set clock timezone 8
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
exit
set service "2700" protocol tcp src-port 0-65535 dst-port 2700-2700
set service "3389" protocol tcp src-port 0-65535 dst-port 3389-3389
set service "6195" protocol tcp src-port 0-65535 dst-port 6195-6195
set service "6881" protocol tcp src-port 0-65535 dst-port 6881-6881
set service "8088" protocol tcp src-port 0-8088 dst-port 0-8088
set service "873" protocol tcp src-port 0-65535 dst-port 873-873
set service "90" protocol tcp src-port 0-65535 dst-port 90-90
set service "9922" protocol tcp src-port 0-65535 dst-port 9922-9922
set service "ldap2389" protocol tcp src-port 0-65535 dst-port 2389-2389
set service "mailsession" protocol tcp src-port 0-65535 dst-port 9988-9988
set service "mysql" protocol tcp src-port 0-65535 dst-port 3306-3306
set service "o" protocol tcp src-port 0-65535 dst-port 1521-1521
set service "TOMCAT" protocol tcp src-port 0-65535 dst-port 8080-8080
set service "weblogic" protocol tcp src-port 0-65535 dst-port 7001-7001
set service "webmin" protocol tcp src-port 0-65535 dst-port 10001-10001
set service "84" protocol tcp src-port 0-65535 dst-port 5901-5901
set service "84" + tcp src-port 0-65535 dst-port 5801-5801
set service "84" + tcp src-port 0-65535 dst-port 1521-1521
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth-server "Local" timeout 20
set auth default auth server "Local"
set auth radius accounting port 1646
set admin name "admin"
set admin password "nLzyKHrqDgQNceuLBsnOWKCt7jJQYn"
set admin port 8000
set admin scs password disable username admin
set admin mail alert
set admin mail server-name "norvartis"
set admin mail mail-addr1 "
gaofeng@chinanetcenter.com"
set admin auth timeout 10
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
set zone "VLAN" block
unset zone "VLAN" tcp-rst
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface untrust phy full 100mb
set interface "trust" zone "V1-Trust"
set interface "untrust" zone "V1-Untrust"
set interface vlan1 ip 124.42.35.2/27
set interface vlan1 nat
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface vlan1 ip manageable
unset interface vlan1 manage snmp
unset zone V1-Trust manage ssh
set zone V1-Untrust manage ping
set zone V1-Untrust manage telnet
set zone V1-Untrust manage web
set flow tcp-mss
unset flow no-tcp-seq-check
unset flow tcp-syn-check
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set address "V1-Trust" "124.42.35.10/32" 124.42.35.10 255.255.255.224
set address "V1-Trust" "124.42.35.11/32" 124.42.35.11 255.255.255.224
set address "V1-Trust" "124.42.35.12/32" 124.42.35.12 255.255.255.224
set address "V1-Trust" "124.42.35.13/32" 124.42.35.13 255.255.255.224
set address "V1-Trust" "124.42.35.14/32" 124.42.35.14 255.255.255.224
set address "V1-Trust" "124.42.35.15/32" 124.42.35.15 255.255.255.224
set address "V1-Trust" "124.42.35.16/32" 124.42.35.16 255.255.255.224
set address "V1-Trust" "124.42.35.17/32" 124.42.35.17 255.255.255.224
set address "V1-Trust" "124.42.35.18" 124.42.35.18 255.255.255.224
set address "V1-Trust" "124.42.35.19/32" 124.42.35.19 255.255.255.224
set address "V1-Trust" "124.42.35.20/32" 124.42.35.20 255.255.255.224
set address "V1-Trust" "124.42.35.21/32" 124.42.35.21 255.255.255.224
set address "V1-Trust" "124.42.35.22/32" 124.42.35.22 255.255.255.224
set address "V1-Trust" "124.42.35.23/32" 124.42.35.23 255.255.255.224
set address "V1-Trust" "124.42.35.24/32" 124.42.35.24 255.255.255.224
set address "V1-Trust" "124.42.35.25/32" 124.42.35.25 255.255.255.224
set address "V1-Trust" "124.42.35.26/32" 124.42.35.26 255.255.255.224
set address "V1-Trust" "124.42.35.27/32" 124.42.35.27 255.255.255.224
set address "V1-Trust" "124.42.35.28/32" 124.42.35.28 255.255.255.224
set address "V1-Trust" "124.42.35.29/32" 124.42.35.29 255.255.255.224
set address "V1-Trust" "124.42.35.3/32" 124.42.35.3 255.255.255.224
set address "V1-Trust" "124.42.35.30/32" 124.42.35.30 255.255.255.224
set address "V1-Trust" "124.42.35.4/32" 124.42.35.4 255.255.255.224
set address "V1-Trust" "124.42.35.5/32" 124.42.35.5 255.255.255.224
set address "V1-Trust" "124.42.35.6/32" 124.42.35.6 255.255.255.224
set address "V1-Trust" "124.42.35.7/32" 124.42.35.7 255.255.255.224
set address "V1-Trust" "124.42.35.8/32" 124.42.35.8 255.255.255.224
set address "V1-Trust" "124.42.35.9/32" 124.42.35.9 255.255.255.224
set address "V1-Untrust" "124.42.35.4/255.255.255.255" 124.42.35.4 255.255.255.255
set address "V1-Untrust" "124.42.35.8/32" 124.42.35.8 255.255.255.255
set address "V1-Untrust" "202.108.15.16/32" 202.108.15.16 255.255.255.255
set address "V1-Untrust" "202.108.15.160/255.255.255.255" 202.108.15.160 255.255.255.255
set address "V1-Untrust" "202.108.16.5/255.255.255.255" 202.108.16.5 255.255.255.255
set address "V1-Untrust" "202.108.16.5/32" 202.108.16.5 255.255.255.255
set address "V1-Untrust" "211.103.191.1/255.255.255.255" 211.103.191.1 255.255.255.255
set address "V1-Untrust" "211.147.17.133/32" 202.108.1.76 255.255.255.255
set address "V1-Untrust" "211.147.17.140/32" 211.147.17.140 255.255.255.255
set address "V1-Untrust" "211.154.103.87/32" 211.154.103.87 255.255.255.255
set address "V1-Untrust" "219.135.214.135" 219.135.214.135 255.255.255.255
set address "V1-Untrust" "219.135.214.135/255.255.255.255" 219.135.214.135 255.255.255.255
set address "V1-Untrust" "221.122.63.26/255.255.255.255" 221.122.63.26 255.255.255.255
set address "V1-Untrust" "221.162.63.26/255.255.255.255" 221.162.63.26 255.255.255.255
set address "V1-Untrust" "222.128.33.40/32" 222.128.33.40 255.255.255.255
set address "V1-Untrust" "61.141.253.79/32" 61.141.253.79 255.255.255.255
set address "V1-Untrust" "cncoffice" 203.212.0.160 255.255.255.224
set group address "V1-Untrust" "124.42.35.7manager"
set group address "V1-Untrust" "124.42.35.7manager" add "202.108.16.5/32"
set group address "V1-Untrust" "124.42.35.7manager" add "219.135.214.135"
set group service "da"
set group service "da" add "3389"
set group service "da" add "FTP"
set group service "da" add "HTTP"
set group service "da" add "mysql"
set group service "da" add "PC-Anywhere"
set group service "da" add "PING"
set group service "g1"
set group service "g1" add "84"
set group service "g1" add "HTTP"
set group service "g1" add "IMAP"
set group service "g1" add "MAIL"
set group service "g1" add "PING"
set group service "g1" add "POP3"
set group service "g1" add "SMTP"
set group service "g2"
set group service "g2" add "HTTP"
set group service "g2" add "PING"
set group service "g2" add "POP3"
set group service "g2" add "SMTP"
set group service "g2" add "SSH"
set group service "g2" add "TOMCAT"
set group service "g3"
set group service "g3" add "HTTP"
set group service "g3" add "IMAP"
set group service "g3" add "POP3"
set group service "g3" add "SSH"
set group service "g4"
set group service "g4" add "90"
set group service "g4" add "HTTP"
set group service "g4" add "IMAP"
set group service "g4" add "ldap2389"
set group service "g4" add "mailsession"
set group service "g4" add "SSH"
set ike respond-bad-spi 1
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set attack group "CS:SYN"
set attack "CS:syn" aim-chat-room-desc "a" severity medium
set attack group "CS:SYN" add "CS:syn"
set url protocol websense
exit
set policy id 1 from "Trust" to "Untrust" "Any" "Any" "ANY" permit
set policy id 1
exit
set policy id 20 from "V1-Untrust" to "V1-Trust" "Any" "124.42.35.8/32" "g1" permit count
set policy id 20
exit
set policy id 0 from "V1-Trust" to "V1-Untrust" "Any" "Any" "ANY" permit
set policy id 0
exit
set policy id 2 from "V1-Untrust" to "V1-Trust" "Any" "124.42.35.6/32" "g2" permit count
set policy id 2
exit
set policy id 5 from "V1-Untrust" to "V1-Trust" "Any" "124.42.35.3/32" "g2" permit count
set policy id 5
exit
set policy id 19 name "124.42.35.4" from "V1-Untrust" to "V1-Trust" "Any" "124.42.35.4/32" "ANY" permit count
set policy id 19
exit
set policy id 45 from "V1-Untrust" to "V1-Trust" "124.42.35.7manager" "124.42.35.7/32" "9922" permit
set policy id 45
exit
set policy id 31 from "V1-Untrust" to "V1-Trust" "202.108.15.16/32" "124.42.35.6/32" "9922" permit
set policy id 31
exit
set policy id 40 name "cncping" from "V1-Untrust" to "V1-Trust" "Any" "124.42.35.6/32" "PING" permit
set policy id 40
exit
set policy id 50 from "V1-Untrust" to "V1-Trust" "202.108.15.160/255.255.255.255" "124.42.35.6/32" "9922" permit
set policy id 50
exit
set policy id 52 from "V1-Untrust" to "V1-Trust" "219.135.214.135/255.255.255.255" "124.42.35.6/32" "9922" permit
set policy id 52
exit
set policy id 53 from "V1-Untrust" to "V1-Trust" "202.108.15.160/255.255.255.255" "124.42.35.7/32" "9922" permit
set policy id 53
exit
set policy id 54 from "V1-Untrust" to "V1-Trust" "202.108.15.16/32" "124.42.35.7/32" "9922" permit
set policy id 54
exit
set policy id 55 from "V1-Untrust" to "V1-Trust" "219.135.214.135/255.255.255.255" "124.42.35.7/32" "9922" permit
set policy id 55
exit
set policy id 59 from "V1-Untrust" to "V1-Trust" "Any" "124.42.35.18" "g2" permit count
set policy id 59
exit
set policy id 62 from "V1-Untrust" to "V1-Trust" "221.122.63.26/255.255.255.255" "124.42.35.18" "mysql" permit
set policy id 62
exit
set policy id 66 from "V1-Untrust" to "V1-Trust" "211.147.17.133/32" "124.42.35.6/32" "2700" permit
set policy id 66
exit
set policy id 67 from "V1-Untrust" to "V1-Trust" "211.147.17.140/32" "124.42.35.6/32" "2700" permit
set policy id 67
exit
set policy id 68 from "V1-Untrust" to "V1-Trust" "211.154.103.87/32" "124.42.35.6/32" "9922" permit
set policy id 68
exit
set policy id 69 from "V1-Untrust" to "V1-Trust" "202.108.15.16/32" "124.42.35.6/32" "9922" permit
set policy id 69
exit
set policy id 71 name "124.42.35.5" from "V1-Untrust" to "V1-Trust" "Any" "124.42.35.5/32" "da" permit
set policy id 71
exit
set policy id 74 from "V1-Untrust" to "V1-Trust" "222.128.33.40/32" "124.42.35.3/32" "webmin" permit
set policy id 74
exit
set policy id 75 from "V1-Untrust" to "V1-Trust" "211.103.191.1/255.255.255.255" "124.42.35.18" "873" permit
set policy id 75
exit
set policy id 78 from "V1-Untrust" to "V1-Trust" "222.128.33.40/32" "124.42.35.3/32" "mysql" permit
set policy id 78
exit
set policy id 82 from "V1-Untrust" to "V1-Trust" "211.103.191.1/255.255.255.255" "124.42.35.8/32" "SSH" permit
set policy id 82
exit
set webtrends host-name "202.106.196.115"
set webtrends enable
set log module system level emergency destination console
set log module system level alert destination console
set log module system level critical destination console
set log module system level error destination console
set log module system level warning destination console
set log module system level notification destination console
set log module system level information destination console
set log module system level debugging destination console
set nsmgmt report proto-dist enable
set nsmgmt report statistics ethernet enable
set nsmgmt report statistics attack enable
set nsmgmt report statistics flow enable
set nsmgmt report statistics policy enable
set nsmgmt report alarm traffic enable
set nsmgmt report alarm attack enable
set nsmgmt report alarm other enable
set nsmgmt report log config enable
set nsmgmt report log info enable
set nsmgmt report log self enable
set nsmgmt report log traffic enable
set nsmgmt bulkcli reboot-timeout 60
set ssh version v2
set config lock timeout 5
set modem speed 115200
set modem retry 3
set modem interval 10
set modem idle-time 10
set snmp name "ns5gt"
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
set route 0.0.0.0/0 interface vlan1 gateway 124.42.35.1
exit
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit
2001-2007 Comsenz Inc.
