set firewall name ZFAX_ACCESS_IN default-action ‘drop’
set firewall name ZFAX_ACCESS_IN rule 10 action ‘accept’
set firewall name ZFAX_ACCESS_IN rule 10 description ‘TCP to ZFAX’
set firewall name ZFAX_ACCESS_IN rule 10 destination address ‘172.18.233.14’
set firewall name ZFAX_ACCESS_IN rule 10 destination port ‘25’
set firewall name ZFAX_ACCESS_IN rule 10 protocol ‘tcp’
set firewall name ZFAX_ACCESS_IN rule 10 source group network-group ‘ZFAX-SENDERS’
set firewall name ZFAX_ACCESS_IN rule 20 action ‘accept’
set firewall name ZFAX_ACCESS_IN rule 20 description ‘Allowed IPs to ZFAX’
set firewall name ZFAX_ACCESS_IN rule 20 destination address ‘172.18.233.14’
set firewall name ZFAX_ACCESS_IN rule 20 source group network-group ‘ZFAX-ALLOWED-IPS’
set firewall name ZFAX_ACCESS_IN rule 500 action ‘accept’
set firewall name ZFAX_ACCESS_IN rule 500 state established ‘enable’
set firewall name ZFAX_ACCESS_IN rule 500 state related ‘enable’
set firewall name outside_access_in default-action ‘drop’
set firewall name outside_access_in ‘enable-default-log’
set firewall name outside_access_in rule 10 action ‘accept’
set firewall name outside_access_in rule 10 description ‘allow icmp’
set firewall name outside_access_in rule 10 protocol ‘icmp’
set firewall name outside_access_in rule 20 action ‘accept’
set firewall name outside_access_in rule 20 description ‘Allow Customer Private Network Traffic’
set firewall name outside_access_in rule 20 source group network-group ‘Allowed_Private_Traffic’
set firewall name outside_access_in rule 21 action ‘accept’
set firewall name outside_access_in rule 21 description ‘Allow SSH access from Zthernet’
set firewall name outside_access_in rule 21 destination port ‘22’
set firewall name outside_access_in rule 21 protocol ‘tcp’
set firewall name outside_access_in rule 21 source group address-group ‘Zthernet_SSH_Access’
set firewall name outside_access_in rule 30 action ‘accept’
set firewall name outside_access_in rule 30 description ‘Allow ISAKMP’
set firewall name outside_access_in rule 30 destination port ‘500’
set firewall name outside_access_in rule 30 protocol ‘udp’
set firewall name outside_access_in rule 30 source group address-group ‘Site-to-Site_VPN_Peers’
set firewall name outside_access_in rule 40 action ‘accept’
set firewall name outside_access_in rule 40 description ‘Allow ESP’
set firewall name outside_access_in rule 40 protocol ‘esp’
set firewall name outside_access_in rule 40 source group address-group ‘Site-to-Site_VPN_Peers’
set firewall name outside_access_in rule 50 action ‘accept’
set firewall name outside_access_in rule 50 description ‘Incoming VPN Traffic’
set firewall name outside_access_in rule 50 source group network-group ‘VPN_Traffic’
set firewall name outside_access_in rule 90 action ‘accept’
set firewall name outside_access_in rule 90 description ‘ScreenConnect Ports’
set firewall name outside_access_in rule 90 destination address ‘172.18.233.10/32’
set firewall name outside_access_in rule 90 destination port ‘80,443,8040,8041’
set firewall name outside_access_in rule 90 protocol ‘tcp’
set firewall name outside_access_in rule 100 action ‘accept’
set firewall name outside_access_in rule 100 description ‘Allow TCP PORTS to zDC16’
set firewall name outside_access_in rule 100 destination address ‘172.18.233.20/32’
set firewall name outside_access_in rule 100 destination group port-group ‘SOFTETHER’
set firewall name outside_access_in rule 110 action ‘accept’
set firewall name outside_access_in rule 110 description ‘TCP443 to NMS’
set firewall name outside_access_in rule 170 action ‘accept’
set firewall name outside_access_in rule 170 description ‘Allow HTTPS to SCREENCONNECT’
set firewall name outside_access_in rule 170 destination address ‘172.18.233.45/32’
set firewall name outside_access_in rule 170 destination port ‘443,8041’
set firewall name outside_access_in rule 170 protocol ‘tcp’
set firewall name outside_access_in rule 205 action ‘accept’
set firewall name outside_access_in rule 205 description ‘PRIVATE BACKUP SERVERS to ZCLOUDBACKUP’
set firewall name outside_access_in rule 205 destination address ‘172.18.233.34’
set firewall name outside_access_in rule 205 protocol ‘tcp’
set firewall name outside_access_in rule 205 source group address-group ‘PRIV_IPs_TO_BCKUP_SERVERS’
set firewall name outside_access_in rule 210 action ‘accept’
set firewall name outside_access_in rule 210 description ‘PRIVATE VMWARE SERVERS to ZVM’
set firewall name outside_access_in rule 210 destination address ‘172.18.233.16’
set firewall name outside_access_in rule 210 source group address-group ‘VMWARE_SERVERS’
set firewall name outside_access_in rule 220 action ‘accept’
set firewall name outside_access_in rule 220 description ‘Allow UDP PORTS to LABTECH’
set firewall name outside_access_in rule 220 destination address ‘172.18.233.107/32’
set firewall name outside_access_in rule 220 destination group port-group ‘LABTECH_UDP’
set firewall name outside_access_in rule 220 protocol ‘udp’
set firewall name outside_access_in rule 230 action ‘accept’
set firewall name outside_access_in rule 230 description ‘Allow TCP PORTS to LABTECH’
set firewall name outside_access_in rule 230 destination address ‘172.18.233.107/32’
set firewall name outside_access_in rule 230 destination group port-group ‘LABTECH_TCP’
set firewall name outside_access_in rule 230 protocol ‘tcp’
set firewall name outside_access_in rule 240 action ‘accept’
set firewall name outside_access_in rule 240 description ‘Allow TCP PORTS to ZSP-CMD’
set firewall name outside_access_in rule 240 destination address ‘172.18.233.23/32’
set firewall name outside_access_in rule 240 destination group port-group ‘ZSP-CMD_TCP’
set firewall name outside_access_in rule 240 protocol ‘tcp’
set firewall name outside_access_in rule 250 action ‘accept’
set firewall name outside_access_in rule 250 description ‘Allow ShadowProtect access to zSP-CMD’
set firewall name outside_access_in rule 250 destination address ‘172.18.233.23/32’
set firewall name outside_access_in rule 250 destination port ‘22’
set firewall name outside_access_in rule 250 protocol ‘tcp’
set firewall name outside_access_in rule 250 source group address-group ‘zSP-CMD_Access’
set firewall name outside_access_in rule 255 action ‘accept’
set firewall name outside_access_in rule 255 description ‘Allow TCP443 to ZMANAGE’
set firewall name outside_access_in rule 255 destination address ‘172.18.233.17/32’
set firewall name outside_access_in rule 255 destination port ‘443’
set firewall name outside_access_in rule 255 protocol ‘tcp’
set firewall name outside_access_in rule 260 action ‘accept’
set firewall name outside_access_in rule 260 description ‘Allow ZTHERBOX_TCP to ZTHERBOX’
set firewall name outside_access_in rule 260 destination address ‘172.18.233.99/32’
set firewall name outside_access_in rule 260 destination group port-group ‘ZTHERBOX_TCP’
set firewall name outside_access_in rule 260 protocol ‘tcp’
set firewall name outside_access_in rule 282 action ‘accept’
set firewall name outside_access_in rule 282 description ‘Allow TCP389 to ZDC for TXNeuro-WG DualFactor Auth’
set firewall name outside_access_in rule 282 destination address ‘172.18.233.20/32’
set firewall name outside_access_in rule 282 destination port ‘389,636’
set firewall name outside_access_in rule 282 protocol ‘tcp’
set firewall name outside_access_in rule 282 source address ‘146.88.x.x/32’
set firewall name outside_access_in rule 290 action ‘accept’
set firewall name outside_access_in rule 290 description ‘Allow TCP25 from FuseMail to ZMAIL’
set firewall name outside_access_in rule 290 destination address ‘172.18.233.19/32’
set firewall name outside_access_in rule 290 destination port ‘25’
set firewall name outside_access_in rule 290 protocol ‘tcp’
set firewall name outside_access_in rule 290 source group network-group ‘FuseMail’
set firewall name outside_access_in rule 292 action ‘accept’
set firewall name outside_access_in rule 292 description ‘Allow TCP389 to ZDC’
set firewall name outside_access_in rule 292 destination address ‘172.18.233.20/32’
set firewall name outside_access_in rule 292 destination port ‘389,636’
set firewall name outside_access_in rule 292 protocol ‘tcp’
set firewall name outside_access_in rule 292 source group network-group ‘FuseMail’
set firewall name outside_access_in rule 300 action ‘accept’
set firewall name outside_access_in rule 300 description ‘Allow TCP PORTS to UNIFI16’
set firewall name outside_access_in rule 300 destination address ‘172.18.233.30/32’
set firewall name outside_access_in rule 300 destination group port-group ‘UNIFI_TCP’
set firewall name outside_access_in rule 300 protocol ‘tcp’
set firewall name outside_access_in rule 310 action ‘accept’
set firewall name outside_access_in rule 310 description ‘Allow TCP PORTS to UNIFI16’
set firewall name outside_access_in rule 310 destination address ‘172.18.233.30/32’
set firewall name outside_access_in rule 310 destination group port-group ‘UNIFI_UDP’
set firewall name outside_access_in rule 310 protocol ‘udp’
set firewall name outside_access_out default-action ‘accept’
set firewall name outside_access_out rule 10 action ‘accept’
set firewall name outside_access_out rule 10 description ‘Allow Customer Private Network Traffic’
set firewall name outside_access_out rule 10 destination group network-group ‘Allowed_Private_Traffic’
set firewall receive-redirects ‘disable’
set firewall send-redirects ‘disable’
set firewall source-validation ‘disable’
set firewall syn-cookies ‘enable’
set firewall twa-hazards-protection ‘disable’
set interfaces ethernet eth0 address ‘146.88.x.x/24’
set interfaces ethernet eth0 description ‘Outside’
set interfaces ethernet eth0 duplex ‘auto’
set interfaces ethernet eth0 firewall in name ‘outside_access_in’
set interfaces ethernet eth0 firewall local name ‘outside_access_in’
set interfaces ethernet eth0 hw-id ‘00:50:56:bd:0a:fe’
set interfaces ethernet eth0 smp_affinity ‘auto’
set interfaces ethernet eth0 speed ‘auto’
set interfaces ethernet eth1 address ‘172.18.233.223/24’
set interfaces ethernet eth1 description ‘Inside’
set interfaces ethernet eth1 duplex ‘auto’
set interfaces ethernet eth1 hw-id ‘00:50:56:bd:e5:78’
set interfaces ethernet eth1 policy route ‘SERVERS_USING_OLD_PUBLIC_IPS’
set interfaces ethernet eth1 smp_affinity ‘auto’
set interfaces ethernet eth1 speed ‘auto’
set interfaces ethernet eth2 duplex ‘auto’
set interfaces ethernet eth2 firewall in name ‘outside_access_in’
set interfaces ethernet eth2 firewall local name ‘outside_access_in’
set interfaces ethernet eth2 hw-id ‘00:50:56:bd:01:dd’
set interfaces ethernet eth2 smp_affinity ‘auto’
set interfaces ethernet eth2 speed ‘auto’
set interfaces ethernet eth3 address ‘72.29.X.X/27’
set interfaces ethernet eth3 address ‘72.29.X.X/27’
set interfaces ethernet eth3 address ‘206.123.X.X/27’
set interfaces ethernet eth3 duplex ‘auto’
set interfaces ethernet eth3 firewall in name ‘outside_access_in’
set interfaces ethernet eth3 firewall local name ‘outside_access_in’
set interfaces ethernet eth3 hw-id ‘00:50:56:bd:49:a7’
set interfaces ethernet eth3 smp_affinity ‘auto’
set interfaces ethernet eth3 speed ‘auto’
set interfaces ethernet eth4 duplex ‘auto’
set interfaces ethernet eth4 hw-id ‘00:50:56:bd:16:1f’
set interfaces ethernet eth4 smp_affinity ‘auto’
set interfaces ethernet eth4 speed ‘auto’
set interfaces loopback ‘lo’