RANCID Config Viewer
Cấu hình: 172.16.15.247
Kích thước: 247,075 bytes | Cập nhật: 2026-04-10 01:11:23
Tải về | Quay lại danh sách
#RANCID-CONTENT-TYPE: junos
#
# BDG-VIETTEL-HSK-FW-01> show chassis clocks
# BDG-VIETTEL-HSK-FW-01> show chassis environment
# Class Item Status
# Temp CB 0 TMP75 Exhaust Right OK
# CB 0 TMP75 Inlet Right OK
# CB 0 TMP75 Exhaust Left OK
# CB 0 TMP75 Inlet Left OK
# CB 0 CPU OK
# CB 0 NVME SSD 0 OK
# CB 0 Mem DDR4 DIMM 0 OK
# CB 0 Mem DDR4 DIMM 1 OK
# FPC 0 BCM TD3-X2 Temp OK
# Power Power Supply 0 OK
# Power Supply 1 OK
# Fans Fan Tray 0 Fan 0 OK
# Fan Tray 1 Fan 0 OK
# Fan Tray 2 Fan 0 OK
#
# BDG-VIETTEL-HSK-FW-01> show chassis firmware local
# BDG-VIETTEL-HSK-FW-01> show chassis firmware
# BDG-VIETTEL-HSK-FW-01> show chassis fpc detail
# Slot 0 information:
# State Online
# Total CPU DRAM 10407 MB
# Total SRAM 0 MB
# Total SDRAM 0 MB
# FIPS Capable False
#
# BDG-VIETTEL-HSK-FW-01> show chassis hardware detail
# Hardware inventory:
# Item Version Part number Serial number Description
# Chassis FN3324AX0037 SRX1600
# Midplane REV 12 650-155263 FN3324AX0037 SRX1600
# Routing Engine 0 BUILTIN BUILTIN SRX Routing Engine
# usb0 (addr 0.1) UHCI root HUB 0 Intel uhub0
# usb1 (addr 1.1) XHCI root HUB 0 0x8086 uhub1
# CB 0 BUILTIN BUILTIN Control Board
# FPC 0 BUILTIN BUILTIN SRX1600 FPC
# PIC 0 BUILTIN BUILTIN 16x1G-T
# PIC 1 BUILTIN BUILTIN 2xSFP28
# Xcvr 0 *6 NON-JNPR W2308210049 SFP+-10G-LR
# Xcvr 1 NON-JNPR W2308210048 SFP+-10G-LR
# PIC 2 BUILTIN BUILTIN 4xSFP+
# Xcvr 0 NON-JNPR 240816W0064 SFP+-10G-CU3M
# Power Supply 0 REV 01 740-168323 1EDPE1800NR PS 450W 90-264V AC in
# Power Supply 1 REV 01 740-168323 1EDPE29015K PS 450W 90-264V AC in
# Fan Tray 0 Fan Tray 0, Front to Back Airflow - AFO
# Fan Tray 1 Fan Tray 1, Front to Back Airflow - AFO
# Fan Tray 2 Fan Tray 2, Front to Back Airflow - AFO
#
# BDG-VIETTEL-HSK-FW-01> show chassis hardware models
# Hardware inventory:
# Item Version Part number Serial number FRU model number
# Midplane REV 12 650-155263 FN3324AX0037 SRX1600-CHAS
# CB 0 BUILTIN BUILTIN
# FPC 0 BUILTIN BUILTIN
# Power Supply 0 REV 01 740-168323 1EDPE1800NR JPSU-450W-AC
# Power Supply 1 REV 01 740-168323 1EDPE29015K JPSU-450W-AC
# Fan Tray 0 SRX1600 FANTRAY-AFO
# Fan Tray 1 SRX1600 FANTRAY-AFO
# Fan Tray 2 SRX1600 FANTRAY-AFO
#
# BDG-VIETTEL-HSK-FW-01> show chassis routing-engine
# Routing Engine status:
# Model SRX Routing Engine
#
# BDG-VIETTEL-HSK-FW-01> show chassis scb
# BDG-VIETTEL-HSK-FW-01> show chassis sfm detail
# BDG-VIETTEL-HSK-FW-01> show chassis ssb
# BDG-VIETTEL-HSK-FW-01> show chassis feb detail
# BDG-VIETTEL-HSK-FW-01> show chassis feb
# BDG-VIETTEL-HSK-FW-01> show chassis cfeb
# BDG-VIETTEL-HSK-FW-01> show chassis alarms
# 1 alarms currently active
# Alarm time Class Description
# 2024-11-27 05:23:36 +07 Major Host 0 fxp0 : Ethernet Link Down
#
# BDG-VIETTEL-HSK-FW-01> show system license
# License usage:
# Licensed Licensed Licensed
# Feature Feature Feature
# Feature name used installed needed Expiry
# remote-access-ipsec-vpn-client 0 2 0 permanent
# remote-access-juniper-std 0 2 0 permanent
#
# Licenses installed: none
#
# BDG-VIETTEL-HSK-FW-01> show system boot-messages
# ---<<BOOT>>---
# Copyright (c) 1998-2023 Juniper Networks, Inc.
# Copyright (c) 1992-2020 The FreeBSD Project.
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
# FreeBSD is a registered trademark of The FreeBSD Foundation.
# FreeBSD JNPR-12.1-20231122.ee0e992_builder_stable_12_234 #0 r356482+ee0e9926628(stable/12_234): Thu Nov 23 01:41:54 PST 2023
# builder@qnc-jre-fbsd01:/volume/build/junos/occam/llvm-13.0/sandbox-234-20231122-ee0e992/freebsd/stable_12_234/20231122.230008_builder_stable_12_234.ee0e992/obj/amd64/juniper/kernels/JNPR-AMD64-PRD/kernel amd64
# Juniper clang version 13.0.1 (git@eng-gitlab.juniper.net:tools-tot/llvm a680935c8cff37a4cc97d0aa42182aa0518381c9)
# VT(vga): text 80x25
# module crypto already present!
# CPU: Intel Xeon Processor (Icelake) (2200.06-MHz K8-class CPU)
# Origin="GenuineIntel" Id=0x80660 Family=0x6 Model=0x86 Stepping=0
# Features=0xf83fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE,SSE2,SS>
# Features2=0xf7fa3223<SSE3,PCLMULQDQ,VMX,SSSE3,FMA,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,TSCDLT,AESNI,XSAVE,AVX,F16C,RDRAND,HV>
# AMD Features=0x24100800<SYSCALL,NX,Page1GB,LM>
# AMD Features2=0x121<LAHF,ABM,Prefetch>
# Structured Extended Features=0xf1bf07ab<FSGSBASE,TSCADJ,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,AVX512IFMA,CLFLUSHOPT,CLWB,AVX512CD,SHA,AVX512BW,AVX512VL>
# Structured Extended Features2=0x15f4e<AVX512VBMI,UMIP,PKU,AVX512VBMI2,GFNI,VAES,VPCLMULQDQ,AVX512VNNI,AVX512BITALG>
# Structured Extended Features3=0xac000400<MD_CLEAR,IBPB,STIBP,ARCH_CAP,SSBD>
# XSAVE Features=0xf<XSAVEOPT,XSAVEC,XINUSE,XSAVES>
# IA32_ARCH_CAPS=0x2b<RDCL_NO,IBRS_ALL,SKIP_L1DFL_VME>
# AMD Extended Feature Extensions ID EBX=0x200
# VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID,VID
# Hypervisor: Origin = "KVMKVMKVM"
# Event timer "LAPIC" quality 600
# ACPI APIC Table: <BOCHS BXPCAPIC>
# mtx_platform_early_bootinit: M/T/EX/SRX Series Early Boot Initialization
# Host Kernel is VMHOST-V2 based
# tvp mode is true jnx_reboot_reason: 8192
# FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
# FreeBSD/SMP: 2 package(s) x 1 core(s)
# random: HMAC-DRBG: software entropy seeding events: 560, Shannons/event: 0.80
# random: HMAC-DRBG: hardware entropy seeding Shannons: 384, Shannons/bit: 0.7
# random: HMAC-DRBG: startup SP800-90B Health Tests required: 1024
# random: registering fast source Intel Secure Key Seed
# random: fast provider: "Intel Secure Key Seed"
# arc4random: WARNING: initial seeding bypassed the cryptographic random device because it was not yet seeded and the knob 'bypass_before_seeding' was enabled.
# Security policy loaded: Junos MAC/fips (mac_fips)
# Security policy loaded: MAC/veriexec (mac_veriexec)
# Security policy loaded: JUNOS MAC/privcheck (mac_privcheck)
# Security policy loaded: MAC/grantbylabel (mac_grantbylabel)
# Security policy loaded: Junos MAC/SDK (mac_sdk)
# Security policy loaded: MAC/DDB (mac_ddb)
# MAC/veriexec fingerprint module loaded: SHA1
# MAC/veriexec fingerprint module loaded: SHA256
# MAC/veriexec fingerprint module loaded: SHA384
# ioapic0 <Version 1.1> irqs 0-23 on motherboard
# Launching APs: 1
# netisr_init: forcing maxthreads from 4 to 2
# random: entropy device external interface
# md0: Preloaded image </packages/sets/active/boot/os-kernel/contents.izo> 11084800 bytes at 0xffffffff80e67d58
# Initializing M/T/EX platform properties ..
# nexus0
# vtvga0: <VT VGA driver> on motherboard
# kvmclock0: <KVM paravirtual clock> on motherboard
# Timecounter "kvmclock" frequency 1000000000 Hz quality 1500
# kvmclock0: registered as a time-of-day clock, resolution 0.000001s
# cryptosoft0: <software crypto> on motherboard
# acpi0: <BOCHS BXPCRSDT> on motherboard
# acpi0: Power Button (fixed)
# cpu0: <ACPI CPU> on acpi0
# atrtc0: <AT realtime clock> port 0x70-0x71,0x72-0x77 irq 8 on acpi0
# atrtc0: registered as a time-of-day clock, resolution 1.000000s
# Event timer "RTC" frequency 32768 Hz quality 0
# hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
# Timecounter "HPET" frequency 100000000 Hz quality 950
# Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
# acpi_timer0: <24-bit timer at 3.579545MHz> port 0x608-0x60b on acpi0
# pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
# pci0: <ACPI PCI bus> on pcib0
# isab0: <PCI-ISA bridge> at device 1.0 on pci0
# isa0: <ISA bus> on isab0
# atapci0: <Intel PIIX3 WDMA2 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xc700-0xc70f at device 1.1 on pci0
# ata0: <ATA channel> at channel 0 on atapci0
# ata1: <ATA channel> at channel 1 on atapci0
# uhci0: <Intel 82371SB (PIIX3) USB controller> port 0xc640-0xc65f irq 11 at device 1.2 on pci0
# usbus0 on uhci0
# usbus0: 12Mbps Full Speed USB v1.0
# smb0: <Intel 82371AB SMB controller> irq 9 at device 1.3 on pci0
# virtio_pci0: <VirtIO PCI 9P Transport adapter> port 0xc380-0xc3bf mem 0xfeb90000-0xfeb90fff,0xfebac000-0xfebaffff irq 10 at device 2.0 on pci0
# 9p_virtio0: <VirtIO 9P Transport> on virtio_pci0
# virtio_pci1: <VirtIO PCI Network adapter> port 0xc660-0xc67f mem 0xfeb91000-0xfeb91fff,0xfebb0000-0xfebb3fff irq 11 at device 3.0 on pci0
# vtnet0: <VirtIO Networking Adapter> on virtio_pci1
# virtio_pci2: <VirtIO PCI Network adapter> port 0xc680-0xc69f mem 0xfeb92000-0xfeb92fff,0xfebb4000-0xfebb7fff irq 11 at device 4.0 on pci0
# vtnet1: <VirtIO Networking Adapter> on virtio_pci2
# virtio_pci3: <VirtIO PCI Network adapter> port 0xc6a0-0xc6bf mem 0xfeb93000-0xfeb93fff,0xfebb8000-0xfebbbfff irq 10 at device 5.0 on pci0
# vtnet2: <VirtIO Networking Adapter> on virtio_pci3
# virtio_pci4: <VirtIO PCI 9P Transport adapter> port 0xc3c0-0xc3ff mem 0xfeb94000-0xfeb94fff,0xfebbc000-0xfebbffff irq 10 at device 6.0 on pci0
# 9p_virtio1: <VirtIO 9P Transport> on virtio_pci4
# virtio_pci5: <VirtIO PCI 9P Transport adapter> port 0xc400-0xc43f mem 0xfeb95000-0xfeb95fff,0xfebc0000-0xfebc3fff irq 11 at device 7.0 on pci0
# 9p_virtio2: <VirtIO 9P Transport> on virtio_pci5
# virtio_pci6: <VirtIO PCI 9P Transport adapter> port 0xc440-0xc47f mem 0xfeb96000-0xfeb96fff,0xfebc4000-0xfebc7fff irq 11 at device 8.0 on pci0
# 9p_virtio3: <VirtIO 9P Transport> on virtio_pci6
# virtio_pci7: <VirtIO PCI 9P Transport adapter> port 0xc480-0xc4bf mem 0xfeb97000-0xfeb97fff,0xfebc8000-0xfebcbfff irq 10 at device 9.0 on pci0
# 9p_virtio4: <VirtIO 9P Transport> on virtio_pci7
# virtio_pci8: <VirtIO PCI 9P Transport adapter> port 0xc4c0-0xc4ff mem 0xfeb98000-0xfeb98fff,0xfebcc000-0xfebcffff irq 10 at device 10.0 on pci0
# 9p_virtio5: <VirtIO 9P Transport> on virtio_pci8
# virtio_pci9: <VirtIO PCI 9P Transport adapter> port 0xc500-0xc53f mem 0xfeb99000-0xfeb99fff,0xfebd0000-0xfebd3fff irq 11 at device 11.0 on pci0
# 9p_virtio6: <VirtIO 9P Transport> on virtio_pci9
# virtio_pci10: <VirtIO PCI 9P Transport adapter> port 0xc540-0xc57f mem 0xfeb9a000-0xfeb9afff,0xfebd4000-0xfebd7fff irq 11 at device 12.0 on pci0
# 9p_virtio7: <VirtIO 9P Transport> on virtio_pci10
# virtio_pci11: <VirtIO PCI 9P Transport adapter> port 0xc580-0xc5bf mem 0xfeb9b000-0xfeb9bfff,0xfebd8000-0xfebdbfff irq 10 at device 13.0 on pci0
# 9p_virtio8: <VirtIO 9P Transport> on virtio_pci11
# virtio_pci12: <VirtIO PCI Entropy adapter> port 0xc6c0-0xc6df mem 0xfebdc000-0xfebdffff irq 10 at device 14.0 on pci0
# vtrnd0: <VirtIO Entropy Adapter> on virtio_pci12
# random: registering fast source VirtIO Entropy Adapter
# xhci0: <XHCI (generic) USB 3.0 controller> mem 0xfeb80000-0xfeb8ffff irq 11 at device 15.0 on pci0
# xhci0: 32 bytes context size, 64-bit DMA
# usbus1 on xhci0
# usbus1: 5.0Gbps Super Speed USB v3.0
# virtio_pci13: <VirtIO PCI Network adapter> port 0xc6e0-0xc6ff mem 0xfeb9c000-0xfeb9cfff,0xfebe0000-0xfebe3fff irq 10 at device 17.0 on pci0
# vtnet3: <VirtIO Networking Adapter> on virtio_pci13
# virtio_pci14: <VirtIO PCI Block adapter> port 0xc100-0xc17f mem 0xfeb9d000-0xfeb9dfff,0xfebe4000-0xfebe7fff irq 11 at device 19.0 on pci0
# vtblk0: <VirtIO Block Adapter> on virtio_pci14
# vtblk0: 5220MB (10690688 512 byte sectors)
# virtio_pci15: <VirtIO PCI Block adapter> port 0xc180-0xc1ff mem 0xfeb9e000-0xfeb9efff,0xfebe8000-0xfebebfff irq 10 at device 21.0 on pci0
# vtblk1: <VirtIO Block Adapter> on virtio_pci15
# vtblk1: 16384MB (33554432 512 byte sectors)
# pci0: <old> at device 22.0 (no driver attached)
# virtio_pci16: <VirtIO PCI SCSI adapter> port 0xc5c0-0xc5ff mem 0xfeba0000-0xfeba0fff,0xfebec000-0xfebeffff irq 11 at device 23.0 on pci0
# vtscsi0: <VirtIO SCSI Adapter> on virtio_pci16
# virtio_pci17: <VirtIO PCI Block adapter> port 0xc200-0xc27f mem 0xfeba1000-0xfeba1fff,0xfebf0000-0xfebf3fff irq 11 at device 24.0 on pci0
# vtblk2: <VirtIO Block Adapter> on virtio_pci17
# vtblk2: 512MB (1048576 512 byte sectors)
# virtio_pci18: <VirtIO PCI Block adapter> port 0xc280-0xc2ff mem 0xfeba2000-0xfeba2fff,0xfebf4000-0xfebf7fff irq 10 at device 25.0 on pci0
# vtblk3: <VirtIO Block Adapter> on virtio_pci18
# vtblk3: 128MB (262144 512 byte sectors)
# virtio_pci19: <VirtIO PCI Block adapter> port 0xc300-0xc37f mem 0xfeba3000-0xfeba3fff,0xfebf8000-0xfebfbfff irq 10 at device 26.0 on pci0
# vtblk4: <VirtIO Block Adapter> on virtio_pci19
# vtblk4: 3072MB (6291456 512 byte sectors)
# virtio_pci20: <VirtIO PCI 9P Transport adapter> port 0xc600-0xc63f mem 0xfeba4000-0xfeba4fff,0xfebfc000-0xfebfffff irq 11 at device 31.0 on pci0
# 9p_virtio9: <VirtIO 9P Transport> on virtio_pci20
# acpi_syscontainer0: <System Container> on acpi0
# acpi_syscontainer1: <System Container> port 0xaf00-0xaf0b on acpi0
# acpi_syscontainer2: <System Container> port 0xafe0-0xafe3 on acpi0
# acpi_syscontainer3: <System Container> port 0xae00-0xae13 on acpi0
# atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
# atkbd0: <AT Keyboard> irq 1 on atkbdc0
# atkbd0: [GIANT-LOCKED]
# uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 on acpi0
# uart0: console (9600,n,8,1)
# uart0: [GIANT-LOCKED]
# uart1: <16550 or compatible> port 0x2f8-0x2ff irq 3 on acpi0
# uart1: [GIANT-LOCKED]
# orm0: <ISA Option ROM> at iomem 0xeb000-0xeffff pnpid ORM0000 on isa0
# TVP: Model Name read from HostOS is srx1600
# Initializing Kernel PVIDB.
# mt_product_prop_init: product_model = srxtvp srx1600
# load_static_kernel_pvidb_data: Initialising srx1600 Early PVIDB len = 33800
# Unified Services mode is turned off(0)
# Initializing product: 200 ..
# pfe_peer_smp_chk_product_supp: jnx_product_type: 200 mp_ncpus: 2 rts_shared_bitvector_ifstate_infra: 0 jpf_tcp_ppt_ifs_smp_support: 0 support: 0
# rts_ifstate_chk_product_supp: jnx_product_type: 200 mp_ncpus: 2 rts_shared_bitvector_ifstate_infra: 0 jpf_tcp_ppt_ifs_smp_support: 0 support: 0
#
# ure_set_prodinfo Setting PDK(0xfffff800040a9780) vectors for Unified RE
# platform_mastership_init: Unknown product_type 0x000000c8
# Reconfiguring vtnet3 to fxp0
# Reconfiguring vtnet0 to em0
# Reconfiguring vtnet1 to em1
# Reconfiguring vtnet2 to em2
# sysctl_warn_reuse: can't re-use a leaf (hw.product.pvi.pvidb_rootnode)!
# tcp_ip_smp_supp_chk_product: jnx_product_type: 200 support: 0
# Registering tcp_platform_dependent = tcp_handle_special_ports
# Trying to mount root from cd9660:/dev/md0.uzip []...
# ugen0.1: <Intel UHCI root HUB> at usbus0
# ugen1.1: <0x8086 XHCI root HUB> at usbus1
# uhub0: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0
# uhub1: <0x8086 XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus1
# random: randomdev_wait_until_seeded unblock wait
# uhub0: 2 ports with 2 removable, self powered
# uhub1: 10 ports with 10 removable, self powered
# random: randomdev_wait_until_seeded unblock wait
# random: Entropy start-up health tests performed on 1024 samples passed.
# random: unblocking device.
# random: HMAC-DRBG: instantiated with 1024 SW events, 396 HW Shannons
#
# BDG-VIETTEL-HSK-FW-01> show system core-dumps
# -rw------- 1 nobody wheel 235832963 Oct 3 2025 /jail/var/tmp/httpd.core.0.gz
# total files: 1
#
# /var/crash/corefiles:
# total blocks: 16
# total files: 0
#
# BDG-VIETTEL-HSK-FW-01> show version detail
# Hostname: BDG-VIETTEL-HSK-FW-01
# Model: srx1600
# Junos: 23.4R1.9
# JUNOS OS Kernel 64-bit [20231122.ee0e992_builder_stable_12_234]
# JUNOS OS libs [20231122.ee0e992_builder_stable_12_234]
# JUNOS OS runtime [20231122.ee0e992_builder_stable_12_234]
# JUNOS OS time zone information [20231122.ee0e992_builder_stable_12_234]
# JUNOS OS libs compat32 [20231122.ee0e992_builder_stable_12_234]
# JUNOS OS 32-bit compatibility [20231122.ee0e992_builder_stable_12_234]
# JUNOS py extensions [20231216.005403_builder_junos_234_r1]
# JUNOS py base [20231216.005403_builder_junos_234_r1]
# JUNOS OS vmguest [20231122.ee0e992_builder_stable_12_234]
# JUNOS OS package [20231117.015524_builder_stable_12]
# JUNOS network stack and utilities [20231216.005403_builder_junos_234_r1]
# JUNOS OS network modules [20231122.ee0e992_builder_stable_12_234]
# JUNOS OS crypto [20231122.ee0e992_builder_stable_12_234]
# JUNOS OS boot-ve files [20231122.ee0e992_builder_stable_12_234]
# JUNOS libs [20231216.005403_builder_junos_234_r1]
# JUNOS libs compat32 [20231216.005403_builder_junos_234_r1]
# JUNOS runtime [20231216.005403_builder_junos_234_r1]
# JUNOS na telemetry [23.4R1.9]
# JUNOS Web Management Platform Package [20231216.005403_builder_junos_234_r1]
# JUNOS vmguest [20231216.005403_builder_junos_234_r1]
# JUNOS lite sysmond [20231216.005403_builder_junos_234_r1]
# JUNOS publish subscribe base [20231216.005403_builder_junos_234_r1]
# JUNOS srx libs compat32 [20231216.005403_builder_junos_234_r1]
# JUNOS srx runtime [20231216.005403_builder_junos_234_r1]
# JUNOS srx platform support [20231216.005403_builder_junos_234_r1]
# JUNOS common platform support [20231216.005403_builder_junos_234_r1]
# JUNOS srxtvp runtime [20231216.005403_builder_junos_234_r1]
# JUNOS Routing mpls-oam-basic [20231216.005403_builder_junos_234_r1]
# JUNOS Routing lsys [20231216.005403_builder_junos_234_r1]
# JUNOS Routing controller-external [20231216.005403_builder_junos_234_r1]
# JUNOS Routing 32-bit Compatible Version [20231216.005403_builder_junos_234_r1]
# JUNOS Routing aggregated [20231216.005403_builder_junos_234_r1]
# Redis [20231216.005403_builder_junos_234_r1]
# JUNOS probe utility [20231216.005403_builder_junos_234_r1]
# JUNOS pppoe [20231216.005403_builder_junos_234_r1]
# JUNOS Openconfig [23.4R1.9]
# JUNOS mtx network modules [20231216.005403_builder_junos_234_r1]
# JUNOS modules [20231216.005403_builder_junos_234_r1]
# JUNOS srxtvp modules [20231216.005403_builder_junos_234_r1]
# JUNOS srxtvp libs [20231216.005403_builder_junos_234_r1]
# JUNOS srx libs [20231216.005403_builder_junos_234_r1]
# JUNOS L2 RSI Scripts [20231216.005403_builder_junos_234_r1]
# JUNOS Key Manager [20231216.005403_builder_junos_234_r1]
# JUNOS srx Data Plane Crypto Support [20231216.005403_builder_junos_234_r1]
# JUNOS ike [20231216.005403_builder_junos_234_r1]
# JUNOS daemons [20231216.005403_builder_junos_234_r1]
# JUNOS srx daemons [20231216.005403_builder_junos_234_r1]
# JUNOS SRX TVP AppQos Daemon [20231216.005403_builder_junos_234_r1]
# JUNOS TPM2 [20231216.005403_builder_junos_234_r1]
# JUNOS Extension Toolkit [20231216.005403_builder_junos_234_r1]
# JUNOS Phone-home [20231216.005403_builder_junos_234_r1]
# JUNOS Juniper Malware Removal Tool (JMRT) [1.0.0+20231216.005403_builder_junos_234_r1]
# JUNOS Juniper Malware Removal Tool (JMRT) Test [1.0.0+20231216.005403_builder_junos_234_r1]
# JUNOS J-Insight [20231216.005403_builder_junos_234_r1]
# JUNOS Online Documentation [20231216.005403_builder_junos_234_r1]
# JUNOS jail runtime [20231122.ee0e992_builder_stable_12_234]
# JUNOS FIPS mode utilities [20231216.005403_builder_junos_234_r1]
# JUNOS dsa [20231216.005403_builder_junos_234_r1]
# KERNEL JNPR-12.1-20231122.ee0e992_builder_stable_12_234 #0 r356482+ee0e9926628(stable/
# MGD release 20231214.153508_builder.r1390688 built by builder on 2023-12-14 15:46:44 UTC
# CLI release 20231214.153508_builder.r1390688 built by builder on 2023-12-14 15:43:19 UTC
# JLAUNCHD release 23.4R1.9 built by builder on 2023-12-16 02:14:29 UTC
# RPD release 23.4R1.9 built by builder on 2023-12-16 02:56:33 UTC
# CHASSISD release 23.4R1.9 built by builder on 2023-12-16 02:51:24 UTC
# COMMIT-SYNCD release 20231214.153508_builder.r1390688 built by builder on 2023-12-14 15:46:42 UTC
# BFDD release 23.4R1.9 built by builder on 2023-12-16 02:33:39 UTC
# JNUD release 20231214.153508_builder.r1390688 built by builder on 2023-12-14 15:46:44 UTC
# DFWD release 23.4R1.9 built by builder on 2023-12-16 02:36:52 UTC
# DCD release 23.4R1.9 built by builder on 2023-12-16 02:38:54 UTC
# SNMPD release 23.4R1.9 built by builder on 2023-12-16 02:46:03 UTC
# MIB2D release 23.4R1.9 built by builder on 2023-12-16 02:37:00 UTC
# VRRPD release 23.4R1.9 built by builder on 2023-12-16 02:34:39 UTC
# ALARMD release 23.4R1.9 built by builder on 2023-12-16 02:36:46 UTC
# PFED release 23.4R1.9 built by builder on 2023-12-16 02:37:00 UTC
# CRAFTD release 23.4R1.9 built by builder on 2023-12-16 02:30:14 UTC
# SAMPLED release 23.4R1.9 built by builder on 2023-12-16 02:37:01 UTC
# SRRD release 23.4R1.9 built by builder on 2023-12-16 02:32:17 UTC
# ILMID release 23.4R1.9 built by builder on 2023-12-16 02:30:15 UTC
# RMOPD release 23.4R1.9 built by builder on 2023-12-16 02:36:04 UTC
# COSD release 23.4R1.9 built by builder on 2023-12-16 02:37:40 UTC
# IRSD release 23.4R1.9 built by builder on 2023-12-16 02:30:21 UTC
# FUD release 23.4R1.9 built by builder on 2023-12-16 02:33:46 UTC
# KSYNCD_VERSION_MISMATCH_IGNORED: IPC version mismatch will be ignored
# <version-information>
# <component>KSYNCD</component>
# <major>23</major>
# <minor>4</minor>
# <release-category>R</release-category>
# <build-number>1</build-number>
# <spin>9</spin>
# <builder>builder</builder>
# <build-date>2023-12-16 02:30:16 UTC</build-date>
# <release>23.4R1.9</release>
# </version-information>
# HTTPD-GK release 23.4R1.9 built by builder on 2023-12-16 02:37:44 UTC
# DHCPD release 23.4R1.9 built by builder on 2023-12-16 02:33:45 UTC
# PPPOED release 23.4R1.9 built by builder on 2023-12-16 02:34:18 UTC
# RDD release 23.4R1.9 built by builder on 2023-12-16 02:33:52 UTC
# PPPD release 23.4R1.9 built by builder on 2023-12-16 02:33:50 UTC
# DFCD release 23.4R1.9 built by builder on 2023-12-16 02:36:51 UTC
# LACPD release 23.4R1.9 built by builder on 2023-12-16 02:36:59 UTC
# OAMD release 23.4R1.9 built by builder on 2023-12-16 02:33:49 UTC
# TNETD release 23.4R1.9 built by builder on 2023-12-16 02:10:45 UTC
# CFMD release 23.4R1.9 built by builder on 2023-12-16 02:36:51 UTC
# JDHCPD release 23.4R1.9 built by builder on 2023-12-16 02:36:54 UTC
# PSSD release 23.4R1.9 built by builder on 2023-12-16 02:33:51 UTC
# AUTHD release 23.4R1.9 built by builder on 2023-12-16 02:41:38 UTC
# PHONE-HOME release 23.4R1.9 built by builder on 2023-12-16 02:30:07 UTC
# APPIDD release 23.4R1.9 built by builder on 2023-12-16 02:37:33 UTC
# JDIAMETERD release 23.4R1.9 built by builder on 2023-12-16 02:36:57 UTC
# IDPD release 23.4R1.9 built by builder on 2023-12-16 02:42:41 UTC
# SHM-RTSDBD release 23.4R1.9 built by builder on 2023-12-16 02:33:54 UTC
# DATAPATH-TRACED release 23.4R1.9 built by builder on 2023-12-16 02:33:43 UTC
# SMID release 23.4R1.9 built by builder on 2023-12-16 02:37:01 UTC
# SMIHELPERD release 23.4R1.9 built by builder on 2023-12-16 02:37:03 UTC
# GSTATD release 23.4R1.9 built by builder on 2023-12-16 02:14:47 UTC
# UACD release 23.4R1.9 built by builder on 2023-12-16 02:34:19 UTC
# ESSMD release 23.4R1.9 built by builder on 2023-12-16 02:36:53 UTC
# AGENTD release 23.4R1.9 built by builder on 2023-12-16 02:33:57 UTC
# PPMD release 23.4R1.9 built by builder on 2023-12-16 02:34:36 UTC
# LRMUXD release 23.4R1.9 built by builder on 2023-12-16 02:33:39 UTC
# BFDD release 23.4R1.9 built by builder on 2023-12-16 02:33:39 UTC
# AUDITD release 23.4R1.9 built by builder on 2023-12-16 02:42:06 UTC
# L2ALD release 23.4R1.9 built by builder on 2023-12-16 02:39:13 UTC
# EVENTD release 23.4R1.9 built by builder on 2023-12-16 02:36:05 UTC
# L2CPD release 23.4R1.9 built by builder on 2023-12-16 02:39:29 UTC
# MCSNOOPD release 23.4R1.9 built by builder on 2023-12-16 02:54:28 UTC
# MPLSOAMD release 23.4R1.9 built by builder on 2023-12-16 02:33:40 UTC
# WEB-API release 23.4R1.9 built by builder on 2023-12-16 02:30:12 UTC
# JSD release 23.4R1.9 built by builder on 2023-12-16 02:33:36 UTC
# AAASD release 23.4R1.9 built by builder on 2023-12-16 02:33:36 UTC
# GRPC-TUNNEL release 23.4R1.9 built by builder on 2023-12-16 02:33:47 UTC
# UI-PUBD release 23.4R1.9 built by builder on 2023-12-16 02:33:36 UTC
# MGD-API release 23.4R1.9 built by builder on 2023-12-16 02:36:04 UTC
# SYSD release 23.4R1.9 built by builder on 2023-12-16 02:33:55 UTC
# PCCD release 23.4R1.9 built by builder on 2023-12-16 02:37:10 UTC
# NSD release 23.4R1.9 built by builder on 2023-12-16 02:37:31 UTC
# DOT1XD release 23.4R1.9 built by builder on 2023-12-16 02:37:35 UTC
# AAMWD release 23.4R1.9 built by builder on 2023-12-16 02:37:43 UTC
# DYN-FILTERD release 23.4R1.9 built by builder on 2023-12-16 02:37:43 UTC
# NSTRACED release 23.4R1.9 built by builder on 2023-12-16 02:34:12 UTC
# FWAUTHD release 23.4R1.9 built by builder on 2023-12-16 02:34:19 UTC
# GPRSD release 23.4R1.9 built by builder on 2023-12-16 02:34:12 UTC
# JSRPD release 23.4R1.9 built by builder on 2023-12-16 02:34:22 UTC
# LSYSD release 23.4R1.9 built by builder on 2023-12-16 02:37:30 UTC
# PROFILERD release 23.4R1.9 built by builder on 2023-12-16 02:42:43 UTC
# OAMD release 23.4R1.9 built by builder on 2023-12-16 02:33:49 UTC
# RTLOGD release 23.4R1.9 built by builder on 2023-12-16 02:34:37 UTC
# UTMD release 23.4R1.9 built by builder on 2023-12-16 02:37:45 UTC
# SYSHMD release 23.4R1.9 built by builder on 2023-12-16 02:34:23 UTC
# SMTPD release 23.4R1.9 built by builder on 2023-12-16 02:34:23 UTC
# WWAND release 23.4R1.9 built by builder on 2023-12-16 02:34:11 UTC
# USERIDD release 23.4R1.9 built by builder on 2023-12-16 02:34:20 UTC
# SDK-VMMD release 23.4R1.9 built by builder on 2023-12-16 02:40:21 UTC
# DOOD release 23.4R1.9 built by builder on 2023-12-16 02:37:30 UTC
# SDXD release 23.4R1.9 built by builder on 2023-12-16 02:33:42 UTC
# GPRSD release 23.4R1.9 built by builder on 2023-12-16 02:34:12 UTC
# JSRPD release 23.4R1.9 built by builder on 2023-12-16 02:34:22 UTC
# AUTOD release 23.4R1.9 built by builder on 2023-12-16 02:34:18 UTC
# IPFD release 23.4R1.9 built by builder on 2023-12-16 02:37:36 UTC
# GKSD release 23.4R1.9 built by builder on 2023-12-16 02:34:17 UTC
# GKMD release 23.4R1.9 built by builder on 2023-12-16 02:34:16 UTC
# PKID release 23.4R1.9 built by builder on 2023-12-16 02:33:42 UTC
# SENDD release 23.4R1.9 built by builder on 2023-12-16 02:33:42 UTC
# FIPSD release 23.4R1.9 built by builder on 2023-12-16 02:34:22 UTC
# IKEMD release 23.4R1.9 built by builder on 2023-12-16 02:41:36 UTC
# IKED release 23.4R1.9 built by builder on 2023-12-16 02:41:36 UTC
# base-actions-dd release 20231214.153508_builder.r1390688 built by builder on 2023-12-14 15:43:18 UTC
# junos-base-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:51:06 UTC
# jkernel-actions-dd release 23.4R1.9 built by builder on 2023-12-16 02:03:57 UTC
# appsecure-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:18 UTC
# aprobe-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:10 UTC
# authd_cmd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:51:35 UTC
# autoconfd_cmd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:10 UTC
# autod-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:24 UTC
# bfdd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:03 UTC
# cfm-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:10 UTC
# chassis_cmd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:49:55 UTC
# clksyncd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:11 UTC
# collector-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:19 UTC
# cos_cmd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:11 UTC
# cpcdd_cmd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:11 UTC
# dcd_cmd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:49:55 UTC
# demuxd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:12 UTC
# dfcd_cmd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:12 UTC
# dot1xd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:49:55 UTC
# dyn-filterd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:24 UTC
# dyn-sess-prof-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:12 UTC
# elmi-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:12 UTC
# essmd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:19 UTC
# forwarding_options_cmd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:12 UTC
# fsad-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:19 UTC
# gres-test-point-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:12 UTC
# httpd_cmd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:12 UTC
# iccp_cmd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:12 UTC
# ilmid-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:13 UTC
# jappid-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:19 UTC
# jcrypto-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:13 UTC
# jcrypto_ike-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:23 UTC
# jddosd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:13 UTC
# jdiameterd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:13 UTC
# jdocs-actions-dd release 23.4R1.9 built by builder on 2023-12-16 02:05:15 UTC
# jidpd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:20 UTC
# jkernel_jseries-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:24 UTC
# jkernel_srxha-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:22 UTC
# jkernel_srxhe-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:22 UTC
# jkernel_usp-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:22 UTC
# jpppd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:20 UTC
# jroute-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:49:56 UTC
# jroute_junos-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:13 UTC
# jsdxd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:13 UTC
# junos-km-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:24 UTC
# junos-lrmuxd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:03 UTC
# junos-ntad-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:05 UTC
# junos-routing-amt-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:00 UTC
# junos-routing-auto-bw-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:01 UTC
# junos-routing-backup-selection-advanced-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:49:59 UTC
# junos-routing-backup-selection-basic-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:49:59 UTC
# junos-routing-bgp-advanced-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:00 UTC
# junos-routing-bgp-basic-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:00 UTC
# junos-routing-bgpmcast-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:01 UTC
# junos-routing-bier-basic-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:06 UTC
# junos-routing-ccc-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:08 UTC
# junos-routing-dvmrp-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:01 UTC
# junos-routing-egress-protection-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:05 UTC
# junos-routing-esis-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:05 UTC
# junos-routing-evpn-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:49:56 UTC
# junos-routing-exp-seg-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:08 UTC
# junos-routing-hakr-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:05 UTC
# junos-routing-igmp-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:01 UTC
# junos-routing-igp-sr-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:49:57 UTC
# junos-routing-infra-advanced-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:49:57 UTC
# junos-routing-infra-basic-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:49:57 UTC
# junos-routing-infra-dat-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:08 UTC
# junos-routing-infra-dyn-tunnel-advanced-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:06 UTC
# junos-routing-infra-dyn-tunnel-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:49:58 UTC
# junos-routing-infra-frr-advanced-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:07 UTC
# junos-routing-infra-frr-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:49:58 UTC
# junos-routing-infra-mpls-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:49:59 UTC
# junos-routing-infra-nsr-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:49:59 UTC
# junos-routing-infra-resolver-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:07 UTC
# junos-routing-infra-rt-advanced-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:07 UTC
# junos-routing-infra-srlg-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:00 UTC
# junos-routing-infra-telemetry-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:49:59 UTC
# junos-routing-ingress-replication-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:06 UTC
# junos-routing-instance-proto-intf-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:49:59 UTC
# junos-routing-instance-virtual-router-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:07 UTC
# junos-routing-instance-vrf-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:49:59 UTC
# junos-routing-ip-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:07 UTC
# junos-routing-isis-advanced-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:06 UTC
# junos-routing-isis-basic-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:49:57 UTC
# junos-routing-krt-advanced-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:49:56 UTC
# junos-routing-krt-basic-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:49:56 UTC
# junos-routing-l2iw-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:06 UTC
# junos-routing-l2vpn-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:49:57 UTC
# junos-routing-ldp-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:06 UTC
# junos-routing-lmpd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:03 UTC
# junos-routing-lsping-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:04 UTC
# junos-routing-mld-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:05 UTC
# junos-routing-monitor-lsp-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:04 UTC
# junos-routing-mpls-advanced-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:09 UTC
# junos-routing-mpls-basic-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:09 UTC
# junos-routing-mpls-pm-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:02 UTC
# junos-routing-mpls-static-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:09 UTC
# junos-routing-mpls-tag-lsi-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:49:56 UTC
# junos-routing-mplslmdm-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:04 UTC
# junos-routing-mplsoamd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:04 UTC
# junos-routing-msdp-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:51:04 UTC
# junos-routing-multicast-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:00 UTC
# junos-routing-mvpn-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:02 UTC
# junos-routing-ospf-advanced-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:10 UTC
# junos-routing-ospf-basic-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:00 UTC
# junos-routing-pim-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:02 UTC
# junos-routing-policy-advanced-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:07 UTC
# junos-routing-policy-basic-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:07 UTC
# junos-routing-prpd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:08 UTC
# junos-routing-rip-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:10 UTC
# junos-routing-route-validation-advanced-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:02 UTC
# junos-routing-route-validation-basic-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:02 UTC
# junos-routing-rpd-lmp-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:02 UTC
# junos-routing-rpd-tte-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:10 UTC
# junos-routing-rsvp-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:09 UTC
# junos-routing-sap-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:02 UTC
# junos-routing-spring-te-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:09 UTC
# junos-routing-srv6-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:08 UTC
# l2ald-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:51:03 UTC
# lldp-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:14 UTC
# lrf-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:14 UTC
# macsec-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:49:55 UTC
# mclag_cfgchk_cmd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:14 UTC
# mcsnoop-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:16 UTC
# mo-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:17 UTC
# pccd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:16 UTC
# phcd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:49:54 UTC
# ppmd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:05 UTC
# pppd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:20 UTC
# pppoed-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:20 UTC
# r2cpd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:20 UTC
# rdd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:15 UTC
# repd_cmd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:15 UTC
# scpd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:15 UTC
# sdpd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:15 UTC
# secintel_usp-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:24 UTC
# secure-web-gateway-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:24 UTC
# services-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:51:08 UTC
# spmd_common-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:15 UTC
# stp-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:15 UTC
# subinfo-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:15 UTC
# syshmd_health_mon-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:25 UTC
# syshmd_trackip-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:25 UTC
# sztp-helper-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:49:55 UTC
# telemetry-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:15 UTC
# timingd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:15 UTC
# traffic-dird-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:15 UTC
# transportd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:16 UTC
# url-filterd-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:50:16 UTC
# vlans-ng-actions-dd release 23.4R1.9 built by builder on 2023-12-16 01:51:01 UTC
#
# BDG-VIETTEL-HSK-FW-01> show version invoke-on other-routing-engine
# Hostname: BDG-VIETTEL-HSK-FW-01
# Model: srx1600
# Junos: 23.4R1.9
# JUNOS OS Kernel 64-bit [20231122.ee0e992_builder_stable_12_234]
# JUNOS OS libs [20231122.ee0e992_builder_stable_12_234]
# JUNOS OS runtime [20231122.ee0e992_builder_stable_12_234]
# JUNOS OS time zone information [20231122.ee0e992_builder_stable_12_234]
# JUNOS OS libs compat32 [20231122.ee0e992_builder_stable_12_234]
# JUNOS OS 32-bit compatibility [20231122.ee0e992_builder_stable_12_234]
# JUNOS py extensions [20231216.005403_builder_junos_234_r1]
# JUNOS py base [20231216.005403_builder_junos_234_r1]
# JUNOS OS vmguest [20231122.ee0e992_builder_stable_12_234]
# JUNOS OS package [20231117.015524_builder_stable_12]
# JUNOS network stack and utilities [20231216.005403_builder_junos_234_r1]
# JUNOS OS network modules [20231122.ee0e992_builder_stable_12_234]
# JUNOS OS crypto [20231122.ee0e992_builder_stable_12_234]
# JUNOS OS boot-ve files [20231122.ee0e992_builder_stable_12_234]
# JUNOS libs [20231216.005403_builder_junos_234_r1]
# JUNOS libs compat32 [20231216.005403_builder_junos_234_r1]
# JUNOS runtime [20231216.005403_builder_junos_234_r1]
# JUNOS na telemetry [23.4R1.9]
# JUNOS Web Management Platform Package [20231216.005403_builder_junos_234_r1]
# JUNOS vmguest [20231216.005403_builder_junos_234_r1]
# JUNOS lite sysmond [20231216.005403_builder_junos_234_r1]
# JUNOS publish subscribe base [20231216.005403_builder_junos_234_r1]
# JUNOS srx libs compat32 [20231216.005403_builder_junos_234_r1]
# JUNOS srx runtime [20231216.005403_builder_junos_234_r1]
# JUNOS srx platform support [20231216.005403_builder_junos_234_r1]
# JUNOS common platform support [20231216.005403_builder_junos_234_r1]
# JUNOS srxtvp runtime [20231216.005403_builder_junos_234_r1]
# JUNOS Routing mpls-oam-basic [20231216.005403_builder_junos_234_r1]
# JUNOS Routing lsys [20231216.005403_builder_junos_234_r1]
# JUNOS Routing controller-external [20231216.005403_builder_junos_234_r1]
# JUNOS Routing 32-bit Compatible Version [20231216.005403_builder_junos_234_r1]
# JUNOS Routing aggregated [20231216.005403_builder_junos_234_r1]
# Redis [20231216.005403_builder_junos_234_r1]
# JUNOS probe utility [20231216.005403_builder_junos_234_r1]
# JUNOS pppoe [20231216.005403_builder_junos_234_r1]
# JUNOS Openconfig [23.4R1.9]
# JUNOS mtx network modules [20231216.005403_builder_junos_234_r1]
# JUNOS modules [20231216.005403_builder_junos_234_r1]
# JUNOS srxtvp modules [20231216.005403_builder_junos_234_r1]
# JUNOS srxtvp libs [20231216.005403_builder_junos_234_r1]
# JUNOS srx libs [20231216.005403_builder_junos_234_r1]
# JUNOS L2 RSI Scripts [20231216.005403_builder_junos_234_r1]
# JUNOS Key Manager [20231216.005403_builder_junos_234_r1]
# JUNOS srx Data Plane Crypto Support [20231216.005403_builder_junos_234_r1]
# JUNOS ike [20231216.005403_builder_junos_234_r1]
# JUNOS daemons [20231216.005403_builder_junos_234_r1]
# JUNOS srx daemons [20231216.005403_builder_junos_234_r1]
# JUNOS SRX TVP AppQos Daemon [20231216.005403_builder_junos_234_r1]
# JUNOS TPM2 [20231216.005403_builder_junos_234_r1]
# JUNOS Extension Toolkit [20231216.005403_builder_junos_234_r1]
# JUNOS Phone-home [20231216.005403_builder_junos_234_r1]
# JUNOS Juniper Malware Removal Tool (JMRT) [1.0.0+20231216.005403_builder_junos_234_r1]
# JUNOS Juniper Malware Removal Tool (JMRT) Test [1.0.0+20231216.005403_builder_junos_234_r1]
# JUNOS J-Insight [20231216.005403_builder_junos_234_r1]
# JUNOS Online Documentation [20231216.005403_builder_junos_234_r1]
# JUNOS jail runtime [20231122.ee0e992_builder_stable_12_234]
# JUNOS FIPS mode utilities [20231216.005403_builder_junos_234_r1]
# JUNOS dsa [20231216.005403_builder_junos_234_r1]
#
# BDG-VIETTEL-HSK-FW-01> show configuration
version 23.4R1.9;
system {
host-name BDG-VIETTEL-HSK-FW-01;
root-authentication {
encrypted-password "$6$j0Y1UZRW$XVkiN/FbFHL.6mU6OnLUKYDWMoGd53HcfXIlYVuO/LUmGqBbTVj4dEUBEMIgJYVOvS5JVxuYkU3/Pd5LyjgiY.";
}
login {
user admin {
uid 2001;
class super-user;
authentication {
encrypted-password "$6$Xsh2ht.C$nlDGucFC9c52S/BJexGe5F.3odNEeLN.82n2UkLg0Ue0b7dnPJEzCLQRgyXHcBlgnMMlYWbcDQSHSY58P.vEh0";
}
}
user adminit {
uid 2002;
class read-only;
authentication {
encrypted-password "$6$UfWX9GzY$A.6Z2Pwondh6d2Q0XzPFCGOEaKil9pU6duYlbSeLoj/CMFu1DVayl6wyrpLIii9HWNEIWZXGWIE6JLZE1xE7a1";
}
}
user datht {
full-name "Huynh Tan Dat";
uid 2003;
class super-user;
authentication {
encrypted-password "$6$hg2rza/l$fk74d/h1uc5LHKLNxh5YjI0RGSI.OL9JiddZLD76a.qkn4FWzaKMo2pCC90zjJK0IkepwMn3MMMdmICFkODA70";
}
}
user nguyennd {
uid 2000;
class super-user;
authentication {
encrypted-password "$6$Wrg0Yd2v$72brdY8CrlWZh9hAiWYNyGI.XGJh7ndBCWD3PjFaL.Df6nyBwVr1j40ZN5P/ada442rCL3DSj7ocNbxekzO0x/";
}
}
user tanhn {
full-name "Huynh Ngoc Tan";
uid 2004;
class super-user;
authentication {
encrypted-password "$6$jeUC9DdE$ywaGEHsqGLP9xPhq6lnUhR4M4PzNPvcdcvsmUxFcmUND0wC6EBwFCziw.H1k.a7P8tL8xz2wV.FJmR.y3aUBr0";
}
}
}
services {
netconf {
ssh;
}
ssh;
xnm-clear-text;
web-management {
http {
interface ae1.15;
}
https {
system-generated-certificate;
}
}
}
name-server {
8.8.8.8;
8.8.4.4;
}
syslog {
user * {
any emergency;
}
host 172.16.200.21 {
any info;
authorization info;
port 5514;
source-address 172.16.15.247;
}
file interactive-commands {
interactive-commands any;
}
file messages {
any notice;
authorization info;
}
}
max-configurations-on-flash 49;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
processes {
dhcp-service {
traceoptions {
file dhcp_logfile size 10m;
level all;
flag packet;
}
}
}
}
chassis {
aggregated-devices {
ethernet {
device-count 20;
}
}
fpc 0 {
pic 1 {
pic-mode 10G;
}
}
}
services {
ssl {
termination {
profile RA-JSC-term {
server-certificate JSC-03;
}
}
}
}
security {
log {
utc-timestamp;
mode stream;
format sd-syslog;
report;
stream splunk-stream {
severity info;
format sd-syslog;
host {
172.16.200.21;
port 5514;
}
source-address 172.16.15.247;
}
}
ike {
traceoptions {
file kmd-003 size 1024768 files 10;
flag all;
}
proposal ike-proposal-01 {
authentication-method pre-shared-keys;
dh-group group20;
authentication-algorithm md5;
encryption-algorithm aes-256-cbc;
lifetime-seconds 86400;
}
proposal ike-proposal-02 {
authentication-method pre-shared-keys;
dh-group group20;
authentication-algorithm md5;
encryption-algorithm aes-256-cbc;
lifetime-seconds 86400;
}
proposal ike-prop-vpn-0fc4530-1 {
authentication-method pre-shared-keys;
dh-group group2;
authentication-algorithm sha1;
encryption-algorithm aes-128-cbc;
lifetime-seconds 28800;
}
proposal ike-prop-vpn-0fc4530-2 {
authentication-method pre-shared-keys;
dh-group group2;
authentication-algorithm sha1;
encryption-algorithm aes-128-cbc;
lifetime-seconds 28800;
}
policy ike-policy-01 {
mode main;
proposals ike-proposal-01;
# pre-shared-key ascii-text <removed>;
}
policy ike-policy-02 {
mode main;
proposals ike-proposal-02;
# pre-shared-key ascii-text <removed>;
}
policy ike-pol-vpn-0fc4530-1 {
mode main;
proposals ike-prop-vpn-0fc4530-1;
# pre-shared-key ascii-text <removed>;
}
policy ike-pol-vpn-0fc4530-2 {
mode main;
proposals ike-prop-vpn-0fc4530-2;
# pre-shared-key ascii-text <removed>;
}
gateway ike-gate-01 {
ike-policy ike-policy-01;
address 14.225.242.83;
dead-peer-detection {
interval 10;
threshold 3;
}
external-interface xe-0/1/0;
local-address 125.212.255.174;
version v1-only;
}
gateway ike-gate-02 {
ike-policy ike-policy-02;
address 112.197.3.122;
dead-peer-detection {
interval 10;
threshold 3;
}
external-interface xe-0/1/1;
version v1-only;
}
gateway gw-vpn-0fc4530-1 {
ike-policy ike-pol-vpn-0fc4530-1;
address 3.0.215.104;
dead-peer-detection {
interval 10;
threshold 3;
}
no-nat-traversal;
external-interface xe-0/1/1.0;
version v2-only;
}
gateway gw-vpn-0fc4530-2 {
ike-policy ike-pol-vpn-0fc4530-2;
address 52.76.163.37;
dead-peer-detection {
interval 10;
threshold 3;
}
no-nat-traversal;
external-interface xe-0/1/1.0;
version v2-only;
}
}
ipsec {
traceoptions {
file ipsec-trace size 10m files 5;
flag all;
}
proposal ipsec-proposal-01 {
protocol esp;
authentication-algorithm hmac-sha-256-128;
encryption-algorithm aes-256-cbc;
lifetime-seconds 28800;
}
proposal ipsec-proposal-02 {
protocol esp;
authentication-algorithm hmac-sha-256-128;
encryption-algorithm aes-256-cbc;
lifetime-seconds 28800;
}
proposal ipsec-prop-vpn-0fc4530-1 {
protocol esp;
authentication-algorithm hmac-sha1-96;
encryption-algorithm aes-128-cbc;
lifetime-seconds 3600;
}
proposal ipsec-prop-vpn-0fc4530-2 {
protocol esp;
authentication-algorithm hmac-sha1-96;
encryption-algorithm aes-128-cbc;
lifetime-seconds 3600;
}
policy ipsec-policy-01 {
proposals ipsec-proposal-01;
}
policy ipsec-policy-02 {
proposals ipsec-proposal-02;
}
policy ipsec-pol-vpn-0fc4530-1 {
perfect-forward-secrecy {
keys group2;
}
proposals ipsec-prop-vpn-0fc4530-1;
}
policy ipsec-pol-vpn-0fc4530-2 {
perfect-forward-secrecy {
keys group2;
}
proposals ipsec-prop-vpn-0fc4530-2;
}
vpn ipsec-vpn-01 {
bind-interface st0.0;
vpn-monitor {
optimized;
source-interface st0.0;
}
ike {
gateway ike-gate-01;
ipsec-policy ipsec-policy-01;
}
establish-tunnels immediately;
}
vpn ipsec-vpn-02 {
bind-interface st0.1;
vpn-monitor {
optimized;
source-interface st0.1;
}
ike {
gateway ike-gate-02;
ipsec-policy ipsec-policy-02;
}
establish-tunnels immediately;
}
vpn vpn-0fc4530-1 {
bind-interface st0.17;
df-bit clear;
ike {
gateway gw-vpn-0fc4530-1;
ipsec-policy ipsec-pol-vpn-0fc4530-1;
}
}
vpn vpn-0fc4530-2 {
bind-interface st0.18;
df-bit clear;
ike {
gateway gw-vpn-0fc4530-2;
ipsec-policy ipsec-pol-vpn-0fc4530-2;
}
}
}
address-book {
global {
address HSK-MNGT-IP-01 125.212.220.208/32;
address HSK-MNGT-IP-02 123.30.249.178/32;
address HSK-MNGT-IP-03 27.74.242.173/32;
address HSK-MNGT-IP-04 14.225.249.249/32;
address HSK-MNGT-IP-05 14.241.249.24/32;
address LAN-ZONE-VM-MNGT 172.16.200.89/32;
address VIETTEL-LAN-ZONE-VM-01 172.16.200.0/23;
address VNPT-LAN-ZONE-VM-01 172.16.100.0/23;
address Cloudflare-IP-01 73.245.48.0/20;
address Cloudflare-IP-02 103.21.244.0/22;
address Cloudflare-IP-03 103.22.200.0/22;
address Cloudflare-IP-04 103.31.4.0/22;
address Cloudflare-IP-05 141.101.64.0/18;
address Cloudflare-IP-06 108.162.192.0/18;
address Cloudflare-IP-07 190.93.240.0/20;
address Cloudflare-IP-08 188.114.96.0/20;
address Cloudflare-IP-09 197.234.240.0/22;
address Cloudflare-IP-10 198.41.128.0/17;
address Cloudflare-IP-11 162.158.0.0/15;
address Cloudflare-IP-12 104.16.0.0/13;
address Cloudflare-IP-13 104.24.0.0/14;
address Cloudflare-IP-14 172.64.0.0/13;
address Cloudflare-IP-15 131.0.72.0/22;
address Cloudflare-IP-16 173.245.48.0/20;
address HSK-VM-WEB-01 172.16.200.88/32;
address HOST-MANAGEMENT-VNPT-01 172.16.100.80/32;
address HOST-MANAGEMENT-VNPT-02 172.16.100.100/32;
address HOST-MANAGEMENT-VNPT-03 172.16.14.101/32;
address HOST-MANAGEMENT-VNPT-04 172.16.14.244/32;
address HSK-VIETTEL-ChatQC-HA-K8s 172.16.200.133/32;
address HOST-PRTG-VNPT-01 172.16.100.248/32;
address AdminPublic-01 222.255.122.78/32;
address AdminPublic-02 14.225.241.80/32;
address AdminPublic-03 14.225.241.108/32;
address AdminPublic-04 14.241.238.138/32;
address AdminPublic-05 115.73.218.48/32;
address AdminPublic-06 14.225.241.73/32;
address AdminPublic-07 123.30.249.178/32;
address AdminPublic-08 14.225.241.74/32;
address AdminPublic-09 113.23.77.197/32;
address AdminPublic-10 113.23.77.198/32;
address AdminPublic-11 113.23.77.105/32;
address AdminPublic-12 14.225.241.109/32;
address AdminPublic-13 125.212.220.209/32;
address AdminPublic-14 118.69.81.238/32;
address AdminPublic-15 14.225.241.90/32;
address AdminPublic-16 14.225.241.77/32;
address AdminPublic-17 14.225.241.78/32;
address AdminPublic-18 14.225.241.79/32;
address AdminPublic-19 14.225.241.87/32;
address AdminPublic-20 14.225.241.88/32;
address AdminPublic-21 14.225.241.89/32;
address AdminPublic-22 27.74.242.173/32;
address AdminPublic-23 14.241.249.24/32;
address 29HoangViet-01 14.241.249.24/32;
address 29HoangViet-02 27.74.242.173/32;
address VPN-HOST-01 123.30.249.178/32;
address QC-Connection-01 14.225.216.242/32;
address QC-Connection-02 14.225.216.243/32;
address QC-Connection-03 14.225.242.81/32;
address QC-Connection-04 222.252.25.142/32;
address QC-Connection-05 14.224.179.29/32;
address QC-Connection-06 14.225.249.198/32;
address QC-Connection-07 125.212.220.210/32;
address QC-Connection-08 115.79.44.188/32;
address QC-Connection-09 14.161.14.105/32;
address QC-Connection-10 115.79.210.176/32;
address QC-Connection-11 18.142.124.174/32;
address QC-Connection-12 118.69.81.240/32;
address QC-Connection-13 115.78.130.8/32;
address QC-Connection-14 125.212.220.208/32;
address QC-Connection-15 14.224.216.3/32;
address QC-Connection-16 27.74.242.173/32;
address QC-Connection-17 14.241.249.24/32;
address QC-Connection-18 14.225.241.80/32;
address QC-Connection-19 14.161.16.247/32;
address QC-Connection-20 115.79.137.179/32;
address QC-Connection-21 14.225.249.243/32;
address QC-Connection-22 14.225.249.233/32;
address QC-Connection-23 14.225.249.234/32;
address QC-Connection-24 14.225.249.235/32;
address QC-Connection-25 14.225.249.236/32;
address QC-Connection-26 14.225.249.237/32;
address QC-Connection-27 14.225.249.238/32;
address QC-Connection-28 14.225.249.239/32;
address QC-Connection-29 14.225.249.241/32;
address QC-Connection-30 14.225.249.244/32;
address QC-Connection-31 14.225.249.253/32;
address QC-Connection-32 14.225.249.249/32;
address QC-Connection-33 103.93.92.25/32;
address QC-Connection-34 14.255.249.150/32;
address QC-Connection-35 115.78.230.226/32;
address QC-Connection-36 14.225.194.160/32;
address QC-Connection-37 103.168.54.78/32;
address QC-Connection-38 123.30.249.26/32;
address QC-Connection-39 113.161.33.107/32;
address QC-Connection-40 116.73.208.106/32;
address QC-Connection-41 14.224.237.115/32;
address QC-Connection-42 203.162.54.108/32;
address QC-Connection-43 14.225.241.116/32;
address QC-Connection-44 14.225.241.117/32;
address QC-Connection-45 14.225.241.118/32;
address QC-Connection-46 14.225.249.132/32;
address QC-Connection-47 113.23.77.116/32;
address QC-Connection-48 14.225.241.124/32;
address QC-Connection-49 14.225.200.200/32;
address QC-Connection-50 14.241.238.138/32;
address QC-Connection-51 115.73.218.48/32;
address QC-Connection-52 123.30.249.178/32;
address QC-Connection-53 14.225.241.73/32;
address QC-Connection-54 113.161.49.29/32;
address QC-Connection-55 167.99.67.47/32;
address QC-Connection-56 14.225.241.74/32;
address QC-Connection-57 10.10.12.0/24;
address QC-Connection-58 14.225.194.150/32;
address QC-Connection-59 43.239.148.187/32;
address QC-Connection-60 14.225.249.139/32;
address QC-Connection-61 157.245.63.133/32;
address QC-Connection-62 113.23.77.100/32;
address QC-Connection-63 14.225.241.110/32;
address QC-Connection-64 113.23.77.197/32;
address QC-Connection-65 113.23.77.198/32;
address QC-Connection-66 113.23.77.105/32;
address QC-Connection-67 113.23.77.103/32;
address QC-Connection-68 14.225.241.90/32;
address QC-Connection-69 43.239.148.186/32;
address QC-Connection-70 118.69.81.238/32;
address QC-Connection-71 14.225.194.148/32;
address QC-Connection-72 123.30.249.45/32;
address QC-Connection-73 14.225.249.131/32;
address QC-Connection-74 14.225.200.199/32;
address QC-Connection-75 14.225.241.70/32;
address QC-Connection-76 125.212.220.207/32;
address QC-Connection-77 125.212.220.210/32;
address QC-Connection-78 125.212.220.208/32;
address QC-Connection-79 125.212.220.209/32;
address QC-Connection-80 172.16.200.0/23;
address QC-Connection-82 14.225.194.150/32;
address QC-Connection-83 125.212.246.13/32;
address QC-Connection-84 125.212.246.10/32;
address QC-Connection-85 160.187.94.131/32;
address QC-Connection-86 14.225.249.208/32;
address QC-Connection-87 14.225.249.209/32;
address QC-Connection-88 14.225.249.210/32;
address QC-Connection-89 52.76.51.80/32;
address INSIDE-ADDRESS-01 14.224.129.204/32;
address INSIDE-ADDRESS-02 125.212.220.209/32;
address INSIDE-ADDRESS-03 14.225.249.217/32;
address INSIDE-ADDRESS-04 14.225.241.94/32;
address INSIDE-ADDRESS-05 14.225.194.155/32;
address INSIDE-ADDRESS-06 14.225.249.203/32;
address INSIDE-ADDRESS-07 14.225.249.155/32;
address INSIDE-ADDRESS-08 14.225.194.156/32;
address INSIDE-ADDRESS-09 14.225.249.207/32;
address INSIDE-ADDRESS-10 14.225.249.208/32;
address INSIDE-ADDRESS-11 14.225.194.148/32;
address INSIDE-ADDRESS-12 14.225.249.183/32;
address INSIDE-ADDRESS-13 14.225.241.110/32;
address INSIDE-ADDRESS-14 14.225.249.228/32;
address INSIDE-ADDRESS-15 203.162.54.108/32;
address INSIDE-ADDRESS-16 14.225.216.241/32;
address INSIDE-ADDRESS-17 14.225.216.242/32;
address INSIDE-ADDRESS-18 14.225.216.243/32;
address RAD-HOST-01 27.74.242.173/32;
address RAD-HOST-02 14.241.249.24/32;
address RAD-HOST-03 113.161.49.29/32;
address BIT-BUCKET-01 104.192.136.0/21;
address BIT-BUCKET-02 185.166.140.0/22;
address BIT-BUCKET-03 13.200.41.128/25;
address DEV-137-IP 172.16.200.137/32;
address SHOP-HOST-01 14.241.238.138/32;
address SHOP-HOST-02 115.73.218.48/32;
address SHOP-HOST-03 14.224.237.115/32;
address SHOP-HOST-04 27.74.248.89/32;
address SHOP-HOST-05 113.161.32.1/32;
address SHOP-HOST-06 14.224.136.5/32;
address SHOP-HOST-07 115.78.7.24/32;
address SHOP-HOST-08 14.224.136.26/32;
address SHOP-HOST-09 115.79.42.231/32;
address SHOP-HOST-10 14.241.229.211/32;
address SHOP-HOST-11 115.78.234.45/32;
address SHOP-HOST-12 115.78.224.8/32;
address SHOP-HOST-13 14.224.129.231/32;
address SHOP-HOST-14 115.79.143.132/32;
address SHOP-HOST-15 222.252.25.142/32;
address SHOP-HOST-16 14.224.179.29/32;
address SHOP-HOST-17 14.241.225.122/32;
address SHOP-HOST-18 115.79.26.191/32;
address SHOP-HOST-19 115.75.16.80/32;
address SHOP-HOST-20 113.166.127.250/32;
address SHOP-HOST-21 115.73.220.104/32;
address SHOP-HOST-22 115.73.209.63/32;
address SHOP-HOST-23 14.224.173.238/32;
address SHOP-HOST-24 115.77.184.46/32;
address SHOP-HOST-25 14.224.146.53/32;
address SHOP-HOST-26 222.252.15.136/32;
address SHOP-HOST-27 14.224.137.187/32;
address SHOP-HOST-28 14.224.182.245/32;
address SHOP-HOST-29 14.241.62.65/32;
address SHOP-HOST-30 113.161.143.4/32;
address SHOP-HOST-31 14.189.254.4/32;
address SHOP-HOST-32 115.73.218.179/32;
address SHOP-HOST-33 115.79.32.99/32;
address SHOP-HOST-34 27.72.57.168/32;
address SHOP-HOST-35 115.75.191.37/32;
address SHOP-HOST-36 14.224.130.117/32;
address SHOP-HOST-37 14.224.157.10/32;
address SHOP-HOST-38 14.224.159.20/32;
address SHOP-HOST-39 115.75.19.183/32;
address SHOP-HOST-40 14.224.172.207/32;
address SHOP-HOST-41 14.224.179.35/32;
address SHOP-HOST-42 14.241.253.91/32;
address SHOP-HOST-43 14.241.244.110/32;
address SHOP-HOST-44 14.224.131.132/32;
address SHOP-HOST-45 115.77.184.91/32;
address SHOP-HOST-46 115.77.188.14/32;
address SHOP-HOST-47 14.224.183.193/32;
address SHOP-HOST-48 115.79.46.55/32;
address SHOP-HOST-49 115.78.3.220/32;
address SHOP-HOST-50 27.74.248.129/32;
address SHOP-HOST-51 14.224.179.255/32;
address SHOP-HOST-52 222.253.42.54/32;
address SHOP-HOST-53 14.224.137.185/32;
address SHOP-HOST-54 115.78.225.60/32;
address SHOP-HOST-55 222.253.48.229/32;
address SHOP-HOST-56 14.224.128.235/32;
address SHOP-HOST-57 14.224.170.177/32;
address SHOP-HOST-58 14.224.152.44/32;
address SHOP-HOST-59 14.224.151.111/32;
address SHOP-HOST-60 27.74.240.175/32;
address SHOP-HOST-61 115.78.95.39/32;
address SHOP-HOST-62 115.79.197.144/32;
address SHOP-HOST-63 113.176.63.34/32;
address SHOP-HOST-64 115.78.230.226/32;
address SHOP-HOST-65 115.73.213.81/32;
address SHOP-HOST-66 115.73.212.140/32;
address SHOP-HOST-67 113.161.65.47/32;
address SHOP-HOST-68 115.73.220.206/32;
address SHOP-HOST-69 14.241.120.101/32;
address SHOP-HOST-70 115.79.198.64/32;
address SHOP-HOST-71 117.3.1.94/32;
address SHOP-HOST-72 117.2.161.42/32;
address SHOP-HOST-73 117.2.17.241/32;
address SHOP-HOST-74 117.3.174.211/32;
address SHOP-HOST-75 113.161.254.57/32;
address SHOP-HOST-76 117.2.81.153/32;
address SHOP-HOST-77 113.161.187.231/32;
address SHOP-HOST-78 115.74.196.246/32;
address SHOP-HOST-79 14.224.173.228/32;
address SHOP-HOST-80 113.176.124.150/32;
address SHOP-HOST-81 14.241.102.105/32;
address SHOP-HOST-82 14.224.152.241/32;
address SHOP-HOST-83 14.224.161.230/32;
address SHOP-HOST-84 117.2.131.245/32;
address SHOP-HOST-85 117.4.155.8/32;
address SHOP-HOST-86 14.224.181.134/32;
address SHOP-HOST-87 115.79.47.252/32;
address SHOP-HOST-88 14.224.171.229/32;
address SHOP-HOST-89 115.79.5.149/32;
address SHOP-HOST-90 14.161.16.247/32;
address SHOP-HOST-91 115.79.137.179/32;
address SHOP-HOST-92 14.224.150.248/32;
address SHOP-HOST-93 117.2.137.243/32;
address SHOP-HOST-94 115.73.222.121/32;
address SHOP-HOST-95 117.3.111.174/32;
address SHOP-HOST-96 115.79.138.57/32;
address SHOP-HOST-97 117.2.24.90/32;
address SHOP-HOST-98 117.2.132.86/32;
address SHOP-HOST-99 117.2.125.149/32;
address SHOP-HOST-100 14.241.142.172/32;
address SHOP-HOST-101 14.241.206.63/32;
address SHOP-HOST-102 117.2.57.65/32;
address SHOP-HOST-103 115.78.7.97/32;
address SHOP-HOST-104 117.2.88.216/32;
address SHOP-HOST-105 116.105.225.224/32;
address SHOP-HOST-106 117.4.200.236/32;
address SHOP-HOST-107 115.75.67.164/32;
address SHOP-HOST-108 115.79.143.231/32;
address SHOP-HOST-109 117.2.83.211/32;
address SHOP-HOST-110 14.224.148.109/32;
address SHOP-HOST-111 14.224.153.36/32;
address SHOP-HOST-112 117.2.169.76/32;
address SHOP-HOST-113 14.224.155.104/32;
address SHOP-HOST-114 14.224.157.232/32;
address SHOP-HOST-115 14.224.159.241/32;
address SHOP-HOST-116 14.224.159.227/32;
address SHOP-HOST-117 14.224.179.132/32;
address SHOP-HOST-118 14.224.167.128/32;
address SHOP-HOST-119 115.79.198.225/32;
address SHOP-HOST-120 14.224.158.252/32;
address SHOP-HOST-121 117.2.158.253/32;
address SHOP-HOST-122 116.105.229.5/32;
address SHOP-HOST-123 14.224.175.20/32;
address SHOP-HOST-124 14.224.181.101/32;
address SHOP-HOST-125 115.77.191.122/32;
address SHOP-HOST-126 14.224.137.71/32;
address SHOP-HOST-127 14.224.138.228/32;
address SHOP-HOST-128 {
description "179 Phan Chu Trinh - LD";
14.224.138.42/32;
}
address SHOP-HOST-129 14.224.187.229/32;
address SHOP-HOST-130 117.3.2.249/32;
address SHOP-HOST-131 14.224.136.247/32;
address SHOP-HOST-132 115.75.54.56/32;
address SHOP-HOST-133 14.224.136.24/32;
address SHOP-HOST-134 14.241.249.24/32;
address SHOP-HOST-135 27.74.242.173/32;
address SHOP-HOST-136 14.161.14.105/32;
address SHOP-HOST-137 115.79.44.188/32;
address SHOP-HOST-138 113.161.47.62/32;
address SHOP-HOST-139 115.79.60.30/32;
address SHOP-HOST-140 115.74.224.229/32;
address SHOP-HOST-141 14.241.187.119/32;
address SHOP-HOST-142 115.78.14.33/32;
address SHOP-HOST-143 115.75.176.111/32;
address SHOP-HOST-144 113.161.204.233/32;
address SHOP-HOST-145 115.74.250.233/32;
address SHOP-HOST-146 115.74.203.207/32;
address SHOP-HOST-147 203.210.237.189/32;
address SHOP-HOST-148 115.74.222.182/32;
address SHOP-HOST-149 115.75.34.230/32;
address SHOP-HOST-150 115.74.224.130/32;
address SHOP-HOST-151 115.75.10.150/32;
address SHOP-HOST-152 115.75.161.136/32;
address SHOP-HOST-153 115.75.36.73/32;
address SHOP-HOST-154 115.74.241.8/32;
address SHOP-HOST-155 115.75.185.157/32;
address SHOP-HOST-156 115.75.83.15/32;
address SHOP-HOST-157 115.75.138.243/32;
address SHOP-HOST-158 115.75.129.192/32;
address SHOP-HOST-159 113.176.89.227/32;
address SHOP-HOST-160 115.75.118.91/32;
address SHOP-HOST-161 115.75.121.118/32;
address SHOP-HOST-162 113.161.174.46/32;
address SHOP-HOST-163 222.253.42.213/32;
address SHOP-HOST-164 117.4.139.203/32;
address SHOP-HOST-165 14.224.173.70/32;
address SHOP-HOST-166 14.224.166.109/32;
address SHOP-HOST-167 115.75.106.236/32;
address SHOP-HOST-168 115.78.94.235/32;
address SHOP-HOST-169 115.78.73.109/32;
address SHOP-HOST-170 115.74.201.86/32;
address SHOP-HOST-171 115.74.210.220/32;
address SHOP-HOST-172 115.74.233.49/32;
address SHOP-HOST-173 115.74.224.137/32;
address SHOP-HOST-174 115.73.210.132/32;
address SHOP-HOST-175 115.75.39.209/32;
address SHOP-HOST-176 115.74.194.105/32;
address SHOP-HOST-177 14.241.172.235/32;
address SHOP-HOST-178 113.161.217.121/32;
address SHOP-HOST-179 123.22.212.179/32;
address SHOP-HOST-180 203.210.232.58/32;
address SHOP-HOST-181 113.161.217.190/32;
address SHOP-HOST-182 113.161.217.109/32;
address SHOP-HOST-183 14.241.190.181/32;
address SHOP-HOST-184 113.161.145.22/32;
address SHOP-HOST-185 115.75.36.222/32;
address SHOP-HOST-186 115.74.246.184/32;
address SHOP-HOST-187 27.74.242.218/32;
address SHOP-HOST-188 115.75.32.198/32;
address SHOP-HOST-189 115.75.99.125/32;
address SHOP-HOST-190 115.75.181.163/32;
address SHOP-HOST-191 115.79.219.186/32;
address SHOP-HOST-192 115.79.192.222/32;
address SHOP-HOST-193 115.75.10.195/32;
address SHOP-HOST-194 115.75.160.159/32;
address SHOP-HOST-195 115.74.250.86/32;
address SHOP-HOST-196 115.75.168.18/32;
address SHOP-HOST-197 115.78.73.11/32;
address SHOP-HOST-198 115.75.137.233/32;
address SHOP-HOST-199 115.79.222.128/32;
address SHOP-HOST-200 14.224.159.132/32;
address SHOP-HOST-201 14.224.149.246/32;
address SHOP-HOST-202 14.224.159.150/32;
address SHOP-HOST-203 14.224.158.97/32;
address SHOP-HOST-204 14.224.156.168/32;
address SHOP-HOST-205 113.161.231.152/32;
address SHOP-HOST-206 14.224.154.90/32;
address SHOP-HOST-207 14.224.178.126/32;
address SHOP-HOST-208 115.75.163.146/32;
address SHOP-HOST-209 115.79.137.239/32;
address SHOP-HOST-210 14.224.135.132/32;
address SHOP-HOST-211 14.224.203.14/32;
address SHOP-HOST-212 115.79.220.95/32;
address SHOP-HOST-213 115.75.112.125/32;
address SHOP-HOST-214 14.224.135.134/32;
address SHOP-HOST-215 14.224.133.194/32;
address SHOP-HOST-216 14.224.129.37/32;
address SHOP-HOST-217 14.224.185.159/32;
address SHOP-HOST-218 115.79.192.245/32;
address SHOP-HOST-219 14.224.186.18/32;
address SHOP-HOST-220 14.224.142.138/32;
address SHOP-HOST-221 14.224.192.195/32;
address SHOP-HOST-222 14.224.180.133/32;
address SHOP-HOST-223 14.224.192.92/32;
address SHOP-HOST-224 116.102.97.95/32;
address SHOP-HOST-225 115.79.47.252/32;
address SHOP-HOST-226 115.74.213.198/32;
address SHOP-HOST-227 115.75.32.150/32;
address SHOP-HOST-228 115.74.227.104/32;
address SHOP-HOST-229 117.2.164.199/32;
address SHOP-HOST-230 14.224.182.230/32;
address SHOP-HOST-231 115.78.96.62/32;
address SHOP-HOST-232 115.75.83.151/32;
address SHOP-HOST-233 14.224.148.70/32;
address SHOP-HOST-234 117.2.49.184/32;
address SHOP-HOST-235 14.224.201.22/32;
address SHOP-HOST-236 14.224.178.21/32;
address SHOP-HOST-237 116.102.103.236/32;
address SHOP-HOST-238 14.224.216.3/32;
address SHOP-HOST-239 115.74.215.11/32;
address SHOP-HOST-240 14.224.210.141/32;
address SHOP-HOST-241 115.75.57.211/32;
address SHOP-HOST-242 115.74.200.103/32;
address SHOP-HOST-243 27.72.158.75/32;
address SHOP-HOST-244 14.224.182.234/32;
address SHOP-HOST-245 14.224.180.164/32;
address SHOP-HOST-246 14.224.194.192/32;
address SHOP-HOST-247 14.224.194.155/32;
address SHOP-HOST-248 14.224.146.145/32;
address SHOP-HOST-249 115.74.225.26/32;
address SHOP-HOST-250 115.73.215.38/32;
address SHOP-HOST-251 117.2.58.112/32;
address SHOP-HOST-252 116.98.138.190/32;
address SHOP-HOST-253 115.75.50.88/32;
address SHOP-HOST-254 117.4.131.125/32;
address SHOP-HOST-255 14.224.209.148/32;
address SHOP-HOST-256 14.224.208.99/32;
address SHOP-HOST-257 14.224.172.27/32;
address SHOP-HOST-258 14.224.159.206/32;
address SHOP-HOST-259 115.75.13.38/32;
address SHOP-HOST-260 14.224.205.152/32;
address SHOP-HOST-261 117.2.166.126/32;
address SHOP-HOST-262 115.78.88.18/32;
address SHOP-HOST-263 14.224.193.223/32;
address SHOP-HOST-264 117.4.120.220/32;
address SHOP-HOST-265 115.75.145.68/32;
address SHOP-HOST-266 14.224.140.239/32;
address SHOP-HOST-267 14.224.206.30/32;
address SHOP-HOST-268 14.224.206.42/32;
address SHOP-HOST-269 117.4.246.165/32;
address SHOP-HOST-270 117.2.125.235/32;
address SHOP-HOST-271 14.224.207.83/32;
address SHOP-HOST-272 117.2.132.146/32;
address SHOP-HOST-273 115.74.228.232/32;
address DATA-ODM-74-IP 172.16.200.74/32;
address Speedtest-57-IP 172.16.200.57/32;
address Port-Redis-113-IP 172.16.200.113/32;
address Mongo-QC-Food-87-IP 172.16.200.87/32;
address Host-Food-IP-01 123.30.249.45/32;
address Host-Food-IP-02 118.69.81.238/32;
address Port-Redis-86-IP 172.16.200.86/32;
address HA-PROXY-86-IP 172.16.200.86/32;
address WEB-SERIVCE-IP-113 172.16.200.113/32;
address WEB-SERIVCE-113-IP 172.16.200.113/32;
address PORT-113-IP 172.16.200.113/32;
address HarBor-Backup-63-IP 172.16.200.63/32;
address NAT-SQL-131-IP 172.16.200.131/32;
address NAT-SQL-132-IP 172.16.200.132/32;
address Port-Kafka-113-IP 172.16.200.113/32;
address Redis-86-IP 172.16.200.86/32;
address Port-114-IP 172.16.200.114/32;
address Web-Service-114-IP 172.16.200.114/32;
address SSH-Jump-114-IP 172.16.200.114/32;
address ClickHouse-136-IP 172.16.200.136/32;
address Shorewall-250-IP 172.16.201.250/32;
address Shorewall-249-IP 172.16.201.249/32;
address AdminPublic-24 14.225.249.253/32;
address AdminPublic-25 14.225.249.242/32;
address AdminPublic-26 14.225.249.243/32;
address AdminPublic-27 14.225.249.244/32;
address SHOP-HOST-274 113.176.63.34/32;
address SHOP-HOST-275 115.78.230.226/32;
address SHOP-HOST-276 14.224.189.174/32;
address SHOP-HOST-277 115.78.0.222/32;
address SHOP-HOST-278 14.241.238.138/32;
address SHOP-HOST-279 14.224.237.115/32;
address SHOP-HOST-280 14.224.189.218/32;
address SHOP-HOST-281 14.224.174.34/32;
address SHOP-HOST-282 115.78.234.45/32;
address SHOP-HOST-283 14.224.206.170/32;
address HOST-PRTG-VNPT-02 172.16.14.49/32;
address SHOP-HOST-284 117.0.35.189/32;
address SHOP-HOST-285 113.161.49.29/32;
address SHOP-HOST-286 14.224.130.238/32;
address SHOP-HOST-287 14.224.160.163/32;
address SHOP-HOST-288 14.224.182.98/32;
address SHOP-HOST-289 14.224.203.29/32;
address SHOP-HOST-290 115.73.208.106/32;
address SQL-135-IP 172.16.200.135/32;
address INSIDE-ADDRESS-19 14.225.241.74/32;
address SHOP-HOST-291 14.224.186.249/32;
address HOST-PRTG-VNPT-03 172.16.14.244/32;
address SHOP-HOST-292 14.224.130.78/32;
address QC-Connection-90 160.187.94.12/32;
address SHOP-HOST-293 14.224.149.48/32;
address test-01 42.113.167.60/32;
address test-02 42.117.163.122/32;
address SHOP-HOST-294 14.224.134.51/32;
address VPN-HOST-02 14.225.241.73/32;
address QC-Connection-91 14.225.249.219/32;
address VPN-Server-200.138 172.16.200.138/32;
address Proxmox-MNGT-IP 172.16.40.0/24;
address VM-MNGT-VIETTEL 172.16.200.200/32;
address VM-MNGT-VNPT 172.16.100.100/32;
address Proxmox-MNGT-VIETTEL-IP 172.16.40.0/24;
address SHOP-HOST-295 14.224.196.49/32;
address SHOP-HOST-296 14.224.194.237/32;
address QC-Connection-92 14.225.249.155/32;
address QC-Connection-93 14.225.241.104/32;
address QC-Connection-94 113.161.49.29/32;
address SHOP-HOST-297 115.75.39.85/32;
address SHOP-HOST-298 14.224.197.120/32;
address Chat-QC-SRV 172.16.200.89/32;
address SHOP-HOST-299 {
description "IP NHA A VU";
115.78.228.234/32;
}
address SHOP-HOST-300 117.4.115.71/32;
address QC-Connection-95 {
description RAD-AI;
14.225.241.112/32;
}
address HA_PROXY_172.16.200.86 172.16.200.86/32;
address QC-Connection-96 {
description "ALL IP VNPT";
160.187.94.0/26;
}
address SHOP-HOST-301 14.224.198.93/32;
address SHOP-HOST-302 222.253.82.246/32;
address VIP-gw-external-QC 172.16.200.143/32;
address RAD-HOST-04 118.69.81.235/32;
address RAD-HOST-05 118.69.81.244/32;
address RAD-HOST-06 14.225.241.93/32;
address RAD-HOST-07 14.225.241.92/32;
address RAD-HOST-08 113.161.49.29/32;
address RAD-HOST-09 14.225.241.112/32;
address RAD-HOST-10 14.225.241.113/32;
address RAD-HOST-11 14.225.241.114/32;
address RAD-HOST-12 14.225.241.115/32;
address RAD-HOST-13 125.212.246.10/32;
address RAD-HOST-14 125.212.246.13/32;
address RAD-HOST-15 125.212.246.14/32;
address RAD-HOST-17 125.212.246.15/32;
address SHOP-HOST-303 117.2.6.126/32;
address SHOP-HOST-304 14.224.205.243/32;
address SHOP-555-IP-01 14.241.238.138/32;
address SHOP-555-IP-02 115.73.218.48/32;
address SHOP-555-IP-03 115.78.0.222/32;
address VIP-gw-internal-QC_200_154 172.16.200.154/32;
address VIP-gw-gw-external-prod-200_145 172.16.200.145/32;
address VIP-gw-Internal-QC_200.157 172.16.200.157/32;
address HOST-PRTG-VNPT-04 14.225.241.74/32;
address SHOP-HOST-305 14.224.200.162/32;
address Vendor-Digital-Cloud-IP-01 157.245.63.133/32;
address VIP-gw-external-prod-200_160 172.16.200.160/32;
address SHOP-HOST-306 115.74.202.145/32;
address SHOP1009THD {
description "10009 Tran Hung Dao, NINH BINH";
14.224.212.27/32;
}
address HSK-321CauGiayHN {
description "321 Cau Giay Ha Noi";
27.72.146.108/32;
}
address SHOP-129-PNL {
description "129 Pham Ngu Lao - Hai Duong";
27.72.116.179/32;
}
address SHOP-76PVH {
description "CN 76 Phan Van Hon - Hoc Mon";
14.224.213.12/32;
}
address LAN-PULIC-VNPT-160_187_94_0 {
description "LAN PUBLIC VNPT - IP: 160.187.94.0/26";
160.187.94.0/26;
}
address Promotions-Mongo-2 {
description "Promotions-Mongo-2 - IP: 172.16.200.76";
172.16.200.76/32;
}
address SHOP-475-ThotNot {
description "475 QL91 - THOT NOT CAN THO";
115.75.99.180/32;
}
address SHOP-635-QL14 {
description "SHOP 635 QL14, BINH PHUOC";
14.224.216.196/32;
}
address IP-Staging {
description "Staging (test) IP: 210.211.110.183";
210.211.110.183/32;
}
address IP-Staging-2 {
description "Staging (test) IP: 210.211.110.172";
210.211.110.172/32;
}
address IP-Staging-3 {
description "Staging (test) IP: 125.212.215.131";
125.212.215.131/32;
}
address SHOP-DONG_DEN {
description "NHA A VU IP: 115.73.209.26";
115.73.209.26/32;
}
address AWS-IP-1 {
description "Range IP : 3.29.57.0/26";
3.29.57.0/26;
}
address AWS-IP-2 {
description " Range IP : 3.172.0.0/18";
3.172.0.0/18;
}
address AWS-IP-3 {
description "Range IP : 3.172.64.0/18";
3.172.64.0/18;
}
address AWS-IP-4 {
description " Range IP : 13.124.199.0/24";
13.124.199.0/24;
}
address AWS-IP-5 {
description "Range IP : 15.158.0.0/16";
15.158.0.0/16;
}
address AWS-IP-6 {
description "Range IP : 15.158.0.0/16";
15.158.0.0/16;
}
address AWS-IP-7 {
description "Range IP : 52.46.16.0/20";
52.46.16.0/20;
}
address AWS-IP-8 {
description "Range IP : 52.46.32.0/19";
52.46.32.0/19;
}
address AWS-IP-9 {
description "Range IP : 52.82.128.0/23";
52.82.128.0/23;
}
address AWS-IP-10 {
description "Range IP : 52.82.134.0/23";
52.82.134.0/23;
}
address AWS-IP-11 {
description "Range IP : 54.182.128.0/20";
54.182.128.0/20;
}
address AWS-IP-12 {
description "Range IP : 54.182.144.0/21";
54.182.144.0/21;
}
address AWS-IP-13 {
description "Range IP : 54.182.154.0/23";
54.182.154.0/23;
}
address AWS-IP-14 {
description "Range IP : 54.182.156.0/22";
54.182.156.0/22;
}
address AWS-IP-15 {
description "Range IP : 54.182.160.0/21";
54.182.160.0/21;
}
address AWS-IP-16 {
description "Range IP : 54.182.172.0/22";
54.182.172.0/22;
}
address AWS-IP-17 {
description "Range IP : 54.182.176.0/21";
54.182.176.0/21;
}
address AWS-IP-18 {
description "Range IP : 54.182.184.0/22";
54.182.184.0/22;
}
address AWS-IP-19 {
description "Range IP : 54.182.188.0/23";
54.182.188.0/23;
}
address AWS-IP-20 {
description "Range IP : 54.182.224.0/21";
54.182.224.0/21;
}
address AWS-IP-21 {
description "Range IP : 54.182.240.0/21";
54.182.240.0/21;
}
address AWS-IP-22 {
description " Range IP : 54.182.248.0/22";
54.182.248.0/22;
}
address AWS-IP-23 {
description "Range IP : 54.239.134.0/23";
54.239.134.0/23;
}
address AWS-IP-24 {
description " Range IP : 54.239.170.0/23";
54.239.170.0/23;
}
address AWS-IP-25 {
description " Range IP : 54.239.204.0/22";
54.239.204.0/22;
}
address AWS-IP-26 {
description "Range IP : 54.239.208.0/21";
54.239.208.0/21;
}
address AWS-IP-27 {
description "Range IP : 64.252.64.0/18";
64.252.64.0/18;
}
address AWS-IP-28 {
description "Range IP : 64.252.128.0/18";
64.252.128.0/18;
}
address AWS-IP-29 {
description "Range IP : 70.132.0.0/18";
70.132.0.0/18;
}
address AWS-IP-30 {
description "Range IP : 130.176.0.0/18";
130.176.0.0/18;
}
address AWS-IP-31 {
description "Range IP : 130.176.64.0/21";
130.176.64.0/21;
}
address AWS-IP-32 {
description "Range IP : 130.176.72.0/22";
130.176.72.0/22;
}
address AWS-IP-33 {
description "Range IP : 130.176.76.0/24";
130.176.76.0/24;
}
address AWS-IP-34 {
description " Range IP : 130.176.78.0/23";
130.176.78.0/23;
}
address AWS-IP-35 {
description " Range IP : 130.176.80.0/22";
130.176.80.0/22;
}
address AWS-IP-36 {
description "Range IP : 130.176.86.0/23";
130.176.86.0/23;
}
address AWS-IP-37 {
description "Range IP : 130.176.88.0/21";
130.176.88.0/21;
}
address AWS-IP-38 {
description " Range IP : 130.176.96.0/19";
130.176.96.0/19;
}
address AWS-IP-39 {
description " Range IP : 130.176.128.0/21";
130.176.128.0/21;
}
address AWS-IP-40 {
description " Range IP : 130.176.136.0/23";
130.176.136.0/23;
}
address AWS-IP-41 {
description "Range IP : 130.176.140.0/22";
130.176.140.0/22;
}
address AWS-IP-42 {
description "Range IP : 130.176.144.0/20";
130.176.144.0/20;
}
address AWS-IP-43 {
description "Range IP : 130.176.160.0/19";
130.176.160.0/19;
}
address AWS-IP-44 {
description " Range IP : 130.176.192.0/19";
130.176.192.0/19;
}
address AWS-IP-45 {
description " Range IP : 204.246.166.0/24";
204.246.166.0/24;
}
address AWS-IP-46 {
description " Range IP : 205.251.218.0/24";
205.251.218.0/24;
}
address SHOP-349_Le_Loi-An_Giang {
description "349 Le Loi - An Giang : 115.78.72.40";
115.78.72.40/32;
}
address SHOP-Anh-Vu-BOD {
description "Nha Anh Vu IP: 115.78.235.145";
115.78.235.145/32;
}
address SHOP-HOST-224_Dong_Da {
description "224 Dong Da, Da Nang IP: 14.224.210.229";
14.224.210.229/32;
}
address SHOP-HOST-D6-5A_BAU_BANG {
description "D6-5A BAU BANG, IP: 103.17.89.234";
103.17.89.234/32;
}
address Factory-Hasaki {
description "Factory-Hasaki-130 Ap Chanh";
115.74.215.11/32;
}
address SHOP-HOST-44-NHT {
description "44 Nguyen Huy Tuong DN";
117.2.164.79/32;
}
address SHOP-HOST-22-CSP {
description "22 Cao Son Phao QN";
14.224.222.76/32;
}
address SHOP-HOST-545-TNT {
description "545 Tran Nhan Tong - DN";
117.2.125.122/32;
}
address HSK-MNGT-IP-Add-Tam {
description "Add Tam Nho Xoa";
14.224.237.115/32;
}
address Admin-Public-Add-Tam {
description "Add Tam Nho Xoa";
14.224.237.115/32;
}
address 29HoangViet-Add-Tam 14.224.237.115/32;
address SHOP-HOST-176-PDL {
description "176 PHAN DANG LUU PN";
14.224.215.67/32;
}
address SHOP-HOST-588LBB {
description "SHOP 588 Luy Ban Bich";
27.74.246.58/32;
}
address SHOP-HOST-269-TN {
description "269 PHAM VAN DONG - TN";
14.224.211.38/32;
}
address THD-HSK-172_16_200_22 {
description THD-HSK-172_16_200_22;
172.16.200.22/32;
}
address SHOP-HOST-2705-QT {
description "2705 Quan Trung - BD";
117.2.106.219/32;
}
address SHOP-HOST-174-PDP {
description "174 Phan Dinh Phung - DL";
14.224.223.55/32;
}
address Factory-Hasaki-2 {
description "Factory Hasaki 130 Ap Chanh - VNPT";
14.224.224.243/32;
}
address THD-HSK-172_16_200_21 {
description THD-HSK-172_16_200_21;
172.16.200.21/32;
}
address SHOP-HOST-125-TP {
description "SHOP - 125 TRAN PHU - AN NHON";
14.224.227.44/32;
}
address SHOP-HOST-QL50-LA {
description "SHOP 205 QUOC LO 50 LONG AN";
115.75.56.169/32;
}
address VPN-Server-200.203 172.16.200.203/32;
address SHOP-HOST-191-PVD {
description "192 Pham Van Dong-QN";
117.2.65.238/32;
}
address SHOP-HOST-182-TQC {
description "182 Tran Quy Cap - NH";
14.224.222.79/32;
}
address VIETTEL-PROD-ZONE-VM-01 172.16.202.0/23;
address SHOP-HOST-554_LE_HONG_PHONG {
description "554 LE HONG PHONG - BINH DUONG";
14.224.227.29/32;
}
address Teleport-VM-Remote {
description "IP: 172.16.200.209 - VM - Remote";
172.16.200.209/32;
}
address Soure-NAT-Teleport {
description "Soure NAT cho IP: 172.16.200.209";
171.244.17.201/32;
}
address VPN-Server-230.21 {
description "IP: 172.16.230.21";
172.16.230.21/32;
}
address SHOP-HOST-1130_DT747B {
description "1130 DT747B - BINH DUONG";
171.244.236.188/32;
}
address SV-VPN-BOD-230.20 {
description "SV-VPN-BOD: 172.16.230.20";
172.16.230.20/32;
}
address AWS-IP-47 {
description AWS-50.19.48.188;
50.19.48.188/32;
}
address AWS-IP-48 {
description AWS-34.238.100.65;
34.238.100.65/32;
}
address SHOP-HOST-53QL1 {
description "53 QL1 - Vinh Long";
14.224.163.140/32;
}
address VM-MNGT-VIETTEL-02 172.16.200.65/32;
address SHOP-HOST-188-Hung_Vuong {
description "188 Hung Vuong, Xuan Loc";
115.74.246.96/32;
}
address SHOP-HOST-432_QL91 {
description "SHOP 432 QL 91 - An Giang";
14.224.231.79/32;
}
address SHOP-HOST-14_Nguyen_Du {
description "SHOP 14 Nguyen Du - Binh Duong";
14.224.224.174/32;
}
address VM-MNGT-THD-LOG 172.16.200.21/32;
address MNGT-FW-VIETTEL 172.16.15.247/32;
address Promox-MNGT-FW-VIETTEL-FW 172.16.40.248/32;
address HSK-HOST-200-21 172.16.200.21/32;
address MANAGEMENT-IP 172.16.15.247/32;
address VNPT-IP-SRX 172.16.14.249/32;
address VIETTEL-SPUNK-SERVER 172.16.200.21/32;
address SHOP-HOST-344-VO-VAN-NGAN {
description "SHOP 344 VO VAN NGAN";
14.224.229.110/32;
}
address SHOP-HOST-248-DL-DONG-KHOI {
description "SHOP 248 DAI LO - DONG KHOI";
14.224.229.148/32;
}
address Kafka 171.244.17.197/32;
address SHOP-HOST-305-NGUYEN-NGHIEM {
description "305 NGUYEN NGHIEM - QUANG NGAI";
117.2.65.79/32;
}
address HSK-VIETTEL-VLAN-230 172.16.230.0/24;
address HSK-VNPT-VLAN-110 172.16.110.0/24;
address SHOP-HOST-649-30_04 {
description "SHOP 649 30/4 - TAY-NINH";
14.224.231.84/32;
}
address SHOP-HOST-274A-AU-CO 115.79.38.238/32;
address RAD-HOST-management {
description IP-RAD-management;
115.79.39.248/32;
}
address SHOP-HOST-583-HUNG-VUONG 115.74.246.118/32;
address SHOP-HOST-180-TONDUCTHANG 117.3.172.245/32;
address SHOP-HOST-34-PVH 222.253.79.158/32;
address SHOP-HOST-DT824-TayNinh 14.224.191.138/32;
address HSK-CHAT-1 103.93.92.36/32;
address HSK-CHAT-2 103.93.92.35/32;
address SHOP-HOST-114-NGT 14.224.146.13/32;
address SHOP-HOST-461-TruongDinh 117.6.130.96/32;
address Proxmox-Manager-172.16.203.253 172.16.203.253/32;
address Proxmox-Manager-172.16.201.200 172.16.201.200/32;
address SHOP-HOST-MyPhuoc1 14.224.221.146/32;
address Proxmox-Range-VNPT 172.16.30.0/24;
address HOST-MANAGEMENT-VNPT-DH 172.16.100.249/32;
address SHOP-HOST-342-LeVanSy 115.78.10.36/32;
address SHOP-HOST-181-KhanhHoi 14.224.228.123/32;
address SHOP-HOST-50-DoiCan 27.72.98.229/32;
address LAN-200-211 172.16.200.211/32;
address SHOP-HOST-17-VanDon 117.2.165.96/32;
address ThaiSon-Svr 210.245.8.58/32;
address ECOM-Lamda-Sandbox 34.225.218.169/32;
address VM-MNGT-DH 172.16.100.249/32;
address SHOP-HOST-15-HungVuong 14.224.218.133/32;
address VPN_RND_Svr 172.16.200.30/32;
address HA_VIP_api_rule_202_79 172.16.202.79/32;
address WEB-HA-VIP-IP 14.225.241.81/32;
address WEB-HA-04 14.225.241.89/32;
address WEB-HA-03 14.225.241.98/32;
address WEB-HA 14.225.241.109/32;
address WEB-HA-02 14.225.241.108/32;
address WEB-HA-01 14.225.241.111/32;
address WEB-MEDIA 14.225.249.138/32;
address WEB-GOLANG-API 14.225.241.90/32;
address WEB-API-RULE 14.225.249.136/32;
address WEB-STATIC 14.225.249.149/32;
address Web-hotro-123_30_249_45 123.30.249.45/32;
address HIEP-BOD-IP-USA 147.81.124.140/32;
address SHOP-HOST-295-GiaiPhong 117.2.136.45/32;
address SHOP-HOST-182-ThuKhoaHuan 115.74.229.59/32;
address SHOP-HOST-DB4-VinhTan 203.210.237.229/32;
address SHOP-HOST-2B_Binh_Chieu {
description "2B Binh Chieu - Thu Duc";
14.224.235.208/32;
}
address SHOP-HOST-78-HaiBaTrung 14.224.234.54/32;
address SHOP-HOST-2A_34B-DT743B 14.224.233.187/32;
address HSK-MNGT-IP-06 113.161.49.29/32;
address SHOP-HOST-57-ThongNhat 115.79.209.221/32;
address SHOP-HOST-16-HungVuong 117.2.155.49/32;
address SHOP-HOST-320-TaoLuc5 14.224.232.125/32;
address ECOM-QC-addtam 54.254.51.56/32;
address SHOP-HOST-D6-NguyenThiTu 14.224.234.175/32;
address SHOP-HOST-384-PhanBoiChau 117.2.161.226/32;
address drsite-k8s-node-app-1 172.16.200.8/32;
address drsite-k8s-node-app-2 172.16.200.9/32;
address drsite-k8s-node-app-3 172.16.200.10/32;
address drsite-k8s-node-app-4 172.16.200.11/32;
address drsite-k8s-node-app-5 172.16.200.12/32;
address VM-Test-172-16-202-252 172.16.202.252/32;
address HSK-MNGT-IP-07 14.224.237.115/32;
address SHOP-HOST-12-NguyenHuuCanh 115.75.179.160/32;
address SHOP-HOST-815-HaHoangHo 14.224.239.129/32;
address SHOP-HOST-461-NguyenBinh 14.224.236.160/32;
address SHOP-HOST-168-ApChanh 115.74.196.218/32;
address SHOP-HOST-676-DienBien 14.224.238.186/32;
address SHOP-HOST-62-NTT 117.2.83.132/32;
address SHOP-HOST-125-NTT 115.75.179.173/32;
address SHOP-HOST-88-TDN 27.72.125.51/32;
address Web-test-202-94 172.16.202.94/32;
address SHOP-HOST-174-NguyenDu 117.4.137.122/32;
address SHOP-HOST-45-NTT 14.224.236.248/32;
address-set Cloudflare-IP-LIST {
address Cloudflare-IP-01;
address Cloudflare-IP-02;
address Cloudflare-IP-03;
address Cloudflare-IP-04;
address Cloudflare-IP-05;
address Cloudflare-IP-06;
address Cloudflare-IP-07;
address Cloudflare-IP-08;
address Cloudflare-IP-09;
address Cloudflare-IP-10;
address Cloudflare-IP-11;
address Cloudflare-IP-12;
address Cloudflare-IP-13;
address Cloudflare-IP-14;
address Cloudflare-IP-15;
address Cloudflare-IP-16;
address HSK-MNGT-IP-01;
address HSK-MNGT-IP-02;
address HSK-MNGT-IP-03;
address HSK-MNGT-IP-04;
address HSK-MNGT-IP-05;
}
address-set INSIDE-ADDRESS-IP {
address INSIDE-ADDRESS-01;
address INSIDE-ADDRESS-02;
address INSIDE-ADDRESS-03;
address INSIDE-ADDRESS-04;
address INSIDE-ADDRESS-05;
address INSIDE-ADDRESS-06;
address INSIDE-ADDRESS-07;
address INSIDE-ADDRESS-08;
address INSIDE-ADDRESS-09;
address INSIDE-ADDRESS-10;
address INSIDE-ADDRESS-11;
address INSIDE-ADDRESS-12;
address INSIDE-ADDRESS-13;
address INSIDE-ADDRESS-14;
address INSIDE-ADDRESS-15;
address INSIDE-ADDRESS-16;
address INSIDE-ADDRESS-17;
address INSIDE-ADDRESS-18;
address INSIDE-ADDRESS-19;
}
address-set BIT-BUCKET-IP {
address BIT-BUCKET-01;
address BIT-BUCKET-02;
address BIT-BUCKET-03;
}
address-set SHOP-555-HOST-IP {
description "VP 555";
address SHOP-555-IP-01;
address SHOP-555-IP-02;
address SHOP-555-IP-03;
}
address-set HOST-PRTG-IP {
address HOST-PRTG-VNPT-01;
address HOST-PRTG-VNPT-02;
address HOST-PRTG-VNPT-03;
address HOST-PRTG-VNPT-04;
}
address-set IP-Staging-Whitelist {
description IP-Staging-Whitelist;
address IP-Staging;
address IP-Staging-2;
address IP-Staging-3;
}
address-set AdminPublic-IP {
address AdminPublic-01;
address AdminPublic-02;
address AdminPublic-03;
address AdminPublic-04;
address AdminPublic-05;
address AdminPublic-06;
address AdminPublic-07;
address AdminPublic-08;
address AdminPublic-09;
address AdminPublic-10;
address AdminPublic-11;
address AdminPublic-12;
address AdminPublic-13;
address AdminPublic-14;
address AdminPublic-15;
address AdminPublic-16;
address AdminPublic-17;
address AdminPublic-18;
address AdminPublic-19;
address AdminPublic-20;
address AdminPublic-21;
address AdminPublic-22;
address AdminPublic-23;
address AdminPublic-24;
address AdminPublic-25;
address AdminPublic-26;
address AdminPublic-27;
address Admin-Public-Add-Tam;
}
address-set 29HoangViet-IP {
address 29HoangViet-01;
address 29HoangViet-Add-Tam;
}
address-set VPN-HOST-IP {
address VPN-HOST-01;
address VPN-HOST-02;
address SHOP-HOST-176-PDL;
address SHOP-HOST-138;
address VPN-Server-200.203;
address SHOP-HOST-191-PVD;
address SHOP-HOST-182-TQC;
address SHOP-HOST-554_LE_HONG_PHONG;
}
address-set RAD-ADDRESS-IP {
address RAD-HOST-01;
address RAD-HOST-02;
address RAD-HOST-03;
address RAD-HOST-04;
address RAD-HOST-05;
address RAD-HOST-06;
address RAD-HOST-07;
address RAD-HOST-08;
address RAD-HOST-09;
address RAD-HOST-10;
address RAD-HOST-11;
address RAD-HOST-12;
address RAD-HOST-13;
address RAD-HOST-14;
address RAD-HOST-15;
address RAD-HOST-17;
address RAD-HOST-management;
}
address-set HOST-MANAGEMENT-VNPT {
address HOST-MANAGEMENT-VNPT-01;
address HOST-MANAGEMENT-VNPT-02;
address HOST-MANAGEMENT-VNPT-03;
address HOST-MANAGEMENT-VNPT-04;
address HOST-MANAGEMENT-VNPT-DH;
}
address-set WEB-HOST-HASAKI {
address WEB-HA-VIP-IP;
address WEB-HA-04;
address WEB-HA-03;
address WEB-HA;
address WEB-HA-02;
address WEB-HA-01;
address WEB-MEDIA;
address WEB-GOLANG-API;
address WEB-API-RULE;
address WEB-STATIC;
address Web-hotro-123_30_249_45;
}
address-set Whitelist-IP-AWS {
description "Whitelist Range IP - AWS";
address AWS-IP-15;
address AWS-IP-16;
address AWS-IP-17;
address AWS-IP-18;
address AWS-IP-19;
address AWS-IP-20;
address AWS-IP-21;
address AWS-IP-22;
address AWS-IP-23;
address AWS-IP-24;
address AWS-IP-25;
address AWS-IP-26;
address AWS-IP-27;
address AWS-IP-28;
address AWS-IP-29;
address AWS-IP-30;
address AWS-IP-31;
address AWS-IP-32;
address AWS-IP-33;
address AWS-IP-34;
address AWS-IP-35;
address AWS-IP-36;
address AWS-IP-37;
address AWS-IP-38;
address AWS-IP-39;
address AWS-IP-40;
address AWS-IP-41;
address AWS-IP-42;
address AWS-IP-43;
address AWS-IP-44;
address AWS-IP-45;
address AWS-IP-46;
address AWS-IP-10;
address AWS-IP-11;
address AWS-IP-12;
address AWS-IP-13;
address AWS-IP-14;
address AWS-IP-5;
address AWS-IP-6;
address AWS-IP-7;
address AWS-IP-8;
address AWS-IP-9;
address AWS-IP-1;
address AWS-IP-2;
address AWS-IP-3;
address AWS-IP-4;
address ECOM-Lamda-Sandbox;
address ECOM-QC-addtam;
}
address-set drsite-k8s-node-app {
address drsite-k8s-node-app-1;
address drsite-k8s-node-app-2;
address drsite-k8s-node-app-3;
address drsite-k8s-node-app-4;
address drsite-k8s-node-app-5;
}
address-set HSK-MNGT-IP {
address HSK-MNGT-IP-01;
address HSK-MNGT-IP-02;
address HSK-MNGT-IP-03;
address HSK-MNGT-IP-04;
address HSK-MNGT-IP-05;
address HSK-MNGT-IP-Add-Tam;
address HSK-MNGT-IP-06;
address HSK-MNGT-IP-07;
}
address-set HO-568-LBB {
address AdminPublic-22;
address SHOP-HOST-03;
address AdminPublic-23;
address HSK-MNGT-IP-06;
address HSK-MNGT-IP-07;
}
address-set QC-Connection-IP {
address QC-Connection-01;
address QC-Connection-02;
address QC-Connection-03;
address QC-Connection-04;
address QC-Connection-05;
address QC-Connection-06;
address QC-Connection-07;
address QC-Connection-08;
address QC-Connection-09;
address QC-Connection-10;
address QC-Connection-11;
address QC-Connection-12;
address QC-Connection-13;
address QC-Connection-14;
address QC-Connection-15;
address QC-Connection-16;
address QC-Connection-17;
address QC-Connection-18;
address QC-Connection-19;
address QC-Connection-20;
address QC-Connection-21;
address QC-Connection-22;
address QC-Connection-23;
address QC-Connection-24;
address QC-Connection-25;
address QC-Connection-26;
address QC-Connection-27;
address QC-Connection-28;
address QC-Connection-29;
address QC-Connection-30;
address QC-Connection-31;
address QC-Connection-32;
address QC-Connection-33;
address QC-Connection-34;
address QC-Connection-35;
address QC-Connection-36;
address QC-Connection-37;
address QC-Connection-38;
address QC-Connection-39;
address QC-Connection-40;
address QC-Connection-41;
address QC-Connection-42;
address QC-Connection-43;
address QC-Connection-44;
address QC-Connection-45;
address QC-Connection-46;
address QC-Connection-47;
address QC-Connection-48;
address QC-Connection-49;
address QC-Connection-50;
address QC-Connection-51;
address QC-Connection-52;
address QC-Connection-53;
address QC-Connection-54;
address QC-Connection-55;
address QC-Connection-56;
address QC-Connection-57;
address QC-Connection-58;
address QC-Connection-59;
address QC-Connection-60;
address QC-Connection-61;
address QC-Connection-62;
address QC-Connection-63;
address QC-Connection-64;
address QC-Connection-65;
address QC-Connection-66;
address QC-Connection-67;
address QC-Connection-68;
address QC-Connection-69;
address QC-Connection-70;
address QC-Connection-71;
address QC-Connection-72;
address QC-Connection-73;
address QC-Connection-74;
address QC-Connection-75;
address QC-Connection-76;
address QC-Connection-77;
address QC-Connection-78;
address QC-Connection-79;
address QC-Connection-80;
address QC-Connection-82;
address QC-Connection-83;
address QC-Connection-84;
address QC-Connection-85;
address QC-Connection-86;
address QC-Connection-87;
address QC-Connection-88;
address QC-Connection-89;
address QC-Connection-90;
address QC-Connection-91;
address QC-Connection-92;
address QC-Connection-93;
address QC-Connection-94;
address QC-Connection-95;
address QC-Connection-96;
address RAD-HOST-management;
}
address-set SHOP-HOST-LIST {
address SHOP-HOST-01;
address SHOP-HOST-02;
address SHOP-HOST-03;
address SHOP-HOST-04;
address SHOP-HOST-05;
address SHOP-HOST-06;
address SHOP-HOST-07;
address SHOP-HOST-08;
address SHOP-HOST-09;
address SHOP-HOST-10;
address SHOP-HOST-11;
address SHOP-HOST-12;
address SHOP-HOST-13;
address SHOP-HOST-14;
address SHOP-HOST-15;
address SHOP-HOST-16;
address SHOP-HOST-17;
address SHOP-HOST-18;
address SHOP-HOST-19;
address SHOP-HOST-20;
address SHOP-HOST-21;
address SHOP-HOST-22;
address SHOP-HOST-23;
address SHOP-HOST-24;
address SHOP-HOST-25;
address SHOP-HOST-26;
address SHOP-HOST-27;
address SHOP-HOST-28;
address SHOP-HOST-29;
address SHOP-HOST-30;
address SHOP-HOST-31;
address SHOP-HOST-32;
address SHOP-HOST-33;
address SHOP-HOST-34;
address SHOP-HOST-35;
address SHOP-HOST-36;
address SHOP-HOST-37;
address SHOP-HOST-38;
address SHOP-HOST-39;
address SHOP-HOST-40;
address SHOP-HOST-41;
address SHOP-HOST-42;
address SHOP-HOST-43;
address SHOP-HOST-44;
address SHOP-HOST-45;
address SHOP-HOST-46;
address SHOP-HOST-47;
address SHOP-HOST-48;
address SHOP-HOST-49;
address SHOP-HOST-50;
address SHOP-HOST-51;
address SHOP-HOST-52;
address SHOP-HOST-53;
address SHOP-HOST-54;
address SHOP-HOST-55;
address SHOP-HOST-56;
address SHOP-HOST-57;
address SHOP-HOST-58;
address SHOP-HOST-59;
address SHOP-HOST-60;
address SHOP-HOST-61;
address SHOP-HOST-62;
address SHOP-HOST-63;
address SHOP-HOST-64;
address SHOP-HOST-65;
address SHOP-HOST-66;
address SHOP-HOST-67;
address SHOP-HOST-68;
address SHOP-HOST-69;
address SHOP-HOST-70;
address SHOP-HOST-71;
address SHOP-HOST-72;
address SHOP-HOST-73;
address SHOP-HOST-74;
address SHOP-HOST-75;
address SHOP-HOST-76;
address SHOP-HOST-77;
address SHOP-HOST-78;
address SHOP-HOST-79;
address SHOP-HOST-80;
address SHOP-HOST-81;
address SHOP-HOST-82;
address SHOP-HOST-83;
address SHOP-HOST-84;
address SHOP-HOST-85;
address SHOP-HOST-86;
address SHOP-HOST-87;
address SHOP-HOST-88;
address SHOP-HOST-89;
address SHOP-HOST-90;
address SHOP-HOST-91;
address SHOP-HOST-92;
address SHOP-HOST-93;
address SHOP-HOST-94;
address SHOP-HOST-95;
address SHOP-HOST-96;
address SHOP-HOST-97;
address SHOP-HOST-98;
address SHOP-HOST-99;
address SHOP-HOST-100;
address SHOP-HOST-101;
address SHOP-HOST-102;
address SHOP-HOST-103;
address SHOP-HOST-104;
address SHOP-HOST-105;
address SHOP-HOST-106;
address SHOP-HOST-107;
address SHOP-HOST-108;
address SHOP-HOST-109;
address SHOP-HOST-110;
address SHOP-HOST-111;
address SHOP-HOST-112;
address SHOP-HOST-113;
address SHOP-HOST-114;
address SHOP-HOST-115;
address SHOP-HOST-116;
address SHOP-HOST-117;
address SHOP-HOST-118;
address SHOP-HOST-119;
address SHOP-HOST-120;
address SHOP-HOST-121;
address SHOP-HOST-122;
address SHOP-HOST-123;
address SHOP-HOST-124;
address SHOP-HOST-125;
address SHOP-HOST-126;
address SHOP-HOST-127;
address SHOP-HOST-128;
address SHOP-HOST-129;
address SHOP-HOST-130;
address SHOP-HOST-131;
address SHOP-HOST-132;
address SHOP-HOST-133;
address SHOP-HOST-134;
address SHOP-HOST-135;
address SHOP-HOST-136;
address SHOP-HOST-137;
address SHOP-HOST-138;
address SHOP-HOST-139;
address SHOP-HOST-140;
address SHOP-HOST-141;
address SHOP-HOST-142;
address SHOP-HOST-143;
address SHOP-HOST-144;
address SHOP-HOST-145;
address SHOP-HOST-146;
address SHOP-HOST-147;
address SHOP-HOST-148;
address SHOP-HOST-149;
address SHOP-HOST-150;
address SHOP-HOST-151;
address SHOP-HOST-152;
address SHOP-HOST-153;
address SHOP-HOST-154;
address SHOP-HOST-155;
address SHOP-HOST-157;
address SHOP-HOST-158;
address SHOP-HOST-159;
address SHOP-HOST-160;
address SHOP-HOST-161;
address SHOP-HOST-162;
address SHOP-HOST-163;
address SHOP-HOST-164;
address SHOP-HOST-165;
address SHOP-HOST-166;
address SHOP-HOST-167;
address SHOP-HOST-168;
address SHOP-HOST-169;
address SHOP-HOST-170;
address SHOP-HOST-171;
address SHOP-HOST-172;
address SHOP-HOST-173;
address SHOP-HOST-174;
address SHOP-HOST-175;
address SHOP-HOST-176;
address SHOP-HOST-177;
address SHOP-HOST-178;
address SHOP-HOST-179;
address SHOP-HOST-180;
address SHOP-HOST-181;
address SHOP-HOST-182;
address SHOP-HOST-183;
address SHOP-HOST-184;
address SHOP-HOST-185;
address SHOP-HOST-186;
address SHOP-HOST-187;
address SHOP-HOST-188;
address SHOP-HOST-189;
address SHOP-HOST-190;
address SHOP-HOST-191;
address SHOP-HOST-192;
address SHOP-HOST-193;
address SHOP-HOST-194;
address SHOP-HOST-195;
address SHOP-HOST-196;
address SHOP-HOST-197;
address SHOP-HOST-198;
address SHOP-HOST-199;
address SHOP-HOST-200;
address SHOP-HOST-201;
address SHOP-HOST-202;
address SHOP-HOST-203;
address SHOP-HOST-204;
address SHOP-HOST-205;
address SHOP-HOST-206;
address SHOP-HOST-207;
address SHOP-HOST-208;
address SHOP-HOST-209;
address SHOP-HOST-210;
address SHOP-HOST-211;
address SHOP-HOST-212;
address SHOP-HOST-213;
address SHOP-HOST-214;
address SHOP-HOST-215;
address SHOP-HOST-216;
address SHOP-HOST-217;
address SHOP-HOST-218;
address SHOP-HOST-219;
address SHOP-HOST-220;
address SHOP-HOST-221;
address SHOP-HOST-222;
address SHOP-HOST-223;
address SHOP-HOST-224;
address SHOP-HOST-225;
address SHOP-HOST-226;
address SHOP-HOST-227;
address SHOP-HOST-228;
address SHOP-HOST-229;
address SHOP-HOST-230;
address SHOP-HOST-231;
address SHOP-HOST-232;
address SHOP-HOST-233;
address SHOP-HOST-234;
address SHOP-HOST-235;
address SHOP-HOST-236;
address SHOP-HOST-237;
address SHOP-HOST-238;
address SHOP-HOST-239;
address SHOP-HOST-240;
address SHOP-HOST-241;
address SHOP-HOST-242;
address SHOP-HOST-243;
address SHOP-HOST-244;
address SHOP-HOST-245;
address SHOP-HOST-246;
address SHOP-HOST-247;
address SHOP-HOST-248;
address SHOP-HOST-249;
address SHOP-HOST-250;
address SHOP-HOST-251;
address SHOP-HOST-252;
address SHOP-HOST-253;
address SHOP-HOST-254;
address SHOP-HOST-255;
address SHOP-HOST-256;
address SHOP-HOST-257;
address SHOP-HOST-258;
address SHOP-HOST-259;
address SHOP-HOST-260;
address SHOP-HOST-261;
address SHOP-HOST-262;
address SHOP-HOST-263;
address SHOP-HOST-264;
address SHOP-HOST-265;
address SHOP-HOST-266;
address SHOP-HOST-267;
address SHOP-HOST-268;
address SHOP-HOST-269;
address SHOP-HOST-270;
address SHOP-HOST-271;
address SHOP-HOST-272;
address SHOP-HOST-273;
address SHOP-HOST-274;
address SHOP-HOST-275;
address SHOP-HOST-276;
address SHOP-HOST-277;
address SHOP-HOST-278;
address SHOP-HOST-279;
address SHOP-HOST-280;
address SHOP-HOST-281;
address SHOP-HOST-282;
address SHOP-HOST-283;
address SHOP-HOST-284;
address SHOP-HOST-285;
address SHOP-HOST-286;
address SHOP-HOST-287;
address SHOP-HOST-288;
address SHOP-HOST-289;
address SHOP-HOST-290;
address SHOP-HOST-291;
address SHOP-HOST-292;
address SHOP-HOST-293;
address SHOP-HOST-294;
address SHOP-HOST-295;
address SHOP-HOST-296;
address SHOP-HOST-297;
address SHOP-HOST-298;
address SHOP-HOST-299;
address SHOP-HOST-300;
address SHOP-HOST-301;
address SHOP-HOST-302;
address SHOP-HOST-303;
address SHOP-HOST-304;
address SHOP-HOST-305;
address SHOP-HOST-306;
address SHOP1009THD;
address HSK-321CauGiayHN;
address SHOP-129-PNL;
address SHOP-76PVH;
address SHOP-475-ThotNot;
address SHOP-635-QL14;
address SHOP-DONG_DEN;
address SHOP-349_Le_Loi-An_Giang;
address SHOP-Anh-Vu-BOD;
address SHOP-HOST-224_Dong_Da;
address SHOP-HOST-D6-5A_BAU_BANG;
address SHOP-HOST-44-NHT;
address SHOP-HOST-22-CSP;
address SHOP-HOST-545-TNT;
address SHOP-HOST-588LBB;
address SHOP-HOST-269-TN;
address Factory-Hasaki-2;
address SHOP-HOST-2705-QT;
address SHOP-HOST-174-PDP;
address SHOP-HOST-125-TP;
address SHOP-HOST-QL50-LA;
address SHOP-HOST-156;
address SHOP-HOST-1130_DT747B;
address SHOP-HOST-53QL1;
address SHOP-HOST-188-Hung_Vuong;
address SHOP-HOST-432_QL91;
address SHOP-HOST-14_Nguyen_Du;
address SHOP-HOST-554_LE_HONG_PHONG;
address SHOP-HOST-344-VO-VAN-NGAN;
address SHOP-HOST-248-DL-DONG-KHOI;
address SHOP-HOST-305-NGUYEN-NGHIEM;
address SHOP-HOST-274A-AU-CO;
address SHOP-HOST-649-30_04;
address RAD-HOST-management;
address SHOP-HOST-583-HUNG-VUONG;
address SHOP-HOST-180-TONDUCTHANG;
address SHOP-HOST-34-PVH;
address SHOP-HOST-DT824-TayNinh;
address SHOP-HOST-114-NGT;
address SHOP-HOST-461-TruongDinh;
address SHOP-HOST-MyPhuoc1;
address SHOP-HOST-342-LeVanSy;
address SHOP-HOST-181-KhanhHoi;
address SHOP-HOST-50-DoiCan;
address SHOP-HOST-17-VanDon;
address SHOP-HOST-15-HungVuong;
address SHOP-HOST-2B_Binh_Chieu;
address SHOP-HOST-182-ThuKhoaHuan;
address SHOP-HOST-DB4-VinhTan;
address SHOP-HOST-295-GiaiPhong;
address SHOP-HOST-78-HaiBaTrung;
address SHOP-HOST-2A_34B-DT743B;
address SHOP-HOST-57-ThongNhat;
address SHOP-HOST-16-HungVuong;
address SHOP-HOST-320-TaoLuc5;
address SHOP-HOST-D6-NguyenThiTu;
address SHOP-HOST-384-PhanBoiChau;
address SHOP-HOST-12-NguyenHuuCanh;
address SHOP-HOST-815-HaHoangHo;
address SHOP-HOST-461-NguyenBinh;
address SHOP-HOST-168-ApChanh;
address SHOP-HOST-676-DienBien;
address SHOP-HOST-62-NTT;
address SHOP-HOST-125-NTT;
address SHOP-HOST-88-TDN;
address SHOP-HOST-174-NguyenDu;
address SHOP-HOST-45-NTT;
}
}
}
flow {
inactive: traceoptions {
file flowtracer;
flag basic-datapath;
packet-filter flowtracer {
source-prefix 112.197.3.122/32;
destination-prefix 125.212.255.178/32;
}
}
allow-dns-reply;
tcp-mss {
ipsec-vpn {
mss 1379;
}
gre-in {
mss 1360;
}
gre-out {
mss 1360;
}
}
tcp-session {
no-syn-check;
no-syn-check-in-tunnel;
}
}
screen {
ids-option untrust-screen {
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
pool HSK-VM-POOL-01 {
address {
171.244.17.194/32;
}
}
pool HSK-Teleport-Pool {
description "IP : 171.244.17.201";
address {
171.244.17.201/32;
}
}
pool HSK-POOL-PROD-VM-ZONE {
description "IP PUBLIC VM PROD.";
address {
171.244.17.203/32;
}
}
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
rule-set LAN-ZONE-TO-INTERNET {
from zone LAN-ZONE;
to zone untrust;
rule rs-01 {
match {
source-address [ 172.16.200.89/32 172.16.200.88/32 ];
destination-address 0.0.0.0/0;
}
then {
source-nat {
pool {
HSK-VM-POOL-01;
}
}
}
}
rule Server-Teleport {
match {
source-address 172.16.200.209/32;
destination-address 0.0.0.0/0;
}
then {
source-nat {
pool {
HSK-Teleport-Pool;
}
}
}
}
rule rs-02 {
match {
source-address 172.16.200.0/23;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
rule rs-others {
match {
source-address 0.0.0.0/0;
destination-address 0.0.0.0/0;
}
then {
source-nat {
off;
}
}
}
}
rule-set switched-network {
from zone LAN-ZONE;
to zone LAN-ZONE;
rule nat-return-flow {
match {
source-address 172.16.200.0/23;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
rule-set Proxmox-MNGT-TO-untrust {
from zone Proxmox-MNGT;
to zone untrust;
rule Proxmox-MNGT-TO-untrust-01 {
match {
source-address 172.16.40.0/24;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
rule-set HSK-VLAN-230-TO-untrust {
from zone HSK-VLAN-230;
to zone untrust;
rule HSK-VLAN-230-TO-untrust-term-01 {
match {
source-address 172.16.230.0/24;
destination-address 0.0.0.0/0;
}
then {
source-nat {
pool {
HSK-Teleport-Pool;
}
}
}
}
}
rule-set Zone_PROD-VM-Zone_untrust {
from zone PROD-VM-ZONE;
to zone untrust;
rule HSK-VLAN-210-TO-untrust-term-01 {
match {
source-address 172.16.202.0/23;
destination-address 0.0.0.0/0;
}
then {
source-nat {
pool {
HSK-POOL-PROD-VM-ZONE;
}
}
}
}
}
}
destination {
pool dst-nat-pool-02 {
address 172.16.200.88/32 port 443;
}
pool dst-nat-pool-03 {
address 172.16.200.88/32 port 80;
}
pool dst-nat-pool-04 {
address 172.16.200.89/32 port 3478;
}
pool dst-nat-pool-05 {
address 172.16.200.89/32 port 3479;
}
pool dst-nat-pool-06 {
address 172.16.200.133/32 port 443;
}
pool dst-nat-pool-07 {
address 172.16.200.133/32 port 80;
}
pool DEV-137-pool-Port15672 {
address 172.16.200.137/32 port 15672;
}
pool Speedtest-57-pool-Port2000 {
address 172.16.200.57/32 port 2000;
}
pool Port-Redis-113-pool-Port9200 {
address 172.16.200.113/32 port 9200;
}
pool Mongo-QC-Food-87-pool-Port27017 {
address 172.16.200.87/32 port 27017;
}
pool Port-Redis-113-pool-Port16379 {
address 172.16.200.113/32 port 16379;
}
pool Port-Redis-113-pool-Port16380 {
address 172.16.200.113/32 port 16380;
}
pool Port-Redis-113-pool-Port30090 {
address 172.16.200.113/32 port 30090;
}
pool Port-Redis-86-pool-Port6379 {
address 172.16.200.86/32 port 6379;
}
pool Port-Redis-113-pool-Port6379 {
address 172.16.200.113/32 port 6379;
}
pool Port-Redis-113-pool-Port6380 {
address 172.16.200.113/32 port 6380;
}
pool HA-PROXY-86-pool-Port28018 {
address 172.16.200.86/32 port 28018;
}
pool Web-service-113-pool-Port443 {
address 172.16.200.113/32 port 443;
}
pool Web-service-113-pool-Port80 {
address 172.16.200.113/32 port 80;
}
pool Port-113-pool-Port6443 {
address 172.16.200.113/32 port 6443;
}
pool HarBor-Backup-63-pool-Port10000 {
address 172.16.200.63/32 port 10000;
}
pool NAT-SQL-131-pool-Port3306 {
address 172.16.200.131/32 port 3306;
}
pool NAT-SQL-132-pool-Port3306 {
address 172.16.200.132/32 port 3306;
}
pool Port-Kafka-113-pool-Port30011 {
address 172.16.200.113/32 port 30011;
}
pool Port-Kafka-113-pool-Port30012 {
address 172.16.200.113/32 port 30012;
}
pool Port-Kafka-113-pool-Port30013 {
address 172.16.200.113/32 port 30013;
}
pool Redis-86-pool-Port6380 {
address 172.16.200.86/32 port 6380;
}
pool Port-114-pool-Port6443 {
address 172.16.200.114/32 port 6443;
}
pool Web-Service-114-pool-Port80 {
address 172.16.200.114/32 port 80;
}
pool Web-Service-114-pool-Port443 {
address 172.16.200.114/32 port 443;
}
pool ClickHouse-136-pool-Port9000 {
address 172.16.200.136/32 port 9000;
}
pool ClickHouse-136-pool-Port8123 {
address 172.16.200.136/32 port 8123;
}
pool Shorewall-250-pool-Port80 {
address 172.16.201.250/32 port 80;
}
pool Shorewall-250-pool-Port443 {
address 172.16.201.250/32 port 443;
}
pool Shorewall-250-pool-Port9090 {
address 172.16.201.250/32 port 9090;
}
pool Shorewall-249-pool-Port80 {
address 172.16.201.249/32 port 80;
}
pool Shorewall-249-pool-Port443 {
address 172.16.201.249/32 port 443;
}
pool Shorewall-250-pool-Port9200 {
address 172.16.201.250/32 port 9200;
}
pool Shorewall-250-pool-Port6443 {
address 172.16.201.250/32 port 6443;
}
pool SQL-135-pool-Port3306 {
address 172.16.200.135/32 port 3306;
}
pool Web-Server-113-pool-Port443 {
address 172.16.200.113/32 port 443;
}
pool DEV-137-pool-Port5672 {
address 172.16.200.137/32 port 5672;
}
pool Web-Server-113-pool-Port80 {
address 172.16.200.113/32 port 80;
}
pool Web-Server-113-pool-Port30011 {
address 172.16.200.113/32 port 30011;
}
pool Web-Server-113-pool-Port30012 {
address 172.16.200.113/32 port 30012;
}
pool Web-Server-113-pool-Port30013 {
address 172.16.200.113/32 port 30013;
}
pool Mongo-DB-250-pool-port27017 {
address 172.16.201.250/32 port 27017;
}
pool Web-Server-88-pool-Port443 {
address 172.16.200.88/32 port 443;
}
pool Web-Server-88-pool-Port80 {
address 172.16.200.88/32 port 80;
}
pool VPN-Server-138-P16701 {
address 172.16.200.138/32 port 16701;
}
pool VPN-Server-138-P11199 {
address 172.16.200.138/32 port 11199;
}
pool VPN-Server-138-P443 {
address 172.16.200.138/32 port 443;
}
pool Viettel_HAproxy_86 {
description 172.16.200.86;
address 172.16.200.86/32;
}
pool VIP-gw-external-QC-200_143 {
address 172.16.200.143/32;
}
pool VIP-gw-internal-QC-200_154 {
address 172.16.200.154/32;
}
pool VIP-gw-gw-external-prod-200_145 {
description "VIP-gw-external-prod IP: 172.16.200.145";
address 172.16.200.145/32;
}
pool VIP-gw-Internal-QC-_200_157 {
address 172.16.200.157/32;
}
pool VIP-gw-external-prod-200_160 {
address 172.16.200.160/32;
}
pool Server-THD-Hasaki-172_16_200_22 {
description "DSN: Server-THD-Hasaki-172_16_200_22";
address 172.16.200.22/32;
}
pool VPN_Server_200-203_P443 {
address 172.16.200.203/32 port 443;
}
pool VPN_Server_200-203_P1194 {
address 172.16.200.203/32 port 1194;
}
pool Server-THD-Hasaki-172_16_200_21 {
address 172.16.200.21/32;
}
pool Dst-Nat-Janus-172_16_200_89 {
description "8088; 8089; 7088; 8188; 8989; 10000; 20000";
address 172.16.200.89/32;
}
pool Dst-Nat-Coturn-172_16_200_89 {
description "3478; 5349; 49152";
address 172.16.200.89/32;
}
pool VPN_Server_230_21_P443 {
address 172.16.230.21/24 port 443;
}
pool VPN_Server_230_21_P1194 {
address 172.16.230.21/24 port 1194;
}
pool VPN-BOD-172_16_230_20 {
description "VPN-BOD IP: 172.16.230.20";
address 172.16.230.20/32;
}
pool Vip-GW-Internal-QC {
description "DNS: 172.16.200.154: 8444";
address 172.16.200.154/32 port 8444;
}
pool VPN-RND-172_16_200_30 {
address 172.16.200.30/32;
}
pool HA_VIP_api_rule_202_79 {
address 172.16.202.79/32;
}
rule-set rs-02 {
from zone untrust;
rule untrust-dst-nat-rs-00 {
match {
destination-address 171.244.17.194/32;
destination-port {
15672;
}
}
then {
destination-nat {
pool {
DEV-137-pool-Port15672;
}
}
}
}
rule untrust-dst-nat-rs-17 {
description "NAT 172.16.200.154 = 171.244.17.196";
match {
destination-address 171.244.17.196/32;
destination-port {
443;
}
}
then {
destination-nat {
pool {
VIP-gw-internal-QC-200_154;
}
}
}
}
rule untrust-dst-nat-rs-18 {
description "NAT 172.16.200.154 = 171.244.17.196";
match {
destination-address 171.244.17.196/32;
destination-port {
80;
}
}
then {
destination-nat {
pool {
VIP-gw-internal-QC-200_154;
}
}
}
}
rule untrust-dst-nat-rs-20 {
match {
destination-address 171.244.17.197/32;
destination-port {
10000;
}
}
then {
destination-nat {
pool {
HarBor-Backup-63-pool-Port10000;
}
}
}
}
rule untrust-dst-nat-rs-21 {
match {
destination-address 171.244.17.197/32;
destination-port {
3306;
}
}
then {
destination-nat {
pool {
NAT-SQL-131-pool-Port3306;
}
}
}
}
rule untrust-dst-nat-rs-22 {
match {
destination-address 171.244.17.197/32;
destination-port {
3307;
}
}
then {
destination-nat {
pool {
NAT-SQL-132-pool-Port3306;
}
}
}
}
rule untrust-dst-nat-rs-23 {
match {
destination-address 171.244.17.197/32;
destination-port {
30011;
}
}
then {
destination-nat {
pool {
Port-Kafka-113-pool-Port30011;
}
}
}
}
rule untrust-dst-nat-rs-24 {
match {
destination-address 171.244.17.197/32;
destination-port {
30012;
}
}
then {
destination-nat {
pool {
Port-Kafka-113-pool-Port30012;
}
}
}
}
rule untrust-dst-nat-rs-25 {
match {
destination-address 171.244.17.197/32;
destination-port {
30013;
}
}
then {
destination-nat {
pool {
Port-Kafka-113-pool-Port30013;
}
}
}
}
rule untrust-dst-nat-rs-26 {
match {
destination-address 171.244.17.197/32;
destination-port {
6380;
}
}
then {
destination-nat {
pool {
Redis-86-pool-Port6380;
}
}
}
}
rule untrust-dst-nat-rs-27 {
match {
destination-address 171.244.17.197/32;
destination-port {
6443;
}
}
then {
destination-nat {
pool {
Port-114-pool-Port6443;
}
}
}
}
rule untrust-dst-nat-rs-28 {
match {
destination-address 171.244.17.197/32;
destination-port {
80;
}
}
then {
destination-nat {
pool {
VIP-gw-gw-external-prod-200_145;
}
}
}
}
rule untrust-dst-nat-rs-29 {
match {
destination-address 171.244.17.197/32;
destination-port {
443;
}
}
then {
destination-nat {
pool {
VIP-gw-gw-external-prod-200_145;
}
}
}
}
rule untrust-dst-nat-rs-31 {
match {
destination-address 171.244.17.197/32;
destination-port {
9000;
}
}
then {
destination-nat {
pool {
ClickHouse-136-pool-Port9000;
}
}
}
}
rule untrust-dst-nat-rs-32 {
match {
destination-address 171.244.17.197/32;
destination-port {
8123;
}
}
then {
destination-nat {
pool {
ClickHouse-136-pool-Port8123;
}
}
}
}
rule untrust-dst-nat-rs-33 {
match {
destination-address 171.244.17.198/32;
destination-port {
80;
}
}
then {
destination-nat {
pool {
Shorewall-250-pool-Port80;
}
}
}
}
rule untrust-dst-nat-rs-34 {
match {
destination-address 171.244.17.198/32;
destination-port {
443;
}
}
then {
destination-nat {
pool {
Shorewall-250-pool-Port443;
}
}
}
}
rule untrust-dst-nat-rs-35 {
match {
destination-address 171.244.17.198/32;
destination-port {
9090;
}
}
then {
destination-nat {
pool {
Shorewall-250-pool-Port9090;
}
}
}
}
rule untrust-dst-nat-rs-36 {
match {
destination-address 171.244.17.199/32;
destination-port {
80;
}
}
then {
destination-nat {
pool {
Shorewall-249-pool-Port80;
}
}
}
}
rule untrust-dst-nat-rs-37 {
match {
destination-address 171.244.17.199/32;
destination-port {
443;
}
}
then {
destination-nat {
pool {
Shorewall-249-pool-Port443;
}
}
}
}
rule untrust-dst-nat-rs-38 {
match {
destination-address 171.244.17.198/32;
destination-port {
9200;
}
}
then {
destination-nat {
pool {
Shorewall-250-pool-Port9200;
}
}
}
}
rule untrust-dst-nat-rs-39 {
match {
destination-address 171.244.17.198/32;
destination-port {
6443;
}
}
then {
destination-nat {
pool {
Shorewall-250-pool-Port6443;
}
}
}
}
rule untrust-dst-nat-rs-40 {
match {
destination-address 171.244.17.194/32;
destination-port {
3306;
}
}
then {
destination-nat {
pool {
SQL-135-pool-Port3306;
}
}
}
}
rule untrust-dst-nat-rs-41 {
match {
destination-address 171.244.17.194/32;
destination-port {
3336;
}
}
then {
destination-nat {
pool {
SQL-135-pool-Port3306;
}
}
}
}
rule untrust-dst-nat-rs-42 {
match {
destination-address 171.244.17.194/32;
destination-port {
5672;
}
}
then {
destination-nat {
pool {
DEV-137-pool-Port5672;
}
}
}
}
rule untrust-dst-nat-rs-43 {
match {
destination-address 171.244.17.198/32;
destination-port {
27017;
}
}
then {
destination-nat {
pool {
Mongo-DB-250-pool-port27017;
}
}
}
}
rule untrust-dst-nat-rs-44 {
match {
destination-address 171.244.17.200/32;
destination-port {
16701;
}
}
then {
destination-nat {
pool {
VPN-Server-138-P16701;
}
}
}
}
rule untrust-dst-nat-rs-45 {
match {
destination-address 171.244.17.200/32;
destination-port {
11199;
}
}
then {
destination-nat {
pool {
VPN-Server-138-P11199;
}
}
}
}
rule untrust-dst-nat-rs-47 {
description "NAT 172.16.200.143 = 171.244.17.194";
match {
destination-address 171.244.17.194/32;
destination-port {
80;
}
}
then {
destination-nat {
pool {
VIP-gw-external-QC-200_143;
}
}
}
}
rule untrust-dst-nat-rs-48 {
description "NAT 172.16.200.143 = 171.244.17.194";
match {
destination-address 171.244.17.194/32;
destination-port {
443;
}
}
then {
destination-nat {
pool {
VIP-gw-external-QC-200_143;
}
}
}
}
rule untrust-dst-nat-rs-49 {
description "NAT 172.16.200.157 = 171.244.17.195";
match {
destination-address 171.244.17.195/32;
destination-port {
80;
}
}
then {
destination-nat {
pool {
VIP-gw-Internal-QC-_200_157;
}
}
}
}
rule untrust-dst-nat-rs-50 {
description "NAT 172.16.200.157 = 171.244.17.195";
match {
destination-address 171.244.17.195/32;
destination-port {
443;
}
}
then {
destination-nat {
pool {
VIP-gw-Internal-QC-_200_157;
}
}
}
}
rule untrust-dst-nat-rs-51 {
description "NAT 172.16.200.160 = 171.244.17.201";
match {
destination-address 171.244.17.201/32;
destination-port {
80;
}
}
then {
destination-nat {
pool {
VIP-gw-external-prod-200_160;
}
}
}
}
rule untrust-dst-nat-rs-52 {
description "NAT 172.16.200.160 = 171.244.17.201";
match {
destination-address 171.244.17.201/32;
destination-port {
443;
}
}
then {
destination-nat {
pool {
VIP-gw-external-prod-200_160;
}
}
}
}
rule DSN-SV-DRSite-gw-external-prod-ip-172_16_201_250 {
description "LAN PULIC VNPT - IP 172.16.201.250";
match {
destination-address 160.187.94.0/26;
destination-port {
80;
}
}
then {
destination-nat {
pool {
Shorewall-250-pool-Port80;
}
}
}
}
rule DSN-SV-DRSite-gw-external-prod-IP-172_16_201_250 {
description 172.16.201.250;
match {
destination-address 160.187.94.0/26;
destination-port {
443;
}
}
then {
destination-nat {
pool {
Shorewall-250-pool-Port443;
}
}
}
}
rule DSN-SV-THD-HSK-172_16_200_22 {
description "DSN: SV- THD - HSK : 172.16.200.22:19170";
match {
destination-address 171.244.17.202/32;
destination-port {
13000;
14000;
15000;
13291;
8060;
17000;
19170;
}
}
then {
destination-nat {
pool {
Server-THD-Hasaki-172_16_200_22;
}
}
}
}
rule entrust-dst-nat-rs-46 {
match {
destination-address 171.244.17.200/32;
destination-port {
443;
}
}
then {
destination-nat {
pool {
VPN_Server_230_21_P443;
}
}
}
}
rule untrust-dst-nat-rs53 {
match {
destination-address 171.244.17.200/32;
destination-port {
1194;
}
}
then {
destination-nat {
pool {
VPN_Server_230_21_P1194;
}
}
}
}
rule SV-THD-HSK-172_16_200_21 {
match {
destination-address 171.244.17.202/32;
destination-port {
8089;
}
}
then {
destination-nat {
pool {
Server-THD-Hasaki-172_16_200_21;
}
}
}
}
rule SV-THD-HSK-172_16_200_22_9997 {
match {
destination-address 171.244.17.202/32;
destination-port {
9997;
}
}
then {
destination-nat {
pool {
Server-THD-Hasaki-172_16_200_21;
}
}
}
}
rule untrust-dst-nat-janus-chatqc-8088 {
match {
destination-address 171.244.17.193/32;
destination-port {
8088;
}
}
then {
destination-nat {
pool {
Dst-Nat-Janus-172_16_200_89;
}
}
}
}
rule untrust-dst-nat-janus-chatqc-8089 {
match {
destination-address 171.244.17.193/32;
destination-port {
8089;
}
}
then {
destination-nat {
pool {
Dst-Nat-Janus-172_16_200_89;
}
}
}
}
rule untrust-dst-nat-janus-chatqc-7088 {
match {
destination-address 171.244.17.193/32;
destination-port {
7088;
}
}
then {
destination-nat {
pool {
Dst-Nat-Janus-172_16_200_89;
}
}
}
}
rule untrust-dst-nat-janus-chatqc-8188 {
match {
destination-address 171.244.17.193/32;
destination-port {
8188;
}
}
then {
destination-nat {
pool {
Dst-Nat-Janus-172_16_200_89;
}
}
}
}
rule untrust-dst-nat-janus-chatqc-8989 {
match {
destination-address 171.244.17.193/32;
destination-port {
8989;
}
}
then {
destination-nat {
pool {
Dst-Nat-Janus-172_16_200_89;
}
}
}
}
rule untrust-dst-nat-janus-chatqc-10000 {
match {
destination-address 171.244.17.193/32;
destination-port {
10000;
}
}
then {
destination-nat {
pool {
Dst-Nat-Janus-172_16_200_89;
}
}
}
}
rule untrust-dst-nat-janus-chatqc-20000 {
match {
destination-address 171.244.17.193/32;
destination-port {
20000;
}
}
then {
destination-nat {
pool {
Dst-Nat-Janus-172_16_200_89;
}
}
}
}
rule untrust-dst-nat-Coturn-chatqc-3478 {
match {
destination-address 171.244.17.193/32;
destination-port {
3478;
}
}
then {
destination-nat {
pool {
Dst-Nat-Coturn-172_16_200_89;
}
}
}
}
rule untrust-dst-nat-Coturn-chatqc-5349 {
match {
destination-address 171.244.17.193/32;
destination-port {
5349;
}
}
then {
destination-nat {
pool {
Dst-Nat-Coturn-172_16_200_89;
}
}
}
}
rule untrust-dst-nat-Media-chatqc-49152 {
match {
destination-address 171.244.17.193/32;
destination-port {
49152;
}
}
then {
destination-nat {
pool {
Dst-Nat-Coturn-172_16_200_89;
}
}
}
}
rule untrust-dst-nat-Media-chatqc-65535 {
match {
destination-address 171.244.17.193/32;
destination-port {
65535;
}
}
then {
destination-nat {
pool {
Dst-Nat-Coturn-172_16_200_89;
}
}
}
}
rule DSN-SV-VPN-BOD-172_16_230_20 {
description "DNS: VPN_BOD 172.16.230.20 - 171.244.17.200";
match {
destination-address 171.244.17.200/32;
destination-port {
444;
1195;
}
}
then {
destination-nat {
pool {
VPN-BOD-172_16_230_20;
}
}
}
}
rule Test-Mapping-HAproxy-Port-8443 {
match {
destination-address 171.244.17.205/32;
destination-port {
443;
}
}
then {
destination-nat {
pool {
Vip-GW-Internal-QC;
}
}
}
}
rule VPN_RND_172_16_200_30 {
description 171.244.17.204-172.16.200.30;
match {
destination-address 171.244.17.204/32;
destination-port {
1195;
}
}
then {
destination-nat {
pool {
VPN-RND-172_16_200_30;
}
}
}
}
rule HA_VIP_api_rule_202_79_443 {
match {
destination-address 171.244.17.206/32;
destination-port {
443;
}
}
then {
destination-nat {
pool {
HA_VIP_api_rule_202_79;
}
}
}
}
rule HA_VIP_api_rule_202_79_80 {
match {
destination-address 171.244.17.206/32;
destination-port {
80;
}
}
then {
destination-nat {
pool {
HA_VIP_api_rule_202_79;
}
}
}
}
}
rule-set rs-03 {
from zone LAN-ZONE;
rule trust-dst-nat-rs-01 {
match {
destination-address 171.244.17.196/32;
destination-port {
443;
}
}
then {
destination-nat {
pool {
Web-Server-113-pool-Port443;
}
}
}
}
rule trust-dst-nat-rs-02 {
match {
destination-address 171.244.17.196/32;
destination-port {
80;
}
}
then {
destination-nat {
pool {
Web-Server-113-pool-Port80;
}
}
}
}
rule trust-dst-nat-rs-06 {
match {
destination-address 171.244.17.194/32;
destination-port {
443;
}
}
then {
destination-nat {
pool {
VIP-gw-external-QC-200_143;
}
}
}
}
rule trust-dst-nat-rs-07 {
match {
destination-address 171.244.17.194/32;
destination-port {
80;
}
}
then {
destination-nat {
pool {
VIP-gw-external-QC-200_143;
}
}
}
}
rule trust-dst-nat-rs-08 {
match {
destination-address 171.244.17.195/32;
destination-port {
80;
}
}
then {
destination-nat {
pool {
VIP-gw-Internal-QC-_200_157;
}
}
}
}
rule trust-dst-nat-rs-09 {
match {
destination-address 171.244.17.195/32;
destination-port {
443;
}
}
then {
destination-nat {
pool {
VIP-gw-Internal-QC-_200_157;
}
}
}
}
rule Hairpin-NAT-VIP-GW-External-P80 {
description "Hairpin-NAT-VIP-GW-External VIP: 172.16.200.160:80";
match {
destination-address 171.244.17.201/32;
destination-port {
80;
}
}
then {
destination-nat {
pool {
VIP-gw-external-prod-200_160;
}
}
}
}
rule Hairpin-NAT-VIP-GW-External-P443 {
description "Hairpin-NAT-VIP-GW-External VIP: 172.16.200.160:443";
match {
destination-address 171.244.17.201/32;
destination-port {
443;
}
}
then {
destination-nat {
pool {
VIP-gw-external-prod-200_160;
}
}
}
}
rule Hairpin-NAT-VIP-GW-External-prod-172_16_200_145 {
description "Hairpin-NAT-VIP-GW-External-prod: 172.16.200.145:80";
match {
destination-address 171.244.17.197/32;
destination-port {
80;
}
}
then {
destination-nat {
pool {
VIP-gw-gw-external-prod-200_145;
}
}
}
}
rule Hairpin-NAT-VIP-GW-External-prod-172_16_200_145-443 {
description "Hairpin-NAT-VIP-GW-External-Prod IP: 172.16.200.145:443";
match {
destination-address 171.244.17.197/32;
destination-port {
443;
}
}
then {
destination-nat {
pool {
VIP-gw-gw-external-prod-200_145;
}
}
}
}
rule Hairpin-NAT-DRSite-GW-Internal-Prod-2-P80 {
description "Hairpin-NAT-DRSite-GW-Internal-Prod-2-172.16.201.250 P 80";
match {
destination-address 171.244.17.198/32;
destination-port {
80;
}
}
then {
destination-nat {
pool {
Shorewall-250-pool-Port80;
}
}
}
}
rule Hairpin-NAT-DRSite-GW-Internal-Prod-2-P443 {
description "Hairpin-NAT-DRSite-GW-Internal-Prod-2-172.16.201.250 P 443";
match {
destination-address 171.244.17.198/32;
destination-port {
443;
}
}
then {
destination-nat {
pool {
Shorewall-250-pool-Port443;
}
}
}
}
}
}
static {
rule-set rule-static-1 {
from zone untrust;
rule chat-qc {
match {
destination-address 171.244.17.193/32;
}
then {
static-nat {
prefix {
172.16.200.89/32;
}
}
}
}
}
}
}
policies {
from-zone trust to-zone trust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone untrust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone untrust {
policy UNTRUST-TO-UNTRUST-term-01 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone LAN-ZONE to-zone VPN {
policy LAN-ZONE-VPN-01 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone VPN to-zone LAN-ZONE {
policy Allow-Promox-VNPT-to {
match {
source-address Proxmox-Range-VNPT;
destination-address Proxmox-Manager-172.16.201.200;
application any;
dynamic-application none;
}
then {
permit;
}
}
policy VPN-TO-LAN-00 {
match {
source-address VNPT-LAN-ZONE-VM-01;
destination-address VIETTEL-LAN-ZONE-VM-01;
application any;
}
then {
permit;
}
}
policy VPN-TO-LAN-04 {
match {
source-address any;
destination-address [ HSK-VIETTEL-ChatQC-HA-K8s Promotions-Mongo-2 ];
application [ junos-http junos-https ];
dynamic-application none;
}
then {
permit;
}
}
policy VPN-TO-LAN-05 {
match {
source-address VNPT-IP-SRX;
destination-address VIETTEL-SPUNK-SERVER;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone VPN {
policy trust-TO-VPN-term-01 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone VPN to-zone trust {
policy VPN-TO-trust-term-01 {
match {
source-address [ HOST-MANAGEMENT-VNPT VM-MNGT-DH ];
destination-address any;
application [ junos-ssh junos-http junos-https junos-icmp-ping ];
}
then {
permit;
}
}
policy VPN-TO-trust-term-02 {
match {
source-address [ HOST-PRTG-VNPT-01 HOST-PRTG-VNPT-02 HOST-PRTG-VNPT-03 ];
destination-address any;
application [ junos-icmp-ping HSK-SNMP-PORT-161 ];
}
then {
permit;
}
}
policy VPN-TO-trust-term-others {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
}
}
}
from-zone trust to-zone REMOTE-VPN {
policy JSC-VPN-01 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone REMOTE-VPN to-zone trust {
policy JSC-VPN-01 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone LAN-ZONE to-zone untrust {
policy Chat-QC-vendor-digital {
match {
source-address HSK-VIETTEL-ChatQC-HA-K8s;
destination-address Vendor-Digital-Cloud-IP-01;
application HSK-SSH-PORT-1122;
dynamic-application none;
}
then {
permit;
}
}
policy K8s-node-to-RAD {
match {
source-address drsite-k8s-node-app;
destination-address RAD-HOST-management;
application TCP-9625;
dynamic-application none;
}
then {
permit;
log {
session-init;
}
}
}
policy K8s-node-to-kafka {
match {
source-address drsite-k8s-node-app;
destination-address [ QC-Connection-23 QC-Connection-24 QC-Connection-25 ];
application TCP-9092;
dynamic-application none;
}
then {
permit;
log {
session-init;
}
}
}
policy LAN-ZONE-to-RAD-IP {
match {
source-address VIETTEL-LAN-ZONE-VM-01;
destination-address RAD-ADDRESS-IP;
application [ TCP-30002 TCP-30603 TCP-30633 ];
dynamic-application none;
}
then {
permit;
log {
session-init;
}
}
}
policy LAN-ZONE-ThaiSon-Svr {
match {
source-address VIETTEL-LAN-ZONE-VM-01;
destination-address ThaiSon-Svr;
application TCP-6788;
dynamic-application none;
}
then {
permit;
}
}
policy LAN-ZONE-Food-Server {
match {
source-address VIETTEL-LAN-ZONE-VM-01;
destination-address Host-Food-IP-02;
application [ DEV-137-15672-APP DEV-137-P5672-APP ];
dynamic-application none;
}
then {
permit;
}
}
policy LAN-ZONE-TO-BITBUCKET {
match {
source-address any;
destination-address [ BIT-BUCKET-IP AdminPublic-14 AdminPublic-08 QC-Connection-61 ];
application [ junos-ssh SQL-135-P3306-APP Chat-Srv-QC-Port-6379 Port-Redis-113-P9200-APP Mongo-QC-Food-87-P27017-APP ];
dynamic-application none;
}
then {
permit;
}
}
policy LAN-TO-untrust-term-01 {
match {
source-address any;
destination-address any;
application [ junos-icmp-ping junos-dns-tcp junos-dns-udp junos-nntp junos-ntp HSK-SNMP-PORT-161 junos-smtp junos-smtps junos-http junos-https stun-l-google-com_19302 ];
dynamic-application none;
}
then {
permit;
log {
session-init;
}
}
}
}
from-zone untrust to-zone LAN-ZONE {
policy untrust-TO_VPN_RND {
match {
source-address [ RAD-ADDRESS-IP QC-Connection-61 ];
destination-address VPN_RND_Svr;
application Port-SV-VPN-BOD-230_20;
dynamic-application none;
}
then {
permit;
}
}
policy untrust-TO-LAN-01 {
match {
source-address any;
destination-address HSK-VM-WEB-01;
application [ junos-http junos-https ];
}
then {
permit;
log {
session-init;
}
}
}
policy untrust-TO-LAN-00 {
match {
source-address 29HoangViet-IP;
destination-address DEV-137-IP;
application DEV-137-15672-APP;
}
then {
permit;
}
}
policy untrust-TO-LAN-05 {
match {
source-address any;
destination-address Speedtest-57-IP;
application Speedtest-57-P2000-APP;
dynamic-application none;
}
then {
permit;
}
}
policy untrust-TO-LAN-06 {
match {
source-address [ 29HoangViet-IP VPN-HOST-IP ];
destination-address Port-Redis-113-IP;
application Port-Redis-113-P9200-APP;
}
then {
permit;
}
}
policy untrust-TO-LAN-07 {
match {
source-address [ 29HoangViet-IP VPN-HOST-IP Host-Food-IP-01 Host-Food-IP-02 ];
destination-address Mongo-QC-Food-87-IP;
application Mongo-QC-Food-87-P27017-APP;
}
then {
permit;
}
}
policy untrust-TO-LAN-08 {
match {
source-address [ 29HoangViet-IP VPN-HOST-IP ];
destination-address Port-Redis-113-IP;
application Port-Redis-113-P16379-APP;
}
then {
permit;
}
}
policy untrust-TO-LAN-09 {
match {
source-address [ 29HoangViet-IP VPN-HOST-IP ];
destination-address Port-Redis-113-IP;
application Port-Redis-113-P16380-APP;
}
then {
permit;
}
}
policy untrust-TO-LAN-10 {
match {
source-address AdminPublic-IP;
destination-address Port-Redis-113-IP;
application Port-Redis-113-P30090-APP;
}
then {
permit;
}
}
policy untrust-TO-LAN-11 {
match {
source-address [ 29HoangViet-IP VPN-HOST-IP ];
destination-address Port-Redis-86-IP;
application Port-Redis-86-P6379-APP;
}
then {
permit;
}
}
policy untrust-TO-LAN-12 {
match {
source-address [ 29HoangViet-IP VPN-HOST-IP SHOP-555-HOST-IP ];
destination-address Port-Redis-113-IP;
application [ Port-Redis-113-P6379-APP junos-http junos-https ];
dynamic-application none;
}
then {
permit;
}
}
policy untrust-TO-LAN-13 {
match {
source-address [ 29HoangViet-IP VPN-HOST-IP ];
destination-address Port-Redis-113-IP;
application Port-Redis-113-P6380-APP;
}
then {
permit;
}
}
policy untrust-TO-LAN-14 {
match {
source-address [ 29HoangViet-IP VPN-HOST-IP ];
destination-address HA-PROXY-86-IP;
application HA-PROXY-86-P28018-APP;
}
then {
permit;
}
}
policy untrust-TO-LAN-15 {
match {
source-address [ QC-Connection-IP BIT-BUCKET-IP SHOP-555-HOST-IP Whitelist-IP-AWS Cloudflare-IP-LIST Soure-NAT-Teleport SHOP-HOST-14 SHOP-HOST-279 SHOP-HOST-588LBB ];
destination-address VIP-gw-internal-QC_200_154;
application [ junos-https junos-http TCP-8443 Port-8444 ];
dynamic-application none;
}
then {
permit;
log {
session-init;
}
}
}
policy untrust-TO-LAN-18 {
match {
source-address AdminPublic-IP;
destination-address HarBor-Backup-63-IP;
application HarBor-Backup-63-P10000-APP;
}
then {
permit;
}
}
policy untrust-TO-LAN-19 {
match {
source-address [ 29HoangViet-IP VPN-HOST-IP ];
destination-address NAT-SQL-131-IP;
application NAT-SQL-131-P3306-APP;
}
then {
permit;
}
}
policy untrust-TO-LAN-20 {
match {
source-address [ 29HoangViet-IP VPN-HOST-IP ];
destination-address NAT-SQL-132-IP;
application NAT-SQL-132-P3306-APP;
}
then {
permit;
}
}
policy untrust-TO-LAN-21 {
match {
source-address [ QC-Connection-IP RAD-ADDRESS-IP Factory-Hasaki Factory-Hasaki-2 Soure-NAT-Teleport ];
destination-address Port-Kafka-113-IP;
application Port-Kafka-113-P30011-APP;
dynamic-application none;
}
then {
permit;
}
}
policy untrust-TO-LAN-22 {
match {
source-address [ QC-Connection-IP RAD-ADDRESS-IP Factory-Hasaki Factory-Hasaki-2 Soure-NAT-Teleport ];
destination-address Port-Kafka-113-IP;
application Port-Kafka-113-P30012-APP;
dynamic-application none;
}
then {
permit;
}
}
policy untrust-TO-LAN-23 {
match {
source-address [ QC-Connection-IP RAD-ADDRESS-IP Factory-Hasaki Factory-Hasaki-2 Soure-NAT-Teleport ];
destination-address Port-Kafka-113-IP;
application Port-Kafka-113-P30013-APP;
dynamic-application none;
}
then {
permit;
}
}
policy untrust-TO-LAN-24 {
match {
source-address [ 29HoangViet-IP VPN-HOST-IP ];
destination-address Redis-86-IP;
application Redis-86-P6380-APP;
}
then {
permit;
}
}
policy untrust-TO-LAN-25 {
match {
source-address [ 29HoangViet-IP VPN-HOST-IP ];
destination-address Port-114-IP;
application Port-114-P6443-APP;
}
then {
permit;
}
}
policy untrust-TO-LAN-26 {
match {
source-address any;
destination-address VIP-gw-gw-external-prod-200_145;
application [ junos-http junos-https ];
dynamic-application none;
}
then {
permit;
log {
session-init;
}
}
}
policy untrust-TO-LAN-28 {
match {
source-address [ 29HoangViet-IP VPN-HOST-IP ];
destination-address SSH-Jump-114-IP;
application SSH-Jump-114-P1122-APP;
}
then {
permit;
}
}
policy untrust-TO-LAN-29 {
match {
source-address [ 29HoangViet-IP VPN-HOST-IP ];
destination-address ClickHouse-136-IP;
application ClickHouse-136-P9000-APP;
}
then {
permit;
}
}
policy untrust-TO-LAN-30 {
match {
source-address [ 29HoangViet-IP VPN-HOST-IP ];
destination-address ClickHouse-136-IP;
application ClickHouse-136-P8123-APP;
}
then {
permit;
}
}
policy untrust-TO-LAN-31 {
match {
source-address [ INSIDE-ADDRESS-IP SHOP-HOST-LIST VPN-HOST-IP AdminPublic-IP BIT-BUCKET-IP Soure-NAT-Teleport ];
destination-address Shorewall-250-IP;
application [ junos-https junos-http Shorewall-250-P9090-APP ];
}
then {
permit;
}
}
policy untrust-TO-LAN-32 {
match {
source-address any;
destination-address Shorewall-249-IP;
application [ junos-https junos-http ];
}
then {
permit;
log {
session-init;
}
}
}
policy untrust-TO-LAN-33 {
match {
source-address AdminPublic-IP;
destination-address Shorewall-250-IP;
application any;
}
then {
permit;
}
}
policy untrust-TO-LAN-17 {
match {
source-address [ 29HoangViet-IP VPN-HOST-IP ];
destination-address PORT-113-IP;
application PORT-113-P6443-APP;
}
then {
permit;
}
}
policy untrust-TO-LAN-34 {
match {
source-address INSIDE-ADDRESS-IP;
destination-address Shorewall-250-IP;
application Shorewall-250-P9200-APP;
}
then {
permit;
}
}
policy untrust-TO-LAN-35 {
match {
source-address [ 29HoangViet-IP VPN-HOST-IP ];
destination-address Shorewall-250-IP;
application Shorewall-250-P6443-APP;
}
then {
permit;
}
}
policy untrust-TO-LAN-36 {
match {
source-address 29HoangViet-IP;
destination-address SQL-135-IP;
application SQL-135-P3306-APP;
}
then {
permit;
}
}
policy untrust-TO-LAN-37 {
match {
source-address [ 29HoangViet-IP VPN-HOST-IP ];
destination-address SQL-135-IP;
application SQL-135-P3336-APP;
}
then {
permit;
}
}
policy untrust-TO-LAN-38 {
match {
source-address 29HoangViet-IP;
destination-address DEV-137-IP;
application DEV-137-P5672-APP;
}
then {
permit;
}
}
policy untrust-TO-LAN-39 {
match {
source-address [ 29HoangViet-IP VPN-HOST-IP QC-Connection-IP RAD-ADDRESS-IP ];
destination-address Shorewall-250-IP;
application Mongo-DB-250-P27017-APP;
dynamic-application none;
}
then {
permit;
}
}
policy untrust-TO-LAN-40 {
match {
source-address any;
destination-address VPN-Server-200.138;
application Port-VPNSERVER-138-P16701;
source-identity any;
dynamic-application none;
}
then {
permit;
log {
session-init;
}
}
}
policy untrust-TO-LAN-41 {
match {
source-address any;
destination-address VPN-Server-200.138;
application junos-udp-any;
source-identity any;
dynamic-application none;
}
then {
permit;
log {
session-init;
}
}
}
policy untrust-TO-LAN-42 {
match {
source-address any;
destination-address VPN-Server-200.138;
application [ junos-tcp-any junos-http junos-https ];
dynamic-application none;
}
then {
permit;
log {
session-init;
}
}
}
policy Chat-SRV-QC {
match {
source-address any;
destination-address Chat-QC-SRV;
application [ junos-http junos-https ];
dynamic-application none;
}
then {
permit;
log {
session-init;
}
}
}
policy Chat-SRV-QC-PORT-3000-5000 {
match {
source-address any;
destination-address Chat-QC-SRV;
application [ Chat-Srv-QC-Port3000-5000 Chat-Srv-QC-Port-10000-20000 Chat-SRV-QC-Port-3478 stun-l-google-com_19302 ];
dynamic-application none;
}
then {
permit;
log {
session-init;
}
}
}
policy VIP-HAPROXY-GW-EXTERNAL {
description 172.16.200.86;
match {
source-address any;
destination-address VIP-gw-external-QC;
application [ junos-http junos-https ];
dynamic-application none;
}
then {
permit;
log {
session-init;
}
}
}
policy VIP-HAPROXY-GW-INTERNAL-QC-200_157 {
match {
source-address [ SHOP-HOST-LIST 29HoangViet-IP VPN-HOST-IP HOST-PRTG-IP Vendor-Digital-Cloud-IP-01 QC-Connection-IP IP-Staging-Whitelist Soure-NAT-Teleport ];
destination-address VIP-gw-Internal-QC_200.157;
application [ junos-http junos-https ];
dynamic-application none;
}
then {
permit;
log {
session-init;
}
}
}
policy VIP-gw-external-QC-200_160 {
description 172.16.200.160;
match {
source-address any;
destination-address VIP-gw-external-prod-200_160;
application [ junos-http junos-https ];
dynamic-application none;
}
then {
permit;
log {
session-init;
}
}
}
policy untrust-TO-LAN-ZONE-VM {
description MONITOR;
match {
source-address LAN-PULIC-VNPT-160_187_94_0;
destination-address VIETTEL-LAN-ZONE-VM-01;
application [ junos-http junos-https ];
dynamic-application none;
}
then {
permit;
}
}
policy untrust-THD-HSK {
description SV-THD-HSK;
match {
source-address [ SHOP-HOST-276 SHOP-HOST-275 HSK-CHAT-1 HSK-CHAT-2 HO-568-LBB SHOP-HOST-588LBB ];
destination-address [ THD-HSK-172_16_200_22 THD-HSK-172_16_200_21 ];
application [ junos-https junos-http THD-HSK-200_22-P13000 THD-HSK-200_22-P14000 THD-HSK-200_22-P15000 THD-HSK-200_22-P17000 THD-HSK-200_22-P8060 THD-HSK-200_22-P13291 THD-HSK-200_22-P19170 THD-HSK-200_21_P8089 THD-HSK-200_1_P9997 ];
dynamic-application none;
}
then {
permit;
}
}
policy untrust-THD-HSK_200_21 {
description SV-THD-HSK-200-21;
match {
source-address [ SHOP-HOST-276 SHOP-HOST-275 ];
destination-address THD-HSK-172_16_200_21;
application THD-HSK-200_21_P8089;
dynamic-application none;
}
then {
permit;
}
}
policy untrust-VPN {
description "VPN Shop New";
match {
source-address any;
destination-address VPN-Server-200.203;
application [ junos-https VPN-UDP-P1194 ];
dynamic-application none;
}
then {
permit;
}
}
}
from-zone LAN-ZONE to-zone LAN-ZONE {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Proxmox-MNGT to-zone untrust {
policy Proxmox-MNGT-TO-untrust-01 {
match {
source-address Proxmox-MNGT-IP;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone LAN-ZONE to-zone Proxmox-MNGT {
policy LAN-ZONE-TO-Proxmox-MNGT-term-01 {
match {
source-address VM-MNGT-VIETTEL;
destination-address Proxmox-MNGT-VIETTEL-IP;
application any;
}
then {
permit;
}
}
policy LAN-ZONE-VLAN-40-FW {
match {
source-address VM-MNGT-THD-LOG;
destination-address Promox-MNGT-FW-VIETTEL-FW;
application PORT-SYSLOG-5514;
dynamic-application none;
}
then {
permit;
}
}
}
from-zone VPN to-zone Proxmox-MNGT {
policy VPN-TO-Proxmox-MNGT-term-01 {
match {
source-address [ VM-MNGT-VNPT VM-MNGT-DH ];
destination-address Proxmox-MNGT-VIETTEL-IP;
application any;
dynamic-application none;
}
then {
permit;
}
}
policy VPN-TO-Proxmox-MNGT-term-02 {
match {
source-address HOST-PRTG-VNPT-01;
destination-address Proxmox-MNGT-VIETTEL-IP;
application any;
}
then {
permit;
}
}
}
from-zone VPN to-zone PROD-VM-ZONE {
policy VPN-TO-PROD-ZONE-01 {
match {
source-address any;
destination-address VIETTEL-PROD-ZONE-VM-01;
application any;
}
then {
permit;
}
}
}
from-zone PROD-VM-ZONE to-zone VPN {
policy PROD-VM-ZONE-TO-VPN-Term-01 {
match {
source-address VIETTEL-PROD-ZONE-VM-01;
destination-address VNPT-LAN-ZONE-VM-01;
application any;
}
then {
permit;
}
}
}
from-zone LAN-ZONE to-zone PROD-VM-ZONE {
policy Permit_LAN_to_API_HA_Rule {
match {
source-address VIETTEL-LAN-ZONE-VM-01;
destination-address HA_VIP_api_rule_202_79;
application [ junos-http junos-https ];
dynamic-application none;
}
then {
permit;
}
}
policy VM-MNGT-VLAN-PROD-210 {
match {
source-address [ VM-MNGT-VIETTEL VM-MNGT-VIETTEL-02 ];
destination-address any;
application any;
dynamic-application any;
}
then {
permit;
}
}
policy others {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
}
}
}
from-zone PROD-VM-ZONE to-zone LAN-ZONE {
policy Allow-web-test-LAN-zone {
match {
source-address Web-test-202-94;
destination-address [ WEB-SERIVCE-IP-113 VIP-gw-internal-QC_200_154 Chat-QC-SRV ];
application [ junos-http junos-https junos-ping junos-icmp-ping Port-Kafka-113-P30011-APP Port-Kafka-113-P30012-APP Port-Kafka-113-P30013-APP ];
dynamic-application none;
}
then {
permit;
}
}
policy Vlan210-To-VM-MNGT-Viettel {
match {
source-address any;
destination-address [ VM-MNGT-VIETTEL-02 VIP-gw-internal-QC_200_154 ];
application any;
dynamic-application any;
}
then {
permit;
}
}
policy others {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
}
}
}
from-zone HSK-VLAN-230 to-zone untrust {
policy HSK-VLAN-230-TO-untrust-term01 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone HSK-VLAN-230 to-zone LAN-ZONE {
policy HSK-VLAN-230-TO-LAN-ZONE-term01 {
match {
source-address any;
destination-address any;
application any;
}
then {
reject;
}
}
}
from-zone HSK-VLAN-230 to-zone PROD-VM-ZONE {
policy HSK-VLAN-230-TO-PROD-VM-ZONE-term-01 {
match {
source-address any;
destination-address any;
application any;
}
then {
reject;
}
}
}
from-zone HSK-VLAN-230 to-zone VPN {
policy HSK-VLAN-230-TO-VPN-TERM-01 {
match {
source-address HSK-VIETTEL-VLAN-230;
destination-address HSK-VNPT-VLAN-110;
application any;
}
then {
permit;
}
}
policy HSK-VLAN-230-TO-VPN-OTHERS {
match {
source-address any;
destination-address any;
application any;
}
then {
reject;
}
}
}
from-zone HSK-VLAN-230 to-zone Proxmox-MNGT {
policy HSK-VLAN-230-TO-Proxmox-MNGT-term-01 {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
}
}
}
from-zone PROD-VM-ZONE to-zone untrust {
policy HSK-VLAN210-TO-untrust-term-01 {
description VLAN210-TO-UNTRUST;
match {
source-address any;
destination-address any;
application any;
dynamic-application none;
}
then {
permit;
}
}
}
from-zone untrust to-zone HSK-VLAN-230 {
policy untrust-to-VPN-SV-230_21 {
description "untrust-to-SV_VPN 230.21";
match {
source-address any;
destination-address VPN-Server-230.21;
application [ VPN-UDP-P1194 junos-https ];
dynamic-application none;
}
then {
permit;
}
}
policy untrust-to-HSK-SV-BOD {
description untrust-to-VPN-BOD-172.16.230.20;
match {
source-address any;
destination-address SV-VPN-BOD-230.20;
application Port-SV-VPN-BOD-230_20;
dynamic-application none;
}
then {
permit;
}
}
}
from-zone LAN-ZONE to-zone AWS-ZONE {
policy LAN-ZONE-AWS-ZONE-01 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone AWS-ZONE to-zone LAN-ZONE {
policy AWS-ZONE-LAN-ZONE-01 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone LAN-ZONE {
policy trust-TO-LAN-ZONE-term-01 {
match {
source-address MANAGEMENT-IP;
destination-address HSK-HOST-200-21;
application PORT-SYSLOG-5514;
}
then {
permit;
}
}
}
from-zone VPN to-zone HSK-VLAN-230 {
policy VPN-TO-HSK-VLAN-230-TERM-01 {
match {
source-address HSK-VNPT-VLAN-110;
destination-address HSK-VIETTEL-VLAN-230;
application any;
}
then {
permit;
}
}
policy VPN-TO-HSK-VLAN-230-OTHERS {
match {
source-address any;
destination-address any;
application any;
}
then {
reject;
}
}
}
from-zone Proxmox-MNGT to-zone LAN-ZONE {
policy Proxmox-Viettel-To-Vlan210 {
match {
source-address Proxmox-MNGT-VIETTEL-IP;
destination-address Proxmox-Manager-172.16.201.200;
application any;
dynamic-application none;
}
then {
permit;
}
}
}
from-zone untrust to-zone PROD-VM-ZONE {
policy Untrust_to_HA_VIP_API {
match {
source-address [ SHOP-HOST-LIST HO-568-LBB WEB-HOST-HASAKI HOST-PRTG-IP RAD-ADDRESS-IP LAN-PULIC-VNPT-160_187_94_0 ];
destination-address HA_VIP_api_rule_202_79;
application [ junos-http junos-https ];
dynamic-application none;
}
then {
permit;
log {
session-init;
}
}
}
}
from-zone AWS-Staging to-zone LAN-ZONE {
policy AWS-Staging-LAN-ZONE-01 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone LAN-ZONE to-zone AWS-Staging {
policy LAN-ZONE-AWS-Staging-01 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
global {
policy always-last-default-deny-and-log {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
log {
session-init;
}
}
}
}
default-policy {
deny-all;
}
pre-id-default-policy {
then {
log {
session-close;
}
}
}
}
tcp-encap {
profile SSL-VPN-RA-JSC {
ssl-profile RA-JSC-term;
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ae1.15;
}
}
security-zone untrust {
screen untrust-screen;
host-inbound-traffic {
system-services {
ping;
traceroute;
ike;
tcp-encap;
https;
}
protocols {
bgp;
}
}
interfaces {
xe-0/1/0.0;
xe-0/1/1.0;
}
}
security-zone VPN {
host-inbound-traffic {
system-services {
ping;
traceroute;
https;
}
}
interfaces {
st0.0;
st0.1;
}
}
security-zone LAN-ZONE {
host-inbound-traffic {
system-services {
ping;
traceroute;
}
}
interfaces {
ae0.200;
}
}
security-zone REMOTE-VPN {
host-inbound-traffic {
system-services {
ping;
ike;
}
}
interfaces {
st0.6;
}
}
security-zone Proxmox-MNGT {
host-inbound-traffic {
system-services {
ping;
}
}
interfaces {
ae0.40;
}
}
security-zone PROD-VM-ZONE {
host-inbound-traffic {
system-services {
ping;
traceroute;
}
}
interfaces {
ae0.210;
}
}
security-zone HSK-VLAN-230 {
host-inbound-traffic {
system-services {
ping;
traceroute;
}
}
interfaces {
ae0.230;
}
}
security-zone AWS-ZONE {
host-inbound-traffic {
system-services {
ping;
traceroute;
}
protocols {
bgp;
}
}
}
security-zone AWS-Staging {
host-inbound-traffic {
system-services {
ping;
traceroute;
}
protocols {
bgp;
}
}
interfaces {
st0.17;
st0.18;
}
}
}
}
interfaces {
ge-0/0/0 {
description GE-0/0/0-AE1:TO-BDG-VIETTEL-ACS-01:E1/46-PO13;
gigether-options {
802.3ad ae1;
}
}
ge-0/0/1 {
description GE-0/0/1-AE1:TO-BDG-VIETTEL-ACS-02:E1/46-PO13;
gigether-options {
802.3ad ae1;
}
}
xe-0/1/0 {
description "XE-0/1/0:TO-VIETTEL-IDC-UPLINK-01#10G#";
unit 0 {
family inet {
address 125.212.255.174/30;
}
}
}
xe-0/1/1 {
description "XE-0/1/1:TO-VIETTEL-IDC-UPLINK-02#10G#";
unit 0 {
family inet {
address 125.212.255.178/30;
}
}
}
xe-0/2/0 {
description Xe-0/2/0-AE0:TO-BDG-VIETTEL-ACS-10G-01:E1/48-PO10;
gigether-options {
802.3ad ae0;
}
}
ae0 {
description AE0:TO-BDG-VIETTEL-ACS-10G-01:PO10;
vlan-tagging;
aggregated-ether-options {
link-speed 10g;
lacp {
active;
}
}
unit 40 {
description "AE0.40:MNGT-PROMOX#VLAN40#";
vlan-id 40;
family inet {
address 172.16.40.248/24;
}
}
unit 200 {
description AE0.200:TO-BDG-VIETTEL-VM-01;
vlan-id 200;
family inet {
address 172.16.201.248/23;
}
}
unit 210 {
description "CE|AE0.210:TO-HSK-PROD-VM|VLAN210#10G#MS";
vlan-id 210;
family inet {
address 172.16.203.254/23;
}
}
unit 230 {
description "CE|AE0.230:TO-HSK-NEW-VLAN|VLAN230#10#MS";
vlan-id 230;
family inet {
address 172.16.230.254/24;
}
}
}
ae1 {
description AE1:TO-BDG-VIETTEL-ACS-1G:PO13;
vlan-tagging;
aggregated-ether-options {
link-speed 1g;
lacp {
active;
}
}
unit 15 {
vlan-id 15;
family inet {
address 172.16.15.247/24;
}
}
}
fxp0 {
unit 0 {
family inet;
}
}
st0 {
unit 0 {
family inet {
address 10.2.2.2/24;
}
}
unit 1 {
family inet {
address 10.3.3.2/24;
}
}
unit 5 {
family inet;
}
unit 6 {
family inet {
address 10.99.99.200/24;
}
}
unit 17 {
family inet {
mtu 1436;
address 169.254.45.234/30;
}
}
unit 18 {
family inet {
mtu 1436;
address 169.254.78.214/30;
}
}
}
}
snmp {
community daihuu;
}
policy-options {
prefix-list PREFIX-REC-FROM-DH {
160.187.94.0/24;
}
prefix-list RFC1918 {
10.0.0.0/8;
172.16.0.0/12;
192.168.0.0/16;
}
policy-statement ACCEPT-all {
then accept;
}
policy-statement EXP-AWS-HSK-SIN {
term term-01 {
from {
protocol direct;
route-filter 172.16.200.0/23 exact;
}
then accept;
}
term others {
then reject;
}
}
policy-statement EXP-VIETTEL-01 {
inactive: term REJECT-ALL {
then reject;
}
term term-01 {
from {
prefix-list PREFIX-REC-FROM-DH;
}
then accept;
}
term others {
then reject;
}
}
policy-statement EXP-VIETTEL-02 {
inactive: term REJECT-ALL {
then reject;
}
term term-01 {
from {
prefix-list PREFIX-REC-FROM-DH;
}
then accept;
}
term others {
then reject;
}
}
policy-statement EXPORT-AWS-HSK-01 {
term term-01 {
from {
protocol direct;
route-filter 172.16.200.0/23 exact;
}
then accept;
}
term others {
then reject;
}
}
policy-statement EXPORT-DEFAULT {
term default {
from {
route-filter 0.0.0.0/0 exact;
}
then accept;
}
term reject {
then reject;
}
}
policy-statement IMP-AWS-HSK-01 {
term term-01 {
from {
protocol bgp;
route-filter 10.200.0.0/16 orlonger;
route-filter 10.210.0.0/16 orlonger;
}
then accept;
}
term others {
then reject;
}
}
policy-statement IMP-AWS-HSK-02 {
term term-01 {
from {
protocol bgp;
route-filter 10.200.0.0/16 orlonger;
route-filter 10.210.0.0/16 orlonger;
}
then {
local-preference 80;
accept;
}
}
term others {
then reject;
}
}
policy-statement IMP-AWS-HSK-SIN {
term term-01 {
from {
protocol bgp;
route-filter 10.1.0.0/16 orlonger;
}
then accept;
}
term others {
then reject;
}
}
policy-statement IMP-VIETTEL-01 {
inactive: term REJECT-ALL {
then reject;
}
term term-01 {
from {
protocol bgp;
prefix-list-filter RFC1918 orlonger;
}
then reject;
}
term ACCEPT-ALL {
then accept;
}
}
policy-statement IMP-VIETTEL-02 {
inactive: term REJECT-ALL {
then reject;
}
term term-01 {
from {
protocol bgp;
prefix-list-filter RFC1918 orlonger;
}
then {
local-preference 90;
reject;
}
}
term ACCEPT-ALL {
then accept;
}
}
policy-statement REJECT-ALL {
then reject;
}
}
access {
profile RA-JSC-Access {
client nguyennd {
firewall-user {
password "$9$AxldpuBhcl8X-O187N-sYP5TF9A0BI";
}
}
client supportdh {
firewall-user {
password "$9$hh9Sye8LNs2alKs4oaDj9At0Rhrev";
}
}
address-assignment {
pool RA-JSC-Pool;
}
}
address-assignment {
pool junosDHCPPool {
family inet {
network 192.168.2.0/24;
range junosRange {
low 192.168.2.2;
high 192.168.2.254;
}
dhcp-attributes {
router {
192.168.2.1;
}
}
}
}
pool RA-JSC-Pool {
family inet {
network 10.99.99.0/24;
range RA-JSC-Range {
low 10.99.99.1;
high 10.99.99.50;
}
xauth-attributes {
primary-dns 8.8.8.8/32;
}
}
}
}
firewall-authentication {
web-authentication {
default-profile RA-JSC-Access;
}
}
}
applications {
application HSK-SSH-PORT-1122 {
protocol tcp;
destination-port 1122;
}
application HSK-SNMP-PORT-161 {
protocol udp;
destination-port 161;
}
application DEV-137-15672-APP {
term term-01 protocol udp destination-port 15672;
term term-02 protocol tcp destination-port 15672;
}
application DATA-ODM-74-P3389-APP {
term term-01 protocol udp destination-port 3389;
term term-02 protocol tcp destination-port 3389;
}
application Speedtest-57-P2000-APP {
term term-01 protocol udp destination-port 2000;
term term-02 protocol tcp destination-port 2000;
}
application Port-Redis-113-P9200-APP {
term term-01 protocol udp destination-port 9200;
term term-02 protocol tcp destination-port 9200;
}
application Mongo-QC-Food-87-P27017-APP {
term term-01 protocol udp destination-port 27017;
term term-02 protocol tcp destination-port 27017;
}
application Port-Redis-113-P16379-APP {
term term-01 protocol udp destination-port 16379;
term term-02 protocol tcp destination-port 16379;
}
application Port-Redis-113-P16380-APP {
term term-01 protocol udp destination-port 16380;
term term-02 protocol tcp destination-port 16380;
}
application Port-Redis-113-P30090-APP {
term term-01 protocol udp destination-port 30090;
term term-02 protocol tcp destination-port 30090;
}
application Port-Redis-86-P6379-APP {
term term-01 protocol udp destination-port 6379;
term term-02 protocol tcp destination-port 6379;
}
application Port-Redis-113-P6379-APP {
term term-01 protocol udp destination-port 6379;
term term-02 protocol tcp destination-port 6379;
}
application Port-Redis-113-P6380-APP {
term term-01 protocol udp destination-port 6380;
term term-02 protocol tcp destination-port 6380;
}
application HA-PROXY-86-P28018-APP {
term term-01 protocol udp destination-port 28018;
term term-02 protocol tcp destination-port 28018;
}
application PORT-113-P6443-APP {
term term-01 protocol udp destination-port 6443;
term term-02 protocol tcp destination-port 6443;
}
application HarBor-Backup-63-P10000-APP {
term term-01 protocol udp destination-port 10000;
term term-02 protocol tcp destination-port 10000;
}
application NAT-SQL-131-P3306-APP {
term term-01 protocol udp destination-port 3306;
term term-02 protocol tcp destination-port 3306;
}
application NAT-SQL-132-P3306-APP {
term term-01 protocol udp destination-port 3306;
term term-02 protocol tcp destination-port 3306;
}
application Port-Kafka-113-P30011-APP {
term term-01 protocol udp destination-port 30011;
term term-02 protocol tcp destination-port 30011;
}
application Port-Kafka-113-P30012-APP {
term term-01 protocol udp destination-port 30012;
term term-02 protocol tcp destination-port 30012;
}
application Port-Kafka-113-P30013-APP {
term term-01 protocol udp destination-port 30013;
term term-02 protocol tcp destination-port 30013;
}
application Redis-86-P6380-APP {
term term-01 protocol udp destination-port 6380;
term term-02 protocol tcp destination-port 6380;
}
application Port-114-P6443-APP {
term term-01 protocol udp destination-port 6443;
term term-02 protocol tcp destination-port 6443;
}
application SSH-Jump-114-P1122-APP {
term term-01 protocol udp destination-port 1122;
term term-02 protocol tcp destination-port 1122;
}
application ClickHouse-136-P9000-APP {
term term-01 protocol udp destination-port 9000;
term term-02 protocol tcp destination-port 9000;
}
application ClickHouse-136-P8123-APP {
term term-01 protocol udp destination-port 8123;
term term-02 protocol tcp destination-port 8123;
}
application Shorewall-250-P9090-APP {
term term-02 protocol tcp destination-port 9090;
}
application Shorewall-250-P9200-APP {
term term-01 protocol udp destination-port 9200;
term term-02 protocol tcp destination-port 9200;
}
application Shorewall-250-P6443-APP {
term term-01 protocol udp destination-port 6443;
term term-02 protocol tcp destination-port 6443;
}
application SQL-135-P3306-APP {
term term-01 protocol udp destination-port 3306;
term term-02 protocol tcp destination-port 3306;
}
application SQL-135-P3336-APP {
term term-01 protocol tcp destination-port 3306;
term term-02 protocol udp destination-port 3306;
}
application DEV-137-P5672-APP {
term term-01 protocol tcp destination-port 5672;
}
application Mongo-DB-250-P27017-APP {
protocol tcp;
destination-port 27017;
}
application Port-VPNSERVER-138-P16701 {
protocol udp;
destination-port 16701;
}
application Chat-Srv-QC-Port3000-5000 {
term UDP-Port protocol udp destination-port 30000-50000;
term TCP-Port protocol tcp destination-port 30000-50000;
}
application Chat-SRV-QC-Port-3478 {
protocol tcp;
destination-port 3478;
}
application Chat-Srv-QC-Port-6379 {
protocol tcp;
destination-port 6379;
}
application Chat-Srv-QC-Port-10000-20000 {
term UDP-Port protocol udp destination-port 10000-20000;
term TCP-Port protocol tcp destination-port 10000-20000;
}
application THD-HSK-200_22-P13000 {
term term-udp protocol udp destination-port 13000;
term term-tcp protocol tcp destination-port 13000;
}
application THD-HSK-200_22-P14000 {
term term-udp protocol udp destination-port 14000;
term term-tcp protocol tcp destination-port 14000;
}
application THD-HSK-200_22-P15000 {
term term-udp protocol udp destination-port 15000;
term term-tcp protocol tcp destination-port 15000;
}
application THD-HSK-200_22-P17000 {
term term-udp protocol udp destination-port 17000;
term term-tcp protocol tcp destination-port 17000;
}
application THD-HSK-200_22-P8060 {
term term-udp protocol udp destination-port 8060;
term term-tcp protocol tcp destination-port 8060;
}
application THD-HSK-200_22-P13291 {
term term-udp protocol udp destination-port 13291;
term term-tcp protocol tcp destination-port 13291;
}
application THD-HSK-200_22-P19170 {
term term-udp protocol udp destination-port 19170;
term term-tcp protocol tcp destination-port 19170;
}
application THD-HSK-200_21_P8089 {
term Allow-Splunk-9997 protocol udp destination-port 8089;
term Allow-Splunk-8089 protocol tcp destination-port 8089;
}
application VPN-UDP-P1194 {
term VPN-UDP-P1194 protocol udp destination-port 1194;
}
application THD-HSK-200_1_P9997 {
term Term-tcp protocol tcp destination-port 9997;
term Term-udp protocol udp destination-port 9997;
}
application Port-SV-VPN-BOD-230_20 {
term term-udp protocol udp destination-port 1195;
term term-tcp protocol tcp destination-port 444;
}
application PORT-SYSLOG-5514 {
term PORT-SYSLOG-5514 protocol udp destination-port 5514;
}
application QC-Chat-Range {
term QC-Chat-Range-UDP protocol udp destination-port 20000-50000;
term QC-Chat-Range protocol tcp destination-port 20000-50000;
}
application TCP-8443 {
protocol tcp;
destination-port 8443;
}
application Port-8444 {
term Port-8444-UDP protocol udp destination-port 8444;
term Port-8444-TCP protocol tcp destination-port 8444;
}
application stun-l-google-com_19302 {
protocol udp;
destination-port 19302;
}
application TCP-6788 {
protocol tcp;
destination-port 6788;
}
application Chat-SRV-QC-Port-8188 {
term udp-8188 protocol udp destination-port 8188;
term tcp-8188 protocol tcp destination-port 8188;
}
application Chat-SRV-QC-Port-8989 {
term udp-8989 protocol udp destination-port 8989;
term tcp-8989 protocol tcp destination-port 8989;
}
application TCP-30002 {
protocol tcp;
destination-port 30002;
}
application TCP-30603 {
protocol tcp;
destination-port 30603;
}
application TCP-30633 {
protocol tcp;
destination-port 30633;
}
application TCP-9092 {
protocol tcp;
destination-port 9092;
}
application TCP-9625 {
protocol tcp;
destination-port 9625;
}
}
protocols {
bgp {
group ebgp {
type external;
neighbor 169.254.150.129 {
hold-time 30;
import IMP-AWS-HSK-01;
export EXPORT-AWS-HSK-01;
peer-as 64512;
local-as 151866;
}
}
group EBGP-AWS-02 {
type external;
neighbor 169.254.228.33 {
hold-time 30;
import IMP-AWS-HSK-02;
export EXPORT-AWS-HSK-01;
peer-as 64512;
local-as 151866;
}
}
group EBGP-AWS-SIN {
type external;
neighbor 169.254.45.233 {
hold-time 30;
import IMP-AWS-HSK-SIN;
export EXP-AWS-HSK-SIN;
peer-as 64512;
local-as 65000;
}
}
group EBGP-AWS-SIN-02 {
type external;
neighbor 169.254.78.213 {
hold-time 30;
import IMP-AWS-HSK-SIN;
export EXP-AWS-HSK-SIN;
peer-as 64512;
local-as 65000;
}
}
}
l2-learning {
global-mode transparent-bridge;
}
}
routing-options {
autonomous-system 151866;
static {
route 0.0.0.0/0 {
next-hop st0.0;
qualified-next-hop st0.1 {
preference 10;
}
qualified-next-hop 125.212.255.173 {
preference 3;
}
qualified-next-hop 125.212.255.177 {
preference 4;
}
}
route 10.77.77.0/24 {
next-hop st0.0;
qualified-next-hop st0.1 {
preference 10;
}
}
route 14.225.242.81/32 {
next-hop 125.212.255.173;
qualified-next-hop 125.212.255.177 {
preference 10;
}
}
route 14.225.242.83/32 {
next-hop 125.212.255.173;
qualified-next-hop 125.212.255.177 {
preference 10;
}
}
route 112.197.0.99/32 next-hop 125.212.255.177;
route 112.197.3.114/32 {
next-hop 125.212.255.173;
qualified-next-hop 125.212.255.177 {
preference 10;
}
}
route 112.197.3.122/32 {
next-hop 125.212.255.173;
qualified-next-hop 125.212.255.177 {
preference 10;
}
}
route 160.187.94.0/24 next-hop 10.100.10.2;
route 160.187.94.0/26 next-hop 10.100.10.2;
route 160.187.94.64/26 next-hop 10.100.10.2;
route 172.16.14.0/24 {
next-hop st0.0;
qualified-next-hop st0.1 {
preference 10;
}
}
route 172.16.30.0/24 {
next-hop st0.0;
qualified-next-hop st0.1 {
preference 10;
}
}
route 172.16.100.0/23 {
next-hop st0.0;
qualified-next-hop st0.1 {
preference 10;
}
}
route 172.16.110.0/24 {
next-hop st0.0;
qualified-next-hop st0.1 {
preference 10;
}
}
route 210.211.112.69/32 next-hop 125.212.255.173;
route 210.211.112.70/32 next-hop 125.212.255.177;
}
}