Chinaunix首页 | 论坛 | 博客

过客

首页 |  博文目录 |  关于我

yuanmx_cu

  • 博客访问: 40499
  • 博文数量: 16
  • 博客积分: 810
  • 博客等级: 准尉
  • 技术积分: 200
  • 用 户 组: 普通用户
  • 注册时间: 2008-02-22 13:10
文章分类

全部博文(16)

文章存档

2008年(16)

我的朋友
最近访客
推荐博文
相关博文
Netscreen50 192.168.101.251

分类: 系统运维

2008-03-04 11:34:00

set clock timezone 7
set vrouter trust-vr sharable
unset vrouter "trust-vr" auto-route-export
set service "1521" protocol tcp src-port 0-65535 dst-port 1521-1521  
set service "1525" protocol tcp src-port 0-65535 dst-port 1525-1525  
set service "1630" protocol tcp src-port 0-65535 dst-port 1630-1630  
set service "20" protocol tcp src-port 0-65535 dst-port 20-20  
set service "21" protocol tcp src-port 0-65535 dst-port 21-21  
set service "22" protocol tcp src-port 0-65535 dst-port 22-22  
set service "3389" protocol tcp src-port 0-65535 dst-port 3389-3389  
set service "554" protocol tcp src-port 0-65535 dst-port 554-554  
set service "8000" protocol tcp src-port 0-65535 dst-port 8000-8000  
set service "8011" protocol tcp src-port 0-65535 dst-port 8011-8011  
set service "8080" protocol tcp src-port 0-65535 dst-port 8080-8080  
set service "8081" protocol tcp src-port 0-65535 dst-port 8081-8081  
set service "8098" protocol tcp src-port 0-65535 dst-port 8098-8098  
set service "995" protocol tcp src-port 0-65535 dst-port 995-995  
set service "21209" protocol tcp src-port 0-65535 dst-port 21209-21209  
set service "21209" + udp src-port 0-65535 dst-port 21209-21209  
set service "1755" protocol tcp src-port 0-65535 dst-port 1755-1755  
set service "1755" + udp src-port 0-65535 dst-port 1755-1755  
set service "3000" protocol tcp src-port 0-65535 dst-port 3000-3000  
set service "3000" + udp src-port 0-65535 dst-port 3000-3000  
set service "5000" protocol tcp src-port 0-65535 dst-port 5000-5000  
set service "5000" + udp src-port 0-65535 dst-port 5000-5000  
set service "443" protocol tcp src-port 0-65535 dst-port 443-443  
set service "443" + udp src-port 0-65535 dst-port 443-443  
set service "1524" protocol tcp src-port 0-65535 dst-port 1524-1524  
set service "1524" + udp src-port 0-65535 dst-port 1524-1524  
set service "1522" protocol tcp src-port 0-65535 dst-port 1522-1522  
set service "1522" + udp src-port 0-65535 dst-port 1522-1522  
set service "8010" protocol tcp src-port 0-65535 dst-port 8010-8010  
set service "8010" + udp src-port 0-65535 dst-port 8010-8010  
set service "1529" protocol tcp src-port 0-65535 dst-port 1529-1529  
set service "1529" + udp src-port 0-65535 dst-port 1529-1529  
set service "21210" protocol tcp src-port 0-65535 dst-port 21210-21210  
set service "21210" + udp src-port 0-65535 dst-port 21210-21210  
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set admin name "netscreen"
set admin password "nKkQGPrcEIULcErOysYHmMBtg7IQEn"
set admin user "yuanmx" password "nFeFMorPB5WKcRTLysNC6NLtEHDDrn" privilege "all"
set admin port 8080
set admin scs password disable username netscreen
set admin mail server-name "192.168.101.2"
set admin mail mail-addr1 "holy.yuan@tvsn.com.cn"
set admin auth timeout 10
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Trust" tcp-rst  
set zone "Untrust" block  
unset zone "Untrust" tcp-rst  
set zone "MGT" block  
set zone "DMZ" tcp-rst  
set zone "VLAN" block  
set zone "VLAN" tcp-rst  
unset zone "Untrust" screen tear-drop
unset zone "Untrust" screen syn-flood
unset zone "Untrust" screen ping-death
unset zone "Untrust" screen ip-filter-src
unset zone "Untrust" screen land
set zone "V1-Trust" screen alarm-without-drop
set zone "V1-Trust" screen icmp-flood
set zone "V1-Trust" screen udp-flood
set zone "V1-Trust" screen winnuke
set zone "V1-Trust" screen syn-flood
set zone "V1-Untrust" screen alarm-without-drop
set zone "V1-Untrust" screen icmp-flood
set zone "V1-Untrust" screen udp-flood
set zone "V1-Untrust" screen winnuke
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "ethernet1" zone "Trust"
set interface "ethernet2" zone "V1-Trust"
set interface "ethernet3" zone "V1-Untrust"
set interface "ethernet4" zone "DMZ"
unset interface vlan1 ip
set interface ethernet1 ip 192.168.101.251/24
set interface ethernet1 route
set interface ethernet4 ip 192.168.110.250/24
set interface ethernet4 route
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet4 manage-ip 192.168.110.251
set interface ethernet1 ip manageable
set interface ethernet4 ip manageable
unset interface ethernet1 manage ssh
unset interface ethernet1 manage ssl
set interface ethernet4 manage telnet
set interface ethernet4 manage snmp
set interface ethernet4 manage web
set hostname ns50
set dns host dns1 202.96.199.133
set dns host dns2 210.22.70.3
set dns host schedule 06:28
set address "Trust" "101SubNet" 192.168.101.0 255.255.255.0
set address "Trust" "107SubNet" 192.168.107.0 255.255.255.0
set address "Trust" "192.168.101.113/32" 192.168.101.113 255.255.255.255
set address "Trust" "192.168.101.145/32" 192.168.101.145 255.255.255.255
set address "Trust" "192.168.101.16/32" 192.168.101.16 255.255.255.255
set address "Trust" "192.168.101.168/32" 192.168.101.168 255.255.255.255
set address "Trust" "192.168.101.19/32" 192.168.101.19 255.255.255.255
set address "Trust" "192.168.101.4/32" 192.168.101.4 255.255.255.255
set address "Trust" "192.168.101.57/32" 192.168.101.57 255.255.255.255
set address "Untrust" "61.152.123.45/32" 61.152.123.45 255.255.255.255
set address "Untrust" "Jannis KaiFa" 222.66.4.234 255.255.255.255
set address "V1-Untrust" "211.144.200.103" 211.144.200.103 255.255.255.255
set address "V1-Untrust" "211.144.200.107" 211.144.200.107 255.255.255.255
set address "V1-Untrust" "211.144.200.108" 211.144.200.108 255.255.255.255
set address "V1-Untrust" "211.144.200.109" 211.144.200.109 255.255.255.255
set address "V1-Untrust" "222.66.4.234/32" 222.66.4.234 255.255.255.255
set address "V1-Untrust" "61.152.123.43/32" 61.152.123.43 255.255.255.255
set address "DMZ" "192.168.110.43/32" 192.168.110.43 255.255.255.255
set address "DMZ" "192.168.110.44/32" 192.168.110.44 255.255.255.255
set address "DMZ" "192.168.110.46/32" 192.168.110.46 255.255.255.255
set address "DMZ" "192.168.110.48/32" 192.168.110.48 255.255.255.255
set ike respond-bad-spi 1
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set group address "Trust" "TVSN Lan"
set group address "Trust" "TVSN Lan" add "101SubNet"
set group address "Trust" "TVSN Lan" add "107SubNet"
set group address "V1-Untrust" "TVSN"
set group address "V1-Untrust" "TVSN" add "211.144.200.103"
set group address "V1-Untrust" "TVSN" add "211.144.200.107"
set group address "V1-Untrust" "TVSN" add "211.144.200.108"
set group address "V1-Untrust" "TVSN" add "211.144.200.109"
set group address "DMZ" "TVSN Web"
set group address "DMZ" "TVSN Web" add "192.168.110.44/32"
set group address "DMZ" "TVSN Web" add "192.168.110.46/32"
set group service "IDC 2"
set group service "IDC 2" add "1521"
set group service "IDC 2" add "1630"
set group service "IDC 2" add "1755"
set group service "IDC 2" add "20"
set group service "IDC 2" add "21"
set group service "IDC 2" add "3000"
set group service "IDC 2" add "3389"
set group service "IDC 2" add "443"
set group service "IDC 2" add "5000"
set group service "IDC 2" add "554"
set group service "IDC 2" add "8000"
set group service "IDC 2" add "8011"
set group service "IDC 2" add "8080"
set group service "IDC 2" add "995"
set group service "IDC 2" add "DNS"
set group service "IDC 2" add "HTTP"
set group service "IDC 2" add "HTTPS"
set group service "IDC 2" add "MAIL"
set group service "IDC 2" add "PING"
set group service "IDC 2" add "POP3"
set group service "IDC 2" add "TELNET"
set group service "Trust-Dmz"
set group service "Trust-Dmz" add "1521"
set group service "Trust-Dmz" add "1522"
set group service "Trust-Dmz" add "1524"
set group service "Trust-Dmz" add "1525"
set group service "Trust-Dmz" add "1529"
set group service "Trust-Dmz" add "1630"
set group service "Trust-Dmz" add "1755"
set group service "Trust-Dmz" add "20"
set group service "Trust-Dmz" add "21"
set group service "Trust-Dmz" add "21209"
set group service "Trust-Dmz" add "21210"
set group service "Trust-Dmz" add "3000"
set group service "Trust-Dmz" add "3389"
set group service "Trust-Dmz" add "5000"
set group service "Trust-Dmz" add "554"
set group service "Trust-Dmz" add "8000"
set group service "Trust-Dmz" add "8010"
set group service "Trust-Dmz" add "8011"
set group service "Trust-Dmz" add "8080"
set group service "Trust-Dmz" add "8081"
set group service "Trust-Dmz" add "995"
set group service "Trust-Dmz" add "DNS"
set group service "Trust-Dmz" add "HTTP"
set group service "Trust-Dmz" add "HTTPS"
set group service "Trust-Dmz" add "MAIL"
set group service "Trust-Dmz" add "PING"
set group service "Trust-Dmz" add "SNMP"
set group service "Vtrust-Vuntrust"
set group service "Vtrust-Vuntrust" add "1521"
set group service "Vtrust-Vuntrust" add "1630"
set group service "Vtrust-Vuntrust" add "1755"
set group service "Vtrust-Vuntrust" add "20"
set group service "Vtrust-Vuntrust" add "21"
set group service "Vtrust-Vuntrust" add "3000"
set group service "Vtrust-Vuntrust" add "3389"
set group service "Vtrust-Vuntrust" add "5000"
set group service "Vtrust-Vuntrust" add "554"
set group service "Vtrust-Vuntrust" add "8000"
set group service "Vtrust-Vuntrust" add "8080"
set group service "Vtrust-Vuntrust" add "8098"
set group service "Vtrust-Vuntrust" add "995"
set group service "Vtrust-Vuntrust" add "DNS"
set group service "Vtrust-Vuntrust" add "HTTP"
set group service "Vtrust-Vuntrust" add "HTTPS"
set group service "Vtrust-Vuntrust" add "LDAP"
set group service "Vtrust-Vuntrust" add "MAIL"
set group service "Vtrust-Vuntrust" add "PING"
set group service "Vtrust-Vuntrust" add "POP3"
set group service "Vtrust-Vuntrust" add "TELNET"
set group service "Vuntrust-Vtrust"
set group service "Vuntrust-Vtrust" add "1521"
set group service "Vuntrust-Vtrust" add "1630"
set group service "Vuntrust-Vtrust" add "1755"
set group service "Vuntrust-Vtrust" add "20"
set group service "Vuntrust-Vtrust" add "21"
set group service "Vuntrust-Vtrust" add "3000"
set group service "Vuntrust-Vtrust" add "5000"
set group service "Vuntrust-Vtrust" add "554"
set group service "Vuntrust-Vtrust" add "HTTP"
set group service "Vuntrust-Vtrust" add "HTTPS"
set group service "Vuntrust-Vtrust" add "PING"
set policy id 1 from "Trust" to "DMZ"  "Any" "Any" "Trust-Dmz" permit log count  
set policy id 2 from "V1-Untrust" to "V1-Trust"  "Any" "Any" "IDC 2" permit log count  
set policy id 4 from "DMZ" to "Trust"  "Any" "Any" "Trust-Dmz" permit log count  
set policy id 5 from "V1-Trust" to "V1-Untrust"  "Any" "Any" "ANY" permit log count  
set policy id 6 from "Trust" to "DMZ"  "192.168.101.16/32" "Any" "ANY" permit log count  
set policy id 7 from "Trust" to "DMZ"  "192.168.101.168/32" "Any" "ANY" permit log count  
set policy id 9 from "Trust" to "DMZ"  "192.168.101.4/32" "Any" "ANY" permit log count  
set syslog config "192.168.101.19"
set syslog config "192.168.101.19" facilities local0 local0
set syslog config "192.168.101.19" log traffic
set syslog config "192.168.101.19" transport tcp
set syslog config "192.168.101.168"
set syslog config "192.168.101.168" facilities local0 local0
set syslog config "192.168.101.168" log traffic
set syslog config "192.168.101.168" transport tcp
set syslog config "192.168.101.16"
set syslog config "192.168.101.16" facilities local0 local0
set syslog config "192.168.101.16" log traffic
set syslog config "192.168.101.16" transport tcp
set syslog enable
set firewall log-self
set nsmgmt report proto-dist enable
set nsmgmt report statistics ethernet enable
set nsmgmt report statistics attack enable
set nsmgmt report statistics flow enable
set nsmgmt report statistics policy enable
set nsmgmt report alarm traffic enable
set nsmgmt report alarm attack enable
set nsmgmt report alarm other enable
set nsmgmt report alarm di enable
set nsmgmt report log config enable
set nsmgmt report log self enable
set nsmgmt report log traffic enable
set ssh version v2
set config lock timeout 5
set ntp server "0.0.0.0"
set ntp server backup1 "0.0.0.0"
set ntp server backup2 "0.0.0.0"
set snmp community "public" Read-Write Trap-on  traffic version any
set snmp host "public" 192.168.110.43 255.255.255.255 src-interface ethernet4 trap v1
set snmp host "public" 192.168.101.0 255.255.255.0  
set snmp location "406"
set snmp contact "holy.yuan@tvsn.com.cn"
set snmp name "netscreen50"
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
set route  192.168.107.0/24 interface ethernet1 gateway 192.168.101.253
set route  0.0.0.0/0 interface ethernet1 gateway 192.168.101.253
exit 
阅读(1449) | 评论(0) | 转发(0) |
0

上一篇:Netscreen25 192.168.101.250

下一篇:Netscreen50 192.168.101.252

给主人留下些什么吧!~~
关于我们 | 关于IT168 | 联系方式 | 广告合作 | 法律声明 | 免费注册

Copyright 2001-2010 ChinaUnix.net All Rights Reserved 北京皓辰网域网络信息技术有限公司. 版权所有

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6