您的当前位置:首页正文

Netscreen策略

2020-08-13 来源:榕意旅游网


ns204-> get config Total Config size 3756: set auth-server \"Local\" id 0

set auth-server \"Local\" server-name \"Local\" set auth default auth server \"Local\" set clock \"timezone\" 0 set admin format dos set admin name \"zxin10\"

set admin password nLOVGprGEUyNcJaMQshOv1EtjyMfpn set admin auth timeout 10 set admin auth server \"Local\" set vrouter trust-vr sharable

unset vrouter \"trust-vr\" auto-route-export set zone \"Trust\" vrouter \"trust-vr\" set zone \"Untrust\" vrouter \"trust-vr\" set zone \"DMZ\" vrouter \"trust-vr\" set zone \"Trust\" tcp-rst set zone \"Untrust\" block unset zone \"Untrust\" tcp-rst set zone \"DMZ\" tcp-rst set zone \"MGT\" block set zone \"MGT\" tcp-rst

set zone Untrust screen winnuke set zone Untrust screen port-scan set zone Untrust screen ip-sweep set zone Untrust screen tear-drop set zone Untrust screen syn-flood set zone Untrust screen ip-spoofing set zone Untrust screen ping-death set zone Untrust screen ip-filter-src set zone Untrust screen land

set zone Untrust screen icmp-fragment set zone Untrust screen icmp-large

set zone Untrust screen limit-session source-ip-based set zone Untrust screen syn-ack-ack-proxy set zone Untrust screen block-frag

set zone Untrust screen limit-session destination-ip-based set zone Untrust screen component-block zip set zone Untrust screen component-block jar set zone Untrust screen component-block exe set zone Untrust screen component-block activex set zone V1-Untrust screen tear-drop set zone V1-Untrust screen syn-flood set zone V1-Untrust screen ping-death

set zone V1-Untrust screen ip-filter-src set zone V1-Untrust screen land

set interface \"ethernet1\" zone \"Trust\" set interface \"ethernet2\" zone \"DMZ\" set interface \"ethernet3\" zone \"Untrust\" unset interface vlan1 ip

set interface ethernet1 ip 210.120.1.101/24 set interface ethernet1 nat

set interface ethernet2 ip 192.1.1.1/24 set interface ethernet2 route

set interface ethernet3 ip 222.77.183.21/24 set interface ethernet3 route

unset interface vlan1 bypass-others-ipsec unset interface vlan1 bypass-non-ip set interface vlan1 ip manageable set interface ethernet1 ip manageable set interface ethernet2 ip manageable set interface ethernet3 ip manageable set interface ethernet2 manage telnet set interface ethernet2 manage web

set interface ethernet3 vip 222.77.183.201 set interface ethernet3 vip 222.77.183.202

set interface \"ethernet2\" mip 192.1.1.2 host 210.120.1.150 netmask 255.255.255.\" set interface \"ethernet2\" mip 192.1.1.3 host 210.120.1.158 netmask 255.255.255.\" set interface \"ethernet3\" mip 222.77.183.22 host 210.120.1.155 netmask 255.255.\" set snmp name \"ns204\" set ike policy-checking set ike respond-bad-spi 1 set ike id-mode subnet set xauth lifetime 480

set xauth default auth server Local

set policy id 1 from \"Trust\" to \"Untrust\" \"Any\" \"Any\" \"ANY\" Permit set policy id 9 from \"Trust\" to \"DMZ\" \"Any\" \"Any\" \"ANY\" Permit

set policy id 10 from \"DMZ\" to \"Global\" \"Any\" \"MIP(192.1.1.2)\" \"ANY\" Permit set policy id 11 from \"DMZ\" to \"Trust\" \"Any\" \"MIP(192.1.1.3)\" \"ANY\" Permit set policy id 12 name \"http\" from \"Untrust\" to \"Global\" \"Any\" \"MIP(222.77.183. set policy id 13 name \"ftp\" from \"Untrust\" to \"Global\" \"Any\" \"MIP(222.77.183.2 set policy id 14 from \"Untrust\" to \"Global\" \"Any\" \"MIP(222.77.183.22)\" \"PC-Any unset global-pro policy-manager primary outgoing-interface unset global-pro policy-manager secondary outgoing-interface set pki authority default scep mode \"auto\" set pki x509 default cert-path partial set vrouter \"untrust-vr\" exit

set vrouter \"trust-vr\"

因篇幅问题不能全部显示,请点此查看更多更全内容