Remote Management Console
walmagcg01ssg01-> get config
Total Config size 15480:
set clock dst-off
set clock ntp
set clock timezone -4
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
exit
unset alg sunrpc enable
unset alg msrpc enable
unset alg sql enable
unset alg appleichat enable
unset alg appleichat re-assembly enable
set alg sctp enable
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth-server "marmacls01ur002" id 1
set auth-server "marmacls01ur002" server-name "172.30.17.20"
set auth-server "marmacls01ur002" account-type 802.1X 
set auth-server "marmacls01ur002" radius secret "YqVSlRRsNjwa3Ls5LzC2sd3erDnfCETiJQ=="
set auth default auth server "Local"
set auth radius accounting port 1646
set admin name "root"
set admin password "nFTGOqrmIL5JcydFYsBDFOPtr6Da9n"
set admin user "rha" password "nKy1HlrKBtzOcqVJisFJcpJtlMMCGn" privilege "all"
set admin manager-ip 172.30.147.151 255.255.255.255
set admin manager-ip 192.168.240.5 255.255.255.255
set admin manager-ip 192.168.239.7 255.255.255.255
set admin manager-ip 172.16.4.151 255.255.255.255
set admin http redirect
set admin auth web timeout 15
set admin auth server "Local"
set admin auth remote primary
set admin auth remote root
set admin privilege get-external
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst 
set zone "Untrust" block 
unset zone "Untrust" tcp-rst 
set zone "MGT" block 
set zone "DMZ" tcp-rst 
set zone "VLAN" block 
unset zone "VLAN" tcp-rst 
set zone "Untrust" screen on-tunnel
set zone "Untrust" screen icmp-flood
set zone "Untrust" screen udp-flood
set zone "Untrust" screen winnuke
set zone "Untrust" screen port-scan
set zone "Untrust" screen ip-sweep
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ip-spoofing
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "Untrust" screen component-block zip
set zone "Untrust" screen component-block jar
set zone "Untrust" screen component-block exe
set zone "Untrust" screen component-block activex
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "ethernet0/0" zone "Trust"
set interface "ethernet0/1" zone "DMZ"
set interface "ethernet0/2" zone "Untrust"
set interface "tunnel.1" zone "Untrust"
set interface "tunnel.2" zone "Untrust"
set interface "tunnel.3" zone "Untrust"
set interface "tunnel.4" zone "Untrust"
set interface "tunnel.5" zone "Trust"
set interface ethernet0/0 ip 192.168.239.6/24
set interface ethernet0/0 nat
unset interface vlan1 ip
set interface ethernet0/2 ip outside address/24
set interface ethernet0/2 route
set interface tunnel.1 ip unnumbered interface ethernet0/2
set interface tunnel.2 ip unnumbered interface ethernet0/2
set interface tunnel.3 ip unnumbered interface ethernet0/2
set interface tunnel.4 ip unnumbered interface ethernet0/2
set interface tunnel.5 ip unnumbered interface ethernet0/2
set interface ethernet0/2 gateway outside gateway
set interface tunnel.1 mtu 1500
set interface tunnel.2 mtu 1500
set interface tunnel.3 mtu 1500
set interface tunnel.4 mtu 1500
set interface tunnel.5 mtu 1500
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet0/0 ip manageable
unset interface ethernet0/1 ip manageable
set interface ethernet0/2 ip manageable
unset interface ethernet0/0 manage telnet
set interface ethernet0/1 manage ssh
set interface vlan1 manage mtrace
unset flow no-tcp-seq-check
set flow tcp-syn-check
unset flow tcp-syn-bit-check
set flow reverse-route clear-text prefer
set flow reverse-route tunnel always
set domain centrepath.com
set hostname walmagcg01ssg01
set webauth server "marmacls01ur002"
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set dns host dns1 192.168.237.11 src-interface ethernet0/0
set dns host dns2 192.168.237.12 src-interface ethernet0/0
set dns host dns3 0.0.0.0
set address "Trust" "CRP-network1" 192.168.239.0 255.255.255.0 "Corporate Network Inside"
set address "Trust" "CRP-Servers" 192.168.237.0 255.255.255.0 "Corporate Server Network"
set address "Trust" "CRP-Users" 172.16.4.0 255.255.255.0 "Corporate User Network"
set address "Trust" "NCC-Marlboro" 172.30.19.0 255.255.255.0 "NCC Network Marlboro"
set address "Trust" "NCC-Waltham" 172.30.147.0 255.255.255.0 "NCC Network Waltham"
set address "Trust" "OSS-Alternate-Network" 172.30.149.0 255.255.255.0 "OSS Network Waltham"
set address "Trust" "OSS-Marlboro" 172.30.17.0 255.255.255.0 "OSS Network Marlboro"
set address "Trust" "OSS-VIP-Network" 172.30.148.0 255.255.255.0 "OSS Network Waltham"
set address "Trust" "OSS-Waltham" 172.30.145.0 255.255.255.0 "OSS Network Waltham"
set address "Trust" "Waltham-Remote" 192.168.241.0 255.255.255.0 "Waltham Remote access"
set address "Untrust" "Chicago-Network" 10.10.199.0 255.255.255.0 "Chicago, IL Network"
set address "Untrust" "Customer-Lexent" 192.168.7.0 255.255.255.0 "Lexent Network"
set address "Untrust" "Houston-Network" 192.168.0.0 255.255.255.0 "Houston, Tx Network"
set address "Untrust" "Lisbon-Network" 10.0.25.0 255.255.255.0 "Lisbon, Portugal"
set address "Untrust" "NewYork-Network" 192.168.168.0 255.255.255.0 "NYC, NY Network"
set address "Untrust" "Salford-Network" 192.168.1.0 255.255.255.0 "Salford, UK Network"
set address "Untrust" "Waltham-Outside" outside network 255.255.255.0 "Waltham outside Network"
set group address "Trust" "Corp" comment "Corporate Networks"
set group address "Trust" "Corp" add "CRP-network1"
set group address "Trust" "Corp" add "CRP-Servers"
set group address "Trust" "Corp" add "CRP-Users"
set group address "Trust" "corp2"
set group address "Trust" "corp2" add "CRP-Servers"
set group address "Trust" "corp2" add "CRP-Users"
set group address "Trust" "NCC" comment "NCC Networks"
set group address "Trust" "NCC" add "NCC-Marlboro"
set group address "Trust" "NCC" add "NCC-Waltham"
set group address "Trust" "OSS" comment "OSS Networks"
set group address "Trust" "OSS" add "OSS-Alternate-Network"
set group address "Trust" "OSS" add "OSS-Marlboro"
set group address "Trust" "OSS" add "OSS-VIP-Network"
set group address "Trust" "OSS" add "OSS-Waltham"
set group address "Trust" "Waltham" comment "Waltham Networks"
set group address "Trust" "Waltham" add "Waltham-Remote"
set group address "Trust" "Waltham" add "Corp"
set group address "Trust" "Waltham" add "NCC"
set group address "Trust" "Waltham" add "OSS"
set group address "Untrust" "Remote-Offices"
set group address "Untrust" "Remote-Offices" add "Chicago-Network"
set group address "Untrust" "Remote-Offices" add "Houston-Network"
set group address "Untrust" "Remote-Offices" add "Lisbon-Network"
set group address "Untrust" "Remote-Offices" add "NewYork-Network"
set group address "Untrust" "Remote-Offices" add "Salford-Network"
set ippool "CorpTIER3" 192.168.241.50 192.168.241.80
set ippool "nccTier1" 192.168.241.10 192.168.241.30
set ippool "FWADMIN" 192.168.241.5 192.168.241.9
set user "FW-Admin" uid 3
set user "FW-Admin" ike-id u-fqdn "fw@globalcapacity.com" share-limit 5
set user "FW-Admin" type ike
set user "FW-Admin" "enable"
set user "rha" uid 1
set user "rha" type xauth
set user "rha" password "jbJhfGhdNwm+QmsN0cCQedAaTOnSeRc//w=="
unset user "rha" type auth
set user "rha" "enable"
set user-group "FWADMIN" id 4
set user-group "FWADMIN" user "FW-Admin"
set user-group "test" id 5
set user-group "test" location external
set user-group "test" type xauth 
set ike p2-proposal "nopfs-esp-3des-sha1-lexent" group2 esp 3des sha-1 second 3600 kbyte 8192
set ike gateway "ToHouston" address outside Main outgoing-interface "ethernet0/2" preshare "eXWZ6/GnNjTv49s2ZIC7mk/0nBn5AUDH/g==" proposal "pre-g2-3des-sha" "pre-g2-aes128-sha"
set ike gateway "ToSalford" address outside Main outgoing-interface "ethernet0/2" preshare "mgmvm9HcNSfbl9syPxCTDLbhfMnDKRIeEA==" proposal "pre-g2-3des-sha" "pre-g2-aes128-sha"
set ike gateway "ToChicago" address outside Main outgoing-interface "ethernet0/2" preshare "5V25UpHyNSyNios4MnCiqy5vaxnUjF6YAA==" proposal "pre-g2-3des-sha" "pre-g2-3des-md5" "pre-g2-des-sha" "pre-g2-des-md5"
set ike gateway "ToLexent" address outside Main outgoing-interface "ethernet0/2" preshare "uOsMQFz6NLq5tts9mWCAfos4sqn31M3SLg==" proposal "pre-g2-3des-sha" "pre-g2-3des-md5" "pre-g2-des-sha" "pre-g2-des-md5"
set ike gateway "ToLisbon" address 0.0.0.0 id "gclisbon.no-ip.biz" Aggr outgoing-interface "ethernet0/2" preshare "YSUywNzSN2U8V6slyOC7r+B5jenlivlZyw==" proposal "pre-g2-3des-sha" "pre-g2-aes128-sha"
unset ike gateway "ToLisbon" nat-traversal
set ike gateway "To-NewYork" address outside Main outgoing-interface "ethernet0/2" preshare "d+IpEOGuNvsgT5sp9bCFX3J4LMnJJ6PsrA==" proposal "pre-g2-3des-sha"
set ike gateway "FWADMIN-GW" dialup "FWADMIN" Aggr outgoing-interface "ethernet0/2" preshare "TSJ1HCpcN9WOg8suYqCFk0c2h6nVBtdYHg==" proposal "pre-g2-3des-sha"
set ike gateway "FWADMIN-GW" nat-traversal udp-checksum
set ike gateway "FWADMIN-GW" nat-traversal keepalive-frequency 0
set ike gateway "FWADMIN-GW" xauth
set ike gateway "FWADMIN-GW" xauth server auth-method chap pap
unset ike gateway "FWADMIN-GW" xauth do-edipi-auth
set ike respond-bad-spi 1
set ike ikev2 ike-sa-soft-lifetime 60
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set xauth default ippool "FWADMIN"
set xauth default dns1 192.168.237.11
set xauth default dns2 192.168.237.12
set vpn "Houston-VPN" gateway "ToHouston" no-replay tunnel idletime 0 sec-level compatible
set vpn "Houston-VPN" id 0xe bind interface tunnel.1
set vpn "Salford-VPN" gateway "ToSalford" no-replay tunnel idletime 0 sec-level compatible
set vpn "Salford-VPN" id 0x44 bind interface tunnel.2
set vpn "Chicago-VPN" gateway "ToChicago" no-replay tunnel idletime 0 sec-level compatible
set vpn "Chicago-VPN" id 0x1d bind interface tunnel.3
set vpn "Lexent-VPN" gateway "ToLexent" no-replay tunnel idletime 0 proposal "g2-esp-3des-sha" 
set vpn "Lisbon-VPN" gateway "ToLisbon" no-replay tunnel idletime 0 proposal "nopfs-esp-3des-sha" 
set vpn "Lisbon-VPN" id 0x42 bind interface tunnel.4
set vpn "NewYork-VPN" gateway "To-NewYork" no-replay tunnel idletime 0 sec-level compatible
set vpn "NewYork-VPN" id 0x43 bind interface tunnel.5
set vpn "FWADMIN-VPN" gateway "FWADMIN-GW" no-replay tunnel idletime 0 proposal "nopfs-esp-3des-sha" 
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit         
unset alg ftp enable
set url protocol websense
exit
set vpn "Houston-VPN" proxy-id local-ip 192.168.239.0/24 remote-ip 192.168.0.0/24 "ANY" 
set vpn "Salford-VPN" proxy-id local-ip 192.168.239.0/24 remote-ip 192.168.1.0/24 "ANY" 
set vpn "Chicago-VPN" proxy-id local-ip 192.168.239.0/24 remote-ip 10.10.199.0/24 "ANY" 
set vpn "Lisbon-VPN" proxy-id local-ip 192.168.239.0/24 remote-ip 10.0.25.0/24 "ANY" 
set vpn "NewYork-VPN" proxy-id local-ip 192.168.239.0/24 remote-ip 192.168.168.0/24 "ANY" 
set policy id 11 from "Untrust" to "Trust"  "Dial-Up VPN" "CRP-network1" "ANY" nat src tunnel vpn "FWADMIN-VPN" id 0x54 log 
set policy id 11
set log session-init
exit
set policy id 10 from "Untrust" to "Trust"  "Customer-Lexent" "OSS-Waltham" "ANY" tunnel vpn "Lexent-VPN" id 0x41 pair-policy 9 log 
set policy id 10
set log session-init
exit
set policy id 9 from "Trust" to "Untrust"  "OSS-Waltham" "Customer-Lexent" "ANY" tunnel vpn "Lexent-VPN" id 0x41 pair-policy 10 log 
set policy id 9
set log session-init
exit
set policy id 8 from "Untrust" to "Trust"  "Customer-Lexent" "OSS-VIP-Network" "ANY" tunnel vpn "Lexent-VPN" id 0x40 pair-policy 7 log 
set policy id 8
set log session-init
exit
set policy id 7 from "Trust" to "Untrust"  "OSS-VIP-Network" "Customer-Lexent" "ANY" tunnel vpn "Lexent-VPN" id 0x40 pair-policy 8 log 
set policy id 7
set log session-init
exit
set policy id 6 from "Untrust" to "Trust"  "Customer-Lexent" "OSS-Alternate-Network" "ANY" tunnel vpn "Lexent-VPN" id 0x3f pair-policy 5 log 
set policy id 6
set log session-init
exit
set policy id 5 from "Trust" to "Untrust"  "OSS-Alternate-Network" "Customer-Lexent" "ANY" tunnel vpn "Lexent-VPN" id 0x3f pair-policy 6 log 
set policy id 5
set log session-init
exit
set policy id 4 from "Untrust" to "Trust"  "Customer-Lexent" "NCC-Waltham" "ANY" tunnel vpn "Lexent-VPN" id 0x3e pair-policy 3 log 
set policy id 4
set log session-init
exit
set policy id 3 from "Trust" to "Untrust"  "NCC-Waltham" "Customer-Lexent" "ANY" tunnel vpn "Lexent-VPN" id 0x3e pair-policy 4 log 
set policy id 3
set log session-init
exit         
set policy id 1 from "Trust" to "Untrust"  "Waltham" "Remote-Offices" "ANY" permit log 
set policy id 1
set log session-init
exit
set policy id 2 from "Untrust" to "Trust"  "Remote-Offices" "Waltham" "ANY" permit log 
set policy id 2
set log session-init
exit
set syslog config "172.30.145.175"
set syslog config "172.30.145.175" facilities local0 local0
set syslog config "172.30.145.175" log traffic
set syslog src-interface ethernet0/0
set syslog enable
set log module system level error destination webtrends
set log module system level warning destination webtrends
set firewall log-self
set nsmgmt bulkcli reboot-timeout 60
set ssh version v2
set ssh enable
set scp enable
set config lock timeout 5
unset license-key auto-update
set ntp server "172.30.145.60"
set ntp server src-interface "ethernet0/0"
set ntp server backup1 "172.30.145.10"
set ntp server backup1 src-interface "ethernet0/0"
set ntp server backup2 "0.0.0.0"
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
set route 172.30.0.0/16 interface ethernet0/0 gateway 192.168.239.252 preference 20 permanent
set route 172.16.4.0/24 interface ethernet0/0 gateway 192.168.239.252 permanent
set route 192.168.237.0/24 interface ethernet0/0 gateway 192.168.239.252 permanent
set route 192.168.240.0/24 interface ethernet0/0 gateway 192.168.239.4 permanent
set route 192.168.0.0/24 interface tunnel.1 permanent
set route 192.168.0.0/24 interface null metric 10 permanent
set route 192.168.1.0/24 interface tunnel.2 permanent
set route 192.168.1.0/24 interface null metric 10 permanent
set route 10.10.199.0/24 interface tunnel.3 permanent
set route 10.10.199.0/24 interface null metric 10 permanent
set route 172.30.149.0/24 interface ethernet0/0 gateway 192.168.239.252 permanent
set route 10.0.25.0/24 interface tunnel.4 permanent
set route 192.168.168.0/24 interface tunnel.5 permanent
set route 192.168.168.0/24 interface null metric 10 permanent
exit
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit