diff options
Diffstat (limited to 'examples/tg15/netconf/rs1.tele.cfg')
| -rw-r--r-- | examples/tg15/netconf/rs1.tele.cfg | 1503 |
1 files changed, 1503 insertions, 0 deletions
diff --git a/examples/tg15/netconf/rs1.tele.cfg b/examples/tg15/netconf/rs1.tele.cfg new file mode 100644 index 0000000..315cba9 --- /dev/null +++ b/examples/tg15/netconf/rs1.tele.cfg @@ -0,0 +1,1503 @@ +## Last commit: 2015-04-03 17:44:49 CEST by technet +version 14.1X53-D16.2; +system { + host-name rs1.tele; + auto-snapshot; + domain-name infra.gathering.org; + time-zone Europe/Oslo; + root-authentication { + } + name-server { + 8.8.8.8; + } + login { + user technet { + uid 2005; + class super-user; + authentication { + } + } + user tg { + uid 2000; + class super-user; + authentication { + } + } + } + services { + ssh { + root-login deny; + } + dhcp-local-server { + group all { + interface irb.10; + } + } + } + syslog { + user * { + any emergency; + } + host 185.12.59.18 { + any info; + authorization info; + port 515; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + match "UI_CMDLINE_READ_LINE|UI_COMMIT_COMPLETED"; + } + } + commit synchronize; + ntp { + boot-server 129.240.2.6; + server 129.240.2.6; + } +} +chassis { + redundancy { + graceful-switchover; + } + aggregated-devices { + ethernet { + device-count 32; + } + } + alarm { + management-ethernet { + link-down ignore; + } + } +} +interfaces { + interface-range sflow { + member-range ge-0/0/0 to ge-0/0/23; + member-range et-0/1/0 to et-0/1/1; + member-range xe-0/2/0 to xe-0/2/3; + member-range ge-1/0/0 to ge-1/0/23; + member-range et-1/1/0 to et-1/1/1; + member-range xe-1/2/0 to xe-1/2/3; + member-range ge-2/0/0 to ge-2/0/23; + member-range xe-2/2/0 to xe-2/2/3; + } + interface-range all-ports { + member-range ge-0/0/0 to ge-0/0/23; + member-range et-0/1/0 to et-0/1/3; + member-range xe-0/2/0 to xe-0/2/3; + member-range ge-1/0/0 to ge-1/0/23; + member-range et-1/1/0 to et-1/1/3; + member-range xe-1/2/0 to xe-1/2/3; + member-range ge-2/0/0 to ge-2/0/23; + member-range et-2/1/0 to et-2/1/3; + member-range xe-2/2/0 to xe-2/2/3; + description "-- Not in use --"; + } + ge-0/0/0 { + description Event:Studio-link; + unit 0 { + family ethernet-switching { + interface-mode trunk; + vlan { + members [ studio_klient tele_event tele_mgmt ]; + } + } + } + } + ge-0/0/1 { + description "marty - DHCP/DNS"; + unit 0 { + family ethernet-switching { + vlan { + members DHCP; + } + } + } + } + ge-0/0/2 { + description "Fortigate management"; + unit 0 { + family ethernet-switching { + vlan { + members DHCP; + } + } + } + } + ge-0/0/3 { + unit 0 { + family ethernet-switching { + vlan { + members DHCP; + } + } + } + } + ge-0/0/4 { + description "NFC-station soverom syd"; + unit 0 { + family ethernet-switching { + vlan { + members studio_klient; + } + } + } + } + ge-0/0/5 { + description "NFC-station soverom syd"; + unit 0 { + family ethernet-switching { + vlan { + members studio_klient; + } + } + } + } + ge-0/0/6 { + unit 0 { + family ethernet-switching { + vlan { + members TELETEMP; + } + } + } + } + ge-0/0/7 { + unit 0 { + family ethernet-switching { + vlan { + members TELETEMP; + } + } + } + } + ge-0/0/8 { + unit 0 { + family ethernet-switching { + vlan { + members TELETEMP; + } + } + } + } + ge-0/0/9 { + unit 0 { + family ethernet-switching { + vlan { + members TELETEMP; + } + } + } + } + ge-0/0/10 { + unit 0 { + family ethernet-switching { + vlan { + members DHCP; + } + } + } + } + et-0/1/0 { + description "rs1.core et-0/0/53"; + ether-options { + no-auto-negotiation; + 802.3ad ae0; + } + } + et-0/1/1 { + description "rs1.noc et-2/0/49"; + ether-options { + 802.3ad ae1; + } + } + et-0/1/2 { + description VC; + } + et-0/1/3 { + description VC; + } + xe-0/2/0 { + description "fw2.tele ethernet9"; + ether-options { + 802.3ad ae3; + } + } + xe-0/2/1 { + description "fw1.tele xe-6/0/0"; + ether-options { + 802.3ad ae2; + } + } + xe-0/2/2 { + description "Blix 1470nm"; + ether-options { + 802.3ad ae5; + } + } + xe-0/2/3 { + description "Blix 1510nm"; + ether-options { + 802.3ad ae5; + } + } + ge-1/0/0 { + description "Security Server"; + unit 0 { + family ethernet-switching { + vlan { + members tele_security; + } + } + } + } + et-1/1/0 { + description "rs1.core et-1/0/53"; + ether-options { + 802.3ad ae0; + } + } + et-1/1/1 { + description "rs1.noc et-3/0/49"; + ether-options { + 802.3ad ae1; + } + } + et-1/1/2 { + description VC; + } + et-1/1/3 { + description VC; + } + xe-1/2/0 { + description "rs1.south xe-0/1/0"; + unit 0 { + family inet { + filter { + input v4-fbf; + } + address 151.216.128.10/31; + } + family inet6 { + address 2a02:ed02:fffe::10/127; + } + } + } + xe-1/2/1 { + description "fw1.tele xe-6/0/1"; + ether-options { + 802.3ad ae2; + } + } + xe-1/2/2 { + description "Blix 1530nm"; + ether-options { + 802.3ad ae5; + } + } + xe-1/2/3 { + description "Blix 1610nm"; + ether-options { + 802.3ad ae5; + } + } + et-2/1/0 { + description "Fortigate 1"; + ether-options { + no-auto-negotiation; + } + unit 0 { + family ethernet-switching { + vlan { + members default; + } + } + } + } + et-2/1/2 { + description VC; + } + et-2/1/3 { + description VC; + } + ae0 { + description "rs1.core ae1"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family inet { + filter { + input v4-fbf; + } + address 151.216.128.0/31; + } + family inet6 { + address 2a02:ed02:fffe::0/127; + } + } + } + ae1 { + description "rs1.noc ae1"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family inet { + mtu 1500; + filter { + input v4-fbf; + } + address 151.216.128.2/31; + } + family inet6 { + address 2a02:ed02:fffe::2/127; + } + } + } + ae2 { + description "fw1.tele ae0"; + vlan-tagging; + aggregated-ether-options { + lacp { + active; + } + } + unit 10 { + description "fw1.tele pre-nat"; + vlan-id 10; + family inet { + address 151.216.128.6/31; + } + } + unit 20 { + description "fw1.tele post-nat"; + vlan-id 20; + family inet { + address 151.216.128.8/31; + } + } + unit 30 { + description "fw1.tele firewall for event"; + vlan-id 30; + family inet { + address 151.216.128.44/31; + } + } + } + ae3 { + description fw2.tele; + vlan-tagging; + aggregated-ether-options { + lacp { + active; + } + } + unit 40 { + description "fw2.tele pre-nat"; + vlan-id 40; + family inet { + address 151.216.128.46/31; + } + } + unit 50 { + description "fw2.tele post-nat"; + vlan-id 50; + family inet { + address 151.216.128.48/31; + } + } + } + ae5 { + description "Blix internett"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family inet { + filter { + input v4-internet-ingress; + output v4-internet-egress; + } + address 185.12.58.2/30; + } + family inet6 { + filter { + input v6-internet-ingress; + output v6-internet-egress; + } + address 2a02:ed01::2/64; + } + } + } + irb { + unit 0; + unit 66 { + family inet { + address 185.12.59.65/27; + } + family inet6 { + address 2a02:ed02:1ee7::1/64; + } + } + unit 240 { + family inet { + address 151.216.240.1/24; + } + } + unit 1831 { + family inet { + address 151.216.183.33/27; + } + family inet6 { + address 2a02:ed02:1831::33/64; + } + } + unit 2500 { + family inet { + filter { + input v4-fbf; + output v4-event; + } + address 10.20.20.1/24; + } + } + unit 3000 { + description "Security spesialnett"; + family inet { + filter { + input v4-security; + output v4-security; + } + address 10.30.20.1/24; + } + } + } + lo0 { + unit 0 { + family inet { + filter { + input v4-mgmt; + } + address 151.216.255.0/32; + address 185.12.59.0/32; + } + family inet6 { + filter { + input v6-mgmt; + } + address 2a02:ed02:ffff::0/128; + } + } + } + vme { + unit 0; + } +} +snmp { + view safe_poll { + oid 1.3.6.1.2.1.1 include; + oid 1.3.6.1.2.1.2 include; + oid 1.3.6.1.4.1.2636.3.5.2.1 include; + oid 1.3.6.1.4.1.2636.3.1.13.1.5 include; + } + community <removed> { + client-list-name mgmt; + } + community <removed> { + client-list-name mgmt; + } +} +forwarding-options { + analyzer { + fortigate-1 { + input { + ingress { + interface ae5.0; + } + egress { + interface ae5.0; + } + } + output { + interface et-2/1/0.0; + } + } + inactive: fortigate-2 { + input { + ingress { + interface xe-1/2/2.0; + interface xe-1/2/3.0; + } + } + output { + interface et-2/1/1.0; + } + } + } + dhcp-relay { + dhcpv6 { + group all { + interface irb.240; + interface irb.2500; + } + server-group { + v6-dhcp { + 2a02:ed02:1ee7::66; + } + } + } + server-group { + v4-dhcp { + 185.12.59.66; + 185.12.59.2; + } + } + group all { + active-server-group v4-dhcp; + overrides { + trust-option-82; + } + interface irb.240; + interface irb.2500; + } + } +} +routing-options { + nonstop-routing; + rib inet.0 { + static { + route 151.216.128.0/17 reject; + route 185.12.59.0/24 reject; + route 185.12.59.96/27 next-hop 151.216.128.9; + route 185.12.59.128/25 next-hop 151.216.128.9; + } + } + rib inet6.0 { + static { + route 2a02:ed02::/32 reject; + route 2001:67c:2e44::/48 reject; + } + } + router-id 151.216.255.0; + autonomous-system 35642; +} +protocols { + bgp { + group v4-blix { + import v4-blix-in; + export v4-blix-out; + neighbor 185.12.58.1 { + peer-as 50304; + } + } + group v6-blix { + import v6-blix-in; + export v6-blix-out; + neighbor 2a02:ed01::1 { + peer-as 50304; + } + } + } + ospf { + export [ redistribute-direct redistribute-static redistribute-default ]; + reference-bandwidth 1000g; + area 0.0.0.0 { + interface ae0.0; + interface ae1.0; + interface xe-1/2/0.0; + interface ae2.20; + } + } + ospf3 { + export [ redistribute-direct redistribute-static redistribute-default ]; + reference-bandwidth 1000g; + area 0.0.0.0 { + interface ae0.0; + interface ae1.0; + interface xe-1/2/0.0; + interface ae2.20; + } + } + pim { + rp { + static { + address 2a02:ed02:ffff::11; + address 151.216.255.11; + } + } + interface ae0.0 { + family inet; + family inet6; + } + interface ae1.0 { + family inet; + family inet6; + } + interface xe-1/2/0.0 { + family inet; + family inet6; + } + } + lldp { + interface all; + } + lldp-med { + interface all; + } + igmp-snooping { + vlan default; + } + inactive: sflow { + agent-id 151.216.255.0; + polling-interval 3600; + sample-rate { + ingress 10; + egress 10; + } + source-ip 151.216.255.0; + collector <removed>; + interfaces sflow; + } + layer2-control { + nonstop-bridging; + } +} +policy-options { + prefix-list v4-mgmt { + /* NOC clients */ + 151.216.254.0/24; + /* Servers */ + 185.12.59.0/26; + } + prefix-list v6-mgmt { + /* NOC clients */ + 2a02:ed02:254::/64; + /* Servers */ + 2a02:ed02:1337::/64; + } + prefix-list mgmt { + /* NOC clients */ + 151.216.254.0/24; + /* Servers */ + 185.12.59.0/26; + /* NOC clients */ + 2a02:ed02:254::/64; + /* Servers */ + 2a02:ed02:1337::/64; + } + + prefix-list fbf-steam { + 2.16.94.112/32; + 2.17.35.235/32; + 2.18.192.192/32; + 23.10.252.26/32; + 23.10.252.51/32; + 23.32.105.6/32; + 23.62.99.32/32; + 23.77.200.247/32; + 23.214.66.123/32; + 23.214.146.125/32; + 23.215.60.219/32; + 72.165.61.0/24; + 81.171.115.0/24; + 87.248.217.0/24; + 90.101.0.113/32; + 92.122.219.117/32; + 95.101.0.0/22; + 95.101.248.45/32; + 103.28.54.0/23; + 146.66.152.0/23; + 146.66.156.10/32; + 172.229.200.45/32; + 195.18.221.144/32; + 205.185.220.0/24; + 208.64.200.0/24; + 209.197.0.0/16; + 212.187.201.0/24; + } + prefix-list fbf-netflix { + 23.246.2.0/23; + 23.246.4.0/22; + 23.246.8.0/21; + 23.246.16.0/21; + 23.246.24.0/22; + 23.246.28.0/23; + 23.246.32.0/20; + 23.246.48.0/20; + 23.246.62.0/24; + 23.246.63.0/24; + 37.77.184.0/21; + 69.53.224.0/19; + 108.175.32.0/20; + 185.2.220.0/22; + 185.9.188.0/23; + 185.9.190.0/23; + 192.173.64.0/20; + 192.173.64.0/24; + 192.173.80.0/20; + 192.173.96.0/20; + 192.173.112.0/20; + 198.38.96.0/20; + 198.38.112.0/21; + 198.38.120.0/22; + 198.38.124.0/23; + 198.45.48.0/20; + 208.75.77.0/24; + } + prefix-list fbf-twitch { + 185.42.204.0/22; + 192.16.64.0/21; + 199.9.248.0/21; + } + prefix-list fbf-nrk { + 23.8.146.0/24; + 46.137.77.0/24; + 50.16.209.0/24; + 50.16.231.0/24; + 50.17.243.0/24; + 54.225.239.0/24; + 54.243.68.0/24; + 54.243.145.0/24; + 65.52.155.0/24; + 77.88.106.0/24; + 82.96.58.0/24; + 94.245.71.0/24; + 95.101.0.112/32; + 160.68.205.0/24; + 174.129.219.0/24; + 184.28.17.0/24; + 184.73.220.0/24; + 204.236.234.0/24; + 204.245.63.0/24; + } + prefix-list fbf-spotify { + 23.92.96.0/22; + 23.92.100.0/22; + 23.92.104.0/22; + 54.230.97.211/32; + 54.230.98.246/32; + 54.230.99.207/32; + 78.31.8.0/22; + 78.31.12.0/22; + 192.121.53.0/24; + 192.121.132.0/24; + 192.121.140.0/24; + 192.165.160.0/22; + 193.181.4.0/22; + 193.181.180.0/22; + 193.182.3.0/24; + 193.182.7.0/24; + 193.182.8.0/21; + 193.182.243.0/24; + 193.234.240.0/22; + 193.235.32.0/24; + 193.235.51.0/24; + 193.235.203.0/24; + 193.235.206.0/24; + 193.235.224.0/24; + 193.235.232.0/22; + 194.14.177.0/24; + 194.68.28.0/22; + 194.68.116.0/24; + 194.68.169.0/24; + 194.68.176.0/22; + 194.68.181.0/24; + 194.68.183.0/24; + 194.71.148.0/22; + 194.103.10.0/24; + 194.103.13.0/24; + 194.103.36.0/22; + 194.132.152.0/22; + 194.132.162.0/24; + 194.132.168.0/22; + 194.132.176.0/22; + 194.132.196.0/22; + 194.132.204.0/22; + } + policy-statement redistribute-default { + from protocol bgp; + then { + external { + type 1; + } + accept; + } + } + policy-statement redistribute-direct { + from protocol direct; + then { + external { + type 1; + } + accept; + } + } + policy-statement redistribute-static { + from protocol static; + then { + external { + type 1; + } + accept; + } + } + policy-statement v4-blix-in { + from { + route-filter 0.0.0.0/0 exact; + } + } + policy-statement v4-blix-out { + from { + route-filter 151.216.128.0/17 exact; + route-filter 185.12.59.0/24 exact; + } + then accept; + } + policy-statement v6-blix-in { + from { + route-filter ::/0 exact; + } + } + policy-statement v6-blix-out { + from { + route-filter 2a02:ed02::/32 exact; + route-filter 2001:67c:2e44::/48 exact; + } + then accept; + } +} +firewall { + family inet { + filter v4-fbf { + term fbf-event-nope { + from { + destination-address { + 10.20.0.0/16; + } + } + then { + count fbf-event-nope; + accept; + } + } + term fbf-event { + from { + source-address { + 10.20.0.0/16; + } + } + then { + count fbf-event; + routing-instance to-firewall; + } + } + inactive: term fbf-prefix-list { + from { + source-prefix-list { + fbf-netflix; + fbf-nrk; + fbf-spotify; + fbf-steam; + fbf-twitch; + } + } + then { + routing-instance to-nat; + } + } + inactive: term fbf-blizzard { + from { + destination-address { + 12.129.242.30/32; + 12.129.193.242/32; + 80.239.186.0/25; + 80.239.208.0/25; + } + } + then { + count fbf-blizzard; + routing-instance to-nat; + } + } + inactive: term fbf-steam { + from { + destination-address { + 92.122.219.117/32; + 172.229.200.45/32; + 95.101.248.45/32; + 23.32.105.6/32; + 23.214.66.123/32; + 23.214.146.125/32; + 2.17.35.235/32; + 90.101.0.113/32; + 146.66.156.10/32; + 23.62.99.32/32; + 2.18.192.192/32; + 23.10.252.51/32; + 23.215.60.219/32; + 23.77.200.247/32; + 23.10.252.26/32; + 2.16.94.112/32; + 95.101.0.0/22; + 195.18.221.144/32; + 72.165.61.0/24; + 81.171.115.0/24; + 87.248.217.0/24; + 103.28.54.0/23; + 146.66.152.0/23; + 205.185.220.0/24; + 208.64.200.0/24; + 209.197.0.0/16; + 212.187.201.0/24; + 23.223.16.0/20; + } + } + then { + count fbf-steam; + routing-instance to-nat; + } + } + /* League of Legends EU West */ + inactive: term fbf-riotgames { + from { + destination-address { + 54.230.99.43/32; + 195.18.221.144/32; + 23.52.27.27/32; + 172.255.83.1/32; + 185.40.64.0/22; + 178.255.83.1/32; + } + } + then { + count fbf-riotgames; + routing-instance to-nat; + } + } + inactive: term fbf-spotify { + from { + destination-address { + 54.230.98.246/32; + 54.230.97.211/32; + 54.230.99.207/32; + 23.92.96.0/22; + 23.92.100.0/22; + 23.92.104.0/22; + 78.31.8.0/22; + 78.31.12.0/22; + 192.121.53.0/24; + 192.121.132.0/24; + 192.121.140.0/24; + 192.165.160.0/22; + 193.181.4.0/22; + 193.181.180.0/22; + 193.182.3.0/24; + 193.182.7.0/24; + 193.182.8.0/21; + 193.182.243.0/24; + 193.234.240.0/22; + 193.235.32.0/24; + 193.235.51.0/24; + 193.235.203.0/24; + 193.235.206.0/24; + 193.235.224.0/24; + 193.235.232.0/22; + 194.14.177.0/24; + 194.68.28.0/22; + 194.68.116.0/24; + 194.68.169.0/24; + 194.68.176.0/22; + 194.68.181.0/24; + 194.68.183.0/24; + 194.71.148.0/22; + 194.103.10.0/24; + 194.103.13.0/24; + 194.103.36.0/22; + 194.132.152.0/22; + 194.132.162.0/24; + 194.132.168.0/22; + 194.132.176.0/22; + 194.132.196.0/22; + 194.132.204.0/22; + } + } + then { + count fbf-spotify; + routing-instance to-nat; + } + } + inactive: term fbf-origin { + from { + destination-address { + 2.19.187.0/25; + 184.86.15.128/25; + 54.243.176.0/23; + 23.15.8.0/24; + 23.21.0.0/16; + 23.23.0.0/16; + 23.32.241.0/24; + 23.46.0.0/16; + 50.16.0.0/16; + 50.17.0.0/16; + 54.225.0.0/16; + 81.21.146.0/24; + 107.20.244.0/24; + 120.29.145.0/24; + 124.40.32.0/24; + 125.56.200.0/24; + 164.177.139.0/24; + 184.73.0.0/16; + 204.236.239.0/24; + 23.54.0.0/20; + } + } + then { + count fbf-origin; + routing-instance to-nat; + } + } + inactive: term fbf-nrk { + from { + destination-address { + 23.8.146.0/24; + 46.137.77.0/24; + 50.16.209.0/24; + 50.16.231.0/24; + 50.17.243.0/24; + 54.225.239.0/24; + 54.243.145.0/24; + 54.243.68.0/24; + 65.52.155.0/24; + 77.88.106.0/24; + 82.96.58.0/24; + 94.245.71.0/24; + 160.68.205.0/24; + 174.129.219.0/24; + 184.28.17.0/24; + 184.73.220.0/24; + 204.245.63.0/24; + 204.236.234.0/24; + 95.101.0.112/32; + } + } + then { + count fbf-nrk; + routing-instance to-nat; + } + } + inactive: term fbf-twitch { + from { + destination-address { + 185.42.204.0/22; + 199.9.248.0/21; + 192.16.64.0/21; + } + } + then { + count fbf-twitch; + routing-instance to-nat; + } + } + inactive: term fbf-viaplay { + from { + destination-address { + 54.72.0.0/13; + 54.80.0.0/12; + 54.224.0.0/12; + 54.72.0.0/16; + 54.144.0.0/14; + 54.192.0.0/22; + 54.246.173.25/32; + 52.16.240.0/20; + } + } + then { + count fbf-viaplay; + routing-instance to-nat; + } + } + inactive: term fbf-tv2 { + from { + destination-address { + 77.75.208.0/21; + 193.227.204.0/23; + 193.160.156.0/23; + } + } + then { + count fbf-tv2; + routing-instance to-nat; + } + } + inactive: term fbf-netflix { + from { + destination-address { + 69.53.224.0/19; + 208.75.77.0/24; + 23.246.2.0/23; + 23.246.4.0/22; + 23.246.8.0/21; + 23.246.16.0/21; + 23.246.24.0/22; + 23.246.28.0/23; + 23.246.32.0/20; + 23.246.48.0/20; + 23.246.62.0/24; + 23.246.63.0/24; + 37.77.184.0/21; + 108.175.32.0/20; + 185.2.220.0/22; + 185.9.188.0/23; + 185.9.190.0/23; + 192.173.64.0/20; + 192.173.64.0/24; + 192.173.80.0/20; + 192.173.96.0/20; + 192.173.112.0/20; + 198.38.96.0/20; + 198.38.112.0/21; + 198.38.120.0/22; + 198.38.124.0/23; + 198.45.48.0/20; + } + } + then { + count fbf-netflix; + routing-instance to-nat; + } + } + inactive: term fbf-ubisoft { + from { + destination-address { + 216.98.62.0/23; + 216.98.61.0/24; + 216.98.59.0/24; + 216.98.56.0/24; + 216.98.48.0/24; + 216.98.48.0/20; + 195.88.183.0/24; + 195.88.182.0/24; + 195.22.144.0/23; + 194.2.155.0/24; + 194.169.249.0/24; + 193.138.66.0/24; + 185.38.20.0/22; + } + } + then { + count fbf-ubisoft; + routing-instance to-nat; + } + } + inactive: term fbf-harald { + from { + destination-address { + 91.209.30.12/32; + 91.209.30.134/32; + 91.209.30.20/32; + } + } + then { + count fbf-harald; + routing-instance to-nat; + } + } + inactive: term fbf-google { + from { + destination-address { + 216.58.209.0/24; + } + } + then { + count fbf-google; + routing-instance to-nat; + } + } + term accept-last { + then { + count accept-last; + accept; + } + } + } + filter v4-event { + term accept-event { + from { + source-address { + 10.20.0.0/16; + } + } + then { + count accept-event; + accept; + } + } + term accept-noc { + from { + source-address { + 185.12.59.0/26; + 185.12.59.64/27; + } + } + then { + count accept-noc; + accept; + } + } + term reject-tg { + from { + source-address { + 185.12.59.0/24; + 151.216.128.0/17; + } + } + then { + count reject-tg; + reject; + } + } + term accept-all { + then { + count accept-all; + accept; + } + } + } + filter v4-mgmt { + term accept-ssh { + from { + source-prefix-list { + v4-mgmt; + } + destination-port 22; + } + then { + count accept-ssh; + accept; + } + } + term reject-ssh { + from { + destination-port 22; + } + then { + count reject-ssh; + reject; + } + } + term accept-all { + then { + count accept-all; + accept; + } + } + } + filter v4-internet-ingress { + term block-ntp { + from { + protocol udp; + destination-port ntp; + } + then { + count block-ntp; + discard; + } + } + term accept-all { + then { + count accept-all; + accept; + } + } + } + filter v4-internet-egress { + term accept-all { + then { + count accept-all; + accept; + } + } + } + filter v4-security { + term accept-security { + from { + source-address { + 10.30.0.0/16; + } + destination-address { + 10.30.0.0/16; + } + } + then accept; + } + term discard-all { + then { + discard; + } + } + } + } + family inet6 { + filter v6-mgmt { + term accept-ssh { + from { + source-prefix-list { + v6-mgmt; + } + destination-port 22; + } + then { + count accept-ssh; + accept; + } + } + term reject-ssh { + from { + destination-port 22; + } + then { + count reject-ssh; + reject; + } + } + term accept-all { + then { + count accept-all; + accept; + } + } + } + filter v6-internet-ingress { + term accept-all { + then { + count accept-all; + accept; + } + } + } + filter v6-internet-egress { + term accept-all { + then { + count accept-all; + accept; + } + } + } + } +} +access { + address-assignment { + pool v4-teletemp { + family inet { + network 151.216.160.0/24; + range v4-teletemp { + low 151.216.160.10; + high 151.216.160.50; + } + dhcp-attributes { + name-server { + 8.8.8.8; + } + router { + 151.216.160.1; + } + } + } + } + pool event_tele { + family inet { + network 10.20.20.0/24; + range event_tele { + low 10.20.20.2; + high 10.20.20.254; + } + dhcp-attributes { + name-server { + 185.12.59.66; + 185.12.59.2; + } + router { + 10.20.20.1; + } + } + } + } + } +} +routing-instances { + to-firewall { + description "For firewalling of event-net"; + instance-type virtual-router; + interface ae2.30; + routing-options { + static { + route 0.0.0.0/0 next-hop 151.216.128.45; + } + } + } + to-nat { + description "For NAT av tjenester"; + instance-type virtual-router; + interface ae2.10; + routing-options { + static { + route 0.0.0.0/0 next-hop 151.216.128.7; + } + } + } +} +virtual-chassis { + preprovisioned; + member 0 { + role routing-engine; + serial-number <removed>; + } + member 1 { + role routing-engine; + serial-number <removed>; + } + member 2 { + role line-card; + serial-number <removed>; + } +} +vlans { + DHCP { + vlan-id 66; + l3-interface irb.66; + } + TELETEMP { + vlan-id 10; + l3-interface irb.10; + } + default { + vlan-id 1; + l3-interface irb.0; + } + studio_klient { + vlan-id 240; + l3-interface irb.240; + } + tele_event { + vlan-id 2500; + l3-interface irb.2500; + } + tele_mgmt { + vlan-id 1831; + l3-interface irb.1831; + } + tele_security { + vlan-id 3000; + l3-interface irb.3000; + } +} |