[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Thu Sep 21 13:05:24 CDT 2017
Index: configs/hub.tis.onenet.net
===================================================================
--- configs/hub.tis.onenet.net (revision 156760)
+++ configs/hub.tis.onenet.net (working copy)
@@ -401,7 +401,7 @@
#t1-2/0/2:3 down down
#t1-2/0/2:4 up down
#t1-2/0/2:4.0 up down
-#t1-2/0/2:5 up down
+#t1-2/0/2:5 up up
#t1-2/0/2:5.0 up down
#t1-2/0/2:6 up down
#t1-2/0/2:7 up down
Index: configs/mhsso-seminole.client.onenet.net
===================================================================
--- configs/mhsso-seminole.client.onenet.net (revision 156529)
+++ configs/mhsso-seminole.client.onenet.net (working copy)
@@ -1,7 +1,11 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at MHSSO-SEMINOLE-MR-CLIENT-OWNED> show system commit
+# 2017-09-21 12:29:15 CDT by root via other
+# 2017-09-21 12:04:11 CDT by root via other
+# 2017-09-21 11:29:49 CDT by sean via cli commit confirmed, rollback in 5mins
# 2017-09-11 20:18:10 CDT by admin via cli
+# rescue 2017-09-21 11:31:40 CDT by root via recovery-mgmt
#
# grnoc-mon at MHSSO-SEMINOLE-MR-CLIENT-OWNED> show chassis environment
# Class Item Status Measurement
@@ -17,8 +21,8 @@
#
# grnoc-mon at MHSSO-SEMINOLE-MR-CLIENT-OWNED> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 12.1X44-D35.5 by builder on 2014-05
-# FWDD O/S Version 12.1X44-D35.5 by builder on 2014-05
+# FPC 0 O/S Version 12.3X48-D40.5 by builder on 2016-10
+# FWDD O/S Version 12.3X48-D40.5 by builder on 2016-10
#
# grnoc-mon at MHSSO-SEMINOLE-MR-CLIENT-OWNED> show chassis fpc detail
# Slot 0 information:
@@ -44,14 +48,17 @@
# grnoc-mon at MHSSO-SEMINOLE-MR-CLIENT-OWNED> show chassis ssb
# grnoc-mon at MHSSO-SEMINOLE-MR-CLIENT-OWNED> show system boot-messages
# kld_map_v: 0x8ff80000, kld_map_p: 0x0
-# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# Copyright (c) 1996-2016, Juniper Networks, Inc.
# All rights reserved.
# Copyright (c) 1992-2006 The FreeBSD Project.
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
# FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
# netisr_init: !debug_mpsafenet, forcing maxthreads from 4 to 1
# cpu0 on motherboard
# : CAVIUM's OCTEON 52XX CPU Rev. 0.8 with no FPU implemented
@@ -102,31 +109,34 @@
# da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device
# da0: 40.000MB/s transfers
# da0: 2000MB (4096000 512 byte sectors: 255H 63S/T 254C)
+# Kernel thread "wkupdaemon" (pid 48) exited prematurely.
# Trying to mount root from ufs:/dev/da0s1a
#
# grnoc-mon at MHSSO-SEMINOLE-MR-CLIENT-OWNED> show version
# Hostname: MHSSO-SEMINOLE-MR-CLIENT-OWNED
# Model: srx240h2
-# JUNOS Software Release [12.1X44-D35.5]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at MHSSO-SEMINOLE-MR-CLIENT-OWNED> show version invoke-on all-routing-engines
# Hostname: MHSSO-SEMINOLE-MR-CLIENT-OWNED
# Model: srx240h2
-# JUNOS Software Release [12.1X44-D35.5]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at MHSSO-SEMINOLE-MR-CLIENT-OWNED> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 May 19 2014 /var/tmp@ -> /cf/var/tmp
+# lrw-r--r-- 1 root wheel 11 Oct 27 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at MHSSO-SEMINOLE-MR-CLIENT-OWNED> show system uptime
-# System booted: 2017-09-11 18:39 CDT
-# Protocols started: 2017-09-11 18:44 CDT
-# Last configured: 2017-09-11 20:18 CDT by admin
+# System booted: 2017-09-21 12:26 CDT
+# Protocols started: 2017-09-21 12:31 CDT
+# Last configured: 2017-09-21 12:29 CDT by root
#
# grnoc-mon at MHSSO-SEMINOLE-MR-CLIENT-OWNED> show interface terse
#Interface Admin Link
-#ge-0/0/0 up down
-#ge-0/0/0.0 up down
+#ge-0/0/0 up up
+#ge-0/0/0.500 up up
+#ge-0/0/0.501 up up
+#ge-0/0/0.32767 up up
#gr-0/0/0 up up
#ip-0/0/0 up up
#lsq-0/0/0 up up
@@ -155,10 +165,7 @@
#ge-0/0/11 down down
#ge-0/0/12 down down
#ge-0/0/13 down down
-#ge-0/0/14 up up
-#ge-0/0/14.500 up up
-#ge-0/0/14.501 up up
-#ge-0/0/14.32767 up up
+#ge-0/0/14 up down
#ge-0/0/15 up up
#ge-0/0/15.0 up up
#fxp2 up up
@@ -183,8 +190,8 @@
#vlan up up
#vlan.100 up up
# grnoc-mon at MHSSO-SEMINOLE-MR-CLIENT-OWNED> show configuration
-## Last commit: 2017-09-11 20:18:10 CDT by admin
-version 12.1X44-D35.5;
+## Last commit: 2017-09-21 12:29:15 CDT by root
+version 12.3X48-D40.5;
system {
host-name MHSSO-SEMINOLE-MR-CLIENT-OWNED;
auto-snapshot;
@@ -320,198 +327,6 @@
chassis {
config-button no-rescue no-clear;
}
-interfaces {
- ge-0/0/0 {
- description "Link to ATT";
- speed 100m;
- link-mode full-duplex;
- gigether-options {
- no-auto-negotiation;
- }
- unit 0 {
- family inet {
- address 12.246.241.62/30;
- }
- }
- }
- ge-0/0/1 {
- description "L2 INTERFACE - DMZ";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members 100;
- }
- }
- }
- }
- ge-0/0/2 {
- description "L2 INTERFACE - DMZ";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members 100;
- }
- }
- }
- }
- ge-0/0/3 {
- description "L2 INTERFACE - DMZ";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members 100;
- }
- }
- }
- }
- ge-0/0/4 {
- description "L2 INTERFACE - DMZ";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members 100;
- }
- }
- }
- }
- ge-0/0/5 {
- description "L2 INTERFACE - DMZ";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members 100;
- }
- }
- }
- }
- ge-0/0/6 {
- description "L2 INTERFACE - DMZ";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members 100;
- }
- }
- }
- }
- ge-0/0/7 {
- disable;
- }
- ge-0/0/8 {
- disable;
- }
- ge-0/0/9 {
- disable;
- }
- ge-0/0/10 {
- description "L3 INTERFACE - PHONE SYSTEM - 192.168.250.1/24";
- unit 0 {
- family inet {
- address 192.168.250.1/24;
- }
- }
- }
- ge-0/0/11 {
- disable;
- }
- ge-0/0/12 {
- disable;
- }
- ge-0/0/13 {
- disable;
- }
- ge-0/0/14 {
- description "Link to OneNet";
- vlan-tagging;
- speed 100m;
- link-mode full-duplex;
- gigether-options {
- no-auto-negotiation;
- }
- unit 500 {
- description "L3 INTERFACE - UNTRUST-WAN - 156.110.34.147/31";
- vlan-id 500;
- family inet {
- address 156.110.34.147/31;
- }
- }
- unit 501 {
- description "L3 INTERFACE - MPLS-WAN - 10.199.28.75/31";
- vlan-id 501;
- family inet {
- address 10.199.28.75/31;
- }
- }
- }
- ge-0/0/15 {
- description "L3 INTERFACE - TRUST - 192.168.9.240/24";
- unit 0 {
- family inet {
- address 192.168.9.240/24;
- }
- }
- }
- protect: lo0 {
- unit 0 {
- family inet {
- filter {
- input PROTECT-RE;
- }
- }
- }
- }
- vlan {
- unit 100 {
- description "L3 INTERFACE - DMZ - 164.58.2.65/28";
- family inet {
- address 164.58.2.65/28;
- }
- }
- }
-}
-snmp {
- description OneNet-SRX200-Template-3.0.0;
- contact "Net Group - (888)566-3638";
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-write;
- }
-}
-routing-options {
- static {
- route 0.0.0.0/0 next-hop 156.110.34.146;
- route 10.0.0.0/8 next-hop 10.199.28.74;
- route 172.16.0.0/12 next-hop 10.199.28.74;
- route 192.168.0.0/16 next-hop 10.199.28.74;
- }
-}
-protocols {
- lldp {
- interface all;
- }
- stp;
-}
-policy-options {
- protect: prefix-list PRE-MGMT-SOURCES {
- 156.110.31.0/27;
- 156.110.31.32/28;
- 164.58.253.0/24;
- }
- protect: prefix-list PRE-LOCALIPv4-SOURCES {
- apply-path "interfaces <*> unit <*> family inet address <*>";
- }
-}
security {
alg {
sip disable;
@@ -681,7 +496,7 @@
security-zone UNTRUST {
screen UNTRUST-SCREEN;
interfaces {
- ge-0/0/14.500 {
+ ge-0/0/0.500 {
host-inbound-traffic {
system-services {
ping;
@@ -695,7 +510,7 @@
}
security-zone MPLS {
interfaces {
- ge-0/0/14.501 {
+ ge-0/0/0.501 {
host-inbound-traffic {
system-services {
ping;
@@ -731,20 +546,187 @@
}
}
}
- security-zone ATT-INTERNET {
- interfaces {
- ge-0/0/0.0 {
- host-inbound-traffic {
- system-services {
- ping;
- traceroute;
- }
- }
+ }
+}
+interfaces {
+ ge-0/0/0 {
+ description "Link to OneNet";
+ vlan-tagging;
+ speed 100m;
+ link-mode full-duplex;
+ gigether-options {
+ no-auto-negotiation;
+ }
+ unit 500 {
+ description "L3 INTERFACE - UNTRUST-WAN - 156.110.34.147/31";
+ vlan-id 500;
+ family inet {
+ address 156.110.34.147/31;
+ }
+ }
+ unit 501 {
+ description "L3 INTERFACE - MPLS-WAN - 10.199.28.75/31";
+ vlan-id 501;
+ family inet {
+ address 10.199.28.75/31;
+ }
+ }
+ }
+ ge-0/0/1 {
+ description "L2 INTERFACE - DMZ";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members 100;
}
}
}
}
+ ge-0/0/2 {
+ description "L2 INTERFACE - DMZ";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members 100;
+ }
+ }
+ }
+ }
+ ge-0/0/3 {
+ description "L2 INTERFACE - DMZ";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members 100;
+ }
+ }
+ }
+ }
+ ge-0/0/4 {
+ description "L2 INTERFACE - DMZ";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members 100;
+ }
+ }
+ }
+ }
+ ge-0/0/5 {
+ description "L2 INTERFACE - DMZ";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members 100;
+ }
+ }
+ }
+ }
+ ge-0/0/6 {
+ description "L2 INTERFACE - DMZ";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members 100;
+ }
+ }
+ }
+ }
+ ge-0/0/7 {
+ disable;
+ }
+ ge-0/0/8 {
+ disable;
+ }
+ ge-0/0/9 {
+ disable;
+ }
+ ge-0/0/10 {
+ description "L3 INTERFACE - PHONE SYSTEM - 192.168.250.1/24";
+ unit 0 {
+ family inet {
+ address 192.168.250.1/24;
+ }
+ }
+ }
+ ge-0/0/11 {
+ disable;
+ }
+ ge-0/0/12 {
+ disable;
+ }
+ ge-0/0/13 {
+ disable;
+ }
+ ge-0/0/15 {
+ description "L3 INTERFACE - TRUST - 192.168.9.240/24";
+ unit 0 {
+ family inet {
+ address 192.168.9.240/24;
+ }
+ }
+ }
+ protect: lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 100 {
+ description "L3 INTERFACE - DMZ - 164.58.2.65/28";
+ family inet {
+ address 164.58.2.65/28;
+ }
+ }
+ }
}
+snmp {
+ description OneNet-SRX200-Template-3.0.0;
+ contact "Net Group - (888)566-3638";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 156.110.34.146;
+ route 10.0.0.0/8 next-hop 10.199.28.74;
+ route 172.16.0.0/12 next-hop 10.199.28.74;
+ route 192.168.0.0/16 next-hop 10.199.28.74;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ protect: prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ protect: prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
firewall {
family inet {
protect: filter PROTECT-RE {
@@ -794,17 +776,6 @@
}
}
}
-routing-instances {
- ATT-INTERNET {
- instance-type virtual-router;
- interface ge-0/0/0.0;
- routing-options {
- static {
- route 0.0.0.0/0 next-hop 12.246.241.61;
- }
- }
- }
-}
applications {
application CUSTOM-UDP-ALL {
protocol udp;
Index: configs/core.elr.onenet.net
===================================================================
--- configs/core.elr.onenet.net (revision 156592)
+++ configs/core.elr.onenet.net (working copy)
@@ -442,7 +442,7 @@
#lsi up up
#lsi.0 up up
#lsi.1 up up
-#lsi.1055232 up up
+#lsi.1055488 up up
#mtun up up
#pimd up up
#pime up up
Index: configs/kiamichi-fmc-battiest.client.onenet.net
===================================================================
--- configs/kiamichi-fmc-battiest.client.onenet.net (revision 156713)
+++ configs/kiamichi-fmc-battiest.client.onenet.net (working copy)
@@ -187,7 +187,7 @@
#ppd0 up up
#ppe0 up up
#st0 up up
-#st0.1 up up
+#st0.1 up down
#st0.2 up up
#tap up up
#vlan up down
Index: configs/hub.ada.onenet.net
===================================================================
--- configs/hub.ada.onenet.net (revision 156572)
+++ configs/hub.ada.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at ADA-M120-RE0> show system commit
+# 2017-09-21 12:45:24 CDT by aberrios via cli commit synchronize
# 2017-09-13 13:20:15 CDT by sky via cli commit synchronize
# 2017-09-13 13:08:14 CDT by andrew via cli commit synchronize
# 2017-08-30 12:26:42 CDT by andrew via cli commit synchronize
# 2017-08-30 08:53:49 CDT by andrew via cli commit synchronize
# 2017-08-23 12:35:07 CDT by sky via cli commit synchronize
-# 2017-08-23 12:29:30 CDT by sky via cli commit synchronize
# grnoc-mon at ADA-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -373,7 +373,7 @@
# grnoc-mon at ADA-M120-RE0> show system uptime
# System booted: 2016-03-17 00:48 CDT
# Protocols started: 2016-03-17 01:00 CDT
-# Last configured: 2017-09-13 13:20 CDT by sky
+# Last configured: 2017-09-21 12:45 CDT by aberrios
#
# {master}
# grnoc-mon at ADA-M120-RE0> show interface terse
@@ -496,7 +496,7 @@
#pp0 up up
#tap up up
# grnoc-mon at ADA-M120-RE0> show configuration
-## Last commit: 2017-09-13 13:20:15 CDT by sky
+## Last commit: 2017-09-21 12:45:24 CDT by aberrios
version 13.3R8.7;
groups {
re0 {
@@ -1232,6 +1232,7 @@
route 156.110.70.136/30 next-hop 172.23.3.134;
route 156.110.34.180/30 next-hop 172.23.3.142;
route 156.110.34.132/30 next-hop 172.23.3.138;
+ route 156.110.26.4/30 next-hop 164.58.40.158;
}
router-id 164.58.199.22;
autonomous-system 5078;
Index: configs/core4.okc.onenet.net
===================================================================
--- configs/core4.okc.onenet.net (revision 156777)
+++ configs/core4.okc.onenet.net (working copy)
@@ -1508,11 +1508,11 @@
#lsi.1049885 up up
#lsi.1049889 up up
#lsi.1049902 up up
-#lsi.1049903 up up
#lsi.1049906 up up
#lsi.1049916 up up
#lsi.1049917 up up
#lsi.1049925 up up
+#lsi.1049926 up up
#mtun up up
#pimd up up
#pime up up
Index: configs/meeker-ps.client.onenet.net
===================================================================
--- configs/meeker-ps.client.onenet.net (revision 156758)
+++ configs/meeker-ps.client.onenet.net (working copy)
@@ -158,8 +158,8 @@
#ge-0/0/11 down down
#ge-0/0/12 down down
#ge-0/0/13 down down
-#ge-0/0/14 up down
-#ge-0/0/14.0 up down
+#ge-0/0/14 up up
+#ge-0/0/14.0 up up
#ge-0/0/15 up up
#ge-0/0/15.0 up up
#fxp2 up up
Index: configs/core.tah.onenet.net
===================================================================
--- configs/core.tah.onenet.net (revision 156776)
+++ configs/core.tah.onenet.net (working copy)
@@ -1634,8 +1634,9 @@
Detect Transmit
Address State Interface Time Interval Multiplier
164.58.244.18 Up ge-1/1/8.0 1.200 0.400 3
+164.58.245.90 Up xe-0/0/0.0 1.200 0.400 3
164.58.245.93 Up ge-1/1/9.42 1.200 0.400 3
-2 sessions, 2 clients
-Cumulative transmit rate 5.0 pps, cumulative receive rate 5.0 pps
+3 sessions, 3 clients
+Cumulative transmit rate 7.5 pps, cumulative receive rate 7.5 pps
Index: configs/hub.mus.onenet.net
===================================================================
--- configs/hub.mus.onenet.net (revision 156774)
+++ configs/hub.mus.onenet.net (working copy)
@@ -436,7 +436,7 @@
#t1-2/0/2:21 down down
#t1-2/0/2:22 down down
#t1-2/0/2:23 down down
-#t1-2/0/2:24 down up
+#t1-2/0/2:24 down down
#t1-2/0/2:25 down down
#t1-2/0/2:26 down down
#t1-2/0/2:27 down down
Index: configs/swi1-swink-elementary.client.onenet.net
===================================================================
--- configs/swi1-swink-elementary.client.onenet.net (revision 156774)
+++ configs/swi1-swink-elementary.client.onenet.net (working copy)
@@ -212,8 +212,8 @@
#ge-0/0/2.0 up down
#ge-0/0/3 up down
#ge-0/0/3.0 up down
-#ge-0/0/4 up up
-#ge-0/0/4.0 up up
+#ge-0/0/4 up down
+#ge-0/0/4.0 up down
#ge-0/0/5 up down
#ge-0/0/5.0 up down
#ge-0/0/6 up down
Index: configs/core5.tul.onenet.net
===================================================================
--- configs/core5.tul.onenet.net (revision 156776)
+++ configs/core5.tul.onenet.net (working copy)
@@ -10645,10 +10645,11 @@
164.58.244.19 Up xe-2/3/0.175 1.200 0.400 3
164.58.244.96 Up ae2.42 1.200 0.400 3
164.58.244.215 Up xe-1/0/1.260 1.200 0.400 3
+164.58.245.91 Up xe-1/0/1.261 1.200 0.400 3
164.58.245.218 Up ge-0/3/8.0 1.200 0.400 3
164.58.245.229 Up ae0.116 1.200 0.400 3
-10 sessions, 10 clients
-Cumulative transmit rate 17.0 pps, cumulative receive rate 17.0 pps
+11 sessions, 11 clients
+Cumulative transmit rate 19.5 pps, cumulative receive rate 19.5 pps
{master}
Index: configs/city-of-lawton.client.onenet.net
===================================================================
--- configs/city-of-lawton.client.onenet.net (revision 156727)
+++ configs/city-of-lawton.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at CITY-OF-LAWTON-005231> show system commit
+# 2017-09-21 12:35:32 CDT by joel via cli
+# 2017-09-21 12:33:03 CDT by root via other
+# 2017-09-21 12:26:50 CDT by joel via cli commit confirmed, rollback in 5mins
# 2017-09-19 13:49:25 CDT by joel via cli
# 2017-09-19 13:39:51 CDT by joel via cli
# 2017-09-18 16:54:33 CDT by joel via cli commit confirmed, rollback in 5mins
-# 2017-09-18 16:34:42 CDT by joel via cli
-# 2017-09-18 16:19:48 CDT by joel via cli
-# 2017-09-18 16:08:29 CDT by joel via cli
# grnoc-mon at CITY-OF-LAWTON-005231> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -135,7 +135,7 @@
# Time Source: NTP CLOCK
# System booted: 2017-08-25 14:03 CDT
# Protocols started: 2017-08-25 14:03 CDT
-# Last configured: 2017-09-19 13:49 CDT by joel
+# Last configured: 2017-09-21 12:35 CDT by joel
#
# grnoc-mon at CITY-OF-LAWTON-005231> show interface terse
#Interface Admin Link
@@ -230,7 +230,7 @@
#vlan up down
#vtep up up
# grnoc-mon at CITY-OF-LAWTON-005231> show configuration
-## Last commit: 2017-09-19 13:49:25 CDT by joel
+## Last commit: 2017-09-21 12:35:32 CDT by joel
version 15.1X49-D90.7;
groups {
ABUSE-DENY {
@@ -1130,6 +1130,7 @@
address PAYMENTUS-72.35.5.221 72.35.5.221/32;
address ABUSE-70.34.40.84 70.34.40.84/32;
address ABUSE-31.192.226.90 31.192.226.90/32;
+ address SERVER-WSUS-172.16.1.69 172.16.1.69/32;
address-set VERIZON-STATIC-FT-SILL-1 {
description "Fort Sill MP Static IPs for CAD Access";
address VERIZON-STATIC-FT-SILL-1-166.148.145.240;
@@ -2455,6 +2456,20 @@
}
}
}
+ policy WINDOWS-UPDATE-SERVER-TO-USERS {
+ match {
+ source-address SERVER-WSUS-172.16.1.69;
+ destination-address TR-0100-USERS-10.1.0.0/16;
+ application WSUS-UPDATES;
+ }
+ then {
+ permit;
+ log {
+ session-init;
+ session-close;
+ }
+ }
+ }
policy WEB-FILTER-FILTERED {
match {
source-address any;
@@ -3797,6 +3812,9 @@
application PAYMENTUS-SSH {
term tcp-52122 protocol tcp destination-port 52122;
}
+ application WSUS-UPDATES {
+ term tcp-5985 protocol tcp destination-port 5985;
+ }
}
vlans {
DMZ-0400-HVAC {
More information about the Nocrancid
mailing list