fwbuilder/test/pix/firewall4.fw.orig

!
!  This is automatically generated file. DO NOT MODIFY !
!
!  Firewall Builder  fwb_pix v4.2.0.3530
!
!  Generated Wed Apr 20 10:40:40 2011 PDT by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported
! Emulate outbound ACLs: yes
! Generating outbound ACLs: no
! Assume firewall is part of any: yes
!
!# files: * firewall4.fw
!
! this object is used to test "Replace NAT'ted objects with their translations" option



!
! Prolog script:
!

!
! End of prolog script:
!




nameif eth0 inside security100

nameif eth1 dmz1 security40

nameif eth2 dmz2 security50

nameif eth3 outside security0


no logging buffered
no logging console
no logging timestamp
no logging on


timeout xlate 3:0:0 
timeout conn 1:0:0 
timeout udp 0:2:0 
timeout rpc 0:10:0 
timeout h323 0:5:0 
timeout sip 0:30:0 
timeout sip_media 0:0:0 
timeout uauth 2:0:0 absolute 

telnet timeout -1

clear ssh
aaa authentication ssh console LOCAL
ssh timeout -1

clear snmp-server
no snmp-server enable traps

clear ntp


no service resetinbound
no service resetoutside
no sysopt connection timewait
no sysopt security fragguard
no sysopt nodnsalias inbound
no sysopt nodnsalias outbound
no sysopt route dnat
floodguard disable


!################

clear xlate
clear static
clear global
clear nat
clear access-list
clear icmp
clear telnet
clear object-group

object-group service id3D79A1C2.srv.tcp.0 tcp
  port-object eq 80
  port-object eq 22
exit

object-group network id3D79A1E4.dst.net.0
  network-object host 192.168.1.10 
  network-object host 192.168.1.20 
exit

! 
! Rule  0 (global)
access-list inside_acl_in permit tcp any host 192.168.1.10 eq 22 
access-list dmz1_acl_in permit tcp any host 192.168.1.10 eq 22 
access-list dmz2_acl_in permit tcp any host 192.168.2.1 eq 22 
access-list dmz2_acl_in permit tcp any host 192.168.1.10 eq 22 
access-list outside_acl_in permit tcp any host 222.222.222.222 eq 22 
access-list outside_acl_in permit tcp any host 192.168.1.10 eq 22 
! 
! Rule  1 (global)
access-list inside_acl_in permit tcp any host 192.168.1.10 object-group id3D79A1C2.srv.tcp.0 
access-list dmz1_acl_in permit tcp any host 192.168.1.10 object-group id3D79A1C2.srv.tcp.0 
access-list dmz2_acl_in permit tcp any host 192.168.2.1 eq 22 
access-list dmz2_acl_in permit tcp any host 192.168.1.10 object-group id3D79A1C2.srv.tcp.0 
access-list outside_acl_in permit tcp any host 222.222.222.222 eq 22 
access-list outside_acl_in permit tcp any host 192.168.1.10 object-group id3D79A1C2.srv.tcp.0 
! 
! Rule  2 (global)
access-list inside_acl_in permit tcp any object-group id3D79A1E4.dst.net.0 eq 22 
access-list dmz1_acl_in permit tcp any object-group id3D79A1E4.dst.net.0 eq 22 
access-list dmz2_acl_in permit tcp any host 192.168.2.1 eq 22 
access-list dmz2_acl_in permit tcp any object-group id3D79A1E4.dst.net.0 eq 22 
access-list outside_acl_in permit tcp any host 222.222.222.222 eq 22 
access-list outside_acl_in permit tcp any object-group id3D79A1E4.dst.net.0 eq 22 
! 
! Rule  3 (global)
! 'masquerading' rule
access-list inside_acl_in permit ip 192.168.1.0 255.255.255.0 any 
! 
! Rule  4 (global)
! 'catch all' rule
access-list inside_acl_in deny   ip any any 
access-list dmz1_acl_in deny   ip any any 
access-list dmz2_acl_in deny   ip any any 
access-list outside_acl_in deny   ip any any 


access-group dmz1_acl_in in interface dmz1
access-group dmz2_acl_in in interface dmz2
access-group inside_acl_in in interface inside
access-group outside_acl_in in interface outside

! 
! Rule  0 (NAT)
static (inside,outside) tcp interface 22 192.168.1.10 22  0 0
! 
! Rule  1 (NAT)
static (inside,dmz2) tcp interface 22 192.168.1.10 22  0 0
! 
! Rule  2 (NAT)
static (inside,dmz2) tcp interface 22 192.168.1.10 22  0 0



!
! Epilog script:
!

! End of epilog script:
!