set clock ntp set clock timezone -5 set vrouter trust-vr sharable set vrouter "untrust-vr" exit set vrouter "trust-vr" unset auto-route-export set protocol ospf set enable exit set preference ebgp 250 set preference ibgp 40 exit set auth-server "Local" id 0 set auth-server "Local" server-name "Local" set auth-server "atlantis" id 1 set auth-server "atlantis" server-name "" set auth-server "atlantis" account-type admin set auth-server "atlantis" radius port 1812 set auth-server "atlantis" radius secret "" set auth default auth server "Local" set auth radius accounting port 1646 set admin name "root" set admin password "" set admin auth timeout 10 set admin auth server "atlantis" set admin privilege read-write set admin format unix set zone "Trust" vrouter "trust-vr" set zone "Untrust" vrouter "untrust-vr" set zone "VLAN" vrouter "trust-vr" set zone "Untrust-Tun" vrouter "trust-vr" set zone "Trust" tcp-rst set zone "Untrust" block unset zone "Untrust" tcp-rst set zone "MGT" block set zone "VLAN" block set zone "VLAN" tcp-rst set zone "Untrust" screen tear-drop set zone "Untrust" screen syn-flood set zone "Untrust" screen ping-death set zone "Untrust" screen ip-filter-src set zone "Untrust" screen land set zone "V1-Untrust" screen tear-drop set zone "V1-Untrust" screen syn-flood set zone "V1-Untrust" screen ping-death set zone "V1-Untrust" screen ip-filter-src set zone "V1-Untrust" screen land set interface "trust" zone "Trust" set interface "untrust" zone "Untrust" set interface "loopback.1" zone "Trust" unset interface vlan1 ip set interface trust ip 10.3.253.1/29 set interface "trust" ipv6 mode "host" set interface "trust" ipv6 enable set interface trust route set interface untrust ip 71.75.169.196/20 set interface untrust route set interface loopback.1 ip 10.3.4.11/32 set interface loopback.1 route set interface "trust" pmtu ipv4 set interface "untrust" pmtu ipv4 unset interface vlan1 bypass-others-ipsec unset interface vlan1 bypass-non-ip set interface trust ip manageable set interface untrust ip manageable set interface loopback.1 ip manageable unset interface trust manage telnet unset interface trust manage ssl set interface trust manage ident-reset set interface untrust manage ping set interface untrust manage ssh set interface untrust manage ident-reset unset interface loopback.1 manage telnet unset interface loopback.1 manage ssl set auth-server "atlantis" src-interface "loopback.1" set interface trust ipv6 ra accept set interface trust ipv6 nd nud set interface untrust dhcp client enable set flow tcp-mss set flow check tcp-rst-sequence set flow path-mtu unset flow no-tcp-seq-check set flow tcp-syn-check set flow icmp time-exceeded set domain carolina.rr.com set hostname einstein set dns host dns1 10.3.4.6 set dns host dns2 10.3.5.1 set dns ddns set address "Trust" "10.3.0.0/16" 10.3.0.0 255.255.0.0 set address "Trust" "172.16.3.0/24" 172.16.3.0 255.255.255.0 set address "Untrust" "10.0.0.0/8" 10.0.0.0 255.0.0.0 set address "Untrust" "172.16.0.0/12" 172.16.0.0 255.240.0.0 set address "Untrust" "192.168.0.0/16" 192.168.0.0 255.255.0.0 set address "Untrust" "test" 69.9.189.182 255.255.255.255 set user "test" uid 1 set user "test" ike-id u-fqdn "test@host.com" share-limit 1 set user "test" type ike set user "test" "enable" set user-group "testusers" id 1 set user-group "testusers" user "test" set ike gateway "test" dialup "testusers" Aggr outgoing-interface "trust" preshare "HpJqlkJnNth264sQnDCZppEct9n49/DdeQ==" proposal "pre-g2-3des-sha" set ike gateway "test" nat-traversal udp-checksum set ike gateway "test" nat-traversal keepalive-frequency 5 set ike respond-bad-spi 1 unset ike ikeid-enumeration unset ike dos-protection unset ipsec access-session enable set ipsec access-session maximum 5000 set ipsec access-session upper-threshold 0 set ipsec access-session lower-threshold 0 set ipsec access-session dead-p2-sa-timeout 0 unset ipsec access-session log-error unset ipsec access-session info-exch-connected unset ipsec access-session use-error-log set vpn "test" gateway "test" no-replay tunnel idletime 0 proposal "g2-esp-3des-sha" set av profile "scan-mgr" set ftp scan-mode scan-all set ftp decompress-layer 2 set http scan-mode scan-all set imap scan-mode scan-all set imap decompress-layer 2 set pop3 scan-mode scan-all set pop3 decompress-layer 2 set smtp scan-mode scan-all set smtp decompress-layer 2 exit set url protocol websense exit set policy id 17 from "Trust" to "Untrust" "Dial-Up VPN IPv4" "test" "ANY" nat src tunnel vpn "test" id 1 log set policy id 17 exit set policy id 16 from "Trust" to "Untrust" "Any-IPv4" "10.0.0.0/8" "ANY" deny log set policy id 16 set dst-address "172.16.0.0/12" set dst-address "192.168.0.0/16" exit set policy id 8 from "Trust" to "Untrust" "10.3.0.0/16" "Any-IPv4" "ANY" nat src permit log count set policy id 8 set src-address "172.16.3.0/24" exit set policy id 15 from "Trust" to "Untrust" "Any-IPv4" "Any-IPv4" "ANY" deny log set policy id 15 exit set policy id 11 from "Untrust" to "Trust" "Any-IPv4" "Any-IPv4" "ANY" deny log set policy id 11 exit set policy id 14 from "Untrust" to "Untrust" "Any-IPv4" "Any-IPv4" "ANY" deny log set policy id 14 exit set syslog config "10.3.5.1" set syslog config "10.3.5.1" facilities local0 local0 set syslog config "10.3.5.1" log traffic set syslog src-interface loopback.1 set syslog enable set log header-format 1 set firewall log-self set firewall log-self ike set firewall log-self snmp set firewall log-self icmp set nsmgmt bulkcli reboot-timeout 60 set nsmgmt bulkcli reboot-wait 0 set ssh version v2 set ssh enable set scp enable set config lock timeout 5 unset ssl enable set ntp server "ntp.prolixium.com" set modem speed 115200 set modem retry 3 set modem interval 10 set modem idle-time 10 set snmp community "notscreen" Read-Only Trap-off version v1 set snmp host "notscreen" 10.3.0.0 255.255.0.0 set snmp host "notscreen" 172.16.3.0 255.255.255.0 set snmp location "Charlotte, NC" set snmp contact "Mark Kamichoff " set snmp port listen 161 set snmp port trap 162 set vrouter "untrust-vr" exit set vrouter "trust-vr" set router-id 10.3.4.11 set protocol bgp 65301 set confederation id 65003 set enable unset synchronization set neighbor 10.3.4.5 remote-as 65301 src-interface loopback.1 set neighbor 10.3.4.5 enable set confederation peer 65305 set confederation peer 65304 set confederation peer 65303 set confederation peer 65302 set confederation peer 65300 set network 10.3.253.0/29 set network 10.3.4.11/32 exit unset add-default-route set route 0.0.0.0/0 vrouter "untrust-vr" preference 20 exit set interface trust protocol ospf area 0.0.0.0 set interface trust protocol ospf enable set interface loopback.1 protocol ospf area 0.0.0.0 set interface loopback.1 protocol ospf passive set interface loopback.1 protocol ospf enable set interface trust protocol bgp set vrouter "untrust-vr" exit set vrouter "trust-vr" exit