Bangkokbank srx345 Cluster

#####################################################################
# This system is for the use of authorized users only. #

# Individuals using this computer system without authority, or in #
# excess of their authority, are subject to having all of their #
# activities on this system monitored and recorded by system #
# personnel.
#
#
# In the course of monitoring individuals improperly using this #
# system, or in the course of system maintenance, the activities #
# of authorized users may also be monitored.
#
#
#
# Anyone using this system expressly consents to such monitoring #
# and is advised that if such monitoring reveals possible #
# evidence of criminal activity, system personnel may provide the #
# evidence of such monitoring to law enforcement officials. #
#
#
# *** Bangkok Bank ***
#
#####################################################################
B0818-VN-HCM-SRX345-FW02 (ttyu0)
#####################################################################
# This system is for the use of authorized users only. #
# Individuals using this computer system without authority, or in #
# excess of their authority, are subject to having all of their #
# activities on this system monitored and recorded by system #
# personnel.
#
#
# In the course of monitoring individuals improperly using this #
# system, or in the course of system maintenance, the activities #
# of authorized users may also be monitored.
#
root@B0818-VN-HCM-SRX345-FW02%
#
root@B0818-VN-HCM-SRX345-FW02% ressly consents to such monitoring #
root@B0818-VN-HCM-SRX345-FW02% monitoring reveals possible #
root@B0818-VN-HCM-SRX345-FW02% y, system personnel may provide the #
root@B0818-VN-HCM-SRX345-FW02% to law enforcement officials. #
#
#
root@B0818-VN-HCM-SRX345-FW02% kok Bank ***
#
#####################################################################
B0818-VN-HCM-SRX345-FW02 (ttyu0)
login: root
--- JUNOS 15.1X49-D75.5 built 2017-01-20 21:12:28 UTC
croot@B0818-VN-HCM-SRX345-FW02% cli
{secondary:node1}
root@B0818-VN-HCM-SRX345-FW02>
{secondary:node1}
root@B0818-VN-HCM-SRX345-FW02> show chassis cluster
^
syntax error, expecting <command>.
{secondary:node1}
root@B0818-VN-HCM-SRX345-FW02> show chassis cluster status
Monitor Failure codes:
CS Cold Sync monitoring FL Fabric Connection monitoring
GR GRES monitoring HW Hardware monitoring
IF Interface monitoring IP IP monitoring
LB Loopback monitoring MB Mbuf monitoring
NH Nexthop monitoring NP NPC monitoring
SP SPU monitoring SM Schedule monitoring
CF Config Sync monitoring
Cluster ID: 1
Node Priority Status Preempt Manual Monitor-failures
Redundancy group: 0 , Failover count: 0

node0 100 primary no no None
node1 1 secondary no no None

node0 0 primary no no CS
node1 0 secondary no no IF CS
{secondary:node1}
root@B0818-VN-HCM-SRX345-FW02> show configuration chassis cluster
reth-count 6;
redundancy-group 0 {
node 0 priority 100;
node 1 priority 1;
}
node 1 priority 1;
interface-monitor {
ge-0/0/2 weight 255;
}
}
{secondary:node1}
root@B0818-VN-HCM-SRX345-FW02> show chassis ch
Message from syslogd@B0818-VN-HCM-SRX345-FW02 at Apr 11 16:09:47 ...
B0818-VN-HCM-SRX345-FW02 SCHED: Thread 4 (Module Init) ran for 1008 ms without
yielding

B0818-VN-HCM-SRX345-FW02 Scheduler Oinker

B0818-VN-HCM-SRX345-FW02 Frame 00: sp = 0x510a68c8, pc = 0x1822a368

B0818-VN-HCM-SRX345-FW02 Frame 01: sp = 0x510a6970, pc = 0x18212164

B0818-VN-HCM-SRX345-FW02 Frame 02: sp = 0x510a69e0, pc = 0x1876c390

B0818-VN-HCM-SRX345-FW02 Frame 03: sp = 0x510a6a30, pc = 0x184f884c

B0818-VN-HCM-SRX345-FW02 Frame 04: sp = 0x510a6ab0, pc = 0x1a79ff14

B0818-VN-HCM-SRX345-FW02 Frame 05: sp = 0x510a6b50, pc = 0x18790084

B0818-VN-HCM-SRX345-FW02 Frame 06: sp = 0x510a6b98, pc = 0x1a62104c
^
{secondary:node1}
{secondary:node1}
{secondary:node1}
root@B0818-VN-HCM-SRX345-FW02> show log messages | last
Apr 11 16:09:47 B0818-VN-HCM-SRX345-FW02 Frame 03: sp = 0x510a6a30, pc =
0x184f884c
Apr 11 16:09:47 B0818-VN-HCM-SRX345-FW02 Frame 04: sp = 0x510a6ab0, pc =
0x1a79ff14
Apr 11 16:09:47 B0818-VN-HCM-SRX345-FW02 Frame 05: sp = 0x510a6b50, pc =
0x18790084
0x1a62104c
Apr 11 16:09:47 B0818-VN-HCM-SRX345-FW02 Frame 07: sp = 0x510a77d8, pc =
0x1878fe70
Apr 11 16:09:48 B0818-VN-HCM-SRX345-FW02 init: gstatd (PID 93413) exited with
status=1
Apr 11 16:09:48 B0818-VN-HCM-SRX345-FW02 init: gstatd (PID 93416) started
Apr 11 16:09:50 B0818-VN-HCM-SRX345-FW02 jsrpd[1740]: JSRPD_HA_CONTROL_LINK_UP: HA
control link monitor status is marked up
status=1
status=1
Apr 11 16:09:58 B0818-VN-HCM-SRX345-FW02 init: gstatd is thrashing, not restarted
Apr 11 16:09:58 B0818-VN-HCM-SRX345-FW02 init: Alarm set command: /usr/sbin/cli
(PID 93426) started
{secondary:node1}
root@B0818-VN-HCM-SRX345-FW02> show log messages
Apr 11 15:30:00 B0818-VN-HCM-SRX345-FW02 newsyslog[92028]: logfile turned over due to
size>100K
status=1
status=1
status=1
(PID 92040) started
Apr 11 15:30:33 B0818-VN-HCM-SRX345-FW02 init: forwarding (PID 92009) terminated
by signal number 2!
Apr 11 15:30:33 B0818-VN-HCM-SRX345-FW02 init: forwarding (PID 92042) started
Apr 11 15:30:33 B0818-VN-HCM-SRX345-FW02 init: chassis-control (PID 92013) exited
with status=69
Apr 11 15:30:34 B0818-VN-HCM-SRX345-FW02 jsrpd[1740]: JSRPD_HA_CONTROL_LINK_DOWN:
HA control link monitor status is marked down
Apr 11 15:30:34 B0818-VN-HCM-SRX345-FW02 init: chassis-control (PID 92046) started
Apr 11 15:30:39 B0818-VN-HCM-SRX345-FW02 init: Alarm clear command: /usr/sbin/cli
(PID 92052) started
status=1
(PID 92055) started
by signal number 2!
with status=69
(PID 92075) started
status=1
status=1
status=1
status=1
(PID 92089) started
by signal number 2!
---(more 4%)---
B0818-VN-HCM-SRX345-FW02 SCHED: Thread 4 (Module Init) ran for 1023 ms without
yielding

B0818-VN-HCM-SRX345-FW02 Scheduler Oinker

B0818-VN-HCM-SRX345-FW02 Frame 00: sp = 0x510a68c8, pc = 0x1822a368

B0818-VN-HCM-SRX345-FW02 Frame 01: sp = 0x510a6970, pc = 0x18212164

B0818-VN-HCM-SRX345-FW02 Frame 02: sp = 0x510a69e0, pc = 0x1876c390

B0818-VN-HCM-SRX345-FW02 Frame 03: sp = 0x510a6a30, pc = 0x184f884c

B0818-VN-HCM-SRX345-FW02 Frame 04: sp = 0x510a6ab0, pc = 0x1a79ff14

B0818-VN-HCM-SRX345-FW02 Frame 05: sp = 0x510a6b50, pc = 0x18790084

B0818-VN-HCM-SRX345-FW02 Frame 06: sp = 0x510a6b98, pc = 0x1a62104c
with status=69
(PID 92101) started
status=1
(PID 92104) started
by signal number 2!
with status=69
(PID 92124) started
status=1
status=1
status=1
status=1
(PID 92138) started
by signal number 2!
with status=69
(PID 92156) started
status=1
(PID 92159) started
by signal number 2!
with status=69
(PID 92179) started
status=1
status=1
status=1
status=1
(PID 92193) started
by signal number 2!
with status=69
(PID 92208) started
status=1
(PID 92211) started
by signal number 2!
with status=69
(PID 92230) started
status=1
status=1
status=1
status=1
(PID 92245) started
by signal number 2!
with status=69
(PID 92257) started
status=1
(PID 92260) started
by signal number 2!
with status=69
(PID 92280) started
status=1
status=1
status=1
status=1
(PID 92294) started
by signal number 2!
with status=69
(PID 92306) started
status=1
(PID 92309) started
by signal number 2!
Apr 11 15:39:03 B0818-VN-HCM-SRX345-FW02 SCHED: Thread 4 (Module Init) ran for
1015 ms without yielding
Apr 11 15:39:03 B0818-VN-HCM-SRX345-FW02 Scheduler Oinker
Apr 11 15:39:03 B0818-VN-HCM-SRX345-FW02 Frame 00: sp = 0x510a68c8, pc =
0x1822a368
Apr 11 15:39:03 B0818-VN-HCM-SRX345-FW02 Frame 01: sp = 0x510a6970, pc =
0x18212164
Apr 11 15:39:03 B0818-VN-HCM-SRX345-FW02 Frame 02: sp = 0x510a69e0, pc =
0x1876c390
Apr 11 15:39:03 B0818-VN-HCM-SRX345-FW02 Frame 03: sp = 0x510a6a30, pc =
0x184f884c
Apr 11 15:39:03 B0818-VN-HCM-SRX345-FW02 Frame 04: sp = 0x510a6ab0, pc =
0x1a79ff14
0x18790084
0x1a62104c
Apr 11 15:39:03 B0818-VN-HCM-SRX345-FW02 Frame 07: sp = 0x510a77d8, pc =
0x1878fe70
with status=69
(PID 92333) started
status=1
status=1
status=1
status=1
(PID 92347) started
by signal number 2!
with status=69
(PID 92359) started
status=1
(PID 92362) started
by signal number 2!
with status=69
(PID 92386) started
status=1
status=1
{secondary:node1}
root@B0818-VN-HCM-SRX345-FW02> show configuration chassis cluster
reth-count 6;
node 1 priority 1;
}
node 1 priority 1;
interface-monitor {
}
}
{secondary:node1}
root@B0818-VN-HCM-SRX345-FW02> show configuration | display set
set version 15.1X49-D75.5
set groups node0 system host-name B0818-VN-HCM-SRX345-FW01
set groups node0 system backup-router 10.202.43.33
set groups node0 system backup-router destination 0.0.0.0/1
set groups node0 system services ssh max-sessions-per-connection 32
set groups node0 system syslog file default-log-messages any info
set groups node0 system syslog file default-log-messages match "(requested 'commit'
operation)|(copying configuration to juniper.s
ave)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link
UP)|transitioned|Transferred|transfer-file|(l
icense add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|
(FRU Offline)|(plugged in)|(unplugged)|GRES"
set groups node0 system syslog file default-log-messages structured-data
set groups node0 interfaces fxp0 unit 0 family inet address 10.202.43.58/27
set groups node1 system host-name B0818-VN-HCM-SRX345-FW02
set groups node1 system backup-router 10.202.43.33
set groups node1 system services ssh max-sessions-per-connection 32
set groups node1 system syslog file default-log-messages any info
set groups node1 system syslog file default-log-messages match "(requested 'commit'
operation)|(copying configuration to juniper.save)|(commit
complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|
transitioned|Transferred|transfer-file|(license add)|(license del
ete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|
(unplugged)|GRES"
set groups node1 system syslog file default-log-messages structured-data
set groups node1 interfaces fxp0 unit 0 family inet address 10.202.43.57/27
set apply-groups "${node}"
set system time-zone Asia/Bangkok
set system authentication-order radius
set system authentication-order tacplus
set system authentication-order password
set system root-authentication encrypted-password
"$5$N/cttQdS$WFwl.6t.zrryZFWu9BUZBlq4HbUp.81nES4.lUWTCJ0"
set system name-server 202.153.97.2
set system radius-server 172.28.9.3 port 1646
set system radius-server 172.28.9.3 secret "$9$xrn-
dsg4JGjHylXNbwaJTQF3n90BErKWVwoGjq5T"
set system radius-server 172.28.9.3 source-address 10.202.43.58
set system login message
"#####################################################################\n# This
system is for the use of authorized u sers
only. #\n# Individuals using this computer system without
authority, or in #\n# excess of their authority, are subject to
having all of their #\n# activities on this system monitored and recorded
by system #\n# personnel.\n#
#\n# In the course of monitoring individuals improperly using this #\n#
system, or in the course of system
maintenance, the activities #\n# of authorized users may also be monitored.
#\n#
#\n# Anyone using this system expressly consents to such monitoring #\n#
and is advised that if such monitoring
reveals possible #\n# evidence of criminal activity, system
personnel may provide the #\n# evidence of such monitoring
to law enforcement officials. #\n#
#\n# *** Ban
gkok Bank *** #\
n#####################################################################"
set system login class view-policy permissions security
set system login class view-policy allow-commands "(show configuration)|(show log)|
(show security flow)|(show chassis)|(show system)|(show ver
sion)|(show arp)|(show interface)|(show ntp)|(show route)"
set system login class view-policy deny-commands "(show security zones)|(show
security alg)|(show security flow)|(show security policies appli
cation-firewall)|(show security policies global)|(show security application-
tracking)|(show security datapath-debug)|(show security dynamic-po
licies)|(show security firewall-authentication)|(show security gprs)|(show security
idp)|(show security keychain)|(show security log)|(show se
curity match-policies)|(show security monitoring)|(show security pki)|(show security
resource-manager)|(show security policies logical-system)
|(show security policies root-logical-system)|(show security policies zone-context)|
(show security alarms)|(show security utm)|(show security
nat)|(show security policies count)|(show security policies detail)|(clear)|(help)|
(load)|(op)|(request)|(file)|(save)|(test)|(start)"
set system login user srattakorn full-name "Remote users with view-policy privilege"
set system login user srattakorn uid 100
set system login user srattakorn class view-policy
set system login user svtech uid 2007
set system login user svtech class super-user
set system login user svtech authentication encrypted-password
"$5$eDbkPRGj$xrf89pvuBj/pJyp7WCjw568bdH2KVVdWekqQvpXLS9A"
set system services ssh
set system services netconf ssh
set system services web-management https system-generated-certificate
set system services web-management https interface fxp0.0
set system services web-management https interface reth2.0
set system services web-management https interface reth4.0
set system services web-management session idle-timeout 10
set system syslog archive size 100k
set system syslog archive files 3
set system syslog user * any emergency
set system syslog host 10.202.43.129 any any
set system syslog file messages any critical
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands error
set system syslog file policy_session user info
set system syslog file policy_session match RT_FLOW
set system syslog file policy_session archive size 1000k
set system syslog file policy_session archive world-readable
set system syslog file policy_session structured-data
set system syslog file accepted-traffic any any
set system syslog file accepted-traffic match RT_FLOW_SESSION_CREATE
set system syslog file blocked-traffic any any
set system syslog file blocked-traffic match RT_FLOW_SESSION_DENY
set system syslog file default-log-messages any info
set system syslog file default-log-messages match "(requested 'commit' operation)|
(copying configuration to juniper.save)|(commit complete)|if
AdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|
Transferred|transfer-file|(license add)|(license delete)|(package
-X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|
GRES"
set system syslog file default-log-messages structured-data
set system syslog file kmd-logs daemon info
set system syslog file kmd-logs match KMD
set system max-configurations-on-flash 5
set system max-configuration-rollbacks 5
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set system ntp server 10.136.255.1
set chassis cluster reth-count 6
set chassis cluster redundancy-group 0 node 0 priority 100
set chassis cluster redundancy-group 1 interface-monitor ge-0/0/2 weight 255
set services rpm probe HNBTunnelTrack test test1 probe-type icmp-ping
set services rpm probe HNBTunnelTrack test test1 target address 10.202.41.36
set services rpm probe HNBTunnelTrack test test1 probe-count 3
set services rpm probe HNBTunnelTrack test test1 probe-interval 15
set services rpm probe HNBTunnelTrack test test1 test-interval 10
set services rpm probe HNBTunnelTrack test test1 thresholds successive-loss 3
set services rpm probe HNBTunnelTrack test test1 thresholds total-loss 3
set services rpm probe HNBTunnelTrack test test1 next-hop 10.202.43.36
set services ip-monitoring policy HNBTunnelTrack match rpm-probe HNBTunnelTrack
set services ip-monitoring policy HNBTunnelTrack then preferred-route routing-
instances vr-1 route 10.202.40.0/23 next-hop 10.202.43.33
set security ike traceoptions file vpn-monitor
set security ike traceoptions flag ike
set security ike respond-bad-spi 1
set security ike proposal Standard_1_PSK authentication-method pre-shared-keys
set security ike proposal Standard_1_PSK dh-group group2
set security ike proposal Standard_1_PSK authentication-algorithm sha-256
set security ike proposal Standard_1_PSK encryption-algorithm aes-256-cbc
set security ike proposal Standard_1_PSK lifetime-seconds 86400
set security ike policy VPN-Gateway-of-OSC-1 mode aggressive
set security ike policy VPN-Gateway-of-OSC-1 proposal-set compatible
set security ike policy VPN-Gateway-of-OSC-1 pre-shared-key ascii-text
"$9$zaxb69t1IcvMXcy24ZGiH0O1Ihr8X7NbYOBdbs2aJ69Cu1EhSl"
set security ike policy IKE-HQ mode main
set security ike policy IKE-HQ proposals Standard_1_PSK
set security ike policy IKE-HQ pre-shared-key ascii-text "$9$9bEjpu1vWXws2N-UiqPn6N-
VbYoZUH.mTPfQn/A0OX7NbwgHqfQF/jH5F6/0OWLx"
set security ike gateway VPN-Gateway-of-OSC-1 ike-policy VPN-Gateway-of-OSC-1
set security ike gateway VPN-Gateway-of-OSC-1 address 59.152.246.106
set security ike gateway VPN-Gateway-of-OSC-1 nat-keepalive 5
set security ike gateway VPN-Gateway-of-OSC-1 local-identity user-at-hostname
"hochiminh@bbl.co.th"
set security ike gateway VPN-Gateway-of-OSC-1 external-interface reth1.0
set security ipsec proposal IPSEC-HQ protocol esp
set security ipsec proposal IPSEC-HQ authentication-algorithm hmac-sha-256-128
set security ipsec proposal IPSEC-HQ encryption-algorithm aes-256-cbc
set security ipsec proposal IPSEC-HQ lifetime-seconds 86400
set security ipsec policy policy-VPN-to-OSC-1 proposal-set compatible
set security ipsec policy IPSEC-HQ perfect-forward-secrecy keys group2
set security ipsec policy IPSEC-HQ proposals IPSEC-HQ
set security ipsec vpn VPN-to-OSC-1 bind-interface st0.0
set security ipsec vpn VPN-to-OSC-1 vpn-monitor optimized
set security ipsec vpn VPN-to-OSC-1 ike gateway VPN-Gateway-of-OSC-1
set security ipsec vpn VPN-to-OSC-1 ike ipsec-policy policy-VPN-to-OSC-1
set security ipsec vpn VPN-to-OSC-1 establish-tunnels immediately
set security address-book global address CBB-SVC-10.202.155.65-OAOVSCBBSDC01
10.202.155.65/32
set security address-book global address CBB-SVC-10.202.155.66-OAOVSCBBSDC02
10.202.155.66/32
set security address-book global address HCB-DCT-10.202.43.97-HC04LPS 10.202.43.97/32
set security address-book global address HCB-DCT-10.202.43.98-HC05LPS 10.202.43.98/32
set security address-book global address HCB-EXT-10.210.132.115-MIP 10.210.132.115/32
set security address-book global address HCB-EXT-192.168.100.2-SBVRPT01
192.168.100.2/32
set security address-book global address HCB-GTW-10.202.43.100-ETAX 10.202.43.100/32
set security address-book global address HCB-GTW-10.202.43.101-ETAX 10.202.43.101/32
set security address-book global address HCB-INT-202.153.97.130-ISP_DNS
202.153.97.130/32
set security address-book global address HCB-INT-202.153.97.2-ISP_DNS 202.153.97.2/32
set security address-book global address HCB-MGT-10.202.43.129-SMOVSHCBLOG01
10.202.43.129/32
set security address-book global address HCB-MGT-10.202.43.136-WKHCBPAW01
10.202.43.136/32
set security address-book global address HCB-MGT-10.202.43.137-WKHCBPAW02
10.202.43.137/32
set security address-book global address HCB-SVC-10.202.43.65-OAOVSHCBSDC01
10.202.43.65/32
set security address-book global address HCB-SVC-10.202.43.66-OAOVSHCBSDC02
10.202.43.66/32
set security address-book global address HCB-SVC-10.202.43.67-OAOVSHCBSRV01
10.202.43.67/32
set security address-book global address HCB-SVC-10.202.43.68-OAOVSHCBSRV02
10.202.43.68/32
set security address-book global address HCB-SVC-10.202.43.70-OAOVSHCBMNT01
10.202.43.70/32
set security address-book global address HCB-SVC-10.202.43.88-SMOVSHCBPXY02
10.202.43.88/32
set security address-book global address HCB-SVC-10.202.43.89-ATABox 10.202.43.89/32
set security address-book global address HCB-SVC-10.202.43.90-SMOVSHCBPXY01
10.202.43.90/32
set security address-book global address HCB-USR-10.202.42.153-HC02LPS-IPBS
10.202.42.153/32
set security address-book global address HCB-USR-10.202.42.155-HC01RPT
10.202.42.155/32
set security address-book global address HCB-USR-10.202.42.156-HC01RPT
10.202.42.156/32
set security address-book global address HCB-USR-10.202.42.161-HC03LPS
10.202.42.161/32
set security address-book global address HCB-USR-10.202.42.162-ReserveBPSReport
10.202.42.162/32
set security address-book global address HCB-USR-10.202.42.163-HCWS-01
10.202.42.163/32
set security address-book global address HCB-USR-10.202.42.163-ReserveBPSReport
10.202.42.163/32
10.202.42.164/32
10.202.42.165/32
10.202.42.166/32
set security address-book global address HCB-USR-10.202.42.171-EDP 10.202.42.171/32
set security address-book global address HCB-USR-10.202.42.172-EDP 10.202.42.172/32
set security address-book global address HCB-USR-10.202.42.190-OANBHCB01
10.202.42.190/32
set security address-book global address HCB-VPN-172.16.188.1-Tunnel_interface
172.16.188.1/32
set security address-book global address HCM-SVC-10.202.43.71-OAOVSHCBVM02_DFSR
10.202.43.71/32
set security address-book global address HCM-USR-10.202.42.0/24-USR_PC 10.202.42.0/24
set security address-book global address HKB-GTW-10.202.5.192/26-HKB-06F-VLAN18
10.202.5.192/26
set security address-book global address HKB-GTW-192.255.1.0/24 192.255.1.0/24
set security address-book global address HKB-GTW-192.255.1.133 192.255.1.133/32
set security address-book global address HKB-GTW-192.255.1.200-BBLAPP91
192.255.1.200/32
set security address-book global address HKB-GTW-192.255.1.8-HKBMAIL1_NOTES
192.255.1.8/32
set security address-book global address HKB-GTW-192.255.10.49-iSeries
192.255.10.49/32
set security address-book global address HKDR-GTW-192.255.27.0/24 192.255.27.0/24
set security address-book global address HKG-GTW-10.202.61.100-SDCALL01
10.202.61.100/32
set security address-book global address HKG-GTW-10.202.61.101-VDAALL03
10.202.61.101/32
set security address-book global address HKG-GTW-10.202.61.18-BBLAPP07
10.202.61.18/32
set security address-book global address HKG-GTW-10.202.61.21-CTXALL06
10.202.61.21/32
10.202.61.22/32
10.202.61.225/32
10.202.61.226/32
set security address-book global address HKG-GTW-10.202.61.99-VDAALL02
10.202.61.99/32
192.255.1.16/32
set security address-book global address HKG-GTW-192.255.1.5-iSeries-VNB_VIP
192.255.1.5/32
set security address-book global address HKG-GTW-192.255.1.6-iSeries-VNB_NIC1
192.255.1.6/32
set security address-book global address HKG-GTW-192.255.1.7-iSeries-VNB_NIC2
192.255.1.7/32
set security address-book global address HKG-GTW-192.255.10.12-TSTAPP07
192.255.10.12/32
set security address-book global address HNB-GTW-10.202.40.0/23 10.202.40.0/23
set security address-book global address HNB-MGT-10.202.41.136-WKHNBPAW01
10.202.41.136/32
set security address-book global address HNB-SVC-10.202.41.65-OAOVSHNBRODC01
10.202.41.65/32
set security address-book global address HNB-SVC-10.202.41.67-OAOVSHNBSRV01
10.202.41.67/32
set security address-book global address JKB-SVC-10.202.53.65-OAOVSJKBSDC01
10.202.53.65/32
set security address-book global address JKB-SVC-10.202.53.66-OAOVSJKBSDC02
10.202.53.66/32
set security address-book global address KHB-SVC-10.202.15.65-OAOVSKHBRODC01
10.202.15.65/32
set security address-book global address KWB-GTW-192.255.11.3-KNB_BBLAPP28_SWIFT
192.255.11.3/32
set security address-book global address MNB-SVC-10.202.67.65-OAOVSMNBSDC01
10.202.67.65/32
set security address-book global address MNB-SVC-10.202.67.66-OAOVSMNBSDC02
10.202.67.66/32
set security address-book global address NYB-DCT-10.202.57.100-eGIFTS_MS_Cluster
10.202.57.100/32
set security address-book global address NYB-DCT-10.202.57.101-eGIFTS_Oracle_Cluster
10.202.57.101/32
set security address-book global address NYB-DCT-10.202.57.107-GIFTSWEBOA
10.202.57.107/32
set security address-book global address NYB-DCT-10.202.57.110-NYBMQ01
10.202.57.110/32
set security address-book global address NYB-DCT-10.202.57.111-NYBSVR01
10.202.57.111/32
set security address-book global address NYB-DCT-10.202.57.99-eGIFTS 10.202.57.99/32
set security address-book global address NYB-DCT-192.255.5.23-eGIFTS_MS_Cluster
192.255.5.23/32
set security address-book global address NYB-DCT-192.255.5.25-eGIFTS_Oracle_Cluster
192.255.5.25/32
set security address-book global address NYB-SVC-10.202.57.65-OAOVSNYBSDC01
10.202.57.65/32
set security address-book global address NYB-SVC-10.202.57.66-OAOVSNYBSDC02
10.202.57.66/32
set security address-book global address NYDR-DCT-10.202.55.97-eGIFTS-DR
10.202.55.97/32
set security address-book global address NYDR-SVC-10.202.55.65-OAOVSNYDRSDC01
10.202.55.65/32
set security address-book global address OSB-SVC-10.202.23.65-OAOVSOSBRODC01
10.202.23.65/32
set security address-book global address OVS-GTW-10.202.0.0/16 10.202.0.0/16
set security address-book global address OVS-INT-8.8.8.8-Google_DNS 8.8.8.8/32
set security address-book global address PSB-SVC-10.202.163.65-OAOVSPSBSDC01
10.202.163.65/32
set security address-book global address RM3-GTW-10.145.0.0/16 10.145.0.0/16
set security address-book global address RM3-GTW-10.145.129.161-ATA_Terminal
10.145.129.161/32
set security address-book global address RM3-GTW-10.145.2.58-Surachai 10.145.2.58/32
set security address-book global address RM3-GTW-10.145.22.109-BC_MC 10.145.22.109/32
set security address-book global address RM3-GTW-10.145.3.107-Bhumin 10.145.3.107/32
set security address-book global address RM3-GTW-10.145.3.110-Network_PC
10.145.3.110/32
10.145.3.146/32
set security address-book global address RM3-GTW-10.145.3.161-Zee_PC 10.145.3.161/32
set security address-book global address RM3-GTW-10.145.3.191-Chanu 10.145.3.191/32
set security address-book global address RM3-GTW-10.145.3.193-Witthawat
10.145.3.193/32
set security address-book global address RM3-GTW-10.145.3.202-Winai_PC
10.145.3.202/32
set security address-book global address RM3-GTW-10.145.3.204-Walaiporn
10.145.3.204/32
10.145.3.71/32
set security address-book global address RM3-GTW-10.145.53.204-Security
10.145.53.204/32
set security address-book global address RM3-GTW-10.150.129.5-TMCM 10.150.129.5/32
set security address-book global address RM3-GTW-10.95.92.13-ibanking 10.95.92.13/32
set security address-book global address RM3-GTW-172.26.16.1-OARM3SDC01
172.26.16.1/32
set security address-book global address RM3-GTW-172.26.16.10-OAR3BBBDC01
172.26.16.10/32
set security address-book global address RM3-GTW-172.26.16.161-OAMONSRV01
172.26.16.161/32
set security address-book global address RM3-GTW-172.26.16.195-OAADHC01
172.26.16.195/32
set security address-book global address RM3-GTW-172.26.16.215-OAR3ADRMS01
172.26.16.215/32
set security address-book global address RM3-GTW-172.26.16.216-OAR3ADRMS02
172.26.16.216/32
set security address-book global address RM3-GTW-172.26.16.217-adrms.oa.bbl
172.26.16.217/32
set security address-book global address RM3-GTW-172.26.16.223-OAR3SFBDP01
172.26.16.223/32
set security address-book global address RM3-GTW-172.26.16.224-OAR3SFBDP02
172.26.16.224/32
set security address-book global address RM3-GTW-172.26.16.225-OAR3SFBFE01
172.26.16.225/32
172.26.16.226/32
172.26.16.227/32
set security address-book global address RM3-GTW-172.26.16.3-OARM3SDC02
172.26.16.3/32
set security address-book global address RM3-GTW-172.26.16.5-OAR3OVSDC01
172.26.16.5/32
set security address-book global address RM3-GTW-172.26.16.62-OAADHC01
172.26.16.62/32
set security address-book global address RM3-GTW-172.26.16.65-OASLMGR01
172.26.16.65/32
set security address-book global address RM3-GTW-172.26.16.7-OAR3OVSTERM01
172.26.16.7/32
set security address-book global address RM3-GTW-172.26.16.8-OAR3OVSTERM02
172.26.16.8/32
set security address-book global address RM3-GTW-172.26.2.222-wper3cit01
172.26.2.222/32
set security address-book global address RM3-GTW-172.26.60.0/24-InternalWeb
172.26.60.0/24
set security address-book global address RM3-GTW-172.26.60.185-SharePointServer
172.26.60.185/32
set security address-book global address RM3-GTW-172.26.60.49-OAR3CASARRAY
172.26.60.49/32
set security address-book global address RM3-GTW-172.26.60.51-EDC_Server
172.26.60.51/32
set security address-book global address RM3-GTW-172.26.60.68-ONLINE_PAYMENT
172.26.60.68/32
set security address-book global address RM3-GTW-172.26.77.1-BBL_Logo 172.26.77.1/32
set security address-book global address RM3-GTW-172.26.78.68-IT-VPNATH-1102
172.26.78.68/32
set security address-book global address RM3-GTW-172.27.248.11-NSMR3SPT01
172.27.248.11/32
set security address-book global address RM3-GTW-172.27.248.21-NSMCA_SPT1101
172.27.248.21/32
set security address-book global address RM3-GTW-172.27.248.25-NSMCA-SPT6105.oa.bbl
172.27.248.25/32
set security address-book global address RM3-GTW-172.27.248.29-NSMDCPD01 description
"CAPM server"
set security address-book global address RM3-GTW-172.27.248.29-NSMDCPD01
172.27.248.29/32
set security address-book global address RM3-GTW-172.27.248.52-NSMR3OMMS01
172.27.248.52/32
set security address-book global address RM3-GTW-172.27.248.53-NSMR3OMMS02
172.27.248.53/32
set security address-book global address RM3-GTW-172.28.9.3-ACS 172.28.9.3/32
set security address-book global address RM3-GTW-172.29.16.131-ICDM 172.29.16.131/32
set security address-book global address RM3-GTW-172.29.16.137-ICDM 172.29.16.137/32
set security address-book global address RM3-GTW-USR-172.26.16.191-MapServer
172.26.16.191/32
set security address-book global address SBB-SVC-10.202.47.65-OAOVSSBBRODC01
10.202.47.65/32
set security address-book global address SBV-EXT-135.50.1.26 135.50.1.26/32
set security address-book global address SBV-EXT-192.168.92.18 192.168.92.18/32
set security address-book global address SGP-SVC-10.202.1.83-OAOVSSGBSDC01
10.202.1.83/32
set security address-book global address SGP-SVC-10.202.1.84-OAOVSSGBSDC02
10.202.1.84/32
set security address-book global address SLM-GTW-10.128.120.225-NetUX
10.128.120.225/32
set security address-book global address SLM-GTW-10.128.120.226-NetUX
10.128.120.226/32
set security address-book global address SLM-GTW-10.132.0.0/16 10.132.0.0/16
set security address-book global address SLM-GTW-10.136.80.1-iGlobal-Test-Server1
10.136.80.1/32
10.136.80.2/32
10.136.80.3/32
10.136.82.2/32
set security address-book global address SLM-GTW-10.136.82.3-IBGVHS1UAS01
10.136.82.3/32
set security address-book global address SLM-GTW-10.15.0.1-OAHSDC01 10.15.0.1/32
set security address-book global address SLM-GTW-10.15.0.2-OAHSDC02 10.15.0.2/32
set security address-book global address SLM-GTW-10.15.8.3-OAHMGT01 10.15.8.3/32
set security address-book global address SLM-GTW-10.15.8.4-OAHMISC01 10.15.8.4/32
set security address-book global address SLM-GTW-10.46.244.30-BC_Reporter
10.46.244.30/32
set security address-book global address SLM-GTW-10.46.95.75-ebswsua2 10.46.95.75/32
set security address-book global address SLM-GTW-172.18.16.1-OAHQSDC01 172.18.16.1/32
set security address-book global address SLM-GTW-172.18.16.104-OAHMISC01
172.18.16.104/32
set security address-book global address SLM-GTW-172.18.16.105-OAHMGT01
172.18.16.105/32
set security address-book global address SLM-GTW-172.18.16.106-OAHISSUECA01
172.18.16.106/32
set security address-book global address SLM-GTW-172.18.16.124-OAHEXHC02
172.18.16.124/32
set security address-book global address SLM-GTW-172.18.16.131-OAHEXMB01
172.18.16.131/32
set security address-book global address SLM-GTW-172.18.16.149-OAHLYNCFE01
172.18.16.149/32
set security address-book global address SLM-GTW-172.18.16.154-OAHLYNCFE02
172.18.16.154/32
set security address-book global address SLM-GTW-172.18.16.155-OASLMGR02
172.18.16.155/32
set security address-book global address SLM-GTW-172.18.16.183-OAHWEB02
172.18.16.183/32
set security address-book global address SLM-GTW-172.18.16.206-
www.pbg.bangkokbank.com 172.18.16.206/32
set security address-book global address SLM-GTW-172.18.16.3-OAHQSDC02 172.18.16.3/32
set security address-book global address SLM-GTW-172.18.16.5-OAHQOVSDC01
172.18.16.5/32
set security address-book global address SLM-GTW-172.18.16.51-OAHQEXMB01
172.18.16.51/32
set security address-book global address SLM-GTW-172.18.16.65-OASLMGR01
172.18.16.65/32
set security address-book global address SLM-GTW-172.18.16.77-OAHSRV01
172.18.16.77/32
set security address-book global address SLM-GTW-172.18.16.87-OAHQSPSLBIP
172.18.16.87/32
set security address-book global address SLM-GTW-172.18.16.94-OAHRMS01
172.18.16.94/32
set security address-book global address SLM-GTW-172.18.2.222-wpehcit01
172.18.2.222/32
set security address-book global address SLM-GTW-172.18.2.227-wpehcit01
172.18.2.227/32
set security address-book global address SLM-GTW-172.18.60.0/24-InternalWeb
172.18.60.0/24
set security address-book global address SLM-GTW-172.18.60.49-OAHQCASARRAY
172.18.60.49/32
set security address-book global address SLM-GTW-172.18.60.51-NAC_VIP 172.18.60.51/32
set security address-book global address SLM-GTW-172.18.60.59-OAHQOWALBIP
172.18.60.59/32
set security address-book global address SLM-GTW-172.18.60.64-icdmce 172.18.60.64/32
set security address-book global address SLM-GTW-172.18.60.69-oasmtp.oa.bbl
172.18.60.69/32
set security address-book global address SLM-GTW-172.18.60.74-iGlobal-UAT
172.18.60.74/32
set security address-book global address SLM-GTW-172.18.60.75-iGlobalBANK-UAT
172.18.60.75/32
set security address-book global address SLM-GTW-172.18.77.1-ICMHAUTH01
172.18.77.1/32
set security address-book global address SLM-GTW-172.18.77.2-BC_Director description
"BlueCoat Director"
set security address-book global address SLM-GTW-172.18.77.2-BC_Director
172.18.77.2/32
set security address-book global address SLM-GTW-172.18.78.68-IT-VPNATH-1202
172.18.78.68/32
set security address-book global address SLM-GTW-172.19.252.65-OAHQNAS01
172.19.252.65/32
set security address-book global address SLM-GTW-172.21.16.132-icdmslp1
172.21.16.132/32
set security address-book global address SLM-GTW-172.21.16.133-icdmslp2
172.21.16.133/32
set security address-book global address SLM-INT-119.46.64.90-access.bangkokbank.com
119.46.64.90/32
set security address-book global address SLM-INT-119.46.64.91-webcon.bangkokbank.com
119.46.64.91/32
set security address-book global address SLM-INT-119.46.64.92-av.bangkokbank.com
119.46.64.92/32
set security address-book global address SLM-INT-119.46.64.94-meet.bangkokbank.com
119.46.64.94/32
set security address-book global address SMD-SVC-10.202.51.65-OAOVSMDBRODC01
10.202.51.65/32
set security address-book global address TCB-SVC-10.202.17.65-OAOVSTCBRODC01
10.202.17.65/32
set security address-book global address TKB-SVC-10.202.21.65-OAOVSTKBSDC01
10.202.21.65/32
set security address-book global address TKB-SVC-10.202.21.66-OAOVSTKBSDC02
10.202.21.66/32
set security address-book global address TPB-SVC-10.202.19.65-OAOVSTPBSDC01
10.202.19.65/32
set security address-book global address TPB-SVC-10.202.19.66-OAOVSTPBSDC02
10.202.19.66/32
set security address-book global address TTP-GTW-10.127.202.208-HO-PC-Custody
10.127.202.208/32
set security address-book global address VTB-SVC-10.202.153.65-OAOVSVTBSDC01
10.202.153.65/32
set security address-book global address VTB-SVC-10.202.153.66-OAOVSVTBSDC02
10.202.153.66/32
set security address-book global address YGB-SVC-10.202.157.65-OAOVSYGBSDC01
10.202.157.65/32
set security address-book global address YGB-SVC-10.202.157.66-OAOVSYGBSDC02
10.202.157.66/32
set security address-book global address HNB-USR-10.202.40.0/24-USR_PC 10.202.40.0/24
set security address-book global address HNB-USR-10.202.40.190-MeetingRoom
10.202.40.190/32
set security address-book global address VCB-INT-103.11.172.38-Vietcombank
103.11.172.38/32
set security address-book global address VCB-INT-103.11.172.4-VietcomBank
103.11.172.4/32
set security address-book global address VCB-INT-203.162.0.181-VCB_Money_DNS1
203.162.0.181/32
set security address-book global address VCB-INT-203.210.142.132-VCB_Money_DNS2
203.210.142.132/32
set security address-book global address HCB-INT-110.164.206.23-rmt.bbl.co.th
110.164.206.23/32
set security address-book global address HCB-SVC-10.202.43.72-NAS_Server
10.202.43.72/32
set security address-book global address HCB-DCT-10.202.43.102-HCSERVER02
10.202.43.102/32
set security address-book global address HCB-INT-203.201.56.140-payment.bidv.com.vn
203.201.56.140/32
192.255.1.78/32
192.255.1.79/32
set security address-book global address HCB-INT-110.164.207.23-SSLVPNRama3
110.164.207.23/32
set security address-book global address HCB-INT-119.46.71.23-SSLVPNRama3
119.46.71.23/32
set security address-book global address HCB-SVC-10.202.43.86-TestPAE 10.202.43.86/32
set security address-book global address KWB-GTW-192.255.11.15-Citrix
192.255.11.15/32
set security address-book global address HKG-GTW-10.202.6.0/26-08F_Segment_VLAN19
10.202.6.0/26
set security address-book global address KLN-GTW-192.255.11.74-CITRIX
192.255.11.74/32
set security address-book global address RM3-GTW-172.31.4.3-Itstptsp01 172.31.4.3/32
set security address-book global address RM3-GTW-10.231.241.23-NSMCA-SPS1101
10.231.241.23/32
set security address-book global address RM3-GTW-10.231.241.24-NSMCA-SPS1102
10.231.241.24/32
set security address-book global address RM3-GTW-10.231.241.25-NSMCA-VAI1101
10.231.241.25/32
set security address-book global address RM3-GTW-10.231.241.29-NSMDCPD01
10.231.241.29/32
set security address-book global address RM3-GTW-10.231.241.30-NSMCA-SPT6105
10.231.241.30/32
set security address-book global address HKG-GTW-192.255.1.112-SIPServer
192.255.1.112/32
set security address-book global address HNB-EXT-192.168.10.11-SBV 192.168.10.11/32
set security address-book global address HCB-EXT-10.64.241.29-ETAX 10.64.241.29/32
set security address-book global address HCB-USR-10.202.43.176/28-SWIFT_User
10.202.43.176/28
set security address-book global address HKB-GTW-192.255.1.29-OSC-BBLAPP06
192.255.1.29/32
set security address-book global address HKDR-GTW-192.255.27.74-BBLAPP24
192.255.27.74/32
192.255.1.74/32
192.255.1.75/32
192.255.1.82/32
set security address-book global address HCB-INT-116.96.143.156-Fmsis.nfsc.vn
116.96.143.156/32
set security address-book global address RM3-GTW-10.145.3.72-Watcharin 10.145.3.72/32
set security address-book global address HCB-SVC-10.202.43.86-PABX 10.202.43.86/32
set security address-book global address HCB-SVC-10.202.43.86-VoiceRecorder
10.202.43.86/32
set security address-book global address HKG-GTW-192.255.1.83-New_Citrix_Server
192.255.1.83/32
set security address-book global address HCB-EXT-202.58.245.50-sbvsub.sbv.gov.vn
202.58.245.50/32
set security address-book global address HCB-EXT-202.58.245.51-sbvldap.sbv.gov.vn
202.58.245.51/32
set security address-book global address SLM-GTW-172.18.16.151-OAHEX2K7.oa.bbl
172.18.16.151/32
set security address-book global address HCB-EXT-192.168.10.13-SBV 192.168.10.13/32
set security address-book global address HCB-USR-10.202.42.154-New_IBPS_PC
10.202.42.154/32
set security address-book global address SLM-INT-119.46.64.95-Meet.bangkokbank.com
119.46.64.95/32
set security address-book global address SLM-INT-119.46.64.96-
ucwebext.bangkokbank.com 119.46.64.96/32
set security address-book global address SLM-INT-119.46.64.97-oos.bangkokbank.com
119.46.64.97/32
set security address-book global address RM3-GTW-172.27.248.83-Rama3_SpeedTest
172.27.248.83/32
set security address-book global address SM-GTW-172.19.248.83-SIlom_SpeedTest
172.19.248.83/32
set security address-book global address HCB-INT-124.158.4.138-info.div.gov.vn
124.158.4.138/32
set security address-book global address HCB-INT-124.158.4.139-icmftp.div.gov.vn
124.158.4.139/32
124.158.7.35/32
124.158.7.36/32
set security address-book global address SGDR-SVC-10.202.71.65-OAOVSSGDRSDC01
10.202.71.65/32
set security address-book global address HKB-GTW-192.255.1.80-Citrix_Backup
192.255.1.80/32
set security address-book global address RM3-GTW-172.20.10.9-lms.bbl.co.th
172.20.10.9/32
set security address-book global address HKB-GTW-10.202.161.103-CITRIX_Test_Server
10.202.161.103/32
set security address-book global address HKB-GTW-10.202.61.102-CITRIX_Test_Server
10.202.61.102/32
set security address-book global address HKB-GTW-172.22.22.19-SWIFT_Server
172.22.22.19/32
172.22.22.3/32
172.22.22.5/32
set security address-book global address SLM-GTW-172.18.16.115-OAHQADASSET01
172.18.16.115/32
set security address-book global address HKB-GTW-10.202.13.100-SWIFT_Workstations
10.202.13.100/32
set security address-book global address HKB-GTW-10.202.13.133-SWIFT_DR
10.202.13.133/32
set security address-book global address HKB-GTW-10.202.61.133-SWIFT 10.202.61.133/32
set security address-book global address HKB-GTW-10.202.61.135-SWIFT 10.202.61.135/32
set security address-book global address HKG-GTW-192.255.1.15-OSC-BBLAPP22
192.255.1.15/32
set security address-book global address HKG-GTW-192.255.1.30-OSC-BBLAPP21
192.255.1.30/32
set security address-book global address NYB-DCT-10.202.57.106-AMLSERVER
10.202.57.106/32
set security address-book global address LDB-SVC-10.202.81.65-OAOVSLDBSDC01
10.202.81.65/32
set security address-book global address LDB-SVC-10.202.81.66-OAOVSLDBSDC02
10.202.81.66/32
set security address-book global address RM3-GTW-172.26.60.59-OAR3OWALBIP
172.26.60.59/32
set security address-book global address SGP-SVC-10.202.1.65-OAOVSSGSDC01
10.202.1.65/32
set security address-book global address SGP-SVC-10.202.1.66-OAOVSSGSDC02
10.202.1.66/32
set security address-book global address RM3-GTW-10.229.250.40-CCOOBPXYMGT01
10.229.250.40/32
set security address-book global address RM3-GTW-10.229.250.41-CCOOBPXYREP01
10.229.250.41/32
set security address-book global address RM3-GTW-10.229.250.42-CCOOBPXYLOG01
10.229.250.42/32
set security address-book global address Branch-GTW-10.160.0.0/11-TEAM-USER-BKK
10.160.0.0/11
10.192.0.0/14
10.203.0.0/16
20.0.0.0/8
30.0.0.0/8
40.0.0.0/8
set security address-book global address CBB-USR-10.202.154.0/24-USR_PC
10.202.154.0/24
set security address-book global address RM3-GTW-10.144.0.0/15-TEAM-USER-BKK
10.144.0.0/15
set security address-book global address RM3-GTW-10.148.122.10-Team-SBC
10.148.122.10/32
set security address-book global address SLM-GTW-10.126.0.0/15-TEAM-USER-BKK
10.126.0.0/15
10.128.0.0/14
10.132.0.0/15
set security address-book global address HKDR-GTW-192.255.27.11-DR_VNB_CSExim
192.255.27.11/32
set security address-book global address HKDR-GTW-192.255.27.78-DR_Citrix1
192.255.27.78/32
set security address-book global address HKDR-GTW-192.255.27.79-DR_Citrix2
192.255.27.79/32
set security address-book global address HCB-USR-10.202.42.154-FTP-USER
10.202.42.154/32
set security address-book global address VN-INT-221.132.39.104-hopthuthongtin.com.vn
221.132.39.104/32
set security address-book global address PSB-USR-10.202.162.0/24-USR_PC
10.202.162.0/24
set security address-book global address PSB-SVC-10.202.163.81-OAOVSPSSDC01
10.202.163.81/32
set security address-book global address VTB-USR-10.202.152.0/24-USR_PC
10.202.152.0/24
set security address-book global address RM3-GTW-172.26.16.113 172.26.16.113/32
set security address-book global address SLM-GTW-172.18.16.10 172.18.16.10/32
set security address-book global address SLM-GTW-172.18.16.113 172.18.16.113/32
set security address-book global address VTB-SVC-10.202.153.81-OAOVSVTSDC01
10.202.153.81/32
set security address-book global address VTB-SVC-10.202.153.82-OAOVSVTSDC02
10.202.153.82/32
set security address-book global address LDB-USR-10.202.80.0/24-USR_PC description
LDB-USR-10.202.80.0/24-USR_PC
set security address-book global address LDB-USR-10.202.80.0/24-USR_PC 10.202.80.0/24
set security address-book global address MNB-USR-10.202.78.0/24-USR_PC 10.202.78.0/24
set security address-book global address NYB-USR-10.202.56.0/24-USR_PC 10.202.56.0/24
set security address-book global address OSB-USR-10.202.22.0/24-USR_PC 10.202.22.0/24
set security address-book global address TKB-USR-10.202.20.0/24-USR_PC 10.202.20.0/24
set security address-book global address JKB-USR-10.202.52.0/24-UserZone
10.202.52.0/24
set security address-book global address RM3-GTW-172.26.78.63-IT-PKIISC1101
172.26.78.63/32
set security address-book global address RM3-GTW-10.95.62.0/24-VPN2A.RM3
10.95.62.0/23
set security address-book global address SLM-GTW-10.46.62.0/24-SSLVPN 10.46.62.0/24
set security address-book global address HCB-USR-10.202.42.105 10.202.42.105/32
set security address-book global address SLM-GTW-10.46.64.0/24-SSL_SNAT-Pool
10.46.64.0/24
set security address-book global address SLM-GTW-10.46.65.0/24-SSL_SNAT-Pool
10.46.65.0/24
set security address-book global address INT-52.112.0.0/14-MSTeam 52.112.0.0/14
set security address-book global address SLM-GTW-10.46.66.0/24-SSLVPN-Pool
10.46.66.0/24
10.46.67.0/24
10.46.68.0/24
10.46.69.0/24
set security address-book global address KHB-USR-10.202.14.0/24-USR_PC 10.202.14.0/24
set security address-book global address MDB-USR-10.202.50.0/24-USR_PC 10.202.50.0/24
set security address-book global address SBB-USR-10.202.46.0/24-USR_PC 10.202.46.0/24
set security address-book global address TCB-USR-10.202.16.0/24-USR_PC 10.202.16.0/24
set security address-book global address TPB-USR-10.202.18.0/24-USR_PC 10.202.18.0/24
set security address-book global address HKB-GTW-192.255.10.201-eStatement_UAT
192.255.10.201/32
set security address-book global address RM3-GTW-172.28.42.58-ALM-QC 172.28.42.58/32
set security address-book global address SM-GTW-172.18.89.18-SAS_ECM_Web_App
172.18.89.18/32
set security address-book global address RM3-GTW-10.145.3.107-Chanu 10.145.3.107/32
set security address-book global address RM3-GTW-10.231.241.67-DDI 10.231.241.67/32
set security address-book global address RM3-GTW-10.145.201.0/24-WIFI_User
10.145.201.0/24
10.145.202.0/24
10.145.203.0/24
10.145.204.0/24
10.145.205.0/24
set security address-book global address RM3-GTW-10.231.176.23-IT-AV-APO1101
10.231.176.23/32
set security address-book global address RM3-GTW-10.231.241.65-Sm-APO-01
10.231.241.65/32
set security address-book global address SLM-GTW-10.230.176.23-IT-AV-APO1201
10.230.176.23/32
set security address-book global address HKB-GTW-10.202.62.98-afivnpd1
10.202.62.98/32
set security address-book global address HKB-GTW-10.202.62.99-afmvnpd1
10.202.62.99/32
set security address-book global address HKB-GTW-10.202.64.98-afivnpd1
10.202.64.98/32
set security address-book global address HKB-GTW-10.202.64.99-afmvnpd1
10.202.64.99/32
set security address-book global address HCB-USR-10.202.42.121-WKHCB068
10.202.42.121/32
10.202.42.131/32
10.202.42.36/32
set security address-book global address HKB-GTW-192.255.10.216-TSTSGBICDM01
192.255.10.216/32
set security address-book global address RM3-GTW-10.150.129.9-WEPRM3AV03
10.150.129.9/32
set security address-book global address SLM-GTW-10.138.129.4-WEPSLAV02
10.138.129.4/32
set security address-book global address HKB-GTW-10.202.62.100-afcvnpd1
10.202.62.100/32
set security address-book global address HKB-GTW-10.202.64.100-afcvnpd1
10.202.64.100/32
10.145.216.0/21
set security address-book global address SLM-GTW-10.230.251.132-IT-VDIRDS1204
10.230.251.132/32
set security address-book global address RM3-GTW-10.231.251.0/24-VDI 10.231.251.0/24
set security address-book global address SLM-GTW-10.230.251.0/24-VDI 10.230.251.0/24
set security address-book global address RM3-GTW-10.145.3.250-CC03A1-EX1_Switch
10.145.3.250/32
set security address-book global address HKB-GTW-10.202.62.101-afavnpd1
10.202.62.101/32
set security address-book global address HKB-GTW-10.202.64.101-afavnpd1
10.202.64.101/32
set security address-book global address SLM-GTW-10.132.95.0/24-SM03OPT1_NonOA_DRC
10.132.95.0/24
49.156.55.195/32
49.156.55.196/32
49.156.55.197/32
49.156.55.198/32
set security address-book global address HNB-USR-10.202.40.168 10.202.40.168/32
set security address-book global address HNB-USR-10.202.40.171-Hung_PC
10.202.40.171/32
set security address-book global address VCB-INT-10.1.1.18-Vietcombank.com.vn
10.1.1.18/32
10.202.42.101/32
10.202.42.102/32
10.202.42.11/32
10.202.42.122/32
10.202.42.129/32
10.202.42.20/32
10.202.42.25/32
10.202.42.28/32
set security address-book global address HCB-USR-10.202.42.5-WKHCB125 10.202.42.5/32
10.202.42.55/32
10.202.42.135/32
10.202.42.22/32
set security address-book global address RM3-GTW-172.26.78.10 172.26.78.10/32
set security address-book global address HKG-GTW-192.255.10.79-Citrix_VDA
192.255.10.79/32
set security address-book global address HCB-USR-10.202.42.110-NgoHaiVi
10.202.42.110/32
10.202.42.23/32
10.202.42.33/32
10.202.42.59/32
10.202.42.61/32
10.202.42.69/32
10.202.42.73/32
set security address-book global address INT-122.248.211.189-Cloud_Proxy
122.248.211.189/32
set security address-book global address INT-185.221.69.0/24-Cloud_Proxy
185.221.69.0/24
set security address-book global address INT-185.221.71.0/24-Cloud_Proxy
185.221.71.0/24
52.220.144.74/32
set security address-book global address INT-52.74.5.157-Cloud_Proxy 52.74.5.157/32
52.77.108.133/32
54.251.95.101/32
set security address-book global address RM3-GTW-10.231.176.27-IT-AV-EPO-1101
10.231.176.27/32
set security address-book global address RM3-GTW-10.231.176.28-IT-AV-AHR-1101
10.231.176.28/32
set security address-book global address RM3-GTW-10.231.176.29-IT-AV-AHR-1102
10.231.176.29/32
set security address-book global address SLM-GTW-10.230.176.28-IT-AV-AHR-1201
10.230.176.28/32
set security address-book global address HCB-EXT-202.58.245.14-DTS2.0
202.58.245.14/32
set security address-book global address VCB-INT-103.11.172.42-Vietcombank
103.11.172.42/32
set security address-book global address 192.165.220.164-Reuter 192.165.220.164/32
set security address-book global address HCMBCP-GTW-10.202.86.0/23-HCMBCP
10.202.86.0/23
set security address-book global address HCMBCP-10.202.87.176/28-HCMDR_SWIFT_User
10.202.87.176/28
set security address-book global address INT-202.58.245.171-SBV 202.58.245.171/32
set security address-book global address SLM-GTW-172.18.89.28-amlwebvnppva
172.18.89.28/32
set security address-book global address RM3-GTW-10.136.88.1-ssrs-uat 10.136.88.1/32
set security address-book global address RM3-GTW-10.136.88.14-sbfe-uat2
10.136.88.14/32
set security address-book global address RM3-GTW-10.136.88.7-WPEWEB1601
10.136.88.7/32
set security address-book global address RM3-GTW-10.136.88.8-WPEWEB1601
10.136.88.8/32
set security address-book global address RM3-GTW-10.148.117.40-swfbkpd01
10.148.117.40/32
10.148.117.41/32
10.148.117.42/32
set security address-book global address RM3-GTW-10.148.117.97-GPSSWFAWP1101
10.148.117.97/32
set security address-book global address RM3-GTW-10.85.6.196-bblglw1 10.85.6.196/32
set security address-book global address RM3-GTW-10.85.6.197-bblglw2 10.85.6.197/32
set security address-book global address RM3-GTW-10.85.6.28-bblglap1 10.85.6.28/32
set security address-book global address RM3-GTW-10.85.6.29-bblgldb1_vip
10.85.6.29/32
set security address-book global address RM3-GTW-10.85.7.132-SAG1 10.85.7.132/32
set security address-book global address RM3-GTW-10.85.7.133-GPDSWFR3SAG02
10.85.7.133/32
set security address-book global address RM3-GTW-10.95.95.71-ebswspd3 10.95.95.71/32
set security address-book global address RM3-GTW-172.26.14.1-report2 172.26.14.1/32
set security address-book global address RM3-GTW-172.26.14.10-rpcwapd1
172.26.14.10/32
set security address-book global address RM3-GTW-172.26.14.100-report2008
172.26.14.100/32
set security address-book global address RM3-GTW-172.26.14.3-report1 172.26.14.3/32
set security address-book global address RM3-GTW-172.26.2.1-BKK1 172.26.2.1/32
set security address-book global address RM3-GTW-172.26.2.12-BKK2 172.26.2.12/32
set security address-book global address RM3-GTW-172.26.2.215-GPDSWFR3SAF01
172.26.2.215/32
set security address-book global address RM3-GTW-172.26.56.15-ISRAMA3 172.26.56.15/32
set security address-book global address RM3-GTW-172.26.60.126-ESIS_PROD
172.26.60.126/32
set security address-book global address RM3-GTW-172.26.60.136-S03.intranet.bbl
172.26.60.136/32
set security address-book global address RM3-GTW-172.26.60.137-S04.Intranet.bbl
172.26.60.137/32
set security address-book global address RM3-GTW-172.26.60.151-r01.intranet.bbl
172.26.60.151/32
set security address-book global address RM3-GTW-172.26.60.193-sbfe-uat
172.26.60.193/32
set security address-book global address RM3-GTW-172.26.60.200-ssrs-uat
172.26.60.200/32
set security address-book global address RM3-GTW-172.26.60.23-S03.intranet.bbl
172.26.60.23/32
set security address-book global address RM3-GTW-172.26.78.67-PKI_Server
172.26.78.67/32
set security address-book global address RM3-GTW-172.26.84.100-SWFBKPD3
172.26.84.100/32
172.26.84.101/32
172.26.84.102/32
set security address-book global address RM3-GTW-172.28.10.33-IT-WPEWEBA1101
172.28.10.33/32
set security address-book global address RM3-GTW-172.28.10.43-IT-WPEWEBA1102
172.28.10.43/32
set security address-book global address RM3-GTW-172.28.10.60-SQLRS1011
172.28.10.60/32
set security address-book global address RM3-GTW-172.28.2.68-DV02 172.28.2.68/32
set security address-book global address RM3-GTW-172.28.2.71-PD08 172.28.2.71/32
set security address-book global address RM3-GTW-172.28.42.27-GPSSW-WEB1101
172.28.42.27/32
set security address-book global address RM3-GTW-172.28.42.57-ESIS_UAT
172.28.42.57/32
set security address-book global address RM3-GTW-172.28.42.78-GPSSW-WEB1111
172.28.42.78/32
set security address-book global address SLM-GTW-10.136.100.26-sbfe-uat.test.bbl
10.136.100.26/32
set security address-book global address SLM-GTW-10.136.117.40-swfbkdr01-VIP
10.136.117.40/32
set security address-book global address SLM-GTW-10.136.117.97-GPSSWFAWP1201
10.136.117.97/32
set security address-book global address SLM-GTW-10.136.119.4-swfbkua1
10.136.119.4/32
set security address-book global address SLM-GTW-10.136.119.65-GPSSWFAWP1601
10.136.119.65/32
set security address-book global address SLM-GTW-10.136.89.140-GPSSW-WEB1301
10.136.89.140/32
set security address-book global address SLM-GTW-10.136.89.32-CPASTMWEB1401
10.136.89.32/32
10.136.89.45/32
set security address-book global address SLM-GTW-10.35.6.11-bblglap3 10.35.6.11/32
set security address-book global address SLM-GTW-10.35.6.196-bblglw3 10.35.6.196/32
set security address-book global address SLM-GTW-10.35.6.21-bblgldb3 10.35.6.21/32
set security address-book global address SLM-GTW-10.35.6.22-bblofa3 10.35.6.22/32
set security address-book global address SLM-GTW-10.35.7.132-GPDSWFHSAG01
10.35.7.132/32
set security address-book global address SLM-GTW-172.18.14.1-report 172.18.14.1/32
set security address-book global address SLM-GTW-172.18.14.11-rpcwadr1
172.18.14.11/32
set security address-book global address SLM-GTW-172.18.16.209-OAHQSRV05
172.18.16.209/32
set security address-book global address SLM-GTW-172.18.2.1-BKK3DR 172.18.2.1/32
set security address-book global address SLM-GTW-172.18.2.100-BKK3DV 172.18.2.100/32
set security address-book global address SLM-GTW-172.18.56.15-ISSILOM 172.18.56.15/32
set security address-book global address SLM-GTW-172.18.60.145-s03.intranet.bbl
172.18.60.145/32
set security address-book global address SLM-GTW-172.18.60.146-TeleTrade_OVS
172.18.60.146/32
set security address-book global address SLM-GTW-172.18.60.76-ESIS_DR 172.18.60.76/32
set security address-book global address SLM-GTW-172.18.60.95-REPORTCENTER_LB
172.18.60.95/32
set security address-book global address SLM-GTW-172.18.84.100-SWFBKDR1
172.18.84.100/32
set security address-book global address SLM-GTW-172.18.84.99-SWFBKUA1
172.18.84.99/32
set security address-book global address SLM-GTW-172.20.10.33-IT-WPEWEB1201
172.20.10.33/32
set security address-book global address SLM-GTW-172.20.10.42-s03.intranet.bbl
172.20.10.42/32
set security address-book global address SLM-GTW-172.20.2.67-PD08 172.20.2.67/32
172.20.42.11/32
172.20.42.73/32
set security address-book global address RM3-GTW-10.145.2.0/23-CC_Floor3
10.145.2.0/23
set security address-book global address RM3-GTW-10.145.2.0/24-CC_Floor3
10.145.2.0/24
set security address-book global address RM3-GTW-10.231.180.1-CCISEPAN01
10.231.180.1/32
set security address-book global address RM3-GTW-10.231.180.2-CCISEMNT01
10.231.180.2/32
set security address-book global address RM3-GTW-10.231.180.3-CCISEPSN01
10.231.180.3/32
set security address-book global address RM3-GTW-10.231.180.4-CCISEPSN02
10.231.180.4/32
set security address-book global address SLM-GTW-10.230.180.1-SMISEPAN01
10.230.180.1/32
set security address-book global address SLM-GTW-10.230.180.2-SMISEMNT01
10.230.180.2/32
set security address-book global address SLM-GTW-10.230.180.3-SMISEPSN01
10.230.180.3/32
set security address-book global address SLM-GTW-10.230.180.4-SMISEPSN02
10.230.180.4/32
set security address-book global address 172.18.16.163-oahqsccmpri01 172.18.16.163/32
set security address-book global address 172.18.16.165-oahqecmsql01 172.18.16.165/32
set security address-book global address INT-103.9.200.87-thuedientu.gdt.gov.vn
103.9.200.87/32
set security address-book global address SLM-GTW-10.136.88.23-it-wpeweb1604
10.136.88.23/32
set security address-book global address RM3-GTW-10.231.176.24-SM-SPS01
10.231.176.24/32
set security address-book global address RM3-GTW-10.231.241.35-IT-AV-AP-1101.oa.bbl
10.231.241.35/32
set security address-book global address SLM-GTW-10.230.176.24-SM-SPS02
10.230.176.24/32
set security address-book global address SLM-GTW-10.230.241.35-IT-AV-AP-1102.oa.bbl
10.230.241.35/32
set security address-book global address INT-13.107.4.52-msftconnecttest.com
13.107.4.52/32
set security address-book global address INT-161.69.102.0/24-McAfee_POP
161.69.102.0/24
161.69.109.0/24
161.69.119.0/24
set security address-book global address INT-161.69.73.0/24-McAfee_POP 161.69.73.0/24
set security address-book global address RM3-GTW-10.231.176.30-SM-AV-DXL01
10.231.176.30/32
set security address-book global address RM3-GTW-10.231.176.31-SM-AV-DXL02
10.231.176.31/32
set security address-book global address SLM-GTW-10.230.176.29-SM-AV-DXL03
10.230.176.29/32
set security address-book global address INT-103.205.100.81-qlvb.sbv.hanoi.gov.vn
103.205.100.81/32
set security address-book global address HCB-USR-10.202.42.41-CITAD_Backup_Server
10.202.42.41/32
set security address-book global address HNB-DCT-10.202.41.100 10.202.41.100/32
10.202.42.143/32
set security address-book global address OVS-GTW-10.204.0.0/16 10.204.0.0/16
set security address-book global address 10.44.216.1-30_SSL_VPN-mem0 10.44.216.1/32
set security address-book global address 10.44.88.1-30-SSL_VPN-mem0 10.44.88.1/32
set security address-book global address RM3-GTW-172.26.16.76-OARM3ECMDP01.oa.bbl
172.26.16.76/32
set security address-book global address 10.136.87.15-ccmwsdv.bbl.co.th
10.136.87.15/32
set security address-book global address 10.95.95.66-dimenxion.bangkokbank.com
10.95.95.66/32
set security address-book global address HCB-DCT-10.202.43.103-HCVSDSTP01
10.202.43.103/32
set security address-book global address HCB-DCT-10.202.43.104-HCVSDSTP02
10.202.43.104/32
set security address-book global address HCB-EXT-10.202.43.193-HCVSDSVR
10.202.43.193/32
set security address-book global address HCB-USR-10.202.42.144-WKCHB131
10.202.42.144/32
set security address-book global address SLM-GTW-10.127.203.162-WK2622004
10.127.203.162/32
set security address-book global address SLM-GTW-10.127.203.163-WK2622005
10.127.203.163/32
set security address-book global address RM3-GTW-172.28.10.20-SFTP_Server
172.28.10.20/32
set security address-book global address SLM-GTW-172.20.10.30-sftp_server_test
172.20.10.30/32
10.202.42.51/32
set security address-book global address HNB-USR-10.202.40.180-WKHNB016
10.202.40.180/32
set security address-book global address NYB-DCT-10.202.57.117-GPS_Payment_System
10.202.57.117/32
set security address-book global address NYDR-DCT-10.202.55.117-GPS_Payment_System
10.202.55.117/32
set security address-book global address INT-110.164.11.0/24-
msftconnecttest.com_msftncsi.com 110.164.11.0/24
set security address-book global address INT-119.46.207.0/24-
msftconnecttest.com_msftncsi.com 119.46.207.0/24
set security address-book global address INT-161.69.88.0/24-McAfee_POP 161.69.88.0/24
set security address-book global address HCB-SVC-10.202.43.75 10.202.43.75/32
set security address-book global address RM3-GTW-10.150.144.3-WPECITCXA1101
10.150.144.3/32
set security address-book global address RM3-GTW-10.150.144.4-WPECITCXA1102
10.150.144.4/32
set security address-book global address SLM-GTW-10.138.144.3-WPECITCXA1201
10.138.144.3/32
set security address-book global address SLM-GTW-10.138.144.4-WPECITCXA1202
10.138.144.4/32
set security address-book global address RM3-GTW-10.231.241.129-IT-OM-MS-1101
10.231.241.129/32
set security address-book global address RM3-GTW-10.231.241.130-IT-OM-MS-1102
10.231.241.130/32
set security address-book global address msftconnecttest.com dns-name
msftconnecttest.com
set security address-book global address msftncsi.com dns-name msftncsi.com
set security address-book global address HCB-EXT-10.202.43.194-HC01KRXSVR
10.202.43.194/32
set security address-book global address RM3-GTW-10.231.244.129-SM-VA-R7E-1101
10.231.244.129/32
10.231.244.130/32
10.231.244.131/32
10.231.244.132/32
set security address-book global address SLM-GTW-10.230.244.129-SM-VA-R7E-1201
10.230.244.129/32
set security address-book global address SLM-GTW-10.230.244.130-SM-VA-R7E-1202
10.230.244.130/32
set security address-book global address HNB-SVC-10.202.41.65-OAOVSHNBSDC01
10.202.41.65/32
set security address-book global address-set HCB-INT-ISP_DNS address HCB-INT-
202.153.97.2-ISP_DNS
set security address-book global address-set HCB-INT-ISP_DNS address HCB-INT-
202.153.97.130-ISP_DNS
set security address-book global address-set HCB-MGT-PAW address HCB-MGT-
10.202.43.136-WKHCBPAW01
set security address-book global address-set HCB-MGT-PAW address HCB-MGT-
10.202.43.137-WKHCBPAW02
set security address-book global address-set HCB-SVC-BlueCoat address HCB-SVC-
10.202.43.90-SMOVSHCBPXY01
set security address-book global address-set HCB-SVC-BlueCoat address HCB-SVC-
10.202.43.88-SMOVSHCBPXY02
set security address-book global address-set HCB-SVC-OA_DC address HCB-SVC-
10.202.43.65-OAOVSHCBSDC01
set security address-book global address-set HCB-SVC-OA_DC address HCB-SVC-
set security address-book global address-set HCB-SVC-OA_File_Server address HCB-SVC-
10.202.43.67-OAOVSHCBSRV01
set security address-book global address-set HCB-SVC-OA_File_Server address HCB-SVC-
10.202.43.68-OAOVSHCBSRV02
set security address-book global address-set HCB-SVC-OA_File_Server address HCM-SVC-
10.202.43.71-OAOVSHCBVM02_DFSR
set security address-book global address-set HCB-SVC-WSUS_OSCE address HCB-SVC-
10.202.43.70-OAOVSHCBMNT01
set security address-book global address-set HCB-USR-EDP address HCB-USR-
10.202.42.171-EDP
set security address-book global address-set HCB-USR-EDP address HCB-USR-
10.202.42.172-EDP
set security address-book global address-set HNB-MGT-PAW address HNB-MGT-
10.202.41.136-WKHNBPAW01
set security address-book global address-set HNB-SVC-OA_File_Server address HNB-SVC-
10.202.41.67-OAOVSHNBSRV01
set security address-book global address-set NYB-DCT-eGIFTS address NYB-DCT-
10.202.57.99-eGIFTS
10.202.57.101-eGIFTS_Oracle_Cluster
10.202.57.100-eGIFTS_MS_Cluster
192.255.5.21-eGIFTS
192.255.5.22-eGIFTS
192.255.5.23-eGIFTS_MS_Cluster
192.255.5.25-eGIFTS_Oracle_Cluster
10.202.57.110-NYBMQ01
10.202.57.111-NYBSVR01
10.202.57.106-AMLSERVER
set security address-book global address-set OVS-GTW-OA_DC address CBB-SVC-
10.202.155.65-OAOVSCBBSDC01
set security address-book global address-set OVS-GTW-OA_DC address CBB-SVC-
10.202.155.66-OAOVSCBBSDC02
set security address-book global address-set OVS-GTW-OA_DC address SGP-SVC-
10.202.1.83-OAOVSSGBSDC01
10.202.1.84-OAOVSSGBSDC02
set security address-book global address-set OVS-GTW-OA_DC address VTB-SVC-
10.202.153.65-OAOVSVTBSDC01
10.202.153.66-OAOVSVTBSDC02
set security address-book global address-set OVS-GTW-OA_DC address YGB-SVC-
10.202.157.65-OAOVSYGBSDC01
set security address-book global address-set OVS-GTW-OA_DC address YGB-SVC-
10.202.157.66-OAOVSYGBSDC02
set security address-book global address-set OVS-GTW-OA_DC address PSB-SVC-
10.202.163.65-OAOVSPSBSDC01
set security address-book global address-set OVS-GTW-OA_DC address HNB-SVC-
10.202.41.65-OAOVSHNBRODC01
set security address-book global address-set OVS-GTW-OA_DC address JKB-SVC-
10.202.53.65-OAOVSJKBSDC01
set security address-book global address-set OVS-GTW-OA_DC address SBB-SVC-
10.202.47.65-OAOVSSBBRODC01
set security address-book global address-set OVS-GTW-OA_DC address SMD-SVC-
10.202.51.65-OAOVSMDBRODC01
set security address-book global address-set OVS-GTW-OA_DC address TPB-SVC-
10.202.19.65-OAOVSTPBSDC01
set security address-book global address-set OVS-GTW-OA_DC address KHB-SVC-
10.202.15.65-OAOVSKHBRODC01
set security address-book global address-set OVS-GTW-OA_DC address TCB-SVC-
10.202.17.65-OAOVSTCBRODC01
set security address-book global address-set OVS-GTW-OA_DC address TKB-SVC-
10.202.21.65-OAOVSTKBSDC01
set security address-book global address-set OVS-GTW-OA_DC address OSB-SVC-
10.202.23.65-OAOVSOSBRODC01
set security address-book global address-set OVS-GTW-OA_DC address MNB-SVC-
10.202.67.65-OAOVSMNBSDC01
set security address-book global address-set OVS-GTW-OA_DC address JKB-SVC-
10.202.53.66-OAOVSJKBSDC02
set security address-book global address-set OVS-GTW-OA_DC address TPB-SVC-
10.202.19.66-OAOVSTPBSDC02
set security address-book global address-set OVS-GTW-OA_DC address TKB-SVC-
10.202.21.66-OAOVSTKBSDC02
set security address-book global address-set OVS-GTW-OA_DC address MNB-SVC-
10.202.67.66-OAOVSMNBSDC02
set security address-book global address-set OVS-GTW-OA_DC address NYB-SVC-
10.202.57.66-OAOVSNYBSDC02
set security address-book global address-set OVS-GTW-OA_DC address NYB-SVC-
10.202.57.65-OAOVSNYBSDC01
set security address-book global address-set OVS-GTW-OA_DC address NYDR-SVC-
10.202.55.65-OAOVSNYDRSDC01
set security address-book global address-set OVS-GTW-OA_DC address HCB-SVC-
set security address-book global address-set OVS-GTW-OA_DC address HCB-SVC-
set security address-book global address-set OVS-GTW-OA_DC address SGDR-SVC-
10.202.71.65-OAOVSSGDRSDC01
set security address-book global address-set OVS-GTW-OA_DC address LDB-SVC-
10.202.81.65-OAOVSLDBSDC01
set security address-book global address-set OVS-GTW-OA_DC address LDB-SVC-
10.202.81.66-OAOVSLDBSDC02
10.202.1.65-OAOVSSGSDC01
10.202.1.66-OAOVSSGSDC02
set security address-book global address-set OVS-GTW-OA_DC address PSB-SVC-
10.202.163.81-OAOVSPSSDC01
10.202.153.81-OAOVSVTSDC01
10.202.153.82-OAOVSVTSDC02
set security address-book global address-set RM3-GTW-ACS address RM3-GTW-172.28.9.3-
ACS
set security address-book global address-set RM3-GTW-ADHC address RM3-GTW-
172.26.16.195-OAADHC01
set security address-book global address-set RM3-GTW-BlueCoat_Admin address RM3-GTW-
10.145.3.191-Chanu
10.145.2.58-Surachai
10.145.3.204-Walaiporn
10.145.3.107-Chanu
set security address-book global address-set RM3-GTW-BlueCoat_MC address RM3-GTW-
10.145.22.109-BC_MC
set security address-book global address-set RM3-GTW-CA_NSM address RM3-GTW-
172.27.248.21-NSMCA_SPT1101
172.27.248.11-NSMR3SPT01
172.27.248.29-NSMDCPD01
172.27.248.25-NSMCA-SPT6105.oa.bbl
10.231.241.23-NSMCA-SPS1101
10.231.241.24-NSMCA-SPS1102
10.231.241.30-NSMCA-SPT6105
10.231.241.29-NSMDCPD01
10.231.241.25-NSMCA-VAI1101
set security address-book global address-set RM3-GTW-CITRIX address RM3-GTW-
172.26.2.222-wper3cit01
set security address-book global address-set RM3-GTW-FW_Admin address RM3-GTW-
10.145.3.107-Bhumin
10.145.3.191-Chanu
10.145.3.193-Witthawat
10.145.53.204-Security
set security address-book global address-set RM3-GTW-InternalWeb address RM3-GTW-
172.26.60.0/24-InternalWeb
set security address-book global address-set RM3-GTW-InternalWeb address RM3-GTW-
10.95.92.13-ibanking
set security address-book global address-set RM3-GTW-Network_PC address RM3-GTW-
10.145.3.161-Zee_PC
10.145.3.202-Winai_PC
10.145.3.71-Network_PC
10.145.3.110-Network_PC
10.145.3.146-Network_PC
10.145.3.72-Watcharin
10.145.2.58-Surachai
10.145.3.250-CC03A1-EX1_Switch
10.145.2.0/23-CC_Floor3
10.145.2.0/24-CC_Floor3
set security address-book global address-set RM3-GTW-OA_DC address RM3-GTW-
172.26.16.10-OAR3BBBDC01
172.26.16.3-OARM3SDC02
172.26.16.5-OAR3OVSDC01
172.26.16.1-OARM3SDC01
172.26.16.113
set security address-book global address-set RM3-GTW-OA_Mail_Servers address RM3-GTW-
172.26.60.49-OAR3CASARRAY
set security address-book global address-set RM3-GTW-OA_Mail_Servers address RM3-GTW-
172.26.60.59-OAR3OWALBIP
set security address-book global address-set RM3-GTW-OA_RMS address RM3-GTW-
172.26.16.215-OAR3ADRMS01
172.26.16.216-OAR3ADRMS02
172.26.16.217-adrms.oa.bbl
set security address-book global address-set RM3-GTW-OA_Remote_Terminal address RM3-
GTW-172.26.16.7-OAR3OVSTERM01
GTW-172.26.16.8-OAR3OVSTERM02
GTW-10.145.53.204-Security
GTW-172.26.16.161-OAMONSRV01
GTW-172.26.16.62-OAADHC01
set security address-book global address-set RM3-GTW-OA_Skype address RM3-GTW-
172.26.16.223-OAR3SFBDP01
172.26.16.224-OAR3SFBDP02
172.26.16.225-OAR3SFBFE01
172.26.16.226-OAR3SFBFE02
172.26.16.227-OAR3SFBFE03
set security address-book global address-set RM3-GTW-SCOM address RM3-GTW-
172.27.248.53-NSMR3OMMS02
set security address-book global address-set RM3-GTW-SCOM address RM3-GTW-
172.27.248.52-NSMR3OMMS01
set security address-book global address-set RM3-GTW-TMCM address RM3-GTW-
10.150.129.5-TMCM
set security address-book global address-set SLM-GTW-BlueCoat_Director address SLM-
GTW-172.18.77.2-BC_Director
set security address-book global address-set SLM-GTW-BlueCoat_Reporter address SLM-
GTW-10.46.244.30-BC_Reporter
set security address-book global address-set SLM-GTW-CITRIX address SLM-GTW-
172.18.2.227-wpehcit01
set security address-book global address-set SLM-GTW-CITRIX address SLM-GTW-
172.18.2.222-wpehcit01
set security address-book global address-set SLM-GTW-ICDM address SLM-GTW-
172.18.60.64-icdmce
172.21.16.132-icdmslp1
172.21.16.133-icdmslp2
set security address-book global address-set SLM-GTW-InternalWeb address SLM-GTW-
172.18.60.0/24-InternalWeb
172.18.16.206-www.pbg.bangkokbank.com
172.18.16.183-OAHWEB02
172.18.77.1-ICMHAUTH01
set security address-book global address-set SLM-GTW-NetUX address SLM-GTW-
10.128.120.225-NetUX
set security address-book global address-set SLM-GTW-NetUX address SLM-GTW-
10.128.120.226-NetUX
set security address-book global address-set SLM-GTW-OA_CERT address SLM-GTW-
172.18.16.106-OAHISSUECA01
set security address-book global address-set SLM-GTW-OA_DC address SLM-GTW-
172.18.16.1-OAHQSDC01
172.18.16.3-OAHQSDC02
172.18.16.5-OAHQOVSDC01
set security address-book global address-set SLM-GTW-OA_DC address SLM-GTW-10.15.0.1-
OAHSDC01
set security address-book global address-set SLM-GTW-OA_DC address SLM-GTW-10.15.0.2-
OAHSDC02
172.18.16.115-OAHQADASSET01
172.18.16.113
172.18.16.10
set security address-book global address-set SLM-GTW-OA_File_Servers address SLM-GTW-
172.18.16.77-OAHSRV01
set security address-book global address-set SLM-GTW-OA_File_Servers address SLM-GTW-
172.19.252.65-OAHQNAS01
set security address-book global address-set SLM-GTW-OA_LYNC address SLM-GTW-
172.18.16.149-OAHLYNCFE01
set security address-book global address-set SLM-GTW-OA_LYNC address SLM-GTW-
172.18.16.154-OAHLYNCFE02
set security address-book global address-set SLM-GTW-OA_Mail_Servers address SLM-GTW-
172.18.60.49-OAHQCASARRAY
172.18.60.59-OAHQOWALBIP
172.18.60.69-oasmtp.oa.bbl
172.18.16.131-OAHEXMB01
172.18.16.124-OAHEXHC02
172.18.16.51-OAHQEXMB01
172.18.16.151-OAHEX2K7.oa.bbl
set security address-book global address-set SLM-GTW-OA_RMS address SLM-GTW-
172.18.16.94-OAHRMS01
set security address-book global address-set SLM-GTW-OA_Remote_Terminal address SLM-
GTW-10.15.8.4-OAHMISC01
set security address-book global address-set SLM-GTW-OA_Remote_Terminal address SLM-
GTW-172.18.16.104-OAHMISC01
set security address-book global address-set SLM-GTW-OA_SMS address SLM-GTW-
10.15.8.3-OAHMGT01
set security address-book global address-set SLM-GTW-OA_SMS address SLM-GTW-
172.18.16.105-OAHMGT01
set security address-book global address-set SLM-iGlobal-Servers address SLM-GTW-
10.136.80.1-iGlobal-Test-Server1
172.18.60.74-iGlobal-UAT
10.136.82.3-IBGVHS1UAS01
172.18.60.75-iGlobalBANK-UAT
172.18.2.227-wpehcit01
set security address-book global address-set RM3-GTW-ICDM address RM3-GTW-
172.29.16.131-ICDM
set security address-book global address-set RM3-GTW-ICDM address RM3-GTW-
172.29.16.137-ICDM
set security address-book global address-set HKG-CitrixServers address KLN-GTW-
192.255.11.74-CITRIX
set security address-book global address-set HKG-CitrixServers address HKG-GTW-
192.255.1.78-BBLAPP78
192.255.1.79-BBLAPP79
192.255.1.82-BBLAPP80
192.255.1.74-BBLAPP15
192.255.1.75-BBLAPP16
set security address-book global address-set HKG-CitrixServers address HKDR-GTW-
192.255.27.74-BBLAPP24
192.255.10.12-TSTAPP07
set security address-book global address-set HKG-CitrixServers address KWB-GTW-
192.255.11.15-Citrix
set security address-book global address-set HKG-CitrixServers address KWB-GTW-
192.255.11.3-KNB_BBLAPP28_SWIFT
set security address-book global address-set HKG-CitrixServers address HKB-GTW-
192.255.1.29-OSC-BBLAPP06
192.255.1.83-New_Citrix_Server
192.255.1.80-Citrix_Backup
172.22.22.3-SWIFT_Server
10.202.61.102-CITRIX_Test_Server
10.202.161.103-CITRIX_Test_Server
192.255.1.15-OSC-BBLAPP22
192.255.1.30-OSC-BBLAPP21
10.202.61.133-SWIFT
10.202.61.135-SWIFT
10.202.13.133-SWIFT_DR
10.202.13.100-SWIFT_Workstations
192.255.27.78-DR_Citrix1
192.255.27.79-DR_Citrix2
192.255.10.201-eStatement_UAT
set security address-book global address-set HCB-USR-VPN_for_COVID address HCB-USR-
10.202.42.172-EDP
10.202.42.164-HCWS-02
10.202.42.165-HCWS-03
10.202.42.105
10.202.42.111
10.202.42.126
10.202.42.133
10.202.42.139
10.202.42.140
10.202.42.141
10.202.42.142
10.202.42.189
10.202.42.19
10.202.42.125
10.202.42.115
10.202.42.28-WKHCB020
10.202.42.129-WKHCB027
10.202.42.122-WKHCB050
10.202.42.55-WKHCB052
10.202.42.101-WKHCB069
10.202.42.102-WKHCB071
10.202.42.11-WKHCB111
10.202.42.20-WKHCB117
10.202.42.25-WKHCB118
10.202.42.5-WKHCB125
10.202.42.135-WKHCB021
10.202.42.36-WKHCB023
10.202.42.22-WKHCB100
10.202.42.171-EDP
10.202.42.110-NgoHaiVi
10.202.42.69-WKHCB040
10.202.42.73-WKHCB072
10.202.42.33-WKHCB101
10.202.42.61-WKHCB045
10.202.42.59-WKHCB087
10.202.42.23-WKHCB0103
set security address-book global address-set SSLVPN-Pool address SLM-GTW-
10.46.62.0/24-SSLVPN
10.46.64.0/24-SSL_SNAT-Pool
10.46.65.0/24-SSL_SNAT-Pool
10.46.66.0/24-SSLVPN-Pool
set security address-book global address-set RM3-GTW-WIFI_User address RM3-GTW-
10.145.201.0/24-WIFI_User
10.145.202.0/24-WIFI_User
10.145.203.0/24-WIFI_User
10.145.204.0/24-WIFI_User
10.145.205.0/24-WIFI_User
10.145.216.0/21-WIFI_User
set security address-book global address-set McAfee_POP_Laos_SGB_VN_PH_CBD_MYM
address INT-185.221.69.0/24-Cloud_Proxy
address INT-185.221.71.0/24-Cloud_Proxy
address INT-54.251.95.101-Cloud_Proxy
set security address-book global address-set McAfee_POP_HK address INT-
161.69.109.0/24-McAfee_POP
set security address-book global address-set McAfee_POP_HK address INT-
161.69.88.0/24-McAfee_POP
set security address-book global address-set RM3-GTW-EBS address RM3-GTW-10.95.95.71-
ebswspd3
set security address-book global address-set RM3-GTW-ESIS address RM3-GTW-
172.26.60.126-ESIS_PROD
set security address-book global address-set RM3-GTW-ESIS address RM3-GTW-
172.28.42.57-ESIS_UAT
set security address-book global address-set RM3-GTW-GL_DB_FORM address RM3-GTW-
10.85.6.29-bblgldb1_vip
set security address-book global address-set RM3-GTW-GL_DB_FORM address RM3-GTW-
10.85.6.28-bblglap1
set security address-book global address-set RM3-GTW-GL_WEB address RM3-GTW-
10.85.6.196-bblglw1
set security address-book global address-set RM3-GTW-GL_WEB address RM3-GTW-
10.85.6.197-bblglw2
set security address-book global address-set RM3-GTW-Mainframe address RM3-GTW-
172.28.2.68-DV02
set security address-book global address-set RM3-GTW-Mainframe address RM3-GTW-
172.28.2.71-PD08
set security address-book global address-set RM3-GTW-ReportCenter address RM3-GTW-
172.26.14.1-report2
172.26.14.3-report1
172.26.14.100-report2008
172.26.14.10-rpcwapd1
set security address-book global address-set RM3-GTW-ReportCenter address SLM-GTW-
172.18.60.95-REPORTCENTER_LB
set security address-book global address-set RM3-GTW-SBFE address RM3-GTW-
10.136.88.1-ssrs-uat
172.26.60.136-S03.intranet.bbl
172.28.10.33-IT-WPEWEBA1101
172.28.10.43-IT-WPEWEBA1102
172.26.60.193-sbfe-uat
172.26.60.151-r01.intranet.bbl
10.136.88.7-WPEWEB1601
10.136.88.8-WPEWEB1601
172.26.60.200-ssrs-uat
172.28.10.60-SQLRS1011
172.26.60.23-S03.intranet.bbl
set security address-book global address-set RM3-GTW-SWIFT_Production address RM3-
GTW-172.26.2.1-BKK1
set security address-book global address-set RM3-GTW-SWIFT_Production address RM3-
GTW-172.26.2.12-BKK2
set security address-book global address-set RM3-GTW-TeleTrade address RM3-GTW-
172.28.10.33-IT-WPEWEBA1101
172.28.10.43-IT-WPEWEBA1102
172.26.60.137-S04.Intranet.bbl
10.136.88.14-sbfe-uat2
set security address-book global address-set SLM-GTW-EBS address SLM-GTW-10.46.95.75-
ebswsua2
set security address-book global address-set SLM-GTW-ESIS address SLM-GTW-
172.18.60.76-ESIS_DR
set security address-book global address-set SLM-GTW-GL_DB_FORM address SLM-GTW-
10.35.6.21-bblgldb3
10.35.6.11-bblglap3
10.35.6.196-bblglw3
set security address-book global address-set SLM-GTW-GL_WEB address SLM-GTW-
10.35.6.22-bblofa3
set security address-book global address-set SLM-GTW-Mainframe address SLM-GTW-
172.20.2.67-PD08
set security address-book global address-set SLM-GTW-ReportCenter address SLM-GTW-
172.18.14.1-report
set security address-book global address-set SLM-GTW-ReportCenter address SLM-GTW-
172.18.14.11-rpcwadr1
set security address-book global address-set SLM-GTW-SBFE address SLM-GTW-
172.18.60.145-s03.intranet.bbl
172.20.10.33-IT-WPEWEB1201
172.18.60.146-TeleTrade_OVS
10.136.100.26-sbfe-uat.test.bbl
172.20.10.42-s03.intranet.bbl
set security address-book global address-set SLM-GTW-SWIFT_Test_DR address SLM-GTW-
172.18.2.1-BKK3DR
set security address-book global address-set SLM-GTW-SWIFT_Test_DR address SLM-GTW-
172.18.2.100-BKK3DV
set security address-book global address-set SWIFT_New_Server address SLM-GTW-
172.18.84.99-SWFBKUA1
set security address-book global address-set SWIFT_New_Server address RM3-GTW-
172.26.84.101-SWFBKPD1
172.26.84.102-SWFBKPD2
set security address-book global address-set SWIFT_New_Server address SLM-GTW-
172.18.84.100-SWFBKDR1
172.26.84.100-SWFBKPD3
set security address-book global address-set McAfee_POP_SG address INT-
185.221.69.0/24-Cloud_Proxy
185.221.71.0/24-Cloud_Proxy
161.69.119.0/24-McAfee_POP
161.69.102.0/24-McAfee_POP
161.69.73.0/24-McAfee_POP
set security address-book global address-set HNB-SVC-OA_DC address HNB-SVC-
10.202.41.65-OAOVSHNBSDC01
set security alg sccp disable
set security alg sip disable
set security nat source pool source-nat-pool-Mail address 10.202.73.0/24
set security nat source pool SBV address 113.161.118.216/32 to 113.161.118.221/32
set security nat source rule-set source-nat-1 from zone USR
set security nat source rule-set source-nat-1 to zone EXT
set security nat source rule-set source-nat-1 rule 1-1 match source-address
10.202.42.155/32
10.202.42.153/32
10.202.42.154/32
10.202.42.156/32
set security nat source rule-set source-nat-1 rule 1-1 match destination-address
192.168.10.11/32
192.168.10.13/32
192.168.10.15/32
set security nat source rule-set source-nat-1 rule 1-1 then source-nat interface
set security nat source rule-set source-nat-2 from zone EXT
set security nat source rule-set source-nat-2 rule 2-1 match source-address 0.0.0.0/0
10.210.132.115/32
192.168.100.2/32
set security nat source rule-set source-nat-3 from zone DCT
set security nat source rule-set source-nat-3 rule 3-1 match source-address 0.0.0.0/0
0.0.0.0/0
set security nat static rule-set static-nat-1 from zone EXT
set security nat static rule-set static-nat-1 rule 1-1 match destination-address
10.210.132.115/32
set security nat static rule-set static-nat-1 rule 1-1 then static-nat prefix
192.168.100.2/32
10.210.132.2/32
10.202.42.153/32
10.210.132.3/32
10.202.42.155/32
10.210.132.4/32
10.202.42.156/32
10.210.132.5/32
10.202.42.162/32
10.210.132.6/32
10.202.42.163/32
10.210.132.7/32
192.255.22.155/32
10.210.132.14/32
10.202.42.154/32
set security nat proxy-arp interface reth5.61 address 10.210.132.115/32
set security policies from-zone USR to-zone GTW policy G-USR-GTW-DC match source-
address any
set security policies from-zone USR to-zone GTW policy G-USR-GTW-DC match
destination-address SLM-GTW-OA_DC
destination-address RM3-GTW-OA_DC
destination-address OVS-GTW-OA_DC
set security policies from-zone USR to-zone GTW policy G-USR-GTW-DC match application
any
set security policies from-zone USR to-zone GTW policy G-USR-GTW-DC then permit
set security policies from-zone USR to-zone GTW policy G-USR-GTW-DC then log session-
close
set security policies from-zone USR to-zone GTW policy G-USR-GTW-MAIL match source-
address any
set security policies from-zone USR to-zone GTW policy G-USR-GTW-MAIL match
destination-address SLM-GTW-OA_Mail_Servers
destination-address RM3-GTW-OA_Mail_Servers
application any
set security policies from-zone USR to-zone GTW policy G-USR-GTW-MAIL then permit
set security policies from-zone USR to-zone GTW policy G-USR-GTW-MAIL then log
session-close
set security policies from-zone USR to-zone GTW policy G-USR-GTW-File match source-
address any
set security policies from-zone USR to-zone GTW policy G-USR-GTW-File match
destination-address SLM-GTW-OA_File_Servers
application TCP-139
application TCP-2277
application TCP-445
application junos-nbds
application junos-nbname
application junos-icmp-ping
application TCP-135
set security policies from-zone USR to-zone GTW policy G-USR-GTW-File then permit
set security policies from-zone USR to-zone GTW policy G-USR-GTW-File then log
session-close
set security policies from-zone USR to-zone GTW policy G-USR-GTW-MS_Team_Deny match
source-address CBB-USR-10.202.154.0/24-USR_PC
source-address PSB-USR-10.202.162.0/24-USR_PC
source-address VTB-USR-10.202.152.0/24-USR_PC
source-address LDB-USR-10.202.80.0/24-USR_PC
source-address MNB-USR-10.202.78.0/24-USR_PC
source-address NYB-USR-10.202.56.0/24-USR_PC
source-address TKB-USR-10.202.20.0/24-USR_PC
source-address OSB-USR-10.202.22.0/24-USR_PC
source-address JKB-USR-10.202.52.0/24-UserZone
source-address SBB-USR-10.202.46.0/24-USR_PC
source-address MDB-USR-10.202.50.0/24-USR_PC
source-address TPB-USR-10.202.18.0/24-USR_PC
source-address TCB-USR-10.202.16.0/24-USR_PC
source-address KHB-USR-10.202.14.0/24-USR_PC
source-address HCM-USR-10.202.42.0/24-USR_PC
source-address HNB-USR-10.202.40.0/24-USR_PC
destination-address SLM-GTW-10.126.0.0/15-TEAM-USER-BKK
destination-address RM3-GTW-10.144.0.0/15-TEAM-USER-BKK
destination-address Branch-GTW-10.160.0.0/11-TEAM-USER-BKK
application MS_Team_Server
application MS_Team_Client
set security policies from-zone USR to-zone GTW policy G-USR-GTW-MS_Team_Deny then
deny
set security policies from-zone USR to-zone GTW policy G-USR-GTW-MS_Team_Deny then
log session-close
set security policies from-zone USR to-zone GTW policy G-USR-GTW-MS_Team match
source-address any
destination-address RM3-GTW-10.148.122.10-Team-SBC
application MS_Team
set security policies from-zone USR to-zone GTW policy G-USR-GTW-MS_Team then permit
set security policies from-zone USR to-zone GTW policy G-USR-GTW-MS_Team then log
session-close
set security policies from-zone USR to-zone GTW policy G-USR-GTW-SkypeServer match
source-address any
destination-address SLM-GTW-OA_LYNC
destination-address RM3-GTW-OA_Skype
application Skype_Server
application Lync_Server
set security policies from-zone USR to-zone GTW policy G-USR-GTW-SkypeServer then
permit
set security policies from-zone USR to-zone GTW policy G-USR-GTW-SkypeServer then log
session-close
set security policies from-zone USR to-zone GTW policy G-USR-GTW-SkypeClient match
source-address any
destination-address any
application Skype_Client
application Lync_Client
set security policies from-zone USR to-zone GTW policy G-USR-GTW-SkypeClient then
permit
set security policies from-zone USR to-zone GTW policy G-USR-GTW-SkypeClient then log
session-close
set security policies from-zone USR to-zone GTW policy G-USR-GTW-InternalWeb-Deny
match source-address NYB-USR-10.202.56.0/24-USR_PC
match destination-address RM3-GTW-InternalWeb
match destination-address SLM-GTW-InternalWeb
match destination-address RM3-GTW-172.26.77.1-BBL_Logo
match application junos-http
then deny
then log session-close
set security policies from-zone USR to-zone GTW policy G-USR-GTW-InternalWeb match
source-address any
destination-address RM3-GTW-InternalWeb
destination-address SLM-GTW-InternalWeb
destination-address RM3-GTW-172.26.77.1-BBL_Logo
application junos-http
application junos-https
set security policies from-zone USR to-zone GTW policy G-USR-GTW-InternalWeb then
permit
set security policies from-zone USR to-zone GTW policy G-USR-GTW-InternalWeb then log
session-close
set security policies from-zone USR to-zone GTW policy G-USR-GTW-Cert match source-
address any
set security policies from-zone USR to-zone GTW policy G-USR-GTW-Cert match
destination-address SLM-GTW-OA_RMS
destination-address RM3-GTW-OA_RMS
destination-address SLM-GTW-OA_SMS
destination-address SLM-GTW-OA_CERT
application junos-ping
set security policies from-zone USR to-zone GTW policy G-USR-GTW-Cert then permit
set security policies from-zone USR to-zone GTW policy G-USR-GTW-Cert then log
session-close
set security policies from-zone USR to-zone GTW policy G-USR-GTW-SLMGR match source-
address any
set security policies from-zone USR to-zone GTW policy G-USR-GTW-SLMGR match
destination-address RM3-GTW-172.26.16.65-OASLMGR01
destination-address SLM-GTW-172.18.16.155-OASLMGR02
destination-address SLM-GTW-172.18.16.65-OASLMGR01
application junos-ms-rpc-epm
application KMS
set security policies from-zone USR to-zone GTW policy G-USR-GTW-SLMGR then permit
set security policies from-zone USR to-zone GTW policy G-USR-GTW-SLMGR then log
session-close
set security policies from-zone USR to-zone GTW policy G-USR-GTW-OTP match source-
address any
set security policies from-zone USR to-zone GTW policy G-USR-GTW-OTP match
destination-address RM3-GTW-172.26.78.68-IT-VPNATH-1102
destination-address SLM-GTW-172.18.78.68-IT-VPNATH-1202
application OTP
set security policies from-zone USR to-zone GTW policy G-USR-GTW-OTP then permit
set security policies from-zone USR to-zone GTW policy G-USR-GTW-OTP then log
session-close
set security policies from-zone USR to-zone GTW policy G-USR-GTW-BlueCoat_MC match
source-address any
destination-address RM3-GTW-BlueCoat_MC
application Proxy-MGMT
set security policies from-zone USR to-zone GTW policy G-USR-GTW-BlueCoat_MC then
permit
set security policies from-zone USR to-zone GTW policy G-USR-GTW-BlueCoat_MC then log
session-close
set security policies from-zone USR to-zone GTW policy G-USR-GTW-ICDM match source-
address any
set security policies from-zone USR to-zone GTW policy G-USR-GTW-ICDM match
destination-address SLM-GTW-ICDM
destination-address RM3-GTW-ICDM
set security policies from-zone USR to-zone GTW policy G-USR-GTW-ICDM then permit
set security policies from-zone USR to-zone GTW policy G-USR-GTW-ICDM then log
session-close
set security policies from-zone USR to-zone GTW policy G-USR-GTW-SpeedTest match
source-address any
destination-address SM-GTW-172.19.248.83-SIlom_SpeedTest
destination-address RM3-GTW-172.27.248.83-Rama3_SpeedTest
set security policies from-zone USR to-zone GTW policy G-USR-GTW-SpeedTest then
permit
set security policies from-zone USR to-zone GTW policy G-USR-GTW-SpeedTest then log
session-close
set security policies from-zone USR to-zone GTW policy G-USR-GTW-PKIISC1101 match
source-address any
destination-address RM3-GTW-172.26.78.63-IT-PKIISC1101
application TCP-135
application TCP-49152-65535
application TCP-443
set security policies from-zone USR to-zone GTW policy G-USR-GTW-PKIISC1101 then
permit
set security policies from-zone USR to-zone GTW policy G-USR-GTW-PKIISC1101 then log
session-close
set security policies from-zone USR to-zone GTW policy G-USR-GTW-Endpoint_Upgrade
match source-address any
match destination-address RM3-GTW-10.231.241.65-Sm-APO-01
match destination-address RM3-GTW-10.231.176.23-IT-AV-APO110
1
match destination-address SLM-GTW-10.230.176.23-IT-AV-APO120
1
match destination-address RM3-GTW-10.150.129.9-WEPRM3AV03
match destination-address SLM-GTW-10.138.129.4-WEPSLAV02
match application TCP-8080
match application junos-https
then permit
set security policies from-zone USR to-zone GTW policy G-USR-GTW-NAC_ISE match
source-address OVS-GTW-10.202.0.0/16
destination-address SLM-GTW-10.230.180.1-SMISEPAN01
destination-address SLM-GTW-10.230.180.2-SMISEMNT01
destination-address SLM-GTW-10.230.180.3-SMISEPSN01
destination-address RM3-GTW-10.231.180.1-CCISEPAN01
destination-address RM3-GTW-10.231.180.2-CCISEMNT01
destination-address RM3-GTW-10.231.180.3-CCISEPSN01
application junos-dns-tcp
application junos-dns-udp
application junos-ntp
application junos-ike
application UDP-161-162
application UDP-4011
application junos-radius
application junos-radacct
application junos-smtp
application TCP-88
application junos-ms-rpc-tcp
application junos-ldap
application TCP-445
application TCP-464
set security policies from-zone USR to-zone GTW policy G-USR-GTW-NAC_ISE then permit
set security policies from-zone USR to-zone GTW policy G-USR-GTW-NAC_ISE then log
session-close
set security policies from-zone USR to-zone GTW policy G-USR-GTW-NAC-
Deploy_AnyConnect match source-address OVS-GTW-10.202.0.0/16
Deploy_AnyConnect match destination-address 172.18.16.163-oahqsccmpri01
Deploy_AnyConnect match application junos-http
Deploy_AnyConnect match application junos-https
Deploy_AnyConnect match application TCP-135
Deploy_AnyConnect match application UDP-135
Deploy_AnyConnect match application TCP-49152-65535
Deploy_AnyConnect then permit
Deploy_AnyConnect then log session-init
set security policies from-zone USR to-zone GTW policy G-USR-GTW-ARSS match source-
address OVS-GTW-10.202.0.0/16
set security policies from-zone USR to-zone GTW policy G-USR-GTW-ARSS match
destination-address SLM-GTW-10.136.88.23-it-wpeweb1604
set security policies from-zone USR to-zone GTW policy G-USR-GTW-ARSS then permit
set security policies from-zone USR to-zone GTW policy G-USR-GTW-ARSS then log
session-init
set security policies from-zone USR to-zone GTW policy G-USR-GTW-SUP match source-
set security policies from-zone USR to-zone GTW policy G-USR-GTW-SUP match
destination-address RM3-GTW-172.26.16.76-OARM3ECMDP01.oa.bbl
set security policies from-zone USR to-zone GTW policy G-USR-GTW-SUP match
set security policies from-zone USR to-zone GTW policy G-USR-GTW-SUP then permit
set security policies from-zone USR to-zone GTW policy G-USR-GTW-SUP then log
session-init
set security policies from-zone USR to-zone GTW policy G-USR-GTW-ACS match source-
set security policies from-zone USR to-zone GTW policy G-USR-GTW-ACS match
destination-address RM3-GTW-ACS
set security policies from-zone USR to-zone GTW policy G-USR-GTW-ACS match
application TCP-49
set security policies from-zone USR to-zone GTW policy G-USR-GTW-ACS then permit
set security policies from-zone USR to-zone GTW policy G-USR-GTW-ACS then log
session-close
set security policies from-zone USR to-zone GTW policy G-USR-GTW-CA_NSM match source-
set security policies from-zone USR to-zone GTW policy G-USR-GTW-CA_NSM match
destination-address RM3-GTW-CA_NSM
set security policies from-zone USR to-zone GTW policy G-USR-GTW-CA_NSM match
application CA_NSM
set security policies from-zone USR to-zone GTW policy G-USR-GTW-CA_NSM then permit
set security policies from-zone USR to-zone GTW policy G-USR-GTW-CA_NSM then log
session-close
set security policies from-zone USR to-zone GTW policy G-USR-GTW-NAC-TACACS match
application junos-tacacs
set security policies from-zone USR to-zone GTW policy G-USR-GTW-NAC-TACACS then
permit
set security policies from-zone USR to-zone GTW policy G-USR-GTW-NAC-TACACS then log
session-init
set security policies from-zone USR to-zone GTW policy G-USR-GTW-Upgrade_Firmware
match source-address OVS-GTW-10.202.0.0/16
match destination-address RM3-GTW-10.145.2.0/23-CC_Floor3
match application junos-ftp
match application junos-tftp
then permit
then log session-init
set security policies from-zone USR to-zone GTW policy G-USR-GTW-NTP match source-
set security policies from-zone USR to-zone GTW policy G-USR-GTW-NTP match
destination-address OVS-GTW-10.202.0.0/16
set security policies from-zone USR to-zone GTW policy G-USR-GTW-NTP then permit
set security policies from-zone USR to-zone GTW policy G-USR-GTW-NTP then log
session-close
set security policies from-zone USR to-zone GTW policy G-USR-GTW-ICMP match source-
address any
set security policies from-zone USR to-zone GTW policy G-USR-GTW-ICMP match
set security policies from-zone USR to-zone GTW policy G-USR-GTW-ICMP match
application junos-icmp-all
set security policies from-zone USR to-zone GTW policy G-USR-GTW-ICMP then permit
set security policies from-zone USR to-zone GTW policy G-USR-GTW-ICMP then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-Deny_SWIFT_AWP match
source-address CBB-USR-10.202.154.0/24-USR_PC
destination-address RM3-GTW-10.148.117.97-GPSSWFAWP1101
set security policies from-zone USR to-zone GTW policy USR-GTW-Deny_SWIFT_AWP then
deny
set security policies from-zone USR to-zone GTW policy USR-GTW-Deny_SWIFT_AWP then
log session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-CITRIX match source-
address any
set security policies from-zone USR to-zone GTW policy USR-GTW-CITRIX match
destination-address RM3-GTW-CITRIX
destination-address SLM-GTW-CITRIX
application CITRIX_SWIFT
set security policies from-zone USR to-zone GTW policy USR-GTW-CITRIX then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-CITRIX then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-SBFE match source-
address any
set security policies from-zone USR to-zone GTW policy USR-GTW-SBFE match
destination-address RM3-GTW-SBFE
set security policies from-zone USR to-zone GTW policy USR-GTW-SBFE match
destination-address SLM-GTW-SBFE
set security policies from-zone USR to-zone GTW policy USR-GTW-SBFE match application
junos-https
junos-http
junos-ping
set security policies from-zone USR to-zone GTW policy USR-GTW-SBFE then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-SBFE then log session-
close
set security policies from-zone USR to-zone GTW policy USR-GTW-ESIS match source-
address any
set security policies from-zone USR to-zone GTW policy USR-GTW-ESIS match
destination-address RM3-GTW-ESIS
set security policies from-zone USR to-zone GTW policy USR-GTW-ESIS match
destination-address SLM-GTW-ESIS
set security policies from-zone USR to-zone GTW policy USR-GTW-ESIS match application
TCP-9053
set security policies from-zone USR to-zone GTW policy USR-GTW-ESIS match application
TCP-9153
set security policies from-zone USR to-zone GTW policy USR-GTW-ESIS then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-ESIS then log session-
close
set security policies from-zone USR to-zone GTW policy USR-GTW-GLWEB match source-
address any
set security policies from-zone USR to-zone GTW policy USR-GTW-GLWEB match
destination-address RM3-GTW-GL_WEB
destination-address SLM-GTW-GL_WEB
application GL_WEB
set security policies from-zone USR to-zone GTW policy USR-GTW-GLWEB then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-GLWEB then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-GLDB match source-
address any
set security policies from-zone USR to-zone GTW policy USR-GTW-GLDB match
destination-address RM3-GTW-GL_DB_FORM
set security policies from-zone USR to-zone GTW policy USR-GTW-GLDB match
destination-address SLM-GTW-GL_DB_FORM
set security policies from-zone USR to-zone GTW policy USR-GTW-GLDB match application
GL_DB_FORM
set security policies from-zone USR to-zone GTW policy USR-GTW-GLDB then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-GLDB then log session-
close
set security policies from-zone USR to-zone GTW policy USR-GTW-AS400 match source-
address any
set security policies from-zone USR to-zone GTW policy USR-GTW-AS400 match
destination-address SLM-GTW-172.18.56.15-ISSILOM
destination-address RM3-GTW-172.26.56.15-ISRAMA3
application iSeries
set security policies from-zone USR to-zone GTW policy USR-GTW-AS400 then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-AS400 then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-REPORTCENTER match
source-address any
destination-address RM3-GTW-ReportCenter
destination-address SLM-GTW-ReportCenter
application Report_Center
set security policies from-zone USR to-zone GTW policy USR-GTW-REPORTCENTER then
permit
set security policies from-zone USR to-zone GTW policy USR-GTW-REPORTCENTER then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-TELETRADE match
source-address any
destination-address RM3-GTW-TeleTrade
set security policies from-zone USR to-zone GTW policy USR-GTW-TELETRADE then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-TELETRADE then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-WEB match source-
address any
set security policies from-zone USR to-zone GTW policy USR-GTW-WEB match destination-
address RM3-GTW-172.26.2.215-GPDSWFR3SAF01
set security policies from-zone USR to-zone GTW policy USR-GTW-WEB match destination-
address SLM-GTW-10.136.89.32-CPASTMWEB1401
set security policies from-zone USR to-zone GTW policy USR-GTW-WEB match application
junos-http
set security policies from-zone USR to-zone GTW policy USR-GTW-WEB then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-WEB then log session-
close
set security policies from-zone USR to-zone GTW policy USR-GTW-MF match source-
address any
set security policies from-zone USR to-zone GTW policy USR-GTW-MF match destination-
address RM3-GTW-Mainframe
set security policies from-zone USR to-zone GTW policy USR-GTW-MF match destination-
address SLM-GTW-Mainframe
set security policies from-zone USR to-zone GTW policy USR-GTW-MF match application
TCP-8026
set security policies from-zone USR to-zone GTW policy USR-GTW-MF then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-MF then log session-
close
set security policies from-zone USR to-zone GTW policy USR-GTW-TFSP description
"Trade Finance Sharepoint Portal"
set security policies from-zone USR to-zone GTW policy USR-GTW-TFSP match source-
address any
set security policies from-zone USR to-zone GTW policy USR-GTW-TFSP match
destination-address SLM-GTW-172.18.16.87-OAHQSPSLBIP
set security policies from-zone USR to-zone GTW policy USR-GTW-TFSP match application
TCP-28355
set security policies from-zone USR to-zone GTW policy USR-GTW-TFSP match application
junos-http
set security policies from-zone USR to-zone GTW policy USR-GTW-TFSP then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-TFSP then log session-
close
set security policies from-zone USR to-zone GTW policy USR-GTW-EBS match source-
address any
set security policies from-zone USR to-zone GTW policy USR-GTW-EBS match destination-
address RM3-GTW-EBS
set security policies from-zone USR to-zone GTW policy USR-GTW-EBS match destination-
address SLM-GTW-EBS
set security policies from-zone USR to-zone GTW policy USR-GTW-EBS match application
junos-https
set security policies from-zone USR to-zone GTW policy USR-GTW-EBS then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-EBS then log session-
close
set security policies from-zone USR to-zone GTW policy USR-GTW-SWIFT match source-
address any
set security policies from-zone USR to-zone GTW policy USR-GTW-SWIFT match
destination-address RM3-GTW-SWIFT_Production
destination-address SLM-GTW-SWIFT_Test_DR
set security policies from-zone USR to-zone GTW policy USR-GTW-SWIFT then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-SWIFT then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-SWIFT_AWP match
source-address any
destination-address RM3-GTW-10.85.7.133-GPDSWFR3SAG02
destination-address SLM-GTW-10.35.7.132-GPDSWFHSAG01
destination-address RM3-GTW-10.85.7.132-SAG1
destination-address RM3-GTW-10.148.117.97-GPSSWFAWP1101
destination-address RM3-GTW-10.148.117.40-swfbkpd01
destination-address SLM-GTW-10.136.117.40-swfbkdr01-VIP
destination-address SLM-GTW-10.136.119.65-GPSSWFAWP1601
destination-address SLM-GTW-10.136.117.97-GPSSWFAWP1201
destination-address SLM-GTW-10.136.119.4-swfbkua1
set security policies from-zone USR to-zone GTW policy USR-GTW-SWIFT_AWP then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-SWIFT_AWP then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-XCOM description XCOM
set security policies from-zone USR to-zone GTW policy USR-GTW-XCOM match source-
address any
set security policies from-zone USR to-zone GTW policy USR-GTW-XCOM match
destination-address SLM-GTW-172.18.16.209-OAHQSRV05
set security policies from-zone USR to-zone GTW policy USR-GTW-XCOM match application
junos-ping
set security policies from-zone USR to-zone GTW policy USR-GTW-XCOM match application
TCP-445
set security policies from-zone USR to-zone GTW policy USR-GTW-XCOM then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-XCOM then log session-
close
set security policies from-zone USR to-zone GTW policy USR-GTW-SWF match source-
address any
set security policies from-zone USR to-zone GTW policy USR-GTW-SWF match destination-
address SLM-GTW-10.136.89.140-GPSSW-WEB1301
address RM3-GTW-172.28.42.27-GPSSW-WEB1101
address SLM-GTW-172.20.42.11-GPSSW-WEB1101
set security policies from-zone USR to-zone GTW policy USR-GTW-SWF match application
junos-https
set security policies from-zone USR to-zone GTW policy USR-GTW-SWF then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-PKIMS match source-
address any
set security policies from-zone USR to-zone GTW policy USR-GTW-PKIMS match
destination-address RM3-GTW-172.26.78.67-PKI_Server
set security policies from-zone USR to-zone GTW policy USR-GTW-PKIMS match
set security policies from-zone USR to-zone GTW policy USR-GTW-PKIMS then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-PKIMS then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-SIDE_Safewatch match
source-address any
destination-address SLM-GTW-10.136.89.45-GPSSW-WEB1311
destination-address RM3-GTW-172.28.42.78-GPSSW-WEB1111
destination-address SLM-GTW-172.20.42.73-GPSSW-WEB1111
set security policies from-zone USR to-zone GTW policy USR-GTW-SIDE_Safewatch then
permit
set security policies from-zone USR to-zone GTW policy USR-GTW-SIDE_Safewatch then
log session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-Team-SBC match source-
address any
set security policies from-zone USR to-zone GTW policy USR-GTW-Team-SBC match
destination-address RM3-GTW-10.148.122.10-Team-SBC
set security policies from-zone USR to-zone GTW policy USR-GTW-Team-SBC match
application MS_Team
set security policies from-zone USR to-zone GTW policy USR-GTW-Team-SBC then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-Team-SBC then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW03 match source-address
HCB-USR-EDP
set security policies from-zone USR to-zone GTW policy USR-GTW03 match destination-
address HNB-GTW-10.202.40.0/23
set security policies from-zone USR to-zone GTW policy USR-GTW03 match application
junos-ping
set security policies from-zone USR to-zone GTW policy USR-GTW03 match application
TCP-3389
set security policies from-zone USR to-zone GTW policy USR-GTW03 then permit
set security policies from-zone USR to-zone GTW policy USR-GTW03 then log session-
close
set security policies from-zone USR to-zone GTW policy USR-GTW-PAW_DR match source-
address HCB-USR-EDP
set security policies from-zone USR to-zone GTW policy USR-GTW-PAW_DR match
destination-address HNB-MGT-PAW
set security policies from-zone USR to-zone GTW policy USR-GTW-PAW_DR then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-PAW_DR then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-Mail match source-
address HCM-USR-10.202.42.0/24-USR_PC
set security policies from-zone USR to-zone GTW policy USR-GTW-Mail match
destination-address SLM-GTW-172.18.16.51-OAHQEXMB01
set security policies from-zone USR to-zone GTW policy USR-GTW-Mail match application
tcp_1024-65535
TCP-135
TCP-389
UDP-53
TCP-53
junos-http
junos-https
set security policies from-zone USR to-zone GTW policy USR-GTW-Mail then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-Mail then log session-
close
set security policies from-zone USR to-zone GTW policy USR-GTW-Sharepoint match
destination-address RM3-GTW-172.26.60.68-ONLINE_PAYMENT
destination-address RM3-GTW-172.26.60.185-SharePointServer
application UDP-53
application TCP-53
application Sharepoint
set security policies from-zone USR to-zone GTW policy USR-GTW-Sharepoint then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-Sharepoint then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-CITRIX01 match source-
address HCB-USR-10.202.42.171-EDP
address HCB-USR-10.202.42.190-OANBHCB01
address HCB-USR-10.202.43.176/28-SWIFT_User
set security policies from-zone USR to-zone GTW policy USR-GTW-CITRIX01 match
destination-address KWB-GTW-192.255.11.15-Citrix
application Citrix-ICA
set security policies from-zone USR to-zone GTW policy USR-GTW-CITRIX01 then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-CITRIX01 then log
session-close
destination-address KWB-GTW-192.255.11.3-KNB_BBLAPP28_SWIFT
destination-address KWB-GTW-192.255.11.15-Citrix
destination-address KLN-GTW-192.255.11.74-CITRIX
session-close
destination-address RM3-GTW-CITRIX
destination-address SLM-GTW-172.18.2.222-wpehcit01
session-close
destination-address HKG-GTW-10.202.61.225-CTXALL03
destination-address HKG-GTW-10.202.61.100-SDCALL01
destination-address HKG-GTW-10.202.61.99-VDAALL02
session-close
destination-address KLN-GTW-192.255.11.74-CITRIX
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-Swift match source-
address HCB-USR-10.202.42.163-HCWS-01
set security policies from-zone USR to-zone GTW policy USR-GTW-Swift match
destination-address HKG-GTW-10.202.61.100-SDCALL01
destination-address HKG-CitrixServers
destination-address HKG-GTW-192.255.1.83-New_Citrix_Server
set security policies from-zone USR to-zone GTW policy USR-GTW-Swift then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-Swift then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-Citrix match source-
set security policies from-zone USR to-zone GTW policy USR-GTW-Citrix match
destination-address HKB-GTW-192.255.10.201-eStatement_UAT
set security policies from-zone USR to-zone GTW policy USR-GTW-Citrix then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-Citrix then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-GIFTS match source-
set security policies from-zone USR to-zone GTW policy USR-GTW-GIFTS match
destination-address NYB-DCT-10.202.57.107-GIFTSWEBOA
destination-address NYB-DCT-eGIFTS
destination-address NYDR-DCT-10.202.55.97-eGIFTS-DR
set security policies from-zone USR to-zone GTW policy USR-GTW-GIFTS then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-GIFTS then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-RM3_SLM-any match
destination-address SLM-GTW-10.132.0.0/16
destination-address RM3-GTW-10.145.0.0/16
application any
set security policies from-zone USR to-zone GTW policy USR-GTW-RM3_SLM-any then
permit
set security policies from-zone USR to-zone GTW policy USR-GTW-RM3_SLM-any then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-EDP_to_HKBServer-any
match source-address HCB-USR-10.202.42.171-EDP
match destination-address HKB-GTW-192.255.1.133
match application any
then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-HKBMailNote match
destination-address HKB-GTW-192.255.1.8-HKBMAIL1_NOTES
set security policies from-zone USR to-zone GTW policy USR-GTW-HKBMailNote then
permit
set security policies from-zone USR to-zone GTW policy USR-GTW-HKBMailNote then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-Equation01 match
destination-address HKB-GTW-192.255.10.49-iSeries
destination-address HKG-GTW-192.255.1.5-iSeries-VNB_VIP
destination-address HKG-GTW-192.255.1.6-iSeries-VNB_NIC1
destination-address HKG-GTW-192.255.1.7-iSeries-VNB_NIC2
application iSeries
application TCP-447
set security policies from-zone USR to-zone GTW policy USR-GTW-Equation01 then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-Equation01 then log
session-close
destination-address HKG-GTW-192.255.1.5-iSeries-VNB_VIP
application IBM-ClientAccess
set security policies from-zone USR to-zone GTW policy USR-GTW-Equation02 then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-Equation02 then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-HKB-any match source-
set security policies from-zone USR to-zone GTW policy USR-GTW-HKB-any match source-
set security policies from-zone USR to-zone GTW policy USR-GTW-HKB-any match
destination-address HKB-GTW-192.255.1.200-BBLAPP91
destination-address HKB-GTW-192.255.1.0/24
application any
set security policies from-zone USR to-zone GTW policy USR-GTW-HKB-any then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-HKB-any then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-HKDR-any match source-
set security policies from-zone USR to-zone GTW policy USR-GTW-HKDR-any match source-
set security policies from-zone USR to-zone GTW policy USR-GTW-HKDR-any match
destination-address HKDR-GTW-192.255.27.0/24
set security policies from-zone USR to-zone GTW policy USR-GTW-HKDR-any match
application any
set security policies from-zone USR to-zone GTW policy USR-GTW-HKDR-any then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-HKDR-any then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-HN-any match source-
set security policies from-zone USR to-zone GTW policy USR-GTW-HN-any match
destination-address HNB-GTW-10.202.40.0/23
set security policies from-zone USR to-zone GTW policy USR-GTW-HN-any match
application any
set security policies from-zone USR to-zone GTW policy USR-GTW-HN-any then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-HN-any then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-ICDM match source-
set security policies from-zone USR to-zone GTW policy USR-GTW-ICDM match
destination-address SLM-GTW-172.18.60.64-icdmce
destination-address RM3-GTW-172.29.16.131-ICDM
destination-address RM3-GTW-172.29.16.137-ICDM
destination-address SLM-GTW-ICDM
set security policies from-zone USR to-zone GTW policy USR-GTW-ICDM match application
junos-http
junos-https
TCP-389
TCP-8080
TCP-3268
junos-ssh
TCP-9443
TCP-9043
TCP-1551
TCP-1158
TCP-3389
UDP-33400-34000
junos-icmp-all
set security policies from-zone USR to-zone GTW policy USR-GTW-ICDM then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-ICDM then log session-
close
set security policies from-zone USR to-zone GTW policy USR-GTW-iGlobal01 match
destination-address SLM-iGlobal-Servers
application iGlobal
set security policies from-zone USR to-zone GTW policy USR-GTW-iGlobal01 then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-iGlobal01 then log
session-close
destination-address SLM-GTW-172.18.16.87-OAHQSPSLBIP
set security policies from-zone USR to-zone GTW policy USR-GTW-iGlobal02 then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-iGlobal02 then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-Custody match source-
set security policies from-zone USR to-zone GTW policy USR-GTW-Custody match
destination-address TTP-GTW-10.127.202.208-HO-PC-Custody
set security policies from-zone USR to-zone GTW policy USR-GTW-Custody match
set security policies from-zone USR to-zone GTW policy USR-GTW-Custody then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-Custody then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-EDC match source-
set security policies from-zone USR to-zone GTW policy USR-GTW-EDC match destination-
address RM3-GTW-172.26.60.51-EDC_Server
set security policies from-zone USR to-zone GTW policy USR-GTW-EDC match destination-
address SLM-GTW-172.18.60.51-NAC_VIP
set security policies from-zone USR to-zone GTW policy USR-GTW-EDC match application
junos-sccp
set security policies from-zone USR to-zone GTW policy USR-GTW-EDC then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-EDC then log session-
close
set security policies from-zone USR to-zone GTW policy USR-GTW-LMS match source-
set security policies from-zone USR to-zone GTW policy USR-GTW-LMS match destination-
address RM3-GTW-172.20.10.9-lms.bbl.co.th
set security policies from-zone USR to-zone GTW policy USR-GTW-LMS match application
junos-http
set security policies from-zone USR to-zone GTW policy USR-GTW-LMS then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-LMS then log session-
close
set security policies from-zone USR to-zone GTW policy USR-GTW-EPS_EDDSTest-01
description "Testing Electronic Payment System with HOIT (URL:
http://172.31.4.3:8081/sites/stpglobalpayment/vietnam/hc/_layouts/user.aspx) EDDS
test environment (EPS Project)"
set security policies from-zone USR to-zone GTW policy USR-GTW-EPS_EDDSTest-01 match
destination-address RM3-GTW-172.31.4.3-Itstptsp01
set security policies from-zone USR to-zone GTW policy USR-GTW-EPS_EDDSTest-01 then
permit
log session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-EPS_EDDSTest-02
description "Testing Electronic Payment System with HOIT (URL:
http://172.31.4.3:8081/sites/stpglobalpayment/vietnam/hc/_layouts/user.aspx) EDDS
test environment (EPS Project)"
destination-address SLM-GTW-10.46.95.75-ebswsua2
permit
log session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-SAS_AML match source-
set security policies from-zone USR to-zone GTW policy USR-GTW-SAS_AML match
destination-address RM3-GTW-172.28.42.58-ALM-QC
destination-address SM-GTW-172.18.89.18-SAS_ECM_Web_App
set security policies from-zone USR to-zone GTW policy USR-GTW-SAS_AML then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-SAS_AML then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-SAS_ECM_Web match
destination-address HKB-GTW-10.202.62.98-afivnpd1
destination-address HKB-GTW-10.202.64.98-afivnpd1
set security policies from-zone USR to-zone GTW policy USR-GTW-SAS_ECM_Web then
permit
set security policies from-zone USR to-zone GTW policy USR-GTW-SAS_ECM_Web then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-SAS_Eguide-1 match
destination-address HKB-GTW-10.202.62.99-afmvnpd1
destination-address HKB-GTW-10.202.64.99-afmvnpd1
set security policies from-zone USR to-zone GTW policy USR-GTW-SAS_Eguide-1 then
permit
set security policies from-zone USR to-zone GTW policy USR-GTW-SAS_Eguide-1 then log
session-close
destination-address HKB-GTW-10.202.62.100-afcvnpd1
destination-address HKB-GTW-10.202.64.100-afcvnpd1
application tcp_8581
application TCP_8621
set security policies from-zone USR to-zone GTW policy USR-GTW-SAS_Eguide-2 then
permit
set security policies from-zone USR to-zone GTW policy USR-GTW-SAS_Eguide-2 then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-ICDM_SG match source-
address HCB-USR-10.202.42.111
address HCB-USR-10.202.42.36-WKHCB023
set security policies from-zone USR to-zone GTW policy USR-GTW-ICDM_SG match
destination-address HKB-GTW-192.255.10.216-TSTSGBICDM01
set security policies from-zone USR to-zone GTW policy USR-GTW-ICDM_SG match
set security policies from-zone USR to-zone GTW policy USR-GTW-ICDM_SG then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-ICDM_SG then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-AML_SAS_VA_De-Flash
match source-address HCM-USR-10.202.42.0/24-USR_PC
match destination-address HKB-GTW-10.202.62.101-afavnpd1
match destination-address HKB-GTW-10.202.64.101-afavnpd1
then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-SMTP match source-
set security policies from-zone USR to-zone GTW policy USR-GTW-SMTP match
destination-address SLM-GTW-172.18.60.69-oasmtp.oa.bbl
set security policies from-zone USR to-zone GTW policy USR-GTW-SMTP match
destination-address SLM-GTW-172.18.60.49-OAHQCASARRAY
set security policies from-zone USR to-zone GTW policy USR-GTW-SMTP match application
any
set security policies from-zone USR to-zone GTW policy USR-GTW-SMTP then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-SMTP then log session-
init
set security policies from-zone USR to-zone GTW policy USR-GTW-SMTP then log session-
close
set security policies from-zone USR to-zone GTW policy USR-GTW-Citrix_VDA match
destination-address HKG-GTW-192.255.10.79-Citrix_VDA
application junos-winframe
set security policies from-zone USR to-zone GTW policy USR-GTW-Citrix_VDA then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-Citrix_VDA then log
session-init
set security policies from-zone USR to-zone GTW policy USR-GTW-Citrix_VDA then log
session-close
set security policies from-zone USR to-zone GTW policy USR-GTW-McAfee_ePO match
destination-address RM3-GTW-10.231.176.27-IT-AV-EPO-1101
destination-address RM3-GTW-10.231.176.28-IT-AV-AHR-1101
destination-address RM3-GTW-10.231.176.29-IT-AV-AHR-1102
destination-address SLM-GTW-10.230.176.28-IT-AV-AHR-1201
application TCP-445
application TCP-636
application junos-smb-session
application junos-sql-monitor
set security policies from-zone USR to-zone GTW policy USR-GTW-McAfee_ePO then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-McAfee_ePO then log
session-init
set security policies from-zone USR to-zone GTW policy USR-GTW-HCMBCP match source-
set security policies from-zone USR to-zone GTW policy USR-GTW-HCMBCP match
destination-address HCMBCP-GTW-10.202.86.0/23-HCMBCP
set security policies from-zone USR to-zone GTW policy USR-GTW-HCMBCP then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-HCMBCP then log
session-init
set security policies from-zone USR to-zone GTW policy USR-GTW-AML_UAT match source-
set security policies from-zone USR to-zone GTW policy USR-GTW-AML_UAT match
destination-address SLM-GTW-172.18.89.28-amlwebvnppva
set security policies from-zone USR to-zone GTW policy USR-GTW-AML_UAT then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-AML_UAT then log
session-init
set security policies from-zone USR to-zone GTW policy USR-GTW-McAfee_to_DXL match
destination-address RM3-GTW-10.231.176.30-SM-AV-DXL01
destination-address SLM-GTW-10.230.176.29-SM-AV-DXL03
set security policies from-zone USR to-zone GTW policy USR-GTW-McAfee_to_DXL then
permit
set security policies from-zone USR to-zone GTW policy USR-GTW-McAfee_to_DXL then log
session-init
set security policies from-zone USR to-zone GTW policy USR-GTW-CITAD_Backup_server
match source-address HCB-USR-10.202.42.133
match source-address HCB-USR-10.202.42.33-WKHCB101
match destination-address HNB-DCT-10.202.41.100
match application junos-icmp-all
then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-Megara match source-
set security policies from-zone USR to-zone GTW policy USR-GTW-Megara match source-
address HCB-USR-10.202.42.144-WKCHB131
set security policies from-zone USR to-zone GTW policy USR-GTW-Megara match
destination-address SLM-GTW-10.127.203.162-WK2622004
destination-address SLM-GTW-10.127.203.163-WK2622005
set security policies from-zone USR to-zone GTW policy USR-GTW-Megara then permit
set security policies from-zone USR to-zone GTW policy USR-GTW-Megara then log
session-init
set security policies from-zone USR to-zone GTW policy USR-GTW-ICash_to_SWIFT match
destination-address 10.136.87.15-ccmwsdv.bbl.co.th
destination-address 10.95.95.66-dimenxion.bangkokbank.com
set security policies from-zone USR to-zone GTW policy USR-GTW-ICash_to_SWIFT then
permit
set security policies from-zone USR to-zone GTW policy USR-GTW-ICash_to_SWIFT then
log session-init
set security policies from-zone USR to-zone GTW policy USR-GTW-NY_GPS_Payment match
source-address HCB-USR-10.202.42.51-WKHCB129
source-address HCB-USR-10.202.42.101-WKHCB069
destination-address NYB-DCT-10.202.57.117-GPS_Payment_Syst
em
destination-address NYDR-DCT-10.202.55.117-GPS_Payment_Sys
tem
set security policies from-zone USR to-zone GTW policy USR-GTW-NY_GPS_Payment then
permit
set security policies from-zone USR to-zone GTW policy USR-GTW-NY_GPS_Payment then
log session-init
set security policies from-zone USR to-zone GTW policy Temp-USR-GTW-HCB_To_HNB_DNS
match destination-address HNB-SVC-OA_DC
match destination-address HNB-SVC-OA_File_Server
then permit
set security policies from-zone USR to-zone GTW policy G-USR-GTW-DENY match source-
address any
set security policies from-zone USR to-zone GTW policy G-USR-GTW-DENY match
set security policies from-zone USR to-zone GTW policy G-USR-GTW-DENY match
application any
set security policies from-zone USR to-zone GTW policy G-USR-GTW-DENY then deny
set security policies from-zone USR to-zone GTW policy G-USR-GTW-DENY then log
session-init
set security policies from-zone GTW to-zone USR policy G-GTW-USR-DC match source-
address SLM-GTW-OA_DC
address RM3-GTW-OA_DC
address OVS-GTW-OA_DC
set security policies from-zone GTW to-zone USR policy G-GTW-USR-DC match
set security policies from-zone GTW to-zone USR policy G-GTW-USR-DC match application
any
set security policies from-zone GTW to-zone USR policy G-GTW-USR-DC then permit
set security policies from-zone GTW to-zone USR policy G-GTW-USR-DC then log session-
close
set security policies from-zone GTW to-zone USR policy G-GTW-USR-SLMGR match source-
address SLM-GTW-172.18.16.155-OASLMGR02
address RM3-GTW-172.26.16.65-OASLMGR01
address SLM-GTW-172.18.16.65-OASLMGR01
set security policies from-zone GTW to-zone USR policy G-GTW-USR-SLMGR match
application junos-ms-rpc-epm
application KMS
set security policies from-zone GTW to-zone USR policy G-GTW-USR-SLMGR then permit
set security policies from-zone GTW to-zone USR policy G-GTW-USR-SLMGR then log
session-close
set security policies from-zone GTW to-zone USR policy G-GTW-USR-FWADM match source-
address RM3-GTW-FW_Admin
address RM3-GTW-OA_Remote_Terminal
address SLM-GTW-OA_Remote_Terminal
address RM3-GTW-10.145.0.0/16
address RM3-GTW-WIFI_User
address SLM-GTW-10.230.251.132-IT-VDIRDS1204
address RM3-GTW-10.231.251.0/24-VDI
address SLM-GTW-10.230.251.0/24-VDI
address SLM-GTW-10.132.95.0/24-SM03OPT1_NonOA_DRC
set security policies from-zone GTW to-zone USR policy G-GTW-USR-FWADM match
set security policies from-zone GTW to-zone USR policy G-GTW-USR-FWADM then permit
set security policies from-zone GTW to-zone USR policy G-GTW-USR-FWADM then log
session-close
set security policies from-zone GTW to-zone USR policy G-GTW-USR-MAIL match source-
address SLM-GTW-OA_Mail_Servers
set security policies from-zone GTW to-zone USR policy G-GTW-USR-MAIL match source-
address RM3-GTW-OA_Mail_Servers
set security policies from-zone GTW to-zone USR policy G-GTW-USR-MAIL match
set security policies from-zone GTW to-zone USR policy G-GTW-USR-MAIL then permit
set security policies from-zone GTW to-zone USR policy G-GTW-USR-MAIL then log
session-close
set security policies from-zone GTW to-zone USR policy G-GTW-USR-MS_Team-Deny match
source-address SLM-GTW-10.126.0.0/15-TEAM-USER-BKK
source-address RM3-GTW-10.144.0.0/15-TEAM-USER-BKK
source-address Branch-GTW-10.192.0.0/14-TEAM-USER-BKK
destination-address CBB-USR-10.202.154.0/24-USR_PC
destination-address PSB-USR-10.202.162.0/24-USR_PC
destination-address VTB-USR-10.202.152.0/24-USR_PC
destination-address LDB-USR-10.202.80.0/24-USR_PC
destination-address MNB-USR-10.202.78.0/24-USR_PC
destination-address NYB-USR-10.202.56.0/24-USR_PC
destination-address TKB-USR-10.202.20.0/24-USR_PC
destination-address OSB-USR-10.202.22.0/24-USR_PC
destination-address JKB-USR-10.202.52.0/24-UserZone
destination-address SBB-USR-10.202.46.0/24-USR_PC
destination-address MDB-USR-10.202.50.0/24-USR_PC
destination-address TPB-USR-10.202.18.0/24-USR_PC
destination-address TCB-USR-10.202.16.0/24-USR_PC
destination-address KHB-USR-10.202.14.0/24-USR_PC
destination-address HCM-USR-10.202.42.0/24-USR_PC
destination-address HNB-USR-10.202.40.0/24-USR_PC
application MS_Team_Server
application MS_Team_Client
set security policies from-zone GTW to-zone USR policy G-GTW-USR-MS_Team-Deny then
deny
set security policies from-zone GTW to-zone USR policy G-GTW-USR-MS_Team-Deny then
log session-close
set security policies from-zone GTW to-zone USR policy G-GTW-USR-MS_Team match
source-address RM3-GTW-10.148.122.10-Team-SBC
application MS_Team
set security policies from-zone GTW to-zone USR policy G-GTW-USR-MS_Team then permit
set security policies from-zone GTW to-zone USR policy G-GTW-USR-MS_Team then log
session-close
set security policies from-zone GTW to-zone USR policy G-GTW-USR-SKYPE match source-
address any
set security policies from-zone GTW to-zone USR policy G-GTW-USR-SKYPE match
application Lync_Client
set security policies from-zone GTW to-zone USR policy G-GTW-USR-SKYPE then permit
set security policies from-zone GTW to-zone USR policy G-GTW-USR-SKYPE then log
session-close
set security policies from-zone GTW to-zone USR policy G-GTW-USR-Endpoint_Upgrade
match source-address RM3-GTW-10.231.241.65-Sm-APO-01
match source-address RM3-GTW-10.231.176.23-IT-AV-APO1101
match source-address SLM-GTW-10.230.176.23-IT-AV-APO1201
match source-address RM3-GTW-10.150.129.9-WEPRM3AV03
match source-address SLM-GTW-10.138.129.4-WEPSLAV02
match destination-address any
match application UDP-445
then permit
set security policies from-zone GTW to-zone USR policy G-GTW-USR-
Endpoint_Upgrade_Remote match source-address RM3-GTW-10.231.176.23-IT-AV-APO1
101
Endpoint_Upgrade_Remote match source-address SLM-GTW-10.230.176.23-IT-AV-APO1
201
Endpoint_Upgrade_Remote match destination-address any
Endpoint_Upgrade_Remote match application TCP-3389
Endpoint_Upgrade_Remote then permit
Endpoint_Upgrade_Remote then log session-close
set security policies from-zone GTW to-zone USR policy G-GTW-USR-Remote-for-NAC match
source-address RM3-GTW-10.231.180.1-CCISEPAN01
source-address RM3-GTW-10.231.180.2-CCISEMNT01
source-address RM3-GTW-10.231.180.3-CCISEPSN01
source-address RM3-GTW-10.145.2.0/23-CC_Floor3
application junos-ssh
set security policies from-zone GTW to-zone USR policy G-GTW-USR-Remote-for-NAC then
permit
set security policies from-zone GTW to-zone USR policy G-GTW-USR-Remote-for-NAC then
log session-close
set security policies from-zone GTW to-zone USR policy G-GTW-USR-NAC_CoA match
source-address SLM-GTW-10.230.180.1-SMISEPAN01
source-address SLM-GTW-10.230.180.2-SMISEMNT01
source-address SLM-GTW-10.230.180.3-SMISEPSN01
source-address SLM-GTW-10.230.180.4-SMISEPSN02
source-address RM3-GTW-10.231.180.1-CCISEPAN01
source-address RM3-GTW-10.231.180.2-CCISEMNT01
set security policies from-zone GTW to-zone USR policy G-GTW-USR-NAC_CoA then permit
set security policies from-zone GTW to-zone USR policy G-GTW-USR-NAC_CoA then log
session-close
set security policies from-zone GTW to-zone USR policy G-GTW-USR-NAC-
Deploy_AnyConnect match source-address 172.18.16.163-oahqsccmpri01
Deploy_AnyConnect match destination-address OVS-GTW-10.202.0.0/16
set security policies from-zone GTW to-zone USR policy G-GTW-USR-VA_Scan match
source-address RM3-GTW-10.231.244.129-SM-VA-R7E-1101
source-address SLM-GTW-10.230.244.129-SM-VA-R7E-1201
application any
set security policies from-zone GTW to-zone USR policy G-GTW-USR-VA_Scan then permit
set security policies from-zone GTW to-zone USR policy G-GTW-USR-VA_Scan then log
session-init
set security policies from-zone GTW to-zone USR policy G-GTW-USR-CA_NSM match source-
address RM3-GTW-CA_NSM
address RM3-GTW-Network_PC
set security policies from-zone GTW to-zone USR policy G-GTW-USR-CA_NSM match
set security policies from-zone GTW to-zone USR policy G-GTW-USR-CA_NSM match
application CA_NSM
set security policies from-zone GTW to-zone USR policy G-GTW-USR-CA_NSM then permit
set security policies from-zone GTW to-zone USR policy G-GTW-USR-CA_NSM then log
session-close
set security policies from-zone GTW to-zone USR policy G-GTW-USR-ICMP match source-
address any
set security policies from-zone GTW to-zone USR policy G-GTW-USR-ICMP match
set security policies from-zone GTW to-zone USR policy G-GTW-USR-ICMP match
set security policies from-zone GTW to-zone USR policy G-GTW-USR-ICMP then permit
set security policies from-zone GTW to-zone USR policy G-GTW-USR-ICMP then log
session-close
set security policies from-zone GTW to-zone USR policy GTW-USR-SWIFT match source-
address RM3-GTW-SWIFT_Production
address SLM-GTW-SWIFT_Test_DR
address SWIFT_New_Server
address RM3-GTW-10.148.117.40-swfbkpd01
address SLM-GTW-10.136.117.40-swfbkdr01-VIP
address SLM-GTW-10.136.119.4-swfbkua1
set security policies from-zone GTW to-zone USR policy GTW-USR-SWIFT match
set security policies from-zone GTW to-zone USR policy GTW-USR-SWIFT match
application SWIFT_PRINTER
set security policies from-zone GTW to-zone USR policy GTW-USR-SWIFT then permit
set security policies from-zone GTW to-zone USR policy GTW-USR-SWIFT then log
session-close
set security policies from-zone GTW to-zone USR policy GTW-USR-MF match source-
address RM3-GTW-Mainframe
set security policies from-zone GTW to-zone USR policy GTW-USR-MF match source-
address SLM-GTW-Mainframe
set security policies from-zone GTW to-zone USR policy GTW-USR-MF match destination-
address any
set security policies from-zone GTW to-zone USR policy GTW-USR-MF match application
TCP-8026
set security policies from-zone GTW to-zone USR policy GTW-USR-MF then permit
set security policies from-zone GTW to-zone USR policy GTW-USR-MF then log session-
close
set security policies from-zone GTW to-zone USR policy GTW-USR-Team-SBC match source-
address RM3-GTW-10.148.122.10-Team-SBC
set security policies from-zone GTW to-zone USR policy GTW-USR-Team-SBC match
set security policies from-zone GTW to-zone USR policy GTW-USR-Team-SBC match
set security policies from-zone GTW to-zone USR policy GTW-USR-Team-SBC then permit
set security policies from-zone GTW to-zone USR policy GTW-USR-Team-SBC then log
session-close
set security policies from-zone GTW to-zone USR policy GTW-USR-DenyRemoteSWIFT match
source-address any
destination-address HCB-USR-10.202.43.176/28-SWIFT_User
set security policies from-zone GTW to-zone USR policy GTW-USR-DenyRemoteSWIFT then
deny
set security policies from-zone GTW to-zone USR policy GTW-USR-DenyRemoteSWIFT then
log session-close
set security policies from-zone GTW to-zone USR policy GTW-USR-CITRIX01 match source-
address HKG-GTW-10.202.61.21-CTXALL06
address HKG-CitrixServers
set security policies from-zone GTW to-zone USR policy GTW-USR-CITRIX01 match
application SNMP
application SWIFT_PRINTER
set security policies from-zone GTW to-zone USR policy GTW-USR-CITRIX01 then permit
set security policies from-zone GTW to-zone USR policy GTW-USR-CITRIX01 then log
session-close
address KWB-GTW-192.255.11.15-Citrix
destination-address HCB-USR-10.202.42.171-EDP
destination-address HCB-USR-10.202.42.190-OANBHCB01
session-close
address HKG-GTW-192.255.10.12-TSTAPP07
session-close
address SLM-GTW-CITRIX
address RM3-GTW-CITRIX
session-close
set security policies from-zone GTW to-zone USR policy GTW-USR-CITRIX05-PrintVoucher
match source-address HKG-GTW-192.255.1.78-BBLAPP78
match source-address HKG-GTW-192.255.1.79-BBLAPP79
match source-address HKG-GTW-192.255.1.83-New_Citrix_Serv
er
match destination-address HCM-USR-10.202.42.0/24-USR_PC
match destination-address HCB-USR-10.202.43.176/28-SWIFT_
User
match application UDP-161-162
match application TCP-161-162
then permit
set security policies from-zone GTW to-zone USR policy GTW-USR-HKB-any match source-
address HKB-GTW-10.202.5.192/26-HKB-06F-VLAN18
address HKB-GTW-192.255.1.0/24
address HKG-GTW-10.202.6.0/26-08F_Segment_VLAN19
set security policies from-zone GTW to-zone USR policy GTW-USR-HKB-any match
application any
set security policies from-zone GTW to-zone USR policy GTW-USR-HKB-any then permit
set security policies from-zone GTW to-zone USR policy GTW-USR-HKB-any then log
session-close
set security policies from-zone GTW to-zone USR policy GTW-USR-HKDR-any match source-
address HKDR-GTW-192.255.27.0/24
set security policies from-zone GTW to-zone USR policy GTW-USR-HKDR-any match
application any
set security policies from-zone GTW to-zone USR policy GTW-USR-HKDR-any then permit
set security policies from-zone GTW to-zone USR policy GTW-USR-HKDR-any then log
session-close
set security policies from-zone GTW to-zone USR policy GTW-USR-Mail match source-
address SLM-GTW-172.18.60.59-OAHQOWALBIP
address SLM-GTW-172.18.60.49-OAHQCASARRAY
address SLM-GTW-172.18.16.131-OAHEXMB01
address SLM-GTW-172.18.16.51-OAHQEXMB01
address SLM-GTW-172.18.16.1-OAHQSDC01
address RM3-GTW-172.26.60.49-OAR3CASARRAY
set security policies from-zone GTW to-zone USR policy GTW-USR-Mail match
set security policies from-zone GTW to-zone USR policy GTW-USR-Mail match application
tcp_1024-65535
TCP-135
UDP-389
TCP-389
UDP-53
TCP-53
junos-http
TCP-443
set security policies from-zone GTW to-zone USR policy GTW-USR-Mail then permit
set security policies from-zone GTW to-zone USR policy GTW-USR-Mail then log session-
close
set security policies from-zone GTW to-zone USR policy GTW-USR-MapServer-any match
source-address RM3-GTW-USR-172.26.16.191-MapServer
application any
set security policies from-zone GTW to-zone USR policy GTW-USR-MapServer-any then
permit
set security policies from-zone GTW to-zone USR policy GTW-USR-MapServer-any then log
session-close
set security policies from-zone GTW to-zone USR policy GTW-USR-SLM-any match source-
address SLM-GTW-10.132.0.0/16
set security policies from-zone GTW to-zone USR policy GTW-USR-SLM-any match
set security policies from-zone GTW to-zone USR policy GTW-USR-SLM-any match
application any
set security policies from-zone GTW to-zone USR policy GTW-USR-SLM-any then permit
set security policies from-zone GTW to-zone USR policy GTW-USR-SLM-any then log
session-close
set security policies from-zone GTW to-zone USR policy GTW-USR-RM3-any match source-
address RM3-GTW-10.145.0.0/16
set security policies from-zone GTW to-zone USR policy GTW-USR-RM3-any match
set security policies from-zone GTW to-zone USR policy GTW-USR-RM3-any match
application any
set security policies from-zone GTW to-zone USR policy GTW-USR-RM3-any then permit
set security policies from-zone GTW to-zone USR policy GTW-USR-RM3-any then log
session-close
set security policies from-zone GTW to-zone USR policy GTW-USR-HNB-any match source-
set security policies from-zone GTW to-zone USR policy GTW-USR-HNB-any match
set security policies from-zone GTW to-zone USR policy GTW-USR-HNB-any match
application any
set security policies from-zone GTW to-zone USR policy GTW-USR-HNB-any then permit
set security policies from-zone GTW to-zone USR policy GTW-USR-HNB-any then log
session-close
set security policies from-zone GTW to-zone USR policy GTW-USR-ICDM match source-
address SLM-GTW-ICDM
address RM3-GTW-172.29.16.131-ICDM
address RM3-GTW-172.29.16.137-ICDM
set security policies from-zone GTW to-zone USR policy GTW-USR-ICDM match
set security policies from-zone GTW to-zone USR policy GTW-USR-ICDM match application
junos-http
junos-https
TCP-389
TCP-8080
TCP-3268
junos-ssh
TCP-9443
TCP-9043
TCP-1551
TCP-1158
junos-icmp-all
TCP-3389
UDP-33400-34000
set security policies from-zone GTW to-zone USR policy GTW-USR-ICDM then permit
set security policies from-zone GTW to-zone USR policy GTW-USR-ICDM then log session-
close
set security policies from-zone GTW to-zone USR policy GTW-USR-Custody match source-
address TTP-GTW-10.127.202.208-HO-PC-Custody
set security policies from-zone GTW to-zone USR policy GTW-USR-Custody match
set security policies from-zone GTW to-zone USR policy GTW-USR-Custody match
set security policies from-zone GTW to-zone USR policy GTW-USR-Custody then permit
set security policies from-zone GTW to-zone USR policy GTW-USR-Custody then log
session-close
set security policies from-zone GTW to-zone USR policy GTW-USR-ATA_BOX match source-
address RM3-GTW-10.145.129.161-ATA_Terminal
set security policies from-zone GTW to-zone USR policy GTW-USR-ATA_BOX match
set security policies from-zone GTW to-zone USR policy GTW-USR-ATA_BOX then permit
set security policies from-zone GTW to-zone USR policy GTW-USR-ATA_BOX then log
session-close
set security policies from-zone GTW to-zone USR policy GTW-USR-SSL_VPN match source-
address SLM-GTW-10.46.62.0/24-SSLVPN
set security policies from-zone GTW to-zone USR policy GTW-USR-SSL_VPN match source-
address RM3-GTW-10.95.62.0/24-VPN2A.RM3
set security policies from-zone GTW to-zone USR policy GTW-USR-SSL_VPN match
set security policies from-zone GTW to-zone USR policy GTW-USR-SSL_VPN match
set security policies from-zone GTW to-zone USR policy GTW-USR-SSL_VPN then permit
set security policies from-zone GTW to-zone USR policy GTW-USR-SSL_VPN then log
session-close
set security policies from-zone GTW to-zone USR policy GTW-USR-McAfee_ePO match
source-address RM3-GTW-10.231.176.27-IT-AV-EPO-1101
source-address RM3-GTW-10.231.176.28-IT-AV-AHR-1101
source-address SLM-GTW-10.230.176.28-IT-AV-AHR-1201
application TCP-445
application TCP-636
application junos-sql-monitor
set security policies from-zone GTW to-zone USR policy GTW-USR-McAfee_ePO then permit
set security policies from-zone GTW to-zone USR policy GTW-USR-McAfee_ePO then log
session-init
set security policies from-zone GTW to-zone USR policy GTW-USR-HCMBCP match source-
address HCMBCP-GTW-10.202.86.0/23-HCMBCP
set security policies from-zone GTW to-zone USR policy GTW-USR-HCMBCP match
set security policies from-zone GTW to-zone USR policy GTW-USR-HCMBCP then permit
set security policies from-zone GTW to-zone USR policy GTW-USR-HCMBCP then log
session-init
set security policies from-zone GTW to-zone USR policy GTW-USR-CITAD_Backup_server
match source-address HNB-USR-10.202.40.171-Hung_PC
match source-address HNB-USR-10.202.40.175
match source-address HNB-USR-10.202.40.169
match source-address HNB-USR-10.202.40.180-WKHNB016
match destination-address HCB-USR-10.202.42.41-CITAD_Backup
_Server
then permit
set security policies from-zone GTW to-zone USR policy Temp-GTW-USR-HCB_To_HNB_DNS
match source-address HNB-SVC-OA_File_Server
match source-address HNB-SVC-OA_DC
then permit
set security policies from-zone GTW to-zone USR policy G-GTW-USR-DENY match source-
address any
set security policies from-zone GTW to-zone USR policy G-GTW-USR-DENY match
set security policies from-zone GTW to-zone USR policy G-GTW-USR-DENY match
application any
set security policies from-zone GTW to-zone USR policy G-GTW-USR-DENY then deny
set security policies from-zone GTW to-zone USR policy G-GTW-USR-DENY then log
session-init
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-DC match source-
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-DC match
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-DC match application
any
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-DC then permit
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-DC then log session-
close
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-ADHC match source-
address RM3-GTW-ADHC
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-ADHC match source-
address RM3-GTW-SCOM
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-ADHC match
application ADHC_1
application ADHC_2
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-ADHC then permit
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-ADHC then log
session-close
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-SCOM match source-
address RM3-GTW-SCOM
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-SCOM match
application SCOM_1
application SCOM_2
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-SCOM then permit
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-SCOM then log
session-close
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-AD_Assessment match
source-address SLM-GTW-172.18.16.115-OAHQADASSET01
application TCP-135
application TCP-137
application TCP-138
application TCP-139
application tcp_1024-65535
application TCP-389
application TCP-445
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-AD_Assessment then
permit
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-AD_Assessment then
log session-close
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-Endpoint_Upgrade
then permit
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-NAC-
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-VA_Scan match
application any
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-VA_Scan then permit
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-VA_Scan then log
session-init
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-CA_NSM match source-
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-CA_NSM match
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-CA_NSM match
application CA_NSM
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-CA_NSM then permit
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-CA_NSM then log
session-close
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-NetUX_ATA match
source-address SLM-GTW-NetUX
application NetUXtoATA
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-NetUX_ATA then
permit
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-NetUX_ATA then log
session-close
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-ATA_Terminal match
source-address RM3-GTW-10.145.129.161-ATA_Terminal
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-ATA_Terminal then
permit
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-ATA_Terminal then
log session-close
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-ProxyMgmt match
source-address RM3-GTW-BlueCoat_Admin
source-address SLM-GTW-BlueCoat_Director
source-address RM3-GTW-BlueCoat_MC
source-address RM3-GTW-10.229.250.40-CCOOBPXYMGT01
application Proxy
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-ProxyMgmt then
permit
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-ProxyMgmt then log
session-close
set security policies from-zone GTW to-zone SVC policy GTW-SVC-TMCM match source-
address RM3-GTW-TMCM
set security policies from-zone GTW to-zone SVC policy GTW-SVC-TMCM match
set security policies from-zone GTW to-zone SVC policy GTW-SVC-TMCM match application
TMCM-to-OSCE
set security policies from-zone GTW to-zone SVC policy GTW-SVC-TMCM match application
junos-icmp-ping
set security policies from-zone GTW to-zone SVC policy GTW-SVC-TMCM then permit
set security policies from-zone GTW to-zone SVC policy GTW-SVC-TMCM then log session-
close
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-ICMP match source-
address any
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-ICMP match
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-ICMP match
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-ICMP then permit
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-ICMP then log
session-close
set security policies from-zone GTW to-zone SVC policy GTW-SVC08 match source-address
HNB-GTW-10.202.40.0/23
set security policies from-zone GTW to-zone SVC policy GTW-SVC08 match destination-
address HCB-SVC-BlueCoat
set security policies from-zone GTW to-zone SVC policy GTW-SVC08 match application
Proxy
set security policies from-zone GTW to-zone SVC policy GTW-SVC08 then permit
set security policies from-zone GTW to-zone SVC policy GTW-SVC08 then log session-
close
HNB-GTW-10.202.40.0/23
address HCB-SVC-WSUS_OSCE
OSCE_1
OSCE_2
junos-icmp-ping
WSUS
close
HNB-GTW-10.202.40.0/23
address HCB-SVC-OA_DC
any
close
HNB-SVC-OA_File_Server
address HCB-SVC-OA_File_Server
any
close
RM3-GTW-TMCM
TMCM-to-OSCE
close
set security policies from-zone GTW to-zone SVC policy GTW-SVC-ATABox match source-
address RM3-GTW-10.145.129.161-ATA_Terminal
set security policies from-zone GTW to-zone SVC policy GTW-SVC-ATABox match source-
address SLM-GTW-NetUX
set security policies from-zone GTW to-zone SVC policy GTW-SVC-ATABox match
destination-address HCB-SVC-10.202.43.89-ATABox
application ATAtoNetUX
set security policies from-zone GTW to-zone SVC policy GTW-SVC-ATABox then permit
set security policies from-zone GTW to-zone SVC policy GTW-SVC-ATABox then log
session-close
set security policies from-zone GTW to-zone SVC policy GTW-SVC-Exim01 match source-
address HKG-GTW-10.202.61.18-BBLAPP07
set security policies from-zone GTW to-zone SVC policy GTW-SVC-Exim01 match
destination-address HCB-SVC-OA_File_Server
application junos-ftp
set security policies from-zone GTW to-zone SVC policy GTW-SVC-Exim01 then permit
set security policies from-zone GTW to-zone SVC policy GTW-SVC-Exim01 then log
session-close
set security policies from-zone GTW to-zone SVC policy GTW-SVC-Exim02 match source-
application TCP-20
set security policies from-zone GTW to-zone SVC policy GTW-SVC-Exim02 then permit
set security policies from-zone GTW to-zone SVC policy GTW-SVC-Exim02 then log
session-close
set security policies from-zone GTW to-zone SVC policy GTW-SVC-Upgrade_Office_Scan
match destination-address HCB-SVC-10.202.43.70-OAOVSHCBMNT0
1
then permit
set security policies from-zone GTW to-zone SVC policy GTW-SVC-McAfee_ePO match
source-address RM3-GTW-10.231.176.27-IT-AV-EPO-1101
source-address SLM-GTW-10.230.176.28-IT-AV-AHR-1201
destination-address HCB-SVC-10.202.43.67-OAOVSHCBSRV01
application TCP-445
set security policies from-zone GTW to-zone SVC policy GTW-SVC-McAfee_ePO then permit
set security policies from-zone GTW to-zone SVC policy GTW-SVC-McAfee_ePO then log
session-init
set security policies from-zone GTW to-zone SVC policy GTW-SVC-HCMBCP-DC_Server match
source-address HCMBCP-GTW-10.202.86.0/23-HCMBCP
source-address HCMBCP-10.202.87.176/28-HCMDR_SWIFT_User
destination-address HCB-SVC-OA_DC
application any
set security policies from-zone GTW to-zone SVC policy GTW-SVC-HCMBCP-DC_Server then
permit
set security policies from-zone GTW to-zone SVC policy GTW-SVC-HCMBCP-DC_Server then
log session-close
set security policies from-zone GTW to-zone SVC policy GTW-SVC-HCMBCP-File_Server
match source-address HCMBCP-GTW-10.202.86.0/23-HCMBCP
match source-address HCMBCP-10.202.87.176/28-HCMDR_SWIFT_Use
r
match destination-address HCB-SVC-OA_File_Server
then permit
set security policies from-zone GTW to-zone SVC policy GTW-SVC-HCMBCP-WSUS match
source-address HCMBCP-10.202.87.176/28-HCMDR_SWIFT_User
destination-address HCB-SVC-WSUS_OSCE
application OSCE_1
application OSCE_2
application WSUS
set security policies from-zone GTW to-zone SVC policy GTW-SVC-HCMBCP-WSUS then
permit
set security policies from-zone GTW to-zone SVC policy GTW-SVC-HCMBCP-WSUS then log
session-close
set security policies from-zone GTW to-zone SVC policy GTW-SVC-HCMBCP-Bluecoat match
destination-address HCB-SVC-BlueCoat
application Proxy
set security policies from-zone GTW to-zone SVC policy GTW-SVC-HCMBCP-Bluecoat then
permit
set security policies from-zone GTW to-zone SVC policy GTW-SVC-HCMBCP-Bluecoat then
log session-close
set security policies from-zone GTW to-zone SVC policy GTW-SVC-NAC-
Deploy_AnyConnect_rule1 match source-address 172.18.16.165-oahqecmsql01
Deploy_AnyConnect_rule1 match destination-address HCB-SVC-10.202.43.70-OAOV
SHCBMNT01
Deploy_AnyConnect_rule1 match application TCP-1433
Deploy_AnyConnect_rule1 then permit
Deploy_AnyConnect_rule1 then log session-init
set security policies from-zone GTW to-zone SVC policy GTW-SVC-DeepSecurity_rule1
match source-address SLM-GTW-10.230.241.35-IT-AV-AP-1102.oa.
bbl
match source-address RM3-GTW-10.231.241.35-IT-AV-AP-1101.oa.
bbl
match destination-address HCB-SVC-10.202.43.65-OAOVSHCBSDC01
match destination-address HCB-SVC-10.202.43.66-OAOVSHCBSDC02
then permit
set security policies from-zone GTW to-zone SVC policy GTW-SVC-
Citrix_XenApp_GetDCPolicy match source-address RM3-GTW-10.150.144.3-WPECITCXA1101
Citrix_XenApp_GetDCPolicy match source-address RM3-GTW-10.150.144.4-WPECITCXA1102
Citrix_XenApp_GetDCPolicy match source-address SLM-GTW-10.138.144.3-WPECITCXA1201
Citrix_XenApp_GetDCPolicy match source-address SLM-GTW-10.138.144.4-WPECITCXA1202
Citrix_XenApp_GetDCPolicy match destination-address HCB-SVC-10.202.43.65-
OAOVSHCBSDC01
Citrix_XenApp_GetDCPolicy match destination-address HCB-SVC-10.202.43.66-
OAOVSHCBSDC02
Citrix_XenApp_GetDCPolicy match destination-address HCB-SVC-10.202.43.75
Citrix_XenApp_GetDCPolicy match application TCP-445
Citrix_XenApp_GetDCPolicy then permit
Citrix_XenApp_GetDCPolicy then log session-init
set security policies from-zone GTW to-zone SVC policy GTW-SVC-SCCM-MP match source-
set security policies from-zone GTW to-zone SVC policy GTW-SVC-SCCM-MP match
destination-address HCB-SVC-10.202.43.70-OAOVSHCBMNT01
set security policies from-zone GTW to-zone SVC policy GTW-SVC-SCCM-MP then permit
set security policies from-zone GTW to-zone SVC policy GTW-SVC-SCCM-MP then log
session-init
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-DENY match source-
address any
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-DENY match
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-DENY match
application any
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-DENY then deny
set security policies from-zone GTW to-zone SVC policy G-GTW-SVC-DENY then log
session-init
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-DC match source-
address any
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-DC match
destination-address SLM-GTW-OA_Remote_Terminal
destination-address RM3-GTW-OA_Remote_Terminal
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-DC match application
any
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-DC then permit
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-DC then log session-
close
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-CERT_RMS match
source-address any
destination-address SLM-GTW-OA_CERT
destination-address SLM-GTW-OA_RMS
destination-address SLM-GTW-OA_SMS
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-CERT_RMS then permit
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-CERT_RMS then log
session-close
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-SCOM match source-
address any
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-SCOM match
destination-address RM3-GTW-SCOM
application SCOM_1
application SCOM_2
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-SCOM then permit
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-SCOM then log
session-close
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-SpeedTest match
source-address any
destination-address SM-GTW-172.19.248.83-SIlom_SpeedTest
destination-address RM3-GTW-172.27.248.83-Rama3_SpeedTest
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-SpeedTest then
permit
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-SpeedTest then log
session-close
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-AD_Assessment match
source-address any
destination-address SLM-GTW-172.18.16.115-OAHQADASSET01
application TCP-135
application TCP-137
application TCP-138
application TCP-139
application tcp_1024-65535
application TCP-389
application TCP-445
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-AD_Assessment then
permit
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-AD_Assessment then
log session-close
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-Endpoint_Upgrade
then permit
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-NAC-
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-PKIISC1101 match
application TCP-135
application TCP-443
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-PKIISC1101 then
permit
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-PKIISC1101 then log
session-close
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-SUP match source-
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-SUP match
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-SUP match
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-SUP then permit
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-SUP then log
session-init
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-ACS match source-
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-ACS match
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-ACS match
application TCP-49
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-ACS then permit
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-ACS then log
session-close
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-CA_NSM match source-
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-CA_NSM match
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-CA_NSM match
application CA_NSM
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-CA_NSM then permit
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-CA_NSM then log
session-close
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-NAC-TACACS match
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-NAC-TACACS then
permit
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-NAC-TACACS then log
session-init
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-Upgrade_Firmware
then permit
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-ATA_NetUX match
source-address any
destination-address SLM-GTW-NetUX
application ATAtoNetUX
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-ATA_NetUX then
permit
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-ATA_NetUX then log
session-close
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-ATA_Terminal match
source-address any
destination-address RM3-GTW-10.145.129.161-ATA_Terminal
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-ATA_Terminal then
permit
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-ATA_Terminal then
log session-close
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-BBL_Logo match
source-address any
destination-address RM3-GTW-InternalWeb
destination-address SLM-GTW-InternalWeb
destination-address RM3-GTW-172.26.77.1-BBL_Logo
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-BBL_Logo then permit
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-BBL_Logo then log
session-close
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-ProxyMgmt match
source-address any
destination-address RM3-GTW-BlueCoat_MC
destination-address RM3-GTW-10.229.250.40-CCOOBPXYMGT01
destination-address RM3-GTW-10.229.250.41-CCOOBPXYREP01
destination-address RM3-GTW-10.229.250.42-CCOOBPXYLOG01
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-ProxyMgmt then
permit
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-ProxyMgmt then log
session-close
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-BC_Reporter match
source-address any
destination-address SLM-GTW-BlueCoat_Reporter
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-BC_Reporter then
permit
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-BC_Reporter then log
session-close
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-Update_Signature
match destination-address RM3-GTW-10.231.241.67-DDI
then permit
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-NTP match source-
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-NTP match
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-NTP then permit
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-NTP then log
session-close
set security policies from-zone SVC to-zone GTW policy SVC-GTW-TMCM match source-
address any
set security policies from-zone SVC to-zone GTW policy SVC-GTW-TMCM match
destination-address RM3-GTW-TMCM
set security policies from-zone SVC to-zone GTW policy SVC-GTW-TMCM match application
OSCE-to-TMCM
set security policies from-zone SVC to-zone GTW policy SVC-GTW-TMCM match application
junos-icmp-ping
set security policies from-zone SVC to-zone GTW policy SVC-GTW-TMCM then permit
set security policies from-zone SVC to-zone GTW policy SVC-GTW-TMCM then log session-
close
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-ICMP match source-
address any
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-ICMP match
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-ICMP match
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-ICMP then permit
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-ICMP then log
session-close
set security policies from-zone SVC to-zone GTW policy SVC-GTW08 match source-address
HCB-SVC-OA_File_Server
set security policies from-zone SVC to-zone GTW policy SVC-GTW08 match destination-
address HNB-SVC-OA_File_Server
set security policies from-zone SVC to-zone GTW policy SVC-GTW08 match application
any
set security policies from-zone SVC to-zone GTW policy SVC-GTW08 then permit
set security policies from-zone SVC to-zone GTW policy SVC-GTW08 then log session-
close
HCB-SVC-WSUS_OSCE
OSCE_1
OSCE_2
junos-icmp-ping
WSUS
close
HCB-SVC-OA_DC
any
close
HCB-SVC-WSUS_OSCE
address RM3-GTW-TMCM
OSCE-to-TMCM
close
set security policies from-zone SVC to-zone GTW policy SVC-GTW-ATABox match source-
address HCB-SVC-10.202.43.89-ATABox
set security policies from-zone SVC to-zone GTW policy SVC-GTW-ATABox match
destination-address SLM-GTW-172.18.60.75-iGlobalBANK-UAT
destination-address RM3-GTW-10.145.129.161-ATA_Terminal
destination-address SLM-GTW-NetUX
application NetUXtoATA
set security policies from-zone SVC to-zone GTW policy SVC-GTW-ATABox then permit
set security policies from-zone SVC to-zone GTW policy SVC-GTW-ATABox then log
session-close
set security policies from-zone SVC to-zone GTW policy SVC-GTW-EXIM match source-
address HCB-SVC-10.202.43.67-OAOVSHCBSRV01
set security policies from-zone SVC to-zone GTW policy SVC-GTW-EXIM match
destination-address HKG-GTW-10.202.61.18-BBLAPP07
set security policies from-zone SVC to-zone GTW policy SVC-GTW-EXIM match application
TCP-1025-5000
set security policies from-zone SVC to-zone GTW policy SVC-GTW-EXIM match application
junos-ftp
set security policies from-zone SVC to-zone GTW policy SVC-GTW-EXIM then permit
set security policies from-zone SVC to-zone GTW policy SVC-GTW-EXIM then log session-
close
set security policies from-zone SVC to-zone GTW policy SVC-GTW-HCMBCP-DC_Server match
source-address HCB-SVC-OA_DC
destination-address HCMBCP-10.202.87.176/28-HCMDR_SWIFT_User
application any
set security policies from-zone SVC to-zone GTW policy SVC-GTW-HCMBCP-DC_Server then
permit
set security policies from-zone SVC to-zone GTW policy SVC-GTW-HCMBCP-DC_Server then
log session-close
set security policies from-zone SVC to-zone GTW policy SVC-GTW-HCMBCP-File_Server
match source-address HCB-SVC-OA_File_Server
match destination-address HCMBCP-GTW-10.202.86.0/23-HCMBCP
match destination-address HCMBCP-10.202.87.176/28-HCMDR_SWIFT_User
then permit
set security policies from-zone SVC to-zone GTW policy SVC-GTW-HCMBCP-WSUS_Server
match source-address HCB-SVC-WSUS_OSCE
match destination-address HCMBCP-GTW-10.202.86.0/23-HCMBCP
match destination-address HCMBCP-10.202.87.176/28-HCMDR_SWIFT_User
match application OSCE_1
match application OSCE_2
match application junos-icmp-ping
match application WSUS
match application TCP-60162-60163
then permit
set security policies from-zone SVC to-zone GTW policy SVC-GTW-NAC-
Deploy_AnyConnect_rule1 match source-address HCB-SVC-10.202.43.70-OAOVSHCBMNT01
Deploy_AnyConnect_rule1 match destination-address 172.18.16.165-oahqecmsql01
Deploy_AnyConnect_rule1 match application TCP-1433
Deploy_AnyConnect_rule1 then permit
Deploy_AnyConnect_rule1 then log session-init
set security policies from-zone SVC to-zone GTW policy SVC-GTW-DeepSecurity_rule1
match source-address HCB-SVC-10.202.43.65-OAOVSHCBSDC01
match destination-address SLM-GTW-10.230.241.35-IT-AV-AP-1102.oa.bbl
match destination-address RM3-GTW-10.231.241.35-IT-AV-AP-1101.oa.bbl
then permit
match destination-address RM3-GTW-10.231.176.24-SM-SPS01
match destination-address SLM-GTW-10.230.176.24-SM-SPS02
then permit
set security policies from-zone SVC to-zone GTW policy SVC-GTW-McAfee_to_DXL match
source-address HCB-SVC-10.202.43.70-OAOVSHCBMNT01
destination-address SLM-GTW-10.230.176.29-SM-AV-DXL03
set security policies from-zone SVC to-zone GTW policy SVC-GTW-McAfee_to_DXL then
permit
set security policies from-zone SVC to-zone GTW policy SVC-GTW-McAfee_to_DXL then log
session-init
set security policies from-zone SVC to-zone GTW policy SVC-GTW-SCOM match source-
address HCB-SVC-10.202.43.70-OAOVSHCBMNT01
set security policies from-zone SVC to-zone GTW policy SVC-GTW-SCOM match
destination-address RM3-GTW-10.231.241.129-IT-OM-MS-1101
set security policies from-zone SVC to-zone GTW policy SVC-GTW-SCOM match
destination-address RM3-GTW-10.231.241.130-IT-OM-MS-1102
set security policies from-zone SVC to-zone GTW policy SVC-GTW-SCOM match application
TCP-5723
set security policies from-zone SVC to-zone GTW policy SVC-GTW-SCOM then permit
set security policies from-zone SVC to-zone GTW policy SVC-GTW-SCOM then log session-
init
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-DENY match source-
address any
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-DENY match
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-DENY match
application any
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-DENY then deny
set security policies from-zone SVC to-zone GTW policy G-SVC-GTW-DENY then log
session-init
set security policies from-zone USR to-zone INT policy G-USR-INT-SKYPE_1 match
source-address any
destination-address SLM-INT-119.46.64.90-access.bangkokbank.com
destination-address SLM-INT-119.46.64.91-webcon.bangkokbank.com
destination-address SLM-INT-119.46.64.92-av.bangkokbank.com
destination-address SLM-INT-119.46.64.94-meet.bangkokbank.com
destination-address SLM-INT-119.46.64.95-Meet.bangkokbank.com
destination-address SLM-INT-119.46.64.96-ucwebext.bangkokbank.com
destination-address SLM-INT-119.46.64.97-oos.bangkokbank.com
set security policies from-zone USR to-zone INT policy G-USR-INT-SKYPE_1 then permit
source-address any
source-address any
source-address any
application Skype_Server
application Lync_Server
set security policies from-zone USR to-zone INT policy G-USR-INT-MSTeam match source-
address any
set security policies from-zone USR to-zone INT policy G-USR-INT-MSTeam match
destination-address INT-52.112.0.0/14-MSTeam
application junos-stun
application UDP_3480-3481
set security policies from-zone USR to-zone INT policy G-USR-INT-MSTeam then permit
set security policies from-zone USR to-zone INT policy G-USR-INT-Outlook_Client match
source-address any
destination-address INT-110.164.11.0/24-msftconnecttest.com_msftncsi.com
set security policies from-zone USR to-zone INT policy G-USR-INT-Outlook_Client then
permit
set security policies from-zone USR to-zone INT policy G-USR-INT-Outlook_Client-URL
match destination-address msftncsi.com
match destination-address msftconnecttest.com
then permit
set security policies from-zone USR to-zone INT policy USR-INT-VCBMoney match source-
set security policies from-zone USR to-zone INT policy USR-INT-VCBMoney match
destination-address VCB-INT-103.11.172.4-VietcomBank
destination-address VCB-INT-103.11.172.38-Vietcombank
destination-address VCB-INT-203.162.0.181-VCB_Money_DNS1
set security policies from-zone USR to-zone INT policy USR-INT-VCBMoney then permit
set security policies from-zone USR to-zone INT policy USR-INT-PulseSecure match
destination-address HCB-INT-110.164.206.23-rmt.bbl.co.th
destination-address HCB-INT-119.46.71.23-SSLVPNRama3
destination-address HCB-INT-110.164.207.23-SSLVPNRama3
set security policies from-zone USR to-zone INT policy USR-INT-PulseSecure then
permit
set security policies from-zone USR to-zone INT policy USR-INT-IBDV match source-
set security policies from-zone USR to-zone INT policy USR-INT-IBDV match
destination-address HCB-INT-203.201.56.140-payment.bidv.com.vn
set security policies from-zone USR to-zone INT policy USR-INT-IBDV match application
junos-https
junos-ping
junos-icmp-all
set security policies from-zone USR to-zone INT policy USR-INT-IBDV then permit
set security policies from-zone USR to-zone INT policy USR-INT-NFSC description
"application NFSC to report National Financial Supervisory
Commission.(Http://fmsis.nfsc.vn:9100.)"
set security policies from-zone USR to-zone INT policy USR-INT-NFSC match source-
set security policies from-zone USR to-zone INT policy USR-INT-NFSC match
destination-address HCB-INT-116.96.143.156-Fmsis.nfsc.vn
set security policies from-zone USR to-zone INT policy USR-INT-NFSC match application
TCP-9100
junos-http
junos-icmp-all
set security policies from-zone USR to-zone INT policy USR-INT-NFSC then permit
set security policies from-zone USR to-zone INT policy USR-INT-DIV description
set security policies from-zone USR to-zone INT policy USR-INT-DIV match source-
set security policies from-zone USR to-zone INT policy USR-INT-DIV match destination-
address HCB-INT-124.158.7.35-info.div.gov.vn
set security policies from-zone USR to-zone INT policy USR-INT-DIV match destination-
set security policies from-zone USR to-zone INT policy USR-INT-DIV match application
TCP-6900
set security policies from-zone USR to-zone INT policy USR-INT-DIV match application
junos-icmp-all
set security policies from-zone USR to-zone INT policy USR-INT-DIV then permit
set security policies from-zone USR to-zone INT policy USR-INT-DIV-02 description
set security policies from-zone USR to-zone INT policy USR-INT-DIV-02 match source-
set security policies from-zone USR to-zone INT policy USR-INT-DIV-02 match
destination-address HCB-INT-124.158.4.139-icmftp.div.gov.vn
set security policies from-zone USR to-zone INT policy USR-INT-DIV-02 then permit
address HCB-USR-10.202.42.125
destination-address HCB-INT-49.156.55.196-info.div.gov.vn
application TCP-20
set security policies from-zone USR to-zone INT policy USR-INT-DIV-03 then permit
set security policies from-zone USR to-zone INT policy USR-INT-FTP_hopthuthongtin
description "application NFSC to report National Financial Supervisory Commission.
(Http://fmsis.nfsc.vn:9100.)"
match source-address HCB-USR-10.202.42.154-FTP-USER
match source-address HCB-USR-10.202.42.156-HC01RPT
match destination-address VN-INT-221.132.39.104-hopthuthongtin.com.vn
then permit
set security policies from-zone USR to-zone INT policy USR-INT-WGW-McAfee_POP match
destination-address McAfee_POP_HK
destination-address McAfee_POP_SG
application TCP-500
set security policies from-zone USR to-zone INT policy USR-INT-WGW-McAfee_POP then
permit
set security policies from-zone USR to-zone INT policy USR-INT-WGW-McAfee_POP then
log session-close
set security policies from-zone USR to-zone INT policy USR-INT-Test_Printer_Reuter
match source-address HCB-USR-10.202.42.5-WKHCB125
match destination-address 192.165.220.164-Reuter
then permit
set security policies from-zone USR to-zone INT policy USR-INT-SBV_Report match
source-address HCB-USR-10.202.42.153-HC02LPS-IPBS
source-address HCB-USR-10.202.42.155-HC01RPT
source-address HCB-USR-10.202.42.156-HC01RPT
source-address HCB-USR-10.202.42.154-New_IBPS_PC
destination-address INT-202.58.245.172-SBV
set security policies from-zone USR to-zone INT policy USR-INT-SBV_Report then permit
set security policies from-zone USR to-zone INT policy USR-INT-SBV_Report then log
session-close
set security policies from-zone USR to-zone INT policy USR-INT-thuedientu match
destination-address INT-103.9.200.87-thuedientu.gdt.gov.vn
set security policies from-zone USR to-zone INT policy USR-INT-thuedientu then permit
set security policies from-zone USR to-zone INT policy USR-INT-thuedientu then log
session-close
set security policies from-zone USR to-zone INT policy USR-INT-O365 match source-
set security policies from-zone USR to-zone INT policy USR-INT-O365 match
destination-address INT-13.107.4.52-msftconnecttest.com
set security policies from-zone USR to-zone INT policy USR-INT-O365 match application
junos-http
set security policies from-zone USR to-zone INT policy USR-INT-O365 match application
junos-https
set security policies from-zone USR to-zone INT policy USR-INT-O365 then permit
set security policies from-zone USR to-zone INT policy USR-INT-O365 then log session-
close
set security policies from-zone USR to-zone INT policy USR-INT-qlvb-sbv match source-
set security policies from-zone USR to-zone INT policy USR-INT-qlvb-sbv match
destination-address INT-103.205.100.81-qlvb.sbv.hanoi.gov.vn
set security policies from-zone USR to-zone INT policy USR-INT-qlvb-sbv then permit
set security policies from-zone USR to-zone INT policy USR-INT-qlvb-sbv then log
session-close
set security policies from-zone USR to-zone INT policy USR-INT-Outlook_Client match
set security policies from-zone USR to-zone INT policy USR-INT-Outlook_Client then
permit
set security policies from-zone USR to-zone INT policy G-USR-INT-DENY match source-
address any
set security policies from-zone USR to-zone INT policy G-USR-INT-DENY match
set security policies from-zone USR to-zone INT policy G-USR-INT-DENY match
application any
set security policies from-zone USR to-zone INT policy G-USR-INT-DENY then deny
set security policies from-zone USR to-zone INT policy G-USR-INT-DENY then log
session-init
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-DC match source-
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-DC match
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-DC match application
any
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-DC then permit
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-DC then log session-
close
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-Remote match source-
address RM3-GTW-FW_Admin
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-Remote match
application TCP-139
application iLO_1
application iLO_2
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-Remote then permit
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-Remote then log
session-close
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-Endpoint_Upgrade
then permit
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-NAC-
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-VA_Scan match
application any
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-VA_Scan then permit
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-VA_Scan then log
session-init
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-CA_NSM match source-
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-CA_NSM match
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-CA_NSM match
application CA_NSM
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-CA_NSM then permit
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-CA_NSM then log
session-close
set security policies from-zone GTW to-zone MGT policy GTW-MGT-LOG_NTP match source-
set security policies from-zone GTW to-zone MGT policy GTW-MGT-LOG_NTP match
application junos-syslog
set security policies from-zone GTW to-zone MGT policy GTW-MGT-LOG_NTP then permit
set security policies from-zone GTW to-zone MGT policy GTW-MGT-LOG_NTP then log
session-close
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-ICMP match source-
address any
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-ICMP match
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-ICMP match
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-ICMP then permit
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-ICMP then log
session-close
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-DENY match source-
address any
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-DENY match
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-DENY match
application any
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-DENY then deny
set security policies from-zone GTW to-zone MGT policy G-GTW-MGT-DENY then log
session-init
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-DC match source-
address any
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-DC match
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-DC match application
any
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-DC then permit
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-DC then log session-
close
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-Mail match source-
address any
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-Mail match
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-Mail then permit
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-Mail then log
session-close
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-Endpoint_Upgrade
then permit
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-NAC-
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-PKIISC1101 match
application TCP-135
application TCP-443
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-PKIISC1101 then
permit
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-PKIISC1101 then log
session-close
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-SUP match source-
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-SUP match
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-SUP match
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-SUP then permit
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-SUP then log
session-init
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-ACS match source-
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-ACS match
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-ACS match
application TCP-49
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-ACS then permit
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-ACS then log
session-close
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-CA_NSM match source-
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-CA_NSM match
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-CA_NSM match
application CA_NSM
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-CA_NSM then permit
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-CA_NSM then log
session-close
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-NAC-TACACS match
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-NAC-TACACS then
permit
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-NAC-TACACS then log
session-init
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-Upgrade_Firmware
then permit
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-NTP match source-
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-NTP match
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-NTP then permit
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-NTP then log
session-close
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-ICMP match source-
address any
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-ICMP match
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-ICMP match
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-ICMP then permit
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-ICMP then log
session-close
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-DENY match source-
address any
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-DENY match
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-DENY match
application any
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-DENY then deny
set security policies from-zone MGT to-zone GTW policy G-MGT-GTW-DENY then log
session-init
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-Mail match source-
address any
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-Mail match
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-Mail then permit
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-Mail then log
session-close
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-Endpoint_Upgrade
then permit
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-NAC-
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-PKIISC1101 match
application TCP-135
application TCP-443
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-PKIISC1101 then
permit
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-PKIISC1101 then log
session-close
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-SUP match source-
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-SUP match
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-SUP match
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-SUP then permit
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-SUP then log
session-init
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-CA_NSM match source-
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-CA_NSM match
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-CA_NSM match
application CA_NSM
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-CA_NSM then permit
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-CA_NSM then log
session-close
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-NAC-TACACS match
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-NAC-TACACS then
permit
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-NAC-TACACS then log
session-init
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-Upgrade_Firmware
then permit
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-NTP match source-
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-NTP match
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-NTP then permit
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-NTP then log
session-close
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-ICMP match source-
address any
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-ICMP match
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-ICMP match
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-ICMP then permit
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-ICMP then log
session-close
set security policies from-zone DCT to-zone GTW policy DCT-GTW-iCash match source-
address HCB-DCT-10.202.43.97-HC04LPS
set security policies from-zone DCT to-zone GTW policy DCT-GTW-iCash match source-
set security policies from-zone DCT to-zone GTW policy DCT-GTW-iCash match
destination-address RM3-GTW-172.26.78.10
set security policies from-zone DCT to-zone GTW policy DCT-GTW-iCash match
set security policies from-zone DCT to-zone GTW policy DCT-GTW-iCash then permit
set security policies from-zone DCT to-zone GTW policy DCT-GTW-iCash then log
session-close
set security policies from-zone DCT to-zone GTW policy DCT-GTW-HCMBCP-Any match
source-address any
application any
set security policies from-zone DCT to-zone GTW policy DCT-GTW-HCMBCP-Any then permit
set security policies from-zone DCT to-zone GTW policy DCT-GTW-HCMBCP-Any then log
session-close
set security policies from-zone DCT to-zone GTW policy DCT-GTW-Custody match source-
address HCB-DCT-10.202.43.103-HCVSDSTP01
set security policies from-zone DCT to-zone GTW policy DCT-GTW-Custody match source-
set security policies from-zone DCT to-zone GTW policy DCT-GTW-Custody match
destination-address SLM-GTW-172.20.10.30-sftp_server_test
destination-address RM3-GTW-172.28.10.20-SFTP_Server
set security policies from-zone DCT to-zone GTW policy DCT-GTW-Custody then permit
set security policies from-zone DCT to-zone GTW policy DCT-GTW-Custody then log
session-close
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-DENY match source-
address any
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-DENY match
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-DENY match
application any
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-DENY then deny
set security policies from-zone DCT to-zone GTW policy G-DCT-GTW-DENY then log
session-init
set security policies from-zone GTW to-zone INT policy G-GTW-INT-VA_Scan match
application any
set security policies from-zone GTW to-zone INT policy G-GTW-INT-VA_Scan then permit
set security policies from-zone GTW to-zone INT policy G-GTW-INT-VA_Scan then log
session-init
set security policies from-zone GTW to-zone INT policy G-GTW-INT-CA_NSM match source-
set security policies from-zone GTW to-zone INT policy G-GTW-INT-CA_NSM match
set security policies from-zone GTW to-zone INT policy G-GTW-INT-CA_NSM match
application CA_NSM
set security policies from-zone GTW to-zone INT policy G-GTW-INT-CA_NSM then permit
set security policies from-zone GTW to-zone INT policy G-GTW-INT-CA_NSM then log
session-close
set security policies from-zone GTW to-zone INT policy G-GTW-INT-ICMP match source-
address any
set security policies from-zone GTW to-zone INT policy G-GTW-INT-ICMP match
set security policies from-zone GTW to-zone INT policy G-GTW-INT-ICMP match
set security policies from-zone GTW to-zone INT policy G-GTW-INT-ICMP then permit
set security policies from-zone GTW to-zone INT policy G-GTW-INT-ICMP then log
session-close
set security policies from-zone GTW to-zone INT policy GTW-INT-Skype match source-
address HNB-USR-10.202.40.0/24-USR_PC
set security policies from-zone GTW to-zone INT policy GTW-INT-Skype match source-
address HNB-USR-10.202.40.190-MeetingRoom
set security policies from-zone GTW to-zone INT policy GTW-INT-Skype match
application any
set security policies from-zone GTW to-zone INT policy GTW-INT-Skype then permit
set security policies from-zone GTW to-zone INT policy GTW-INT-Skype then log
session-close
set security policies from-zone GTW to-zone INT policy GTW-INT-VCBMoney match source-
set security policies from-zone GTW to-zone INT policy GTW-INT-VCBMoney match
destination-address VCB-INT-103.11.172.4-VietcomBank
destination-address VCB-INT-10.1.1.18-Vietcombank.com.vn
application TCP-20
set security policies from-zone GTW to-zone INT policy GTW-INT-VCBMoney then permit
set security policies from-zone GTW to-zone INT policy GTW-INT-VCBMoney then log
session-close
set security policies from-zone GTW to-zone INT policy GTW-INT-BIDV match source-
set security policies from-zone GTW to-zone INT policy GTW-INT-BIDV match
destination-address HCB-INT-203.201.56.140-payment.bidv.com.vn
set security policies from-zone GTW to-zone INT policy GTW-INT-BIDV match application
junos-https
junos-ping
junos-icmp-all
set security policies from-zone GTW to-zone INT policy GTW-INT-BIDV then permit
set security policies from-zone GTW to-zone INT policy GTW-INT-DIV match source-
set security policies from-zone GTW to-zone INT policy GTW-INT-DIV match destination-
set security policies from-zone GTW to-zone INT policy GTW-INT-DIV match destination-
set security policies from-zone GTW to-zone INT policy GTW-INT-DIV match application
TCP-6900
set security policies from-zone GTW to-zone INT policy GTW-INT-DIV match application
junos-icmp-all
set security policies from-zone GTW to-zone INT policy GTW-INT-DIV then permit
set security policies from-zone GTW to-zone INT policy GTW-INT-DIV-02 match source-
set security policies from-zone GTW to-zone INT policy GTW-INT-DIV-02 match
set security policies from-zone GTW to-zone INT policy GTW-INT-DIV-02 then permit
address HNB-USR-10.202.40.171-Hung_PC
address HNB-USR-10.202.40.168
address HNB-USR-10.202.40.172
application TCP-20
set security policies from-zone GTW to-zone INT policy GTW-INT-DIV-03 then permit
set security policies from-zone GTW to-zone INT policy GTW-INT-NFSC description
set security policies from-zone GTW to-zone INT policy GTW-INT-NFSC match source-
set security policies from-zone GTW to-zone INT policy GTW-INT-NFSC match
destination-address HCB-INT-116.96.143.156-Fmsis.nfsc.vn
set security policies from-zone GTW to-zone INT policy GTW-INT-NFSC match application
TCP-9100
junos-http
TCP-9200
TCP-9000
junos-icmp-all
set security policies from-zone GTW to-zone INT policy GTW-INT-NFSC then permit
set security policies from-zone GTW to-zone INT policy GTW-INT-WGW-McAfee_POP match
destination-address McAfee_POP_Laos_SGB_VN_PH_CBD_MYM
application TCP-500
set security policies from-zone GTW to-zone INT policy GTW-INT-WGW-McAfee_POP then
permit
set security policies from-zone GTW to-zone INT policy GTW-INT-WGW-McAfee_POP then
log session-close
set security policies from-zone GTW to-zone INT policy GTW-INT-O365 match source-
address HCMBCP-GTW-10.202.86.0/23-HCMBCP
set security policies from-zone GTW to-zone INT policy GTW-INT-O365 match
destination-address INT-13.107.4.52-msftconnecttest.com
set security policies from-zone GTW to-zone INT policy GTW-INT-O365 match application
junos-http
set security policies from-zone GTW to-zone INT policy GTW-INT-O365 match application
junos-https
set security policies from-zone GTW to-zone INT policy GTW-INT-O365 then permit
set security policies from-zone GTW to-zone INT policy GTW-INT-O365 then log session-
close
set security policies from-zone GTW to-zone INT policy G-GTW-INT-DENY match source-
address any
set security policies from-zone GTW to-zone INT policy G-GTW-INT-DENY match
set security policies from-zone GTW to-zone INT policy G-GTW-INT-DENY match
application any
set security policies from-zone GTW to-zone INT policy G-GTW-INT-DENY then deny
set security policies from-zone GTW to-zone INT policy G-GTW-INT-DENY then log
session-init
set security policies from-zone GTW to-zone EXT policy G-GTW-EXT-VA_Scan match
application any
set security policies from-zone GTW to-zone EXT policy G-GTW-EXT-VA_Scan then permit
set security policies from-zone GTW to-zone EXT policy G-GTW-EXT-VA_Scan then log
session-init
set security policies from-zone GTW to-zone EXT policy G-GTW-EXT-CA_NSM match source-
set security policies from-zone GTW to-zone EXT policy G-GTW-EXT-CA_NSM match
set security policies from-zone GTW to-zone EXT policy G-GTW-EXT-CA_NSM match
application CA_NSM
set security policies from-zone GTW to-zone EXT policy G-GTW-EXT-CA_NSM then permit
set security policies from-zone GTW to-zone EXT policy G-GTW-EXT-CA_NSM then log
session-close
set security policies from-zone GTW to-zone EXT policy G-GTW-EXT-ICMP match source-
address any
set security policies from-zone GTW to-zone EXT policy G-GTW-EXT-ICMP match
set security policies from-zone GTW to-zone EXT policy G-GTW-EXT-ICMP match
set security policies from-zone GTW to-zone EXT policy G-GTW-EXT-ICMP then permit
set security policies from-zone GTW to-zone EXT policy G-GTW-EXT-ICMP then log
session-close
set security policies from-zone GTW to-zone EXT policy G-GTW-EXT-DENY match source-
address any
set security policies from-zone GTW to-zone EXT policy G-GTW-EXT-DENY match
set security policies from-zone GTW to-zone EXT policy G-GTW-EXT-DENY match
application any
set security policies from-zone GTW to-zone EXT policy G-GTW-EXT-DENY then deny
set security policies from-zone GTW to-zone EXT policy G-GTW-EXT-DENY then log
session-init
set security policies from-zone INT to-zone GTW policy G-INT-GTW-SUP match source-
set security policies from-zone INT to-zone GTW policy G-INT-GTW-SUP match
set security policies from-zone INT to-zone GTW policy G-INT-GTW-SUP match
set security policies from-zone INT to-zone GTW policy G-INT-GTW-SUP then permit
set security policies from-zone INT to-zone GTW policy G-INT-GTW-SUP then log
session-init
set security policies from-zone INT to-zone GTW policy G-INT-GTW-ACS match source-
set security policies from-zone INT to-zone GTW policy G-INT-GTW-ACS match
set security policies from-zone INT to-zone GTW policy G-INT-GTW-ACS match
application TCP-49
set security policies from-zone INT to-zone GTW policy G-INT-GTW-ACS then permit
set security policies from-zone INT to-zone GTW policy G-INT-GTW-ACS then log
session-close
set security policies from-zone INT to-zone GTW policy G-INT-GTW-CA_NSM match source-
set security policies from-zone INT to-zone GTW policy G-INT-GTW-CA_NSM match
set security policies from-zone INT to-zone GTW policy G-INT-GTW-CA_NSM match
application CA_NSM
set security policies from-zone INT to-zone GTW policy G-INT-GTW-CA_NSM then permit
set security policies from-zone INT to-zone GTW policy G-INT-GTW-CA_NSM then log
session-close
set security policies from-zone INT to-zone GTW policy G-INT-GTW-NAC-TACACS match
set security policies from-zone INT to-zone GTW policy G-INT-GTW-NAC-TACACS then
permit
set security policies from-zone INT to-zone GTW policy G-INT-GTW-NAC-TACACS then log
session-init
set security policies from-zone INT to-zone GTW policy G-INT-GTW-Upgrade_Firmware
then permit
set security policies from-zone INT to-zone GTW policy G-INT-GTW-NTP match source-
set security policies from-zone INT to-zone GTW policy G-INT-GTW-NTP match
set security policies from-zone INT to-zone GTW policy G-INT-GTW-NTP then permit
set security policies from-zone INT to-zone GTW policy G-INT-GTW-NTP then log
session-close
set security policies from-zone INT to-zone GTW policy G-INT-GTW-DENY match source-
address any
set security policies from-zone INT to-zone GTW policy G-INT-GTW-DENY match
set security policies from-zone INT to-zone GTW policy G-INT-GTW-DENY match
application any
set security policies from-zone INT to-zone GTW policy G-INT-GTW-DENY then deny
set security policies from-zone INT to-zone GTW policy G-INT-GTW-DENY then log
session-init
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-SUP match source-
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-SUP match
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-SUP match
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-SUP then permit
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-SUP then log
session-init
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-ACS match source-
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-ACS match
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-ACS match
application TCP-49
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-ACS then permit
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-ACS then log
session-close
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-CA_NSM match source-
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-CA_NSM match
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-CA_NSM match
application CA_NSM
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-CA_NSM then permit
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-CA_NSM then log
session-close
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-NAC-TACACS match
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-NAC-TACACS then
permit
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-NAC-TACACS then log
session-init
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-Upgrade_Firmware
then permit
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-NTP match source-
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-NTP match
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-NTP then permit
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-NTP then log
session-close
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-DENY match source-
address any
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-DENY match
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-DENY match
application any
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-DENY then deny
set security policies from-zone EXT to-zone GTW policy G-EXT-GTW-DENY then log
session-init
set security policies from-zone MGT to-zone DCT policy MGT-DCT-Remote match source-
address any
set security policies from-zone MGT to-zone DCT policy MGT-DCT-Remote match
set security policies from-zone MGT to-zone DCT policy MGT-DCT-Remote then permit
set security policies from-zone MGT to-zone DCT policy MGT-DCT-Remote then log
session-close
set security policies from-zone MGT to-zone DCT policy G-MGT-DCT-ICMP match source-
address any
set security policies from-zone MGT to-zone DCT policy G-MGT-DCT-ICMP match
set security policies from-zone MGT to-zone DCT policy G-MGT-DCT-ICMP match
set security policies from-zone MGT to-zone DCT policy G-MGT-DCT-ICMP then permit
set security policies from-zone MGT to-zone DCT policy G-MGT-DCT-ICMP then log
session-close
set security policies from-zone MGT to-zone DCT policy G-MGT-DCT-DENY match source-
address any
set security policies from-zone MGT to-zone DCT policy G-MGT-DCT-DENY match
set security policies from-zone MGT to-zone DCT policy G-MGT-DCT-DENY match
application any
set security policies from-zone MGT to-zone DCT policy G-MGT-DCT-DENY then deny
set security policies from-zone MGT to-zone DCT policy G-MGT-DCT-DENY then log
session-init
set security policies from-zone MGT to-zone EXT policy MGT-EXT-Remote match source-
address any
set security policies from-zone MGT to-zone EXT policy MGT-EXT-Remote match
set security policies from-zone MGT to-zone EXT policy MGT-EXT-Remote then permit
set security policies from-zone MGT to-zone EXT policy MGT-EXT-Remote then log
session-close
set security policies from-zone MGT to-zone EXT policy G-MGT-EXT-ICMP match source-
address any
set security policies from-zone MGT to-zone EXT policy G-MGT-EXT-ICMP match
set security policies from-zone MGT to-zone EXT policy G-MGT-EXT-ICMP match
set security policies from-zone MGT to-zone EXT policy G-MGT-EXT-ICMP then permit
set security policies from-zone MGT to-zone EXT policy G-MGT-EXT-ICMP then log
session-close
set security policies from-zone MGT to-zone EXT policy G-MGT-EXT-DENY match source-
address any
set security policies from-zone MGT to-zone EXT policy G-MGT-EXT-DENY match
set security policies from-zone MGT to-zone EXT policy G-MGT-EXT-DENY match
application any
set security policies from-zone MGT to-zone EXT policy G-MGT-EXT-DENY then deny
set security policies from-zone MGT to-zone EXT policy G-MGT-EXT-DENY then log
session-init
set security policies from-zone MGT to-zone SVC policy MGT-SVC-Remote match source-
address any
set security policies from-zone MGT to-zone SVC policy MGT-SVC-Remote match
set security policies from-zone MGT to-zone SVC policy MGT-SVC-Remote then permit
set security policies from-zone MGT to-zone SVC policy MGT-SVC-Remote then log
session-close
set security policies from-zone MGT to-zone SVC policy G-MGT-SVC-ICMP match source-
address any
set security policies from-zone MGT to-zone SVC policy G-MGT-SVC-ICMP match
set security policies from-zone MGT to-zone SVC policy G-MGT-SVC-ICMP match
set security policies from-zone MGT to-zone SVC policy G-MGT-SVC-ICMP then permit
set security policies from-zone MGT to-zone SVC policy G-MGT-SVC-ICMP then log
session-close
set security policies from-zone MGT to-zone SVC policy MGT-SVC02 match source-address
any
set security policies from-zone MGT to-zone SVC policy MGT-SVC02 match destination-
set security policies from-zone MGT to-zone SVC policy MGT-SVC02 match application
WSUS
OSCE_1
OSCE_2
junos-icmp-ping
set security policies from-zone MGT to-zone SVC policy MGT-SVC02 then permit
set security policies from-zone MGT to-zone SVC policy MGT-SVC02 then log session-
close
any
any
close
any
Proxy
close
set security policies from-zone MGT to-zone SVC policy MGT-SVC-
NAC_Deploy_Anyconnect_rule1 match source-address any
NAC_Deploy_Anyconnect_rule1 match destination-address HCB-SVC-10.202.43.70-
OAOVSHCBMNT01
NAC_Deploy_Anyconnect_rule1 match application junos-http
NAC_Deploy_Anyconnect_rule1 match application UDP-135
NAC_Deploy_Anyconnect_rule1 match application TCP-135
NAC_Deploy_Anyconnect_rule1 match application junos-https
NAC_Deploy_Anyconnect_rule1 match application TCP-49152-65535
NAC_Deploy_Anyconnect_rule1 then permit
NAC_Deploy_Anyconnect_rule1 then log session-close
set security policies from-zone MGT to-zone SVC policy G-MGT-SVC-DENY match source-
address any
set security policies from-zone MGT to-zone SVC policy G-MGT-SVC-DENY match
set security policies from-zone MGT to-zone SVC policy G-MGT-SVC-DENY match
application any
set security policies from-zone MGT to-zone SVC policy G-MGT-SVC-DENY then deny
set security policies from-zone MGT to-zone SVC policy G-MGT-SVC-DENY then log
session-init
set security policies from-zone MGT to-zone USR policy MGT-USR-Remote match source-
address any
set security policies from-zone MGT to-zone USR policy MGT-USR-Remote match
set security policies from-zone MGT to-zone USR policy MGT-USR-Remote then permit
set security policies from-zone MGT to-zone USR policy MGT-USR-Remote then log
session-close
set security policies from-zone MGT to-zone USR policy G-MGT-USR-ICMP match source-
address any
set security policies from-zone MGT to-zone USR policy G-MGT-USR-ICMP match
set security policies from-zone MGT to-zone USR policy G-MGT-USR-ICMP match
set security policies from-zone MGT to-zone USR policy G-MGT-USR-ICMP then permit
set security policies from-zone MGT to-zone USR policy G-MGT-USR-ICMP then log
session-close
set security policies from-zone MGT to-zone USR policy G-MGT-USR-DENY match source-
address any
set security policies from-zone MGT to-zone USR policy G-MGT-USR-DENY match
set security policies from-zone MGT to-zone USR policy G-MGT-USR-DENY match
application any
set security policies from-zone MGT to-zone USR policy G-MGT-USR-DENY then deny
set security policies from-zone MGT to-zone USR policy G-MGT-USR-DENY then log
session-init
set security policies from-zone INT to-zone MGT policy INT-MGT-LOG_NTP match source-
set security policies from-zone INT to-zone MGT policy INT-MGT-LOG_NTP match
set security policies from-zone INT to-zone MGT policy INT-MGT-LOG_NTP then permit
set security policies from-zone INT to-zone MGT policy INT-MGT-LOG_NTP then log
session-close
set security policies from-zone INT to-zone MGT policy G-INT-MGT-DENY match source-
address any
set security policies from-zone INT to-zone MGT policy G-INT-MGT-DENY match
set security policies from-zone INT to-zone MGT policy G-INT-MGT-DENY match
application any
set security policies from-zone INT to-zone MGT policy G-INT-MGT-DENY then deny
set security policies from-zone INT to-zone MGT policy G-INT-MGT-DENY then log
session-init
set security policies from-zone SVC to-zone MGT policy SVC-MGT-LOG_NTP match source-
set security policies from-zone SVC to-zone MGT policy SVC-MGT-LOG_NTP match
set security policies from-zone SVC to-zone MGT policy SVC-MGT-LOG_NTP then permit
set security policies from-zone SVC to-zone MGT policy SVC-MGT-LOG_NTP then log
session-close
set security policies from-zone SVC to-zone MGT policy G-SVC-MGT-ICMP match source-
address any
set security policies from-zone SVC to-zone MGT policy G-SVC-MGT-ICMP match
set security policies from-zone SVC to-zone MGT policy G-SVC-MGT-ICMP match
set security policies from-zone SVC to-zone MGT policy G-SVC-MGT-ICMP then permit
set security policies from-zone SVC to-zone MGT policy G-SVC-MGT-ICMP then log
session-close
set security policies from-zone SVC to-zone MGT policy SVC-MGT02 match source-address
HCB-SVC-OA_DC
set security policies from-zone SVC to-zone MGT policy SVC-MGT02 match destination-
address any
set security policies from-zone SVC to-zone MGT policy SVC-MGT02 match application
any
set security policies from-zone SVC to-zone MGT policy SVC-MGT02 then permit
set security policies from-zone SVC to-zone MGT policy SVC-MGT02 then log session-
close
HCB-SVC-WSUS_OSCE
address any
OSCE_1
OSCE_2
junos-icmp-ping
WSUS
close
HCB-SVC-BlueCoat
address HCB-MGT-10.202.43.129-SMOVSHCBLOG01
junos-ftp
close
set security policies from-zone SVC to-zone MGT policy SVC-MGT-
NAC_Deploy_Anyconnect_rule1 match source-address HCB-SVC-10.202.43.70-OAOVSHCBMNT01
NAC_Deploy_Anyconnect_rule1 match destination-address any
set security policies from-zone SVC to-zone MGT policy G-SVC-MGT-DENY match source-
address any
set security policies from-zone SVC to-zone MGT policy G-SVC-MGT-DENY match
set security policies from-zone SVC to-zone MGT policy G-SVC-MGT-DENY match
application any
set security policies from-zone SVC to-zone MGT policy G-SVC-MGT-DENY then deny
set security policies from-zone SVC to-zone MGT policy G-SVC-MGT-DENY then log
session-init
set security policies from-zone USR to-zone MGT policy USR-MGT-LOG_NTP match source-
set security policies from-zone USR to-zone MGT policy USR-MGT-LOG_NTP match
set security policies from-zone USR to-zone MGT policy USR-MGT-LOG_NTP then permit
set security policies from-zone USR to-zone MGT policy USR-MGT-LOG_NTP then log
session-close
set security policies from-zone USR to-zone MGT policy G-USR-MGT-ICMP match source-
address any
set security policies from-zone USR to-zone MGT policy G-USR-MGT-ICMP match
set security policies from-zone USR to-zone MGT policy G-USR-MGT-ICMP match
set security policies from-zone USR to-zone MGT policy G-USR-MGT-ICMP then permit
set security policies from-zone USR to-zone MGT policy G-USR-MGT-ICMP then log
session-close
set security policies from-zone USR to-zone MGT policy USR-MGT-PAW match source-
address HCB-USR-EDP
set security policies from-zone USR to-zone MGT policy USR-MGT-PAW match destination-
address HCB-MGT-PAW
set security policies from-zone USR to-zone MGT policy USR-MGT-PAW match application
junos-icmp-ping
set security policies from-zone USR to-zone MGT policy USR-MGT-PAW match application
TCP-3389
set security policies from-zone USR to-zone MGT policy USR-MGT-PAW then permit
set security policies from-zone USR to-zone MGT policy USR-MGT-PAW then log session-
close
set security policies from-zone USR to-zone MGT policy G-USR-MGT-DENY match source-
address any
set security policies from-zone USR to-zone MGT policy G-USR-MGT-DENY match
set security policies from-zone USR to-zone MGT policy G-USR-MGT-DENY match
application any
set security policies from-zone USR to-zone MGT policy G-USR-MGT-DENY then deny
set security policies from-zone USR to-zone MGT policy G-USR-MGT-DENY then log
session-init
set security policies from-zone EXT to-zone MGT policy EXT-MGT-LOG_NTP match source-
set security policies from-zone EXT to-zone MGT policy EXT-MGT-LOG_NTP match
set security policies from-zone EXT to-zone MGT policy EXT-MGT-LOG_NTP then permit
set security policies from-zone EXT to-zone MGT policy EXT-MGT-LOG_NTP then log
session-close
set security policies from-zone EXT to-zone MGT policy G-EXT-MGT-DENY match source-
address any
set security policies from-zone EXT to-zone MGT policy G-EXT-MGT-DENY match
set security policies from-zone EXT to-zone MGT policy G-EXT-MGT-DENY match
application any
set security policies from-zone EXT to-zone MGT policy G-EXT-MGT-DENY then deny
set security policies from-zone EXT to-zone MGT policy G-EXT-MGT-DENY then log
session-init
set security policies from-zone USR to-zone SVC policy G-USR-SVC-ICMP match source-
address any
set security policies from-zone USR to-zone SVC policy G-USR-SVC-ICMP match
set security policies from-zone USR to-zone SVC policy G-USR-SVC-ICMP match
set security policies from-zone USR to-zone SVC policy G-USR-SVC-ICMP then permit
set security policies from-zone USR to-zone SVC policy G-USR-SVC-ICMP then log
session-close
set security policies from-zone USR to-zone SVC policy USR-SVC01 match source-address
any
set security policies from-zone USR to-zone SVC policy USR-SVC01 match destination-
set security policies from-zone USR to-zone SVC policy USR-SVC01 match application
any
set security policies from-zone USR to-zone SVC policy USR-SVC01 then permit
set security policies from-zone USR to-zone SVC policy USR-SVC01 then log session-
close
set security policies from-zone USR to-zone SVC policy USR-SVC02-testScanner match
source-address any
destination-address HCB-SVC-10.202.43.86-TestPAE
application any
set security policies from-zone USR to-zone SVC policy USR-SVC02-testScanner then
permit
set security policies from-zone USR to-zone SVC policy USR-SVC02-testScanner then log
session-close
any
address HCB-SVC-OA_File_Server
address HCB-SVC-10.202.43.72-NAS_Server
ms-file-service
junos-ping
junos-dhcp-relay
junos-smb
close
any
Proxy
junos-icmp-all
junos-ssh
TCP-8082
TCP-1080
close
any
OSCE_1
OSCE_2
junos-icmp-ping
WSUS
close
HCB-USR-EDP
Proxy-MGMT
junos-ping
close
set security policies from-zone USR to-zone SVC policy USR-SVC-PABX match source-
set security policies from-zone USR to-zone SVC policy USR-SVC-PABX match
destination-address HCB-SVC-10.202.43.86-PABX
set security policies from-zone USR to-zone SVC policy USR-SVC-PABX match application
junos-http
set security policies from-zone USR to-zone SVC policy USR-SVC-PABX match application
junos-https
set security policies from-zone USR to-zone SVC policy USR-SVC-PABX then permit
set security policies from-zone USR to-zone SVC policy USR-SVC-PABX then log session-
close
set security policies from-zone USR to-zone SVC policy USR-SVC-VoiceRecorder match
destination-address HCB-SVC-10.202.43.86-VoiceRecorder
set security policies from-zone USR to-zone SVC policy USR-SVC-VoiceRecorder then
permit
set security policies from-zone USR to-zone SVC policy USR-SVC-VoiceRecorder then log
session-close
set security policies from-zone USR to-zone SVC policy USR-SVC-
NAC_Deploy_Anyconnect_rule1 match source-address HCM-USR-10.202.42.0/24-USR_PC
NAC_Deploy_Anyconnect_rule1 match source-address HCB-USR-10.202.43.176/28-SWIFT_User
OAOVSHCBMNT01
set security policies from-zone USR to-zone SVC policy G-USR-SVC-DENY match source-
address any
set security policies from-zone USR to-zone SVC policy G-USR-SVC-DENY match
set security policies from-zone USR to-zone SVC policy G-USR-SVC-DENY match
application any
set security policies from-zone USR to-zone SVC policy G-USR-SVC-DENY then deny
set security policies from-zone USR to-zone SVC policy G-USR-SVC-DENY then log
session-init
set security policies from-zone USR to-zone DCT policy G-USR-DCT-ICMP match source-
address any
set security policies from-zone USR to-zone DCT policy G-USR-DCT-ICMP match
set security policies from-zone USR to-zone DCT policy G-USR-DCT-ICMP match
set security policies from-zone USR to-zone DCT policy G-USR-DCT-ICMP then permit
set security policies from-zone USR to-zone DCT policy G-USR-DCT-ICMP then log
session-close
set security policies from-zone USR to-zone DCT policy USR-DCT-ETAX-any match source-
set security policies from-zone USR to-zone DCT policy USR-DCT-ETAX-any match
destination-address HCB-GTW-10.202.43.100-ETAX
application any
set security policies from-zone USR to-zone DCT policy USR-DCT-ETAX-any then permit
set security policies from-zone USR to-zone DCT policy USR-DCT-CITAD match source-
set security policies from-zone USR to-zone DCT policy USR-DCT-CITAD match
destination-address HCB-DCT-10.202.43.97-HC04LPS
application rexec
application junos-nbname
set security policies from-zone USR to-zone DCT policy USR-DCT-CITAD then permit
set security policies from-zone USR to-zone DCT policy USR-DCT-VCB_Local_Payment
match destination-address HCB-DCT-10.202.43.102-HCSERVER02
set security policies from-zone USR to-zone DCT policy USR-DCT-VCB_Local_Payment then
permit
set security policies from-zone USR to-zone DCT policy USR-DCT-Remote_Custody_Server
match destination-address HCB-DCT-10.202.43.103-HCVSDSTP01
match destination-address HCB-DCT-10.202.43.104-HCVSDSTP02
then permit
set security policies from-zone USR to-zone DCT policy USR-DCT-Custody match source-
set security policies from-zone USR to-zone DCT policy USR-DCT-Custody match
destination-address HCB-DCT-10.202.43.103-HCVSDSTP01
destination-address HCB-DCT-10.202.43.104-HCVSDSTP02
set security policies from-zone USR to-zone DCT policy USR-DCT-Custody then permit
set security policies from-zone USR to-zone DCT policy G-USR-DCT-DENY match source-
address any
set security policies from-zone USR to-zone DCT policy G-USR-DCT-DENY match
set security policies from-zone USR to-zone DCT policy G-USR-DCT-DENY match
application any
set security policies from-zone USR to-zone DCT policy G-USR-DCT-DENY then deny
set security policies from-zone USR to-zone DCT policy G-USR-DCT-DENY then log
session-init
set security policies from-zone USR to-zone EXT policy G-USR-EXT-ICMP match source-
address any
set security policies from-zone USR to-zone EXT policy G-USR-EXT-ICMP match
set security policies from-zone USR to-zone EXT policy G-USR-EXT-ICMP match
set security policies from-zone USR to-zone EXT policy G-USR-EXT-ICMP then permit
set security policies from-zone USR to-zone EXT policy G-USR-EXT-ICMP then log
session-close
set security policies from-zone USR to-zone EXT policy USR-EXT01 match source-address
HCM-USR-10.202.42.0/24-USR_PC
set security policies from-zone USR to-zone EXT policy USR-EXT01 match destination-
address HNB-EXT-192.168.10.11-SBV
address HCB-EXT-192.168.10.13-SBV
set security policies from-zone USR to-zone EXT policy USR-EXT01 match application
junos-icmp-all
junos-ike
junos-ike-nat
UDP-4500
TCP-8001
set security policies from-zone USR to-zone EXT policy USR-EXT01 then permit
set security policies from-zone USR to-zone EXT policy USR-EXT01 then log session-
close
set security policies from-zone USR to-zone EXT policy USR-EXT-IPBS match source-
set security policies from-zone USR to-zone EXT policy USR-EXT-IPBS match
destination-address HCB-EXT-202.58.245.50-sbvsub.sbv.gov.vn
set security policies from-zone USR to-zone EXT policy USR-EXT-IPBS match
destination-address HCB-EXT-202.58.245.51-sbvldap.sbv.gov.vn
set security policies from-zone USR to-zone EXT policy USR-EXT-IPBS match application
TCP-829
set security policies from-zone USR to-zone EXT policy USR-EXT-IPBS match application
junos-ldap
set security policies from-zone USR to-zone EXT policy USR-EXT-IPBS then permit
set security policies from-zone USR to-zone EXT policy USR-EXT-IPBS then log session-
close
set security policies from-zone USR to-zone EXT policy USR-EXT-BPS match source-
address HCB-USR-10.202.42.155-HC01RPT
address HCB-USR-10.202.42.156-HC01RPT
address HCB-USR-10.202.42.162-ReserveBPSReport
address HCB-USR-10.202.42.163-ReserveBPSReport
set security policies from-zone USR to-zone EXT policy USR-EXT-BPS match destination-
address any
set security policies from-zone USR to-zone EXT policy USR-EXT-BPS match application
any
set security policies from-zone USR to-zone EXT policy USR-EXT-BPS then permit
set security policies from-zone USR to-zone EXT policy USR-EXT-BPS then log session-
close
set security policies from-zone USR to-zone EXT policy USR-EXT-Thomsan match source-
set security policies from-zone USR to-zone EXT policy USR-EXT-Thomsan match
set security policies from-zone USR to-zone EXT policy USR-EXT-Thomsan then permit
set security policies from-zone USR to-zone EXT policy USR-EXT-Thomsan then log
session-close
set security policies from-zone USR to-zone EXT policy USR-EXT-SAS_report match
destination-address HCB-EXT-202.58.245.14-DTS2.0
set security policies from-zone USR to-zone EXT policy USR-EXT-SAS_report then permit
set security policies from-zone USR to-zone EXT policy USR-EXT-SAS_report then log
session-close
set security policies from-zone USR to-zone EXT policy USR-EXT-CITAD match source-
address HCB-USR-10.202.42.153-HC02LPS-IPBS
set security policies from-zone USR to-zone EXT policy USR-EXT-CITAD match
destination-address HNB-EXT-202.58.245.122-SBV
application junos-telnet
set security policies from-zone USR to-zone EXT policy USR-EXT-CITAD then permit
set security policies from-zone USR to-zone EXT policy USR-EXT-CITAD then log
session-close
set security policies from-zone USR to-zone EXT policy USR-EXT-IPBS-any match source-
address HCB-USR-10.202.42.153-HC02LPS-IPBS
set security policies from-zone USR to-zone EXT policy USR-EXT-IPBS-any match
set security policies from-zone USR to-zone EXT policy USR-EXT-IPBS-any match
application any
set security policies from-zone USR to-zone EXT policy USR-EXT-IPBS-any then permit
set security policies from-zone USR to-zone EXT policy USR-EXT-IPBS-any then log
session-close
set security policies from-zone USR to-zone EXT policy USR-EXT-Remote_Custody_Server
match destination-address HCB-EXT-10.202.43.193-HCVSDSVR
then permit
set security policies from-zone USR to-zone EXT policy G-USR-EXT-DENY match source-
address any
set security policies from-zone USR to-zone EXT policy G-USR-EXT-DENY match
set security policies from-zone USR to-zone EXT policy G-USR-EXT-DENY match
application any
set security policies from-zone USR to-zone EXT policy G-USR-EXT-DENY then deny
set security policies from-zone USR to-zone EXT policy G-USR-EXT-DENY then log
session-init
set security policies from-zone USR to-zone VPN-OSC policy USR-VPN-OSC-VOIP match
destination-address HCB-VPN-172.16.188.1-Tunnel_interface
destination-address HKG-GTW-192.255.1.112-SIPServer
application any
set security policies from-zone USR to-zone VPN-OSC policy USR-VPN-OSC-VOIP then
permit
set security policies from-zone SVC to-zone USR policy G-SVC-USR-ICMP match source-
address any
set security policies from-zone SVC to-zone USR policy G-SVC-USR-ICMP match
set security policies from-zone SVC to-zone USR policy G-SVC-USR-ICMP match
set security policies from-zone SVC to-zone USR policy G-SVC-USR-ICMP then permit
set security policies from-zone SVC to-zone USR policy G-SVC-USR-ICMP then log
session-close
set security policies from-zone SVC to-zone USR policy SVC-USR-DenyRemoteSWIFT match
source-address any
set security policies from-zone SVC to-zone USR policy SVC-USR-DenyRemoteSWIFT then
deny
set security policies from-zone SVC to-zone USR policy SVC-USR-DenyRemoteSWIFT then
log session-close
set security policies from-zone SVC to-zone USR policy SVC-USR01 match source-address
HCB-SVC-OA_DC
set security policies from-zone SVC to-zone USR policy SVC-USR01 match destination-
address any
set security policies from-zone SVC to-zone USR policy SVC-USR01 match application
any
set security policies from-zone SVC to-zone USR policy SVC-USR01 then permit
set security policies from-zone SVC to-zone USR policy SVC-USR01 then log session-
close
set security policies from-zone SVC to-zone USR policy SVC-USR02-TestScanner match
source-address HCB-SVC-OA_File_Server
application any
set security policies from-zone SVC to-zone USR policy SVC-USR02-TestScanner then
permit
set security policies from-zone SVC to-zone USR policy SVC-USR02-TestScanner then log
session-close
HCB-SVC-OA_File_Server
address any
ms-file-service
junos-ping
junos-dhcp-relay
close
HCB-SVC-WSUS_OSCE
address any
OSCE_1
OSCE_2
junos-icmp-ping
WSUS
close
set security policies from-zone SVC to-zone USR policy SVC-USR-
NAC_Deploy_Anyconnect_rule1 match destination-address HCM-USR-10.202.42.0/24-USR_PC
NAC_Deploy_Anyconnect_rule1 match destination-address HCB-USR-10.202.43.176/28-
SWIFT_User
set security policies from-zone SVC to-zone USR policy G-SVC-USR-DENY match source-
address any
set security policies from-zone SVC to-zone USR policy G-SVC-USR-DENY match
set security policies from-zone SVC to-zone USR policy G-SVC-USR-DENY match
application any
set security policies from-zone SVC to-zone USR policy G-SVC-USR-DENY then deny
set security policies from-zone SVC to-zone USR policy G-SVC-USR-DENY then log
session-init
set security policies from-zone SVC to-zone INT policy G-SVC-INT-ICMP match source-
address any
set security policies from-zone SVC to-zone INT policy G-SVC-INT-ICMP match
set security policies from-zone SVC to-zone INT policy G-SVC-INT-ICMP match
set security policies from-zone SVC to-zone INT policy G-SVC-INT-ICMP then permit
set security policies from-zone SVC to-zone INT policy G-SVC-INT-ICMP then log
session-close
set security policies from-zone SVC to-zone INT policy SVC-INT01 match source-address
HCB-SVC-BlueCoat
set security policies from-zone SVC to-zone INT policy SVC-INT01 match destination-
address HCB-INT-ISP_DNS
address OVS-INT-8.8.8.8-Google_DNS
set security policies from-zone SVC to-zone INT policy SVC-INT01 match application
junos-dns-tcp
junos-dns-udp
set security policies from-zone SVC to-zone INT policy SVC-INT01 then permit
set security policies from-zone SVC to-zone INT policy SVC-INT01 then log session-
close
set security policies from-zone SVC to-zone INT policy SVC-INT02 match source-address
HCB-SVC-BlueCoat
address any
any
set security policies from-zone SVC to-zone INT policy SVC-INT02 then permit
set security policies from-zone SVC to-zone INT policy SVC-INT02 then log session-
close
set security policies from-zone SVC to-zone INT policy SVC-INT-SSL_VPN match source-
set security policies from-zone SVC to-zone INT policy SVC-INT-SSL_VPN match
destination-address SSLVPN-Pool
application TCP-135
application TCP-139
application UDP-137
set security policies from-zone SVC to-zone INT policy SVC-INT-SSL_VPN then permit
set security policies from-zone SVC to-zone INT policy SVC-INT-SSL_VPN then log
session-close
set security policies from-zone SVC to-zone INT policy SVC-INT-WGW-McAfee_POP match
source-address HCB-SVC-10.202.43.70-OAOVSHCBMNT01
destination-address McAfee_POP_Laos_SGB_VN_PH_CBD_MYM
destination-address McAfee_POP_HK
destination-address McAfee_POP_SG
application TCP-500
set security policies from-zone SVC to-zone INT policy SVC-INT-WGW-McAfee_POP then
permit
set security policies from-zone SVC to-zone INT policy SVC-INT-WGW-McAfee_POP then
log session-close
set security policies from-zone SVC to-zone INT policy G-SVC-INT-DENY match source-
address any
set security policies from-zone SVC to-zone INT policy G-SVC-INT-DENY match
set security policies from-zone SVC to-zone INT policy G-SVC-INT-DENY match
application any
set security policies from-zone SVC to-zone INT policy G-SVC-INT-DENY then deny
set security policies from-zone SVC to-zone INT policy G-SVC-INT-DENY then log
session-init
set security policies from-zone SVC to-zone DCT policy G-SVC-DCT-ICMP match source-
address any
set security policies from-zone SVC to-zone DCT policy G-SVC-DCT-ICMP match
set security policies from-zone SVC to-zone DCT policy G-SVC-DCT-ICMP match
set security policies from-zone SVC to-zone DCT policy G-SVC-DCT-ICMP then permit
set security policies from-zone SVC to-zone DCT policy G-SVC-DCT-ICMP then log
session-close
set security policies from-zone SVC to-zone DCT policy SVC-DCT-WSUS_AV match source-
set security policies from-zone SVC to-zone DCT policy SVC-DCT-WSUS_AV match
application OSCE_2
application OSCE_1
application WSUS
set security policies from-zone SVC to-zone DCT policy SVC-DCT-WSUS_AV then permit
set security policies from-zone SVC to-zone DCT policy SVC-DCT-WSUS_AV then log
session-init
set security policies from-zone SVC to-zone DCT policy SVC-DCT-
NAC_Deploy_Anyconnect_rule1 match destination-address any
set security policies from-zone SVC to-zone DCT policy G-SVC-DCT-DENY match source-
address any
set security policies from-zone SVC to-zone DCT policy G-SVC-DCT-DENY match
set security policies from-zone SVC to-zone DCT policy G-SVC-DCT-DENY match
application any
set security policies from-zone SVC to-zone DCT policy G-SVC-DCT-DENY then deny
set security policies from-zone SVC to-zone DCT policy G-SVC-DCT-DENY then log
session-init
set security policies from-zone SVC to-zone EXT policy G-SVC-EXT-ICMP match source-
address any
set security policies from-zone SVC to-zone EXT policy G-SVC-EXT-ICMP match
set security policies from-zone SVC to-zone EXT policy G-SVC-EXT-ICMP match
set security policies from-zone SVC to-zone EXT policy G-SVC-EXT-ICMP then permit
set security policies from-zone SVC to-zone EXT policy G-SVC-EXT-ICMP then log
session-close
set security policies from-zone SVC to-zone EXT policy SVC-EXT-WSUS_AV match source-
address HCB-SVC-10.202.43.70-OAOVSHCBMNT01
set security policies from-zone SVC to-zone EXT policy SVC-EXT-WSUS_AV match
application OSCE_1
application OSCE_2
application WSUS
set security policies from-zone SVC to-zone EXT policy SVC-EXT-WSUS_AV then permit
set security policies from-zone SVC to-zone EXT policy SVC-EXT-WSUS_AV then log
session-close
set security policies from-zone SVC to-zone EXT policy G-SVC-EXT-DENY match source-
address any
set security policies from-zone SVC to-zone EXT policy G-SVC-EXT-DENY match
set security policies from-zone SVC to-zone EXT policy G-SVC-EXT-DENY match
application any
set security policies from-zone SVC to-zone EXT policy G-SVC-EXT-DENY then deny
set security policies from-zone SVC to-zone EXT policy G-SVC-EXT-DENY then log
session-init
set security policies from-zone DCT to-zone USR policy G-DCT-USR-ICMP match source-
address any
set security policies from-zone DCT to-zone USR policy G-DCT-USR-ICMP match
set security policies from-zone DCT to-zone USR policy G-DCT-USR-ICMP match
set security policies from-zone DCT to-zone USR policy G-DCT-USR-ICMP then permit
set security policies from-zone DCT to-zone USR policy G-DCT-USR-ICMP then log
session-close
set security policies from-zone DCT to-zone USR policy DCT-USR-DenyRemoteSWIFT match
source-address any
set security policies from-zone DCT to-zone USR policy DCT-USR-DenyRemoteSWIFT then
deny
set security policies from-zone DCT to-zone USR policy DCT-USR-DenyRemoteSWIFT then
log session-close
set security policies from-zone DCT to-zone USR policy DCT-USR-ETAX match source-
address HCB-GTW-10.202.43.100-ETAX
set security policies from-zone DCT to-zone USR policy DCT-USR-ETAX match source-
set security policies from-zone DCT to-zone USR policy DCT-USR-ETAX match
set security policies from-zone DCT to-zone USR policy DCT-USR-ETAX match application
junos-icmp-all
set security policies from-zone DCT to-zone USR policy DCT-USR-ETAX match application
UDP-33400-34000
set security policies from-zone DCT to-zone USR policy DCT-USR-ETAX then permit
set security policies from-zone DCT to-zone USR policy DCT-USR-ETAX then log session-
init
set security policies from-zone DCT to-zone USR policy DCT-USR-CITAD01-any match
source-address HCB-DCT-10.202.43.97-HC04LPS
source-address HCB-DCT-10.202.43.98-HC05LPS
destination-address HCB-USR-10.202.42.153-HC02LPS-IPBS
destination-address HCB-USR-10.202.42.161-HC03LPS
destination-address HCB-USR-10.202.42.154-New_IBPS_PC
application any
set security policies from-zone DCT to-zone USR policy DCT-USR-CITAD01-any then
permit
set security policies from-zone DCT to-zone USR policy DCT-USR-CITAD01-any then log
session-init
set security policies from-zone DCT to-zone USR policy DCT-USR-CITAD02 match source-
set security policies from-zone DCT to-zone USR policy DCT-USR-CITAD02 match
set security policies from-zone DCT to-zone USR policy DCT-USR-CITAD02 then permit
set security policies from-zone DCT to-zone USR policy DCT-USR-CITAD02 then log
session-init
destination-address HCB-USR-10.202.42.155-HC01RPT
session-init
address HCB-DCT-10.202.43.102-HCSERVER02
destination-address HCB-USR-10.202.42.161-HC03LPS
session-init
set security policies from-zone DCT to-zone USR policy G-DCT-USR-DENY match source-
address any
set security policies from-zone DCT to-zone USR policy G-DCT-USR-DENY match
set security policies from-zone DCT to-zone USR policy G-DCT-USR-DENY match
application any
set security policies from-zone DCT to-zone USR policy G-DCT-USR-DENY then deny
set security policies from-zone DCT to-zone USR policy G-DCT-USR-DENY then log
session-init
set security policies from-zone DCT to-zone SVC policy G-DCT-SVC-ICMP match source-
address any
set security policies from-zone DCT to-zone SVC policy G-DCT-SVC-ICMP match
set security policies from-zone DCT to-zone SVC policy G-DCT-SVC-ICMP match
set security policies from-zone DCT to-zone SVC policy G-DCT-SVC-ICMP then permit
set security policies from-zone DCT to-zone SVC policy G-DCT-SVC-ICMP then log
session-close
set security policies from-zone DCT to-zone SVC policy DCT-SVC-WSUS_AV match source-
address any
set security policies from-zone DCT to-zone SVC policy DCT-SVC-WSUS_AV match
application OSCE_1
application OSCE_2
application WSUS
set security policies from-zone DCT to-zone SVC policy DCT-SVC-WSUS_AV then permit
set security policies from-zone DCT to-zone SVC policy DCT-SVC-WSUS_AV then log
session-init
set security policies from-zone DCT to-zone SVC policy DCT-SVC-OA_DC match source-
address any
set security policies from-zone DCT to-zone SVC policy DCT-SVC-OA_DC match
destination-address HCB-SVC-OA_DC
set security policies from-zone DCT to-zone SVC policy DCT-SVC-OA_DC match
application any
set security policies from-zone DCT to-zone SVC policy DCT-SVC-OA_DC then permit
set security policies from-zone DCT to-zone SVC policy DCT-SVC-OA_DC then log
session-init
set security policies from-zone DCT to-zone SVC policy DCT-SVC-
NAC_Deploy_Anyconnect_rule1 match source-address any
OAOVSHCBMNT01
Custody_AV_WindowSecurity_Update match source-address HCB-DCT-10.202.43.103-
HCVSDSTP01
Custody_AV_WindowSecurity_Update match source-address HCB-DCT-10.202.43.104-
HCVSDSTP02
Custody_AV_WindowSecurity_Update match destination-address HCB-SVC-10.202.43.70-
OAOVSHCBMNT01
Custody_AV_WindowSecurity_Update match application TCP-4343
Custody_AV_WindowSecurity_Update match application junos-https
Custody_AV_WindowSecurity_Update match application junos-icmp-all
Custody_AV_WindowSecurity_Update then permit
Custody_AV_WindowSecurity_Update then log session-close
set security policies from-zone DCT to-zone SVC policy G-DCT-SVC-DENY match source-
address any
set security policies from-zone DCT to-zone SVC policy G-DCT-SVC-DENY match
set security policies from-zone DCT to-zone SVC policy G-DCT-SVC-DENY match
application any
set security policies from-zone DCT to-zone SVC policy G-DCT-SVC-DENY then deny
set security policies from-zone DCT to-zone SVC policy G-DCT-SVC-DENY then log
session-init
set security policies from-zone DCT to-zone EXT policy G-DCT-EXT-ICMP match source-
address any
set security policies from-zone DCT to-zone EXT policy G-DCT-EXT-ICMP match
set security policies from-zone DCT to-zone EXT policy G-DCT-EXT-ICMP match
set security policies from-zone DCT to-zone EXT policy G-DCT-EXT-ICMP then permit
set security policies from-zone DCT to-zone EXT policy G-DCT-EXT-ICMP then log
session-close
set security policies from-zone DCT to-zone EXT policy DCT-EXT-ETAX-1 match source-
set security policies from-zone DCT to-zone EXT policy DCT-EXT-ETAX-1 match source-
set security policies from-zone DCT to-zone EXT policy DCT-EXT-ETAX-1 match
destination-address HCB-EXT-10.64.241.29-ETAX
set security policies from-zone DCT to-zone EXT policy DCT-EXT-ETAX-1 then permit
set security policies from-zone DCT to-zone EXT policy DCT-EXT-ETAX-1 then log
session-close
set security policies from-zone DCT to-zone EXT policy DCT-EXT-ETAX-any match source-
set security policies from-zone DCT to-zone EXT policy DCT-EXT-ETAX-any match source-
set security policies from-zone DCT to-zone EXT policy DCT-EXT-ETAX-any match
set security policies from-zone DCT to-zone EXT policy DCT-EXT-ETAX-any match
application any
set security policies from-zone DCT to-zone EXT policy DCT-EXT-ETAX-any then permit
set security policies from-zone DCT to-zone EXT policy DCT-EXT-ETAX-any then log
session-close
set security policies from-zone DCT to-zone EXT policy DCT-EXT-Custody match source-
set security policies from-zone DCT to-zone EXT policy DCT-EXT-Custody match source-
set security policies from-zone DCT to-zone EXT policy DCT-EXT-Custody match
destination-address HCB-EXT-10.202.43.193-HCVSDSVR
destination-address HCB-EXT-10.202.43.194-HC01KRXSVR
application TCP-445
set security policies from-zone DCT to-zone EXT policy DCT-EXT-Custody then permit
set security policies from-zone DCT to-zone EXT policy DCT-EXT-Custody then log
session-close
set security policies from-zone DCT to-zone EXT policy G-DCT-EXT-DENY match source-
address any
set security policies from-zone DCT to-zone EXT policy G-DCT-EXT-DENY match
set security policies from-zone DCT to-zone EXT policy G-DCT-EXT-DENY match
application any
set security policies from-zone DCT to-zone EXT policy G-DCT-EXT-DENY then deny
set security policies from-zone DCT to-zone EXT policy G-DCT-EXT-DENY then log
session-init
set security policies from-zone EXT to-zone USR policy EXT-USR-DenyRemoteSWIFT match
source-address any
set security policies from-zone EXT to-zone USR policy EXT-USR-DenyRemoteSWIFT then
deny
set security policies from-zone EXT to-zone USR policy EXT-USR-DenyRemoteSWIFT then
log session-close
set security policies from-zone EXT to-zone USR policy EXT-USR-IPBS01-any match
source-address SBV-EXT-135.50.1.26
source-address SBV-EXT-192.168.92.18
application any
set security policies from-zone EXT to-zone USR policy EXT-USR-IPBS01-any then permit
set security policies from-zone EXT to-zone USR policy EXT-USR-IPBS01-any then log
session-close
source-address any
application any
set security policies from-zone EXT to-zone USR policy EXT-USR-IPBS02-any then permit
set security policies from-zone EXT to-zone USR policy EXT-USR-IPBS02-any then log
session-close
set security policies from-zone EXT to-zone USR policy EXT-USR-BPS-any match source-
address SBV-EXT-135.50.1.26
set security policies from-zone EXT to-zone USR policy EXT-USR-BPS-any match source-
address SBV-EXT-192.168.92.18
set security policies from-zone EXT to-zone USR policy EXT-USR-BPS-any match
destination-address HCB-USR-10.202.42.162-ReserveBPSReport
application any
set security policies from-zone EXT to-zone USR policy EXT-USR-BPS-any then permit
set security policies from-zone EXT to-zone USR policy EXT-USR-BPS-any then log
session-close
set security policies from-zone EXT to-zone USR policy EXT-USR-BPS-test-any match
source-address any
application any
set security policies from-zone EXT to-zone USR policy EXT-USR-BPS-test-any then
permit
set security policies from-zone EXT to-zone USR policy EXT-USR-BPS-test-any then log
session-close
set security policies from-zone EXT to-zone USR policy G-EXT-USR-DENY match source-
address any
set security policies from-zone EXT to-zone USR policy G-EXT-USR-DENY match
set security policies from-zone EXT to-zone USR policy G-EXT-USR-DENY match
application any
set security policies from-zone EXT to-zone USR policy G-EXT-USR-DENY then deny
set security policies from-zone EXT to-zone USR policy G-EXT-USR-DENY then log
session-init
set security policies from-zone EXT to-zone SVC policy EXT-SVC-WSUS_AV match source-
address any
set security policies from-zone EXT to-zone SVC policy EXT-SVC-WSUS_AV match
destination-address HCB-SVC-10.202.43.70-OAOVSHCBMNT01
application OSCE_1
application OSCE_2
application WSUS
set security policies from-zone EXT to-zone SVC policy EXT-SVC-WSUS_AV then permit
set security policies from-zone EXT to-zone SVC policy EXT-SVC-WSUS_AV then log
session-close
set security policies from-zone EXT to-zone SVC policy EXT-SVC-
Custody_AV_WindowSecurity_Update match source-address HCB-EXT-10.202.43.193-HCVSDSVR
Custody_AV_WindowSecurity_Update match destination-address HCB-SVC-10.202.43.70-
OAOVSHCBMNT01
Custody_AV_WindowSecurity_Update match application junos-https
Custody_AV_WindowSecurity_Update match application junos-icmp-all
Custody_AV_WindowSecurity_Update then permit
Custody_AV_WindowSecurity_Update then log session-close
set security policies from-zone EXT to-zone SVC policy G-EXT-SVC-DENY match source-
address any
set security policies from-zone EXT to-zone SVC policy G-EXT-SVC-DENY match
set security policies from-zone EXT to-zone SVC policy G-EXT-SVC-DENY match
application any
set security policies from-zone EXT to-zone SVC policy G-EXT-SVC-DENY then deny
set security policies from-zone EXT to-zone SVC policy G-EXT-SVC-DENY then log
session-init
set security policies from-zone EXT to-zone DCT policy EXT-DCT-ETAX-any match source-
address any
set security policies from-zone EXT to-zone DCT policy EXT-DCT-ETAX-any match
application any
set security policies from-zone EXT to-zone DCT policy EXT-DCT-ETAX-any then permit
set security policies from-zone EXT to-zone DCT policy EXT-DCT-ETAX-any then log
session-close
set security policies from-zone EXT to-zone DCT policy G-EXT-DCT-DENY match source-
address any
set security policies from-zone EXT to-zone DCT policy G-EXT-DCT-DENY match
set security policies from-zone EXT to-zone DCT policy G-EXT-DCT-DENY match
application any
set security policies from-zone EXT to-zone DCT policy G-EXT-DCT-DENY then deny
set security policies from-zone EXT to-zone DCT policy G-EXT-DCT-DENY then log
session-init
set security policies from-zone EXT to-zone EXT policy EXT-EXT-Thomsan01 match
source-address any
destination-address HCB-EXT-192.168.100.2-SBVRPT01
set security policies from-zone EXT to-zone EXT policy EXT-EXT-Thomsan01 then permit
set security policies from-zone EXT to-zone EXT policy EXT-EXT-Thomsan01 then log
session-close
source-address any
destination-address HCB-EXT-10.210.132.115-MIP
set security policies from-zone EXT to-zone EXT policy EXT-EXT-Thomsan02 then permit
set security policies from-zone EXT to-zone EXT policy EXT-EXT-Thomsan02 then log
session-close
set security policies from-zone EXT to-zone EXT policy EXT-EXT-Thomsan03-any match
source-address HCB-EXT-192.168.100.2-SBVRPT01
application any
set security policies from-zone EXT to-zone EXT policy EXT-EXT-Thomsan03-any then
permit
set security policies from-zone EXT to-zone EXT policy EXT-EXT-Thomsan03-any then log
session-close
set security policies from-zone VPN-OSC to-zone USR policy VPN-OSC-USR-VOIP match
source-address HCB-VPN-172.16.188.1-Tunnel_interface
source-address HKG-GTW-192.255.1.112-SIPServer
application any
set security policies from-zone VPN-OSC to-zone USR policy VPN-OSC-USR-VOIP then
permit
set security policies from-zone VPN-OSC to-zone USR policy VPN-OSC-USR-VOIP then log
session-init
set security policies from-zone DCT to-zone INT policy G-DCT-INT-ICMP match source-
address any
set security policies from-zone DCT to-zone INT policy G-DCT-INT-ICMP match
set security policies from-zone DCT to-zone INT policy G-DCT-INT-ICMP match
set security policies from-zone DCT to-zone INT policy G-DCT-INT-ICMP then permit
set security policies from-zone DCT to-zone INT policy G-DCT-INT-ICMP then log
session-close
set security policies from-zone DCT to-zone INT policy G-DCT-INT-DENY match source-
address any
set security policies from-zone DCT to-zone INT policy G-DCT-INT-DENY match
set security policies from-zone DCT to-zone INT policy G-DCT-INT-DENY match
application any
set security policies from-zone DCT to-zone INT policy G-DCT-INT-DENY then deny
set security policies from-zone DCT to-zone INT policy G-DCT-INT-DENY then log
session-init
set security policies from-zone DCT to-zone MGT policy DCT-MGT-LOG_NTP match source-
set security policies from-zone DCT to-zone MGT policy DCT-MGT-LOG_NTP match
set security policies from-zone DCT to-zone MGT policy DCT-MGT-LOG_NTP then permit
set security policies from-zone DCT to-zone MGT policy DCT-MGT-LOG_NTP then log
session-close
set security policies from-zone DCT to-zone MGT policy G-DCT-MGT-ICMP match source-
address any
set security policies from-zone DCT to-zone MGT policy G-DCT-MGT-ICMP match
set security policies from-zone DCT to-zone MGT policy G-DCT-MGT-ICMP match
set security policies from-zone DCT to-zone MGT policy G-DCT-MGT-ICMP then permit
set security policies from-zone DCT to-zone MGT policy G-DCT-MGT-ICMP then log
session-close
set security policies from-zone DCT to-zone MGT policy G-DCT-MGT-DENY match source-
address any
set security policies from-zone DCT to-zone MGT policy G-DCT-MGT-DENY match
set security policies from-zone DCT to-zone MGT policy G-DCT-MGT-DENY match
application any
set security policies from-zone DCT to-zone MGT policy G-DCT-MGT-DENY then deny
set security policies from-zone DCT to-zone MGT policy G-DCT-MGT-DENY then log
session-init
set security policies from-zone DCT to-zone RST policy G-DCT-RST-DENY match source-
address any
set security policies from-zone DCT to-zone RST policy G-DCT-RST-DENY match
set security policies from-zone DCT to-zone RST policy G-DCT-RST-DENY match
application any
set security policies from-zone DCT to-zone RST policy G-DCT-RST-DENY then deny
set security policies from-zone DCT to-zone RST policy G-DCT-RST-DENY then log
session-init
set security policies from-zone EXT to-zone INT policy G-EXT-INT-DENY match source-
address any
set security policies from-zone EXT to-zone INT policy G-EXT-INT-DENY match
set security policies from-zone EXT to-zone INT policy G-EXT-INT-DENY match
application any
set security policies from-zone EXT to-zone INT policy G-EXT-INT-DENY then deny
set security policies from-zone EXT to-zone INT policy G-EXT-INT-DENY then log
session-init
set security policies from-zone EXT to-zone RST policy G-EXT-RST-DENY match source-
address any
set security policies from-zone EXT to-zone RST policy G-EXT-RST-DENY match
set security policies from-zone EXT to-zone RST policy G-EXT-RST-DENY match
application any
set security policies from-zone EXT to-zone RST policy G-EXT-RST-DENY then deny
set security policies from-zone EXT to-zone RST policy G-EXT-RST-DENY then log
session-init
set security policies from-zone GTW to-zone DCT policy G-GTW-DCT-Endpoint_Upgrade
then permit
set security policies from-zone GTW to-zone DCT policy G-GTW-DCT-NAC-
set security policies from-zone GTW to-zone DCT policy G-GTW-DCT-VA_Scan match
application any
set security policies from-zone GTW to-zone DCT policy G-GTW-DCT-VA_Scan then permit
set security policies from-zone GTW to-zone DCT policy G-GTW-DCT-VA_Scan then log
session-init
set security policies from-zone GTW to-zone DCT policy G-GTW-DCT-CA_NSM match source-
set security policies from-zone GTW to-zone DCT policy G-GTW-DCT-CA_NSM match
set security policies from-zone GTW to-zone DCT policy G-GTW-DCT-CA_NSM match
application CA_NSM
set security policies from-zone GTW to-zone DCT policy G-GTW-DCT-CA_NSM then permit
set security policies from-zone GTW to-zone DCT policy G-GTW-DCT-CA_NSM then log
session-close
set security policies from-zone GTW to-zone DCT policy G-GTW-DCT-ICMP match source-
address any
set security policies from-zone GTW to-zone DCT policy G-GTW-DCT-ICMP match
set security policies from-zone GTW to-zone DCT policy G-GTW-DCT-ICMP match
set security policies from-zone GTW to-zone DCT policy G-GTW-DCT-ICMP then permit
set security policies from-zone GTW to-zone DCT policy G-GTW-DCT-ICMP then log
session-close
set security policies from-zone GTW to-zone DCT policy GTW-DCT-ETAX-any match source-
set security policies from-zone GTW to-zone DCT policy GTW-DCT-ETAX-any match
application any
set security policies from-zone GTW to-zone DCT policy GTW-DCT-ETAX-any then permit
set security policies from-zone GTW to-zone DCT policy GTW-DCT-ETAX-any then log
session-close
set security policies from-zone GTW to-zone DCT policy GTW-DCT-Exim match source-
set security policies from-zone GTW to-zone DCT policy GTW-DCT-Exim match source-
address HKDR-GTW-192.255.27.11-DR_VNB_CSExim
set security policies from-zone GTW to-zone DCT policy GTW-DCT-Exim match
destination-address HCB-DCT-10.202.43.102-HCSERVER02
set security policies from-zone GTW to-zone DCT policy GTW-DCT-Exim match application
junos-ftp
junos-ssh
TCP-20
ftp-get
set security policies from-zone GTW to-zone DCT policy GTW-DCT-Exim then permit
set security policies from-zone GTW to-zone DCT policy GTW-DCT-Exim then log session-
close
set security policies from-zone GTW to-zone DCT policy GTW-DCT-iCash match source-
address HKB-GTW-192.255.10.49-iSeries
set security policies from-zone GTW to-zone DCT policy GTW-DCT-iCash match source-
address HKG-GTW-192.255.1.5-iSeries-VNB_VIP
set security policies from-zone GTW to-zone DCT policy GTW-DCT-iCash match
set security policies from-zone GTW to-zone DCT policy GTW-DCT-iCash then permit
set security policies from-zone GTW to-zone DCT policy GTW-DCT-iCash then log
session-close
set security policies from-zone GTW to-zone DCT policy GTW-DCT-HCMBCP-Any match
application any
set security policies from-zone GTW to-zone DCT policy GTW-DCT-HCMBCP-Any then permit
set security policies from-zone GTW to-zone DCT policy GTW-DCT-HCMBCP-Any then log
session-close
set security policies from-zone GTW to-zone DCT policy G-GTW-DCT-DENY match source-
address any
set security policies from-zone GTW to-zone DCT policy G-GTW-DCT-DENY match
set security policies from-zone GTW to-zone DCT policy G-GTW-DCT-DENY match
application any
set security policies from-zone GTW to-zone DCT policy G-GTW-DCT-DENY then deny
set security policies from-zone GTW to-zone DCT policy G-GTW-DCT-DENY then log
session-init
set security policies from-zone GTW to-zone RST policy G-GTW-RST-DENY match source-
address any
set security policies from-zone GTW to-zone RST policy G-GTW-RST-DENY match
set security policies from-zone GTW to-zone RST policy G-GTW-RST-DENY match
application any
set security policies from-zone GTW to-zone RST policy G-GTW-RST-DENY then deny
set security policies from-zone GTW to-zone RST policy G-GTW-RST-DENY then log
session-init
set security policies from-zone INT to-zone DCT policy G-INT-DCT-DENY match source-
address any
set security policies from-zone INT to-zone DCT policy G-INT-DCT-DENY match
set security policies from-zone INT to-zone DCT policy G-INT-DCT-DENY match
application any
set security policies from-zone INT to-zone DCT policy G-INT-DCT-DENY then deny
set security policies from-zone INT to-zone DCT policy G-INT-DCT-DENY then log
session-init
set security policies from-zone INT to-zone EXT policy G-INT-EXT-DENY match source-
address any
set security policies from-zone INT to-zone EXT policy G-INT-EXT-DENY match
set security policies from-zone INT to-zone EXT policy G-INT-EXT-DENY match
application any
set security policies from-zone INT to-zone EXT policy G-INT-EXT-DENY then deny
set security policies from-zone INT to-zone EXT policy G-INT-EXT-DENY then log
session-init
set security policies from-zone INT to-zone RST policy G-INT-RST-DENY match source-
address any
set security policies from-zone INT to-zone RST policy G-INT-RST-DENY match
set security policies from-zone INT to-zone RST policy G-INT-RST-DENY match
application any
set security policies from-zone INT to-zone RST policy G-INT-RST-DENY then deny
set security policies from-zone INT to-zone RST policy G-INT-RST-DENY then log
session-init
set security policies from-zone INT to-zone SVC policy INT-SVC-SSL_VPN match source-
address SSLVPN-Pool
set security policies from-zone INT to-zone SVC policy INT-SVC-SSL_VPN match
set security policies from-zone INT to-zone SVC policy INT-SVC-SSL_VPN then permit
set security policies from-zone INT to-zone SVC policy INT-SVC-SSL_VPN then log
session-close
set security policies from-zone INT to-zone SVC policy G-INT-SVC-DENY match source-
address any
set security policies from-zone INT to-zone SVC policy G-INT-SVC-DENY match
set security policies from-zone INT to-zone SVC policy G-INT-SVC-DENY match
application any
set security policies from-zone INT to-zone SVC policy G-INT-SVC-DENY then deny
set security policies from-zone INT to-zone SVC policy G-INT-SVC-DENY then log
session-init
set security policies from-zone INT to-zone USR policy INT-USR-SSLVPN match source-
address SSLVPN-Pool
set security policies from-zone INT to-zone USR policy INT-USR-SSLVPN match
destination-address HCB-USR-VPN_for_COVID
application rdp
set security policies from-zone INT to-zone USR policy INT-USR-SSLVPN then permit
set security policies from-zone INT to-zone USR policy INT-USR-SSLVPN then log
session-close
set security policies from-zone INT to-zone USR policy G-INT-USR-DENY match source-
address any
set security policies from-zone INT to-zone USR policy G-INT-USR-DENY match
set security policies from-zone INT to-zone USR policy G-INT-USR-DENY match
application any
set security policies from-zone INT to-zone USR policy G-INT-USR-DENY then deny
set security policies from-zone INT to-zone USR policy G-INT-USR-DENY then log
session-init
set security policies from-zone MGT to-zone INT policy G-MGT-INT-ICMP match source-
address any
set security policies from-zone MGT to-zone INT policy G-MGT-INT-ICMP match
set security policies from-zone MGT to-zone INT policy G-MGT-INT-ICMP match
set security policies from-zone MGT to-zone INT policy G-MGT-INT-ICMP then permit
set security policies from-zone MGT to-zone INT policy G-MGT-INT-ICMP then log
session-close
set security policies from-zone MGT to-zone INT policy G-MGT-INT-DENY match source-
address any
set security policies from-zone MGT to-zone INT policy G-MGT-INT-DENY match
set security policies from-zone MGT to-zone INT policy G-MGT-INT-DENY match
application any
set security policies from-zone MGT to-zone INT policy G-MGT-INT-DENY then deny
set security policies from-zone MGT to-zone INT policy G-MGT-INT-DENY then log
session-init
set security policies from-zone MGT to-zone RST policy G-MGT-RST-DENY match source-
address any
set security policies from-zone MGT to-zone RST policy G-MGT-RST-DENY match
set security policies from-zone MGT to-zone RST policy G-MGT-RST-DENY match
application any
set security policies from-zone MGT to-zone RST policy G-MGT-RST-DENY then deny
set security policies from-zone MGT to-zone RST policy G-MGT-RST-DENY then log
session-init
set security policies from-zone RST to-zone DCT policy G-RST-DCT-DENY match source-
address any
set security policies from-zone RST to-zone DCT policy G-RST-DCT-DENY match
set security policies from-zone RST to-zone DCT policy G-RST-DCT-DENY match
application any
set security policies from-zone RST to-zone DCT policy G-RST-DCT-DENY then deny
set security policies from-zone RST to-zone DCT policy G-RST-DCT-DENY then log
session-init
set security policies from-zone RST to-zone EXT policy G-RST-EXT-DENY match source-
address any
set security policies from-zone RST to-zone EXT policy G-RST-EXT-DENY match
set security policies from-zone RST to-zone EXT policy G-RST-EXT-DENY match
application any
set security policies from-zone RST to-zone EXT policy G-RST-EXT-DENY then deny
set security policies from-zone RST to-zone EXT policy G-RST-EXT-DENY then log
session-init
set security policies from-zone RST to-zone GTW policy G-RST-GTW-DENY match source-
address any
set security policies from-zone RST to-zone GTW policy G-RST-GTW-DENY match
set security policies from-zone RST to-zone GTW policy G-RST-GTW-DENY match
application any
set security policies from-zone RST to-zone GTW policy G-RST-GTW-DENY then deny
set security policies from-zone RST to-zone GTW policy G-RST-GTW-DENY then log
session-init
set security policies from-zone RST to-zone INT policy G-RST-INT-DENY match source-
address any
set security policies from-zone RST to-zone INT policy G-RST-INT-DENY match
set security policies from-zone RST to-zone INT policy G-RST-INT-DENY match
application any
set security policies from-zone RST to-zone INT policy G-RST-INT-DENY then deny
set security policies from-zone RST to-zone INT policy G-RST-INT-DENY then log
session-init
set security policies from-zone RST to-zone MGT policy G-RST-MGT-DENY match source-
address any
set security policies from-zone RST to-zone MGT policy G-RST-MGT-DENY match
set security policies from-zone RST to-zone MGT policy G-RST-MGT-DENY match
application any
set security policies from-zone RST to-zone MGT policy G-RST-MGT-DENY then deny
set security policies from-zone RST to-zone MGT policy G-RST-MGT-DENY then log
session-init
set security policies from-zone RST to-zone SVC policy G-RST-SVC-DENY match source-
address any
set security policies from-zone RST to-zone SVC policy G-RST-SVC-DENY match
set security policies from-zone RST to-zone SVC policy G-RST-SVC-DENY match
application any
set security policies from-zone RST to-zone SVC policy G-RST-SVC-DENY then deny
set security policies from-zone RST to-zone SVC policy G-RST-SVC-DENY then log
session-init
set security policies from-zone RST to-zone USR policy G-RST-USR-DENY match source-
address any
set security policies from-zone RST to-zone USR policy G-RST-USR-DENY match
set security policies from-zone RST to-zone USR policy G-RST-USR-DENY match
application any
set security policies from-zone RST to-zone USR policy G-RST-USR-DENY then deny
set security policies from-zone RST to-zone USR policy G-RST-USR-DENY then log
session-init
set security policies from-zone SVC to-zone RST policy G-SVC-RST-DENY match source-
address any
set security policies from-zone SVC to-zone RST policy G-SVC-RST-DENY match
set security policies from-zone SVC to-zone RST policy G-SVC-RST-DENY match
application any
set security policies from-zone SVC to-zone RST policy G-SVC-RST-DENY then deny
set security policies from-zone SVC to-zone RST policy G-SVC-RST-DENY then log
session-init
set security policies from-zone USR to-zone RST policy G-USR-RST-DENY match source-
address any
set security policies from-zone USR to-zone RST policy G-USR-RST-DENY match
set security policies from-zone USR to-zone RST policy G-USR-RST-DENY match
application any
set security policies from-zone USR to-zone RST policy G-USR-RST-DENY then deny
set security policies from-zone USR to-zone RST policy G-USR-RST-DENY then log
session-init
set security zones security-zone USR host-inbound-traffic system-services all
set security zones security-zone USR interfaces reth0.10 host-inbound-traffic system-
services dhcp
services ping
services ping
services dhcp
set security zones security-zone RST host-inbound-traffic system-services ping
set security zones security-zone RST interfaces reth0.50
set security zones security-zone INT host-inbound-traffic system-services ping
set security zones security-zone INT host-inbound-traffic system-services ike
set security zones security-zone INT interfaces reth1.0
set security zones security-zone GTW host-inbound-traffic system-services all
set security zones security-zone GTW interfaces reth2.0
set security zones security-zone SVC host-inbound-traffic system-services ping
set security zones security-zone SVC interfaces reth3.20
set security zones security-zone DCT host-inbound-traffic system-services ping
set security zones security-zone DCT interfaces reth3.30
set security zones security-zone MGT host-inbound-traffic system-services all
set security zones security-zone MGT interfaces reth4.0
set security zones security-zone EXT host-inbound-traffic system-services ping
set security zones security-zone EXT host-inbound-traffic system-services traceroute
set security zones security-zone EXT interfaces reth5.60
set security zones security-zone VPN-OSC host-inbound-traffic system-services all
set security zones security-zone VPN-OSC host-inbound-traffic protocols all
set security zones security-zone VPN-OSC interfaces st0.0
set interfaces ge-0/0/2 gigether-options redundant-parent reth0
set interfaces fab0 fabric-options member-interfaces ge-0/0/0
set interfaces fab1 fabric-options member-interfaces ge-5/0/0
set interfaces reth0 vlan-tagging
set interfaces reth0 redundant-ether-options redundancy-group 1
set interfaces reth0 unit 10 vlan-id 10
set interfaces reth0 unit 10 family inet address 10.202.42.254/24
set interfaces reth0 unit 51 description SWIFT
set interfaces st0 unit 0 family inet address 172.16.188.22/24
set snmp community "Bb!GCNet" authorization read-only
set snmp community Bb1GcN7890 authorization read-only
set snmp trap-group space targets 10.230.241.2
set forwarding-options helpers bootp description "User DHCP relay service"
set forwarding-options helpers bootp server 10.202.43.67 routing-instance vr-1
set forwarding-options helpers bootp server 10.202.43.68 routing-instance vr-1
set forwarding-options helpers bootp maximum-hop-count 4
set forwarding-options helpers bootp interface reth0.10
set forwarding-options helpers bootp interface reth0.51
set routing-options static route 0.0.0.0/0 next-hop 10.202.43.33
set routing-options static route 10.202.43.129/32 next-table vr-1.inet.0
set routing-options static route 8.8.8.8/32 next-table vr-1.inet.0
set routing-instances vr-1 instance-type virtual-router
set routing-instances vr-1 interface reth0.10
set routing-instances vr-1 interface st0.0
set routing-instances vr-1 routing-options static route 0.0.0.0/0 next-hop
10.202.43.1
10.202.43.33
10.202.43.33
10.202.43.33
10.202.43.33
10.202.43.33
10.202.43.36
10.210.132.1
10.210.132.1
10.210.132.1
10.210.132.1
10.210.132.1
10.210.132.1
10.210.132.1
192.168.253.194
192.168.252.1
192.168.252.1
192.168.252.1
172.16.188.1
172.16.188.33
10.210.132.1
10.202.43.33
10.210.132.1
10.210.132.1
10.210.132.1
10.202.43.1
10.202.43.1
10.202.43.1
10.202.43.1
10.202.43.1
10.202.43.1
10.202.43.1
10.202.43.33
10.202.43.33
10.202.43.33
10.202.43.33
10.202.43.33
10.202.43.1
10.202.43.37
10.210.132.1
set applications application ATAtoNetUX protocol udp
set applications application ATAtoNetUX source-port 6000-6050
set applications application ATAtoNetUX destination-port 16384-17583
set applications application Citrix-ICA term TCP-1494 protocol tcp
set applications application Citrix-ICA term TCP-1494 destination-port 1494
set applications application Citrix-ICA term UDP-161 protocol udp
set applications application Citrix-ICA term UDP-161 destination-port 161
set applications application KMS term TCP-1688 protocol tcp
set applications application KMS term TCP-1688 destination-port 1688
set applications application KMS term TCP-49152-65535 protocol tcp
set applications application KMS term TCP-49152-65535 destination-port 49152-65535
set applications application KMS term TCP-135 protocol tcp
set applications application KMS term TCP-135 destination-port 135
set applications application NetUXtoATA protocol udp
set applications application NetUXtoATA source-port 16384-17583
set applications application NetUXtoATA destination-port 6000-6050
set applications application OSCE-to-TMCM term TCP-443 protocol tcp
set applications application OSCE-to-TMCM term TCP-443 destination-port 443
set applications application OSCE-to-TMCM term TCP-80 protocol tcp
set applications application OSCE-to-TMCM term TCP-80 destination-port 80
set applications application OTP term TCP-443 protocol tcp
set applications application OTP term TCP-443 destination-port 443
set applications application OTP term UDP-1812-1813 protocol udp
set applications application OTP term UDP-1812-1813 destination-port 1812-1813
set applications application Proxy term TCP-8080 protocol tcp
set applications application Proxy term TCP-8080 destination-port 8080
set applications application Proxy-MGMT term TCP-22 protocol tcp
set applications application Proxy-MGMT term TCP-22 destination-port 22
set applications application Proxy-MGMT term TCP-8081-8082 protocol tcp
set applications application Proxy-MGMT term TCP-8081-8082 destination-port 8081-8082
set applications application Proxy-MGMT term TCP-9009 protocol tcp
set applications application Proxy-MGMT term TCP-9009 destination-port 9009
set applications application Sharepoint term TCP-443 protocol tcp
set applications application Sharepoint term TCP-443 destination-port 443
set applications application Skype_Client term TCP-50000-50019 protocol tcp
set applications application Skype_Client term TCP-50000-50019 destination-port
50000-50019
set applications application Skype_Client term UDP-50000-50019 protocol udp
set applications application Skype_Client term UDP-50000-50019 destination-port
50000-50019
60000-60019
set applications application Skype_Client term UDP-60000-60019 protocol udp
set applications application Skype_Client term UDP-60000-60019 destination-port
60000-60019
62000-62019
65001-65020
set applications application Skype_Client term TCP-5061 protocol tcp
set applications application Skype_Client term TCP-5061 source-port 0-65535
set applications application Skype_Client term TCP-5061 destination-port 5061
set applications application Skype_Server term TCP-80 protocol tcp
set applications application Skype_Server term TCP-80 destination-port 80
set applications application Skype_Server term UDP-49152-65500 protocol udp
set applications application Skype_Server term UDP-49152-65500 destination-port
49152-65500
set applications application Skype_Server term TCP-49152-65500 protocol tcp
set applications application Skype_Server term TCP-49152-65500 destination-port
49152-65500
set applications application Skype_Server term TCP-1 source-port 0-65535
set applications application TCP-1024-5000 protocol tcp
set applications application TCP-1024-5000 destination-port 1024-5000
set applications application TCP-1025-5000 source-port 0-65535
set applications application TCP-1158 protocol tcp
set applications application TCP-1158 source-port 0-65535
set applications application TCP-1158 destination-port 1158
set applications application TMCM-to-OSCE term TCP-139 protocol tcp
set applications application TMCM-to-OSCE term TCP-139 destination-port 139
set applications application UDP-1000-5000 protocol udp
set applications application UDP-1000-5000 destination-port 1000-5000
set applications application UDP-1079 protocol udp
set applications application UDP-1079 destination-port 1079
set applications application UDP-33400-34000 source-port 0-65535
set applications application UDP-397 source-port 0-65535
set applications application iGlobal term TCP-80 protocol tcp
set applications application iGlobal term TCP-80 destination-port 80
set applications application iLO_1 term TCP-23 protocol tcp
set applications application iLO_1 term TCP-23 destination-port 23
set applications application rexec protocol tcp
set applications application rexec destination-port 512
set applications application rexec description "predefined service"
set applications application tcp_1024-65535 protocol tcp
set applications application tcp_1024-65535 source-port 0-65535
set applications application tcp_1024-65535 destination-port 1024-65535
set applications application TCP-61001-65000 application-protocol ignore
set applications application UDP--61001-65000 protocol udp
set applications application UDP--61001-65000 source-port 0-65535
set applications application UDP--61001-65000 destination-port 56001-61000
set applications application MS_Team term UDP_30000-31000 protocol udp
set applications application MS_Team term UDP_30000-31000 source-port 0-65535
set applications application MS_Team term UDP_30000-31000 destination-port 30000-
31000
set applications application MS_Team term UDP_50000-50019 protocol udp
set applications application MS_Team term UDP_50000-50019 source-port 0-65535
set applications application MS_Team term UDP_50000-50019 destination-port 50000-
50019
set applications application rdp protocol tcp
set applications application rdp destination-port 3389
set applications application UDP_3480-3481 protocol udp
set applications application UDP_3480-3481 source-port 0-65535
set applications application UDP_3480-3481 destination-port 3480-3481
set applications application ftp-get protocol tcp
set applications application ftp-get destination-port 21
set applications application ftp-get description "predefined service"
set applications application TCP_8621 protocol tcp
set applications application TCP_8621 source-port 0-65535
set applications application TCP_8621 destination-port 8621
set applications application tcp_8581 protocol tcp
set applications application tcp_8581 source-port 0-65535
set applications application tcp_8581 destination-port 8581
set applications application Report_Center term TCP-80 protocol tcp
set applications application Report_Center term TCP-80 destination-port 80
set applications application UDP-1645-1646 source-port 0-65535
set applications application-set ADHC_1 application TCP-135
set applications application-set ADHC_1 application UDP-389
set applications application-set ADHC_1 application TCP-49152-65535
set applications application-set CA_NSM application junos-icmp-all
set applications application-set CA_NSM application junos-tftp
set applications application-set CA_NSM application junos-ssh
set applications application-set CA_NSM application-set SNMP
set applications application-set IBM-ClientAccess application TCP-448-449
set applications application-set IBM-ClientAccess application junos-telnet
set applications application-set IBM-ClientAccess application TCP-992
set applications application-set IBM-ClientAccess application UDP-397
set applications application-set IBM-ClientAccess application rexec
set applications application-set IBM-ClientAccess application junos-ftp
set applications application-set Lync_Client application UDP-50000-50019
set applications application-set Lync_Client application UDP-60000-60019
set applications application-set Lync_Client application TCP-62000-62019
set applications application-set Lync_Client application TCP-65001-65020
set applications application-set Lync_Client application TCP-5061
set applications application-set Lync_Server application TCP-5061
set applications application-set Lync_Server application UDP-49152-65535
set applications application-set Lync_Server application UDP--61001-65000
set applications application-set Lync_Server application TCP-61001-65000
set applications application-set MS-RPC-EPM_1 application TCP-135
set applications application-set MS-RPC-EPM_1 application UDP-135
set applications application-set OSCE_1 application TCP-443
set applications application-set OSCE_1 application UDP-137
set applications application-set OSCE_2 application UDP-42508-42511
set applications application-set OSCE_2 application TCP-8080-8082
set applications application-set OSCE_2 application TCP-60162-60163
set applications application-set SCOM_1 application UDP-49152-65535
set applications application-set SCOM_1 application TCP-135
set applications application-set SCOM_1 application UDP-135
set applications application-set SCOM_1 application TCP-1024-5000
set applications application-set SCOM_1 application UDP-1024-5000
set applications application-set SCOM_1 application TCP-49152-65535
set applications application-set SNMP application TCP-161-162
set applications application-set SNMP application UDP-161-162
set applications application-set SWIFT_PRINTER application TCP-9100-9102
set applications application-set SWIFT_PRINTER application junos-ping
set applications application-set SWIFT_PRINTER application-set junos-sun-rpc-portmap
set applications application-set WSUS application TCP-8530
set applications application-set WSUS application TCP-8531
set applications application-set iSeries application TCP-448-449
set applications application-set iSeries application junos-ping
set applications application-set iSeries application junos-telnet
set applications application-set iSeries application TCP-446
set applications application-set iSeries application junos-ftp
set applications application-set iSeries application TCP-612
set applications application-set iSeries application junos-lpr
set applications application-set iSeries application rexec
set applications application-set ms-file-service application junos-ftp
set applications application-set ms-file-service application junos-http
set applications application-set ms-file-service application junos-nbds
set applications application-set ms-file-service application junos-nbname
set applications application-set ms-file-service application TCP-1251
set applications application-set ms-file-service application TCP-9000-9002
set applications application-set ms-file-service application TCP-9100-9102
set applications application-set ms-file-service application UDP-1025-1029
set applications application-set ms-file-service application UDP-1079
set applications application-set ms-file-service application-set SNMP
set applications application-set ms-file-service application-set MS-RPC-EPM_1
set applications application-set MS_Team_Client application UDP-50000-50019
set applications application-set MS_Team_Client application UDP-60000-60019
set applications application-set MS_Team_Client application TCP-62000-62019
set applications application-set MS_Team_Client application TCP-65001-65020
set applications application-set MS_Team_Client application TCP-5061
set applications application-set MS_Team_Server application TCP-5061
set applications application-set CITRIX_SWIFT application junos-ping
set applications application-set CITRIX_SWIFT application junos-https
set applications application-set CITRIX_SWIFT application TCP-48009
set applications application-set CITRIX_SWIFT application TCP-48100
set applications application-set GL_DB_FORM application TCP-1521
set applications application-set GL_DB_FORM application TCP-1633-1636
set applications application-set GL_DB_FORM application TCP-1527-1531
set applications application-set GL_WEB application TCP-8200
set applications application-set GL_WEB application TCP-1633-1636
set applications application-set GL_WEB application TCP-8007-8010
set applications application-set GL_WEB application TCP-1626
{secondary:node1}
root@B0818-VN-HCM-SRX345-FW02> b
^
unknown command.
^
unknown command.
^
unknown command.
^
unknown command.
^
unknown command.
^
unknown command.
^
unknown command.
^
unknown command.
^
unknown command.
^
unknown command.
^
unknown command.
^
unknown command.
^
unknown command.
^
unknown command.
^
unknown command.
^
unknown command.
^
unknown command.
root@B0818-VN-HCM-SRX345-FW02> show chassis cluster status
Monitor Failure codes:
CS Cold Sync monitoring FL Fabric Connection monitoring
GR GRES monitoring HW Hardware monitoring
IF Interface monitoring IP IP monitoring
LB Loopback monitoring MB Mbuf monitoring
NH Nexthop monitoring NP NPC monitoring
SP SPU monitoring SM Schedule monitoring
CF Config Sync monitoring
Cluster ID: 1
Node Priority Status Preempt Manual Monitor-failures

node0 100 primary no no None
node1 1 secondary no no None

node0 0 primary no no CS
node1 0 secondary no no IF CS
{secondary:node1}
root@B0818-VN-HCM-SRX345-FW02> show chassis cluster information
node0:
--------------------------------------------------------------------------
Redundancy Group Information:
Redundancy Group 0 , Current State: primary, Weight: 255
Time From To
Reason
Apr 9 13:59:40 hold secondary Hold
timer expired
Apr 9 13:59:41 secondary primary Better
priority (100/1)
Redundancy Group 1 , Current State: primary, Weight: 0
Time From To
Reason
timer expired
Apr 9 13:59:41 secondary primary Remote
yield (0/0)
Chassis cluster LED information:

Current LED color: Amber
Last LED change reason: Monitored objects are down
Control port tagging:
Disabled
Failure Information:
Coldsync Monitoring Failure Information:

Statistics:
Coldsync Total SPUs: 1
Coldsync completed SPUs: 0
Coldsync not complete SPUs: 1
Fabric-link Failure Information:

Fabric Interface: fab0
Child interface Physical / Monitored Status
ge-0/0/0 Up / Down
node1:
--------------------------------------------------------------------------
Redundancy Group Information:
Redundancy Group 0 , Current State: secondary, Weight: 255
Time From To
Reason
timer expired
Redundancy Group 1 , Current State: secondary, Weight: -1530
Time From To
Reason
timer expired
Chassis cluster LED information:

Current LED color: Amber
Last LED change reason: Monitored objects are down
Control port tagging:
Disabled
Failure Information:
Coldsync Monitoring Failure Information:

Statistics:
Coldsync Total SPUs: 1
Coldsync completed SPUs: 0
Coldsync not complete SPUs: 1
Interface Monitoring Failure Information:

Redundancy Group 1, Monitoring status: Failed
Interface Status
ge-5/0/5 Down
ge-5/0/7 Down
ge-5/0/6 Down
ge-5/0/4 Down
ge-5/0/3 Down
ge-5/0/2 Down
{secondary:node1}
root@B0818-VN-HCM-SRX345-FW02> show version
node0:
--------------------------------------------------------------------------
Hostname: B0818-VN-HCM-SRX345-FW01
Model: srx345
Junos: 15.1X49-D150.2
JUNOS Software Release [15.1X49-D150.2]
node1:
--------------------------------------------------------------------------
Hostname: B0818-VN-HCM-SRX345-FW02
Model: srx345
Junos: 15.1X49-D75.5
JUNOS Software Release [15.1X49-D75.5]
{secondary:node1}
root@B0818-VN-HCM-SRX345-FW02> show chassis hardware
node0:
--------------------------------------------------------------------------
Hardware inventory:
Item Version Part number Serial number
Description
Chassis CZ2218AF0248
SRX345
Routing Engine REV 0x15 650-065042 CZ2218AF0248 RE-SRX345
FPC 0
FPC
PIC 0
8xGE,8xGE SFP Base PIC
Power Supply 0
node1:
--------------------------------------------------------------------------
error: the chassis-control subsystem is not responding to management requests
{secondary:node1}
error: Could not connect to node0 : No route to host
node1:
--------------------------------------------------------------------------
Hardware inventory:
Description
Chassis
SRX345
FPC 0
FPC
Power Supply 0
{secondary:node1}
node0:
--------------------------------------------------------------------------
Hardware inventory:
Description
SRX345
FPC 0
FPC
PIC 0
Power Supply 0
node1:
--------------------------------------------------------------------------
{secondary:node1}
node0:
--------------------------------------------------------------------------
Hardware inventory:
Description
SRX345
FPC 0
FPC
PIC 0
Power Supply 0
node1:
--------------------------------------------------------------------------
{secondary:node1}
root@B0818-VN-HCM-SRX345-FW02> show log messages
Apr 11 15:30:00 B0818-VN-HCM-SRX345-FW02 newsyslog[92028]: logfile turned over due to
size>100K
status=1
status=1
status=1
(PID 92040) started
by signal number 2!
with status=69
(PID 92052) started
status=1
(PID 92055) started
by signal number 2!
with status=69
(PID 92075) started
status=1
status=1
status=1
status=1
(PID 92089) started
by signal number 2!
with status=69
(PID 92101) started
status=1
(PID 92104) started
by signal number 2!
with status=69
(PID 92124) started
status=1
status=1
status=1
status=1
(PID 92138) started
by signal number 2!
with status=69
(PID 92156) started
status=1
(PID 92159) started
by signal number 2!
with status=69
(PID 92179) started
status=1
status=1
status=1
status=1
(PID 92193) started
by signal number 2!
with status=69
(PID 92208) started
status=1
(PID 92211) started
by signal number 2!
with status=69
(PID 92230) started
status=1
status=1
status=1
status=1
(PID 92245) started
by signal number 2!
with status=69
(PID 92257) started
status=1
(PID 92260) started
by signal number 2!
with status=69
(PID 92280) started
status=1
---(more 12%)---[abort]
{secondary:node1}
root@B0818-VN-HCM-SRX345-FW02> show log messages | lasy
^
root@B0818-VN-HCM-SRX345-FW02> show log messages | last 100
(PID 93849) started
by signal number 2!
with status=69
(PID 93868) started
status=1
(PID 93871) started
by signal number 2!
with status=69
(PID 93892) started
status=1
status=1
status=1
status=1
(PID 93908) started
by signal number 2!
with status=69
(PID 93930) started
status=1
status=1
status=1
status=1
(PID 93945) started
by signal number 2!
with status=69
(PID 93957) started
status=1
(PID 93960) started
{secondary:node1}

Bangkokbank srx345 Cluster

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Bangkokbank srx345 Cluster

Uploaded by

Copyright:

Available Formats

#####################################################################

# This system is for the use of authorized users only. #

Redundancy group: 0 , Failover count: 0

Redundancy group: 1 , Failover count: 0

Message from syslogd@B0818-VN-HCM-SRX345-FW02 at Apr 11 16:09:47 ...

Message from syslogd@B0818-VN-HCM-SRX345-FW02 at Apr 11 16:09:47 ...

Message from syslogd@B0818-VN-HCM-SRX345-FW02 at Apr 11 16:09:47 ...

Message from syslogd@B0818-VN-HCM-SRX345-FW02 at Apr 11 16:09:47 ...

Message from syslogd@B0818-VN-HCM-SRX345-FW02 at Apr 11 16:09:47 ...

Message from syslogd@B0818-VN-HCM-SRX345-FW02 at Apr 11 16:09:47 ...

Message from syslogd@B0818-VN-HCM-SRX345-FW02 at Apr 11 16:09:47 ...

Message from syslogd@B0818-VN-HCM-SRX345-FW02 at Apr 11 16:09:47 ...

Message from syslogd@B0818-VN-HCM-SRX345-FW02 at Apr 11 16:09:47 ...

Message from syslogd@B0818-VN-HCM-SRX345-FW02 at Apr 11 16:10:35 ...

Message from syslogd@B0818-VN-HCM-SRX345-FW02 at Apr 11 16:10:35 ...

Message from syslogd@B0818-VN-HCM-SRX345-FW02 at Apr 11 16:10:35 ...

Message from syslogd@B0818-VN-HCM-SRX345-FW02 at Apr 11 16:10:35 ...

Message from syslogd@B0818-VN-HCM-SRX345-FW02 at Apr 11 16:10:35 ...

Message from syslogd@B0818-VN-HCM-SRX345-FW02 at Apr 11 16:10:35 ...

Message from syslogd@B0818-VN-HCM-SRX345-FW02 at Apr 11 16:10:35 ...

Message from syslogd@B0818-VN-HCM-SRX345-FW02 at Apr 11 16:10:35 ...

Redundancy group: 0 , Failover count: 0

Redundancy group: 1 , Failover count: 0

Redundancy Group 0 , Current State: primary, Weight: 255

Redundancy Group 1 , Current State: primary, Weight: 0

Chassis cluster LED information:

Coldsync Monitoring Failure Information:

Fabric-link Failure Information:

Redundancy Group 0 , Current State: secondary, Weight: 255

Redundancy Group 1 , Current State: secondary, Weight: -1530

Chassis cluster LED information:

Coldsync Monitoring Failure Information:

Interface Monitoring Failure Information:

You might also like