Hm3MN5Fv

· 6 years ago · May 24, 2019, 04:08 AM
1
2
3root# show | display set
4set version 15.1X49-D170.4
5set groups default-deny-template security policies from-zone <*> to-zone <*> policy defult-deny match source-address any
6set groups default-deny-template security policies from-zone <*> to-zone <*> policy defult-deny match destination-address any
7set groups default-deny-template security policies from-zone <*> to-zone <*> policy defult-deny match application any
8set groups default-deny-template security policies from-zone <*> to-zone <*> policy defult-deny then deny
9set groups default-deny-template security policies from-zone <*> to-zone <*> policy defult-deny then log session-init
10set groups default-deny-template security policies from-zone <*> to-zone <*> policy defult-deny then log session-close
11set apply-groups default-deny-template
12set system auto-snapshot
13set system time-zone America/Chicago
14set system ports console log-out-on-disconnect
15set system ports auxiliary disable
16set system root-authentication encrypted-password 
17set system name-server 8.8.8.8
18set system name-server 8.8.4.4
19set system services ssh
20set system services dhcp-local-server group COMPUTER interface irb.10
21set system services dhcp-local-server group GUEST interface irb.666
22set system services dhcp-local-server group IAP-MGMT interface irb.1001
23set system services dhcp-local-server group CAMERA interface irb.20
24set system syslog archive size 100k
25set system syslog archive files 10
26set system syslog user * any emergency
27set system syslog file messages any any
28set system syslog file messages authorization info
29set system syslog file interactive-commands any any
30set system syslog file interactive-commands interactive-commands any
31set system syslog file zone-deny any any
32set system syslog file zone-deny match RT_FLOW_SESSION
33set system max-configurations-on-flash 5
34set system max-configuration-rollbacks 49
35set system ntp server 216.239.35.8
36set chassis aggregated-devices ethernet device-count 2
37set security screen ids-option untrust-screen icmp ping-death
38set security screen ids-option untrust-screen ip source-route-option
39set security screen ids-option untrust-screen ip tear-drop
40set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
41set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
42set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
43set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
44set security screen ids-option untrust-screen tcp syn-flood timeout 20
45set security screen ids-option untrust-screen tcp land
46set security nat source rule-set trust-to-untrust from zone trust
47set security nat source rule-set trust-to-untrust to zone untrust
48set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0
49set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface
50set security nat source rule-set Guest-to-untrust from zone GUEST
51set security nat source rule-set Guest-to-untrust to zone untrust
52set security nat source rule-set Guest-to-untrust rule GUEST-NAT match source-address 0.0.0.0/0
53set security nat source rule-set Guest-to-untrust rule GUEST-NAT then source-nat interface
54set security nat destination pool BLUE-IRIS address 192.168.1.10/32
55set security nat destination pool BLUE-IRIS address port 80
56set security nat destination rule-set http-to-blueiris-server from zone untrust
57set security nat destination rule-set http-to-blueiris-server rule blue-iris match destination-address 192.168.100.108/32
58set security nat destination rule-set http-to-blueiris-server rule blue-iris match destination-port 80
59set security nat destination rule-set http-to-blueiris-server rule blue-iris then destination-nat pool BLUE-IRIS
60deactivate security nat destination rule-set http-to-blueiris-server
61set security policies from-zone trust to-zone untrust policy trust-to-untrust match source-address any
62set security policies from-zone trust to-zone untrust policy trust-to-untrust match destination-address any
63set security policies from-zone trust to-zone untrust policy trust-to-untrust match application any
64set security policies from-zone trust to-zone untrust policy trust-to-untrust then permit
65set security policies from-zone trust to-zone trust policy trust-to-trust match source-address any
66set security policies from-zone trust to-zone trust policy trust-to-trust match destination-address any
67set security policies from-zone trust to-zone trust policy trust-to-trust match application any
68set security policies from-zone trust to-zone trust policy trust-to-trust then permit
69set security policies from-zone GUEST to-zone untrust policy Guest-to-untrust match source-address any
70set security policies from-zone GUEST to-zone untrust policy Guest-to-untrust match destination-address any
71set security policies from-zone GUEST to-zone untrust policy Guest-to-untrust match application any
72set security policies from-zone GUEST to-zone untrust policy Guest-to-untrust then permit
73set security zones security-zone trust host-inbound-traffic system-services all
74set security zones security-zone trust host-inbound-traffic protocols all
75set security zones security-zone trust interfaces irb.10 host-inbound-traffic system-services all
76set security zones security-zone trust interfaces irb.10 host-inbound-traffic protocols all
77set security zones security-zone trust interfaces irb.20 host-inbound-traffic system-services all
78set security zones security-zone trust interfaces irb.20 host-inbound-traffic protocols all
79set security zones security-zone trust interfaces irb.1001 host-inbound-traffic system-services all
80set security zones security-zone trust interfaces irb.1001 host-inbound-traffic protocols all
81set security zones security-zone untrust screen untrust-screen
82set security zones security-zone untrust interfaces ge-0/0/5.0 host-inbound-traffic system-services dhcp
83set security zones security-zone GUEST host-inbound-traffic system-services dhcp
84set security zones security-zone GUEST interfaces irb.666
85set interfaces ge-0/0/0 unit 0
86set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members COMPUTER
87set interfaces ge-0/0/3 description UPLINK-SWITCH-AE1
88set interfaces ge-0/0/3 gigether-options 802.3ad ae1
89set interfaces ge-0/0/5 unit 0 family inet dhcp-client update-server
90set interfaces ge-0/0/6 description UPLINK-SWITCH-AE1
91set interfaces ge-0/0/6 gigether-options 802.3ad ae1
92set interfaces ae1 description AE1-UPLINK-SWITCH
93set interfaces ae1 aggregated-ether-options minimum-links 1
94set interfaces ae1 aggregated-ether-options link-speed 1g
95set interfaces ae1 aggregated-ether-options lacp active
96set interfaces ae1 aggregated-ether-options lacp periodic fast
97set interfaces ae1 unit 0 family ethernet-switching interface-mode trunk
98set interfaces ae1 unit 0 family ethernet-switching vlan members CAMERAS
99set interfaces ae1 unit 0 family ethernet-switching vlan members COMPUTER
100set interfaces ae1 unit 0 family ethernet-switching vlan members GUEST
101set interfaces ae1 unit 0 family ethernet-switching vlan members MGMT
102set interfaces irb unit 10 description COMPUTERS
103set interfaces irb unit 10 family inet address 192.168.1.254/24
104set interfaces irb unit 20 description CAMERAS
105set interfaces irb unit 20 family inet address 192.168.2.254/24
106set interfaces irb unit 666 description GUEST
107set interfaces irb unit 666 family inet address 192.168.66.254/24
108set interfaces irb unit 1001 description MGMT
109set interfaces irb unit 1001 family inet address 192.168.101.254/24
110set protocols l2-learning global-mode switching
111set protocols lldp interface all
112set protocols lldp-med interface all
113set access address-assignment pool COMPUTER family inet network 192.168.1.0/24
114set access address-assignment pool COMPUTER family inet range COMPUTER-range low 192.168.1.5
115set access address-assignment pool COMPUTER family inet range COMPUTER-range high 192.168.1.250
116set access address-assignment pool COMPUTER family inet dhcp-attributes name-server 8.8.8.8
117set access address-assignment pool COMPUTER family inet dhcp-attributes name-server 8.8.4.4
118set access address-assignment pool COMPUTER family inet dhcp-attributes router 192.168.1.254
119set access address-assignment pool COMPUTER family inet dhcp-attributes propagate-settings irb.10
120set access address-assignment pool COMPUTER family inet host SERVER hardware-address 94:de:80:b8:6a:0d
121set access address-assignment pool COMPUTER family inet host SERVER ip-address 192.168.1.10
122set access address-assignment pool COMPUTER family inet host PRINTER hardware-address 00:1b:a9:f4:7e:0e
123set access address-assignment pool COMPUTER family inet host PRINTER ip-address 192.168.1.15
124set access address-assignment pool COMPUTER family inet host PRINTER-2 hardware-address 48:e2:44:b3:50:85
125set access address-assignment pool COMPUTER family inet host PRINTER-2 ip-address 192.168.1.30
126set access address-assignment pool GUEST family inet network 192.168.66.0/24
127set access address-assignment pool GUEST family inet range GUEST-range low 192.168.66.100
128set access address-assignment pool GUEST family inet range GUEST-range high 192.168.66.250
129set access address-assignment pool GUEST family inet dhcp-attributes name-server 8.8.8.8
130set access address-assignment pool GUEST family inet dhcp-attributes name-server 8.8.4.4
131set access address-assignment pool GUEST family inet dhcp-attributes router 192.168.66.254
132set access address-assignment pool GUEST family inet dhcp-attributes propagate-settings irb.666
133set access address-assignment pool IAP-MGMT family inet network 192.168.101.0/24
134set access address-assignment pool IAP-MGMT family inet range IAP-MGMT-range low 192.168.101.100
135set access address-assignment pool IAP-MGMT family inet range IAP-MGMT-range high 192.168.101.101
136set access address-assignment pool IAP-MGMT family inet dhcp-attributes name-server 8.8.8.8
137set access address-assignment pool IAP-MGMT family inet dhcp-attributes name-server 8.8.4.4
138set access address-assignment pool IAP-MGMT family inet dhcp-attributes router 192.168.101.254
139set access address-assignment pool IAP-MGMT family inet dhcp-attributes propagate-settings irb.1001
140set access address-assignment pool CAMERA family inet network 192.168.2.0/24
141set access address-assignment pool CAMERA family inet range CAMERA-range low 192.168.2.20
142set access address-assignment pool CAMERA family inet range CAMERA-range high 192.168.2.21
143set access address-assignment pool CAMERA family inet dhcp-attributes name-server 8.8.8.8
144set access address-assignment pool CAMERA family inet dhcp-attributes name-server 8.8.4.4
145set access address-assignment pool CAMERA family inet dhcp-attributes router 192.168.2.254
146set access address-assignment pool CAMERA family inet dhcp-attributes propagate-settings irb.20
147set vlans CAMERAS description CAMERAS
148set vlans CAMERAS vlan-id 20
149set vlans CAMERAS l3-interface irb.20
150set vlans COMPUTER description COMPUTERS
151set vlans COMPUTER vlan-id 10
152set vlans COMPUTER l3-interface irb.10
153set vlans GUEST description "Guest access"
154set vlans GUEST vlan-id 666
155set vlans GUEST l3-interface irb.666
156set vlans MGMT description MGMT
157set vlans MGMT vlan-id 1001
158set vlans MGMT l3-interface irb.1001
159
160
161
162
163
164
165
166
167
168
169nslookup foxnews.com
170Server:  google-public-dns-a.google.com
171Address:  8.8.8.8
172
173DNS request timed out.
174    timeout was 2 seconds.
175DNS request timed out.
176    timeout was 2 seconds.
177DNS request timed out.
178    timeout was 2 seconds.
179DNS request timed out.
180    timeout was 2 seconds.
181*** Request to google-public-dns-a.google.com timed-out
182
183C:\Users\v6tur>nslookup gmail.com
184Server:  google-public-dns-a.google.com
185Address:  8.8.8.8
186
187DNS request timed out.
188    timeout was 2 seconds.
189DNS request timed out.
190    timeout was 2 seconds.
191DNS request timed out.
192    timeout was 2 seconds.
193DNS request timed out.
194    timeout was 2 seconds.
195*** Request to google-public-dns-a.google.com timed-out
196
197 show security flow session destination-port 53 source-prefix 192.168.1.6 | refresh 1
198
199 removed a bunch of blanks here
200 
201Total sessions: 0
202---(refreshed at 2019-05-23 22:20:23 CDT)---
203Session ID: 3639, Policy name: trust-to-untrust/4, Timeout: 2, Valid
204  In: 192.168.1.6/59359 --> 8.8.8.8/53;udp, Conn Tag: 0x0, If: irb.10, Pkts: 1, Bytes: 66,
205  Out: 8.8.8.8/53 --> 192.168.10.130/24948;udp, Conn Tag: 0x0, If: ge-0/0/5.0, Pkts: 1, Bytes: 110,
206Total sessions: 1
207---(refreshed at 2019-05-23 22:20:24 CDT)---
208Session ID: 3639, Policy name: trust-to-untrust/4, Timeout: 2, Valid
209  In: 192.168.1.6/59359 --> 8.8.8.8/53;udp, Conn Tag: 0x0, If: irb.10, Pkts: 1, Bytes: 66,
210  Out: 8.8.8.8/53 --> 192.168.10.130/24948;udp, Conn Tag: 0x0, If: ge-0/0/5.0, Pkts: 1, Bytes: 110,
211  
212  ---(refreshed at 2019-05-23 22:20:39 CDT)---
213Session ID: 3663, Policy name: trust-to-untrust/4, Timeout: 2, Valid
214  In: 192.168.1.6/61730 --> 8.8.8.8/53;udp, Conn Tag: 0x0, If: irb.10, Pkts: 1, Bytes: 66,
215  Out: 8.8.8.8/53 --> 192.168.10.130/12298;udp, Conn Tag: 0x0, If: ge-0/0/5.0, Pkts: 1, Bytes: 110,
216Total sessions: 1
217---(refreshed at 2019-05-23 22:20:40 CDT)---
218Session ID: 3663, Policy name: trust-to-untrust/4, Timeout: 2, Valid
219  In: 192.168.1.6/61730 --> 8.8.8.8/53;udp, Conn Tag: 0x0, If: irb.10, Pkts: 1, Bytes: 66,
220  Out: 8.8.8.8/53 --> 192.168.10.130/12298;udp, Conn Tag: 0x0, If: ge-0/0/5.0, Pkts: 1, Bytes: 110,
221Total sessions: 1
222---(refreshed at 2019-05-23 22:20:41 CDT)---