InitHEADmaster

1 files changed, 96 insertions, 0 deletions

diff --git a/filters/sample_tug_wlc_fw.srx b/filters/sample_tug_wlc_fw.srx
new file mode 100644
index 0000000..f86998c
--- /dev/null
+++ b/filters/sample_tug_wlc_fw.srx
@@ -0,0 +1,96 @@
+security {
+    zones {
+        security-zone WLC_net {
+            replace: address-book {
+                address NDN_TUG_WLC_NET_0 109.105.104.16/28;
+                address-set NDN_TUG_WLC_NET {
+                    address NDN_TUG_WLC_NET_0;
+                }
+            }
+        }
+        security-zone NORDUnet_nets {
+            replace: address-book {
+                address NORDUNET_AGGREGATE_0 109.105.96.0/19;
+                address NORDUNET_AGGREGATE_1 193.10.252.0/24;
+                address NORDUNET_AGGREGATE_2 193.10.254.0/24;
+                address NORDUNET_AGGREGATE_3 193.11.3.0/24;
+                address NORDUNET_AGGREGATE_4 194.68.13.0/24;
+                address SUNET_AP_STATICS_0 130.242.82.30/32;
+                address SUNET_AP_STATICS_1 130.242.121.137/32;
+                address-set NORDUNET_AGGREGATE {
+                    address NORDUNET_AGGREGATE_0;
+                    address NORDUNET_AGGREGATE_1;
+                    address NORDUNET_AGGREGATE_2;
+                    address NORDUNET_AGGREGATE_3;
+                    address NORDUNET_AGGREGATE_4;
+                }
+                address-set SUNET_AP_STATICS {
+                    address SUNET_AP_STATICS_0;
+                    address SUNET_AP_STATICS_1;
+                }
+            }
+        }
+    }
+    replace: policies {
+        /*
+        $Id: ./filters/sample_tug_wlc_fw.srx $
+        $Date: 2015/03/26 $
+        */
+        from-zone NORDUnet_nets to-zone WLC_net {
+            policy permit-icmp {
+                match {
+                    source-address any;
+                    destination-address [ NDN_TUG_WLC_NET ];
+                    application permit-icmp-app;
+                }
+                then {
+                    permit;
+                }
+            }
+            policy permit-traceroute {
+                match {
+                    source-address any;
+                    destination-address [ NDN_TUG_WLC_NET ];
+                    application permit-traceroute-app;
+                }
+                then {
+                    permit;
+                }
+            }
+            policy permit-NORDUnet {
+                match {
+                    source-address [ NORDUNET_AGGREGATE SUNET_AP_STATICS ];
+                    destination-address [ NDN_TUG_WLC_NET ];
+                    application any;
+                }
+                then {
+                    permit;
+                }
+            }
+            policy default-deny {
+                match {
+                    source-address any;
+                    destination-address any;
+                    application any;
+                }
+                then {
+                    deny;
+                }
+            }
+        }
+    }
+}
+replace: applications {
+    application-set permit-icmp-app {
+        application permit-icmp-app1;
+    }
+    application permit-icmp-app1 {
+        term t1 protocol icmp;
+    }
+    application-set permit-traceroute-app {
+        application permit-traceroute-app1;
+    }
+    application permit-traceroute-app1 {
+        term t1 protocol udp destination-port 33434-33534;
+    }
+}
\ No newline at end of file