set version 15.1X49-D50.3
set system host-name F-J-1500
set system time-zone Europe/Kiev
set system root-authentication encrypted-password "$5$CNyEV81H$yZLAzry3cx6PC.LgmtQoPQEnoof1PVxweOlj7LcwCE2"
set system name-server 208.67.222.222
set system name-server 208.67.222.220
set system name-server 8.8.8.8
set system services ssh
set system services xnm-clear-text
set system services web-management http interface fxp0.0
set system services web-management http interface all
set system services web-management https system-generated-certificate
set system services web-management https interface fxp0.0
set system services web-management https interface all
set system services dhcp pool 10.10.0.0/16 address-range low 10.10.0.10
set system services dhcp pool 10.10.0.0/16 address-range high 10.10.250.100
set system services dhcp pool 10.10.0.0/16 name-server 8.8.8.8
set system services dhcp pool 10.10.0.0/16 router 10.10.0.1
set system services dhcp pool 10.10.0.0/16 propagate-settings ge-0/0/9
set system syslog user * any emergency
set system syslog file messages any any
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system max-configurations-on-flash 5
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set system ntp server 91.236.251.5
set system ntp server 194.54.80.30 prefer
set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip tear-drop
set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
set security screen ids-option untrust-screen tcp syn-flood queue-size 2000
set security screen ids-option untrust-screen tcp syn-flood timeout 20
set security screen ids-option untrust-screen tcp land
set security nat source rule-set trust-to-untrust from zone trust
set security nat source rule-set trust-to-untrust to zone untrust
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface
set security policies from-zone trust to-zone trust policy default-permit match source-address any
set security policies from-zone trust to-zone trust policy default-permit match destination-address any
set security policies from-zone trust to-zone trust policy default-permit match application any
set security policies from-zone trust to-zone trust policy default-permit then permit
set security policies from-zone trust to-zone untrust policy default-permit match source-address any
set security policies from-zone trust to-zone untrust policy default-permit match destination-address any
set security policies from-zone trust to-zone untrust policy default-permit match application any
set security policies from-zone trust to-zone untrust policy default-permit then permit
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces ge-0/0/10.0
set security zones security-zone trust interfaces ge-0/0/0.2
set security zones security-zone trust interfaces ge-0/0/9.0
set security zones security-zone untrust screen untrust-screen
set security zones security-zone untrust host-inbound-traffic system-services all
set security zones security-zone untrust host-inbound-traffic protocols all
set security zones security-zone untrust interfaces ge-0/0/0.20
set interfaces ge-0/0/0 description -=J1-Switch-1=-
set interfaces ge-0/0/0 vlan-tagging
set interfaces ge-0/0/0 encapsulation flexible-ethernet-services
set interfaces ge-0/0/0 unit 2 description -=Corp-MNG=-
set interfaces ge-0/0/0 unit 2 vlan-id 2
set interfaces ge-0/0/0 unit 2 family inet address 192.168.1.157/24
set interfaces ge-0/0/0 unit 20 description -=ISP-1=-
set interfaces ge-0/0/0 unit 20 vlan-id 20
set interfaces ge-0/0/0 unit 20 family inet address 109.xxx.88.yyy/28
set interfaces ge-0/0/9 unit 0 family inet address 10.10.0.1/16
set interfaces ge-0/0/10 unit 0 family inet address 10.10.0.1/16
set routing-options static route 0.0.0.0/0 next-hop 109.xxx.88.yyy
set routing-options static route 192.168.0.0/20 next-hop 192.168.1.1
set system host-name F-J-1500
set system time-zone Europe/Kiev
set system root-authentication encrypted-password "$5$CNyEV81H$yZLAzry3cx6PC.LgmtQoPQEnoof1PVxweOlj7LcwCE2"
set system name-server 208.67.222.222
set system name-server 208.67.222.220
set system name-server 8.8.8.8
set system services ssh
set system services xnm-clear-text
set system services web-management http interface fxp0.0
set system services web-management http interface all
set system services web-management https system-generated-certificate
set system services web-management https interface fxp0.0
set system services web-management https interface all
set system services dhcp pool 10.10.0.0/16 address-range low 10.10.0.10
set system services dhcp pool 10.10.0.0/16 address-range high 10.10.250.100
set system services dhcp pool 10.10.0.0/16 name-server 8.8.8.8
set system services dhcp pool 10.10.0.0/16 router 10.10.0.1
set system services dhcp pool 10.10.0.0/16 propagate-settings ge-0/0/9
set system syslog user * any emergency
set system syslog file messages any any
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system max-configurations-on-flash 5
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set system ntp server 91.236.251.5
set system ntp server 194.54.80.30 prefer
set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip tear-drop
set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
set security screen ids-option untrust-screen tcp syn-flood queue-size 2000
set security screen ids-option untrust-screen tcp syn-flood timeout 20
set security screen ids-option untrust-screen tcp land
set security nat source rule-set trust-to-untrust from zone trust
set security nat source rule-set trust-to-untrust to zone untrust
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface
set security policies from-zone trust to-zone trust policy default-permit match source-address any
set security policies from-zone trust to-zone trust policy default-permit match destination-address any
set security policies from-zone trust to-zone trust policy default-permit match application any
set security policies from-zone trust to-zone trust policy default-permit then permit
set security policies from-zone trust to-zone untrust policy default-permit match source-address any
set security policies from-zone trust to-zone untrust policy default-permit match destination-address any
set security policies from-zone trust to-zone untrust policy default-permit match application any
set security policies from-zone trust to-zone untrust policy default-permit then permit
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces ge-0/0/10.0
set security zones security-zone trust interfaces ge-0/0/0.2
set security zones security-zone trust interfaces ge-0/0/9.0
set security zones security-zone untrust screen untrust-screen
set security zones security-zone untrust host-inbound-traffic system-services all
set security zones security-zone untrust host-inbound-traffic protocols all
set security zones security-zone untrust interfaces ge-0/0/0.20
set interfaces ge-0/0/0 description -=J1-Switch-1=-
set interfaces ge-0/0/0 vlan-tagging
set interfaces ge-0/0/0 encapsulation flexible-ethernet-services
set interfaces ge-0/0/0 unit 2 description -=Corp-MNG=-
set interfaces ge-0/0/0 unit 2 vlan-id 2
set interfaces ge-0/0/0 unit 2 family inet address 192.168.1.157/24
set interfaces ge-0/0/0 unit 20 description -=ISP-1=-
set interfaces ge-0/0/0 unit 20 vlan-id 20
set interfaces ge-0/0/0 unit 20 family inet address 109.xxx.88.yyy/28
set interfaces ge-0/0/9 unit 0 family inet address 10.10.0.1/16
set interfaces ge-0/0/10 unit 0 family inet address 10.10.0.1/16
set routing-options static route 0.0.0.0/0 next-hop 109.xxx.88.yyy
set routing-options static route 192.168.0.0/20 next-hop 192.168.1.1
Комментариев нет:
Отправить комментарий