SG配置参数

#system

set hostname lish

set adminhost retries 1

set system time zone 8

set dns primary 222.85.85.85

#snmp

set snmp name SG

#link detection

#zonebook

#functional zone

 #zone vsi0

 #zone vsi1

 #zone vsi2

 #zone vsi3

 #zone vsi4

 #zone NULL

 #zone pppoe

 #zone ipsec

 #zone pptp

 #zone l2tp

 #zone sslvpn

 #zone sslvpnclient

#security zone

 #zone trust (eth0 eth2 ath0)

 #zone untrust (eth1 eth3 eth4)

 #zone dmz

 #zone l2-trust

 #zone l2-untrust

 #zone l2-dmz

#addressbook

#schedulebook

#servicebook

#authserver

#wlan ath0

 set wlan ath0 proto 11g

 set wlan ath0 ssid zzhdt

 set wlan ath0 channel 7

 set wlan ath0 txpower 14

 set wlan ath0 rate 54

 set wlan ath0 key wpa password zzhdt123.456

#interface

#interface eth0

 set interface eth0 ip 192.168.200.254/24

 set interface eth0 nat

 set interface eth0 up

 set interface eth0 zone trust

 set interface eth0 manage-ip 192.168.200.252/24

 set interface eth0 manage-service ssh

 set interface eth0 manage-service web

 set interface eth0 dhcp server option gateway 192.168.200.254

 set interface eth0 dhcp server option netmask 255.255.255.0

 set interface eth0 dhcp server option dns1 222.85.85.85

 set interface eth0 dhcp server option lease 592000

 set interface eth0 dhcp server range 192.168.200.100 192.168.200.199

 set interface eth0 dhcp server service

#interface eth1

 set interface eth1 ip 222.85.108.50/30

 set interface eth1 up

 set interface eth1 zone untrust

 set interface eth1 manage-service web

 set interface eth1 manage-service ping

 set interface eth1 manage-service ssh

 set interface eth1 manage-service snmp

 set interface eth1 manage-service telnet

#interface eth2

 set interface eth2 ip 192.168.6.254/24

 set interface eth2 nat

 set interface eth2 up

 set interface eth2 zone trust

 set interface eth2 manage-service web

 set interface eth2 manage-service ping

 set interface eth2 manage-service ssh

 set interface eth2 manage-service snmp

 set interface eth2 manage-service telnet

 set interface eth2 dhcp server option dns1 222.85.85.85

 set interface eth2 dhcp server option gateway 192.168.1.254

 set interface eth2 dhcp server option netmask 255.255.255.0

 set interface eth2 dhcp server option lease 592000

 set interface eth2 dhcp server range 192.168.1.100 192.168.1.199

 set interface eth2 dhcp server service

#interface eth3

 set interface eth3 up

 set interface eth3 zone untrust

#interface eth4

 set interface eth4 up

 set interface eth4 zone untrust

#interface ath0

 set interface ath0 ip 192.168.0.254/24

 set interface ath0 nat

 set interface ath0 up

 set interface ath0 zone trust

 set interface ath0 manage-ip 192.168.0.252/24

 set interface ath0 manage-service web

 set interface ath0 alias-ip 192.168.2.0/24

 set interface ath0 dhcp server option netmask 255.255.255.0

 set interface ath0 dhcp server option gateway 192.168.0.254

 set interface ath0 dhcp server option dns1 222.85.85.85

 set interface ath0 dhcp server option lease 592000

 set interface ath0 dhcp server range 192.168.0.100 192.168.0.200

#interface vsi0

#interface vsi1

#interface vsi2

#interface vsi3

#interface vsi4

#pppoe

#dhcpclient

#vsi

set vsi vsi0 stp off

#vsi

set vsi vsi1 stp off

#vsi

set vsi vsi2 stp off

#vsi

set vsi vsi3 stp off

#vsi

set vsi vsi4 stp off

#route

set route 0.0.0.0/0 gateway 222.85.108.49

#policy route

#ospf

#rip

#arp

set arp 222.85.108.49 00:0F:E2:A5:73:B0

set arp 192.168.200.199 00:09:0F:78:2F:20

#set arp firewall

#set arp probe

  set arp probe self_start

  set arp probe server_start

  set arp probe interval 10

  set arp probe count 10

  set arp probe start

#log

#email log

#syslog log

#event log

#config log

#traffic log

#policy

#global policy

#policy group trustToself

 1 set policy from trust to self any any any permit

#policy group trustTountrust

 1 set policy from trust to untrust any any any permit

#policy group untrustTotrust

 1 set policy from untrust to trust any any any permit

#policy group untrustToself

 1 set policy from untrust to self any any any permit

#policy group trustTotrust

 1 set policy from trust to trust any any dhcpTcp permit

#policy group ipsecTotrust

 1 set policy from ipsec to trust any any any permit

#policy group trustToipsec

 1 set policy from trust to ipsec any any any permit

#policy group pptpTotrust

 1 set policy from pptp to trust any any any permit

#trafficpolicyList

#trafficPolicy

 set traffic name AP-outside from  ath0 to eth1 any any any

#snat

#userbook

set authuser user password ******

#vpn ipsec

#manual tunnel

#proposal1

 set ipsec proposal1 a

 set ipsec proposal1 a group g1 encryption 3des authentication md5

#proposal2

 set ipsec proposal2 b

 set ipsec proposal2 b pfsgroup g2

 set ipsec proposal2 b encryption 3des authentication md5

#gateway

 set ipsec gateway test ip 10.10.10.10 main interface eth1 presharekey 123456

roposal a

 set ipsec initial-contact single-gateway test

#ike tunnel

 set ipsec ike t gateway test authby esp proposal b

#ipsec channel

 set ipsec channel ttt 192.168.1.0/24 192.168.2.0/24 tunnel t

#l2tp ipsec channel

#vpn l2tp

set l2tp pppauth mschap-v1

set l2tp auth-server local

#vpn pptp (enabled)

set pptp ippool 192.168.1.80 192.168.1.89

set pptp pppauth mschap-v1

set pptp dns primary 222.85.85.85

set pptp auth-server local

set pptp encrypt mppe-128

set pptp channel

#anti-x

#http-av (stopped)

#ftp-anti-x  (stopped)

#smtp-anti-x (stopped)

#pop3-anti-x (stopped)

#imap-anti-x (stopped)

#engine

#virus

#spam

#spam-default-action

#spam-user-rule

#spam-user-white-list

#spam-user-custom-rule

#spam-user-max-receiver-rule

#spam-user-max-attach-rule

#spam-user-max-email-rule

#spam-user-sender-keyword-rule

#spam-user-receiver-keyword-rule

#spam-user-subject-keyword-rule

#spam-user-content-keyword-rule

#spam-user-attach-name-rule

#spam-user-email-address-rule

#IPS

#cpms

#ha

#xupdate

#ddnsList

#ntp

#sslvpn (stopped)

#traffic-analysis  (started)

set traffic-analysis log enable

set traffic-analysis log filesize 1

set traffic-analysis top enable

set traffic-analysis top number 10

set traffic-analysis cachesize 20

set traffic-analysis maxip 256

set traffic-analysis recoverlog

set traffic-analysis graph enable

set traffic-analysis graph interval 5

set traffic-analysis network 192.168.1.0/24

set traffic-analysis start

#sslclientList