access-list 1 permit any
!
access-list 10 permit 0.0.0.0 0.0.0.0
!
device-context 1
session-filter WWW set dest-addr 69.79.196.14
!
device-context 1
ip prefix-list RFC1918 seq 5 permit 10.0.0.0/8 le 32
!
device-context 2
ip prefix-list RFC1918 seq 5 permit 10.0.0.0/8 le 32
!
vlan 1/14
tagged eth 2
router-interface ve 14
!
vlan 1/253
tagged eth 1
router-interface ve 253
name JAM-GI-MPBN
!
vlan 1/2475
tagged eth 1
router-interface ve 2475
name JAM-GI-INTERNAL
!
vlan 1/4005
tagged eth 1
router-interface ve 4005
name JAM-GI-INTERNAL
!
vlan 1/4006
tagged eth 1
router-interface ve 4006
name JAM-GI-INTERNET
!
vlan 1/4007
tagged eth 1
router-interface ve 4007
name JAM-vIMS-INTERNAL
!
vlan 2/14
tagged eth 1
router-interface ve 14
!
vlan 2/254
tagged eth 1
router-interface ve 254
name JAM-GI-MPBN
!
vlan 2/2475
tagged eth 1
router-interface ve 2475
name JAM-GI-INTERNAL
!
vlan 2/4005
tagged eth 1
router-interface ve 4005
� name JAM-GI-INTERNAL
!
vlan 2/4006
tagged eth 1
router-interface ve 4006
name JAM-GI-INTERNET
!
vlan 2/4007
tagged eth 1
router-interface ve 4007
name JAM-vIMS-INTERNAL
!
device-context 1
bfd enable
bfd interval 100 min-rx 100 multiplier 3
!
device-context 1
bfd enable
bfd interval 100 min-rx 100 multiplier 3
!
interface ve 1/14
name "VRRP-A GIFW1"
ip address 192.0.2.1 255.255.255.248
!
interface ve 1/253
name JAM-GI-MPBN
ip address 100.64.12.18 255.255.255.252
ip nat inside
!
interface ve 1/2475
name JAM-GI-INTERNAL
ip address 10.236.65.45 255.255.255.254
ip nat inside
!
interface ve 1/4005
name JAM-GI-INTERNAL
ip address 100.64.12.2 255.255.255.252
ip nat inside
!
interface ve 1/4006
name JAM-GI-INTERNET
ip address 69.79.196.9 255.255.255.254
ip nat outside
!
interface ve 1/4007
name JAM-vIMS-INTERNAL
ip address 100.64.12.10 255.255.255.252
ip nat inside
!
interface ve 2/14
name "VRRP-A GIFW1"
ip address 192.0.2.2 255.255.255.248
!
interface ve 2/254
name JAM-GI-MPBN
ip address 100.64.12.26 255.255.255.252
ip nat inside
!
�interface ve 2/2475
name JAM-GI-INTERNAL
ip address 10.236.65.47 255.255.255.254
ip nat inside
!
interface ve 2/4005
name JAM-GI-INTERNAL
ip address 100.64.12.6 255.255.255.252
ip nat inside
!
interface ve 2/4006
name JAM-GI-INTERNET
ip address 69.79.196.11 255.255.255.254
ip nat outside
!
interface ve 2/4007
name JAM-vIMS-INTERNAL
ip address 100.64.12.14 255.255.255.252
ip nat inside
!
!
vrrp-a vrid 1
device-context 1
blade-parameters
priority 200
tracking-options
route 0.0.0.0 0.0.0.0 priority-cost 100
route 100.64.12.0 255.255.255.252 priority-cost 100
route 100.64.12.8 255.255.255.252 priority-cost 100
route 100.64.12.16 255.255.255.252 priority-cost 100
gateway 100.64.12.1 priority-cost 100
device-context 2
blade-parameters
priority 180
tracking-options
route 0.0.0.0 0.0.0.0 priority-cost 100
route 100.64.12.4 255.255.255.252 priority-cost 100
route 100.64.12.12 255.255.255.252 priority-cost 100
route 100.64.12.24 255.255.255.252 priority-cost 100
gateway 100.64.12.5 priority-cost 100
!
ip nat pool DNS_SNAT_1 69.79.196.0 69.79.196.3 netmask /30 vrid 1
!
device-context 1
vrrp-a preferred-session-sync-port eth 2 vlan 14
!
device-context 2
vrrp-a preferred-session-sync-port eth 2 vlan 14
!
zone JAM-GI-INTERNAL
device-context 1
interface ve 253
interface ve 2475
interface ve 4005
device-context 2
interface ve 254
interface ve 2475
interface ve 4005
!
�zone JAM-GI-INTERNET
device-context 1
interface ve 4006
device-context 2
interface ve 4006
!
zone JAM-vIMS-INTERNAL
device-context 1
interface ve 4007
device-context 2
interface ve 4007
!
zone LOCAL
device-context 1
local-type
device-context 2
local-type
!
zone LOCAL_GIFW1
device-context 1
local-type
device-context 2
local-type
!
zone VRRP-HA
device-context 1
interface ve 14
device-context 2
interface ve 14
!
health monitor DNS_Check
method dns domain http://www.google.com
!
cgnv6 server DNS_10 69.79.207.230
health-check DNS_Check
port 53 udp
!
cgnv6 server DNS_11 69.79.207.231
health-check DNS_Check
port 53 udp
!
cgnv6 server DNS_12 69.79.207.232
health-check DNS_Check
port 53 udp
!
cgnv6 server DNS_13 69.79.207.233
health-check DNS_Check
port 53 udp
!
cgnv6 server DNS_15 69.79.207.235
health-check DNS_Check
port 53 udp
!
cgnv6 server DNS_16 69.79.207.236
health-check DNS_Check
port 53 udp
!
cgnv6 server Google 8.8.8.8
health-check-disable
� port 53 udp
health-check-disable
!
cgnv6 server JAM_KGN_SSR1 100.64.12.1
!
cgnv6 server JAM_KGN_SSR2 100.64.12.5
!
cgnv6 template dns CGNAT_DNS
default-policy cache
malformed-query drop
!
cgnv6 template http-alg client_ip_insert
request-insert-client-ip
!
cgnv6 lsn alg esp enable
!
cgnv6 lsn alg pptp enable
!
cgnv6 lsn alg rtsp enable
!
cgnv6 lsn alg sip enable
!
cgnv6 lsn alg mgcp enable
!
cgnv6 lsn alg h323 enable
!
cgnv6 lsn alg tftp enable
!
cgnv6 lsn endpoint-independent-mapping tcp
port 1024 to 65535
!
cgnv6 lsn endpoint-independent-mapping udp
port 1024 to 65535
!
cgnv6 lsn endpoint-independent-filtering tcp
port 1024 to 65535
!
cgnv6 lsn endpoint-independent-filtering udp
port 1024 to 65535
!
cgnv6 lsn stun-timeout tcp port 1 to 65535 4
!
cgnv6 lsn stun-timeout udp port 1 to 65535 4
!
cgnv6 nat pool Cayman_GI_Pool 192.131.37.129 netmask /25 vrid 1
!
cgnv6 nat pool DATASIM_NAT 96.43.169.65 netmask /32 vrid 1
!
cgnv6 nat pool GI_Pool_01 96.43.180.1 netmask /25 vrid 1
!
cgnv6 nat pool GI_Pool_02 96.43.180.129 netmask /25 vrid 1
!
cgnv6 nat pool GI_Pool_03 96.43.175.1 netmask /25 vrid 1
!
cgnv6 nat pool GI_Pool_FWA.BB.ANU1 69.79.196.56 netmask /29 vrid 1
!
cgnv6 nat pool GI_Pool_FWA.BB.BAH1 69.79.196.80 netmask /29 vrid 1
!
cgnv6 nat pool GI_Pool_FWA.BB.BAR1 69.79.196.72 netmask /29 vrid 1
�!
cgnv6 nat pool GI_Pool_FWA.BB.BVI1 69.79.196.64 netmask /29 vrid 1
!
cgnv6 nat pool GI_Pool_FWA.BB.CAY1 69.79.196.40 netmask /29 vrid 1
!
cgnv6 nat pool GI_Pool_FWA.BB.JAM1 69.79.196.88 netmask /29 vrid 1
!
cgnv6 nat pool vIMS_SES_NAT 69.79.196.14 netmask /32 vrid 1
!
cgnv6 nat pool vIMS_vNELS_NAT 69.79.196.13 netmask /32 vrid 1
!
cgnv6 nat pool-group GI_Pools_FWA.ANU
member GI_Pool_FWA.BB.ANU1
!
cgnv6 nat pool-group GI_Pools_FWA.BAH
member GI_Pool_FWA.BB.BAH1
!
cgnv6 nat pool-group GI_Pools_FWA.BAR
member GI_Pool_FWA.BB.BAR1
!
cgnv6 nat pool-group GI_Pools_FWA.BVI
member GI_Pool_FWA.BB.BVI1
!
cgnv6 nat pool-group GI_Pools_FWA.CAY
member GI_Pool_FWA.BB.CAY1
!
cgnv6 nat pool-group GI_Pools_FWA.JAM
member GI_Pool_FWA.BB.JAM1
!
cgnv6 nat pool-group Gi_Pools
member GI_Pool_01
member GI_Pool_02
member GI_Pool_03
!
cgnv6 nat pool-group Gi_Pools_Cayman
member Cayman_GI_Pool
!
cgnv6 dns64-virtualserver CGNAT_DNS_VIP_1 200.10.152.152
vrid 1
port 53 dns-udp
source-nat pool DNS_SNAT_1
template dns CGNAT_DNS
!
cgnv6 dns64-virtualserver CGNAT_DNS_VIP_2 208.131.164.86
vrid 1
port 53 dns-udp
source-nat pool DNS_SNAT_1
template dns CGNAT_DNS
!
cgnv6 lsn-rule-list LSN_Rules
default
tcp port 80 action template http-alg client_ip_insert
!
cgnv6 lsn-lid 10
source-nat-pool Gi_Pools
user-quota udp 2000 reserve 60
user-quota tcp 2000 reserve 60
!
cgnv6 lsn-lid 30
� source-nat-pool vIMS_vNELS_NAT
user-quota udp 2000 reserve 60
user-quota tcp 2000 reserve 60
!
cgnv6 lsn-lid 40
source-nat-pool DATASIM_NAT
user-quota udp 2000 reserve 60
user-quota tcp 2000 reserve 60
!
cgnv6 lsn-lid 50
source-nat-pool Cayman_GI_Pool
user-quota udp 2000 reserve 60
user-quota tcp 2000 reserve 60
!
cgnv6 lsn-lid 101
source-nat-pool GI_Pools_FWA.ANU
user-quota udp 4000 reserve 64
user-quota tcp 4000 reserve 64
!
cgnv6 lsn-lid 102
source-nat-pool GI_Pools_FWA.BVI
user-quota udp 4000 reserve 64
user-quota tcp 4000 reserve 64
!
cgnv6 lsn-lid 103
source-nat-pool GI_Pools_FWA.BAR
user-quota udp 4000 reserve 64
user-quota tcp 4000 reserve 64
!
cgnv6 lsn-lid 104
source-nat-pool GI_Pools_FWA.JAM
user-quota udp 4000 reserve 64
user-quota tcp 4000 reserve 64
!
cgnv6 lsn-lid 105
source-nat-pool GI_Pools_FWA.CAY
user-quota udp 4000 reserve 64
user-quota tcp 4000 reserve 64
!
cgnv6 lsn-lid 106
user-quota udp 4000 reserve 64
user-quota tcp 4000 reserve 64
!
cgnv6 lsn port-reservation inside 10.230.225.136 1024 65535 nat 69.79.196.14 1024
65535
!
cgnv6 lsn port-reservation inside 10.230.225.136 443 443 nat 69.79.196.14 443 443
!
device-context 1
router bgp 65004
bgp router-id 69.79.196.9
neighbor 69.79.196.8 remote-as 30689
neighbor 69.79.196.8 advertisement-interval 1
neighbor 69.79.196.8 description JAM-CAR-IGR01
neighbor 69.79.196.8 fall-over bfd
neighbor 69.79.196.8 route-map upstream_export out
neighbor 69.79.196.8 soft-reconfiguration inbound
neighbor 69.79.196.8 timers 3 10
neighbor 100.64.12.9 remote-as 65006
� neighbor 100.64.12.9 default-originate route-map VRID_Active
neighbor 100.64.12.9 fall-over bfd
neighbor 100.64.12.9 route-map Default_Only out
neighbor 100.64.12.9 soft-reconfiguration inbound
neighbor 100.64.12.9 timers 1 3
neighbor 100.64.12.17 remote-as 65009
neighbor 100.64.12.17 default-originate route-map VRID_Active
neighbor 100.64.12.17 description WDLG_SRR1
neighbor 100.64.12.17 fall-over bfd
neighbor 100.64.12.17 route-map Default_Only out
neighbor 100.64.12.17 soft-reconfiguration inbound
neighbor 100.64.12.17 timers 1 3
neighbor 100.64.12.1 remote-as 65005
neighbor 100.64.12.1 default-originate route-map VRID_Active
neighbor 100.64.12.1 fall-over bfd
neighbor 100.64.12.1 route-map CGN_IN in
neighbor 100.64.12.1 route-map Default_Only out
neighbor 100.64.12.1 soft-reconfiguration inbound
neighbor 100.64.12.1 timers 1 3
neighbor 10.236.65.44 remote-as 10278
neighbor 10.236.65.44 default-originate route-map VRID_Active
neighbor 10.236.65.44 description JAM_CARL_PE2_VPRN_2472
neighbor 10.236.65.44 fall-over bfd
neighbor 10.236.65.44 route-map Default_Only out
neighbor 10.236.65.44 soft-reconfiguration inbound
neighbor 10.236.65.44 timers 1 3
redistribute ip-nat
!
device-context 2
router bgp 65004
bgp router-id 69.79.196.11
neighbor 69.79.196.10 remote-as 30689
neighbor 69.79.196.10 advertisement-interval 1
neighbor 69.79.196.10 description JAM-MOB-IGR01
neighbor 69.79.196.10 fall-over bfd
neighbor 69.79.196.10 route-map upstream_export out
neighbor 69.79.196.10 soft-reconfiguration inbound
neighbor 69.79.196.10 timers 3 10
neighbor 100.64.12.5 remote-as 65005
neighbor 100.64.12.5 default-originate route-map VRID_Active
neighbor 100.64.12.5 description WDLG_SRR2
neighbor 100.64.12.5 fall-over bfd
neighbor 100.64.12.5 route-map CGN_IN in
neighbor 100.64.12.5 route-map Default_Only out
neighbor 100.64.12.5 soft-reconfiguration inbound
neighbor 100.64.12.5 timers 1 3
neighbor 100.64.12.13 remote-as 65006
neighbor 100.64.12.13 default-originate route-map VRID_Active
neighbor 100.64.12.13 fall-over bfd
neighbor 100.64.12.13 route-map Default_Only out
neighbor 100.64.12.13 soft-reconfiguration inbound
neighbor 100.64.12.13 timers 1 3
neighbor 100.64.12.25 remote-as 65009
neighbor 100.64.12.25 default-originate route-map VRID_Active
neighbor 100.64.12.25 description WDLG_SRR2
neighbor 100.64.12.25 fall-over bfd
neighbor 100.64.12.25 route-map Default_Only out
neighbor 100.64.12.25 soft-reconfiguration inbound
neighbor 100.64.12.25 timers 1 3
� neighbor 10.236.65.46 remote-as 10278
neighbor 10.236.65.46 default-originate route-map VRID_Active
neighbor 10.236.65.46 description JAM_CARL_PE3_VPRN_2472
neighbor 10.236.65.46 fall-over bfd
neighbor 10.236.65.46 route-map Default_Only out
neighbor 10.236.65.46 soft-reconfiguration inbound
neighbor 10.236.65.46 timers 1 3
redistribute ip-nat
!
device-context 1
route-map CGN_IN permit 10
set community no-advertise
!
device-context 1
route-map Default_Only permit 10
match group 1 active
match ip address 10
!
device-context 1
route-map VRID_Active permit 1
match group 1 active
!
device-context 1
route-map upstream_export deny 5
match ip address prefix-list RFC1918
!
device-context 1
route-map upstream_export permit 10
match group 1 active
!
device-context 2
route-map CGN_IN permit 10
set community no-advertise
!
device-context 2
route-map Default_Only permit 10
match group 1 active
match ip address 10
!
device-context 2
route-map VRID_Active permit 1
match group 1 active
!
device-context 2
route-map upstream_export deny 5
match ip address prefix-list RFC1918
!
device-context 2
route-map upstream_export permit 10
match group 1 active
!
sflow collector ip 127.0.0.1 6343
!
object network APN_DATASIM_96.43.169.65_32
10.55.35.0/30
!
object network APN_FWA.BB.ANU_10.108.128.0
10.108.128.0/19
!
�object network APN_FWA.BB.BAH_10.190.0.0
10.190.0.0/19
!
object network APN_FWA.BB.BAR_10.213.0.0
10.213.0.0/19
!
object network APN_FWA.BB.BVI_10.211.224.0
10.211.224.0/19
!
object network APN_FWA.BB.CAY_10.209.128.0
10.209.128.0/19
!
object network APN_FWA.BB.JAM_10.160.0.0
10.160.0.0/19
!
object network APN_GRX_ppinternet_10.4.128.0_17
10.4.128.0/17
!
object network APN_GRX_ppinternet_10.7.128.0_17
10.7.128.0/17
!
object network APN_PCEFTEST1_96.43.169.65_32
10.64.0.32/28
!
object network APN_PCEFTEST_96.43.169.65_32
10.68.128.0/28
!
object network APN_Skymond_10.108.224.0_20
10.108.224.0/20
!
object network APN_bb_fwa_100.95.0.0_19
100.95.0.0/19
!
object network APN_bb_fwa_100.95.160.0_22
100.95.160.0/22
!
object network APN_bb_fwa_100.95.164.0_22
100.95.164.0/22
!
object network APN_bb_fwa_100.95.64.0_19
100.95.64.0/19
!
object network APN_blackberry.net_10.80.0.0_16
10.80.0.0/16
!
object network APN_cayman_bb_fwa_100.95.32.0_19
100.95.32.0/19
!
object network APN_cayman_bb_fwa_100.95.96.0_19
100.95.96.0/19
!
object network APN_cayman_internet_10.4.0.0_17
10.4.0.0/17
!
object network APN_cayman_internet_10.54.32.0_24
10.54.32.0/24
!
object network APN_cayman_internet_10.54.33.0_25
10.54.33.0/25
�!
object network APN_cayman_internet_10.7.0.0_17
10.7.0.0/17
!
object network APN_cayman_internet_100.80.0.0_15
100.80.0.0/15
!
object network APN_cayman_internet_100.82.0.0_15
100.82.0.0/15
!
object network APN_fbb_anu_ppinternet_10.236.192.0_18
10.236.192.0/18
!
object network APN_fbb_anu_pub_ppinternet_207.204.108.0_26
207.204.108.0/26
!
object network APN_fbb_axa_ppinternet_10.238.88.0_21
10.238.88.0/21
!
object network APN_fbb_axa_pub_ppinternet_207.204.108.64_26
207.204.108.64/26
!
object network APN_fbb_dom_ppinternet_10.252.0.0_19
10.252.0.0/19
!
object network APN_fbb_dom_pub_ppinternet_207.204.108.128_26
207.204.108.128/26
!
object network APN_fbb_tci_ppinternet_10.238.224.0_21
10.238.224.0/21
!
object network APN_fbb_tci_pub_ppinternet_207.204.108.192_26
207.204.108.192/26
!
object network APN_internet_10.199.10.0_23
10.199.10.0/23
!
object network APN_internet_10.88.0.0_17
10.88.0.0/17
!
object network APN_internet_10.92.64.0_19
10.92.64.0/19
!
object network APN_internet_100.64.0.0_15
100.64.0.0/15
!
object network APN_internet_100.66.0.0_15
100.66.0.0/15
!
object network APN_internet_100.68.0.0_15
100.68.0.0/15
!
object network APN_internet_100.70.0.0_15
100.70.0.0/15
!
object network APN_internet_100.72.0.0_15
100.72.0.0/15
!
object network APN_internet_100.74.0.0_15
� 100.74.0.0/15
!
object network APN_internet_100.76.0.0_15
100.76.0.0/15
!
object network APN_internet_10_40_0_0_24
10.40.0.0/24
!
object network APN_internet_10_53.0.0_20
10.53.0.0/20
!
object network APN_internet_10_55_32_0_23
10.55.32.0/23
!
object network APN_internet_roam_100.78.128.0_17
100.78.128.0/17
!
object network APN_internet_roam_100.78.16.0_20
100.78.16.0/20
!
object network APN_internet_roam_100.78.32.0_19
100.78.32.0/19
!
object network APN_internet_roam_100.78.64.0_18
100.78.64.0/18
!
object network APN_internet_roam_100.79.0.0_16
100.79.0.0/16
!
object network APN_internet_roam_100.94.128.0_17
100.78.128.0/17
!
object network APN_internet_roam_100.94.16.0_20
100.78.16.0/20
!
object network APN_internet_roam_100.94.32.0_19
100.78.32.0/19
!
object network APN_internet_roam_100.94.64.0_18
100.78.64.0/18
!
object network APN_ppinternet_10.5.0.0_16
10.5.0.0/16
!
object network APN_ppinternet_10.81.0.0_16
10.81.0.0/16
!
object network APN_ppinternet_10.82.0.0_15
10.82.0.0/15
!
object network APN_ppinternet_10.84.0.0_16
10.84.0.0/16
!
object network APN_ppinternet_10.88.128.0_17
10.88.128.0/17
!
object network APN_ppinternet_10.89.0.0_17
10.89.0.0/17
!
�object network APN_ppinternet_10.89.128.0_17
10.89.128.0/17
!
object network APN_ppinternet_10.90.0.0_17
10.90.0.0/17
!
object network APN_ppinternet_10.90.128.0_17
10.90.128.0/17
!
object network APN_ppinternet_10.92.128.0_17
10.92.128.0/17
!
object network APN_ppinternet_10.94.0.0_17
10.94.0.0/17
!
object network APN_ppinternet_10.94.128.0_17
10.94.128.0/17
!
object network APN_ppinternet_10.95.0.0_17
10.95.0.0/17
!
object network APN_ppinternet_10.95.128.0_17
10.95.128.0/17
!
object network APN_ppinternet_10.96.0.0_12
10.96.0.0/12
!
object network APN_ppinternet_100.78.0.0_20
100.78.0.0/20
!
object network APN_ppinternet_100.84.0.0_15
100.84.0.0/15
!
object network APN_ppinternet_100.86.0.0_15
100.86.0.0/15
!
object network APN_ppinternet_100.88.0.0_15
100.88.0.0/15
!
object network APN_ppinternet_100.90.0.0_15
100.90.0.0/15
!
object network APN_ppinternet_100.92.0.0_15
100.92.0.0/15
!
object network APN_ppinternet_100.94.0.0_20
100.94.0.0/20
!
object network APN_ppinternet_100.96.0.0_12
100.96.0.0/12
!
object network APN_testint-btc_10.150.196.0_24
10.150.196.0/24
!
object network APN_vIMS_ePDG_69.79.196.12_32
69.79.196.12/32
!
object network APN_vIMS_vNELS_10.230.225.144_28
10.230.225.144/28
�!
object network apn_bb.fwa.jmca.test_96.43.169.65_32
10.236.66.80/28
!
object network apn_internet.jmca.test_96.43.169.65_32
10.236.66.16/28
!
object network apn_internet.test_96.43.169.65_32
10.236.66.64/28
!
object network apn_local.jmca.dpi.test_jam_96.43.169.65_32
10.236.66.48/28
!
object network apn_ppinternet.jmca.test_96.43.169.65_32
10.236.66.32/28
!
object network apn_roaming.jmca.test_96.43.169.65_32
10.236.66.0/28
!
object-group network Cayman_Internet_APNs fw v4
object APN_cayman_internet_10.7.0.0_17
object APN_cayman_internet_10.54.32.0_24
object APN_cayman_internet_10.54.33.0_25
object APN_cayman_internet_10.4.0.0_17
object APN_cayman_internet_100.80.0.0_15
object APN_cayman_internet_100.82.0.0_15
object APN_cayman_bb_fwa_100.95.32.0_19
object APN_cayman_bb_fwa_100.95.96.0_19
!
object-group network Internet_APNs fw v4
object APN_ppinternet_10.88.128.0_17
object APN_ppinternet_10.89.0.0_17
object APN_ppinternet_10.90.0.0_17
object APN_internet_10.88.0.0_17
object APN_blackberry.net_10.80.0.0_16
object APN_testint-btc_10.150.196.0_24
object APN_ppinternet_10.94.128.0_17
object APN_ppinternet_10.95.128.0_17
object APN_ppinternet_10.89.128.0_17
object APN_ppinternet_10.94.0.0_17
object APN_ppinternet_10.95.0.0_17
object APN_fbb_anu_ppinternet_10.236.192.0_18
object APN_fbb_axa_ppinternet_10.238.88.0_21
object APN_fbb_dom_ppinternet_10.252.0.0_19
object APN_fbb_tci_ppinternet_10.238.224.0_21
object APN_ppinternet_10.81.0.0_16
object APN_ppinternet_10.82.0.0_15
object APN_ppinternet_10.84.0.0_16
object APN_internet_10_53.0.0_20
object APN_internet_10.199.10.0_23
object APN_internet_10.92.64.0_19
object APN_ppinternet_10.90.128.0_17
object APN_internet_10_55_32_0_23
object APN_ppinternet_10.92.128.0_17
object APN_internet_10_40_0_0_24
object APN_ppinternet_10.5.0.0_16
object APN_GRX_ppinternet_10.4.128.0_17
object APN_GRX_ppinternet_10.7.128.0_17
object APN_Skymond_10.108.224.0_20
� object APN_ppinternet_10.96.0.0_12
object APN_ppinternet_100.96.0.0_12
object APN_ppinternet_100.78.0.0_20
object APN_ppinternet_100.94.0.0_20
object APN_internet_100.64.0.0_15
object APN_internet_100.66.0.0_15
object APN_internet_100.68.0.0_15
object APN_internet_100.70.0.0_15
object APN_internet_100.72.0.0_15
object APN_internet_100.74.0.0_15
object APN_internet_100.76.0.0_15
object APN_internet_roam_100.78.16.0_20
object APN_internet_roam_100.78.32.0_19
object APN_internet_roam_100.78.64.0_18
object APN_internet_roam_100.78.128.0_17
object APN_internet_roam_100.79.0.0_16
object APN_internet_roam_100.94.16.0_20
object APN_internet_roam_100.94.32.0_19
object APN_internet_roam_100.94.64.0_18
object APN_internet_roam_100.94.128.0_17
object APN_ppinternet_100.84.0.0_15
object APN_ppinternet_100.86.0.0_15
object APN_ppinternet_100.88.0.0_15
object APN_ppinternet_100.90.0.0_15
object APN_ppinternet_100.92.0.0_15
object APN_bb_fwa_100.95.0.0_19
object APN_bb_fwa_100.95.164.0_22
object APN_bb_fwa_100.95.64.0_19
object APN_bb_fwa_100.95.160.0_22
!
object-group network Internet_APNs_FWA.BB.ANU fw v4
object APN_FWA.BB.ANU_10.108.128.0
!
object-group network Internet_APNs_FWA.BB.BAH fw v4
object APN_FWA.BB.BAH_10.190.0.0
!
object-group network Internet_APNs_FWA.BB.BAR fw v4
object APN_FWA.BB.BAR_10.213.0.0
!
object-group network Internet_APNs_FWA.BB.BVI fw v4
object APN_FWA.BB.BVI_10.211.224.0
!
object-group network Internet_APNs_FWA.BB.CAY fw v4
object APN_FWA.BB.CAY_10.209.128.0
!
object-group network Internet_APNs_FWA.BB.JAM fw v4
object APN_FWA.BB.JAM_10.160.0.0
!
object-group network LLA_TEST_APNs fw v4
object APN_DATASIM_96.43.169.65_32
object APN_PCEFTEST_96.43.169.65_32
object APN_PCEFTEST1_96.43.169.65_32
object apn_roaming.jmca.test_96.43.169.65_32
object apn_internet.jmca.test_96.43.169.65_32
object apn_ppinternet.jmca.test_96.43.169.65_32
object apn_internet.test_96.43.169.65_32
object apn_bb.fwa.jmca.test_96.43.169.65_32
object apn_local.jmca.dpi.test_jam_96.43.169.65_32
!
�object-group network Public_IP_Internet_APNs fw v4
object APN_fbb_anu_pub_ppinternet_207.204.108.0_26
object APN_fbb_axa_pub_ppinternet_207.204.108.64_26
object APN_fbb_dom_pub_ppinternet_207.204.108.128_26
object APN_fbb_tci_pub_ppinternet_207.204.108.192_26
!
object-group service DNS_PORTS
tcp eq 53
udp eq 53
!
rule-set APN_GI_RULESET
rule VRRP-SYNC
action permit forward
source ipv4-address 192.0.2.0/29
source zone VRRP-HA
dest ipv4-address any
dest zone LOCAL
service any
rule APN_DNS
action permit forward
source ipv4-address any
source zone JAM-GI-INTERNAL
dest ipv4-address 200.10.152.152/32
dest ipv4-address 208.131.164.86/32
dest zone any
service any
rule APN_Internet
action permit cgnv6 lsn-lid 10
source object-group Internet_APNs
source zone JAM-GI-INTERNAL
dest ipv4-address any
dest zone JAM-GI-INTERNET
service any
rule Public_IP_APN_Internet
action permit forward
source object-group Public_IP_Internet_APNs
source zone JAM-GI-INTERNAL
dest ipv4-address any
dest zone JAM-GI-INTERNET
service any
rule Internet_Public_IP_APN
action permit forward
source ipv4-address any
source zone JAM-GI-INTERNET
dest object-group Public_IP_Internet_APNs
dest zone JAM-GI-INTERNAL
service any
rule APN_vIMS_vNELS
action permit cgnv6 lsn-lid 30
source object APN_vIMS_vNELS_10.230.225.144_28
source zone JAM-vIMS-INTERNAL
dest ipv4-address any
dest zone JAM-GI-INTERNET
service any
rule APN_vIMS_ePDG_Internet
action permit forward
source object APN_vIMS_ePDG_69.79.196.12_32
source zone JAM-vIMS-INTERNAL
dest ipv4-address any
� dest zone JAM-GI-INTERNET
service any
rule Internet_vIMS_ePDG_APN
action permit forward
source ipv4-address any
source zone JAM-GI-INTERNET
dest object APN_vIMS_ePDG_69.79.196.12_32
dest zone JAM-vIMS-INTERNAL
service any
rule Cayman_APN_Internet
action permit cgnv6 lsn-lid 50
source object-group Cayman_Internet_APNs
source zone JAM-GI-INTERNAL
dest ipv4-address any
dest zone JAM-GI-INTERNET
service any
rule APN_Internet_FWA.BB.JAM
action permit cgnv6 lsn-lid 104
source object-group Internet_APNs_FWA.BB.JAM
source zone JAM-GI-INTERNAL
dest ipv4-address any
dest zone JAM-GI-INTERNET
service any
rule VRRP-A
action permit forward
source ipv4-address any
source zone any
dest ipv4-address 224.0.0.210/32
dest zone any
service udp
rule BGP-Outside
action permit forward
source ipv4-address 69.79.196.8/30
source zone JAM-GI-INTERNET
dest ipv4-address any
dest zone LOCAL
service any
rule APN_DATASIM
action permit cgnv6 lsn-lid 40
source object-group LLA_TEST_APNs
source zone JAM-GI-INTERNAL
dest ipv4-address any
dest zone JAM-GI-INTERNET
service any
rule APN_vIMS_SES_outside
action permit cgnv6
source ipv4-address any
source zone any
dest ipv4-address 69.79.196.14/32
dest zone any
service any
rule APN_Internet_FWA.BB.ANU
action permit cgnv6 lsn-lid 101
source object-group Internet_APNs_FWA.BB.ANU
source zone JAM-GI-INTERNAL
dest ipv4-address any
dest zone JAM-GI-INTERNET
service any
rule APN_Internet_FWA.BB.BVI
� action permit cgnv6 lsn-lid 102
source object-group Internet_APNs_FWA.BB.BVI
source zone JAM-GI-INTERNAL
dest ipv4-address any
dest zone JAM-GI-INTERNET
service any
rule APN_Internet_FWA.BB.BAR
action permit cgnv6 lsn-lid 103
source object-group Internet_APNs_FWA.BB.BAR
source zone JAM-GI-INTERNAL
dest ipv4-address any
dest zone JAM-GI-INTERNET
service any
rule APN_Internet_FWA.BB.CAY
action permit cgnv6 lsn-lid 105
source object-group Internet_APNs_FWA.BB.CAY
source zone JAM-GI-INTERNAL
dest ipv4-address any
dest zone JAM-GI-INTERNET
service any
rule APN_Internet_FWA.BB.BAH
action permit cgnv6 lsn-lid 106
source object-group Internet_APNs_FWA.BB.BAH
source zone JAM-GI-INTERNAL
dest ipv4-address any
dest zone JAM-GI-INTERNET
service any
rule BGP-Inside_2
action permit forward
source ipv4-address 100.64.12.8/29
source ipv4-address 100.64.12.24/29
source zone JAM-GI-INTERNAL
dest ipv4-address any
dest zone LOCAL
service any
rule BGP-Inside
action permit forward
source ipv4-address 100.64.12.0/30
source ipv4-address 100.64.12.4/30
source ipv4-address 100.64.12.16/29
source zone JAM-GI-INTERNAL
dest ipv4-address any
dest zone LOCAL
service any
rule ICMP
action permit forward
source ipv4-address any
source zone any
dest ipv4-address any
dest zone LOCAL
service icmp
rule ICMP_Internal
action permit forward
source ipv4-address any
source zone JAM-GI-INTERNAL
dest ipv4-address any
dest zone any
service icmp
rule Deny_All
� source ipv4-address any
source zone any
dest ipv4-address any
dest zone any
service any
!
fw vrid 1
!
fw active-rule-set APN_GI_RULESET
