unset key protection enable
set clock dst-off
set clock ntp
set clock timezone -6
set clock dst recurring start-weekday 2 0 3 02:00 end-weekday 1 0 11 02:00
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
exit
set vrouter name "ISP2" id 1025 sharable
set vrouter "ISP2"
unset auto-route-export
set preference nhrp 100
set preference ospf-e2 254
exit
set service "HTTP" timeout 6 
unset alg sip enable
unset alg mgcp enable
unset alg sccp enable
unset alg sunrpc enable
unset alg msrpc enable
unset alg sql enable
unset alg appleichat enable
unset alg appleichat re-assembly enable
unset alg h323 enable
unset alg sctp enable
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set auth radius accounting port 1646
set admin name "netscreen"
set admin auth web timeout 10
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone id 1000 "Untrust2"
set zone "Untrust2" vrouter "ISP2"
set zone id 1001 "Trust2"
set zone "Trust2" vrouter "ISP2"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst 
set zone "Untrust" block 
unset zone "Untrust" tcp-rst 
unset zone "V1-Trust" tcp-rst 
unset zone "V1-Untrust" tcp-rst 
set zone "DMZ" tcp-rst 
unset zone "V1-DMZ" tcp-rst 
unset zone "VLAN" tcp-rst 
set zone "Untrust2" block 
unset zone "Untrust2" tcp-rst 
unset zone "Trust2" tcp-rst 
set zone "Trust" screen limit-session source-ip-based
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set zone "Trust2" screen limit-session source-ip-based
set zone "Trust" screen limit-session source-ip-based 1152
set zone "Trust2" screen limit-session source-ip-based 1152
set interface "ethernet3/1" zone "Untrust"
set interface "ethernet3/2" zone "Untrust2"
set interface "ethernet4/1" zone "HA"
set interface "ethernet4/2" zone "HA"
set interface "ethernet1/1" zone "Trust"
set interface "ethernet1/2" zone "Trust2"
set interface "ethernet2/1" zone "DMZ"
unset interface vlan1 ip
set interface mgt ip 172.16.0.2/24
set interface ethernet3/1 ip 163.145.119.215/28
set interface ethernet3/1 route
set interface ethernet3/2 ip 90.145.137.100/27
set interface ethernet3/2 route
set interface ethernet1/1 ip 172.17.0.129/24
set interface ethernet1/1 route
set interface ethernet1/2 ip 172.17.0.140/24
set interface ethernet1/2 route
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet3/2 manage-ip 90.145.137.98
set interface ethernet3/1 ip manageable
set interface ethernet3/2 ip manageable
set interface ethernet1/1 ip manageable
set interface ethernet1/2 ip manageable
unset interface mgt g-arp
unset interface ethernet1/1 manage ssl
set interface ethernet1/2 manage ping
set interface ethernet1/2 manage ssh
set interface ethernet1/2 manage telnet
set interface ethernet1/2 manage snmp
set interface ethernet1/2 manage web
set interface ethernet3/1 manage ping
set interface ethernet3/2 manage ping
set interface ethernet3/2 monitor track-ip ip
set interface ethernet3/2 monitor track-ip ip 90.145.137.97 interval 3
set interface ethernet3/2 monitor track-ip ip 90.145.137.97 time-out 2
set interface ethernet3/2 monitor track-ip ip 90.145.137.97 threshold 4
unset interface ethernet3/2 monitor track-ip dynamic
set interface ethernet1/1 ntp-server
set interface ethernet2/1 disable
set interface ethernet2/2 disable
unset flow no-tcp-seq-check
set flow tcp-syn-check
unset flow tcp-syn-bit-check
set flow reverse-route clear-text prefer
set flow reverse-route tunnel always
set hostname Frewall
set dbuf usb filesize 0
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set nsrp cluster id 1
set nsrp cluster name satnet
set nsrp rto-mirror sync
set nsrp rto-mirror route
set nsrp rto-mirror session ageout-ack
set nsrp rto-mirror session non-vsi
set nsrp vsd-group id 0 priority 5
set nsrp vsd-group id 0 preempt
set nsrp secondary-path ethernet3/1
set nsrp ha-link probe
set dns host dns2 0.0.0.0
set dns host dns3 0.0.0.0
set address "Trust" "10.15.0.0/16" 10.15.0.0 255.255.0.0
set address "Trust" "172.17.0.0/24" 172.17.0.0 255.255.255.0
set address "Trust" "172.29.0.0/16" 172.29.0.0 255.255.0.0
set address "Trust" "172.30.0.0/16" 172.30.0.0 255.255.0.0
set address "Trust" "172.31.0.0/16" 172.31.0.0 255.255.0.0
set address "Trust" "172.32.0.0/16" 172.32.0.0 255.255.0.0
set address "Untrust" "190.177.155.235/32" 190.177.155.235 255.255.255.255
set address "Trust2" "10.50.50.1/32" 10.50.50.1 255.255.255.255
set address "Trust2" "172.17.0.0/25" 172.17.0.0 255.255.255.128
set address "Trust2" "172.17.0.60/32" 172.17.0.60 255.255.255.255
set address "Trust2" "172.31.0.0/16" 172.31.0.0 255.255.0.0
set address "Trust2" "172.32.0.0/16" 172.32.0.0 255.255.0.0
set crypto-policy
exit
set ike respond-bad-spi 1
set ike ikev2 ike-sa-soft-lifetime 60
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set icap av-vendor-id symantec-5
set url protocol websense
exit
set policy id 1 name "NAT-Global" from "Trust" to "Untrust"  "Any" "Any" "ANY" nat src permit 
set policy id 1
exit
set policy id 5 from "Trust2" to "Untrust2"  "Any" "Any" "ANY" nat src permit 
set policy id 5
exit
set policy id 6 name "Nat_Backup" from "Trust2" to "Untrust"  "Any" "Any" "ANY" nat src permit 
set policy id 6
exit
set policy id 7 from "Trust" to "Trust2"  "Any" "Any" "ANY" permit 
set policy id 7
exit
set policy id 8 from "Trust2" to "Trust"  "Any" "Any" "ANY" permit 
set policy id 8
exit
set log module system level emergency destination console
set log module system level alert destination console
set log module system level error destination console
set log module system level warning destination console
set log module system level notification destination console
set log module system level information destination console
set log module system level debugging destination console
unset log module system level critical destination internal
unset log module system level critical destination email
unset log module system level critical destination snmp
unset log module system level critical destination syslog
unset log module system level critical destination webtrends
set log module system level error destination webtrends
set log module system level warning destination webtrends
set log module system level information destination webtrends
set log module system level debugging destination webtrends
unset log module system level critical destination NSM
unset log module system level emergency destination usb
unset log module system level alert destination usb
unset log module system level critical destination usb
unset log module system level error destination usb
unset log module system level warning destination usb
unset log module system level notification destination usb
unset log module system level information destination usb
unset log module system level debugging destination usb
unset log module system level critical destination pcmcia
set nsmgmt bulkcli reboot-timeout 60
set ssh version v2
set config lock timeout 5
unset license-key auto-update
set telnet client enable
set ntp server "173.49.198.27"
set ntp server src-interface "ethernet3/1"
set ntp "no-ha-sync"

set snmp name "Frewall"
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
set source-routing enable
unset add-default-route
set route 172.32.0.0/16 interface ethernet1/1 gateway 172.17.0.14 permanent
set route 10.15.0.0/16 interface ethernet1/1 gateway 172.17.0.55 permanent
set route 172.29.0.0/16 interface ethernet1/1 gateway 172.17.0.11 permanent
set route 172.30.0.0/16 interface ethernet1/1 gateway 172.17.0.12 permanent
set route 0.0.0.0/0 interface ethernet3/1 gateway 163.145.119.209 permanent
set match-group name Prueba29
set action-group name prueba29
set pbr policy name Prueba29
exit
set vrouter "ISP2"
set source-routing enable
set sibr-routing enable
set route 172.31.0.0/16 interface ethernet1/2 gateway 172.17.0.13 permanent
set route 172.32.0.0/16 interface ethernet1/2 gateway 172.17.0.14 permanent
set route 0.0.0.0/0 interface ethernet3/2 gateway 90.145.137.97 permanent
exit
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit
set vrouter "ISP2"
exit