CLI Tools CLI ViewerThe current configuration running on the device ## Last changed: 2010-11-02 19:06:14 UTC version 10.0R3.10; groups { node0 { system { host-name two; } interfaces { fxp0 { unit 0 { family inet { address 192.168.0.1/24; } } } } } node1 { system { host-name one; } interfaces { fxp0 { unit 0 { family inet { address 192.168.0.1/24; } } } } } } apply-groups "${node}"; system { root-authentication { encrypted-password "$1$1wYA/vC2$qoFeX/kRrzwiihNKiNS/Q0"; } name-server { 10.0.4.10; 10.0.7.10; } login { user civil { uid 1001; class super-user; authentication { encrypted-password "$1$o6YPHlNS$JjRp5bCywUWlI2QXXJ3Cc."; } } } services { ssh; telnet; web-management { http { interface [ fxp0.0 reth1.0 ]; } https { system-generated-certificate; } } } syslog { archive size 100k files 3; user * { any emergency; } file messages { any critical; authorization info; } file interactive-commands { interactive-commands error; } } max-configurations-on-flash 20; max-configuration-rollbacks 20; license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } } chassis { cluster { reth-count 20; redundancy-group 0 { node 0 priority 100; node 1 priority 1; } redundancy-group 1 { node 0 priority 100; node 1 priority 1; interface-monitor { ge-0/0/5 weight 255; ge-5/0/5 weight 255; ge-0/0/6 weight 255; ge-5/0/6 weight 255; ge-0/0/15 weight 255; ge-0/0/14 weight 255; ge-0/0/13 weight 255; ge-0/0/12 weight 255; ge-0/0/11 weight 255; ge-0/0/10 weight 255; ge-0/0/9 weight 255; ge-0/0/8 weight 255; ge-5/0/15 weight 255; ge-5/0/14 weight 255; ge-5/0/13 weight 255; ge-5/0/12 weight 255; ge-5/0/11 weight 255; ge-5/0/10 weight 255; ge-5/0/9 weight 255; ge-5/0/8 weight 255; } } } } interfaces { ge-0/0/0 { unit 0; } ge-0/0/5 { gigether-options { redundant-parent reth1; } } ge-0/0/6 { gigether-options { redundant-parent reth0; } } ge-0/0/7 { gigether-options { redundant-parent reth7; } } ge-0/0/8 { gigether-options { redundant-parent reth8; } } ge-0/0/9 { gigether-options { redundant-parent reth9; } } ge-0/0/10 { gigether-options { redundant-parent reth10; } } ge-0/0/11 { gigether-options { redundant-parent reth11; } } ge-0/0/12 { gigether-options { redundant-parent reth12; } } ge-0/0/13 { gigether-options { redundant-parent reth13; } } ge-0/0/14 { gigether-options { redundant-parent reth14; } } ge-0/0/15 { gigether-options { redundant-parent reth15; } } ge-5/0/5 { gigether-options { redundant-parent reth1; } } ge-5/0/6 { gigether-options { redundant-parent reth0; } } ge-5/0/7 { gigether-options { redundant-parent reth7; } } ge-5/0/8 { gigether-options { redundant-parent reth8; } } ge-5/0/9 { gigether-options { redundant-parent reth9; } } ge-5/0/10 { gigether-options { redundant-parent reth10; } } ge-5/0/11 { gigether-options { redundant-parent reth11; } } ge-5/0/12 { gigether-options { redundant-parent reth12; } } ge-5/0/13 { gigether-options { redundant-parent reth13; } } ge-5/0/14 { gigether-options { redundant-parent reth14; } } ge-5/0/15 { gigether-options { redundant-parent reth15; } } fab0 { fabric-options { member-interfaces { ge-0/0/2; } } } fab1 { fabric-options { member-interfaces { ge-5/0/2; } } } reth0 { redundant-ether-options { redundancy-group 1; } unit 0 { family inet { address 192.168.3.1/24; } } } reth1 { redundant-ether-options { redundancy-group 1; } unit 0 { family inet { address 192.168.2.1/24; } } } reth7 { redundant-ether-options { redundancy-group 1; } } reth8 { redundant-ether-options { redundancy-group 1; } unit 0 { description MB_Intranet; family inet { address 10.0.11.1/24; } } } reth9 { redundant-ether-options { redundancy-group 1; } unit 0 { description HO_Intranet; family inet { address 10.0.10.1/24; } } } reth10 { redundant-ether-options { redundancy-group 1; } unit 0 { description Internal2; family inet { address 10.0.4.1/24; } } } reth11 { redundant-ether-options { redundancy-group 1; } unit 0 { description Internal1; family inet { address 10.0.1.1/24; } } } reth12 { redundant-ether-options { redundancy-group 1; } unit 0 { description DMZ; family inet { address 10.0.3.1/24; } } } reth13 { redundant-ether-options { redundancy-group 1; } unit 0 { description WAN3; } } reth14 { redundant-ether-options { redundancy-group 1; } unit 0 { description WAN2; } } reth15 { redundant-ether-options { redundancy-group 1; } unit 0 { family inet { address x.x.x.x/x; } } } } security { nat { source { rule-set trust-to-untrust { from zone trust; to zone untrust; rule source-nat-rule { match { source-address 0.0.0.0/0; } then { source-nat { interface; } } } } } } screen { ids-option untrust-screen { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; timeout 20; } land; } } } zones { security-zone trust; security-zone untrust { screen untrust-screen; interfaces { ge-0/0/0.0 { host-inbound-traffic { system-services { dhcp; tftp; all; } protocols { all; } } }_ reth1.0 { host-inbound-traffic { system-services { all; } protocols { all; } } } reth15.0; reth14.0; reth13.0; } } security-zone DMZ { interfaces { reth12.0; } } security-zone INTENAL_1 { interfaces { reth11.0; } } security-zone INTENAL_2 { interfaces { reth10.0; } } security-zone HEAD_OFF_INTRENET { interfaces { reth9.0; } } security-zone MAIN_BRANCH_INTRANET { interfaces { reth8.0; } } } policies { from-zone trust to-zone untrust { policy trust-to-untrust { match { source-address any; destination-address any; application any; } then { permit; } } policy UTM { match { source-address any; destination-address any; application any; } then { permit { application-services { utm-policy one; } } } } } } utm { feature-profile { web-filtering { surf-control-integrated { cache { timeout 1800; size 500; } server { host surfcontrolserver; } profile one { category { nosurf { action block; } CivilAllowed { action permit; } } default block; custom-block-message "Access Denied "; fallback-settings { default block; server-connectivity block; timeout block; too-many-requests block; } } } } } utm-policy one { anti-virus { http-profile junos-av-defaults; smtp-profile junos-av-defaults; pop3-profile junos-av-defaults; imap-profile junos-av-defaults; } web-filtering { http-profile one; } anti-spam { smtp-profile junos-as-defaults; } } } }