set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set clock "timezone" 0
set admin format dos
set admin name "netscreen"
set admin password nKVUM2rwMUzPcrkG5sWIHdCtqkAibn
set admin auth timeout 10
set admin auth server "Local"
set vrouter trust-vr sharable
unset vrouter "trust-vr" auto-route-export
set vrouter "trust-vr"
set protocol ospf
set enable
set asbr
exit
exit
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "Trust" tcp-rst 
set zone "Untrust" block 
unset zone "Untrust" tcp-rst 
set zone "DMZ" tcp-rst 
set zone "MGT" block 
set zone "MGT" tcp-rst 
set zone Untrust screen tear-drop
set zone Untrust screen syn-flood
set zone Untrust screen ping-death
set zone Untrust screen ip-filter-src
set zone Untrust screen land
set zone V1-Untrust screen tear-drop
set zone V1-Untrust screen syn-flood
set zone V1-Untrust screen ping-death
set zone V1-Untrust screen ip-filter-src
set zone V1-Untrust screen land
set interface "ethernet3" zone "Untrust"
set interface id 21 "redundant1" zone "Trust"
set interface ethernet1 group redundant1
set interface ethernet2 group redundant1
unset interface vlan1 ip
set interface ethernet3 ip 10.3.1.1/24
set interface ethernet3 route
set interface redundant1 ip 10.1.1.1/24
set interface redundant1 nat
set interface redundant1:1 ip 10.1.1.7/24
set interface redundant1:1 nat
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface redundant1 manage-ip 10.1.1.2
set interface vlan1 ip manageable
unset interface ethernet1 ip manageable
set interface ethernet2 ip manageable
set interface ethernet3 ip manageable
unset interface redundant1 ip manageable
set interface ethernet3 manage ping
set interface ethernet3 manage scs
set interface redundant1 protocol ospf area 0.0.0.0
set interface redundant1 protocol ospf enable
set interface redundant1:1 protocol ospf area 0.0.0.0
set interface redundant1:1 protocol ospf enable
set hostname testfw0
set snmp name "testfw0"
set ike policy-checking
set ike respond-bad-spi 1
set ike id-mode subnet
set xauth lifetime 480
set xauth default auth server Local
set policy id 0 from "Trust" to "DMZ"  "Any" "Any" "ANY" Permit log count 
set policy id 1 from "DMZ" to "Trust"  "Any" "Any" "ANY" Permit log count 
set policy id 2 from "Untrust" to "Trust"  "Any" "Any" "ANY" Permit log count 
set policy id 3 from "Trust" to "Untrust"  "Any" "Any" "ANY" Permit log count 
set policy id 4 from "Untrust" to "DMZ"  "Any" "Any" "ANY" Permit log count 
unset global-pro policy-manager primary outgoing-interface
unset global-pro policy-manager secondary outgoing-interface
set nsrp cluster id 1
set nsrp cluster name "testfw"
set nsrp rto-mirror sync
set nsrp vsd-group id 0 priority 1
set nsrp vsd-group id 0 preempt
set nsrp vsd-group id 0 preempt hold-down 0
set nsrp vsd-group id 1 priority 100
set nsrp monitor interface redundant1
set nsrp secondary-path "ethernet1"
set scs enable
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
set router-id 10.1.1.1
set access-list 1
set access-list 1 permit ip 10.2.1.0/24 1
set access-list 1 permit ip 10.1.1.0/27 2
set access-list 1 permit ip 10.3.1.0/24 3
set route-map name "Connected" permit 1
set match ip 1
exit
set route-map name "Static" permit 2
set match ip 2
exit
unset add-default-route
set protocol ospf
set redistribute route-map "Connected" protocol connected
exit
exit