Chinaunix首页 | 论坛 | 博客
  • 博客访问: 85538
  • 博文数量: 15
  • 博客积分: 810
  • 博客等级: 准尉
  • 技术积分: 202
  • 用 户 组: 普通用户
  • 注册时间: 2008-02-22 13:10
文章分类
文章存档

2008年(15)

我的朋友
最近访客

分类: 系统运维

2008-03-04 11:28:59

set clock timezone 7
set vrouter trust-vr sharable
unset vrouter "trust-vr" auto-route-export
set service "10000" protocol tcp src-port 0-65535 dst-port 10000-10000  
set service "110" protocol tcp src-port 0-65535 dst-port 110-110  
set service "119" protocol tcp src-port 0-65535 dst-port 119-119  
set service "135" protocol tcp src-port 0-65535 dst-port 135-135  
set service "1521" protocol tcp src-port 0-65535 dst-port 1521-1521  
set service "1630" protocol tcp src-port 0-65535 dst-port 1630-1630  
set service "1723" protocol tcp src-port 0-65535 dst-port 1723-1723  
set service "21" protocol tcp src-port 0-65535 dst-port 21-21  
set service "22" protocol tcp src-port 0-65535 dst-port 22-22  
set service "23" protocol tcp src-port 0-65535 dst-port 23-23  
set service "25" protocol tcp src-port 0-65535 dst-port 25-25  
set service "3300" protocol tcp src-port 0-65535 dst-port 3300-3300  
set service "3333" protocol tcp src-port 0-65535 dst-port 3333-3333  
set service "3389" protocol tcp src-port 0-65535 dst-port 3389-3389  
set service "37" protocol tcp src-port 0-65535 dst-port 37-37  
set service "389" protocol tcp src-port 0-65535 dst-port 389-389  
set service "445" protocol tcp src-port 0-65535 dst-port 445-445  
set service "53" protocol tcp src-port 0-65535 dst-port 53-53  
set service "5500" protocol tcp src-port 0-65535 dst-port 5500-5500  
set service "554" protocol tcp src-port 0-65535 dst-port 554-554  
set service "755" protocol tcp src-port 0-65535 dst-port 755-755  
set service "80" protocol tcp src-port 0-65535 dst-port 80-80  
set service "8000" protocol tcp src-port 0-65535 dst-port 8000-8000  
set service "8001" protocol tcp src-port 0-65535 dst-port 8001-8001  
set service "8098" protocol tcp src-port 0-65535 dst-port 8098-8098  
set service "8099" protocol tcp src-port 0-65535 dst-port 8099-8099  
set service "9001" protocol tcp src-port 0-65535 dst-port 9001-9001  
set service "UDP 1701" protocol udp src-port 0-65535 dst-port 1701-1701  
set service "1755" protocol tcp src-port 0-65535 dst-port 1755-1755  
set service "1755" + udp src-port 0-65535 dst-port 1755-1755  
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set auth banner telnet fail "Firewall User Authentication: Failed "
set admin name "netscreen"
set admin password "nKkQGPrcEIULcErOysYHmMBtg7IQEn"
set admin user "anzealx" password "nNgjOXrcFjVMcohLXs0G1lFtDyGaPn" privilege "all"
set admin user "admin" password "nCQtGnr8AsTLcUlBfs/Pu+KtPACfTn" privilege "all"
set admin port 8080
set admin ssh port 1025
set admin scs password disable username netscreen
set admin mail server-name "192.168.101.2"
set admin mail mail-addr1 "holy.yuan@tvsn.com.cn"
set admin mail mail-addr2 "anzeal.xin@tvsn.com.cn"
set admin auth timeout 10
set admin auth server "Local"
set admin privilege read-write
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Trust" tcp-rst  
set zone "Untrust" block  
unset zone "Untrust" tcp-rst  
set zone "MGT" block  
set zone "DMZ" tcp-rst  
set zone "VLAN" block  
set zone "VLAN" tcp-rst  
set zone "Untrust" screen alarm-without-drop
set zone "Untrust" screen icmp-flood
set zone "Untrust" screen udp-flood
set zone "Untrust" screen winnuke
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
unset zone "Untrust" screen ip-filter-src
unset zone "Untrust" screen land
set zone "V1-Trust" screen alarm-without-drop
set zone "V1-Trust" screen icmp-flood
set zone "V1-Trust" screen udp-flood
set zone "V1-Trust" screen syn-flood
set zone "V1-Untrust" screen alarm-without-drop
set zone "V1-Untrust" screen icmp-flood
set zone "V1-Untrust" screen udp-flood
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
unset zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set zone "Untrust" screen icmp-flood threshold 10000
set zone "Untrust" screen udp-flood threshold 10000
set zone "Untrust" screen mal-url "002" "" 32
set zone "Untrust" screen syn-flood timeout 40
set zone "Untrust" screen syn-flood attack-threshold 2000
set zone "Untrust" screen syn-flood source-threshold 10240
set interface "ethernet1" zone "Trust"
set interface "ethernet2" zone "V1-Trust"
set interface "ethernet3" zone "Untrust"
set interface "ethernet4" zone "V1-Untrust"
unset interface vlan1 ip
set interface ethernet1 ip 192.168.101.250/24
set interface ethernet1 nat
set interface ethernet3 ip 210.5.145.52/29
set interface ethernet3 nat
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet1 ip manageable
set interface ethernet3 ip manageable
set interface ethernet1 manage ident-reset
set interface ethernet3 manage ping
set interface ethernet3 manage telnet
set interface ethernet3 vip untrust 80 "HTTP" 192.168.101.2
set interface ethernet3 vip untrust 21 "FTP" 192.168.101.19
set interface ethernet3 vip untrust 25 "MAIL" 192.168.101.13 manual
set interface ethernet3 vip untrust 443 "HTTPS" 192.168.101.13 manual
set interface ethernet3 vip untrust 10000 "10000" 192.168.101.13 manual
set interface ethernet3 vip untrust 22 "22" 192.168.101.13 manual
set interface ethernet3 vip untrust 9001 "9001" 192.168.107.243
set interface ethernet3 vip untrust 8001 "8001" 192.168.107.243
set domain tvsn.com.cn
set hostname netscreen25
set dns host dns1 192.168.101.19
set dns host dns2 202.96.199.133
set dns host schedule 06:28
set address "Trust" "107" 192.168.107.0 255.255.255.0
set address "Trust" "192.168.10.0" 192.168.10.0 255.255.255.0
set address "Trust" "192.168.101.0/24" 192.168.101.0 255.255.255.0
set address "Trust" "192.168.101.10/32" 192.168.101.10 255.255.255.255
set address "Trust" "192.168.101.107/32" 192.168.101.107 255.255.255.255
set address "Trust" "192.168.101.110/32" 192.168.101.110 255.255.255.255
set address "Trust" "192.168.101.115/32" 192.168.101.115 255.255.255.255
set address "Trust" "192.168.101.119/32" 192.168.101.119 255.255.255.255
set address "Trust" "192.168.101.125/32" 192.168.101.125 255.255.255.255
set address "Trust" "192.168.101.130/32" 192.168.101.130 255.255.255.255
set address "Trust" "192.168.101.132/32" 192.168.101.132 255.255.255.255
set address "Trust" "192.168.101.140/32" 192.168.101.140 255.255.255.255
set address "Trust" "192.168.101.143/32" 192.168.101.143 255.255.255.255
set address "Trust" "192.168.101.145/32" 192.168.101.145 255.255.255.255
set address "Trust" "192.168.101.148/32" 192.168.101.148 255.255.255.255
set address "Trust" "192.168.101.150/32" 192.168.101.150 255.255.255.255
set address "Trust" "192.168.101.155/32" 192.168.101.155 255.255.255.255
set address "Trust" "192.168.101.158/32" 192.168.101.158 255.255.255.255
set address "Trust" "192.168.101.16/32" 192.168.101.16 255.255.255.255
set address "Trust" "192.168.101.165/32" 192.168.101.165 255.255.255.255
set address "Trust" "192.168.101.168/32" 192.168.101.168 255.255.255.255
set address "Trust" "192.168.101.169/32" 192.168.101.169 255.255.255.255
set address "Trust" "192.168.101.170/32" 192.168.101.170 255.255.255.255
set address "Trust" "192.168.101.175/32" 192.168.101.175 255.255.255.255
set address "Trust" "192.168.101.176/32" 192.168.101.176 255.255.255.255
set address "Trust" "192.168.101.177/32" 192.168.101.177 255.255.255.255
set address "Trust" "192.168.101.18/32" 192.168.101.18 255.255.255.255
set address "Trust" "192.168.101.188/32" 192.168.101.188 255.255.255.255
set address "Trust" "192.168.101.190/32" 192.168.101.190 255.255.255.255
set address "Trust" "192.168.101.197/32" 192.168.101.197 255.255.255.255
set address "Trust" "192.168.101.199/32" 192.168.101.199 255.255.255.255
set address "Trust" "192.168.101.221/32" 192.168.101.221 255.255.255.255
set address "Trust" "192.168.101.222/32" 192.168.101.222 255.255.255.255
set address "Trust" "192.168.101.231/32" 192.168.101.231 255.255.255.255
set address "Trust" "192.168.101.241/32" 192.168.101.241 255.255.255.255
set address "Trust" "192.168.101.252/32" 192.168.101.252 255.255.255.255
set address "Trust" "192.168.101.33/32" 192.168.101.33 255.255.255.255
set address "Trust" "192.168.101.4/32" 192.168.101.4 255.255.255.255
set address "Trust" "192.168.101.41/32" 192.168.101.41 255.255.255.255
set address "Trust" "192.168.101.46/32" 192.168.101.46 255.255.255.255
set address "Trust" "192.168.101.50/32" 192.168.101.50 255.255.255.255
set address "Trust" "192.168.101.63/32" 192.168.101.63 255.255.255.255
set address "Trust" "192.168.101.65/32" 192.168.101.65 255.255.255.255
set address "Trust" "192.168.101.74/32" 192.168.101.74 255.255.255.255
set address "Trust" "192.168.101.75/32" 192.168.101.75 255.255.255.255
set address "Trust" "192.168.101.83/32" 192.168.101.83 255.255.255.255
set address "Trust" "192.168.101.85/32" 192.168.101.85 255.255.255.255
set address "Trust" "192.168.101.90/32" 192.168.101.90 255.255.255.255
set address "Trust" "192.168.101.92/32" 192.168.101.92 255.255.255.255
set address "Trust" "192.168.101.97/32" 192.168.101.97 255.255.255.255
set address "Trust" "192.168.101.98/32" 192.168.101.98 255.255.255.255
set address "Trust" "192.168.107.0/24" 192.168.107.0 255.255.255.0
set address "Trust" "192.168.107.101/32" 192.168.107.101 255.255.255.255
set address "Trust" "192.168.107.21/32" 192.168.107.21 255.255.255.255
set address "Trust" "192.168.107.241/32" 192.168.107.241 255.255.255.255
set address "Trust" "192.168.107.242/32" 192.168.107.242 255.255.255.255
set address "Trust" "192.168.107.243/32" 192.168.107.243 255.255.255.255
set address "Trust" "192.168.107.3/32" 192.168.107.3 255.255.255.255
set address "Trust" "192.168.107.43/32" 192.168.107.43 255.255.255.255
set address "Trust" "192.168.107.53/32" 192.168.107.53 255.255.255.255
set address "Trust" "192.168.107.62/32" 192.168.107.62 255.255.255.255
set address "Trust" "192.168.110.43/32" 192.168.110.43 255.255.255.255
set address "Trust" "192.168.110.47/32" 192.168.110.47 255.255.255.255
set address "Trust" "192.168.110.48/32" 192.168.110.48 255.255.255.255
set address "Trust" "Aaron" 192.168.101.136 255.255.255.255
set address "Trust" "Angelo" 192.168.101.46 255.255.255.255
set address "Trust" "Anzeal Xin" 192.168.101.92 255.255.255.255
set address "Trust" "EMail" 192.168.101.242 255.255.255.255
set address "Trust" "EMAILBAP" 192.168.101.19 255.255.255.255
set address "Trust" "Finance" 192.168.101.115 255.255.255.255
set address "Trust" "HOLY" 192.168.101.168 255.255.255.255
set address "Trust" "Holy VPN" 192.168.10.168 255.255.255.255
set address "Trust" "ISA" 192.168.101.4 255.255.255.255
set address "Trust" "ISA WAN" 192.168.101.241 255.255.255.255
set address "Trust" "Jacky-M Web" 192.168.101.75 255.255.255.255
set address "Trust" "Jacob" 192.168.101.48 255.255.255.255
set address "Trust" "MAIL" 192.168.101.2 255.255.255.255
set address "Trust" "Mail fan la ji" 192.168.101.13 255.255.255.255
set address "Trust" "Nancy BJBS" 192.168.101.173 255.255.255.255
set address "Trust" "Netscreen50" 192.168.101.251 255.255.255.255
set address "Trust" "Oracle DB1 101.200" 192.168.101.200 255.255.255.255
set address "Trust" "Sun Vmware" 192.168.101.222 255.255.255.255
set address "Trust" "TVSNCN1" 192.168.101.11 255.255.255.255
set address "Trust" "TVSNDC1" 192.168.101.10 255.255.255.255
set address "Trust" "TVSNWB1" 192.168.101.16 255.255.255.255
set address "Trust" "vitualA" 192.168.10.19 255.255.255.255
set address "Trust" "web3" 192.168.110.43 255.255.255.255
set address "Trust" "Wsus" 192.168.101.16 255.255.255.255
set address "Untrust" "192.168.101.0/24" 192.168.101.0 255.255.255.0
set address "Untrust" "192.168.20.0" 192.168.20.0 255.255.255.0
set address "Untrust" "210.5.145.0/24" 210.5.145.0 255.255.255.0
set address "Untrust" "210.5.145.144/29" 210.5.145.144 255.255.255.248
set address "Untrust" "210.5.145.48/29" 210.5.145.48 255.255.255.248
set address "Untrust" "210.5.153.0/24" 210.5.153.0 255.255.255.0
set address "Untrust" "210.5.153.0/28" 210.5.153.0 255.255.255.240
set address "Untrust" "210.5.153.3/32" 210.5.153.3 255.255.255.255
set address "Untrust" "210.51.21.25/32" 210.51.21.25 255.255.255.255
set address "Untrust" "211.157.219.29/32" 211.157.219.29 255.255.255.255
set address "Untrust" "61.152.123.43" 61.152.123.43 255.255.255.255
set address "Untrust" "61.152.123.44" 61.152.123.44 255.255.255.255
set address "Untrust" "61.152.123.45" 61.52.123.45 255.255.255.255
set address "Untrust" "61.152.123.46" 61.152.123.46 255.255.255.255
set address "Untrust" "IDC route vpn" 192.168.4.0 255.255.255.0
set address "Untrust" "Internet" 0.0.0.0 0.0.0.0
set address "Untrust" "Internet DNS1" 61.152.122.131 255.255.255.255
set address "Untrust" "Internet DNS2" 61.152.122.132 255.255.255.255
set address "Untrust" "L2TP VPN" 192.168.2.0 255.255.255.0
set address "Untrust" "Logistic" 218.80.115.160 255.255.255.255
set address "Untrust" "Server 43" 192.168.20.43 255.255.255.255
set address "Untrust" "Server 44" 192.168.20.44 255.255.255.255
set address "Untrust" "Server 46" 192.168.20.46 255.255.255.255
set address "V1-Untrust" "220.196.125.151/32" 220.196.125.151 255.255.255.255
set address "DMZ" "192.168.101.168/32" 192.168.101.168 255.255.255.255
set address "DMZ" "email" 192.168.101.2 255.255.255.255
set ippool "192.168.2.0" 192.168.2.100 192.168.2.200
set ippool "192.168.3.0" 192.168.3.100 192.168.3.200
set user "angelo" uid 9
set user "angelo" type  l2tp
set user "angelo" remote ippool "192.168.2.0"
set user "angelo" password "Tvsnangelo"
unset user "angelo" type auth
set user "angelo" "enable"
set user "anzealx" uid 8
set user "anzealx" type  l2tp
set user "anzealx" remote ippool "192.168.2.0"
set user "anzealx" password "Tvsnanzealx"
unset user "anzealx" type auth
set user "anzealx" "enable"
set user "atom" uid 6
set user "atom" type  l2tp
set user "atom" remote ippool "192.168.2.0"
set user "atom" password "Tvsnatom"
unset user "atom" type auth
set user "atom" "enable"
set user "chuik" uid 15
set user "chuik" type  l2tp
set user "chuik" password "tvsn1758"
unset user "chuik" type auth
set user "chuik" "enable"
set user "ciciw" uid 18
set user "ciciw" type  l2tp
set user "ciciw" password "tvsn1758"
unset user "ciciw" type auth
set user "ciciw" "enable"
set user "dapeng" uid 20
set user "dapeng" type  l2tp
set user "dapeng" password "Tvsn.dapeng"
unset user "dapeng" type auth
set user "dapeng" "enable"
set user "david" uid 3
set user "david" type  l2tp
set user "david" remote ippool "192.168.2.0"
set user "david" password "Tvsndavid"
unset user "david" type auth
set user "david" "enable"
set user "eric" uid 5
set user "eric" type  l2tp
set user "eric" remote ippool "192.168.2.0"
set user "eric" password "Tvsneric"
unset user "eric" type auth
set user "eric" "enable"
set user "erp" uid 21
set user "erp" type  l2tp
set user "erp" password "temperp"
unset user "erp" type auth
set user "erp" "enable"
set user "erptemp" uid 34
set user "erptemp" type  l2tp
set user "erptemp" password "erp_temp"
unset user "erptemp" type auth
set user "erptemp" "enable"
set user "fionl" uid 22
set user "fionl" type  l2tp
set user "fionl" password "Tvsnfionl"
unset user "fionl" type auth
set user "fionl" "enable"
set user "flora" uid 28
set user "flora" type  l2tp
set user "flora" remote ippool "192.168.2.0"
set user "flora" password "Tvsnflora"
unset user "flora" type auth
set user "flora" "enable"
set user "gavin" uid 32
set user "gavin" type  l2tp
set user "gavin" password "Tvsn.gavia"
unset user "gavin" type auth
set user "gavin" "enable"
set user "gongsong" uid 41
set user "gongsong" type  l2tp
set user "gongsong" password "Tvsn_gongsong"
unset user "gongsong" type auth
set user "gongsong" "enable"
set user "guohuay" uid 13
set user "guohuay" type  l2tp
set user "guohuay" password "tvsn1758"
unset user "guohuay" type auth
set user "guohuay" "enable"
set user "jannyz" uid 14
set user "jannyz" type  l2tp
set user "jannyz" password "tvsnjannyz"
unset user "jannyz" type auth
set user "jannyz" "enable"
set user "jincheng" uid 37
set user "jincheng" type  l2tp
set user "jincheng" password "jinchengtest"
unset user "jincheng" type auth
set user "jincheng" "enable"
set user "larryx" uid 38
set user "larryx" type  l2tp
set user "larryx" password "Tvsnlarryx"
unset user "larryx" type auth
set user "larryx" "enable"
set user "lindazhu" uid 39
set user "lindazhu" type  l2tp
set user "lindazhu" password "Tvsn_lindazhu"
unset user "lindazhu" type auth
set user "lindazhu" "enable"
set user "liutao" uid 42
set user "liutao" type  l2tp
set user "liutao" password "Tvsn_liutao"
unset user "liutao" type auth
set user "liutao" "enable"
set user "manuelaf" uid 19
set user "manuelaf" type  l2tp
set user "manuelaf" password "tvsn1758"
unset user "manuelaf" type auth
set user "manuelaf" "enable"
set user "martin" uid 35
set user "martin" type  l2tp
set user "martin" password "Tvsnmartin"
unset user "martin" type auth
set user "martin" "enable"
set user "mayq" uid 16
set user "mayq" type  l2tp
set user "mayq" password "tvsn1758"
unset user "mayq" type auth
set user "mayq" "enable"
set user "pengda" uid 26
set user "pengda" type  l2tp
set user "pengda" password "Tvsn.pengda"
unset user "pengda" type auth
set user "pengda" "enable"
set user "prisca" uid 36
set user "prisca" type  l2tp
set user "prisca" password "Tvsn_prisca"
unset user "prisca" type auth
set user "prisca" "enable"
set user "rexchiang" uid 40
set user "rexchiang" type  l2tp
set user "rexchiang" password "Tvsn_rexchiang"
unset user "rexchiang" type auth
set user "rexchiang" "enable"
set user "sheny" uid 17
set user "sheny" type  l2tp
set user "sheny" password "tvsn1758"
unset user "sheny" type auth
set user "sheny" "enable"
set user "yuanmx" uid 31
set user "yuanmx" type  l2tp
set user "yuanmx" password "Tvsnyuanmx"
unset user "yuanmx" type auth
set user "yuanmx" "enable"
set user "zhangh" uid 33
set user "zhangh" type  l2tp
set user "zhangh" password "Tvsnzhangh"
unset user "zhangh" type auth
set user "zhangh" "enable"
set user-group "Directory Manager" id 5
set user-group "Directory Manager" user "rexchiang"
set user-group "JiNan" id 7
set user-group "JiNan" user "liutao"
set user-group "Logistic" id 3
set user-group "Logistic" user "chuik"
set user-group "Logistic" user "ciciw"
set user-group "Logistic" user "guohuay"
set user-group "Logistic" user "manuelaf"
set user-group "Logistic" user "prisca"
set user-group "Logistic" user "sheny"
set user-group "Other" id 6
set user-group "Other" user "gongsong"
set user-group "Other" user "lindazhu"
set user-group "TVSN IT" id 2
set user-group "TVSN IT" user "angelo"
set user-group "TVSN IT" user "anzealx"
set user-group "TVSN IT" user "atom"
set user-group "TVSN IT" user "david"
set user-group "TVSN IT" user "eric"
set user-group "TVSN IT" user "erptemp"
set user-group "TVSN IT" user "fionl"
set user-group "TVSN IT" user "flora"
set user-group "TVSN IT" user "jincheng"
set user-group "TVSN IT" user "larryx"
set user-group "TVSN IT" user "martin"
set user-group "TVSN IT" user "yuanmx"
set user-group "TVSN IT" user "zhangh"
set ike respond-bad-spi 1
set l2tp default dns1 192.168.101.10
set l2tp default dns2 192.168.107.3
set l2tp default ppp-auth chap
set l2tp default wins1 192.168.107.3
set l2tp "l2tp" id 7 outgoing-interface ethernet3 keepalive 60
set l2tp "l2tp" remote-setting ippool "192.168.2.0" dns1 192.168.101.10 dns2 192.168.107.3
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set group address "Untrust" "TVSN Web"
set group address "Untrust" "TVSN Web" add "210.5.145.144/29"
set group address "Untrust" "TVSN Web" add "210.5.145.48/29"
set group address "Untrust" "TVSN Web" add "210.5.153.0/28"
set group service "TVSN port"
set group service "TVSN port" add "10000"
set group service "TVSN port" add "110"
set group service "TVSN port" add "119"
set group service "TVSN port" add "135"
set group service "TVSN port" add "1521"
set group service "TVSN port" add "1630"
set group service "TVSN port" add "1723"
set group service "TVSN port" add "1755"
set group service "TVSN port" add "21"
set group service "TVSN port" add "22"
set group service "TVSN port" add "23"
set group service "TVSN port" add "25"
set group service "TVSN port" add "3300"
set group service "TVSN port" add "3333"
set group service "TVSN port" add "37"
set group service "TVSN port" add "389"
set group service "TVSN port" add "445"
set group service "TVSN port" add "53"
set group service "TVSN port" add "5500"
set group service "TVSN port" add "554"
set group service "TVSN port" add "755"
set group service "TVSN port" add "8000"
set group service "TVSN port" add "8098"
set group service "TVSN port" add "8099"
set group service "TVSN port" add "DNS"
set group service "TVSN port" add "GOPHER"
set group service "TVSN port" add "H.323"
set group service "TVSN port" add "HTTP"
set group service "TVSN port" add "HTTPS"
set group service "TVSN port" add "L2TP"
set group service "TVSN port" add "LDAP"
set group service "TVSN port" add "MAIL"
set group service "TVSN port" add "PING"
set group service "TVSN port" add "POP3"
set group service "TVSN port" add "SNMP"
set group service "TVSN port" add "TELNET"
set group service "TVSN port" add "TFTP"
set group service "TVSNWB1"
set group service "TVSNWB1" add "1521"
set group service "TVSNWB1" add "1630"
set group service "TVSNWB1" add "21"
set group service "TVSNWB1" add "53"
set group service "TVSNWB1" add "80"
set group service "VIP"
set group service "VIP" add "110"
set group service "VIP" add "1521"
set group service "VIP" add "1630"
set group service "VIP" add "23"
set group service "VIP" add "25"
set group service "VIP" add "3300"
set group service "VIP" add "3333"
set group service "VIP" add "3389"
set group service "VIP" add "53"
set group service "VIP" add "80"
set group service "VIP" add "FTP"
set group service "VIP" add "FTP-Get"
set group service "VIP" add "FTP-Put"
set group service "VIP" add "HTTPS"
set group service "web3"
set group service "web3" add "1521"
set group service "web3" add "1630"
set group service "web3" add "1755"
set group service "web3" add "21"
set group service "web3" add "22"
set group service "web3" add "3389"
set group service "web3" add "554"
set group service "web3" add "8000"
set group service "web3" add "DNS"
set group service "web3" add "HTTP"
set group service "web3" add "HTTPS"
set group service "web3" add "MAIL"
set group service "web3" add "PING"
set group service "web3" add "POP3"
set scheduler "Wsus" recurrent sunday start 1:0 stop 4:0
set scheduler "Wsus" recurrent monday start 1:0 stop 4:0
set scheduler "Wsus" recurrent tuesday start 1:0 stop 4:0
set scheduler "Wsus" recurrent wednesday start 1:0 stop 4:0
set scheduler "Wsus" recurrent thursday start 1:0 stop 4:0
set scheduler "Wsus" recurrent friday start 1:0 stop 4:0
set scheduler "Wsus" recurrent saturday start 1:0 stop 4:0
set policy id 98 name "Nancy BJSB" from "Trust" to "Untrust"  "Nancy BJBS" "Any" "ANY" permit log count  
set policy id 98 disable
set policy id 43 from "Untrust" to "Trust"  "Dial-Up VPN" "Any" "ANY" tunnel l2tp "l2tp" log count  
set policy id 16 from "Trust" to "Untrust"  "Any" "L2TP VPN" "ANY" permit log count  
set policy id 16 disable
set policy id 31 from "Trust" to "Untrust"  "MAIL" "Any" "ANY" permit log count traffic gbw 0 priority 7 mbw 2000
set policy id 35 from "Trust" to "Untrust"  "EMAILBAP" "Any" "ANY" permit log count  
set policy id 52 from "Trust" to "Untrust"  "Mail fan la ji" "Any" "ANY" permit log count traffic gbw 0 priority 7 mbw 2000
set policy id 82 from "Trust" to "Untrust"  "192.168.110.43/32" "Any" "ANY" permit log count traffic gbw 0 priority 7 mbw 1024
set policy id 85 from "Trust" to "Untrust"  "192.168.101.169/32" "Any" "ANY" permit log count no-session-backup  
set policy id 86 from "V1-Trust" to "V1-Untrust"  "Any" "Any" "ANY" permit log count traffic gbw 0 priority 7 mbw 2000
set policy id 87 from "Untrust" to "Trust"  "Any" "VIP(ethernet3)" "ANY" permit log count  
set policy id 89 from "Trust" to "Untrust"  "192.168.110.48/32" "Any" "ANY" permit log count  
set policy id 90 from "V1-Untrust" to "V1-Trust"  "Any" "Any" "L2TP" permit log count  
set policy id 90
set service "PPTP"
exit
set policy id 91 from "Trust" to "Untrust"  "192.168.101.50/32" "Any" "ANY" permit log count traffic gbw 0 priority 7 mbw 2000
set policy id 92 from "Trust" to "Untrust"  "192.168.101.222/32" "Any" "ANY" permit log count  
set policy id 94 from "Trust" to "Untrust"  "192.168.101.16/32" "Any" "ANY" permit log count traffic gbw 0 priority 7 mbw 3000
set policy id 95 name "Jacob" from "Trust" to "Untrust"  "Jacob" "Any" "ANY" permit log count traffic gbw 0 priority 7 mbw 2000
set policy id 96 from "Trust" to "Untrust"  "Jacky-M Web" "Any" "ANY" permit log count traffic gbw 0 priority 7 mbw 512
set policy id 97 from "Trust" to "Untrust"  "192.168.101.150/32" "Any" "ANY" permit log  
set policy id 99 from "Trust" to "Untrust"  "Aaron" "Any" "ANY" permit log count traffic gbw 0 priority 7 mbw 512
set syslog config "192.168.101.168"
set syslog config "192.168.101.168" facilities local0 local0
set syslog config "192.168.101.168" log traffic
set syslog config "192.168.101.168" transport tcp
set syslog enable
set webtrends host-name "192.168.101.168"
set webtrends enable
set webtrends VPN
set log module system level emergency destination console
set log module system level alert destination console
set log module system level critical destination console
set log module system level error destination console
set log module system level warning destination console
set log module system level notification destination console
set log module system level information destination console
set log module system level debugging destination console
set log module system level error destination webtrends
set log module system level warning destination webtrends
set log module system level information destination webtrends
set log module system level debugging destination webtrends
set firewall log-self
set ssh version v2
set config lock timeout 5
set url message "Hi Donot open this url"
set url fail-mode permit
set ntp server "0.0.0.0"
set ntp server backup1 "0.0.0.0"
set ntp server backup2 "0.0.0.0"
set snmp community "public" Read-Write Trap-on  version any
set snmp host "public" 192.168.101.168 255.255.255.255 trap v1
set snmp host "public" 192.168.101.19 255.255.255.255 trap v1
set snmp host "public" 192.168.110.43 255.255.255.255 trap v1
set snmp host "public" 192.168.101.0 255.255.255.0  
set snmp location "406"
set snmp contact "holy.yuan@tvsn.com.cn"
set snmp name "netscreen25"
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
set enable-source-routing
unset add-default-route
set route  0.0.0.0/0 interface ethernet3 gateway 210.5.145.49
set route  192.168.110.0/24 interface ethernet1 gateway 192.168.101.251
set route  192.168.107.0/24 interface ethernet1 gateway 192.168.107.253 metric 2
exit 
阅读(6983) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~