· 6 years ago · Jun 10, 2019, 11:04 AM
1一号车市天地祥云网络设备自动备份查看
2
3http://114.118.8.235:8080/
4http://114.118.8.235/
5spawn ssh admin@10.251.4.254
6admin@10.251.4.254's password:
7
8
9BJ-TDXY-YZ-4C>enable
10
11Password:*********
12
13BJ-TDXY-YZ-4C#show run
14
15Building configuration...
16Current configuration: 8702 bytes
17
18version S5700H_RGOS 11.4(1)B2P4
19hostname BJ-TDXY-YZ-4C
20!
21mls qos scheduler sp
22!
23username admin password 123@com..
24!
25cwmp
26!
27service dhcp
28!
29install switch 1 S5750C-48GT4XS-H
30install switch 2 S5750C-48GT4XS-H
31install 1/0 S5750C-48GT4XS-H
32install 2/0 S5750C-48GT4XS-H
33!
34sysmac 0074.9c92.410f
35!
36mmu buffer-mode normal
37!
38nfpp
39!
40no service password-encryption
41!
42 --More-- redundancy
43!
44ip ssh version 2
45!
46enable secret 5 $1$jkhA$Bx3tDwwFByACy8xy
47enable service ssh-server
48!
49vlan 60
50 name develop
51!
52vlan range 1,10,20,30,40,50,666,2540
53!
54interface GigabitEthernet 1/0/1
55 description To 10.251.2.11
56 switchport access vlan 20
57!
58interface GigabitEthernet 1/0/2
59 description To 10.251.2.12
60 switchport access vlan 20
61!
62interface GigabitEthernet 1/0/3
63 description To 10.251.4.11
64 switchport access vlan 40
65!
66 --More-- interface GigabitEthernet 1/0/4
67 description To 10.251.2.14
68 switchport access vlan 20
69!
70interface GigabitEthernet 1/0/5
71 description To 10.251.5.11
72 switchport access vlan 50
73!
74interface GigabitEthernet 1/0/6
75 description To 10.251.3.11
76 switchport access vlan 30
77!
78interface GigabitEthernet 1/0/7
79 description To 10.251.3.13
80 switchport access vlan 30
81!
82interface GigabitEthernet 1/0/8
83 description To 10.251.5.13
84 switchport access vlan 50
85!
86interface GigabitEthernet 1/0/9
87 switchport access vlan 20
88!
89interface GigabitEthernet 1/0/10
90 --More-- description To 10.251.2.15
91 switchport access vlan 20
92!
93interface GigabitEthernet 1/0/11
94 description To 10.251.5.12
95 switchport access vlan 50
96!
97interface GigabitEthernet 1/0/12
98 description To 10.251.3.12
99 switchport access vlan 30
100!
101interface GigabitEthernet 1/0/13
102 description To 10.251.5.14
103 switchport access vlan 50
104!
105interface GigabitEthernet 1/0/14
106 description To 10.251.5.15
107 switchport access vlan 50
108!
109interface GigabitEthernet 1/0/15
110 description To 10.251.4.26
111 switchport access vlan 40
112!
113interface GigabitEthernet 1/0/16
114 --More-- description To 10.251.4.12
115 switchport access vlan 40
116!
117interface GigabitEthernet 1/0/17
118 description To 10.251.6.100
119 switchport access vlan 60
120!
121interface GigabitEthernet 1/0/18
122 description To 10.251.6.101
123 switchport access vlan 60
124!
125interface GigabitEthernet 1/0/19
126 description To 10.251.6.102
127 switchport access vlan 60
128!
129interface GigabitEthernet 1/0/20
130 switchport access vlan 20
131!
132interface GigabitEthernet 1/0/21
133 switchport access vlan 20
134!
135interface GigabitEthernet 1/0/22
136 switchport access vlan 20
137!
138 --More-- interface GigabitEthernet 1/0/23
139 switchport access vlan 20
140!
141interface GigabitEthernet 1/0/24
142 switchport access vlan 20
143!
144interface GigabitEthernet 1/0/25
145 switchport access vlan 20
146!
147interface GigabitEthernet 1/0/26
148 switchport access vlan 20
149!
150interface GigabitEthernet 1/0/27
151 switchport access vlan 20
152!
153interface GigabitEthernet 1/0/28
154 switchport access vlan 20
155!
156interface GigabitEthernet 1/0/29
157 switchport access vlan 20
158!
159interface GigabitEthernet 1/0/30
160 switchport access vlan 20
161!
162 --More-- interface GigabitEthernet 1/0/31
163 switchport access vlan 20
164!
165interface GigabitEthernet 1/0/32
166 switchport access vlan 20
167!
168interface GigabitEthernet 1/0/33
169 description To caiwufirewall
170 switchport access vlan 10
171!
172interface GigabitEthernet 1/0/34
173!
174interface GigabitEthernet 1/0/35
175!
176interface GigabitEthernet 1/0/36
177!
178interface GigabitEthernet 1/0/37
179!
180interface GigabitEthernet 1/0/38
181!
182interface GigabitEthernet 1/0/39
183!
184interface GigabitEthernet 1/0/40
185!
186 --More-- interface GigabitEthernet 1/0/41
187!
188interface GigabitEthernet 1/0/42
189!
190interface GigabitEthernet 1/0/43
191!
192interface GigabitEthernet 1/0/44
193!
194interface GigabitEthernet 1/0/45
195!
196interface GigabitEthernet 1/0/46
197 switchport access vlan 2540
198!
199interface GigabitEthernet 1/0/47
200 switchport access vlan 666
201!
202interface GigabitEthernet 1/0/48
203 switchport access vlan 666
204!
205interface GigabitEthernet 2/0/1
206 switchport access vlan 20
207!
208interface GigabitEthernet 2/0/2
209 switchport access vlan 20
210 --More-- !
211interface GigabitEthernet 2/0/3
212 switchport access vlan 40
213!
214interface GigabitEthernet 2/0/4
215 switchport access vlan 20
216!
217interface GigabitEthernet 2/0/5
218 switchport access vlan 50
219!
220interface GigabitEthernet 2/0/6
221 switchport access vlan 30
222!
223interface GigabitEthernet 2/0/7
224 switchport access vlan 30
225!
226interface GigabitEthernet 2/0/8
227 switchport access vlan 50
228!
229interface GigabitEthernet 2/0/9
230 description To 10.251.2.13
231 switchport access vlan 20
232!
233interface GigabitEthernet 2/0/10
234 --More-- switchport access vlan 20
235!
236interface GigabitEthernet 2/0/11
237 switchport access vlan 50
238!
239interface GigabitEthernet 2/0/12
240 switchport access vlan 30
241!
242interface GigabitEthernet 2/0/13
243 shutdown
244 switchport access vlan 50
245!
246interface GigabitEthernet 2/0/14
247 switchport access vlan 50
248!
249interface GigabitEthernet 2/0/15
250 switchport access vlan 40
251!
252interface GigabitEthernet 2/0/16
253 switchport access vlan 40
254!
255interface GigabitEthernet 2/0/17
256 description To 10.251.6.100
257 switchport access vlan 60
258 --More-- !
259interface GigabitEthernet 2/0/18
260 description To 10.251.6.101
261 switchport access vlan 60
262!
263interface GigabitEthernet 2/0/19
264 description To 10.251.6.102
265 switchport access vlan 60
266!
267interface GigabitEthernet 2/0/20
268 switchport access vlan 20
269!
270interface GigabitEthernet 2/0/21
271 switchport access vlan 20
272!
273interface GigabitEthernet 2/0/22
274 switchport access vlan 20
275!
276interface GigabitEthernet 2/0/23
277 switchport access vlan 20
278!
279interface GigabitEthernet 2/0/24
280 switchport access vlan 20
281!
282 --More-- interface GigabitEthernet 2/0/25
283 switchport access vlan 20
284!
285interface GigabitEthernet 2/0/26
286 switchport access vlan 20
287!
288interface GigabitEthernet 2/0/27
289 switchport access vlan 20
290!
291interface GigabitEthernet 2/0/28
292 switchport access vlan 20
293!
294interface GigabitEthernet 2/0/29
295 switchport access vlan 20
296!
297interface GigabitEthernet 2/0/30
298 switchport access vlan 20
299!
300interface GigabitEthernet 2/0/31
301 switchport access vlan 20
302!
303interface GigabitEthernet 2/0/32
304 switchport access vlan 20
305!
306 --More-- interface GigabitEthernet 2/0/33
307 description To caiwufirewall
308 shutdown
309 switchport access vlan 10
310!
311interface GigabitEthernet 2/0/34
312!
313interface GigabitEthernet 2/0/35
314!
315interface GigabitEthernet 2/0/36
316!
317interface GigabitEthernet 2/0/37
318!
319interface GigabitEthernet 2/0/38
320!
321interface GigabitEthernet 2/0/39
322!
323interface GigabitEthernet 2/0/40
324!
325interface GigabitEthernet 2/0/41
326!
327interface GigabitEthernet 2/0/42
328!
329interface GigabitEthernet 2/0/43
330 --More-- !
331interface GigabitEthernet 2/0/44
332!
333interface GigabitEthernet 2/0/45
334!
335interface GigabitEthernet 2/0/46
336!
337interface GigabitEthernet 2/0/47
338!
339interface GigabitEthernet 2/0/48
340 switchport access vlan 666
341!
342interface TenGigabitEthernet 1/0/49
343!
344interface TenGigabitEthernet 1/0/50
345!
346interface TenGigabitEthernet 1/0/51
347!
348interface TenGigabitEthernet 1/0/52
349!
350interface TenGigabitEthernet 2/0/49
351!
352interface TenGigabitEthernet 2/0/50
353!
354 --More-- interface TenGigabitEthernet 2/0/51
355!
356interface TenGigabitEthernet 2/0/52
357!
358interface VLAN 10
359 description To CaiWu
360 ip address 10.251.1.254 255.255.255.0
361!
362interface VLAN 20
363 description To Yhcs-webserver
364 ip address 10.251.2.254 255.255.255.0
365 ip helper-address 10.251.4.101
366!
367interface VLAN 30
368 description To Database
369 ip address 10.251.3.254 255.255.255.0
370 ip helper-address 10.251.4.101
371!
372interface VLAN 40
373 description To Yunwei
374 ip address 10.251.4.254 255.255.255.0
375!
376interface VLAN 50
377 description To JinRong-webserver
378 --More-- ip address 10.251.5.254 255.255.255.0
379 ip helper-address 10.251.4.101
380!
381interface VLAN 60
382 description To develop
383 ip address 10.251.6.254 255.255.255.0
384!
385interface VLAN 666
386 description To Firewall
387 ip address 10.251.253.251 255.255.255.0
388!
389interface VLAN 2540
390 description server-ipmi
391 ip address 10.251.255.254 255.255.254.0
392!
393interface Mgmt 1/0
394!
395interface Mgmt 2/0
396!
397switch virtual domain 1
398!
399ip route 0.0.0.0 0.0.0.0 10.251.253.254
400ip route 10.9.2.0 255.255.255.0 10.251.4.106
401ip route 10.10.0.0 255.255.255.0 10.251.4.106
402 --More-- ip route 10.11.0.0 255.255.255.0 10.251.4.106
403ip route 10.12.0.11 255.255.255.255 10.251.4.106
404ip route 10.27.6.0 255.255.255.0 10.251.4.106
405ip route 10.240.0.0 255.255.0.0 10.251.4.106
406ip route 192.168.0.0 255.255.0.0 10.251.4.106 description bj-office
407ip route 192.168.1.12 255.255.255.255 10.251.6.104
408ip route 192.168.1.150 255.255.255.255 10.251.6.105
409!
410snmp-server host 10.251.4.102 traps version 2c yhcsidc
411snmp-server community yhcsidc ro
412!
413line console 0
414line vty 0 4
415 transport input ssh
416 session-timeout 1
417 login local
418 password admin
419!
420end
421BJ-TDXY-YZ-4C#
422
423spawn ssh hillstone@10.251.1.1
424hillstone@10.251.1.1's password:
425SG-6000# show configuration startup
426
427Startup configuration:
428# Generated by autosave at 2018-06-12 11:34:44
429# Size is 16200 bytes
430# Software Version 5.5 SG6000-M-3-5.5R2P6.bin 2017/03/30 16:29:41
431
432!
433Version 5.5R2
434
435ip vrouter "trust-vr"
436exit
437vswitch "vswitch1"
438exit
439zone "trust"
440exit
441zone "untrust"
442exit
443zone "dmz"
444exit
445zone "l2-trust" l2
446exit
447zone "l2-untrust" l2
448exit
449zone "l2-dmz" l2
450exit
451zone "VPNHub"
452 --More-- � exit
453zone "HA"
454exit
455interface vswitchif1
456exit
457interface ethernet0/0
458exit
459interface ethernet0/1
460exit
461interface ethernet0/2
462exit
463interface ethernet0/3
464exit
465interface ethernet0/4
466exit
467interface ethernet0/5
468exit
469interface ethernet0/6
470exit
471interface ethernet0/7
472exit
473interface ethernet0/8
474exit
475interface aggregate1
476 --More-- � exit
477interface tunnel1
478exit
479address "private_network"
480exit
481address "monitor_address"
482exit
483aaa-server "local" type local
484exit
485scvpn-update-url localhost
486ips sigset "dns" template dns
487 max-scan-bytes 30720
488 attack-level critical action reset
489 attack-level info action reset
490 attack-level warning action reset
491exit
492ips sigset "ftp" template ftp
493 max-scan-bytes 30720
494 attack-level critical action reset
495 attack-level info action reset
496 attack-level warning action reset
497exit
498ips sigset "http" template http
499 max-scan-bytes 30720
500 --More-- � attack-level critical action reset
501 attack-level info action reset
502 attack-level warning action reset
503 web-server "default"
504 exit
505exit
506ips sigset "pop3" template pop3
507 max-scan-bytes 30720
508 attack-level critical action reset
509 attack-level info action reset
510 attack-level warning action reset
511exit
512ips sigset "smtp" template smtp
513 max-scan-bytes 30720
514 attack-level critical action reset
515 attack-level info action reset
516 attack-level warning action reset
517exit
518ips sigset "telnet" template telnet
519 max-scan-bytes 30720
520 attack-level critical action reset
521 attack-level info action reset
522 attack-level warning action reset
523exit
524 --More-- � ips sigset "other-tcp" template other-tcp
525 max-scan-bytes 30720
526 attack-level critical action reset
527 attack-level info action reset
528 attack-level warning action reset
529exit
530ips sigset "other-udp" template other-udp
531 max-scan-bytes 30720
532 attack-level critical action reset
533 attack-level info action reset
534 attack-level warning action reset
535exit
536ips sigset "imap" template imap
537 max-scan-bytes 30720
538 attack-level critical action reset
539 attack-level info action reset
540 attack-level warning action reset
541exit
542ips sigset "finger" template finger
543 max-scan-bytes 30720
544 attack-level critical action reset
545 attack-level info action reset
546 attack-level warning action reset
547exit
548 --More-- � ips sigset "sunrpc" template sunrpc
549 max-scan-bytes 30720
550 attack-level critical action reset
551 attack-level info action reset
552 attack-level warning action reset
553exit
554ips sigset "nntp" template nntp
555 max-scan-bytes 30720
556 attack-level critical action reset
557 attack-level info action reset
558 attack-level warning action reset
559exit
560ips sigset "tftp" template tftp
561 max-scan-bytes 30720
562 attack-level critical action reset
563 attack-level info action reset
564 attack-level warning action reset
565exit
566ips sigset "snmp" template snmp
567 max-scan-bytes 30720
568 attack-level critical action reset
569 attack-level info action reset
570 attack-level warning action reset
571exit
572 --More-- � ips sigset "mysql" template mysql
573 max-scan-bytes 30720
574 attack-level critical action reset
575 attack-level info action reset
576 attack-level warning action reset
577exit
578ips sigset "mssql" template mssql
579 max-scan-bytes 30720
580 attack-level critical action reset
581 attack-level info action reset
582 attack-level warning action reset
583exit
584ips sigset "oracle" template oracle
585 max-scan-bytes 30720
586 attack-level critical action reset
587 attack-level info action reset
588 attack-level warning action reset
589exit
590ips sigset "msrpc" template msrpc
591 max-scan-bytes 30720
592 attack-level critical action reset
593 attack-level info action reset
594 attack-level warning action reset
595exit
596 --More-- � ips sigset "netbios" template netbios
597 max-scan-bytes 30720
598 attack-level critical action reset
599 attack-level info action reset
600 attack-level warning action reset
601exit
602ips sigset "dhcp" template dhcp
603 max-scan-bytes 30720
604 attack-level critical action reset
605 attack-level info action reset
606 attack-level warning action reset
607exit
608ips sigset "ldap" template ldap
609 max-scan-bytes 30720
610 attack-level critical action reset
611 attack-level info action reset
612 attack-level warning action reset
613exit
614ips sigset "voip" template voip
615 max-scan-bytes 30720
616 attack-level critical action reset
617 attack-level info action reset
618 attack-level warning action reset
619exit
620 --More-- � ips sigset "default_dns" template dns
621 max-scan-bytes 30720
622 attack-level critical action reset
623 attack-level info action reset
624 attack-level warning action reset
625exit
626ips sigset "default_ftp" template ftp
627 max-scan-bytes 30720
628 attack-level critical action reset
629 attack-level info action reset
630 attack-level warning action reset
631exit
632ips sigset "default_http" template http
633 max-scan-bytes 30720
634 attack-level critical action reset
635 attack-level info action reset
636 attack-level warning action reset
637 web-server "default"
638 exit
639exit
640ips sigset "default_pop3" template pop3
641 max-scan-bytes 30720
642 attack-level critical action reset
643 attack-level info action reset
644 --More-- � attack-level warning action reset
645exit
646ips sigset "default_smtp" template smtp
647 max-scan-bytes 30720
648 attack-level critical action reset
649 attack-level info action reset
650 attack-level warning action reset
651exit
652ips sigset "default_telnet" template telnet
653 max-scan-bytes 30720
654 attack-level critical action reset
655 attack-level info action reset
656 attack-level warning action reset
657exit
658ips sigset "default_other-tcp" template other-tcp
659 max-scan-bytes 30720
660 attack-level critical action reset
661 attack-level info action reset
662 attack-level warning action reset
663exit
664ips sigset "default_other-udp" template other-udp
665 max-scan-bytes 30720
666 attack-level critical action reset
667 attack-level info action reset
668 --More-- � attack-level warning action reset
669exit
670ips sigset "default_imap" template imap
671 max-scan-bytes 30720
672 attack-level critical action reset
673 attack-level info action reset
674 attack-level warning action reset
675exit
676ips sigset "default_finger" template finger
677 max-scan-bytes 30720
678 attack-level critical action reset
679 attack-level info action reset
680 attack-level warning action reset
681exit
682ips sigset "default_sunrpc" template sunrpc
683 max-scan-bytes 30720
684 attack-level critical action reset
685 attack-level info action reset
686 attack-level warning action reset
687exit
688ips sigset "default_nntp" template nntp
689 max-scan-bytes 30720
690 attack-level critical action reset
691 attack-level info action reset
692 --More-- � attack-level warning action reset
693exit
694ips sigset "default_tftp" template tftp
695 max-scan-bytes 30720
696 attack-level critical action reset
697 attack-level info action reset
698 attack-level warning action reset
699exit
700ips sigset "default_snmp" template snmp
701 max-scan-bytes 30720
702 attack-level critical action reset
703 attack-level info action reset
704 attack-level warning action reset
705exit
706ips sigset "default_mysql" template mysql
707 max-scan-bytes 30720
708 attack-level critical action reset
709 attack-level info action reset
710 attack-level warning action reset
711exit
712ips sigset "default_mssql" template mssql
713 max-scan-bytes 30720
714 attack-level critical action reset
715 attack-level info action reset
716 --More-- � attack-level warning action reset
717exit
718ips sigset "default_oracle" template oracle
719 max-scan-bytes 30720
720 attack-level critical action reset
721 attack-level info action reset
722 attack-level warning action reset
723exit
724ips sigset "default_msrpc" template msrpc
725 max-scan-bytes 30720
726 attack-level critical action reset
727 attack-level info action reset
728 attack-level warning action reset
729exit
730ips sigset "default_netbios" template netbios
731 max-scan-bytes 30720
732 attack-level critical action reset
733 attack-level info action reset
734 attack-level warning action reset
735exit
736ips sigset "default_dhcp" template dhcp
737 max-scan-bytes 30720
738 attack-level critical action reset
739 attack-level info action reset
740 --More-- � attack-level warning action reset
741exit
742ips sigset "default_ldap" template ldap
743 max-scan-bytes 30720
744 attack-level critical action reset
745 attack-level info action reset
746 attack-level warning action reset
747exit
748ips sigset "default_voip" template voip
749 max-scan-bytes 30720
750 attack-level critical action reset
751 attack-level info action reset
752 attack-level warning action reset
753exit
754ips profile "no-ips"
755exit
756ips profile "predef_default"
757 sigset "default_dns"
758 sigset "default_ftp"
759 sigset "default_http"
760 sigset "default_pop3"
761 sigset "default_smtp"
762 sigset "default_telnet"
763 sigset "default_other-tcp"
764 --More-- � sigset "default_other-udp"
765 sigset "default_imap"
766 sigset "default_finger"
767 sigset "default_sunrpc"
768 sigset "default_nntp"
769 sigset "default_tftp"
770 sigset "default_snmp"
771 sigset "default_mysql"
772 sigset "default_mssql"
773 sigset "default_oracle"
774 sigset "default_msrpc"
775 sigset "default_netbios"
776 sigset "default_dhcp"
777 sigset "default_ldap"
778 sigset "default_voip"
779exit
780contentfilter
781 url-category "custom1"
782 url-category "custom2"
783 url-category "custom3"
784exit
785aaa-server "local" type local
786 user "caiwu"
787 password "+q7O/pbq8CQDA013URaIfzJ7I8YY"
788 --More-- � exit
789exit
790admin user "hillstone"
791 password kkWJYMLrANVLtWDz4abafTEgon
792 password-expiration 1528803263
793 role admin
794 access console
795 access ssh
796 access http
797 access https
798exit
799admin user "wangyang"
800 password yQhjn+4dKguI+vSJv2c0fhswYb
801 password-expiration 1528803281
802 role admin
803 access console
804 access ssh
805 access http
806 access https
807exit
808pki trust-domain "trust_domain_default"
809 keypair "Default-Key"
810 enrollment self
811 subject commonName "SG-6000"
812 --More-- � subject organization "Hillstone Networks"
813exit
814pki trust-domain "trust_domain_ssl_proxy"
815 keypair "Default-Key"
816 enrollment self
817 subject commonName "SG-6000"
818 subject organization "Hillstone Networks"
819exit
820pki trust-domain "trust_domain_ssl_proxy_2048"
821 keypair "Default-Key-2048"
822 enrollment self
823 subject commonName "SG-6000"
824 subject organization "Hillstone Networks"
825exit
826pki trust-domain "network_manager_ca"
827 enrollment terminal
828exit
829address "private_network"
830 ip 10.0.0.0/8
831 ip 172.16.0.0/12
832 ip 192.168.0.0/16
833exit
834address "monitor_address"
835 ip 10.0.0.0/8
836 --More-- � ip 172.16.0.0/12
837 ip 192.168.0.0/16
838exit
839zone "untrust"
840 type wan
841 ad tear-drop
842 ad ip-spoofing
843 ad land-attack
844 ad ip-option
845 ad ip-fragment
846 ad ip-directed-broadcast
847 ad winnuke
848 ad port-scan
849 ad syn-flood
850 ad icmp-flood
851 ad ip-sweep
852 ad ping-of-death
853 ad udp-flood
854exit
855zone "l2-untrust" l2
856 type wan
857exit
858hostname "SG-6000"
859snmp-server location "10-251-4-102"
860 --More-- � snmp-server contact "wangyang"
861admin host any any
862isakmp proposal "psk-md5-des-g2"
863 hash md5
864 encryption des
865exit
866
867isakmp proposal "psk-md5-3des-g2"
868 hash md5
869exit
870
871isakmp proposal "psk-md5-aes128-g2"
872 hash md5
873 encryption aes
874exit
875
876isakmp proposal "psk-md5-aes256-g2"
877 hash md5
878 encryption aes-256
879exit
880
881isakmp proposal "psk-sha-des-g2"
882 encryption des
883exit
884 --More-- �
885isakmp proposal "psk-sha-3des-g2"
886exit
887
888isakmp proposal "psk-sha-aes128-g2"
889 encryption aes
890exit
891
892isakmp proposal "psk-sha-aes256-g2"
893 encryption aes-256
894exit
895
896isakmp proposal "rsa-md5-des-g2"
897 authentication rsa-sig
898 hash md5
899 encryption des
900exit
901
902isakmp proposal "rsa-md5-3des-g2"
903 authentication rsa-sig
904 hash md5
905exit
906
907isakmp proposal "rsa-md5-aes128-g2"
908 --More-- � authentication rsa-sig
909 hash md5
910 encryption aes
911exit
912
913isakmp proposal "rsa-md5-aes256-g2"
914 authentication rsa-sig
915 hash md5
916 encryption aes-256
917exit
918
919isakmp proposal "rsa-sha-des-g2"
920 authentication rsa-sig
921 encryption des
922exit
923
924isakmp proposal "rsa-sha-3des-g2"
925 authentication rsa-sig
926exit
927
928isakmp proposal "rsa-sha-aes128-g2"
929 authentication rsa-sig
930 encryption aes
931exit
932 --More-- �
933isakmp proposal "rsa-sha-aes256-g2"
934 authentication rsa-sig
935 encryption aes-256
936exit
937
938isakmp proposal "dsa-sha-des-g2"
939 authentication dsa-sig
940 encryption des
941exit
942
943isakmp proposal "dsa-sha-3des-g2"
944 authentication dsa-sig
945exit
946
947isakmp proposal "dsa-sha-aes128-g2"
948 authentication dsa-sig
949 encryption aes
950exit
951
952isakmp proposal "dsa-sha-aes256-g2"
953 authentication dsa-sig
954 encryption aes-256
955exit
956 --More-- �
957ipsec proposal "esp-md5-des-g2"
958 hash md5
959 encryption des
960 group 2
961exit
962
963ipsec proposal "esp-md5-des-g0"
964 hash md5
965 encryption des
966exit
967
968ipsec proposal "esp-md5-3des-g2"
969 hash md5
970 encryption 3des
971 group 2
972exit
973
974ipsec proposal "esp-md5-3des-g0"
975 hash md5
976 encryption 3des
977exit
978
979ipsec proposal "esp-md5-aes128-g2"
980 --More-- � hash md5
981 encryption aes
982 group 2
983exit
984
985ipsec proposal "esp-md5-aes128-g0"
986 hash md5
987 encryption aes
988exit
989
990ipsec proposal "esp-md5-aes256-g2"
991 hash md5
992 encryption aes-256
993 group 2
994exit
995
996ipsec proposal "esp-md5-aes256-g0"
997 hash md5
998 encryption aes-256
999exit
1000
1001ipsec proposal "esp-sha-des-g2"
1002 hash sha
1003 encryption des
1004 --More-- � group 2
1005exit
1006
1007ipsec proposal "esp-sha-des-g0"
1008 hash sha
1009 encryption des
1010exit
1011
1012ipsec proposal "esp-sha-3des-g2"
1013 hash sha
1014 encryption 3des
1015 group 2
1016exit
1017
1018ipsec proposal "esp-sha-3des-g0"
1019 hash sha
1020 encryption 3des
1021exit
1022
1023ipsec proposal "esp-sha-aes128-g2"
1024 hash sha
1025 encryption aes
1026 group 2
1027exit
1028 --More-- �
1029ipsec proposal "esp-sha-aes128-g0"
1030 hash sha
1031 encryption aes
1032exit
1033
1034ipsec proposal "esp-sha-aes256-g2"
1035 hash sha
1036 encryption aes-256
1037 group 2
1038exit
1039
1040ipsec proposal "esp-sha-aes256-g0"
1041 hash sha
1042 encryption aes-256
1043exit
1044
1045scvpn pool "scvpn"
1046 address 10.251.252.1 10.251.252.250 netmask 255.255.255.0
1047 dns 114.114.114.114
1048exit
1049scvpn pool "caiwu"
1050 address 192.17.1.2 192.17.1.100 netmask 255.255.255.0
1051exit
1052 --More-- � tunnel scvpn "caiwu"
1053 https-port 4430
1054 pool "scvpn"
1055 anti-replay 32
1056 host-cache-clear disable
1057 split-tunnel-route 10.251.1.0/24 metric 1
1058 split-tunnel-route 10.251.252.0/24 metric 35
1059 aaa-server "local"
1060 interface vswitchif1
1061exit
1062scvpn-udp-port 4430
1063interface vswitchif1
1064 zone "trust"
1065 ip address 10.251.1.1 255.255.255.0
1066 manage https
1067 manage ping
1068 manage ssh
1069 manage http
1070 no reverse-route
1071exit
1072interface ethernet0/0
1073 zone "trust"
1074 ip address 192.168.1.1 255.255.255.0
1075 manage ssh
1076 --More-- � manage ping
1077 manage snmp
1078 manage https
1079exit
1080interface ethernet0/1
1081 aggregate aggregate1
1082exit
1083interface ethernet0/2
1084 aggregate aggregate1
1085exit
1086interface ethernet0/3
1087 zone "l2-trust"
1088exit
1089interface ethernet0/4
1090 zone "l2-trust"
1091exit
1092interface aggregate1
1093 zone "l2-untrust"
1094exit
1095interface tunnel1
1096 zone "trust"
1097 ip address 10.251.252.254 255.255.255.0
1098 manage ssh
1099 manage ping
1100 --More-- � manage https
1101 tunnel scvpn "caiwu"
1102 no reverse-route
1103exit
1104ip vrouter "trust-vr"
1105 snatrule id 1 from "Any" to "Any" service "Any" eif vswitchif1 trans-to eif-ip mode dynamicport
1106 ip route 0.0.0.0/0 10.251.1.254
1107exit
1108qos-engine first
1109 root-pipe "default" id 1
1110 qos-mode "stat"
1111 exit
1112exit
1113qos-engine second
1114 disable
1115 root-pipe "default" id 2
1116 qos-mode "stat"
1117 exit
1118exit
1119ip name-server 114.114.114.114 vrouter trust-vr egress-interface vswitchif1
1120rule id 1
1121 action permit
1122 src-addr "Any"
1123 dst-addr "Any"
1124 --More-- � service "Any"
1125exit
1126l2-nonip-action drop
1127no tcp-mss all
1128tcp-mss tunnel 1380
1129snmp-server manager
1130snmp-server port 161
1131snmp-server engineID "22"
1132snmp-server host 10.251.4.102 version 2c community 05d6GVRg6EkC5D7IAolo7XVF4UYH ro
1133snmp-server trap-host 10.251.4.102 version 2c community 7fw3QXjBKyETJH11542VK3niqeM8 port 162
1134ecmp-route-select by-src-and-dst
1135 url-db-query server1 "url1.hillstonenet.com" port 8866 vrouter trust-vr
1136 url-db-query server1 enable
1137 url-db-query server2 "url2.hillstonenet.com" port 8866 vrouter trust-vr
1138 url-db-query server2 enable
1139strict-tunnel-check
1140statistics-set "predef_if_bw"
1141 target-data bandwidth id 0 record-history
1142 group-by interface directional
1143exit
1144statistics-set "predef_user_bw"
1145 target-data bandwidth id 1 record-history
1146 group-by user directional
1147exit
1148 --More-- � statistics-set "predef_app_bw"
1149 target-data bandwidth id 2 record-history
1150 group-by application
1151exit
1152statistics-set "predef_user_app_bw"
1153 target-data bandwidth id 3
1154 group-by user directional interface zone application
1155exit
1156statistics-set "predef_zone_if_app_bw"
1157 target-data bandwidth id 4
1158 group-by interface zone directional application
1159exit
1160no sms disable
1161lan-addr private_network
1162monitor-address address monitor_address
1163
1164End
1165SG-6000#
1166
1167spawn ssh hillstone@10.251.253.254
1168hillstone@10.251.253.254's password:
1169BJ-YZ-TDXY-FW-B(M)# show configuration startup
1170
1171Startup configuration:
1172# Generated by autosave at 2019-05-15 05:44:15
1173# Size is 28917 bytes
1174# Software Version 5.5 SG6000-M-3-5.5R2P7.1.bin 2017/06/29 10:32:57
1175
1176!
1177Version 5.5R2
1178
1179ip vrouter "trust-vr"
1180exit
1181ha group 0
1182exit
1183vswitch "vswitch1"
1184exit
1185zone "mgt"
1186exit
1187zone "trust"
1188exit
1189zone "untrust"
1190exit
1191zone "dmz"
1192exit
1193zone "l2-trust" l2
1194exit
1195zone "l2-untrust" l2
1196 --More-- � exit
1197zone "l2-dmz" l2
1198exit
1199zone "VPNHub"
1200exit
1201zone "HA"
1202exit
1203interface vswitchif1
1204exit
1205interface MGT0
1206exit
1207interface HA0
1208exit
1209interface ethernet0/0
1210exit
1211interface ethernet0/1
1212exit
1213interface ethernet0/2
1214exit
1215interface ethernet0/3
1216exit
1217interface ethernet0/4
1218exit
1219interface ethernet0/5
1220 --More-- � exit
1221interface ethernet0/6
1222exit
1223interface ethernet0/7
1224exit
1225interface ethernet0/8
1226exit
1227interface ethernet0/9
1228exit
1229interface tunnel1
1230exit
1231address "private_network"
1232exit
1233address "monitor_address"
1234exit
1235address "lan_to_wan"
1236exit
1237address "caiwu"
1238exit
1239address "finace_to_wan"
1240exit
1241address "yhcs-slb"
1242exit
1243address "望京大厦出口联通和电信及金山云出口ip"
1244 --More-- � exit
1245address "idc出口"
1246exit
1247address "blockip"
1248exit
1249aaa-server "local" type local
1250exit
1251track "1"
1252exit
1253service "4430"
1254 tcp dst-port 4430
1255 udp dst-port 4430
1256exit
1257service "10017"
1258 tcp dst-port 10017
1259exit
1260service "web服务器"
1261 description "web服务器专用443和80"
1262 tcp dst-port 80
1263 tcp dst-port 443
1264exit
1265service "ftp2"
1266 tcp dst-port 13621
1267 tcp dst-port 41000 42000
1268 --More-- � tcp dst-port 20
1269exit
1270service "1326"
1271 tcp dst-port 1326
1272exit
1273service "ssh52723"
1274 tcp dst-port 52723
1275exit
1276service "101ssh2222"
1277 description "ssh-101-2222"
1278 tcp dst-port 2222
1279exit
1280service "1984"
1281 tcp dst-port 1984
1282exit
1283service "zabbix_server_10051"
1284 description "zabbix_server_10051"
1285 tcp dst-port 10051
1286exit
1287service "zabbix_agent_10050"
1288 description "zabbixagent"
1289 tcp dst-port 10050
1290exit
1291service "3000"
1292 --More-- � tcp dst-port 3000
1293exit
1294service "svn"
1295 description "金山10.40.1.3的svn服务"
1296 tcp dst-port 3690
1297exit
1298service "5902"
1299 tcp dst-port 5902
1300exit
1301service "5901"
1302 tcp dst-port 5901
1303exit
1304service "5900"
1305 tcp dst-port 5900
1306exit
1307service "5903"
1308 tcp dst-port 5903
1309exit
1310service "xnib-download"
1311 description "信诺下载服务"
1312 tcp dst-port 1026
1313exit
1314ips sigset "dns" template dns
1315 max-scan-bytes 30720
1316 --More-- � attack-level critical action reset
1317 attack-level info action reset
1318 attack-level warning action reset
1319exit
1320ips sigset "ftp" template ftp
1321 max-scan-bytes 30720
1322 attack-level critical action reset
1323 attack-level info action reset
1324 attack-level warning action reset
1325exit
1326ips sigset "http" template http
1327 max-scan-bytes 30720
1328 attack-level critical action reset
1329 attack-level info action reset
1330 attack-level warning action reset
1331 web-server "default"
1332 exit
1333exit
1334ips sigset "pop3" template pop3
1335 max-scan-bytes 30720
1336 attack-level critical action reset
1337 attack-level info action reset
1338 attack-level warning action reset
1339exit
1340 --More-- � ips sigset "smtp" template smtp
1341 max-scan-bytes 30720
1342 attack-level critical action reset
1343 attack-level info action reset
1344 attack-level warning action reset
1345exit
1346ips sigset "telnet" template telnet
1347 max-scan-bytes 30720
1348 attack-level critical action reset
1349 attack-level info action reset
1350 attack-level warning action reset
1351exit
1352ips sigset "other-tcp" template other-tcp
1353 max-scan-bytes 30720
1354 attack-level critical action reset
1355 attack-level info action reset
1356 attack-level warning action reset
1357exit
1358ips sigset "other-udp" template other-udp
1359 max-scan-bytes 30720
1360 attack-level critical action reset
1361 attack-level info action reset
1362 attack-level warning action reset
1363exit
1364 --More-- � ips sigset "imap" template imap
1365 max-scan-bytes 30720
1366 attack-level critical action reset
1367 attack-level info action reset
1368 attack-level warning action reset
1369exit
1370ips sigset "finger" template finger
1371 max-scan-bytes 30720
1372 attack-level critical action reset
1373 attack-level info action reset
1374 attack-level warning action reset
1375exit
1376ips sigset "sunrpc" template sunrpc
1377 max-scan-bytes 30720
1378 attack-level critical action reset
1379 attack-level info action reset
1380 attack-level warning action reset
1381exit
1382ips sigset "nntp" template nntp
1383 max-scan-bytes 30720
1384 attack-level critical action reset
1385 attack-level info action reset
1386 attack-level warning action reset
1387exit
1388 --More-- � ips sigset "tftp" template tftp
1389 max-scan-bytes 30720
1390 attack-level critical action reset
1391 attack-level info action reset
1392 attack-level warning action reset
1393exit
1394ips sigset "snmp" template snmp
1395 max-scan-bytes 30720
1396 attack-level critical action reset
1397 attack-level info action reset
1398 attack-level warning action reset
1399exit
1400ips sigset "mysql" template mysql
1401 max-scan-bytes 30720
1402 attack-level critical action reset
1403 attack-level info action reset
1404 attack-level warning action reset
1405exit
1406ips sigset "mssql" template mssql
1407 max-scan-bytes 30720
1408 attack-level critical action reset
1409 attack-level info action reset
1410 attack-level warning action reset
1411exit
1412 --More-- � ips sigset "oracle" template oracle
1413 max-scan-bytes 30720
1414 attack-level critical action reset
1415 attack-level info action reset
1416 attack-level warning action reset
1417exit
1418ips sigset "msrpc" template msrpc
1419 max-scan-bytes 30720
1420 attack-level critical action reset
1421 attack-level info action reset
1422 attack-level warning action reset
1423exit
1424ips sigset "netbios" template netbios
1425 max-scan-bytes 30720
1426 attack-level critical action reset
1427 attack-level info action reset
1428 attack-level warning action reset
1429exit
1430ips sigset "dhcp" template dhcp
1431 max-scan-bytes 30720
1432 attack-level critical action reset
1433 attack-level info action reset
1434 attack-level warning action reset
1435exit
1436 --More-- � ips sigset "ldap" template ldap
1437 max-scan-bytes 30720
1438 attack-level critical action reset
1439 attack-level info action reset
1440 attack-level warning action reset
1441exit
1442ips sigset "voip" template voip
1443 max-scan-bytes 30720
1444 attack-level critical action reset
1445 attack-level info action reset
1446 attack-level warning action reset
1447exit
1448ips sigset "default_dns" template dns
1449 max-scan-bytes 30720
1450 attack-level critical action reset
1451 attack-level info action reset
1452 attack-level warning action reset
1453exit
1454ips sigset "default_ftp" template ftp
1455 max-scan-bytes 30720
1456 attack-level critical action reset
1457 attack-level info action reset
1458 attack-level warning action reset
1459exit
1460 --More-- � ips sigset "default_http" template http
1461 max-scan-bytes 30720
1462 attack-level critical action reset
1463 attack-level info action reset
1464 attack-level warning action reset
1465 web-server "default"
1466 exit
1467exit
1468ips sigset "default_pop3" template pop3
1469 max-scan-bytes 30720
1470 attack-level critical action reset
1471 attack-level info action reset
1472 attack-level warning action reset
1473exit
1474ips sigset "default_smtp" template smtp
1475 max-scan-bytes 30720
1476 attack-level critical action reset
1477 attack-level info action reset
1478 attack-level warning action reset
1479exit
1480ips sigset "default_telnet" template telnet
1481 max-scan-bytes 30720
1482 attack-level critical action reset
1483 attack-level info action reset
1484 --More-- � attack-level warning action reset
1485exit
1486ips sigset "default_other-tcp" template other-tcp
1487 max-scan-bytes 30720
1488 attack-level critical action reset
1489 attack-level info action reset
1490 attack-level warning action reset
1491exit
1492ips sigset "default_other-udp" template other-udp
1493 max-scan-bytes 30720
1494 attack-level critical action reset
1495 attack-level info action reset
1496 attack-level warning action reset
1497exit
1498ips sigset "default_imap" template imap
1499 max-scan-bytes 30720
1500 attack-level critical action reset
1501 attack-level info action reset
1502 attack-level warning action reset
1503exit
1504ips sigset "default_finger" template finger
1505 max-scan-bytes 30720
1506 attack-level critical action reset
1507 attack-level info action reset
1508 --More-- � attack-level warning action reset
1509exit
1510ips sigset "default_sunrpc" template sunrpc
1511 max-scan-bytes 30720
1512 attack-level critical action reset
1513 attack-level info action reset
1514 attack-level warning action reset
1515exit
1516ips sigset "default_nntp" template nntp
1517 max-scan-bytes 30720
1518 attack-level critical action reset
1519 attack-level info action reset
1520 attack-level warning action reset
1521exit
1522ips sigset "default_tftp" template tftp
1523 max-scan-bytes 30720
1524 attack-level critical action reset
1525 attack-level info action reset
1526 attack-level warning action reset
1527exit
1528ips sigset "default_snmp" template snmp
1529 max-scan-bytes 30720
1530 attack-level critical action reset
1531 attack-level info action reset
1532 --More-- � attack-level warning action reset
1533exit
1534ips sigset "default_mysql" template mysql
1535 max-scan-bytes 30720
1536 attack-level critical action reset
1537 attack-level info action reset
1538 attack-level warning action reset
1539exit
1540ips sigset "default_mssql" template mssql
1541 max-scan-bytes 30720
1542 attack-level critical action reset
1543 attack-level info action reset
1544 attack-level warning action reset
1545exit
1546ips sigset "default_oracle" template oracle
1547 max-scan-bytes 30720
1548 attack-level critical action reset
1549 attack-level info action reset
1550 attack-level warning action reset
1551exit
1552ips sigset "default_msrpc" template msrpc
1553 max-scan-bytes 30720
1554 attack-level critical action reset
1555 attack-level info action reset
1556 --More-- � attack-level warning action reset
1557exit
1558ips sigset "default_netbios" template netbios
1559 max-scan-bytes 30720
1560 attack-level critical action reset
1561 attack-level info action reset
1562 attack-level warning action reset
1563exit
1564ips sigset "default_dhcp" template dhcp
1565 max-scan-bytes 30720
1566 attack-level critical action reset
1567 attack-level info action reset
1568 attack-level warning action reset
1569exit
1570ips sigset "default_ldap" template ldap
1571 max-scan-bytes 30720
1572 attack-level critical action reset
1573 attack-level info action reset
1574 attack-level warning action reset
1575exit
1576ips sigset "default_voip" template voip
1577 max-scan-bytes 30720
1578 attack-level critical action reset
1579 attack-level info action reset
1580 --More-- � attack-level warning action reset
1581exit
1582ips sigset "loose_dns" template dns
1583exit
1584ips sigset "loose_ftp" template ftp
1585exit
1586ips sigset "loose_http" template http
1587 web-server "default"
1588 exit
1589exit
1590ips sigset "loose_pop3" template pop3
1591exit
1592ips sigset "loose_smtp" template smtp
1593exit
1594ips sigset "loose_telnet" template telnet
1595exit
1596ips sigset "loose_other-tcp" template other-tcp
1597exit
1598ips sigset "loose_other-udp" template other-udp
1599exit
1600ips sigset "loose_imap" template imap
1601exit
1602ips sigset "loose_finger" template finger
1603exit
1604 --More-- � ips sigset "loose_sunrpc" template sunrpc
1605exit
1606ips sigset "loose_nntp" template nntp
1607exit
1608ips sigset "loose_tftp" template tftp
1609exit
1610ips sigset "loose_snmp" template snmp
1611exit
1612ips sigset "loose_mysql" template mysql
1613exit
1614ips sigset "loose_mssql" template mssql
1615exit
1616ips sigset "loose_oracle" template oracle
1617exit
1618ips sigset "loose_msrpc" template msrpc
1619exit
1620ips sigset "loose_netbios" template netbios
1621exit
1622ips sigset "loose_dhcp" template dhcp
1623exit
1624ips sigset "loose_ldap" template ldap
1625exit
1626ips sigset "loose_voip" template voip
1627exit
1628 --More-- � ips profile "no-ips"
1629exit
1630ips profile "predef_default"
1631 sigset "default_dns"
1632 sigset "default_ftp"
1633 sigset "default_http"
1634 sigset "default_pop3"
1635 sigset "default_smtp"
1636 sigset "default_telnet"
1637 sigset "default_other-tcp"
1638 sigset "default_other-udp"
1639 sigset "default_imap"
1640 sigset "default_finger"
1641 sigset "default_sunrpc"
1642 sigset "default_nntp"
1643 sigset "default_tftp"
1644 sigset "default_snmp"
1645 sigset "default_mysql"
1646 sigset "default_mssql"
1647 sigset "default_oracle"
1648 sigset "default_msrpc"
1649 sigset "default_netbios"
1650 sigset "default_dhcp"
1651 sigset "default_ldap"
1652 --More-- � sigset "default_voip"
1653exit
1654ips profile "predef_loose"
1655 sigset "loose_dns"
1656 sigset "loose_ftp"
1657 sigset "loose_http"
1658 sigset "loose_pop3"
1659 sigset "loose_smtp"
1660 sigset "loose_telnet"
1661 sigset "loose_other-tcp"
1662 sigset "loose_other-udp"
1663 sigset "loose_imap"
1664 sigset "loose_finger"
1665 sigset "loose_sunrpc"
1666 sigset "loose_nntp"
1667 sigset "loose_tftp"
1668 sigset "loose_snmp"
1669 sigset "loose_mysql"
1670 sigset "loose_mssql"
1671 sigset "loose_oracle"
1672 sigset "loose_msrpc"
1673 sigset "loose_netbios"
1674 sigset "loose_dhcp"
1675 sigset "loose_ldap"
1676 --More-- � sigset "loose_voip"
1677exit
1678contentfilter
1679 url-category "custom1"
1680 url-category "custom2"
1681 url-category "custom3"
1682exit
1683av-profile "no-av"
1684exit
1685av-profile "predef_low"
1686 file-type gzip
1687 file-type html
1688 file-type mail
1689 file-type pe
1690 protocol-type FTP action reset-conn
1691 protocol-type HTTP action reset-conn
1692 protocol-type IMAP4 action log-only
1693 protocol-type POP3 action log-only
1694 protocol-type SMTP action log-only
1695exit
1696av-profile "predef_middle"
1697 file-type gzip
1698 file-type html
1699 file-type mail
1700 --More-- � file-type pe
1701 file-type zip
1702 file-type rar
1703 protocol-type FTP action reset-conn
1704 protocol-type HTTP action reset-conn
1705 protocol-type IMAP4 action log-only
1706 protocol-type POP3 action log-only
1707 protocol-type SMTP action log-only
1708exit
1709av-profile "predef_high"
1710 file-type gzip
1711 file-type html
1712 file-type mail
1713 file-type pe
1714 file-type zip
1715 file-type rar
1716 file-type jpeg
1717 file-type bzip2
1718 file-type riff
1719 file-type tar
1720 protocol-type FTP action reset-conn
1721 protocol-type HTTP action reset-conn
1722 protocol-type IMAP4 action fill-magic
1723 protocol-type POP3 action fill-magic
1724 --More-- � protocol-type SMTP action fill-magic
1725exit
1726track "1"
1727 interface ethernet0/0
1728 interface ethernet0/1
1729exit
1730aaa-server "local" type local
1731 user "wangyang"
1732 password "3hStglH7KVPqAizX2RtLk2Q8mGkT"
1733 exit
1734 user "gaojianwei"
1735 password "9JeKEsk0s8a/CnD+7Rwu5VB+16sO"
1736 phone "13810081921"
1737 desc "高建伟"
1738 exit
1739 user "hanwenkun"
1740 password "WqtwHXT/PWU1Rq9ZrgcCIkG3HvsH"
1741 exit
1742exit
1743admin user "hillstone"
1744 password N4Zuew9z/ecwlOw6dbBpfTuQes
1745 password-expiration 1528802728
1746 role admin
1747 access console
1748 --More-- � access ssh
1749 access https
1750exit
1751admin user "wangyang"
1752 password ENTPfLIuyGD9mjAp6pHKbGWgEM
1753 password-expiration 1548704702
1754 role admin
1755 access console
1756 access ssh
1757 access https
1758 description "王阳"
1759exit
1760logging traffic nat on
1761pki trust-domain "trust_domain_default"
1762 keypair "Default-Key"
1763 enrollment self
1764 subject commonName "SG-6000"
1765 subject organization "Hillstone Networks"
1766exit
1767pki trust-domain "trust_domain_ssl_proxy"
1768 keypair "Default-Key"
1769 enrollment self
1770 subject commonName "SG-6000"
1771 subject organization "Hillstone Networks"
1772 --More-- � exit
1773pki trust-domain "trust_domain_ssl_proxy_2048"
1774 keypair "Default-Key-2048"
1775 enrollment self
1776 subject commonName "SG-6000"
1777 subject organization "Hillstone Networks"
1778exit
1779pki trust-domain "network_manager_ca"
1780 enrollment terminal
1781exit
1782address "private_network"
1783 ip 10.0.0.0/8
1784 ip 172.16.0.0/12
1785 ip 192.168.0.0/16
1786exit
1787address "monitor_address"
1788 ip 10.0.0.0/8
1789 ip 172.16.0.0/12
1790 ip 192.168.0.0/16
1791exit
1792address "lan_to_wan"
1793 ip 10.251.4.0/24
1794 ip 10.251.2.0/24
1795 ip 10.251.3.0/24
1796 --More-- � ip 10.251.5.0/24
1797 ip 10.251.6.0/24
1798exit
1799address "caiwu"
1800 ip 192.168.1.0/24
1801exit
1802address "finace_to_wan"
1803 description "金融项目专用出接口"
1804 ip 10.251.5.0/24
1805exit
1806address "yhcs-slb"
1807 description "一号车市业务slb"
1808 ip 114.118.8.231/32
1809exit
1810address "望京大厦出口联通和电信及金山云出口ip"
1811 description "北京办公\金山\idc出口IP"
1812 ip 120.92.72.203/32
1813 ip 120.92.72.9/32
1814 ip 120.92.72.63/32
1815 ip 10.251.0.0/16
1816 ip 223.223.197.140/32
1817 ip 223.223.197.157/32
1818 ip 114.118.8.235/32
1819 ip 120.92.72.202/32
1820 --More-- � ip 58.49.131.54/32
1821exit
1822address "idc出口"
1823 ip 114.118.8.228/32
1824 ip 10.251.253.254/32
1825 ip 114.118.8.235/32
1826exit
1827address "blockip"
1828 ip 157.61.159.45/32
1829 ip 94.191.73.163/32
1830 ip 223.211.94.126/32
1831 ip 112.96.176.38/32
1832 ip 111.19.38.23/32
1833 ip 117.136.12.127/32
1834 ip 123.122.155.87/32
1835 ip 36.152.65.200/32
1836 ip 36.17.77.206/32
1837 ip 36.23.25.89/32
1838 ip 223.192.193.126/32
1839exit
1840slb-server-pool "prod-nginx"
1841 load-balance-algorithm weighted-round-robin sticky
1842 server ip 10.251.2.106/32 port 80 weight-per-server 1
1843 server ip 10.251.2.105/32 port 80 weight-per-server 1
1844 --More-- � monitor track-tcp port 80 interval 2 threshold 3 weight 255
1845exit
1846slb-server-pool "prod-nginx-443"
1847 load-balance-algorithm weighted-round-robin
1848 server ip 10.251.2.106/32 port 443 weight-per-server 1
1849 server ip 10.251.2.105/32 port 443 weight-per-server 1
1850 monitor track-tcp port 443 interval 2 threshold 3 weight 255
1851exit
1852slb-server-pool "hcaf-nginx"
1853 load-balance-algorithm weighted-round-robin
1854 description 欢聚好车443
1855 server ip 10.251.5.114/32 port 443 weight-per-server 1
1856 server ip 10.251.5.113/32 port 443 weight-per-server 1
1857 monitor track-tcp port 443 interval 2 threshold 3 weight 255
1858exit
1859slb-server-pool "hcaf-nginx-80"
1860 description 欢聚好车80
1861 server ip 10.251.5.114/32 port 80 weight-per-server 1
1862 server ip 10.251.5.113/32 port 80 weight-per-server 1
1863 monitor track-tcp port 80 interval 2 threshold 3 weight 255
1864exit
1865slb-server-pool "af-nginx"
1866 load-balance-algorithm weighted-round-robin
1867 description 金融443
1868 --More-- � server ip 10.251.5.104/32 port 443 weight-per-server 255
1869 server ip 10.251.5.105/32 port 443 weight-per-server 1
1870 monitor track-tcp port 443 interval 2 threshold 3 weight 255
1871exit
1872slb-server-pool "af-nginx-80"
1873 load-balance-algorithm weighted-round-robin
1874 description 金融80
1875 server ip 10.251.5.105/32 port 80 weight-per-server 1
1876 server ip 10.251.5.104/32 port 80 weight-per-server 1
1877 monitor track-tcp port 80 interval 2 threshold 3 weight 255
1878exit
1879slb-server-pool "invo-80"
1880 load-balance-algorithm weighted-round-robin
1881 description 自收购80
1882 server ip 10.251.5.123/32 port 80 weight-per-server 1
1883 server ip 10.251.5.127/32 port 80 weight-per-server 1
1884 monitor track-tcp port 80 interval 2 threshold 3 weight 255
1885exit
1886slb-server-pool "invo-443"
1887 load-balance-algorithm weighted-round-robin
1888 description 自收购443
1889 server ip 10.251.5.123/32 port 443 weight-per-server 1
1890 server ip 10.251.5.127/32 port 443 weight-per-server 1
1891 monitor track-tcp port 443 interval 2 threshold 3 weight 255
1892 --More-- � exit
1893slb-server-pool "xnib-nginx-80"
1894 description 信诺80
1895 server ip 10.251.5.135/32 port 80 weight-per-server 1
1896 server ip 10.251.5.136/32 port 80 weight-per-server 1
1897 monitor track-tcp port 80 interval 2 threshold 3 weight 255
1898exit
1899slb-server-pool "xinnuo-downlaod"
1900 load-balance-algorithm weighted-round-robin
1901 description 信诺download
1902 server ip 10.251.4.12/32 port 80 weight-per-server 1
1903 server ip 10.251.4.11/32 port 80 weight-per-server 1
1904 monitor track-tcp port 80 interval 2 threshold 3 weight 255
1905exit
1906zone "trust"
1907 ad tear-drop
1908 ad ip-spoofing
1909 ad land-attack
1910 ad ip-option
1911 ad ip-fragment
1912 ad ip-directed-broadcast
1913 ad winnuke
1914 ad port-scan
1915 ad syn-flood
1916 --More-- � ad syn-flood destination ip-based
1917 ad icmp-flood
1918 ad ip-sweep
1919 ad ping-of-death
1920 ad udp-flood
1921 ad disable
1922exit
1923zone "untrust"
1924 type wan
1925 av enable "no-av"
1926 ips enable "no-ips" ingress
1927 ad tear-drop
1928 ad ip-spoofing
1929 ad land-attack
1930 ad ip-option
1931 ad ip-fragment
1932 ad ip-directed-broadcast
1933 ad winnuke
1934 ad port-scan
1935 ad syn-flood
1936 ad icmp-flood
1937 ad ip-sweep
1938 ad ping-of-death
1939 ad udp-flood
1940 --More-- � exit
1941zone "l2-untrust" l2
1942 type wan
1943exit
1944hostname "BJ-YZ-TDXY-FW-B"
1945admin host any any
1946no https client-auth match
1947cloud server address cloud.hillstonenet.com.cn
1948cloud server username Q8950983
1949cloud server password nNqJ493RA5YAdDq1cgGCIHSw3FED
1950cloud server enable
1951cloud server upload-type traffic
1952cloud server upload-type threat-event
1953cloud server upload-type log-event
1954cloud server upload-type hcsp
1955exit
1956isakmp proposal "psk-sha256-aes128-g2"
1957 hash sha256
1958 encryption aes
1959exit
1960
1961isakmp proposal "psk-sha256-aes256-g2"
1962 hash sha256
1963 encryption aes-256
1964 --More-- � exit
1965
1966isakmp proposal "psk-sha256-3des-g2"
1967 hash sha256
1968exit
1969
1970isakmp proposal "psk-md5-aes128-g2"
1971 hash md5
1972 encryption aes
1973exit
1974
1975isakmp proposal "psk-md5-aes256-g2"
1976 hash md5
1977 encryption aes-256
1978exit
1979
1980isakmp proposal "psk-md5-3des-g2"
1981 hash md5
1982exit
1983
1984isakmp proposal "rsa-sha256-aes128-g2"
1985 authentication rsa-sig
1986 hash sha256
1987 encryption aes
1988 --More-- � exit
1989
1990isakmp proposal "rsa-sha256-aes256-g2"
1991 authentication rsa-sig
1992 hash sha256
1993 encryption aes-256
1994exit
1995
1996isakmp proposal "rsa-sha256-3des-g2"
1997 authentication rsa-sig
1998 hash sha256
1999exit
2000
2001isakmp proposal "rsa-md5-aes128-g2"
2002 authentication rsa-sig
2003 hash md5
2004 encryption aes
2005exit
2006
2007isakmp proposal "rsa-md5-aes256-g2"
2008 authentication rsa-sig
2009 hash md5
2010 encryption aes-256
2011exit
2012 --More-- �
2013isakmp proposal "rsa-md5-3des-g2"
2014 authentication rsa-sig
2015 hash md5
2016exit
2017
2018isakmp proposal "dsa-sha-aes128-g2"
2019 authentication dsa-sig
2020 encryption aes
2021exit
2022
2023isakmp proposal "dsa-sha-aes256-g2"
2024 authentication dsa-sig
2025 encryption aes-256
2026exit
2027
2028isakmp proposal "dsa-sha-3des-g2"
2029 authentication dsa-sig
2030exit
2031
2032isakmp proposal "YHCS"
2033 encryption des
2034exit
2035
2036 --More-- � isakmp peer "望京大厦"
2037 isakmp-proposal "YHCS"
2038 pre-share "5bkDo6ao195pRVPEXPGxb2uLRWcB/I"
2039 peer 118.192.166.146
2040 dpd interval 10 retry 3
2041 generate-route
2042 interface ethernet0/0
2043exit
2044
2045ipsec proposal "esp-sha256-aes128-g2"
2046 hash sha256
2047 encryption aes
2048 group 2
2049exit
2050
2051ipsec proposal "esp-sha256-aes128-g0"
2052 hash sha256
2053 encryption aes
2054exit
2055
2056ipsec proposal "esp-sha256-aes256-g2"
2057 hash sha256
2058 encryption aes-256
2059 group 2
2060 --More-- � exit
2061
2062ipsec proposal "esp-sha256-aes256-g0"
2063 hash sha256
2064 encryption aes-256
2065exit
2066
2067ipsec proposal "esp-sha256-3des-g2"
2068 hash sha256
2069 encryption 3des
2070 group 2
2071exit
2072
2073ipsec proposal "esp-sha256-3des-g0"
2074 hash sha256
2075 encryption 3des
2076exit
2077
2078ipsec proposal "esp-md5-aes128-g2"
2079 hash md5
2080 encryption aes
2081 group 2
2082exit
2083
2084 --More-- � ipsec proposal "esp-md5-aes128-g0"
2085 hash md5
2086 encryption aes
2087exit
2088
2089ipsec proposal "esp-md5-aes256-g2"
2090 hash md5
2091 encryption aes-256
2092 group 2
2093exit
2094
2095ipsec proposal "esp-md5-aes256-g0"
2096 hash md5
2097 encryption aes-256
2098exit
2099
2100ipsec proposal "esp-md5-3des-g2"
2101 hash md5
2102 encryption 3des
2103 group 2
2104exit
2105
2106ipsec proposal "esp-md5-3des-g0"
2107 hash md5
2108 --More-- � encryption 3des
2109exit
2110
2111ipsec proposal "YHCS"
2112 hash sha
2113 encryption des
2114 group 2
2115exit
2116
2117tunnel ipsec "1" auto
2118 isakmp-peer "望京大厦"
2119 ipsec-proposal "YHCS"
2120exit
2121scvpn pool "scvpn"
2122 address 10.251.251.100 10.251.251.200 netmask 255.255.255.0
2123exit
2124tunnel scvpn "YHCS"
2125 pool "scvpn"
2126 anti-replay 32
2127 host-cache-clear disable
2128 split-tunnel-route 10.251.0.0/16 metric 1
2129 aaa-server "local"
2130 interface ethernet0/0
2131exit
2132 --More-- � interface MGT0
2133 zone "mgt"
2134 ip address 192.168.1.1 255.255.255.0
2135 manage ssh
2136 manage ping
2137 manage snmp
2138 manage https
2139exit
2140interface ethernet0/0
2141 zone "untrust"
2142 ip address 114.118.8.228 255.255.255.224
2143 manage ping
2144 manage https
2145 manage ssh
2146 no reverse-route
2147exit
2148interface ethernet0/1
2149 zone "trust"
2150 ip address 10.251.253.254 255.255.255.0
2151 manage ip 10.251.253.253
2152 manage ssh
2153 manage ping
2154 manage https
2155 manage snmp
2156 --More-- � exit
2157interface tunnel1
2158 zone "trust"
2159 ip address 10.251.251.254 255.255.255.0
2160 manage ssh
2161 manage ping
2162 manage https
2163 tunnel scvpn "YHCS"
2164 no reverse-route
2165exit
2166ip vrouter "trust-vr"
2167 snatrule id 1 from "lan_to_wan" to "Any" service "Any" eif ethernet0/0 trans-to 114.118.8.228 mode dynamicport
2168 snatrule id 2 from "caiwu" to "Any" service "Any" trans-to 114.118.8.229 mode dynamicport
2169 dnatrule id 3 from "Any" to "114.118.8.229" service "4430" trans-to "10.251.1.1" description "财务的ssl_vpn"
2170 dnatrule id 2 from "Any" to "114.118.8.230" service "HTTP" trans-to "10.251.2.101" port 80 disable description "顺行官网"
2171 dnatrule id 4 from "Any" to "114.118.8.228" service "10017" trans-to "10.251.4.106" port 10017 description "openvpn"
2172 dnatrule id 1 from "Any" to "114.118.8.231" service "HTTP" trans-to slb-server-pool "prod-nginx" description "WEB SLB 对外 80"
2173 dnatrule id 6 from "Any" to "10.251.253.101" service "HTTP" trans-to slb-server-pool "prod-nginx" description "WEB SLB 对内 80"
2174 dnatrule id 7 from "Any" to "10.251.253.101" service "HTTPS" trans-to slb-server-pool "prod-nginx-443" description "WEB SLB 对内 443"
2175 dnatrule id 8 from "Any" to "114.118.8.231" service "HTTPS" trans-to slb-server-pool "prod-nginx-443" description "WEB SLB 对外 443"
2176 dnatrule id 9 from "Any" to "114.118.8.232" service "HTTPS" trans-to slb-server-pool "hcaf-nginx" description "欢聚好车443"
2177 dnatrule id 10 from "Any" to "114.118.8.232" service "HTTP" trans-to slb-server-pool "hcaf-nginx-80" description "欢聚好车80"
2178 dnatrule id 11 from "Any" to "114.118.8.233" service "HTTPS" trans-to slb-server-pool "af-nginx" description "金融slb-443"
2179 dnatrule id 12 from "Any" to "114.118.8.233" service "HTTP" trans-to slb-server-pool "af-nginx-80" description "金融80"
2180 --More-- � dnatrule id 13 from "Any" to "114.118.8.234" service "HTTP" trans-to slb-server-pool "invo-80" description "自收购80"
2181 dnatrule id 14 from "Any" to "114.118.8.234" service "HTTPS" trans-to slb-server-pool "invo-443" description "自收购443"
2182 dnatrule id 5 from "Any" to "114.118.8.228/32" service "1326" trans-to "10.251.4.11/32" port 21 log description "ftp"
2183 dnatrule id 15 from "Any" to "114.118.8.228/32" service "ssh52723" trans-to "10.251.4.111" port 22 description "10.251.4.111_jumpserver"
2184 dnatrule id 16 from "Any" to "114.118.8.235" service "HTTP" trans-to "10.251.4.102" port 80 description "运维管理工作如zabbix.等"
2185 dnatrule id 18 from "望京大厦出口联通和电信及金山云出口ip" to "114.118.8.236" service "HTTP" trans-to "10.251.4.104" port 80 description "gitlab80"
2186 dnatrule id 19 from "望京大厦出口联通和电信及金山云出口ip" to "114.118.8.236" service "SSH" trans-to "10.251.4.104" port 22 description "gitlab22"
2187 dnatrule id 20 from "Any" to "114.118.8.235" service "3000" trans-to "10.251.4.102" port 3000 description "grafana"
2188 dnatrule id 21 from "望京大厦出口联通和电信及金山云出口ip" to "114.118.8.235" service "svn" trans-to "10.251.4.102" port 3690 description "转发金山云10.240.1.3的svn服务"
2189 dnatrule id 22 from "望京大厦出口联通和电信及金山云出口ip" to "114.118.8.235" service "FTP" trans-to "10.251.6.103" port 21 description "产品图片ftp及张京顺的ftp"
2190 dnatrule id 17 from "望京大厦出口联通和电信及金山云出口ip" to "114.118.8.235" service "HTTPS" trans-to "10.251.6.103" port 443 description "产品图片https及张京顺的app-https"
2191 dnatrule id 23 from "Any" to "114.118.8.237" service "HTTP" trans-to slb-server-pool "xnib-nginx-80" description "信诺80"
2192 dnatrule id 24 from "Any" to "114.118.8.238" service "HTTP" trans-to slb-server-pool "xinnuo-downlaod" disable description "信诺下载服务"
2193 dnatrule id 25 from "Any" to "10.251.253.102" service "HTTP" trans-to slb-server-pool "xnib-nginx-80" description "信诺对内slb-80"
2194 dnatrule id 26 from "望京大厦出口联通和电信及金山云出口ip" to "114.118.8.239" service "Any" trans-to "10.251.4.112" port 22
2195 ip route 0.0.0.0/0 114.118.8.225
2196 ip route 10.251.0.0/16 10.251.253.251
2197exit
2198qos-engine first
2199 root-pipe "default" id 1
2200 qos-mode "stat"
2201 exit
2202exit
2203qos-engine second
2204 --More-- � disable
2205 root-pipe "default" id 2
2206 qos-mode "stat"
2207 exit
2208exit
2209ip name-server 202.106.0.20 vrouter trust-vr
2210rule id 3
2211 action deny
2212 src-zone "untrust"
2213 dst-zone "Any"
2214 src-addr "blockip"
2215 dst-addr "Any"
2216 service "Any"
2217exit
2218rule id 1
2219 action permit
2220 src-zone "Any"
2221 dst-zone "Any"
2222 src-addr "Any"
2223 dst-addr "Any"
2224 service "Any"
2225exit
2226app-signature
2227 signature id 1
2228 --More-- � application FTP
2229 src-addr "Any"
2230 dst-addr "Any"
2231 protocol tcp dst-port 1326
2232 exit
2233exit
2234l2-nonip-action drop
2235no tcp-mss all
2236tcp-mss tunnel 1380
2237snmp-server manager
2238snmp-server port 161
2239snmp-server engineID "20"
2240snmp-server host 10.251.4.102 version 2c community yTEj7znpdVIQIYRZgZ/Vcj0bWLog ro
2241snmp-server host 10.251.4.106 version 2c community uow5G1uXdXHuZ5WH0sq5DVFfAHw2 ro
2242snmp-server trap-host 10.251.4.102 version 2c community AxjvsEQpHOCtR7JIH0kTQkbofM0q port 162
2243snmp-server trap-host 10.251.4.106 version 2c community 05d6GVRg6EkC5D7IAolo7XVF4UYH port 162
2244ecmp-route-select by-src-and-dst
2245 url-db-query server1 "url1.hillstonenet.com" port 8866 vrouter trust-vr
2246 url-db-query server1 enable
2247 url-db-query server2 "url2.hillstonenet.com" port 8866 vrouter trust-vr
2248 url-db-query server2 enable
2249strict-tunnel-check
2250statistics-set "predef_if_bw"
2251 target-data bandwidth id 0 record-history
2252 --More-- � group-by interface directional
2253exit
2254statistics-set "predef_user_bw"
2255 target-data bandwidth id 1 record-history
2256 group-by user directional
2257exit
2258statistics-set "predef_app_bw"
2259 target-data bandwidth id 2 record-history
2260 group-by application
2261exit
2262statistics-set "predef_user_app_bw"
2263 target-data bandwidth id 3
2264 group-by user directional interface zone application
2265exit
2266statistics-set "predef_zone_if_app_bw"
2267 target-data bandwidth id 4
2268 group-by interface zone directional application
2269exit
2270app update schedule daily 00:30
2271av signature update schedule daily 01:00
2272ips signature update schedule daily 01:30
2273query-groups
2274 dashboard-query-group "hegeng-1522395866212-dashboard-query-group" user "hegeng"
2275 rule "customwidget" create-time 0 id 2 query-string "flag_13,201,4,5,6,9,10"
2276 --More-- � exit
2277exit
2278no sms disable
2279lan-addr private_network
2280monitor-address address monitor_address
2281ha link interface HA0
2282ha link ip 1.1.1.2 255.255.255.252
2283ha group 0
2284 priority 150
2285 monitor track "1"
2286exit
2287ha cluster 1 node 1
2288
2289End
2290BJ-YZ-TDXY-FW-B(M)#