网神安全网关配置方法
1.    将计算机IP地址设置为10.50.10.44,掩码255.255.255.0,网关10.50.10.45,连接在VPN网关的FE1口。

2.    打开VPN网关配套光盘中的Admin Cert目录,双击证书文件SecGateAdmin.p12,弹出如下窗口。
按提示进行安装,密码为“123456”,其它按默认即可安装成功。

3.    在IE浏览器中输入:  10.50.10.45:8889,密码为firewall
进入VPN党务工作者事迹材料网关管理 界面。
4.    进入VPN网关管理 界面。

5.    选择系统配置——》导入导出。
点击浏览,选择配置文件
如下:
# hardware version: SecGate 3600-F3(SJW79)A
# software version: 3.6.4.26
# hostname: SecGate
# serial number: f6f335072669bb05
defaddr delalladdr
defaddr add DMZ 0.0.0.0/0.0.0.0 comment "DMZ"
defaddr add Trust 0.0.0.0/0.0.0.0 comment "Trust"
defaddr add Untrust 0.0.0.0/0.0.0.0 comment "Untrust"
vpn set default prekey PleaseInputPrekey ikelifetime 28800 ipseclifetime 3600 vpnstatus on vpnbak off
vpn on
vpn add remote static main psk name xian addr 222.91.74.218 prekey PleaseInputPrekey ike 3des-sha1-dh5,aes-sha1-dh5 initiate on obey off nat_t on ikelifetime 28800 dpddelay 0 dpdtimeout 0
vpn add tunnel name xian_qianxian  local 61.185.40.23 remote xian auth esp ipsec aes1
无底洞打一成语是什么成语
28-md5,3des-sha1 pfs on dh_group 5 ipseclifetime 3600 proxy_localip 0.0.0.0 proxy_localmask 0.0.0.0 proxy_remoteip 0.0.0.0 proxy_remotemask 0.0.0.0
anti synflood fe1 200
anti icmpflood fe1 1000
anti pingofdeath fe1 800
anti udpflood fe1 1000
anti pingsweep fe1 10
anti tcpportscan fe1 10
anti udpportscan fe1 10
anti synflood fe2 200
anti icmpflood fe2 1000
anti pingofdeath fe2 800
anti udpflood fe2 1000
anti pingsweep fe2 10
anti tcpportscan fe2 10
anti udpportscan fe2 10
anti synflood fe3 200
anti icmpflood fe3 1000
anti pingofdeath fe3 800
anti udpflood fe3 1000
anti pingsweep fe3 10
anti tcpportscan fe3 10
anti udpportscan fe3 10
anti synflood fe4 200
anti icmpflood fe4 1000
anti pingofdeath fe4 800
anti udpflood fe4 1000
anti pingsweep fe4 10
anti tcpportscan fe4 10
anti udpportscan fe4 10
sysif set fe1 speed auto mtu 1500 ipmac off macpolicy permit mode route sroute off log off anti off nonip deny idsblock off vlan off
sysif set fe2 speed auto mtu 1500 ipmac off macpolicy permit mode route sroute off log off anti off nonip deny idsblock off vlan off
sysif set fe3 speed auto mtu 1500 ipmac off macpolicy permit mode route sroute off log off anti off nonip deny idsblock off vlan off
sysif set fe4 speed auto mtu 1500 ipmac off macpolicy permit mode route sroute off log off anti off nonip deny idsblock off vlan off

sysip add fe1 10.50.10.45 255.255.255.0 ping off admin on adminping on traceroute on
sysip add fe4 61.185.40.23 255.255.255.128 ping on admin on adminping off traceroute off
sysip add fe3 172.24.40.100 255.255.255.0 ping on admin on adminping off traceroute off
vrrpbunch delay 10
route add droute any 61.185.40.1
mngglobal set cpu 80 mem 80 fs 80 rcomm "public" wcomm "private" trapc "public" username "snmpuser" level "AuthnoPriv" authpass "12345678" crypt "MD5"
mngglobal add snmpip 222.91.74.218
mngglobal on
logsrv set 222.91.74.218 514 udp
mngacct set admin password "firewall"
mngacct multi on
mngacct failtime 5 blocktime 30 period 120
dns set sysname SecGate
历史典故
ipcftcheck off
longconn set 1800
statetable udp 20 icmp 5
statetable overtime establish 1800 syn 120
dnsrelay set auto
rdweb srcaddr any dstaddr any
rdweb dstport 80
vpn set dhcp active off dhcpserver 127.0.0.1 interface lo
timeout set web 600
bandwidth add p2p_band priority 3 minbw 60 maxbw 160 comment "建议仅用于P2P带宽限制"

ftpactive port20 keep off发动机大修
tcpmss set 1460
defsvc set ftp ftp 21
defsvc set h323 h323 1720
defsvc set sqlnet sqlnet 1521
defsvc set sip sip 5060
defsvc set rtsp rtsp 554
defsvc set mms mms 1755
defsvc set pptp pptp 1723
defsvc set gk gk 1719
defsvc set tftp tftp 69
defsvc set ftp comment "文件传输协议"
defsvc set h323 comment "Netmeeting服务"
defsvc set sqlnet comment "oracle数据库网络连接"
defsvc set sip comment "基于sip协议的动态服务"
defsvc set rtsp comment "RTSP服务"
defsvc set mms comment "MMS服务"
defsvc set pptp comment "点到点隧道协议的动态服务"
defsvc set gk comment "H.323网守服务"
defsvc set tftp comment "TFTP协议"
defsvc set icmp icmp comment "ICMP服务央行宣布降息"
defsvc set ping icmp type 8 comment "PING请求"
defsvc set pong icmp type 0 comment "PING回应"
defsvc set tcp proto tcp any any comment "tcp协议的所有服务"
defsvc set udp proto udp any any comment "udp协议的所有服务"
defsvc set gre proto 47 comment "封装协议"
defsvc set esp proto 50 comment "VPN加密认证协议"
defsvc set ah proto 51 comment "加密协议"
defsvc set vrrp proto 112 comment "HA负载均衡协议"
defsvc set ssh proto tcp any 22 comment "远程加密登录"
defsvc set telnet proto tcp any 23 comment "远程登录协议"
defsvc set smtp proto tcp any 25 comment "邮件发送服务"
defsvc set http proto tcp any 80 comment "www服务"
defsvc set pop3 proto tcp any 110 comment "邮件接收服务"
defsvc set ntp proto tcp any 123 comment "时间服务器服务"
defsvc set netbios proto tcp any 137 proto tcp any 139 proto udp any 137 proto udp any 138 comment "windows文件共享"
defsvc set dhcp proto udp any 67:68 proto tcp any 67:68 comment "dhcp & bootp"
defsvc set https proto tcp any 443 comment "https服务"
defsvc set pptp_server proto tcp any 1723 proto 47 comment "点到点隧道协议(用于防火墙作为PPTP服务器)"
defsvc set dns proto tcp any 53 proto udp any 53 comment "域名解析服务"
defsvc set snmp proto udp any 161 comment "简单网络管理协议"
defsvc set snmptrap proto udp any 162 comment "snmp trap发送服务"
defsvc set syslog proto udp any 514 comment "日志传输协议"
defsvc set oicqc proto udp any 4000 comment "QQ客户端打开端口"
defsvc set oicqs proto udp any 8000 comment "QQ服务器打开端口"
defsvc set secgate_auth proto tcp any 9998 proto udp any 9998 comment "SecGate安全网关用户认证"
defsvc set secgate_global proto tcp any 161 proto udp any 161 comment "SecGate安全网关集中管理"
defsvc set secgate_https proto tcp any 8889 proto tcp any 8888 comment "SecGate安全网关WEB管理"
defsvc set secgate_ha_conf proto tcp any 9223 proto udp any 9455 comment "SecGate安全网关HA功能配置同步服务"
defsvc set virus_blaster proto tcp any 135:139 proto udp any 135:139 proto tcp any 4444 proto udp any 69 comment "冲击波影响端口"
defsvc set virus_sasser proto tcp any 445 proto tcp any 1025 proto tcp any 1068 proto tcp any 5554 proto tcp any 9995:9996 proto udp any 9995:9996 comment "震荡波影响端口"
defsvc set virus_sqlworm proto udp any 1434 comment "SQL蠕虫影响端口"
defsvc set pcanywhere proto tcp any 5631:5632 proto udp any 5631:5632 comment "pcanywhere"
defsvc set lotusnote proto tcp any 1352 proto udp any 1352 comment "lotus notes"
defsvc set ike proto udp any 500 proto udp any 4500 comment "Internet锲而不舍近义词密钥交换协议"
defsvc set l2tp proto udp any 1701 comment "第二层隧道协议"
defsvc set thunder proto tcp any 3075:3079 proto tcp 3075:3079 any comment "迅雷端口"

defproxy set http port 80 java permit javascript permit activex permit
defproxy set ftp port 21 get permit put permit multi permit
defproxy set telnet port 23
defproxy set smtp port 25 domain proxyserver server trueserver maildomain proxyserver mailserver 1.1.1.1 maxlength 5120 maxreceiver 5 sendinterval 10 sendamount 100
defproxy set pop3 port 110 maxlength 5120
ips atkresp onlog
ips backdoor onlog
ips info onlog
ips multimedia onlog
ips p2p onlog
ips porn onlog
ips scan onlog
ips virus onlog
ips webcf onlog
ips webcgi onlog
ips webclient onlog
ips webfp onlog
ips webiis onlog
ips webmisc onlog
ips webphp onlog
limitp2p set apple deny
limitp2p set ares deny
limitp2p set bt deny
limitp2p set dc deny
limitp2p set edonkey deny
limitp2p set gnu deny
limitp2p set kazaa deny
limitp2p set msn deny
limitp2p set qq deny
limitp2p set skype deny
limitp2p set soul deny
limitp2p set winmx deny

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。