biglab pictures added
This commit is contained in:
294
ne_expr_2/fw.txt.txt
Executable file
294
ne_expr_2/fw.txt.txt
Executable file
@ -0,0 +1,294 @@
|
||||
#
|
||||
sysname FW
|
||||
#
|
||||
l2tp domain suffix-separator @
|
||||
#
|
||||
authentication-profile name portal_authen_default
|
||||
#
|
||||
undo factory-configuration prohibit
|
||||
#
|
||||
undo telnet server enable
|
||||
undo telnet ipv6 server enable
|
||||
#
|
||||
clock timezone Beijing add 08:00:00
|
||||
#
|
||||
firewall packet-filter basic-protocol enable
|
||||
#
|
||||
update schedule location-sdb weekly Sun 22:42
|
||||
#
|
||||
firewall defend action discard
|
||||
#
|
||||
undo log type traffic enable
|
||||
log type syslog enable
|
||||
log type policy enable
|
||||
#
|
||||
undo dataflow enable
|
||||
#
|
||||
undo sa force-detection enable
|
||||
#
|
||||
banner enable
|
||||
#
|
||||
user-manage web-authentication security port 8887
|
||||
undo privacy-statement english
|
||||
undo privacy-statement chinese
|
||||
page-setting
|
||||
user-manage security version tlsv1.1 tlsv1.2
|
||||
password-policy
|
||||
level high
|
||||
user-manage single-sign-on ad
|
||||
user-manage single-sign-on tsm
|
||||
user-manage single-sign-on radius
|
||||
user-manage auto-sync online-user
|
||||
#
|
||||
firewall ids authentication type aes256
|
||||
#
|
||||
web-manager security version tlsv1.1 tlsv1.2
|
||||
web-manager enable
|
||||
web-manager security enable
|
||||
#
|
||||
firewall dataplane to manageplane application-apperceive default-action drop
|
||||
#
|
||||
dhcp enable
|
||||
#
|
||||
undo feedback type threat-log enable
|
||||
#
|
||||
update schedule ips-sdb daily 06:48
|
||||
update schedule av-sdb daily 06:48
|
||||
update schedule sa-sdb daily 06:48
|
||||
update schedule ip-reputation daily 06:48
|
||||
update schedule cnc daily 06:48
|
||||
update schedule file-reputation daily 06:48
|
||||
update schedule ext-url-sdb daily 06:48
|
||||
#
|
||||
disk-usage alarm threshold 95
|
||||
#
|
||||
ip vpn-instance default
|
||||
ipv4-family
|
||||
#
|
||||
time-range worktime
|
||||
period-range 08:00:00 to 18:00:00 working-day
|
||||
#
|
||||
ike proposal default
|
||||
encryption-algorithm aes-256 aes-192 aes-128
|
||||
dh group14
|
||||
authentication-algorithm sha2-512 sha2-384 sha2-256
|
||||
authentication-method pre-share
|
||||
integrity-algorithm hmac-sha2-256
|
||||
prf hmac-sha2-256
|
||||
#
|
||||
web-auth-server default
|
||||
port 50100
|
||||
#
|
||||
portal-access-profile name default
|
||||
#
|
||||
ip pool VLAN10_Staff
|
||||
gateway-list 192.168.10.254
|
||||
network 192.168.10.0 mask 255.255.255.0
|
||||
section 0 192.168.10.10 192.168.10.200
|
||||
dns-list 8.8.8.8
|
||||
#
|
||||
ip pool VLAN30_Guest
|
||||
gateway-list 192.168.30.254
|
||||
network 192.168.30.0 mask 255.255.255.0
|
||||
section 0 192.168.30.10 192.168.30.200
|
||||
dns-list 8.8.8.8
|
||||
#
|
||||
aaa
|
||||
authentication-scheme admin_ad
|
||||
authentication-scheme admin_ad_local
|
||||
authentication-scheme admin_hwtacacs
|
||||
authentication-scheme admin_hwtacacs_local
|
||||
authentication-scheme admin_ldap
|
||||
authentication-scheme admin_ldap_local
|
||||
authentication-scheme admin_local
|
||||
authentication-scheme admin_radius
|
||||
authentication-scheme admin_radius_local
|
||||
authentication-scheme default
|
||||
authorization-scheme default
|
||||
accounting-scheme default
|
||||
domain default
|
||||
service-type internetaccess ssl-vpn l2tp ike dot1x
|
||||
internet-access mode password
|
||||
reference user current-domain
|
||||
manager-user audit-admin
|
||||
password cipher $1a$<vT~V/>!YP$I6@T1:%^)Rhm%fM@2<B1Cmu1MT+mL:'{'CKfTQ;($
|
||||
service-type web terminal
|
||||
level 15
|
||||
|
||||
manager-user admin
|
||||
password cipher $1a$Y5J}3yr|ZQ$(02cA"\}B$#q*/JU(0=~6NSWS$)*n:}ex."SFDY<$
|
||||
service-type web terminal
|
||||
level 15
|
||||
|
||||
role system-admin
|
||||
role device-admin
|
||||
role device-admin(monitor)
|
||||
role audit-admin
|
||||
bind manager-user audit-admin role audit-admin
|
||||
bind manager-user admin role system-admin
|
||||
#
|
||||
interface MEth0/0/0
|
||||
undo shutdown
|
||||
ip binding vpn-instance default
|
||||
ip address 192.168.0.1 255.255.255.0
|
||||
service-manage http permit
|
||||
service-manage https permit
|
||||
service-manage ping permit
|
||||
#
|
||||
l2tp-group default-lns
|
||||
#
|
||||
interface GigabitEthernet0/0/0
|
||||
undo shutdown
|
||||
ip address 10.0.1.1 255.255.255.252
|
||||
#
|
||||
interface GigabitEthernet0/0/1
|
||||
undo shutdown
|
||||
ip address 10.0.2.2 255.255.255.252
|
||||
#
|
||||
interface GigabitEthernet0/0/2
|
||||
undo shutdown
|
||||
ip address 10.0.3.2 255.255.255.252
|
||||
#
|
||||
interface GigabitEthernet0/0/3
|
||||
undo shutdown
|
||||
#
|
||||
interface GigabitEthernet0/0/4
|
||||
undo shutdown
|
||||
#
|
||||
interface GigabitEthernet0/0/5
|
||||
undo shutdown
|
||||
#
|
||||
interface GigabitEthernet0/0/6
|
||||
undo shutdown
|
||||
#
|
||||
interface GigabitEthernet0/0/7
|
||||
undo shutdown
|
||||
#
|
||||
interface WAN0/0/0
|
||||
undo shutdown
|
||||
#
|
||||
interface WAN0/0/1
|
||||
undo shutdown
|
||||
#
|
||||
interface XGigabitEthernet0/0/0
|
||||
undo shutdown
|
||||
#
|
||||
interface XGigabitEthernet0/0/1
|
||||
undo shutdown
|
||||
#
|
||||
interface Virtual-if0
|
||||
#
|
||||
interface NULL0
|
||||
#
|
||||
firewall zone local
|
||||
set priority 100
|
||||
#
|
||||
firewall zone trust
|
||||
set priority 85
|
||||
add interface GigabitEthernet0/0/0
|
||||
add interface MEth0/0/0
|
||||
#
|
||||
firewall zone untrust
|
||||
set priority 5
|
||||
add interface GigabitEthernet0/0/1
|
||||
add interface GigabitEthernet0/0/2
|
||||
#
|
||||
firewall zone dmz
|
||||
set priority 50
|
||||
#
|
||||
api
|
||||
#
|
||||
ospf 1 router-id 6.6.6.6
|
||||
area 0.0.0.0
|
||||
network 10.0.1.0 0.0.0.3
|
||||
network 10.0.2.0 0.0.0.3
|
||||
network 10.0.3.0 0.0.0.3
|
||||
#
|
||||
undo icmp name timestamp-request receive
|
||||
undo icmp name timestamp-reply receive
|
||||
undo icmp type 17 code 0 receive
|
||||
undo icmp type 18 code 0 receive
|
||||
#
|
||||
undo ssh server compatible-ssh1x enable
|
||||
ssh authentication-type default password
|
||||
ssh server cipher aes256_ctr aes128_ctr
|
||||
ssh server hmac sha2_256 sha1
|
||||
ssh client cipher aes256_ctr aes128_ctr
|
||||
ssh client hmac sha2_256 sha1
|
||||
ssh server dh-exchange min-len 2048
|
||||
#
|
||||
firewall detect ftp
|
||||
#
|
||||
v-gateway ssl-renegotiation-attack defend enable
|
||||
#
|
||||
user-interface con 0
|
||||
authentication-mode aaa
|
||||
user-interface vty 0 4
|
||||
authentication-mode aaa
|
||||
protocol inbound ssh
|
||||
user-interface vty 16 20
|
||||
#
|
||||
pki realm default
|
||||
#
|
||||
sa
|
||||
#
|
||||
location
|
||||
#
|
||||
multi-interface
|
||||
mode proportion-of-weight
|
||||
#
|
||||
right-manager server-group
|
||||
#
|
||||
IoT
|
||||
#
|
||||
network-scan
|
||||
network-scan timeout per-asset 300
|
||||
network-scan timeout entire-scan 23
|
||||
conflict-resolve override
|
||||
#
|
||||
device-classification
|
||||
device-group pc
|
||||
device-group mobile-terminal
|
||||
device-group undefined-group
|
||||
#
|
||||
user-manage server-sync tsm
|
||||
#
|
||||
security-policy
|
||||
default action permit
|
||||
rule name t2ut
|
||||
source-zone trust
|
||||
destination-zone untrust
|
||||
source-address 192.168.0.0 mask 255.255.0.0
|
||||
action permit
|
||||
#
|
||||
auth-policy
|
||||
#
|
||||
traffic-policy
|
||||
#
|
||||
policy-based-route
|
||||
#
|
||||
nat-policy
|
||||
rule name t2ut
|
||||
source-zone trust
|
||||
destination-zone untrust
|
||||
source-address 192.168.0.0 mask 255.255.0.0
|
||||
action source-nat easy-ip
|
||||
#
|
||||
proxy-policy
|
||||
#
|
||||
quota-policy
|
||||
#
|
||||
pcp-policy
|
||||
#
|
||||
dns-transparent-policy
|
||||
mode based-on-multi-interface
|
||||
#
|
||||
rightm-policy
|
||||
#
|
||||
decryption-policy
|
||||
#
|
||||
flow-probe-policy
|
||||
#
|
||||
mac-access-profile name mac_access_profile
|
||||
#
|
||||
return
|
||||
Reference in New Issue
Block a user