=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2014.05.25 03:12:24 =~=~=~=~=~=~=~=~=~=~=~= show configuration | no-more ## Last commit: 2014-05-25 02:45:10 UTC by marlon version 10.4R1.9; system { host-name Jlab-R2; root-authentication { encrypted-password "$1$RS24WzbM$cLAloG/XzmYVYx7XMH0Vc/"; ## SECRET-DATA } login { user marlon { uid 2006; class super-user; authentication { encrypted-password "$1$h4VulmbE$TQveDZNZwgXtwTMnTisYA0"; ## SECRET-DATA } } } services { ssh { root-login deny; protocol-version v2; connection-limit 3; rate-limit 3; } web-management { http { port 5050; } } dhcp { default-lease-time 3600; domain-name dist-r2.net; name-server { 8.8.8.8; 8.8.4.4; } router { 10.10.10.1; } pool 10.10.10.0/24 { address-range low 10.10.10.10 high 10.10.10.254; } } } } interfaces { fe-0/0/0 { unit 0 { family inet { address 172.10.11.2/24; } } } fe-0/0/1 { unit 0 { family ethernet-switching { vlan { members SEGMENT-10; } } } } fe-0/0/2 { unit 0 { family inet { address 10.10.11.1/24; } } } fe-0/0/3 { unit 0 { family ethernet-switching { vlan { members SUPPLICANT-VLAN; } } } } fe-0/0/4 { unit 0 { family ethernet-switching { vlan { members SUPPLICANT-VLAN; } } } } vlan { description ***TO-SEGMENT-10***; unit 10 { family inet { address 10.10.10.1/24; } } } } routing-options { static { route 0.0.0.0/0 next-hop 172.10.11.1; } } protocols { dot1x { traceoptions { file dot1x; flag state; flag dot1x-debug; flag eapol; } authenticator { authentication-profile-name auth; interface { fe-0/0/3.0 { supplicant multiple; mac-radius { restrict; } no-reauthentication; } fe-0/0/4.0 { supplicant multiple; mac-radius { restrict; } no-reauthentication; } } } } } security { screen { ids-option ZONE-UNTRUST { tcp { port-scan threshold 1000; syn-flood { alarm-threshold 500; attack-threshold 500; source-threshold 25; timeout 20; } } } } zones { security-zone TRUST { screen ZONE-UNTRUST; interfaces { fe-0/0/0.0 { host-inbound-traffic { system-services { http; all; } protocols { all; } } } } } security-zone VLAN-10 { address-book { address vlan10 10.10.10.10/32; address-set TEST-WEB-SERVER { address vlan10; } address-set KEEP-RDP { address vlan10; } } interfaces { vlan.10 { host-inbound-traffic { system-services { all; } protocols { all; } } } } } security-zone SUPPLICANT-VLAN { interfaces { fe-0/0/2.0 { host-inbound-traffic { system-services { all; } protocols { all; } } } } } } policies { from-zone TRUST to-zone VLAN-10 { policy TRUST-TO-VLAN-10 { match { source-address any; destination-address any; application any; } then { permit; } } policy id_1 { match { source-address any; destination-address TEST-WEB-SERVER; application [ junos-http Remote-Desktop ]; } then { permit; } } } from-zone VLAN-10 to-zone TRUST { policy TRUST-FROM-VLAN10 { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone SUPPLICANT-VLAN to-zone TRUST { policy SUPPLICANT-TO-TRUST { match { source-address any; destination-address any; application any; } then { permit; } } } } flow { syn-flood-protection-mode syn-cookie; } } access { radius-server { 10.10.11.2 { port 1812; secret "$9$Le6xdsUjqfQns2aUiHTQ/CtpIc"; ## SECRET-DATA retry 5; } } profile auth { authentication-order radius; radius { authentication-server 10.10.11.2; } } } applications { application Remote-Desktop { protocol tcp; destination-port 5555; } } vlans { SEGMENT-10 { vlan-id 10; l3-interface vlan.10; } SUPPLICANT-VLAN { vlan-id 1000; } }