Created
April 29, 2022 14:41
-
-
Save rtrentin73/a1f9c1fc73a4f3982476da1e11ff0324 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0"?> | |
<config version="9.0.0" urldb="paloaltonetworks"> | |
<mgt-config> | |
<users> | |
<entry name="admin"> | |
<phash>$1$nnerakwt$2v3K0DG7LBVruh8FMkqbQ/</phash> | |
<permissions> | |
<role-based> | |
<superuser>yes</superuser> | |
</role-based> | |
</permissions> | |
<public-key>c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCZ1FDeWF3Vzh3RzhTbFFzS0VnMElpRldUSTRJbTdMNldHTFJBakJKM1BnUGZldGZKYms0UW55WUE0SEk4eldFNDIvTGR4ZHRQdTRSVnhBQzJLbExlTENzOGIzaTF5MEhmb2xLWGFtdlVtclVneUxMYmd5alEwUW9CQ3h1RkhlUndQZmltbVoxYlhmUy9BWlVxSjAzYmlXeU1MMVFaWGdteXM0UmJnK0RNbXd4WHE5WFd5dXRkMTJya2VsYi83ZDVqeWgvaWNzNk5NYmY5Z3VBYmdlUWt2M2J5VFJFOHVZNVRyMEhKSU02cUkvMUd2b3B2Ujg5U0s5YS9GWFF3d1NnWG5ZaWl1bHhOampzU21ncG9hRkhGZGlLTnI2SWNyeE1US2pXZ3FpUnFDRlFtMGYrU3FxVm92Y1Nra2JJNjAxTzY5NnExUU5mRCtZYi9ObE5tbWpxNHFGYlZ0RkhaZVExOFV4Q0J0aEUzTVRZeGJGY05RRUEzdWZzWTJ3R3lsY2NwZ1p3NjVlcklVUVF3MUFISlB0aUFzSHQ1VmN5Y3ZUMXFmVlBKWnJoNUZueTFRYndQQjZ6clliOENTdFE5RWFPMnhweVBxSlBIdUpDSFd6eWRJZHVucFl1aWdXdnltKzRRd2FFL0FEUWdMend3eVF4WTJISXkwVFBWVDZCSWNDbVRZK009IGFkbWluQGdjcC10cmFuc2l0LWZ3MQ==</public-key> | |
</entry> | |
<entry name="admin-api"> | |
<permissions> | |
<role-based> | |
<custom> | |
<profile>Aviatrix-API-Role</profile> | |
</custom> | |
</role-based> | |
</permissions> | |
<phash>$1$msflyasg$n5de.RtRbMToBsDQEq9/k.</phash> | |
</entry> | |
</users> | |
<password-complexity> | |
<enabled>yes</enabled> | |
<minimum-length>8</minimum-length> | |
</password-complexity> | |
</mgt-config> | |
<shared> | |
<application/> | |
<application-group/> | |
<service/> | |
<service-group/> | |
<botnet> | |
<configuration> | |
<http> | |
<dynamic-dns> | |
<enabled>yes</enabled> | |
<threshold>5</threshold> | |
</dynamic-dns> | |
<malware-sites> | |
<enabled>yes</enabled> | |
<threshold>5</threshold> | |
</malware-sites> | |
<recent-domains> | |
<enabled>yes</enabled> | |
<threshold>5</threshold> | |
</recent-domains> | |
<ip-domains> | |
<enabled>yes</enabled> | |
<threshold>10</threshold> | |
</ip-domains> | |
<executables-from-unknown-sites> | |
<enabled>yes</enabled> | |
<threshold>5</threshold> | |
</executables-from-unknown-sites> | |
</http> | |
<other-applications> | |
<irc>yes</irc> | |
</other-applications> | |
<unknown-applications> | |
<unknown-tcp> | |
<destinations-per-hour>10</destinations-per-hour> | |
<sessions-per-hour>10</sessions-per-hour> | |
<session-length> | |
<maximum-bytes>100</maximum-bytes> | |
<minimum-bytes>50</minimum-bytes> | |
</session-length> | |
</unknown-tcp> | |
<unknown-udp> | |
<destinations-per-hour>10</destinations-per-hour> | |
<sessions-per-hour>10</sessions-per-hour> | |
<session-length> | |
<maximum-bytes>100</maximum-bytes> | |
<minimum-bytes>50</minimum-bytes> | |
</session-length> | |
</unknown-udp> | |
</unknown-applications> | |
</configuration> | |
<report> | |
<topn>100</topn> | |
<scheduled>yes</scheduled> | |
</report> | |
</botnet> | |
<admin-role> | |
<entry name="Aviatrix-API-Role"> | |
<role> | |
<device> | |
<webui> | |
<dashboard>enable</dashboard> | |
<acc>enable</acc> | |
<monitor> | |
<logs> | |
<traffic>enable</traffic> | |
<threat>enable</threat> | |
<url>enable</url> | |
<wildfire>enable</wildfire> | |
<data-filtering>enable</data-filtering> | |
<hipmatch>enable</hipmatch> | |
<iptag>enable</iptag> | |
<userid>enable</userid> | |
<configuration>enable</configuration> | |
<system>enable</system> | |
<alarm>enable</alarm> | |
<authentication>enable</authentication> | |
</logs> | |
<automated-correlation-engine> | |
<correlation-objects>enable</correlation-objects> | |
<correlated-events>enable</correlated-events> | |
</automated-correlation-engine> | |
<packet-capture>enable</packet-capture> | |
<app-scope>enable</app-scope> | |
<session-browser>enable</session-browser> | |
<botnet>enable</botnet> | |
<pdf-reports> | |
<manage-pdf-summary>enable</manage-pdf-summary> | |
<pdf-summary-reports>enable</pdf-summary-reports> | |
<user-activity-report>enable</user-activity-report> | |
<saas-application-usage-report>enable</saas-application-usage-report> | |
<report-groups>enable</report-groups> | |
<email-scheduler>enable</email-scheduler> | |
</pdf-reports> | |
<custom-reports> | |
<application-statistics>enable</application-statistics> | |
<data-filtering-log>enable</data-filtering-log> | |
<threat-log>enable</threat-log> | |
<threat-summary>enable</threat-summary> | |
<traffic-log>enable</traffic-log> | |
<traffic-summary>enable</traffic-summary> | |
<url-log>enable</url-log> | |
<url-summary>enable</url-summary> | |
<hipmatch>enable</hipmatch> | |
<wildfire-log>enable</wildfire-log> | |
<tunnel-log>enable</tunnel-log> | |
<tunnel-summary>enable</tunnel-summary> | |
<iptag>enable</iptag> | |
<userid>enable</userid> | |
<auth>enable</auth> | |
</custom-reports> | |
<view-custom-reports>enable</view-custom-reports> | |
<application-reports>enable</application-reports> | |
<threat-reports>enable</threat-reports> | |
<url-filtering-reports>enable</url-filtering-reports> | |
<traffic-reports>enable</traffic-reports> | |
</monitor> | |
<policies> | |
<security-rulebase>enable</security-rulebase> | |
<nat-rulebase>enable</nat-rulebase> | |
<qos-rulebase>enable</qos-rulebase> | |
<pbf-rulebase>enable</pbf-rulebase> | |
<ssl-decryption-rulebase>enable</ssl-decryption-rulebase> | |
<tunnel-inspect-rulebase>enable</tunnel-inspect-rulebase> | |
<application-override-rulebase>enable</application-override-rulebase> | |
<authentication-rulebase>enable</authentication-rulebase> | |
<dos-rulebase>enable</dos-rulebase> | |
<rule-hit-count-reset>enable</rule-hit-count-reset> | |
</policies> | |
<objects> | |
<addresses>enable</addresses> | |
<address-groups>enable</address-groups> | |
<regions>enable</regions> | |
<applications>enable</applications> | |
<application-groups>enable</application-groups> | |
<application-filters>enable</application-filters> | |
<services>enable</services> | |
<service-groups>enable</service-groups> | |
<tags>enable</tags> | |
<global-protect> | |
<hip-objects>enable</hip-objects> | |
<hip-profiles>enable</hip-profiles> | |
</global-protect> | |
<dynamic-block-lists>enable</dynamic-block-lists> | |
<custom-objects> | |
<data-patterns>enable</data-patterns> | |
<spyware>enable</spyware> | |
<vulnerability>enable</vulnerability> | |
<url-category>enable</url-category> | |
</custom-objects> | |
<security-profiles> | |
<antivirus>enable</antivirus> | |
<anti-spyware>enable</anti-spyware> | |
<vulnerability-protection>enable</vulnerability-protection> | |
<url-filtering>enable</url-filtering> | |
<file-blocking>enable</file-blocking> | |
<wildfire-analysis>enable</wildfire-analysis> | |
<data-filtering>enable</data-filtering> | |
<dos-protection>enable</dos-protection> | |
</security-profiles> | |
<security-profile-groups>enable</security-profile-groups> | |
<log-forwarding>enable</log-forwarding> | |
<authentication>enable</authentication> | |
<decryption> | |
<decryption-profile>enable</decryption-profile> | |
</decryption> | |
<schedules>enable</schedules> | |
</objects> | |
<network> | |
<interfaces>enable</interfaces> | |
<zones>enable</zones> | |
<vlans>enable</vlans> | |
<virtual-wires>enable</virtual-wires> | |
<virtual-routers>enable</virtual-routers> | |
<ipsec-tunnels>enable</ipsec-tunnels> | |
<gre-tunnels>enable</gre-tunnels> | |
<dhcp>enable</dhcp> | |
<dns-proxy>enable</dns-proxy> | |
<global-protect> | |
<portals>enable</portals> | |
<gateways>enable</gateways> | |
<mdm>enable</mdm> | |
<device-block-list>enable</device-block-list> | |
<clientless-apps>enable</clientless-apps> | |
<clientless-app-groups>enable</clientless-app-groups> | |
</global-protect> | |
<qos>enable</qos> | |
<lldp>enable</lldp> | |
<network-profiles> | |
<gp-app-ipsec-crypto>enable</gp-app-ipsec-crypto> | |
<ike-gateways>enable</ike-gateways> | |
<ipsec-crypto>enable</ipsec-crypto> | |
<ike-crypto>enable</ike-crypto> | |
<tunnel-monitor>enable</tunnel-monitor> | |
<interface-mgmt>enable</interface-mgmt> | |
<zone-protection>enable</zone-protection> | |
<qos-profile>enable</qos-profile> | |
<lldp-profile>enable</lldp-profile> | |
<bfd-profile>enable</bfd-profile> | |
</network-profiles> | |
</network> | |
<device> | |
<setup> | |
<management>enable</management> | |
<operations>enable</operations> | |
<services>enable</services> | |
<interfaces>enable</interfaces> | |
<telemetry>enable</telemetry> | |
<content-id>enable</content-id> | |
<wildfire>enable</wildfire> | |
<session>enable</session> | |
<hsm>enable</hsm> | |
</setup> | |
<config-audit>enable</config-audit> | |
<administrators>read-only</administrators> | |
<admin-roles>read-only</admin-roles> | |
<authentication-profile>enable</authentication-profile> | |
<authentication-sequence>enable</authentication-sequence> | |
<user-identification>enable</user-identification> | |
<vm-info-source>enable</vm-info-source> | |
<troubleshooting>enable</troubleshooting> | |
<certificate-management> | |
<certificates>enable</certificates> | |
<certificate-profile>enable</certificate-profile> | |
<ocsp-responder>enable</ocsp-responder> | |
<ssl-tls-service-profile>enable</ssl-tls-service-profile> | |
<scep>enable</scep> | |
<ssl-decryption-exclusion>enable</ssl-decryption-exclusion> | |
</certificate-management> | |
<block-pages>enable</block-pages> | |
<log-settings> | |
<system>enable</system> | |
<config>enable</config> | |
<iptag>enable</iptag> | |
<user-id>enable</user-id> | |
<hipmatch>enable</hipmatch> | |
<cc-alarm>enable</cc-alarm> | |
<manage-log>enable</manage-log> | |
</log-settings> | |
<server-profile> | |
<snmp-trap>enable</snmp-trap> | |
<syslog>enable</syslog> | |
<email>enable</email> | |
<http>enable</http> | |
<netflow>enable</netflow> | |
<radius>enable</radius> | |
<tacplus>enable</tacplus> | |
<ldap>enable</ldap> | |
<kerberos>enable</kerberos> | |
<saml_idp>enable</saml_idp> | |
<mfa>enable</mfa> | |
</server-profile> | |
<local-user-database> | |
<users>enable</users> | |
<user-groups>enable</user-groups> | |
</local-user-database> | |
<scheduled-log-export>enable</scheduled-log-export> | |
<software>enable</software> | |
<global-protect-client>enable</global-protect-client> | |
<dynamic-updates>enable</dynamic-updates> | |
<plugins>enable</plugins> | |
<licenses>enable</licenses> | |
<support>enable</support> | |
<master-key>enable</master-key> | |
</device> | |
<privacy> | |
<show-full-ip-addresses>enable</show-full-ip-addresses> | |
<show-user-names-in-logs-and-reports>enable</show-user-names-in-logs-and-reports> | |
<view-pcap-files>enable</view-pcap-files> | |
</privacy> | |
<validate>enable</validate> | |
<save> | |
<partial-save>enable</partial-save> | |
<save-for-other-admins>enable</save-for-other-admins> | |
</save> | |
<commit> | |
<device>enable</device> | |
<commit-for-other-admins>enable</commit-for-other-admins> | |
</commit> | |
<tasks>enable</tasks> | |
<global> | |
<system-alarms>enable</system-alarms> | |
</global> | |
</webui> | |
<xmlapi> | |
<report>enable</report> | |
<config>enable</config> | |
<op>enable</op> | |
<commit>enable</commit> | |
</xmlapi> | |
</device> | |
</role> | |
</entry> | |
</admin-role> | |
</shared> | |
<devices> | |
<entry name="localhost.localdomain"> | |
<network> | |
<interface> | |
<ethernet> | |
<entry name="ethernet1/1"> | |
<layer3> | |
<ipv6> | |
<neighbor-discovery> | |
<router-advertisement> | |
<enable>no</enable> | |
</router-advertisement> | |
</neighbor-discovery> | |
</ipv6> | |
<ndp-proxy> | |
<enabled>no</enabled> | |
</ndp-proxy> | |
<lldp> | |
<enable>no</enable> | |
</lldp> | |
<dhcp-client> | |
<create-default-route>no</create-default-route> | |
</dhcp-client> | |
</layer3> | |
</entry> | |
<entry name="ethernet1/2"> | |
<layer3> | |
<ipv6> | |
<neighbor-discovery> | |
<router-advertisement> | |
<enable>no</enable> | |
</router-advertisement> | |
</neighbor-discovery> | |
</ipv6> | |
<ndp-proxy> | |
<enabled>no</enabled> | |
</ndp-proxy> | |
<lldp> | |
<enable>no</enable> | |
</lldp> | |
<dhcp-client> | |
<create-default-route>no</create-default-route> | |
</dhcp-client> | |
<interface-management-profile>ilb-mgpt-profile</interface-management-profile> | |
</layer3> | |
</entry> | |
</ethernet> | |
</interface> | |
<profiles> | |
<monitor-profile> | |
<entry name="default"> | |
<interval>3</interval> | |
<threshold>5</threshold> | |
<action>wait-recover</action> | |
</entry> | |
</monitor-profile> | |
<interface-management-profile> | |
<entry name="ilb-mgpt-profile"> | |
<https>yes</https> | |
</entry> | |
</interface-management-profile> | |
</profiles> | |
<ike> | |
<crypto-profiles> | |
<ike-crypto-profiles> | |
<entry name="default"> | |
<encryption> | |
<member>aes-128-cbc</member> | |
<member>3des</member> | |
</encryption> | |
<hash> | |
<member>sha1</member> | |
</hash> | |
<dh-group> | |
<member>group2</member> | |
</dh-group> | |
<lifetime> | |
<hours>8</hours> | |
</lifetime> | |
</entry> | |
<entry name="Suite-B-GCM-128"> | |
<encryption> | |
<member>aes-128-cbc</member> | |
</encryption> | |
<hash> | |
<member>sha256</member> | |
</hash> | |
<dh-group> | |
<member>group19</member> | |
</dh-group> | |
<lifetime> | |
<hours>8</hours> | |
</lifetime> | |
</entry> | |
<entry name="Suite-B-GCM-256"> | |
<encryption> | |
<member>aes-256-cbc</member> | |
</encryption> | |
<hash> | |
<member>sha384</member> | |
</hash> | |
<dh-group> | |
<member>group20</member> | |
</dh-group> | |
<lifetime> | |
<hours>8</hours> | |
</lifetime> | |
</entry> | |
</ike-crypto-profiles> | |
<ipsec-crypto-profiles> | |
<entry name="default"> | |
<esp> | |
<encryption> | |
<member>aes-128-cbc</member> | |
<member>3des</member> | |
</encryption> | |
<authentication> | |
<member>sha1</member> | |
</authentication> | |
</esp> | |
<dh-group>group2</dh-group> | |
<lifetime> | |
<hours>1</hours> | |
</lifetime> | |
</entry> | |
<entry name="Suite-B-GCM-128"> | |
<esp> | |
<encryption> | |
<member>aes-128-gcm</member> | |
</encryption> | |
<authentication> | |
<member>none</member> | |
</authentication> | |
</esp> | |
<dh-group>group19</dh-group> | |
<lifetime> | |
<hours>1</hours> | |
</lifetime> | |
</entry> | |
<entry name="Suite-B-GCM-256"> | |
<esp> | |
<encryption> | |
<member>aes-256-gcm</member> | |
</encryption> | |
<authentication> | |
<member>none</member> | |
</authentication> | |
</esp> | |
<dh-group>group20</dh-group> | |
<lifetime> | |
<hours>1</hours> | |
</lifetime> | |
</entry> | |
</ipsec-crypto-profiles> | |
<global-protect-app-crypto-profiles> | |
<entry name="default"> | |
<encryption> | |
<member>aes-128-cbc</member> | |
</encryption> | |
<authentication> | |
<member>sha1</member> | |
</authentication> | |
</entry> | |
</global-protect-app-crypto-profiles> | |
</crypto-profiles> | |
</ike> | |
<qos> | |
<profile> | |
<entry name="default"> | |
<class> | |
<entry name="class1"> | |
<priority>real-time</priority> | |
</entry> | |
<entry name="class2"> | |
<priority>high</priority> | |
</entry> | |
<entry name="class3"> | |
<priority>high</priority> | |
</entry> | |
<entry name="class4"> | |
<priority>medium</priority> | |
</entry> | |
<entry name="class5"> | |
<priority>medium</priority> | |
</entry> | |
<entry name="class6"> | |
<priority>low</priority> | |
</entry> | |
<entry name="class7"> | |
<priority>low</priority> | |
</entry> | |
<entry name="class8"> | |
<priority>low</priority> | |
</entry> | |
</class> | |
</entry> | |
</profile> | |
</qos> | |
<virtual-router> | |
<entry name="default"> | |
<protocol> | |
<bgp> | |
<enable>no</enable> | |
<dampening-profile> | |
<entry name="default"> | |
<cutoff>1.25</cutoff> | |
<reuse>0.5</reuse> | |
<max-hold-time>900</max-hold-time> | |
<decay-half-life-reachable>300</decay-half-life-reachable> | |
<decay-half-life-unreachable>900</decay-half-life-unreachable> | |
<enable>yes</enable> | |
</entry> | |
</dampening-profile> | |
<routing-options> | |
<graceful-restart> | |
<enable>yes</enable> | |
</graceful-restart> | |
</routing-options> | |
</bgp> | |
<rip> | |
<enable>no</enable> | |
</rip> | |
<ospf> | |
<enable>no</enable> | |
</ospf> | |
<ospfv3> | |
<enable>no</enable> | |
</ospfv3> | |
</protocol> | |
<interface> | |
<member>ethernet1/1</member> | |
<member>ethernet1/2</member> | |
</interface> | |
<ecmp> | |
<algorithm> | |
<ip-modulo/> | |
</algorithm> | |
</ecmp> | |
<routing-table> | |
<ip> | |
<static-route> | |
<entry name="AVX-0.0.0.0-0"> | |
<nexthop> | |
<ip-address>172.21.1.1</ip-address> | |
</nexthop> | |
<bfd> | |
<profile>None</profile> | |
</bfd> | |
<path-monitor> | |
<enable>no</enable> | |
<failure-condition>any</failure-condition> | |
<hold-time>2</hold-time> | |
</path-monitor> | |
<interface>ethernet1/1</interface> | |
<metric>1</metric> | |
<destination>0.0.0.0/0</destination> | |
<route-table> | |
<unicast/> | |
</route-table> | |
</entry> | |
<entry name="AVX-192.168.0.0-16"> | |
<nexthop> | |
<ip-address>172.21.2.1</ip-address> | |
</nexthop> | |
<bfd> | |
<profile>None</profile> | |
</bfd> | |
<path-monitor> | |
<enable>no</enable> | |
<failure-condition>any</failure-condition> | |
<hold-time>2</hold-time> | |
</path-monitor> | |
<interface>ethernet1/2</interface> | |
<metric>10</metric> | |
<destination>192.168.0.0/16</destination> | |
<route-table> | |
<unicast/> | |
</route-table> | |
</entry> | |
<entry name="AVX-35.191.0.0-16"> | |
<nexthop> | |
<ip-address>172.21.2.1</ip-address> | |
</nexthop> | |
<bfd> | |
<profile>None</profile> | |
</bfd> | |
<path-monitor> | |
<enable>no</enable> | |
<failure-condition>any</failure-condition> | |
<hold-time>2</hold-time> | |
</path-monitor> | |
<interface>ethernet1/2</interface> | |
<metric>10</metric> | |
<destination>35.191.0.0/16</destination> | |
<route-table> | |
<unicast/> | |
</route-table> | |
</entry> | |
<entry name="AVX-130.211.0.0-22"> | |
<nexthop> | |
<ip-address>172.21.2.1</ip-address> | |
</nexthop> | |
<bfd> | |
<profile>None</profile> | |
</bfd> | |
<path-monitor> | |
<enable>no</enable> | |
<failure-condition>any</failure-condition> | |
<hold-time>2</hold-time> | |
</path-monitor> | |
<interface>ethernet1/2</interface> | |
<metric>10</metric> | |
<destination>130.211.0.0/22</destination> | |
<route-table> | |
<unicast/> | |
</route-table> | |
</entry> | |
<entry name="AVX-10.0.0.0-8"> | |
<nexthop> | |
<ip-address>172.21.2.1</ip-address> | |
</nexthop> | |
<bfd> | |
<profile>None</profile> | |
</bfd> | |
<path-monitor> | |
<enable>no</enable> | |
<failure-condition>any</failure-condition> | |
<hold-time>2</hold-time> | |
</path-monitor> | |
<interface>ethernet1/2</interface> | |
<metric>10</metric> | |
<destination>10.0.0.0/8</destination> | |
<route-table> | |
<unicast/> | |
</route-table> | |
</entry> | |
<entry name="AVX-172.16.0.0-12"> | |
<nexthop> | |
<ip-address>172.21.2.1</ip-address> | |
</nexthop> | |
<bfd> | |
<profile>None</profile> | |
</bfd> | |
<path-monitor> | |
<enable>no</enable> | |
<failure-condition>any</failure-condition> | |
<hold-time>2</hold-time> | |
</path-monitor> | |
<interface>ethernet1/2</interface> | |
<metric>10</metric> | |
<destination>172.16.0.0/12</destination> | |
<route-table> | |
<unicast/> | |
</route-table> | |
</entry> | |
</static-route> | |
</ip> | |
</routing-table> | |
</entry> | |
</virtual-router> | |
</network> | |
<deviceconfig> | |
<system> | |
<type> | |
<dhcp-client> | |
<send-hostname>yes</send-hostname> | |
<send-client-id>no</send-client-id> | |
<accept-dhcp-hostname>no</accept-dhcp-hostname> | |
<accept-dhcp-domain>no</accept-dhcp-domain> | |
</dhcp-client> | |
</type> | |
<update-server>updates.paloaltonetworks.com</update-server> | |
<update-schedule> | |
<threats> | |
<recurring> | |
<weekly> | |
<day-of-week>wednesday</day-of-week> | |
<at>01:02</at> | |
<action>download-only</action> | |
</weekly> | |
</recurring> | |
</threats> | |
</update-schedule> | |
<timezone>US/Pacific</timezone> | |
<service> | |
<disable-telnet>yes</disable-telnet> | |
<disable-http>yes</disable-http> | |
</service> | |
<hostname>PA-VM</hostname> | |
</system> | |
<setting> | |
<config> | |
<rematch>yes</rematch> | |
</config> | |
<management> | |
<hostname-type-in-syslog>FQDN</hostname-type-in-syslog> | |
<initcfg> | |
<type> | |
<dhcp-client> | |
<send-hostname>yes</send-hostname> | |
<send-client-id>no</send-client-id> | |
<accept-dhcp-hostname>no</accept-dhcp-hostname> | |
<accept-dhcp-domain>no</accept-dhcp-domain> | |
</dhcp-client> | |
</type> | |
<public-key>c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCZ1FDeWF3Vzh3RzhTbFFzS0VnMElpRldUSTRJbTdMNldHTFJBakJKM1BnUGZldGZKYms0UW55WUE0SEk4eldFNDIvTGR4ZHRQdTRSVnhBQzJLbExlTENzOGIzaTF5MEhmb2xLWGFtdlVtclVneUxMYmd5alEwUW9CQ3h1RkhlUndQZmltbVoxYlhmUy9BWlVxSjAzYmlXeU1MMVFaWGdteXM0UmJnK0RNbXd4WHE5WFd5dXRkMTJya2VsYi83ZDVqeWgvaWNzNk5NYmY5Z3VBYmdlUWt2M2J5VFJFOHVZNVRyMEhKSU02cUkvMUd2b3B2Ujg5U0s5YS9GWFF3d1NnWG5ZaWl1bHhOampzU21ncG9hRkhGZGlLTnI2SWNyeE1US2pXZ3FpUnFDRlFtMGYrU3FxVm92Y1Nra2JJNjAxTzY5NnExUU5mRCtZYi9ObE5tbWpxNHFGYlZ0RkhaZVExOFV4Q0J0aEUzTVRZeGJGY05RRUEzdWZzWTJ3R3lsY2NwZ1p3NjVlcklVUVF3MUFISlB0aUFzSHQ1VmN5Y3ZUMXFmVlBKWnJoNUZueTFRYndQQjZ6clliOENTdFE5RWFPMnhweVBxSlBIdUpDSFd6eWRJZHVucFl1aWdXdnltKzRRd2FFL0FEUWdMend3eVF4WTJISXkwVFBWVDZCSWNDbVRZK009IGFkbWluQGdjcC10cmFuc2l0LWZ3MQ==</public-key> | |
</initcfg> | |
</management> | |
</setting> | |
</deviceconfig> | |
<vsys> | |
<entry name="vsys1"> | |
<application/> | |
<application-group/> | |
<zone> | |
<entry name="wan"> | |
<network> | |
<layer3> | |
<member>ethernet1/1</member> | |
</layer3> | |
</network> | |
</entry> | |
<entry name="lan"> | |
<network> | |
<layer3> | |
<member>ethernet1/2</member> | |
</layer3> | |
</network> | |
</entry> | |
</zone> | |
<service/> | |
<service-group/> | |
<schedule/> | |
<rulebase> | |
<nat> | |
<rules> | |
<entry name="ilb-health-check-dnat-99" uuid="448b8924-bd53-4a13-a21b-18d42926ceff"> | |
<to> | |
<member>lan</member> | |
</to> | |
<from> | |
<member>lan</member> | |
</from> | |
<source> | |
<member>35.191.0.0/16</member> | |
<member>130.211.0.0/22</member> | |
</source> | |
<destination> | |
<member>172.21.2.99</member> | |
</destination> | |
<service>any</service> | |
<to-interface>ethernet1/2</to-interface> | |
<destination-translation> | |
<translated-address>172.21.2.4</translated-address> | |
</destination-translation> | |
</entry> | |
<entry name="ilb-health-check-dnat-100" uuid="f9d65527-775e-4b2b-b316-b10693621297"> | |
<to> | |
<member>lan</member> | |
</to> | |
<from> | |
<member>lan</member> | |
</from> | |
<source> | |
<member>35.191.0.0/16</member> | |
<member>130.211.0.0/22</member> | |
</source> | |
<destination> | |
<member>172.21.2.100</member> | |
</destination> | |
<service>any</service> | |
<to-interface>ethernet1/2</to-interface> | |
<destination-translation> | |
<translated-address>172.21.2.4</translated-address> | |
</destination-translation> | |
</entry> | |
<entry name="egress" uuid="37323551-4e28-4dc3-911d-9a65e1c0e462"> | |
<source-translation> | |
<dynamic-ip-and-port> | |
<interface-address> | |
<interface>ethernet1/1</interface> | |
</interface-address> | |
</dynamic-ip-and-port> | |
</source-translation> | |
<to> | |
<member>lan</member> | |
</to> | |
<from> | |
<member>lan</member> | |
</from> | |
<source> | |
<member>172.21.30.0/24</member> | |
<member>172.21.40.0/24</member> | |
</source> | |
<destination> | |
<member>any</member> | |
</destination> | |
<service>any</service> | |
<to-interface>ethernet1/1</to-interface> | |
</entry> | |
</rules> | |
</nat> | |
<security> | |
<rules> | |
<entry name="ilb-health-check" uuid="05cc8ad8-5f4a-4a5a-86b3-29c184668a9b"> | |
<to> | |
<member>lan</member> | |
</to> | |
<from> | |
<member>any</member> | |
</from> | |
<source> | |
<member>35.191.0.0/16</member> | |
<member>130.211.0.0/22</member> | |
</source> | |
<destination> | |
<member>any</member> | |
</destination> | |
<source-user> | |
<member>any</member> | |
</source-user> | |
<category> | |
<member>any</member> | |
</category> | |
<application> | |
<member>any</member> | |
</application> | |
<service> | |
<member>application-default</member> | |
</service> | |
<hip-profiles> | |
<member>any</member> | |
</hip-profiles> | |
<action>allow</action> | |
</entry> | |
<entry name="egress" uuid="9d487e65-3d09-465a-9f07-260a0a22ff57"> | |
<to> | |
<member>wan</member> | |
</to> | |
<from> | |
<member>lan</member> | |
</from> | |
<source> | |
<member>any</member> | |
</source> | |
<destination> | |
<member>any</member> | |
</destination> | |
<source-user> | |
<member>any</member> | |
</source-user> | |
<category> | |
<member>any</member> | |
</category> | |
<application> | |
<member>any</member> | |
</application> | |
<service> | |
<member>application-default</member> | |
</service> | |
<hip-profiles> | |
<member>any</member> | |
</hip-profiles> | |
<action>allow</action> | |
</entry> | |
</rules> | |
</security> | |
</rulebase> | |
<import> | |
<network> | |
<interface> | |
<member>ethernet1/1</member> | |
<member>ethernet1/2</member> | |
</interface> | |
</network> | |
</import> | |
</entry> | |
</vsys> | |
</entry> | |
</devices> | |
</config> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment