--- JUNOS 10.2R3.10 built 2010-10-16 20:36:59 UTC show configuration | display set set version 10.2R3.

10 set system host-name set system time-zone america/bogota set system authentication-order tacplus set system root-authentication encrypted-password "$1$1AOx/0J9$k12DOQPUk4cdy9/FZ zg5 P0" set system name-server 208.67.222.222 set system name-server 208.67.220.220 set system tacplus-server 10.50.50.10 port 49 set system tacplus-server 10.50.50.10 secret "$9$BrKIyl8LNws4XxDHqmF3IEcSKM-Vw4J G" set system tacplus-server 10.50.50.10 timeout 60 set system tacplus-server 10.50.50.10 single-connection set system tacplus-server 10.50.50.10 source-address 10.10.7.2 set system login user bmrem full-name "all remote user" set system login user bmrem uid 2000 set system login user bmrem class super-user set system services ssh protocol-version v2 set system services telnet set system services web-management http interface fe-0/0/0.0 set system syslog archive size 100k set system syslog archive files 3 set system syslog user * any emergency set system syslog file messages any any set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set system max-configurations-on-flash 5 set system max-configuration-rollbacks 5 set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval set interfaces fe-0/0/0 unit 0 family inet address 10.10.7.2/24 set interfaces fe-0/0/1 unit 0 family inet address 10.10.249.22/30 set interfaces fe-0/0/3 unit 0 family inet address 10.10.251.22/30 set snmp description NETWORK-TEST set snmp community BJUN100 authorization read-only set snmp community BJUN100 clients 172.16.11.56/32 set snmp community BJUN100 clients 0.0.0.0/0 restrict set snmp community BJUN100 clients 172.16.11.18/32 set routing-options static route 10.10.255.20/30 next-hop 10.10.251.21 set routing-options autonomous-system 65333 set protocols bgp path-selection cisco-non-deterministic set protocols bgp log-updown set protocols bgp group group-1 type external set protocols bgp group group-1 neighbor 10.10.255.21 multihop ttl 2 set protocols bgp group group-1 neighbor 10.10.255.21 import bgp-select-telmex set protocols bgp group group-1 neighbor 10.10.255.21 export bgp-redistributes set protocols bgp group group-1 neighbor 10.10.255.21 peer-as 65010 set protocols bgp group group-1 neighbor 10.10.249.21 import bgp-select-telecom set protocols bgp group group-1 neighbor 10.10.249.21 export bgp-redistributes set protocols bgp group group-1 neighbor 10.10.249.21 peer-as 65010 set policy-options policy-statement bgp-redistributes term sourced-bgp-network f rom route-filter 10.10.7.0/24 exact set policy-options policy-statement bgp-redistributes term sourced-bgp-network t hen accept set policy-options policy-statement bgp-redistributes term ios-implicit-deny the n reject set policy-options policy-statement bgp-select-telecom term term-1 from route-fi lter 190.7.99.240/29 exact

set policy-options policy-statement bgp-select-telecom term term-1 from route-fi lter 190.7.99.248/29 exact set policy-options policy-statement bgp-select-telecom term term-1 from route-fi lter 200.31.82.80/28 exact set policy-options policy-statement bgp-select-telecom term term-1 from route-fi lter 200.31.82.64/28 exact set policy-options policy-statement bgp-select-telecom term term-1 from route-fi lter 0.0.0.0/0 exact set policy-options policy-statement bgp-select-telecom term term-1 from route-fi lter 10.10.10.0/24 exact set policy-options policy-statement bgp-select-telecom term term-1 from route-fi lter 10.0.9.0/24 exact set policy-options policy-statement bgp-select-telecom term term-1 then as-pathprepend "65010 65010 65010" set policy-options policy-statement bgp-select-telecom term term-1 then accept set policy-options policy-statement bgp-select-telecom term explicit-default-act ion then reject set policy-options policy-statement bgp-select-telmex term term-1 from route-fil ter 0.0.0.0/0 exact set policy-options policy-statement bgp-select-telmex term term-1 from route-fil ter 172.16.11.0/24 exact set policy-options policy-statement bgp-select-telmex term term-1 from route-fil ter 10.50.10.0/24 exact set policy-options policy-statement bgp-select-telmex term term-1 then accept set policy-options policy-statement bgp-select-telmex term explicit-default-acti on then reject set security screen ids-option untrust-screen icmp ping-death set security screen ids-option untrust-screen ip source-route-option set security screen ids-option untrust-screen ip tear-drop set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200 set security screen ids-option untrust-screen tcp syn-flood source-threshold 102 4 set security screen ids-option untrust-screen tcp syn-flood destination-threshol d 2048 set security screen ids-option untrust-screen tcp syn-flood queue-size 2000 set security screen ids-option untrust-screen tcp syn-flood timeout 20 set security screen ids-option untrust-screen tcp land set security zones security-zone trust tcp-rst set security zones security-zone trust interfaces fe-0/0/0.0 host-inbound-traffi c system-services http set security zones security-zone trust interfaces fe-0/0/0.0 host-inbound-traffi c system-services https set security zones security-zone trust interfaces fe-0/0/0.0 host-inbound-traffi c system-services ssh set security zones security-zone trust interfaces fe-0/0/0.0 host-inbound-traffi c system-services ping set security zones security-zone trust interfaces fe-0/0/0.0 host-inbound-traffi c system-services snmp set security zones security-zone untrust screen untrust-screen set security zones security-zone untrust interfaces fe-0/0/3.0 host-inbound-traf fic system-services http set security zones security-zone untrust interfaces fe-0/0/3.0 host-inbound-traf fic system-services https set security zones security-zone untrust interfaces fe-0/0/3.0 host-inbound-traf fic system-services ssh set security zones security-zone untrust interfaces fe-0/0/3.0 host-inbound-traf fic system-services ping set security zones security-zone untrust interfaces fe-0/0/1.0 host-inbound-traf fic system-services http

set security zones security-zone untrust interfaces fe-0/0/1.0 host-inbound-traf fic system-services https set security zones security-zone untrust interfaces fe-0/0/1.0 host-inbound-traf fic system-services ssh set security zones security-zone untrust interfaces fe-0/0/1.0 host-inbound-traf fic system-services ping set security policies from-zone trust to-zone trust policy default-permit match source-address any set security policies from-zone trust to-zone trust policy default-permit match destination-address any set security policies from-zone trust to-zone trust policy default-permit match application any set security policies from-zone trust to-zone trust policy default-permit then p ermit set security policies from-zone trust to-zone untrust policy default-permit matc h source-address any set security policies from-zone trust to-zone untrust policy default-permit matc h destination-address any set security policies from-zone trust to-zone untrust policy default-permit matc h application any set security policies from-zone trust to-zone untrust policy default-permit then permit set security policies from-zone untrust to-zone trust policy default-deny match source-address any set security policies from-zone untrust to-zone trust policy default-deny match destination-address any set security policies from-zone untrust to-zone trust policy default-deny match application any set security policies from-zone untrust to-zone trust policy default-deny then p ermit