get config Total Config size 13406: set clock timezone 0 set vrouter trust-vr sharable set vrouter "untrust-vr" exit set vrouter "trust-vr" unset auto-route-export exit set service "Cedar Group Portal" protocol tcp src-port 0-65535 dst-port 5743-5743 set service "RDP" protocol tcp src-port 0-65535 dst-port 3389-3389 set service "Viawarp Credit Card" protocol tcp src-port 0-65535 dst-port 8100-8100 set service "Citrix" protocol tcp src-port 0-65535 dst-port 1494-1494 set service "Citrix" + udp src-port 0-65535 dst-port 1604-1604 set service "e-Medsys" protocol tcp src-port 0-65535 dst-port 1098-1099 set service "e-Medsys" + tcp src-port 0-65535 dst-port 4085-4086 set service "PPTP Custom" protocol tcp src-port 0-65535 dst-port 1723-1723 set service "PPTP Custom" + tcp src-port 0-65535 dst-port 47-47 set service "ADP" protocol tcp src-port 0-65535 dst-port 5282-5282 set service "ADP" + tcp src-port 0-65535 dst-port 6847-6849 set service "AS400" protocol tcp src-port 0-65535 dst-port 449-449 set service "AS400" + tcp src-port 0-65535 dst-port 992-992 set service "AS400" + tcp src-port 0-65535 dst-port 9470-9476 set service "TrendMicro" protocol tcp src-port 0-65535 dst-port 4343-4343 set service "TrendMicro" + tcp src-port 0-65535 dst-port 8059-8059 set service "TrendMicro" + tcp src-port 4343-4343 dst-port 0-65535 set service "TrendMicro" + tcp src-port 8059-8059 dst-port 0-65535 set service "GREcustom" protocol tcp src-port 0-65535 dst-port 47-47 set auth-server "Local" id 0 set auth-server "Local" server-name "Local" set auth default auth server "Local" set auth radius accounting port 1646 set admin name "netscreen" set admin password "nKVUM2rwMUzPcrkG5sWIHdCtqkAibn" set admin auth timeout 30 set admin auth server "Local" set admin privilege read-write set admin format dos set zone "Trust" vrouter "trust-vr" set zone "Untrust" vrouter "trust-vr" set zone "DMZ" vrouter "trust-vr" set zone "VLAN" vrouter "trust-vr" set zone "Untrust-Tun" vrouter "trust-vr" set zone "Trust" tcp-rst set zone "Untrust" block unset zone "Untrust" tcp-rst set zone "MGT" block set zone "DMZ" tcp-rst set zone "VLAN" block unset zone "VLAN" tcp-rst set zone "Trust" screen alarm-without-drop set zone "Trust" screen icmp-flood set zone "Trust" screen udp-flood set zone "Trust" screen winnuke set zone "Trust" screen port-scan set zone "Trust" screen tear-drop set zone "Trust" screen syn-flood set zone "Trust" screen ip-spoofing set zone "Trust" screen ping-death set zone "Trust" screen ip-filter-src set zone "Trust" screen land set zone "Trust" screen syn-frag set zone "Trust" screen tcp-no-flag set zone "Trust" screen unknown-protocol set zone "Trust" screen ip-bad-option set zone "Trust" screen ip-record-route set zone "Trust" screen ip-timestamp-opt set zone "Trust" screen ip-security-opt set zone "Trust" screen ip-loose-src-route set zone "Trust" screen ip-strict-src-route set zone "Trust" screen ip-stream-opt set zone "Trust" screen icmp-fragment set zone "Trust" screen syn-fin set zone "Trust" screen fin-no-ack set zone "Trust" screen syn-ack-ack-proxy set zone "Untrust" screen alarm-without-drop set zone "Untrust" screen icmp-flood set zone "Untrust" screen udp-flood set zone "Untrust" screen winnuke set zone "Untrust" screen port-scan set zone "Untrust" screen ip-sweep set zone "Untrust" screen tear-drop set zone "Untrust" screen syn-flood set zone "Untrust" screen ip-spoofing set zone "Untrust" screen ping-death set zone "Untrust" screen ip-filter-src set zone "Untrust" screen land set zone "Untrust" screen syn-frag set zone "Untrust" screen tcp-no-flag set zone "Untrust" screen unknown-protocol set zone "Untrust" screen ip-bad-option set zone "Untrust" screen ip-record-route set zone "Untrust" screen ip-timestamp-opt set zone "Untrust" screen ip-security-opt set zone "Untrust" screen ip-loose-src-route set zone "Untrust" screen ip-strict-src-route set zone "Untrust" screen ip-stream-opt set zone "Untrust" screen icmp-fragment set zone "Untrust" screen syn-fin set zone "Untrust" screen fin-no-ack set zone "Untrust" screen syn-ack-ack-proxy set zone "V1-Untrust" screen tear-drop set zone "V1-Untrust" screen syn-flood set zone "V1-Untrust" screen ping-death set zone "V1-Untrust" screen ip-filter-src set zone "V1-Untrust" screen land set interface "ethernet1" zone "Trust" set interface "ethernet2" zone "DMZ" set interface "ethernet3" zone "Trust" set interface "ethernet4" zone "Untrust" unset interface vlan1 ip set interface ethernet1 ip 10.0.19.1/24 set interface ethernet1 nat set interface ethernet4 ip 75.150.150.105/25 set interface ethernet4 route unset interface vlan1 bypass-others-ipsec unset interface vlan1 bypass-non-ip set interface ethernet1 ip manageable unset interface ethernet4 ip manageable set interface ethernet4 manage ping set interface ethernet4 manage ssh set interface ethernet4 manage telnet set interface ethernet4 manage snmp set interface ethernet4 manage ssl set interface ethernet4 manage web set interface ethernet4 vip untrust 1723 "PPTP Custom" 10.0.19.2 set interface ethernet4 vip untrust 47 "GREcustom" 10.0.19.2 unset flow no-tcp-seq-check unset flow tcp-syn-check set console page 0 set domain practiceone.com set pki authority default scep mode "auto" set pki x509 default cert-path partial set address "Trust" "10.0.18.0/24" 10.0.18.0 255.255.255.0 "WA Internal LAN" set address "Trust" "10.0.19.0/24" 10.0.19.0 255.255.255.0 set address "Trust" "172.27.23.0/24" 172.27.23.0 255.255.255.0 "CA Internal Lan" set address "Trust" "ISWest Internal LAN" 10.0.172.0 255.255.255.0 set address "Untrust" "209.144.203.70/255.255.255.255" 63.149.244.100 255.255.255.255 set address "Untrust" "CA Office Primary Source" 63.149.244.96 255.255.255.224 set address "Untrust" "ISWest Public Source" 207.178.173.65 255.255.255.224 set address "Untrust" "mail.practiceone.com" 63.149.244.100 255.255.255.255 set address "Untrust" "Neils IP" 67.85.41.222 255.255.255.255 set address "Untrust" "ShorelineTrap" 172.16.1.135 255.255.255.255 "temp rouge shoreline trap" set address "Untrust" "SPAM1" 83.208.101.90 255.255.255.255 set address "Untrust" "SPAM2" 204.16.208.52 255.255.255.255 set address "Untrust" "SPAM3" 221.209.110.45 255.255.255.255 set address "Untrust" "SPAM4" 64.94.227.70 255.255.255.255 set group address "Untrust" "Blocked" set group address "Untrust" "Blocked" add "Neils IP" set group address "Untrust" "Blocked" add "SPAM1" set group address "Untrust" "Blocked" add "SPAM2" set group address "Untrust" "Blocked" add "SPAM3" set group address "Untrust" "Blocked" add "SPAM4" set ike respond-bad-spi 1 unset ike ikeid-enumeration unset ike dos-protection unset ipsec access-session enable set ipsec access-session maximum 5000 set ipsec access-session upper-threshold 0 set ipsec access-session lower-threshold 0 set ipsec access-session dead-p2-sa-timeout 0 unset ipsec access-session log-error unset ipsec access-session info-exch-connected unset ipsec access-session use-error-log set url protocol websense exit set policy id 62 from "Trust" to "Trust" "Any" "Any" "TELNET" permit log count set policy id 62 exit set policy id 46 name "Log CA Traffic" from "Trust" to "Trust" "172.27.23.0/24" "10.0.19.0/24" "ANY" permit log count no-session-backup set policy id 46 exit set policy id 45 name "Remote NetScreen Mgmt" from "Untrust" to "Global" "CA Office Primary Source" "Any" "ANY" permit log count set policy id 45 exit set policy id 49 name "Remote NetScreen Mgmt" from "Untrust" to "Global" "ISWest Public Source" "Any" "ANY" permit log set policy id 49 exit set policy id 67 from "Untrust" to "Global" "Any" "Any" "ANY" permit log count set policy id 67 exit set policy id 41 from "Untrust" to "Global" "Blocked" "Any" "ANY" deny log set policy id 41 exit set policy id 64 from "Untrust" to "Trust" "Any" "Any" "GRE" permit log count set policy id 64 exit set policy id 61 from "Trust" to "Untrust" "10.0.19.0/24" "Any" "TrendMicro" permit log set policy id 61 exit set policy id 36 from "Trust" to "Untrust" "Any" "Any" "ADP" permit log count set policy id 36 exit set policy id 42 from "Trust" to "Untrust" "Any" "Any" "AS400" permit log count set policy id 42 disable set policy id 42 exit set policy id 57 name "Log CA Traffic" from "Trust" to "Trust" "10.0.19.0/24" "172.27.23.0/24" "ANY" permit log count no-session-backup set policy id 57 exit set policy id 58 from "Trust" to "Trust" "10.0.18.0/24" "10.0.19.0/24" "ANY" permit log count set policy id 58 exit set policy id 53 from "Trust" to "Trust" "10.0.19.0/24" "10.0.18.0/24" "ANY" permit log count set policy id 53 exit set policy id 59 name "Log ISWestTraffic" from "Trust" to "Trust" "ISWest Internal LAN" "10.0.19.0/24" "ANY" permit log count no-session-backup set policy id 59 exit set policy id 50 name "Log ISWestTraffic" from "Trust" to "Trust" "10.0.19.0/24" "ISWest Internal LAN" "ANY" permit log count no-session-backup set policy id 50 exit set policy id 55 from "Trust" to "Trust" "Any" "10.0.19.0/24" "ANY" permit log count set policy id 55 disable set policy id 55 exit set policy id 14 from "Trust" to "Trust" "Any" "Any" "ANY" permit log count set policy id 14 exit set policy id 16 from "Trust" to "Untrust" "Any" "Any" "Citrix" permit log count set policy id 16 exit set policy id 17 from "Trust" to "Untrust" "Any" "Any" "DNS" permit log count set policy id 17 exit set policy id 18 from "Trust" to "Untrust" "Any" "Any" "e-Medsys" permit log count set policy id 18 exit set policy id 19 from "Trust" to "Untrust" "Any" "Any" "HTTP" permit log count set policy id 19 exit set policy id 20 from "Trust" to "Untrust" "Any" "Any" "HTTPS" permit log count set policy id 20 exit set policy id 22 from "Trust" to "Untrust" "Any" "Any" "FTP" permit log count set policy id 22 exit set policy id 23 from "Trust" to "Untrust" "Any" "Any" "NTP" permit log count set policy id 23 exit set policy id 24 from "Trust" to "Untrust" "Any" "Any" "PC-Anywhere" permit log count set policy id 24 disable set policy id 24 exit set policy id 25 from "Trust" to "Untrust" "Any" "Any" "PING" permit log count set policy id 25 exit set policy id 26 from "Trust" to "Untrust" "Any" "Any" "POP3" permit log count set policy id 26 exit set policy id 40 from "Trust" to "Untrust" "Any" "Any" "IMAP" permit log count set policy id 40 exit set policy id 27 from "Trust" to "Untrust" "Any" "Any" "PPTP" permit log count set policy id 27 exit set policy id 65 from "Trust" to "Untrust" "Any" "Any" "GRE" permit log count set policy id 65 exit set policy id 28 from "Trust" to "Untrust" "Any" "Any" "RDP" permit log count set policy id 28 exit set policy id 30 from "Trust" to "Untrust" "Any" "Any" "SSH" permit log count set policy id 30 exit set policy id 31 from "Trust" to "Untrust" "Any" "Any" "TELNET" permit log count set policy id 31 exit set policy id 32 from "Trust" to "Untrust" "Any" "Any" "TRACEROUTE" permit log count set policy id 32 exit set policy id 33 from "Trust" to "Untrust" "Any" "Any" "VNC" permit log count set policy id 33 disable set policy id 33 exit set policy id 39 from "Trust" to "Untrust" "Any" "Any" "Viawarp Credit Card" permit log count set policy id 39 exit set policy id 48 name "Cedar Group Portal for Billers" from "Trust" to "Untrust" "Any" "Any" "Cedar Group Portal" permit log count set policy id 48 exit set policy id 63 from "Trust" to "Untrust" "Any" "Any" "SYSLOG" permit log count set policy id 63 exit set policy id 34 from "Trust" to "Untrust" "Any" "Any" "ANY" deny log count set policy id 34 exit set policy id 56 from "Trust" to "Trust" "Any" "Any" "ANY" deny log count set policy id 56 exit set policy id 35 from "Untrust" to "Trust" "Any" "VIP(ethernet4)" "PPTP Custom" permit log count set policy id 35 exit set policy id 66 from "Untrust" to "Trust" "Any" "Any" "ANY" permit log count set policy id 66 exit set policy id 44 from "Untrust" to "Trust" "Any" "Any" "ANY" deny log count set policy id 44 exit set syslog config "206.154.178.68" set syslog config "206.154.178.68" facilities local0 local0 set syslog config "206.154.178.68" log traffic set nsmgmt bulkcli reboot-timeout 60 set nsmgmt bulkcli reboot-wait 0 set ssh version v2 set ssh enable set config lock timeout 5 set snmp community "public" Read-Only Trap-on traffic version any set snmp host "public" 10.0.172.0 255.255.255.0 set snmp location "NJ - PracticeOne" set snmp contact "nick" set snmp name "njfw01" set snmp port listen 161 set snmp port trap 162 set vrouter "untrust-vr" exit set vrouter "trust-vr" unset add-default-route set route 10.0.18.3/24 interface ethernet1 gateway 10.0.18.3 preference 20 permanent set route 10.0.172.0/24 interface ethernet1 gateway 10.0.19.3 preference 20 permanent set route 172.27.23.0/24 interface ethernet1 gateway 10.0.19.3 preference 20 permanent set route 10.0.64.0/24 interface ethernet1 gateway 10.0.19.3 preference 20 set route 0.0.0.0/0 interface ethernet4 gateway 75.150.150.106 preference 20 permanent exit set vrouter "untrust-vr" exit set vrouter "trust-vr" exit ns25->