
config {
  shared {
    application;
    application-group;
    service;
    service-group;
    botnet {
      configuration {
        http {
          dynamic-dns {
            enabled yes;
            threshold 5;
          }
          malware-sites {
            enabled yes;
            threshold 5;
          }
          recent-domains {
            enabled yes;
            threshold 5;
          }
          ip-domains {
            enabled yes;
            threshold 10;
          }
          executables-from-unknown-sites {
            enabled yes;
            threshold 5;
          }
        }
        other-applications {
          irc yes;
        }
        unknown-applications {
          unknown-tcp {
            destinations-per-hour 10;
            sessions-per-hour 10;
            session-length {
              maximum-bytes 100;
              minimum-bytes 50;
            }
          }
          unknown-udp {
            destinations-per-hour 10;
            sessions-per-hour 10;
            session-length {
              maximum-bytes 100;
              minimum-bytes 50;
            }
          }
        }
      }
      report {
        topn 100;
        scheduled yes;
      }
    }
  }
  devices {
    localhost.localdomain {
      network {
        interface {
          ethernet {
            ethernet1/2 {
              layer3 {
                lldp {
                  profile lldp-01;
                  enable yes;
                }
                units {
                  ethernet1/2.101 {
                    tag 101;
                    ip {
                      ethernet1-2-101;
                    }
                  }
                  ethernet1/2.102 {
                    tag 102;
                    ip {
                      ethernet1-2-102;
                    }
                  }
                  ethernet1/2.103 {
                    tag 103;
                    ip {
                      ethernet1-2-103;
                    }
                  }
                  ethernet1/2.104 {
                    tag 104;
                    ip {
                      ethernet1-2-104;
                    }
                  }
                  ethernet1/2.105 {
                    tag 105;
                    ip {
                      ethernet1-2-105;
                    }
                  }
                  ethernet1/2.108 {
                    tag 108;
                    ip {
                      ethernet1-2-108;
                    }
                  }
                }
              }
            }
            ethernet1/1 {
              layer3 {
                lldp {
                  profile lldp-01;
                  enable yes;
                }
                units {
                  ethernet1/1.101 {
                    tag 101;
                    ip {
                      ethernet1-1-101;
                    }
                  }
                  ethernet1/1.102 {
                    tag 102;
                    ip {
                      ethernet1-1-102;
                    }
                  }
                  ethernet1/1.103 {
                    tag 103;
                    ip {
                      ethernet1-1-103;
                    }
                  }
                  ethernet1/1.104 {
                    tag 104;
                    ip {
                      ethernet1-1-104;
                    }
                  }
                  ethernet1/1.105 {
                    tag 105;
                    ip {
                      ethernet1-1-105;
                    }
                  }
                  ethernet1/1.108 {
                    tag 108;
                    ip {
                      ethernet1-1-108;
                    }
                  }
                }
              }
            }
          }
          loopback {
            units {
              loopback.10;
              loopback.11;
              loopback.12;
            }
          }
        }
        profiles {
          monitor-profile {
            default {
              interval 3;
              threshold 5;
              action wait-recover;
            }
          }
          lldp-profile {
            lldp-01 {
              mode transmit-receive;
              option-tlvs {
                system-name yes;
                system-description yes;
                port-description yes;
                system-capabilities yes;
                management-address {
                  enabled yes;
                }
              }
            }
          }
        }
        ike {
          crypto-profiles {
            ike-crypto-profiles {
              default {
                encryption [ aes-128-cbc 3des];
                hash sha1;
                dh-group group2;
                lifetime {
                  hours 8;
                }
              }
              Suite-B-GCM-128 {
                encryption aes-128-cbc;
                hash sha256;
                dh-group group19;
                lifetime {
                  hours 8;
                }
              }
              Suite-B-GCM-256 {
                encryption aes-256-cbc;
                hash sha384;
                dh-group group20;
                lifetime {
                  hours 8;
                }
              }
            }
            ipsec-crypto-profiles {
              default {
                esp {
                  encryption [ aes-128-cbc 3des];
                  authentication sha1;
                }
                dh-group group2;
                lifetime {
                  hours 1;
                }
              }
              Suite-B-GCM-128 {
                esp {
                  encryption aes-128-gcm;
                  authentication none;
                }
                dh-group group19;
                lifetime {
                  hours 1;
                }
              }
              Suite-B-GCM-256 {
                esp {
                  encryption aes-256-gcm;
                  authentication none;
                }
                dh-group group20;
                lifetime {
                  hours 1;
                }
              }
            }
            global-protect-app-crypto-profiles {
              default {
                encryption aes-128-cbc;
                authentication sha1;
              }
            }
          }
        }
        qos {
          profile {
            default {
              class {
                class1 {
                  priority real-time;
                }
                class2 {
                  priority high;
                }
                class3 {
                  priority high;
                }
                class4 {
                  priority medium;
                }
                class5 {
                  priority medium;
                }
                class6 {
                  priority low;
                }
                class7 {
                  priority low;
                }
                class8 {
                  priority low;
                }
              }
            }
          }
        }
        virtual-router {
          default {
            protocol {
              bgp {
                enable no;
                dampening-profile {
                  default {
                    cutoff 1.25;
                    reuse 0.5;
                    max-hold-time 900;
                    decay-half-life-reachable 300;
                    decay-half-life-unreachable 900;
                    enable yes;
                  }
                }
              }
              ospf {
                router-id 10.10.4.40;
                area {
                  0.0.0.0 {
                    type {
                      normal;
                    }
                    interface {
                      ethernet1/1.101 {
                        enable yes;
                        link-type {
                          broadcast;
                        }
                      }
                      ethernet1/1.102 {
                        enable yes;
                        link-type {
                          broadcast;
                        }
                      }
                      ethernet1/1.103 {
                        enable yes;
                        link-type {
                          broadcast;
                        }
                      }
                      ethernet1/1.104 {
                        enable yes;
                        link-type {
                          broadcast;
                        }
                      }
                      ethernet1/1.105 {
                        enable yes;
                        link-type {
                          broadcast;
                        }
                      }
                      ethernet1/1.108 {
                        enable yes;
                        link-type {
                          broadcast;
                        }
                      }
                      ethernet1/2.101 {
                        enable yes;
                        link-type {
                          broadcast;
                        }
                      }
                      ethernet1/2.102 {
                        enable yes;
                        link-type {
                          broadcast;
                        }
                      }
                      ethernet1/2.103 {
                        enable yes;
                        link-type {
                          broadcast;
                        }
                      }
                      ethernet1/2.104 {
                        enable yes;
                        link-type {
                          broadcast;
                        }
                      }
                      ethernet1/2.105 {
                        enable yes;
                        link-type {
                          broadcast;
                        }
                      }
                      ethernet1/2.108 {
                        enable yes;
                        link-type {
                          broadcast;
                        }
                      }
                    }
                  }
                }
                enable yes;
              }
            }
            interface [ ethernet1/1.101 ethernet1/1.102 ethernet1/1.103 ethernet1/1.104 ethernet1/1.105 ethernet1/1.108 ethernet1/2.101 ethernet1/2.102 ethernet1/2.103 ethernet1/2.104 ethernet1/2.105 ethernet1/2.108];
            ecmp {
              enable yes;
            }
          }
        }
        lldp {
          enable yes;
        }
      }
      deviceconfig {
        system {
          ip-address 10.100.0.177;
          netmask 255.255.255.248;
          update-server updates.paloaltonetworks.com;
          update-schedule {
            threats {
              recurring {
                weekly {
                  day-of-week wednesday;
                  at 01:02;
                  action download-only;
                }
              }
            }
          }
          timezone US/Pacific;
          service {
            disable-telnet yes;
            disable-http yes;
          }
          type {
            static;
          }
          default-gateway 192.168.122.1;
          hostname ATL-PAN;
        }
        setting {
          config {
            rematch yes;
          }
          management {
            hostname-type-in-syslog FQDN;
            initcfg {
              type {
                static;
              }
              ip-address 192.168.122.4;
              netmask 255.255.255.0;
              default-gateway 192.168.122.1;
            }
          }
        }
      }
      vsys {
        vsys1 {
          application;
          application-group;
          zone {
            eComm1Prod {
              network {
                layer3 [ ethernet1/1.101 ethernet1/2.101];
              }
            }
            eComm1Qa {
              network {
                layer3 [ ethernet1/1.102 ethernet1/2.102];
              }
            }
            devzone {
              network {
                layer3 [ ethernet1/1.103 ethernet1/2.103];
              }
            }
            corpProd1 {
              network {
                layer3 [ ethernet1/1.104 ethernet1/2.104];
              }
            }
            mgtTools {
              network {
                layer3 [ ethernet1/1.105 ethernet1/2.105];
              }
            }
            internetIn {
              network {
                layer3 [ ethernet1/1.108 ethernet1/2.108];
              }
            }
            zone-10 {
              network {
                layer3 loopback.10;
              }
            }
            zone-11 {
              network {
                layer3 loopback.11;
              }
            }
            zone-12 {
              network {
                layer3 loopback.12;
              }
            }
          }
          service {
            postgresql {
              protocol {
                tcp {
                  port 5432;
                }
              }
            }
            radius-tcp {
              protocol {
                tcp {
                  port 1812;
                }
              }
            }
            radius-udp {
              protocol {
                udp {
                  port 1812;
                }
              }
            }
            mapr {
              protocol {
                tcp {
                  port 5660;
                }
              }
            }
          }
          service-group;
          schedule;
          rulebase {
            security {
              rules {
                000_any-zone_to_any-zone {
                  rule-type interzone;
                  description "Allow all traffic between zones";
                  source any;
                  from any;
                  to any;
                  destination any;
                  application any;
                  service any;
                  action allow;
                }
                to_app1-web-vip {
                  rule-type interzone;
                  description "Allow http traffic from any zone to app1-web-vip";
                  source any;
                  from any;
                  to eComm1Prod;
                  destination 10.110.57.10/32;
                  application any;
                  action allow;
                  service service-http;
                }
                to_app1-db-vip {
                  rule-type interzone;
                  description "Allow PostgreSQL traffic from any zone to app1-db-vip";
                  source any;
                  from any;
                  to eComm1Prod;
                  destination 10.110.57.11/32;
                  application any;
                  action allow;
                  service postgresql;
                }
                to_app2-api-vip {
                  rule-type interzone;
                  description "Allow HTTPS API calls from any zone to app2-api-vip";
                  source any;
                  from any;
                  to corpProd1;
                  destination 10.110.57.12/32;
                  application any;
                  action allow;
                  service service-https;
                }
                to_jenkins-01-vip {
                  rule-type interzone;
                  description "Allow HTTPS traffic from any zone to jenkins-01-vip";
                  source any;
                  from any;
                  to devzone;
                  destination 10.110.57.13/32;
                  application any;
                  action allow;
                  service service-https;
                }
                to_app3-web-vip {
                  rule-type interzone;
                  description "Allow HTTPS traffic from any zone to app3-web-vip";
                  source any;
                  from any;
                  to eComm1Prod;
                  destination 10.110.57.23/32;
                  application any;
                  action allow;
                  service service-https;
                }
                to_app3-db-vip {
                  rule-type interzone;
                  description "Allow PostgreSQL traffic from any zone to app3-db-vip";
                  source any;
                  from any;
                  to eComm1Prod;
                  destination 10.110.57.24/32;
                  application any;
                  action allow;
                  service postgresql;
                }
                to_app3-api-vip {
                  rule-type interzone;
                  description "Allow HTTPS traffic from any zone to app3-api-vip";
                  source any;
                  from any;
                  to eComm1Prod;
                  destination 10.110.57.25/32;
                  application any;
                  action allow;
                  service service-https;
                }
                to_radius-01-vip-tcp {
                  rule-type interzone;
                  description "Allow RADIUS traffic from any zone to radius-01-vip";
                  source any;
                  from any;
                  to mgtTools;
                  destination 10.110.57.34/32;
                  application any;
                  action allow;
                  service radius-tcp;
                }
                to_radius-01-vip-udp {
                  rule-type interzone;
                  description "Allow RADIUS traffic from any zone to radius-01-vip";
                  source any;
                  from any;
                  to mgtTools;
                  destination 10.110.57.34/32;
                  application any;
                  action allow;
                  service radius-udp;
                }
                to_web-21 {
                  rule-type interzone;
                  source any;
                  from [ zone-10 zone-12 zone-11];
                  to [ zone-12 zone-11 zone-10];
                  destination [ 10.110.35.0/24 10.110.38.0/24 10.110.31.0/24 10.110.36.0/24 10.110.30.0/24 10.110.33.0/24];
                  application any;
                  action allow;
                  service [ service-http mapr postgresql service-https];
                }
                to_app-24 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-10 zone-11];
                  to [ zone-11 zone-12 zone-10];
                  destination [ 10.110.30.0/24 10.110.36.0/24 10.110.29.0/24 10.110.34.0/24 10.110.31.0/24 10.110.37.0/24 10.110.39.0/24];
                  application any;
                  action allow;
                  service [ service-https service-http postgresql mapr];
                }
                to_mapr-16 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-12 zone-10];
                  to [ zone-12 zone-10 zone-11];
                  destination [ 10.110.38.0/24 10.110.36.0/24 10.110.39.0/24 10.110.33.0/24 10.110.34.0/24 10.110.30.0/24 10.110.29.0/24 10.110.35.0/24 10.110.31.0/24 10.110.37.0/24];
                  application any;
                  action allow;
                  service [ mapr service-http service-https postgresql];
                }
                to_web-13 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-10 zone-12];
                  to [ zone-12 zone-10 zone-11];
                  destination [ 10.110.31.0/24 10.110.36.0/24 10.110.39.0/24 10.110.32.0/24 10.110.29.0/24 10.110.37.0/24 10.110.30.0/24 10.110.34.0/24 10.110.33.0/24];
                  application any;
                  action allow;
                  service [ service-http mapr postgresql service-https];
                }
                to_cnsl-12 {
                  rule-type interzone;
                  source any;
                  from [ zone-10 zone-11 zone-12];
                  to [ zone-11 zone-10 zone-12];
                  destination [ 10.110.36.0/24 10.110.34.0/24 10.110.32.0/24 10.110.38.0/24 10.110.33.0/24 10.110.37.0/24 10.110.31.0/24 10.110.29.0/24];
                  application any;
                  action allow;
                  service [ service-https postgresql service-http mapr];
                }
                to_web-22 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-10];
                  to [ zone-10 zone-12 zone-11];
                  destination [ 10.110.39.0/24 10.110.30.0/24 10.110.38.0/24 10.110.35.0/24 10.110.32.0/24 10.110.34.0/24];
                  application any;
                  action deny;
                  service [ postgresql service-http service-https mapr];
                }
                to_db-21 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-11 zone-10];
                  to [ zone-11 zone-12 zone-10];
                  destination [ 10.110.34.0/24 10.110.29.0/24 10.110.39.0/24 10.110.38.0/24 10.110.31.0/24 10.110.35.0/24 10.110.32.0/24 10.110.33.0/24 10.110.36.0/24];
                  application any;
                  action allow;
                  service [ mapr service-http service-https postgresql];
                }
                to_mapr-18 {
                  rule-type interzone;
                  source any;
                  from [ zone-10 zone-12 zone-11];
                  to [ zone-11 zone-12 zone-10];
                  destination [ 10.110.36.0/24 10.110.39.0/24 10.110.37.0/24 10.110.35.0/24 10.110.29.0/24 10.110.31.0/24 10.110.33.0/24 10.110.38.0/24 10.110.34.0/24];
                  application any;
                  action allow;
                  service [ postgresql service-https service-http mapr];
                }
                to_cnsl-14 {
                  rule-type interzone;
                  source any;
                  from [ zone-10 zone-11 zone-12];
                  to [ zone-11 zone-10 zone-12];
                  destination [ 10.110.39.0/24 10.110.34.0/24 10.110.33.0/24 10.110.32.0/24 10.110.35.0/24 10.110.38.0/24 10.110.37.0/24 10.110.30.0/24 10.110.31.0/24];
                  application any;
                  action allow;
                  service [ service-https mapr service-http postgresql];
                }
                to_web-15 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-12 zone-10];
                  to [ zone-12 zone-11 zone-10];
                  destination [ 10.110.31.0/24 10.110.38.0/24 10.110.30.0/24 10.110.32.0/24 10.110.34.0/24 10.110.33.0/24 10.110.35.0/24];
                  application any;
                  action allow;
                  service [ service-http postgresql mapr service-https];
                }
                to_app-20 {
                  rule-type interzone;
                  source any;
                  from [ zone-10 zone-11 zone-12];
                  to [ zone-11 zone-12 zone-10];
                  destination [ 10.110.30.0/24 10.110.31.0/24 10.110.32.0/24 10.110.35.0/24 10.110.29.0/24];
                  application any;
                  action deny;
                  service [ mapr service-https postgresql];
                }
                to_db-16 {
                  rule-type interzone;
                  source any;
                  from [ zone-10 zone-12 zone-11];
                  to [ zone-12 zone-10 zone-11];
                  destination [ 10.110.35.0/24 10.110.30.0/24 10.110.36.0/24 10.110.33.0/24 10.110.39.0/24 10.110.38.0/24 10.110.32.0/24 10.110.31.0/24 10.110.37.0/24];
                  application any;
                  action allow;
                  service [ service-http postgresql mapr service-https];
                }
                to_app-15 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-10 zone-11];
                  to [ zone-11 zone-12 zone-10];
                  destination [ 10.110.29.0/24 10.110.35.0/24 10.110.39.0/24 10.110.33.0/24 10.110.36.0/24 10.110.37.0/24 10.110.34.0/24 10.110.30.0/24 10.110.32.0/24];
                  application any;
                  action allow;
                  service [ postgresql mapr service-https service-http];
                }
                to_cnsl-16 {
                  rule-type interzone;
                  source any;
                  from [ zone-10 zone-12 zone-11];
                  to [ zone-11 zone-12 zone-10];
                  destination [ 10.110.38.0/24 10.110.32.0/24 10.110.39.0/24 10.110.34.0/24 10.110.31.0/24 10.110.30.0/24 10.110.37.0/24];
                  application any;
                  action deny;
                  service [ mapr service-http service-https postgresql];
                }
                to_cnsl-18 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-10 zone-12];
                  to [ zone-12 zone-10 zone-11];
                  destination [ 10.110.34.0/24 10.110.36.0/24 10.110.38.0/24 10.110.33.0/24 10.110.37.0/24 10.110.35.0/24];
                  application any;
                  action allow;
                  service [ service-http service-https postgresql];
                }
                to_api-25 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-12 zone-10];
                  to [ zone-12 zone-11 zone-10];
                  destination [ 10.110.38.0/24 10.110.30.0/24 10.110.35.0/24 10.110.34.0/24 10.110.39.0/24 10.110.29.0/24 10.110.31.0/24 10.110.33.0/24 10.110.37.0/24 10.110.32.0/24 10.110.36.0/24];
                  application any;
                  action deny;
                  service [ service-http mapr service-https postgresql];
                }
                to_api-16 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-10 zone-11];
                  to [ zone-11 zone-10 zone-12];
                  destination [ 10.110.35.0/24 10.110.38.0/24 10.110.31.0/24 10.110.39.0/24 10.110.32.0/24 10.110.34.0/24 10.110.33.0/24 10.110.30.0/24];
                  application any;
                  action allow;
                  service [ service-http service-https postgresql mapr];
                }
                to_web-18 {
                  rule-type interzone;
                  source any;
                  from [ zone-10 zone-12 zone-11];
                  to [ zone-12 zone-10 zone-11];
                  destination [ 10.110.35.0/24 10.110.29.0/24 10.110.39.0/24 10.110.33.0/24 10.110.36.0/24 10.110.38.0/24 10.110.30.0/24 10.110.31.0/24 10.110.32.0/24 10.110.37.0/24];
                  application any;
                  action allow;
                  service [ postgresql service-https mapr service-http];
                }
                to_mapr-20 {
                  rule-type interzone;
                  source any;
                  from [ zone-10 zone-11 zone-12];
                  to [ zone-12 zone-10 zone-11];
                  destination [ 10.110.34.0/24 10.110.35.0/24 10.110.32.0/24 10.110.33.0/24 10.110.29.0/24 10.110.36.0/24 10.110.30.0/24];
                  application any;
                  action allow;
                  service [ service-https postgresql service-http mapr];
                }
                to_db-15 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-12 zone-10];
                  to [ zone-12 zone-10 zone-11];
                  destination [ 10.110.30.0/24 10.110.32.0/24 10.110.35.0/24 10.110.31.0/24 10.110.34.0/24 10.110.37.0/24 10.110.39.0/24 10.110.29.0/24 10.110.36.0/24];
                  application any;
                  action allow;
                  service [ mapr postgresql service-https service-http];
                }
                to_db-23 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-12 zone-10];
                  to [ zone-12 zone-10 zone-11];
                  destination [ 10.110.33.0/24 10.110.36.0/24 10.110.37.0/24 10.110.31.0/24 10.110.30.0/24 10.110.39.0/24 10.110.32.0/24 10.110.35.0/24 10.110.38.0/24];
                  application any;
                  action deny;
                  service [ postgresql service-https service-http mapr];
                }
                to_db-24 {
                  rule-type interzone;
                  source any;
                  from [ zone-10 zone-11 zone-12];
                  to [ zone-12 zone-10 zone-11];
                  destination [ 10.110.32.0/24 10.110.29.0/24 10.110.37.0/24 10.110.30.0/24 10.110.31.0/24 10.110.34.0/24 10.110.36.0/24 10.110.33.0/24 10.110.38.0/24];
                  application any;
                  action deny;
                  service [ service-http postgresql service-https mapr];
                }
                to_api-13 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-12 zone-10];
                  to [ zone-12 zone-10 zone-11];
                  destination [ 10.110.32.0/24 10.110.38.0/24 10.110.39.0/24 10.110.35.0/24 10.110.36.0/24 10.110.33.0/24 10.110.29.0/24 10.110.34.0/24 10.110.37.0/24 10.110.31.0/24];
                  application any;
                  action deny;
                  service [ mapr service-https service-http postgresql];
                }
                to_app-19 {
                  rule-type interzone;
                  source any;
                  from [ zone-10 zone-11 zone-12];
                  to [ zone-11 zone-10 zone-12];
                  destination [ 10.110.37.0/24 10.110.31.0/24 10.110.36.0/24 10.110.34.0/24 10.110.29.0/24 10.110.35.0/24 10.110.32.0/24 10.110.33.0/24];
                  application any;
                  action allow;
                  service [ postgresql service-http service-https];
                }
                to_cnsl-22 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-10 zone-11];
                  to [ zone-11 zone-12 zone-10];
                  destination [ 10.110.39.0/24 10.110.34.0/24 10.110.35.0/24 10.110.31.0/24 10.110.33.0/24 10.110.30.0/24 10.110.38.0/24 10.110.32.0/24 10.110.36.0/24];
                  application any;
                  action allow;
                  service [ service-https postgresql service-http mapr];
                }
                to_api-18 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-12 zone-10];
                  to [ zone-10 zone-12 zone-11];
                  destination [ 10.110.29.0/24 10.110.31.0/24 10.110.34.0/24 10.110.39.0/24 10.110.36.0/24 10.110.32.0/24 10.110.35.0/24 10.110.37.0/24];
                  application any;
                  action deny;
                  service [ postgresql service-https mapr service-http];
                }
                to_api-11 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-10 zone-11];
                  to [ zone-11 zone-10 zone-12];
                  destination [ 10.110.33.0/24 10.110.38.0/24 10.110.39.0/24 10.110.36.0/24 10.110.29.0/24 10.110.31.0/24 10.110.37.0/24 10.110.34.0/24 10.110.30.0/24];
                  application any;
                  action allow;
                  service [ postgresql mapr service-https service-http];
                }
                to_api-14 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-10 zone-12];
                  to [ zone-10 zone-11 zone-12];
                  destination [ 10.110.30.0/24 10.110.38.0/24 10.110.31.0/24 10.110.36.0/24 10.110.39.0/24 10.110.37.0/24 10.110.34.0/24 10.110.35.0/24];
                  application any;
                  action allow;
                  service [ mapr service-http postgresql service-https];
                }
                to_cnsl-15 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-11 zone-10];
                  to [ zone-11 zone-10 zone-12];
                  destination [ 10.110.39.0/24 10.110.29.0/24 10.110.34.0/24 10.110.35.0/24 10.110.37.0/24 10.110.30.0/24 10.110.38.0/24 10.110.36.0/24];
                  application any;
                  action allow;
                  service [ postgresql mapr service-http service-https];
                }
                to_web-19 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-11 zone-10];
                  to [ zone-11 zone-12 zone-10];
                  destination [ 10.110.37.0/24 10.110.38.0/24 10.110.32.0/24 10.110.34.0/24 10.110.39.0/24 10.110.31.0/24 10.110.29.0/24];
                  application any;
                  action allow;
                  service [ mapr postgresql service-http service-https];
                }
                to_mapr-23 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-10 zone-12];
                  to [ zone-12 zone-11 zone-10];
                  destination [ 10.110.37.0/24 10.110.34.0/24 10.110.39.0/24 10.110.32.0/24 10.110.29.0/24 10.110.31.0/24 10.110.38.0/24 10.110.36.0/24 10.110.30.0/24 10.110.33.0/24];
                  application any;
                  action allow;
                  service [ service-https postgresql mapr];
                }
                to_web-12 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-12 zone-10];
                  to [ zone-12 zone-10 zone-11];
                  destination [ 10.110.39.0/24 10.110.29.0/24 10.110.36.0/24 10.110.35.0/24 10.110.30.0/24 10.110.31.0/24 10.110.33.0/24];
                  application any;
                  action deny;
                  service [ postgresql mapr service-https];
                }
                to_cnsl-23 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-10 zone-11];
                  to [ zone-11 zone-12 zone-10];
                  destination [ 10.110.31.0/24 10.110.38.0/24 10.110.36.0/24 10.110.34.0/24 10.110.29.0/24 10.110.30.0/24 10.110.35.0/24 10.110.32.0/24];
                  application any;
                  action deny;
                  service [ service-https mapr postgresql service-http];
                }
                to_cnsl-24 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-11 zone-10];
                  to [ zone-10 zone-11 zone-12];
                  destination [ 10.110.35.0/24 10.110.39.0/24 10.110.38.0/24 10.110.29.0/24 10.110.31.0/24 10.110.36.0/24 10.110.30.0/24 10.110.34.0/24 10.110.37.0/24 10.110.32.0/24];
                  application any;
                  action deny;
                  service [ service-https mapr service-http postgresql];
                }
                to_web-14 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-12 zone-10];
                  to [ zone-10 zone-12 zone-11];
                  destination [ 10.110.33.0/24 10.110.30.0/24 10.110.32.0/24 10.110.35.0/24 10.110.38.0/24 10.110.37.0/24 10.110.34.0/24 10.110.39.0/24 10.110.31.0/24];
                  application any;
                  action allow;
                  service [ postgresql service-http service-https mapr];
                }
                to_web-25 {
                  rule-type interzone;
                  source any;
                  from [ zone-10 zone-11 zone-12];
                  to [ zone-12 zone-11 zone-10];
                  destination [ 10.110.30.0/24 10.110.32.0/24 10.110.34.0/24 10.110.38.0/24 10.110.31.0/24 10.110.39.0/24 10.110.37.0/24 10.110.29.0/24 10.110.36.0/24 10.110.33.0/24];
                  application any;
                  action deny;
                  service [ mapr service-https postgresql service-http];
                }
                to_db-11 {
                  rule-type interzone;
                  source any;
                  from [ zone-10 zone-12 zone-11];
                  to [ zone-12 zone-11 zone-10];
                  destination [ 10.110.37.0/24 10.110.36.0/24 10.110.33.0/24 10.110.35.0/24 10.110.30.0/24 10.110.29.0/24 10.110.39.0/24 10.110.32.0/24 10.110.34.0/24];
                  application any;
                  action deny;
                  service [ postgresql mapr service-http service-https];
                }
                to_mapr-17 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-10 zone-11];
                  to [ zone-11 zone-12 zone-10];
                  destination [ 10.110.29.0/24 10.110.36.0/24 10.110.37.0/24 10.110.33.0/24 10.110.38.0/24 10.110.35.0/24 10.110.34.0/24];
                  application any;
                  action deny;
                  service [ service-http service-https mapr postgresql];
                }
                to_api-22 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-10 zone-11];
                  to [ zone-11 zone-12 zone-10];
                  destination [ 10.110.34.0/24 10.110.31.0/24 10.110.39.0/24 10.110.37.0/24 10.110.36.0/24 10.110.33.0/24 10.110.29.0/24 10.110.32.0/24 10.110.35.0/24 10.110.38.0/24];
                  application any;
                  action deny;
                  service [ service-https service-http postgresql mapr];
                }
                to_app-11 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-10 zone-11];
                  to [ zone-11 zone-12 zone-10];
                  destination [ 10.110.32.0/24 10.110.35.0/24 10.110.29.0/24 10.110.38.0/24 10.110.30.0/24];
                  application any;
                  action allow;
                  service [ mapr service-https service-http postgresql];
                }
                to_app-22 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-12 zone-10];
                  to [ zone-12 zone-10 zone-11];
                  destination [ 10.110.33.0/24 10.110.35.0/24 10.110.34.0/24 10.110.38.0/24 10.110.30.0/24 10.110.37.0/24 10.110.32.0/24 10.110.29.0/24 10.110.31.0/24];
                  application any;
                  action deny;
                  service [ service-https service-http postgresql mapr];
                }
                to_app-23 {
                  rule-type interzone;
                  source any;
                  from [ zone-10 zone-11 zone-12];
                  to [ zone-12 zone-11 zone-10];
                  destination [ 10.110.32.0/24 10.110.39.0/24 10.110.29.0/24 10.110.36.0/24 10.110.37.0/24 10.110.34.0/24 10.110.35.0/24 10.110.30.0/24];
                  application any;
                  action allow;
                  service [ service-https mapr service-http postgresql];
                }
                to_app-21 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-11 zone-10];
                  to [ zone-10 zone-11 zone-12];
                  destination [ 10.110.30.0/24 10.110.29.0/24 10.110.39.0/24 10.110.33.0/24 10.110.36.0/24 10.110.32.0/24 10.110.35.0/24];
                  application any;
                  action allow;
                  service [ mapr postgresql service-https service-http];
                }
                to_cnsl-20 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-12 zone-10];
                  to [ zone-12 zone-10 zone-11];
                  destination [ 10.110.32.0/24 10.110.30.0/24 10.110.29.0/24 10.110.34.0/24 10.110.37.0/24 10.110.31.0/24 10.110.33.0/24];
                  application any;
                  action allow;
                  service [ service-https service-http mapr postgresql];
                }
                to_cnsl-21 {
                  rule-type interzone;
                  source any;
                  from [ zone-10 zone-12 zone-11];
                  to [ zone-11 zone-10 zone-12];
                  destination [ 10.110.34.0/24 10.110.37.0/24 10.110.31.0/24 10.110.32.0/24 10.110.29.0/24 10.110.38.0/24 10.110.30.0/24 10.110.35.0/24];
                  application any;
                  action allow;
                  service [ postgresql mapr service-https service-http];
                }
                to_mapr-22 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-10 zone-11];
                  to [ zone-11 zone-12 zone-10];
                  destination [ 10.110.31.0/24 10.110.38.0/24 10.110.35.0/24 10.110.37.0/24 10.110.36.0/24 10.110.29.0/24 10.110.39.0/24 10.110.33.0/24];
                  application any;
                  action deny;
                  service [ service-http service-https postgresql mapr];
                }
                to_db-22 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-11 zone-10];
                  to [ zone-11 zone-12 zone-10];
                  destination [ 10.110.33.0/24 10.110.35.0/24 10.110.34.0/24 10.110.29.0/24 10.110.36.0/24 10.110.32.0/24 10.110.30.0/24];
                  application any;
                  action allow;
                  service [ service-http postgresql mapr];
                }
                to_cnsl-25 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-10 zone-12];
                  to [ zone-10 zone-11 zone-12];
                  destination [ 10.110.38.0/24 10.110.36.0/24 10.110.33.0/24 10.110.39.0/24 10.110.34.0/24 10.110.30.0/24 10.110.35.0/24 10.110.31.0/24 10.110.29.0/24 10.110.32.0/24 10.110.37.0/24];
                  application any;
                  action allow;
                  service [ service-https postgresql mapr service-http];
                }
                to_mapr-11 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-10 zone-12];
                  to [ zone-10 zone-12 zone-11];
                  destination [ 10.110.35.0/24 10.110.30.0/24 10.110.33.0/24 10.110.36.0/24 10.110.32.0/24 10.110.31.0/24 10.110.34.0/24 10.110.39.0/24];
                  application any;
                  action allow;
                  service [ mapr service-https postgresql service-http];
                }
                to_mapr-10 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-11 zone-10];
                  to [ zone-10 zone-12 zone-11];
                  destination [ 10.110.33.0/24 10.110.31.0/24 10.110.30.0/24 10.110.35.0/24 10.110.37.0/24 10.110.39.0/24 10.110.34.0/24 10.110.38.0/24];
                  application any;
                  action allow;
                  service [ postgresql mapr service-http service-https];
                }
                to_app-16 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-12 zone-10];
                  to [ zone-10 zone-11 zone-12];
                  destination [ 10.110.37.0/24 10.110.31.0/24 10.110.36.0/24 10.110.32.0/24 10.110.35.0/24 10.110.29.0/24 10.110.33.0/24 10.110.38.0/24 10.110.34.0/24];
                  application any;
                  action deny;
                  service [ postgresql service-https service-http mapr];
                }
                to_web-24 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-10 zone-11];
                  to [ zone-11 zone-12];
                  destination [ 10.110.33.0/24 10.110.29.0/24 10.110.34.0/24 10.110.31.0/24 10.110.32.0/24];
                  application any;
                  action allow;
                  service [ service-https mapr service-http postgresql];
                }
                to_mapr-14 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-10 zone-12];
                  to [ zone-12 zone-11 zone-10];
                  destination [ 10.110.38.0/24 10.110.29.0/24 10.110.30.0/24 10.110.34.0/24 10.110.39.0/24 10.110.37.0/24 10.110.33.0/24];
                  application any;
                  action deny;
                  service [ service-https postgresql mapr service-http];
                }
                to_db-12 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-11 zone-10];
                  to [ zone-11 zone-10 zone-12];
                  destination [ 10.110.31.0/24 10.110.33.0/24 10.110.35.0/24 10.110.29.0/24 10.110.30.0/24 10.110.37.0/24 10.110.36.0/24 10.110.32.0/24 10.110.39.0/24 10.110.34.0/24 10.110.38.0/24];
                  application any;
                  action deny;
                  service [ postgresql service-https mapr service-http];
                }
                to_web-23 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-10 zone-12];
                  to [ zone-12 zone-11 zone-10];
                  destination [ 10.110.34.0/24 10.110.33.0/24 10.110.39.0/24 10.110.38.0/24 10.110.32.0/24 10.110.35.0/24 10.110.29.0/24];
                  application any;
                  action allow;
                  service [ mapr postgresql service-http service-https];
                }
                to_app-10 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-12 zone-10];
                  to [ zone-10 zone-12 zone-11];
                  destination [ 10.110.33.0/24 10.110.37.0/24 10.110.39.0/24 10.110.31.0/24 10.110.35.0/24 10.110.29.0/24 10.110.38.0/24 10.110.36.0/24 10.110.30.0/24];
                  application any;
                  action allow;
                  service [ mapr service-https postgresql service-http];
                }
                to_web-11 {
                  rule-type interzone;
                  source any;
                  from [ zone-10 zone-11 zone-12];
                  to [ zone-11 zone-10 zone-12];
                  destination [ 10.110.37.0/24 10.110.36.0/24 10.110.34.0/24 10.110.30.0/24 10.110.33.0/24 10.110.35.0/24 10.110.32.0/24];
                  application any;
                  action allow;
                  service [ mapr postgresql service-http service-https];
                }
                to_api-17 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-10 zone-12];
                  to [ zone-12 zone-10 zone-11];
                  destination [ 10.110.31.0/24 10.110.38.0/24 10.110.37.0/24 10.110.39.0/24 10.110.33.0/24 10.110.32.0/24 10.110.34.0/24 10.110.35.0/24 10.110.30.0/24];
                  application any;
                  action deny;
                  service [ mapr postgresql service-https service-http];
                }
                to_db-17 {
                  rule-type interzone;
                  source any;
                  from [ zone-10 zone-12 zone-11];
                  to [ zone-12 zone-11 zone-10];
                  destination [ 10.110.36.0/24 10.110.39.0/24 10.110.30.0/24 10.110.34.0/24 10.110.37.0/24 10.110.35.0/24 10.110.38.0/24 10.110.32.0/24];
                  application any;
                  action deny;
                  service [ postgresql service-https mapr service-http];
                }
                to_db-14 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-10 zone-12];
                  to [ zone-12 zone-11];
                  destination [ 10.110.29.0/24 10.110.35.0/24 10.110.38.0/24 10.110.36.0/24 10.110.37.0/24 10.110.39.0/24];
                  application any;
                  action deny;
                  service [ service-http mapr service-https postgresql];
                }
                to_mapr-25 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-12 zone-10];
                  to [ zone-10 zone-12 zone-11];
                  destination [ 10.110.30.0/24 10.110.39.0/24 10.110.29.0/24 10.110.32.0/24 10.110.34.0/24 10.110.31.0/24 10.110.35.0/24 10.110.38.0/24];
                  application any;
                  action deny;
                  service [ service-https mapr service-http postgresql];
                }
                to_app-14 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-12 zone-10];
                  to [ zone-10 zone-12 zone-11];
                  destination [ 10.110.36.0/24 10.110.32.0/24 10.110.35.0/24 10.110.37.0/24 10.110.34.0/24 10.110.31.0/24 10.110.30.0/24 10.110.29.0/24];
                  application any;
                  action allow;
                  service [ postgresql mapr service-https service-http];
                }
                to_web-10 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-11 zone-10];
                  to [ zone-10 zone-12 zone-11];
                  destination [ 10.110.30.0/24 10.110.35.0/24 10.110.33.0/24 10.110.29.0/24 10.110.38.0/24 10.110.36.0/24 10.110.39.0/24 10.110.34.0/24];
                  application any;
                  action deny;
                  service [ postgresql mapr service-https service-http];
                }
                to_api-21 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-10 zone-11];
                  to [ zone-11 zone-12 zone-10];
                  destination [ 10.110.33.0/24 10.110.36.0/24 10.110.29.0/24 10.110.34.0/24 10.110.30.0/24 10.110.39.0/24 10.110.37.0/24];
                  application any;
                  action allow;
                  service [ postgresql mapr service-https service-http];
                }
                to_api-10 {
                  rule-type interzone;
                  source any;
                  from [ zone-10 zone-11 zone-12];
                  to [ zone-12 zone-10];
                  destination [ 10.110.33.0/24 10.110.36.0/24 10.110.34.0/24 10.110.38.0/24 10.110.39.0/24 10.110.30.0/24 10.110.32.0/24 10.110.29.0/24 10.110.35.0/24];
                  application any;
                  action deny;
                  service [ service-https service-http mapr postgresql];
                }
                to_db-20 {
                  rule-type interzone;
                  source any;
                  from [ zone-10 zone-12 zone-11];
                  to [ zone-12 zone-11 zone-10];
                  destination [ 10.110.31.0/24 10.110.37.0/24 10.110.29.0/24 10.110.32.0/24 10.110.30.0/24 10.110.34.0/24 10.110.35.0/24];
                  application any;
                  action allow;
                  service [ mapr service-https service-http];
                }
                to_db-10 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-11 zone-10];
                  to [ zone-10 zone-12 zone-11];
                  destination [ 10.110.35.0/24 10.110.31.0/24 10.110.39.0/24 10.110.29.0/24 10.110.33.0/24 10.110.30.0/24 10.110.38.0/24 10.110.37.0/24];
                  application any;
                  action allow;
                  service [ mapr service-https];
                }
                to_db-13 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-11 zone-10];
                  to [ zone-11 zone-10 zone-12];
                  destination [ 10.110.30.0/24 10.110.38.0/24 10.110.29.0/24 10.110.33.0/24 10.110.35.0/24 10.110.32.0/24 10.110.39.0/24];
                  application any;
                  action deny;
                  service [ postgresql mapr service-http service-https];
                }
                to_api-20 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-12 zone-10];
                  to [ zone-12 zone-11 zone-10];
                  destination [ 10.110.35.0/24 10.110.29.0/24 10.110.30.0/24 10.110.38.0/24 10.110.34.0/24 10.110.37.0/24 10.110.33.0/24 10.110.31.0/24];
                  application any;
                  action deny;
                  service [ service-http postgresql mapr service-https];
                }
                to_db-18 {
                  rule-type interzone;
                  source any;
                  from [ zone-10 zone-12 zone-11];
                  to [ zone-11 zone-12 zone-10];
                  destination [ 10.110.30.0/24 10.110.34.0/24 10.110.39.0/24 10.110.35.0/24 10.110.32.0/24 10.110.37.0/24 10.110.36.0/24 10.110.31.0/24 10.110.33.0/24];
                  application any;
                  action allow;
                  service [ service-https service-http mapr postgresql];
                }
                to_mapr-21 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-10 zone-12];
                  to [ zone-10 zone-12 zone-11];
                  destination [ 10.110.29.0/24 10.110.35.0/24 10.110.30.0/24 10.110.37.0/24 10.110.36.0/24 10.110.32.0/24 10.110.33.0/24 10.110.31.0/24 10.110.34.0/24 10.110.39.0/24];
                  application any;
                  action allow;
                  service [ service-http service-https mapr postgresql];
                }
                to_mapr-19 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-10 zone-12];
                  to [ zone-10 zone-12 zone-11];
                  destination [ 10.110.29.0/24 10.110.36.0/24 10.110.30.0/24 10.110.34.0/24 10.110.35.0/24 10.110.39.0/24 10.110.37.0/24 10.110.33.0/24 10.110.38.0/24 10.110.32.0/24];
                  application any;
                  action allow;
                  service [ mapr service-http service-https postgresql];
                }
                to_app-12 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-10 zone-11];
                  to [ zone-11 zone-12 zone-10];
                  destination [ 10.110.29.0/24 10.110.33.0/24 10.110.36.0/24 10.110.38.0/24 10.110.39.0/24 10.110.31.0/24 10.110.37.0/24 10.110.30.0/24 10.110.32.0/24];
                  application any;
                  action allow;
                  service [ mapr service-https postgresql service-http];
                }
                to_cnsl-10 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-10 zone-11];
                  to [ zone-10 zone-12 zone-11];
                  destination [ 10.110.30.0/24 10.110.35.0/24 10.110.29.0/24 10.110.34.0/24 10.110.37.0/24 10.110.31.0/24 10.110.32.0/24];
                  application any;
                  action deny;
                  service [ mapr postgresql service-http service-https];
                }
                to_web-17 {
                  rule-type interzone;
                  source any;
                  from [ zone-10 zone-12 zone-11];
                  to [ zone-11 zone-12 zone-10];
                  destination [ 10.110.38.0/24 10.110.33.0/24 10.110.30.0/24 10.110.34.0/24 10.110.36.0/24 10.110.39.0/24 10.110.35.0/24 10.110.29.0/24];
                  application any;
                  action deny;
                  service [ service-https mapr postgresql service-http];
                }
                to_web-16 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-12];
                  to [ zone-12 zone-11 zone-10];
                  destination [ 10.110.32.0/24 10.110.34.0/24 10.110.39.0/24 10.110.31.0/24 10.110.33.0/24];
                  application any;
                  action allow;
                  service [ mapr postgresql service-https service-http];
                }
                to_api-15 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-12 zone-10];
                  to [ zone-12 zone-10 zone-11];
                  destination [ 10.110.31.0/24 10.110.35.0/24 10.110.29.0/24 10.110.36.0/24 10.110.32.0/24 10.110.38.0/24 10.110.39.0/24 10.110.33.0/24 10.110.30.0/24 10.110.37.0/24];
                  application any;
                  action allow;
                  service [ postgresql mapr service-https service-http];
                }
                to_api-24 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-10 zone-12];
                  to [ zone-10 zone-12 zone-11];
                  destination [ 10.110.35.0/24 10.110.32.0/24 10.110.38.0/24 10.110.36.0/24 10.110.34.0/24 10.110.39.0/24 10.110.37.0/24];
                  application any;
                  action allow;
                  service [ service-http postgresql mapr service-https];
                }
                to_db-19 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-10 zone-11];
                  to [ zone-11 zone-10 zone-12];
                  destination [ 10.110.36.0/24 10.110.33.0/24 10.110.29.0/24 10.110.37.0/24 10.110.32.0/24 10.110.31.0/24 10.110.34.0/24 10.110.35.0/24];
                  application any;
                  action deny;
                  service [ service-https mapr service-http postgresql];
                }
                to_app-17 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-12 zone-10];
                  to [ zone-10 zone-12 zone-11];
                  destination [ 10.110.39.0/24 10.110.33.0/24 10.110.34.0/24 10.110.38.0/24 10.110.37.0/24 10.110.29.0/24 10.110.35.0/24 10.110.32.0/24 10.110.30.0/24];
                  application any;
                  action deny;
                  service [ postgresql mapr service-http service-https];
                }
                to_api-23 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-10 zone-11];
                  to [ zone-11 zone-12 zone-10];
                  destination [ 10.110.29.0/24 10.110.39.0/24 10.110.35.0/24 10.110.33.0/24 10.110.36.0/24 10.110.32.0/24 10.110.31.0/24 10.110.30.0/24 10.110.38.0/24 10.110.37.0/24];
                  application any;
                  action deny;
                  service [ postgresql service-http service-https mapr];
                }
                to_api-19 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-12 zone-10];
                  to [ zone-10 zone-11 zone-12];
                  destination [ 10.110.29.0/24 10.110.35.0/24 10.110.36.0/24 10.110.30.0/24 10.110.39.0/24 10.110.38.0/24 10.110.33.0/24 10.110.32.0/24];
                  application any;
                  action deny;
                  service [ mapr service-https service-http postgresql];
                }
                to_web-20 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-11 zone-10];
                  to [ zone-10 zone-12 zone-11];
                  destination [ 10.110.30.0/24 10.110.35.0/24 10.110.37.0/24 10.110.31.0/24 10.110.36.0/24 10.110.34.0/24 10.110.38.0/24 10.110.39.0/24];
                  application any;
                  action deny;
                  service [ postgresql service-http mapr service-https];
                }
                to_mapr-13 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-12 zone-10];
                  to [ zone-12 zone-10 zone-11];
                  destination [ 10.110.36.0/24 10.110.31.0/24 10.110.29.0/24 10.110.35.0/24 10.110.33.0/24 10.110.34.0/24 10.110.39.0/24];
                  application any;
                  action deny;
                  service [ postgresql mapr service-http service-https];
                }
                to_app-25 {
                  rule-type interzone;
                  source any;
                  from [ zone-10 zone-11 zone-12];
                  to [ zone-12 zone-10 zone-11];
                  destination [ 10.110.33.0/24 10.110.34.0/24 10.110.30.0/24];
                  application any;
                  action deny;
                  service [ mapr service-http postgresql service-https];
                }
                to_cnsl-11 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-11 zone-10];
                  to [ zone-11 zone-12 zone-10];
                  destination [ 10.110.32.0/24 10.110.31.0/24 10.110.35.0/24 10.110.39.0/24 10.110.34.0/24 10.110.29.0/24 10.110.37.0/24 10.110.33.0/24 10.110.30.0/24];
                  application any;
                  action allow;
                  service [ postgresql mapr service-https service-http];
                }
                to_db-25 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-11 zone-10];
                  to [ zone-10 zone-12 zone-11];
                  destination [ 10.110.37.0/24 10.110.29.0/24 10.110.32.0/24 10.110.35.0/24 10.110.39.0/24 10.110.38.0/24 10.110.30.0/24 10.110.31.0/24];
                  application any;
                  action allow;
                  service [ postgresql mapr service-https service-http];
                }
                to_cnsl-19 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-10 zone-12];
                  to [ zone-12 zone-10 zone-11];
                  destination [ 10.110.34.0/24 10.110.33.0/24 10.110.36.0/24 10.110.37.0/24 10.110.38.0/24 10.110.31.0/24 10.110.30.0/24 10.110.29.0/24];
                  application any;
                  action deny;
                  service [ service-http service-https mapr];
                }
                to_cnsl-13 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-10];
                  to [ zone-10 zone-11 zone-12];
                  destination [ 10.110.38.0/24 10.110.29.0/24 10.110.32.0/24 10.110.36.0/24 10.110.35.0/24 10.110.31.0/24 10.110.33.0/24 10.110.39.0/24];
                  application any;
                  action deny;
                  service [ service-https postgresql service-http mapr];
                }
                to_app-18 {
                  rule-type interzone;
                  source any;
                  from [ zone-12 zone-11 zone-10];
                  to [ zone-11 zone-12 zone-10];
                  destination [ 10.110.34.0/24 10.110.35.0/24 10.110.38.0/24 10.110.33.0/24 10.110.31.0/24 10.110.37.0/24];
                  application any;
                  action allow;
                  service [ mapr service-https postgresql];
                }
                to_mapr-24 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-10 zone-12];
                  to [ zone-10 zone-11 zone-12];
                  destination [ 10.110.31.0/24 10.110.34.0/24 10.110.37.0/24 10.110.32.0/24 10.110.38.0/24 10.110.29.0/24 10.110.30.0/24];
                  application any;
                  action allow;
                  service [ service-http service-https mapr postgresql];
                }
                to_cnsl-17 {
                  rule-type interzone;
                  source any;
                  from [ zone-10 zone-12 zone-11];
                  to [ zone-11 zone-10 zone-12];
                  destination [ 10.110.32.0/24 10.110.33.0/24 10.110.36.0/24 10.110.31.0/24 10.110.38.0/24];
                  application any;
                  action deny;
                  service [ mapr postgresql service-https];
                }
                to_mapr-15 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-10 zone-12];
                  to [ zone-12 zone-10 zone-11];
                  destination [ 10.110.37.0/24 10.110.38.0/24 10.110.39.0/24 10.110.33.0/24 10.110.30.0/24 10.110.34.0/24 10.110.31.0/24 10.110.32.0/24 10.110.36.0/24];
                  application any;
                  action deny;
                  service [ service-https mapr postgresql service-http];
                }
                to_api-12 {
                  rule-type interzone;
                  source any;
                  from [ zone-10 zone-11 zone-12];
                  to [ zone-12 zone-10 zone-11];
                  destination [ 10.110.30.0/24 10.110.32.0/24 10.110.31.0/24 10.110.34.0/24 10.110.38.0/24 10.110.29.0/24];
                  application any;
                  action allow;
                  service [ service-http postgresql service-https mapr];
                }
                to_app-13 {
                  rule-type interzone;
                  source any;
                  from [ zone-10 zone-12 zone-11];
                  to [ zone-12 zone-10 zone-11];
                  destination [ 10.110.34.0/24 10.110.36.0/24 10.110.32.0/24 10.110.37.0/24 10.110.31.0/24 10.110.38.0/24 10.110.39.0/24 10.110.29.0/24 10.110.30.0/24];
                  application any;
                  action allow;
                  service [ postgresql service-http service-https mapr];
                }
                to_mapr-12 {
                  rule-type interzone;
                  source any;
                  from [ zone-11 zone-10 zone-12];
                  to [ zone-10 zone-12 zone-11];
                  destination [ 10.110.31.0/24 10.110.37.0/24 10.110.35.0/24 10.110.38.0/24 10.110.39.0/24 10.110.30.0/24 10.110.33.0/24];
                  application any;
                  action deny;
                  service [ service-http service-https mapr postgresql];
                }
              }
            }
          }
          address {
            ethernet1-1-101 {
              ip-netmask 10.110.2.193/30;
            }
            ethernet1-1-102 {
              ip-netmask 10.110.2.197/30;
            }
            ethernet1-1-103 {
              ip-netmask 10.110.2.201/30;
            }
            ethernet1-1-104 {
              ip-netmask 10.110.2.205/30;
            }
            ethernet1-1-105 {
              ip-netmask 10.110.2.209/30;
            }
            ethernet1-1-108 {
              ip-netmask 10.110.2.213/30;
            }
            ethernet1-2-101 {
              ip-netmask 10.110.2.225/30;
            }
            ethernet1-2-102 {
              ip-netmask 10.110.2.229/30;
            }
            ethernet1-2-103 {
              ip-netmask 10.110.2.233/30;
            }
            ethernet1-2-104 {
              ip-netmask 10.110.2.237/30;
            }
            ethernet1-2-105 {
              ip-netmask 10.110.2.241/30;
            }
            ethernet1-2-108 {
              ip-netmask 10.110.2.217/30;
            }
          }
          display-name PA-VM1;
        }
      }
    }
  }
}


