Vous êtes sur la page 1sur 5

set clock dst-off set clock timezone -3 set vrouter trust-vr sharable set vrouter "untrust-vr" exit set

vrouter "trust-vr" unset auto-route-export exit set service "infoblox" protocol udp src-port 0-65535 dst-port 1194-1194 set service "infoblox" + udp src-port 0-65535 dst-port 2114-2114 unset alg sip enable unset alg mgcp enable unset alg sccp enable unset alg sunrpc enable unset alg msrpc enable unset alg sql enable unset alg rtsp enable unset alg h323 enable set auth-server "Local" id 0 set auth-server "Local" server-name "Local" set auth default auth server "Local" set auth radius accounting port 1646 set admin name "netscreen" set admin password "nMQ4BgrgJohMcwzK5sHNT9Ht0gIB2n" set admin user "admin" password "nO+dIOrJEhwKc1aFDsBJInHtNBKIGn" privilege "all" set admin manager-ip 10.0.0.0 255.0.0.0 set admin manager-ip 200.41.66.128 255.255.255.224 set admin manager-ip 200.61.161.80 255.255.255.248 set admin mail alert set admin mail server-name "10.1.1.74" set admin mail mail-addr1 "admin@hynet.com.ar" set admin auth timeout 10 set admin auth server "Local" set admin format dos set zone "Trust" vrouter "trust-vr" set zone "Untrust" vrouter "trust-vr" set zone "DMZ" vrouter "trust-vr" set zone "Wzone1" vrouter "trust-vr" set zone "Wzone2" vrouter "trust-vr" set zone "VLAN" vrouter "trust-vr" set zone "Untrust-Tun" vrouter "trust-vr" set zone "Trust" tcp-rst set zone "Untrust" block unset zone "Untrust" tcp-rst set zone "MGT" block set zone "DMZ" tcp-rst set zone "Wzone1" tcp-rst set zone "Wzone2" tcp-rst set zone "VLAN" block unset zone "VLAN" tcp-rst set zone "Untrust" screen tear-drop set zone "Untrust" screen syn-flood set zone "Untrust" screen ping-death set zone "Untrust" screen ip-filter-src set zone "Untrust" screen land set zone "V1-Untrust" screen tear-drop set zone "V1-Untrust" screen syn-flood set zone "V1-Untrust" screen ping-death set zone "V1-Untrust" screen ip-filter-src set zone "V1-Untrust" screen land

set interface "ethernet1" zone "Trust" set interface "ethernet2" zone "DMZ" set interface "ethernet3" zone "Untrust" set interface "wireless1" zone "Wzone1" set interface "wireless2" zone "Trust" set interface "wireless3" zone "Null" set interface "wireless4" zone "Null" set interface "adsl1" pvc 8 35 mux llc protocol bridged zone "Null" set interface ethernet1 ip 10.5.40.1/24 set interface ethernet1 route set interface ethernet2 ip 1.1.1.1/24 set interface ethernet2 nat set interface ethernet3 ip 190.210.46.109/28 set interface ethernet3 route unset interface vlan1 ip set interface wireless2 ip 10.5.38.1/24 set interface wireless2 route set interface ethernet3 gateway 190.210.46.110 unset interface vlan1 bypass-others-ipsec unset interface vlan1 bypass-non-ip set interface ethernet1 ip manageable set interface ethernet2 ip manageable set interface ethernet3 ip manageable set interface wireless2 ip manageable unset interface ethernet1 manage telnet unset interface ethernet1 manage ssl set interface ethernet2 manage ssh set interface ethernet2 manage web set interface ethernet3 manage ping set interface ethernet3 manage ssh set interface ethernet3 manage web set interface ethernet1 dhcp server service set interface wireless2 dhcp server service set interface ethernet1 dhcp server enable set interface wireless2 dhcp server auto set interface ethernet1 dhcp server option lease 7200 set interface ethernet1 dhcp server option gateway 10.5.40.1 set interface ethernet1 dhcp server option netmask 255.255.255.0 set interface ethernet1 dhcp server option domainname hynet.com.ar set interface ethernet1 dhcp server option dns1 10.1.1.74 set interface ethernet1 dhcp server option dns2 8.8.8.8 set interface ethernet1 dhcp server option dns3 8.8.4.4 set interface wireless2 dhcp server option lease 10080 set interface wireless2 dhcp server option gateway 10.5.38.1 set interface wireless2 dhcp server option netmask 255.255.255.0 set interface wireless2 dhcp server option domainname hynet.com.ar set interface wireless2 dhcp server option dns1 10.1.1.74 set interface wireless2 dhcp server option dns2 8.8.8.8 set interface wireless2 dhcp server option dns3 8.8.4.4 set interface ethernet1 dhcp server ip 10.5.40.192 to 10.5.40.252 set interface wireless2 dhcp server ip 10.5.38.192 to 10.5.38.254 unset interface ethernet1 dhcp server config next-server-ip unset interface wireless2 dhcp server config next-server-ip set interface ethernet3 dip 4 190.210.46.106 190.210.46.108 set interface ethernet1 route-deny unset flow tcp-mss unset flow no-tcp-seq-check set flow tcp-syn-check set hostname ns5gt_wf_peru set pki authority default scep mode "auto"

set pki x509 default cert-path partial set dns host dns1 10.1.1.74 set dns host dns2 200.69.193.2 set dns host dns3 0.0.0.0 set address "Trust" "1.1.1.0/24" 1.1.1.0 255.255.255.0 set address "Trust" "10.0.0.0/8" 10.0.0.0 255.0.0.0 set address "Trust" "10.5.0.0/16" 10.5.0.0 255.255.0.0 set address "Trust" "10.5.38.0/24" 10.5.38.0 255.255.255.0 set address "Trust" "10.5.40.134/32" 10.5.40.134 255.255.255.255 set address "Trust" "10.5.40.248/32" 10.5.40.248 255.255.255.255 set address "Trust" "10.5.40.33/32" 10.5.40.33 255.255.255.255 set address "Trust" "lan_hynet_riv" 10.5.40.0 255.255.255.0 set address "Untrust" "lan_hynet" 10.1.1.0 255.255.255.0 set address "Untrust" "lan_hynet_dmz" 10.5.42.0 255.255.255.0 set address "DMZ" "lan_dmz_riv" 10.5.39.0 255.255.255.0 set ike gateway "roca_ipsat" address 200.41.66.130 Aggr outgoing-interface "ethe rnet3" preshare "phF2FClNNCri4Gs1zeC7DozBMFntf6nWIg==" proposal "pre-g2-3des-sha " set ike respond-bad-spi 1 unset ike ikeid-enumeration unset ike dos-protection unset ipsec access-session enable set ipsec access-session maximum 5000 set ipsec access-session upper-threshold 0 set ipsec access-session lower-threshold 0 set ipsec access-session dead-p2-sa-timeout 0 unset ipsec access-session log-error unset ipsec access-session info-exch-connected unset ipsec access-session use-error-log set vpn "vpn_iplan" gateway "roca_ipsat" replay tunnel idletime 0 proposal "g2-e sp-3des-sha" set vpn "vpn_iplan" monitor set vpn-group id 1 set scheduler "una" once start 7/7/2010 15:0 stop 7/7/2010 20:0 set av profile "scan-mgr" set ftp scan-mode scan-all set ftp decompress-layer 2 set http scan-mode scan-all set imap scan-mode scan-all set imap decompress-layer 2 set pop3 scan-mode scan-all set pop3 decompress-layer 2 set smtp scan-mode scan-all set smtp decompress-layer 2 exit set url protocol websense exit set anti-spam profile ns-profile set sbl default-server enable exit set policy id 15 from "Trust" to "Trust" "10.5.38.0/24" "10.5.40.134/32" "ANY" nat src permit set policy id 15 exit set policy id 16 from "Trust" to "Untrust" "10.5.0.0/16" "lan_hynet" "ANY" tunn el vpn "vpn_iplan" id 7 pair-policy 4 log set policy id 16 exit set policy id 11 from "Trust" to "Untrust" "10.5.0.0/16" "lan_hynet_dmz" "ANY" tunnel vpn "vpn_iplan" id 4 pair-policy 12 log

set policy id 11 exit set policy id 6 from "DMZ" to "Untrust" "lan_dmz_riv" "Any" "ANY" nat src permi t log set policy id 6 exit set policy id 7 from "Trust" to "DMZ" "lan_hynet_riv" "lan_dmz_riv" "ANY" permi t log set policy id 7 exit set policy id 8 from "DMZ" to "Trust" "lan_dmz_riv" "lan_hynet_riv" "ANY" permi t log set policy id 8 exit set policy id 1 from "Trust" to "Untrust" "10.5.40.248/32" "Any" "ANY" nat src permit log set policy id 1 disable set policy id 1 exit set policy id 4 from "Untrust" to "Trust" "lan_hynet" "10.5.0.0/16" "ANY" tunne l vpn "vpn_iplan" id 7 pair-policy 16 log set policy id 4 exit set policy id 12 from "Untrust" to "Trust" "lan_hynet_dmz" "10.5.0.0/16" "ANY" tunnel vpn "vpn_iplan" id 4 pair-policy 11 log set policy id 12 exit set policy id 17 from "Trust" to "Untrust" "Any" "Any" "ANY" nat src permit log traffic set policy id 17 exit set syslog src-interface ethernet1 unset log module system level emergency destination usb unset log module system level alert destination usb unset log module system level critical destination usb unset log module system level error destination usb unset log module system level warning destination usb unset log module system level notification destination usb unset log module system level information destination usb unset log module system level debugging destination usb set firewall log-self set nsmgmt report proto-dist enable set nsmgmt report statistics ethernet enable set nsmgmt report statistics attack enable set nsmgmt report statistics flow enable set nsmgmt report statistics policy enable set nsmgmt report alarm traffic enable set nsmgmt report alarm attack enable set nsmgmt report alarm other enable set nsmgmt report alarm di enable set nsmgmt report log config enable set nsmgmt report log info enable set nsmgmt report log self enable set nsmgmt report log traffic enable set nsmgmt bulkcli reboot-timeout 60 set nsmgmt bulkcli reboot-wait 0 set ssh version v2 set ssh enable set scp enable set config lock timeout 5

set modem speed 115200 set modem retry 3 set modem interval 10 set modem idle-time 10 set wlan advanced-features set wlan channel auto set wlan advanced cts-type cts-rts set ssid name hynet set ssid hynet key-id 1 length 104 method asciitext ORT4qryxNDR0C0sJndCTs2JvXEnI CKVaFA== default set ssid hynet ssid-suppression set ssid hynet authentication wpa2-psk passphrase q3xuGc84NQQYygshDjC52druoMnTaz 6iEw== encryption aes set ssid hynet interface wireless2 set snmp community "public" Read-Write Trap-on traffic version v1 set snmp host "public" 10.0.0.0 255.0.0.0 set snmp name "rivadavia" set snmp port listen 161 set snmp port trap 162 set vrouter "untrust-vr" exit set vrouter "trust-vr" unset add-default-route set route 10.0.54.0/24 gateway 10.5.40.254 exit set vrouter "untrust-vr" exit set vrouter "trust-vr" exit