SSG 140 Example Configure

unset key protection enable
set clock timezone -6

set clock dst recurring start-weekday 2 0 3 02:00 end-weekday 1 0 11 02:00
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
exit
set service "NTP" timeout 120
set service "http_81" protocol tcp src-port 1024-65535 dst-port 81-81
set service "as2" protocol tcp src-port 1024-65535 dst-port 8020-8020
set service "VPN" protocol tcp src-port 0-65535 dst-port 47-47
set service "IMAP SSL" protocol tcp src-port 0-65535 dst-port 993-993
set service "AS2(8010)" protocol tcp src-port 0-65535 dst-port 8010-8010
set service "SMTP Alter" protocol tcp src-port 0-65535 dst-port 587-587
set service "AS28030" protocol tcp src-port 0-65535 dst-port 8030-8030
set service "HTTPS(8443)" protocol tcp src-port 0-65535 dst-port 8443-8443
set service "HTTP (8080)" protocol tcp src-port 0-65535 dst-port 8080-8080
set service "ServerVNC" protocol udp src-port 0-65535 dst-port 5900-5900
set service "RDP" protocol tcp src-port 0-65535 dst-port 3389-3389
set service "https_8043" protocol tcp src-port 0-65535 dst-port 8043-8043
set service "rdp_3390" protocol tcp src-port 0-65535 dst-port 3390-3390
set service "ESX Mamage" protocol tcp src-port 0-65535 dst-port 902-902
set service "ESX Mamage" + udp src-port 0-65535 dst-port 902-902
set service "eG Monitor" protocol tcp src-port 0-65535 dst-port 7077-7077
set service "up.time" protocol tcp src-port 9999-9999 dst-port 9999-9999
set service "49754" protocol tcp src-port 0-65535 dst-port 49754-49754
set service "HTTP/HTTPS" protocol tcp src-port 0-65535 dst-port 80-80
set service "HTTP/HTTPS" + tcp src-port 0-65535 dst-port 443-443
set service "smtp.com" protocol tcp src-port 0-65535 dst-port 2525-2525
set service "444(https)" protocol tcp src-port 0-65535 dst-port 444-444
set service "Puerto 49754" protocol tcp src-port 0-65535 dst-port 49754-49754
set alg appleichat enable
unset alg appleichat re-assembly enable
set alg sctp enable
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set auth radius accounting port 1646
set admin name "netscreen"
set admin password "nDduOrrCG0dPcRjESssLpaMttoOoOn"
set admin user "joel.hernandez" password "nAcVAXrIM4yIcQXIwsNN1pDtgLAgtn" privilege
"all"
set admin port 8080
set admin access attempts 2
set admin access lock-on-failure 3
set admin ssh port 2200
set admin scs password disable username joel.hernandez
set admin http redirect
set admin mail alert
set admin mail server-name "mail.ateb.com.mx"
set admin mail traffic-log
set admin auth web timeout 0
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone id 100 "Untrust-VW"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
unset zone "V1-Trust" tcp-rst
unset zone "V1-Untrust" tcp-rst
set zone "DMZ" tcp-rst
unset zone "V1-DMZ" tcp-rst
unset zone "VLAN" tcp-rst
set zone "Untrust-VW" block
unset zone "Untrust-VW" tcp-rst
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "ethernet0/0" zone "Null"
set interface "ethernet0/4" zone "Untrust"
set interface "ethernet0/5" zone "Trust"
set interface "ethernet0/6" zone "Untrust-VW"
set interface "ethernet0/7" zone "Untrust"
set interface "bgroup0/0" zone "Trust"
set interface "bgroup0/1" zone "Untrust"
set interface "bgroup0/2" zone "DMZ"
set interface "tunnel.1" zone "Trust"
set interface bgroup0/0 port ethernet0/0
unset interface vlan1 ip
set interface ethernet0/4 ip 187.174.155.114/28
set interface ethernet0/4 route
set interface bgroup0/0 ip 192.168.1.100/24
set interface bgroup0/0 nat
set interface bgroup0/1 route
set interface bgroup0/2 route
set interface tunnel.1 ip unnumbered interface bgroup0/0
set interface ethernet0/4 mtu 1280
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet0/4 ip manageable
unset interface ethernet0/5 ip manageable
unset interface ethernet0/6 ip manageable
set interface ethernet0/7 ip manageable
set interface bgroup0/0 ip manageable
set interface ethernet0/4 manage ping
set interface ethernet0/4 manage ssh
set interface ethernet0/4 manage snmp
set interface ethernet0/4 manage ssl
unset interface ethernet0/5 manage ping
unset interface ethernet0/5 manage ssh
unset interface ethernet0/5 manage telnet
unset interface ethernet0/5 manage snmp
unset interface ethernet0/5 manage ssl
unset interface ethernet0/5 manage web
set interface ethernet0/6 manage telnet
set interface ethernet0/7 manage ssh
unset interface bgroup0/0 manage telnet
set interface bgroup0/1 manage ssh
set interface bgroup0/1 manage snmp
set interface bgroup0/1 manage ssl
set interface bgroup0/2 manage ssh
set interface bgroup0/2 manage snmp
set interface bgroup0/2 manage ssl
set interface bgroup0/2 manage web
set interface vlan1 manage mtrace
set interface bgroup0/1 vip 200.57.180.162 443 "HTTPS(8443)" 192.168.1.102
set interface bgroup0/1 vip 200.57.180.162 + 80 "HTTP" 192.168.1.102
set interface bgroup0/1 vip 200.57.180.162 + 21 "FTP" 192.168.1.102
set interface bgroup0/1 vip 200.57.180.162 + 3389 "RDP" 192.168.1.102
set interface bgroup0/1 vip 200.57.180.163
set interface bgroup0/1 vip 200.57.180.164 80 "HTTP" 10.10.10.10 manual
set interface bgroup0/1 vip 200.57.180.164 + 443 "HTTPS(8443)" 10.10.10.10 manual
set interface bgroup0/1 vip 200.57.180.164 + 3389 "RDP" 10.10.10.10 manual
set interface bgroup0/1 vip 200.57.180.165 80 "HTTP" 10.10.10.11
set interface bgroup0/1 vip 200.57.180.165 + 443 "HTTPS" 10.10.10.11
set interface bgroup0/1 vip 200.57.180.166 443 "HTTPS" 10.10.10.1 manual
set interface ethernet0/4 vip 187.174.155.115 80 "HTTP" 10.10.10.40 manual
set interface ethernet0/4 vip 187.174.155.115 + 443 "HTTPS" 10.10.10.40 manual
set interface ethernet0/4 vip 187.174.155.115 + 444 "444(https)" 10.10.10.32
set interface ethernet0/6 vip 10.149.65.58 80 "HTTP" 10.10.10.11
set interface ethernet0/6 vip 10.149.65.58 + 443 "HTTPS" 10.10.10.11
set interface ethernet0/4 vip 187.174.155.117 + 443 "HTTPS(8443)" 10.10.10.10
manual
set interface ethernet0/4 vip 187.174.155.117 + 81 "http_81" 10.10.10.11
set interface ethernet0/4 vip 187.174.155.117 + 123 "NTP" 10.10.10.17
set interface ethernet0/4 vip 187.174.155.117 + 843 "843" 10.10.10.10 manual
set interface ethernet0/4 vip 187.174.155.117 + 82 "82" 10.10.10.11
set interface ethernet0/4 vip 187.174.155.118 81 "http_81" 10.10.10.11
set interface ethernet0/4 vip 187.174.155.118 + 80 "HTTP" 10.10.10.11
set interface ethernet0/4 vip 187.174.155.118 + 8010 "AS2(8010)" 10.10.10.61
set interface ethernet0/4 vip 187.174.155.119 80 "HTTP" 10.10.10.11
manual
set interface ethernet0/4 vip 187.174.155.120 + 443 "HTTPS" 10.10.10.19 manual
set interface ethernet0/4 vip 187.174.155.120 + 81 "http_81" 10.10.10.19 manual
set interface ethernet0/6 vip interface-ip 80 "HTTP" 10.10.10.11
set interface ethernet0/6 vip interface-ip 443 "HTTPS" 10.10.10.36
set interface ethernet0/4 vip 187.174.155.116 443 "HTTPS" 10.10.10.41 manual
set interface ethernet0/4 vip 187.174.155.116 + 80 "HTTP" 10.10.10.41 manual
set interface "ethernet0/6" mip 10.149.65.59 host 10.10.10.63 netmask
255.255.255.255 vr "trust-vr"
255.255.255.255 vr "trust-vr"
255.255.255.255 vr "trust-vr"
set interface "bgroup0/0" mip 192.168.1.10 host 10.10.10.10 netmask 255.255.255.255
vr "trust-vr"
vr "trust-vr"
vr "trust-vr"
vr "trust-vr"
vr "trust-vr"
set interface "bgroup0/0" mip 192.168.1.111 host 10.10.10.111 netmask
255.255.255.255 vr "trust-vr"
vr "trust-vr"
255.255.255.255 vr "trust-vr"
vr "trust-vr"
vr "trust-vr"
255.255.255.255 vr "trust-vr"
vr "trust-vr"
vr "trust-vr"
255.255.255.255 vr "trust-vr"
vr "trust-vr"
vr "trust-vr"
255.255.255.255 vr "trust-vr"
255.255.255.255 vr "trust-vr"
255.255.255.255 vr "trust-vr"
255.255.255.255 vr "trust-vr"
255.255.255.255 vr "trust-vr"
vr "trust-vr"
vr "trust-vr"
vr "trust-vr"
255.255.255.255 vr "trust-vr"
255.255.255.255 vr "trust-vr"
255.255.255.255 vr "trust-vr"
vr "trust-vr"
vr "trust-vr"
255.255.255.255 vr "trust-vr"
vr "trust-vr"
vr "trust-vr"
vr "trust-vr"
vr "trust-vr"
255.255.255.255 vr "trust-vr"
255.255.255.255 vr "trust-vr"
vr "trust-vr"
vr "trust-vr"
vr "trust-vr"
vr "trust-vr"
vr "trust-vr"
vr "trust-vr"
255.255.255.255 vr "trust-vr"
vr "trust-vr"
vr "trust-vr"
255.255.255.255 vr "trust-vr"
unset flow no-tcp-seq-check
set flow tcp-syn-check
unset flow tcp-syn-bit-check
set flow reverse-route clear-text prefer
set flow reverse-route tunnel always
set hostname QROFW1
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set dns host dns1 8.8.8.8
set dns ddns
set address "Trust" "---" 192.168.0.158 255.255.255.0
set address "Trust" "----" 192.168.0.247 255.255.255.0
set address "Trust" "-----" 192.168.0.244 255.255.255.255
set address "Trust" "10.10.10.0/24" 10.10.10.0 255.255.255.0
set address "Trust" "192.168.150.49" 192.168.150.49 255.255.255.255
set address "Trust" "accesos1" 192.168.0.224 255.255.255.255
set address "Trust" "accesos2" 192.168.0.229 255.255.255.255
set address "Trust" "Alberto Toledo" 192.168.0.20 255.255.255.255
set address "Trust" "Alberto Toledo SRV" 192.168.0.201 255.255.255.255
set address "Trust" "alejandro.lopez" 192.168.0.77 255.255.255.255
set address "Trust" "Ana Leon" 192.168.0.49 255.255.255.255 "Delivery"
set address "Trust" "Baja" 192.168.0.206 255.255.255.255
set address "Trust" "Carlos Ortiz DBA" 192.168.0.42 255.255.255.255 "Sistemas"
set address "Trust" "Consulta RFC" 192.168.0.112 255.255.255.255
set address "Trust" "Daniel Cruz" 192.168.0.58 255.255.255.0
set address "Trust" "Daniel Hernandez" 192.168.0.199 255.255.255.255
set address "Trust" "Erik Tapia" 192.168.0.114 255.255.255.255
set address "Trust" "gabriel.rodriguez" 192.168.0.246 255.255.255.255
set address "Trust" "hector.perez" 192.168.0.178 255.255.255.255
set address "Trust" "Ismael Gonzalez" 192.168.0.57 255.255.255.0
set address "Trust" "ivan macias" 192.168.0.225 255.255.255.255
set address "Trust" "Ivan Renteria" 192.168.0.78 255.255.255.255
set address "Trust" "Jesus Guerrero" 192.168.0.178 255.255.255.255
set address "Trust" "Jesus Romero" 192.168.0.150 255.255.255.255
set address "Trust" "Jorge Cano" 192.168.0.76 255.255.255.255
set address "Trust" "jorge.paez" 192.168.0.80 255.255.255.255
set address "Trust" "juan.olea" 192.168.0.19 255.255.255.255
set address "Trust" "Laura Saucedo" 192.168.0.34 255.255.255.0
set address "Trust" "Ninel Govantes" 192.168.0.222 255.255.255.0
set address "Trust" "Osvaldo Valle" 192.168.0.169 255.255.255.255 "Delivery"
set address "Trust" "PRTG" 192.168.0.8 255.255.255.255
set address "Trust" "sincronizacion" 192.168.0.235 255.255.255.255
set address "Trust" "Snare" 192.168.0.81 255.255.255.255
set address "Trust" "snare.server" 192.168.0.189 255.255.255.255
set address "Trust" "Temporal-AT" 192.168.0.214 255.255.255.255
set address "Trust" "TS-GW" 192.168.0.14 255.255.255.255
set address "Trust" "Ulises Esponiza" 192.168.0.195 255.255.255.255
set address "Trust" "Victor Ordo�ez" 192.168.0.151 255.255.255.0
set address "Trust" "wendolyn.lugo" 192.168.0.234 255.255.255.255
set address "Untrust" "10.100.0.0/16" 10.100.0.0 255.255.0.0
set address "Untrust" "13.107.4.50" 13.107.4.50 255.255.255.0
set address "Untrust" "Akamai International" 23.43.116.115 255.255.255.0
set address "Untrust" "Akamai Technologie 23.213.76.25" 23.213.76.25
255.255.255.255
set address "Untrust" "Akamai Technologies, Inc" 23.0.153.46 255.255.255.0
set address "Untrust" "Amazon Technologies Inc" 52.0.60.64 255.255.255.0
set address "Untrust" "AMAZON-2011L" 54.89.36.21 255.255.255.0
set address "Untrust" "Hetzner-RZ16 176.9.138.231" 176.9.138.231 255.255.255.255
set address "DMZ" "10.10.10.0/24" 10.10.10.0 255.255.255.0
set address "DMZ" "10.10.10.111/24" 10.10.10.111 255.255.255.0
set address "DMZ" "10.10.10.33/32" 10.10.10.33 255.255.255.255
set address "DMZ" "10.10.20.0/24" 10.10.20.0 255.255.255.0
set address "DMZ" "10.10.20.33/32" 10.10.20.33 255.255.255.255
set address "DMZ" "192.168.0.0/24" 192.168.0.0 255.255.255.0
set address "DMZ" "192.168.1.0/24" 192.168.1.0 255.255.255.0
set address "DMZ" "192.168.1.102/32" 192.168.1.102 255.255.255.255
set address "DMZ" "192.168.1.13/32" 192.168.1.13 255.255.255.255
set address "DMZ" "192.168.1.16/32" 192.168.1.16 255.255.255.255
set ippool "pool_remotos" 10.10.10.151 10.10.10.156
set user "alberto.toledo" uid 5
set user "alberto.toledo" type xauth
set user "alberto.toledo" password "F43WcCVgNNZvcMs5FSCFm3qTFVnIxBXyRg=="
unset user "alberto.toledo" type auth
set user "alberto.toledo" "enable"
set user "ignacio.robles" uid 3
set user "ignacio.robles" type xauth
set user "ignacio.robles" password "9qCH1e6rNovYsksTHPCebtoagnn1SftbAQ=="
unset user "ignacio.robles" type auth
set user "ignacio.robles" "enable"
set user "juan.olea" uid 4
set user "juan.olea" type xauth
set user "juan.olea" password "Nq+42aLtNSoh79sc8GC6LjHMOOnuU0x8WA=="
unset user "juan.olea" type auth
set user "juan.olea" "enable"
set user "omar.almazan" uid 6
set user "omar.almazan" "enable"
set user "rene.froget" uid 2
set user "rene.froget" type xauth
set user "rene.froget" password "+Cb/7hr5NTTJvlsxnmCAT76pBUnndyZ7qw=="
unset user "rene.froget" type auth
set user "rene.froget" "enable"
set user "vpn_cliente_remoto" uid 1
set user "vpn_cliente_remoto" ike-id u-fqdn "remoto@ateb.com.mx" share-limit 1
set user "vpn_cliente_remoto" type ike
set user "vpn_cliente_remoto" "enable"
set user-group "Grupo_Cliente_Remoto" id 1
set user-group "Grupo_Cliente_Remoto" user "vpn_cliente_remoto"
set crypto-policy
exit
set ike gateway "gw_atebmx" address 201.144.64.70 Main outgoing-interface
"bgroup0/1" preshare "A7hfv5Q3NRe0O8sJouC32KE+sAnAR1whTQ==" sec-level standard
set ike gateway "vpn_usuarios_remotos" dialup "Grupo_Cliente_Remoto" Aggr outgoing-
interface "bgroup0/1" preshare "fmQGOJTTNGyvTss5kbC1po9zC2nYtpD7Dg==" proposal
"pre-g2-3des-sha" "pre-g2-3des-md5" "pre-g2-aes128-sha" "pre-g2-aes128-md5"
set ike gateway "vpn_usuarios_remotos" dpd-liveness interval 30
unset ike gateway "vpn_usuarios_remotos" nat-traversal udp-checksum
set ike gateway "vpn_usuarios_remotos" nat-traversal keepalive-frequency 5
set ike gateway "vpn_usuarios_remotos" xauth server "Local"
unset ike gateway "vpn_usuarios_remotos" xauth do-edipi-auth
set ike gateway "GW-CJF" address 189.240.126.43 Main outgoing-interface
"ethernet0/4" preshare "8zay58ZUNrJBAasKU6C6WMMFoynZJcj+ig==" proposal "pre-g2-
3des-md5" "rsa-g2-3des-md5"
set ike respond-bad-spi 1
set ike ikev2 ike-sa-soft-lifetime 60
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set xauth default ippool "pool_remotos"
set xauth default dns1 10.10.10.15
set vpn "vpn_atebmx" gateway "gw_atebmx" no-replay tunnel idletime 0 sec-level
standard
set vpn "vpn_atebmx" monitor
set vpn "vpn_atebmx" id 0x2 bind interface tunnel.1
set vpn "tn_usuarios_remotos" gateway "vpn_usuarios_remotos" replay tunnel idletime
0 proposal "nopfs-esp-3des-sha" "nopfs-esp-3des-md5" "nopfs-esp-aes128-sha"
"nopfs-esp-aes128-md5"
set vpn "VPN-CJF" gateway "GW-CJF" no-replay tunnel idletime 0 proposal "nopfs-esp-
3des-md5"
set vpn "VPN-CJF" monitor
exit
exit
set url protocol websense
exit
set vpn "vpn_atebmx" proxy-id local-ip 192.168.1.0/24 remote-ip 192.168.0.0/24
"ANY"
set vpn "VPN-CJF" proxy-id local-ip 10.10.10.0/24 remote-ip 10.100.0.0/16 "ANY"
set policy id 91 name "Qro/Insurgentes" from "Untrust" to "Trust" "192.168.1.0/24"
"192.168.0.0/24" "ANY" permit log
set policy id 91
exit
set policy id 87 name "Politica HSM" from "Trust" to "DMZ" "Erik Tapia"
"MIP(192.168.1.32)" "http_90" permit log
set policy id 87
set dst-address "MIP(192.168.1.50)"
set service "SSH"
exit
set policy id 86 from "Trust" to "DMZ" "192.168.150.105/32" "MIP(192.168.1.33)"
"PING" permit log
set policy id 86
set service "RDP"
exit
set policy id 85 name "Politica Snare" from "Trust" to "DMZ" "Snare"
"MIP(192.168.1.10)" "ANY" permit
set policy id 85
exit
set policy id 84 from "Untrust" to "DMZ" "Any" "VIP(187.174.155.120)" "9992"
permit log
set policy id 84
exit
set policy id 83 name "Politica Ivan Renteria" from "Trust" to "DMZ" "Ivan
Renteria" "MIP(192.168.1.15)" "http_90" permit log
set policy id 83
set service "MS-SQL"
set service "PING"
set service "RDP"
exit
set policy id 80 name "Politica DB" from "Untrust" to "DMZ" "192.168.0.0/24"
"MIP(192.168.1.33)" "ANY" permit log
set policy id 80 disable
set policy id 80
exit
set policy id 76 from "Untrust" to "DMZ" "192.168.150.52/32" "MIP(192.168.1.13)"
"MS-SQL" permit log
set policy id 76
set service "PING"
exit
set policy id 75 name "Politica Ulises Delgado" from "Trust" to "DMZ"
"192.168.150.52/32" "MIP(192.168.1.113)" "MS-SQL" permit log
set policy id 75
set service "PING"
exit
set policy id 74 name "Politica Timbrado V2" from "Untrust" to "DMZ" "Any"
"VIP(187.174.155.119)" "HTTP (8080)" permit log
set policy id 74
set service "HTTPS"
exit
set policy id 72 from "Untrust" to "Trust" "192.168.150.10/32" "192.168.1.13/32"
"ANY" permit log
set policy id 72
exit
set policy id 71 name "Politica 1.13 a 150.10" from "Trust" to "Untrust"
"192.168.1.13/32" "192.168.150.10/32" "ANY" permit log
set policy id 71
exit
set policy id 70 name "Politica a QRO1" from "Trust" to "Untrust" "192.168.1.0/24"
"192.168.150.0" "ANY" permit log
set policy id 70
exit
set policy id 69 from "Untrust" to "Trust" "192.168.150.0" "192.168.1.0/24" "ANY"
permit log
set policy id 69
exit
set policy id 68 from "Untrust" to "DMZ" "192.168.150.0" "192.168.1.0/24" "ANY"
permit log
set policy id 68
exit
set policy id 67 name "temp qro1" from "Trust" to "Untrust" "192.168.1.0/24"
"192.168.0.0/24" "ANY" permit log
set policy id 67
exit
set policy id 62 from "Untrust" to "Trust" "69.162.124.233" "VIP(187.174.155.118)"
"ANY" deny log
set policy id 62
exit
set policy id 61 from "Untrust" to "DMZ" "169.44.183.3" "VIP(187.174.155.118)"
"ANY" deny log
set policy id 61
set src-address "201.163.30.36"
exit
set policy id 60 from "DMZ" to "Untrust" "Any" "72.21.81.253/32" "ANY" permit log
set policy id 60
exit
set policy id 59 from "Untrust" to "DMZ" "169.44.183.3" "Any" "ANY" deny log
set policy id 59
set src-address "72.21.81.253/32"
exit
set policy id 57 from "Untrust" to "Trust" "13.107.4.50" "Any" "ANY" deny log
set policy id 57
set src-address "187.160.242.252"
set src-address "Akamai International"
set src-address "Akamai Technologie 23.213.76.25"
set src-address "Akamai Technologies, Inc"
set src-address "Amazon Technologies Inc"
set src-address "AMAZON-2011L"
set src-address "Hetzner-RZ16 176.9.138.231"
exit
set policy id 48 from "Untrust" to "DMZ" "66.102.131.123/32" "Any" "ANY" deny log
set policy id 48
exit
set policy id 7 from "DMZ" to "Untrust" "Any" "Any" "DNS" nat src permit log count
set policy id 7
set service "FTP"
set service "HTTP"
set service "http_81"
set service "HTTPS"
set service "HTTPS(444)"
set service "ICMP-ANY"
set service "MAIL"
set service "SMTP Alter"
set service "smtp.com"
set service "SNMP"
exit
set policy id 42 from "DMZ" to "Untrust" "Any" "Any" "ANY" permit log url-filter
set policy id 42
exit
set policy id 35 from "DMZ" to "Untrust" "10.10.10.0/24" "Any" "ANY" permit log
set policy id 35
exit
set policy id 11 from "DMZ" to "Untrust" "10.10.10.0/24" "Dial-Up VPN" "ANY"
tunnel vpn "tn_usuarios_remotos" id 0x6 pair-policy 10 log
set policy id 11
exit
set policy id 31 from "DMZ" to "Untrust" "10.10.10.0/24" "10.100.0.0/16" "ANY"
tunnel vpn "VPN-CJF" id 0xa pair-policy 30 log
set policy id 31
exit
set policy id 10 from "Untrust" to "DMZ" "Dial-Up VPN" "10.10.10.0/24" "ANY"
tunnel vpn "tn_usuarios_remotos" id 0x6 pair-policy 11 log
set policy id 10
exit
set policy id 30 from "Untrust" to "DMZ" "10.100.0.0/16" "10.10.10.0/24" "ANY"
tunnel vpn "VPN-CJF" id 0xa pair-policy 31 log
set policy id 30
exit
set policy id 41 from "Untrust" to "DMZ" "74.86.158.106/32" "VIP(187.174.155.117)"
"ANY" deny log
set policy id 41
set dst-address "VIP(187.174.155.118)"
set log session-init
exit
set policy id 1 from "Trust" to "Untrust" "Any" "Any" "ANY" permit log
set policy id 1
exit
set policy id 2 from "Untrust" to "Trust" "Any" "VIP(187.174.155.115)" "eG
Monitor" permit log count
set policy id 2
set service "HTTP"
set service "HTTPS"
exit
set policy id 6 from "Untrust" to "DMZ" "Any" "VIP(187.174.155.117)" "AS2(8010)"
permit log count
set policy id 6
set service "HTTP"
set service "HTTPS"
exit
set policy id 46 from "Trust" to "DMZ" "Alberto Toledo" "MIP(192.168.1.30)" "ANY"
permit log
set policy id 46
exit
set policy id 12 from "Untrust" to "DMZ" "Any" "VIP(187.174.155.119)" "HTTP"
permit log
set policy id 12
set service "HTTPS"
set log session-init
exit
set policy id 13 from "Trust" to "DMZ" "192.168.1.0/24" "10.10.10.0/24" "ANY"
permit log
set policy id 13
set dst-address "10.10.20.0/24"
exit
set policy id 36 from "DMZ" to "Trust" "10.10.10.0/24" "192.168.1.0/24" "ANY"
permit log
set policy id 36
exit
permit log
set policy id 15
set dst-address "192.168.1.102/32"
exit
permit log
set policy id 17
exit
set policy id 18 from "Trust" to "DMZ" "192.168.50.0/24" "10.10.10.0/24" "ANY"
permit log
set policy id 18
exit
set policy id 55 from "Trust" to "Trust" "192.168.0.0/24" "MIP(192.168.1.111)"
"ANY" permit log
set policy id 55
exit
set policy id 20 from "Trust" to "Trust" "192.168.0.0/24" "192.168.1.0/24" "ANY"
permit log
set policy id 20
exit
set policy id 21 from "Trust" to "Trust" "192.168.1.0/24" "192.168.0.0/24" "ANY"
permit log
set policy id 21
exit
set policy id 22 from "Untrust" to "Trust" "200.66.76.170/24"
"VIP(187.174.155.117)" "843" permit log count
set policy id 22
set src-address "200.66.76.173/24"
set src-address "201.144.64.70/32"
set service "http_81"
exit
set policy id 23 from "Untrust" to "DMZ" "Any" "VIP(187.174.155.117)" "82" permit
log
set policy id 23
set service "NTP"
exit
set policy id 24 from "Untrust" to "Trust" "Any" "VIP(187.174.155.117)" "NTP"
permit log count
set policy id 24
exit
set policy id 25 from "DMZ" to "Trust" "MIP(192.168.1.254)" "192.168.1.0/24" "ANY"
permit log
set policy id 25
exit
set policy id 26 from "DMZ" to "Trust" "192.168.1.102/32" "MIP(192.168.1.254)"
"ANY" permit log
set policy id 26
exit
permit log
set policy id 32
exit
set policy id 34 from "Untrust" to "DMZ" "Any" "VIP(187.174.155.118)" "http_81"
permit log count
set policy id 34
exit
set policy id 37 from "Untrust-VW" to "DMZ" "Any" "VIP(10.149.65.58)" "HTTP"
permit log
set policy id 37
set service "HTTPS"
exit
set policy id 38 from "DMZ" to "Untrust-VW" "Any" "Any" "HTTP" permit log
set policy id 38
set service "HTTPS"
exit
set policy id 43 from "Untrust" to "DMZ" "Any" "VIP(187.174.155.118)" "http_5443"
permit log count
set policy id 43
exit
set policy id 51 from "Untrust" to "DMZ" "Any" "VIP(187.174.155.115)" "444(https)"
permit log sess-limit per-src-ip 30
set policy id 51
set service "HTTP"
set service "HTTPS"
set service "RDP"
exit
set policy id 52 from "Untrust" to "DMZ" "Any" "VIP(187.174.155.116)" "HTTP"
permit log
set policy id 52
set service "HTTPS"
exit
set policy id 54 from "Trust" to "DMZ" "Ana Leon" "MIP(192.168.1.10)" "ANY" permit
log
set policy id 54
set src-address "Carlos Ortiz DBA"
set src-address "Daniel Cruz"
set src-address "Daniel Hernandez"
set src-address "Jesus Romero"
set src-address "Jorge Cano"
set src-address "Ninel Govantes"
set src-address "Osvaldo Valle"
set src-address "PRTG"
set src-address "sincronizacion"
set src-address "snare.server"
set src-address "Temporal-AT"
set src-address "TS-GW"
set src-address "Victor Ordo�ez"
exit
set policy id 63 from "Untrust-VW" to "DMZ" "Any" "MIP(10.149.65.59)" "ANY" permit
log
set policy id 63
exit
log
set policy id 64
exit
set policy id 65 from "Untrust-VW" to "DMZ" "Any" "VIP(ethernet0/6)" "HTTPS"
permit log
set policy id 65
exit
log
set policy id 82
exit
set policy id 89 name "Gabriela Maya" from "Trust" to "DMZ" "192.168.0.26/24"
"MIP(192.168.1.21)" "ANY" permit
set policy id 89
exit
set syslog config "192.168.0.147"
set syslog config "192.168.0.147" facilities local0 local0
set syslog config "192.168.0.147" log traffic
set syslog src-interface bgroup0/0
set syslog enable
set firewall log-self
set nsmgmt bulkcli reboot-timeout 60
set ssh version v2
set ssh enable
set config lock timeout 5
unset license-key auto-update
set telnet client enable
set ssl port 4430
set ssl encrypt 3des sha-1
set ntp server "10.10.10.17"
set snmp community "test" Read-Write Trap-on traffic version v1
set snmp community "monitorPRTG" Read-Write Trap-on traffic version v1
set snmp host "test" 192.168.1.102 255.255.255.255 src-interface bgroup0/2 trap v1
set snmp host "monitorPRTG" 192.168.1.20 255.255.255.255 src-interface bgroup0/0
trap v1
set snmp name "SSG140"
set snmp port listen 161
set snmp port trap 162
exit
unset add-default-route
set route 0.0.0.0/0 interface bgroup0/1 gateway 200.57.180.174 permanent
set route 192.168.0.0/24 interface tunnel.1 preference 20
set route 0.0.0.0/0 interface ethernet0/4 gateway 187.174.155.113 preference 10
set route 192.168.50.1/24 interface tunnel.1
set route 10.149.65.0/24 interface ethernet0/6 gateway 10.149.65.57 preference 10
permanent description "VW"
exit
exit
exit

SSG 140 Example Configure

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

SSG 140 Example Configure

Încărcat de

Drepturi de autor:

Formate disponibile

unset key protection enable

set clock timezone -6

S-ar putea să vă placă și