seahi/eNSP-Topology
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
eNSP-Topology/4.1.3 安全策略/E1D19D01-C01B-486b-B2B7-61B9511CA965/vrpcfg.cfg
seahi 5bd19d36a3 first commit
2025-06-06 15:17:08 +08:00

246 lines
5.5 KiB
INI
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

!Software Version V500R005C10SPC300
!Last configuration was saved at 2025-06-04 03:52:03 UTC
#
sysname USG6000V1
#
l2tp domain suffix-separator @
#
undo info-center enable
#
ipsec sha2 compatible enable
#
undo telnet server enable
undo telnet ipv6 server enable
#
update schedule location-sdb weekly Sun 07:15
#
firewall defend action discard
#
banner enable
#
user-manage web-authentication security port 8887
undo privacy-statement english
undo privacy-statement chinese
page-setting
user-manage security version tlsv1.1 tlsv1.2
password-policy
level high
user-manage single-sign-on ad
user-manage single-sign-on tsm
user-manage single-sign-on radius
user-manage auto-sync online-user
#
web-manager security version tlsv1.1 tlsv1.2
web-manager enable
web-manager security enable
#
firewall dataplane to manageplane application-apperceive default-action drop
#
undo ips log merge enable
#
decoding uri-cache disable
#
update schedule ips-sdb daily 00:12
update schedule av-sdb daily 00:12
update schedule sa-sdb daily 00:12
update schedule cnc daily 00:12
update schedule file-reputation daily 00:12
#
ip vpn-instance default
ipv4-family
#
ip address-set teacher-network type object
address 0 192.168.10.0 mask 24
#
ip address-set student-network type object
address 0 192.168.20.0 mask 24
#
time-range student_time
period-range 08:30:00 to 12:00:00 working-day
period-range 13:10:00 to 16:30:00 working-day
period-range 00:00:00 to 23:59:59 off-day
time-range teacher_time
period-range 00:00:00 to 23:59:59 daily
time-range worktime
period-range 08:00:00 to 18:00:00 working-day
#
ike proposal default
encryption-algorithm aes-256 aes-192 aes-128
dh group14
authentication-algorithm sha2-512 sha2-384 sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
aaa
authentication-scheme default
authentication-scheme admin_local
authentication-scheme admin_radius_local
authentication-scheme admin_hwtacacs_local
authentication-scheme admin_ad_local
authentication-scheme admin_ldap_local
authentication-scheme admin_radius
authentication-scheme admin_hwtacacs
authentication-scheme admin_ad
authorization-scheme default
accounting-scheme default
domain default
service-type internetaccess ssl-vpn l2tp ike
internet-access mode password
reference user current-domain
manager-user audit-admin
password cipher @%@%@5{NLPyf:Dmo(p)`^7eS;PE@ad$;$$ZQ%8$!*5)/`/f9PEC;@%@%
service-type web terminal
level 15
manager-user api-admin
password cipher @%@%/OI4,lUqG:ays2;|aJFVsD:YQDln@WMGr=y`;lP^5U;BD:\s@%@%
level 15
manager-user admin
password cipher @%@%~~K.PC4q@#hCoqJI99vRc7g:0fUk2^_2+0t<Rd.@gID@7g=c@%@%
service-type web terminal
level 15
role system-admin
role device-admin
role device-admin(monitor)
role audit-admin
bind manager-user audit-admin role audit-admin
bind manager-user admin role system-admin
#
l2tp-group default-lns
#
interface GigabitEthernet0/0/0
undo shutdown
ip binding vpn-instance default
ip address 192.168.0.1 255.255.255.0
alias GE0/METH
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 192.168.100.1 255.255.255.0
#
interface GigabitEthernet1/0/1
undo shutdown
#
interface GigabitEthernet1/0/1.10
vlan-type dot1q 10
ip address 192.168.10.1 255.255.255.0
#
interface GigabitEthernet1/0/1.20
vlan-type dot1q 20
ip address 192.168.20.1 255.255.255.0
#
interface GigabitEthernet1/0/2
undo shutdown
#
interface GigabitEthernet1/0/3
undo shutdown
#
interface GigabitEthernet1/0/4
undo shutdown
#
interface GigabitEthernet1/0/5
undo shutdown
#
interface GigabitEthernet1/0/6
undo shutdown
#
interface Virtual-if0
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/1.10
add interface GigabitEthernet1/0/1.20
#
firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/0
#
firewall zone dmz
set priority 50
#
undo ssh server compatible-ssh1x enable
ssh authentication-type default password
ssh server cipher aes256_ctr aes128_ctr
ssh server hmac sha2_256 sha1
ssh client cipher aes256_ctr aes128_ctr
ssh client hmac sha2_256 sha1
#
firewall detect ftp
#
user-interface con 0
authentication-mode aaa
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
user-interface vty 16 20
#
pki realm default
#
sa
#
location
#
multi-linkif
mode proportion-of-weight
#
right-manager server-group
#
device-classification
device-group pc
device-group mobile-terminal
device-group undefined-group
#
user-manage server-sync tsm
#
security-policy
rule name student_allowed
source-zone trust
destination-zone untrust
source-address address-set student-network
service http
service https
service icmp
time-range student_time
action permit
rule name teacher_always
source-zone trust
destination-zone untrust
source-address address-set teacher-network
action permit
rule name student_deny
source-zone trust
destination-zone untrust
source-address address-set student-network
action deny
rule name default_deny
source-zone trust
destination-zone untrust
action deny
#
auth-policy
#
traffic-policy
#
policy-based-route
#
nat-policy
#
quota-policy
#
pcp-policy
#
dns-transparent-policy
#
rightm-policy
#
return
Reference in New Issue View Git Blame Copy Permalink