пятница

Juniper SRX100 конфигурация по умолчанию


Добрый день, коллеги, выкладываю конфиг по умолчанию, заданы только host-name и пароль.

root@srx> show configuration
## Last commit: 2014-06-04 19:57:59 UTC by root
version 11.4R7.5;
system {
host-name srx;
root-authentication {
   encrypted-password "$$4mdo/U$HIJeAWcVJ0j1"; ## SECRET-DATA
}
name-server {
   208.67.222.222;
   208.67.220.220;
}
services {
   ssh;
   telnet;
   xnm-clear-text;
   web-management {
       http {
           interface vlan.0;
       }
       https {
           system-generated-certificate;
           interface vlan.0;
       }
   }
   dhcp {
       router {
           192.168.1.1;
       }
       pool 192.168.1.0/24 {
           address-range low 192.168.1.2 high 192.168.1.254;
       }
       propagate-settings fe-0/0/0.0;
   }
}
syslog {
   archive size 100k files 3;
   user * {
       any emergency;
   }
   file messages {
       any critical;
       authorization info;
   }
   file interactive-commands {
       interactive-commands error;
   }
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
   autoupdate {
   }
}
}
interfaces {
fe-0/0/0 {
   unit 0 {
       family inet {
           dhcp;
       }
   }
}
fe-0/0/1 {
   unit 0 {
       family ethernet-switching {
           vlan {
               members vlan-trust;
           }
       }
   }
}
fe-0/0/2 {
   unit 0 {
       family ethernet-switching {
           vlan {
               members vlan-trust;
           }
       }
   }
}
fe-0/0/3 {
   unit 0 {
       family ethernet-switching {
           vlan {
               members vlan-trust;
           }
       }
   }
}
fe-0/0/4 {
   unit 0 {
       family ethernet-switching {
           vlan {
               members vlan-trust;
           }
       }
   }
}
fe-0/0/5 {
   unit 0 {
       family ethernet-switching {
           vlan {
               members vlan-trust;
           }
       }
   }
}
fe-0/0/6 {
   unit 0 {
       family ethernet-switching {
           vlan {
               members vlan-trust;
           }
       }
   }
}
fe-0/0/7 {
   unit 0 {
       family ethernet-switching {
           vlan {
               members vlan-trust;
           }
       }
   }
}
vlan {
   unit 0 {
       family inet {
           address 192.168.1.1/24;
       }
   }
}
}
protocols {
stp;
}
security {
screen {
   ids-option untrust-screen {
       icmp {
           ping-death;
       }
       ip {
           source-route-option;
           tear-drop;
       }
       tcp {
           syn-flood {
               alarm-threshold 1024;
               attack-threshold 200;
               source-threshold 1024;
               destination-threshold 2048;
               timeout 20;
           }
           land;
       }
   }
}
nat {
   source {
       rule-set trust-to-untrust {
           from zone trust;
           to zone untrust;
           rule source-nat-rule {
               match {
                   source-address 0.0.0.0/0;
               }
              then {
                   source-nat {
                       interface;
                   }
               }
           }
       }
   }
}
policies {
   from-zone trust to-zone untrust {
       policy trust-to-untrust {
           match {
               source-address any;
               destination-address any;
               application any;
           }
           then {
               permit;
           }
       }
   }
}
zones {
   security-zone trust {
       host-inbound-traffic {
           system-services {
               all;
           }
           protocols {
               all;
           }
       }
       interfaces {
           vlan.0;
       }
   }
   security-zone untrust {
       screen untrust-screen;
       interfaces {
           fe-0/0/0.0 {
               host-inbound-traffic {
                   system-services {
                       dhcp;
                       tftp;
                   }
               }
           }
       }
   }
}
}
vlans {
vlan-trust {
   vlan-id 3;
   l3-interface vlan.0;
}
}

root@srx>

Комментариев нет:

Отправить комментарий