Skip to content

Instantly share code, notes, and snippets.

@rtrentin73

rtrentin73/bootstrap.xml

Created April 29, 2022 14:41
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rtrentin73/a1f9c1fc73a4f3982476da1e11ff0324 to your computer and use it in GitHub Desktop.
Save rtrentin73/a1f9c1fc73a4f3982476da1e11ff0324 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
bootstrap.xml
<?xml version="1.0"?>
<config version="9.0.0" urldb="paloaltonetworks">
<mgt-config>
<users>
<entry name="admin">
<phash>$1$nnerakwt$2v3K0DG7LBVruh8FMkqbQ/</phash>
<permissions>
<role-based>
<superuser>yes</superuser>
</role-based>
</permissions>
<public-key>c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCZ1FDeWF3Vzh3RzhTbFFzS0VnMElpRldUSTRJbTdMNldHTFJBakJKM1BnUGZldGZKYms0UW55WUE0SEk4eldFNDIvTGR4ZHRQdTRSVnhBQzJLbExlTENzOGIzaTF5MEhmb2xLWGFtdlVtclVneUxMYmd5alEwUW9CQ3h1RkhlUndQZmltbVoxYlhmUy9BWlVxSjAzYmlXeU1MMVFaWGdteXM0UmJnK0RNbXd4WHE5WFd5dXRkMTJya2VsYi83ZDVqeWgvaWNzNk5NYmY5Z3VBYmdlUWt2M2J5VFJFOHVZNVRyMEhKSU02cUkvMUd2b3B2Ujg5U0s5YS9GWFF3d1NnWG5ZaWl1bHhOampzU21ncG9hRkhGZGlLTnI2SWNyeE1US2pXZ3FpUnFDRlFtMGYrU3FxVm92Y1Nra2JJNjAxTzY5NnExUU5mRCtZYi9ObE5tbWpxNHFGYlZ0RkhaZVExOFV4Q0J0aEUzTVRZeGJGY05RRUEzdWZzWTJ3R3lsY2NwZ1p3NjVlcklVUVF3MUFISlB0aUFzSHQ1VmN5Y3ZUMXFmVlBKWnJoNUZueTFRYndQQjZ6clliOENTdFE5RWFPMnhweVBxSlBIdUpDSFd6eWRJZHVucFl1aWdXdnltKzRRd2FFL0FEUWdMend3eVF4WTJISXkwVFBWVDZCSWNDbVRZK009IGFkbWluQGdjcC10cmFuc2l0LWZ3MQ==</public-key>
</entry>
<entry name="admin-api">
<permissions>
<role-based>
<custom>
<profile>Aviatrix-API-Role</profile>
</custom>
</role-based>
</permissions>
<phash>$1$msflyasg$n5de.RtRbMToBsDQEq9/k.</phash>
</entry>
</users>
<password-complexity>
<enabled>yes</enabled>
<minimum-length>8</minimum-length>
</password-complexity>
</mgt-config>
<shared>
<application/>
<application-group/>
<service/>
<service-group/>
<botnet>
<configuration>
<http>
<dynamic-dns>
<enabled>yes</enabled>
<threshold>5</threshold>
</dynamic-dns>
<malware-sites>
<enabled>yes</enabled>
<threshold>5</threshold>
</malware-sites>
<recent-domains>
<enabled>yes</enabled>
<threshold>5</threshold>
</recent-domains>
<ip-domains>
<enabled>yes</enabled>
<threshold>10</threshold>
</ip-domains>
<executables-from-unknown-sites>
<enabled>yes</enabled>
<threshold>5</threshold>
</executables-from-unknown-sites>
</http>
<other-applications>
<irc>yes</irc>
</other-applications>
<unknown-applications>
<unknown-tcp>
<destinations-per-hour>10</destinations-per-hour>
<sessions-per-hour>10</sessions-per-hour>
<session-length>
<maximum-bytes>100</maximum-bytes>
<minimum-bytes>50</minimum-bytes>
</session-length>
</unknown-tcp>
<unknown-udp>
<destinations-per-hour>10</destinations-per-hour>
<sessions-per-hour>10</sessions-per-hour>
<session-length>
<maximum-bytes>100</maximum-bytes>
<minimum-bytes>50</minimum-bytes>
</session-length>
</unknown-udp>
</unknown-applications>
</configuration>
<report>
<topn>100</topn>
<scheduled>yes</scheduled>
</report>
</botnet>
<admin-role>
<entry name="Aviatrix-API-Role">
<role>
<device>
<webui>
<dashboard>enable</dashboard>
<acc>enable</acc>
<monitor>
<logs>
<traffic>enable</traffic>
<threat>enable</threat>
<url>enable</url>
<wildfire>enable</wildfire>
<data-filtering>enable</data-filtering>
<hipmatch>enable</hipmatch>
<iptag>enable</iptag>
<userid>enable</userid>
<configuration>enable</configuration>
<system>enable</system>
<alarm>enable</alarm>
<authentication>enable</authentication>
</logs>
<automated-correlation-engine>
<correlation-objects>enable</correlation-objects>
<correlated-events>enable</correlated-events>
</automated-correlation-engine>
<packet-capture>enable</packet-capture>
<app-scope>enable</app-scope>
<session-browser>enable</session-browser>
<botnet>enable</botnet>
<pdf-reports>
<manage-pdf-summary>enable</manage-pdf-summary>
<pdf-summary-reports>enable</pdf-summary-reports>
<user-activity-report>enable</user-activity-report>
<saas-application-usage-report>enable</saas-application-usage-report>
<report-groups>enable</report-groups>
<email-scheduler>enable</email-scheduler>
</pdf-reports>
<custom-reports>
<application-statistics>enable</application-statistics>
<data-filtering-log>enable</data-filtering-log>
<threat-log>enable</threat-log>
<threat-summary>enable</threat-summary>
<traffic-log>enable</traffic-log>
<traffic-summary>enable</traffic-summary>
<url-log>enable</url-log>
<url-summary>enable</url-summary>
<hipmatch>enable</hipmatch>
<wildfire-log>enable</wildfire-log>
<tunnel-log>enable</tunnel-log>
<tunnel-summary>enable</tunnel-summary>
<iptag>enable</iptag>
<userid>enable</userid>
<auth>enable</auth>
</custom-reports>
<view-custom-reports>enable</view-custom-reports>
<application-reports>enable</application-reports>
<threat-reports>enable</threat-reports>
<url-filtering-reports>enable</url-filtering-reports>
<traffic-reports>enable</traffic-reports>
</monitor>
<policies>
<security-rulebase>enable</security-rulebase>
<nat-rulebase>enable</nat-rulebase>
<qos-rulebase>enable</qos-rulebase>
<pbf-rulebase>enable</pbf-rulebase>
<ssl-decryption-rulebase>enable</ssl-decryption-rulebase>
<tunnel-inspect-rulebase>enable</tunnel-inspect-rulebase>
<application-override-rulebase>enable</application-override-rulebase>
<authentication-rulebase>enable</authentication-rulebase>
<dos-rulebase>enable</dos-rulebase>
<rule-hit-count-reset>enable</rule-hit-count-reset>
</policies>
<objects>
<addresses>enable</addresses>
<address-groups>enable</address-groups>
<regions>enable</regions>
<applications>enable</applications>
<application-groups>enable</application-groups>
<application-filters>enable</application-filters>
<services>enable</services>
<service-groups>enable</service-groups>
<tags>enable</tags>
<global-protect>
<hip-objects>enable</hip-objects>
<hip-profiles>enable</hip-profiles>
</global-protect>
<dynamic-block-lists>enable</dynamic-block-lists>
<custom-objects>
<data-patterns>enable</data-patterns>
<spyware>enable</spyware>
<vulnerability>enable</vulnerability>
<url-category>enable</url-category>
</custom-objects>
<security-profiles>
<antivirus>enable</antivirus>
<anti-spyware>enable</anti-spyware>
<vulnerability-protection>enable</vulnerability-protection>
<url-filtering>enable</url-filtering>
<file-blocking>enable</file-blocking>
<wildfire-analysis>enable</wildfire-analysis>
<data-filtering>enable</data-filtering>
<dos-protection>enable</dos-protection>
</security-profiles>
<security-profile-groups>enable</security-profile-groups>
<log-forwarding>enable</log-forwarding>
<authentication>enable</authentication>
<decryption>
<decryption-profile>enable</decryption-profile>
</decryption>
<schedules>enable</schedules>
</objects>
<network>
<interfaces>enable</interfaces>
<zones>enable</zones>
<vlans>enable</vlans>
<virtual-wires>enable</virtual-wires>
<virtual-routers>enable</virtual-routers>
<ipsec-tunnels>enable</ipsec-tunnels>
<gre-tunnels>enable</gre-tunnels>
<dhcp>enable</dhcp>
<dns-proxy>enable</dns-proxy>
<global-protect>
<portals>enable</portals>
<gateways>enable</gateways>
<mdm>enable</mdm>
<device-block-list>enable</device-block-list>
<clientless-apps>enable</clientless-apps>
<clientless-app-groups>enable</clientless-app-groups>
</global-protect>
<qos>enable</qos>
<lldp>enable</lldp>
<network-profiles>
<gp-app-ipsec-crypto>enable</gp-app-ipsec-crypto>
<ike-gateways>enable</ike-gateways>
<ipsec-crypto>enable</ipsec-crypto>
<ike-crypto>enable</ike-crypto>
<tunnel-monitor>enable</tunnel-monitor>
<interface-mgmt>enable</interface-mgmt>
<zone-protection>enable</zone-protection>
<qos-profile>enable</qos-profile>
<lldp-profile>enable</lldp-profile>
<bfd-profile>enable</bfd-profile>
</network-profiles>
</network>
<device>
<setup>
<management>enable</management>
<operations>enable</operations>
<services>enable</services>
<interfaces>enable</interfaces>
<telemetry>enable</telemetry>
<content-id>enable</content-id>
<wildfire>enable</wildfire>
<session>enable</session>
<hsm>enable</hsm>
</setup>
<config-audit>enable</config-audit>
<administrators>read-only</administrators>
<admin-roles>read-only</admin-roles>
<authentication-profile>enable</authentication-profile>
<authentication-sequence>enable</authentication-sequence>
<user-identification>enable</user-identification>
<vm-info-source>enable</vm-info-source>
<troubleshooting>enable</troubleshooting>
<certificate-management>
<certificates>enable</certificates>
<certificate-profile>enable</certificate-profile>
<ocsp-responder>enable</ocsp-responder>
<ssl-tls-service-profile>enable</ssl-tls-service-profile>
<scep>enable</scep>
<ssl-decryption-exclusion>enable</ssl-decryption-exclusion>
</certificate-management>
<block-pages>enable</block-pages>
<log-settings>
<system>enable</system>
<config>enable</config>
<iptag>enable</iptag>
<user-id>enable</user-id>
<hipmatch>enable</hipmatch>
<cc-alarm>enable</cc-alarm>
<manage-log>enable</manage-log>
</log-settings>
<server-profile>
<snmp-trap>enable</snmp-trap>
<syslog>enable</syslog>
<email>enable</email>
<http>enable</http>
<netflow>enable</netflow>
<radius>enable</radius>
<tacplus>enable</tacplus>
<ldap>enable</ldap>
<kerberos>enable</kerberos>
<saml_idp>enable</saml_idp>
<mfa>enable</mfa>
</server-profile>
<local-user-database>
<users>enable</users>
<user-groups>enable</user-groups>
</local-user-database>
<scheduled-log-export>enable</scheduled-log-export>
<software>enable</software>
<global-protect-client>enable</global-protect-client>
<dynamic-updates>enable</dynamic-updates>
<plugins>enable</plugins>
<licenses>enable</licenses>
<support>enable</support>
<master-key>enable</master-key>
</device>
<privacy>
<show-full-ip-addresses>enable</show-full-ip-addresses>
<show-user-names-in-logs-and-reports>enable</show-user-names-in-logs-and-reports>
<view-pcap-files>enable</view-pcap-files>
</privacy>
<validate>enable</validate>
<save>
<partial-save>enable</partial-save>
<save-for-other-admins>enable</save-for-other-admins>
</save>
<commit>
<device>enable</device>
<commit-for-other-admins>enable</commit-for-other-admins>
</commit>
<tasks>enable</tasks>
<global>
<system-alarms>enable</system-alarms>
</global>
</webui>
<xmlapi>
<report>enable</report>
<config>enable</config>
<op>enable</op>
<commit>enable</commit>
</xmlapi>
</device>
</role>
</entry>
</admin-role>
</shared>
<devices>
<entry name="localhost.localdomain">
<network>
<interface>
<ethernet>
<entry name="ethernet1/1">
<layer3>
<ipv6>
<neighbor-discovery>
<router-advertisement>
<enable>no</enable>
</router-advertisement>
</neighbor-discovery>
</ipv6>
<ndp-proxy>
<enabled>no</enabled>
</ndp-proxy>
<lldp>
<enable>no</enable>
</lldp>
<dhcp-client>
<create-default-route>no</create-default-route>
</dhcp-client>
</layer3>
</entry>
<entry name="ethernet1/2">
<layer3>
<ipv6>
<neighbor-discovery>
<router-advertisement>
<enable>no</enable>
</router-advertisement>
</neighbor-discovery>
</ipv6>
<ndp-proxy>
<enabled>no</enabled>
</ndp-proxy>
<lldp>
<enable>no</enable>
</lldp>
<dhcp-client>
<create-default-route>no</create-default-route>
</dhcp-client>
<interface-management-profile>ilb-mgpt-profile</interface-management-profile>
</layer3>
</entry>
</ethernet>
</interface>
<profiles>
<monitor-profile>
<entry name="default">
<interval>3</interval>
<threshold>5</threshold>
<action>wait-recover</action>
</entry>
</monitor-profile>
<interface-management-profile>
<entry name="ilb-mgpt-profile">
<https>yes</https>
</entry>
</interface-management-profile>
</profiles>
<ike>
<crypto-profiles>
<ike-crypto-profiles>
<entry name="default">
<encryption>
<member>aes-128-cbc</member>
<member>3des</member>
</encryption>
<hash>
<member>sha1</member>
</hash>
<dh-group>
<member>group2</member>
</dh-group>
<lifetime>
<hours>8</hours>
</lifetime>
</entry>
<entry name="Suite-B-GCM-128">
<encryption>
<member>aes-128-cbc</member>
</encryption>
<hash>
<member>sha256</member>
</hash>
<dh-group>
<member>group19</member>
</dh-group>
<lifetime>
<hours>8</hours>
</lifetime>
</entry>
<entry name="Suite-B-GCM-256">
<encryption>
<member>aes-256-cbc</member>
</encryption>
<hash>
<member>sha384</member>
</hash>
<dh-group>
<member>group20</member>
</dh-group>
<lifetime>
<hours>8</hours>
</lifetime>
</entry>
</ike-crypto-profiles>
<ipsec-crypto-profiles>
<entry name="default">
<esp>
<encryption>
<member>aes-128-cbc</member>
<member>3des</member>
</encryption>
<authentication>
<member>sha1</member>
</authentication>
</esp>
<dh-group>group2</dh-group>
<lifetime>
<hours>1</hours>
</lifetime>
</entry>
<entry name="Suite-B-GCM-128">
<esp>
<encryption>
<member>aes-128-gcm</member>
</encryption>
<authentication>
<member>none</member>
</authentication>
</esp>
<dh-group>group19</dh-group>
<lifetime>
<hours>1</hours>
</lifetime>
</entry>
<entry name="Suite-B-GCM-256">
<esp>
<encryption>
<member>aes-256-gcm</member>
</encryption>
<authentication>
<member>none</member>
</authentication>
</esp>
<dh-group>group20</dh-group>
<lifetime>
<hours>1</hours>
</lifetime>
</entry>
</ipsec-crypto-profiles>
<global-protect-app-crypto-profiles>
<entry name="default">
<encryption>
<member>aes-128-cbc</member>
</encryption>
<authentication>
<member>sha1</member>
</authentication>
</entry>
</global-protect-app-crypto-profiles>
</crypto-profiles>
</ike>
<qos>
<profile>
<entry name="default">
<class>
<entry name="class1">
<priority>real-time</priority>
</entry>
<entry name="class2">
<priority>high</priority>
</entry>
<entry name="class3">
<priority>high</priority>
</entry>
<entry name="class4">
<priority>medium</priority>
</entry>
<entry name="class5">
<priority>medium</priority>
</entry>
<entry name="class6">
<priority>low</priority>
</entry>
<entry name="class7">
<priority>low</priority>
</entry>
<entry name="class8">
<priority>low</priority>
</entry>
</class>
</entry>
</profile>
</qos>
<virtual-router>
<entry name="default">
<protocol>
<bgp>
<enable>no</enable>
<dampening-profile>
<entry name="default">
<cutoff>1.25</cutoff>
<reuse>0.5</reuse>
<max-hold-time>900</max-hold-time>
<decay-half-life-reachable>300</decay-half-life-reachable>
<decay-half-life-unreachable>900</decay-half-life-unreachable>
<enable>yes</enable>
</entry>
</dampening-profile>
<routing-options>
<graceful-restart>
<enable>yes</enable>
</graceful-restart>
</routing-options>
</bgp>
<rip>
<enable>no</enable>
</rip>
<ospf>
<enable>no</enable>
</ospf>
<ospfv3>
<enable>no</enable>
</ospfv3>
</protocol>
<interface>
<member>ethernet1/1</member>
<member>ethernet1/2</member>
</interface>
<ecmp>
<algorithm>
<ip-modulo/>
</algorithm>
</ecmp>
<routing-table>
<ip>
<static-route>
<entry name="AVX-0.0.0.0-0">
<nexthop>
<ip-address>172.21.1.1</ip-address>
</nexthop>
<bfd>
<profile>None</profile>
</bfd>
<path-monitor>
<enable>no</enable>
<failure-condition>any</failure-condition>
<hold-time>2</hold-time>
</path-monitor>
<interface>ethernet1/1</interface>
<metric>1</metric>
<destination>0.0.0.0/0</destination>
<route-table>
<unicast/>
</route-table>
</entry>
<entry name="AVX-192.168.0.0-16">
<nexthop>
<ip-address>172.21.2.1</ip-address>
</nexthop>
<bfd>
<profile>None</profile>
</bfd>
<path-monitor>
<enable>no</enable>
<failure-condition>any</failure-condition>
<hold-time>2</hold-time>
</path-monitor>
<interface>ethernet1/2</interface>
<metric>10</metric>
<destination>192.168.0.0/16</destination>
<route-table>
<unicast/>
</route-table>
</entry>
<entry name="AVX-35.191.0.0-16">
<nexthop>
<ip-address>172.21.2.1</ip-address>
</nexthop>
<bfd>
<profile>None</profile>
</bfd>
<path-monitor>
<enable>no</enable>
<failure-condition>any</failure-condition>
<hold-time>2</hold-time>
</path-monitor>
<interface>ethernet1/2</interface>
<metric>10</metric>
<destination>35.191.0.0/16</destination>
<route-table>
<unicast/>
</route-table>
</entry>
<entry name="AVX-130.211.0.0-22">
<nexthop>
<ip-address>172.21.2.1</ip-address>
</nexthop>
<bfd>
<profile>None</profile>
</bfd>
<path-monitor>
<enable>no</enable>
<failure-condition>any</failure-condition>
<hold-time>2</hold-time>
</path-monitor>
<interface>ethernet1/2</interface>
<metric>10</metric>
<destination>130.211.0.0/22</destination>
<route-table>
<unicast/>
</route-table>
</entry>
<entry name="AVX-10.0.0.0-8">
<nexthop>
<ip-address>172.21.2.1</ip-address>
</nexthop>
<bfd>
<profile>None</profile>
</bfd>
<path-monitor>
<enable>no</enable>
<failure-condition>any</failure-condition>
<hold-time>2</hold-time>
</path-monitor>
<interface>ethernet1/2</interface>
<metric>10</metric>
<destination>10.0.0.0/8</destination>
<route-table>
<unicast/>
</route-table>
</entry>
<entry name="AVX-172.16.0.0-12">
<nexthop>
<ip-address>172.21.2.1</ip-address>
</nexthop>
<bfd>
<profile>None</profile>
</bfd>
<path-monitor>
<enable>no</enable>
<failure-condition>any</failure-condition>
<hold-time>2</hold-time>
</path-monitor>
<interface>ethernet1/2</interface>
<metric>10</metric>
<destination>172.16.0.0/12</destination>
<route-table>
<unicast/>
</route-table>
</entry>
</static-route>
</ip>
</routing-table>
</entry>
</virtual-router>
</network>
<deviceconfig>
<system>
<type>
<dhcp-client>
<send-hostname>yes</send-hostname>
<send-client-id>no</send-client-id>
<accept-dhcp-hostname>no</accept-dhcp-hostname>
<accept-dhcp-domain>no</accept-dhcp-domain>
</dhcp-client>
</type>
<update-server>updates.paloaltonetworks.com</update-server>
<update-schedule>
<threats>
<recurring>
<weekly>
<day-of-week>wednesday</day-of-week>
<at>01:02</at>
<action>download-only</action>
</weekly>
</recurring>
</threats>
</update-schedule>
<timezone>US/Pacific</timezone>
<service>
<disable-telnet>yes</disable-telnet>
<disable-http>yes</disable-http>
</service>
<hostname>PA-VM</hostname>
</system>
<setting>
<config>
<rematch>yes</rematch>
</config>
<management>
<hostname-type-in-syslog>FQDN</hostname-type-in-syslog>
<initcfg>
<type>
<dhcp-client>
<send-hostname>yes</send-hostname>
<send-client-id>no</send-client-id>
<accept-dhcp-hostname>no</accept-dhcp-hostname>
<accept-dhcp-domain>no</accept-dhcp-domain>
</dhcp-client>
</type>
<public-key>c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCZ1FDeWF3Vzh3RzhTbFFzS0VnMElpRldUSTRJbTdMNldHTFJBakJKM1BnUGZldGZKYms0UW55WUE0SEk4eldFNDIvTGR4ZHRQdTRSVnhBQzJLbExlTENzOGIzaTF5MEhmb2xLWGFtdlVtclVneUxMYmd5alEwUW9CQ3h1RkhlUndQZmltbVoxYlhmUy9BWlVxSjAzYmlXeU1MMVFaWGdteXM0UmJnK0RNbXd4WHE5WFd5dXRkMTJya2VsYi83ZDVqeWgvaWNzNk5NYmY5Z3VBYmdlUWt2M2J5VFJFOHVZNVRyMEhKSU02cUkvMUd2b3B2Ujg5U0s5YS9GWFF3d1NnWG5ZaWl1bHhOampzU21ncG9hRkhGZGlLTnI2SWNyeE1US2pXZ3FpUnFDRlFtMGYrU3FxVm92Y1Nra2JJNjAxTzY5NnExUU5mRCtZYi9ObE5tbWpxNHFGYlZ0RkhaZVExOFV4Q0J0aEUzTVRZeGJGY05RRUEzdWZzWTJ3R3lsY2NwZ1p3NjVlcklVUVF3MUFISlB0aUFzSHQ1VmN5Y3ZUMXFmVlBKWnJoNUZueTFRYndQQjZ6clliOENTdFE5RWFPMnhweVBxSlBIdUpDSFd6eWRJZHVucFl1aWdXdnltKzRRd2FFL0FEUWdMend3eVF4WTJISXkwVFBWVDZCSWNDbVRZK009IGFkbWluQGdjcC10cmFuc2l0LWZ3MQ==</public-key>
</initcfg>
</management>
</setting>
</deviceconfig>
<vsys>
<entry name="vsys1">
<application/>
<application-group/>
<zone>
<entry name="wan">
<network>
<layer3>
<member>ethernet1/1</member>
</layer3>
</network>
</entry>
<entry name="lan">
<network>
<layer3>
<member>ethernet1/2</member>
</layer3>
</network>
</entry>
</zone>
<service/>
<service-group/>
<schedule/>
<rulebase>
<nat>
<rules>
<entry name="ilb-health-check-dnat-99" uuid="448b8924-bd53-4a13-a21b-18d42926ceff">
<to>
<member>lan</member>
</to>
<from>
<member>lan</member>
</from>
<source>
<member>35.191.0.0/16</member>
<member>130.211.0.0/22</member>
</source>
<destination>
<member>172.21.2.99</member>
</destination>
<service>any</service>
<to-interface>ethernet1/2</to-interface>
<destination-translation>
<translated-address>172.21.2.4</translated-address>
</destination-translation>
</entry>
<entry name="ilb-health-check-dnat-100" uuid="f9d65527-775e-4b2b-b316-b10693621297">
<to>
<member>lan</member>
</to>
<from>
<member>lan</member>
</from>
<source>
<member>35.191.0.0/16</member>
<member>130.211.0.0/22</member>
</source>
<destination>
<member>172.21.2.100</member>
</destination>
<service>any</service>
<to-interface>ethernet1/2</to-interface>
<destination-translation>
<translated-address>172.21.2.4</translated-address>
</destination-translation>
</entry>
<entry name="egress" uuid="37323551-4e28-4dc3-911d-9a65e1c0e462">
<source-translation>
<dynamic-ip-and-port>
<interface-address>
<interface>ethernet1/1</interface>
</interface-address>
</dynamic-ip-and-port>
</source-translation>
<to>
<member>lan</member>
</to>
<from>
<member>lan</member>
</from>
<source>
<member>172.21.30.0/24</member>
<member>172.21.40.0/24</member>
</source>
<destination>
<member>any</member>
</destination>
<service>any</service>
<to-interface>ethernet1/1</to-interface>
</entry>
</rules>
</nat>
<security>
<rules>
<entry name="ilb-health-check" uuid="05cc8ad8-5f4a-4a5a-86b3-29c184668a9b">
<to>
<member>lan</member>
</to>
<from>
<member>any</member>
</from>
<source>
<member>35.191.0.0/16</member>
<member>130.211.0.0/22</member>
</source>
<destination>
<member>any</member>
</destination>
<source-user>
<member>any</member>
</source-user>
<category>
<member>any</member>
</category>
<application>
<member>any</member>
</application>
<service>
<member>application-default</member>
</service>
<hip-profiles>
<member>any</member>
</hip-profiles>
<action>allow</action>
</entry>
<entry name="egress" uuid="9d487e65-3d09-465a-9f07-260a0a22ff57">
<to>
<member>wan</member>
</to>
<from>
<member>lan</member>
</from>
<source>
<member>any</member>
</source>
<destination>
<member>any</member>
</destination>
<source-user>
<member>any</member>
</source-user>
<category>
<member>any</member>
</category>
<application>
<member>any</member>
</application>
<service>
<member>application-default</member>
</service>
<hip-profiles>
<member>any</member>
</hip-profiles>
<action>allow</action>
</entry>
</rules>
</security>
</rulebase>
<import>
<network>
<interface>
<member>ethernet1/1</member>
<member>ethernet1/2</member>
</interface>
</network>
</import>
</entry>
</vsys>
</entry>
</devices>
</config>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment