[问题求助]我公司,办工网络中 NetScreen 的配置, get config [复制链接]

上一主题下一主题查看指定楼层

离线cnyunxi.

初中三年级

发帖: 2005

C币: -199214

威望: 392

贡献值: 1

银元: -3

铜钱: 4545

人人网人气币: 0

只看楼主倒序阅读使用道具楼主发表于: 2009-05-01

F.ireWall->; get config           鲜花
Total Config si.ze 16887:电影
set au.th-server "Local". id 0--------------彩票
set auth-server "Local" .server-name ."Local"服务器
set auth default auth s.erver ".Local"服务器
set clock dst-o.ff服务器
set clock ntp
set cl.ock "timezone" 8.
set admin format do.s           鲜花
set. admin name "chinagdn"--------------彩票
set admin .password nLkbCnrtHQZDcN6D8sOO.vTLtLjDRRn             电子
set admin port 55.80.
set admin. telne.t port 5523.
set. admin scs port 5522    美容
set a.dmin auth timeout 30(广告)
set ad.min auth server ."Local"服务器
unset log module system .level emergency. destination email<性病>
u.nset log module system level alert destination. email健康
unset log module s.ystem level critical destination ema.il虚拟主机
unset log module system le.vel notification destination emai.l外贸
un.s.et log module system level debugging destination syslog(广告)
unset log. module. system level emergency destination webtrends虚拟主机
unset log module syst.em level alert destination. webtrends    外汇
--- more ---
unset log modu.le system level critical de.stination webtrends           鲜花
unse.t log module system level notification destination web.trends教育
unse.t log module system level emergency destination global-.pro.
unset log module system level .alert destinatio.n global-pro           建材
unset log module s.ystem level critical dest.ination global-pro--- 印刷
unset log mo.dule system level error destination global.-pro              乙肝
unset log mod.ule system lev.el warning destination global-pro.
unset log module system level no.tification destination .global-pro教育
unset log module system level information. destination g.lobal-pro教育
un.set log module system level debugging desti.nation global-pro            杀毒
unset log mod.ule system level emergency destination onesecu.re              乙肝
unset log module system level alert desti.nation on.esecure.
unset log module system level critic.al destination ones.ecure           鲜花
unset log module sy.stem level error destination o.nesecure           女人
unset. log module s.ystem level warning destination onesecure              乙肝
u.nset log module system level notification destinati.on onesecure              乙肝
unset log modul.e system level information destination onesec.ure    健康
unset log module system le.ve.l debugging destination onesecure.
unse.t log module system level emergency destinatio.n pcmcia(广告)
un.set log. module system level alert destination pcmcia           女人
unset log module system level critica.l destina.tion pcmcia.
uns.et log module system level error de.stination pcmcia             汽车
--- more ---
unset log module .s.ystem level warning destination pcmcia--- 印刷
unset log module system level not..ification destination pcmcia.
unset log module syste.m le.vel information destination pcmcia    健康
unset log module syste.m level debugging destination p.cmcia<性病>
set service "135-139(T./U)" group "other" tcp  src 0-65535 dst 1.35-139电脑
set serv.ice "135-139(T/U)" + udp  src 0-65535 dst 135-1.39           女人
set service "445." group "other" tcp  src 0-65535 dst .445-445(广告)
set .service "445" + udp  s.rc 0-65535 dst 445-445.
set service "bt" .group ."other" tcp  src 1024-65535 dst 6881-6999电脑
set .service "bt" + tcp  src 1024-65535 ds.t 6969-6969          婚庆
set service "HT.TP" timeou.t 5健康
set service "Klogin" pr.otocol tcp s.rc-port 0-65535 .dst-port 543-543 group "other"教育
set service "TermServ" protocol tcp src-port 0-65535 .dst-port 338.9-3389 g.roup "other"[成人用品]
set service "37.20" protocol udp src-.port 1024-65535 dst-port 3720-3720 group ".other"              乙肝
set serv.ice "14899." pr.otocol tcp src-port 0-65535 dst-port 14899-14899 group "other".
set service "eMule" protocol tcp src-port 1..024-65535 dst-port 4661-4662 group. "other"学习
set service "2019UDP" protoc.ol udp src-por.t 0-65535 dst-port 2019-2019 gro.up "other"电影
set service "1.776" prot.ocol udp src-port 0-65.535 dst-port 1776-1776 group "other".
set service "vnc" protocol tcp src-port .1024-6553.5 dst-p.ort 5900-5900 group "other"虚拟主机
set service "8014" protocol udp sr.c-port 1024-65535 dst.-port 8.014-8014 group "other".
set se..rvice "9988" protocol tcp src-po.rt 1024-65535 dst-port 9988-9988 group "other".
set ser.vice "5060." protocol udp src-port 1024-65535 dst-port 5060-5060 .group "other"
--- more ---
set s.ervice "61" protocol udp src-port 10.24-65535 dst-port 61-61. timeout never group "other"              乙肝
set service "62" protocol udp src-p.ort 1024-65535 dst-port 62.-62 group "o.ther"健康
set service "tmp" protoco.l tcp .src-port 1.024-65535 dst-port 8001-65535 group "other"投资
set vrout.er trust-vr shara.ble.
s.et vrouter "trust-.vr" auto-route-export    健康
set zone ".Trust" vrouter "trust.-vr"    外汇
set zone "Untrust" vrouter "untr.ust-vr."(广告)
s.et zone "DMZ" vroute.r "trust-vr"          婚庆
set zone ..id 100 "ChinaGDN"投资
set zone "Ch.ina.GDN" vrouter "trust-vr".
set zone id 101 "Chi..naUIP"服务器
s.e.t zone "ChinaUIP" vrouter "trust-vr"             汽车
set zone "Tru.st" tcp-rst           鲜花
unset zone "Untrust". blo.ck.
unset .zone "Untrust" .tcp-rst    美容
set zone "DMZ" tcp-rst.            杀毒
set zone "MGT" bl.ock.
set zone ".MGT" tcp-rst.
set zone "China.GDN". tcp-rst电脑
set zone "Chin..aUIP" tcp-rst电影
set zone Trust. s.creen icmp-flood.
set.. zone Trust screen udp-flood.
--- more ---
set zone Trust s..creen winnuke.
set zone Trust scr.ee.n port-scan虚拟主机
set zone Trust screen ip..-sweep.
set zone Trust screen .t.ear-drop            杀毒
set zone Trust. scree.n syn-flood.
set zon.e Trust. screen ip-spoofing.
set zone .Trust screen ping-de.ath    美容
set zone Trust screen.. land.
set zone Trust screen. s.yn-frag(        游戏          )
set zone Trust screen tcp.-no-fl.ag             电子
se.t zone Tru.st screen unknown-protocol.
set zone .Trust screen i.cmp-fragment           鲜花
set. zone Trust s.creen icmp-large    美容
set zone .Tr.ust screen syn-fin--- 印刷
set zone Trust s.creen f.in-no-ack    外汇
set zone Trust screen limit-session so.urce-ip-base.d<性病>
set zon.e Trust. screen syn-ack-ack-proxy虚拟主机
set zon.e Tru.st screen block-frag.
set zone Untrust screen .icmp-.flood           女人
set zone Untru.st screen udp-flood.电脑
set zon.e Untrust sc.reen winnuke
set zone Untru.st screen port-sc.an外贸
--- more ---
set z.one U.ntrust screen ip-sweep.
set z.one Unt.rust screen tear-drop(广告)
set zone U.ntr.ust screen syn-flood.
set zone Untrust s.cre.en ip-spoofing[成人用品]
set zone Untrust screen. pi.ng-death--- 印刷
set zon.e Untrust screen ip-.filter-src学习
set .zone Untrust .screen land域名
set. zone Untrust scree.n syn-frag
set zone Untrust screen .tcp.-no-flag--- 印刷
set zone Unt.rust screen unknown-p.rotocol[成人用品]
set zone Untrust .screen icmp-fragmen.t    健康
se.t zone Untrust .screen icmp-large[成人用品]
set zone Untrust screen. syn-.fin健康
set zone Untrus.t screen. fin-no-ack.
set zone Untrus.t s.creen limit-session source-ip-based.
set zone Untrust scr..een syn-ack-ack-proxy.
set zone Unt.rust screen bloc.k-frag.
set. zone V1-Untrust screen. tear-drop.
s.et .zone V1-Untrust screen syn-flood域名
set zone. V1-Untrust sc.reen ping-death[成人用品]
s.et zone V1-Untrust screen ip-filter-s.rc.
set zone V1.-Untrust scree.n land           女人
--- more ---
set zone ChinaGDN scre.en .icmp-flood投资
set z.one ChinaGDN screen u.dp-flood           鲜花
set zone ChinaGDN scr.een winn.uke    健康
set zone ChinaGDN. scr.een port-scan.
set zone ChinaGDN scr.een i.p-sweep.
s.et zo.ne ChinaGDN screen tear-drop虚拟主机
set zone. China.GDN screen syn-flood            杀毒
s.et zone ChinaGDN screen ip-spoo.fing.
set ..zone ChinaGDN screen ping-death.
set zone ChinaGDN. screen .land学习
set. z.one ChinaGDN screen syn-frag           鲜花
set zone ChinaGDN screen .tcp.-no-flag             汽车
set zone ChinaGDN screen unknown-p.r.otocol外贸
set zone ChinaGD.N screen icmp-fr.agment<性病>
set zone C.hinaGDN screen icmp-.large教育
s.et zone ChinaGDN screen syn-fi.n    美容
set zone ChinaGDN s.creen fi.n-no-ack--- 印刷
set zone ChinaGDN screen limit.-sessi.on source-ip-based(广告)
set zone Ch.inaGDN scre.en syn-ack-ack-proxy.
s.et zone ChinaGDN screen .block-frag    健康
set zone Tr.ust screen l.imit-session source-ip-based 256           建材
s.et zone Unt.rust screen limit-session source-ip-based 64              乙肝
--- more ---
set zone Untrus.t screen limit-session destination-ip-b.ased 256.
set. zone Trust screen syn-a.ck-ack threshold 256            杀毒
se.t zone Untrust screen syn-ack-ack threshold. 256.
set .zone ChinaGDN screen syn-ack-ack threshold. 256             电子
set interface "ethernet.1" zone "C.hinaGDN"服务器
set .interface "ethernet2" zone. "ChinaUIP".
set interface "ethernet3" zo.ne "Null".电影
set i.nterface ".ethernet4" zone "Untrust".
unset interface .vlan1 ip电影
s.et interface ethernet1 ip 192.168.100.254/24.          婚庆
set. interface ethern.et1 route.
set interfa.ce eth.ernet2 ip 192.168.2.254/24教育
se.t interface ethernet.2 route.
set interface ethernet4 ip 219..137.13..2/24.
set interface .etherne.t4 route电影
unset interfa.ce vlan1 bypass-others-.ipsec.
unset interf.ace vl.an1 bypass-non-ip[成人用品]
set interface vlan1 ip man.ageabl.e健康
set inter.face ethe.rnet1 ip manageable    外汇
set i.nterface e.thernet2 ip manageable.
set inte.rface et.hernet4 ip manageable    外汇
set interface e.th.ernet1 manage ping(广告)
--- more ---
set interface ethernet1 .manage sc.s.
set .interface. ethernet1 manage telnet(        游戏          )
set .interface ethernet1 manage sn.mp             电子
set interface e.thernet1 ma.nage ssl.
set interf.ace et.hernet1 manage web             汽车
set interface ethernet2 m.a.nage ping[成人用品]
set interface ethernet2 mana.ge s.cs           建材
set interface et.hernet2 manage te.lnet--------------彩票
set in.terface ethernet2 mana.ge snmp服务器
set interface etherne.t2 .manage ssl    健康
se.t interfa.ce ethernet2 manage web.
set interface et.hernet4 manage p.ing--------------彩票
set .inte.rface ethernet4 manage scs
set interface ethernet4 vip 219.137.13.6 110 "OP3" 192.168.100.33 manualhttp://upload.bbs.csuboy.com/Mon_1004/126_6881_4f4b5a14d6d2379.gif[/img](广告)
set interface "ethernet4" v.ip 219..137.13.6 + 14899 "14899". 192.168.100.36 manual    外汇
set interface "ethernet4" vip .219.137.13.6 + .9389. "TermServ" 192.168.100.36 manual              乙肝
set interface ".ethernet4" vip 219.137..13.6 + 25 "MAIL." 192.168.100.33 manual投资
se.t interface "ethernet4" vip 219.13.7.1.3.6 + 80 "HTTP" 192.168.100.33 manual
se.t interface "ethernet4". vip 219.137..13.6 + 7683 "TermServ" 192.168.100.12 manual    美容
set interface "ethernet4" vip 219.1.37.1.3.6 + 1983 "TermServ" 192.168.100.81.
set interface "ethernet4" .vip 219.137.13.6 + 1.986 "FTP" 192.168.100.81--- 印刷
s.et interface ethernet4 v.ip 219.137.13.5 3389 "TermServ" 19.2.168.100.252 manual投资
--- more ---
set in.terface "ethernet4" vip 219.137.13.5. + 8088 "vnc" 192.168.100.88.
set interface "ethernet4" vip 219.137.13.5 + 50.60 "5060" 192.168.100.82..
set interface "ethernet4" vip. 219.137.13.5 + 8001 "tm.p" 1.92.168.100.252 manual.
set interf.ace "ethernet4" vip 219.137.13..5 + 61 "61" 192.168.100.82服务器
set interface "ethernet4" .vip .219.137.13.5 + 62 "62" 192.168.100.82.
set interface ethernet4 vip 219.1.37.13.4 3389 "TermServ" 192.168.1.00.22           女人
set i.nterface. "ethernet4" vip 219.137.13.4 + 80 "HTTP" 192.168.100.30(        游戏          )
set interface "ethernet4." vip 219.137.13.4 + 21 "FTP" 192.168.10.0.30          婚庆
set interface "ethernet4" vip 219.137.13.4 .+ 3720 "372.0" 192.168.100.30(广告)
set interface ."ethernet4" vip 219.137.13..4 + 1234 "TermServ" 192.168.100.30           建材
set interf.ace "ethernet4" vip 219.137.13.4 + 80.14 "8014" 192.168.100.30           鲜花
set .interface "ethernet4" vip 219.137.13.4 + 9988 "9988" 192.168.100..30健康
set interface "ethernet4" mip 219..137.13.8 host 192.168.200.253 netmask 255.255..255.255 vr "tr.ust-vr".
set interfa.c.e ethernet4 dip 4 219.137.13.7 219.137.13.7.
s.et console timeout 0.
set host.name FireWall(广告)
se.t n.tp server "time.windows.com".
set ntp i.nterval 1440          婚庆
set address "Trust" "192.168.1.00.252/24" 192.168.100.252 255.255.255..0.
set addre.ss "Untru.st" "192.168.100.118/32" 192.168.100.118 255.255.255.255           建材
set a.ddress "Untrust" "192.168.100.227/32" 192.168.100.227 2.55.255.255.255虚拟主机
se.t address "Untrust" "202.103.160.30/32" 202.103..160.30 255.255.255.255           鲜花
--- more ---
set address ".Global" "192.168.100.118/32" 192.168.100..118 255.255.255.255电脑
s.et address "Global" "2.19.137.13.5/255.255.255.255" 219.137.13.5 255.25.5.255.255[成人用品]
set address "Global" "219.137.13.7/255..255.25.5.255" 219.137.13.7 255.255.25.5.255.
set address "ChinaGDN" "1" .192.168.100.0 255.255.255..192投资
set address "ChinaGDN" "192..168.100.118/32" 192.1.68.100.118 255.255.255.255.
set address "ChinaGDN" "192.168.100.19/32" 192.168.100.1.9 .255.255.255.255学习
set address "ChinaGDN" "192.168.100.227/32" 192.168.100.227 255.255.255.2.5.5    外汇
set address "ChinaGDN" "192.16.8.100.70/32" 192.16.8.100.70 255.255.255.255.
set addr.ess "China.GDN" "192.168.100.81/255.255.255.255" 192.16.8.100.81 255.255.255.255.
set address "ChinaGDN" "192.168.100.86/255.2.55.255.255" 192.168..100.86 255.255.255.25.5.
set address "ChinaGDN" "192.16.8.100.88/32" 192.168.100.88 255.255..255.255健康
se.t address "ChinaGDN" "192.168.100.94/32" 192.168.100.94 2.55.255.255.255教育
set addr.ess "ChinaGDN" "192.1.68.100.9.9/255.255.255.255" 192.168.100.99 255.255.255.255          婚庆
set .address "ChinaGDN" "2" 192.168.100.64 25.5.255.255.192(        游戏          )
set address "ChinaGDN". "202.103.160.30/32" 202.10.3.160.30 255.255.255.255          婚庆
set address ."ChinaGDN" "3" 192.168.100..128 255.255.255.192--------------彩票
set address "ChinaGDN" "4" 192.168.100..192 255..255.255.192           女人
set addre.ss "ChinaUIP" "192.168.200.0/.255.255.255.0" 192.168.200.0 255..255.255.0           建材
set address "C.hinaUIP" "192.168.200.19/32" 192.168.200..19 255.255.255.255           女人
set address "ChinaUIP" "192.168.200.2.34/255.255.255.255." 192..168.200.234 255.255.255.255    美容
set address "ChinaUIP" "192.168.200..234/32" 192.168.200.234 255..255.255.255.
set address "ChinaU.IP" "19.2.168.200.253/32" 192.168.200.253 255.255.255.255           鲜花
--- more ---
set address "ChinaUIP" ".192.168.200.5.6/32" 192.168.200.56 255.255.255.255          婚庆
set .snmp community "zhenglian" Read.-Only Trap-on traffic    外汇
se.t snmp host "zhenglian" 192.168.100.0 255.255.255.0.投资
set snmp community "chinauip" .Read-Only Trap-on traffi.c
set snmp host "chinauip" 192..168.200.0 255.255.255..0健康
set snmp .host "chinauip" 192.168.2.0 2.55.255.255.0             汽车
set snmp name "FireWa.ll"虚拟主机
set gro.u.p address "Trust" "234"             电子
set group. address "ChinaGDN." "234"虚拟主机
set group address "ChinaGDN" .."234" add "2"外贸
set group address "ChinaGDN" ".23.4" add "3"外贸
set group address "ChinaGDN" "234." a.dd "4"虚拟主机
s.e.t group service "Blocked"           女人
set group .servi.ce "Blocked" add "135-139(T/U)"           鲜花
set group service "Blocked" add .."445"    美容
set group s.ervice "Allow"学习
set .group se.rvice "Allow" add "HTTP"             电子
set grou.p service "Allow." add "HTTPS"[成人用品]
set group serv.ice "Allow". add "IMAP"教育
set group. service "All.ow" add "MAIL"学习
set group service "Allow" add "C-Anywhere"http://upload.bbs.csuboy.com/Mon_1004/126_6881_4f4b5a14d6d2379.gif[/img].
set group service "Allow" add "OP3"http://upload.bbs.csuboy.com/Mon_1004/126_6881_4f4b5a14d6d2379.gif[/img]--------------彩票
--- more ---
set gro.up service "Allow" add ".135-139(T/U)"           女人
set group service "Allo.w" add "T.ermServ"           鲜花
set gr.oup serv.ice "Allow" add "bt"           鲜花
set group serv.ic.e "Allow" add "3720"教育
set gro.up servi.ce "Allow" add "FTP"(广告)
set group se.rvice ."Allow" add "FTP-Get".
set group service "Allow." add "F.TP-Put"电影
set group service "Allow" .add "14.899"              乙肝
set group service. "2.53block"           鲜花
set group service "253block" add "OP3"http://upload.bbs.csuboy.com/Mon_1004/126_6881_4f4b5a14d6d2379.gif[/img]投资
set group service ".253block" add. "MAIL"--- 印刷
s.et group service ."253block" add "IMAP"健康
set ippool ."VPN-.Pool" 10.10.10.10 10.10.10.10服务器
set user "vpnuse.r" uid 2    健康
set user. "vpnuser" type  l2t.p    外汇
set use.r ".vpnuser" remote ippool "VPN-Pool"             汽车
set user "vpnus.er" passwor.d "12345678"--- 印刷
unse.t user "vpnuse.r" type auth外贸
set. user "vp.nuser" "enable"<性病>
set ike policy-.checking            杀毒
set ike. respond-bad-spi 1    健康
set ike id-mode subnet.服务器
--- more ---
set .xauth lifetime 480健康
set xauth defaul.t auth server Loc.al          婚庆
set vpn-group. id 1--- 印刷
set l2tp default ippool "VP.N-Pool".
set l2tp de.fa.ult ppp-auth chap.
set l2tp "vpntunnel". id 1 outgoing-interface eth.ernet4 keepalive 30--------------彩票
set l2tp "vpntunn.el" remote-setting ippool. "VPN-Pool"<性病>
se.t l2tp "vpnt.unnel" auth server "Local" user "vpnuser"           鲜花
set policy id 13 name "Created by po.licy wizard" from "Trust" to "Untrus.t"  "Any" "Any" "ANY" .Permit            杀毒
set policy id 3.4 from "ChinaUIP" to "Untrust".  "192.168.200.234./32" "Any" "ANY" Deny外贸
set policy. id 34 disable.
set policy id 12 from "Chin.aUIP" to "Untrust"  "192.168.200.56/32" "Any" "AN.Y" Deny log no-s.ession-backup.
set policy id 12 di.sable.
set policy id 15 from "ChinaUIP" to "U.ntrust".  "Any" "Any" "bt" nat dip-id 4 Deny log traffic gbw .0 priority 0 mbw 256学习
set policy id 35 from "ChinaUIP" to "Untrust".  "Any." "Any" "eMule" Deny.
set pol.icy id 1 from "ChinaUIP" to "Untrust".  "Any" "Any" "ANY" nat dip-id 4 Permit count no-session-backup traffic gbw 0. priority 7 mbw 2.048投资
set policy id 8 from "Untrust" to "Global" . "Any" "Any" "Blocked" Deny log no.-session-back.up<性病>
set policy id 4 name "From Untru.st To .Global" from "Untrust" to "G.lobal"  "Any" "Any" "ANY" Permit count no-session-backup服务器
set policy id 11 from "Untrust". to .."ChinaUIP"  "Any" "192.168.200.253/32" "253block" Deny no-session-backup外贸
set policy id 18 from "ChinaGDN" to "Un.t.rus.t"  "Any" "Any" "bt" nat dip-id 4 Deny(        游戏          )
set policy id 36 from "Chi.naGDN" to "U.ntrust"  "Any" "Any" "eMule" Deny域名
set policy id 2 from "ChinaGDN" to "Untrust"  "Any" "Any" "A.NY." nat dip-id 4 Permit count no-session-ba.ckup traffic gb.w 0 priority 0 mbw 2048.
--- more ---
set .policy id 9 from "Untrust" to "ChinaUIP"  "Dial-Up VPN" "Any" "ANY" Tunnel l2tp "vpntun.nel" no-session.-backup.
set syslog config "192.16.8.100.22" "local7" "local7". "info"(        游戏          )
set syslog config "192.168.200..2.33" "local7" "local7" "info".
set syslog enab.le           女人
set syslog traff.ic             电子
unset global-pro policy-manager primary o.utg.oing-interface    外汇
unset global-pro po.licy-manager secondary outgoing-interf.ace           女人
set scs enable
set pki authori.ty defa.ult scep ca-cgi "123"    健康
set pki. authority defau.lt scep ra-cgi "123".
set pki authority defa.ult. scep ca-id "123"             电子
set p.ki authorit.y default scep challenge "123"            杀毒
set p.ki au.thority default scep mode "auto"            杀毒
set pki x509 default cert-p.ath partia.l投资
set .pki x.509 dn name "namesake"<性病>
set pki x509 dn email "namesa.ke@chinagd.n.com"电脑
set. ssl port 5443<性病>
set ssl .encrypt 3des sha-.1虚拟主机
set dns host dns1 2.02.9.6.128.68.
set dns host dns.2 202.96.1.34.133[成人用品]
set vrouter. "untrust-vr"--------------彩票
set. route  0.0.0.0/0 interface ethernet4 gateway 219.137..13.1             汽车
--- more ---
exit
set .vrouter "trust-vr"外贸
set. preference ebgp 250域名
set preferen.ce ibgp 40.
u.nset add-default-route            杀毒
set route  192.168.200.0/24 i.nterfac.e ethernet2 gateway 192.168.2.1虚拟主机
set ro.ute 0.0.0.0/0 vrout.er "untrust-vr"外贸
exit
FireWall->;