=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.05.17 23:00:42 =~=~=~=~=~=~=~=~=~=~=~=
get config
Total Config size 43521:
unset key protection enable
set clock ntp
set clock timezone -5
set clock dst recurring start-weekday 2 0 3 02:00 end-weekday 1 0 11 02:00
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
exit
set vrouter name "trust2-vr" id 1025 
set vrouter "trust2-vr"
unset auto-route-export
set protocol ospf
set enable
exit
exit
set service "SSH" timeout 60 
set service "TELNET" timeout 60 
set service "Microsoft-RDP" protocol tcp src-port 0-65535 dst-port 3389-3389 
set service "IPSec" protocol 50 src-port 0-65535 dst-port 0-65535 
set service "IPSec" + 51 src-port 0-65535 dst-port 0-65535 
set service "IPSec" + udp src-port 0-65535 dst-port 500-500 
set service "SecurePOP3" protocol tcp src-port 0-65535 dst-port 995-995 
set service "Gmail-SMTP_SSL_TLS" protocol tcp src-port 0-65535 dst-port 587-587 
set service "Gmail-SMTP_SSL_TLS" + tcp src-port 0-65535 dst-port 465-465 
set service "IVANS" protocol 50 src-port 0-65535 dst-port 0-65535 
set service "IVANS" + tcp src-port 0-65535 dst-port 80-80 
set service "IVANS" + udp src-port 0-65535 dst-port 500-500 
set service "IVANS" + tcp src-port 0-65535 dst-port 709-709 
set service "IVANS" + tcp src-port 0-65535 dst-port 1800-1800 
set service "IVANS" + udp src-port 0-65535 dst-port 4500-4500 
set service "IVANS" + tcp src-port 0-65535 dst-port 5080-5080 
set service "UCS-TCP-UDP-OPEN" protocol tcp src-port 0-65535 dst-port 2500-2500 
set service "UCS-TCP-UDP-OPEN" + udp src-port 0-65535 dst-port 2500-2500 
set service "UCS-TCP-UDP-OPEN" + udp src-port 0-65535 dst-port 5060-5060 
set service "UCS-TCP-UDP-OPEN" + udp src-port 0-65535 dst-port 10000-20000 
set service "UCS-TCP-UDP-OPEN" + tcp src-port 0-65535 dst-port 5060-5060 
set service "UCS-TCP-UDP-OPEN" + tcp src-port 0-65535 dst-port 10000-20000 
set service "test" protocol tcp src-port 0-65535 dst-port 0-65535 
set service "test" + udp src-port 0-65535 dst-port 0-65535 
set service "Asterik" protocol udp src-port 0-65535 dst-port 4569-4569 timeout 30 
set alg sip app-screen unknown-message nat permit
set alg pptp enable
set alg appleichat enable
unset alg appleichat re-assembly enable
set alg sctp enable
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth-server "Local" timeout 30
set auth default auth server "Local"
set auth radius accounting port 1646
set admin name "netscreen"
set admin password "mypassword"
set admin http redirect
set admin auth web timeout 10
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone id 100 "TrustWifi"
set zone id 101 "Untrust-WiFi"
set zone id 102 "UnTrust-Optimum"
set zone id 103 "lightpath"
set zone "lightpath" vrouter "trust2-vr"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst 
set zone "Untrust" block 
unset zone "Untrust" tcp-rst 
set zone "MGT" block 
unset zone "V1-Trust" tcp-rst 
unset zone "V1-Untrust" tcp-rst 
set zone "DMZ" tcp-rst 
unset zone "V1-DMZ" tcp-rst 
unset zone "VLAN" tcp-rst 
unset zone "TrustWifi" tcp-rst 
unset zone "Untrust-WiFi" tcp-rst 
set zone "UnTrust-Optimum" block 
unset zone "UnTrust-Optimum" tcp-rst 
set zone "lightpath" tcp-rst 
set zone "Trust" screen icmp-flood
set zone "Trust" screen udp-flood
set zone "Trust" screen winnuke
set zone "Trust" screen tear-drop
set zone "Trust" screen syn-flood
set zone "Trust" screen ip-spoofing
set zone "Trust" screen ping-death
set zone "Trust" screen land
set zone "Trust" screen syn-frag
set zone "Trust" screen tcp-no-flag
set zone "Trust" screen icmp-fragment
set zone "Trust" screen icmp-large
set zone "Trust" screen syn-fin
set zone "Trust" screen fin-no-ack
set zone "Trust" screen icmp-id
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "ethernet0/0" zone "Untrust"
set interface "ethernet0/1" zone "Untrust"
set interface "ethernet0/2" zone "Null"
set interface "ethernet0/6" zone "HA"
set interface "ethernet0/7" zone "HA"
set interface "ethernet0/8.81" tag 121 zone "TrustWifi"
set interface "ethernet0/8.82" tag 221 zone "Untrust-WiFi"
set interface "ethernet0/8.83" tag 321 zone "DMZ"
set interface "ethernet0/9" zone "Trust"
set interface "ethernet1/0" zone "lightpath"
set interface "tunnel.1" zone "Untrust"
set interface "tunnel.2" zone "Untrust"
set interface "tunnel.3" zone "Untrust"
set interface "tunnel.4" zone "Untrust"
set interface "tunnel.5" zone "Untrust"
set interface "tunnel.6" zone "Untrust"
set interface "tunnel.7" zone "Untrust"
set interface "tunnel.8" zone "Untrust"
set interface "tunnel.9" zone "Untrust"
set interface "tunnel.10" zone "Untrust"
set interface "tunnel.11" zone "Untrust"
set interface "tunnel.12" zone "Untrust"
set interface ethernet0/0 ip 242.141.149.3/28
set interface ethernet0/0 route
unset interface vlan1 ip
set interface ethernet0/1 ip 88.77.55.106/29
set interface ethernet0/1 route
set interface ethernet0/8.81 ip 10.1.21.1/24
set interface ethernet0/8.81 nat
set interface ethernet0/8.82 ip 10.2.21.1/24
set interface ethernet0/8.82 route
set interface ethernet0/8.83 ip 10.3.21.1/24
set interface ethernet0/8.83 route
set interface ethernet0/9 ip 192.168.20.1/24
set interface ethernet0/9 nat
set interface ethernet1/0 ip 172.16.0.20/24
set interface ethernet1/0 nat
set interface tunnel.1 ip unnumbered interface ethernet0/0
set interface tunnel.2 ip unnumbered interface ethernet0/0
set interface tunnel.3 ip unnumbered interface ethernet0/0
set interface tunnel.4 ip unnumbered interface ethernet0/0
set interface tunnel.5 ip unnumbered interface ethernet0/0
set interface tunnel.6 ip unnumbered interface ethernet0/1
set interface tunnel.7 ip unnumbered interface ethernet0/1
set interface tunnel.8 ip unnumbered interface ethernet0/1
set interface tunnel.9 ip unnumbered interface ethernet0/1
set interface tunnel.10 ip unnumbered interface ethernet0/1
set interface tunnel.11 ip unnumbered interface ethernet0/0
set interface tunnel.12 ip unnumbered interface ethernet0/1
set interface ethernet0/8.81 mtu 1500
set interface ethernet0/8.82 mtu 1500
set interface ethernet0/8.83 mtu 1500
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet0/0 manage-ip 242.141.149.4
set interface ethernet0/1 manage-ip 88.77.55.107
set interface ethernet0/8.81 manage-ip 10.1.21.3
set interface ethernet0/8.82 manage-ip 10.2.21.3
set interface ethernet0/8.83 manage-ip 10.3.21.3
set interface ethernet0/9 manage-ip 192.168.20.3
set interface ethernet0/0 ip manageable
set interface ethernet0/1 ip manageable
set interface ethernet0/8.81 ip manageable
set interface ethernet0/8.82 ip manageable
set interface ethernet0/8.83 ip manageable
unset interface ethernet0/9 ip manageable
set interface ethernet1/0 ip manageable
set interface ethernet0/0 manage ping
set interface ethernet0/0 manage ssh
set interface ethernet0/0 manage telnet
set interface ethernet0/0 manage ssl
set interface ethernet0/0 manage web
set interface ethernet0/1 manage ping
set interface ethernet0/1 manage ssh
set interface ethernet0/1 manage ssl
set interface ethernet0/1 manage web
set interface ethernet0/8.81 manage ping
set interface ethernet0/8.81 manage ssh
set interface ethernet0/8.81 manage ssl
set interface ethernet0/8.81 manage web
set interface ethernet0/8.82 manage ping
unset interface ethernet0/8.83 manage ping
set interface ethernet1/0 manage ping
set interface ethernet1/0 manage ssh
set interface ethernet0/1 monitor track-ip ip
set interface ethernet0/1 monitor track-ip threshold 50
set interface ethernet0/1 monitor track-ip weight 50
set interface ethernet0/1 monitor track-ip ip 88.77.55.105 weight 60
set interface ethernet0/1 monitor track-ip ip 8.8.4.4 weight 40
set interface ethernet0/1 monitor track-ip ip 4.2.2.1 weight 40
unset interface ethernet0/1 monitor track-ip dynamic
set interface ethernet0/0 monitor track-ip ip
set interface ethernet0/0 monitor track-ip threshold 50
set interface ethernet0/0 monitor track-ip weight 50
set interface ethernet0/0 monitor track-ip ip 242.141.149.1 threshold 5
set interface ethernet0/0 monitor track-ip ip 242.141.149.1 weight 60
set interface ethernet0/0 monitor track-ip ip 8.8.8.8 interval 2
set interface ethernet0/0 monitor track-ip ip 8.8.8.8 threshold 4
set interface ethernet0/0 monitor track-ip ip 8.8.8.8 weight 40
set interface ethernet0/0 monitor track-ip ip 4.2.2.2 interval 2
set interface ethernet0/0 monitor track-ip ip 4.2.2.2 threshold 4
set interface ethernet0/0 monitor track-ip ip 4.2.2.2 weight 40
unset interface ethernet0/0 monitor track-ip dynamic
set interface ethernet0/0 vip interface-ip 4569 "Voice" 192.168.20.22
set interface ethernet0/8.81 dhcp server service
set interface ethernet0/8.82 dhcp server service
set interface ethernet0/9 dhcp server service
set interface ethernet0/8.81 dhcp server enable
set interface ethernet0/8.82 dhcp server enable
set interface ethernet0/9 dhcp server enable
set interface ethernet0/8.81 dhcp server option lease 240 
set interface ethernet0/8.81 dhcp server option gateway 10.1.21.1 
set interface ethernet0/8.81 dhcp server option netmask 255.255.255.0 
set interface ethernet0/8.81 dhcp server option dns1 192.168.20.30 
set interface ethernet0/8.81 dhcp server option dns2 8.8.8.8 
set interface ethernet0/8.81 dhcp server option dns3 8.8.4.4 
set interface ethernet0/8.82 dhcp server option lease 1680 
set interface ethernet0/8.82 dhcp server option gateway 10.2.21.1 
set interface ethernet0/8.82 dhcp server option netmask 255.255.255.0 
set interface ethernet0/8.82 dhcp server option dns1 8.8.8.8 
set interface ethernet0/8.82 dhcp server option dns2 8.8.4.4 
set interface ethernet0/9 dhcp server option lease 1440 
set interface ethernet0/9 dhcp server option gateway 192.168.20.1 
set interface ethernet0/9 dhcp server option netmask 255.255.255.0 
set interface ethernet0/9 dhcp server option dns1 8.8.8.8 
set interface ethernet0/8.81 dhcp server ip 10.1.21.100 to 10.1.21.150 
set interface ethernet0/8.82 dhcp server ip 10.2.21.100 to 10.2.21.150 
set interface ethernet0/9 dhcp server ip 192.168.20.100 to 192.168.20.105 
unset interface ethernet0/8.81 dhcp server config next-server-ip
unset interface ethernet0/8.81 dhcp server config updatable
unset interface ethernet0/8.82 dhcp server config next-server-ip
unset interface ethernet0/8.82 dhcp server config updatable
unset interface ethernet0/9 dhcp server config next-server-ip
set interface ethernet0/0 dip 4 242.141.149.9 242.141.149.9 fix-port
set interface ethernet0/0 dip interface-ip incoming
set interface ethernet0/8.81 dip interface-ip incoming
set interface "ethernet0/0" mip 242.141.149.6 host 10.3.21.6 netmask 255.255.255.255 vr "trust-vr"
set interface "ethernet0/0" mip 242.141.149.7 host 117.218.122.222 netmask 255.255.255.255 vr "trust-vr"
set interface "ethernet0/0" mip 242.141.149.8 host 192.168.20.15 netmask 255.255.255.255 vr "trust-vr"
set interface "ethernet0/1" mip 88.77.55.108 host 192.168.20.15 netmask 255.255.255.255 vr "trust-vr"
set interface ethernet0/1 monitor threshold 40
set interface ethernet0/0 monitor threshold 40
set interface "ethernet0/8.82" webauth 
set interface "ethernet0/8.82" webauth-ip 10.2.21.4
set tcp mss 1200
set flow all-tcp-mss 1350
unset flow no-tcp-seq-check
set flow tcp-syn-check
unset flow tcp-syn-bit-check
unset flow reverse-route clear-text
set flow reverse-route tunnel always
set console page 25
set domain Network.com
set hostname bwfw1
set dbuf size 4096
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set nsrp cluster id 1
set nsrp vsd-group hb-interval 200
set nsrp vsd-group id 0 priority 100
set nsrp vsd-group id 0 preempt
set nsrp encrypt password networking
set nsrp auth password networking
set nsrp secondary-path ethernet0/9
set nsrp ha-link probe
set dns host dns1 4.4.4.4
set dns host dns2 8.8.4.4
set dns host dns3 0.0.0.0
set address "Trust" "0.0.0.0/0" 0.0.0.0 0.0.0.0
set address "Trust" "242.141.149.7/32" 242.141.149.7 255.255.255.255
set address "Trust" "192.168.20.0/24" 192.168.20.0 255.255.255.0
set address "Trust" "192.168.20.22/32" 192.168.20.22 255.255.255.255
set address "Trust" "192.168.20.45/32" 192.168.20.45 255.255.255.255
set address "Trust" "117.218.122.222/32" 117.218.122.222 255.255.255.255
set address "Trust" "117.218.122.224/32" 117.218.122.224 255.255.255.255
set address "Trust" "204_OpenAddress" 117.218.122.50 255.255.255.255
set address "Trust" "21_OpenAddress" 192.168.21.50 255.255.255.255
set address "Trust" "22_OpenAddress" 192.168.22.50 255.255.255.255
set address "Trust" "23_OpenAddress" 192.168.23.50 255.255.255.255
set address "Trust" "City ASC VLAN" 192.168.23.0 255.255.255.0
set address "Trust" "City-204-Network" 117.218.122.0 255.255.255.0
set address "Trust" "City-Billing-LAN" 192.168.22.0 255.255.255.0 "City Billing VLAN"
set address "Trust" "City-Server-LAN" 192.168.20.0 255.255.255.0 "City Server VLAN"
set address "Trust" "City-SSLVPN" 10.100.100.0 255.255.255.0
set address "Trust" "City-TrustWifi" 10.1.21.0 255.255.255.0
set address "Trust" "City_Practice_LAN" 192.168.21.0 255.255.255.0 "City Practice LAN"
set address "Untrust" "10.10.10.0/24" 10.10.10.0 255.255.255.0
set address "Untrust" "192.168.0.0/16" 192.168.0.0 255.255.0.0
set address "Untrust" "118.25.125.17/32" 118.25.125.17 255.255.255.255
set address "Untrust" "Remote1-LAN" 192.168.15.0 255.255.255.0 "Remote1 LAN"
set address "Untrust" "Remote1-TrustWiFi" 10.1.15.0 255.255.255.0 "Remote1 Employee WiFi"
set address "Untrust" "Remote1-UnTrustWiFi" 10.2.15.0 255.255.255.0
set address "Untrust" "Remote3-LAN" 192.168.16.0 255.255.255.0
set address "Untrust" "Remote3-TrustWifi" 10.1.16.0 255.255.255.0
set address "Untrust" "Remote5-LAN" 192.168.13.0 255.255.255.0 "Remote5 LAN Address"
set address "Untrust" "Remote5-TrustWiFi" 10.1.13.0 255.255.255.0 "Remote5 Employee Wireless"
set address "Untrust" "Remote5-UnTrustWiFi" 10.2.13.0 255.255.255.0 "Remote5 Guest Wireless"
set address "Untrust" "Network-DR-Network" 192.168.120.0 255.255.255.0 "Remote Replication Subnet"
set address "Untrust" "Remote6-LAN" 192.168.11.0 255.255.255.0 "Remote6erson LAN"
set address "Untrust" "Remote6-TrustWiFi" 10.1.1.0 255.255.255.0 "Remote6 Employee Wureless"
set address "Untrust" "Remote6-UnTrustWiFi" 10.2.1.0 255.255.255.0 "Remote6 Guest WiFi"
set address "Untrust" "Remote2-LAN" 192.168.12.0 255.255.255.0 "Remote2 LAN"
set address "Untrust" "Remote2-TrustWiFi" 10.1.12.0 255.255.255.0 "Remote2 Employee WiFi"
set address "Untrust" "Remote2-UnTrustWiFi" 10.2.12.0 255.255.255.0 "Remote2 Guest WiFi"
set address "Untrust" "vpnclient_address" 192.168.220.0 255.255.255.0 "Addresses for VPN Clients"
set address "Untrust" "Remote4-LAN" 192.168.14.0 255.255.255.0 "Remote4 LAN"
set address "Untrust" "Remote4-TrustWiFi" 10.1.14.0 255.255.255.0 "Remote4 Employee Wireless"
set address "Untrust" "Remote4-UnTrustWiFi" 10.2.14.0 255.255.255.0 "Remote4 Guest Wireless"
set address "Untrust" "www.aspemr.com" 173.83.251.105 255.255.255.255
set address "lightpath" "192.168.11.0/24" 192.168.12.0 255.255.255.0
set address "lightpath" "192.168.12.0/24" 192.168.12.0 255.255.255.0
set address "lightpath" "192.168.13.0/24" 192.168.13.0 255.255.255.0
set address "lightpath" "192.168.14.0/24" 192.168.14.0 255.255.255.0
set address "lightpath" "192.168.15.0/24" 192.168.15.0 255.255.255.0
set address "lightpath" "192.168.16.0/24" 192.168.16.0 255.255.255.0
set group address "Trust" "City_VPN_Net"
set group address "Trust" "City_VPN_Net" add "City ASC VLAN"
set group address "Trust" "City_VPN_Net" add "City-204-Network"
set group address "Trust" "City_VPN_Net" add "City-Billing-LAN"
set group address "Trust" "City_VPN_Net" add "City-Server-LAN"
set group address "Trust" "City_VPN_Net" add "City-SSLVPN"
set group address "Trust" "City_VPN_Net" add "City-TrustWifi"
set group address "Trust" "City_VPN_Net" add "City_Practice_LAN"
set group address "Trust" "Full_Access_To_Internet"
set group address "Trust" "Full_Access_To_Internet" add "117.218.122.224/32"
set group address "Trust" "Internal_AV_Exempt"
set group address "Trust" "Internal_AV_Exempt" add "204_OpenAddress"
set group address "Trust" "Internal_AV_Exempt" add "21_OpenAddress"
set group address "Trust" "Internal_AV_Exempt" add "22_OpenAddress"
set group address "Trust" "Internal_AV_Exempt" add "23_OpenAddress"
set group address "Untrust" "Remote1_VPN_Net"
set group address "Untrust" "Remote1_VPN_Net" add "Remote1-LAN"
set group address "Untrust" "Remote1_VPN_Net" add "Remote1-TrustWiFi"
set group address "Untrust" "Blocked_Hosts"
set group address "Untrust" "Blocked_Hosts" add "www.aspemr.com"
set group address "Untrust" "Remote3_VPN_Net"
set group address "Untrust" "Remote3_VPN_Net" add "Remote3-LAN"
set group address "Untrust" "Remote3_VPN_Net" add "Remote3-TrustWifi"
set group address "Untrust" "Remote5_VPN_Net"
set group address "Untrust" "Remote5_VPN_Net" add "Remote5-LAN"
set group address "Untrust" "Remote5_VPN_Net" add "Remote5-TrustWiFi"
set group address "Untrust" "Remote6_VPN_Net"
set group address "Untrust" "Remote6_VPN_Net" add "Network-DR-Network"
set group address "Untrust" "Remote6_VPN_Net" add "Remote6-LAN"
set group address "Untrust" "Remote6_VPN_Net" add "Remote6-TrustWiFi"
set group address "Untrust" "Remote2_VPN_Net"
set group address "Untrust" "Remote2_VPN_Net" add "Remote2-LAN"
set group address "Untrust" "Remote2_VPN_Net" add "Remote2-TrustWiFi"
set group address "Untrust" "Remote4_VPN_Net"
set group address "Untrust" "Remote4_VPN_Net" add "Remote4-LAN"
set group address "Untrust" "Remote4_VPN_Net" add "Remote4-TrustWiFi"
set group address "lightpath" "Remote_Offices"
set group address "lightpath" "Remote_Offices" add "192.168.11.0/24"
set group address "lightpath" "Remote_Offices" add "192.168.12.0/24"
set group address "lightpath" "Remote_Offices" add "192.168.13.0/24"
set group address "lightpath" "Remote_Offices" add "192.168.14.0/24"
set group address "lightpath" "Remote_Offices" add "192.168.15.0/24"
set group address "lightpath" "Remote_Offices" add "192.168.16.0/24"
set ippool "vpnclient_pool" 192.168.220.10 192.168.220.50
set user "gpalermo" uid 12
set user "gpalermo" type xauth
set user "gpalermo" password "jRBRGFriNsj8m2sH3aCeDgqyuwnquWyuqQ=="
unset user "gpalermo" type auth
set user "gpalermo" "enable"
set user "matt" uid 11
set user "matt" type xauth
set user "matt" remote ippool "vpnclient_pool"
set user "matt" password "CdgejUtxNf8OYZs9KhCzIuCOgRniexg58A=="
unset user "matt" type auth
set user "matt" "enable"
set user "vpnclient_ph1id_2" uid 13
set user "vpnclient_ph1id_2" ike-id u-fqdn "vpnclient@Network.com" share-limit 15
set user "vpnclient_ph1id_2" type ike
set user "vpnclient_ph1id_2" "enable"
set user-group "vpnclient_group2" id 5
set user-group "vpnclient_group2" user "vpnclient_ph1id_2"
set crypto-policy
exit
set ike gateway "Gateway for Remote1_VPN_Net" address 27.56.88.90 Main outgoing-interface "ethernet0/0" preshare "key#1" sec-level standard
set ike gateway "Gateway for Remote2_VPN_Net" address 88.75.8.26 Main outgoing-interface "ethernet0/0" preshare "key#12" sec-level standard
set ike gateway "Gateway for Remote5_VPN_Net" address 56.36.25.210 Main outgoing-interface "ethernet0/0" preshare "key#13" sec-level standard
set ike gateway "Gateway for Remote6_VPN_Net" address 88.88.29.26 Main outgoing-interface "ethernet0/0" preshare "key#14" sec-level standard
set ike gateway "Gateway_For_Remote1_0" address 27.56.88.90 Main outgoing-interface "ethernet0/1" preshare "key#15" sec-level standard
set ike gateway "Gateway_For_Remote5_0" address 56.36.25.210 Main outgoing-interface "ethernet0/1" preshare "key#6" sec-level standard
set ike gateway "Gateway for Remote6_VPN_Net_0" address 88.88.29.26 Main outgoing-interface "ethernet0/1" preshare "key#17" sec-level standard
set ike gateway "Gateway for Remote2_VPN_Net_0" address 88.75.8.26 Main outgoing-interface "ethernet0/1" preshare "key#18" sec-level standard
set ike gateway "Gateway for Remote4_VPN_Net" address 71.69.10.98 Main outgoing-interface "ethernet0/0" preshare "key#19" sec-level standard
set ike gateway "Gateway for Remote4_VPN_Net_0" address 71.69.10.98 Main outgoing-interface "ethernet0/1" preshare "key#20" sec-level standard
set ike gateway "vpnclient_gateway" dialup "vpnclient_group2" Aggr local-id "vpngw.Network.com" outgoing-interface "ethernet0/0" preshare "key#21" proposal "pre-g2-aes128-sha" "pre-g2-3des-md5" "pre-g2-aes128-sha" "pre-g2-aes128-md5"
set ike gateway "vpnclient_gateway" dpd-liveness interval 30
unset ike gateway "vpnclient_gateway" nat-traversal udp-checksum
set ike gateway "vpnclient_gateway" nat-traversal keepalive-frequency 0
set ike gateway "vpnclient_gateway" xauth
unset ike gateway "vpnclient_gateway" xauth do-edipi-auth
set ike gateway "Gateway for Remote3_VPN_Net" address 55.22.22.178 Main outgoing-interface "ethernet0/0" preshare "key#22" sec-level standard
set ike gateway "Gateway for Remote3_VPN_Net_0" address 55.22.22.178 Main outgoing-interface "ethernet0/1" preshare "key#23" sec-level standard
set ike respond-bad-spi 1
set ike ikev2 ike-sa-soft-lifetime 60
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set xauth default ippool "vpnclient_pool"
set xauth default dns1 117.218.122.8
set xauth default dns2 8.8.8.8
set vpn "VPN for Remote1_VPN_Net" gateway "Gateway for Remote1_VPN_Net" replay tunnel idletime 0 sec-level standard
set vpn "VPN for Remote1_VPN_Net" monitor rekey
set vpn "VPN for Remote1_VPN_Net" id 0x2 bind interface tunnel.1
set vpn "VPN for Remote1_VPN_Net" dscp-mark 0
set vpn "VPN for Remote2_VPN_Net" gateway "Gateway for Remote2_VPN_Net" replay tunnel idletime 0 sec-level standard
set vpn "VPN for Remote2_VPN_Net" monitor rekey
set vpn "VPN for Remote2_VPN_Net" id 0xa bind interface tunnel.4
set vpn "VPN for Remote5_VPN_Net" gateway "Gateway for Remote5_VPN_Net" replay tunnel idletime 0 sec-level standard
set vpn "VPN for Remote5_VPN_Net" monitor rekey
set vpn "VPN for Remote5_VPN_Net" id 0xb bind interface tunnel.3
set vpn "VPN for Remote6_VPN_Net" gateway "Gateway for Remote6_VPN_Net" replay tunnel idletime 0 sec-level standard
set vpn "VPN for Remote6_VPN_Net" monitor rekey
set vpn "VPN for Remote6_VPN_Net" id 0xc bind interface tunnel.5
set vpn "VPN for Remote5_VPN_Net_0" gateway "Gateway_For_Remote5_0" replay tunnel idletime 0 sec-level standard
set vpn "VPN for Remote5_VPN_Net_0" monitor rekey
set vpn "VPN for Remote5_VPN_Net_0" id 0xe bind interface tunnel.6
set vpn "VPN for Remote5_VPN_Net_0" dscp-mark 0
set vpn "VPN for Remote1_VPN_Net_0" gateway "Gateway_For_Remote1_0" replay tunnel idletime 0 sec-level standard
set vpn "VPN for Remote1_VPN_Net_0" monitor rekey
set vpn "VPN for Remote1_VPN_Net_0" id 0xf bind interface tunnel.7
set vpn "VPN for Remote1_VPN_Net_0" dscp-mark 0
set vpn "VPN for Remote6_VPN_Net_0" gateway "Gateway for Remote6_VPN_Net_0" replay tunnel idletime 0 sec-level standard
set vpn "VPN for Remote6_VPN_Net_0" monitor rekey
set vpn "VPN for Remote6_VPN_Net_0" id 0x1a bind interface tunnel.8
set vpn "VPN for Remote2_VPN_Net_0" gateway "Gateway for Remote2_VPN_Net_0" replay tunnel idletime 0 sec-level standard
set vpn "VPN for Remote2_VPN_Net_0" monitor rekey
set vpn "VPN for Remote2_VPN_Net_0" id 0x1b bind interface tunnel.9
set vpn "VPN for Remote4_VPN_Net" gateway "Gateway for Remote4_VPN_Net" replay tunnel idletime 0 sec-level standard
set vpn "VPN for Remote4_VPN_Net" monitor rekey
set vpn "VPN for Remote4_VPN_Net" id 0x1c bind interface tunnel.2
set vpn "VPN for Remote4_VPN_Net_0" gateway "Gateway for Remote4_VPN_Net_0" replay tunnel idletime 0 sec-level standard
set vpn "VPN for Remote4_VPN_Net_0" monitor rekey
set vpn "VPN for Remote4_VPN_Net_0" id 0x1d bind interface tunnel.10
set vpn "vpnclient_tunnel" gateway "vpnclient_gateway" replay tunnel idletime 0 proposal "g2-esp-aes128-sha"  "g2-esp-3des-md5"  "g2-esp-aes128-sha"  "g2-esp-aes128-md5" 
set vpn "VPN for Remote3_VPN_Net" gateway "Gateway for Remote3_VPN_Net" no-replay tunnel idletime 0 sec-level standard
set vpn "VPN for Remote3_VPN_Net" monitor
set vpn "VPN for Remote3_VPN_Net" id 0x22 bind interface tunnel.11
set vpn "VPN for Remote3_VPN_Net" dscp-mark 0
set vpn "VPN for Remote3_VPN_Net_0" gateway "Gateway for Remote3_VPN_Net_0" replay tunnel idletime 0 sec-level standard
set vpn "VPN for Remote3_VPN_Net_0" monitor rekey
set vpn "VPN for Remote3_VPN_Net_0" id 0x23 bind interface tunnel.12
unset interface tunnel.11 acvpn-dynamic-routing
unset interface tunnel.12 acvpn-dynamic-routing
set attack db sigpack worm
set attack db mode Update
set attack db schedule daily 00:00
set av all fail-mode traffic permit
set av scan-mgr pattern-update-url http://update.juniper-updates.net/AV/SSG100/ interval 15
set av scan-mgr max-content-size 4000
unset av scan-mgr max-content-size drop
unset av scan-mgr decompress-layer drop
set url protocol type sc-cpa
set url protocol sc-cpa
set category "Whitelist_Custom" url "www.li-lasik.com/"
set category "Whitelist_Custom" url "www.Network.com/"
set category "Blacklist_Custom" url "*.aim.com/"
set category "Blacklist_Custom" url "*.facebook.com/"
set category "Blacklist_Custom" url "*.photobucket.com/"
set category "Blacklist_Custom" url "*.twitter.com/"
set category "Blacklist_Custom" url "*.youtube.com/"
set category "Blacklist_Custom" url "aim.com/"
set category "Blacklist_Custom" url "facebook.com/"
set category "Blacklist_Custom" url "photobucket.com/"
set category "Blacklist_Custom" url "twitter.com/"
set category "Blacklist_Custom" url "youtube.com/"
set profile "Network_General" other permit
set profile "Network_General" "Blacklist_Custom" black-list
set profile "Network_General" "Whitelist_Custom" white-list
set profile "Network_General" "Adult/Sexually Explicit" block
set profile "Network_General" "Advertisements" block
set profile "Network_General" "Arts & Entertainment" permit
set profile "Network_General" "Chat" permit
set profile "Network_General" "Computing & Internet" permit
set profile "Network_General" "Criminal Skills" block
set profile "Network_General" "Drugs, Alcohol & Tobacco" block
set profile "Network_General" "Education" permit
set profile "Network_General" "Finance & Investment" permit
set profile "Network_General" "Food & Drink" permit
set profile "Network_General" "Gambling" block
set profile "Network_General" "Games" block
set profile "Network_General" "Glamour & Intimate Apparel" permit
set profile "Network_General" "Government & Politics" permit
set profile "Network_General" "Hacking" block
set profile "Network_General" "Hate Speech" block
set profile "Network_General" "Health & Medicine" permit
set profile "Network_General" "Hobbies & Recreation" permit
set profile "Network_General" "Hosting Sites" permit
set profile "Network_General" "Job Search & Career Development" permit
set profile "Network_General" "Kids Sites" permit
set profile "Network_General" "Lifestyle & Culture" permit
set profile "Network_General" "Motor Vehicles" permit
set profile "Network_General" "News" permit
set profile "Network_General" "Personals & Dating" block
set profile "Network_General" "Photo Searches" permit
set profile "Network_General" "Real Estate" permit
set profile "Network_General" "Reference" permit
set profile "Network_General" "Religion" permit
set profile "Network_General" "Remote Proxies" block
set profile "Network_General" "Search Engines" permit
set profile "Network_General" "Sex Education" block
set profile "Network_General" "Shopping" permit
set profile "Network_General" "Sports" permit
set profile "Network_General" "Streaming Media" permit
set profile "Network_General" "Travel" permit
set profile "Network_General" "Usenet News" permit
set profile "Network_General" "Violence" block
set profile "Network_General" "Weapons" block
set profile "Network_General" "Web-based Email" permit
set profile "Wireless_Guest_Filtering" other permit
set profile "Wireless_Guest_Filtering" "Adult/Sexually Explicit" block
set profile "Wireless_Guest_Filtering" "Advertisements" block
set profile "Wireless_Guest_Filtering" "Arts & Entertainment" permit
set profile "Wireless_Guest_Filtering" "Chat" permit
set profile "Wireless_Guest_Filtering" "Computing & Internet" permit
set profile "Wireless_Guest_Filtering" "Criminal Skills" block
set profile "Wireless_Guest_Filtering" "Drugs, Alcohol & Tobacco" block
set profile "Wireless_Guest_Filtering" "Education" permit
set profile "Wireless_Guest_Filtering" "Finance & Investment" permit
set profile "Wireless_Guest_Filtering" "Food & Drink" permit
set profile "Wireless_Guest_Filtering" "Gambling" block
set profile "Wireless_Guest_Filtering" "Games" block
set profile "Wireless_Guest_Filtering" "Glamour & Intimate Apparel" permit
set profile "Wireless_Guest_Filtering" "Government & Politics" permit
set profile "Wireless_Guest_Filtering" "Hacking" block
set profile "Wireless_Guest_Filtering" "Hate Speech" block
set profile "Wireless_Guest_Filtering" "Health & Medicine" permit
set profile "Wireless_Guest_Filtering" "Hobbies & Recreation" permit
set profile "Wireless_Guest_Filtering" "Hosting Sites" permit
set profile "Wireless_Guest_Filtering" "Job Search & Career Development" block
set profile "Wireless_Guest_Filtering" "Kids Sites" permit
set profile "Wireless_Guest_Filtering" "Lifestyle & Culture" permit
set profile "Wireless_Guest_Filtering" "Motor Vehicles" permit
set profile "Wireless_Guest_Filtering" "News" permit
set profile "Wireless_Guest_Filtering" "Personals & Dating" block
set profile "Wireless_Guest_Filtering" "Photo Searches" permit
set profile "Wireless_Guest_Filtering" "Real Estate" permit
set profile "Wireless_Guest_Filtering" "Reference" permit
set profile "Wireless_Guest_Filtering" "Religion" permit
set profile "Wireless_Guest_Filtering" "Remote Proxies" block
set profile "Wireless_Guest_Filtering" "Search Engines" permit
set profile "Wireless_Guest_Filtering" "Sex Education" block
set profile "Wireless_Guest_Filtering" "Shopping" permit
set profile "Wireless_Guest_Filtering" "Sports" permit
set profile "Wireless_Guest_Filtering" "Streaming Media" permit
set profile "Wireless_Guest_Filtering" "Travel" permit
set profile "Wireless_Guest_Filtering" "Usenet News" block
set profile "Wireless_Guest_Filtering" "Violence" block
set profile "Wireless_Guest_Filtering" "Weapons" block
set profile "Wireless_Guest_Filtering" "Web-based Email" permit
set enable
set fail-mode permit
set cache size 2000
set deny-message "<HTML> <Body><center> <hr><a> Content Blocked</a><br><hr> Your page is blocked due to a security policy that prohibits access to $URL_CATEGORY.<br>  Please contact your systems administrator if you feel this content should be permitted </Body> <center> </HTML>"
exit
set policy id 46 from "Untrust" to "TrustWifi"  "Any" "Any" "ANY" permit log 
set policy id 46
exit
set policy id 45 from "Untrust" to "Trust"  "Remote3_VPN_Net" "City_VPN_Net" "ANY" permit log 
set policy id 45
set log session-init
exit
set policy id 44 from "Trust" to "Untrust"  "City_VPN_Net" "Remote3_VPN_Net" "ANY" permit log 
set policy id 44
set log session-init
exit
set policy id 43 from "Trust" to "Untrust"  "City ASC VLAN" "192.168.0.0/16" "UCS-TCP-UDP-OPEN" permit log 
set policy id 43
set src-address "City-204-Network"
set src-address "City-Billing-LAN"
set src-address "City-Server-LAN"
set src-address "City_Practice_LAN"
set log session-init
exit
set policy id 42 from "Trust" to "Untrust"  "City ASC VLAN" "Any" "UCS-TCP-UDP-OPEN" nat src dip-id 4 permit log 
set policy id 42
set src-address "City-204-Network"
set src-address "City-Billing-LAN"
set src-address "City-Server-LAN"
set src-address "City_Practice_LAN"
set log session-init
exit
set policy id 41 name "ssl vpn access backup" from "Untrust" to "Trust"  "Any" "MIP(88.77.55.108)" "HTTPS" permit log 
set policy id 41
set log session-init
exit
set policy id 40 name "ssl vpn access" from "Untrust" to "Trust"  "Any" "MIP(242.141.149.8)" "HTTPS" permit log 
set policy id 40
set log session-init
exit
set policy id 33 from "Untrust" to "Trust"  "Dial-Up VPN" "City-Server-LAN" "ANY" tunnel vpn "vpnclient_tunnel" id 0x20 pair-policy 39 
set policy id 33
exit
set policy id 34 from "Untrust" to "Trust"  "Dial-Up VPN" "City-204-Network" "ANY" tunnel vpn "vpnclient_tunnel" id 0x21 log 
set policy id 34
set log session-init
exit
set policy id 32 from "Untrust" to "Trust"  "Remote4_VPN_Net" "City_VPN_Net" "DNS" permit log 
set policy id 32
set service "HTTP"
set service "HTTPS"
set service "IKE"
set service "IKE-NAT"
set service "UCS-TCP-UDP-OPEN"
set log session-init
exit
set policy id 3 name "Trust_To_UnTrust_Employees" from "Trust" to "Untrust"  "City ASC VLAN" "Any" "DNS" permit url-filter 
set policy id 3 av "ns-profile"
set policy id 3
set src-address "City-Billing-LAN"
set src-address "City_Practice_LAN"
set service "FTP"
set service "Gmail-SMTP_SSL_TLS"
set service "HTTP"
set service "HTTP-EXT"
set service "HTTPS"
set service "ICMP-ANY"
set service "NTP"
set service "SMTP"
set url protocol sc-cpa profile "Network_General"
exit
set policy id 31 from "Trust" to "Untrust"  "City_VPN_Net" "Remote4_VPN_Net" "ANY" permit 
set policy id 31
exit
set policy id 30 from "Untrust" to "Trust"  "Remote6_VPN_Net" "City_VPN_Net" "ANY" permit 
set policy id 30
exit
set policy id 29 from "Trust" to "Untrust"  "City_VPN_Net" "Remote6_VPN_Net" "ANY" permit 
set policy id 29
exit
set policy id 28 from "Untrust" to "Trust"  "Remote5_VPN_Net" "City_VPN_Net" "ANY" permit 
set policy id 28
exit
set policy id 27 from "Trust" to "Untrust"  "City_VPN_Net" "Remote5_VPN_Net" "ANY" permit 
set policy id 27
exit
set policy id 26 from "Untrust" to "Trust"  "Remote2_VPN_Net" "City_VPN_Net" "ANY" permit 
set policy id 26
exit
set policy id 25 from "Trust" to "Untrust"  "City_VPN_Net" "Remote2_VPN_Net" "ANY" permit 
set policy id 25
exit
set policy id 2 from "Untrust" to "Trust"  "Remote1_VPN_Net" "City_VPN_Net" "ANY" permit 
set policy id 2
exit
set policy id 1 from "Trust" to "Untrust"  "City_VPN_Net" "Remote1_VPN_Net" "ANY" permit 
set policy id 1
exit
set policy id 21 from "Trust" to "Untrust"  "Full_Access_To_Internet" "Any" "ANY" nat src permit 
set policy id 21
exit
set policy id 24 from "Trust" to "Untrust"  "Internal_AV_Exempt" "Any" "ANY" permit url-filter 
set policy id 24
set url protocol sc-cpa profile "Network_General"
exit
set policy id 35 from "Trust" to "Untrust"  "City-Billing-LAN" "Any" "IKE-NAT" permit 
set policy id 35
set service "IVANS"
set service "PING"
exit
set policy id 5 name "Trust_To_UnTrust_Servers" from "Trust" to "Untrust"  "City-Server-LAN" "Any" "ANY" permit 
set policy id 5
exit
set policy id 15 from "Trust" to "TrustWifi"  "Any" "Any" "ANY" permit 
set policy id 15
exit
set policy id 16 from "TrustWifi" to "Trust"  "Any" "Any" "ANY" permit 
set policy id 16 av "ns-profile"
set policy id 16
exit
set policy id 17 from "TrustWifi" to "Untrust"  "Any" "Any" "ANY" nat src permit url-filter 
set policy id 17 av "ns-profile"
set policy id 17
set url protocol sc-cpa profile "Network_General"
exit
set policy id 38 from "Untrust-WiFi" to "Untrust"  "Any" "Blocked_Hosts" "ANY" deny 
set policy id 38
exit
set policy id 18 from "Untrust-WiFi" to "Untrust"  "Any" "Any" "DNS" nat src permit url-filter traffic mbw 1024
set policy id 18 av "ns-profile"
set policy id 18
set service "HTTP"
set service "HTTP-EXT"
set service "HTTPS"
set url protocol sc-cpa profile "Wireless_Guest_Filtering"
exit
set policy id 19 from "Untrust" to "DMZ"  "Any" "MIP(242.141.149.6)" "HTTP" permit 
set policy id 19
set service "HTTPS"
exit
set policy id 20 from "Trust" to "Untrust"  "City-204-Network" "Any" "ANY" permit url-filter 
set policy id 20
set url protocol sc-cpa profile "Network_General"
exit
set policy id 23 from "Untrust" to "Trust"  "Any" "MIP(242.141.149.7)" "Microsoft-RDP" permit 
set policy id 23
exit
set policy id 37 name "POP3" from "Trust" to "Untrust"  "City ASC VLAN" "Any" "POP3" permit url-filter 
set policy id 37
set src-address "City-Billing-LAN"
set src-address "City_Practice_LAN"
set service "SecurePOP3"
set url protocol sc-cpa profile "Network_General"
exit
set policy id 39 from "Trust" to "Untrust"  "City-Server-LAN" "Dial-Up VPN" "ANY" tunnel vpn "vpnclient_tunnel" id 0x20 pair-policy 33 
set policy id 39
exit
set policy id 47 from "Untrust" to "Trust"  "Any" "VIP(ethernet0/0)" "Voice" permit 
set policy id 47
exit
set policy id 48 from "Trust" to "Untrust"  "192.168.20.22/32" "Any" "Voice" permit 
set policy id 48
exit
set policy id 49 from "lightpath" to "Trust"  "Remote_Offices" "Any" "ANY" permit 
set policy id 49
exit
set policy id 50 from "Trust" to "lightpath"  "Any" "Remote_Offices" "ANY" permit 
set policy id 50
exit
set syslog config "117.218.122.243"
set syslog config "117.218.122.243" facilities local0 local0
set syslog config "117.218.122.243" log traffic
set syslog src-interface ethernet0/9
set syslog enable
set nsmgmt bulkcli reboot-timeout 60
set ssh version v2
set ssh enable
set config lock timeout 5
unset license-key auto-update
set telnet client enable
set ssl encrypt 3des sha-1
set ntp server "time-a.nist.gov"
set ntp server backup1 "time-nw.nist.gov"
set snmp port listen 161
set snmp port trap 162
set snmpv3 local-engine id "0185102010000570"
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
set access-list 1
set access-list 1 permit ip 192.168.20.0/22 1
set route-map name "to_trust2-vr" permit 1
set match ip 1
exit
set export-to vrouter "trust2-vr" route-map "to_trust2-vr" protocol connected
unset add-default-route
set route 117.218.122.0/24 interface ethernet0/9 gateway 192.168.20.254 permanent
set route 192.168.21.0/24 interface ethernet0/9 gateway 192.168.20.254 permanent
set route 192.168.22.0/24 interface ethernet0/9 gateway 192.168.20.254 permanent
set route 10.1.15.0/24 interface tunnel.1
set route 10.1.12.0/24 interface tunnel.4
set route 10.1.13.0/24 interface tunnel.3
set route 10.1.1.0/24 interface tunnel.5
set route 10.1.13.0/24 interface tunnel.6 preference 25
set route 10.1.15.0/24 interface tunnel.7 preference 25
set route 10.1.1.0/24 interface tunnel.8 preference 25
set route 10.1.12.0/24 interface tunnel.9 preference 25
set route 192.168.120.0/24 interface tunnel.5
set route 192.168.120.0/24 interface tunnel.8 preference 25
set route 10.1.14.0/24 interface tunnel.2
set route 10.1.14.0/24 interface tunnel.10 preference 25
set route 0.0.0.0/0 interface ethernet0/0 gateway 242.141.149.1
set route 192.168.23.0/24 interface ethernet0/9 gateway 192.168.20.254
set route 0.0.0.0/0 interface ethernet0/1 gateway 88.77.55.105 preference 25
set route 10.1.16.0/24 interface tunnel.11
set route 10.1.16.0/24 interface tunnel.12
set route 10.100.100.0/24 gateway 192.168.20.254
set route 192.168.12.0/24 interface tunnel.4 preference 70
set route 192.168.13.0/24 interface tunnel.3 preference 70
set route 192.168.11.0/24 interface tunnel.5 preference 70
set route 192.168.13.0/24 interface tunnel.6 preference 80
set route 192.168.11.0/24 interface tunnel.8 preference 80
set route 192.168.12.0/24 interface tunnel.9 preference 80
set route 192.168.14.0/24 interface tunnel.2 preference 70
set route 192.168.14.0/24 interface tunnel.10 preference 80
set route 192.168.16.0/24 interface tunnel.11 preference 70
set route 192.168.16.0/24 interface tunnel.12 preference 80
set route 192.168.15.0/24 interface tunnel.1 preference 70
set route 192.168.15.0/24 interface tunnel.7 preference 80
set access-list extended 10 dst-port 80-80 protocol tcp entry 10
set access-list extended 10 dst-port 443-443 protocol tcp entry 11
set access-list extended 10 dst-port 20-22 protocol tcp entry 12
set access-list extended 10 dst-port 8080-8080 protocol tcp entry 13
set access-list extended 10 dst-port 8443-8443 protocol tcp entry 14
set access-list extended 11 dst-ip 192.168.220.0/24 entry 11
set match-group name client_vpn
set match-group client_vpn ext-acl 11 match-entry 11
set action-group name Route_ISP2
set action-group Route_ISP2 next-interface ethernet0/1 next-hop 88.77.55.105 action-entry 13
set pbr policy name ISP2_Policy
exit
set vrouter "trust2-vr"
set router-id 0.0.0.20
set access-list 1
set access-list 1 permit ip 192.168.20.0/22 1
set access-list 2
set access-list 2 permit ip 192.168.11.0/24 10
set access-list 2 permit ip 192.168.12.0/24 15
set access-list 2 permit ip 192.168.13.0/24 20
set access-list 2 permit ip 192.168.14.0/24 25
set access-list 2 permit ip 192.168.15.0/24 30
set access-list 2 permit ip 192.168.16.0/24 35
set route-map name "to_ospf" permit 1
set match ip 1
exit
set route-map name "from_ospf" permit 10
set match ip 2
exit
set export-to vrouter "trust-vr" route-map "from_ospf" protocol ospf
set protocol ospf
set redistribute route-map "to_ospf" protocol imported
exit
exit
set interface ethernet1/0 protocol ospf area 0.0.0.0
set interface ethernet1/0 protocol ospf enable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit
set vrouter "trust2-vr"
exit
bwfw1(M)->