インターネット接続ルータ更新完了

今まで自宅のインターネット接続用に使用していたCisco1812Jに引退してもらい、JuniperSRX100に更新しました。とりあえず、1812Jで検証用で使用していた不要な設定を削除して、SRXに設定を移植していきましたが、Dimoraの設定が地味に大変でコンフィグが800行近くになってしまいました。

ファンレスのSRXに更新したことで、ようやく部屋が静かになりました。引退した1812Jですが、うるさいファンを交換したら会社の検証機として使用する予定です。

設定した内容

コンフィグは長くなってしまいましたが、設定した内容自体はあまり多くなく以下の項目ぐらいでしょうか。

  • SecurityZONEとして「WAN」、「DMZ」、「LAN」を作成
  • DMZからWANに対してのSourceNATの設定
  • WANからDMZに対してのDestinationNATの設定
  • PPPoEの設定
  • Syslogの設定
  • NTPの設定

ネットワーク構成図

今まではLAN側のセグメントが1つでしたが、今後DMZとLANに分けようと思っています。そのため現時点ではDMZだけ使用しています。

MyNW.jpg

SRX100の設定内容

Junosのコンフィグを書いたことがある人は判ると思いますが、設定上色々なポリシー名が必要になってきます。そのため、ポリシー名は原則大文字で書くようにして、Junosの構文なのかポリシー名なのか判り易くしています。

自宅のSRXのコンフィグについては、以下に記載しますので参考にしてみて下さい。

 

ikeda@SRX100H> show configuration |display set
set version 12.1R3.5
set system host-name SRX100H
set system time-zone Asia/Tokyo
set system root-authentication encrypted-password "$1$W.QY5NAxxdxE7fRvmCMFQGGOZ."
set system name-server 192.168.40.2
set system login user juniper uid 1000
set system login user juniper class super-user
set system login user juniper authentication encrypted-password "$1$hF4QrBib$c2KxxxxxbwpTosJJzhwBS4/"
set system services ssh
set system services telnet
set system services xnm-clear-text
set system services web-management http interface vlan.0
set system services web-management https system-generated-certificate
set system services web-management https interface vlan.0
set system services dhcp domain-name or2.to
set system services dhcp router 192.168.40.254
set system services dhcp pool 192.168.40.0/24 address-range low 192.168.40.100
set system services dhcp pool 192.168.40.0/24 address-range high 192.168.40.199
set system services dhcp propagate-settings vlan.40
set system syslog archive size 100k
set system syslog archive files 3
set system syslog user * any emergency
set system syslog host 192.168.40.2 any any
set system syslog host 192.168.40.2 facility-override local0
set system syslog host 192.168.40.2 source-address 192.168.40.254
set system syslog file messages any emergency
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands error
set system max-configurations-on-flash 5
set system max-configuration-rollbacks 5
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set system ntp boot-server 133.243.238.163
set system ntp server 133.243.238.164
set system ntp server 133.243.238.163
set interfaces fe-0/0/0 unit 0 encapsulation ppp-over-ether
set interfaces fe-0/0/1 unit 0 family ethernet-switching vlan members VLAN40
set interfaces fe-0/0/2 unit 0 family ethernet-switching vlan members VLAN40
set interfaces fe-0/0/3 unit 0 family ethernet-switching vlan members VLAN40
set interfaces fe-0/0/4 unit 0 family ethernet-switching vlan members VLAN40
set interfaces fe-0/0/5 unit 0 family ethernet-switching vlan members VLAN40
set interfaces fe-0/0/6 unit 0 family ethernet-switching vlan members VLAN50
set interfaces fe-0/0/7 unit 0 family ethernet-switching vlan members VLAN50
set interfaces pp0 unit 0 ppp-options chap default-chap-secret "$9$8F0xNHqJZ/txxxxxxXdb"
set interfaces pp0 unit 0 ppp-options chap local-name "xxxxxxxxx@xxxxx.net"
set interfaces pp0 unit 0 ppp-options chap passive
set interfaces pp0 unit 0 pppoe-options underlying-interface fe-0/0/0.0
set interfaces pp0 unit 0 pppoe-options auto-reconnect 10
set interfaces pp0 unit 0 pppoe-options client
set interfaces pp0 unit 0 family inet mtu 1454
set interfaces pp0 unit 0 family inet negotiate-address
set interfaces vlan unit 40 family inet address 192.168.40.254/24
set interfaces vlan unit 50 family inet address 192.168.50.254/24
set routing-options static route 0.0.0.0/0 next-hop pp0.0
set protocols stp
set security flow tcp-mss all-tcp mss 1414
set security screen ids-option WAN-SCREEN icmp ping-death
set security screen ids-option WAN-SCREEN ip source-route-option
set security screen ids-option WAN-SCREEN ip tear-drop
set security screen ids-option WAN-SCREEN tcp syn-flood alarm-threshold 1024
set security screen ids-option WAN-SCREEN tcp syn-flood attack-threshold 200
set security screen ids-option WAN-SCREEN tcp syn-flood source-threshold 1024
set security screen ids-option WAN-SCREEN tcp syn-flood destination-threshold 2048
set security screen ids-option WAN-SCREEN tcp syn-flood timeout 20
set security screen ids-option WAN-SCREEN tcp land
set security nat source rule-set LAN2WAN from zone LAN
set security nat source rule-set LAN2WAN to zone WAN
set security nat source rule-set LAN2WAN rule RULE801 match source-address 0.0.0.0/0
set security nat source rule-set LAN2WAN rule RULE801 then source-nat interface
set security nat source rule-set DMZ2WAN from zone DMZ
set security nat source rule-set DMZ2WAN to zone WAN
set security nat source rule-set DMZ2WAN rule RULE901 match source-address 0.0.0.0/0
set security nat source rule-set DMZ2WAN rule RULE901 then source-nat interface
set security nat destination pool DSSH address 192.168.40.2/32
set security nat destination pool DSSH address port 22
set security nat destination pool DSMTP address 192.168.40.2/32
set security nat destination pool DSMTP address port 25
set security nat destination pool DDNS address 192.168.40.2/32
set security nat destination pool DDNS address port 53
set security nat destination pool DHTTP address 192.168.40.2/32
set security nat destination pool DHTTP address port 80
set security nat destination pool DPOP address 192.168.40.2/32
set security nat destination pool DPOP address port 110
set security nat destination pool DIMORA001 address 192.168.40.6/32
set security nat destination pool DIMORA001 address port 47809
set security nat destination pool DIMORA002 address 192.168.40.6/32
set security nat destination pool DIMORA002 address port 47810
set security nat destination pool DIMORA003 address 192.168.40.6/32
set security nat destination pool DIMORA003 address port 47811
set security nat destination pool DIMORA004 address 192.168.40.6/32
set security nat destination pool DIMORA004 address port 47812
set security nat destination pool DIMORA005 address 192.168.40.6/32
set security nat destination pool DIMORA005 address port 47813
set security nat destination pool DIMORA006 address 192.168.40.6/32
set security nat destination pool DIMORA006 address port 47814
set security nat destination pool DIMORA007 address 192.168.40.6/32
set security nat destination pool DIMORA007 address port 47815
set security nat destination pool DIMORA008 address 192.168.40.6/32
set security nat destination pool DIMORA008 address port 47816
set security nat destination pool DIMORA009 address 192.168.40.6/32
set security nat destination pool DIMORA009 address port 47817
set security nat destination pool DIMORA010 address 192.168.40.6/32
set security nat destination pool DIMORA010 address port 47818
set security nat destination pool DIMORA011 address 192.168.40.6/32
set security nat destination pool DIMORA011 address port 47819
set security nat destination pool DIMORA012 address 192.168.40.6/32
set security nat destination pool DIMORA012 address port 47820
set security nat destination pool DIMORA013 address 192.168.40.6/32
set security nat destination pool DIMORA013 address port 47825
set security nat destination pool DIMORA014 address 192.168.40.6/32
set security nat destination pool DIMORA014 address port 49000
set security nat destination pool DIMORA015 address 192.168.40.6/32
set security nat destination pool DIMORA015 address port 49001
set security nat destination pool DIMORA016 address 192.168.40.6/32
set security nat destination pool DIMORA016 address port 49002
set security nat destination pool DIMORA017 address 192.168.40.6/32
set security nat destination pool DIMORA017 address port 49003
set security nat destination pool DIMORA018 address 192.168.40.6/32
set security nat destination pool DIMORA018 address port 49004
set security nat destination pool DIMORA019 address 192.168.40.6/32
set security nat destination pool DIMORA019 address port 49005
set security nat destination pool DIMORA020 address 192.168.40.6/32
set security nat destination pool DIMORA020 address port 49006
set security nat destination pool DIMORA021 address 192.168.40.6/32
set security nat destination pool DIMORA021 address port 49007
set security nat destination pool DIMORA022 address 192.168.40.6/32
set security nat destination pool DIMORA022 address port 49008
set security nat destination pool DIMORA023 address 192.168.40.6/32
set security nat destination pool DIMORA023 address port 49009
set security nat destination pool DIMORA024 address 192.168.40.6/32
set security nat destination pool DIMORA024 address port 49010
set security nat destination pool DIMORA025 address 192.168.40.6/32
set security nat destination pool DIMORA025 address port 49011
set security nat destination pool DIMORA026 address 192.168.40.6/32
set security nat destination pool DIMORA026 address port 49012
set security nat destination pool DIMORA027 address 192.168.40.6/32
set security nat destination pool DIMORA027 address port 49013
set security nat destination pool DIMORA028 address 192.168.40.6/32
set security nat destination pool DIMORA028 address port 49014
set security nat destination pool DIMORA029 address 192.168.40.6/32
set security nat destination pool DIMORA029 address port 49015
set security nat destination pool DIMORA030 address 192.168.40.6/32
set security nat destination pool DIMORA030 address port 49016
set security nat destination pool DIMORA031 address 192.168.40.6/32
set security nat destination pool DIMORA031 address port 49017
set security nat destination pool DIMORA032 address 192.168.40.6/32
set security nat destination pool DIMORA032 address port 49018
set security nat destination pool DIMORA033 address 192.168.40.6/32
set security nat destination pool DIMORA033 address port 49019
set security nat destination pool DIMORA034 address 192.168.40.6/32
set security nat destination pool DIMORA034 address port 49020
set security nat destination pool DIMORA035 address 192.168.40.6/32
set security nat destination pool DIMORA035 address port 49021
set security nat destination pool DIMORA036 address 192.168.40.6/32
set security nat destination pool DIMORA036 address port 49022
set security nat destination pool DIMORA037 address 192.168.40.6/32
set security nat destination pool DIMORA037 address port 49023
set security nat destination pool DIMORA038 address 192.168.40.6/32
set security nat destination pool DIMORA038 address port 49024
set security nat destination pool DIMORA039 address 192.168.40.6/32
set security nat destination pool DIMORA039 address port 49025
set security nat destination pool DIMORA040 address 192.168.40.6/32
set security nat destination pool DIMORA040 address port 49026
set security nat destination pool DIMORA041 address 192.168.40.6/32
set security nat destination pool DIMORA041 address port 49027
set security nat destination pool DIMORA042 address 192.168.40.6/32
set security nat destination pool DIMORA042 address port 49028
set security nat destination pool DIMORA043 address 192.168.40.6/32
set security nat destination pool DIMORA043 address port 49029
set security nat destination pool DIMORA044 address 192.168.40.6/32
set security nat destination pool DIMORA044 address port 49030
set security nat destination rule-set DNAT from zone WAN
set security nat destination rule-set DNAT rule RULE001 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE001 match destination-port 22
set security nat destination rule-set DNAT rule RULE001 match protocol tcp
set security nat destination rule-set DNAT rule RULE001 then destination-nat pool DSSH
set security nat destination rule-set DNAT rule RULE002 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE002 match destination-port 25
set security nat destination rule-set DNAT rule RULE002 match protocol tcp
set security nat destination rule-set DNAT rule RULE002 then destination-nat pool DSMTP
set security nat destination rule-set DNAT rule RULE003 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE003 match destination-port 53
set security nat destination rule-set DNAT rule RULE003 match protocol udp
set security nat destination rule-set DNAT rule RULE003 then destination-nat pool DDNS
set security nat destination rule-set DNAT rule RULE004 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE004 match destination-port 80
set security nat destination rule-set DNAT rule RULE004 match protocol tcp
set security nat destination rule-set DNAT rule RULE004 then destination-nat pool DHTTP
set security nat destination rule-set DNAT rule RULE005 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE005 match destination-port 110
set security nat destination rule-set DNAT rule RULE005 match protocol tcp
set security nat destination rule-set DNAT rule RULE005 then destination-nat pool DPOP
set security nat destination rule-set DNAT rule RULE006 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE006 match destination-port 47809
set security nat destination rule-set DNAT rule RULE006 match protocol tcp
set security nat destination rule-set DNAT rule RULE006 then destination-nat pool DIMORA001
set security nat destination rule-set DNAT rule RULE007 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE007 match destination-port 47810
set security nat destination rule-set DNAT rule RULE007 match protocol udp
set security nat destination rule-set DNAT rule RULE007 then destination-nat pool DIMORA002
set security nat destination rule-set DNAT rule RULE008 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE008 match destination-port 47811
set security nat destination rule-set DNAT rule RULE008 match protocol udp
set security nat destination rule-set DNAT rule RULE008 then destination-nat pool DIMORA003
set security nat destination rule-set DNAT rule RULE009 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE009 match destination-port 47812
set security nat destination rule-set DNAT rule RULE009 match protocol udp
set security nat destination rule-set DNAT rule RULE009 then destination-nat pool DIMORA004
set security nat destination rule-set DNAT rule RULE010 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE010 match destination-port 47813
set security nat destination rule-set DNAT rule RULE010 match protocol udp
set security nat destination rule-set DNAT rule RULE010 then destination-nat pool DIMORA005
set security nat destination rule-set DNAT rule RULE011 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE011 match destination-port 47814
set security nat destination rule-set DNAT rule RULE011 match protocol udp
set security nat destination rule-set DNAT rule RULE011 then destination-nat pool DIMORA006
set security nat destination rule-set DNAT rule RULE012 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE012 match destination-port 47815
set security nat destination rule-set DNAT rule RULE012 match protocol udp
set security nat destination rule-set DNAT rule RULE012 then destination-nat pool DIMORA007
set security nat destination rule-set DNAT rule RULE013 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE013 match destination-port 47816
set security nat destination rule-set DNAT rule RULE013 match protocol udp
set security nat destination rule-set DNAT rule RULE013 then destination-nat pool DIMORA008
set security nat destination rule-set DNAT rule RULE014 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE014 match destination-port 47817
set security nat destination rule-set DNAT rule RULE014 match protocol udp
set security nat destination rule-set DNAT rule RULE014 then destination-nat pool DIMORA009
set security nat destination rule-set DNAT rule RULE015 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE015 match destination-port 47818
set security nat destination rule-set DNAT rule RULE015 match protocol udp
set security nat destination rule-set DNAT rule RULE015 then destination-nat pool DIMORA010
set security nat destination rule-set DNAT rule RULE016 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE016 match destination-port 47819
set security nat destination rule-set DNAT rule RULE016 match protocol udp
set security nat destination rule-set DNAT rule RULE016 then destination-nat pool DIMORA011
set security nat destination rule-set DNAT rule RULE017 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE017 match destination-port 47820
set security nat destination rule-set DNAT rule RULE017 match protocol udp
set security nat destination rule-set DNAT rule RULE017 then destination-nat pool DIMORA012
set security nat destination rule-set DNAT rule RULE018 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE018 match destination-port 47825
set security nat destination rule-set DNAT rule RULE018 match protocol tcp
set security nat destination rule-set DNAT rule RULE018 then destination-nat pool DIMORA013
set security nat destination rule-set DNAT rule RULE019 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE019 match destination-port 49000
set security nat destination rule-set DNAT rule RULE019 match protocol tcp
set security nat destination rule-set DNAT rule RULE019 then destination-nat pool DIMORA014
set security nat destination rule-set DNAT rule RULE020 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE020 match destination-port 49001
set security nat destination rule-set DNAT rule RULE020 match protocol tcp
set security nat destination rule-set DNAT rule RULE020 then destination-nat pool DIMORA015
set security nat destination rule-set DNAT rule RULE021 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE021 match destination-port 49002
set security nat destination rule-set DNAT rule RULE021 match protocol tcp
set security nat destination rule-set DNAT rule RULE021 then destination-nat pool DIMORA016
set security nat destination rule-set DNAT rule RULE022 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE022 match destination-port 49003
set security nat destination rule-set DNAT rule RULE022 match protocol tcp
set security nat destination rule-set DNAT rule RULE022 then destination-nat pool DIMORA017
set security nat destination rule-set DNAT rule RULE023 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE023 match destination-port 49004
set security nat destination rule-set DNAT rule RULE023 match protocol tcp
set security nat destination rule-set DNAT rule RULE023 then destination-nat pool DIMORA018
set security nat destination rule-set DNAT rule RULE024 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE024 match destination-port 49005
set security nat destination rule-set DNAT rule RULE024 match protocol tcp
set security nat destination rule-set DNAT rule RULE024 then destination-nat pool DIMORA019
set security nat destination rule-set DNAT rule RULE025 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE025 match destination-port 49006
set security nat destination rule-set DNAT rule RULE025 match protocol tcp
set security nat destination rule-set DNAT rule RULE025 then destination-nat pool DIMORA020
set security nat destination rule-set DNAT rule RULE026 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE026 match destination-port 49007
set security nat destination rule-set DNAT rule RULE026 match protocol tcp
set security nat destination rule-set DNAT rule RULE026 then destination-nat pool DIMORA021
set security nat destination rule-set DNAT rule RULE027 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE027 match destination-port 49008
set security nat destination rule-set DNAT rule RULE027 match protocol tcp
set security nat destination rule-set DNAT rule RULE027 then destination-nat pool DIMORA022
set security nat destination rule-set DNAT rule RULE028 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE028 match destination-port 49009
set security nat destination rule-set DNAT rule RULE028 match protocol tcp
set security nat destination rule-set DNAT rule RULE028 then destination-nat pool DIMORA023
set security nat destination rule-set DNAT rule RULE029 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE029 match destination-port 49010
set security nat destination rule-set DNAT rule RULE029 match protocol tcp
set security nat destination rule-set DNAT rule RULE029 then destination-nat pool DIMORA024
set security nat destination rule-set DNAT rule RULE030 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE030 match destination-port 49011
set security nat destination rule-set DNAT rule RULE030 match protocol tcp
set security nat destination rule-set DNAT rule RULE030 then destination-nat pool DIMORA025
set security nat destination rule-set DNAT rule RULE031 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE031 match destination-port 49012
set security nat destination rule-set DNAT rule RULE031 match protocol tcp
set security nat destination rule-set DNAT rule RULE031 then destination-nat pool DIMORA026
set security nat destination rule-set DNAT rule RULE032 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE032 match destination-port 49013
set security nat destination rule-set DNAT rule RULE032 match protocol tcp
set security nat destination rule-set DNAT rule RULE032 then destination-nat pool DIMORA027
set security nat destination rule-set DNAT rule RULE033 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE033 match destination-port 49014
set security nat destination rule-set DNAT rule RULE033 match protocol tcp
set security nat destination rule-set DNAT rule RULE033 then destination-nat pool DIMORA028
set security nat destination rule-set DNAT rule RULE034 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE034 match destination-port 49015
set security nat destination rule-set DNAT rule RULE034 match protocol tcp
set security nat destination rule-set DNAT rule RULE034 then destination-nat pool DIMORA029
set security nat destination rule-set DNAT rule RULE035 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE035 match destination-port 49016
set security nat destination rule-set DNAT rule RULE035 match protocol tcp
set security nat destination rule-set DNAT rule RULE035 then destination-nat pool DIMORA030
set security nat destination rule-set DNAT rule RULE036 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE036 match destination-port 49017
set security nat destination rule-set DNAT rule RULE036 match protocol tcp
set security nat destination rule-set DNAT rule RULE036 then destination-nat pool DIMORA031
set security nat destination rule-set DNAT rule RULE037 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE037 match destination-port 49018
set security nat destination rule-set DNAT rule RULE037 match protocol tcp
set security nat destination rule-set DNAT rule RULE037 then destination-nat pool DIMORA032
set security nat destination rule-set DNAT rule RULE038 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE038 match destination-port 49019
set security nat destination rule-set DNAT rule RULE038 match protocol tcp
set security nat destination rule-set DNAT rule RULE038 then destination-nat pool DIMORA033
set security nat destination rule-set DNAT rule RULE039 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE039 match destination-port 49020
set security nat destination rule-set DNAT rule RULE039 match protocol tcp
set security nat destination rule-set DNAT rule RULE039 then destination-nat pool DIMORA034
set security nat destination rule-set DNAT rule RULE040 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE040 match destination-port 49021
set security nat destination rule-set DNAT rule RULE040 match protocol tcp
set security nat destination rule-set DNAT rule RULE040 then destination-nat pool DIMORA035
set security nat destination rule-set DNAT rule RULE041 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE041 match destination-port 49022
set security nat destination rule-set DNAT rule RULE041 match protocol tcp
set security nat destination rule-set DNAT rule RULE041 then destination-nat pool DIMORA036
set security nat destination rule-set DNAT rule RULE042 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE042 match destination-port 49023
set security nat destination rule-set DNAT rule RULE042 match protocol tcp
set security nat destination rule-set DNAT rule RULE042 then destination-nat pool DIMORA037
set security nat destination rule-set DNAT rule RULE043 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE043 match destination-port 49024
set security nat destination rule-set DNAT rule RULE043 match protocol tcp
set security nat destination rule-set DNAT rule RULE043 then destination-nat pool DIMORA038
set security nat destination rule-set DNAT rule RULE044 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE044 match destination-port 49025
set security nat destination rule-set DNAT rule RULE044 match protocol tcp
set security nat destination rule-set DNAT rule RULE044 then destination-nat pool DIMORA039
set security nat destination rule-set DNAT rule RULE045 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE045 match destination-port 49026
set security nat destination rule-set DNAT rule RULE045 match protocol tcp
set security nat destination rule-set DNAT rule RULE045 then destination-nat pool DIMORA040
set security nat destination rule-set DNAT rule RULE046 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE046 match destination-port 49027
set security nat destination rule-set DNAT rule RULE046 match protocol tcp
set security nat destination rule-set DNAT rule RULE046 then destination-nat pool DIMORA041
set security nat destination rule-set DNAT rule RULE047 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE047 match destination-port 49028
set security nat destination rule-set DNAT rule RULE047 match protocol tcp
set security nat destination rule-set DNAT rule RULE047 then destination-nat pool DIMORA042
set security nat destination rule-set DNAT rule RULE048 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE048 match destination-port 49029
set security nat destination rule-set DNAT rule RULE048 match protocol tcp
set security nat destination rule-set DNAT rule RULE048 then destination-nat pool DIMORA043
set security nat destination rule-set DNAT rule RULE049 match destination-address 183.77.251.204/32
set security nat destination rule-set DNAT rule RULE049 match destination-port 49030
set security nat destination rule-set DNAT rule RULE049 match protocol tcp
set security nat destination rule-set DNAT rule RULE049 then destination-nat pool DIMORA044
set security policies from-zone DMZ to-zone LAN policy ID999 match source-address any
set security policies from-zone DMZ to-zone LAN policy ID999 match destination-address any
set security policies from-zone DMZ to-zone LAN policy ID999 match application any
set security policies from-zone DMZ to-zone LAN policy ID999 then permit
set security policies from-zone DMZ to-zone LAN policy ID999 then log session-init
set security policies from-zone DMZ to-zone LAN policy ID999 then log session-close
set security policies from-zone DMZ to-zone WAN policy ID999 match source-address any
set security policies from-zone DMZ to-zone WAN policy ID999 match destination-address any
set security policies from-zone DMZ to-zone WAN policy ID999 match application any
set security policies from-zone DMZ to-zone WAN policy ID999 then permit
set security policies from-zone LAN to-zone DMZ policy ID999 match source-address any
set security policies from-zone LAN to-zone DMZ policy ID999 match destination-address any
set security policies from-zone LAN to-zone DMZ policy ID999 match application any
set security policies from-zone LAN to-zone DMZ policy ID999 then permit
set security policies from-zone LAN to-zone DMZ policy ID999 then log session-init
set security policies from-zone LAN to-zone DMZ policy ID999 then log session-close
set security policies from-zone LAN to-zone WAN policy ID999 match source-address any
set security policies from-zone LAN to-zone WAN policy ID999 match destination-address any
set security policies from-zone LAN to-zone WAN policy ID999 match application any
set security policies from-zone LAN to-zone WAN policy ID999 then permit
set security policies from-zone WAN to-zone LAN policy ID999 match source-address any
set security policies from-zone WAN to-zone LAN policy ID999 match destination-address any
set security policies from-zone WAN to-zone LAN policy ID999 match application any
set security policies from-zone WAN to-zone LAN policy ID999 then deny
set security policies from-zone WAN to-zone LAN policy ID999 then log session-init
set security policies from-zone WAN to-zone LAN policy ID999 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID001 match source-address 210.XXX.103.XX/32
set security policies from-zone WAN to-zone DMZ policy ID001 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID001 match application junos-ssh
set security policies from-zone WAN to-zone DMZ policy ID001 then permit
set security policies from-zone WAN to-zone DMZ policy ID001 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID001 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID002 match source-address any
set security policies from-zone WAN to-zone DMZ policy ID002 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID002 match application junos-smtp
set security policies from-zone WAN to-zone DMZ policy ID002 then permit
set security policies from-zone WAN to-zone DMZ policy ID002 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID002 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID003 match source-address any
set security policies from-zone WAN to-zone DMZ policy ID003 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID003 match application junos-dns-udp
set security policies from-zone WAN to-zone DMZ policy ID003 then permit
set security policies from-zone WAN to-zone DMZ policy ID003 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID003 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID004 match source-address any
set security policies from-zone WAN to-zone DMZ policy ID004 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID004 match application junos-http
set security policies from-zone WAN to-zone DMZ policy ID004 then permit
set security policies from-zone WAN to-zone DMZ policy ID004 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID004 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID005 match source-address 210.XXX.103.XX/32
set security policies from-zone WAN to-zone DMZ policy ID005 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID005 match application junos-pop3
set security policies from-zone WAN to-zone DMZ policy ID005 then permit
set security policies from-zone WAN to-zone DMZ policy ID005 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID005 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID006 match source-address 114.179.237.129/32
set security policies from-zone WAN to-zone DMZ policy ID006 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID006 match application TCP47809
set security policies from-zone WAN to-zone DMZ policy ID006 then permit
set security policies from-zone WAN to-zone DMZ policy ID006 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID006 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID007 match source-address 114.179.237.129/32
set security policies from-zone WAN to-zone DMZ policy ID007 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID007 match application UDP47810
set security policies from-zone WAN to-zone DMZ policy ID007 then permit
set security policies from-zone WAN to-zone DMZ policy ID007 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID007 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID008 match source-address 114.179.237.129/32
set security policies from-zone WAN to-zone DMZ policy ID008 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID008 match application UDP47811
set security policies from-zone WAN to-zone DMZ policy ID008 then permit
set security policies from-zone WAN to-zone DMZ policy ID008 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID008 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID009 match source-address 114.179.237.129/32
set security policies from-zone WAN to-zone DMZ policy ID009 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID009 match application UDP47812
set security policies from-zone WAN to-zone DMZ policy ID009 then permit
set security policies from-zone WAN to-zone DMZ policy ID009 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID009 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID010 match source-address 114.179.237.129/32
set security policies from-zone WAN to-zone DMZ policy ID010 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID010 match application UDP47813
set security policies from-zone WAN to-zone DMZ policy ID010 then permit
set security policies from-zone WAN to-zone DMZ policy ID010 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID010 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID011 match source-address 114.179.237.129/32
set security policies from-zone WAN to-zone DMZ policy ID011 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID011 match application UDP47814
set security policies from-zone WAN to-zone DMZ policy ID011 then permit
set security policies from-zone WAN to-zone DMZ policy ID011 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID011 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID012 match source-address 114.179.237.129/32
set security policies from-zone WAN to-zone DMZ policy ID012 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID012 match application UDP47815
set security policies from-zone WAN to-zone DMZ policy ID012 then permit
set security policies from-zone WAN to-zone DMZ policy ID012 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID012 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID013 match source-address 114.179.237.129/32
set security policies from-zone WAN to-zone DMZ policy ID013 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID013 match application UDP47816
set security policies from-zone WAN to-zone DMZ policy ID013 then permit
set security policies from-zone WAN to-zone DMZ policy ID013 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID013 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID014 match source-address 114.179.237.129/32
set security policies from-zone WAN to-zone DMZ policy ID014 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID014 match application UDP47817
set security policies from-zone WAN to-zone DMZ policy ID014 then permit
set security policies from-zone WAN to-zone DMZ policy ID014 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID014 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID015 match source-address 114.179.237.129/32
set security policies from-zone WAN to-zone DMZ policy ID015 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID015 match application UDP47818
set security policies from-zone WAN to-zone DMZ policy ID015 then permit
set security policies from-zone WAN to-zone DMZ policy ID015 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID015 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID016 match source-address 114.179.237.129/32
set security policies from-zone WAN to-zone DMZ policy ID016 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID016 match application UDP47819
set security policies from-zone WAN to-zone DMZ policy ID016 then permit
set security policies from-zone WAN to-zone DMZ policy ID016 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID016 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID017 match source-address 114.179.237.129/32
set security policies from-zone WAN to-zone DMZ policy ID017 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID017 match application UDP47820
set security policies from-zone WAN to-zone DMZ policy ID017 then permit
set security policies from-zone WAN to-zone DMZ policy ID017 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID017 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID018 match source-address 114.179.237.23/32
set security policies from-zone WAN to-zone DMZ policy ID018 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID018 match application TCP47825
set security policies from-zone WAN to-zone DMZ policy ID018 then permit
set security policies from-zone WAN to-zone DMZ policy ID018 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID018 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID019 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID019 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID019 match application TCP49000
set security policies from-zone WAN to-zone DMZ policy ID019 then permit
set security policies from-zone WAN to-zone DMZ policy ID019 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID019 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID020 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID020 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID020 match application TCP49001
set security policies from-zone WAN to-zone DMZ policy ID020 then permit
set security policies from-zone WAN to-zone DMZ policy ID020 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID020 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID021 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID021 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID021 match application TCP49002
set security policies from-zone WAN to-zone DMZ policy ID021 then permit
set security policies from-zone WAN to-zone DMZ policy ID021 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID021 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID022 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID022 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID022 match application TCP49003
set security policies from-zone WAN to-zone DMZ policy ID022 then permit
set security policies from-zone WAN to-zone DMZ policy ID022 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID022 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID023 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID023 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID023 match application TCP49004
set security policies from-zone WAN to-zone DMZ policy ID023 then permit
set security policies from-zone WAN to-zone DMZ policy ID023 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID023 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID024 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID024 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID024 match application TCP49005
set security policies from-zone WAN to-zone DMZ policy ID024 then permit
set security policies from-zone WAN to-zone DMZ policy ID024 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID024 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID025 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID025 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID025 match application TCP49006
set security policies from-zone WAN to-zone DMZ policy ID025 then permit
set security policies from-zone WAN to-zone DMZ policy ID025 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID025 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID026 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID026 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID026 match application TCP49007
set security policies from-zone WAN to-zone DMZ policy ID026 then permit
set security policies from-zone WAN to-zone DMZ policy ID026 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID026 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID027 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID027 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID027 match application TCP49008
set security policies from-zone WAN to-zone DMZ policy ID027 then permit
set security policies from-zone WAN to-zone DMZ policy ID027 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID027 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID028 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID028 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID028 match application TCP49009
set security policies from-zone WAN to-zone DMZ policy ID028 then permit
set security policies from-zone WAN to-zone DMZ policy ID028 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID028 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID029 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID029 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID029 match application TCP49010
set security policies from-zone WAN to-zone DMZ policy ID029 then permit
set security policies from-zone WAN to-zone DMZ policy ID029 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID029 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID030 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID030 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID030 match application TCP49011
set security policies from-zone WAN to-zone DMZ policy ID030 then permit
set security policies from-zone WAN to-zone DMZ policy ID030 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID030 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID031 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID031 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID031 match application TCP49012
set security policies from-zone WAN to-zone DMZ policy ID031 then permit
set security policies from-zone WAN to-zone DMZ policy ID031 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID031 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID032 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID032 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID032 match application TCP49013
set security policies from-zone WAN to-zone DMZ policy ID032 then permit
set security policies from-zone WAN to-zone DMZ policy ID032 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID032 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID033 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID033 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID033 match application TCP49014
set security policies from-zone WAN to-zone DMZ policy ID033 then permit
set security policies from-zone WAN to-zone DMZ policy ID033 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID033 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID034 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID034 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID034 match application TCP49015
set security policies from-zone WAN to-zone DMZ policy ID034 then permit
set security policies from-zone WAN to-zone DMZ policy ID034 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID034 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID035 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID035 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID035 match application TCP49016
set security policies from-zone WAN to-zone DMZ policy ID035 then permit
set security policies from-zone WAN to-zone DMZ policy ID035 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID035 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID036 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID036 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID036 match application TCP49017
set security policies from-zone WAN to-zone DMZ policy ID036 then permit
set security policies from-zone WAN to-zone DMZ policy ID036 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID036 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID037 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID037 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID037 match application TCP49018
set security policies from-zone WAN to-zone DMZ policy ID037 then permit
set security policies from-zone WAN to-zone DMZ policy ID037 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID037 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID038 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID038 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID038 match application TCP49019
set security policies from-zone WAN to-zone DMZ policy ID038 then permit
set security policies from-zone WAN to-zone DMZ policy ID038 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID038 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID039 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID039 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID039 match application TCP49020
set security policies from-zone WAN to-zone DMZ policy ID039 then permit
set security policies from-zone WAN to-zone DMZ policy ID039 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID039 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID040 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID040 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID040 match application TCP49021
set security policies from-zone WAN to-zone DMZ policy ID040 then permit
set security policies from-zone WAN to-zone DMZ policy ID040 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID040 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID041 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID041 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID041 match application TCP49022
set security policies from-zone WAN to-zone DMZ policy ID041 then permit
set security policies from-zone WAN to-zone DMZ policy ID041 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID041 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID042 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID042 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID042 match application TCP49023
set security policies from-zone WAN to-zone DMZ policy ID042 then permit
set security policies from-zone WAN to-zone DMZ policy ID042 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID042 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID043 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID043 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID043 match application TCP49024
set security policies from-zone WAN to-zone DMZ policy ID043 then permit
set security policies from-zone WAN to-zone DMZ policy ID043 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID043 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID044 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID044 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID044 match application TCP49025
set security policies from-zone WAN to-zone DMZ policy ID044 then permit
set security policies from-zone WAN to-zone DMZ policy ID044 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID044 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID045 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID045 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID045 match application TCP49026
set security policies from-zone WAN to-zone DMZ policy ID045 then permit
set security policies from-zone WAN to-zone DMZ policy ID045 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID045 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID046 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID046 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID046 match application TCP49027
set security policies from-zone WAN to-zone DMZ policy ID046 then permit
set security policies from-zone WAN to-zone DMZ policy ID046 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID046 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID047 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID047 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID047 match application TCP49028
set security policies from-zone WAN to-zone DMZ policy ID047 then permit
set security policies from-zone WAN to-zone DMZ policy ID047 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID047 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID048 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID048 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID048 match application TCP49029
set security policies from-zone WAN to-zone DMZ policy ID048 then permit
set security policies from-zone WAN to-zone DMZ policy ID048 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID048 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID049 match source-address 114.179.237.17/32
set security policies from-zone WAN to-zone DMZ policy ID049 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID049 match application TCP49030
set security policies from-zone WAN to-zone DMZ policy ID049 then permit
set security policies from-zone WAN to-zone DMZ policy ID049 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID049 then log session-close
set security policies from-zone WAN to-zone DMZ policy ID999 match source-address any
set security policies from-zone WAN to-zone DMZ policy ID999 match destination-address any
set security policies from-zone WAN to-zone DMZ policy ID999 match application any
set security policies from-zone WAN to-zone DMZ policy ID999 then deny
set security policies from-zone WAN to-zone DMZ policy ID999 then log session-init
set security policies from-zone WAN to-zone DMZ policy ID999 then log session-close
set security zones security-zone LAN host-inbound-traffic system-services all
set security zones security-zone LAN host-inbound-traffic protocols all
set security zones security-zone LAN interfaces vlan.50
set security zones security-zone WAN address-book address 210.XXX.103.XX/32 210.XXX.103.XX/32
set security zones security-zone WAN address-book address 114.179.237.129/32 114.179.237.129/32
set security zones security-zone WAN address-book address 114.179.237.23/32 114.179.237.23/32
set security zones security-zone WAN address-book address 114.179.237.17/32 114.179.237.17/32
set security zones security-zone WAN screen WAN-SCREEN
set security zones security-zone WAN interfaces fe-0/0/0.0 host-inbound-traffic system-services ping
set security zones security-zone WAN interfaces pp0.0 host-inbound-traffic system-services ping
set security zones security-zone WAN interfaces pp0.0 host-inbound-traffic system-services ntp
set security zones security-zone DMZ address-book address 192.168.40.6/32 192.168.40.6/32
set security zones security-zone DMZ address-book address 192.168.40.2/32 192.168.40.2/32
set security zones security-zone DMZ host-inbound-traffic system-services all
set security zones security-zone DMZ host-inbound-traffic protocols all
set security zones security-zone DMZ interfaces vlan.40
set applications application TCP47809 protocol tcp
set applications application TCP47809 destination-port 47809
set applications application UDP47810 protocol udp
set applications application UDP47810 destination-port 47810
set applications application UDP47811 protocol udp
set applications application UDP47811 destination-port 47811
set applications application UDP47812 protocol udp
set applications application UDP47812 destination-port 47812
set applications application UDP47813 protocol udp
set applications application UDP47813 destination-port 47813
set applications application UDP47814 protocol udp
set applications application UDP47814 destination-port 47814
set applications application UDP47815 protocol udp
set applications application UDP47815 destination-port 47815
set applications application UDP47816 protocol udp
set applications application UDP47816 destination-port 47816
set applications application UDP47817 protocol udp
set applications application UDP47817 destination-port 47817
set applications application UDP47818 protocol udp
set applications application UDP47818 destination-port 47818
set applications application UDP47819 protocol udp
set applications application UDP47819 destination-port 47819
set applications application UDP47820 protocol udp
set applications application UDP47820 destination-port 47820
set applications application TCP47825 protocol tcp
set applications application TCP47825 destination-port 47825
set applications application TCP49000 protocol tcp
set applications application TCP49000 destination-port 49000
set applications application TCP49001 protocol tcp
set applications application TCP49001 destination-port 49001
set applications application TCP49002 protocol tcp
set applications application TCP49002 destination-port 49002
set applications application TCP49003 protocol tcp
set applications application TCP49003 destination-port 49003
set applications application TCP49004 protocol tcp
set applications application TCP49004 destination-port 49004
set applications application TCP49005 protocol tcp
set applications application TCP49005 destination-port 49005
set applications application TCP49006 protocol tcp
set applications application TCP49006 destination-port 49006
set applications application TCP49007 protocol tcp
set applications application TCP49007 destination-port 49007
set applications application TCP49008 protocol tcp
set applications application TCP49008 destination-port 49008
set applications application TCP49009 protocol tcp
set applications application TCP49009 destination-port 49009
set applications application TCP49010 protocol tcp
set applications application TCP49010 destination-port 49010
set applications application TCP49011 protocol tcp
set applications application TCP49011 destination-port 49011
set applications application TCP49012 protocol tcp
set applications application TCP49012 destination-port 49012
set applications application TCP49013 protocol tcp
set applications application TCP49013 destination-port 49013
set applications application TCP49014 protocol tcp
set applications application TCP49014 destination-port 49014
set applications application TCP49015 protocol tcp
set applications application TCP49015 destination-port 49015
set applications application TCP49016 protocol tcp
set applications application TCP49016 destination-port 49016
set applications application TCP49017 protocol tcp
set applications application TCP49017 destination-port 49017
set applications application TCP49018 protocol tcp
set applications application TCP49018 destination-port 49018
set applications application TCP49019 protocol tcp
set applications application TCP49019 destination-port 49019
set applications application TCP49020 protocol tcp
set applications application TCP49020 destination-port 49020
set applications application TCP49021 protocol tcp
set applications application TCP49021 destination-port 49021
set applications application TCP49022 protocol tcp
set applications application TCP49022 destination-port 49022
set applications application TCP49023 protocol tcp
set applications application TCP49023 destination-port 49023
set applications application TCP49024 protocol tcp
set applications application TCP49024 destination-port 49024
set applications application TCP49025 protocol tcp
set applications application TCP49025 destination-port 49025
set applications application TCP49026 protocol tcp
set applications application TCP49026 destination-port 49026
set applications application TCP49027 protocol tcp
set applications application TCP49027 destination-port 49027
set applications application TCP49028 protocol tcp
set applications application TCP49028 destination-port 49028
set applications application TCP49029 protocol tcp
set applications application TCP49029 destination-port 49029
set applications application TCP49030 protocol tcp
set applications application TCP49030 destination-port 49030
set vlans VLAN40 vlan-id 40
set vlans VLAN40 l3-interface vlan.40
set vlans VLAN50 vlan-id 50
set vlans VLAN50 l3-interface vlan.50
 

 

関連記事

人気記事のランキング

トラックバックURL

このエントリーのトラックバックURL:
http://or2.to/mt/mt-tb-mt.cgi/102

コメントする