Chinaunix首页 | 论坛 | 博客

过客

首页 |  博文目录 |  关于我

yuanmx_cu

  • 博客访问: 41304
  • 博文数量: 16
  • 博客积分: 810
  • 博客等级: 准尉
  • 技术积分: 200
  • 用 户 组: 普通用户
  • 注册时间: 2008-02-22 13:10
文章分类

全部博文(16)

文章存档

2008年(16)

我的朋友
最近访客
推荐博文
相关博文
Netscreen50 192.168.101.252

分类: 系统运维

2008-03-04 11:36:33

set clock timezone 0
set vrouter trust-vr sharable
unset vrouter "trust-vr" auto-route-export
set service "1521" protocol tcp src-port 0-65535 dst-port 1521-1521  
set service "1630" protocol tcp src-port 0-65535 dst-port 1630-1630  
set service "20" protocol tcp src-port 0-65535 dst-port 20-20  
set service "21" protocol tcp src-port 0-65535 dst-port 21-21  
set service "3000" protocol tcp src-port 0-65535 dst-port 3000-3000  
set service "3389" protocol tcp src-port 0-65535 dst-port 3389-3389  
set service "5000" protocol tcp src-port 0-65535 dst-port 5000-5000  
set service "8080" protocol tcp src-port 0-65535 dst-port 8080-8080  
set service "995" protocol tcp src-port 0-65535 dst-port 995-995  
set service "1755" protocol tcp src-port 0-65535 dst-port 1755-1755  
set service "1755" + udp src-port 0-65535 dst-port 1755-1755  
set service "554" protocol tcp src-port 0-65535 dst-port 554-554  
set service "554" + udp src-port 0-65535 dst-port 554-554  
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set admin name "netscreen"
set admin password "nKkQGPrcEIULcErOysYHmMBtg7IQEn"
set admin user "yuanmx" password "nFeFMorPB5WKcRTLysNC6NLtEHDDrn" privilege "all"
set admin port 8080
set admin scs password disable username netscreen
set admin auth timeout 10
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Trust" tcp-rst  
set zone "Untrust" block  
unset zone "Untrust" tcp-rst  
set zone "MGT" block  
set zone "DMZ" tcp-rst  
set zone "VLAN" block  
set zone "VLAN" tcp-rst  
unset zone "Untrust" screen tear-drop
unset zone "Untrust" screen syn-flood
unset zone "Untrust" screen ping-death
unset zone "Untrust" screen ip-filter-src
unset zone "Untrust" screen land
set zone "V1-Untrust" screen alarm-without-drop
set zone "V1-Untrust" screen icmp-flood
set zone "V1-Untrust" screen udp-flood
set zone "V1-Untrust" screen winnuke
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "ethernet1" zone "Trust"
set interface "ethernet2" zone "V1-Trust"
set interface "ethernet3" zone "Untrust"
set interface "ethernet4" zone "V1-Untrust"
unset interface vlan1 ip
set interface ethernet1 ip 192.168.101.252/24
set interface ethernet1 nat
set interface ethernet3 ip 210.5.153.2/28
set interface ethernet3 nat
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet1 ip manageable
set interface ethernet3 ip manageable
set interface ethernet3 manage ping
set interface ethernet3 manage telnet
set interface ethernet3 vip untrust 21 "FTP" 192.168.101.168
set interface "ethernet3" mip 210.5.153.6 host 192.168.101.168 netmask 255.255.255.255 vrouter "trust-vr"
set hostname ns50
set dns host dns1 210.22.70.3
set address "Trust" "192.168.100.103/32" 192.168.100.103 255.255.255.255
set address "Trust" "192.168.101.130/32" 192.168.101.130 255.255.255.255
set address "Trust" "192.168.101.168/32" 192.168.101.168 255.255.255.255
set address "Trust" "192.168.101.222/32" 192.168.101.222 255.255.255.255
set ike respond-bad-spi 1
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set group service ""
set group service "" add "1521"
set group service "" add "1630"
set group service "" add "1755"
set group service "" add "20"
set group service "" add "21"
set group service "" add "3000"
set group service "" add "3389"
set group service "" add "5000"
set group service "" add "554"
set group service "" add "8080"
set group service "" add "995"
set group service "" add "DNS"
set group service "" add "HTTP"
set group service "" add "HTTPS"
set group service "" add "MAIL"
set group service "" add "PING"
set group service "" add "POP3"
set group service "" add "TELNET"
set policy id 1 from "Trust" to "Untrust"  "192.168.101.168/32" "Any" "ANY" permit  
set policy id 2 from "V1-Trust" to "V1-Untrust"  "Any" "Any" "" permit log count  
set policy id 3 from "V1-Untrust" to "V1-Trust"  "Any" "Any" "" permit log count  
set policy id 4 from "Untrust" to "Trust"  "Any" "VIP(ethernet3)" "ANY" permit log count  
set ssh version v2
set config lock timeout 5
set snmp community "public" Read-Write Trap-on  traffic version v1
set snmp host "public" 192.168.101.169 255.255.255.255 trap v1
set snmp host "public" 192.168.110.43 255.255.255.255 trap v1
set snmp host "public" 192.168.101.168 255.255.255.255 trap v1
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
set route  192.168.107.0/24 interface ethernet1 gateway 192.168.101.253
set route  192.168.110.0/24 interface ethernet1 gateway 192.168.101.251
set route  0.0.0.0/0 interface ethernet3 gateway 210.5.153.1
set route  192.168.2.0/24 interface ethernet1 gateway 192.168.101.250
set route  192.168.100.0/24 interface ethernet1 gateway 192.168.101.4
exit 
阅读(670) | 评论(0) | 转发(0) |
0

上一篇:Netscreen50 192.168.101.251

下一篇:Cisco 2950 实例配置

给主人留下些什么吧!~~
关于我们 | 关于IT168 | 联系方式 | 广告合作 | 法律声明 | 免费注册

Copyright 2001-2010 ChinaUnix.net All Rights Reserved 北京皓辰网域网络信息技术有限公司. 版权所有

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6