Features Title Here. Consectetur adipisicing

Features Content Here. Sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

sample junpier j2300 with firewall filter

Monday, 27 February 2012

admin@ROUTER-GUE> show configuration
version 7.6R1.9;
system {
host-name ROUTER-GUE;
domain-name router-gue.gue.com;
domain-search [ 202.134.0.155 203.130.193.74 ];
authentication-order radius;
root-authentication {
encrypted-password "$1$RVFdx7eI$Ud424y17wLT88AiePhIF01"; ## SECRET-DATA
}
radius-server {
192.168.217.27 {
port 1812;
accounting-port 1813;
secret "$9$b4w4ZHqfznCP5nCuBSy"; ## SECRET-DATA
timeout 10;
retry 3;
source-address 192.168.161.73;
}
192.168.223.12 {
port 1812;
accounting-port 1813;
secret "$9$XFmxVYJGi.fzjHfz6CB1"; ## SECRET-DATA
timeout 10;
retry 3;
source-address 192.168.161.73;
}
}
login {
class level1 {
idle-timeout 20;
permissions [ admin interface network routing snmp system trace trace-control view ];
}
class level2 {
idle-timeout 20;
permissions all;
}
user User1 {
full-name "Tim TPG";
uid 2001;
class level1;
}
user user2 {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$evwPspko$TakoJ0nn.QXLu5ch736vb1"; ## SECRET-DATA
}
}
user user3 {
full-name "user3";
uid 2002;
class level2;
}
user user4 {
full-name "user4";
uid 2004;
class level1;
}
user user5 {
full-name "user5";
uid 2003;
class level2;
}
user user6 {
full-name "user6";
uid 2005;
class level1;
}
user user7 {
full-name "user7";
uid 2006;
class level1;
}
}
services {
telnet;
web-management {
http {
interface [ fe-0/0/0.0 fe-0/0/1.0 ];
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
console {
any any;
}
}
}
interfaces {
fe-0/0/0 {
description "LAN Connection";
unit 0 {
family inet {
filter {
input virus;
output virus;
}
address 192.168.161.25/29;
}
}
}
sp-0/0/0 {
unit 0 {
family inet;
}
}
fe-0/0/1 {
description "Wan Connection";
unit 0 {
family inet {
filter {
input virus;
output virus;
}
address 192.168.136.142/30;
}
}
}
fxp0 {
unit 0;
}
lo0 {
unit 0 {
family inet {
address 127.0.0.1/32;
}
}
}
}
snmp {
location "ROuter GUe";
contact "Harry Chan";
community gue.com {
authorization read-write;
}
trap-group diknas {
categories {
chassis;
link;
}
targets {
10.0.0.4;
10.10.204.2;
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 192.168.136.141;
}
}
firewall {
family inet {
filter virus {
term virus {
from {
source-address {
0.0.0.0/0;
}
destination-address {
0.0.0.0/0;
}
protocol [ tcp udp ];
source-port [ netbios-dgm netbios-ns netbios-ssn 445 135 136 137 138 139 ];
destination-port [ 135 136 137 138 139 netbios-dgm netbios-ns netbios-ssn ];
tcp-established;
interface fe-0/0/0.0;
interface fe-0/0/1.0;
}
then {
log;
reject;
}
}
term default-term {
then accept;
}
}
}
}
services {
stateful-firewall {
rule jweb-sfw-to-wan {
match-direction output;
term jweb-apply-alg {
from {
application-sets junos-algs-outbound;
}
then {
accept;
}
}
term jweb-accept-all {
then {
accept;
}
}
}
rule jweb-sfw-from-wan {
match-direction input;
term jweb-discard-all {
then {
discard;
}
}
}
}
service-set jweb-wan-sfw-service-set {
stateful-firewall-rules jweb-sfw-to-wan;
stateful-firewall-rules jweb-sfw-from-wan;
interface-service {
service-interface sp-0/0/0;
}
}
}
Posted by Geo at 00:47

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)