## Last commit: 2024-03-13 21:49:51 UTC by admin version 20.2R3-S2.5; system { host-name 66001vpn01; root-authentication { encrypted-password "$6$wTJeE1ZM$DQ3ZeS6iEzoh5fYw9Y4qXpseqy.U6OK997KFoYC4Gj1OUsVZVeYsrCafsrbYY3xcu4XeM0Lm7c1ev.wIkziDV0"; ## SECRET-DATA } login { retry-options { tries-before-disconnect 3; backoff-threshold 3; maximum-time 30; lockout-period 5; } class Network_Admin { idle-timeout 10; permissions all; } class Operator { idle-timeout 10; permissions [ view view-configuration ]; } user IA_ACAS { full-name IA_ACAS; uid 2000; class read-only; authentication { encrypted-password "$1$3XSRxRld$R9PIgaHMuT83QPlIJS3uJ."; ## SECRET-DATA } } user OP { uid 2004; class Operator; } user RO { uid 2005; class read-only; } user SU { uid 2006; class Network_Admin; } user admin { uid 2001; class super-user; authentication { encrypted-password "$6$wTJeE1ZM$DQ3ZeS6iEzoh5fYw9Y4qXpseqy.U6OK997KFoYC4Gj1OUsVZVeYsrCafsrbYY3xcu4XeM0Lm7c1ev.wIkziDV0"; ## SECRET-DATA } } user remote { uid 2003; class Network_Admin; } } services { ssh { root-login allow; protocol-version v2; ciphers [ aes256-ctr aes192-ctr ]; hostkey-algorithm { ssh-dss; ## Warning: 'ssh-dss' is deprecated ssh-ed25519; } } xnm-clear-text; web-management { https { system-generated-certificate; interface ge-0/0/1.0; } } } domain-name shark.cage; domain-search shark.cage; time-zone UTC; no-multicast-echo; no-redirects; no-ping-record-route; no-ping-time-stamp; no-saved-core-context; internet-options { icmpv4-rate-limit packet-rate 50; icmpv6-rate-limit packet-rate 50; no-source-quench; tcp-reset-syn-acknowledge; tcp-drop-synfin-set; no-tcp-rfc1323; no-tcp-rfc1323-paws; } authentication-order [ radius password ]; name-server { 30.80.19.25; 30.80.19.26; } radius-server { 30.80.19.26 { secret "$9$i.TFpu1IRc9AclMWdVFn6/t0O1RlvLEhaZGDq.P5Qz9p0OR"; ## SECRET-DATA source-address 30.80.255.1; } } syslog { archive size 100k files 3; user * { security warning; firewall warning; } host 30.80.19.12 { any error; authorization info; daemon warning; security alert; kernel warning; dfc warning; external warning; firewall alert; pGERMANY warning; change-log warning; } file accepted-traffic { any info; security warning; firewall any; match RT_FLOW_SESSION_CREATE; } file blocked-traffic { security warning; user warning; firewall warning; match RT_FLOW_SESSION_DENY; } file interactive-commands { interactive-commands any; } file messages { any critical; authorization info; } file ipsec_traffic { security warning; firewall warning; match IPSEC; } file kmd-logs { daemon info; match KMD; } file Denied-Traffic { match RT_FLOW; } } max-configurations-on-flash 20; max-configuration-rollbacks 49; archival { configuration { transGERMANYr-on-commit; archive-sites { "scp://username@FQDNofNFS:/pathToFiles"; } } } license { autoupdate; } ntp { server 40.20.29.1 preGERMANYr; server 40.20.29.62; source-address 30.80.255.1; } } security { log { mode event; source-address 30.21.41.1; stream Syslog_server { severity warning; format syslog; host { 20.50.39.12; } } } screen { ids-option untrust-screen { icmp { ip-sweep threshold 1024; ping-death; } ip { source-route-option; tear-drop; } tcp { port-scan threshold 4096; syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; timeout 20; } land; tcp-sweep threshold 1024; } udp { flood { threshold 1000; } udp-sweep threshold 2048; } } } policies { from-zone trust to-zone untrust { policy trust-to-untrust { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone trust to-zone trust { policy trust-to-trust { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone GRE-HAWAII to-zone GRE-HAWAII { policy HAWAII-DEN { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone untrust to-zone untrust { policy untrust-untrust { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone untrust to-zone trust { policy default-deny { match { source-address any; destination-address any; application any; } then { permit; log { session-init; } } } } from-zone GRE-GERMANY to-zone trust { policy GERMANY-DEN { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone trust to-zone GRE-GERMANY { policy GERMANY-DEN { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone GRE-GERMANY to-zone GRE-GERMANY { policy GERMANY-DEN { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone GRE-HAWAII to-zone trust { policy HAWAII-DEN { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone trust to-zone GRE-HAWAII { policy HAWAII-DEN { match { source-address any; destination-address any; application any; } then { permit; } } } global { policy default-deny { match { source-address any; destination-address any; application any; } then { permit; log { session-init; } } } } } zones { security-zone trust { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { irb.0; lo0.0; ge-0/0/1.0 { host-inbound-traffic { system-services { all; } protocols { all; } } } } application-tracking; } security-zone untrust { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { ge-0/0/0.0 { host-inbound-traffic { system-services { all; } protocols { all; } } } } application-tracking; } security-zone GRE-GERMANY { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { gr-0/0/0.1 { host-inbound-traffic { system-services { all; } protocols { all; } } } } application-tracking; } security-zone GRE-HAWAII { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { gr-0/0/0.2 { host-inbound-traffic { system-services { all; } protocols { all; } } } } application-tracking; } } } interfaces { ge-0/0/0 { speed 100m; link-mode full-duplex; no-gratuitous-arp-request; gigether-options { no-auto-negotiation; } unit 0 { description "<=== UPLINK ===>"; family inet { address 182.86.1.6/30; } } } gr-0/0/0 { unit 0 { family inet; } unit 1 { description "<== Tunnel to GERMANY .7 ==>"; tunnel { source 182.86.1.6; destination 132.138.7.2; } family inet { address 142.5.0.6/30; } } unit 2 { description "<== Tunnel to HAWAII .30==>"; tunnel { source 182.86.1.6; destination 132.138.0.7; } family inet { address 142.3.0.6/30; } } } ge-0/0/1 { no-gratuitous-arp-request; unit 0 { description "<=== Uplink to CORE SWITCH ===>"; family inet { address 1.1.1.1/30; } } } ge-0/0/2 { description "<=== UNUSED ===>"; disable; } ge-0/0/3 { description "<=== UNUSED ===>"; disable; } ge-0/0/4 { description "<=== UNUSED ===>"; disable; } ge-0/0/5 { description "<=== UNUSED ===>"; disable; } ge-0/0/6 { description "<=== UNUSED ===>"; disable; } ge-0/0/7 { description "<=== UNUSED ===>"; disable; } ge-0/0/8 { description "<=== UNUSED ===>"; disable; } ge-0/0/9 { description "<=== UNUSED ===>"; disable; } ge-0/0/10 { description "<=== UNUSED ===>"; disable; } ge-0/0/11 { description "<=== UNUSED ===>"; disable; } ge-0/0/12 { description "<=== UNUSED ===>"; disable; } ge-0/0/13 { description "<=== UNUSED ===>"; disable; } ge-0/0/14 { description "<=== UNUSED ===>"; disable; } ge-0/0/15 { description "<=== UNUSED ===>"; disable; } fxp0 { unit 0 { family inet { address 192.168.100.2/24; } } } irb { unit 0; } lo0 { unit 0 { family inet { address 20.13.255.1/32; } } } } forwarding-options { helpers { tftp { server 30.40.39.10; interface { irb.0; ge-0/0/1.0; irb.3; } } } } policy-options { policy-statement ALL_STATIC { term 1 { from protocol static; then accept; } } } firewall { filter port-mirror { term SPAN { from { source-address { 0.0.0.0/0; } } then { port-mirror; accept; } } } } vlans { vlan-trust { vlan-id 3; l3-interface irb.0; } } protocols { oam { gre-tunnel { interface gr-0/0/0 { keepalive-time 10; hold-time 30; } } } ospf { area 0.0.0.0 { interface gr-0/0/0.1 { interface-type p2p; } interface gr-0/0/0.2 { interface-type p2p; } interface lo0.0; } area 0.0.0.1 { stub; area-range 20.1.0.0/16; interface ge-0/0/1.0 { interface-type p2p; } } export ALL_STATIC; } } routing-options { static { route 0.0.0.0/0 next-hop 182.46.1.4; route 20.13.24.0/27 next-hop 40.31.1.1; route 20.31.99.0/26 next-hop 40.31.1.1; route 30.13.255.4/32 next-hop 40.51.1.1; } router-id 10.1.255.1; } admin@66001vpn01>