[Nocrancid] autopop-onenet.net router config diffs

Thu Sep 7 23:04:47 CDT 2017

Index: configs/allen-public-library.client.onenet.net
===================================================================

--- configs/allen-public-library.client.onenet.net	(revision 156428)
+++ configs/allen-public-library.client.onenet.net	(working copy)
@@ -152,8 +152,8 @@
 #ge-0/0/2.0 up up
 #ge-0/0/3 up down
 #ge-0/0/3.0 up down
-#ge-0/0/4 up up
-#ge-0/0/4.0 up up
+#ge-0/0/4 up down
+#ge-0/0/4.0 up down
 #ge-0/0/5 up up
 #ge-0/0/5.0 up up
 #ge-0/0/6 up up
Index: configs/kiamichi-fmc-battiest.client.onenet.net
===================================================================
--- configs/kiamichi-fmc-battiest.client.onenet.net	(revision 156431)
+++ configs/kiamichi-fmc-battiest.client.onenet.net	(working copy)
@@ -187,7 +187,7 @@
 #ppd0 up up
 #ppe0 up up
 #st0 up up
-#st0.1 up up
+#st0.1 up down
 #st0.2 up up
 #tap up up
 #vlan up down
Index: configs/lavern-public-schools.client.onenet.net
===================================================================
--- configs/lavern-public-schools.client.onenet.net	(revision 156430)
+++ configs/lavern-public-schools.client.onenet.net	(working copy)
@@ -110,7 +110,7 @@
 # 
 # grnoc-mon at LAVERN-PUBLIC-SCHOOLS-TAG-004351> show interface terse 
 #Interface Admin Link
-#ge-0/0/0 down up
+#ge-0/0/0 down down
 #gr-0/0/0 up up
 #ip-0/0/0 up up
 #lsq-0/0/0 up up
Index: configs/city-of-lawton.client.onenet.net
===================================================================
--- configs/city-of-lawton.client.onenet.net	(revision 156430)
+++ configs/city-of-lawton.client.onenet.net	(working copy)
@@ -1,12 +1,12 @@
 # RANCID-CONTENT-TYPE: juniper
 #
 # grnoc-mon at CITY-OF-LAWTON-005231> show system commit 
+#   2017-09-07 22:29:43 CDT by joel via cli
+#   2017-09-07 22:26:11 CDT by joel via cli commit confirmed, rollback in 5mins
 #   2017-09-07 20:03:30 CDT by joel via cli commit confirmed, rollback in 5mins
 #   2017-09-07 19:43:20 CDT by joel via cli commit confirmed, rollback in 5mins
 #   2017-09-07 18:19:33 CDT by joel via cli
 #   2017-09-07 18:05:35 CDT by joel via cli
-#   2017-09-07 17:59:05 CDT by joel via cli
-#   2017-09-07 17:52:10 CDT by joel via cli
 # grnoc-mon at CITY-OF-LAWTON-005231> show chassis environment 
 # Class Item                           Status     Measurement
 # Temp  Routing Engine                 OK        
@@ -135,7 +135,7 @@
 # Time Source:  NTP CLOCK 
 # System booted: 2017-08-25 14:03 CDT 
 # Protocols started: 2017-08-25 14:03 CDT 
-# Last configured: 2017-09-07 20:03 CDT  by joel
+# Last configured: 2017-09-07 22:29 CDT  by joel
 # 
 # grnoc-mon at CITY-OF-LAWTON-005231> show interface terse 
 #Interface Admin Link
@@ -193,6 +193,7 @@
 #irb.160 up up
 #irb.166 up up
 #irb.200 up up
+#irb.234 up up
 #irb.300 up up
 #irb.302 up up
 #irb.304 up up
@@ -228,7 +229,7 @@
 #vlan up down
 #vtep up up
 # grnoc-mon at CITY-OF-LAWTON-005231> show configuration 
-## Last commit: 2017-09-07 20:03:30 CDT by joel
+## Last commit: 2017-09-07 22:29:43 CDT by joel
 version 15.1X49-D90.7;
 groups {
     BASTION-HOSTS {
@@ -1071,6 +1072,15 @@
             address MAINFRAME-PRINTER-172.16.1.12 172.16.1.12/32;
             address MAINFRAME-PRINTER-172.16.1.38 172.16.1.38/32;
             address MAINFRAME-PRINTER-172.16.1.13 172.16.1.13/32;
+            address SERVER-EX1-10.200.0.61 {
+                description Server-EX1;
+                10.200.0.61/32;
+            }
+            address SERVER-EX2-10.200.0.62 {
+                description Server-EX2;
+                10.200.0.62/32;
+            }
+            address MAIL-NETWORK-234-10.200.0.0/23 10.200.0.0/24;
             address-set VERIZON-STATIC-FT-SILL-1 {
                 description "Fort Sill MP Static IPs for CAD Access";
                 address VERIZON-STATIC-FT-SILL-1-166.148.145.240;
@@ -1441,6 +1451,45 @@
                     }
                 }
             }
+            rule-set MAIL-NETWORK-234-TO-UNTRUST-NAT {
+                from zone MAIL-NETWORK-234;
+                to zone UNTRUST;
+                rule NAT-MAIL-NETWORK-234-EXEMPT-DC1 {
+                    match {
+                        source-address 10.200.0.0/24;
+                        destination-address 164.58.2.192/28;
+                    }
+                    then {
+                        source-nat {
+                            off;
+                        }
+                    }
+                }
+                rule MAIL-NETWORK-234-TO-DAG-OUTSIDE {
+                    match {
+                        source-address [ 10.200.0.61/32 10.200.0.62/32 ];
+                    }
+                    then {
+                        source-nat {
+                            pool {
+                                MS-EXCHANGE-DAG-OUTSIDE;
+                            }
+                        }
+                    }
+                }
+                rule NAT-MAIL-NETWORK-234-TO-UNTRUST {
+                    match {
+                        source-address 10.200.0.0/24;
+                    }
+                    then {
+                        source-nat {
+                            pool {
+                                CITY-OF-LAWTON-OUTSIDE;
+                            }
+                        }
+                    }
+                }
+            }
         }
         static {
             rule-set STATIC-NAT {
@@ -2416,6 +2465,80 @@
                 }
             }
         }
+        from-zone UNTRUST to-zone MAIL-NETWORK-234 {
+            policy NAT-EXEMPT-MAIL-NETWORK-234 {
+                match {
+                    source-address NAT-EXEMPT-ACTIVE-DIRECTORY-164.58.2.192/28;
+                    destination-address MAIL-NETWORK-234-10.200.0.0/23;
+                    application any;
+                }
+                then {
+                    permit;
+                }
+            }
+        }
+        from-zone MAIL-NETWORK-234 to-zone UNTRUST {
+            policy MAIL-NETWORK-234-TO-LAWTON-DC {
+                match {
+                    source-address MAIL-NETWORK-234-10.200.0.0/23;
+                    destination-address NAT-EXEMPT-ACTIVE-DIRECTORY-164.58.2.192/28;
+                    application any;
+                }
+                then {
+                    permit;
+                    log {
+                        session-init;
+                        session-close;
+                    }
+                }
+            }
+            policy MAIL-NETWORK-234-OUTBOUND-MAIL {
+                match {
+                    source-address [ SERVER-EX1-10.200.0.61 SERVER-EX2-10.200.0.62 ];
+                    destination-address any;
+                    application SMTP;
+                }
+                then {
+                    permit;
+                    log {
+                        session-init;
+                        session-close;
+                    }
+                }
+            }
+        }
+        from-zone MAIL-NETWORK-234 to-zone TRUST {
+            policy MAIL-NETWORK-234-TO-TRUST-EXCHANGE {
+                match {
+                    source-address [ SERVER-EX1-10.200.0.61 SERVER-EX2-10.200.0.62 ];
+                    destination-address MS-EXCHANGE-DAG-INSIDE-172.16.1.180;
+                    application [ junos-https SMTP ];
+                }
+                then {
+                    permit;
+                    log {
+                        session-init;
+                        session-close;
+                    }
+                }
+            }
+        }
+        from-zone TRUST to-zone MAIL-NETWORK-234 {
+            policy TRUST-EXCHANGE-TO-MAIL-NETWORK-234 {
+                match {
+                    source-address MS-EXCHANGE-DAG-INSIDE-172.16.1.180;
+                    destination-address [ SERVER-EX1-10.200.0.61 SERVER-EX2-10.200.0.62 ];
+                    application [ junos-https SMTP ];
+                }
+                then {
+                    permit;
+                    log {
+                        session-init;
+                        session-close;
+                    }
+                }
+            }
+        }
     }
     zones {
         security-zone DMZ {
@@ -2795,6 +2918,18 @@
                 }
             }
         }
+        security-zone MAIL-NETWORK-234 {
+            interfaces {
+                irb.234 {
+                    host-inbound-traffic {
+                        system-services {
+                            ping;
+                            traceroute;
+                        }
+                    }
+                }
+            }
+        }
     }
 }
 interfaces {
@@ -2896,7 +3031,7 @@
             family ethernet-switching {
                 interface-mode trunk;
                 vlan {
-                    members [ 2 5 233 2000 ];
+                    members [ 2 5 233-234 2000 ];
                 }
             }
         }
@@ -2995,6 +3130,12 @@
                 address 10.2.0.1/23;
             }
         }
+        unit 234 {
+            description "L3 INTERFACE - MAIL-NETWORK-234 - 10.200.0.1/24";
+            family inet {
+                address 10.200.0.1/24;
+            }
+        }
         unit 300 {
             description "L3 INTERFACE - TR-0300-PRINTERS_SCANNERS - 10.3.0.1/23";
             family inet {
@@ -3389,6 +3530,10 @@
         vlan-id 911;
         l3-interface irb.911;
     }
+    MAIL-NETWORK-234 {
+        vlan-id 234;
+        l3-interface irb.234;
+    }
     QUASAR {
         vlan-id 2;
         l3-interface irb.2;

