unset key protection enable
set clock ntp
set clock timezone -5
set clock dst recurring start-weekday 2 0 3 02:00 end-weekday 1 0 11 02:00
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
set ignore-subnet-conflict
exit
set service "RDC" protocol tcp src-port 778-778 dst-port 3389-3389 
set service "Bittorrent" protocol tcp src-port 0-65535 dst-port 6811-6999 
set service "Bittorrent" + tcp src-port 0-65535 dst-port 6969-6969 
set service "Bittorrent" timeout 1
set alg pptp enable
set alg appleichat enable
unset alg appleichat re-assembly enable
set alg sctp enable
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth-server "Microsoft" id 1
set auth-server "Microsoft" server-name "10.50.100.12"
set auth-server "Microsoft" account-type auth xauth 
set auth-server "Microsoft" radius secret "********************"
set auth default auth server "Local"
set auth radius accounting port 1646
set admin name "admin"
set admin password "*******************"
set admin http redirect
set admin auth web timeout 10
set admin auth server "Local"
set admin auth remote root
set admin privilege get-external
set admin format dos
set vip multi-port
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst 
set zone "Untrust" block 
unset zone "Untrust" tcp-rst 
set zone "MGT" block 
unset zone "V1-Trust" tcp-rst 
unset zone "V1-Untrust" tcp-rst 
set zone "DMZ" tcp-rst 
unset zone "V1-DMZ" tcp-rst 
unset zone "VLAN" tcp-rst 
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "ethernet0/0" zone "Trust"
set interface "ethernet0/1" zone "Trust"
set interface "ethernet0/2" zone "Untrust"
set interface "ethernet0/3" zone "Untrust"
set interface ethernet0/0 ip 10.50.101.1/23
set interface ethernet0/0 route
unset interface vlan1 ip
set interface ethernet0/1 ip 10.50.100.1/23
set interface ethernet0/1 route
set interface ethernet0/2 ip 209.66.114.182/30
set interface ethernet0/2 nat
set interface ethernet0/3 ip 192.168.0.10/24
set interface ethernet0/3 nat
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet0/0 manage-ip 10.50.101.2
set interface ethernet0/1 manage-ip 10.50.100.2
set interface ethernet0/0 ip manageable
set interface ethernet0/1 ip manageable
set interface ethernet0/2 ip manageable
unset interface ethernet0/3 ip manageable
set interface ethernet0/2 manage ssh
set interface ethernet0/2 manage telnet
set interface ethernet0/2 manage web
set interface ethernet0/3 manage web
set interface vlan1 manage mtrace
set interface ethernet0/2 vip interface-ip
set interface ethernet0/0 dhcp server service
set interface ethernet0/1 dhcp server service
set interface ethernet0/0 dhcp server enable
set interface ethernet0/1 dhcp server enable
set interface ethernet0/0 dhcp server option lease 1440 
set interface ethernet0/0 dhcp server option gateway 10.50.101.1 
set interface ethernet0/0 dhcp server option netmask 255.255.254.0 
set interface ethernet0/0 dhcp server option dns1 10.50.100.12 
set interface ethernet0/0 dhcp server option dns2 8.8.8.8 
set interface ethernet0/0 dhcp server option dns3 4.2.2.2 
set interface ethernet0/1 dhcp server option lease 1440 
set interface ethernet0/1 dhcp server option gateway 10.50.100.1 
set interface ethernet0/1 dhcp server option netmask 255.255.254.0 
set interface ethernet0/1 dhcp server option dns1 10.50.100.12 
set interface ethernet0/1 dhcp server option dns2 8.8.8.8 
set interface ethernet0/1 dhcp server option dns3 4.2.2.2 
set interface ethernet0/0 dhcp server ip 10.50.101.11 to 10.50.101.254 
set interface ethernet0/1 dhcp server ip 10.50.100.51 to 10.50.100.254 
unset interface ethernet0/0 dhcp server config next-server-ip
unset interface ethernet0/1 dhcp server config next-server-ip
unset flow no-tcp-seq-check
set flow tcp-syn-check
unset flow tcp-syn-bit-check
set flow reverse-route clear-text prefer
set flow reverse-route tunnel always
set hostname Firewall-2
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set dns host dns1 10.50.100.12 src-interface ethernet0/1
set dns host dns2 4.2.2.2 src-interface ethernet0/1
set dns host dns3 4.2.2.3 src-interface ethernet0/1
set dns host schedule 06:28 interval 8
set address "Trust" "10.10.1.0/24" 10.10.1.0 255.255.255.0
set address "Trust" "10.50.100.0/23" 10.50.100.0 255.255.254.0
set address "Trust" "10.50.100.0/24" 10.50.100.0 255.255.255.0
set address "Trust" "10.50.100.1/23" 10.50.100.1 255.255.254.0
set address "Trust" "10.50.101.1/23" 10.50.101.1 255.255.254.0
set address "Trust" "209.66.114.182/30" 209.66.114.182 255.255.255.252
set ippool "JuniperRemote-IPpool" 10.10.1.1 10.10.1.50
set user "v.kapur" uid 22
set user "v.kapur" ike-id fqdn "v" share-limit 1
set user "v.kapur" type ike xauth
set user "v.kapur" password "**********************"
unset user "v.kapur" type auth
set user "v.kapur" "enable"
set user "vpnclient_ph1id" uid 19
set user "vpnclient_ph1id" ike-id fqdn "client.corporate.com" share-limit 10
set user "vpnclient_ph1id" type ike
set user "vpnclient_ph1id" "enable"
set user-group "Juniper.VPN.Users" id 14
set user-group "Juniper.VPN.Users" location external
set user-group "Juniper.VPN.Users" type auth l2tp xauth 
set user-group "VPN-Client-GRP" id 12
set user-group "VPN-Client-GRP" user "vpnclient_ph1id"
set crypto-policy
exit
set ike gateway "GW-DIALUP-VPN" dialup "VPN-Client-GRP" Aggr local-id "vpn.corporate.com" outgoing-interface "ethernet0/2" preshare "*********************" proposal "pre-g2-3des-sha" "pre-g2-3des-md5" "pre-g2-aes128-sha" "pre-g2-aes128-md5"
set ike gateway "GW-DIALUP-VPN" dpd-liveness interval 30
unset ike gateway "GW-DIALUP-VPN" nat-traversal udp-checksum
set ike gateway "GW-DIALUP-VPN" nat-traversal keepalive-frequency 20
set ike gateway "GW-DIALUP-VPN" xauth server "Microsoft"
set ike gateway "GW-DIALUP-VPN" xauth accounting server "Microsoft" 
unset ike gateway "GW-DIALUP-VPN" xauth do-edipi-auth
set ike respond-bad-spi 1
set ike ikev2 ike-sa-soft-lifetime 60
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set xauth default ippool "JuniperRemote-IPpool"
set xauth default dns1 10.50.100.12
set xauth default dns2 4.2.2.2
set xauth default auth server "Microsoft" chap
set xauth default accounting server "Microsoft"
set vpn "IKE-DIALUP-VPN" gateway "GW-DIALUP-VPN" no-replay tunnel idletime 0 proposal "nopfs-esp-des-sha"  "nopfs-esp-des-md5"  "nopfs-esp-aes128-sha"  "nopfs-esp-aes128-md5" 
set url protocol websense
set deny-message "Your internet access policy currently restricts access to this site. Contact your systems administrator for further details."
unset deny-message use-server
exit
set policy id 7 from "Untrust" to "Trust"  "Dial-Up VPN" "Any" "ANY" tunnel vpn "IKE-DIALUP-VPN" id 0x24 pair-policy 8 log 
set policy id 7
set log session-init
exit
set policy id 4 name "Bittorrent" from "Untrust" to "Trust"  "Any" "Any" "Bittorrent" deny url-filter 
set policy id 4
exit
set policy id 8 from "Trust" to "Untrust"  "Any" "Dial-Up VPN" "ANY" tunnel vpn "IKE-DIALUP-VPN" id 0x24 pair-policy 7 log 
set policy id 8
set log session-init
exit
set policy id 1 name "Outgoing" from "Trust" to "Untrust"  "Any" "Any" "ANY" nat src permit log 
set policy id 1
set log session-init
exit
set policy id 2 name "Incoming" from "Untrust" to "Trust"  "Any" "Any" "ANY" permit log 
set policy id 2
set log session-init
exit
set policy id 6 from "Untrust" to "Trust"  "Any" "VIP(ethernet0/2)" "FTP" permit 
set policy id 6 disable
set policy id 6
exit
set nsmgmt bulkcli reboot-timeout 60
set ssh version v2
set config lock timeout 5
unset license-key auto-update
set telnet client enable
set ntp server "64.90.182.55"
set ntp server src-interface "ethernet0/1"
set ntp server backup1 "96.47.67.105"
set ntp server backup1 src-interface "ethernet0/1"
set snmp port listen 161
set snmp port trap 162
set snmpv3 local-engine id "**************"
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
set route 0.0.0.0/0 interface ethernet0/2 gateway 209.66.114.181
set route 172.20.160.10/24 interface ethernet0/0 gateway 172.20.160.1
set route 172.20.160.0/24 interface ethernet0/1 gateway 172.20.160.1
exit
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit