Skip to content

Instantly share code, notes, and snippets.

@pinggit

pinggit/transparent.conf

Last active October 22, 2017 19:37
Show Gist options
  • Save pinggit/311b2b192deddcfefbab84f41659a05f to your computer and use it in GitHub Desktop.
Save pinggit/311b2b192deddcfefbab84f41659a05f to your computer and use it in GitHub Desktop.
Download ZIP
firefly transparent config
Raw
transparent.conf
## Last changed: 2017-10-18 14:01:25 UTC
version 12.1X47-D20.7;
system {
root-authentication {
encrypted-password "$1$mHqxe3ff$hUWAehCCnLSDF.kcaAiSN1"; ## SECRET-DATA
## Last changed: 2017-10-22 18:19:28 UTC
version 12.1X47-D20.7;
system {
root-authentication {
encrypted-password "$1$mHqxe3ff$hUWAehCCnLSDF.kcaAiSN1"; ## SECRET-DATA
}
services {
ssh;
web-management {
http {
interface ge-0/0/0.0;
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family bridge {
interface-mode access;
vlan-id 1;
}
}
}
ge-0/0/1 {
unit 0 {
family bridge {
interface-mode trunk;
vlan-id-list 1-200;
}
}
}
ge-0/0/2 {
unit 0 {
family bridge {
interface-mode trunk;
vlan-id-list 1-200;
}
}
}
irb {
unit 0 {
family inet {
dhcp-client;
}
}
}
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
queue-size 2000;
timeout 20;
}
land;
}
}
}
policies {
from-zone trust to-zone trust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone untrust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone trust {
policy default-deny {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
}
}
}
}
zones {
functional-zone management {
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
all;
}
}
}
}
}
security-zone trust {
tcp-rst;
interfaces {
ge-0/0/1.0 {
host-inbound-traffic {
system-services {
dhcp;
ping;
ssh;
}
protocols {
all;
}
}
}
ge-0/0/2.0 {
host-inbound-traffic {
system-services {
dhcp;
ping;
ssh;
}
protocols {
all;
}
}
}
}
}
security-zone untrust {
screen untrust-screen;
}
}
}
bridge-domains {
sc1 {
domain-type bridge;
vlan-id 1;
routing-interface irb.0;
}
}
}
services {
ssh;
web-management {
http {
interface ge-0/0/0.0;
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
dhcp-client;
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
dhcp-client;
}
}
}
ge-0/0/2 {
unit 0 {
family inet {
dhcp-client;
}
}
}
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
queue-size 2000;
timeout 20;
}
land;
}
}
}
policies {
from-zone trust to-zone trust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone untrust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone trust {
policy default-deny {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
}
}
}
}
zones {
security-zone trust {
tcp-rst;
interfaces {
ge-0/0/1.0 {
host-inbound-traffic {
system-services {
dhcp;
ping;
ssh;
}
protocols {
all;
}
}
}
ge-0/0/2.0 {
host-inbound-traffic {
system-services {
dhcp;
ping;
ssh;
}
protocols {
all;
}
}
}
}
}
security-zone untrust {
screen untrust-screen;
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
http;
https;
ssh;
telnet;
dhcp;
}
}
}
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment