onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-19 09:47:20 +01:00
Code Issues Releases Wiki Activity
fwbuilder/test/pix/objects-for-regression-tests.fwb
Vadim Kurland 5ef36c5a52 2008-12-25 vadim <vadim@vk.crocodile.org> 
* All policy compilers: using FWObjectDatabase::createClass
methods to create rules and other objects in compilers wherever
the type is known at the (code) compile time. This makes code
cleaner and speeds it up a little because of eliminated cast() and
string comparison.

* changes in libfbuilder: eliminated excessive use of dynamic_cast
and long chains of "if" comparing object type names in
FWObjectDatabase in methods that create new objects of given type.
2008-12-25 20:38:53 +00:00

14336 lines
626 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="10" lastModified="1221990567" id="root">
<Library id="sysid99" name="Deleted Objects" comment="" ro="False"/>
<Library id="syslib001" color="#d2ffd0" name="User" comment="User defined objects" ro="False">
<ObjectGroup id="stdid01_1" name="Objects" comment="" ro="False">
<ObjectGroup id="stdid01_1_og_ats_1" name="Address Tables" comment="" ro="False">
<AddressTable id="id4389EE9018346" filename="addr-table-1.tbl" run_time="False" name="addr-table-1" comment="" ro="False"/>
<AddressTable id="id4385C1081434" filename="/home/vadim/Projects/fwb2.1/fwb2/fwbuilder2/test/ipt/addr-table-1.tbl" run_time="False" name="addrtbl 1" comment="" ro="False"/>
<AddressTable id="id4389EE9118346" filename="block-hosts.tbl" run_time="False" name="block these" comment="this is run-time table" ro="False"/>
</ObjectGroup>
<ObjectGroup id="stdid01_1_og_dnsn_1" name="DNS Names" comment="" ro="False">
<DNSName id="id43869E8E18346" dnsrec="buildmaster" dnsrectype="A" run_time="False" name="buildmaster (ct)" comment="an example of a local host" ro="False"/>
<DNSName id="id43869E8F18346" dnsrec="buildmaster" dnsrectype="A" run_time="True" name="buildmaster (rt)" comment="an example of a local host" ro="False"/>
<DNSName id="id43869E8C18346" dnsrec="www.cnn.com" dnsrectype="A" run_time="False" name="cnn (ct)" comment="" ro="False"/>
<DNSName id="id43869E8D18346" dnsrec="www.cnn.com" dnsrectype="A" run_time="True" name="cnn (rt)" comment="" ro="False"/>
<DNSName id="id4387287918346" dnsrec="www.google.com" dnsrectype="A" run_time="False" name="google (ct)" comment="" ro="False"/>
<DNSName id="id4387287A18346" dnsrec="www.google.com" dnsrectype="A" run_time="True" name="google (rt)" comment="" ro="False"/>
</ObjectGroup>
<ObjectGroup id="stdid16_1" name="Addresses" comment="" ro="False">
<IPv4 id="id4388C37D674" name="spamhost1" comment="" ro="False" address="61.150.47.112" netmask="255.255.255.255"/>
</ObjectGroup>
<ObjectGroup id="stdid04_1" name="Groups" comment="" ro="False">
<ObjectGroup id="id3D420A09" name="dmz-netzone" comment="" ro="False">
<ObjectRef ref="id3B022266"/>
<ObjectRef ref="id3DAF6084"/>
<ObjectRef ref="id3DAF6085"/>
</ObjectGroup>
<ObjectGroup id="id3DAD0EEE" name="fw7-test-grp" comment="" ro="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</ObjectGroup>
<ObjectGroup id="id3DAD0EEC" name="fw7-test-grp-NAT" comment="" ro="False"/>
<ObjectGroup id="id3DAF60D5" name="group-dmz" comment="" ro="False">
<ObjectRef ref="id3DAF6084"/>
<ObjectRef ref="id3DAF6085"/>
</ObjectGroup>
<ObjectGroup id="id3DAF60D2" name="group-inside" comment="" ro="False">
<ObjectRef ref="id3DAF6080"/>
<ObjectRef ref="id3DAF6081"/>
</ObjectGroup>
<ObjectGroup id="id3CD87A9A" name="group-range-1" comment="" ro="False">
<ObjectRef ref="id3CD87A53"/>
<ObjectRef ref="id3CD87A5E"/>
<ObjectRef ref="id3CD87A6D"/>
<ObjectRef ref="id3CD87A7C"/>
<ObjectRef ref="id3CD87A8B"/>
</ObjectGroup>
<ObjectGroup id="id3B4572AF" name="group1" comment="" ro="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</ObjectGroup>
<ObjectGroup id="id3D8FCAAB" name="group2" comment="" ro="False">
<ObjectRef ref="host-hostA"/>
</ObjectGroup>
<ObjectGroup id="id3DB105EC" name="hosts" comment="" ro="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
<ObjectRef ref="id3AFC191C"/>
<ObjectRef ref="id3CD87A53"/>
<ObjectRef ref="id3CD87A5E"/>
<ObjectRef ref="id3CD87A6D"/>
<ObjectRef ref="id3CD87A7C"/>
<ObjectRef ref="id3CD87A8B"/>
</ObjectGroup>
<ObjectGroup id="id3D420A0B" name="internal-netzone" comment="" ro="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3DAF6080"/>
<ObjectRef ref="id3DAF6081"/>
</ObjectGroup>
<ObjectGroup id="id3BBC0EFC" name="netgroup1" comment="" ro="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3B022266"/>
</ObjectGroup>
<ObjectGroup id="id3DB105E5" name="networks" comment="" ro="False">
<ObjectRef ref="id3DAF6080"/>
<ObjectRef ref="id3DAF6081"/>
<ObjectRef ref="id3DAF6084"/>
<ObjectRef ref="id3DAF6085"/>
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3B022266"/>
</ObjectGroup>
<ObjectGroup id="id3B4572B5" name="platform" comment="" ro="False">
<ObjectRef ref="id3AFC0F70"/>
<ObjectRef ref="id3AFC191C"/>
</ObjectGroup>
<ObjectGroup id="id3DAA5110" name="zone-inside" comment="" ro="False">
<ObjectRef ref="id3D420A0B"/>
</ObjectGroup>
<ObjectGroup id="id3F93531C" name="dmz2_and_3" comment="" ro="False">
<ObjectRef ref="id3B022266"/>
<ObjectRef ref="id3F93531B"/>
</ObjectGroup>
<ObjectGroup id="id4390C25525682" name="at group" comment="this group is a combination of a regular address object and an address table in run-time mode" ro="False">
<ObjectRef ref="id4388C37D674"/>
<ObjectRef ref="id4389EE9118346"/>
</ObjectGroup>
</ObjectGroup>
<ObjectGroup id="stdid02_1" name="Hosts" comment="" ro="False">
<Host id="id3F8F9622" name="DMZhost1" comment="" ro="False">
<Interface id="id3F8F9624" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface1" comment="" ro="False">
<IPv4 id="id3F8F9625" name="DMZhost:interface1(ip)" comment="" ro="False" address="192.0.2.20" netmask="255.255.255.255"/>
</Interface>
<Management address="192.0.2.20">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3F8F9692" name="DMZhost2" comment="" ro="False">
<Interface id="id3F8F9694" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface1" comment="" ro="False">
<IPv4 id="id3F8F9695" name="DMZhost2:interface1(ip)" comment="" ro="False" address="192.0.2.21" netmask="255.255.255.255"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr">false</Option>
</HostOptions>
</Host>
<Host id="id3F8F9698" name="DMZhost3" comment="" ro="False">
<Interface id="id3F8F969A" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface1" comment="" ro="False">
<IPv4 id="id3F8F969B" name="DMZhost3:interface1(ip)" comment="" ro="False" address="192.0.2.23" netmask="255.255.255.255"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr">false</Option>
</HostOptions>
</Host>
<Host id="id3B64FFAC" name="broadcast" comment="broadcast on internal subnet" ro="False">
<Interface id="id3B64FFAC-i" bridgeport="False" dyn="False" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3B64FFAC-i-ipv4" name="address" comment="" ro="False" address="192.168.1.255" netmask="255.255.255.255"/>
</Interface>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
</HostOptions>
</Host>
<Host id="id3FA34F45" name="dest nat 1" comment="" ro="False">
<Interface id="id3FA34F47" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface1" comment="" ro="False">
<IPv4 id="id3FA34F48" name="dest nat 1:interface1(ip)" comment="" ro="False" address="209.165.201.11" netmask="255.255.255.255"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr">false</Option>
</HostOptions>
</Host>
<Host id="id3FA34F4B" name="dest nat 2" comment="" ro="False">
<Interface id="id3FA34F4D" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface1" comment="" ro="False">
<IPv4 id="id3FA34F4E" name="dest nat 1:interface1(ip)" comment="" ro="False" address="209.165.200.225" netmask="255.255.255.255"/>
</Interface>
<Management address="209.165.201.11">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3AFC0F70" name="fw2-eth1" comment="this host has the same IP address as firewall1 and firewall2" ro="False">
<Interface id="id3AFC0F70-i" bridgeport="False" dyn="False" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3AFC0F70-i-ipv4" name="address" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.255"/>
</Interface>
<Management address="22.22.22.22">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3D42052D" name="global-dmz" comment="global address on DMZ for firewall8" ro="False">
<Interface id="id3D42052D-i" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3D42052D-i-1-addr" name="address" comment="" ro="False" address="192.168.2.10" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.2.10">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3D42051B" name="global-ext-1" comment="external global address for firewall8" ro="False">
<Interface id="id3D42051B-i" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3D42051B-i-1-addr" name="address" comment="" ro="False" address="10.50.70.21" netmask="255.255.255.255"/>
</Interface>
<Management address="10.50.70.21">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3D420525" name="global-ext-2" comment="" ro="False">
<Interface id="id3D420525-i" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3D420525-i-1-addr" name="address" comment="" ro="False" address="10.50.70.22" netmask="255.255.255.255"/>
</Interface>
<Management address="10.50.70.22">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3D42094E" name="global-ext-3" comment="" ro="False">
<Interface id="id3D42094E-i" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3D42094E-i-1-addr" name="address" comment="" ro="False" address="10.50.70.23" netmask="255.255.255.255"/>
</Interface>
<Management address="10.50.70.23">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3D436EA6" name="global-int" comment="" ro="False">
<Interface id="id3D436EA6-i" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3D436EA6-i-1-addr" name="address" comment="" ro="False" address="192.168.1.10" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.10">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3FA34FCB" name="h1" comment="" ro="False">
<Interface id="id3FA34FCD" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface1" comment="" ro="False">
<IPv4 id="id3FA34FCE" name="h1:interface1(ip)" comment="" ro="False" address="10.1.2.27" netmask="255.255.255.255"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr">false</Option>
</HostOptions>
</Host>
<Host id="id3FA34D2F" name="h192.0.2.20" comment="" ro="False">
<Interface id="id3FA34D30" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface1" comment="" ro="False">
<IPv4 id="id3FA34D31" name="DMZhost:interface1(ip)" comment="" ro="False" address="192.0.2.20" netmask="255.255.255.255"/>
</Interface>
<Management address="192.0.2.20">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3FA34D37" name="h192.0.20.21" comment="" ro="False">
<Interface id="id3FA34D38" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface1" comment="" ro="False">
<IPv4 id="id3FA34D39" name="DMZhost2:interface1(ip)" comment="" ro="False" address="192.0.2.21" netmask="255.255.255.255"/>
</Interface>
<Management address="192.0.2.21">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3CD87A53" name="h192.168.1.11" comment="" ro="False">
<Interface id="id3CD87A53-i" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3CD87A53-i-1-addr" name="address" comment="" ro="False" address="192.168.1.11" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.11">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3CD87A5E" name="h192.168.1.12" comment="" ro="False">
<Interface id="id3CD87A5E-i" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3CD87A5E-i-1-addr" name="address" comment="" ro="False" address="192.168.1.12" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.12">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3CD87A6D" name="h192.168.1.13" comment="" ro="False">
<Interface id="id3CD87A6D-i" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3CD87A6D-i-1-addr" name="address" comment="" ro="False" address="192.168.1.13" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.13">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3CD87A7C" name="h192.168.1.14" comment="" ro="False">
<Interface id="id3CD87A7C-i" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3CD87A7C-i-1-addr" name="address" comment="" ro="False" address="192.168.1.14" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.14">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3CD87A8B" name="h192.168.1.15" comment="" ro="False">
<Interface id="id3CD87A8B-i" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3CD87A8B-i-1-addr" name="address" comment="" ro="False" address="192.168.1.15" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.15">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3D8AC5FB" name="host without interface" comment="" ro="False">
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3BF1B3E1" name="host-with_mac" comment="" ro="False">
<Interface id="id3BF1B3E2" bridgeport="False" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3BF1B3E2-ipv4" name="address" comment="" ro="False" address="192.168.1.10" netmask="255.255.255.0"/>
<physAddress id="id3BF1B3E2-pa" address="00:10:4b:de:e9:6f" name="unknown(MAC)" comment="" ro="False"/>
</Interface>
<Management address="192.168.1.10">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr_filter">True</Option>
</HostOptions>
</Host>
<Host id="id3BF1B3E7" name="host-with_mac-2" comment="" ro="False">
<Interface id="id3BF1B3E8" bridgeport="False" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3BF1B3E8-ipv4" name="address" comment="" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<physAddress id="id3BF1B3E8-pa" address="00:10:4b:de:e9:6f" name="unknown(MAC)" comment="" ro="False"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr_filter">True</Option>
</HostOptions>
</Host>
<Host id="host-hostA" name="hostA" comment="" ro="False">
<Interface id="host-hostA-i" bridgeport="False" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="hostA:eth0" comment="" ro="False">
<IPv4 id="host-hostA-i-ipv4" name="hostA:eth0" comment="" ro="False" address="192.168.1.10" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.10">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3B3D5A3B" name="hostA-2" comment="" ro="False">
<Interface id="id3B3D5A3B-i" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3B3D5A3B-i-1-addr" name="address" comment="" ro="False" address="192.168.1.10" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.10">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3AFADBF9" name="hostA-NAT" comment="translated address for hostA" ro="False">
<Interface id="id3AFADBF9-i" bridgeport="False" dyn="False" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3AFADBF9-i-ipv4" name="address" comment="" ro="False" address="22.22.22.23" netmask="255.255.255.255"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
</HostOptions>
</Host>
<Host id="id3D1BFABC" name="hostA-NAT-DMZ" comment="" ro="False">
<Interface id="id3D1BFABC-i" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3D1BFABC-i-1-addr" name="address" comment="" ro="False" address="192.168.2.23" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.2.23">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="host-hostB" name="hostB" comment="" ro="False">
<Interface id="host-hostB-i" bridgeport="False" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="hostB:eth0" comment="" ro="False">
<IPv4 id="host-hostB-i-ipv4" name="hostB:eth0" comment="" ro="False" address="192.168.1.20" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.20">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
</HostOptions>
</Host>
<Host id="id3BD6736B" name="hostB-NAT" comment="" ro="False">
<Interface id="id3BD6736B-i" bridgeport="False" dyn="False" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3BD6736B-i-ipv4" name="address" comment="" ro="False" address="22.22.23.24" netmask="255.255.255.255"/>
</Interface>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
</HostOptions>
</Host>
<Host id="id3AFC191C" name="hostF-int" comment="the same address as internal iface of firewall1" ro="False">
<Interface id="id3AFC191C-i" bridgeport="False" dyn="False" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3AFC191C-i-ipv4" name="address" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.255"/>
</Interface>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
</HostOptions>
</Host>
<Host id="id3FA34EFB" name="nat1" comment="" ro="False">
<Interface id="id3FA34EFD" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface1" comment="" ro="False">
<IPv4 id="id3FA34EFE" name="nat1:interface1(ip)" comment="" ro="False" address="209.165.202.129" netmask="255.255.255.255"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr">false</Option>
</HostOptions>
</Host>
<Host id="id3FA34F01" name="nat2" comment="" ro="False">
<Interface id="id3FA34F03" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface1" comment="" ro="False">
<IPv4 id="id3FA34F04" name="nat1:interface1(ip)" comment="" ro="False" address="209.165.202.130" netmask="255.255.255.255"/>
</Interface>
<Management address="209.165.202.129">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3B19C5EB" name="outside-host-1" comment="some host outside our network" ro="False">
<Interface id="id3B19C5EB-i" bridgeport="False" dyn="False" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3B19C5EB-i-ipv4" name="address" comment="" ro="False" address="200.200.200.200" netmask="255.255.255.255"/>
</Interface>
<Management address="200.200.200.200">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3FA34055" name="outside-host-2" comment="some host outside our network" ro="False">
<Interface id="id3FA34056" bridgeport="False" dyn="False" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3FA34057" name="address" comment="" ro="False" address="222.222.222.222" netmask="255.255.255.255"/>
</Interface>
<Management address="200.200.200.200">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3FA34B05" name="outside-host-3" comment="some host outside our network" ro="False">
<Interface id="id3FA34B06" bridgeport="False" dyn="False" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3FA34B07" name="address" comment="" ro="False" address="200.200.200.201" netmask="255.255.255.255"/>
</Interface>
<Management address="200.200.200.200">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="host-secondary1-com" name="secondary1.com" comment="" ro="False">
<Interface id="host-secondary1-com-i" bridgeport="False" dyn="False" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="host-secondary1-com-i-ipv4" name="address" comment="" ro="False" address="211.11.11.11" netmask="255.255.255.255"/>
</Interface>
<Management address="211.11.11.11">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
</HostOptions>
</Host>
<Host id="host-secondary2-com" name="secondary2.com" comment="" ro="False">
<Interface id="host-secondary2-com-i" bridgeport="False" dyn="False" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="host-secondary2-com-i-ipv4" name="address" comment="" ro="False" address="211.22.22.22" netmask="255.255.255.255"/>
</Interface>
<Management address="211.22.22.22">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
</HostOptions>
</Host>
<Host id="id3D1966D8" name="vk" comment="" ro="False">
<Interface id="id3D1966D8-i" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3D1966D8-i-1-addr" name="address" comment="" ro="False" address="10.3.14.30" netmask="255.255.255.255"/>
</Interface>
<Management address="10.3.14.30">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact">Root &lt;root@vk.crocodile.org&gt;</Option>
<Option name="snmp_description">Linux vk 2.2.16-3 #1 Mon Jun 19 18:49:25 EDT 2000 i586</Option>
<Option name="snmp_location">Garage</Option>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3D420521" name="websrv" comment="" ro="False">
<Interface id="id3D420521-i" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3D420521-i-1-addr" name="address" comment="" ro="False" address="192.168.2.100" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.2.100">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3BF23930" name="z-host" comment="test" ro="False">
<Interface id="id3BF23931" bridgeport="False" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3BF23931-ipv4" name="address" comment="" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<physAddress id="id3BF23931-pa" address="00:a0:24:53:06:8c" name="unknown(MAC)" comment="" ro="False"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id47B7C6CD21818" name="testhost50" comment="This object represents a PC with a single network interface" ro="False">
<Interface id="id47B7C6CF21818" bridgeport="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id47B7C6D021818" name="testhost50:eth0:ip" comment="" ro="False" address="10.3.14.50" netmask="255.255.255.0"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
</ObjectGroup>
<ObjectGroup id="stdid03_1" name="Networks" comment="" ro="False">
<Network id="id3D385DED" name="DMZ-net" comment="" ro="False" address="10.2.2.0" netmask="255.255.255.0"/>
<Network id="id3D385DEC" name="IN-net" comment="" ro="False" address="10.3.14.0" netmask="255.255.255.0"/>
<Network id="id3B022266" name="dmz2_net" comment="DMZ net - using NAT" ro="False" address="192.168.2.0" netmask="255.255.255.0"/>
<Network id="id3F93531B" name="dmz3_net" comment="DMZ net - using NAT" ro="False" address="192.168.3.0" netmask="255.255.255.0"/>
<Network id="id3D42051A" name="ext_net" comment="external net for firewall8" ro="False" address="10.50.64.0" netmask="255.255.240.0"/>
<Network id="id3B665641" name="external_net" comment="" ro="False" address="22.22.22.0" netmask="255.255.255.0"/>
<Network id="id3B665643" name="foreign_net" comment="" ro="False" address="33.33.33.0" netmask="255.255.255.0"/>
<Network id="id3F8F97BB" name="n192.0.2.0" comment="" ro="False" address="192.0.2.0" netmask="255.255.255.0"/>
<Network id="id3DAF6080" name="n192.168.10.0" comment="" ro="False" address="192.168.10.0" netmask="255.255.255.0"/>
<Network id="id3DAF6081" name="n192.168.20.0" comment="" ro="False" address="192.168.20.0" netmask="255.255.255.0"/>
<Network id="id3DAF6084" name="n192.168.3.0" comment="" ro="False" address="192.168.3.0" netmask="255.255.255.0"/>
<Network id="id3DAF6085" name="n192.168.4.0" comment="" ro="False" address="192.168.4.0" netmask="255.255.255.0"/>
<Network id="id3FA34B0D" name="outside-net" comment="" ro="False" address="200.200.100.0" netmask="255.255.255.0"/>
<Network id="id3FA34EFA" name="n10.1.2.0" comment="" ro="False" address="10.1.2.0" netmask="255.255.255.0"/>
<Network id="id3FA3F5C1" name="dest nat net 1" comment="" ro="False" address="209.165.201.0" netmask="255.255.255.224"/>
<Network id="id3FA3F5C2" name="dest nat net 2" comment="" ro="False" address="209.165.200.224" netmask="255.255.255.224"/>
<Network id="net-Internal_net" name="Internal_net" comment="" ro="False" address="192.168.1.0" netmask="255.255.255.0"/>
<Network id="id47B7C22921818" name="n10.3.14.0" comment="" ro="False" address="10.3.14.0" netmask="255.255.255.0"/>
</ObjectGroup>
<ObjectGroup id="stdid15_1" name="Address Ranges" comment="" ro="False">
<AddressRange id="id3CD8769F" name="test_range_1" comment="" ro="False" start_address="192.168.1.11" end_address="192.168.1.15"/>
<AddressRange id="id3D0F7F89" name="test_range_2" comment="" ro="False" start_address="192.168.1.250" end_address="192.168.1.255"/>
<AddressRange id="id3D196750" name="outside_range" comment="" ro="False" start_address="22.22.22.21" end_address="22.22.22.25"/>
</ObjectGroup>
</ObjectGroup>
<ServiceGroup id="stdid05_1" name="Services" comment="" ro="False">
<ServiceGroup id="stdid05_1_og_tag_1" name="TagServices" comment="" ro="False"/>
<ServiceGroup id="stdid10_1" name="Groups" comment="" ro="False">
<ServiceGroup id="id3B457567" name="svcgroup1" comment="" ro="False">
<ServiceRef ref="id3B457561"/>
<ServiceRef ref="ip-IPSEC"/>
</ServiceGroup>
<ServiceGroup id="id3C1A66C9" name="large group TCP" comment="" ro="False">
<ServiceRef ref="id3B20468D"/>
<ServiceRef ref="tcp-IRC"/>
<ServiceRef ref="id3B5009F7"/>
<ServiceRef ref="tcp-Auth"/>
<ServiceRef ref="tcp-DNS_zone_transf"/>
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="tcp-NNTP"/>
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-SSH"/>
<ServiceRef ref="tcp-Telnet"/>
<ServiceRef ref="tcp-uucp"/>
<ServiceRef ref="id3C1A66EF"/>
<ServiceRef ref="id3AEDBE6E"/>
<ServiceRef ref="id3B4FEDA3"/>
<ServiceRef ref="id3B4FED69"/>
<ServiceRef ref="id3AECF776"/>
<ServiceRef ref="id3B4FED9F"/>
<ServiceRef ref="id3B4FF13C"/>
<ServiceRef ref="id3B4FEE21"/>
<ServiceRef ref="id3B4FEE23"/>
<ServiceRef ref="id3AECF778"/>
<ServiceRef ref="id3B4FF000"/>
<ServiceRef ref="id3B4FEEEE"/>
<ServiceRef ref="id3B4FEE7A"/>
<ServiceRef ref="id3B4FEE1D"/>
<ServiceRef ref="id3B4FF0EA"/>
<ServiceRef ref="id3AECF782"/>
<ServiceRef ref="id3B4FEF7C"/>
<ServiceRef ref="id3AECF77A"/>
<ServiceRef ref="id3AECF77C"/>
<ServiceRef ref="id3AECF77E"/>
<ServiceRef ref="id3B4FEF34"/>
<ServiceRef ref="id3B4FF04C"/>
<ServiceRef ref="id3B4FEE76"/>
<ServiceRef ref="id3AEDBE00"/>
<ServiceRef ref="id3B4FF1B8"/>
</ServiceGroup>
<ServiceGroup id="id3CD878C8" name="small group TCP" comment="" ro="False">
<ServiceRef ref="tcp-Auth"/>
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-SSH"/>
<ServiceRef ref="tcp-uucp"/>
<ServiceRef ref="id3B4FED69"/>
<ServiceRef ref="id3AECF776"/>
</ServiceGroup>
<ServiceGroup id="id3D116567" name="ip services" comment="" ro="False">
<ServiceRef ref="ip-IPSEC"/>
<ServiceRef ref="id3D116569"/>
</ServiceGroup>
<ServiceGroup id="id3D12CD12" name="mixed services" comment="" ro="False">
<ServiceRef ref="id3C1A5D46"/>
<ServiceRef ref="id3D116569"/>
<ServiceRef ref="id3B5009F7"/>
<ServiceRef ref="id3C1A66EF"/>
<ServiceRef ref="tcp-IRC"/>
<ServiceRef ref="tcp-Telnet"/>
<ServiceRef ref="udp-SNMP"/>
<ServiceRef ref="udp-DNS"/>
</ServiceGroup>
</ServiceGroup>
<ServiceGroup id="stdid07_1" name="ICMP" comment="" ro="False">
<ICMPService id="id3C1A5D46" code="-1" type="-1" name="any ICMP" comment="" ro="False"/>
<ICMPService id="id3D0E8383" code="0" type="3" name="all unreachables" comment="" ro="False"/>
</ServiceGroup>
<ServiceGroup id="stdid06_1" name="IP" comment="" ro="False">
<IPService id="id3B457561" fragm="False" lsrr="False" protocol_num="1" rr="False" short_fragm="False" ssrr="False" ts="False" name="ICMP" comment="" ro="False"/>
<IPService id="id3B6659A5" fragm="False" lsrr="False" protocol_num="0" rr="False" short_fragm="False" ssrr="False" ts="True" name="TS" comment="" ro="False"/>
<IPService id="id3D116569" fragm="False" lsrr="False" protocol_num="47" rr="False" short_fragm="False" ssrr="False" ts="False" name="GRE" comment="" ro="False"/>
</ServiceGroup>
<ServiceGroup id="stdid09_1" name="TCP" comment="" ro="False">
<TCPService id="id3C1A66EF" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="gopher" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="70" dst_range_end="70"/>
<TCPService id="tcp-IRC" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="irc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="6667" dst_range_end="6667"/>
<TCPService id="id3B5009F7" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="squid" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3128" dst_range_end="3128"/>
<TCPService id="id3D91665B" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ssh" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
<TCPService id="id3B20468D" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="test-TCP" comment="port range" ro="False" src_range_start="0" src_range_end="0" dst_range_start="10000" dst_range_end="11000"/>
<TCPService id="id3B58E3F1" ack_flag="True" ack_flag_mask="True" fin_flag="True" fin_flag_mask="True" psh_flag="False" psh_flag_mask="True" rst_flag="True" rst_flag_mask="True" syn_flag="True" syn_flag_mask="True" urg_flag="False" urg_flag_mask="True" name="xmas-tree" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id3E9E32B8" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp tst 1" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1000" dst_range_end="10001"/>
<TCPService id="id3E9E32B9" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp tst 2" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1500" dst_range_end="1500"/>
<TCPService id="id3FA56D2D" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="http" comment="object used in firewall13 (NAT) to test creation of the ACLs if&#10;two service objects with the same name are used in the rule" ro="False" src_range_start="0" src_range_end="0" dst_range_start="81" dst_range_end="81"/>
<TCPService id="id431BD5EE" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp tst 3" comment="service with source port range" ro="False" src_range_start="1024" src_range_end="65535" dst_range_start="80" dst_range_end="80"/>
<TCPService id="id47B71DEF21818" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp-2525" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2525" dst_range_end="2525"/>
</ServiceGroup>
<ServiceGroup id="stdid08_1" name="UDP" comment="" ro="False"/>
<ServiceGroup id="stdid13_1" name="Custom_Services" comment="" ro="False">
<CustomService id="id3B64FE22" name="talk" comment="Talk support" ro="False">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="iptables">-m ip_conntrack_talk -m ip_nat_talk</CustomServiceCommand>
</CustomService>
</ServiceGroup>
<ServiceGroup id="stdid05_1_userservices" name="Users" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="stdid12_1" name="Firewalls" comment="" ro="False">
<Firewall id="fw-firewall2" host_OS="pix_os" inactive="False" lastCompiled="1163922727" lastInstalled="0" lastModified="1176515435" platform="pix" version="6.2" name="firewall" comment="this is simple firewall with two interfaces. Test regular policy rules, including IP_fragments rule" ro="False">
<NAT id="nat-firewall2" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="nat-firewall2-0" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="fw-firewall2"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D19635C" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="fw-firewall2"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DB6442D" disabled="False" position="2" comment="">
<OSrc neg="False">
<ObjectRef ref="id3DAA5110"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="fw-firewall2"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D1969CD" disabled="False" position="3" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3B665641"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D1967DE" disabled="False" position="4" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3D196750"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="nat-firewall2-1" disabled="False" position="5" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="fw-firewall2"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D1965E7" disabled="False" position="6" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="net-Internal_net"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFC191C"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D19629B" disabled="False" position="7" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D1964AF" disabled="False" position="8" comment="">
<OSrc neg="False">
<ObjectRef ref="id3CD87A53"/>
<ObjectRef ref="id3CD87A5E"/>
<ObjectRef ref="id3CD87A6D"/>
<ObjectRef ref="id3CD87A7C"/>
<ObjectRef ref="id3CD87A8B"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DB63E17" disabled="False" position="9" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D50AD38" disabled="False" position="10" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="net-Internal_net"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D50ADE4" disabled="False" position="11" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="host-hostA"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3CDB43B8" disabled="True" position="12" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="fw-firewall2"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B4FF09A"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="pol-firewall2" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="pol-firewall2-0" action="Deny" direction="Inbound" disabled="False" log="True" position="0" comment="blocking short fragments">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="ip-IP_Fragments"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="if-FW-firewall2-eth1"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B09D29D" action="Deny" direction="Inbound" disabled="True" log="True" position="1" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="fw-firewall2"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="ip-IP_Fragments"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="if-FW-firewall2-eth1"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D6A8E85" action="Accept" direction="Inbound" disabled="False" log="False" position="2" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-Unreachables"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="if-FW-firewall2-eth1"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="pol-firewall2-1" action="Accept" direction="Outbound" disabled="False" log="True" position="3" comment="anti-spoofing rule">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="fw-firewall2"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="if-FW-firewall2-eth1"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3B92DFC5" action="Accept" direction="Inbound" disabled="False" log="False" position="4" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="fw-firewall2"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="if-FW-firewall2-eth0"/>
</Itf>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3C4E4C38" action="Accept" direction="Both" disabled="False" log="False" position="5" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-secondary1-com"/>
<ObjectRef ref="host-secondary2-com"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3CD878C8"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="if-FW-firewall2-eth0"/>
</Itf>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3D1168B6" action="Deny" direction="Inbound" disabled="False" log="False" position="6" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3B64FFAC"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="if-FW-firewall2-eth0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B58E39D" action="Deny" direction="Both" disabled="True" log="True" position="7" comment="this rule, if enabled, shades&#10;some rule below because&#10;of service &quot;any ICMP&quot;">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-TCP-SYN"/>
<ServiceRef ref="id3B58E3F1"/>
<ServiceRef ref="id3C1A5D46"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_value">0</Option>
<Option name="log_limit_suffix"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D8FCE32" action="Accept" direction="Both" disabled="False" log="False" position="8" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sg-Useful_ICMP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="pol-firewall2-2" action="Accept" direction="Both" disabled="False" log="False" position="9" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3D12CD12"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CE59C76" action="Accept" direction="Both" disabled="False" log="True" position="10" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3D0E8383"/>
<ServiceRef ref="id3D116567"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_value">0</Option>
<Option name="log_limit_suffix"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D6A8AB2" action="Deny" direction="Both" disabled="True" log="False" position="11" comment="shades rule #8 below">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3C1A5D46"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-3" action="Accept" direction="Both" disabled="False" log="False" position="12" comment="">
<Src neg="False">
<ObjectRef ref="host-secondary1-com"/>
<ObjectRef ref="host-secondary2-com"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3E155E82" action="Accept" direction="Both" disabled="False" log="False" position="13" comment="">
<Src neg="False">
<ObjectRef ref="id3BF1B3E1"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D0F7F89"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3B5009F7"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3D0F8031" action="Accept" direction="Both" disabled="False" log="False" position="14" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D0F7F89"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3B5009F7"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3D50CD96" action="Accept" direction="Both" disabled="False" log="False" position="15" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="fw-firewall2"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-Unreachables"/>
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3CD87B1E" action="Accept" direction="Both" disabled="False" log="False" position="16" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3CD87A9A"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3CD878C8"/>
<ServiceRef ref="id3B5009F7"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CD8770E" action="Accept" direction="Both" disabled="False" log="False" position="17" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3CD8769F"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3CD878C8"/>
<ServiceRef ref="id3B5009F7"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-4" action="Accept" direction="Both" disabled="False" log="False" position="18" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="net-Internal_net"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3B5009F7"/>
<ServiceRef ref="id3C1A66C9"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id431BE7A0" action="Accept" direction="Both" disabled="False" log="False" position="19" comment="objects hostA and hostB are&#10;redundant and should be removed by&#10; removeRedundantAddressesFromDst">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3CB131C4"/>
<ServiceRef ref="id3D703C96"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id431BD5EF" action="Accept" direction="Both" disabled="False" log="False" position="20" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id431BD5EE"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3CE597E3" action="Accept" direction="Both" disabled="True" log="False" position="21" comment="rules 12 and 13 can be&#10;used to test shading">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="net-Internal_net"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CE591F6" action="Accept" direction="Both" disabled="True" log="False" position="22" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3B3D5A3B"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B58E180" action="Accept" direction="Both" disabled="False" log="True" position="23" comment="">
<Src neg="False">
<ObjectRef ref="fw-firewall2"/>
</Src>
<Dst neg="False">
<ObjectRef ref="fw-firewall2"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="pol-firewall2-5" action="Accept" direction="Both" disabled="False" log="False" position="24" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="fw-firewall2"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-7" action="Deny" direction="Both" disabled="False" log="True" position="25" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_limit_suffix"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="fw-firewall2-routing" name="Routing" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="if-FW-firewall2-eth1" bridgeport="False" dyn="False" label="outside" mgmt="False" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="ethernet1" comment="" ro="False">
<IPv4 id="if-FW-firewall2-eth1-ipv4" name="a1" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface>
<Interface id="if-FW-firewall2-eth0" bridgeport="False" dyn="False" label="inside" mgmt="True" network_zone="id3DAA5110" security_level="100" unnum="False" unprotected="False" name="ethernet0" comment="" ro="False">
<IPv4 id="if-FW-firewall2-eth0-ipv4" name="a0" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface id="id3D19631F" bridgeport="False" dyn="False" label="dmz" mgmt="False" network_zone="id3B022266" security_level="50" unnum="False" unprotected="False" name="ethernet2" comment="" ro="False">
<IPv4 id="id3D19631F-ipv4" name="a2" comment="" ro="False" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">False</Option>
<Option name="accept_new_tcp_with_no_syn">False</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="check_shading">True</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline">-v</Option>
<Option name="compiler"></Option>
<Option name="conn_hh">1</Option>
<Option name="conn_mm">0</Option>
<Option name="conn_ss">0</Option>
<Option name="ctiqbe_fixup">2 2748 0 nil 0</Option>
<Option name="debug">False</Option>
<Option name="dns_fixup">2 65535 0 nil 0</Option>
<Option name="dyn_addr">False</Option>
<Option name="espike_fixup">2 0 0 nil 0</Option>
<Option name="firewall_dir"></Option>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="ftp_fixup">0 21 0 strict 0</Option>
<Option name="h323_h225_fixup">0 1720 1720 nil 0</Option>
<Option name="h323_hh">0</Option>
<Option name="h323_mm">5</Option>
<Option name="h323_ras_fixup">0 1718 1719 nil 0</Option>
<Option name="h323_ss">0</Option>
<Option name="half-closed_hh">0</Option>
<Option name="half-closed_mm">0</Option>
<Option name="half-closed_ss">0</Option>
<Option name="http_fixup">0 80 80 nil 0</Option>
<Option name="icmp_error_fixup">2 0 0 nil 0</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="ils_fixup">0 389 389 nil 0</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="limit_suffix">/second</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">0</Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">False</Option>
<Option name="log_all_dropped">True</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgcp_fixup">2 2427 2727 nil 0</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_ssh">False</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="openbsd_ip_directed_broadcast">0</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="openbsd_ip_redirect">0</Option>
<Option name="openbsd_ip_sourceroute">0</Option>
<Option name="output_file"></Option>
<Option name="pass_all_out">False</Option>
<Option name="pix_acl_basic">False</Option>
<Option name="pix_acl_no_clear">False</Option>
<Option name="pix_acl_substitution">True</Option>
<Option name="pix_acl_temp_addr">192.168.1.0/24</Option>
<Option name="pix_add_clear_statements">True</Option>
<Option name="pix_assume_fw_part_of_any">True</Option>
<Option name="pix_check_duplicate_nat">False</Option>
<Option name="pix_check_overlapping_global_pools">False</Option>
<Option name="pix_check_overlapping_global_statics">False</Option>
<Option name="pix_check_overlapping_statics">False</Option>
<Option name="pix_check_rule_shading">True</Option>
<Option name="pix_conn_abs">True</Option>
<Option name="pix_conn_hh">1</Option>
<Option name="pix_conn_inact">False</Option>
<Option name="pix_conn_mm">0</Option>
<Option name="pix_conn_ss">0</Option>
<Option name="pix_connection_timewait">True</Option>
<Option name="pix_disable_snmp_agent">False</Option>
<Option name="pix_emb_limit">0</Option>
<Option name="pix_emblem_log_format">False</Option>
<Option name="pix_emulate_out_acl">True</Option>
<Option name="pix_enable_snmp_traps">True</Option>
<Option name="pix_epilog_script"></Option>
<Option name="pix_floodguard">False</Option>
<Option name="pix_fragguard">True</Option>
<Option name="pix_h323_abs">True</Option>
<Option name="pix_h323_hh">0</Option>
<Option name="pix_h323_inact">False</Option>
<Option name="pix_h323_mm">5</Option>
<Option name="pix_h323_ss">0</Option>
<Option name="pix_include_comments">True</Option>
<Option name="pix_ip_address">False</Option>
<Option name="pix_logging_buffered">False</Option>
<Option name="pix_logging_buffered_level">0</Option>
<Option name="pix_logging_console">False</Option>
<Option name="pix_logging_console_level">0</Option>
<Option name="pix_logging_timestamp">False</Option>
<Option name="pix_logging_trap_level">0</Option>
<Option name="pix_max_conns">0</Option>
<Option name="pix_nodnsalias_inbound">True</Option>
<Option name="pix_nodnsalias_outbound">True</Option>
<Option name="pix_ntp1">192.168.1.20</Option>
<Option name="pix_ntp1_pref">True</Option>
<Option name="pix_ntp2"></Option>
<Option name="pix_ntp2_pref">False</Option>
<Option name="pix_ntp3"></Option>
<Option name="pix_ntp3_pref">False</Option>
<Option name="pix_optimize_default_nat">True</Option>
<Option name="pix_prolog_script">
</Option>
<Option name="pix_regroup_commands">False</Option>
<Option name="pix_replace_natted_objects">True</Option>
<Option name="pix_resetinbound">False</Option>
<Option name="pix_resetoutside">False</Option>
<Option name="pix_route_dnat">False</Option>
<Option name="pix_rpc_abs">True</Option>
<Option name="pix_rpc_hh">0</Option>
<Option name="pix_rpc_inact">False</Option>
<Option name="pix_rpc_mm">10</Option>
<Option name="pix_rpc_ss">0</Option>
<Option name="pix_set_communities_from_object_data">True</Option>
<Option name="pix_set_host_name">True</Option>
<Option name="pix_set_sysinfo_from_object_data">True</Option>
<Option name="pix_sip_abs">True</Option>
<Option name="pix_sip_hh">0</Option>
<Option name="pix_sip_inact">False</Option>
<Option name="pix_sip_media_abs">True</Option>
<Option name="pix_sip_media_hh">0</Option>
<Option name="pix_sip_media_inact">False</Option>
<Option name="pix_sip_media_mm">2</Option>
<Option name="pix_sip_media_ss">0</Option>
<Option name="pix_sip_mm">30</Option>
<Option name="pix_sip_ss">0</Option>
<Option name="pix_snmp_poll_traps_1">1</Option>
<Option name="pix_snmp_poll_traps_2">2</Option>
<Option name="pix_snmp_server1">192.168.1.20</Option>
<Option name="pix_snmp_server2">192.168.1.22</Option>
<Option name="pix_ssh_timeout">5</Option>
<Option name="pix_syslog_facility">16</Option>
<Option name="pix_syslog_host">192.168.1.30</Option>
<Option name="pix_syslog_level">error</Option>
<Option name="pix_syslog_queue_size">512</Option>
<Option name="pix_tcpmss">True</Option>
<Option name="pix_tcpmss_value">1380</Option>
<Option name="pix_telnet_timeout">5</Option>
<Option name="pix_uauth_abs">True</Option>
<Option name="pix_uauth_hh">2</Option>
<Option name="pix_uauth_inact">False</Option>
<Option name="pix_uauth_mm">0</Option>
<Option name="pix_uauth_ss">0</Option>
<Option name="pix_udp_abs">True</Option>
<Option name="pix_udp_hh">0</Option>
<Option name="pix_udp_inact">False</Option>
<Option name="pix_udp_mm">2</Option>
<Option name="pix_udp_ss">0</Option>
<Option name="pix_unauth_abs">True</Option>
<Option name="pix_unauth_hh">2</Option>
<Option name="pix_unauth_inact">False</Option>
<Option name="pix_unauth_mm">0</Option>
<Option name="pix_unauth_ss">0</Option>
<Option name="pix_use_acl_remarks">False</Option>
<Option name="pix_xlate_abs">True</Option>
<Option name="pix_xlate_hh">3</Option>
<Option name="pix_xlate_inact">False</Option>
<Option name="pix_xlate_mm">0</Option>
<Option name="pix_xlate_ss">0</Option>
<Option name="platform">iptables</Option>
<Option name="pptp_fixup">2 1723 0 nil 0</Option>
<Option name="rpc_hh">0</Option>
<Option name="rpc_mm">10</Option>
<Option name="rpc_ss">0</Option>
<Option name="rsh_fixup">0 514 0 nil 0</Option>
<Option name="rtsp_fixup">0 554 0 nil 0</Option>
<Option name="script_env_path"></Option>
<Option name="sip_fixup">0 5060 5060 nil 0</Option>
<Option name="sip_hh">0</Option>
<Option name="sip_media_hh">0</Option>
<Option name="sip_media_mm">0</Option>
<Option name="sip_media_ss">0</Option>
<Option name="sip_mm">30</Option>
<Option name="sip_ss">0</Option>
<Option name="sip_udp_fixup">2 5060 0 nil 0</Option>
<Option name="skinny_fixup">0 2000 2000 nil 0</Option>
<Option name="smtp_fixup">0 25 25 nil 0</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sqlnet_fixup">0 1521 1521 nil 0</Option>
<Option name="sshArgs"></Option>
<Option name="ssh_timeout">5</Option>
<Option name="telnet_timeout">5</Option>
<Option name="tftp_fixup">2 69 0 nil 0</Option>
<Option name="uauth_abs">True</Option>
<Option name="uauth_hh">2</Option>
<Option name="uauth_inact">False</Option>
<Option name="uauth_mm">0</Option>
<Option name="uauth_ss">0</Option>
<Option name="udp_hh">0</Option>
<Option name="udp_mm">2</Option>
<Option name="udp_ss">0</Option>
<Option name="use_numeric_log_levels">False</Option>
<Option name="xlate_hh">3</Option>
<Option name="xlate_mm">0</Option>
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3AF5AA0A" host_OS="pix_os" lastCompiled="1145688299" lastInstalled="0" lastModified="0" platform="pix" version="6.1" name="firewall1" comment="this object is used to test all kinds of negation in policy rules" ro="False">
<NAT id="id3AF5AA0D" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3C98491C" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3AFADC09" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFADBF9"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3B1328FB" disabled="False" position="2" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AF5AA0A"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id3AF5AA0C" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id3C5987DC" action="Deny" direction="Both" disabled="True" log="True" position="0" comment="">
<Src neg="False">
<ObjectRef ref="id3B4572B5"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id3B4572B5"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3B457567"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AF5AA96"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CD34BEF" action="Deny" direction="Both" disabled="True" log="False" position="1" comment="">
<Src neg="False">
<ObjectRef ref="id3B4572AF"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id3B4572AF"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3B457567"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AF5AA96"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AF5AAB4" action="Deny" direction="Inbound" disabled="False" log="True" position="2" comment="Anti-spoofing rule">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3AF5AA0A"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AF5AA99"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id434C245721195" action="Accept" direction="Inbound" disabled="False" log="False" position="3" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AF5AA96"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3D50B022" action="Accept" direction="Inbound" disabled="False" log="False" position="4" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AF5AA0A"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-ping_request"/>
<ServiceRef ref="icmp-Time_exceeded"/>
<ServiceRef ref="icmp-Time_exceeded_in_transit"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AF5AA99"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3D50B012" action="Accept" direction="Inbound" disabled="False" log="False" position="5" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-ping_request"/>
<ServiceRef ref="icmp-Time_exceeded"/>
<ServiceRef ref="icmp-Time_exceeded_in_transit"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AF5AA99"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id434C064921195" action="Accept" direction="Inbound" disabled="False" log="False" position="6" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AF5AA0A"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-ping_request"/>
<ServiceRef ref="icmp-Time_exceeded"/>
<ServiceRef ref="icmp-Time_exceeded_in_transit"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AF5AA99"/>
<ObjectRef ref="id3B0B4BC8"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3CCA26E4" action="Deny" direction="Both" disabled="True" log="True" position="7" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-TCP-SYN"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B9AB902" action="Deny" direction="Both" disabled="True" log="True" position="8" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="True">
<ServiceRef ref="tcp-TCP-SYN"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3F8FACF5" action="Accept" direction="Both" disabled="False" log="False" position="9" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AF5AA0A"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
<ServiceRef ref="tcp-Telnet"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3F8FADA8" action="Accept" direction="Both" disabled="True" log="False" position="10" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AF5AA0A"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="id3B4FED69"/>
<ServiceRef ref="tcp-SSH"/>
<ServiceRef ref="tcp-Telnet"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3AFC0F90" action="Accept" direction="Both" disabled="False" log="True" position="11" comment="hostF has the same IP address as firewal.">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AFC191C"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-ping_request"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3B021E10" action="Deny" direction="Both" disabled="True" log="True" position="12" comment="testing negation in the policy rule">
<Src neg="True">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-Unreachables"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix">/minute</Option>
<Option name="limit_value">10</Option>
<Option name="log_prefix"></Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B0B4A13" action="Deny" direction="Both" disabled="True" log="True" position="13" comment="this rule is shaded by rule above.">
<Src neg="True">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AF5AA0A"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-Unreachables"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B5535B7" action="Deny" direction="Both" disabled="True" log="True" position="14" comment="this rule shades rule below">
<Src neg="True">
<ObjectRef ref="id3B022266"/>
<ObjectRef ref="id3AF5AA0A"/>
</Src>
<Dst neg="False">
<ObjectRef ref="net-Internal_net"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B11F63D" action="Deny" direction="Both" disabled="True" log="True" position="15" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="True">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B021E6F" action="Deny" direction="Both" disabled="True" log="True" position="16" comment="testing negation in service field">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Dst>
<Srv neg="True">
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CCA2CF4" action="Accept" direction="Both" disabled="True" log="True" position="17" comment="testing negation in service field">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Dst>
<Srv neg="True">
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3B45739A" action="Deny" direction="Both" disabled="True" log="True" position="18" comment="">
<Src neg="False">
<ObjectRef ref="id3B4572B5"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id3B4572B5"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3B457567"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AF5AAC8" action="Accept" direction="Both" disabled="False" log="False" position="19" comment="'masquerading' rule">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3AF5AAE3" action="Deny" direction="Both" disabled="False" log="True" position="20" comment="'catch all' rule">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id3AF5AA0A-routing" name="Routing" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id3AF5AA96" bridgeport="False" dyn="False" label="inside" mgmt="True" network_zone="net-Internal_net" security_level="100" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3AF5AA96-ipv4" name="address" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface id="id3AF5AA99" bridgeport="False" dyn="True" label="outside" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id3AF5AA99-ipv4" name="address" comment="" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
</Interface>
<Interface id="id3B0B4BC8" bridgeport="False" dyn="False" label="dmz" network_zone="id3B022266" security_level="50" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<IPv4 id="id3B0B4BC8-ipv4" name="address" comment="" ro="False" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="firewall_dir"></Option>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="limit_suffix">/day</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">0</Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">False</Option>
<Option name="log_all_dropped">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="pix_add_clear_statements">False</Option>
<Option name="pix_assume_fw_part_of_any">False</Option>
<Option name="pix_check_duplicate_nat">False</Option>
<Option name="pix_check_overlapping_global_pools">False</Option>
<Option name="pix_check_overlapping_global_statics">False</Option>
<Option name="pix_check_overlapping_statics">False</Option>
<Option name="pix_check_rule_shading">False</Option>
<Option name="pix_conn_abs">True</Option>
<Option name="pix_conn_hh">1</Option>
<Option name="pix_conn_inact">False</Option>
<Option name="pix_conn_mm">0</Option>
<Option name="pix_conn_ss">0</Option>
<Option name="pix_connection_timewait">False</Option>
<Option name="pix_disable_snmp_agent">True</Option>
<Option name="pix_emulate_out_acl">True</Option>
<Option name="pix_enable_snmp_traps">False</Option>
<Option name="pix_epilog_script"></Option>
<Option name="pix_fragguard">False</Option>
<Option name="pix_h323_abs">True</Option>
<Option name="pix_h323_hh">0</Option>
<Option name="pix_h323_inact">False</Option>
<Option name="pix_h323_mm">5</Option>
<Option name="pix_h323_ss">0</Option>
<Option name="pix_include_comments">True</Option>
<Option name="pix_ip_address">False</Option>
<Option name="pix_nodnsalias_inbound">False</Option>
<Option name="pix_nodnsalias_outbound">False</Option>
<Option name="pix_ntp1"></Option>
<Option name="pix_ntp1_pref">True</Option>
<Option name="pix_ntp2"></Option>
<Option name="pix_ntp2_pref">False</Option>
<Option name="pix_ntp3"></Option>
<Option name="pix_ntp3_pref">False</Option>
<Option name="pix_optimize_default_nat">False</Option>
<Option name="pix_prolog_script"></Option>
<Option name="pix_regroup_commands">False</Option>
<Option name="pix_replace_natted_objects">False</Option>
<Option name="pix_rpc_abs">True</Option>
<Option name="pix_rpc_hh">0</Option>
<Option name="pix_rpc_inact">False</Option>
<Option name="pix_rpc_mm">10</Option>
<Option name="pix_rpc_ss">0</Option>
<Option name="pix_set_communities_from_object_data">False</Option>
<Option name="pix_set_host_name">False</Option>
<Option name="pix_set_sysinfo_from_object_data">False</Option>
<Option name="pix_sip_abs">True</Option>
<Option name="pix_sip_hh">0</Option>
<Option name="pix_sip_inact">False</Option>
<Option name="pix_sip_media_abs">True</Option>
<Option name="pix_sip_media_hh">0</Option>
<Option name="pix_sip_media_inact">False</Option>
<Option name="pix_sip_media_mm">2</Option>
<Option name="pix_sip_media_ss">0</Option>
<Option name="pix_sip_mm">30</Option>
<Option name="pix_sip_ss">0</Option>
<Option name="pix_snmp_poll_traps_1">1</Option>
<Option name="pix_snmp_poll_traps_2">1</Option>
<Option name="pix_snmp_server1"></Option>
<Option name="pix_snmp_server2"></Option>
<Option name="pix_ssh_timeout">5</Option>
<Option name="pix_syslog_facility"></Option>
<Option name="pix_syslog_host"></Option>
<Option name="pix_syslog_level"></Option>
<Option name="pix_syslog_queue_size">0</Option>
<Option name="pix_tcpmss">False</Option>
<Option name="pix_tcpmss_value">0</Option>
<Option name="pix_telnet_timeout">5</Option>
<Option name="pix_uauth_abs">True</Option>
<Option name="pix_uauth_hh">2</Option>
<Option name="pix_uauth_inact">False</Option>
<Option name="pix_uauth_mm">0</Option>
<Option name="pix_uauth_ss">0</Option>
<Option name="pix_udp_abs">True</Option>
<Option name="pix_udp_hh">0</Option>
<Option name="pix_udp_inact">False</Option>
<Option name="pix_udp_mm">2</Option>
<Option name="pix_udp_ss">0</Option>
<Option name="pix_unauth_abs">True</Option>
<Option name="pix_unauth_hh">2</Option>
<Option name="pix_unauth_inact">False</Option>
<Option name="pix_unauth_mm">0</Option>
<Option name="pix_unauth_ss">0</Option>
<Option name="pix_xlate_abs">True</Option>
<Option name="pix_xlate_hh">3</Option>
<Option name="pix_xlate_inact">False</Option>
<Option name="pix_xlate_mm">0</Option>
<Option name="pix_xlate_ss">0</Option>
<Option name="platform">iptables</Option>
<Option name="proxy_arp">False</Option>
<Option name="script_env_path"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_ip_tool">False</Option>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3DB0F914" host_OS="pix_os" lastCompiled="1152028938" lastInstalled="0" lastModified="1152028917" platform="pix" version="6.3" name="firewall10" comment="big policy. Testing compiler performance" ro="False">
<NAT id="id3DB0F915" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3DB0F916" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3DB0F914"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DB0F924" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
<ObjectRef ref="id3F93531B"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3DB0F914"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DB0F932" disabled="False" position="2" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3B665641"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DB0F940" disabled="False" position="3" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3D196750"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DB0F94E" disabled="False" position="4" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3DB0F914"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DB0F95C" disabled="False" position="5" comment="policy NAT&#10;rule">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
<ObjectRef ref="id3F93531B"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="net-Internal_net"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFC191C"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3F9353DD" disabled="False" position="6" comment="policy NAT&#10;rule">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
<ObjectRef ref="id3F93531B"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3DB0FAA3"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DB0F96A" disabled="False" position="7" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
<ObjectRef ref="id3F93531B"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DB0F978" disabled="False" position="8" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
<ObjectRef ref="id3F93531B"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DB0F986" disabled="False" position="9" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
<ObjectRef ref="id3F93531B"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="net-Internal_net"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DB0F994" disabled="False" position="10" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
<ObjectRef ref="id3F93531B"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="host-hostA"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id44AABABD7936" disabled="False" position="11" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="host-hostA"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DB0F9A2" disabled="True" position="12" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3DB0F914"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B4FF09A"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id3DB0F9B0" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id3DB0FA5E" action="Deny" direction="Inbound" disabled="True" log="True" position="0" comment="blocking short fragments">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="ip-IP_Fragments"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3DB0FA5B"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3DB0FA68" action="Deny" direction="Inbound" disabled="True" log="True" position="1" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3DB0F914"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="ip-IP_Fragments"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3DB0FA5B"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3DB0FA70" action="Accept" direction="Inbound" disabled="True" log="False" position="2" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-Unreachables"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3DB0FA5B"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3DB0FA7A" action="Accept" direction="Outbound" disabled="False" log="True" position="3" comment="anti-spoofing rule">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3DB0F914"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3DB0FA5B"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3DB0FA88" action="Accept" direction="Inbound" disabled="True" log="False" position="4" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3DB0F914"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3DB0FA85"/>
</Itf>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3DB0FA90" action="Accept" direction="Both" disabled="False" log="False" position="5" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-secondary1-com"/>
<ObjectRef ref="host-secondary2-com"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3CD878C8"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3DB0FA85"/>
</Itf>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3DB0FA99" action="Deny" direction="Inbound" disabled="True" log="False" position="6" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3B64FFAC"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3DB0FA85"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3DB0F9C7" action="Accept" disabled="False" log="False" position="7" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sg-Useful_ICMP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3DB0F9BD" action="Accept" disabled="False" log="False" position="8" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3D12CD12"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3DB0F9DB" action="Accept" disabled="False" log="True" position="9" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3D0E8383"/>
<ServiceRef ref="id3D116567"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_value">0</Option>
<Option name="log_limit_suffix"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3DB0F9D1" action="Deny" disabled="True" log="False" position="10" comment="shades rule #12">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3C1A5D46"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3DB0F9E6" action="Accept" disabled="False" log="False" position="11" comment="">
<Src neg="False">
<ObjectRef ref="host-secondary1-com"/>
<ObjectRef ref="host-secondary2-com"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3DB10695" action="Accept" disabled="False" log="False" position="12" comment="">
<Src neg="False">
<ObjectRef ref="id3DB105E5"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3DB105EC"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3DB0F9F2" action="Accept" disabled="False" log="False" position="13" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D0F7F89"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3B5009F7"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3DB0F9FC" action="Accept" disabled="False" log="False" position="14" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3CD87A9A"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3CD878C8"/>
<ServiceRef ref="id3B5009F7"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3DB0FA07" action="Accept" disabled="False" log="False" position="15" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3CD8769F"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3CD878C8"/>
<ServiceRef ref="id3B5009F7"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3DB0FA12" action="Accept" disabled="False" log="False" position="16" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="net-Internal_net"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3B5009F7"/>
<ServiceRef ref="id3C1A66C9"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3DB0FA1D" action="Accept" disabled="True" log="False" position="17" comment="rules 8 and 9 can be&#10;used to test shading">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="net-Internal_net"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3DB0FA27" action="Accept" disabled="True" log="False" position="18" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3B3D5A3B"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3DB0FA31" action="Accept" disabled="False" log="False" position="19" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3DB0F914"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-Unreachables"/>
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3DB0FA3C" action="Accept" disabled="False" log="True" position="20" comment="">
<Src neg="False">
<ObjectRef ref="id3DB0F914"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3DB0F914"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3DB0FA46" action="Accept" disabled="False" log="False" position="21" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3DB0F914"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3DB0FA51" action="Deny" disabled="False" log="True" position="22" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_limit_suffix"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id3DB0F914-routing" name="Routing" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id3DB0FA5B" bridgeport="False" dyn="False" label="outside" mgmt="False" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="ethernet1" comment="" ro="False">
<IPv4 id="id3DB0FA5C" name="a1" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface>
<Interface id="id3DB0FA85" bridgeport="False" dyn="False" label="inside" mgmt="True" network_zone="id3DAA5110" security_level="100" unnum="False" unprotected="False" name="ethernet0" comment="" ro="False">
<IPv4 id="id3DB0FA86" name="a0" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface id="id3DB0FAA3" bridgeport="False" dyn="False" label="dmz" mgmt="False" network_zone="id3F93531C" security_level="50" unnum="False" unprotected="False" name="ethernet2" comment="" ro="False">
<IPv4 id="id3DB0FAA4" name="a2" comment="" ro="False" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">False</Option>
<Option name="accept_new_tcp_with_no_syn">False</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline">-v</Option>
<Option name="compiler"></Option>
<Option name="conn_hh">1</Option>
<Option name="conn_mm">0</Option>
<Option name="conn_ss">0</Option>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="firewall_dir"></Option>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="ftp_fixup">0 21 21 strict 0</Option>
<Option name="h323_h225_fixup">0 1720 1720 nil 0</Option>
<Option name="h323_hh">0</Option>
<Option name="h323_mm">5</Option>
<Option name="h323_ras_fixup">0 1718 1719 nil 0</Option>
<Option name="h323_ss">0</Option>
<Option name="http_fixup">0 80 80 nil 0</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="ils_fixup">0 389 389 nil 0</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="limit_suffix">/second</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">0</Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">False</Option>
<Option name="log_all_dropped">True</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="openbsd_ip_directed_broadcast">0</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="openbsd_ip_redirect">0</Option>
<Option name="openbsd_ip_sourceroute">0</Option>
<Option name="pass_all_out">False</Option>
<Option name="pix_acl_no_clear">True</Option>
<Option name="pix_add_clear_statements">False</Option>
<Option name="pix_assume_fw_part_of_any">True</Option>
<Option name="pix_check_duplicate_nat">False</Option>
<Option name="pix_check_overlapping_global_pools">False</Option>
<Option name="pix_check_overlapping_global_statics">False</Option>
<Option name="pix_check_overlapping_statics">True</Option>
<Option name="pix_check_rule_shading">False</Option>
<Option name="pix_conn_abs">True</Option>
<Option name="pix_conn_hh">1</Option>
<Option name="pix_conn_inact">False</Option>
<Option name="pix_conn_mm">0</Option>
<Option name="pix_conn_ss">0</Option>
<Option name="pix_connection_timewait">True</Option>
<Option name="pix_emulate_out_acl">True</Option>
<Option name="pix_enable_snmp_traps">True</Option>
<Option name="pix_epilog_script"></Option>
<Option name="pix_fragguard">True</Option>
<Option name="pix_h323_abs">True</Option>
<Option name="pix_h323_hh">0</Option>
<Option name="pix_h323_inact">False</Option>
<Option name="pix_h323_mm">5</Option>
<Option name="pix_h323_ss">0</Option>
<Option name="pix_include_comments">True</Option>
<Option name="pix_ip_address">False</Option>
<Option name="pix_logging_buffered_level">warning</Option>
<Option name="pix_nodnsalias_inbound">True</Option>
<Option name="pix_nodnsalias_outbound">True</Option>
<Option name="pix_ntp1">192.168.1.20</Option>
<Option name="pix_ntp2"></Option>
<Option name="pix_ntp3"></Option>
<Option name="pix_optimize_default_nat">False</Option>
<Option name="pix_prolog_script">
</Option>
<Option name="pix_regroup_commands">False</Option>
<Option name="pix_replace_natted_objects">True</Option>
<Option name="pix_resetinbound">False</Option>
<Option name="pix_resetoutside">False</Option>
<Option name="pix_rpc_abs">True</Option>
<Option name="pix_rpc_hh">0</Option>
<Option name="pix_rpc_inact">False</Option>
<Option name="pix_rpc_mm">10</Option>
<Option name="pix_rpc_ss">0</Option>
<Option name="pix_set_communities_from_object_data">True</Option>
<Option name="pix_set_host_name">True</Option>
<Option name="pix_set_sysinfo_from_object_data">True</Option>
<Option name="pix_sip_abs">True</Option>
<Option name="pix_sip_hh">0</Option>
<Option name="pix_sip_inact">False</Option>
<Option name="pix_sip_media_abs">True</Option>
<Option name="pix_sip_media_hh">0</Option>
<Option name="pix_sip_media_inact">False</Option>
<Option name="pix_sip_media_mm">2</Option>
<Option name="pix_sip_media_ss">0</Option>
<Option name="pix_sip_mm">30</Option>
<Option name="pix_sip_ss">0</Option>
<Option name="pix_snmp_poll_traps_1">2</Option>
<Option name="pix_snmp_poll_traps_2">1</Option>
<Option name="pix_snmp_server1">192.168.1.20</Option>
<Option name="pix_snmp_server2">192.168.1.22</Option>
<Option name="pix_ssh_timeout">5</Option>
<Option name="pix_syslog_facility">16</Option>
<Option name="pix_syslog_host">192.168.1.30</Option>
<Option name="pix_syslog_level">error</Option>
<Option name="pix_syslog_queue_size">512</Option>
<Option name="pix_tcpmss">True</Option>
<Option name="pix_tcpmss_value">1380</Option>
<Option name="pix_telnet_timeout">5</Option>
<Option name="pix_uauth_abs">True</Option>
<Option name="pix_uauth_hh">2</Option>
<Option name="pix_uauth_inact">False</Option>
<Option name="pix_uauth_mm">0</Option>
<Option name="pix_uauth_ss">0</Option>
<Option name="pix_udp_abs">True</Option>
<Option name="pix_udp_hh">0</Option>
<Option name="pix_udp_inact">False</Option>
<Option name="pix_udp_mm">2</Option>
<Option name="pix_udp_ss">0</Option>
<Option name="pix_unauth_abs">True</Option>
<Option name="pix_unauth_hh">2</Option>
<Option name="pix_unauth_inact">False</Option>
<Option name="pix_unauth_mm">0</Option>
<Option name="pix_unauth_ss">0</Option>
<Option name="pix_use_acl_remarks">False</Option>
<Option name="pix_xlate_abs">True</Option>
<Option name="pix_xlate_hh">3</Option>
<Option name="pix_xlate_inact">False</Option>
<Option name="pix_xlate_mm">0</Option>
<Option name="pix_xlate_ss">0</Option>
<Option name="platform">iptables</Option>
<Option name="rpc_hh">0</Option>
<Option name="rpc_mm">10</Option>
<Option name="rpc_ss">0</Option>
<Option name="rsh_fixup">0 514 514 nil 0</Option>
<Option name="rtsp_fixup">0 554 554 nil 0</Option>
<Option name="script_env_path"></Option>
<Option name="sip_fixup">0 5060 5060 nil 0</Option>
<Option name="sip_hh">0</Option>
<Option name="sip_media_hh">0</Option>
<Option name="sip_media_mm">0</Option>
<Option name="sip_media_ss">0</Option>
<Option name="sip_mm">30</Option>
<Option name="sip_ss">0</Option>
<Option name="skinny_fixup">0 2000 2000 nil 0</Option>
<Option name="smtp_fixup">0 25 25 nil 0</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sqlnet_fixup">0 1521 1521 nil 0</Option>
<Option name="ssh_timeout">5</Option>
<Option name="telnet_timeout">5</Option>
<Option name="uauth_abs">True</Option>
<Option name="uauth_hh">2</Option>
<Option name="uauth_inact">False</Option>
<Option name="uauth_mm">0</Option>
<Option name="uauth_ss">0</Option>
<Option name="udp_hh">0</Option>
<Option name="udp_mm">2</Option>
<Option name="udp_ss">0</Option>
<Option name="use_numeric_log_levels">False</Option>
<Option name="xlate_hh">3</Option>
<Option name="xlate_mm">0</Option>
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3DF45858" host_OS="pix_os" lastCompiled="1145688314" lastInstalled="0" lastModified="0" platform="pix" version="6.2" name="firewall11" comment="testing conversion of objects into their natted addresses when outside interface has multiple addresses and nat rule uses ip address which is not the first one under interface. Nat rules 3-4-5 and global policy rule 0" ro="False">
<NAT id="id3DF45859" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3DF4597D" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3DF458DF"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF4596F" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3DF458DC"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF459C9" disabled="False" position="2" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3DF458DC"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id41437FB9" disabled="False" position="3" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id414419C1"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id4143ADCA" disabled="True" position="4" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3DF458DC"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id4143CCAB" disabled="True" position="5" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3DF45858"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id3DF458BD" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id3DF458BE" action="Accept" disabled="False" log="False" position="0" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3E9E32DA" action="Accept" disabled="False" log="False" position="1" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostB"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3E9E32B9"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3E9E32E4" action="Deny" disabled="False" log="False" position="2" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3E9E32B8"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3DF458C8" action="Accept" disabled="False" log="False" position="3" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="net-Internal_net"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3DF458D2" action="Deny" disabled="False" log="False" position="4" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id3DF45858-routing" name="Routing" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id3DF458DC" bridgeport="False" dyn="False" label="outside" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3DF458DD" name="firewall11:eth0:ip" comment="" ro="False" address="10.5.70.20" netmask="255.255.240.0"/>
<IPv4 id="id414419C1" name="firewall11:eth0:ip-1" comment="" ro="False" address="10.5.80.20" netmask="255.255.240.0"/>
</Interface>
<Interface id="id3DF458DF" bridgeport="False" dyn="False" label="dmz" network_zone="id3D420A09" security_level="50" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id3DF458E0" name="firewall11:eth1:ip" comment="" ro="False" address="192.168.2.20" netmask="255.255.255.0"/>
</Interface>
<Interface id="id3DF458E2" bridgeport="False" dyn="False" label="inside" mgmt="True" network_zone="id3D420A0B" security_level="100" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<IPv4 id="id3DF458E3" name="firewall11:eth2:ip" comment="" ro="False" address="192.168.1.20" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.20">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="check_shading">True</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="conn_hh">1</Option>
<Option name="conn_mm">0</Option>
<Option name="conn_ss">0</Option>
<Option name="ctiqbe_fixup">2 2748 0 nil 0</Option>
<Option name="dns_fixup">2 65535 0 nil 0</Option>
<Option name="dyn_addr">False</Option>
<Option name="espike_fixup">2 0 0 nil 0</Option>
<Option name="ftp_fixup">2 21 0 strict 0</Option>
<Option name="h323_h225_fixup">2 1720 1720 nil 0</Option>
<Option name="h323_hh">0</Option>
<Option name="h323_mm">5</Option>
<Option name="h323_ras_fixup">2 1718 1719 nil 0</Option>
<Option name="h323_ss">0</Option>
<Option name="half-closed_hh">0</Option>
<Option name="half-closed_mm">0</Option>
<Option name="half-closed_ss">0</Option>
<Option name="half_closed_hh">0</Option>
<Option name="half_closed_mm">10</Option>
<Option name="half_closed_ss">0</Option>
<Option name="http_fixup">2 80 80 nil 0</Option>
<Option name="icmp_error_fixup">2 0 0 nil 0</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="ils_fixup">2 389 389 nil 0</Option>
<Option name="mgcp_fixup">2 2427 2727 nil 0</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_ssh">False</Option>
<Option name="pix_add_clear_statements">False</Option>
<Option name="pix_assume_fw_part_of_any">False</Option>
<Option name="pix_check_duplicate_nat">True</Option>
<Option name="pix_check_overlapping_global_pools">True</Option>
<Option name="pix_check_overlapping_global_statics">True</Option>
<Option name="pix_check_overlapping_statics">True</Option>
<Option name="pix_check_rule_shading">True</Option>
<Option name="pix_conn_abs">True</Option>
<Option name="pix_conn_hh">1</Option>
<Option name="pix_conn_inact">False</Option>
<Option name="pix_conn_mm">0</Option>
<Option name="pix_conn_ss">0</Option>
<Option name="pix_connection_timewait">False</Option>
<Option name="pix_emb_limit">0</Option>
<Option name="pix_emblem_log_format">False</Option>
<Option name="pix_emulate_out_acl">True</Option>
<Option name="pix_epilog_script"></Option>
<Option name="pix_floodguard">True</Option>
<Option name="pix_fragguard">True</Option>
<Option name="pix_h323_abs">True</Option>
<Option name="pix_h323_hh">0</Option>
<Option name="pix_h323_inact">False</Option>
<Option name="pix_h323_mm">5</Option>
<Option name="pix_h323_ss">0</Option>
<Option name="pix_include_comments">True</Option>
<Option name="pix_ip_address">False</Option>
<Option name="pix_logging_buffered">False</Option>
<Option name="pix_logging_buffered_level">0</Option>
<Option name="pix_logging_console">False</Option>
<Option name="pix_logging_console_level">0</Option>
<Option name="pix_logging_timestamp">False</Option>
<Option name="pix_logging_trap_level">0</Option>
<Option name="pix_max_conns">0</Option>
<Option name="pix_nodnsalias_inbound">False</Option>
<Option name="pix_nodnsalias_outbound">False</Option>
<Option name="pix_optimize_default_nat">True</Option>
<Option name="pix_prolog_script">
no sysopt connection timewait
no sysopt security fragguard
no sysopt nodnsalias inbound
no sysopt nodnsalias outbound
</Option>
<Option name="pix_regroup_commands">False</Option>
<Option name="pix_replace_natted_objects">True</Option>
<Option name="pix_resetinbound">False</Option>
<Option name="pix_resetoutside">False</Option>
<Option name="pix_route_dnat">True</Option>
<Option name="pix_rpc_abs">True</Option>
<Option name="pix_rpc_hh">0</Option>
<Option name="pix_rpc_inact">False</Option>
<Option name="pix_rpc_mm">10</Option>
<Option name="pix_rpc_ss">0</Option>
<Option name="pix_set_host_name">False</Option>
<Option name="pix_sip_abs">True</Option>
<Option name="pix_sip_hh">0</Option>
<Option name="pix_sip_inact">False</Option>
<Option name="pix_sip_media_abs">True</Option>
<Option name="pix_sip_media_hh">0</Option>
<Option name="pix_sip_media_inact">False</Option>
<Option name="pix_sip_media_mm">2</Option>
<Option name="pix_sip_media_ss">0</Option>
<Option name="pix_sip_mm">30</Option>
<Option name="pix_sip_ss">0</Option>
<Option name="pix_ssh_timeout">5</Option>
<Option name="pix_syslog_facility"></Option>
<Option name="pix_syslog_host"></Option>
<Option name="pix_syslog_queue_size">0</Option>
<Option name="pix_telnet_timeout">5</Option>
<Option name="pix_uauth_abs">True</Option>
<Option name="pix_uauth_hh">2</Option>
<Option name="pix_uauth_inact">False</Option>
<Option name="pix_uauth_mm">0</Option>
<Option name="pix_uauth_ss">0</Option>
<Option name="pix_udp_abs">True</Option>
<Option name="pix_udp_hh">0</Option>
<Option name="pix_udp_inact">False</Option>
<Option name="pix_udp_mm">2</Option>
<Option name="pix_udp_ss">0</Option>
<Option name="pix_use_acl_remarks">False</Option>
<Option name="pix_xlate_abs">True</Option>
<Option name="pix_xlate_hh">3</Option>
<Option name="pix_xlate_inact">False</Option>
<Option name="pix_xlate_mm">0</Option>
<Option name="pix_xlate_ss">0</Option>
<Option name="pptp_fixup">2 1723 0 nil 0</Option>
<Option name="rpc_hh">0</Option>
<Option name="rpc_mm">10</Option>
<Option name="rpc_ss">0</Option>
<Option name="rsh_fixup">2 514 0 nil 0</Option>
<Option name="rtsp_fixup">2 554 0 nil 0</Option>
<Option name="sip_fixup">2 5060 5060 nil 0</Option>
<Option name="sip_hh">0</Option>
<Option name="sip_media_hh">0</Option>
<Option name="sip_media_mm">2</Option>
<Option name="sip_media_ss">0</Option>
<Option name="sip_mm">30</Option>
<Option name="sip_ss">0</Option>
<Option name="sip_udp_fixup">2 5060 0 nil 0</Option>
<Option name="skinny_fixup">2 2000 2000 nil 0</Option>
<Option name="smtp_fixup">2 25 25 nil 0</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sqlnet_fixup">2 1521 1521 nil 0</Option>
<Option name="ssh_timeout">5</Option>
<Option name="telnet_timeout">5</Option>
<Option name="tftp_fixup">2 69 0 nil 0</Option>
<Option name="uauth_abs">True</Option>
<Option name="uauth_hh">2</Option>
<Option name="uauth_inact">False</Option>
<Option name="uauth_mm">0</Option>
<Option name="uauth_ss">0</Option>
<Option name="udp_hh">0</Option>
<Option name="udp_mm">2</Option>
<Option name="udp_ss">0</Option>
<Option name="xlate_hh">3</Option>
<Option name="xlate_mm">0</Option>
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3F8F9590" host_OS="pix_os" lastCompiled="1145688317" lastInstalled="0" lastModified="0" platform="pix" version="6.3" name="firewall12" comment="this firewall has DMZ using routable address&#10;" ro="False">
<NAT id="id3F8F9591" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3F8F9592" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="id3D385DEC"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3F8F9590"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3F8F95A0" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3D385DE3"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D1966D8"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id3F8F95AE" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id3F8F95AF" action="Accept" disabled="False" log="False" position="0" comment="">
<Src neg="False">
<ObjectRef ref="id3D385DEC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3F8F95B9" action="Accept" disabled="False" log="False" position="1" comment="">
<Src neg="False">
<ObjectRef ref="id3D385DEC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3F8F9590"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3F8F95C3" action="Accept" disabled="False" log="False" position="2" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3F8F9590"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-ping_reply"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3F8F95CD" action="Accept" disabled="False" log="False" position="3" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3F8F9622"/>
<ObjectRef ref="id3F8F9692"/>
<ObjectRef ref="id3F8F9698"/>
<ObjectRef ref="id3F8F95E1"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3F8F95D7" action="Deny" disabled="False" log="True" position="4" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="disable_logging_for_this_rule">False</Option>
<Option name="log_interval">120</Option>
<Option name="log_level">notice</Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id3F8F9590-routing" name="Routing" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id3F8F95E1" bridgeport="False" dyn="True" label="outside" mgmt="False" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="ethernet0" comment="" ro="False"/>
<Interface id="id3F8F95E3" bridgeport="False" dyn="False" label="inside" network_zone="id3D385DEC" security_level="100" unnum="False" unprotected="False" name="ethernet1" comment="" ro="False">
<IPv4 id="id3F8F95E4" name="inside" comment="" ro="False" address="10.3.14.20" netmask="255.255.255.0"/>
</Interface>
<Interface id="id3F8F95E6" bridgeport="False" dyn="False" label="dmz50" mgmt="False" network_zone="id3F8F97BB" security_level="50" unnum="False" unprotected="False" name="ethernet2" comment="" ro="False">
<IPv4 id="id3F8F95E7" name="dmz" comment="suppose this is routable address ..." ro="False" address="192.0.2.1" netmask="255.255.255.0"/>
</Interface>
<Management address="192.0.2.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="check_shading">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="conn_hh">0</Option>
<Option name="conn_mm">0</Option>
<Option name="conn_ss">0</Option>
<Option name="ctiqbe_fixup">2 2748 0 nil 0</Option>
<Option name="dns_fixup">0 65535 0 nil 0</Option>
<Option name="dyn_addr">False</Option>
<Option name="espike_fixup">2 0 0 nil 0</Option>
<Option name="ftp_fixup">0 21 0 strict 0</Option>
<Option name="h323_h225_fixup">2 1720 1720 nil 0</Option>
<Option name="h323_hh">0</Option>
<Option name="h323_mm">0</Option>
<Option name="h323_ras_fixup">2 1718 1719 nil 0</Option>
<Option name="h323_ss">0</Option>
<Option name="half-closed_hh">0</Option>
<Option name="half-closed_mm">0</Option>
<Option name="half-closed_ss">0</Option>
<Option name="http_fixup">0 80 80 nil 0</Option>
<Option name="icmp_error_fixup">0 0 0 nil 0</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="ils_fixup">2 389 389 nil 0</Option>
<Option name="mgcp_fixup">2 2427 2727 nil 0</Option>
<Option name="pix_add_clear_statements">False</Option>
<Option name="pix_assume_fw_part_of_any">False</Option>
<Option name="pix_check_duplicate_nat">False</Option>
<Option name="pix_check_nat_errors">True</Option>
<Option name="pix_check_overlapping_global_pools">False</Option>
<Option name="pix_check_overlapping_global_statics">False</Option>
<Option name="pix_check_overlapping_statics">False</Option>
<Option name="pix_check_rule_shading">True</Option>
<Option name="pix_conn_abs">True</Option>
<Option name="pix_conn_hh">1</Option>
<Option name="pix_conn_inact">False</Option>
<Option name="pix_conn_mm">0</Option>
<Option name="pix_conn_ss">0</Option>
<Option name="pix_connection_timewait">False</Option>
<Option name="pix_emblem_log_format">True</Option>
<Option name="pix_emulate_out_acl">True</Option>
<Option name="pix_enable_snmp_traps">True</Option>
<Option name="pix_epilog_script"></Option>
<Option name="pix_floodguard">False</Option>
<Option name="pix_fragguard">True</Option>
<Option name="pix_h323_abs">True</Option>
<Option name="pix_h323_hh">0</Option>
<Option name="pix_h323_inact">False</Option>
<Option name="pix_h323_mm">5</Option>
<Option name="pix_h323_ss">0</Option>
<Option name="pix_include_comments">True</Option>
<Option name="pix_ip_address">True</Option>
<Option name="pix_logging_buffered">False</Option>
<Option name="pix_logging_buffered_level"></Option>
<Option name="pix_logging_console">False</Option>
<Option name="pix_logging_console_level"></Option>
<Option name="pix_logging_timestamp">False</Option>
<Option name="pix_logging_trap_level"></Option>
<Option name="pix_nodnsalias_inbound">False</Option>
<Option name="pix_nodnsalias_outbound">False</Option>
<Option name="pix_ntp1">10.3.14.30</Option>
<Option name="pix_ntp2"></Option>
<Option name="pix_ntp3"></Option>
<Option name="pix_optimize_default_nat">False</Option>
<Option name="pix_prolog_script"></Option>
<Option name="pix_regroup_commands">False</Option>
<Option name="pix_replace_natted_objects">False</Option>
<Option name="pix_resetinbound">False</Option>
<Option name="pix_resetoutside">False</Option>
<Option name="pix_route_dnat">False</Option>
<Option name="pix_rpc_abs">True</Option>
<Option name="pix_rpc_hh">0</Option>
<Option name="pix_rpc_inact">False</Option>
<Option name="pix_rpc_mm">10</Option>
<Option name="pix_rpc_ss">0</Option>
<Option name="pix_set_communities_from_object_data">True</Option>
<Option name="pix_set_host_name">True</Option>
<Option name="pix_set_sysinfo_from_object_data">False</Option>
<Option name="pix_sip_abs">True</Option>
<Option name="pix_sip_hh">0</Option>
<Option name="pix_sip_inact">False</Option>
<Option name="pix_sip_media_abs">True</Option>
<Option name="pix_sip_media_hh">0</Option>
<Option name="pix_sip_media_inact">False</Option>
<Option name="pix_sip_media_mm">2</Option>
<Option name="pix_sip_media_ss">0</Option>
<Option name="pix_sip_mm">30</Option>
<Option name="pix_sip_ss">0</Option>
<Option name="pix_snmp_poll_traps_1">1</Option>
<Option name="pix_snmp_poll_traps_2">1</Option>
<Option name="pix_snmp_server1">10.3.14.40</Option>
<Option name="pix_snmp_server2"></Option>
<Option name="pix_ssh_timeout">5</Option>
<Option name="pix_syslog_device_id_opt">string</Option>
<Option name="pix_syslog_device_id_val">real_firewall</Option>
<Option name="pix_syslog_facility">16</Option>
<Option name="pix_syslog_host">10.3.14.10</Option>
<Option name="pix_syslog_level">info</Option>
<Option name="pix_syslog_queue_size">1000</Option>
<Option name="pix_tcpmss">False</Option>
<Option name="pix_tcpmss_value">0</Option>
<Option name="pix_telnet_timeout">5</Option>
<Option name="pix_uauth_abs">True</Option>
<Option name="pix_uauth_hh">2</Option>
<Option name="pix_uauth_inact">False</Option>
<Option name="pix_uauth_mm">0</Option>
<Option name="pix_uauth_ss">0</Option>
<Option name="pix_udp_abs">True</Option>
<Option name="pix_udp_hh">0</Option>
<Option name="pix_udp_inact">False</Option>
<Option name="pix_udp_mm">2</Option>
<Option name="pix_udp_ss">0</Option>
<Option name="pix_use_acl_remarks">True</Option>
<Option name="pix_xlate_abs">True</Option>
<Option name="pix_xlate_hh">3</Option>
<Option name="pix_xlate_inact">False</Option>
<Option name="pix_xlate_mm">0</Option>
<Option name="pix_xlate_ss">0</Option>
<Option name="pptp_fixup">2 1723 0 nil 0</Option>
<Option name="rpc_hh">0</Option>
<Option name="rpc_mm">0</Option>
<Option name="rpc_ss">0</Option>
<Option name="rsh_fixup">2 514 0 nil 0</Option>
<Option name="rtsp_fixup">2 554 0 nil 0</Option>
<Option name="sip_fixup">2 5060 5060 nil 0</Option>
<Option name="sip_hh">0</Option>
<Option name="sip_media_hh">0</Option>
<Option name="sip_media_mm">0</Option>
<Option name="sip_media_ss">0</Option>
<Option name="sip_mm">0</Option>
<Option name="sip_ss">0</Option>
<Option name="sip_udp_fixup">2 5060 0 nil 0</Option>
<Option name="skinny_fixup">2 2000 2000 nil 0</Option>
<Option name="smtp_fixup">2 25 25 nil 0</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description">Cisco PIX Firewall Version 6.2(2)
</Option>
<Option name="snmp_location"></Option>
<Option name="sqlnet_fixup">2 1521 1521 nil 0</Option>
<Option name="tftp_fixup">2 69 0 nil 0</Option>
<Option name="uauth_abs">True</Option>
<Option name="uauth_hh">0</Option>
<Option name="uauth_inact">False</Option>
<Option name="uauth_mm">0</Option>
<Option name="uauth_ss">0</Option>
<Option name="udp_hh">0</Option>
<Option name="udp_mm">0</Option>
<Option name="udp_ss">0</Option>
<Option name="xlate_hh">0</Option>
<Option name="xlate_mm">0</Option>
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3FA349A1" host_OS="pix_os" lastCompiled="1145688319" lastInstalled="0" lastModified="0" platform="pix" version="6.3" name="firewall13" comment="various policy NAT rules per examples from&#10;http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html#1113601&#10;" ro="False">
<NAT id="id3FA349A2" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3FA349A3" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="id3FA34EFA"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3FA3F5C1"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3FA34EFB"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3FA34CB5" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="id3FA34EFA"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3FA3F5C2"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3FA34F01"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3FA35114" disabled="False" position="2" comment="">
<OSrc neg="False">
<ObjectRef ref="id3FA34EFA"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3FA34F45"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3FA34EFB"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3FA35144" disabled="False" position="3" comment="">
<OSrc neg="False">
<ObjectRef ref="id3FA34EFA"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3FA34F45"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-Telnet"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3FA34F01"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3FA4BFD1" disabled="False" position="4" comment="">
<OSrc neg="False">
<ObjectRef ref="id3FA34EFA"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3FA34F45"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-Telnet"/>
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3FA34F01"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3FA35071" disabled="False" position="5" comment="">
<OSrc neg="False">
<ObjectRef ref="id3FA3F5C1"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3FA34EFB"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3FA34FCB"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3FA35063" disabled="False" position="6" comment="">
<OSrc neg="False">
<ObjectRef ref="id3FA3F5C2"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3FA34F01"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3FA34FCB"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3FA44ABB" disabled="False" position="7" comment="">
<OSrc neg="False">
<ObjectRef ref="id3FA34F45"/>
<ObjectRef ref="id3FA34F4B"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3FA34A02"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="id3FA56D2D"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3FA34FCB"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id3FA349CF" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id3FA349EE" action="Accept" disabled="False" log="False" position="0" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3FA349F8" action="Deny" disabled="False" log="False" position="1" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id3FA349A1-routing" name="Routing" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id3FA34A02" bridgeport="False" dyn="False" label="outside" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3FA34A03" name="address" comment="" ro="False" address="209.165.202.1" netmask="255.255.255.0"/>
</Interface>
<Interface id="id3FA34A08" bridgeport="False" dyn="False" label="inside" mgmt="True" network_zone="id3FA34EFA" security_level="100" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<IPv4 id="id3FA34A09" name="address" comment="" ro="False" address="10.1.2.1" netmask="255.255.255.0"/>
</Interface>
<Management address="10.1.2.1">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="check_shading">True</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="conn_hh">1</Option>
<Option name="conn_mm">0</Option>
<Option name="conn_ss">0</Option>
<Option name="dyn_addr">False</Option>
<Option name="h323_hh">0</Option>
<Option name="h323_mm">5</Option>
<Option name="h323_ss">0</Option>
<Option name="half_closed_hh">0</Option>
<Option name="half_closed_mm">10</Option>
<Option name="half_closed_ss">0</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="pix_add_clear_statements">False</Option>
<Option name="pix_assume_fw_part_of_any">False</Option>
<Option name="pix_check_duplicate_nat">True</Option>
<Option name="pix_check_overlapping_global_pools">True</Option>
<Option name="pix_check_overlapping_global_statics">False</Option>
<Option name="pix_check_overlapping_statics">False</Option>
<Option name="pix_check_rule_shading">True</Option>
<Option name="pix_conn_abs">True</Option>
<Option name="pix_conn_hh">1</Option>
<Option name="pix_conn_inact">False</Option>
<Option name="pix_conn_mm">0</Option>
<Option name="pix_conn_ss">0</Option>
<Option name="pix_connection_timewait">False</Option>
<Option name="pix_emulate_out_acl">True</Option>
<Option name="pix_epilog_script"></Option>
<Option name="pix_floodguard">True</Option>
<Option name="pix_fragguard">True</Option>
<Option name="pix_h323_abs">True</Option>
<Option name="pix_h323_hh">0</Option>
<Option name="pix_h323_inact">False</Option>
<Option name="pix_h323_mm">5</Option>
<Option name="pix_h323_ss">0</Option>
<Option name="pix_include_comments">True</Option>
<Option name="pix_ip_address">False</Option>
<Option name="pix_logging_buffered">False</Option>
<Option name="pix_logging_buffered_level"></Option>
<Option name="pix_logging_console">False</Option>
<Option name="pix_logging_console_level"></Option>
<Option name="pix_logging_timestamp">False</Option>
<Option name="pix_logging_trap_level"></Option>
<Option name="pix_nodnsalias_inbound">False</Option>
<Option name="pix_nodnsalias_outbound">False</Option>
<Option name="pix_optimize_default_nat">True</Option>
<Option name="pix_prolog_script">
no sysopt connection timewait
no sysopt security fragguard
no sysopt nodnsalias inbound
no sysopt nodnsalias outbound
</Option>
<Option name="pix_regroup_commands">False</Option>
<Option name="pix_replace_natted_objects">False</Option>
<Option name="pix_resetinbound">False</Option>
<Option name="pix_resetoutside">False</Option>
<Option name="pix_route_dnat">True</Option>
<Option name="pix_rpc_abs">True</Option>
<Option name="pix_rpc_hh">0</Option>
<Option name="pix_rpc_inact">False</Option>
<Option name="pix_rpc_mm">10</Option>
<Option name="pix_rpc_ss">0</Option>
<Option name="pix_set_host_name">False</Option>
<Option name="pix_sip_abs">True</Option>
<Option name="pix_sip_hh">0</Option>
<Option name="pix_sip_inact">False</Option>
<Option name="pix_sip_media_abs">True</Option>
<Option name="pix_sip_media_hh">0</Option>
<Option name="pix_sip_media_inact">False</Option>
<Option name="pix_sip_media_mm">2</Option>
<Option name="pix_sip_media_ss">0</Option>
<Option name="pix_sip_mm">30</Option>
<Option name="pix_sip_ss">0</Option>
<Option name="pix_ssh_timeout">5</Option>
<Option name="pix_syslog_facility"></Option>
<Option name="pix_syslog_host"></Option>
<Option name="pix_syslog_queue_size">0</Option>
<Option name="pix_telnet_timeout">5</Option>
<Option name="pix_uauth_abs">True</Option>
<Option name="pix_uauth_hh">2</Option>
<Option name="pix_uauth_inact">False</Option>
<Option name="pix_uauth_mm">0</Option>
<Option name="pix_uauth_ss">0</Option>
<Option name="pix_udp_abs">True</Option>
<Option name="pix_udp_hh">0</Option>
<Option name="pix_udp_inact">False</Option>
<Option name="pix_udp_mm">2</Option>
<Option name="pix_udp_ss">0</Option>
<Option name="pix_use_acl_remarks">False</Option>
<Option name="pix_xlate_abs">True</Option>
<Option name="pix_xlate_hh">3</Option>
<Option name="pix_xlate_inact">False</Option>
<Option name="pix_xlate_mm">0</Option>
<Option name="pix_xlate_ss">0</Option>
<Option name="rpc_hh">0</Option>
<Option name="rpc_mm">10</Option>
<Option name="rpc_ss">0</Option>
<Option name="sip_hh">0</Option>
<Option name="sip_media_hh">0</Option>
<Option name="sip_media_mm">2</Option>
<Option name="sip_media_ss">0</Option>
<Option name="sip_mm">30</Option>
<Option name="sip_ss">0</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="ssh_timeout">5</Option>
<Option name="telnet_timeout">5</Option>
<Option name="uauth_abs">True</Option>
<Option name="uauth_hh">2</Option>
<Option name="uauth_inact">False</Option>
<Option name="uauth_mm">0</Option>
<Option name="uauth_ss">0</Option>
<Option name="udp_hh">0</Option>
<Option name="udp_mm">2</Option>
<Option name="udp_ss">0</Option>
<Option name="xlate_hh">3</Option>
<Option name="xlate_mm">0</Option>
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3FA74E98" host_OS="pix_os" lastCompiled="1145688321" lastInstalled="0" lastModified="0" platform="pix" version="6.3" name="firewall14" comment="testing dual NAT per user's request&#10;" ro="False">
<NAT id="id3FA74E99" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3FA74FDE" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="id3FA34FCB"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3FA34EFB"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3FA74FCE" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3FA34FCB"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3FA34F45"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3FA7502F" disabled="False" position="2" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3FA34F45"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3FA34FCB"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id3FA74F0D" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id3FA74F0E" action="Accept" disabled="False" log="False" position="0" comment="">
<Src neg="False">
<ObjectRef ref="id3FA34EFA"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3FA74F18" action="Deny" disabled="False" log="False" position="1" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id3FA74E98-routing" name="Routing" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id3FA74F22" bridgeport="False" dyn="False" label="outside" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3FA74F23" name="address" comment="" ro="False" address="209.165.202.1" netmask="255.255.255.0"/>
</Interface>
<Interface id="id3FA74F25" bridgeport="False" dyn="False" label="inside" mgmt="True" network_zone="id3FA34EFA" security_level="100" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<IPv4 id="id3FA74F26" name="address" comment="" ro="False" address="10.1.2.1" netmask="255.255.255.0"/>
</Interface>
<Management address="10.1.2.1">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="check_shading">True</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="conn_hh">1</Option>
<Option name="conn_mm">0</Option>
<Option name="conn_ss">0</Option>
<Option name="dyn_addr">False</Option>
<Option name="h323_hh">0</Option>
<Option name="h323_mm">5</Option>
<Option name="h323_ss">0</Option>
<Option name="half_closed_hh">0</Option>
<Option name="half_closed_mm">10</Option>
<Option name="half_closed_ss">0</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="pix_add_clear_statements">False</Option>
<Option name="pix_assume_fw_part_of_any">False</Option>
<Option name="pix_check_duplicate_nat">True</Option>
<Option name="pix_check_overlapping_global_pools">True</Option>
<Option name="pix_check_overlapping_global_statics">True</Option>
<Option name="pix_check_overlapping_statics">False</Option>
<Option name="pix_check_rule_shading">True</Option>
<Option name="pix_conn_abs">True</Option>
<Option name="pix_conn_hh">1</Option>
<Option name="pix_conn_inact">False</Option>
<Option name="pix_conn_mm">0</Option>
<Option name="pix_conn_ss">0</Option>
<Option name="pix_connection_timewait">False</Option>
<Option name="pix_emulate_out_acl">True</Option>
<Option name="pix_epilog_script"></Option>
<Option name="pix_floodguard">True</Option>
<Option name="pix_fragguard">True</Option>
<Option name="pix_h323_abs">True</Option>
<Option name="pix_h323_hh">0</Option>
<Option name="pix_h323_inact">False</Option>
<Option name="pix_h323_mm">5</Option>
<Option name="pix_h323_ss">0</Option>
<Option name="pix_include_comments">True</Option>
<Option name="pix_ip_address">False</Option>
<Option name="pix_logging_buffered">False</Option>
<Option name="pix_logging_buffered_level"></Option>
<Option name="pix_logging_console">False</Option>
<Option name="pix_logging_console_level"></Option>
<Option name="pix_logging_timestamp">False</Option>
<Option name="pix_logging_trap_level"></Option>
<Option name="pix_nodnsalias_inbound">False</Option>
<Option name="pix_nodnsalias_outbound">False</Option>
<Option name="pix_optimize_default_nat">True</Option>
<Option name="pix_prolog_script"></Option>
<Option name="pix_regroup_commands">False</Option>
<Option name="pix_replace_natted_objects">False</Option>
<Option name="pix_resetinbound">False</Option>
<Option name="pix_resetoutside">False</Option>
<Option name="pix_route_dnat">True</Option>
<Option name="pix_rpc_abs">True</Option>
<Option name="pix_rpc_hh">0</Option>
<Option name="pix_rpc_inact">False</Option>
<Option name="pix_rpc_mm">10</Option>
<Option name="pix_rpc_ss">0</Option>
<Option name="pix_set_host_name">False</Option>
<Option name="pix_sip_abs">True</Option>
<Option name="pix_sip_hh">0</Option>
<Option name="pix_sip_inact">False</Option>
<Option name="pix_sip_media_abs">True</Option>
<Option name="pix_sip_media_hh">0</Option>
<Option name="pix_sip_media_inact">False</Option>
<Option name="pix_sip_media_mm">2</Option>
<Option name="pix_sip_media_ss">0</Option>
<Option name="pix_sip_mm">30</Option>
<Option name="pix_sip_ss">0</Option>
<Option name="pix_ssh_timeout">5</Option>
<Option name="pix_syslog_facility"></Option>
<Option name="pix_syslog_host"></Option>
<Option name="pix_syslog_queue_size">0</Option>
<Option name="pix_telnet_timeout">5</Option>
<Option name="pix_uauth_abs">True</Option>
<Option name="pix_uauth_hh">2</Option>
<Option name="pix_uauth_inact">False</Option>
<Option name="pix_uauth_mm">0</Option>
<Option name="pix_uauth_ss">0</Option>
<Option name="pix_udp_abs">True</Option>
<Option name="pix_udp_hh">0</Option>
<Option name="pix_udp_inact">False</Option>
<Option name="pix_udp_mm">2</Option>
<Option name="pix_udp_ss">0</Option>
<Option name="pix_use_acl_remarks">False</Option>
<Option name="pix_xlate_abs">True</Option>
<Option name="pix_xlate_hh">3</Option>
<Option name="pix_xlate_inact">False</Option>
<Option name="pix_xlate_mm">0</Option>
<Option name="pix_xlate_ss">0</Option>
<Option name="rpc_hh">0</Option>
<Option name="rpc_mm">10</Option>
<Option name="rpc_ss">0</Option>
<Option name="sip_hh">0</Option>
<Option name="sip_media_hh">0</Option>
<Option name="sip_media_mm">2</Option>
<Option name="sip_media_ss">0</Option>
<Option name="sip_mm">30</Option>
<Option name="sip_ss">0</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="ssh_timeout">5</Option>
<Option name="telnet_timeout">5</Option>
<Option name="uauth_abs">True</Option>
<Option name="uauth_hh">2</Option>
<Option name="uauth_inact">False</Option>
<Option name="uauth_mm">0</Option>
<Option name="uauth_ss">0</Option>
<Option name="udp_hh">0</Option>
<Option name="udp_mm">2</Option>
<Option name="udp_ss">0</Option>
<Option name="xlate_hh">3</Option>
<Option name="xlate_mm">0</Option>
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3AFB66C6" host_OS="pix_os" lastCompiled="1203134921" lastInstalled="0" lastModified="1203134910" platform="pix" version="6.2" name="firewall2" comment="lots of different combinations of objects in the NAT rules&#10;" ro="False">
<NAT id="id3AFB66C7" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3D1BFA5B" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D1BFA8A" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="net-Internal_net"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3AFB66C8" disabled="False" position="2" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFB66C6"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id3D1BF5EB" disabled="False" position="3" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="id3B4572AF"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFB66C6"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D1BF601" disabled="False" position="4" comment="">
<OSrc neg="False">
<ObjectRef ref="id3CD8769F"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFB66C6"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D1C2292" disabled="False" position="5" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFB66C6"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D1C16F8" disabled="False" position="6" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFC0F70"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id3D1BF934" disabled="False" position="7" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFADBF9"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id3AFB66D6" disabled="False" position="8" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFADBF9"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id3D1BFB42" disabled="False" position="9" comment="">
<OSrc neg="False">
<ObjectRef ref="id3CD8769F"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFADBF9"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D1BF852" disabled="False" position="10" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3B665641"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D1BFD9A" disabled="False" position="11" comment="">
<OSrc neg="False">
<ObjectRef ref="id3CD8769F"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3D196750"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D1C1104" disabled="False" position="12" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3D1BFABC"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D1C1D30" disabled="False" position="13" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFB66C6"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D1C1D40" disabled="False" position="14" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3D1BFABC"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D1BFFA4" disabled="False" position="15" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3AFB66C6"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D1C0835" disabled="False" position="16" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3AFB66C6"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-IRC"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id414351C7" disabled="False" position="17" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3AFB6706"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id414351D7" disabled="False" position="18" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3AFB6706-ipv4"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3AFB69BD" disabled="False" position="19" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3AFADBF9"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D1BFFCE" disabled="False" position="20" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B665641"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="net-Internal_net"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D1BFFE2" disabled="True" position="21" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3D196750"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3CD8769F"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D1BFFF6" disabled="False" position="22" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3D1BFABC"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3BEEF6D2" disabled="False" position="23" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3AFADBF9"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-NNTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3AFB69F7" disabled="True" position="24" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3AFB66C6"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id3B20468D"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B20468D"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3B7313C4" disabled="False" position="25" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3AFADBF9"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B5009F7"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id47B6CF3421818" disabled="False" position="26" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3AFB6706"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B5009F7"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id47B6CF4921818" disabled="False" position="27" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3AFB6706-ipv4"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B5009F7"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D1C0B6A" disabled="True" position="28" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3AFADBF9"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="icmp-ping_request"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id3AFB66E4" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id3AFB6708" action="Deny" direction="Inbound" disabled="False" log="True" position="0" comment="Anti-spoofing rule">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3AFB66C6"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AFB6706"/>
</Itf>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix">Iface: %I RULE %N -- %A **</Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AFB6710" action="Deny" direction="Outbound" disabled="False" log="True" position="1" comment="Anti-spoofing rule">
<Src neg="True">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3AFB66C6"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AFB6706"/>
</Itf>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix">Iface: %I RULE %N -- %A **</Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D6EF08C" action="Accept" direction="Both" disabled="False" log="False" position="2" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="tcp-NNTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3D8FCCDE" action="Accept" direction="Both" disabled="False" log="False" position="3" comment="">
<Src neg="False">
<ObjectRef ref="id3B4572AF"/>
<ObjectRef ref="id3D8FCAAB"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3B19C5EB"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3D8FCCFF" action="Accept" direction="Both" disabled="False" log="False" position="4" comment="">
<Src neg="False">
<ObjectRef ref="id3B19C5EB"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3B4572AF"/>
<ObjectRef ref="id3D8FCAAB"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3D8ACF6A" action="Deny" direction="Both" disabled="True" log="False" position="5" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3BF23930"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D6EF082" action="Deny" direction="Both" disabled="False" log="False" position="6" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id3AFB66C6-routing" name="Routing" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id3AFB6703" bridgeport="False" dyn="False" label="" mgmt="True" network_zone="net-Internal_net" security_level="100" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3AFB6703-ipv4" name="firewall2:eth0:ip" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface id="id3AFB6706" bridgeport="False" dyn="False" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id3AFB6706-ipv4" name="firewall2:eth1:ip" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface>
<Interface id="id3B0221F1" bridgeport="False" dyn="False" network_zone="id3B022266" security_level="50" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<IPv4 id="id3B0221F1-ipv4" name="firewall2:eth2:ip" comment="" ro="False" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline">-v</Option>
<Option name="compiler"></Option>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="firewall_dir"></Option>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="id"></Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="limit_suffix">/second</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_accept_redirects">0</Option>
<Option name="linux24_accept_source_route">0</Option>
<Option name="linux24_icmp_echo_ignore_all">1</Option>
<Option name="linux24_icmp_ignore_bogus_error_responses">1</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="linux24_log_martians">1</Option>
<Option name="linux24_rp_filter">1</Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">False</Option>
<Option name="log_all_dropped">True</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix">RULE %N - %A **</Option>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="pix_add_clear_statements">True</Option>
<Option name="pix_assume_fw_part_of_any">True</Option>
<Option name="pix_check_nat_errors">True</Option>
<Option name="pix_check_overlapping_global_pools">False</Option>
<Option name="pix_check_overlapping_global_statics">False</Option>
<Option name="pix_check_overlapping_statics">False</Option>
<Option name="pix_check_rule_shading">True</Option>
<Option name="pix_conn_abs">True</Option>
<Option name="pix_conn_hh">1</Option>
<Option name="pix_conn_inact">False</Option>
<Option name="pix_conn_mm">0</Option>
<Option name="pix_conn_ss">0</Option>
<Option name="pix_emulate_out_acl">True</Option>
<Option name="pix_epilog_script"></Option>
<Option name="pix_h323_abs">True</Option>
<Option name="pix_h323_hh">0</Option>
<Option name="pix_h323_inact">False</Option>
<Option name="pix_h323_mm">5</Option>
<Option name="pix_h323_ss">0</Option>
<Option name="pix_include_comments">True</Option>
<Option name="pix_ip_address">False</Option>
<Option name="pix_prolog_script"></Option>
<Option name="pix_regroup_commands">False</Option>
<Option name="pix_replace_natted_objects">True</Option>
<Option name="pix_rpc_abs">True</Option>
<Option name="pix_rpc_hh">0</Option>
<Option name="pix_rpc_inact">False</Option>
<Option name="pix_rpc_mm">10</Option>
<Option name="pix_rpc_ss">0</Option>
<Option name="pix_set_host_name">False</Option>
<Option name="pix_sip_abs">True</Option>
<Option name="pix_sip_hh">0</Option>
<Option name="pix_sip_inact">False</Option>
<Option name="pix_sip_media_abs">True</Option>
<Option name="pix_sip_media_hh">0</Option>
<Option name="pix_sip_media_inact">False</Option>
<Option name="pix_sip_media_mm">2</Option>
<Option name="pix_sip_media_ss">0</Option>
<Option name="pix_sip_mm">30</Option>
<Option name="pix_sip_ss">0</Option>
<Option name="pix_ssh_timeout">5</Option>
<Option name="pix_telnet_timeout">5</Option>
<Option name="pix_udp_abs">True</Option>
<Option name="pix_udp_hh">0</Option>
<Option name="pix_udp_inact">False</Option>
<Option name="pix_udp_mm">2</Option>
<Option name="pix_udp_ss">0</Option>
<Option name="pix_unauth_abs">True</Option>
<Option name="pix_unauth_hh">2</Option>
<Option name="pix_unauth_inact">False</Option>
<Option name="pix_unauth_mm">0</Option>
<Option name="pix_unauth_ss">0</Option>
<Option name="pix_xlate_abs">True</Option>
<Option name="pix_xlate_hh">3</Option>
<Option name="pix_xlate_inact">False</Option>
<Option name="pix_xlate_mm">0</Option>
<Option name="pix_xlate_ss">0</Option>
<Option name="platform">iptables</Option>
<Option name="proxy_arp">True</Option>
<Option name="script_env_path"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_ip_tool">True</Option>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3D6A92A9" host_OS="pix_os" lastCompiled="1145688330" lastInstalled="0" lastModified="0" platform="pix" version="6.2" name="firewall3" comment="testing icmp and ssh/telnet commands" ro="False">
<NAT id="id3D6A92AA" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Policy id="id3D6A9409" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id3D6ADB7E" action="Accept" direction="Inbound" disabled="False" log="False" position="0" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3D6A940A"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3D6AD819" action="Accept" direction="Inbound" disabled="False" log="False" position="1" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D6A92A9"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3D6A940A"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3D6ADAC0" action="Accept" direction="Inbound" disabled="False" log="False" position="2" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-Unreachables"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3D6A940A"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3D6ADB5D" action="Accept" direction="Inbound" disabled="False" log="False" position="3" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D6A92A9"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-Unreachables"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3D6A940A"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3D6AD743" action="Accept" direction="Inbound" disabled="False" log="False" position="4" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3D6A940D"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3D6AD7B8" action="Accept" direction="Inbound" disabled="False" log="False" position="5" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D6A92A9"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3D6A940D"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3D6AD8CF" action="Accept" direction="Inbound" disabled="False" log="False" position="6" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-Unreachables"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3D6A940D"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3D6AD8DA" action="Accept" direction="Inbound" disabled="False" log="False" position="7" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D6A92A9"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-Unreachables"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3D6A940D"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3D6A95A4" action="Accept" disabled="False" log="False" position="8" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-Unreachables"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3D6AD9E6" action="Accept" disabled="False" log="False" position="9" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D6A92A9"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-Unreachables"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3D6A9D32" action="Accept" disabled="False" log="False" position="10" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3D6AD615" action="Accept" disabled="False" log="False" position="11" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D6A92A9"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3D6AA594" action="Accept" disabled="False" log="False" position="12" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-Telnet"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3D6AD622" action="Accept" disabled="False" log="False" position="13" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D6A92A9"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-Telnet"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3D6AD62C" action="Deny" disabled="False" log="False" position="14" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id3D6A92A9-routing" name="Routing" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id3D6A940A" bridgeport="False" dyn="False" label="inside" mgmt="True" network_zone="net-Internal_net" security_level="100" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3D6A940B" name="address" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface id="id3D6A940D" bridgeport="False" dyn="False" label="outside" mgmt="False" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id3D6A940E" name="address" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface>
<Interface id="id3D6A9422" bridgeport="False" dyn="False" label="dmz" mgmt="False" network_zone="id3B022266" security_level="50" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<IPv4 id="id3D6A9423" name="address" comment="" ro="False" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="conn_hh">1</Option>
<Option name="conn_mm">0</Option>
<Option name="conn_ss">0</Option>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="firewall_dir"></Option>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="h323_hh">0</Option>
<Option name="h323_mm">5</Option>
<Option name="h323_ss">0</Option>
<Option name="id"></Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="limit_suffix">/second</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_accept_redirects">0</Option>
<Option name="linux24_accept_source_route">0</Option>
<Option name="linux24_icmp_echo_ignore_all">1</Option>
<Option name="linux24_icmp_ignore_bogus_error_responses">1</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="linux24_log_martians">1</Option>
<Option name="linux24_rp_filter">1</Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">False</Option>
<Option name="log_all_dropped">True</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix">RULE %N - %A **</Option>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="pix_add_clear_statements">True</Option>
<Option name="pix_assume_fw_part_of_any">True</Option>
<Option name="pix_check_nat_errors">True</Option>
<Option name="pix_check_overlapping_global_pools">False</Option>
<Option name="pix_check_overlapping_global_statics">False</Option>
<Option name="pix_check_overlapping_statics">False</Option>
<Option name="pix_check_rule_shading">False</Option>
<Option name="pix_conn_abs">True</Option>
<Option name="pix_conn_hh">1</Option>
<Option name="pix_conn_inact">False</Option>
<Option name="pix_conn_mm">0</Option>
<Option name="pix_conn_ss">0</Option>
<Option name="pix_connection_timewait">False</Option>
<Option name="pix_emulate_out_acl">True</Option>
<Option name="pix_epilog_script"></Option>
<Option name="pix_fragguard">False</Option>
<Option name="pix_h323_abs">True</Option>
<Option name="pix_h323_hh">0</Option>
<Option name="pix_h323_inact">False</Option>
<Option name="pix_h323_mm">5</Option>
<Option name="pix_h323_ss">0</Option>
<Option name="pix_include_comments">True</Option>
<Option name="pix_ip_address">False</Option>
<Option name="pix_nodnsalias_inbound">False</Option>
<Option name="pix_nodnsalias_outbound">False</Option>
<Option name="pix_prolog_script"></Option>
<Option name="pix_resetinbound">False</Option>
<Option name="pix_resetoutside">False</Option>
<Option name="pix_rpc_abs">True</Option>
<Option name="pix_rpc_hh">0</Option>
<Option name="pix_rpc_inact">False</Option>
<Option name="pix_rpc_mm">10</Option>
<Option name="pix_rpc_ss">0</Option>
<Option name="pix_set_host_name">False</Option>
<Option name="pix_sip_abs">True</Option>
<Option name="pix_sip_hh">0</Option>
<Option name="pix_sip_inact">False</Option>
<Option name="pix_sip_media_abs">True</Option>
<Option name="pix_sip_media_hh">0</Option>
<Option name="pix_sip_media_inact">False</Option>
<Option name="pix_sip_media_mm">2</Option>
<Option name="pix_sip_media_ss">0</Option>
<Option name="pix_sip_mm">30</Option>
<Option name="pix_sip_ss">0</Option>
<Option name="pix_ssh_timeout">5</Option>
<Option name="pix_syslog_facility"></Option>
<Option name="pix_syslog_host"></Option>
<Option name="pix_syslog_level"></Option>
<Option name="pix_syslog_queue_size">0</Option>
<Option name="pix_telnet_timeout">5</Option>
<Option name="pix_udp_abs">True</Option>
<Option name="pix_udp_hh">0</Option>
<Option name="pix_udp_inact">False</Option>
<Option name="pix_udp_mm">2</Option>
<Option name="pix_udp_ss">0</Option>
<Option name="pix_unauth_abs">True</Option>
<Option name="pix_unauth_hh">2</Option>
<Option name="pix_unauth_inact">False</Option>
<Option name="pix_unauth_mm">0</Option>
<Option name="pix_unauth_ss">0</Option>
<Option name="pix_xlate_abs">True</Option>
<Option name="pix_xlate_hh">3</Option>
<Option name="pix_xlate_inact">False</Option>
<Option name="pix_xlate_mm">0</Option>
<Option name="pix_xlate_ss">0</Option>
<Option name="platform">iptables</Option>
<Option name="proxy_arp">True</Option>
<Option name="rpc_hh">0</Option>
<Option name="rpc_mm">10</Option>
<Option name="rpc_ss">0</Option>
<Option name="script_env_path"></Option>
<Option name="sip_hh">0</Option>
<Option name="sip_media_hh">0</Option>
<Option name="sip_media_mm">0</Option>
<Option name="sip_media_ss">0</Option>
<Option name="sip_mm">30</Option>
<Option name="sip_ss">0</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="ssh_timeout">5</Option>
<Option name="telnet_timeout">5</Option>
<Option name="uauth_abs">True</Option>
<Option name="uauth_hh">2</Option>
<Option name="uauth_inact">False</Option>
<Option name="uauth_mm">0</Option>
<Option name="uauth_ss">0</Option>
<Option name="udp_hh">0</Option>
<Option name="udp_mm">2</Option>
<Option name="udp_ss">0</Option>
<Option name="use_ip_tool">True</Option>
<Option name="use_numeric_log_levels">False</Option>
<Option name="xlate_hh">3</Option>
<Option name="xlate_mm">0</Option>
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3B0C6380" host_OS="pix_os" lastCompiled="1145688332" lastInstalled="0" lastModified="0" platform="pix" version="6.2" name="firewall4" comment="this object is used to test &quot;Replace NAT'ted objects with their translations&quot; option&#10;" ro="False">
<NAT id="id3B0C6381" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3B202AFF" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B0C6380"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D799F5F" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B0C63F3"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D79A04C" disabled="False" position="2" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B0C63F3-ipv4"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="tcp-SSH"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id3B0C639E" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id3B0C63BF" action="Accept" disabled="False" log="True" position="0" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D79A1C2" action="Accept" disabled="False" log="True" position="1" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D79A1E4" action="Accept" disabled="False" log="True" position="2" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B0C63CB" action="Accept" disabled="False" log="False" position="3" comment="'masquerading' rule">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B0C63D5" action="Deny" disabled="False" log="True" position="4" comment="'catch all' rule">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id3B0C6380-routing" name="Routing" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id3B0C63DF" bridgeport="False" dyn="False" label="inside" mgmt="True" network_zone="net-Internal_net" security_level="100" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3B0C63DF-ipv4" name="address" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface id="id3B0C63E1" bridgeport="False" dyn="False" label="dmz1" mgmt="False" network_zone="id3D385DED" security_level="40" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id3B0C63E1-ipv4" name="address" comment="" ro="False" address="10.2.2.2" netmask="255.255.255.0"/>
</Interface>
<Interface id="id3B0C63F3" bridgeport="False" dyn="False" label="dmz2" mgmt="False" network_zone="id3B022266" security_level="50" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<IPv4 id="id3B0C63F3-ipv4" name="fw4:dmz2" comment="" ro="False" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Interface id="id3CD88A77" bridgeport="False" dyn="False" label="outside" mgmt="False" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="eth3" comment="" ro="False">
<IPv4 id="id3CD88A77-ipv4" name="address" comment="" ro="False" address="222.222.222.222" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">False</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="conn_hh">1</Option>
<Option name="conn_mm">0</Option>
<Option name="conn_ss">0</Option>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="firewall_dir"></Option>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="h323_hh">0</Option>
<Option name="h323_mm">5</Option>
<Option name="h323_ss">0</Option>
<Option name="id"></Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="limit_suffix">/day</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">0</Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">False</Option>
<Option name="log_all_dropped">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="pix_add_clear_statements">True</Option>
<Option name="pix_assume_fw_part_of_any">True</Option>
<Option name="pix_check_overlapping_global_pools">False</Option>
<Option name="pix_check_overlapping_global_statics">False</Option>
<Option name="pix_check_overlapping_statics">False</Option>
<Option name="pix_check_rule_shading">False</Option>
<Option name="pix_connection_timewait">False</Option>
<Option name="pix_emulate_out_acl">True</Option>
<Option name="pix_epilog_script"></Option>
<Option name="pix_fragguard">False</Option>
<Option name="pix_include_comments">True</Option>
<Option name="pix_ip_address">False</Option>
<Option name="pix_nodnsalias_inbound">False</Option>
<Option name="pix_nodnsalias_outbound">False</Option>
<Option name="pix_prolog_script"></Option>
<Option name="pix_replace_natted_objects">True</Option>
<Option name="pix_resetinbound">False</Option>
<Option name="pix_resetoutside">False</Option>
<Option name="pix_set_host_name">False</Option>
<Option name="pix_syslog_facility"></Option>
<Option name="pix_syslog_host"></Option>
<Option name="pix_syslog_level"></Option>
<Option name="pix_syslog_queue_size">0</Option>
<Option name="platform">iptables</Option>
<Option name="proxy_arp">False</Option>
<Option name="rpc_hh">0</Option>
<Option name="rpc_mm">10</Option>
<Option name="rpc_ss">0</Option>
<Option name="script_env_path"></Option>
<Option name="sip_hh">0</Option>
<Option name="sip_media_hh">0</Option>
<Option name="sip_media_mm">0</Option>
<Option name="sip_media_ss">0</Option>
<Option name="sip_mm">30</Option>
<Option name="sip_ss">0</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="ssh_timeout">5</Option>
<Option name="telnet_timeout">5</Option>
<Option name="uauth_abs">True</Option>
<Option name="uauth_hh">2</Option>
<Option name="uauth_inact">False</Option>
<Option name="uauth_mm">0</Option>
<Option name="uauth_ss">0</Option>
<Option name="udp_hh">0</Option>
<Option name="udp_mm">2</Option>
<Option name="udp_ss">0</Option>
<Option name="use_numeric_log_levels">False</Option>
<Option name="xlate_hh">3</Option>
<Option name="xlate_mm">0</Option>
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3C698F1D" host_OS="pix_os" lastCompiled="1145688335" lastInstalled="0" lastModified="0" platform="pix" version="6.2" name="firewall6" comment="testing rule with firewall in dst and negation" ro="False">
<NAT id="id3C698F1E" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3DAF60C4" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="id3DAF60D5"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3DAF60D2"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DAF6186" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3C699013"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D8FFC6C" disabled="False" position="2" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFADBF9"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D8FFC7C" disabled="True" position="3" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3AFADBF9"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id3C698F9D" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id3C699028" action="Deny" direction="Inbound" disabled="False" log="True" position="0" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id3C698F1D"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3C69901D"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3C698FB2" action="Deny" disabled="False" log="False" position="1" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id3C698F1D"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id3C698F1D-routing" name="Routing" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id3C699013" bridgeport="False" dyn="False" label="inside" mgmt="False" network_zone="id3D420A0B" security_level="100" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3C699013-ipv4" name="address" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface id="id3C69901D" bridgeport="False" dyn="False" label="outside" mgmt="False" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id3C69901D-ipv4" name="address" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface>
<Interface id="id3C699030" bridgeport="False" dyn="False" label="dmz" mgmt="False" network_zone="id3D420A09" security_level="50" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<IPv4 id="id3C699030-ipv4" name="address" comment="" ro="False" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.2.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="conn_hh">1</Option>
<Option name="conn_mm">0</Option>
<Option name="conn_ss">0</Option>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="firewall_dir"></Option>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="h323_hh">0</Option>
<Option name="h323_mm">5</Option>
<Option name="h323_ss">0</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="limit_suffix">/day</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">0</Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">False</Option>
<Option name="log_all_dropped">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="pix_add_clear_statements">True</Option>
<Option name="pix_assume_fw_part_of_any">True</Option>
<Option name="pix_check_overlapping_global_pools">True</Option>
<Option name="pix_check_overlapping_global_statics">True</Option>
<Option name="pix_check_overlapping_statics">True</Option>
<Option name="pix_check_rule_shading">False</Option>
<Option name="pix_connection_timewait">False</Option>
<Option name="pix_emulate_out_acl">True</Option>
<Option name="pix_epilog_script"></Option>
<Option name="pix_fragguard">False</Option>
<Option name="pix_include_comments">True</Option>
<Option name="pix_ip_address">False</Option>
<Option name="pix_logging_buffered">True</Option>
<Option name="pix_logging_buffered_level">5</Option>
<Option name="pix_logging_console">True</Option>
<Option name="pix_logging_console_level">0</Option>
<Option name="pix_logging_timestamp">True</Option>
<Option name="pix_logging_trap_level">4</Option>
<Option name="pix_nodnsalias_inbound">False</Option>
<Option name="pix_nodnsalias_outbound">False</Option>
<Option name="pix_prolog_script"></Option>
<Option name="pix_regroup_commands">False</Option>
<Option name="pix_replace_natted_objects">True</Option>
<Option name="pix_resetinbound">False</Option>
<Option name="pix_resetoutside">False</Option>
<Option name="pix_set_host_name">False</Option>
<Option name="pix_ssh_timeout">0</Option>
<Option name="pix_syslog_facility">20</Option>
<Option name="pix_syslog_host">10.3.14.30</Option>
<Option name="pix_syslog_queue_size">512</Option>
<Option name="pix_telnet_timeout">0</Option>
<Option name="platform">iptables</Option>
<Option name="proxy_arp">False</Option>
<Option name="rpc_hh">0</Option>
<Option name="rpc_mm">10</Option>
<Option name="rpc_ss">0</Option>
<Option name="script_env_path"></Option>
<Option name="sip_hh">0</Option>
<Option name="sip_media_hh">0</Option>
<Option name="sip_media_mm">0</Option>
<Option name="sip_media_ss">0</Option>
<Option name="sip_mm">30</Option>
<Option name="sip_ss">0</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="ssh_timeout">5</Option>
<Option name="telnet_timeout">5</Option>
<Option name="uauth_abs">True</Option>
<Option name="uauth_hh">2</Option>
<Option name="uauth_inact">False</Option>
<Option name="uauth_mm">0</Option>
<Option name="uauth_ss">0</Option>
<Option name="udp_hh">0</Option>
<Option name="udp_mm">2</Option>
<Option name="udp_ss">0</Option>
<Option name="use_ip_tool">False</Option>
<Option name="use_numeric_log_levels">False</Option>
<Option name="xlate_hh">3</Option>
<Option name="xlate_mm">0</Option>
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3C69BD4F" host_OS="pix_os" lastCompiled="0" lastInstalled="0" lastModified="0" platform="pix" version="6.2" name="firewall7" comment="testing rules with broadcasts" ro="False">
<NAT id="id3C69BD50" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3DAD0E47" disabled="True" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3AFADBF9"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DAD0E72" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3DAD0EEC"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3DAD0EEE"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id3C69BD51" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id3D916646" action="Accept" direction="Inbound" disabled="False" log="False" position="0" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3C69BD5C"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3D91665B"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3C69BD5C"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3D91662E" action="Accept" direction="Inbound" disabled="False" log="False" position="1" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3C69BD5E"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3D0E8383"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3C69BD5E"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3DAD0EAE" action="Accept" direction="Both" disabled="False" log="False" position="2" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3D91665B"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3DAD0EA4" action="Deny" direction="Both" disabled="False" log="False" position="3" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id3C69BD4F-routing" name="Routing" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id3C69BD5C" bridgeport="False" dyn="False" label="" mgmt="False" network_zone="net-Internal_net" security_level="100" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3C69BD5C-ipv4" name="address" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface id="id3C69BD5E" bridgeport="False" dyn="False" label="" mgmt="False" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id3C69BD5E-ipv4" name="address" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface>
<Management address="22.22.22.22">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="conn_hh">1</Option>
<Option name="conn_mm">0</Option>
<Option name="conn_ss">0</Option>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="firewall_dir"></Option>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="h323_hh">0</Option>
<Option name="h323_mm">5</Option>
<Option name="h323_ss">0</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="limit_suffix">/day</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">0</Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">False</Option>
<Option name="log_all_dropped">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="pix_add_clear_statements">True</Option>
<Option name="pix_assume_fw_part_of_any">True</Option>
<Option name="pix_check_overlapping_global_pools">True</Option>
<Option name="pix_check_overlapping_global_statics">True</Option>
<Option name="pix_check_overlapping_statics">True</Option>
<Option name="pix_check_rule_shading">False</Option>
<Option name="pix_emulate_out_acl">True</Option>
<Option name="pix_epilog_script"></Option>
<Option name="pix_include_comments">True</Option>
<Option name="pix_ip_address">False</Option>
<Option name="pix_prolog_script"></Option>
<Option name="pix_regroup_commands">False</Option>
<Option name="pix_replace_natted_objects">True</Option>
<Option name="pix_set_host_name">False</Option>
<Option name="platform">iptables</Option>
<Option name="proxy_arp">False</Option>
<Option name="rpc_hh">0</Option>
<Option name="rpc_mm">10</Option>
<Option name="rpc_ss">0</Option>
<Option name="script_env_path"></Option>
<Option name="sip_hh">0</Option>
<Option name="sip_mm">30</Option>
<Option name="sip_ss">0</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="ssh_timeout">5</Option>
<Option name="telnet_timeout">5</Option>
<Option name="uauth_abs">True</Option>
<Option name="uauth_hh">2</Option>
<Option name="uauth_inact">False</Option>
<Option name="uauth_mm">0</Option>
<Option name="uauth_ss">0</Option>
<Option name="udp_hh">0</Option>
<Option name="udp_mm">2</Option>
<Option name="udp_ss">0</Option>
<Option name="use_ip_tool">False</Option>
<Option name="use_numeric_log_levels">False</Option>
<Option name="xlate_hh">3</Option>
<Option name="xlate_mm">0</Option>
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3D4204D6" host_OS="pix_os" lastCompiled="1145688339" lastInstalled="0" lastModified="0" platform="pix" version="6.2" name="firewall8" comment="" ro="False">
<NAT id="id3D4204DA" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3D4209BE" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3D42051B"/>
<ObjectRef ref="id3D420525"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D422084" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3D42051B"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D422099" disabled="False" position="2" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3D420525"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D436DC2" disabled="False" position="3" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3D420525"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D420535" disabled="False" position="4" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3D42094E"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D420521"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D436D6A" disabled="False" position="5" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="net-Internal_net"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3D436EA6"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D436E2F" disabled="False" position="6" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3D42052D"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id3D4204D9" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id3DB10B42" action="Accept" disabled="False" log="False" position="0" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3DB10B57" action="Accept" disabled="False" log="False" position="1" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="net-Internal_net"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3DB10B4C" action="Deny" disabled="False" log="False" position="2" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id3D4204D6-routing" name="Routing" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id3D4204DF" bridgeport="False" dyn="False" label="outside" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3D4204DF-ipv4" name="address" comment="" ro="False" address="10.5.70.20" netmask="255.255.240.0"/>
</Interface>
<Interface id="id3D4204E2" bridgeport="False" dyn="False" label="dmz" network_zone="id3D420A09" security_level="50" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id3D4204E2-ipv4" name="address" comment="" ro="False" address="192.168.2.20" netmask="255.255.255.0"/>
</Interface>
<Interface id="id3D4204E5" bridgeport="False" dyn="False" label="inside" mgmt="True" network_zone="id3D420A0B" security_level="100" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<IPv4 id="id3D4204E5-ipv4" name="address" comment="" ro="False" address="192.168.1.20" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.20">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="check_shading">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="conn_hh">1</Option>
<Option name="conn_mm">0</Option>
<Option name="conn_ss">0</Option>
<Option name="ctiqbe_fixup">2 2748 0 nil 0</Option>
<Option name="dns_fixup">2 65535 0 nil 0</Option>
<Option name="dyn_addr">False</Option>
<Option name="espike_fixup">2 0 0 nil 0</Option>
<Option name="ftp_fixup">0 21 0 strict 0</Option>
<Option name="h323_h225_fixup">2 1720 1720 nil 0</Option>
<Option name="h323_hh">0</Option>
<Option name="h323_mm">5</Option>
<Option name="h323_ras_fixup">2 1718 1719 nil 0</Option>
<Option name="h323_ss">0</Option>
<Option name="half-closed_hh">0</Option>
<Option name="half-closed_mm">0</Option>
<Option name="half-closed_ss">0</Option>
<Option name="half_closed_hh">0</Option>
<Option name="half_closed_mm">10</Option>
<Option name="half_closed_ss">0</Option>
<Option name="http_fixup">2 80 80 nil 0</Option>
<Option name="icmp_error_fixup">2 0 0 nil 0</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="ils_fixup">2 389 389 nil 0</Option>
<Option name="mgcp_fixup">2 2427 2727 nil 0</Option>
<Option name="pix_add_clear_statements">False</Option>
<Option name="pix_assume_fw_part_of_any">False</Option>
<Option name="pix_check_duplicate_nat">False</Option>
<Option name="pix_check_overlapping_global_pools">True</Option>
<Option name="pix_check_overlapping_global_statics">True</Option>
<Option name="pix_check_overlapping_statics">True</Option>
<Option name="pix_check_rule_shading">True</Option>
<Option name="pix_conn_abs">True</Option>
<Option name="pix_conn_hh">1</Option>
<Option name="pix_conn_inact">False</Option>
<Option name="pix_conn_mm">0</Option>
<Option name="pix_conn_ss">0</Option>
<Option name="pix_connection_timewait">False</Option>
<Option name="pix_emb_limit">0</Option>
<Option name="pix_emblem_log_format">False</Option>
<Option name="pix_emulate_out_acl">True</Option>
<Option name="pix_epilog_script"></Option>
<Option name="pix_floodguard">True</Option>
<Option name="pix_fragguard">True</Option>
<Option name="pix_h323_abs">True</Option>
<Option name="pix_h323_hh">0</Option>
<Option name="pix_h323_inact">False</Option>
<Option name="pix_h323_mm">5</Option>
<Option name="pix_h323_ss">0</Option>
<Option name="pix_include_comments">True</Option>
<Option name="pix_ip_address">False</Option>
<Option name="pix_logging_buffered">False</Option>
<Option name="pix_logging_buffered_level"></Option>
<Option name="pix_logging_console">False</Option>
<Option name="pix_logging_console_level"></Option>
<Option name="pix_logging_timestamp">False</Option>
<Option name="pix_logging_trap_level"></Option>
<Option name="pix_max_conns">0</Option>
<Option name="pix_nodnsalias_inbound">False</Option>
<Option name="pix_nodnsalias_outbound">False</Option>
<Option name="pix_optimize_default_nat">False</Option>
<Option name="pix_prolog_script">
no sysopt connection timewait
no sysopt security fragguard
no sysopt nodnsalias inbound
no sysopt nodnsalias outbound
</Option>
<Option name="pix_regroup_commands">False</Option>
<Option name="pix_replace_natted_objects">False</Option>
<Option name="pix_resetinbound">False</Option>
<Option name="pix_resetoutside">False</Option>
<Option name="pix_route_dnat">True</Option>
<Option name="pix_rpc_abs">True</Option>
<Option name="pix_rpc_hh">0</Option>
<Option name="pix_rpc_inact">False</Option>
<Option name="pix_rpc_mm">10</Option>
<Option name="pix_rpc_ss">0</Option>
<Option name="pix_set_host_name">False</Option>
<Option name="pix_sip_abs">True</Option>
<Option name="pix_sip_hh">0</Option>
<Option name="pix_sip_inact">False</Option>
<Option name="pix_sip_media_abs">True</Option>
<Option name="pix_sip_media_hh">0</Option>
<Option name="pix_sip_media_inact">False</Option>
<Option name="pix_sip_media_mm">2</Option>
<Option name="pix_sip_media_ss">0</Option>
<Option name="pix_sip_mm">30</Option>
<Option name="pix_sip_ss">0</Option>
<Option name="pix_ssh_timeout">5</Option>
<Option name="pix_syslog_facility"></Option>
<Option name="pix_syslog_host"></Option>
<Option name="pix_syslog_queue_size">0</Option>
<Option name="pix_telnet_timeout">5</Option>
<Option name="pix_uauth_abs">True</Option>
<Option name="pix_uauth_hh">2</Option>
<Option name="pix_uauth_inact">False</Option>
<Option name="pix_uauth_mm">0</Option>
<Option name="pix_uauth_ss">0</Option>
<Option name="pix_udp_abs">True</Option>
<Option name="pix_udp_hh">0</Option>
<Option name="pix_udp_inact">False</Option>
<Option name="pix_udp_mm">2</Option>
<Option name="pix_udp_ss">0</Option>
<Option name="pix_use_acl_remarks">False</Option>
<Option name="pix_xlate_abs">True</Option>
<Option name="pix_xlate_hh">3</Option>
<Option name="pix_xlate_inact">False</Option>
<Option name="pix_xlate_mm">0</Option>
<Option name="pix_xlate_ss">0</Option>
<Option name="pptp_fixup">2 1723 0 nil 0</Option>
<Option name="rpc_hh">0</Option>
<Option name="rpc_mm">10</Option>
<Option name="rpc_ss">0</Option>
<Option name="rsh_fixup">2 514 0 nil 0</Option>
<Option name="rtsp_fixup">2 554 0 nil 0</Option>
<Option name="sip_fixup">2 5060 5060 nil 0</Option>
<Option name="sip_hh">0</Option>
<Option name="sip_media_hh">0</Option>
<Option name="sip_media_mm">2</Option>
<Option name="sip_media_ss">0</Option>
<Option name="sip_mm">30</Option>
<Option name="sip_ss">0</Option>
<Option name="sip_udp_fixup">2 5060 0 nil 0</Option>
<Option name="skinny_fixup">2 2000 2000 nil 0</Option>
<Option name="smtp_fixup">2 25 25 nil 0</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sqlnet_fixup">2 1521 1521 nil 0</Option>
<Option name="ssh_timeout">5</Option>
<Option name="telnet_timeout">5</Option>
<Option name="tftp_fixup">2 69 0 nil 0</Option>
<Option name="uauth_abs">True</Option>
<Option name="uauth_hh">2</Option>
<Option name="uauth_inact">False</Option>
<Option name="uauth_mm">0</Option>
<Option name="uauth_ss">0</Option>
<Option name="udp_hh">0</Option>
<Option name="udp_mm">2</Option>
<Option name="udp_ss">0</Option>
<Option name="xlate_hh">3</Option>
<Option name="xlate_mm">0</Option>
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3D8AAF43" host_OS="pix_os" lastCompiled="1145688340" lastInstalled="0" lastModified="0" platform="pix" version="6.3" name="firewall9" comment="this firewall has no rules at all." ro="False">
<NAT id="id3D8AAF44" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Policy id="id3D8AAFA8" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Routing id="id3D8AAF43-routing" name="Routing" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id3D8AAFA9" bridgeport="False" dyn="False" label="outside" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3D8AAFAA" name="address" comment="" ro="False" address="10.5.70.20" netmask="255.255.240.0"/>
</Interface>
<Interface id="id3D8AAFAC" bridgeport="False" dyn="False" label="dmz" network_zone="id3D420A09" security_level="50" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id3D8AAFAD" name="address" comment="" ro="False" address="192.168.2.20" netmask="255.255.255.0"/>
</Interface>
<Interface id="id3D8AAFAF" bridgeport="False" dyn="False" label="inside" mgmt="True" network_zone="id3D420A0B" security_level="100" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<IPv4 id="id3D8AAFB0" name="address" comment="" ro="False" address="192.168.1.20" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.20">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="check_shading">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="conn_hh">0</Option>
<Option name="conn_mm">0</Option>
<Option name="conn_ss">0</Option>
<Option name="ctiqbe_fixup">0 2748 0 nil 0</Option>
<Option name="dns_fixup">0 65535 0 nil 0</Option>
<Option name="dyn_addr">False</Option>
<Option name="espike_fixup">2 0 0 nil 0</Option>
<Option name="ftp_fixup">0 21 0 strict 0</Option>
<Option name="h323_h225_fixup">0 1720 1720 nil 0</Option>
<Option name="h323_hh">0</Option>
<Option name="h323_mm">0</Option>
<Option name="h323_ras_fixup">0 1718 1719 nil 0</Option>
<Option name="h323_ss">0</Option>
<Option name="half-closed_hh">0</Option>
<Option name="half-closed_mm">0</Option>
<Option name="half-closed_ss">0</Option>
<Option name="http_fixup">0 80 80 nil 0</Option>
<Option name="icmp_error_fixup">0 0 0 nil 0</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="ils_fixup">0 389 389 nil 0</Option>
<Option name="mgcp_fixup">0 2427 2727 nil 0</Option>
<Option name="pix_add_clear_statements">False</Option>
<Option name="pix_assume_fw_part_of_any">False</Option>
<Option name="pix_check_duplicate_nat">False</Option>
<Option name="pix_check_overlapping_global_pools">False</Option>
<Option name="pix_check_overlapping_global_statics">False</Option>
<Option name="pix_check_overlapping_statics">False</Option>
<Option name="pix_check_rule_shading">False</Option>
<Option name="pix_conn_abs">True</Option>
<Option name="pix_conn_hh">1</Option>
<Option name="pix_conn_inact">False</Option>
<Option name="pix_conn_mm">0</Option>
<Option name="pix_conn_ss">0</Option>
<Option name="pix_connection_timewait">False</Option>
<Option name="pix_emulate_out_acl">True</Option>
<Option name="pix_epilog_script"></Option>
<Option name="pix_floodguard">False</Option>
<Option name="pix_fragguard">False</Option>
<Option name="pix_h323_abs">True</Option>
<Option name="pix_h323_hh">0</Option>
<Option name="pix_h323_inact">False</Option>
<Option name="pix_h323_mm">5</Option>
<Option name="pix_h323_ss">0</Option>
<Option name="pix_include_comments">True</Option>
<Option name="pix_ip_address">False</Option>
<Option name="pix_logging_buffered">False</Option>
<Option name="pix_logging_buffered_level"></Option>
<Option name="pix_logging_console">False</Option>
<Option name="pix_logging_console_level"></Option>
<Option name="pix_logging_timestamp">False</Option>
<Option name="pix_logging_trap_level"></Option>
<Option name="pix_nodnsalias_inbound">False</Option>
<Option name="pix_nodnsalias_outbound">False</Option>
<Option name="pix_optimize_default_nat">False</Option>
<Option name="pix_prolog_script">
no sysopt connection timewait
no sysopt security fragguard
no sysopt nodnsalias inbound
no sysopt nodnsalias outbound
</Option>
<Option name="pix_regroup_commands">False</Option>
<Option name="pix_replace_natted_objects">False</Option>
<Option name="pix_resetinbound">False</Option>
<Option name="pix_resetoutside">False</Option>
<Option name="pix_route_dnat">False</Option>
<Option name="pix_rpc_abs">True</Option>
<Option name="pix_rpc_hh">0</Option>
<Option name="pix_rpc_inact">False</Option>
<Option name="pix_rpc_mm">10</Option>
<Option name="pix_rpc_ss">0</Option>
<Option name="pix_set_host_name">False</Option>
<Option name="pix_sip_abs">True</Option>
<Option name="pix_sip_hh">0</Option>
<Option name="pix_sip_inact">False</Option>
<Option name="pix_sip_media_abs">True</Option>
<Option name="pix_sip_media_hh">0</Option>
<Option name="pix_sip_media_inact">False</Option>
<Option name="pix_sip_media_mm">2</Option>
<Option name="pix_sip_media_ss">0</Option>
<Option name="pix_sip_mm">30</Option>
<Option name="pix_sip_ss">0</Option>
<Option name="pix_ssh_timeout">5</Option>
<Option name="pix_syslog_facility"></Option>
<Option name="pix_syslog_host"></Option>
<Option name="pix_syslog_queue_size">0</Option>
<Option name="pix_telnet_timeout">5</Option>
<Option name="pix_uauth_abs">True</Option>
<Option name="pix_uauth_hh">2</Option>
<Option name="pix_uauth_inact">False</Option>
<Option name="pix_uauth_mm">0</Option>
<Option name="pix_uauth_ss">0</Option>
<Option name="pix_udp_abs">True</Option>
<Option name="pix_udp_hh">0</Option>
<Option name="pix_udp_inact">False</Option>
<Option name="pix_udp_mm">2</Option>
<Option name="pix_udp_ss">0</Option>
<Option name="pix_xlate_abs">True</Option>
<Option name="pix_xlate_hh">3</Option>
<Option name="pix_xlate_inact">False</Option>
<Option name="pix_xlate_mm">0</Option>
<Option name="pix_xlate_ss">0</Option>
<Option name="pptp_fixup">0 1723 0 nil 0</Option>
<Option name="rpc_hh">0</Option>
<Option name="rpc_mm">0</Option>
<Option name="rpc_ss">0</Option>
<Option name="rsh_fixup">0 0 0 nil 0</Option>
<Option name="rtsp_fixup">0 554 0 nil 0</Option>
<Option name="sip_fixup">0 5060 5060 nil 0</Option>
<Option name="sip_hh">0</Option>
<Option name="sip_media_hh">0</Option>
<Option name="sip_media_mm">0</Option>
<Option name="sip_media_ss">0</Option>
<Option name="sip_mm">0</Option>
<Option name="sip_ss">0</Option>
<Option name="sip_udp_fixup">0 0 0 nil 0</Option>
<Option name="skinny_fixup">0 2000 2000 nil 0</Option>
<Option name="smtp_fixup">0 25 25 nil 0</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sqlnet_fixup">0 1521 1521 nil 0</Option>
<Option name="tftp_fixup">0 69 0 nil 0</Option>
<Option name="uauth_abs">True</Option>
<Option name="uauth_hh">0</Option>
<Option name="uauth_inact">False</Option>
<Option name="uauth_mm">0</Option>
<Option name="uauth_ss">0</Option>
<Option name="udp_hh">0</Option>
<Option name="udp_mm">0</Option>
<Option name="udp_ss">0</Option>
<Option name="xlate_hh">0</Option>
<Option name="xlate_mm">0</Option>
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3AF5A2BA" host_OS="openbsd" lastCompiled="1145688342" lastInstalled="0" lastModified="0" platform="pf" name="host" comment="firewall protects host it is running on" ro="False">
<NAT id="id3AF5A2BD" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Policy id="id3AF5A2BC" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id3BD8ECD0" action="Accept" direction="Both" disabled="False" log="True" position="0" comment="">
<Src neg="False">
<ObjectRef ref="id3AF5A2BA"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AF5A2BA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AF5A2CB"/>
</Itf>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3AFB70C7" action="Accept" direction="Inbound" disabled="False" log="False" position="1" comment="allow everything on loopback">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AF5A2BA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AFB7090"/>
</Itf>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3AFB70CF" action="Accept" direction="Outbound" disabled="False" log="False" position="2" comment="allow everything on loopback">
<Src neg="False">
<ObjectRef ref="id3AF5A2BA"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AFB7090"/>
</Itf>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3BD8ECC6" action="Accept" direction="Both" disabled="True" log="True" position="3" comment="">
<Src neg="False">
<ObjectRef ref="id3AF5A2BA"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AF5A2BA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3AFB7090"/>
</Itf>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3AF5A74B" action="Deny" disabled="False" log="True" position="4" comment="block fragments">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AF5A2BA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="ip-IP_Fragments"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3AF5A73A" action="Accept" disabled="False" log="False" position="5" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3AF5A2BA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="tcp-SSH"/>
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="tcp-Telnet"/>
<ServiceRef ref="icmp-Unreachables"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3AF5A757" action="Accept" disabled="False" log="False" position="6" comment="allow all outgoing connections">
<Src neg="False">
<ObjectRef ref="id3AF5A2BA"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3AF5A762" action="Deny" disabled="False" log="True" position="7" comment="'catch all' rule">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id3AF5A2BA-routing" name="Routing" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id3AF5A2CB" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3AF5A2CB-ipv4" name="address" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface>
<Interface id="id3AFB7090" bridgeport="False" dyn="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id3AFB7090-ipv4" name="address" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Management address="22.22.22.22">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="firewall_dir"></Option>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="limit_suffix">/day</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">0</Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">False</Option>
<Option name="log_all_dropped">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix"></Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">False</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="platform">iptables</Option>
<Option name="script_env_path"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_ip_tool">False</Option>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3D385DA9" host_OS="pix_os" lastCompiled="1145688344" lastInstalled="0" lastModified="0" platform="pix" version="6.3" name="real" comment="" ro="False">
<NAT id="id3D385DAD" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3D385E43" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="id3D385DEC"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3D385DA9"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3F8F93B5" disabled="True" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3D385DE3"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D1966D8"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id3D385DAC" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id3D385DF0" action="Accept" direction="Both" disabled="False" log="False" position="0" comment="">
<Src neg="False">
<ObjectRef ref="id3D385DEC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3F8F92B1" action="Accept" direction="Both" disabled="False" log="False" position="1" comment="">
<Src neg="False">
<ObjectRef ref="id3D385DEC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D385DA9"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3D385F90" action="Accept" direction="Both" disabled="False" log="False" position="2" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D385DA9"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-ping_reply"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3F8F940C" action="Accept" direction="Both" disabled="False" log="False" position="3" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D1966D8"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3D385E0F" action="Deny" direction="Both" disabled="False" log="True" position="4" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="disable_logging_for_this_rule">False</Option>
<Option name="log_interval">120</Option>
<Option name="log_level">notice</Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id3D385DA9-routing" name="Routing" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id3D385DE3" bridgeport="False" dyn="True" label="outside" mgmt="False" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="ethernet0" comment="" ro="False"/>
<Interface id="id3D385DE6" bridgeport="False" dyn="False" label="inside" mgmt="True" network_zone="id3D385DEC" security_level="100" unnum="False" unprotected="False" name="ethernet1" comment="" ro="False">
<IPv4 id="id3D385DE6-ipv4" name="address" comment="" ro="False" address="10.3.14.204" netmask="255.255.255.0"/>
</Interface>
<Management address="10.3.14.204">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="check_shading">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="conn_hh">0</Option>
<Option name="conn_mm">0</Option>
<Option name="conn_ss">0</Option>
<Option name="ctiqbe_fixup">2 2748 0 nil 0</Option>
<Option name="dns_fixup">0 65535 0 nil 0</Option>
<Option name="dyn_addr">False</Option>
<Option name="espike_fixup">2 0 0 nil 0</Option>
<Option name="ftp_fixup">0 21 0 strict 0</Option>
<Option name="h323_h225_fixup">2 1720 1720 nil 0</Option>
<Option name="h323_hh">0</Option>
<Option name="h323_mm">0</Option>
<Option name="h323_ras_fixup">2 1718 1719 nil 0</Option>
<Option name="h323_ss">0</Option>
<Option name="half-closed_hh">0</Option>
<Option name="half-closed_mm">0</Option>
<Option name="half-closed_ss">0</Option>
<Option name="http_fixup">0 80 80 nil 0</Option>
<Option name="icmp_error_fixup">0 0 0 nil 0</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="ils_fixup">2 389 389 nil 0</Option>
<Option name="mgcp_fixup">2 2427 2727 nil 0</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_ssh">False</Option>
<Option name="output_file"></Option>
<Option name="pix_acl_basic">True</Option>
<Option name="pix_acl_no_clear">False</Option>
<Option name="pix_acl_substitution">False</Option>
<Option name="pix_acl_temp_addr"></Option>
<Option name="pix_add_clear_statements">False</Option>
<Option name="pix_assume_fw_part_of_any">False</Option>
<Option name="pix_check_duplicate_nat">False</Option>
<Option name="pix_check_nat_errors">True</Option>
<Option name="pix_check_overlapping_global_pools">False</Option>
<Option name="pix_check_overlapping_global_statics">False</Option>
<Option name="pix_check_overlapping_statics">False</Option>
<Option name="pix_check_rule_shading">True</Option>
<Option name="pix_conn_abs">True</Option>
<Option name="pix_conn_hh">1</Option>
<Option name="pix_conn_inact">False</Option>
<Option name="pix_conn_mm">0</Option>
<Option name="pix_conn_ss">0</Option>
<Option name="pix_connection_timewait">False</Option>
<Option name="pix_emb_limit">0</Option>
<Option name="pix_emblem_log_format">True</Option>
<Option name="pix_emulate_out_acl">True</Option>
<Option name="pix_enable_snmp_traps">True</Option>
<Option name="pix_epilog_script"></Option>
<Option name="pix_floodguard">False</Option>
<Option name="pix_fragguard">False</Option>
<Option name="pix_h323_abs">True</Option>
<Option name="pix_h323_hh">0</Option>
<Option name="pix_h323_inact">False</Option>
<Option name="pix_h323_mm">5</Option>
<Option name="pix_h323_ss">0</Option>
<Option name="pix_include_comments">True</Option>
<Option name="pix_ip_address">True</Option>
<Option name="pix_logging_buffered">False</Option>
<Option name="pix_logging_buffered_level">0</Option>
<Option name="pix_logging_console">False</Option>
<Option name="pix_logging_console_level">0</Option>
<Option name="pix_logging_timestamp">False</Option>
<Option name="pix_logging_trap_level">0</Option>
<Option name="pix_max_conns">0</Option>
<Option name="pix_nodnsalias_inbound">False</Option>
<Option name="pix_nodnsalias_outbound">False</Option>
<Option name="pix_ntp1">10.3.14.30</Option>
<Option name="pix_ntp2"></Option>
<Option name="pix_ntp3"></Option>
<Option name="pix_optimize_default_nat">False</Option>
<Option name="pix_prolog_script"></Option>
<Option name="pix_regroup_commands">False</Option>
<Option name="pix_replace_natted_objects">True</Option>
<Option name="pix_resetinbound">False</Option>
<Option name="pix_resetoutside">False</Option>
<Option name="pix_route_dnat">False</Option>
<Option name="pix_rpc_abs">True</Option>
<Option name="pix_rpc_hh">0</Option>
<Option name="pix_rpc_inact">False</Option>
<Option name="pix_rpc_mm">10</Option>
<Option name="pix_rpc_ss">0</Option>
<Option name="pix_set_communities_from_object_data">True</Option>
<Option name="pix_set_host_name">True</Option>
<Option name="pix_set_sysinfo_from_object_data">False</Option>
<Option name="pix_sip_abs">True</Option>
<Option name="pix_sip_hh">0</Option>
<Option name="pix_sip_inact">False</Option>
<Option name="pix_sip_media_abs">True</Option>
<Option name="pix_sip_media_hh">0</Option>
<Option name="pix_sip_media_inact">False</Option>
<Option name="pix_sip_media_mm">2</Option>
<Option name="pix_sip_media_ss">0</Option>
<Option name="pix_sip_mm">30</Option>
<Option name="pix_sip_ss">0</Option>
<Option name="pix_snmp_poll_traps_1">1</Option>
<Option name="pix_snmp_poll_traps_2">1</Option>
<Option name="pix_snmp_server1">10.3.14.40</Option>
<Option name="pix_snmp_server2"></Option>
<Option name="pix_ssh_timeout">5</Option>
<Option name="pix_syslog_device_id_opt">string</Option>
<Option name="pix_syslog_device_id_val">real_firewall</Option>
<Option name="pix_syslog_facility">16</Option>
<Option name="pix_syslog_host">10.3.14.10</Option>
<Option name="pix_syslog_level">info</Option>
<Option name="pix_syslog_queue_size">1000</Option>
<Option name="pix_tcpmss">False</Option>
<Option name="pix_tcpmss_value">0</Option>
<Option name="pix_telnet_timeout">5</Option>
<Option name="pix_uauth_abs">True</Option>
<Option name="pix_uauth_hh">2</Option>
<Option name="pix_uauth_inact">False</Option>
<Option name="pix_uauth_mm">0</Option>
<Option name="pix_uauth_ss">0</Option>
<Option name="pix_udp_abs">True</Option>
<Option name="pix_udp_hh">0</Option>
<Option name="pix_udp_inact">False</Option>
<Option name="pix_udp_mm">2</Option>
<Option name="pix_udp_ss">0</Option>
<Option name="pix_use_acl_remarks">True</Option>
<Option name="pix_use_manual_commit">False</Option>
<Option name="pix_xlate_abs">True</Option>
<Option name="pix_xlate_hh">3</Option>
<Option name="pix_xlate_inact">False</Option>
<Option name="pix_xlate_mm">0</Option>
<Option name="pix_xlate_ss">0</Option>
<Option name="pptp_fixup">2 1723 0 nil 0</Option>
<Option name="rpc_hh">0</Option>
<Option name="rpc_mm">0</Option>
<Option name="rpc_ss">0</Option>
<Option name="rsh_fixup">2 514 0 nil 0</Option>
<Option name="rtsp_fixup">2 554 0 nil 0</Option>
<Option name="sip_fixup">2 5060 5060 nil 0</Option>
<Option name="sip_hh">0</Option>
<Option name="sip_media_hh">0</Option>
<Option name="sip_media_mm">0</Option>
<Option name="sip_media_ss">0</Option>
<Option name="sip_mm">0</Option>
<Option name="sip_ss">0</Option>
<Option name="sip_udp_fixup">2 5060 0 nil 0</Option>
<Option name="skinny_fixup">2 2000 2000 nil 0</Option>
<Option name="smtp_fixup">2 25 25 nil 0</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description">Cisco PIX Firewall Version 6.2(2)
</Option>
<Option name="snmp_location"></Option>
<Option name="sqlnet_fixup">2 1521 1521 nil 0</Option>
<Option name="sshArgs"></Option>
<Option name="tftp_fixup">2 69 0 nil 0</Option>
<Option name="uauth_abs">True</Option>
<Option name="uauth_hh">0</Option>
<Option name="uauth_inact">False</Option>
<Option name="uauth_mm">0</Option>
<Option name="uauth_ss">0</Option>
<Option name="udp_hh">0</Option>
<Option name="udp_mm">0</Option>
<Option name="udp_ss">0</Option>
<Option name="xlate_hh">0</Option>
<Option name="xlate_mm">0</Option>
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3F957BF2" host_OS="pix_os" lastCompiled="0" lastInstalled="0" lastModified="0" platform="pix" version="6.1" name="test" comment="" ro="False">
<NAT id="id3F957BF6" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3F957C35" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="id3CD87A53"/>
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3F957BF9"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id3F957BF5" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id3F957C00" action="Deny" direction="Inbound" disabled="False" log="True" position="0" comment="Anti-spoofing rule">
<Src neg="False">
<ObjectRef ref="id3CD87A53"/>
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3F957BF2"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id3F957BF9"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3F957C0D" action="Accept" disabled="False" log="False" position="1" comment="ssh access to firewall">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3F957BF2"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3F957C1B" action="Accept" disabled="False" log="False" position="2" comment="firewall uses DNS server on LAN">
<Src neg="False">
<ObjectRef ref="id3F957BF2"/>
</Src>
<Dst neg="False">
<ObjectRef ref="net-Internal_net"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="udp-DNS"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3F957C29" action="Accept" disabled="False" log="False" position="3" comment="'masquerading' rule">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3F957C46" action="Deny" disabled="False" log="True" position="4" comment="'catch all' rule">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id3F957BF2-routing" name="Routing" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id3F957BF9" bridgeport="False" dyn="True" label="" mgmt="False" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="ethernet0" comment="" ro="False"/>
<Interface id="id3F957BFB" bridgeport="False" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="ethernet1" comment="" ro="False">
<IPv4 id="id3F957BFD" name="test:ethernet1(ip)" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="version_6.1">
true
true
true
true
true
true
false
false
false
true
true
3
0
0
1
0
0
0
2
0
0
10
0
0
5
0
0
30
0
0
2
0
0
10
0
2
0
0
True
False
5
5
ftp_fixup,http_fixup,h323_h225_fixup,h323_ras_fixup,rsh_fixup,rtsp_fixup,sip_fixup,skinny_fixup,smtp_fixup,sqlnet_fixup
</Option>
<Option name="version_6.2">
true
true
true
true
true
true
false
false
false
true
true
3
0
0
1
0
0
0
2
0
0
10
0
0
5
0
0
30
0
0
2
0
0
10
0
2
0
0
True
False
5
5
ftp_fixup,http_fixup,h323_h225_fixup,h323_ras_fixup,ils_fixup,rsh_fixup,rtsp_fixup,sip_fixup,skinny_fixup,smtp_fixup,sqlnet_fixup
</Option>
<Option name="version_6.3">
true
true
true
true
true
true
true
true
true
false
false
3
0
0
1
0
0
0
2
0
0
10
0
0
5
0
0
30
0
0
2
0
0
10
0
2
0
0
True
False
5
5
ctiqbe_fixup,dns_fixup,esp_ike_fixup,ftp_fixup,h323_h225_fixup,h323_ras_fixup,http_fixup,icmp_error_fixup,ils_fixup,mgcp_fixup,pptp_fixup,rsh_fixup,rtsp_fixup,sip_fixup,sip_udp_fixup,skinny_fixup,smtp_fixup,sqlnet_fixup,tftp_fixup
</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id444A039E9567" host_OS="fwsm_os" inactive="False" lastCompiled="1145688917" lastInstalled="0" lastModified="1145688781" platform="fwsm" version="2.3" name="fwsm1" comment="" ro="False">
<NAT id="id444A04E59567" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id444A04E69567" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id444A039E9567"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id444A04F49567" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id444A039E9567"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id444A05029567" disabled="False" position="2" comment="">
<OSrc neg="False">
<ObjectRef ref="id3DAA5110"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id444A039E9567"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id444A05109567" disabled="False" position="3" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3B665641"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id444A051E9567" disabled="False" position="4" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3D196750"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id444A052C9567" disabled="False" position="5" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id444A039E9567"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id444A053A9567" disabled="False" position="6" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="net-Internal_net"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFC191C"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id444A05489567" disabled="False" position="7" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id444A05569567" disabled="False" position="8" comment="">
<OSrc neg="False">
<ObjectRef ref="id3CD87A53"/>
<ObjectRef ref="id3CD87A5E"/>
<ObjectRef ref="id3CD87A6D"/>
<ObjectRef ref="id3CD87A7C"/>
<ObjectRef ref="id3CD87A8B"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id444A05689567" disabled="False" position="9" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id444A05769567" disabled="False" position="10" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="net-Internal_net"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id444A05849567" disabled="False" position="11" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="host-hostA"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id444A05929567" disabled="True" position="12" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id444A039E9567"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B4FF09A"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id444A03A49567" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id444A03A59567" action="Deny" direction="Inbound" disabled="False" log="True" position="0" comment="blocking short fragments">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="ip-IP_Fragments"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id444A05A19567"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id444A03B19567" action="Deny" direction="Inbound" disabled="True" log="True" position="1" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id444A039E9567"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="ip-IP_Fragments"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id444A05A19567"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id444A03BB9567" action="Accept" direction="Inbound" disabled="False" log="False" position="2" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-Unreachables"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id444A05A19567"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id444A03C79567" action="Accept" direction="Outbound" disabled="False" log="True" position="3" comment="anti-spoofing rule">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id444A039E9567"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id444A05A19567"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id444A03D49567" action="Accept" direction="Inbound" disabled="False" log="False" position="4" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id444A039E9567"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id444A05A49567"/>
</Itf>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id444A03DE9567" action="Accept" direction="Both" disabled="False" log="False" position="5" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-secondary1-com"/>
<ObjectRef ref="host-secondary2-com"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3CD878C8"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id444A05A49567"/>
</Itf>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id444A03E99567" action="Deny" direction="Inbound" disabled="False" log="False" position="6" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3B64FFAC"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id444A05A49567"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id444A03F59567" action="Deny" direction="Both" disabled="True" log="True" position="7" comment="this rule, if enabled, shades&#10;some rule below because&#10;of service &quot;any ICMP&quot;">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-TCP-SYN"/>
<ServiceRef ref="id3B58E3F1"/>
<ServiceRef ref="id3C1A5D46"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_value">0</Option>
<Option name="log_limit_suffix"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id444A04039567" action="Accept" direction="Both" disabled="False" log="False" position="8" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sg-Useful_ICMP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id444A040F9567" action="Accept" direction="Both" disabled="False" log="False" position="9" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3D12CD12"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id444A041B9567" action="Accept" direction="Both" disabled="False" log="True" position="10" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3D0E8383"/>
<ServiceRef ref="id3D116567"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_value">0</Option>
<Option name="log_limit_suffix"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id444A04289567" action="Deny" direction="Both" disabled="True" log="False" position="11" comment="shades rule #8 below">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3C1A5D46"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id444A04349567" action="Accept" direction="Both" disabled="False" log="False" position="12" comment="">
<Src neg="False">
<ObjectRef ref="host-secondary1-com"/>
<ObjectRef ref="host-secondary2-com"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id444A04429567" action="Accept" direction="Both" disabled="False" log="False" position="13" comment="">
<Src neg="False">
<ObjectRef ref="id3BF1B3E1"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D0F7F89"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3B5009F7"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id444A044E9567" action="Accept" direction="Both" disabled="False" log="False" position="14" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D0F7F89"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3B5009F7"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id444A045A9567" action="Accept" direction="Both" disabled="False" log="False" position="15" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id444A039E9567"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-Unreachables"/>
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id444A04679567" action="Accept" direction="Both" disabled="False" log="False" position="16" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3CD87A9A"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3CD878C8"/>
<ServiceRef ref="id3B5009F7"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id444A04749567" action="Accept" direction="Both" disabled="False" log="False" position="17" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3CD8769F"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3CD878C8"/>
<ServiceRef ref="id3B5009F7"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id444A04819567" action="Accept" direction="Both" disabled="False" log="False" position="18" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="net-Internal_net"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3B5009F7"/>
<ServiceRef ref="id3C1A66C9"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id444A048E9567" action="Accept" direction="Both" disabled="False" log="False" position="19" comment="objects hostA and hostB are&#10;redundant and should be removed by&#10; removeRedundantAddressesFromDst">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3CB131C4"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id444A049C9567" action="Accept" direction="Both" disabled="False" log="False" position="20" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id431BD5EE"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id444A04A89567" action="Accept" direction="Both" disabled="True" log="False" position="21" comment="rules 12 and 13 can be&#10;used to test shading">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="net-Internal_net"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id444A04B49567" action="Accept" direction="Both" disabled="True" log="False" position="22" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3B3D5A3B"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id444A04C09567" action="Accept" direction="Both" disabled="False" log="True" position="23" comment="">
<Src neg="False">
<ObjectRef ref="id444A039E9567"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id444A039E9567"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id444A04CC9567" action="Accept" direction="Both" disabled="False" log="False" position="24" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id444A039E9567"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id444A04D99567" action="Deny" direction="Both" disabled="False" log="True" position="25" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_limit_suffix"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id444A05A09567" name="Routing" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id444A05A19567" bridgeport="False" dyn="False" label="outside" mgmt="False" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="ethernet1" comment="" ro="False">
<IPv4 id="id444A05A39567" name="fwsm1:ethernet1:ip" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface>
<Interface id="id444A05A49567" bridgeport="False" dyn="False" label="inside" mgmt="True" network_zone="id3DAA5110" security_level="100" unnum="False" unprotected="False" name="ethernet0" comment="" ro="False">
<IPv4 id="id444A05A69567" name="fwsm1:ethernet0:ip" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface id="id444A05A79567" bridgeport="False" dyn="False" label="dmz" mgmt="False" network_zone="id3B022266" security_level="50" unnum="False" unprotected="False" name="ethernet2" comment="" ro="False">
<IPv4 id="id444A05A99567" name="fwsm1:ethernet2:ip" comment="" ro="False" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">False</Option>
<Option name="accept_new_tcp_with_no_syn">False</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="check_shading">True</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline">-v</Option>
<Option name="compiler"></Option>
<Option name="conn_hh">1</Option>
<Option name="conn_mm">0</Option>
<Option name="conn_ss">0</Option>
<Option name="ctiqbe_fixup">2 2748 0 nil 0</Option>
<Option name="debug">False</Option>
<Option name="dns_fixup">2 65535 0 nil 0</Option>
<Option name="dyn_addr">False</Option>
<Option name="espike_fixup">2 0 0 nil 0</Option>
<Option name="firewall_dir"></Option>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="ftp_fixup">0 21 0 strict 0</Option>
<Option name="h323_h225_fixup">0 1720 1720 nil 0</Option>
<Option name="h323_hh">0</Option>
<Option name="h323_mm">5</Option>
<Option name="h323_ras_fixup">0 1718 1719 nil 0</Option>
<Option name="h323_ss">0</Option>
<Option name="half-closed_hh">0</Option>
<Option name="half-closed_mm">0</Option>
<Option name="half-closed_ss">0</Option>
<Option name="http_fixup">0 80 80 nil 0</Option>
<Option name="icmp_error_fixup">2 0 0 nil 0</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="ils_fixup">0 389 389 nil 0</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="limit_suffix">/second</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">0</Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">False</Option>
<Option name="log_all_dropped">True</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgcp_fixup">2 2427 2727 nil 0</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_ssh">False</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="openbsd_ip_directed_broadcast">0</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="openbsd_ip_redirect">0</Option>
<Option name="openbsd_ip_sourceroute">0</Option>
<Option name="output_file"></Option>
<Option name="pass_all_out">False</Option>
<Option name="pix_acl_basic">False</Option>
<Option name="pix_acl_no_clear">False</Option>
<Option name="pix_acl_substitution">True</Option>
<Option name="pix_acl_temp_addr">192.168.1.0/24</Option>
<Option name="pix_add_clear_statements">True</Option>
<Option name="pix_assume_fw_part_of_any">True</Option>
<Option name="pix_check_duplicate_nat">False</Option>
<Option name="pix_check_overlapping_global_pools">False</Option>
<Option name="pix_check_overlapping_global_statics">False</Option>
<Option name="pix_check_overlapping_statics">False</Option>
<Option name="pix_check_rule_shading">True</Option>
<Option name="pix_conn_abs">True</Option>
<Option name="pix_conn_hh">1</Option>
<Option name="pix_conn_inact">False</Option>
<Option name="pix_conn_mm">0</Option>
<Option name="pix_conn_ss">0</Option>
<Option name="pix_connection_timewait">True</Option>
<Option name="pix_disable_snmp_agent">False</Option>
<Option name="pix_emb_limit">0</Option>
<Option name="pix_emblem_log_format">False</Option>
<Option name="pix_emulate_out_acl">True</Option>
<Option name="pix_enable_snmp_traps">True</Option>
<Option name="pix_epilog_script"></Option>
<Option name="pix_floodguard">False</Option>
<Option name="pix_fragguard">True</Option>
<Option name="pix_h323_abs">True</Option>
<Option name="pix_h323_hh">0</Option>
<Option name="pix_h323_inact">False</Option>
<Option name="pix_h323_mm">5</Option>
<Option name="pix_h323_ss">0</Option>
<Option name="pix_include_comments">True</Option>
<Option name="pix_ip_address">False</Option>
<Option name="pix_logging_buffered">False</Option>
<Option name="pix_logging_buffered_level">0</Option>
<Option name="pix_logging_console">False</Option>
<Option name="pix_logging_console_level">0</Option>
<Option name="pix_logging_timestamp">False</Option>
<Option name="pix_logging_trap_level">0</Option>
<Option name="pix_max_conns">0</Option>
<Option name="pix_nodnsalias_inbound">True</Option>
<Option name="pix_nodnsalias_outbound">True</Option>
<Option name="pix_ntp1">192.168.1.20</Option>
<Option name="pix_ntp1_pref">True</Option>
<Option name="pix_ntp2"></Option>
<Option name="pix_ntp2_pref">False</Option>
<Option name="pix_ntp3"></Option>
<Option name="pix_ntp3_pref">False</Option>
<Option name="pix_optimize_default_nat">True</Option>
<Option name="pix_prolog_script">
</Option>
<Option name="pix_regroup_commands">False</Option>
<Option name="pix_replace_natted_objects">True</Option>
<Option name="pix_resetinbound">False</Option>
<Option name="pix_resetoutside">False</Option>
<Option name="pix_route_dnat">False</Option>
<Option name="pix_rpc_abs">True</Option>
<Option name="pix_rpc_hh">0</Option>
<Option name="pix_rpc_inact">False</Option>
<Option name="pix_rpc_mm">10</Option>
<Option name="pix_rpc_ss">0</Option>
<Option name="pix_set_communities_from_object_data">True</Option>
<Option name="pix_set_host_name">True</Option>
<Option name="pix_set_sysinfo_from_object_data">True</Option>
<Option name="pix_sip_abs">True</Option>
<Option name="pix_sip_hh">0</Option>
<Option name="pix_sip_inact">False</Option>
<Option name="pix_sip_media_abs">True</Option>
<Option name="pix_sip_media_hh">0</Option>
<Option name="pix_sip_media_inact">False</Option>
<Option name="pix_sip_media_mm">2</Option>
<Option name="pix_sip_media_ss">0</Option>
<Option name="pix_sip_mm">30</Option>
<Option name="pix_sip_ss">0</Option>
<Option name="pix_snmp_poll_traps_1">1</Option>
<Option name="pix_snmp_poll_traps_2">2</Option>
<Option name="pix_snmp_server1">192.168.1.20</Option>
<Option name="pix_snmp_server2">192.168.1.22</Option>
<Option name="pix_ssh_timeout">5</Option>
<Option name="pix_syslog_facility">16</Option>
<Option name="pix_syslog_host">192.168.1.30</Option>
<Option name="pix_syslog_level">error</Option>
<Option name="pix_syslog_queue_size">512</Option>
<Option name="pix_tcpmss">True</Option>
<Option name="pix_tcpmss_value">1380</Option>
<Option name="pix_telnet_timeout">5</Option>
<Option name="pix_uauth_abs">True</Option>
<Option name="pix_uauth_hh">2</Option>
<Option name="pix_uauth_inact">False</Option>
<Option name="pix_uauth_mm">0</Option>
<Option name="pix_uauth_ss">0</Option>
<Option name="pix_udp_abs">True</Option>
<Option name="pix_udp_hh">0</Option>
<Option name="pix_udp_inact">False</Option>
<Option name="pix_udp_mm">2</Option>
<Option name="pix_udp_ss">0</Option>
<Option name="pix_unauth_abs">True</Option>
<Option name="pix_unauth_hh">2</Option>
<Option name="pix_unauth_inact">False</Option>
<Option name="pix_unauth_mm">0</Option>
<Option name="pix_unauth_ss">0</Option>
<Option name="pix_use_acl_remarks">False</Option>
<Option name="pix_xlate_abs">True</Option>
<Option name="pix_xlate_hh">3</Option>
<Option name="pix_xlate_inact">False</Option>
<Option name="pix_xlate_mm">0</Option>
<Option name="pix_xlate_ss">0</Option>
<Option name="platform">iptables</Option>
<Option name="pptp_fixup">2 1723 0 nil 0</Option>
<Option name="rpc_hh">0</Option>
<Option name="rpc_mm">10</Option>
<Option name="rpc_ss">0</Option>
<Option name="rsh_fixup">0 514 0 nil 0</Option>
<Option name="rtsp_fixup">0 554 0 nil 0</Option>
<Option name="script_env_path"></Option>
<Option name="sip_fixup">0 5060 5060 nil 0</Option>
<Option name="sip_hh">0</Option>
<Option name="sip_media_hh">0</Option>
<Option name="sip_media_mm">0</Option>
<Option name="sip_media_ss">0</Option>
<Option name="sip_mm">30</Option>
<Option name="sip_ss">0</Option>
<Option name="sip_udp_fixup">2 5060 0 nil 0</Option>
<Option name="skinny_fixup">0 2000 2000 nil 0</Option>
<Option name="smtp_fixup">0 25 25 nil 0</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sqlnet_fixup">0 1521 1521 nil 0</Option>
<Option name="sshArgs"></Option>
<Option name="ssh_timeout">5</Option>
<Option name="telnet_timeout">5</Option>
<Option name="tftp_fixup">2 69 0 nil 0</Option>
<Option name="uauth_abs">True</Option>
<Option name="uauth_hh">2</Option>
<Option name="uauth_inact">False</Option>
<Option name="uauth_mm">0</Option>
<Option name="uauth_ss">0</Option>
<Option name="udp_hh">0</Option>
<Option name="udp_mm">2</Option>
<Option name="udp_ss">0</Option>
<Option name="use_numeric_log_levels">False</Option>
<Option name="xlate_hh">3</Option>
<Option name="xlate_mm">0</Option>
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id43867C1018346" host_OS="pix_os" inactive="False" lastCompiled="1147841360" lastInstalled="1142003872" lastModified="1147842629" platform="pix" version="6.3" name="firewall33" comment="testing DNSName object" ro="False">
<NAT id="id43867C4818346" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id43867C4918346" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id43867C5818346"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43876E2618346" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id43869E8C18346"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id43867C5818346"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43876E5218346" disabled="True" position="2" comment="rule-time&#10;objects are not supported">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id43869E8D18346"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id43867C5818346"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43876E6918346" disabled="True" position="3" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id43869E8D18346"/>
<ObjectRef ref="id4387287A18346"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id43867C5818346"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43876E7B18346" disabled="True" position="4" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="True">
<ObjectRef ref="id43869E8D18346"/>
<ObjectRef ref="id4387287A18346"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id43867C5818346"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id43867C1618346" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id43867C1718346" action="Deny" direction="Inbound" disabled="False" log="False" position="0" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id43867C5818346"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id43867C5818346"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43867C2418346" action="Accept" direction="Both" disabled="False" log="False" position="1" comment="">
<Src neg="False">
<ObjectRef ref="id43869E8C18346"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id43869E9018346" action="Accept" direction="Both" disabled="True" log="False" position="2" comment="run time objects are not supported">
<Src neg="False">
<ObjectRef ref="id43869E8D18346"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id43869E9E18346" action="Accept" direction="Both" disabled="False" log="False" position="3" comment="">
<Src neg="False">
<ObjectRef ref="id43869E8E18346"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id43869EAA18346" action="Accept" direction="Both" disabled="True" log="False" position="4" comment="">
<Src neg="False">
<ObjectRef ref="id43869E8F18346"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id4386E38318346" action="Deny" direction="Both" disabled="False" log="False" position="5" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id43869E8C18346"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4386E37718346" action="Deny" direction="Both" disabled="True" log="False" position="6" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id43869E8D18346"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43867C3018346" action="Accept" direction="Both" disabled="False" log="False" position="7" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id43869E8E18346"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id4386C10D18346" action="Accept" direction="Both" disabled="True" log="False" position="8" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id43869E8F18346"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id438728A918346" action="Accept" direction="Both" disabled="False" log="False" position="9" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id43869E8C18346"/>
<ObjectRef ref="id4387287918346"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id438728BA18346" action="Accept" direction="Both" disabled="True" log="False" position="10" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id43869E8D18346"/>
<ObjectRef ref="id4387287A18346"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id43867C3C18346" action="Deny" direction="Both" disabled="False" log="True" position="11" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id43867C5718346" name="Routing" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id43867C5818346" bridgeport="False" dyn="True" label="outside" mgmt="False" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="eth0.100" comment="VLAN interface" ro="False"/>
<Interface id="id43867C5C18346" bridgeport="False" dyn="False" label="inside" mgmt="True" network_zone="net-Internal_net" security_level="100" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id43867C5E18346" name="firewall33:eth1:ip" comment="" ro="False" address="192.168.1.100" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.100">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="activationCmd"></Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="bridging_fw">False</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="configure_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="drop_invalid">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="epilog_script"></Option>
<Option name="firewall_dir"></Option>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="limit_suffix">/day</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_accept_redirects"></Option>
<Option name="linux24_accept_source_route"></Option>
<Option name="linux24_icmp_echo_ignore_all"></Option>
<Option name="linux24_icmp_echo_ignore_broadcasts"></Option>
<Option name="linux24_icmp_ignore_bogus_error_responses"></Option>
<Option name="linux24_ip_dynaddr"></Option>
<Option name="linux24_ip_forward"></Option>
<Option name="linux24_log_martians"></Option>
<Option name="linux24_path_ip"></Option>
<Option name="linux24_path_iptables"></Option>
<Option name="linux24_path_logger"></Option>
<Option name="linux24_path_lsmod"></Option>
<Option name="linux24_path_modprobe"></Option>
<Option name="linux24_rp_filter"></Option>
<Option name="linux24_tcp_ecn"></Option>
<Option name="linux24_tcp_fack"></Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="linux24_tcp_sack"></Option>
<Option name="linux24_tcp_syncookies"></Option>
<Option name="linux24_tcp_timestamps"></Option>
<Option name="linux24_tcp_window_scaling"></Option>
<Option name="load_modules">False</Option>
<Option name="local_nat">False</Option>
<Option name="log_all">False</Option>
<Option name="log_all_dropped">False</Option>
<Option name="log_invalid">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix">RULE %N -- %A on %I </Option>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_ssh">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="output_file"></Option>
<Option name="platform">iptables</Option>
<Option name="prolog_place">top</Option>
<Option name="prolog_script"></Option>
<Option name="proxy_arp">False</Option>
<Option name="script_env_path"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sshArgs"></Option>
<Option name="ulog_cprange">0</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="ulog_qthreshold">1</Option>
<Option name="use_ULOG">False</Option>
<Option name="use_ip_tool">False</Option>
<Option name="use_iptables_restore">False</Option>
<Option name="use_numeric_log_levels">False</Option>
<Option name="verify_interfaces">False</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id4389EDAE18346" host_OS="pix_os" inactive="False" lastCompiled="1147840988" lastInstalled="1142003872" lastModified="1147841460" platform="pix" version="6.3" name="firewall34" comment="testing AddressTable object" ro="False">
<NAT id="id4389EE4818346" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id4389EEB018346" disabled="True" position="0" comment="">
<OSrc neg="True">
<ObjectRef ref="id4389EE9118346"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id4389EE8418346"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43891B6E674" disabled="True" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="True">
<ObjectRef ref="id4389EE9118346"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id4389EE8418346"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id4389EDB418346" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id4389EDB518346" action="Accept" direction="Both" disabled="False" log="False" position="0" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id4389EE9018346"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id4390C25825682" action="Deny" direction="Both" disabled="False" log="True" position="1" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id4390C25525682"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4389EDC118346" action="Deny" direction="Both" disabled="False" log="False" position="2" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id4389EE9118346"/>
<ObjectRef ref="id4388C37D674"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43920D5025682" action="Deny" direction="Both" disabled="False" log="False" position="3" comment="">
<Src neg="False">
<ObjectRef ref="id4389EE8418346"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id4389EE9118346"/>
<ObjectRef ref="id4388C37D674"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4388CFF8674" action="Deny" direction="Both" disabled="False" log="True" position="4" comment="">
<Src neg="False">
<ObjectRef ref="id4389EE9118346"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4388C36F674" action="Deny" direction="Both" disabled="False" log="True" position="5" comment="">
<Src neg="False">
<ObjectRef ref="id4389EE9118346"/>
<ObjectRef ref="id4388C37D674"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4388F5A9674" action="Accept" direction="Both" disabled="False" log="False" position="6" comment="">
<Src neg="True">
<ObjectRef ref="id4389EE9118346"/>
<ObjectRef ref="id4388C37D674"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id4392312525682" action="Accept" direction="Both" disabled="False" log="False" position="7" comment="">
<Src neg="False">
<ObjectRef ref="id4389EE8418346"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id4389EE9118346"/>
<ObjectRef ref="id4388C37D674"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id4389EEA118346" action="Accept" direction="Both" disabled="False" log="False" position="8" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id4389EDCD18346" action="Accept" direction="Both" disabled="False" log="False" position="9" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id4389EE3C18346" action="Deny" direction="Both" disabled="False" log="True" position="10" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id4389EE8318346" name="Routing" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id4389EE8418346" bridgeport="False" dyn="True" label="outside" mgmt="False" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="eth0.100" comment="VLAN interface" ro="False"/>
<Interface id="id4389EE8818346" bridgeport="False" dyn="False" label="inside" mgmt="True" network_zone="net-Internal_net" security_level="100" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id4389EE8A18346" name="firewall34:eth1:ip" comment="" ro="False" address="192.168.1.100" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.100">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="activationCmd"></Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="bridging_fw">False</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="configure_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="drop_invalid">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="epilog_script"></Option>
<Option name="firewall_dir"></Option>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="limit_suffix">/day</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_accept_redirects"></Option>
<Option name="linux24_accept_source_route"></Option>
<Option name="linux24_icmp_echo_ignore_all"></Option>
<Option name="linux24_icmp_echo_ignore_broadcasts"></Option>
<Option name="linux24_icmp_ignore_bogus_error_responses"></Option>
<Option name="linux24_ip_dynaddr"></Option>
<Option name="linux24_ip_forward"></Option>
<Option name="linux24_log_martians"></Option>
<Option name="linux24_path_ip"></Option>
<Option name="linux24_path_iptables"></Option>
<Option name="linux24_path_logger"></Option>
<Option name="linux24_path_lsmod"></Option>
<Option name="linux24_path_modprobe"></Option>
<Option name="linux24_rp_filter"></Option>
<Option name="linux24_tcp_ecn"></Option>
<Option name="linux24_tcp_fack"></Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="linux24_tcp_sack"></Option>
<Option name="linux24_tcp_syncookies"></Option>
<Option name="linux24_tcp_timestamps"></Option>
<Option name="linux24_tcp_window_scaling"></Option>
<Option name="load_modules">False</Option>
<Option name="local_nat">False</Option>
<Option name="log_all">False</Option>
<Option name="log_all_dropped">False</Option>
<Option name="log_invalid">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix">RULE %N -- %A on %I </Option>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_ssh">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="output_file"></Option>
<Option name="platform">iptables</Option>
<Option name="prolog_place">top</Option>
<Option name="prolog_script"></Option>
<Option name="proxy_arp">False</Option>
<Option name="script_env_path"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sshArgs"></Option>
<Option name="ulog_cprange">0</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="ulog_qthreshold">1</Option>
<Option name="use_ULOG">False</Option>
<Option name="use_ip_tool">False</Option>
<Option name="use_iptables_restore">False</Option>
<Option name="use_numeric_log_levels">False</Option>
<Option name="verify_interfaces">False</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id45142F6628543" host_OS="pix_os" inactive="False" lastCompiled="1203135478" lastInstalled="0" lastModified="1203135466" platform="pix" version="7.0" name="firewall50" comment="this is simple firewall with two interfaces. Test regular policy rules, including IP_fragments rule. PIX 7.0" ro="False">
<NAT id="id451430AD28543" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id451430AE28543" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id45142F6628543"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id451430BC28543" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id45142F6628543"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id451430CA28543" disabled="False" position="2" comment="">
<OSrc neg="False">
<ObjectRef ref="id3DAA5110"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id45142F6628543"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id451430D828543" disabled="False" position="3" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3B665641"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id451430E628543" disabled="False" position="4" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3D196750"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id451430F428543" disabled="False" position="5" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id45142F6628543"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id47B71DF021818" disabled="False" position="6" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id45142F6628543"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id47B71DEF21818"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id47B71E0621818" disabled="False" position="7" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id4514316928543"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id47B71DEF21818"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id47B71E1B21818" disabled="False" position="8" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id4514316B28543"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id47B71DEF21818"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id4514310228543" disabled="False" position="9" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="net-Internal_net"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFC191C"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id4514311028543" disabled="False" position="10" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id4514311E28543" disabled="False" position="11" comment="">
<OSrc neg="False">
<ObjectRef ref="id3CD87A53"/>
<ObjectRef ref="id3CD87A5E"/>
<ObjectRef ref="id3CD87A6D"/>
<ObjectRef ref="id3CD87A7C"/>
<ObjectRef ref="id3CD87A8B"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id4514313028543" disabled="False" position="12" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id4514313E28543" disabled="False" position="13" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="net-Internal_net"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id4514314C28543" disabled="False" position="14" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="host-hostA"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id4514315A28543" disabled="True" position="15" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id45142F6628543"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B4FF09A"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id45142F6C28543" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id45142F6D28543" action="Deny" direction="Inbound" disabled="False" log="True" position="0" comment="blocking short fragments">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="ip-IP_Fragments"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4514316928543"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id45142F7928543" action="Deny" direction="Inbound" disabled="True" log="True" position="1" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id45142F6628543"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="ip-IP_Fragments"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4514316928543"/>
</Itf>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id45142F8328543" action="Accept" direction="Inbound" disabled="False" log="False" position="2" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-Unreachables"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4514316928543"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id45142F8F28543" action="Accept" direction="Outbound" disabled="False" log="True" position="3" comment="anti-spoofing rule">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id45142F6628543"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4514316928543"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id45142F9C28543" action="Accept" direction="Inbound" disabled="False" log="False" position="4" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id45142F6628543"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4514316C28543"/>
</Itf>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id45142FA628543" action="Accept" direction="Both" disabled="False" log="False" position="5" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-secondary1-com"/>
<ObjectRef ref="host-secondary2-com"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3CD878C8"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4514316C28543"/>
</Itf>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id45142FB128543" action="Deny" direction="Inbound" disabled="False" log="False" position="6" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3B64FFAC"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4514316C28543"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id45142FBD28543" action="Deny" direction="Both" disabled="True" log="True" position="7" comment="this rule, if enabled, shades&#10;some rule below because&#10;of service &quot;any ICMP&quot;">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-TCP-SYN"/>
<ServiceRef ref="id3B58E3F1"/>
<ServiceRef ref="id3C1A5D46"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_value">0</Option>
<Option name="log_limit_suffix"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4520B7DA6873" action="Accept" direction="Both" disabled="False" log="False" position="8" comment="">
<Src neg="False">
<ObjectRef ref="id3D84EECF"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id452039FA6873" action="Accept" direction="Both" disabled="False" log="False" position="9" comment="">
<Src neg="False">
<ObjectRef ref="id3D84EECF"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4514316F28543"/>
<ObjectRef ref="id4514316C28543"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id45142FCB28543" action="Accept" direction="Both" disabled="False" log="False" position="10" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sg-Useful_ICMP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id45142FD728543" action="Accept" direction="Both" disabled="False" log="False" position="11" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3D12CD12"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id45142FE328543" action="Accept" direction="Both" disabled="False" log="True" position="12" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3D0E8383"/>
<ServiceRef ref="id3D116567"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_value">0</Option>
<Option name="log_limit_suffix"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id45142FF028543" action="Deny" direction="Both" disabled="True" log="False" position="13" comment="shades rule #8 below">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3C1A5D46"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id45142FFC28543" action="Accept" direction="Both" disabled="False" log="False" position="14" comment="">
<Src neg="False">
<ObjectRef ref="host-secondary1-com"/>
<ObjectRef ref="host-secondary2-com"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4514300A28543" action="Accept" direction="Both" disabled="False" log="False" position="15" comment="">
<Src neg="False">
<ObjectRef ref="id3BF1B3E1"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D0F7F89"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3B5009F7"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id4514301628543" action="Accept" direction="Both" disabled="False" log="False" position="16" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3D0F7F89"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3B5009F7"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id4514302228543" action="Accept" direction="Both" disabled="False" log="False" position="17" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id45142F6628543"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="icmp-Unreachables"/>
<ServiceRef ref="tcp-SSH"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id4514302F28543" action="Accept" direction="Both" disabled="False" log="False" position="18" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3CD87A9A"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3CD878C8"/>
<ServiceRef ref="id3B5009F7"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4514303C28543" action="Accept" direction="Both" disabled="False" log="False" position="19" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3CD8769F"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3CD878C8"/>
<ServiceRef ref="id3B5009F7"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4514304928543" action="Accept" direction="Both" disabled="False" log="False" position="20" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="net-Internal_net"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3B5009F7"/>
<ServiceRef ref="id3C1A66C9"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4514305628543" action="Accept" direction="Both" disabled="False" log="False" position="21" comment="objects hostA and hostB are&#10;redundant and should be removed by&#10; removeRedundantAddressesFromDst">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3CB131C4"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4514306428543" action="Accept" direction="Both" disabled="False" log="False" position="22" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id431BD5EE"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id4514307028543" action="Accept" direction="Both" disabled="True" log="False" position="23" comment="rules 12 and 13 can be&#10;used to test shading">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="net-Internal_net"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4514307C28543" action="Accept" direction="Both" disabled="True" log="False" position="24" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3B3D5A3B"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4514308828543" action="Accept" direction="Both" disabled="False" log="True" position="25" comment="">
<Src neg="False">
<ObjectRef ref="id45142F6628543"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id45142F6628543"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id453F3A0010039" action="Accept" direction="Outbound" disabled="False" log="False" position="26" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id4514309428543" action="Accept" direction="Both" disabled="False" log="False" position="27" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id45142F6628543"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id451430A128543" action="Deny" direction="Both" disabled="False" log="True" position="28" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_limit_suffix"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id4514316828543" name="Routing" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id4514316928543" bridgeport="False" dyn="False" label="outside" mgmt="False" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="ethernet1" comment="" ro="False">
<IPv4 id="id4514316B28543" name="firewall50:ethernet1:ip" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface>
<Interface id="id4514316C28543" bridgeport="False" dyn="False" label="inside" mgmt="True" network_zone="id3DAA5110" security_level="100" unnum="False" unprotected="False" name="ethernet0" comment="" ro="False">
<IPv4 id="id4514316E28543" name="firewall50:ethernet0:ip" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface id="id4514316F28543" bridgeport="False" dyn="False" label="dmz" mgmt="False" network_zone="id3B022266" security_level="50" unnum="False" unprotected="False" name="ethernet2" comment="" ro="False">
<IPv4 id="id4514317128543" name="firewall50:ethernet2:ip" comment="" ro="False" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">False</Option>
<Option name="accept_new_tcp_with_no_syn">False</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline">-v</Option>
<Option name="compiler"></Option>
<Option name="conn_hh">1</Option>
<Option name="conn_mm">0</Option>
<Option name="conn_ss">0</Option>
<Option name="ctiqbe_fixup">2 2748 0 nil 0</Option>
<Option name="debug">False</Option>
<Option name="dns_fixup">2 65535 0 nil 0</Option>
<Option name="dyn_addr">False</Option>
<Option name="espike_fixup">2 0 0 nil 0</Option>
<Option name="firewall_dir"></Option>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="ftp_fixup">0 21 0 strict 0</Option>
<Option name="h323_h225_fixup">0 1720 1720 nil 0</Option>
<Option name="h323_hh">0</Option>
<Option name="h323_mm">5</Option>
<Option name="h323_ras_fixup">0 1718 1719 nil 0</Option>
<Option name="h323_ss">0</Option>
<Option name="half-closed_hh">0</Option>
<Option name="half-closed_mm">0</Option>
<Option name="half-closed_ss">0</Option>
<Option name="http_fixup">0 80 80 nil 0</Option>
<Option name="icmp_error_fixup">2 0 0 nil 0</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="ils_fixup">0 389 389 nil 0</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="limit_suffix">/second</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">0</Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">False</Option>
<Option name="log_all_dropped">True</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgcp_fixup">2 2427 2727 nil 0</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_ssh">False</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="openbsd_ip_directed_broadcast">0</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="openbsd_ip_redirect">0</Option>
<Option name="openbsd_ip_sourceroute">0</Option>
<Option name="output_file"></Option>
<Option name="pass_all_out">False</Option>
<Option name="pix_acl_basic">False</Option>
<Option name="pix_acl_no_clear">False</Option>
<Option name="pix_acl_substitution">True</Option>
<Option name="pix_acl_temp_addr">192.168.1.0/24</Option>
<Option name="pix_add_clear_statements">True</Option>
<Option name="pix_assume_fw_part_of_any">True</Option>
<Option name="pix_check_duplicate_nat">False</Option>
<Option name="pix_check_overlapping_global_pools">False</Option>
<Option name="pix_check_overlapping_global_statics">False</Option>
<Option name="pix_check_overlapping_statics">False</Option>
<Option name="pix_check_rule_shading">True</Option>
<Option name="pix_conn_abs">True</Option>
<Option name="pix_conn_hh">1</Option>
<Option name="pix_conn_inact">False</Option>
<Option name="pix_conn_mm">0</Option>
<Option name="pix_conn_ss">0</Option>
<Option name="pix_connection_timewait">True</Option>
<Option name="pix_disable_snmp_agent">False</Option>
<Option name="pix_emb_limit">0</Option>
<Option name="pix_emblem_log_format">False</Option>
<Option name="pix_emulate_out_acl">True</Option>
<Option name="pix_enable_snmp_traps">True</Option>
<Option name="pix_epilog_script"></Option>
<Option name="pix_floodguard">False</Option>
<Option name="pix_fragguard">True</Option>
<Option name="pix_generate_out_acl">False</Option>
<Option name="pix_h323_abs">True</Option>
<Option name="pix_h323_hh">0</Option>
<Option name="pix_h323_inact">False</Option>
<Option name="pix_h323_mm">5</Option>
<Option name="pix_h323_ss">0</Option>
<Option name="pix_include_comments">True</Option>
<Option name="pix_ip_address">False</Option>
<Option name="pix_logging_buffered">False</Option>
<Option name="pix_logging_buffered_level">0</Option>
<Option name="pix_logging_console">False</Option>
<Option name="pix_logging_console_level">0</Option>
<Option name="pix_logging_timestamp">False</Option>
<Option name="pix_logging_trap_level">0</Option>
<Option name="pix_max_conns">0</Option>
<Option name="pix_nodnsalias_inbound">True</Option>
<Option name="pix_nodnsalias_outbound">True</Option>
<Option name="pix_ntp1">192.168.1.20</Option>
<Option name="pix_ntp1_pref">True</Option>
<Option name="pix_ntp2"></Option>
<Option name="pix_ntp2_pref">False</Option>
<Option name="pix_ntp3"></Option>
<Option name="pix_ntp3_pref">False</Option>
<Option name="pix_optimize_default_nat">True</Option>
<Option name="pix_prolog_script">
</Option>
<Option name="pix_regroup_commands">False</Option>
<Option name="pix_replace_natted_objects">True</Option>
<Option name="pix_resetinbound">False</Option>
<Option name="pix_resetoutside">False</Option>
<Option name="pix_route_dnat">False</Option>
<Option name="pix_rpc_abs">True</Option>
<Option name="pix_rpc_hh">0</Option>
<Option name="pix_rpc_inact">False</Option>
<Option name="pix_rpc_mm">10</Option>
<Option name="pix_rpc_ss">0</Option>
<Option name="pix_set_communities_from_object_data">True</Option>
<Option name="pix_set_host_name">True</Option>
<Option name="pix_set_sysinfo_from_object_data">True</Option>
<Option name="pix_sip_abs">True</Option>
<Option name="pix_sip_hh">0</Option>
<Option name="pix_sip_inact">False</Option>
<Option name="pix_sip_media_abs">True</Option>
<Option name="pix_sip_media_hh">0</Option>
<Option name="pix_sip_media_inact">False</Option>
<Option name="pix_sip_media_mm">2</Option>
<Option name="pix_sip_media_ss">0</Option>
<Option name="pix_sip_mm">30</Option>
<Option name="pix_sip_ss">0</Option>
<Option name="pix_snmp_poll_traps_1">1</Option>
<Option name="pix_snmp_poll_traps_2">2</Option>
<Option name="pix_snmp_server1">192.168.1.20</Option>
<Option name="pix_snmp_server2">192.168.1.22</Option>
<Option name="pix_ssh_timeout">5</Option>
<Option name="pix_syslog_device_id_opt"></Option>
<Option name="pix_syslog_device_id_val"></Option>
<Option name="pix_syslog_facility">16</Option>
<Option name="pix_syslog_host">192.168.1.30</Option>
<Option name="pix_syslog_level">error</Option>
<Option name="pix_syslog_queue_size">512</Option>
<Option name="pix_tcpmss">True</Option>
<Option name="pix_tcpmss_value">1380</Option>
<Option name="pix_telnet_timeout">5</Option>
<Option name="pix_uauth_abs">True</Option>
<Option name="pix_uauth_hh">2</Option>
<Option name="pix_uauth_inact">False</Option>
<Option name="pix_uauth_mm">0</Option>
<Option name="pix_uauth_ss">0</Option>
<Option name="pix_udp_abs">True</Option>
<Option name="pix_udp_hh">0</Option>
<Option name="pix_udp_inact">False</Option>
<Option name="pix_udp_mm">2</Option>
<Option name="pix_udp_ss">0</Option>
<Option name="pix_unauth_abs">True</Option>
<Option name="pix_unauth_hh">2</Option>
<Option name="pix_unauth_inact">False</Option>
<Option name="pix_unauth_mm">0</Option>
<Option name="pix_unauth_ss">0</Option>
<Option name="pix_use_acl_remarks">False</Option>
<Option name="pix_use_manual_commit">False</Option>
<Option name="pix_xlate_abs">True</Option>
<Option name="pix_xlate_hh">3</Option>
<Option name="pix_xlate_inact">False</Option>
<Option name="pix_xlate_mm">0</Option>
<Option name="pix_xlate_ss">0</Option>
<Option name="platform">iptables</Option>
<Option name="pptp_fixup">2 1723 0 nil 0</Option>
<Option name="rpc_hh">0</Option>
<Option name="rpc_mm">10</Option>
<Option name="rpc_ss">0</Option>
<Option name="rsh_fixup">0 514 0 nil 0</Option>
<Option name="rtsp_fixup">0 554 0 nil 0</Option>
<Option name="script_env_path"></Option>
<Option name="sip_fixup">0 5060 5060 nil 0</Option>
<Option name="sip_hh">0</Option>
<Option name="sip_media_hh">0</Option>
<Option name="sip_media_mm">0</Option>
<Option name="sip_media_ss">0</Option>
<Option name="sip_mm">30</Option>
<Option name="sip_ss">0</Option>
<Option name="sip_udp_fixup">2 5060 0 nil 0</Option>
<Option name="skinny_fixup">0 2000 2000 nil 0</Option>
<Option name="smtp_fixup">0 25 25 nil 0</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sqlnet_fixup">0 1521 1521 nil 0</Option>
<Option name="sshArgs"></Option>
<Option name="ssh_timeout">5</Option>
<Option name="telnet_timeout">5</Option>
<Option name="tftp_fixup">2 69 0 nil 0</Option>
<Option name="uauth_abs">True</Option>
<Option name="uauth_hh">2</Option>
<Option name="uauth_inact">False</Option>
<Option name="uauth_mm">0</Option>
<Option name="uauth_ss">0</Option>
<Option name="udp_hh">0</Option>
<Option name="udp_mm">2</Option>
<Option name="udp_ss">0</Option>
<Option name="use_numeric_log_levels">False</Option>
<Option name="xlate_hh">3</Option>
<Option name="xlate_mm">0</Option>
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id4528A4F320039" host_OS="pix_os" inactive="False" lastCompiled="1145688339" lastInstalled="0" lastModified="1160339655" platform="pix" version="6.3" name="firewall20" comment="testing outbound ACLs&#10;v6.3, emulation of outbound ACLs is on&#10;" ro="False">
<NAT id="id4528A51E20039" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id4528A51F20039" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id4528A58320039"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id4528A54A20039" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id4528A58320039"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id4528A55820039" disabled="False" position="2" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id4528A58320039"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D420521"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id4528A56620039" disabled="False" position="3" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="net-Internal_net"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id4528A58920039"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id4528A57420039" disabled="False" position="4" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id4528A58620039"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id4528A4F920039" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id4528A4FA20039" action="Accept" disabled="False" log="False" position="0" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id4528A50620039" action="Accept" direction="Outbound" disabled="False" log="False" position="1" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id4528A59120039" action="Accept" direction="Outbound" disabled="False" log="False" position="2" comment="">
<Src neg="False">
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id4528A5B020039" action="Accept" direction="Inbound" disabled="False" log="False" position="3" comment="dmz -&gt; intnet">
<Src neg="False">
<ObjectRef ref="id3D1BFABC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4528A58620039"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id4528A5A020039" action="Accept" direction="Outbound" disabled="False" log="False" position="4" comment="dmz -&gt; intnet">
<Src neg="False">
<ObjectRef ref="id3D1BFABC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4528A58920039"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id4528BB8A20039" action="Accept" direction="Both" disabled="False" log="False" position="5" comment="dmz -&gt; intnet">
<Src neg="False">
<ObjectRef ref="id3D1BFABC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4528A58620039"/>
<ObjectRef ref="id4528A58920039"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id452912BE20039" action="Deny" direction="Inbound" disabled="False" log="True" position="6" comment="">
<Src neg="False">
<ObjectRef ref="id4528A4F320039"/>
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4528A58320039"/>
<ObjectRef ref="id4528A58620039"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529289320039" action="Accept" direction="Outbound" disabled="False" log="False" position="7" comment="">
<Src neg="False">
<ObjectRef ref="id4528A4F320039"/>
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4528A58320039"/>
<ObjectRef ref="id4528A58620039"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id4528A51220039" action="Deny" disabled="False" log="False" position="8" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id4528A58220039" name="Routing" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id4528A58320039" bridgeport="False" dyn="False" label="outside" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id4528A58520039" name="firewall20:eth0:ip" comment="" ro="False" address="10.5.70.20" netmask="255.255.240.0"/>
</Interface>
<Interface id="id4528A58620039" bridgeport="False" dyn="False" label="dmz" network_zone="id3D420A09" security_level="50" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id4528A58820039" name="firewall20:eth1:ip" comment="" ro="False" address="192.168.2.20" netmask="255.255.255.0"/>
</Interface>
<Interface id="id4528A58920039" bridgeport="False" dyn="False" label="inside" mgmt="True" network_zone="id3D420A0B" security_level="100" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<IPv4 id="id4528A58B20039" name="firewall20:eth2:ip" comment="" ro="False" address="192.168.1.20" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.20">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="check_shading">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="conn_hh">1</Option>
<Option name="conn_mm">0</Option>
<Option name="conn_ss">0</Option>
<Option name="ctiqbe_fixup">2 2748 0 nil 0</Option>
<Option name="dns_fixup">2 65535 0 nil 0</Option>
<Option name="dyn_addr">False</Option>
<Option name="espike_fixup">2 0 0 nil 0</Option>
<Option name="ftp_fixup">0 21 0 strict 0</Option>
<Option name="h323_h225_fixup">2 1720 1720 nil 0</Option>
<Option name="h323_hh">0</Option>
<Option name="h323_mm">5</Option>
<Option name="h323_ras_fixup">2 1718 1719 nil 0</Option>
<Option name="h323_ss">0</Option>
<Option name="half-closed_hh">0</Option>
<Option name="half-closed_mm">0</Option>
<Option name="half-closed_ss">0</Option>
<Option name="half_closed_hh">0</Option>
<Option name="half_closed_mm">10</Option>
<Option name="half_closed_ss">0</Option>
<Option name="http_fixup">2 80 80 nil 0</Option>
<Option name="icmp_error_fixup">2 0 0 nil 0</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="ils_fixup">2 389 389 nil 0</Option>
<Option name="mgcp_fixup">2 2427 2727 nil 0</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_ssh">False</Option>
<Option name="output_file"></Option>
<Option name="pix_acl_basic">False</Option>
<Option name="pix_acl_no_clear">True</Option>
<Option name="pix_acl_substitution">False</Option>
<Option name="pix_acl_temp_addr"></Option>
<Option name="pix_add_clear_statements">False</Option>
<Option name="pix_assume_fw_part_of_any">False</Option>
<Option name="pix_check_duplicate_nat">False</Option>
<Option name="pix_check_overlapping_global_pools">True</Option>
<Option name="pix_check_overlapping_global_statics">True</Option>
<Option name="pix_check_overlapping_statics">True</Option>
<Option name="pix_check_rule_shading">True</Option>
<Option name="pix_conn_abs">True</Option>
<Option name="pix_conn_hh">1</Option>
<Option name="pix_conn_inact">False</Option>
<Option name="pix_conn_mm">0</Option>
<Option name="pix_conn_ss">0</Option>
<Option name="pix_connection_timewait">False</Option>
<Option name="pix_emb_limit">0</Option>
<Option name="pix_emblem_log_format">False</Option>
<Option name="pix_emulate_out_acl">True</Option>
<Option name="pix_epilog_script"></Option>
<Option name="pix_floodguard">True</Option>
<Option name="pix_fragguard">True</Option>
<Option name="pix_generate_out_acl">False</Option>
<Option name="pix_h323_abs">True</Option>
<Option name="pix_h323_hh">0</Option>
<Option name="pix_h323_inact">False</Option>
<Option name="pix_h323_mm">5</Option>
<Option name="pix_h323_ss">0</Option>
<Option name="pix_include_comments">True</Option>
<Option name="pix_ip_address">False</Option>
<Option name="pix_logging_buffered">False</Option>
<Option name="pix_logging_buffered_level">0</Option>
<Option name="pix_logging_console">False</Option>
<Option name="pix_logging_console_level">0</Option>
<Option name="pix_logging_timestamp">False</Option>
<Option name="pix_logging_trap_level">0</Option>
<Option name="pix_max_conns">0</Option>
<Option name="pix_nodnsalias_inbound">False</Option>
<Option name="pix_nodnsalias_outbound">False</Option>
<Option name="pix_optimize_default_nat">False</Option>
<Option name="pix_prolog_script">
no sysopt connection timewait
no sysopt security fragguard
no sysopt nodnsalias inbound
no sysopt nodnsalias outbound
</Option>
<Option name="pix_regroup_commands">False</Option>
<Option name="pix_replace_natted_objects">False</Option>
<Option name="pix_resetinbound">False</Option>
<Option name="pix_resetoutside">False</Option>
<Option name="pix_route_dnat">True</Option>
<Option name="pix_rpc_abs">True</Option>
<Option name="pix_rpc_hh">0</Option>
<Option name="pix_rpc_inact">False</Option>
<Option name="pix_rpc_mm">10</Option>
<Option name="pix_rpc_ss">0</Option>
<Option name="pix_set_host_name">False</Option>
<Option name="pix_sip_abs">True</Option>
<Option name="pix_sip_hh">0</Option>
<Option name="pix_sip_inact">False</Option>
<Option name="pix_sip_media_abs">True</Option>
<Option name="pix_sip_media_hh">0</Option>
<Option name="pix_sip_media_inact">False</Option>
<Option name="pix_sip_media_mm">2</Option>
<Option name="pix_sip_media_ss">0</Option>
<Option name="pix_sip_mm">30</Option>
<Option name="pix_sip_ss">0</Option>
<Option name="pix_ssh_timeout">5</Option>
<Option name="pix_syslog_facility"></Option>
<Option name="pix_syslog_host"></Option>
<Option name="pix_syslog_queue_size">0</Option>
<Option name="pix_telnet_timeout">5</Option>
<Option name="pix_uauth_abs">True</Option>
<Option name="pix_uauth_hh">2</Option>
<Option name="pix_uauth_inact">False</Option>
<Option name="pix_uauth_mm">0</Option>
<Option name="pix_uauth_ss">0</Option>
<Option name="pix_udp_abs">True</Option>
<Option name="pix_udp_hh">0</Option>
<Option name="pix_udp_inact">False</Option>
<Option name="pix_udp_mm">2</Option>
<Option name="pix_udp_ss">0</Option>
<Option name="pix_use_acl_remarks">False</Option>
<Option name="pix_use_manual_commit">False</Option>
<Option name="pix_xlate_abs">True</Option>
<Option name="pix_xlate_hh">3</Option>
<Option name="pix_xlate_inact">False</Option>
<Option name="pix_xlate_mm">0</Option>
<Option name="pix_xlate_ss">0</Option>
<Option name="pptp_fixup">2 1723 0 nil 0</Option>
<Option name="rpc_hh">0</Option>
<Option name="rpc_mm">10</Option>
<Option name="rpc_ss">0</Option>
<Option name="rsh_fixup">2 514 0 nil 0</Option>
<Option name="rtsp_fixup">2 554 0 nil 0</Option>
<Option name="sip_fixup">2 5060 5060 nil 0</Option>
<Option name="sip_hh">0</Option>
<Option name="sip_media_hh">0</Option>
<Option name="sip_media_mm">2</Option>
<Option name="sip_media_ss">0</Option>
<Option name="sip_mm">30</Option>
<Option name="sip_ss">0</Option>
<Option name="sip_udp_fixup">2 5060 0 nil 0</Option>
<Option name="skinny_fixup">2 2000 2000 nil 0</Option>
<Option name="smtp_fixup">2 25 25 nil 0</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sqlnet_fixup">2 1521 1521 nil 0</Option>
<Option name="sshArgs"></Option>
<Option name="ssh_timeout">5</Option>
<Option name="telnet_timeout">5</Option>
<Option name="tftp_fixup">2 69 0 nil 0</Option>
<Option name="uauth_abs">True</Option>
<Option name="uauth_hh">2</Option>
<Option name="uauth_inact">False</Option>
<Option name="uauth_mm">0</Option>
<Option name="uauth_ss">0</Option>
<Option name="udp_hh">0</Option>
<Option name="udp_mm">2</Option>
<Option name="udp_ss">0</Option>
<Option name="xlate_hh">3</Option>
<Option name="xlate_mm">0</Option>
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id45293E7B20039" host_OS="pix_os" inactive="False" lastCompiled="1145688339" lastInstalled="0" lastModified="1160361277" platform="pix" version="7.0" name="firewall21" comment="testing outbound ACLs&#10;&#10;v7.0, outbound ACLs are supported&#10;&#10;option 'generate outbound acls' is OFF" ro="False">
<NAT id="id45293EF420039" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id45293EF520039" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id45293F3C20039"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id45293F0320039" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id45293F3C20039"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id45293F1120039" disabled="False" position="2" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id45293F3C20039"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D420521"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id45293F1F20039" disabled="False" position="3" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="net-Internal_net"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id45293F4220039"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id45293F2D20039" disabled="False" position="4" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id45293F3F20039"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id45293E8120039" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id45293E8220039" action="Accept" disabled="False" log="False" position="0" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id452955F920039" action="Accept" direction="Inbound" disabled="False" log="False" position="1" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529560A20039" action="Accept" direction="Outbound" disabled="False" log="False" position="2" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id452955E820039" action="Accept" direction="Both" disabled="False" log="False" position="3" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id45293E8E20039" action="Accept" direction="Inbound" disabled="False" log="False" position="4" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529561B20039" action="Accept" direction="Outbound" disabled="False" log="False" position="5" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id45293E9A20039" action="Accept" direction="Both" disabled="False" log="False" position="6" comment="">
<Src neg="False">
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id45296CFA20039" action="Accept" direction="Inbound" disabled="False" log="False" position="7" comment="">
<Src neg="False">
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id45296D0B20039" action="Accept" direction="Outbound" disabled="False" log="False" position="8" comment="">
<Src neg="False">
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529840220039" action="Accept" direction="Both" disabled="False" log="False" position="9" comment="">
<Src neg="False">
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529841320039" action="Accept" direction="Inbound" disabled="False" log="False" position="10" comment="">
<Src neg="False">
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529842420039" action="Accept" direction="Outbound" disabled="False" log="False" position="11" comment="">
<Src neg="False">
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id45299B4220039" action="Accept" direction="Both" disabled="False" log="False" position="12" comment="dmz -&gt; intnet">
<Src neg="False">
<ObjectRef ref="id3D1BFABC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id45293F3F20039"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id45293EA620039" action="Accept" direction="Inbound" disabled="False" log="False" position="13" comment="dmz -&gt; intnet">
<Src neg="False">
<ObjectRef ref="id3D1BFABC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id45293F3F20039"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id45299B5320039" action="Accept" direction="Outbound" disabled="False" log="False" position="14" comment="dmz -&gt; intnet">
<Src neg="False">
<ObjectRef ref="id3D1BFABC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id45293F3F20039"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id45299B7520039" action="Accept" direction="Both" disabled="False" log="False" position="15" comment="dmz -&gt; intnet">
<Src neg="False">
<ObjectRef ref="id3D1BFABC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id45293F4220039"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id45293EB220039" action="Accept" direction="Inbound" disabled="False" log="False" position="16" comment="dmz -&gt; intnet">
<Src neg="False">
<ObjectRef ref="id3D1BFABC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id45293F4220039"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id45299B6420039" action="Accept" direction="Outbound" disabled="False" log="False" position="17" comment="dmz -&gt; intnet">
<Src neg="False">
<ObjectRef ref="id3D1BFABC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id45293F4220039"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id45293EBE20039" action="Accept" direction="Both" disabled="False" log="False" position="18" comment="dmz -&gt; intnet">
<Src neg="False">
<ObjectRef ref="id3D1BFABC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id45293F3F20039"/>
<ObjectRef ref="id45293F4220039"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id45293ECB20039" action="Deny" direction="Inbound" disabled="False" log="True" position="19" comment="">
<Src neg="False">
<ObjectRef ref="id45293E7B20039"/>
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id45293F3C20039"/>
<ObjectRef ref="id45293F3F20039"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id45293ED920039" action="Accept" direction="Outbound" disabled="False" log="False" position="20" comment="">
<Src neg="False">
<ObjectRef ref="id45293E7B20039"/>
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id45293F3C20039"/>
<ObjectRef ref="id45293F3F20039"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id45293EE820039" action="Deny" disabled="False" log="False" position="21" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id45293F3B20039" name="Routing" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id45293F3C20039" bridgeport="False" dyn="False" label="outside" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id45293F3E20039" name="firewall21:eth0:ip" comment="" ro="False" address="10.5.70.20" netmask="255.255.240.0"/>
</Interface>
<Interface id="id45293F3F20039" bridgeport="False" dyn="False" label="dmz" network_zone="id3D420A09" security_level="50" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id45293F4120039" name="firewall21:eth1:ip" comment="" ro="False" address="192.168.2.20" netmask="255.255.255.0"/>
</Interface>
<Interface id="id45293F4220039" bridgeport="False" dyn="False" label="inside" mgmt="True" network_zone="id3D420A0B" security_level="100" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<IPv4 id="id45293F4420039" name="firewall21:eth2:ip" comment="" ro="False" address="192.168.1.20" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.20">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="check_shading">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="conn_hh">1</Option>
<Option name="conn_mm">0</Option>
<Option name="conn_ss">0</Option>
<Option name="ctiqbe_fixup">2 2748 0 nil 0</Option>
<Option name="dns_fixup">2 65535 0 nil 0</Option>
<Option name="dyn_addr">False</Option>
<Option name="espike_fixup">2 0 0 nil 0</Option>
<Option name="ftp_fixup">0 21 0 strict 0</Option>
<Option name="h323_h225_fixup">2 1720 1720 nil 0</Option>
<Option name="h323_hh">0</Option>
<Option name="h323_mm">5</Option>
<Option name="h323_ras_fixup">2 1718 1719 nil 0</Option>
<Option name="h323_ss">0</Option>
<Option name="half-closed_hh">0</Option>
<Option name="half-closed_mm">0</Option>
<Option name="half-closed_ss">0</Option>
<Option name="half_closed_hh">0</Option>
<Option name="half_closed_mm">10</Option>
<Option name="half_closed_ss">0</Option>
<Option name="http_fixup">2 80 80 nil 0</Option>
<Option name="icmp_error_fixup">2 0 0 nil 0</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="ils_fixup">2 389 389 nil 0</Option>
<Option name="mgcp_fixup">2 2427 2727 nil 0</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_ssh">False</Option>
<Option name="output_file"></Option>
<Option name="pix_acl_basic">False</Option>
<Option name="pix_acl_no_clear">True</Option>
<Option name="pix_acl_substitution">False</Option>
<Option name="pix_acl_temp_addr"></Option>
<Option name="pix_add_clear_statements">False</Option>
<Option name="pix_assume_fw_part_of_any">False</Option>
<Option name="pix_check_duplicate_nat">False</Option>
<Option name="pix_check_overlapping_global_pools">True</Option>
<Option name="pix_check_overlapping_global_statics">True</Option>
<Option name="pix_check_overlapping_statics">True</Option>
<Option name="pix_check_rule_shading">True</Option>
<Option name="pix_conn_abs">True</Option>
<Option name="pix_conn_hh">1</Option>
<Option name="pix_conn_inact">False</Option>
<Option name="pix_conn_mm">0</Option>
<Option name="pix_conn_ss">0</Option>
<Option name="pix_connection_timewait">False</Option>
<Option name="pix_emb_limit">0</Option>
<Option name="pix_emblem_log_format">False</Option>
<Option name="pix_emulate_out_acl">True</Option>
<Option name="pix_epilog_script"></Option>
<Option name="pix_floodguard">True</Option>
<Option name="pix_fragguard">True</Option>
<Option name="pix_generate_out_acl">False</Option>
<Option name="pix_h323_abs">True</Option>
<Option name="pix_h323_hh">0</Option>
<Option name="pix_h323_inact">False</Option>
<Option name="pix_h323_mm">5</Option>
<Option name="pix_h323_ss">0</Option>
<Option name="pix_include_comments">True</Option>
<Option name="pix_ip_address">False</Option>
<Option name="pix_logging_buffered">False</Option>
<Option name="pix_logging_buffered_level">0</Option>
<Option name="pix_logging_console">False</Option>
<Option name="pix_logging_console_level">0</Option>
<Option name="pix_logging_timestamp">False</Option>
<Option name="pix_logging_trap_level">0</Option>
<Option name="pix_max_conns">0</Option>
<Option name="pix_nodnsalias_inbound">False</Option>
<Option name="pix_nodnsalias_outbound">False</Option>
<Option name="pix_optimize_default_nat">False</Option>
<Option name="pix_prolog_script">
no sysopt connection timewait
no sysopt security fragguard
no sysopt nodnsalias inbound
no sysopt nodnsalias outbound
</Option>
<Option name="pix_regroup_commands">False</Option>
<Option name="pix_replace_natted_objects">False</Option>
<Option name="pix_resetinbound">False</Option>
<Option name="pix_resetoutside">False</Option>
<Option name="pix_route_dnat">True</Option>
<Option name="pix_rpc_abs">True</Option>
<Option name="pix_rpc_hh">0</Option>
<Option name="pix_rpc_inact">False</Option>
<Option name="pix_rpc_mm">10</Option>
<Option name="pix_rpc_ss">0</Option>
<Option name="pix_set_host_name">False</Option>
<Option name="pix_sip_abs">True</Option>
<Option name="pix_sip_hh">0</Option>
<Option name="pix_sip_inact">False</Option>
<Option name="pix_sip_media_abs">True</Option>
<Option name="pix_sip_media_hh">0</Option>
<Option name="pix_sip_media_inact">False</Option>
<Option name="pix_sip_media_mm">2</Option>
<Option name="pix_sip_media_ss">0</Option>
<Option name="pix_sip_mm">30</Option>
<Option name="pix_sip_ss">0</Option>
<Option name="pix_ssh_timeout">5</Option>
<Option name="pix_syslog_facility"></Option>
<Option name="pix_syslog_host"></Option>
<Option name="pix_syslog_queue_size">0</Option>
<Option name="pix_telnet_timeout">5</Option>
<Option name="pix_uauth_abs">True</Option>
<Option name="pix_uauth_hh">2</Option>
<Option name="pix_uauth_inact">False</Option>
<Option name="pix_uauth_mm">0</Option>
<Option name="pix_uauth_ss">0</Option>
<Option name="pix_udp_abs">True</Option>
<Option name="pix_udp_hh">0</Option>
<Option name="pix_udp_inact">False</Option>
<Option name="pix_udp_mm">2</Option>
<Option name="pix_udp_ss">0</Option>
<Option name="pix_use_acl_remarks">False</Option>
<Option name="pix_use_manual_commit">False</Option>
<Option name="pix_xlate_abs">True</Option>
<Option name="pix_xlate_hh">3</Option>
<Option name="pix_xlate_inact">False</Option>
<Option name="pix_xlate_mm">0</Option>
<Option name="pix_xlate_ss">0</Option>
<Option name="pptp_fixup">2 1723 0 nil 0</Option>
<Option name="rpc_hh">0</Option>
<Option name="rpc_mm">10</Option>
<Option name="rpc_ss">0</Option>
<Option name="rsh_fixup">2 514 0 nil 0</Option>
<Option name="rtsp_fixup">2 554 0 nil 0</Option>
<Option name="sip_fixup">2 5060 5060 nil 0</Option>
<Option name="sip_hh">0</Option>
<Option name="sip_media_hh">0</Option>
<Option name="sip_media_mm">2</Option>
<Option name="sip_media_ss">0</Option>
<Option name="sip_mm">30</Option>
<Option name="sip_ss">0</Option>
<Option name="sip_udp_fixup">2 5060 0 nil 0</Option>
<Option name="skinny_fixup">2 2000 2000 nil 0</Option>
<Option name="smtp_fixup">2 25 25 nil 0</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sqlnet_fixup">2 1521 1521 nil 0</Option>
<Option name="sshArgs"></Option>
<Option name="ssh_timeout">5</Option>
<Option name="telnet_timeout">5</Option>
<Option name="tftp_fixup">2 69 0 nil 0</Option>
<Option name="uauth_abs">True</Option>
<Option name="uauth_hh">2</Option>
<Option name="uauth_inact">False</Option>
<Option name="uauth_mm">0</Option>
<Option name="uauth_ss">0</Option>
<Option name="udp_hh">0</Option>
<Option name="udp_mm">2</Option>
<Option name="udp_ss">0</Option>
<Option name="xlate_hh">3</Option>
<Option name="xlate_mm">0</Option>
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id4529E33F16799" host_OS="pix_os" inactive="False" lastCompiled="1145688339" lastInstalled="0" lastModified="1161751631" platform="pix" version="7.0" name="firewall22" comment="testing outbound ACLs&#10;v7.0, outbound ACLs are supported&#10;option 'generate outbound acls' is ON" ro="False">
<NAT id="id4529E45416799" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id4529E45516799" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id4529E49C16799"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id4529E46316799" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id4529E49C16799"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id4529E47116799" disabled="False" position="2" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id4529E49C16799"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D420521"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id4529E47F16799" disabled="False" position="3" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="net-Internal_net"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id4529E4A216799"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id4529E48D16799" disabled="False" position="4" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id4529E49F16799"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id4529E34516799" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id4529E34616799" action="Accept" disabled="False" log="False" position="0" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529E35216799" action="Accept" direction="Inbound" disabled="False" log="False" position="1" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529E35E16799" action="Accept" direction="Outbound" disabled="False" log="False" position="2" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529E36A16799" action="Accept" direction="Both" disabled="False" log="False" position="3" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529E37616799" action="Accept" direction="Inbound" disabled="False" log="False" position="4" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529E38216799" action="Accept" direction="Outbound" disabled="False" log="False" position="5" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529E38E16799" action="Accept" direction="Both" disabled="False" log="False" position="6" comment="">
<Src neg="False">
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529E39A16799" action="Accept" direction="Inbound" disabled="False" log="False" position="7" comment="">
<Src neg="False">
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529E3A616799" action="Accept" direction="Outbound" disabled="False" log="False" position="8" comment="">
<Src neg="False">
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529E3B216799" action="Accept" direction="Both" disabled="False" log="False" position="9" comment="">
<Src neg="False">
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529E3BE16799" action="Accept" direction="Inbound" disabled="False" log="False" position="10" comment="">
<Src neg="False">
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529E3CA16799" action="Accept" direction="Outbound" disabled="False" log="False" position="11" comment="">
<Src neg="False">
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529E3D616799" action="Accept" direction="Both" disabled="False" log="False" position="12" comment="dmz -&gt; intnet">
<Src neg="False">
<ObjectRef ref="id3D1BFABC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4529E49F16799"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529E3E216799" action="Accept" direction="Inbound" disabled="False" log="False" position="13" comment="dmz -&gt; intnet">
<Src neg="False">
<ObjectRef ref="id3D1BFABC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4529E49F16799"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529E3EE16799" action="Accept" direction="Outbound" disabled="False" log="False" position="14" comment="dmz -&gt; intnet">
<Src neg="False">
<ObjectRef ref="id3D1BFABC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4529E49F16799"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529E3FA16799" action="Accept" direction="Both" disabled="False" log="False" position="15" comment="dmz -&gt; intnet">
<Src neg="False">
<ObjectRef ref="id3D1BFABC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4529E4A216799"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529E40616799" action="Accept" direction="Inbound" disabled="False" log="False" position="16" comment="dmz -&gt; intnet">
<Src neg="False">
<ObjectRef ref="id3D1BFABC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4529E4A216799"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529E41216799" action="Accept" direction="Outbound" disabled="False" log="False" position="17" comment="dmz -&gt; intnet">
<Src neg="False">
<ObjectRef ref="id3D1BFABC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4529E4A216799"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529E41E16799" action="Accept" direction="Both" disabled="False" log="False" position="18" comment="dmz -&gt; intnet">
<Src neg="False">
<ObjectRef ref="id3D1BFABC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4529E49F16799"/>
<ObjectRef ref="id4529E4A216799"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529E42B16799" action="Deny" direction="Inbound" disabled="False" log="True" position="19" comment="">
<Src neg="False">
<ObjectRef ref="id4529E33F16799"/>
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4529E49C16799"/>
<ObjectRef ref="id4529E49F16799"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529E43916799" action="Accept" direction="Outbound" disabled="False" log="False" position="20" comment="">
<Src neg="False">
<ObjectRef ref="id4529E33F16799"/>
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4529E49C16799"/>
<ObjectRef ref="id4529E49F16799"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id4529E44816799" action="Deny" disabled="False" log="False" position="21" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id4529E49B16799" name="Routing" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id4529E49C16799" bridgeport="False" dyn="False" label="outside" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id4529E49E16799" name="firewall22:eth0:ip" comment="" ro="False" address="10.5.70.20" netmask="255.255.240.0"/>
</Interface>
<Interface id="id4529E49F16799" bridgeport="False" dyn="False" label="dmz" network_zone="id3D420A09" security_level="50" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id4529E4A116799" name="firewall22:eth1:ip" comment="" ro="False" address="192.168.2.20" netmask="255.255.255.0"/>
</Interface>
<Interface id="id4529E4A216799" bridgeport="False" dyn="False" label="inside" mgmt="True" network_zone="id3D420A0B" security_level="100" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<IPv4 id="id4529E4A416799" name="firewall22:eth2:ip" comment="" ro="False" address="192.168.1.20" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.20">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="check_shading">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="conn_hh">1</Option>
<Option name="conn_mm">0</Option>
<Option name="conn_ss">0</Option>
<Option name="ctiqbe_fixup">2 2748 0 nil 0</Option>
<Option name="dns_fixup">2 65535 0 nil 0</Option>
<Option name="dyn_addr">False</Option>
<Option name="espike_fixup">2 0 0 nil 0</Option>
<Option name="ftp_fixup">0 21 0 strict 0</Option>
<Option name="h323_h225_fixup">2 1720 1720 nil 0</Option>
<Option name="h323_hh">0</Option>
<Option name="h323_mm">5</Option>
<Option name="h323_ras_fixup">2 1718 1719 nil 0</Option>
<Option name="h323_ss">0</Option>
<Option name="half-closed_hh">0</Option>
<Option name="half-closed_mm">0</Option>
<Option name="half-closed_ss">0</Option>
<Option name="half_closed_hh">0</Option>
<Option name="half_closed_mm">10</Option>
<Option name="half_closed_ss">0</Option>
<Option name="http_fixup">2 80 80 nil 0</Option>
<Option name="icmp_error_fixup">2 0 0 nil 0</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="ils_fixup">2 389 389 nil 0</Option>
<Option name="mgcp_fixup">2 2427 2727 nil 0</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_ssh">False</Option>
<Option name="output_file"></Option>
<Option name="pix_acl_basic">False</Option>
<Option name="pix_acl_no_clear">True</Option>
<Option name="pix_acl_substitution">False</Option>
<Option name="pix_acl_temp_addr"></Option>
<Option name="pix_add_clear_statements">False</Option>
<Option name="pix_assume_fw_part_of_any">False</Option>
<Option name="pix_check_duplicate_nat">False</Option>
<Option name="pix_check_overlapping_global_pools">True</Option>
<Option name="pix_check_overlapping_global_statics">True</Option>
<Option name="pix_check_overlapping_statics">True</Option>
<Option name="pix_check_rule_shading">True</Option>
<Option name="pix_conn_abs">True</Option>
<Option name="pix_conn_hh">1</Option>
<Option name="pix_conn_inact">False</Option>
<Option name="pix_conn_mm">0</Option>
<Option name="pix_conn_ss">0</Option>
<Option name="pix_connection_timewait">False</Option>
<Option name="pix_emb_limit">0</Option>
<Option name="pix_emblem_log_format">False</Option>
<Option name="pix_emulate_out_acl">True</Option>
<Option name="pix_epilog_script"></Option>
<Option name="pix_floodguard">True</Option>
<Option name="pix_fragguard">True</Option>
<Option name="pix_generate_out_acl">True</Option>
<Option name="pix_h323_abs">True</Option>
<Option name="pix_h323_hh">0</Option>
<Option name="pix_h323_inact">False</Option>
<Option name="pix_h323_mm">5</Option>
<Option name="pix_h323_ss">0</Option>
<Option name="pix_include_comments">True</Option>
<Option name="pix_ip_address">False</Option>
<Option name="pix_logging_buffered">False</Option>
<Option name="pix_logging_buffered_level">0</Option>
<Option name="pix_logging_console">False</Option>
<Option name="pix_logging_console_level">0</Option>
<Option name="pix_logging_timestamp">False</Option>
<Option name="pix_logging_trap_level">0</Option>
<Option name="pix_max_conns">0</Option>
<Option name="pix_nodnsalias_inbound">False</Option>
<Option name="pix_nodnsalias_outbound">False</Option>
<Option name="pix_optimize_default_nat">False</Option>
<Option name="pix_prolog_script">
no sysopt connection timewait
no sysopt security fragguard
no sysopt nodnsalias inbound
no sysopt nodnsalias outbound
</Option>
<Option name="pix_regroup_commands">False</Option>
<Option name="pix_replace_natted_objects">False</Option>
<Option name="pix_resetinbound">False</Option>
<Option name="pix_resetoutside">False</Option>
<Option name="pix_route_dnat">True</Option>
<Option name="pix_rpc_abs">True</Option>
<Option name="pix_rpc_hh">0</Option>
<Option name="pix_rpc_inact">False</Option>
<Option name="pix_rpc_mm">10</Option>
<Option name="pix_rpc_ss">0</Option>
<Option name="pix_set_host_name">False</Option>
<Option name="pix_sip_abs">True</Option>
<Option name="pix_sip_hh">0</Option>
<Option name="pix_sip_inact">False</Option>
<Option name="pix_sip_media_abs">True</Option>
<Option name="pix_sip_media_hh">0</Option>
<Option name="pix_sip_media_inact">False</Option>
<Option name="pix_sip_media_mm">2</Option>
<Option name="pix_sip_media_ss">0</Option>
<Option name="pix_sip_mm">30</Option>
<Option name="pix_sip_ss">0</Option>
<Option name="pix_ssh_timeout">5</Option>
<Option name="pix_syslog_device_id_opt"></Option>
<Option name="pix_syslog_device_id_val"></Option>
<Option name="pix_syslog_facility"></Option>
<Option name="pix_syslog_host"></Option>
<Option name="pix_syslog_queue_size">0</Option>
<Option name="pix_telnet_timeout">5</Option>
<Option name="pix_uauth_abs">True</Option>
<Option name="pix_uauth_hh">2</Option>
<Option name="pix_uauth_inact">False</Option>
<Option name="pix_uauth_mm">0</Option>
<Option name="pix_uauth_ss">0</Option>
<Option name="pix_udp_abs">True</Option>
<Option name="pix_udp_hh">0</Option>
<Option name="pix_udp_inact">False</Option>
<Option name="pix_udp_mm">2</Option>
<Option name="pix_udp_ss">0</Option>
<Option name="pix_use_acl_remarks">False</Option>
<Option name="pix_use_manual_commit">False</Option>
<Option name="pix_xlate_abs">True</Option>
<Option name="pix_xlate_hh">3</Option>
<Option name="pix_xlate_inact">False</Option>
<Option name="pix_xlate_mm">0</Option>
<Option name="pix_xlate_ss">0</Option>
<Option name="pptp_fixup">2 1723 0 nil 0</Option>
<Option name="rpc_hh">0</Option>
<Option name="rpc_mm">10</Option>
<Option name="rpc_ss">0</Option>
<Option name="rsh_fixup">2 514 0 nil 0</Option>
<Option name="rtsp_fixup">2 554 0 nil 0</Option>
<Option name="sip_fixup">2 5060 5060 nil 0</Option>
<Option name="sip_hh">0</Option>
<Option name="sip_media_hh">0</Option>
<Option name="sip_media_mm">2</Option>
<Option name="sip_media_ss">0</Option>
<Option name="sip_mm">30</Option>
<Option name="sip_ss">0</Option>
<Option name="sip_udp_fixup">2 5060 0 nil 0</Option>
<Option name="skinny_fixup">2 2000 2000 nil 0</Option>
<Option name="smtp_fixup">2 25 25 nil 0</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sqlnet_fixup">2 1521 1521 nil 0</Option>
<Option name="sshArgs"></Option>
<Option name="ssh_timeout">5</Option>
<Option name="telnet_timeout">5</Option>
<Option name="tftp_fixup">2 69 0 nil 0</Option>
<Option name="uauth_abs">True</Option>
<Option name="uauth_hh">2</Option>
<Option name="uauth_inact">False</Option>
<Option name="uauth_mm">0</Option>
<Option name="uauth_ss">0</Option>
<Option name="udp_hh">0</Option>
<Option name="udp_mm">2</Option>
<Option name="udp_ss">0</Option>
<Option name="xlate_hh">3</Option>
<Option name="xlate_mm">0</Option>
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id4529FD4A16799" host_OS="pix_os" inactive="False" lastCompiled="1145688339" lastInstalled="0" lastModified="1160361262" platform="pix" version="6.3" name="firewall21-1" comment="testing outbound ACLs&#10;&#10;this is a copy of firewall21 except with different version&#10;&#10;v6.3, outbound ACLs are not supported&#10;" ro="False">
<NAT id="id4529FE5F16799" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id4529FE6016799" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id4529FEA716799"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id4529FE6E16799" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id4529FEA716799"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id4529FE7C16799" disabled="False" position="2" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id4529FEA716799"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3D420521"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id4529FE8A16799" disabled="False" position="3" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B022266"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="net-Internal_net"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id4529FEAD16799"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id4529FE9816799" disabled="False" position="4" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id3B022266"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id4529FEAA16799"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id4529FD5016799" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id4529FD5116799" action="Accept" disabled="False" log="False" position="0" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529FD5D16799" action="Accept" direction="Inbound" disabled="False" log="False" position="1" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529FD6916799" action="Accept" direction="Outbound" disabled="False" log="False" position="2" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529FD7516799" action="Accept" direction="Both" disabled="False" log="False" position="3" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529FD8116799" action="Accept" direction="Inbound" disabled="False" log="False" position="4" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529FD8D16799" action="Accept" direction="Outbound" disabled="False" log="False" position="5" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529FD9916799" action="Accept" direction="Both" disabled="False" log="False" position="6" comment="">
<Src neg="False">
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529FDA516799" action="Accept" direction="Inbound" disabled="False" log="False" position="7" comment="">
<Src neg="False">
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529FDB116799" action="Accept" direction="Outbound" disabled="False" log="False" position="8" comment="">
<Src neg="False">
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529FDBD16799" action="Accept" direction="Both" disabled="False" log="False" position="9" comment="">
<Src neg="False">
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529FDC916799" action="Accept" direction="Inbound" disabled="False" log="False" position="10" comment="">
<Src neg="False">
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529FDD516799" action="Accept" direction="Outbound" disabled="False" log="False" position="11" comment="">
<Src neg="False">
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529FDE116799" action="Accept" direction="Both" disabled="False" log="False" position="12" comment="dmz -&gt; intnet">
<Src neg="False">
<ObjectRef ref="id3D1BFABC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4529FEAA16799"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529FDED16799" action="Accept" direction="Inbound" disabled="False" log="False" position="13" comment="dmz -&gt; intnet">
<Src neg="False">
<ObjectRef ref="id3D1BFABC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4529FEAA16799"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529FDF916799" action="Accept" direction="Outbound" disabled="False" log="False" position="14" comment="dmz -&gt; intnet">
<Src neg="False">
<ObjectRef ref="id3D1BFABC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4529FEAA16799"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529FE0516799" action="Accept" direction="Both" disabled="False" log="False" position="15" comment="dmz -&gt; intnet">
<Src neg="False">
<ObjectRef ref="id3D1BFABC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4529FEAD16799"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529FE1116799" action="Accept" direction="Inbound" disabled="False" log="False" position="16" comment="dmz -&gt; intnet">
<Src neg="False">
<ObjectRef ref="id3D1BFABC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4529FEAD16799"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529FE1D16799" action="Accept" direction="Outbound" disabled="False" log="False" position="17" comment="dmz -&gt; intnet">
<Src neg="False">
<ObjectRef ref="id3D1BFABC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4529FEAD16799"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529FE2916799" action="Accept" direction="Both" disabled="False" log="False" position="18" comment="dmz -&gt; intnet">
<Src neg="False">
<ObjectRef ref="id3D1BFABC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="host-hostA"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4529FEAA16799"/>
<ObjectRef ref="id4529FEAD16799"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529FE3616799" action="Deny" direction="Inbound" disabled="False" log="True" position="19" comment="">
<Src neg="False">
<ObjectRef ref="id4529FD4A16799"/>
<ObjectRef ref="net-Internal_net"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4529FEA716799"/>
<ObjectRef ref="id4529FEAA16799"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4529FE4416799" action="Accept" direction="Outbound" disabled="False" log="False" position="20" comment="">
<Src neg="False">
<ObjectRef ref="id4529FD4A16799"/>
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3B022266"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4529FEA716799"/>
<ObjectRef ref="id4529FEAA16799"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id4529FE5316799" action="Deny" disabled="False" log="False" position="21" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id4529FEA616799" name="Routing" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id4529FEA716799" bridgeport="False" dyn="False" label="outside" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id4529FEA916799" name="firewall21-1:eth0:ip" comment="" ro="False" address="10.5.70.20" netmask="255.255.240.0"/>
</Interface>
<Interface id="id4529FEAA16799" bridgeport="False" dyn="False" label="dmz" network_zone="id3D420A09" security_level="50" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id4529FEAC16799" name="firewall21-1:eth1:ip" comment="" ro="False" address="192.168.2.20" netmask="255.255.255.0"/>
</Interface>
<Interface id="id4529FEAD16799" bridgeport="False" dyn="False" label="inside" mgmt="True" network_zone="id3D420A0B" security_level="100" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<IPv4 id="id4529FEAF16799" name="firewall21-1:eth2:ip" comment="" ro="False" address="192.168.1.20" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.20">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="check_shading">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="conn_hh">1</Option>
<Option name="conn_mm">0</Option>
<Option name="conn_ss">0</Option>
<Option name="ctiqbe_fixup">2 2748 0 nil 0</Option>
<Option name="dns_fixup">2 65535 0 nil 0</Option>
<Option name="dyn_addr">False</Option>
<Option name="espike_fixup">2 0 0 nil 0</Option>
<Option name="ftp_fixup">0 21 0 strict 0</Option>
<Option name="h323_h225_fixup">2 1720 1720 nil 0</Option>
<Option name="h323_hh">0</Option>
<Option name="h323_mm">5</Option>
<Option name="h323_ras_fixup">2 1718 1719 nil 0</Option>
<Option name="h323_ss">0</Option>
<Option name="half-closed_hh">0</Option>
<Option name="half-closed_mm">0</Option>
<Option name="half-closed_ss">0</Option>
<Option name="half_closed_hh">0</Option>
<Option name="half_closed_mm">10</Option>
<Option name="half_closed_ss">0</Option>
<Option name="http_fixup">2 80 80 nil 0</Option>
<Option name="icmp_error_fixup">2 0 0 nil 0</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="ils_fixup">2 389 389 nil 0</Option>
<Option name="mgcp_fixup">2 2427 2727 nil 0</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_ssh">False</Option>
<Option name="output_file"></Option>
<Option name="pix_acl_basic">False</Option>
<Option name="pix_acl_no_clear">True</Option>
<Option name="pix_acl_substitution">False</Option>
<Option name="pix_acl_temp_addr"></Option>
<Option name="pix_add_clear_statements">False</Option>
<Option name="pix_assume_fw_part_of_any">False</Option>
<Option name="pix_check_duplicate_nat">False</Option>
<Option name="pix_check_overlapping_global_pools">True</Option>
<Option name="pix_check_overlapping_global_statics">True</Option>
<Option name="pix_check_overlapping_statics">True</Option>
<Option name="pix_check_rule_shading">True</Option>
<Option name="pix_conn_abs">True</Option>
<Option name="pix_conn_hh">1</Option>
<Option name="pix_conn_inact">False</Option>
<Option name="pix_conn_mm">0</Option>
<Option name="pix_conn_ss">0</Option>
<Option name="pix_connection_timewait">False</Option>
<Option name="pix_emb_limit">0</Option>
<Option name="pix_emblem_log_format">False</Option>
<Option name="pix_emulate_out_acl">True</Option>
<Option name="pix_epilog_script"></Option>
<Option name="pix_floodguard">True</Option>
<Option name="pix_fragguard">True</Option>
<Option name="pix_generate_out_acl">False</Option>
<Option name="pix_h323_abs">True</Option>
<Option name="pix_h323_hh">0</Option>
<Option name="pix_h323_inact">False</Option>
<Option name="pix_h323_mm">5</Option>
<Option name="pix_h323_ss">0</Option>
<Option name="pix_include_comments">True</Option>
<Option name="pix_ip_address">False</Option>
<Option name="pix_logging_buffered">False</Option>
<Option name="pix_logging_buffered_level">0</Option>
<Option name="pix_logging_console">False</Option>
<Option name="pix_logging_console_level">0</Option>
<Option name="pix_logging_timestamp">False</Option>
<Option name="pix_logging_trap_level">0</Option>
<Option name="pix_max_conns">0</Option>
<Option name="pix_nodnsalias_inbound">False</Option>
<Option name="pix_nodnsalias_outbound">False</Option>
<Option name="pix_optimize_default_nat">False</Option>
<Option name="pix_prolog_script">
no sysopt connection timewait
no sysopt security fragguard
no sysopt nodnsalias inbound
no sysopt nodnsalias outbound
</Option>
<Option name="pix_regroup_commands">False</Option>
<Option name="pix_replace_natted_objects">False</Option>
<Option name="pix_resetinbound">False</Option>
<Option name="pix_resetoutside">False</Option>
<Option name="pix_route_dnat">True</Option>
<Option name="pix_rpc_abs">True</Option>
<Option name="pix_rpc_hh">0</Option>
<Option name="pix_rpc_inact">False</Option>
<Option name="pix_rpc_mm">10</Option>
<Option name="pix_rpc_ss">0</Option>
<Option name="pix_set_host_name">False</Option>
<Option name="pix_sip_abs">True</Option>
<Option name="pix_sip_hh">0</Option>
<Option name="pix_sip_inact">False</Option>
<Option name="pix_sip_media_abs">True</Option>
<Option name="pix_sip_media_hh">0</Option>
<Option name="pix_sip_media_inact">False</Option>
<Option name="pix_sip_media_mm">2</Option>
<Option name="pix_sip_media_ss">0</Option>
<Option name="pix_sip_mm">30</Option>
<Option name="pix_sip_ss">0</Option>
<Option name="pix_ssh_timeout">5</Option>
<Option name="pix_syslog_facility"></Option>
<Option name="pix_syslog_host"></Option>
<Option name="pix_syslog_queue_size">0</Option>
<Option name="pix_telnet_timeout">5</Option>
<Option name="pix_uauth_abs">True</Option>
<Option name="pix_uauth_hh">2</Option>
<Option name="pix_uauth_inact">False</Option>
<Option name="pix_uauth_mm">0</Option>
<Option name="pix_uauth_ss">0</Option>
<Option name="pix_udp_abs">True</Option>
<Option name="pix_udp_hh">0</Option>
<Option name="pix_udp_inact">False</Option>
<Option name="pix_udp_mm">2</Option>
<Option name="pix_udp_ss">0</Option>
<Option name="pix_use_acl_remarks">False</Option>
<Option name="pix_use_manual_commit">False</Option>
<Option name="pix_xlate_abs">True</Option>
<Option name="pix_xlate_hh">3</Option>
<Option name="pix_xlate_inact">False</Option>
<Option name="pix_xlate_mm">0</Option>
<Option name="pix_xlate_ss">0</Option>
<Option name="pptp_fixup">2 1723 0 nil 0</Option>
<Option name="rpc_hh">0</Option>
<Option name="rpc_mm">10</Option>
<Option name="rpc_ss">0</Option>
<Option name="rsh_fixup">2 514 0 nil 0</Option>
<Option name="rtsp_fixup">2 554 0 nil 0</Option>
<Option name="sip_fixup">2 5060 5060 nil 0</Option>
<Option name="sip_hh">0</Option>
<Option name="sip_media_hh">0</Option>
<Option name="sip_media_mm">2</Option>
<Option name="sip_media_ss">0</Option>
<Option name="sip_mm">30</Option>
<Option name="sip_ss">0</Option>
<Option name="sip_udp_fixup">2 5060 0 nil 0</Option>
<Option name="skinny_fixup">2 2000 2000 nil 0</Option>
<Option name="smtp_fixup">2 25 25 nil 0</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sqlnet_fixup">2 1521 1521 nil 0</Option>
<Option name="sshArgs"></Option>
<Option name="ssh_timeout">5</Option>
<Option name="telnet_timeout">5</Option>
<Option name="tftp_fixup">2 69 0 nil 0</Option>
<Option name="uauth_abs">True</Option>
<Option name="uauth_hh">2</Option>
<Option name="uauth_inact">False</Option>
<Option name="uauth_mm">0</Option>
<Option name="uauth_ss">0</Option>
<Option name="udp_hh">0</Option>
<Option name="udp_mm">2</Option>
<Option name="udp_ss">0</Option>
<Option name="xlate_hh">3</Option>
<Option name="xlate_mm">0</Option>
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id47B7A69C21818" host_OS="pix_os" inactive="False" lastCompiled="1203142939" lastInstalled="1203142969" lastModified="1203139852" platform="pix" version="7.0" name="pix515" comment="Similar to fw 1, but the firewall is used as DHCP and DNS server for internal network.&#10;This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside.&#10;Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall can send DNS queries to servers out on the Internet. Another rule permits DNS queries from internal network to the firewall. Special rules permit DHCP requests from internal network and replies sent by the firewall." ro="False">
<NAT id="id47B7A71321818" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id47B7A71421818" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="id47B7C22921818"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id47B7A72321818"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id47B7C22E21818" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id47B7A72321818"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id47B71DEF21818"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id47B7C6CD21818"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
</NAT>
<Policy id="id47B7A6A221818" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id47B7A6BC21818" action="Accept" disabled="False" log="False" position="0" comment="">
<Src neg="False">
<ObjectRef ref="id47B7C22921818"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id47B7A69C21818"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
<ServiceRef ref="id3F530CC8"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id47B93E1C21818" action="Accept" direction="Both" disabled="False" log="False" position="1" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id47B7C6CD21818"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id47B8824321818" action="Accept" direction="Both" disabled="True" log="False" position="2" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id47B7C6CD21818"/>
<ObjectRef ref="id47B7A72321818"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="id47B71DEF21818"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id47B7A6E321818" action="Accept" disabled="False" log="False" position="3" comment="">
<Src neg="False">
<ObjectRef ref="id47B7A69C21818"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id47B7A6FB21818" action="Accept" disabled="False" log="False" position="4" comment="">
<Src neg="False">
<ObjectRef ref="id47B7C22921818"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id47B7A70721818" action="Deny" disabled="False" log="True" position="5" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
</PolicyRule>
</Policy>
<Routing id="id47B7A72221818" name="Routing" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id47B7A72321818" bridgeport="False" dyn="False" label="outside" mgmt="False" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="ethernet0" comment="" ro="False">
<IPv4 id="id47B7A72F21818" name="pix515:ethernet0:ip" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface id="id47B7A72421818" bridgeport="False" dyn="False" label="inside" mgmt="True" network_zone="id47B7C22921818" security_level="100" unnum="False" unprotected="False" name="ethernet1" comment="" ro="False">
<IPv4 id="id47B7A72621818" name="pix515:ethernet1:ip" comment="" ro="False" address="10.3.14.206" netmask="255.255.255.0"/>
</Interface>
<Management address="10.3.14.206">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">true</Option>
<Option name="accept_new_tcp_with_no_syn">true</Option>
<Option name="add_check_state_rule">true</Option>
<Option name="admUser">vadim</Option>
<Option name="altAddress"></Option>
<Option name="check_shading">False</Option>
<Option name="configure_interfaces">true</Option>
<Option name="conn_hh">0</Option>
<Option name="conn_mm">0</Option>
<Option name="conn_ss">0</Option>
<Option name="ctiqbe_fixup">2 2748 0 nil 0</Option>
<Option name="dns_fixup">2 65535 0 nil 0</Option>
<Option name="eliminate_duplicates">true</Option>
<Option name="espike_fixup">2 0 0 nil 0</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any_and_networks">true</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="ftp_fixup">2 21 0 strict 0</Option>
<Option name="h323_h225_fixup">2 1720 1720 nil 0</Option>
<Option name="h323_hh">0</Option>
<Option name="h323_mm">0</Option>
<Option name="h323_ras_fixup">2 1718 1719 nil 0</Option>
<Option name="h323_ss">0</Option>
<Option name="half-closed_hh">0</Option>
<Option name="half-closed_mm">0</Option>
<Option name="half-closed_ss">0</Option>
<Option name="http_fixup">2 80 80 nil 0</Option>
<Option name="icmp_error_fixup">2 0 0 nil 0</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="ils_fixup">2 389 389 nil 0</Option>
<Option name="in_out_code">true</Option>
<Option name="iosacl_add_clear_statements">true</Option>
<Option name="iosacl_assume_fw_part_of_any">true</Option>
<Option name="iosacl_include_comments">true</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">true</Option>
<Option name="local_nat">false</Option>
<Option name="log_level">info</Option>
<Option name="log_prefix">RULE %N -- %A </Option>
<Option name="loopback_interface">lo0</Option>
<Option name="macosx_ip_forward">1</Option>
<Option name="manage_virtual_addr">true</Option>
<Option name="mgcp_fixup">2 2427 2727 nil 0</Option>
<Option name="mgmt_addr">10.3.14.42</Option>
<Option name="mgmt_ssh">True</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"></Option>
<Option name="pass_all_out">false</Option>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option>
<Option name="pf_scrub_maxmss">1460</Option>
<Option name="pf_timeout_frag">30</Option>
<Option name="pf_timeout_interval">10</Option>
<Option name="pix_acl_basic">False</Option>
<Option name="pix_acl_no_clear">False</Option>
<Option name="pix_acl_substitution">True</Option>
<Option name="pix_acl_temp_addr">10.3.14.42</Option>
<Option name="pix_add_clear_statements">true</Option>
<Option name="pix_assume_fw_part_of_any">True</Option>
<Option name="pix_check_duplicate_nat">False</Option>
<Option name="pix_check_overlapping_global_pools">False</Option>
<Option name="pix_check_overlapping_global_statics">False</Option>
<Option name="pix_check_overlapping_statics">False</Option>
<Option name="pix_connection_timewait">False</Option>
<Option name="pix_default_logint">300</Option>
<Option name="pix_emb_limit">0</Option>
<Option name="pix_emblem_log_format">True</Option>
<Option name="pix_emulate_out_acl">True</Option>
<Option name="pix_epilog_script"></Option>
<Option name="pix_floodguard">True</Option>
<Option name="pix_fragguard">False</Option>
<Option name="pix_generate_out_acl">False</Option>
<Option name="pix_include_comments">True</Option>
<Option name="pix_logging_buffered">True</Option>
<Option name="pix_logging_buffered_level">6</Option>
<Option name="pix_logging_console">False</Option>
<Option name="pix_logging_console_level"></Option>
<Option name="pix_logging_timestamp">True</Option>
<Option name="pix_logging_trap_level"></Option>
<Option name="pix_max_conns">0</Option>
<Option name="pix_nodnsalias_inbound">False</Option>
<Option name="pix_nodnsalias_outbound">False</Option>
<Option name="pix_optimize_default_nat">False</Option>
<Option name="pix_prolog_script"></Option>
<Option name="pix_regroup_commands">False</Option>
<Option name="pix_replace_natted_objects">True</Option>
<Option name="pix_resetinbound">False</Option>
<Option name="pix_resetoutside">False</Option>
<Option name="pix_route_dnat">False</Option>
<Option name="pix_route_dnat_supported">true</Option>
<Option name="pix_rule_syslog_settings">false</Option>
<Option name="pix_security_fragguard_supported">true</Option>
<Option name="pix_ssh_timeout">0</Option>
<Option name="pix_syslog_device_id_opt">hostname</Option>
<Option name="pix_syslog_device_id_supported">false</Option>
<Option name="pix_syslog_device_id_val"></Option>
<Option name="pix_syslog_facility"></Option>
<Option name="pix_syslog_host"></Option>
<Option name="pix_syslog_queue_size">0</Option>
<Option name="pix_telnet_timeout">0</Option>
<Option name="pix_use_acl_remarks">True</Option>
<Option name="pix_use_manual_commit">False</Option>
<Option name="pptp_fixup">2 1723 0 nil 0</Option>
<Option name="prompt1">$ </Option>
<Option name="prompt2"> # </Option>
<Option name="rpc_hh">0</Option>
<Option name="rpc_mm">0</Option>
<Option name="rpc_ss">0</Option>
<Option name="rsh_fixup">2 514 0 nil 0</Option>
<Option name="rtsp_fixup">2 554 0 nil 0</Option>
<Option name="sip_fixup">2 5060 5060 nil 0</Option>
<Option name="sip_hh">0</Option>
<Option name="sip_media_hh">0</Option>
<Option name="sip_media_mm">0</Option>
<Option name="sip_media_ss">0</Option>
<Option name="sip_mm">0</Option>
<Option name="sip_ss">0</Option>
<Option name="sip_udp_fixup">2 5060 0 nil 0</Option>
<Option name="skinny_fixup">2 2000 2000 nil 0</Option>
<Option name="smtp_fixup">2 25 25 nil 0</Option>
<Option name="solaris_ip_forward">1</Option>
<Option name="sqlnet_fixup">2 1521 1521 nil 0</Option>
<Option name="sshArgs"></Option>
<Option name="tftp_fixup">2 69 0 nil 0</Option>
<Option name="uauth_abs">False</Option>
<Option name="uauth_hh">0</Option>
<Option name="uauth_inact">False</Option>
<Option name="uauth_mm">0</Option>
<Option name="uauth_ss">0</Option>
<Option name="udp_hh">0</Option>
<Option name="udp_mm">0</Option>
<Option name="udp_ss">0</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="verify_interfaces">true</Option>
<Option name="xlate_hh">0</Option>
<Option name="xlate_mm">0</Option>
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
</ObjectGroup>
<IntervalGroup id="stdid11_1" name="Time" comment="" ro="False"/>
</Library>
<Library id="id4387B43718346" color="#FFFFFF" name="transfer" comment="" ro="False">
<ObjectGroup id="id4387B43818346" name="Objects" comment="" ro="False">
<ObjectGroup id="id4387B43918346" name="Addresses" comment="" ro="False"/>
<ObjectGroup id="id4387B43A18346" name="DNS Names" comment="" ro="False"/>
<ObjectGroup id="id4387B43B18346" name="Address Tables" comment="" ro="False"/>
<ObjectGroup id="id4387B43C18346" name="Groups" comment="" ro="False"/>
<ObjectGroup id="id4387B43D18346" name="Hosts" comment="" ro="False"/>
<ObjectGroup id="id4387B43E18346" name="Networks" comment="" ro="False"/>
<ObjectGroup id="id4387B43F18346" name="Address Ranges" comment="" ro="False"/>
</ObjectGroup>
<ServiceGroup id="id4387B44018346" name="Services" comment="" ro="False">
<ServiceGroup id="id4387B44018346_og_tag_1" name="TagServices" comment="" ro="False"/>
<ServiceGroup id="id4387B44118346" name="Groups" comment="" ro="False"/>
<ServiceGroup id="id4387B44218346" name="ICMP" comment="" ro="False"/>
<ServiceGroup id="id4387B44318346" name="IP" comment="" ro="False"/>
<ServiceGroup id="id4387B44418346" name="TCP" comment="" ro="False"/>
<ServiceGroup id="id4387B44518346" name="UDP" comment="" ro="False"/>
<ServiceGroup id="id4387B44618346" name="Custom" comment="" ro="False"/>
<ServiceGroup id="id4387B44018346_userservices" name="Users" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="id4387B44718346" name="Firewalls" comment="" ro="False"/>
<IntervalGroup id="id4387B44818346" name="Time" comment="" ro="False"/>
</Library>
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<ServiceGroup id="stdid05" name="Services" comment="" ro="False">
<ServiceGroup id="stdid06" name="IP" comment="" ro="False">
<IPService id="ip-IPSEC" fragm="False" lsrr="False" protocol_num="50" rr="False" short_fragm="False" ssrr="False" ts="False" name="ESP" comment="IPSEC Encapsulating Security Payload Protocol" ro="False"/>
<IPService id="ip-IP_Fragments" fragm="False" lsrr="False" protocol_num="0" rr="False" short_fragm="True" ssrr="False" ts="False" name="ip_fragments" comment="'Short' fragments" ro="False"/>
</ServiceGroup>
<ServiceGroup id="stdid09" name="TCP" comment="" ro="False">
<TCPService id="tcp-Auth" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="auth" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="113" dst_range_end="113"/>
<TCPService id="tcp-DNS_zone_transf" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="dns-tcp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="53" dst_range_end="53"/>
<TCPService id="tcp-FTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ftp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="21" dst_range_end="21"/>
<TCPService id="tcp-HTTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="http" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="80" dst_range_end="80"/>
<TCPService id="tcp-NNTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nntp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="119" dst_range_end="119"/>
<TCPService id="tcp-SMTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="smtp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="25" dst_range_end="25"/>
<TCPService id="tcp-SSH" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ssh" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
<TCPService id="tcp-Telnet" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="telnet" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="23" dst_range_end="23"/>
<TCPService id="tcp-uucp" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="uucp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="540" dst_range_end="540"/>
<TCPService id="id3AEDBE6E" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="daytime" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="13" dst_range_end="13"/>
<TCPService id="id3B4FEDA3" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="eklogin" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2105" dst_range_end="2105"/>
<TCPService id="id3B4FED69" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="https" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="443" dst_range_end="443"/>
<TCPService id="id3AECF776" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="imap" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="143" dst_range_end="143"/>
<TCPService id="id3B4FED9F" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="imaps" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="993" dst_range_end="993"/>
<TCPService id="id3B4FF13C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="irc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="6667" dst_range_end="6667"/>
<TCPService id="id3B4FEE21" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="klogin" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="543" dst_range_end="543"/>
<TCPService id="id3B4FEE23" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ksh" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="544" dst_range_end="544"/>
<TCPService id="id3AECF778" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ldap" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="389" dst_range_end="389"/>
<TCPService id="id3B4FF000" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="linuxconf" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="98" dst_range_end="98"/>
<TCPService id="id3B4FEEEE" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="mysql" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3306" dst_range_end="3306"/>
<TCPService id="id3B4FEE7A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nfs" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2049" dst_range_end="2049"/>
<TCPService id="id3B4FEE1D" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="pop3" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="110" dst_range_end="110"/>
<TCPService id="id3B4FF0EA" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="postgres" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5432" dst_range_end="5432"/>
<TCPService id="id3AECF782" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="printer" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="515" dst_range_end="515"/>
<TCPService id="id3B4FEF7C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="quake" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="26000" dst_range_end="26000"/>
<TCPService id="id3AECF77A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rexec" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="512" dst_range_end="512"/>
<TCPService id="id3AECF77C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rlogin" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="513" dst_range_end="513"/>
<TCPService id="id3AECF77E" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rshell" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="514" dst_range_end="514"/>
<TCPService id="id3B4FEF34" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rwhois" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="4321" dst_range_end="4321"/>
<TCPService id="id3B4FF04C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="smtps" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="465" dst_range_end="465"/>
<TCPService id="id3B4FEE76" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="socks" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1080" dst_range_end="1080"/>
<TCPService id="id3AEDBE00" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="sunrpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="111" dst_range_end="111"/>
<TCPService id="id3B4FF1B8" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xfs" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="7100" dst_range_end="7100"/>
<TCPService id="tcp-TCP-SYN" ack_flag="False" ack_flag_mask="True" fin_flag="False" fin_flag_mask="True" psh_flag="False" psh_flag_mask="True" rst_flag="False" rst_flag_mask="True" syn_flag="True" syn_flag_mask="True" urg_flag="False" urg_flag_mask="True" name="tcp-syn" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id3CB131C4" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="Citrix-ICA" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1494" dst_range_end="1494"/>
<TCPService id="id3B4FF09A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="squid" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3128" dst_range_end="3128"/>
<TCPService id="tcp-DNS" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="domain" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="53" dst_range_end="53"/>
</ServiceGroup>
<ServiceGroup id="stdid08" name="UDP" comment="" ro="False">
<UDPService id="udp-SNMP" name="snmp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="161" dst_range_end="161"/>
<UDPService id="udp-DNS" name="domain" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="53" dst_range_end="53"/>
<UDPService id="id3D703C96" name="ICQ" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="4000" dst_range_end="4000"/>
</ServiceGroup>
<ServiceGroup id="stdid07" name="ICMP" comment="" ro="False">
<ICMPService id="icmp-Unreachables" code="-1" type="3" name="all ICMP unreachables" comment="" ro="False"/>
<ICMPService id="icmp-ping_request" code="0" type="8" name="ping request" comment="" ro="False"/>
<ICMPService id="icmp-Time_exceeded" code="0" type="11" name="time exceeded" comment="ICMP messages of this type are needed for traceroute" ro="False"/>
<ICMPService id="icmp-Time_exceeded_in_transit" code="1" type="11" name="time exceeded in transit" comment="" ro="False"/>
<ICMPService id="icmp-ping_reply" code="0" type="0" name="ping reply" comment="" ro="False"/>
</ServiceGroup>
<ServiceGroup id="stdid10" name="Groups" comment="" ro="False">
<ServiceGroup id="sg-Useful_ICMP" name="Useful_ICMP" comment="" ro="False">
<ServiceRef ref="icmp-Time_exceeded"/>
<ServiceRef ref="icmp-Time_exceeded_in_transit"/>
<ServiceRef ref="icmp-ping_reply"/>
<ServiceRef ref="icmp-Unreachables"/>
</ServiceGroup>
<ServiceGroup id="id3F530CC8" name="DNS" comment="" ro="False">
<ServiceRef ref="udp-DNS"/>
<ServiceRef ref="tcp-DNS"/>
</ServiceGroup>
</ServiceGroup>
</ServiceGroup>
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyInterval id="sysid2" days_of_week="0,1,2,3,4,5,6" from_day="-1" from_hour="-1" from_minute="-1" from_month="-1" from_weekday="-1" from_year="-1" to_day="-1" to_hour="-1" to_minute="-1" to_month="-1" to_weekday="-1" to_year="-1" name="Any" comment="Any Interval" ro="False"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
<ObjectGroup id="stdid01" name="Objects" comment="" ro="False">
<ObjectGroup id="stdid02" name="Hosts" comment="" ro="False">
<Host id="id3D84EECF" name="server on dmz" comment="This host is used in examples and template objects" ro="False">
<Interface id="id3D84EEE3" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3D84EEE4" name="ip" comment="" ro="False" address="192.168.2.10" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.2.10">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
</ObjectGroup>
</ObjectGroup>
</Library>
</FWObjectDatabase>
Reference in New Issue View Git Blame Copy Permalink