fwbuilder/test/pix/firewall1.fw.orig

!
!  This is automatically generated file. DO NOT MODIFY !
!
!  Firewall Builder  fwb_pix v4.2.0.3530
!
!  Generated Wed Apr 20 10:40:34 2011 PDT by vadim
!
! Compiled for pix 6.1
! Outbound ACLs: not supported
! Emulate outbound ACLs: yes
! Generating outbound ACLs: no
! Assume firewall is part of any: no
!
!# files: * firewall1.fw
!
! this object is used to test all kinds of negation in policy rules

! firewall1::: error: Dynamic interface eth1 should not have an IP address object attached to it. This IP address object will be ignored.

! C firewall1:Policy:9: error: Dynamic interface can be used in the policy rule only in v6.3 or later.
! C firewall1:Policy:9: error: Dynamic interface can be used in the policy rule only in v6.3 or later.

! N firewall1:NAT:4: warning: Objects used in Original Source and Translated Source of the rule dictate that the same interface 'dmz' is going to be used as real and mapped interface in the generated nat command.
! N firewall1:NAT:5: warning: Objects used in Original Source and Translated Source of the rule dictate that the same interface 'dmz' is going to be used as real and mapped interface in the generated nat command.

!
! Prolog script:
!

!
! End of prolog script:
!




nameif eth0 inside security100

nameif eth1 outside security0

nameif eth2 dmz security50


no logging buffered
no logging console
no logging timestamp
no logging on



telnet timeout 5

aaa authentication ssh console LOCAL
ssh timeout 5

no snmp-server




no service resetinbound
no service resetoutside
no sysopt connection timewait
no sysopt security fragguard
no sysopt nodnsalias inbound
no sysopt nodnsalias outbound
no sysopt route dnat
floodguard disable


!################





! 
! Rule  2 (eth1)
! Anti-spoofing rule
access-list outside_acl_in deny   ip host 192.168.1.1 any 
access-list outside_acl_in deny   ip host 192.168.2.1 any 
access-list outside_acl_in deny   ip 192.168.1.0 255.255.255.0 any 
! 
! Rule  3 (eth0)
access-list inside_acl_in permit ip 192.168.1.0 255.255.255.0 any 
! 
! Rule  4 (eth1)
icmp permit any 8  outside
access-list outside_acl_in permit icmp any interface outside 8 
icmp permit any 11  outside
access-list outside_acl_in permit icmp any interface outside 11 
! 
! Rule  5 (eth1)
access-list outside_acl_in permit icmp any any 8 
access-list outside_acl_in permit icmp any any 11 
! 
! Rule  6 (eth1,eth2)
access-list outside_acl_in permit icmp any interface outside 8 
access-list outside_acl_in permit icmp any interface outside 11 
icmp permit any 8  dmz
access-list dmz_acl_in permit icmp any host 192.168.2.1 8 
icmp permit any 11  dmz
access-list dmz_acl_in permit icmp any host 192.168.2.1 11 
! 
! Rule  9 (global)
! firewall1:Policy:9: error: Dynamic interface can be used in the policy rule only in v6.3 or later.

telnet 0.0.0.0 0.0.0.0 inside
telnet 0.0.0.0 0.0.0.0 dmz
ssh 0.0.0.0 0.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 dmz
! 
! Rule  11 (global)
! hostF has the same IP address as firewal.
icmp permit any 8  inside
access-list inside_acl_in permit icmp any host 192.168.1.1 8 
! 
! Rule  19 (global)
! 'masquerading' rule
access-list inside_acl_in permit ip 192.168.1.0 255.255.255.0 any 
! 
! Rule  20 (global)
! 'catch all' rule
access-list inside_acl_in deny   ip any any 
access-list outside_acl_in deny   ip any any 
access-list dmz_acl_in deny   ip any any 


access-group dmz_acl_in in interface dmz
access-group inside_acl_in in interface inside
access-group outside_acl_in in interface outside

! 
! Rule  0 (NAT)

access-list nat0.inside permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
nat (inside) 0 access-list nat0.inside
! 
! Rule  1 (NAT)
global (outside) 1 interface
nat (inside) 1 192.168.1.10 255.255.255.255 0 0
! 
! Rule  4 (NAT)
! firewall1:NAT:4: warning: Objects used in Original Source and Translated Source of the rule dictate that the same interface 'dmz' is going to be used as real and mapped interface in the generated nat command.

global (outside) 2 interface
nat (inside) 2 192.168.1.0 255.255.255.0 0 0
global (dmz) 2 interface
! 
nat (dmz) 2 192.168.2.0 255.255.255.0 0 0
! 
! 
! Rule  5 (NAT)
! firewall1:NAT:5: warning: Objects used in Original Source and Translated Source of the rule dictate that the same interface 'dmz' is going to be used as real and mapped interface in the generated nat command.

! 
! 
! 
!



!
! Epilog script:
!

! End of epilog script:
!