set version 12.1X44-D35.5
set system host-name MTCECTRU
set system time-zone GMT
set system root-authentication encrypted-password "$1$HFaC.eIh$Z31xduiid.S3JL.daLiCN."
set system name-server 208.67.222.222
set system name-server 208.67.220.220
set system name-server 8.8.8.8
set system name-server 202.175.3.3
set system name-resolution no-resolve-on-input
set system services ssh
set system services telnet
set system services web-management http interface vlan.1
set system services web-management http interface fe-0/0/7.0
set system services web-management https port 443
set system services web-management https system-generated-certificate
set system services web-management https interface vlan.1
set system services web-management https interface fe-0/0/7.0
set system services web-management session idle-timeout 60
set system services dhcp pool 192.168.8.0/24 address-range low 192.168.8.30
set system services dhcp pool 192.168.8.0/24 address-range high 192.168.8.90
set system services dhcp pool 192.168.8.0/24 router 192.168.8.1
set system services dhcp propagate-settings fe-0/0/7
set system syslog archive size 100k
set system syslog archive files 3
set system syslog user * any emergency
set system syslog file messages any critical
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands error
set system syslog file Services any any
set system syslog file Internet_to_Internal any any
set system syslog file Allow_HTTP any any
set system syslog file Allow_HTTP match RT_FLOW_SESSION
set system syslog file policy_session user info
set system syslog file policy_session match RT_FLOW
set system syslog file policy_session archive size 1000k
set system syslog file policy_session archive world-readable
set system syslog file policy_session structured-data
set system max-configurations-on-flash 5
set system max-configuration-rollbacks 5
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set system ntp server us.ntp.pool.org
set interfaces fe-0/0/0 unit 0 family ethernet-switching vlan members vlan1
set interfaces fe-0/0/1 unit 0 family ethernet-switching vlan members vlan1
set interfaces fe-0/0/2 unit 0 family ethernet-switching vlan members vlan1
set interfaces fe-0/0/3 unit 0 family ethernet-switching vlan members vlan1
set interfaces fe-0/0/7 unit 0 family inet address 201.174.72.114/29
set interfaces vlan unit 1 family inet address 192.168.8.1/24
set routing-options static route 0.0.0.0/0 next-hop 201.174.72.113
set protocols stp
set security log mode event
set security ike proposal vpn_ike_1 authentication-method pre-shared-keys
set security ike proposal vpn_ike_1 dh-group group2
set security ike proposal vpn_ike_1 authentication-algorithm md5
set security ike proposal vpn_ike_1 encryption-algorithm 3des-cbc
set security ike proposal vpn_ike_2 authentication-method pre-shared-keys
set security ike proposal vpn_ike_2 dh-group group2
set security ike proposal vpn_ike_2 authentication-algorithm md5
set security ike proposal vpn_ike_2 encryption-algorithm des-cbc
set security ike proposal vpn_ike_3 authentication-method pre-shared-keys
set security ike proposal vpn_ike_3 dh-group group2
set security ike proposal vpn_ike_3 authentication-algorithm sha1
set security ike proposal vpn_ike_3 encryption-algorithm 3des-cbc
set security ike proposal vpn_ike_4 authentication-method pre-shared-keys
set security ike proposal vpn_ike_4 dh-group group2
set security ike proposal vpn_ike_4 authentication-algorithm sha1
set security ike proposal vpn_ike_4 encryption-algorithm des-cbc
set security ike proposal MM_vpn_ike_p1_propsal authentication-method pre-shared-keys
set security ike proposal MM_vpn_ike_p1_propsal dh-group group2
set security ike proposal MM_vpn_ike_p1_propsal authentication-algorithm md5
set security ike proposal MM_vpn_ike_p1_propsal encryption-algorithm 3des-cbc
set security ike proposal NP_vpn_ike authentication-method pre-shared-keys
set security ike proposal NP_vpn_ike dh-group group2
set security ike proposal NP_vpn_ike authentication-algorithm sha1
set security ike proposal NP_vpn_ike encryption-algorithm aes-256-cbc
set security ike policy IKE_Policy mode main
set security ike policy IKE_Policy proposals MM_vpn_ike_p1_propsal
set security ike policy IKE_Policy pre-shared-key ascii-text "$9$KomvXN-dwgaUVwQn6/tpWLx7-w"
set security ike policy ike_Policy2 mode main
set security ike policy ike_Policy2 proposals NP_vpn_ike
set security ike policy ike_Policy2 pre-shared-key ascii-text "$9$nf956t0OBRSlM1Rs4oaUD9ApuOR"
set security ike gateway MM_MCO ike-policy IKE_Policy
set security ike gateway MM_MCO address 201.174.79.250
set security ike gateway MM_MCO dead-peer-detection always-send
set security ike gateway MM_MCO external-interface fe-0/0/7.0
set security ike gateway MM_NP ike-policy ike_Policy2
set security ike gateway MM_NP address 124.30.46.114
set security ike gateway MM_NP dead-peer-detection always-send
set security ike gateway MM_NP external-interface fe-0/0/7.0
set security ipsec proposal vpn_ike_1 protocol esp
set security ipsec proposal vpn_ike_1 authentication-algorithm hmac-md5-96
set security ipsec proposal vpn_ike_1 encryption-algorithm 3des-cbc
set security ipsec proposal vpn_ike_2 protocol esp
set security ipsec proposal vpn_ike_2 authentication-algorithm hmac-md5-96
set security ipsec proposal vpn_ike_2 encryption-algorithm des-cbc
set security ipsec proposal vpn_ike_3 protocol esp
set security ipsec proposal vpn_ike_3 authentication-algorithm hmac-sha1-96
set security ipsec proposal vpn_ike_3 encryption-algorithm 3des-cbc
set security ipsec proposal vpn_ike_4 protocol esp
set security ipsec proposal vpn_ike_4 authentication-algorithm hmac-sha1-96
set security ipsec proposal vpn_ike_4 encryption-algorithm des-cbc
set security ipsec proposal NP_vpn_ike protocol esp
set security ipsec proposal NP_vpn_ike authentication-algorithm hmac-sha1-96
set security ipsec proposal NP_vpn_ike encryption-algorithm aes-256-cbc
set security ipsec policy IPSec_Policy perfect-forward-secrecy keys group2
set security ipsec policy IPSec_Policy proposals vpn_ike_1
set security ipsec policy IPSec_Policy proposals vpn_ike_2
set security ipsec policy IPSec_Policy proposals vpn_ike_3
set security ipsec policy IPSec_Policy proposals vpn_ike_4
set security ipsec policy ipSec_policy_NP perfect-forward-secrecy keys group2
set security ipsec policy ipSec_policy_NP proposals NP_vpn_ike
set security ipsec vpn MM_MCO_VPN ike gateway MM_MCO
set security ipsec vpn MM_MCO_VPN ike ipsec-policy IPSec_Policy
set security ipsec vpn MM_MCO_VPN establish-tunnels immediately
set security ipsec vpn MM_NP_VPN ike gateway MM_NP
set security ipsec vpn MM_NP_VPN ike ipsec-policy ipSec_policy_NP
set security ipsec vpn MM_NP_VPN establish-tunnels immediately
set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip tear-drop
set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
set security screen ids-option untrust-screen tcp syn-flood timeout 20
set security screen ids-option untrust-screen tcp land
set security nat source rule-set NAT_Internet from zone Internal
set security nat source rule-set NAT_Internet to zone Internet
set security nat source rule-set NAT_Internet rule Source_NO_NAT match source-address 192.168.8.0/24
set security nat source rule-set NAT_Internet rule Source_NO_NAT match destination-address 10.10.1.0/28
set security nat source rule-set NAT_Internet rule Source_NO_NAT match destination-address 172.25.10.0/23
set security nat source rule-set NAT_Internet rule Source_NO_NAT match destination-address 192.168.110.0/24
set security nat source rule-set NAT_Internet rule Source_NO_NAT then source-nat off
set security nat source rule-set NAT_Internet rule Source_NAT_Trust_Any match source-address 0.0.0.0/0
set security nat source rule-set NAT_Internet rule Source_NAT_Trust_Any match destination-address 0.0.0.0/0
set security nat source rule-set NAT_Internet rule Source_NAT_Trust_Any then source-nat interface
set security nat static rule-set RS from zone Internet
set security nat static rule-set RS rule R1 match destination-address 201.174.72.115/32
set security nat static rule-set RS rule R1 then static-nat prefix 192.168.8.150/32
set security nat static rule-set RS rule R3 match destination-address 201.174.72.116/32
set security nat static rule-set RS rule R3 then static-nat prefix 192.168.8.149/32
set security nat static rule-set RS rule R2 match destination-address 201.174.72.117/32
set security nat static rule-set RS rule R2 then static-nat prefix 192.168.8.151/32
set security nat proxy-arp interface fe-0/0/7.0 address 201.174.72.115/32 to 201.174.72.117/32
set security policies from-zone Internal to-zone Internet policy MM_NP match source-address local-net
set security policies from-zone Internal to-zone Internet policy MM_NP match destination-address NP_LAN_Seg
set security policies from-zone Internal to-zone Internet policy MM_NP match application any
set security policies from-zone Internal to-zone Internet policy MM_NP then permit tunnel ipsec-vpn MM_NP_VPN
set security policies from-zone Internal to-zone Internet policy MM_NP then permit tunnel pair-policy NP_MM
set security policies from-zone Internal to-zone Internet policy MM_NP then log session-init
set security policies from-zone Internal to-zone Internet policy MM_NP then log session-close
set security policies from-zone Internal to-zone Internet policy MM_MCO_VPN match source-address local-net
set security policies from-zone Internal to-zone Internet policy MM_MCO_VPN match destination-address MCO_LAN_Seg
set security policies from-zone Internal to-zone Internet policy MM_MCO_VPN match application any
set security policies from-zone Internal to-zone Internet policy MM_MCO_VPN then permit tunnel ipsec-vpn MM_MCO_VPN
set security policies from-zone Internal to-zone Internet policy MM_MCO_VPN then permit tunnel pair-policy MCO_MM_VPN
set security policies from-zone Internal to-zone Internet policy MM_MCO_VPN then log session-init
set security policies from-zone Internal to-zone Internet policy MM_MCO_VPN then log session-close
set security policies from-zone Internal to-zone Internet policy MM_MCOISA_VPN match source-address local-net
set security policies from-zone Internal to-zone Internet policy MM_MCOISA_VPN match destination-address MCO_ISA_Seg
set security policies from-zone Internal to-zone Internet policy MM_MCOISA_VPN match application any
set security policies from-zone Internal to-zone Internet policy MM_MCOISA_VPN then permit tunnel ipsec-vpn MM_MCO_VPN
set security policies from-zone Internal to-zone Internet policy MM_MCOISA_VPN then log session-init
set security policies from-zone Internal to-zone Internet policy MM_MCOISA_VPN then log session-close
set security policies from-zone Internal to-zone Internet policy Allow_teamviewer2 match source-address TRUPOS001
set security policies from-zone Internal to-zone Internet policy Allow_teamviewer2 match source-address TRUPOS002
set security policies from-zone Internal to-zone Internet policy Allow_teamviewer2 match source-address TRUPOS005
set security policies from-zone Internal to-zone Internet policy Allow_teamviewer2 match destination-address any
set security policies from-zone Internal to-zone Internet policy Allow_teamviewer2 match application Teamviewer
set security policies from-zone Internal to-zone Internet policy Allow_teamviewer2 match application teamviewer-udp
set security policies from-zone Internal to-zone Internet policy Allow_teamviewer2 match application junos-http
set security policies from-zone Internal to-zone Internet policy Allow_teamviewer2 match application junos-https
set security policies from-zone Internal to-zone Internet policy Allow_teamviewer2 match application junos-dns-udp
set security policies from-zone Internal to-zone Internet policy Allow_teamviewer2 match application junos-dns-tcp
set security policies from-zone Internal to-zone Internet policy Allow_teamviewer2 then permit
deactivate security policies from-zone Internal to-zone Internet policy Allow_teamviewer2
set security policies from-zone Internal to-zone Internet policy Services match source-address any
set security policies from-zone Internal to-zone Internet policy Services match destination-address any
set security policies from-zone Internal to-zone Internet policy Services match application IBS
set security policies from-zone Internal to-zone Internet policy Services match application junos-ms-sq              l
set security policies from-zone Internal to-zone Internet policy Services match application junos-sqlnet-v1
set security policies from-zone Internal to-zone Internet policy Services match application junos-sqlnet-v2
set security policies from-zone Internal to-zone Internet policy Services match application RDP-UDP
set security policies from-zone Internal to-zone Internet policy Services match application RDP
set security policies from-zone Internal to-zone Internet policy Services match application junos-ping
set security policies from-zone Internal to-zone Internet policy Services match application junos-icmp-ping
set security policies from-zone Internal to-zone Internet policy Services match application junos-icmp-all
set security policies from-zone Internal to-zone Internet policy Services then permit
set security policies from-zone Internal to-zone Internet policy Services then log session-init
set security policies from-zone Internal to-zone Internet policy Services then log session-close
set security policies from-zone Internal to-zone Internet policy Allow_HTTP match source-address TRUBO003
set security policies from-zone Internal to-zone Internet policy Allow_HTTP match source-address TRUBO001
set security policies from-zone Internal to-zone Internet policy Allow_HTTP match source-address TRUBO002
set security policies from-zone Internal to-zone Internet policy Allow_HTTP match source-address Dell
set security policies from-zone Internal to-zone Internet policy Allow_HTTP match source-address TRUServer
set security policies from-zone Internal to-zone Internet policy Allow_HTTP match destination-address any
set security policies from-zone Internal to-zone Internet policy Allow_HTTP match application junos-http
set security policies from-zone Internal to-zone Internet policy Allow_HTTP match application junos-https
set security policies from-zone Internal to-zone Internet policy Allow_HTTP match application junos-dns-udp
set security policies from-zone Internal to-zone Internet policy Allow_HTTP match application junos-dns-tcp
set security policies from-zone Internal to-zone Internet policy Allow_HTTP match application junos-icmp-all
set security policies from-zone Internal to-zone Internet policy Allow_HTTP match application junos-icmp-ping
set security policies from-zone Internal to-zone Internet policy Allow_HTTP then permit
set security policies from-zone Internal to-zone Internet policy Allow_HTTP then log session-init
set security policies from-zone Internal to-zone Internet policy Allow_HTTP then log session-close
set security policies from-zone Internet to-zone Internal policy NP_MM match source-address NP_LAN_Seg
set security policies from-zone Internet to-zone Internal policy NP_MM match destination-address local-net
set security policies from-zone Internet to-zone Internal policy NP_MM match application any
set security policies from-zone Internet to-zone Internal policy NP_MM then permit tunnel ipsec-vpn MM_NP_VPN
set security policies from-zone Internet to-zone Internal policy NP_MM then permit tunnel pair-policy MM_NP
set security policies from-zone Internet to-zone Internal policy NP_MM then log session-init
set security policies from-zone Internet to-zone Internal policy NP_MM then log session-close
set security policies from-zone Internet to-zone Internal policy MCO_MM_VPN match source-address MCO_LAN_Seg
set security policies from-zone Internet to-zone Internal policy MCO_MM_VPN match destination-address local-net
set security policies from-zone Internet to-zone Internal policy MCO_MM_VPN match application any
set security policies from-zone Internet to-zone Internal policy MCO_MM_VPN then permit tunnel ipsec-vpn MM_MCO_VPN
set security policies from-zone Internet to-zone Internal policy MCO_MM_VPN then permit tunnel pair-policy MM_MCO_VPN
set security policies from-zone Internet to-zone Internal policy MCO_MM_VPN then log session-init
set security policies from-zone Internet to-zone Internal policy MCO_MM_VPN then log session-close
set security policies from-zone Internet to-zone Internal policy MCOISA_MM_VPN match source-address MCO_ISA_Seg
set security policies from-zone Internet to-zone Internal policy MCOISA_MM_VPN match destination-address local-net
set security policies from-zone Internet to-zone Internal policy MCOISA_MM_VPN match application any
set security policies from-zone Internet to-zone Internal policy MCOISA_MM_VPN then permit tunnel ipsec-vpn MM_MCO_VPN
set security policies from-zone Internet to-zone Internal policy MCOISA_MM_VPN then log session-init
set security policies from-zone Internet to-zone Internal policy MCOISA_MM_VPN then log session-close
set security policies from-zone Internet to-zone Internal policy Allow_teamviewer match source-address any
set security policies from-zone Internet to-zone Internal policy Allow_teamviewer match destination-address TRUPOS001
set security policies from-zone Internet to-zone Internal policy Allow_teamviewer match destination-address TRUPOS002
set security policies from-zone Internet to-zone Internal policy Allow_teamviewer match destination-address TRUPOS005
set security policies from-zone Internet to-zone Internal policy Allow_teamviewer match application Teamviewer
set security policies from-zone Internet to-zone Internal policy Allow_teamviewer match application teamviewer-udp
set security policies from-zone Internet to-zone Internal policy Allow_teamviewer match application junos-http
set security policies from-zone Internet to-zone Internal policy Allow_teamviewer match application junos-https
set security policies from-zone Internet to-zone Internal policy Allow_teamviewer match application junos-dns-udp
set security policies from-zone Internet to-zone Internal policy Allow_teamviewer match application junos-dns-tcp
set security policies from-zone Internet to-zone Internal policy Allow_teamviewer then permit
set security policies from-zone Internet to-zone Internal policy Allow_teamviewer then log session-init
set security policies from-zone Internet to-zone Internal policy Allow_teamviewer then log session-close
deactivate security policies from-zone Internet to-zone Internal policy Allow_teamviewer
set security policies from-zone Internet to-zone Internal policy Allow_Services match source-address MCO_Office
set security policies from-zone Internet to-zone Internal policy Allow_Services match source-address MM_HK_Chun_Wo
set security policies from-zone Internet to-zone Internal policy Allow_Services match source-address MM_HK_new_Office
set security policies from-zone Internet to-zone Internal policy Allow_Services match source-address STHL
set security policies from-zone Internet to-zone Internal policy Allow_Services match source-address STHL2
set security policies from-zone Internet to-zone Internal policy Allow_Services match source-address TRU_Warehouse
set security policies from-zone Internet to-zone Internal policy Allow_Services match source-address STDMTEST
set security policies from-zone Internet to-zone Internal policy Allow_Services match source-address TRU
set security policies from-zone Internet to-zone Internal policy Allow_Services match source-address OCRMO
set security policies from-zone Internet to-zone Internal policy Allow_Services match source-address MCO_Wiff
set security policies from-zone Internet to-zone Internal policy Allow_Services match destination-address MMServer
set security policies from-zone Internet to-zone Internal policy Allow_Services match destination-address TRUServer
set security policies from-zone Internet to-zone Internal policy Allow_Services match destination-address Server
set security policies from-zone Internet to-zone Internal policy Allow_Services match application RDP
set security policies from-zone Internet to-zone Internal policy Allow_Services match application IBS
set security policies from-zone Internet to-zone Internal policy Allow_Services match application RDP-UDP
set security policies from-zone Internet to-zone Internal policy Allow_Services match application junos-ms-sql
set security policies from-zone Internet to-zone Internal policy Allow_Services match application junos-sql-monitor
set security policies from-zone Internet to-zone Internal policy Allow_Services match application junos-sqlnet-v1
set security policies from-zone Internet to-zone Internal policy Allow_Services match application junos-sqlnet-v2
set security policies from-zone Internet to-zone Internal policy Allow_Services match application junos-icmp-all
set security policies from-zone Internet to-zone Internal policy Allow_Services match application junos-ping
set security policies from-zone Internet to-zone Internal policy Allow_Services match application junos-icmp-ping
set security policies from-zone Internet to-zone Internal policy Allow_Services then permit
set security policies from-zone Internet to-zone Internal policy Allow_Services then log session-init
set security policies from-zone Internet to-zone Internal policy Allow_Services then log session-close
set security policies from-zone Internet to-zone Internal policy Internet_to_Internal match source-address any
set security policies from-zone Internet to-zone Internal policy Internet_to_Internal match destination-address any
set security policies from-zone Internet to-zone Internal policy Internet_to_Internal match application any
set security policies from-zone Internet to-zone Internal policy Internet_to_Internal then deny
set security policies from-zone Internet to-zone Internal policy Internet_to_Internal then log session-init
set security policies from-zone Internet to-zone Internal policy Internet_to_Internal then log session-close
set security zones security-zone Internal address-book address local-net 192.168.8.0/24
set security zones security-zone Internal address-book address TRUPOS001 192.168.8.161/32
set security zones security-zone Internal address-book address TRUPOS002 192.168.8.162/32
set security zones security-zone Internal address-book address TRUPOS005 192.168.8.165/32
set security zones security-zone Internal address-book address TRUBO003 192.168.8.106/32
set security zones security-zone Internal address-book address TRUBO001 192.168.8.104/32
set security zones security-zone Internal address-book address TRUBO002 192.168.8.101/32
set security zones security-zone Internal address-book address TRUServer 192.168.8.151/32
set security zones security-zone Internal address-book address MMServer 192.168.8.150/32
set security zones security-zone Internal address-book address Server 192.168.8.149/32
set security zones security-zone Internal address-book address Dell 192.168.8.30/32
set security zones security-zone Internal host-inbound-traffic system-services all
set security zones security-zone Internal interfaces vlan.1 host-inbound-traffic system-services all
set security zones security-zone Internal interfaces fe-0/0/1.0 host-inbound-traffic system-services all
set security zones security-zone Internal interfaces fe-0/0/0.0
set security zones security-zone Internal interfaces fe-0/0/2.0
set security zones security-zone Internal interfaces fe-0/0/3.0
set security zones security-zone Internet address-book address addr_0_0_0_0_0 0.0.0.0/0
set security zones security-zone Internet address-book address remote-net 172.25.200.0/24
set security zones security-zone Internet address-book address MCO_LAN_Seg 172.25.10.0/23
set security zones security-zone Internet address-book address NP_LAN_Seg 192.168.110.0/24
set security zones security-zone Internet address-book address MCO_ISA_Seg 10.10.1.0/28
set security zones security-zone Internet host-inbound-traffic system-services all
set security zones security-zone Internet interfaces fe-0/0/7.0 host-inbound-traffic system-services all
set applications application RDP protocol tcp
set applications application RDP source-port 0-65535
set applications application RDP destination-port 3389-3389
set applications application IBS protocol udp
set applications application IBS destination-port 1433-1433
set applications application RDP-UDP protocol udp
set applications application RDP-UDP destination-port 3389
set applications application Teamviewer protocol tcp
set applications application Teamviewer source-port 0-65535
set applications application Teamviewer destination-port 80-5938
set applications application teamviewer-udp protocol udp
set applications application teamviewer-udp destination-port 80-5938
set vlans vlan1 vlan-id 3
set vlans vlan1 l3-interface vlan.1