unset key protection enable set clock ntp set clock timezone 0 set clock dst recurring start-weekday 4 0 3 01:00 end-weekday last 0 10 01:00 set vrouter trust-vr sharable set vrouter "untrust-vr" exit set vrouter "trust-vr" unset auto-route-export exit set service "RDP" protocol tcp src-port 0-65535 dst-port 3389-3389 set alg appleichat enable unset alg appleichat re-assembly enable set alg sctp enable set auth-server "Local" id 0 set auth-server "Local" server-name "Local" set auth default auth server "Local" set auth radius accounting port 1646 set admin name xxx set admin password xxx set admin access lock-on-failure 3 set admin http redirect set admin auth web timeout 60 set admin auth server "Local" set admin auth banner telnet login "xxx" set admin format dos set zone "Trust" vrouter "trust-vr" set zone "Untrust" vrouter "trust-vr" set zone "DMZ" vrouter "trust-vr" set zone "VLAN" vrouter "trust-vr" set zone "Untrust-Tun" vrouter "trust-vr" set zone "Trust" tcp-rst set zone "Untrust" block set zone "Untrust" tcp-rst set zone "MGT" block unset zone "V1-Trust" tcp-rst unset zone "V1-Untrust" tcp-rst set zone "DMZ" tcp-rst unset zone "V1-DMZ" tcp-rst unset zone "VLAN" tcp-rst set zone "Trust" screen icmp-flood set zone "Trust" screen udp-flood set zone "Trust" screen port-scan set zone "Trust" screen tear-drop set zone "Trust" screen syn-flood set zone "Trust" screen ip-spoofing set zone "Trust" screen ping-death set zone "Trust" screen icmp-large set zone "Trust" screen syn-ack-ack-proxy set zone "Untrust" screen icmp-flood set zone "Untrust" screen winnuke set zone "Untrust" screen tear-drop set zone "Untrust" screen syn-flood set zone "Untrust" screen ip-spoofing set zone "Untrust" screen ping-death set zone "Untrust" screen ip-filter-src set zone "Untrust" screen land set zone "Untrust" screen syn-frag set zone "Untrust" screen tcp-no-flag set zone "Untrust" screen unknown-protocol set zone "Untrust" screen ip-bad-option set zone "Untrust" screen ip-record-route set zone "Untrust" screen ip-timestamp-opt set zone "Untrust" screen ip-security-opt set zone "Untrust" screen ip-loose-src-route set zone "Untrust" screen ip-strict-src-route set zone "Untrust" screen ip-stream-opt set zone "Untrust" screen syn-fin set zone "Untrust" screen fin-no-ack set zone "Untrust" screen icmp-id set zone "V1-Untrust" screen tear-drop set zone "V1-Untrust" screen syn-flood set zone "V1-Untrust" screen ping-death set zone "V1-Untrust" screen ip-filter-src set zone "V1-Untrust" screen land set zone "Trust" screen ip-sweep threshold 20000 set zone "Trust" screen port-scan threshold 20000 set zone "Trust" screen udp-flood threshold 2000 set zone "Trust" screen limit-session source-ip-based 1000 set zone "Trust" screen limit-session destination-ip-based 1000 set zone "Trust" screen syn-flood alarm-threshold 250 set zone "Trust" screen syn-flood attack-threshold 250 set zone "Trust" screen syn-flood source-threshold 250 set zone "Trust" screen syn-flood destination-threshold 1000 set interface "ethernet0/0" zone "Null" set interface "ethernet0/1" zone "DMZ" set interface "ethernet0/2" zone "Untrust" set interface "ethernet3/0" zone "Trust" set interface "ethernet3/1" zone "Trust" set interface "ethernet3/10" zone "Trust" set interface "ethernet3/12" zone "Trust" set interface "ethernet3/14" zone "Trust" set interface "tunnel.1" zone "Untrust" set interface "tunnel.2" zone "Untrust" unset interface vlan1 ip set interface ethernet0/2 ip xxx set interface ethernet0/2 route set interface ethernet3/0 ip xxx set interface ethernet3/0 nat set interface ethernet3/1 ip xxx set interface ethernet3/1 nat set interface ethernet3/10 ip xxx set interface ethernet3/10 nat set interface ethernet3/12 ip 10.10.20.1/24 set interface ethernet3/12 nat set interface ethernet3/12 ip 10.232.226.40 255.255.255.248 secondary set interface ethernet3/14 ip xxx set interface ethernet3/14 nat set interface tunnel.1 ip unnumbered interface ethernet0/2 set interface tunnel.2 ip unnumbered interface ethernet0/2 set interface ethernet0/2 gateway xxx set interface ethernet0/0 mtu 1500 unset interface vlan1 bypass-others-ipsec unset interface vlan1 bypass-non-ip set interface ethernet0/2 ip manageable unset interface ethernet3/0 ip manageable set interface ethernet3/1 ip manageable set interface ethernet3/10 ip manageable set interface ethernet3/12 ip manageable set interface ethernet3/14 ip manageable set interface ethernet0/2 manage ping set interface ethernet0/2 manage ssh set interface ethernet0/2 manage ssl set interface ethernet0/2 manage web unset interface ethernet3/0 manage telnet unset interface ethernet3/0 manage snmp unset interface ethernet3/1 manage snmp unset interface ethernet3/10 manage ssh unset interface ethernet3/10 manage telnet unset interface ethernet3/10 manage snmp unset interface ethernet3/10 manage ssl unset interface ethernet3/10 manage web unset interface ethernet3/12 manage ssh unset interface ethernet3/12 manage telnet unset interface ethernet3/12 manage snmp unset interface ethernet3/12 manage ssl unset interface ethernet3/12 manage web unset interface ethernet3/14 manage ssh unset interface ethernet3/14 manage telnet unset interface ethernet3/14 manage snmp set interface vlan1 manage mtrace set interface ethernet3/1 dhcp server service set interface ethernet3/14 dhcp server service set interface ethernet3/1 dhcp server enable set interface ethernet3/14 dhcp server enable set interface ethernet3/1 dhcp server option lease 1440 set interface ethernet3/1 dhcp server option domainname xxx set interface ethernet3/1 dhcp server option dns1 xxx set interface ethernet3/1 dhcp server option dns2 xxx set interface ethernet3/14 dhcp server option lease 1440 set interface ethernet3/14 dhcp server option domainname xxx set interface ethernet3/14 dhcp server option dns1 xxx set interface ethernet3/14 dhcp server option dns2 xxx unset interface ethernet3/1 dhcp server config next-server-ip unset interface ethernet3/14 dhcp server config next-server-ip unset flow no-tcp-seq-check set flow tcp-syn-check unset flow tcp-syn-bit-check set flow syn-proxy syn-cookie set flow reverse-route clear-text prefer set flow reverse-route tunnel always set domain xxx set hostname xxx set pki authority default scep mode "auto" set pki x509 default cert-path partial set dns host dns1 xxx src-interface ethernet0/2 set dns host dns2 xxx src-interface ethernet0/2 set dns host dns3 0.0.0.0 set address "Trust" "10.232.226.40/29" 10.232.226.40 255.255.255.248 set address "Trust" "172.16.10.0/24" 172.16.10.0 255.255.255.0 set address "Trust" "xxx" 10.232.226.41 255.255.255.248 "xxx" set address "Untrust" "10.1.1.0/24" 10.1.1.0 255.255.255.0 set address "Untrust" "10.175.0.0/16" 10.175.0.0 255.255.0.0 set address "Untrust" "DHL-external" 165.72.239.16 255.255.255.248 "DHL external subnet" set address "Untrust" "ebay" www.ebay.com set address "Untrust" "ebay uk" www.ebay.co.uk set address "Untrust" "Facebook" www.facebook.com set address "Untrust" "gmx" www.gmx.de set address "Untrust" "gmx net" www.gmx.net set address "Untrust" "imageshack de" img3.abload.de set address "Untrust" "imageshack us" imageshack.us set address "Untrust" "ovh" ns201628.ovh.net set address "Untrust" "RFI-external" 10.175.0.0 255.255.0.0 "RFI remote LAN" set address "Untrust" "Tweet" twitter.com set address "Untrust" "Twitter" www.twitter.com set address "Untrust" "YouTube" www.youtube.com set group address "Untrust" "blocked list" comment "blocked websites" set group address "Untrust" "blocked list" add "ebay" set group address "Untrust" "blocked list" add "ebay uk" set group address "Untrust" "blocked list" add "Facebook" set group address "Untrust" "blocked list" add "gmx" set group address "Untrust" "blocked list" add "gmx net" set group address "Untrust" "blocked list" add "imageshack de" set group address "Untrust" "blocked list" add "imageshack us" set group address "Untrust" "blocked list" add "ovh" set group address "Untrust" "blocked list" add "Tweet" set group address "Untrust" "blocked list" add "Twitter" set group address "Untrust" "blocked list" add "YouTube" set ippool "xxx VPN Pool" 10.1.1.1 10.1.1.1 set user "xxx_User1" uid 8 set user "xxx_User1" type xauth set user "xxx_User1" password "xxx" unset user "xxx_User1" type auth set user "xxx_User1" "enable" set user "xxx_User2" uid 9 set user "xxx_User2" type xauth set user "xxx_User2" password "xxx" unset user "xxx_User2" type auth set user "xxx_User2" "enable" set user "Remote _xxx" uid 7 set user "Remote _xxx" ike-id u-fqdn "xxx" share-limit 250 set user "Remote _xxx" type ike set user "Remote _xxx" "enable" set user-group "R_R" id 3 set user-group "R_R" user "Remote _xxx" set crypto-policy exit set ike p1-proposal "xxx-P1" preshare group2 esp aes256 md5 second 86400 set ike gateway "xxx" address xxx Main outgoing-interface "ethernet0/2" preshare "xxx" proposal "xxx-P1" set ike gateway "xxx Dialup" dialup "R_R" Aggr outgoing-interface "ethernet0/2" preshare "xxx" proposal "pre-g2-3des-sha" unset ike gateway "xxx Dialup" nat-traversal udp-checksum set ike gateway "xxx Dialup" nat-traversal keepalive-frequency 5 set ike respond-bad-spi 1 set ike ikev2 ike-sa-soft-lifetime 60 unset ike ikeid-enumeration unset ike dos-protection unset ipsec access-session enable set ipsec access-session maximum 5000 set ipsec access-session upper-threshold 0 set ipsec access-session lower-threshold 0 set ipsec access-session dead-p2-sa-timeout 0 unset ipsec access-session log-error unset ipsec access-session info-exch-connected unset ipsec access-session use-error-log set xauth default ippool "xxx VPN Pool" set xauth default dns1 xxx set xauth default dns2 xxx set vpn "VPN To xxx" gateway "xxx" no-replay tunnel idletime 0 proposal "g2-esp-aes128-md5" set vpn "VPN To xxx" id 0xa bind interface tunnel.1 set vpn "Dial Up xxx VPN" gateway "RFI Dialup" no-replay tunnel idletime 0 proposal "g2-esp-3des-sha" set vpn "Dial Up xxx VPN" id 0xb bind interface tunnel.2 set vrouter "untrust-vr" exit set vrouter "trust-vr" exit set attack db sigpack base set url protocol websense exit set vpn "VPN To xxx" proxy-id local-ip 10.232.226.40/29 remote-ip 10.175.0.0/16 "ANY" set vpn "Dial Up xxx VPN" proxy-id local-ip 172.16.10.0/24 remote-ip 255.255.255.255/32 "ANY" set policy id 41 from "Trust" to "Untrust" "10.232.226.40/29" "10.175.0.0/24" "ANY" permit log count set policy id 41 exit set policy id 42 from "Untrust" to "Trust" "10.175.0.0" "10.232.226.40/29" "ANY" permit log count set policy id 42 exit set policy id 43 from "Untrust" to "Trust" "10.1.1.0/24" "172.16.10.0/24" "ANY" permit log count set policy id 43 exit set policy id 21 from "Trust" to "Untrust" "Any" "blocked list" "ANY" deny log count set policy id 21 exit set policy id 22 from "Trust" to "Untrust" "Any" "Any" "MSN" deny log count set policy id 22 exit set policy id 44 from "Trust" to "Untrust" "172.16.10.0/24" "10.1.1.0/24" "ANY" permit log count set policy id 44 exit set policy id 24 from "Trust" to "Untrust" "Sebastien" "Any" "Arsenal" permit log count set policy id 24 exit set policy id 19 from "Trust" to "Untrust" "Any" "Any" "ANY" deny log count set policy id 19 exit set policy id 20 from "Untrust" to "Trust" "Any" "Any" "ANY" deny log count set policy id 20 exit set policy id 45 from "Untrust" to "Untrust" "10.1.1.0/24" "10.175.0.0/16" "ANY" nat src permit log count set policy id 45 exit set log module system level emergency destination console set log module system level alert destination console set log module system level critical destination console set log module system level error destination console set log module system level warning destination console set log module system level notification destination console set log module system level information destination console set log module system level debugging destination console set firewall log-self set nsmgmt bulkcli reboot-timeout 60 set ssh version v2 set ssh enable set config lock timeout 5 unset license-key auto-update set telnet client enable set ntp server "ntp.cis.strath.ac.uk" set ntp server src-interface "ethernet0/2" set snmp port listen 161 set snmp port trap 162 set vrouter "untrust-vr" exit set vrouter "trust-vr" unset add-default-route set route 10.175.0.0/16 interface tunnel.1 set route 10.1.1.0/24 interface tunnel.2 exit set vrouter "untrust-vr" exit set vrouter "trust-vr" exit