set clock ntp
set clock timezone -5
set clock dst recurring start-weekday 2 0 3 02:00 end-weekday 1 0 11 02:00
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
exit
set service "Timbuktoo" protocol tcp src-port 0-65535 dst-port 1419-1419 
set service "Timbuktoo" + udp src-port 0-65535 dst-port 1419-1419 
set service "Timbuktoo" timeout never
set service "FileMaker" protocol tcp src-port 0-65535 dst-port 5003-5003 
set service "FileMaker" + udp src-port 0-65535 dst-port 5003-5003 
set service "Apple Filing Protocol" protocol tcp src-port 0-65535 dst-port 427-427 
set service "Apple Filing Protocol" + udp src-port 0-65535 dst-port 427-427 
set service "Apple Filing Protocol" + tcp src-port 0-65535 dst-port 548-548 
set service "Apple Filing Protocol" + udp src-port 0-65535 dst-port 548-548 
set service "Camera - Elevator" protocol tcp src-port 0-65535 dst-port 8150-8150 
set service "Camera - Elevator" + udp src-port 0-65535 dst-port 8150-8150 
set service "Camera - Elevator" timeout never
set service "Camera - Front Desk" protocol tcp src-port 0-65535 dst-port 8151-8151 
set service "Camera - Front Desk" + udp src-port 0-65535 dst-port 8151-8151 
set service "Camera - Front Desk" timeout never
set service "Camera - Back Office" protocol tcp src-port 0-65535 dst-port 8152-8152 
set service "Camera - Back Office" + udp src-port 0-65535 dst-port 8152-8152 
set service "Camera - Back Office" timeout never
set service "iCal" protocol tcp src-port 0-65535 dst-port 8008-8008 
set service "iCal" + udp src-port 0-65535 dst-port 8008-8008 
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set auth radius accounting port 1646
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst 
set zone "Untrust" block 
unset zone "Untrust" tcp-rst 
set zone "DMZ" tcp-rst 
set zone "VLAN" block 
unset zone "VLAN" tcp-rst 
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface ethernet0/3 phy full 100mb
set interface "ethernet0/0" zone "Untrust"
set interface "ethernet0/1" zone "DMZ"
set interface "ethernet0/2" zone "DMZ"
set interface "ethernet0/3" zone "Untrust"
set interface "ethernet0/4" zone "Trust"
set interface "bgroup0" zone "Trust"
unset interface vlan1 ip
set interface ethernet0/0 ip XXX.XXX.XXX.XXX/28
set interface ethernet0/0 route
set interface ethernet0/1 ip XXX.XXX.XXX.XXX/24
set interface ethernet0/1 route
set interface ethernet0/2 ip XXX.XXX.XXX.XXX/12
set interface ethernet0/2 route
set interface ethernet0/3 ip XXX.XXX.XXX.XXX/29
set interface ethernet0/3 nat
set interface ethernet0/4 ip XXX.XXX.XXX.XXX/24
set interface ethernet0/4 nat
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet0/0 ip manageable
set interface ethernet0/1 ip manageable
unset interface ethernet0/2 ip manageable
set interface ethernet0/3 ip manageable
set interface ethernet0/4 ip manageable
set interface ethernet0/0 manage ping
set interface ethernet0/0 manage telnet
set interface ethernet0/0 manage web
set interface ethernet0/1 manage ssh
set interface ethernet0/1 manage telnet
set interface ethernet0/1 manage snmp
set interface ethernet0/1 manage ssl
set interface ethernet0/1 manage web
unset interface ethernet0/2 manage ping
set interface ethernet0/3 manage ping
set interface ethernet0/3 manage ssh
set interface ethernet0/3 manage telnet
set interface ethernet0/3 manage snmp
set interface ethernet0/3 manage ssl
set interface ethernet0/3 manage web
unset interface ethernet0/4 manage ping
unset interface ethernet0/4 manage ssh
unset interface ethernet0/4 manage telnet
unset interface ethernet0/4 manage snmp
unset interface ethernet0/4 manage ssl
unset interface ethernet0/4 manage web
unset interface bgroup0 manage ping
unset interface bgroup0 manage telnet
unset interface bgroup0 manage snmp
unset interface bgroup0 manage ssl
unset interface bgroup0 manage web
set interface ethernet0/0 vip interface-ip 80 "HTTP" XXX.XXX.XXX.XXX
set interface ethernet0/0 vip interface-ip 8151 "Camera - Front Desk" XXX.XXX.XXX.XXX
set interface ethernet0/0 vip interface-ip 1419 "Timbuktoo" XXX.XXX.XXX.XXX
set interface ethernet0/0 vip interface-ip 5003 "FileMaker" XXX.XXX.XXX.XXX
set interface ethernet0/0 vip interface-ip 21 "FTP" 192.168.3.2
set interface ethernet0/0 vip interface-ip 548 "Apple Filing Protocol" XXX.XXX.XXX.XXX
set interface ethernet0/0 vip interface-ip 8150 "Camera - Elevator" XXX.XXX.XXX.XXX
set interface ethernet0/0 vip interface-ip 8152 "Camera - Back Office" XXX.XXX.XXX.XXX
set interface ethernet0/0 vip interface-ip 8008 "iCal" XXX.XXX.XXX.XXX
set interface ethernet0/2 vip interface-ip
set interface ethernet0/4 dhcp server service
set interface ethernet0/4 dhcp server enable
set interface ethernet0/4 dhcp server option lease 1440000 
set interface ethernet0/4 dhcp server option dns1 XXX.XXX.XXX.XXX 
set interface ethernet0/4 dhcp server ip XXX.XXX.XXX.XXX to XXX.XXX.XXX.XXX 
unset interface ethernet0/4 dhcp server config next-server-ip
set interface "serial0/0" modem settings "USR" init "AT&F"
set interface "serial0/0" modem settings "USR" active
set interface "serial0/0" modem speed 115200
set interface "serial0/0" modem retry 3
set interface "serial0/0" modem interval 10
set interface "serial0/0" modem idle-time 10
set flow tcp-mss
unset flow no-tcp-seq-check
set flow tcp-syn-check
unset flow tcp-syn-bit-check
set flow reverse-route clear-text prefer
set flow reverse-route tunnel always
set console page 10
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set dns host schedule 05:00
set ike respond-bad-spi 1
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit
set attack db server "https://services.netscreen.com/restricted/sigupdates"
set attack db schedule weekly Sunday 00:00
set url protocol websense
exit
set anti-spam profile ns-profile
 set sbl default-server enable
 set default action drop
exit
set policy id 5 from "DMZ" to "Untrust"  "Any" "Any" "ANY" nat src permit log 
set policy id 5
set log session-init
exit
set policy id 4 from "Untrust" to "DMZ"  "Any" "VIP(ethernet0/0)" "Apple Filing Protocol" permit log 
set policy id 4 anti-spam ns-profile
set policy id 4
set service "Camera - Back Office"
set service "Camera - Elevator"
set service "Camera - Front Desk"
set service "FileMaker"
set service "FTP"
set service "HTTP"
set service "HTTP-EXT"
set service "IMAP"
set service "SMTP"
set service "Timbuktoo"
set service "VNC"
set log session-init
exit
set policy id 3 from "Trust" to "DMZ"  "Any" "Any" "ANY" permit log 
set policy id 3
set log session-init
exit
set policy id 1 from "Trust" to "Untrust"  "Any" "Any" "ANY" permit log 
set policy id 1
set log session-init
exit
set nsmgmt bulkcli reboot-timeout 60
set ssh version v2
set config lock timeout 5
unset license-key auto-update
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
set route XXX.XXX.XXX.XXX/24 interface ethernet0/4 gateway XXX.XXX.XXX.XXX preference 20
set route 0.0.0.0/0 interface ethernet0/0 gateway XXX.XXX.XXX.XXX preference 20 permanent
set route 0.0.0.0/0 interface ethernet0/3 gateway XXX.XXX.XXX.XXX preference 20
set route source in-interface ethernet0/0 0.0.0.0/0 interface null gateway XXX.XXX.XXX.XXX preference 20
set route source in-interface ethernet0/3 0.0.0.0/0 interface null gateway XXX.XXX.XXX.XXX preference 20
exit
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit