM-PROXY junos:CCPROXY junos:GLYPE-PROXY junos:HIDEMYASS-WEB-PROXY junos:JONDO-PROX Y junos:PROXYDOTORG junos:ULTRASURF ]; dynamic-application-group junos:web:proxy; } then { deny; } } rule DOWNLOADS { match { dynamic-application [ junos:ARES junos:ARES-UDP junos:BITTORRENT junos:BITTORRENT-APPLICATION junos:BITTORRENT-D HT junos:BITTORRENT-DHT4 junos:BITTORRENT-UDP junos:BITTORRENT-WEB-CLIENT junos:EXTRATORRENT junos:GAMESTORRENTS junos:KICKASSTORREN TS junos:TORRENT-FILE-HTTP-DOWNLOAD junos:TORRENT411 junos:TORRENTHOUND junos:TORRENTINO-RU junos:TORRENTLEECH junos:TORRENTREACTOR junos:TORRENTZ ]; dynamic-application-group [ junos:p2p junos:p2p:file-sharing junos:web:p2p junos:web:p2p:file-sharing ]; } then { deny; } } rule TWITTER { match { dynamic-application [ junos:TWITTER junos:TWITTER-SSL junos:TWITTER-UPDATE ]; } then { deny; } } default-rule { permit; } } rule-sets ALLOW-YOUTUBE { rule FACEBOOK { match { dynamic-application [ junos:FACEBOOK-ACCESS junos:FACEBOOK-ACCESS-SSL junos:FACEBOOK-APP junos:FACEBOOK-APPLICAT IONBUILDER junos:FACEBOOK-BIGPHOTO junos:FACEBOOK-BUMPERSTICKER junos:FACEBOOK-CARICATURE junos:FACEBOOK-CAUSES junos:FACEBOOK-CDN-S SL junos:FACEBOOK-CHAT junos:FACEBOOK-CIRCLEOFMOMS junos:FACEBOOK-COLLECTHEARTS junos:FACEBOOK-CONTESTS junos:FACEBOOK-DAILYHOROSCOP E junos:FACEBOOK-DECORATIVEWRITING junos:FACEBOOK-DOGBOOK junos:FACEBOOK-EXTENDEDINFO junos:FACEBOOK-FAMILYLINK junos:FACEBOOK-FAMIL YTREE junos:FACEBOOK-FANAPPZ junos:FACEBOOK-FARMVILLE junos:FACEBOOK-FLIXSTER junos:FACEBOOK-FRASESDIARIAS junos :FACEBOOK-FUNNYPHOTO junos:FACEBOOK-GALLETASDELAFORTUNA junos:FACEBOOK-GODWANTSYOUTOKNOW junos:FACEBOOK-HALLMARKSOCIALCALENDAR junos :FACEBOOK-HONESTYBOX junos:FACEBOOK-HUGGED junos:FACEBOOK-ICAST junos:FACEBOOK-IKARMA junos:FACEBOOK-ILIKE-MUSIC junos:FACEBOOK-ILIK ETHISARTIST junos:FACEBOOK-MAIL junos:FACEBOOK-MARKETPLACE junos:FACEBOOK-MIXPODMUSIC junos:FACEBOOK-MOBILE-CHAT junos:FACEBOOK-MUSI KGW junos:FACEBOOK-MYARABICNAME junos:FACEBOOK-MYBAND junos:FACEBOOK-MYBESTFRIENDS junos:FACEBOOK-MYPERSONALITY junos:FACEBOOK-MYTOPFANS junos:FACEBOOK-NETWORKEDBLOGS junos:FACEBOOK-PHOTOOFTHEDAY junos:FACEBOOK-PICNIK junos:FACEBOOK-PROFILEBOX junos:FACEBOOK-PROFILEHTML junos:FACEBOOK-QUIZMONSTER junos:FACEBOOK-ROCKYOULIVE junos:FACEBOOK-SKETCHME junos:FACEBOOK-SLIDEFUNSPAC E junos:FACEBOOK-SOCIALRSS junos:FACEBOOK-SUPERPOKE junos:FACEBOOK-SWEEPSTAKES junos:FACEBOOK-TOPFRIENDS junos:FACEBOOK-UPLOAD junos :FACEBOOK-VIDEO-STREAM junos:FACEBOOK-VISUALBOOKSHELF junos:FACEBOOK-WELCOMETAB junos:FACEBOOK-WINDOWSLIVEMESSEN GER junos:FACEBOOK-YEARBOOK junos:FACEBOOK-YOURJAPANESENAME junos:FACEBOOK-YOUTUBEBOX junos:FACEBOOK-YOUTUBEVIDEOBOX junos:FACEBOOK- ZOOSK ]; } then { deny; } } rule SOCIAL { match { dynamic-application junos:GOOGLE-PLUS-SSL; dynamic-application-group [ junos:social-networking junos:social-networking:applications junos:social-networking :business junos:web:social-networking junos:web:social-networking:applications junos:web:social-networking:business junos:web:social -networking:facebook junos:web:social-networking:linkedin junos:web:social-networking:myspace ]; } then { deny; } } rule GAMING { match { dynamic-application-group [ junos:gaming junos:gaming:protocols junos:gaming:web-based junos:web:gaming junos:we b:gaming:protocols junos:web:gaming:web-based ]; } then { deny; } } rule PROXY { match { dynamic-application [ junos:AIM-PROXY junos:CCPROXY junos:GLYPE-PROXY junos:HIDEMYASS-WEB-PROXY junos:JONDO-PROX Y junos:PROXYDOTORG junos:ULTRASURF ]; dynamic-application-group junos:web:proxy; } then { deny; } } rule DOWNLOADS { match { dynamic-application [ junos:ARES junos:ARES-UDP junos:BITTORRENT junos:BITTORRENT-APPLICATION junos:BITTORRENT-D HT junos:BITTORRENT-DHT4 junos:BITTORRENT-UDP junos:BITTORRENT-WEB-CLIENT junos:EXTRATORRENT junos:GAMESTORRENTS junos:KICKASSTORREN TS junos:TORRENT-FILE-HTTP-DOWNLOAD junos:TORRENT411 junos:TORRENTHOUND junos:TORRENTINO-RU junos:TORRENTLEECH junos:TORRENTREACTOR junos:TORRENTZ ]; dynamic-application-group [ junos:p2p junos:p2p:file-sharing junos:web:p2p junos:web:p2p:file-sharing ]; } then { deny; } } rule TWITTER { match { dynamic-application [ junos:TWITTER junos:TWITTER-SSL junos:TWITTER-UPDATE ]; } then { deny; } } default-rule { permit; } } } utm { inactive: traceoptions { flag all; } application-proxy { traceoptions { flag all; } } custom-objects { url-pattern { Whites { value [ http://www.odebrecht.com 190.25.230.138 http://www.grupobancolombia.com platform.linkedin.com http://*.o biee.banrep.gov.co http://obiee.banrep.gov.co http://www.banrep.gov.co http://www.www8-hp.com http://www8.hp.com http://*.www8-hp.co m http://*.banrep.gov.co https://*maps.google.com http://citadoncw.citadon.com http://cdn.citadoncw.com/ "https:\\\\dl.google.com" h ttps://*.google.com https://dl.google.com http://kh.google.com https://kh.google.com http://sinapsys.no-ip.org 190.90.167.7 https:// aplicaciones.nuevaeps.com.co dyndns.org http://dyndns.org es.dyn.com http://pasaportes.cancilleria.gov.co/sicep/ administracion/registrarpersona.seam http://190.26.196.49 ]; } Blacks { value [ www.rojadirecta.me *bepartofthefunny.com greatest3threeisland.com ]; } ip-white-list { value [ 190.25.230.138 200.90.142.172 190.8.176.82 67.228.90.91 190.90.167.7 ]; } ip-black-list { value http://*.hotelricci.com; } } custom-url-category { Black_list { value Blacks; } White_list { value Whites; } } } feature-profile { web-filtering { type juniper-enhanced; inactive: traceoptions { flag all; } juniper-enhanced { cache { timeout 1800; size 500; } server { host rp.cloud.threatseeker.com; port 80; } profile WebFiltering { category { Enhanced_Adult_Material { action block; } Enhanced_Abortion { action block; } Enhanced_Entertainment { action block; } Enhanced_Gambling { action block; } Enhanced_Games { action block; } Enhanced_Weapons { action block; } Enhanced_Adult_Content { action block; } Enhanced_Abused_Drugs { action block; } Enhanced_Alcohol_and_Tobacco { action block; } Enhanced_Drugs { action block; } Enhanced_Dynamic_DNS { action block; } Enhanced_Hacking { action block; } Enhanced_Illegal_or_Questionable { action block; } Enhanced_Nudity { action block; } Enhanced_Sex { action block; } Enhanced_Sex_Education { action block; } Enhanced_URL_Translation_Sites { action block; } Enhanced_Proxy_Avoidance { action block; } Enhanced_Personals_and_Dating { action block; } Enhanced_Social_Web_Youtube { action block; } Black_list { action block; } White_list { action log-and-permit; } } site-reputation-action { very-safe permit; moderately-safe log-and-permit; fairly-safe log-and-permit; suspicious block; harmful block; } default permit; custom-block-message "Este sitio no esta permitido en este horario. Solo estara habilitado de 12:00 m a 2:00 p.m"; fallback-settings { default block; server-connectivity log-and-permit; timeout block; too-many-requests block; } timeout 10; no-safe-search; } profile WebFiltering2 { category { Enhanced_Adult_Material { action block; } Enhanced_Nudity { action block; } Enhanced_Adult_Content { action block; } Enhanced_Sex { action block; } Enhanced_Sex_Education { action block; } Black_list { action block; } White_list { action log-and-permit; } } site-reputation-action { very-safe permit; moderately-safe log-and-permit; fairly-safe log-and-permit; suspicious block; harmful block; } default permit; custom-block-message "Este sitio no esta permitido en este horario. Solo estara habilitado de 12:00 m a 2:00 p.m"; fallback-settings { default block; server-connectivity log-and-permit; timeout block; too-many-requests block; } timeout 10; no-safe-search; } } } anti-spam { address-whitelist ip-white-list; traceoptions { flag all; flag sbl; } sbl { profile junos-as-defaults { sbl-default-server; spam-action block; custom-tag-string ***SPAM***>; } } } } utm-policy WEBFILTER { anti-virus { http-profile junos-av-defaults; ftp { upload-profile junos-av-defaults; download-profile junos-av-defaults; } smtp-profile junos-av-defaults; pop3-profile junos-av-defaults; imap-profile junos-av-defaults; } web-filtering { http-profile WebFiltering; } anti-spam { smtp-profile junos-as-defaults; } traffic-options { sessions-per-client { over-limit log-and-permit; } } } utm-policy junos-av-wf-policy { anti-spam { smtp-profile junos-as-defaults; } } utm-policy WEBFILTER2 { anti-virus { http-profile junos-av-defaults; ftp { upload-profile junos-av-defaults; download-profile junos-av-defaults; } smtp-profile junos-av-defaults; pop3-profile junos-av-defaults; imap-profile junos-av-defaults; } web-filtering { http-profile WebFiltering2; } anti-spam { smtp-profile junos-as-defaults; } traffic-options { sessions-per-client { over-limit log-and-permit; } } } utm-policy WEBFILTER_SIN_ANTIVIRUS { web-filtering { http-profile WebFiltering; } anti-spam { smtp-profile junos-as-defaults; } traffic-options { sessions-per-client { over-limit log-and-permit; } } } utm-policy WEBFILTER_SIN_ANTIVIRUS2 { web-filtering { http-profile WebFiltering2; } anti-spam { smtp-profile junos-as-defaults; } traffic-options { sessions-per-client { over-limit log-and-permit; } } } } dynamic-vpn { access-profile remote_access_profile; clients { dyn-group { remote-protected-resources { 10.0.0.0/8; } ipsec-vpn dyn_vpn; user { cperez; dianasantos; jcamues; sdiaz; } } } } flow { traceoptions { file flow-debug; flag all; packet-filter PF1 { source-prefix 10.14.71.54/32; destination-prefix 190.26.196.49/32; } } tcp-mss { all-tcp { mss 1200; } } } nat { source { pool prd1 { address { 10.14.70.97/32; } } rule-set Out_Internet { from zone [ CRDS Global_Odebrecht LAN_Bogota ]; to zone Internet; rule Masquerade { match { source-address 10.14.0.0/16; } then { source-nat { interface; } } } } rule-set Out_Global { from zone CRDS; to zone Global_Odebrecht; rule Mask2 { match { source-address 10.14.0.0/16; destination-address 10.120.200.49/32; } then { source-nat { interface; } } } rule Mask { match { source-address [ 10.14.65.0/24 10.14.60.0/24 10.14.25.0/27 ]; destination-address [ 10.19.0.0/16 10.1.0.0/16 10.14.6.0/24 10.14.7.0/24 ]; } then { source-nat { interface; } } } rule Mask3 { description "A Archivos Cll 100"; match { source-address 10.14.0.0/16; destination-address [ 10.14.6.123/32 10.14.6.17/32 10.14.6.26/32 10.14.6.82/32 ]; } then { source-nat { interface; } } } } rule-set Out_BTLatam { from zone [ CRDS LAN_Bogota ]; to zone BTLatam; rule BTLatam_Rule { match { source-address 10.14.0.0/16; } then { source-nat { interface; } } } } rule-set From_VPN { from zone Internet; to zone CRDS; rule Mask_VPN { match { source-address 192.168.77.0/24; destination-address 10.14.0.0/16; } then { source-nat { interface; } } } } rule-set Out_Global2 { from zone LAN_Bogota; to zone Global_Odebrecht; rule Mask4 { match { source-address 10.14.70.0/23; destination-address [ 10.14.48.180/32 10.14.6.82/32 10.14.6.19/32 10.14.6.17/32 10.14.6.26/32 10.14.6.21/32 10.14.6.22/32 ]; } then { source-nat { interface; } } } rule MaskCll93 { match { source-address 10.14.70.0/23; destination-address 10.14.6.200/32; } then { source-nat { interface; } } } } } destination { pool Correo_CRDS { address 10.14.70.83/32; } pool Asterisk_LAN { address 10.14.70.250/32; } pool prueba { address 10.14.70.97/32; } rule-set Asterisk_NAT { from zone Internet; rule Asterisk_Rule { match { source-address 0.0.0.0/0; destination-address 186.28.228.221/32; } then { destination-nat pool Asterisk_LAN; } } } } static { rule-set Internet_NAT { from zone [ CRDS Internet LAN_Bogota ]; rule Correo_Consol_Nat_Rule { match { destination-address 190.66.21.35/32; } then { static-nat { prefix { 10.14.70.20/32; } } } } rule WebCRDS_Nat_Rule { match { destination-address 190.254.14.102/32; } then { static-nat { prefix { 10.14.70.101/32; } } } } rule Maquinaria_Consol_Nat_Rule { match { destination-address 190.254.14.99/32; } then { static-nat { prefix { 10.14.98.205/32; } } } } rule Barracuda_Nat_Rule { match { destination-address 186.28.228.219/32; } then { static-nat { prefix { 10.14.70.49/32; } } } } rule Correo_CRDS_Nat_Rule { match { destination-address 186.28.228.210/32; } then { static-nat { prefix { 10.14.70.83/32; } } } } rule FTP_CRDS_Nat_Rule { match { destination-address 186.28.228.213/32; } then { static-nat { prefix { 10.14.70.40/32; } } } } rule FTP_Consol_Nat_Rule { match { destination-address 190.66.21.36/32; } then { static-nat { prefix { 10.14.70.17/32; } } } } rule GD_Nat_Rule { match { destination-address 186.28.228.212/32; } then { static-nat { prefix { 10.14.70.56/32; } } } } rule Lynced_Nat_Rule { match { destination-address 186.28.228.220/32; } then { static-nat { prefix { 10.14.70.195/32; } } } } rule Vcenter_Nat_Rule { match { destination-address 186.28.228.215/32; } then { static-nat { prefix { 10.14.78.16/32; } } } } rule Ftp2_Consol_Nat_Rule { description Nat_702; match { destination-address 186.28.228.222/32; } then { static-nat { prefix { 10.14.70.2/32; } } } } rule Logitrack { match { destination-address 186.28.228.216/32; } then { static-nat { prefix { 10.14.70.4/32; } } } } } rule-set BTLatam_NAT { from zone [ BTLatam CRDS LAN_Bogota ]; rule Peajes_Linux_Nat_Rule { match { destination-address 192.168.61.4/32; } then { static-nat { prefix { 10.14.70.14/32; } } } } rule SIIP { match { destination-address 192.168.61.3/32; } then { static-nat { prefix { 10.14.70.115/32; } } } } rule Morrison { description "Peaje Morrison"; match { destination-address 192.168.61.6/32; } then { static-nat { prefix { 10.14.80.21/32; } } } } rule Morrison2 { description "Peaje Morrison 2"; match { destination-address 192.168.61.7/32; } then { static-nat { prefix { 10.14.80.30/32; } } } } } rule-set rs1 { from zone Global_Odebrecht; rule r1 { match { destination-address 10.14.6.115/32; } then { static-nat { prefix { 192.168.3.2/32; } } } } } } proxy-arp { interface reth2.0 { address { 190.254.14.99/32; 190.254.14.102/32; } } interface reth3.0 { address { 186.28.228.210/32; 186.28.228.212/32; 186.28.228.213/32; 186.28.228.215/32; 186.28.228.219/32; 186.28.228.220/32; 186.28.228.221/32; 186.28.228.222/32; 186.28.228.216/32; } } interface reth5.0 { address { 192.168.61.3/32; 192.168.61.4/32; 192.168.61.6/32; 192.168.61.7/32; 192.168.3.2/32; 192.168.61.8/32; } } interface reth6.0 { address { 190.66.21.35/32; 190.66.21.36/32; } } interface reth4.0 { address { 10.14.6.115/32; } } } } policies { inactive: traceoptions { file policy_debug; flag all; } from-zone Global_Odebrecht to-zone CRDS { policy Rule01 { match { source-address [ Red_CONSOL_DORADA_10.14.86.0 Red_CRDS_10.14.95.0 Berrio_jun PtoBoyacaPpal ]; destination-address Red_CONSOL_CRDS_38.7_10.14.98.0; application [ plantas1 TCP1718 junos-h323 Telefonia_CRDS_Consol ]; } then { permit; log { session-init; session-close; } count; } } policy Rule06 { match { source-address [ sisengodb ocanadd ]; destination-address Corporativo; application [ junos-netbios-session junos-nbname junos-nbds ]; } then { permit; log { session-init; session-close; } count; } } policy Rule148 { match { source-address any; destination-address Corporativo; application [ junos-sip junos-h323 junos-icmp-all junos-icmp-ping junos-ping Speed_Solution2 ]; } then { permit; } } policy Rule10 { match { source-address Grupo_OEC; destination-address Corporativo; application any; } then { permit; } } policy Rule27 { match { source-address any; destination-address Maquinaria_Consol_PSalgar; application [ Maquinaria_Puerto_Salgar junos-icmp-ping Speed_Solution Speed_Solution2 junos-telnet Puerto8000 Ma q_39998 Maq_39999 Puerto1_GasolinaU Puerto2_GasolinaU ]; } then { permit; } } policy Rule71 { match { source-address any; destination-address Plantas_Telefonicas_CRDS; application [ Telefonia_CRDS_Consol junos-sip junos-icmp-ping ]; } then { permit; } } policy Rule91 { match { source-address any; destination-address vcenter_10.14.78.16; application [ junos-ftp RDP ]; } then { permit; } } policy Rule172 { description Compartidas; match { source-address any; destination-address edenpc; application [ junos-cifs junos-nbds junos-netbios-session junos-smb-session ]; } then { permit; } } } from-zone CRDS to-zone Global_Odebrecht { policy Rule02 { match { source-address Red_CONSOL_CRDS_38.7_10.14.98.0; destination-address [ Red_CONSOL_DORADA_10.14.86.0 Red_CRDS_10.14.95.0 Berrio_jun PtoBoyacaPpal ]; application [ plantas1 TCP1718 junos-h323 Telefonia_CRDS_Consol ]; } then { permit; log { session-init; session-close; } count; } } policy Rule05 { match { source-address Corporativo; destination-address [ sisengodb ocanadd ]; application [ junos-netbios-session junos-nbname junos-nbds ]; } then { permit; log { session-init; session-close; } count; } } policy Rule147 { match { source-address Corporativo; destination-address any; application [ junos-sip junos-h323 junos-icmp-all junos-icmp-ping junos-ping Speed_Solution2 ]; } then { permit; } } policy Rule09 { match { source-address Corporativo; destination-address Grupo_OEC; application any; } then { permit; log { session-init; session-close; } count; } } policy Rule32 { match { source-address Maquinaria_Consol_PSalgar; destination-address any; application [ Maquinaria_Puerto_Salgar junos-icmp-ping Speed_Solution Speed_Solution2 junos-telnet Puerto8000 Ma q_39998 Maq_39999 Puerto1_GasolinaU Puerto2_GasolinaU ]; } then { permit; } } policy Rule69 { match { source-address any; destination-address OEC_TFTP_10.120.200.20; application [ Telefonia_CRDS_Consol junos-sip junos-icmp-ping ]; } then { permit; } } policy Rule134 { match { source-address Plantas_Telefonicas_CRDS; destination-address any; application [ Telefonia_CRDS_Consol junos-sip junos-icmp-ping ]; } then { permit; log { session-init; session-close; } count; } } policy RuleETDBesote { match { source-address Corporativo; destination-address Net_10.14.45.0; application [ junos-http junos-https junos-nbname junos-icmp-ping junos-ping ]; } then { permit; log { session-init; session-close; } count; } } } from-zone Global_Odebrecht to-zone LAN_Bogota { policy Rule03 { match { source-address [ Red_CONSOL_DORADA_10.14.86.0 Red_CRDS_10.14.95.0 Red_CRDS_10.14.96.0 ]; destination-address Asterisk_10.14.70.250; application [ Asterisk_10050 Asterisk_10051 Asterisk_via junos-sip junos-ssh junos-icmp-ping ]; } then { permit; } } policy Rule08 { match { source-address sisengodb; destination-address Red_Lan_Bogota-10.14.70.0; application [ junos-netbios-session junos-nbname junos-nbds ]; } then { permit; } } policy Rule12 { match { source-address Grupo_OEC; destination-address Red_Lan_Bogota-10.14.70.0; application any; } then { permit; } } policy Rule36 { match { source-address any; destination-address BESX_10.14.70.97; application [ Custom_TCP_3101_BB Custom_UDP_3101_BB ]; } then { permit; } } policy Rule46 { match { source-address any; destination-address [ LYNC_10.14.70.193 LYNCED_10.14.70.194 LYNCED_Externo_10.14.70.195 ]; application [ LYNC_CONFERENCE Owa_Lync junos-https LYNC_SIP LYNC_MOBILE LYNC_WEB LYNC_FE_UDP LYNC3 LYNCDISCOVER1 LYNCDISCOVER2 Banco_Bogota junos-sip HTTP_PROXY LYNC_FE_TCP LYNC_ASTERISK junos-snpp junos-http ]; } then { permit; } } policy Rule54 { match { source-address any; destination-address Servidor_CONSOL_Competitividad_10.14.70.198; application [ junos-http junos-https junos-ftp ]; } then { permit; } } policy Rule58 { match { source-address any; destination-address WebCRDS_10.14.70.101; application [ junos-http junos-https junos-ftp ]; } then { permit; } } policy Rule61 { match { source-address any; destination-address [ Correo_CONSOL_10.14.70.20 Correo_CRDS_10.14.70.83 ]; application [ junos-mail POP3S junos-pop3 SMTPS SMTP_AUTH junos-imap junos-imaps HTTP_PROXY Owa_Lync test_1101 R DP tcp-highports ]; } then { permit; log { session-init; session-close; } count; } } policy Rule82 { match { source-address any; destination-address Barracuda_10.14.70.49; application any; } then { permit; } } policy Rule86 { match { source-address any; destination-address [ FTP_CONSOL_NEW10.14.70.2 Ftp_CRDS Ftp_Consol_10.14.70.17 Asterisk_10.14.70.250 LYNCED_Exte rno_10.14.70.195 GD_10.14.70.56 Primavera_10.14.70.110 ]; application [ junos-ftp RDP ]; } then { permit; } } policy Rule151 { match { source-address any; destination-address [ AD_CONSOL_10.14.70.16 Correo_CONSOL_10.14.70.20 Correo_CRDS_10.14.70.83 AD_CRDS ]; application [ junos-mail POP3S junos-pop3 SMTPS SMTP_AUTH junos-imap junos-imaps HTTP_PROXY Owa_Lync test_1101 R DP junos-https junos-ms-rpc-tcp junos-ms-rpc-udp junos-ms-rpc-msexchange-directory-rfr junos-ms-rpc-msexchange-info-store junos-ms-r pc-msexchange-directory-nsp junos-ms-rpc-msexchange tcp-highports junos-netbios-session junos-nbname ]; } then { permit; log { session-init; session-close; } count; } } } from-zone LAN_Bogota to-zone Global_Odebrecht { policy Rule04 { match { source-address Asterisk_10.14.70.250; destination-address [ Red_CONSOL_DORADA_10.14.86.0 Red_CRDS_10.14.95.0 Red_CRDS_10.14.96.0 ]; application [ Asterisk_10050 Asterisk_10051 Asterisk_via junos-sip junos-ssh junos-icmp-ping ]; } then { permit; } } policy Rule07 { match { source-address Red_Lan_Bogota-10.14.70.0; destination-address sisengodb; application [ junos-netbios-session junos-nbname junos-nbds ]; } then { permit; } } policy Rule11 { match { source-address Red_Lan_Bogota-10.14.70.0; destination-address Grupo_OEC; application any; } then { permit; } } policy Rule39 { match { source-address BESX_10.14.70.97; destination-address any; application [ Custom_TCP_3101_BB Custom_UDP_3101_BB ]; } then { permit; } } policy Rule50 { match { source-address [ LYNC_10.14.70.193 LYNCED_10.14.70.194 LYNCED_Externo_10.14.70.195 ]; destination-address any; application [ LYNC_CONFERENCE Owa_Lync junos-https LYNC_SIP LYNC_MOBILE LYNC_WEB LYNC_FE_UDP LYNC3 LYNCDISCOVER1 LYNCDISCOVER2 Banco_Bogota junos-sip HTTP_PROXY LYNC_FE_TCP LYNC_ASTERISK junos-snpp junos-http ]; } then { permit; } } policy Rule78 { match { source-address Barracuda_10.14.70.49; destination-address any; application any; } then { permit; } } } from-zone LAN_Bogota to-zone CRDS { policy prueba { match { source-address cperez2; destination-address cimitarraserver; application LYNC_SHARE_TCP; } then { permit; } } policy Rule130 { match { source-address Red_Lan_Bogota-10.14.70.0; destination-address any; application [ junos-ping junos-icmp-all junos-sip junos-h323 ]; } then { permit; } } policy Rule16 { description "DomainContr a Corporativo LANs"; match { source-address [ AD_CRDS AD_CONSOL_10.14.70.16 ]; destination-address Corporativo; application any; } then { permit; } } policy Rule25 { match { source-address any; destination-address Maquinaria_Consol_PSalgar; application [ Maquinaria_Puerto_Salgar junos-icmp-ping Speed_Solution Speed_Solution2 junos-telnet Puerto8000 Ma q_39998 Maq_39999 Puerto1_GasolinaU Puerto2_GasolinaU ]; } then { permit; } } policy Rule37 { match { source-address BESX_10.14.70.97; destination-address any; application [ Custom_TCP_3101_BB Custom_UDP_3101_BB ]; } then { permit; } } policy Rule48 { match { source-address [ LYNC_10.14.70.193 LYNCED_10.14.70.194 LYNCED_Externo_10.14.70.195 Red_Lan_Bogota-10.14.70.0 ]; destination-address any; application [ LYNC_CONFERENCE Owa_Lync junos-https LYNC_SIP LYNC_MOBILE LYNC_WEB LYNC_FE_UDP LYNC3 LYNCDISCOVER1 LYNCDISCOVER2 Banco_Bogota junos-sip HTTP_PROXY LYNC_FE_TCP LYNC_ASTERISK junos-snpp junos-http LYNC_SHARE_TCP ]; } then { permit; log { session-init; session-close; } count; } } policy Rule135 { match { source-address Planta_Bogota_CRDS; destination-address any; application [ Telefonia_CRDS_Consol junos-sip junos-icmp-ping ]; } then { permit; } } policy Rule70 { match { source-address any; destination-address Plantas_Telefonicas_CRDS; application [ Telefonia_CRDS_Consol junos-sip junos-icmp-ping ]; } then { permit; } } policy Rule65 { match { source-address Asterisk_10.14.70.250; destination-address Corporativo; application [ Asterisk_10050 Asterisk_10051 Asterisk_via AMI junos-ssh junos-icmp-ping junos-sip MySQL Port_2048 UDP_2048 RTP_PORTS junos-h323 TCP_HIGH UDP_HIGH ]; } then { permit; } } policy Rule74 { match { source-address Red_Lan_Bogota-10.14.70.0; destination-address Corporativo; application GrupoPuertosUsers; } then { permit; } } policy Rule75 { match { source-address LYNC_10.14.70.193; destination-address Corporativo; application any; } then { permit; } } policy Rule76 { match { source-address Barracuda_10.14.70.49; destination-address any; application any; } then { permit; } } policy Rule89 { match { source-address any; destination-address [ vcenter_10.14.78.16 Lizama_julian peajesmoorison cimitarraserver morrison2 ]; application [ junos-ftp RDP ]; } then { permit; } } policy Rule93 { match { source-address Red_Lan_Bogota-10.14.70.0; destination-address Host_Impresora_38.7_Consol; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule94 { match { source-address Red_Lan_Bogota-10.14.70.0; destination-address Host_Impresora_38.7_CRDS; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule97 { match { source-address Red_Lan_Bogota-10.14.70.0; destination-address Host_Impresora_Lizama_Consol; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule101 { match { source-address Red_Lan_Bogota-10.14.70.0; destination-address Red_CIMITARRA_10.14.60.0; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule106 { match { source-address SOPORTES_10.14.71.64; destination-address Corporativo; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule108 { match { source-address Red_Lan_Bogota-10.14.70.0; destination-address [ Social_Bca TecPredial_10.14.25.2 edenpc ]; application [ junos-cifs junos-nbds junos-netbios-session junos-nbname ]; } then { permit; } } policy Rule111 { match { source-address [ Asterisk_10.14.70.250 Serv_Files_CRDS ]; destination-address Corporativo; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule113 { match { source-address [ NHOMEZ_10.14.71.48 SIIP_10.14.70.115 ]; destination-address Corporativo; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule114 { match { source-address BESX_10.14.70.97; destination-address Corporativo; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule115 { match { source-address Red_Lan_Bogota-10.14.70.0; destination-address TI_LIZAMA_10.14.20.15; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule117 { match { source-address Red_Lan_Bogota-10.14.70.0; destination-address TI_AGUACHICA_10.14.80.91; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule136 { match { source-address AdminRedBog; destination-address [ TI_LIZAMA_10.14.20.15 TI_AGUACHICA_10.14.80.91 Social_Bca Red_CONSOL_CRDS_38.7_10.14.98.0 ]; application [ junos-cifs junos-nbds RDP junos-tftp ]; } then { permit; } } policy Rule139 { match { source-address Red_Lan_Bogota-10.14.70.0; destination-address Corporativo; application [ junos-http junos-https UDP_HIGH ]; } then { permit; } } policy Rule154 { match { source-address Trend_Anti; destination-address any; application any; } then { permit; } } inactive: policy Rule155 { match { source-address any; destination-address edenpc; application [ junos-netbios-session junos-cifs junos-nbname junos-nbds ]; } then { permit; log { session-init; session-close; } count; } } } from-zone CRDS to-zone LAN_Bogota { policy prueba { match { source-address cimitarraserver; destination-address cperez2; application LYNC_SHARE_TCP; } then { permit; } } policy Rule129 { match { source-address any; destination-address Red_Lan_Bogota-10.14.70.0; application [ junos-ping junos-icmp-all junos-sip junos-h323 ]; } then { permit; } } policy Rule17 { description "Corporativo LANs a DomainCont"; match { source-address Corporativo; destination-address [ AD_CRDS AD_CONSOL_10.14.70.16 ]; application any; } then { permit; } } policy Rule30 { match { source-address Maquinaria_Consol_PSalgar; destination-address any; application [ Maquinaria_Puerto_Salgar junos-icmp-ping Speed_Solution Speed_Solution2 junos-telnet Puerto8000 Ma q_39998 Maq_39999 Puerto1_GasolinaU Puerto2_GasolinaU ]; } then { permit; } } policy Rule34 { match { source-address any; destination-address BESX_10.14.70.97; application [ Custom_TCP_3101_BB Custom_UDP_3101_BB ]; } then { permit; } } policy Rule44 { match { source-address any; destination-address [ LYNC_10.14.70.193 LYNCED_10.14.70.194 LYNCED_Externo_10.14.70.195 Red_Lan_Bogota-10.14.70. 0 ]; application [ LYNC_CONFERENCE Owa_Lync junos-https LYNC_SIP LYNC_MOBILE LYNC_WEB LYNC_FE_UDP LYNC3 LYNCDISCOVER1 LYNCDISCOVER2 Banco_Bogota junos-sip HTTP_PROXY LYNC_FE_TCP LYNC_ASTERISK junos-snpp junos-http LYNC_SHARE_TCP ]; } then { permit; log { session-init; session-close; } count; } } policy Rule52 { match { source-address any; destination-address Servidor_CONSOL_Competitividad_10.14.70.198; application [ junos-http junos-https junos-ftp ]; } then { permit; } } policy Rule56 { match { source-address any; destination-address WebCRDS_10.14.70.101; application [ junos-http junos-https junos-ftp ]; } then { permit; } } policy Rule59 { match { source-address any; destination-address [ Correo_CONSOL_10.14.70.20 Correo_CRDS_10.14.70.83 ]; application [ junos-mail POP3S junos-pop3 SMTPS SMTP_AUTH junos-imap junos-imaps HTTP_PROXY Owa_Lync test_1101 R DP junos-https junos-ms-rpc-tcp junos-ms-rpc-udp junos-ms-rpc-msexchange-directory-rfr junos-ms-rpc-msexchange-info-store junos-ms-r pc-msexchange-directory-nsp junos-ms-rpc-msexchange tcp-highports ]; } then { permit; } } policy Rule66 { match { source-address Corporativo; destination-address Asterisk_10.14.70.250; application [ Asterisk_10050 Asterisk_10051 Asterisk_via AMI junos-ssh junos-icmp-ping junos-sip MySQL Port_2048 UDP_2048 RTP_PORTS junos-h323 ]; } then { permit; } } policy Rule133 { match { source-address Plantas_Telefonicas_CRDS; destination-address any; application [ Telefonia_CRDS_Consol junos-sip junos-icmp-ping ]; } then { permit; } } policy Rule68 { match { source-address any; destination-address Planta_Bogota_CRDS; application [ Telefonia_CRDS_Consol junos-sip junos-icmp-ping ]; } then { permit; } } policy Rule73 { match { source-address Corporativo; destination-address Red_Lan_Bogota-10.14.70.0; application [ GrupoPuertosUsers UDP_HIGH ]; } then { permit; } } policy Rule80 { match { source-address any; destination-address Barracuda_10.14.70.49; application any; } then { permit; } } policy Rule84 { match { source-address any; destination-address [ FTP_CONSOL_NEW10.14.70.2 Ftp_CRDS Ftp_Consol_10.14.70.17 Asterisk_10.14.70.250 LYNCED_Exte rno_10.14.70.195 GD_10.14.70.56 Primavera_10.14.70.110 ]; application [ junos-ftp RDP ]; } then { permit; } } policy Rule99 { match { source-address Host_Impresora_Lizama_Consol; destination-address Red_Lan_Bogota-10.14.70.0; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule102 { match { source-address Corporativo; destination-address BETA_10.14.70.89; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule103 { match { source-address Corporativo; destination-address NAS_10.14.70.43; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule104 { match { source-address Corporativo; destination-address BESX_10.14.70.97; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule105 { match { source-address Corporativo; destination-address SOPORTES_10.14.71.64; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule109 { match { source-address Corporativo; destination-address [ Asterisk_10.14.70.250 Serv_Files_CRDS SIIP_10.14.70.115 ]; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule112 { match { source-address Corporativo; destination-address [ NHOMEZ_10.14.71.48 WebCRDS_10.14.70.101 ]; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule120 { match { source-address Red_CIMITARRA_10.14.60.0; destination-address Red_Lan_Bogota-10.14.70.0; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule131 { match { source-address Corporativo; destination-address DocumentosCompartidos; application [ junos-cifs junos-nbds RDP ]; } then { permit; } } policy Rule135 { match { source-address AdminRed; destination-address [ Ftp_CRDS Ftp_Consol_10.14.70.17 BETA_10.14.70.89 BESX_10.14.70.97 NAS_10.14.70.43 Correo_C ONSOL_10.14.70.20 Correo_CRDS_10.14.70.83 Barracuda_10.14.70.49 LYNC_10.14.70.193 LYNCED_10.14.70.194 Ares_10.14.70.135 Odin_10.14.7 0.70 Servidor_CONSOL_Competitividad_10.14.70.198 SisengConsol_10.14.70.15 Antivirus_10.14.70.108 lalmanza TrendConsol_10.14.70.18 Tr end_Anti ]; application [ junos-tftp RDP junos-cifs junos-nbds ]; } then { permit; } } policy Rule138 { match { source-address Corporativo; destination-address any; application [ HTTP_PROXY junos-http junos-https TCP_8090 Grupo_Red Fondo_Nacional ]; } then { permit; } } policy Rule154 { description Antivirus; match { source-address any; destination-address Trend_Anti; application any; } then { permit; } } } from-zone LAN_Bogota to-zone Internet { policy Rule18 { description "DNS Locales al Mundo"; match { source-address [ AD_CRDS AD_CONSOL_10.14.70.16 ]; destination-address any; application any; } then { permit; } } policy Rule15 { match { source-address [ Dsantos_10.14.71.174 cco2 cperez2 mpilar rlvieira rlvieira2 lhurtado Epferracuti_10.14.71.45 Ca rlos_Perez-10.14.71.33 epferracuti_71.32 mpilar2 amunoz1 amunoz2 nzuluaga1 nzuluaga2 dcaldas dcaldas2 lhurtado2 maga1 maga2 epfipad nhomez Recepcion ]; destination-address any; application [ junos-dns-udp junos-http Banco_Bogota HTTP_PROXY Jamlogic_Paneles1 Jamlogic_Paneles2 junos-ymsg Su ramericana Antecedentes POP3S SMTPS SMTP_AUTH junos-imap junos-imaps Equipos_Codim2 Fondo_Nacional Fondo_Nacional2 Owa_Lync Custom_T CP_1299 Mail_Servi_Hoteles pcvargas DVR_CONSOL Suramericana_UDP Suramericana2 Suramericana3 EPMAP_Sura Grupo_Red O2_7777 Planeta_Rad io LYNCDISCOVER1 LYNCDISCOVER2 Claro junos-https Pet junos-ftp junos-tftp SenaSofia Ucentral Interrapidisimo GPSVolquetasCONSOL educ acion Puerto1_GasolinaU Puerto2_GasolinaU Puerto3_GasolinaU movilidad_bogota movilidad2_bogota wbmconpros_2096 S upernotariado_7010 procuraduria junos-http-ext shd sqd umin Napster_directory_8888_primary ICQ_Locator LDAP_SSL ZeroNine test_1101 S kyDance_T conprosweb pushccvs ]; } then { permit { application-services { utm-policy WEBFILTER2; } } log { session-init; session-close; } count; } } policy Rule40 { match { source-address Asterisk_10.14.70.250; destination-address Bitram; application [ junos-ssh junos-telnet Asterisk_10050 Asterisk_10051 Asterisk_via AMI MySQL ]; } then { permit; } } policy Rule63 { match { source-address [ Correo_CONSOL_10.14.70.20 Correo_CRDS_10.14.70.83 ]; destination-address any; application [ junos-mail junos-pop3 SMTP_AUTH test_1101 junos-dns-udp ]; } then { permit; } } policy Rule62 { match { source-address any; destination-address [ Serv_Correo.ANI Serv_Correo.RyQ mail.renoirgroup.com conpros.co ]; application [ junos-mail POP3S junos-pop3 SMTPS SMTP_AUTH junos-imap junos-imaps HTTP_PROXY Owa_Lync test_1101 R DP ]; } then { permit; } } policy Rule79 { match { source-address Barracuda_10.14.70.49; destination-address any; application any; } then { permit; } } policy Rule148 { match { source-address Red_Lan_Bogota-10.14.70.0; destination-address any; application [ junos-dns-udp junos-http Banco_Bogota HTTP_PROXY Jamlogic_Paneles1 Jamlogic_Paneles2 junos-ymsg Su ramericana Antecedentes POP3S SMTPS SMTP_AUTH junos-imap junos-imaps Equipos_Codim2 Fondo_Nacional Fondo_Nacional2 Owa_Lync Custom_T CP_1299 Mail_Servi_Hoteles pcvargas DVR_CONSOL Suramericana_UDP Suramericana2 Suramericana3 EPMAP_Sura Grupo_Red O2_7777 Planeta_Rad io LYNCDISCOVER1 LYNCDISCOVER2 Claro junos-https Pet junos-ftp junos-tftp SenaSofia Ucentral Interrapidisimo GPSVolquetasCONSOL educ acion Puerto1_GasolinaU Puerto2_GasolinaU Puerto3_GasolinaU movilidad_bogota movilidad2_bogota wbmconpros_2096 S upernotariado_7010 procuraduria junos-http-ext shd sqd umin Napster_directory_8888_primary ICQ_Locator LDAP_SSL ZeroNine test_1101 S kyDance_T conprosweb policia junos-icmp-all junos-ping pushccvs ]; } then { permit { application-services { utm-policy WEBFILTER; } } log { session-init; session-close; } count; } scheduler-name Happy_Hour; } policy Rule51 { match { source-address [ mmarroquin_10.14.71.82 RP.FinancieroConsol_10.14.71.42 ]; destination-address any; application [ junos-dns-udp junos-http Banco_Bogota HTTP_PROXY Jamlogic_Paneles1 Jamlogic_Paneles2 junos-ymsg Su ramericana Antecedentes POP3S SMTPS SMTP_AUTH junos-imap junos-imaps Equipos_Codim2 Fondo_Nacional Fondo_Nacional2 Owa_Lync Custom_T CP_1299 Mail_Servi_Hoteles pcvargas DVR_CONSOL Suramericana_UDP Suramericana2 Suramericana3 EPMAP_Sura Grupo_Red O2_7777 Planeta_Rad io LYNCDISCOVER1 LYNCDISCOVER2 Claro junos-https Pet junos-ftp junos-tftp SenaSofia Ucentral Interrapidisimo GPSVolquetasCONSOL educ acion Puerto1_GasolinaU Puerto2_GasolinaU Puerto3_GasolinaU movilidad_bogota movilidad2_bogota wbmconpros_2096 S upernotariado_7010 procuraduria junos-http-ext shd sqd umin Napster_directory_8888_primary ICQ_Locator LDAP_SSL ZeroNine test_1101 S kyDance_T conprosweb ]; } then { permit { application-services { utm-policy WEBFILTER; application-firewall { rule-set ALLOW-YOUTUBE; } } } } } policy Rule21 { match { source-address Red_Lan_Bogota-10.14.70.0; destination-address any; application [ junos-dns-udp junos-http Banco_Bogota HTTP_PROXY Jamlogic_Paneles1 Jamlogic_Paneles2 junos-ymsg Su ramericana Antecedentes POP3S SMTPS SMTP_AUTH junos-imap junos-imaps Equipos_Codim2 Fondo_Nacional Fondo_Nacional2 Owa_Lync Custom_T CP_1299 Mail_Servi_Hoteles pcvargas DVR_CONSOL Suramericana_UDP Suramericana2 Suramericana3 EPMAP_Sura Grupo_Red O2_7777 Planeta_Rad io LYNCDISCOVER1 LYNCDISCOVER2 Claro junos-https Pet junos-ftp junos-tftp SenaSofia Ucentral Interrapidisimo GPSVolquetasCONSOL educ acion Puerto1_GasolinaU Puerto2_GasolinaU Puerto3_GasolinaU movilidad_bogota movilidad2_bogota wbmconpros_2096 S upernotariado_7010 procuraduria junos-http-ext shd sqd umin Napster_directory_8888_primary ICQ_Locator LDAP_SSL ZeroNine test_1101 S kyDance_T conprosweb policia junos-icmp-all junos-ping pushccvs Supertransporte Porvenir_9443 ]; } then { permit { application-services { utm-policy WEBFILTER; application-firewall { rule-set BLOCKED-APPS; } } } log { session-init; session-close; } } } policy Rule145 { description "Conexion a BES"; match { source-address BESX_10.14.70.97; destination-address any; application [ Custom_TCP_3101_BB Custom_UDP_3101_BB ]; } then { permit; } } policy CitadonRule { match { source-address nhomez; destination-address cdn; application any; } then { permit; log { session-init; session-close; } count; } } } from-zone Internet to-zone LAN_Bogota { policy Rule19 { match { source-address any; destination-address [ AD_CONSOL_10.14.70.16 AD_CRDS ]; application any; } then { permit; } } policy Rule41 { match { source-address [ Bitram crdsout ]; destination-address Asterisk_10.14.70.250; application [ junos-ssh junos-telnet Asterisk_10050 Asterisk_10051 Asterisk_via AMI MySQL junos-https ]; } then { permit; } } policy Rule13 { description "Email a IP 186.28.228.210"; match { source-address any; destination-address Correo_CRDS_10.14.70.83; application [ junos-mail HTTP_PROXY SMTP_AUTH junos-imap junos-imaps junos-pop3 junos-http junos-https SMTPS POP 3S junos-dns-udp junos-smtp ]; } then { permit { application-services { utm-policy junos-av-wf-policy; } } } } policy Rule14 { description "Email a IP 190.66.21.35"; match { source-address any; destination-address Correo_CONSOL_10.14.70.20; application [ junos-mail HTTP_PROXY SMTP_AUTH junos-imap junos-imaps junos-pop3 junos-http junos-https SMTPS POP 3S junos-dns-udp junos-ssh junos-smtp ]; } then { permit { application-services { utm-policy junos-av-wf-policy; } } } } policy Rule42 { match { source-address [ Bitram_190.156.242.47 Etra ]; destination-address Asterisk_10.14.70.250; application [ junos-ssh junos-telnet Asterisk_10050 Asterisk_10051 Asterisk_via AMI MySQL ]; } then { permit; } } policy Rule47 { match { source-address any; destination-address LYNCED_Externo_10.14.70.195; application [ LYNC_CONFERENCE Owa_Lync junos-https LYNC_SIP LYNC_MOBILE LYNC_WEB LYNC_FE_UDP LYNC3 LYNCDISCOVER1 LYNCDISCOVER2 Banco_Bogota junos-sip HTTP_PROXY LYNC_FE_TCP LYNC_ASTERISK junos-snpp junos-http ]; } then { permit; } } policy Rule55 { match { source-address any; destination-address WebCRDS_10.14.70.101; application [ junos-http junos-https junos-ftp ]; } then { permit; } } policy Rule64 { match { source-address [ Serv_Correo.ANI Serv_Correo.RyQ conpros.co mail.renoirgroup.com ]; destination-address any; application [ junos-mail junos-pop3 SMTP_AUTH test_1101 ]; } then { permit; } } policy Rule83 { match { source-address any; destination-address Barracuda_10.14.70.49; application any; } then { permit; } } policy Rule87 { match { source-address any; destination-address [ Ftp_CRDS GD_10.14.70.56 FTP_CONSOL_NEW10.14.70.2 Correo_CRDS_10.14.70.83 Ftp_Consol_10.14. 70.17 Correo_CONSOL_10.14.70.20 Ares_10.14.70.135 WebCRDS_10.14.70.101 LogiTrac_10.14.70.4 ]; application [ junos-ftp RDP DinnerApp ]; } then { permit; } } policy Rule146 { description "Internet a Bes"; match { source-address any; destination-address BESX_10.14.70.97; application [ Custom_TCP_3101_BB Custom_UDP_3101_BB ]; } then { permit; } } policy policy_in_dyn_vpn { match { source-address any; destination-address any; application any; } then { permit { tunnel { ipsec-vpn dyn_vpn; } } } } policy Rule165 { description Alimentacion; match { source-address All_Internet; destination-address FTP_CONSOL_NEW10.14.70.2; application [ softalim1 softalim2 softalim3 ]; } then { permit; log { session-init; session-close; } count; } } policy CitadonERule { match { source-address cdn; destination-address nhomez; application any; } then { permit; log { session-init; session-close; } count; } } } from-zone CRDS to-zone Internet { policy Rule33 { match { source-address [ Aguachica_10.14.82.26 Alvaro_10.14.98.168 julian_21.82 cramirez ]; destination-address any; application [ junos-dns-udp junos-http Banco_Bogota HTTP_PROXY Jamlogic_Paneles1 Jamlogic_Paneles2 junos-ymsg Su ramericana Antecedentes POP3S SMTPS SMTP_AUTH junos-imap junos-imaps Equipos_Codim2 Fondo_Nacional Fondo_Nacional2 Owa_Lync Custom_T CP_1299 Mail_Servi_Hoteles pcvargas DVR_CONSOL Suramericana_UDP Suramericana2 Suramericana3 EPMAP_Sura Grupo_Red O2_7777 Planeta_Rad io LYNCDISCOVER1 LYNCDISCOVER2 Claro junos-https Pet junos-ftp junos-tftp SenaSofia Ucentral Interrapidisimo GPSVolquetasCONSOL educ acion Puerto1_GasolinaU Puerto2_GasolinaU Puerto3_GasolinaU movilidad_bogota movilidad2_bogota wbmconpros_2096 S upernotariado_7010 procuraduria junos-http-ext shd sqd umin Napster_directory_8888_primary ICQ_Locator LDAP_SSL ZeroNine test_1101 S kyDance_T conprosweb ]; } then { permit { application-services { utm-policy WEBFILTER_SIN_ANTIVIRUS2; } } } } policy Rule22 { match { source-address Corporativo; destination-address localizavs; application [ pushccvs pushultrack ]; } then { permit; } } policy Rule149 { match { source-address any; destination-address any; application [ junos-dns-udp junos-http Banco_Bogota HTTP_PROXY Jamlogic_Paneles1 Jamlogic_Paneles2 junos-ymsg Su ramericana Antecedentes POP3S SMTPS SMTP_AUTH junos-imap junos-imaps Equipos_Codim2 Fondo_Nacional Fondo_Nacional2 Owa_Lync Custom_T CP_1299 Mail_Servi_Hoteles pcvargas DVR_CONSOL Suramericana_UDP Suramericana2 Suramericana3 EPMAP_Sura Grupo_Red O2_7777 Planeta_Rad io LYNCDISCOVER1 LYNCDISCOVER2 Claro junos-https Pet junos-ftp junos-tftp SenaSofia Ucentral Interrapidisimo GPSVolquetasCONSOL educ acion Puerto1_GasolinaU Puerto2_GasolinaU Puerto3_GasolinaU movilidad_bogota movilidad2_bogota wbmconpros_2096 S upernotariado_7010 procuraduria junos-http-ext shd sqd umin Napster_directory_8888_primary ICQ_Locator LDAP_SSL ZeroNine test_1101 S kyDance_T conprosweb pushccvs ]; } then { permit { application-services { utm-policy WEBFILTER_SIN_ANTIVIRUS; } } } scheduler-name Happy_Hour; } policy Rule43 { match { source-address [ lgratuita_10.14.20.28 Texeira_10.14.98.24 Mpiller_10.14.98.27 cco_10.14.20.184 claudia_rincon ] ; destination-address any; application [ junos-dns-udp junos-http Banco_Bogota HTTP_PROXY Jamlogic_Paneles1 Jamlogic_Paneles2 junos-ymsg Su ramericana Antecedentes POP3S SMTPS SMTP_AUTH junos-imap junos-imaps Equipos_Codim2 Fondo_Nacional Fondo_Nacional2 Owa_Lync Custom_T CP_1299 Mail_Servi_Hoteles pcvargas DVR_CONSOL Suramericana_UDP Suramericana2 Suramericana3 EPMAP_Sura Grupo_Red O2_7777 Planeta_Rad io LYNCDISCOVER1 LYNCDISCOVER2 Claro junos-https Pet junos-ftp junos-tftp SenaSofia Ucentral Interrapidisimo GPSVolquetasCONSOL educ acion Puerto1_GasolinaU Puerto2_GasolinaU Puerto3_GasolinaU movilidad_bogota movilidad2_bogota wbmconpros_2096 S upernotariado_7010 procuraduria junos-http-ext shd sqd umin Napster_directory_8888_primary ICQ_Locator LDAP_SSL ZeroNine test_1101 S kyDance_T conprosweb policia ]; } then { permit { application-services { utm-policy WEBFILTER_SIN_ANTIVIRUS2; application-firewall { rule-set ALLOW-YOUTUBE; } } } } } policy Rule141 { match { source-address Corporativo; destination-address conpros.co; application [ junos-mail junos-pop3 junos-imap junos-imaps POP3S junos-smtp SMTPS SMTP_AUTH conprosweb ]; } then { permit { application-services { utm-policy WEBFILTER_SIN_ANTIVIRUS; application-firewall { rule-set BLOCKED-APPS; } } } } } policy Rule20 { match { source-address Corporativo; destination-address any; application [ junos-dns-udp junos-http Banco_Bogota HTTP_PROXY Jamlogic_Paneles1 Jamlogic_Paneles2 junos-ymsg Su ramericana Antecedentes POP3S SMTPS SMTP_AUTH junos-imap junos-imaps Equipos_Codim2 Fondo_Nacional Fondo_Nacional2 Owa_Lync Custom_T CP_1299 Mail_Servi_Hoteles pcvargas DVR_CONSOL Suramericana_UDP Suramericana2 Suramericana3 EPMAP_Sura Grupo_Red O2_7777 Planeta_Rad io LYNCDISCOVER1 LYNCDISCOVER2 Claro junos-https Pet junos-ftp junos-tftp SenaSofia Ucentral Interrapidisimo GPSVolquetasCONSOL educ acion Puerto1_GasolinaU Puerto2_GasolinaU Puerto3_GasolinaU movilidad_bogota movilidad2_bogota wbmconpros_2096 S upernotariado_7010 procuraduria junos-http-ext shd sqd umin Napster_directory_8888_primary ICQ_Locator LDAP_SSL ZeroNine test_1101 S kyDance_T conprosweb policia junos-icmp-all junos-ping pushccvs Supertransporte Porvenir_9443 ]; } then { permit { application-services { utm-policy WEBFILTER_SIN_ANTIVIRUS; application-firewall { rule-set BLOCKED-APPS; } } } } } policy Rule127 { match { source-address Red_CONSOL_CRDS_38.7_10.14.98.0; destination-address any; application [ junos-dns-udp junos-http Banco_Bogota HTTP_PROXY Jamlogic_Paneles1 Jamlogic_Paneles2 junos-ymsg Su ramericana Antecedentes POP3S SMTPS SMTP_AUTH junos-imap junos-imaps Equipos_Codim2 Fondo_Nacional Fondo_Nacional2 Owa_Lync Custom_T CP_1299 Mail_Servi_Hoteles pcvargas DVR_CONSOL Suramericana_UDP Suramericana2 Suramericana3 EPMAP_Sura Grupo_Red O2_7777 Planeta_Rad io LYNCDISCOVER1 LYNCDISCOVER2 Claro junos-https Pet junos-ftp junos-tftp SenaSofia Ucentral Interrapidisimo GPSVolquetasCONSOL educ acion Puerto1_GasolinaU Puerto2_GasolinaU Puerto3_GasolinaU movilidad_bogota movilidad2_bogota wbmconpros_2096 S upernotariado_7010 procuraduria junos-http-ext shd sqd umin Napster_directory_8888_primary ICQ_Locator LDAP_SSL ZeroNine test_1101 S kyDance_T conprosweb policia ]; } then { permit { application-services { utm-policy WEBFILTER_SIN_ANTIVIRUS; application-firewall { rule-set BLOCKED-APPS; } } } } } policy Rule128 { match { source-address any; destination-address any; application [ junos-dns-udp junos-http Banco_Bogota HTTP_PROXY Jamlogic_Paneles1 Jamlogic_Paneles2 junos-ymsg Su ramericana Antecedentes POP3S SMTPS SMTP_AUTH junos-imap junos-imaps Equipos_Codim2 Fondo_Nacional Fondo_Nacional2 Owa_Lync Custom_T CP_1299 Mail_Servi_Hoteles pcvargas DVR_CONSOL Suramericana_UDP Suramericana2 Suramericana3 EPMAP_Sura Grupo_Red O2_7777 Planeta_Rad io LYNCDISCOVER1 LYNCDISCOVER2 Claro junos-https Pet junos-ftp junos-tftp SenaSofia Ucentral Interrapidisimo GPSVolquetasCONSOL educ acion Puerto1_GasolinaU Puerto2_GasolinaU Puerto3_GasolinaU movilidad_bogota movilidad2_bogota wbmconpros_2096 S upernotariado_7010 procuraduria junos-http-ext shd sqd umin Napster_directory_8888_primary ICQ_Locator LDAP_SSL ZeroNine test_1101 S kyDance_T conprosweb pushccvs ]; } then { permit { application-services { utm-policy WEBFILTER_SIN_ANTIVIRUS; application-firewall { rule-set BLOCKED-APPS; } } } } } policy Rule147 { description "ntp desde corporativo hacia servidores ntp globales"; match { source-address Corporativo; destination-address [ south_ntp1 south_ntp2 ]; application junos-ntp; } then { permit; } } policy RuleKenworth { match { source-address Corporativo; destination-address kenworth_srv; application [ junos-http junos-https PuertoKw1 PuertoKw_3389 ]; } then { permit; } } } from-zone Internet to-zone CRDS { policy Rule23 { match { source-address localizavs; destination-address Corporativo; application [ pushccvs pushultrack ]; } then { permit; } } policy Rule28 { match { source-address any; destination-address Maquinaria_Consol_PSalgar; application [ Maquinaria_Puerto_Salgar junos-icmp-ping Speed_Solution Speed_Solution2 junos-telnet Puerto8000 Ma q_39998 Maq_39999 Puerto1_GasolinaU Puerto2_GasolinaU ]; } then { permit; } } policy Rule139 { match { source-address any; destination-address vcenter_10.14.78.16; application [ junos-ftp RDP ]; } then { permit; } } policy RuleKenworthFW { match { source-address kenworth_srv; destination-address Corporativo; application [ PuertoKw1 PuertoKw_3389 junos-http junos-https ]; } then { permit; } } } from-zone CRDS to-zone CRDS { policy Rule24 { match { source-address any; destination-address Maquinaria_Consol_PSalgar; application [ Maquinaria_Puerto_Salgar junos-icmp-ping Speed_Solution Speed_Solution2 junos-telnet Puerto8000 Ma q_39998 Maq_39999 Puerto1_GasolinaU Puerto2_GasolinaU TeamViewer ]; } then { permit; } } policy Rule29 { match { source-address Maquinaria_Consol_PSalgar; destination-address any; application [ Maquinaria_Puerto_Salgar junos-icmp-ping Speed_Solution Speed_Solution2 junos-telnet Puerto8000 Ma q_39998 Maq_39999 Puerto1_GasolinaU Puerto2_GasolinaU TeamViewer ]; } then { permit; } } policy Rule132 { match { source-address Plantas_Telefonicas_CRDS; destination-address any; application [ Telefonia_CRDS_Consol junos-sip junos-icmp-ping ]; } then { permit; } } policy Rule67 { match { source-address any; destination-address Plantas_Telefonicas_CRDS; application [ Telefonia_CRDS_Consol junos-sip junos-icmp-ping ]; } then { permit; } } policy Rule72 { match { source-address Corporativo; destination-address Corporativo; application [ GrupoPuertosUsers UDP_HIGH ]; } then { permit; log { session-init; session-close; } } } policy Rule88 { match { source-address any; destination-address vcenter_10.14.78.16; application [ junos-ftp RDP ]; } then { permit; } } policy Rule92 { match { source-address Corporativo; destination-address Host_Impresora_38.7_Consol; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule95 { match { source-address Corporativo; destination-address Host_Impresora_38.7_CRDS; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule96 { match { source-address Corporativo; destination-address [ Host_Impresora_Lizama_Consol esantiago ]; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule98 { match { source-address [ Host_Impresora_Lizama_Consol esantiago ]; destination-address Corporativo; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule100 { match { source-address Corporativo; destination-address Red_CIMITARRA_10.14.60.0; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule107 { match { source-address Corporativo; destination-address [ Social_Bca TecPredial_10.14.25.2 edenpc ]; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule110 { match { source-address [ Social_Bca TecPredial_10.14.25.2 ]; destination-address Corporativo; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule116 { match { source-address Corporativo; destination-address TI_LIZAMA_10.14.20.15; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule118 { match { source-address Corporativo; destination-address TI_AGUACHICA_10.14.80.91; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule119 { match { source-address Red_CIMITARRA_10.14.60.0; destination-address Corporativo; application [ junos-cifs junos-nbds ]; } then { permit; } } policy Rule140 { match { source-address any; destination-address any; application [ Maquinaria_Puerto_Salgar junos-icmp-ping Speed_Solution Speed_Solution2 junos-telnet Puerto8000 Ma q_39998 Maq_39999 Puerto1_GasolinaU Puerto2_GasolinaU Telefonia_CRDS_Consol ]; } then { permit; } } policy Rule141 { match { source-address any; destination-address any; application [ LYNC_SHARE_TCP LYNC_FE_TCP LYNC_FE_UDP LYNC_SIP LYNC_ASTERISK LYNC3 LYNC_CONFERENCE LYNC_MOBILE LY NC_WEB LYNCDISCOVER1 LYNCDISCOVER2 Owa_Lync ]; } then { permit; log { session-init; session-close; } count; } } } from-zone BTLatam to-zone CRDS { policy Rule26 { match { source-address any; destination-address Maquinaria_Consol_PSalgar; application [ Maquinaria_Puerto_Salgar junos-icmp-ping Speed_Solution Speed_Solution2 junos-telnet Puerto8000 Ma q_39998 Maq_39999 Puerto1_GasolinaU Puerto2_GasolinaU ]; } then { permit; } } policy Rule90 { match { source-address any; destination-address [ vcenter_10.14.78.16 peajesmoorison morrison2 ]; application [ junos-ftp RDP ]; } then { permit; } } policy Rule121 { match { source-address Grupo_Peajes; destination-address Corporativo; application Peajes_Servicios; } then { permit; } } } from-zone CRDS to-zone BTLatam { policy Rule31 { match { source-address Maquinaria_Consol_PSalgar; destination-address any; application [ Maquinaria_Puerto_Salgar junos-icmp-ping Speed_Solution Speed_Solution2 junos-telnet Puerto8000 Ma q_39998 Maq_39999 Puerto1_GasolinaU Puerto2_GasolinaU ]; } then { permit; } } policy Rule124 { match { source-address Corporativo; destination-address Grupo_Peajes; application Peajes_Servicios; } then { permit; } } } from-zone BTLatam to-zone LAN_Bogota { policy Rule35 { match { source-address any; destination-address BESX_10.14.70.97; application [ Custom_TCP_3101_BB Custom_UDP_3101_BB ]; } then { permit; } } policy Rule45 { match { source-address any; destination-address [ LYNC_10.14.70.193 LYNCED_10.14.70.194 LYNCED_Externo_10.14.70.195 ]; application [ LYNC_CONFERENCE Owa_Lync junos-https LYNC_SIP LYNC_MOBILE LYNC_WEB LYNC_FE_UDP LYNC3 LYNCDISCOVER1 LYNCDISCOVER2 Banco_Bogota junos-sip HTTP_PROXY LYNC_FE_TCP LYNC_ASTERISK junos-snpp junos-http ]; } then { permit; } } policy Rule53 { match { source-address any; destination-address Servidor_CONSOL_Competitividad_10.14.70.198; application [ junos-http junos-https junos-ftp ]; } then { permit; } } policy Rule57 { match { source-address any; destination-address WebCRDS_10.14.70.101; application [ junos-http junos-https junos-ftp ]; } then { permit; } } policy Rule60 { match { source-address any; destination-address [ Correo_CONSOL_10.14.70.20 Correo_CRDS_10.14.70.83 ]; application [ junos-mail POP3S junos-pop3 SMTPS SMTP_AUTH junos-imap junos-imaps HTTP_PROXY Owa_Lync test_1101 R DP ]; } then { permit; } } policy Rule81 { match { source-address any; destination-address Barracuda_10.14.70.49; application any; } then { permit; } } policy Rule85 { match { source-address any; destination-address [ FTP_CONSOL_NEW10.14.70.2 Ftp_CRDS Ftp_Consol_10.14.70.17 Asterisk_10.14.70.250 LYNCED_Exte rno_10.14.70.195 GD_10.14.70.56 Primavera_10.14.70.110 ]; application [ junos-ftp RDP ]; } then { permit; } } policy Rule122 { match { source-address Grupo_Peajes; destination-address Red_Lan_Bogota-10.14.70.0; application Peajes_Servicios; } then { permit; log { session-init; session-close; } } } } from-zone LAN_Bogota to-zone BTLatam { policy Rule38 { match { source-address BESX_10.14.70.97; destination-address any; application [ Custom_TCP_3101_BB Custom_UDP_3101_BB ]; } then { permit; } } policy Rule49 { match { source-address [ LYNC_10.14.70.193 LYNCED_10.14.70.194 LYNCED_Externo_10.14.70.195 ]; destination-address any; application [ LYNC_CONFERENCE Owa_Lync junos-https LYNC_SIP LYNC_MOBILE LYNC_WEB LYNC_FE_UDP LYNC3 LYNCDISCOVER1 LYNCDISCOVER2 Banco_Bogota junos-sip HTTP_PROXY LYNC_FE_TCP LYNC_ASTERISK junos-snpp junos-http ]; } then { permit; } } policy Rule77 { match { source-address Barracuda_10.14.70.49; destination-address any; application any; } then { permit; } } policy Rule125 { match { source-address Red_Lan_Bogota-10.14.70.0; destination-address [ Grupo_Peajes IP_192.168.61.3 IP_192.168.61.4 ]; application [ Peajes_Servicios junos-icmp-all junos-icmp-ping junos-ping ]; } then { permit; log { session-init; session-close; } count; } } } from-zone BTLatam to-zone BTLatam { policy Rule123 { match { source-address Grupo_Peajes; destination-address [ IP_192.168.61.3 IP_192.168.61.4 Net_192.168.3.0 ]; application Peajes_Servicios; } then { permit; } } policy Rule126 { match { source-address [ Net_192.168.3.0 IP_192.168.61.3 IP_192.168.61.4 ]; destination-address Grupo_Peajes; application Peajes_Servicios; } then { permit; } } } from-zone LAN_Bogota to-zone LAN_Bogota { policy Rule137 { description "Email a IP 186.28.228.210"; match { source-address any; destination-address any; application any; } then { permit; } } } from-zone BTLatam to-zone Global_Odebrecht { policy Rule1 { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone Global_Odebrecht to-zone BTLatam { policy nat1 { match { source-address any; destination-address any; application any; } then { permit; } } } global { policy CleanUP { match { source-address any; destination-address any; application any; } then { deny; log { session-init; } } } } default-policy { deny-all; } } inactive: traceoptions { file anti-spam; flag all; } zones { security-zone Internet { address-book { address All_Internet 0.0.0.0/0; address Asterisk_186.28.228.221 186.28.228.221/32; address Barracuda_IP_186.28.228.219 186.28.228.219/32; address Bitram_190.156.242.47 190.156.242.47/32; address Etra 195.77.187.234/32; address FTP_CRDS_186.28.228.213 186.28.228.213/32; address FTP_Consol_190.66.21.36 190.66.21.36/32; address FTP_Consol_New_186.28.228.222 186.28.228.222/32; address FTP_DS_Odebrecht_190.27.194.36 190.27.194.36/32; address FTP_Integrar_Consol_190.248.11.138 190.248.11.138/32; address GD_186.28.228.212 186.28.228.212/32; address Google_DNS_4 4.2.2.2/32; address Google_DNS_8 8.8.8.8/32; address Host_GIS 146.255.100.111/32; address IP_186.28.228.210 186.28.228.210/32; address IP_190.254.14.102 190.154.14.102/32; address IP_190.66.21.35 190.66.21.35/32; address IP_Cluster_190.254.14.101 190.254.14.101/32; address LYNCED_186.28.228.220 186.28.228.220/32; address Maquinaria_Consol_186.28.228.215 186.28.228.215/32; address Maquinaria_Consol_190.254.14.99 190.254.14.99/32; address Serv_Correo.ANI 190.25.230.138/32; address Serv_Correo.Odebrecht_Ext 200.90.142.172/32; address Serv_Correo.RyQ 190.8.176.82/32; address conpros.co 64.64.21.106/32; address ip_181.52.238.46 181.52.238.46/32; address localizavs 173.45.121.121/32; address mail.renoirgroup.com 67.228.90.91/32; address ocs_pc 200.185.109.145/32; address south_ntp1 200.160.7.186/32; address south_ntp2 201.234.79.113/32; address Bitram 200.71.58.171/32; address crdsout 186.116.9.60/32; address cdn 72.21.92.20/32; address kenworth_srv 190.7.136.171/32; address dann 190.90.167.7/32; } host-inbound-traffic { system-services { ike; https; } } interfaces { reth2.0; reth3.0; reth6.0; } } security-zone CRDS { address-book { address Aguachica_10.14.82.26 10.14.82.26/32; address Alvaro_10.14.98.168 10.14.98.168/32; address Armando_CCO 10.14.20.9/32; address FernandoMello 10.14.98.74/32; address Host_Impresora_38.7_CRDS 10.14.98.8/32; address Host_Impresora_38.7_Consol 10.14.98.101/32; address Host_Impresora_Lizama_Consol 10.14.78.24/32; address Leslei 10.14.98.71/32; address MPLS_10.14.2.16 10.14.2.16/29; address Maquinaria_Consol_PSalgar 10.14.98.205/32; address Mpiller_10.14.98.26 10.14.98.26/32; address Mpiller_10.14.98.27 10.14.98.27/32; address Mplazas_10.14.71.82 10.14.98.114/32; address OECSPOT_Consol 10.14.78.238/32; address Planta_Aguachica_Consol 10.14.82.3/32; address Planta_Consol_Salgar3 10.14.98.48/32; address Planta_Lizama_Consol 10.14.78.30/32; address Planta_SALGAR_10.14.98.4 10.14.98.4/32; address Planta_Salgar_Consol 10.14.98.3/32; address Pto_Salgar 10.14.98.173/32; address RH_Salgar 10.14.99.254/32; address Red_AGUACHICA_CRDS_10.14.80.0 10.14.80.0/22; address Red_ARAUJO_10.14.51.0 10.14.51.0/28; address Red_BBMEJA_Predial_10.14.24.0 10.14.24.0/29; address Red_Barranca_Predial_10.14.25.0 10.14.25.0/27; address Red_CAC_PAILITAS_10.14.92.0 10.14.92.0/24; address Red_CAC_PuertoBoyaca_10.14.62.0 10.14.62.0/24; address Red_CAC_SANMARTIN_10.14.41.0 10.14.41.0/29; address Red_CAC_Salgar_10.14.91.0 10.14.91.0/29; address Red_CAC_SanAlberto_10.14.94.0 10.14.94.0/24; address Red_CIMITARRA_10.14.60.0 10.14.60.0/23; address Red_CONSOL_BESOTE_10.14.43.0 10.14.43.0/24; address Red_CONSOL_CRDS_38.7_10.14.98.0 10.14.98.0/23; address Red_CONSOL_LIZAMA_10.14.78.0 10.14.78.0/24; address Red_CONSOL_TORCOROMA_10.14.45.0 10.14.45.0/24; address Red_Dorada_Predial_10.14.90.0 10.14.90.0/24; address Red_LIZAMA_CRDS-10.14.20.0 10.14.20.0/23; address Red_PuertoBoyaca-10.14.30.0 10.14.30.0/23; address Social_Bca 10.14.25.33/32; address TI_AGUACHICA_10.14.80.91 10.14.80.91/32; address TI_LIZAMA_10.14.20.15 10.14.20.15/32; address TI_PuertoSalgar_10.14.98.21 10.14.98.21/32; address TI_PuertoSalgar_10.14.98.22 10.14.98.22/32; address TecPredial_10.14.25.2 10.14.25.2/32; address Teste_salgar 10.14.98.62/32; address Texeira_10.14.98.24 10.14.98.24/32; address Yuleinis_10.14.21.25 10.14.21.25/32; address Yuleinis_Aguachica_10.14.80.108 10.14.80.108/32; address cco_10.14.20.184 10.14.20.184/32; address conpros 10.14.100.10/32; address lgratuita_10.14.20.28 10.14.20.28/32; address nohelia 10.14.99.84/32; address salgar_consol 10.14.98.115/32; address vcenter_10.14.78.16 10.14.78.16/32; address claudia_rincon 10.14.20.21/32; address julian_21.82 10.14.21.82/32; address cramirez 10.14.20.193/32; address temp_salgar 10.14.99.222/32; address salgar3 10.14.98.126/32; address esantiago 10.14.20.81/32; address Lizama_julian 10.14.20.124/32; address peajesmoorison 10.14.80.21/32; address cimitarraserver 10.14.60.41/32; address morrison2 10.14.80.30/32; address edenpc 10.14.65.11/32; address archlizama 10.14.20.16/32; address labboyaca 10.14.65.0/26; address-set Corporativo { address Red_BBMEJA_Predial_10.14.24.0; address Red_CAC_PuertoBoyaca_10.14.62.0; address Red_CAC_SanAlberto_10.14.94.0; address Red_CAC_SANMARTIN_10.14.41.0; address Red_CIMITARRA_10.14.60.0; address Red_CONSOL_CRDS_38.7_10.14.98.0; address Red_CONSOL_LIZAMA_10.14.78.0; address Red_PuertoBoyaca-10.14.30.0; address Red_Barranca_Predial_10.14.25.0; address Red_AGUACHICA_CRDS_10.14.80.0; address Red_CAC_Salgar_10.14.91.0; address Red_CAC_PAILITAS_10.14.92.0; address Red_ARAUJO_10.14.51.0; address Red_LIZAMA_CRDS-10.14.20.0; address Red_Dorada_Predial_10.14.90.0; address labboyaca; } address-set Plantas_Telefonicas_CRDS { address Planta_Aguachica_Consol; address Planta_Lizama_Consol; address Planta_SALGAR_10.14.98.4; address Planta_Salgar_Consol; } address-set DocumentosCompartidos { address Yuleinis_10.14.21.25; address Yuleinis_Aguachica_10.14.80.108; address Red_CONSOL_CRDS_38.7_10.14.98.0; address Maquinaria_Consol_PSalgar; address Host_Impresora_Lizama_Consol; address esantiago; address labboyaca; } address-set AdminRed { address TI_LIZAMA_10.14.20.15; address TI_AGUACHICA_10.14.80.91; address TI_PuertoSalgar_10.14.98.21; address TI_PuertoSalgar_10.14.98.22; address RH_Salgar; address Yuleinis_10.14.21.25; address Alvaro_10.14.98.168; address Teste_salgar; address julian_21.82; } address-set permite_streaming { address cramirez; address julian_21.82; address Aguachica_10.14.82.26; } } host-inbound-traffic { system-services { ping; } } interfaces { reth0.0; } } security-zone LAN_Bogota { address-book { address AD_CONSOL_10.14.70.16 10.14.70.16/32; address AD_CRDS 10.14.70.45/32; address Antivirus_10.14.70.108 10.14.70.108/32; address Ares_10.14.70.135 10.14.70.135/32; address Asterisk_10.14.70.250 10.14.70.250/32; address BESX_10.14.70.97 10.14.70.97/32; address BETA_10.14.70.89 10.14.70.89/32; address Barracuda_10.14.70.49 10.14.70.49/32; address Carlos_Perez-10.14.71.33 10.14.71.31/32; address CheckPoint_10.14.70.102 10.14.70.102/32; address CheckPoint_10.14.70.103 10.14.70.103/32; address Correo_CONSOL_10.14.70.20 10.14.70.20/32; address Correo_CRDS_10.14.70.83 10.14.70.83/32; address Dsantos_10.14.71.174 10.14.70.140/32; address FTP_CONSOL_NEW10.14.70.2 10.14.70.2/32; address Ftp_CRDS 10.14.70.40/32; address Ftp_Consol_10.14.70.17 10.14.70.17/32; address GD_10.14.70.56 10.14.70.56/32; address Global_LAN_10.0.0.0 10.0.0.0/8; address LYNC_10.14.70.193 10.14.70.193/32; address LYNCED_10.14.70.194 10.14.70.194/32; address LYNCED_Externo_10.14.70.195 10.14.70.195/32; address LogiTrac_10.14.70.4 10.14.70.4/32; address NAS_10.14.70.43 10.14.70.43/32; address NHOMEZ_10.14.71.48 10.14.71.123/32; address Odin_10.14.70.70 10.14.70.70/32; address Peajes_Linux 10.14.70.14/32; address Planta_Bogota_CRDS 10.14.70.197/32; address Primavera_10.14.70.110 10.14.70.110/32; address RP_10.14.71.19 10.14.71.19/32; address RP.FinancieroConsol_10.14.71.42 10.14.71.42/32; address Red_Lan_Bogota-10.14.70.0 10.14.70.0/23; address SIIP_10.14.70.115 10.14.70.115/32; address SOPORTES_10.14.71.64 10.14.70.64/32; address Serv_Files_CRDS 10.14.70.98/32; address Servidor_CONSOL_Competitividad_10.14.70.198 10.14.70.198/32; address SisengConsol_10.14.70.15 10.14.70.15/32; address Synapsis_10.14.70.19 10.14.70.19/32; address TrendConsol_10.14.70.18 10.14.70.18/32; address WebCRDS_10.14.70.101 10.14.70.101/32; address aquiroga 10.14.71.194/32; address cco2 10.14.71.197/32; address cperez2 10.14.71.54/32; address lalmanza 10.14.71.26/32; address lhurtado 10.14.71.168/32; address mmarroquin_10.14.71.82 10.14.71.82/32; address mpilar 10.14.71.24/32; address rlvieira 10.14.71.58/32; address rlvieira2 10.14.71.60/32; address Epferracuti_10.14.71.45 10.14.71.45/32; address aquirog 10.14.71.80/32; address Trend_Anti 10.14.70.21/32; address epferracuti_71.32 10.14.71.32/32; address mpilar2 10.14.71.207/32; address amunoz1 10.14.71.151/32; address amunoz2 10.14.71.108/32; address nzuluaga1 10.14.71.12/32; address nzuluaga2 10.14.71.166/32; address lhurtado2 10.14.71.93/32; address dcaldas 10.14.71.172/32; address dcaldas2 10.14.71.44/32; address maga1 10.14.71.219/32; address maga2 10.14.71.223/32; address test_youtube 10.14.71.125/32; address epfipad 10.14.71.70/32; address nhomez 10.14.71.123/32; address avalencia 10.14.70.175/32; address Recepcion 10.14.71.49/32; address-set DocumentosCompartidos { address mmarroquin_10.14.71.82; address mpilar; address TrendConsol_10.14.70.18; address Synapsis_10.14.70.19; address SisengConsol_10.14.70.15; address LogiTrac_10.14.70.4; address Ftp_Consol_10.14.70.17; address FTP_CONSOL_NEW10.14.70.2; address GD_10.14.70.56; address aquirog; address Trend_Anti; } address-set AdminRedBog { address Carlos_Perez-10.14.71.33; address Peajes_Linux; address SIIP_10.14.70.115; address Antivirus_10.14.70.108; address RP.FinancieroConsol_10.14.71.42; address Dsantos_10.14.71.174; address cperez2; address Primavera_10.14.70.110; address Trend_Anti; address epferracuti_71.32; } address-set permite_streaming { address Dsantos_10.14.71.174; address nzuluaga1; address mpilar; address Carlos_Perez-10.14.71.33; address epferracuti_71.32; address dcaldas2; address Epferracuti_10.14.71.45; address cperez2; address rlvieira; address rlvieira2; address lhurtado2; address amunoz1; address amunoz2; address nzuluaga2; address lhurtado; address cco2; address mpilar2; address maga1; address maga2; } } host-inbound-traffic { system-services { https; ssh; ping; snmp; } } interfaces { reth1.0; } } security-zone BTLatam { address-book { address Net_192.168.120.0 192.168.120.0/24; address Net_192.168.3.0 192.168.3.0/24; address Net_192.168.4.0 192.168.4.0/24; address Net_192.168.56.0 192.168.56.0/24; address Net_192.168.60.0 192.168.60.0/24; address Net_192.168.61.0 192.168.61.0/24; address Net_192.168.62.0 192.168.62.0/24; address Net_192.168.63.0 192.168.63.0/24; address Net_192.168.9.0 192.168.9.0/24; address ROUTER_AGUACHICA 192.168.6.10/32; address IP_192.168.61.3 192.168.61.3/32; address IP_192.168.61.4 192.168.61.4/32; address server-1 192.168.3.2/32; address server-2 192.168.61.8/32; address-set Grupo_Peajes { address Net_192.168.120.0; address Net_192.168.56.0; address Net_192.168.60.0; address Net_192.168.61.0; address Net_192.168.62.0; address Net_192.168.63.0; address Net_192.168.9.0; address Net_192.168.3.0; address Net_192.168.4.0; } } host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { reth5.0; } } security-zone Global_Odebrecht { address-book { address Broad 10.14.6.255/32; address CheckPoint_10.14.6.21 10.14.6.21/32; address CheckPoint_10.14.6.22 10.14.6.22/32; address Citrix_Range { range-address 10.19.142.0 { to { 10.19.142.150; } } } address Citrix_App 10.19.142.101/32; address HelpDesk_10.1.250.181 10.1.250.181/32; address Host.DS_10.14.6.129 10.14.6.129/32; address Juniper_10.14.6.20 10.14.6.20/32; address Maquinaria_Consol_Besote 10.14.45.12/32; address Maquinaria_Consol_Torcoroma 10.14.43.12/32; address Net_10.1.0.0 10.1.0.0/16; address Net_10.100.0.0 10.100.0.0/16; address Net_10.118.0.0 10.118.0.0/16; address Net_10.120.0.0 10.120.0.0/16; address Net_10.121.0.0 10.121.0.0/16; address Net_10.122.0.0 10.122.0.0/16; address Net_10.124.0.0 10.124.0.0/16; address Net_10.14.2.16 10.14.2.16/29; address Net_10.14.210.0_Juniper 10.14.210.0/23; address Net_10.14.43.0 10.14.43.0/24; address Net_10.14.45.0 10.14.45.0/24; address Net_10.14.6.0 10.14.6.0/23; address Net_10.14.8.0 10.14.8.0/24; address Net_10.152.0.0 10.152.0.0/16; address Net_10.154.0.0 10.154.0.0/16; address Net_10.156.0.0 10.156.0.0/16; address Net_10.16.0.0 10.16.0.0/16; address Net_10.160.0.0 10.160.0.0/12; address Net_10.18.0.0 10.18.0.0/16; address Net_10.19.0.0 10.19.0.0/16; address Net_10.192.0.0 10.192.0.0/10; address Net_10.20.0.0 10.20.0.0/16; address Net_10.2.0.0 10.2.0.0/16; address Net_10.22.0.0 10.22.0.0/16; address Net_10.24.0.0 10.24.0.0/16; address Net_10.26.0.0 10.26.0.0/16; address Net_10.28.0.0 10.28.0.0/16; address Net_10.30.0.0 10.30.0.0/16; address Net_10.32.0.0 10.32.0.0/16; address Net_10.4.0.0 10.4.0.0/16; address Net_10.40.0.0 10.40.0.0/16; address Net_10.44.0.0 10.44.0.0/16; address Net_10.50.0.0 10.55.0.0/16; address Net_10.60.0.0 10.60.0.0/16; address Net_10.70.0.0 10.70.0.0/16; address Net_10.8.0.0 10.8.0.0/16; address Net_10.80.0.0 10.80.0.0/16; address Net_10.9.0.0 10.9.0.0/16; address Net_10.90.0.0 10.90.0.0/16; address Net_10.12.0.0 10.12.0.0/16; address Net_10.14.7.0 10.14.7.0/24; address Net_10.56.0.0 10.56.0.0/16; address Nodo_Odebrecht_10.14.6.123 10.14.6.123/32; address Nodo_Odebrecht_10.14.6.124 10.14.6.124/32; address Nodo_Odebrecht_10.14.6.187 10.14.6.187/32; address OEC_10.14.6.193 10.14.6.193/32; address OEC_TFTP_10.120.200.20 10.120.200.20/32; address Ocs 10.1.250.145/32; address Red_Correo_Odebrecht 10.19.110.0/23; address Red_CONSOL_DORADA_10.14.86.0 10.14.86.0/23; address Red_CRDS_10.14.95.0 10.14.95.0/24; address Red_CRDS_10.14.96.0 10.14.96.0/24; address Serv_Correo.Odebrecht 10.19.111.38/32; address sisengodb 10.14.6.82/32; address Berrio_jun 10.14.47.0/24; address Red_10.158.0.0 10.158.0.0/16; address Red_10.176.0.0 10.176.0.0/12; address Red_10.119.0.0 10.119.0.0/16; address Red_10.126.0.0 10.126.0.0/16; address Otanche 10.14.100.0/24; address ocanadd 10.14.6.123/32; address PtoBoyacaPpal 10.14.48.0/23; address Boyaca2 10.14.50.0/24; address OyMBoyaca 10.14.52.0/24; address HelpdeskURA 10.120.201.0/24; address navelena 10.14.200.0/24; address Navelena_Bca 10.14.201.0/24; address VPN_PAN 10.14.40.0/23; address-set Grupo_OEC { address Net_10.1.0.0; address Net_10.100.0.0; address Net_10.121.0.0; address Net_10.122.0.0; address Net_10.124.0.0; address Net_10.152.0.0; address Net_10.154.0.0; address Net_10.156.0.0; address Net_10.16.0.0; address Net_10.160.0.0; address Net_10.18.0.0; address Net_10.19.0.0; address Net_10.192.0.0; address Net_10.2.0.0; address Net_10.20.0.0; address Net_10.22.0.0; address Net_10.24.0.0; address Net_10.26.0.0; address Net_10.28.0.0; address Net_10.30.0.0; address Net_10.32.0.0; address Net_10.4.0.0; address Net_10.40.0.0; address Net_10.44.0.0; address Net_10.50.0.0; address Net_10.60.0.0; address Net_10.70.0.0; address Net_10.8.0.0; address Net_10.80.0.0; address Net_10.9.0.0; address Net_10.90.0.0; address Net_10.14.6.0; address Net_10.14.8.0; address Net_10.118.0.0; address Net_10.120.0.0; address Red_CONSOL_DORADA_10.14.86.0; address Red_CRDS_10.14.96.0; address Red_CRDS_10.14.95.0; address Net_10.12.0.0; address Net_10.14.7.0; address Net_10.56.0.0; address Berrio_jun; address Red_10.158.0.0; address Red_10.176.0.0; address Red_10.119.0.0; address Red_10.126.0.0; address Otanche; address PtoBoyacaPpal; address Boyaca2; address OyMBoyaca; address HelpdeskURA; address navelena; address Navelena_Bca; address VPN_PAN; } } host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { reth4.0; } } security-zone VPN_odb { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { reth7.0; } } } } firewall { filter PCAP { term 1 { from { source-address { 190.66.21.35/32; } destination-address { 0.0.0.0/0; } destination-port [ imap smtp ]; } then { count pcap; accept; } } term allow-all-else { then accept; } } } access { profile remote_access_profile { client cperez { firewall-user { } } firewall-authentication { web-authentication { default-profile remote_access_profile; } } } applications { application AMI { protocol tcp; destination-port 5038; } application Antecedentes { protocol tcp; destination-port 2626; } application Apple { protocol tcp; destination-port 49505-49590; } application Asterisk_10050 { protocol tcp; destination-port 10050; } application Asterisk_10051 { protocol tcp; destination-port 10051; } application Asterisk_via { protocol tcp; destination-port 31100-31199; } application Banco_Bogota { protocol tcp; destination-port 4443; } application Claro { protocol tcp; destination-port 10040; } application Connected_Online { protocol tcp; destination-port 16384; } application Custom_TCP_1158 { protocol tcp; destination-port 1158; } application Custom_TCP_1299 { protocol tcp; destination-port 1299; } application Custom_TCP_1522 { protocol tcp; destination-port 1522; } application Custom_TCP_3000 { protocol tcp; destination-port 3000; } application Custom_TCP_3006 { protocol tcp; destination-port 3006; } application Custom_TCP_3101_BB { protocol tcp; destination-port 3101; } application Custom_UDP_3101_BB { protocol udp; destination-port 3101; } application Custom_TCP_3550 { protocol tcp; destination-port 3550; } application Custom_TCP_3650 { protocol tcp; destination-port 3650; } application Custom_TCP_4550 { protocol tcp; destination-port 4550; } application Custom_TCP_4848 { protocol tcp; destination-port 4848; } application Custom_TCP_5545 { protocol tcp; destination-port 5545; } application Custom_TCP_5547_5550 { protocol tcp; destination-port 5547-5550; } application Custom_TCP_6550 { protocol tcp; destination-port 6550; } application Custom_TCP_7300_7311 { protocol tcp; destination-port 7300-7311; } application Custom_TCP_7320_7329 { protocol tcp; destination-port 7320-7329; } application Custom_TCP_85 { protocol tcp; destination-port 85; } application Custom_UDP_1717 { protocol udp; destination-port 1717; } application Custom_UDP_3000 { protocol udp; destination-port 3000; } application DVR_CONSOL { protocol tcp; destination-port 9000; } application EPMAP_Sura { protocol tcp; destination-port 135; } application Equipos_Codim2 { protocol tcp; destination-port 1365; } application Fondo_Nacional { protocol tcp; destination-port 8081; } application Fondo_Nacional2 { protocol tcp; destination-port 8444; } application GPSVolquetasCONSOL { protocol tcp; destination-port 89; } application Grupo_Red { protocol tcp; destination-port 9090; } application Interrapidisimo { protocol tcp; destination-port 8002; } application Jamlogic_Paneles1 { protocol tcp; destination-port 800; } application Jamlogic_Paneles2 { protocol tcp; destination-port 808; } application LDAP_SSL { protocol tcp; destination-port 636; } application LYNC_FE_TCP { protocol tcp; destination-port 50000-59999; } application LYNC_FE_UDP { protocol udp; destination-port 50000-59999; } application LYNC_SIP { protocol udp; destination-port 3478; } application LYNC_ASTERISK { protocol tcp; destination-port 5068; } application LYNC3 { protocol tcp; destination-port 5062; } application LYNC_CONFERENCE { protocol tcp; destination-port 5061; } application LYNC_MOBILE { protocol tcp; destination-port 5089; } application LYNC_WEB { protocol tcp; destination-port 442; } application LYNCDISCOVER1 { protocol tcp; destination-port 5087; } application LYNCDISCOVER2 { protocol tcp; destination-port 5096; } application Mail_Servi_Hoteles { protocol tcp; destination-port 2095; } application Maq_39998 { protocol tcp; destination-port 39998; } application Maq_39999 { protocol tcp; destination-port 39999; } application Maquinaria_Puerto_Salgar { protocol tcp; destination-port 40000; } application O2_7777 { protocol tcp; destination-port 7777; } application OpenWindows { protocol tcp; destination-port 2000; } application Owa_Lync { protocol tcp; destination-port 3800; } application Pet { protocol tcp; destination-port 2082; } application Planeta_Radio { protocol tcp; destination-port 8130; } application Planta_Telefonica { protocol tcp; destination-port 33300-33900; } application Port_2048 { protocol tcp; destination-port 2048; } application Port_6667_trojans { protocol tcp; destination-port 6667; } application Puerto1_GasolinaU { protocol udp; destination-port 39998; } application Puerto2_GasolinaU { protocol tcp; destination-port 39999; } application Puerto3_GasolinaU { protocol tcp; destination-port 8000; } application Puerto8000 { protocol tcp; destination-port 8000; } application SenaSofia { protocol tcp; destination-port 18080-18100; } application SenaSofia2 { protocol tcp; destination-port 18081; } application SenaSofia3 { protocol tcp; destination-port 18082; } application Speed_Solution { protocol tcp; destination-port 82; } application Speed_Solution2 { protocol tcp; destination-port 10001; } application Supernotariado_7010 { protocol tcp; destination-port 7010; } application Sura { protocol tcp; destination-port 58080; } application Suramericana { protocol tcp; destination-port 13256; } application Suramericana_UDP { protocol udp; destination-port 4104; } application Suramericana2 { protocol tcp; destination-port 5222; } application Suramericana3 { protocol tcp; destination-port 4104; } application TCP1718 { protocol tcp; destination-port 1718; } application UA_CS { protocol udp; destination-port 32640; } application UA_PHONE { protocol udp; destination-port 32512; } application UDP_2048 { protocol udp; destination-port 2048; } application UDP_40000 { protocol tcp; destination-port 40000; } application Ucentral { protocol tcp; destination-port 7778; } application conprosweb { protocol tcp; destination-port 8443; } application educacion { protocol tcp; destination-port 8900; } application movilidad2_bogota { protocol tcp; destination-port 8087; } application movilidad_bogota { protocol tcp; destination-port 8083; } application pcvargas { protocol tcp; destination-port 81; } application plantas1 { protocol tcp; destination-port 1717; } application plantas2 { protocol tcp; destination-port 10000; } application procuraduria { protocol tcp; destination-port 8086; } application wbmconpros_2096 { protocol tcp; destination-port 2096; } application SNMP { protocol udp; destination-port 161; } application HTTP_PROXY { protocol tcp; destination-port 8080; } application SMTP_AUTH { protocol tcp; destination-port 587; } application SMTPS { protocol tcp; destination-port 465; } application POP3S { protocol tcp; destination-port 995; } application ZeroNine { protocol tcp; destination-port 8180; } application Napster_directory_8888_primary { protocol tcp; destination-port 8888; } application SkyDance_T { protocol tcp; destination-port 4000; } application ICQ_Locator { protocol udp; destination-port 4000; } application sqd { protocol tcp; destination-port 9010; } application shd { protocol tcp; destination-port 8503; } application test_1101 { protocol tcp; destination-port 2083; } application umin { protocol tcp; destination-port 8501; } application pushccvs { protocol tcp; destination-port 8787; } application pushultrack { protocol tcp; destination-port 8686; } application TeamViewer { protocol tcp; destination-port 5938; } application MySQL { protocol tcp; destination-port 3306; } application sqlnet2-1526 { application-protocol sqlnet-v2; protocol tcp; destination-port 1526; } application archie { protocol udp; destination-port 1525; } application RDP { protocol tcp; destination-port 3389; } application sqlnet2-1525 { application-protocol sqlnet-v2; protocol tcp; destination-port 1525; } application iMesh { protocol tcp; destination-port 5000; } application RTP_PORTS { protocol udp; destination-port 10000-20000; } application TCP_HIGH { protocol tcp; destination-port 1023-65535; } application TCP_8090 { protocol tcp; destination-port 8090; } application UDP_HIGH { protocol udp; destination-port 1023-65535; } application policia { protocol tcp; destination-port 7003-7005; description "antecedentes polinal "; } application Supertransporte { protocol tcp; destination-port 6006; description supertransporte; } application WsDataRX { protocol tcp; destination-port 9001; description "Puerto para TxDx datos peajes"; } application Telepeaje { protocol tcp; destination-port 3005; description "Puertos para TxRx Telepeaje"; } application tcp-highports { protocol tcp; destination-port 1024-65535; } application WsData2 { protocol tcp; destination-port 9100; } application DinnerApp { protocol tcp; destination-port 4370; } application softalim1 { protocol tcp; destination-port 1433; } application softalim2 { protocol udp; destination-port 1434; } application softalim3 { protocol tcp; destination-port 5007; } application LYNC_SHARE_TCP { protocol tcp; destination-port 1024-65335; } application its1 { protocol tcp; destination-port 9003; } application its2 { protocol tcp; destination-port 9004; } application PuertoKw1 { protocol tcp; destination-port 3388; } application PuertoKw_3389 { protocol tcp; destination-port 3389; } application Porvenir_9443 { protocol tcp; destination-port 9443; } application nuevaeps { protocol tcp; destination-port 7779; } application-set Telefonia_CRDS_Consol { application TCP1718; application plantas1; application plantas2; application Planta_Telefonica; application junos-h323; application junos-sip; application junos-ntp; application LYNC_SIP; application junos-ftp; application OpenWindows; application SNMP; application RTP_PORTS; application TCP_HIGH; application UDP_HIGH; } application-set GrupoPuertosUsers { application junos-ssh; application junos-ms-sql; application junos-sql-monitor; application MySQL; application junos-sqlnet-v1; application junos-sqlnet-v2; application sqlnet2-1525; application sqlnet2-1526; application junos-icmp-all; application junos-nntp; application junos-ntp; application junos-ymsg; application junos-telnet; application junos-pop3; application OpenWindows; application Planta_Telefonica; application junos-bootpc; application junos-bootps; application Supertransporte; application its1; application its2; application Porvenir_9443; application nuevaeps; } application-set Peajes_Servicios { application Custom_TCP_1158; application Custom_TCP_3000; application Custom_UDP_3000; application Custom_TCP_3006; application Custom_TCP_3650; application Custom_TCP_7300_7311; application Custom_TCP_7320_7329; application Custom_TCP_6550; application Custom_TCP_5545; application Custom_TCP_85; application Custom_TCP_4550; application Custom_TCP_5547_5550; application Custom_TCP_3550; application Custom_TCP_4848; application Custom_TCP_1522; application junos-sqlnet-v1; application junos-sqlnet-v2; application junos-icmp-all; application junos-ssh; application iMesh; application HTTP_PROXY; application WsDataRX; application Telepeaje; application WsData2; } } schedulers { scheduler Happy_Hour { daily { start-time 12:00:00 stop-time 14:00:00; } } } {primary:node1}