unset key protection enable
set clock ntp
set clock timezone -5
set clock dst recurring start-weekday 2 0 3 02:00 end-weekday 1 0 11 02:00
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
exit
set service "CAMERA8089" protocol tcp src-port 0-65535 dst-port 8089-8089 
set service "Remote Desktop 3389" protocol tcp src-port 0-65535 dst-port 3389-3389 
set service "Int Router MGMT 8090" protocol tcp src-port 0-65535 dst-port 8090-8090 
set service "44443" protocol tcp src-port 0-65535 dst-port 44443-44443 
set service "44444" protocol tcp src-port 0-65535 dst-port 44444-44444 
set service "sm webservice" protocol tcp src-port 0-65535 dst-port 800-800 
set service "VPN" protocol udp src-port 0-65535 dst-port 64033-64033 
set service "HTTP81" protocol tcp src-port 0-65535 dst-port 81-81 
set alg appleichat enable
unset alg appleichat re-assembly enable
set alg sctp enable
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth-server "EDS" id 1
set auth-server "EDS" server-name "10.66.0.40"
set auth-server "EDS" account-type auth 
set auth-server "EDS" type ldap
set auth-server "EDS" ldap port 1389
set auth-server "EDS" ldap cn "uid"
set auth-server "EDS" ldap dn "ou=internal,dc=obfsuscateconsulting,dc=com"
set auth default auth server "Local"
set auth radius accounting port 1646
set scheduler "onetime" recurrent monday start 10:0 stop 16:0
set scheduler "onetime" recurrent tuesday start 10:0 stop 16:0
set scheduler "onetime" recurrent wednesday start 10:0 stop 16:0
set scheduler "onetime" recurrent thursday start 10:0 stop 16:0
set scheduler "onetime" recurrent friday start 10:0 stop 16:0
set scheduler "onetime" recurrent saturday start 8:0 stop 16:0
set admin name "obfsuscate"
set admin password "nNGsFMrQANmMcNXJisUCFxPtpYsdfsdgdghdsMdvn"
set admin port 8090
set admin http redirect
set admin auth web timeout 30
set admin auth dial-in timeout 3
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "untrust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst 
set zone "Untrust" block 
unset zone "Untrust" tcp-rst 
set zone "MGT" block 
unset zone "V1-Trust" tcp-rst 
unset zone "V1-Untrust" tcp-rst 
set zone "DMZ" tcp-rst 
unset zone "V1-DMZ" tcp-rst 
unset zone "VLAN" tcp-rst 
set zone "Trust" screen alarm-without-drop
set zone "Trust" screen on-tunnel
set zone "Trust" screen icmp-flood
set zone "Trust" screen udp-flood
set zone "Trust" screen winnuke
set zone "Trust" screen port-scan
set zone "Trust" screen ip-sweep
set zone "Trust" screen tear-drop
set zone "Trust" screen syn-flood
set zone "Trust" screen ip-spoofing
set zone "Trust" screen ping-death
set zone "Trust" screen ip-filter-src
set zone "Trust" screen land
set zone "Trust" screen syn-frag
set zone "Trust" screen tcp-no-flag
set zone "Trust" screen unknown-protocol
set zone "Trust" screen ip-bad-option
set zone "Trust" screen ip-record-route
set zone "Trust" screen ip-timestamp-opt
set zone "Trust" screen ip-security-opt
set zone "Trust" screen ip-loose-src-route
set zone "Trust" screen ip-strict-src-route
set zone "Trust" screen ip-stream-opt
set zone "Trust" screen icmp-fragment
set zone "Trust" screen icmp-large
set zone "Trust" screen syn-fin
set zone "Trust" screen fin-no-ack
set zone "Trust" screen limit-session source-ip-based
set zone "Trust" screen syn-ack-ack-proxy
set zone "Trust" screen block-frag
set zone "Trust" screen limit-session destination-ip-based
set zone "Trust" screen component-block zip
set zone "Trust" screen component-block jar
set zone "Trust" screen component-block exe
set zone "Trust" screen component-block activex
set zone "Trust" screen icmp-id
set zone "Trust" screen ip-spoofing drop-no-rpf-route
set zone "Untrust" screen alarm-without-drop
set zone "Untrust" screen on-tunnel
set zone "Untrust" screen icmp-flood
set zone "Untrust" screen udp-flood
set zone "Untrust" screen winnuke
set zone "Untrust" screen port-scan
set zone "Untrust" screen ip-sweep
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ip-spoofing
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "Untrust" screen syn-frag
set zone "Untrust" screen tcp-no-flag
set zone "Untrust" screen unknown-protocol
set zone "Untrust" screen ip-bad-option
set zone "Untrust" screen ip-record-route
set zone "Untrust" screen ip-timestamp-opt
set zone "Untrust" screen ip-security-opt
set zone "Untrust" screen ip-loose-src-route
set zone "Untrust" screen ip-strict-src-route
set zone "Untrust" screen ip-stream-opt
set zone "Untrust" screen icmp-fragment
set zone "Untrust" screen icmp-large
set zone "Untrust" screen syn-fin
set zone "Untrust" screen fin-no-ack
set zone "Untrust" screen limit-session source-ip-based
set zone "Untrust" screen syn-ack-ack-proxy
set zone "Untrust" screen block-frag
set zone "Untrust" screen limit-session destination-ip-based
set zone "Untrust" screen component-block zip
set zone "Untrust" screen component-block jar
set zone "Untrust" screen component-block exe
set zone "Untrust" screen component-block activex
set zone "Untrust" screen icmp-id
set zone "Untrust" screen tcp-sweep
set zone "Untrust" screen udp-sweep
set zone "Untrust" screen ip-spoofing drop-no-rpf-route
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set zone "DMZ" screen alarm-without-drop
set zone "DMZ" screen on-tunnel
set zone "DMZ" screen icmp-flood
set zone "DMZ" screen udp-flood
set zone "DMZ" screen winnuke
set zone "DMZ" screen port-scan
set zone "DMZ" screen ip-sweep
set zone "DMZ" screen tear-drop
set zone "DMZ" screen syn-flood
set zone "DMZ" screen ip-spoofing
set zone "DMZ" screen ping-death
set zone "DMZ" screen ip-filter-src
set zone "DMZ" screen land
set zone "DMZ" screen syn-frag
set zone "DMZ" screen tcp-no-flag
set zone "DMZ" screen unknown-protocol
set zone "DMZ" screen ip-bad-option
set zone "DMZ" screen ip-record-route
set zone "DMZ" screen ip-timestamp-opt
set zone "DMZ" screen ip-security-opt
set zone "DMZ" screen ip-loose-src-route
set zone "DMZ" screen ip-strict-src-route
set zone "DMZ" screen ip-stream-opt
set zone "DMZ" screen icmp-fragment
set zone "DMZ" screen icmp-large
set zone "DMZ" screen syn-fin
set zone "DMZ" screen fin-no-ack
set zone "DMZ" screen limit-session source-ip-based
set zone "DMZ" screen syn-ack-ack-proxy
set zone "DMZ" screen block-frag
set zone "DMZ" screen limit-session destination-ip-based
set zone "DMZ" screen component-block zip
set zone "DMZ" screen component-block jar
set zone "DMZ" screen component-block exe
set zone "DMZ" screen component-block activex
set zone "DMZ" screen icmp-id
set zone "DMZ" screen tcp-sweep
set zone "DMZ" screen udp-sweep
set zone "DMZ" screen ip-spoofing drop-no-rpf-route
set interface "ethernet0/0" zone "Untrust"
set interface "ethernet0/1" zone "DMZ"
set interface "bgroup0" zone "Trust"
set interface "bgroup1" zone "Trust"
set interface bgroup0 port ethernet0/2
set interface bgroup1 port ethernet0/4
unset interface vlan1 ip
set interface ethernet0/0 ip 170.21.51.83/24
set interface ethernet0/0 route
set interface ethernet0/1 ip 10.1.2.1/24
set interface ethernet0/1 nat
set interface bgroup0 ip 10.1.1.1/24
set interface bgroup0 nat
set interface bgroup1 ip 10.66.0.1/24
set interface bgroup1 nat
set interface "ethernet0/0" pmtu ipv4
set interface "ethernet0/1" pmtu ipv4
set interface "bgroup0" pmtu ipv4
set interface "bgroup1" pmtu ipv4
set interface ethernet0/1 proxy dns
set interface bgroup0 proxy dns
set interface bgroup1 proxy dns
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
unset interface ethernet0/0 ip manageable
set interface ethernet0/1 ip manageable
set interface bgroup0 ip manageable
set interface bgroup1 ip manageable
set interface ethernet0/0 manage ping
set interface ethernet0/0 manage ssh
set interface ethernet0/0 manage telnet
set interface ethernet0/0 manage snmp
set interface ethernet0/0 manage ssl
set interface ethernet0/0 manage web
set interface ethernet0/0 manage ident-reset
set interface ethernet0/1 manage ssh
set interface ethernet0/1 manage telnet
set interface ethernet0/1 manage snmp
set interface ethernet0/1 manage ssl
set interface ethernet0/1 manage web
set interface ethernet0/1 manage ident-reset
set interface bgroup0 manage ident-reset
set interface bgroup0 manage mtrace
set interface bgroup1 manage ident-reset
set interface bgroup1 monitor track-ip ip
unset interface bgroup1 monitor track-ip dynamic
set auth-server "EDS" src-interface "bgroup1"
set interface bgroup1 protocol igmp router
set interface bgroup1 protocol igmp proxy
set interface bgroup1 protocol igmp proxy always
set interface bgroup1 protocol igmp no-check-subnet
set interface bgroup1 protocol igmp no-check-router-alert
set interface bgroup1 protocol igmp enable
set interface ethernet0/0 protocol vrrp
set interface ethernet0/0 vip interface-ip 81 "HTTP81" 10.1.2.4
set interface ethernet0/0 vip interface-ip 80 "HTTP" 10.66.0.40
set interface ethernet0/1 dhcp server service
set interface bgroup0 dhcp server service
set interface bgroup1 dhcp server service
set interface ethernet0/1 dhcp server enable
set interface bgroup0 dhcp server enable
set interface bgroup1 dhcp server auto
set interface ethernet0/1 dhcp server option lease 1440000 
set interface ethernet0/1 dhcp server option gateway 10.1.2.1 
set interface ethernet0/1 dhcp server option dns1 51.23.0.84 
set interface ethernet0/1 dhcp server option dns2 11.17.10.18 
set interface bgroup0 dhcp server option lease 1440000 
set interface bgroup0 dhcp server option gateway 10.1.1.1 
set interface bgroup0 dhcp server option dns1 51.23.0.84 
set interface bgroup0 dhcp server option dns2 11.17.10.18 
set interface bgroup1 dhcp server option lease 1440000 
set interface bgroup1 dhcp server option gateway 10.66.0.1 
set interface bgroup1 dhcp server option dns1 51.23.0.84 
set interface bgroup1 dhcp server option dns2 11.17.10.18 
set interface bgroup0 dhcp server ip 10.1.1.100 to 10.1.1.200 
set interface bgroup1 dhcp server ip 10.66.0.100 to 10.66.0.200 
set interface ethernet0/1 dhcp server config next-server-ip
set interface bgroup0 dhcp server config next-server-ip
set interface bgroup1 dhcp server config next-server-ip
set interface bgroup1 ntp-server
set interface "serial0/0" modem settings "USR" init "AT&F"
set interface "serial0/0" modem settings "USR" active
set interface "serial0/0" modem speed 115200
set interface "serial0/0" modem retry 3
set interface "serial0/0" modem interval 10
set interface "serial0/0" modem idle-time 10
set flow tcp-mss
unset flow tcp-syn-check
unset flow tcp-syn-bit-check
set flow reverse-route clear-text prefer
set flow reverse-route tunnel always
set domain obfsuscateconsulting.com
set hostname waltham
set webauth server "EDS"
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set pki x509 dn state-name "MA"
set pki x509 dn local-name "Middlesex"
set pki x509 dn org-name "obfsuscate Consulting Group Inc"
set pki x509 dn org-unit-name "Consulting"
set pki x509 dn name "obfsuscate Consulting"
set pki x509 dn phone "781 522 7452"
set pki x509 dn email "corp@obfsuscateconsulting.com"
set pki x509 dn ip 0.0.0.0
set pki x509 cert-fqdn www.obfsuscateconsulting.com
set dns host dns1 51.23.0.84 src-interface ethernet0/0
set dns host dns2 11.17.10.18 src-interface ethernet0/0
set dns host dns3 0.0.0.0
set dns host schedule 06:28
set address "Trust" "10.1.1.0/24" 10.1.1.0 255.255.255.0
set address "Trust" "10.1.1.100/32" 10.1.1.100 255.255.255.255
set address "Trust" "10.1.2.0/24" 10.1.2.0 255.255.255.0
set address "Trust" "10.2.1.4/32" 10.2.1.4 255.255.255.255
set address "Trust" "10.66.0.0/24" 10.66.0.0 255.255.255.0
set address "Trust" "10.66.0.1/32" 10.66.0.1 255.255.255.255
set address "Trust" "10.66.0.101" 10.66.0.101 255.255.255.255
set address "Trust" "10.66.0.40/32" 10.66.0.40 255.255.255.255
set address "Untrust" "10.66.0.0/24" 10.66.0.0 255.255.255.0
set address "Untrust" "sprint" 12.41.40.70 255.255.255.255
set address "DMZ" "10.1.2.4" 10.1.2.4 255.255.255.255
set address "DMZ" "10.1.2.5/24" 10.1.2.5 255.255.255.0
set group address "Untrust" "One Time Internet Addresses"
set group address "Untrust" "One Time Internet Addresses" add "sprint"
set ippool "obfsuscateIPSec" 10.66.0.105 10.66.0.110
set ippool "obsfsIPSec" 10.66.0.200 10.66.0.250
set user "obfsuscate" uid 3
set user "obfsuscate" ike-id fqdn "obfsuscate.obfsuscateconsulting.com" share-limit 1
set user "obfsuscate" type ike
set user "obfsuscate" "enable"
set user "ccole@obfsuscateconsulting.com" uid 5
set user "ccole@obfsuscateconsulting.com" type xauth
set user "ccole@obfsuscateconsulting.com" remote ippool "obfsuscateIPSec"
set user "ccole@obfsuscateconsulting.com" password "/ULVALE/NGNBr/sOXmCy8xLMacnEgyoPpw=="
unset user "ccole@obfsuscateconsulting.com" type auth
set user "ccole@obfsuscateconsulting.com" "enable"
set user "js@obfsuscateconsulting.com" uid 4
set user "js@obfsuscateconsulting.com" type xauth
set user "js@obfsuscateconsulting.com" remote ippool "obfsuscateIPSec"
set user "js@obfsuscateconsulting.com" password "mOTduDitNgdIquspQaC/XwjYKMnS3RuPvQ=="
unset user "js@obfsuscateconsulting.com" type auth
set user "js@obfsuscateconsulting.com" "enable"
set user "obsfs" uid 6
set user "obsfs" ike-id fqdn "www.obsfs.com" share-limit 1
set user "obsfs" type ike
set user "obsfs" "enable"
set user "peter" uid 2
set user "peter" type xauth
set user "peter" remote ippool "obfsuscateIPSec"
set user "peter" password "Vp9lYBjkNnV6LisTdcC3LND22hnyZFu/Fw=="
unset user "peter" type auth
set user "peter" "enable"
set user-group "obfsuscateconsultinggroup" id 1
set user-group "obfsuscateconsultinggroup" user "obfsuscate"
set user-group "obsfsgroup" id 3
set user-group "obsfsgroup" user "obsfs"
set crypto-policy
exit
set ike gateway "obfsuscateVPNGateway" dialup "obfsuscateconsultinggroup" Aggr local-id "vpngw.obfsuscateconsulting.com" outgoing-interface "ethernet0/0" preshare "31eAAtJsN99mylsnGWCKopyRhgnNtAUXr8QbiF87ko7b89Nic15KVRg=" proposal "pre-g2-3des-sha" "rsa-g2-aes128-sha" "pre-g2-3des-md5" "rsa-g2-aes128-md5"
set ike gateway "obfsuscateVPNGateway" dpd-liveness interval 30
set ike gateway "obfsuscateVPNGateway" dpd-liveness always-send
unset ike gateway "obfsuscateVPNGateway" nat-traversal udp-checksum
set ike gateway "obfsuscateVPNGateway" nat-traversal keepalive-frequency 20
set ike gateway "obfsuscateVPNGateway" xauth server "Local"
unset ike gateway "obfsuscateVPNGateway" xauth do-edipi-auth
set ike gateway "obsfsVPNGateway" dialup "obsfsgroup" Aggr local-id "vpngw.obsfs.com" outgoing-interface "ethernet0/0" preshare "Et0oDBSONN7J1XsPDOCgQ8s/ranuoMLUTA==" proposal "pre-g2-3des-sha" "pre-g2-aes128-sha" "pre-g2-3des-md5" "pre-g2-aes128-md5"
set ike gateway "obsfsVPNGateway" dpd-liveness interval 30
set ike gateway "obsfsVPNGateway" dpd-liveness always-send
unset ike gateway "obsfsVPNGateway" nat-traversal udp-checksum
set ike gateway "obsfsVPNGateway" nat-traversal keepalive-frequency 20
set ike gateway "obsfsVPNGateway" xauth
unset ike gateway "obsfsVPNGateway" xauth do-edipi-auth
set ike respond-bad-spi 1
set ike ikev2 ike-sa-soft-lifetime 60
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set xauth default ippool "obfsuscateIPSec"
set vpn "obfsuscateIKE" gateway "obfsuscateVPNGateway" replay tunnel idletime 0 proposal "nopfs-esp-3des-sha"  "nopfs-esp-aes128-sha"  "nopfs-esp-3des-md5"  "nopfs-esp-aes128-md5" 
set vpn "obfsuscateIKE" monitor
set vpn "obsfsIKE" gateway "obsfsVPNGateway" replay tunnel idletime 0 proposal "nopfs-esp-3des-sha"  "nopfs-esp-aes128-sha"  "nopfs-esp-3des-md5"  "nopfs-esp-aes128-md5" 
set vpn "obsfsIKE" monitor
set url protocol websense
exit
set policy id 11 from "Untrust" to "Trust"  "Dial-Up VPN" "10.66.0.40/32" "ANY" nat src tunnel vpn "obfsuscateIKE" id 0x1 log 
set policy id 11
set log session-init
exit
set policy id 9 from "Trust" to "DMZ"  "Any" "Any" "ANY" permit count 
set policy id 9
exit
set policy id 6 from "DMZ" to "Trust"  "Any" "Any" "ANY" permit log count 
set policy id 6
set log session-init
exit
set policy id 1 name "deafault internet" from "Trust" to "Untrust"  "Any" "Any" "ANY" permit log 
set policy id 1
exit
set policy id 12 from "Untrust" to "Trust"  "Dial-Up VPN" "10.66.0.0/24" "ANY" nat src tunnel vpn "obsfsIKE" id 0x2 log 
set policy id 12
set log session-init
exit
set policy id 14 from "DMZ" to "Untrust"  "Any" "Any" "ANY" nat src permit 
set policy id 14
exit
set policy id 15 name "INBOUND HTTP" from "Untrust" to "DMZ"  "Any" "VIP(ethernet0/0)" "ANY" permit log count url-filter 
set policy id 15
set log session-init
exit
set syslog src-interface ethernet0/1
set log module system level emergency destination console
set log module system level alert destination console
set log module system level critical destination console
set log module system level error destination console
set log module system level warning destination console
set log module system level notification destination console
set log module system level information destination console
set log module system level debugging destination console
set log module system level error destination webtrends
set log module system level warning destination webtrends
set log module system level information destination webtrends
set log module system level debugging destination webtrends
set firewall log-self
set nsmgmt bulkcli reboot-timeout 60
set ssh version v2
set ssh enable
set scp enable
set config lock timeout 5
unset license-key auto-update
set telnet client enable
set ssl port 4443
set ssl cert-hash "155AA0190FCECA353D2814AEE8A367E2CE2BA143"
set ntp server "time.windows.com"
set ntp server src-interface "ethernet0/0"
set ntp server backup1 "0.0.0.0"
set ntp server backup2 "0.0.0.0"
set ntp interval 1440
set ntp max-adjustment 600
set snmp port listen 161
set snmp port trap 162
set snmpv3 local-engine id "0164092006001672"
set vrouter "untrust-vr"
set route 0.0.0.0/0 interface ethernet0/0 gateway 170.21.51.1
exit
set vrouter "trust-vr"
unset add-default-route
set route 0.0.0.0/0 interface ethernet0/0 gateway 170.21.51.1
set route 0.0.0.0/0 vrouter "untrust-vr" preference 20 metric 1
exit
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit