Quintum网关基本配置

冰峰网极星流量/行为管理快速配置手册上海冰峰计算机网络技术有限公司地址：上海市中山北路838号5F 邮编：200070 电话：400-880-6160 传真：************ 24小时值班电话：189****3255一、如何部署冰峰NP网关冰峰NP网关可通过网桥模式（默认模式）或路由模式进行部署1.网桥模式：NP网关使用网桥模式接入部署，LAN和WAN口为默认一组桥，设备以透明方式串于路由器和交换机中间不更改原有网络部署如下图：Internet出口路由器二层交换机2.路由模式：NP网关使用路由模式接入部署，设备作为网关使用如下图：Internet二层交换机二、如何管理冰峰NP网关鼠标右键属性打开网上邻居，右键属性打开本地连接，进入TCP/TP协议，将电脑IP配置192.168.0.* （与N[P行为管理的默认管理地址192.168.0.1属同一网段内）子网掩码255.255.255.0，默认网关地址和DNS可以暂时不配。

冰峰流量/行为管理网关默认使用LAN1作为网管口，LAN1出厂地址为192.168.0.1/24。

系统默认使用HTTPS 安全登录，默认端口9090。

初始登录URL 为：https:// 192.168.0.1:9090。

正确输入用户名和密码后，即可进入管理界面。

默认帐号、密码：请咨询相关商务和技术人员三、如何配置冰峰NP网关让内网上网1.网桥模式（推荐）设备桥接模式，只需一个内网管理地址，安装中基本不会影响原有的网络结构，配置路径：系统配置—工作模式，将网桥1地址192.168.0.1修改成内网同网段IP，网关IP为前段路由器的LAN口IP地址后点击确定。

2.路由模式第一步：路由模式需要为设备W AN和LAN接口上配置上IP地址，配置路径：系统配置-工作模式，将默认的网桥模式切换成路由模式，配置LAN1和W AN1口的IP地址、子网掩码及W AN1口的网关IP后，点击确定。

纽盾配置手册摘要：一、前言二、纽盾配置手册简介1.手册的目的2.手册的结构三、网络设备配置基础1.配置方式2.配置工具四、纽盾设备配置流程1.准备工作2.配置步骤3.配置实例五、配置常见问题及解决方法六、总结正文：【前言】纽盾配置手册旨在帮助网络工程师快速掌握纽盾设备的配置方法，以便更好地管理和维护网络设备。

本文将详细介绍纽盾配置手册的内容和纽盾设备配置的基本流程。

【纽盾配置手册简介】纽盾配置手册主要包含以下内容：1.手册的目的：为了方便用户了解和操作纽盾设备，本手册提供了详细的配置步骤和实例。

2.手册的结构：本手册共分为六个部分，分别为前言、纽盾配置手册简介、网络设备配置基础、纽盾设备配置流程、配置常见问题及解决方法和总结。

【网络设备配置基础】网络设备配置主要包括以下两个方面：1.配置方式：网络设备配置通常分为本地配置和远程配置两种方式。

本地配置是通过设备本身的控制台或管理口进行的配置；远程配置是通过网络远程管理工具进行的配置。

2.配置工具：常用的配置工具有Telnet、SSH、Web 管理等。

根据设备类型和用户需求选择合适的配置工具。

【纽盾设备配置流程】纽盾设备配置流程如下：1.准备工作：确保纽盾设备已正确连接到网络，并获取设备的IP 地址、用户名和密码等信息。

2.配置步骤：根据设备类型和需求，选择合适的配置工具，如Telnet、SSH 或Web 管理等，登录设备并进行相关配置。

3.配置实例：以下是一个简单的纽盾设备配置实例，包括配置端口、VLAN 和路由等。

【配置常见问题及解决方法】在配置过程中，可能会遇到一些常见问题，如配置错误、设备无法登录等。

针对这些问题，可以采取以下解决方法：1.检查设备连接是否正常，确保设备已正确连接到网络。

2.检查配置工具是否正确，如Telnet、SSH 等。

3.检查配置命令是否正确，参考纽盾设备配置手册或设备文档进行验证。

4.如遇到无法登录设备的问题，请检查用户名和密码是否正确。

Configuration Note ContentsTable of Contents1Introduction (7)2Backing up Configuration (9)2.1Backing up Device Configuration through Web Interface (9)2.2Backing up Device Configuration through CLI (10)2.2.1Backing Up Configuration on a Data-enabled Device (10)2.2.2Backing Up Configuration on a Voice-enabled Device (10)2.3Backing Up EMS Configuration Before Upgrade (12)2.3.1Changing Scheduled Backup Time (12)2.3.2Collecting EMS Logs (13)3Restoring Configuration (15)3.1Restoring Device Configuration through Web Interface (15)3.2Restoring Device Configuration through CLI (16)3.2.1Restoring Configuration on a Data-enabled Device (16)3.2.2Restoring Configuration on a Voice-enabled Device (16)3.3Restoring EMS Configuration After Upgrade (18)Version 7.2 3 Mediant Series Gateways & SBCsConfiguration File Backup & Restore ProcedureThis page is intentionally left blank.Configuration Note 4 Document #: LTRT-39624Configuration Note NoticesNoticeInformation contained in this document is believed to be accurate and reliable at the time of printing. However, due to ongoing product improvements and revisions, AudioCodes cannot guarantee accuracy of printed material after the Date Published nor can it accept responsibility for errors or omissions. Before consulting this document, check the corresponding Release Notes regarding feature preconditions and/or specific support in this release. In cases where there are discrepancies between this document and the Release Notes, the information in the Release Notes supersedes that in this document. Updates to this document and other documents as well as software files can be downloaded by registered customers at /downloads.© Copyright 2017 AudioCodes Ltd. All rights reserved.This document is subject to change without notice.Date Published: February-08-2017Trademarks©2017 AudioCodes Ltd. All rights reserved. AudioCodes, AC, HD VoIP, HD VoIP SoundsBetter, IPmedia, Mediant, MediaPack, What’s Inside Matters, OSN, SmartTAP, UserManagement Pack, VMAS, VoIPerfect, VoIPerfectHD, Your Gateway To VoIP, 3GX,VocaNom, AudioCodes One Voice and CloudBond are trademarks or registeredtrademarks of AudioCodes Limited. All other products or trademarks are property of theirrespective owners. Product specifications are subject to change without notice.WEEE EU DirectivePursuant to the WEEE EU Directive, electronic and electrical waste must not be disposedof with unsorted waste. Please contact your local recycling authority for disposal of thisproduct.Customer SupportCustomer technical support and services are provided by AudioCodes or by an authorizedAudioCodes Service Partner. For more information on how to buy technical support forAudioCodes products and for contact information, please visit our Web site at/support.Abbreviations and TerminologyEach abbreviation, unless widely used, is spelled out in full when first used.Document Revision RecordVersion 7.2 5 Mediant Series Gateways & SBCsConfiguration File Backup & Restore ProcedureDocumentation FeedbackAudioCodes continually strives to produce high quality documentation. If you have anycomments (suggestions or errors) regarding this document, please fill out theDocumentation Feedback form on our Web site at /downloads.Configuration Note 6 Document #: LTRT-39624Configuration Note 1. Introduction1 IntroductionThis document describes the procedures for backing up and restoring your device'sconfiguration settings.It is important to back up your configuration on a regular basis in case you need to restoreconfiguration if, for example, any of the following scenarios occurs:⏹Your device has a hardware fault that requires it to be replaced entirely.⏹ A hardware component on the device is faulty (e.g., CPU).⏹Firmware upgrade failure⏹Undesired configuration upgrade or failure.Note:•It is your responsibility to save the backup configuration files after every configurationchange made on the device.•It is your responsibility to back up your existing configuration and firmware files to a safe location on your network before upgrading the device.Version 7.2 7 Mediant Series Gateways & SBCsConfiguration File Backup & Restore ProcedureThis page is intentionally left blank.Configuration Note 8 Document #: LTRT-39624Version 7.2 9 Mediant Series Gateways & SBCs Configuration Note2. Backing up Configuration 2 Backing up ConfigurationYou can save a copy of the device's current configuration settings as a file on a local PC server. This can be used as a backup file for your configuration. The saved file includes only parameters that were modified and parameters with other than default values.You can also save (create) the current configuration as a configuration file on the device's flash memory and send it to a user-defined URL of a remote server (TFTP or HTTP/S) or to a USB device. The configuration settings in the file are based only on CLI commands. For more information, refer to the CLI Reference Manual .This chapter describes how to backup the configuration through one of the following management interfaces:⏹Web interface (see Section 2.1) ⏹CLI (see Section 2.2) ⏹EMS (see Section 2.3)Note:• Make sure you have a backup copy of all auxiliary files (e.g., CPT and Dial Plan files) before you upload them to the device.• If you do not have a backup of the device’s cmp file on your PC, you must open a service request to receive it.• In case of outage due to hardware upgrade or replacement or disaster, use theBootP tool to connect directly to the device from a PC. A trained technician should be present on the local site for performing this task.• If you do not have the BootP tool on your site, open a service request it to receive it.2.1Backing up Device Configuration through WebInterfaceThe Web interface allows you to back up the device's configuration as an ini file or a CLI-based file (CLI script) in a folder on the PC client running the Web interface.To back up the configuration:1. Open the Configuration File page:•Toolbar: From the Actions drop-down menu, choose Configuration File . • Navigation tree: Setup menu > Administration tab > Maintenance folder >Configuration File .Figure 2-1: Backing up Configuration through Web InterfaceConfiguration Note 10 Document #: LTRT-39624 Configuration File Backup & Restore Procedure2. Click one of the following buttons:•Save INI File: saves the configuration as an ini file. • Save CLI Script File: saves the configuration as a CLI-based file.2.2 Backing up Device Configuration through CLIThe CLI allows you to back up the device's configuration as a CLI-based file (CLI command settings). You can back up the CLI-based file to any of the following locations:⏹Remote server (HTTP, HTTPS or TFTP) ⏹USB stickNote: The USB stick is only applicable to devices that provide USB support.The procedures below describes how to back up the devices configuration using CLI on a data-enabled and voice-enabled device. 2.2.1 Backing Up Configuration on a Data-enabled DeviceThis section describes how to back up the devices configuration on a data-enabled device. To back up the configuration using CLI on a data-enabled device:1.Establish a CLI serial connection with the device (e.g., Telnet). 2. Log in to the CLI.Username: AdminPassword: < Password >3. Access the Enable mode.> enablePassword: < Enable mode password >4.Enter the following command:# copy cli-script to { < URL > | usb :///< File Name > }source data interface <interface type> <interface id> 2.2.2 Backing Up Configuration on a Voice-enabled DeviceThis section describes how to back up the devices configuration on a voice-enabled device.To back up the configuration using CLI on a voice-enabled device:1.Establish a CLI serial connection with the device (e.g., Telnet). 2.Log in to the CLI.Username: AdminPassword: < Password >3. Access the Enable mode.> enablePassword: < Enable mode password >Configuration Note 2. Backing up Configuration4. Enter the following command:# copy cli-script to { < URL > | usb:///< File Name > }Arguments DescriptionURL When copying to a URL, the destination URL can be one of thefollowing:•HTTP•HTTPS•TFTPusb:///< File Name> Backs up the configuration to the USB stick connected to the device.source Specifies the source CPU to copy from (default data).interface Specifies the source interface to bind to.source-address Specifies the source address.Interface Type Interface ID gigabitethernet GigabitEthernet interface slot andport (VLAN ID is optional)[SLOT/PORT.VLANID] cellular Cellular interface ID 0/0Gr-e Tunnel GRE ID [1-255]ipip Tunnel IPIP ID [1-255]l2tp L2TP ID [0-99]pppoe PPPoE interface ID [1-3]pptp PPTP ID [0-99]vlan Vlan ID [1-3999]loopback Loopback ID [1-5]bvi Bridge interface [1-255]Version 7.2 11 Mediant Series Gateways & SBCsConfiguration Note 12 Document #: LTRT-39624Configuration File Backup & Restore Procedure2.3 Backing Up EMS Configuration Before UpgradeBefore upgrading the EMS server, it is highly recommended to backup the EMS server database. There are two main backup processes that run on the EMS server: ⏹Weekly backup: runs once a week at a pre-configured date & time (default is Saturday 02:00). In this process, the whole database is backed up into several “RMAN” files that are located in /data/NBIF/emsBackup/RmanBackup directory. In addition, many other configuration and software files are backed up to a TAR file in the /data/NBIF/emsBackup directory. In general, this TAR file contains the entire/data/NBIF directory’s content (except 'emsBackup' directory), EMS Software Manager content and server_xxx directory’s content.To change the weekly backup’s time and date, see Section 2.3.1 below. ⏹Daily backup: runs daily except on the scheduled week day (see above). The daily backup process backs up the last 24 hours. There are no changes in the TAR file in this process.Warning: The Backup process does not backup configurations performed using EMS Server Manager, such as networking and security.It is highly recommended to maintain all backup files on an external machine.These files can be transferred outside the server directly from their default location by SCP or SFTP client using 'acems' user. These backup files are as follows: ⏹ /data/NBIF/emsBackup/emsServerBackup_<time&date>.tar file⏹All files in /data/NBIF/emsBackup/RmanBackup directory (including control.ctl and init.ora files)2.3.1 Changing Scheduled Backup TimeThis step describes how to reschedule the backup time.To reschedule backup time:1. From the Application Maintenance menu, choose Change Schedule Backup Time .2. Choose the day of the week that you wish to perform the backup.3. Copy all files in /data/NBIF/emsBackup/RmanBackup/ directory to an external machine.4.Copy /data/NBIF/emsBackup/emsServerBackup_<time&date>.tar file to an external machine.Where <time&date> is only an example; replace this path with your filename.Configuration Note 2. Backing up Configuration2.3.2 Collecting EMS LogsIt is recommended to collect EMS logs before upgrading or re-configuring the EMS server.This enables you to restore the MG treeTo collect logs:1. From the EMS Server Management root menu, choose Collect Logs, and then pressEnter; the EMS server commences the log collection process:Figure 2-2: EMS Server Manager – Collect LogsThis process can take a few minutes. Once the file generation has completed, a messageis displayed on the screen informing you that a Diagnostic tar file has been created and thelocation of the tar file:Figure 2-3: TAR File LocationVersion 7.2 13 Mediant Series Gateways & SBCsConfiguration File Backup & Restore Procedure2. The MGs Topology list containing all the devices in the MG Tree is found in thefollowing file:/data/NBIF/topology/MGsTopologyList.csvAn example of this file is shown in the figure below:Figure 2-4: MGs Topology ListConfiguration Note 14 Document #: LTRT-39624Version 7.2 15 Mediant Series Gateways & SBCsConfiguration Note3. Restoring Configuration 3 Restoring ConfigurationYou can restore the configuration through one of the following management interfaces: ⏹ Web interface (see below) ⏹ CLI (see Section 3.2) ⏹EMS (see Section 3.3)Warning:• When restoring an ini file, the device resets for the settings to take effect. • When loading an ini file using the Configuration File page, parameters notincluded in the ini file are reset to default settings.3.1Restoring Device Configuration through Web InterfaceThe Web interface allows you to restore the device's configuration as an ini file or aCLI-based file (CLI script) from the folder on the PC client running the Web interface, by uploading an ini file or CLI-based file.Warning: When restoring an ini file using the Configuration File page, parameters excluded from the ini file return to default settings . If you want to keep the device's current configuration settings and apply the settings specified in the ini file, load the file through the Auxiliary Files page.To restore the configuration file:1.Open the Configuration File page: • Toolbar: From the Actions drop-down menu, choose Configuration File . •Navigation tree:Setupmenu > Administration tab > Maintenance folder > Configuration File .Figure 3-1: Loading INI File using Configuration File Page2.Click one of the following buttons: • Load INI File: restores the configuration from the ini file.•Load CLI Script File: restores the configuration from the CLI-based file.Configuration Note 16 Document #: LTRT-39624Configuration File Backup & Restore Procedure3.2 Restoring Device Configuration through CLIThe CLI allows you to restore the device's configuration as a CLI-based file (CLI command settings). You can restore the CLI-based file from any of the following locations: ⏹ Remote server (HTTP, HTTPS or TFTP) ⏹ USB stickNote: The USB stick is only applicable to devices that provide USB support.The procedures below describe how to restore the devices configuration using CLI on the following platforms: ⏹ Data-enabled device (see Section 3.2.1) ⏹Voice-enabled device (see Section 3.2.2) 3.2.1 Restoring Configuration on a Data-enabled DeviceThis section describes how to restore the devices configuration on a data-enabled device.To restore the configuration using CLI on a data-enabled device:1. Establish a CLI serial connection with the device (e.g., Telnet).2.Log in to the CLI. Username: AdminPassword: < Password >3.Access the Enable mode. > enablePassword: < Enable mode password >4.Enter the following command:# copy cli-script from { < URL > | usb :///< File Name > }source data interface <interface type> <interface id>3.2.2 Restoring Configuration on a Voice-enabled DeviceThis section describes how to restore the devices configuration on a voice-enabled device.To restore the configuration using CLI on a voice-enabled device:1. Establish a CLI serial connection with the device (e.g., Telnet).2.Log in to the CLI. Username: AdminPassword: < Password >3.Access the Enable mode. > enablePassword: < Enable mode password >Configuration Note 3. Restoring Configuration4. Enter the following command:# copy cli-script from { < URL > | usb:///< File Name > }Arguments DescriptionURL When copying to a URL, the destination URL can be one of thefollowing:•HTTP•HTTPS•TFTPusb:///< File Name> Backs up the configuration to the USB stick connected to the device.source Specifies the source CPU to copy from (default data).interface Specifies the source interface to bind to.source-address Specifies the source address.Interface Type Interface ID gigabitethernet GigabitEthernet interface slot andport (VLAN ID is optional)[SLOT/PORT.VLANID] cellular Cellular interface ID 0/0Gr-e Tunnel GRE ID [1-255]ipip Tunnel IPIP ID [1-255]l2tp L2TP ID [0-99]pppoe PPPoE interface ID [1-3]pptp PPTP ID [0-99]vlan Vlan ID [1-3999]loopback Loopback ID [1-5]bvi Bridge interface [1-255]Version 7.2 17 Mediant Series Gateways & SBCsConfiguration File Backup & Restore Procedure3.3 Restoring EMS Configuration After UpgradeThis section describes how to restore the EMS server after it has been upgraded. This canbe done on the original machine from which the backup files were created or on any othermachine.Note:•If you’re running the restore process on a different machine, its disk sizeshould be the same as the original machine from which the backup files were Array taken.•Restore actions can be performed only with backup files which werepreviously created in the same EMS version.•If you are restoring to a new machine, make sure that you have purchased anew license file machine ID. AudioCodes customer support will assist you toobtain a new license prior to the restore process.To restore the EMS server:1. Install (or upgrade) EMS to the same version from which the backup files werecreated. The Linux version must also be identical between the source and targetmachines.2. Use the EMS Server Management utility to perform all the requiredconfigurations, such as Networking and Security, as was previously configuredon the source machine.3. Make sure all server processes are up in EMS Server Manager / Status menuand the server functions properly.4. Copy all backup files to /data/NBIF directory by SCP or SFTP client using the'acems' user.5. In EMS Server Manager, go to the Application Maintenance menu and select theRestore option.6. Follow the instructions during the process.7. After the restore process has completed, you will be asked to reboot themachine.8. If you installed custom certificates prior to the restore, you must reinstall thesecertificates.Configuration Note 18 Document #: LTRT-39624Configuration Note 3. Restoring ConfigurationThis page is intentionally left blank.Version 7.2 19 Mediant Series Gateways & SBCsInternational HeadquartersContact us: /info Website: Document #: LTRT-39624。

Quick Note 18 Configuring a Digi TransPort router to accept CLI commands via SMSUK SupportNovember 20151Introduction (3)1.1Outline (3)1.2Assumptions (3)1.3Version (3)2Configuration (4)2.1Obtain the phone number of the router’s SIM (4)2.2SMS Configuration (5)2.3Configuration - Network > Interfaces > Mobile (5)3Example scenario (8)4Monitoring (9)5Configuring SMS administration from the Command line (10)Page | 21.1OutlineThis document contains configuration instructions for allowing a Digi TransPort router with cellular access to accept CLI commands via SMS.To be able to accept an SMS, the router only needs GSM access to the mobile network. Even if the router has lost its GPRS/3G connection, it will normally still be contactable via SMS, assuming the mobile network cell station is still providing GSM coverage.1.2AssumptionsThis guide has been written for use by technically competent personnel with a good understanding of the communications technologies used in the product, and of the requirements for their specific application.Configuration: This application note assumes that the router will be connecting to a cellular network. This application note applies to;Models shown: Digi Transport WR41 router with Option 3G module.Other Compatible Models: All Digi Transport products with a cellular module.Firmware versions: 4.694 and above.Configuration: This Application Note assumes the devices are set to factory default configurations. Most configuration commands are only shown if they differ from the factory default.1.3VersionPage | 32.1Obtain the phone number of the router’s SIMBefore an SMS message can be sent to the router the phone number assigned to its SIM needs to be known.Browse to:Administration - Execute a commandAnd enter the command to send a message to the mobile phoneThe syntax is as follows:Sendsms <phonenumber> “message”Where <phonenumber> is the mobile phone number.NOTE: Th e “message” must be in quotes ““A second option is to send the message from the from the command lineThe mobile phone will receive the “test message” and its number will be displayed.It’s now possible to send commands to the router with this number as its destinationPage | 42.2SMS ConfigurationAll cellular TransPort routers have the ability to be configured by SMS. To configure a TransPort cellular router to accept CLI commands via SMS the following configuration will be required.Browse to:2.3Configuration - Network > Interfaces > MobileAnd make the following changesPage | 5Click ApplyIMPORTANT:1.Make sure to click “Add” after configuring a phone number and then click Apply.2.Make sure to replace the leading zero in the phone number when adding the internationalprefix (44 in this example)Page | 6NOTE on SMS command caller IDConfigure the parameter SMS command caller ID, enter the MSISDN (mobile phone number) that will be issuing CLI commands to the TransPort router. This needs to include the country code but without the + sign. For example for a UK mobile phone number 0797******* the number entered would be 447976123456. A different MSISDN can be entered on each line.Accepting SMS commands from any mobile numberWhen the SMS Command Caller ID is set to an asterisk character ”*” instead of an MSISDN, the TransPort router will accept and execute CLI commands from any MSISDN.SMS access levelThe parameter SMS access level will need to match the level required by the command sent by SMS for the command to be accepted. To execute all CLI commands, this should be set to Super.Multiple CLI commands in a single SMSSMS Command Separator, more than 1 CLI command may be sent per SMS, the CLI commands need to be separated by a character that will not be used in the CLI command, e.g. %To receive feedback on the outcome of the CLI command, the parameter SMS Replies should beset to On.Page | 7Consider an example scenario where the username and password of a PPP interface need to be changed remotely. Using the CLI the commands would be as follows:ppp 1 username <my-user>ppp 1 password <my-pass>config 0 saverebootAssuming that the command separator has been configured as % the SMS would be required would be: ppp 1 username my-user%ppp 1 password my-pass%config 0 save%rebootPlease note:Concatenate replies:There is normally a limit of 160 characters per SMS but concatenation of messages is allowed. Normally an SMS message is limited to 160 characters. However, the ETSI standard specifies a way to allow a number of SMS messages to be linked together by the sender (in this case the router). This enables the router to reply with long responses to SMS commands of longer than 160 characters. The reply comes back as a series of linked SMS messages which the phone reassembles and displays as one big message.To allow the TransPort router to send/receive concatenated messages, on the web interface the “Concatenate replies” box must be ticked.Page | 8SMS receipt and actions from the SMS are logged in the event logger.Here is an excerpt from the eventlog after a router is sent the commands in the example scenario above from a mobile phone(0752*******)Note: 0 replaced by 44 for UKThe key lines from the event logger are listed below.12:09:25, 15 Aug 2012,PPP 1 down,Rebooting12:09:25, 15 Aug 2012,Par change by MODEM 0, ppp 1 username to my-user12:09:25, 15 Aug 2012,SMS Received: 447522954965: Ppp 1 username my-user%ppp1 password my-pass%confi,ExecutedThe following line from config.da0 also shows that the SMS updated the configuration.config last_saved_user "MODEM 0"Page | 9The following commands will configure SMS administration from the command line.modemcc 0 sms_interval 1modemcc 0 sms_callerid “447522954965”modemcc 0 sms_cmd_sep %modemcc 0 sms_access 0modemcc 0 sms_replies onPage | 10。

用户配置手册（适用于：R10.0.0引擎版本）地址：北京市西城区西直门外南路26号院1号邮编：100044版权声明本文中出现的任何文字叙述、文档格式、插图、图片、方法、过程等内容，除另有特别注明，版权均为奇安信集团（指包括但不限于奇安信科技集团股份有限公司、网神信息技术（北京）股份有限公司、北京网康科技有限公司）所有，受到有关产权及版权法保护。

任何个人、机构未经奇安信集团的书面授权许可，不得以任何方式复制或引用本文的任何片段。

修订记录目录前言 (13)免责声明 (14)1设备部署 (15)1.1设备面板 (15)1.2部署方式 (16)1.3登录Web管理系统 (17)1.4网络配置和部署 (17)2快速入门 (17)2.1登录系统 (17)2.2工作窗口介绍 (19)2.3主要菜单介绍 (20)2.4工具栏说明 (21)2.4.1告警信息详情 (21)2.4.2通知信息详情 (21)2.4.3在线客服 (22)2.4.4bypass开关 (22)2.4.5在线帮助 (22)2.4.6立即生效 (22)2.5重置超管密码 (23)2.6常用操作 (25)2.6.1列表操作 (25)2.6.2文本框输入限制 (26)2.6.3光标悬停 (27)2.6.4常用配置操作 (27)3首页 (28)3.1等级展示 (30)3.2管控效果 (30)3.3运行状态 (31)3.4当前特征库规模 (32)3.5安全状态 (33)3.6业务风险状态 (33)3.7外发状态 (34)3.8应用使用状态 (35)4系统监控 (35)4.1设备信息 (35)4.1.1资源 (36)4.1.2授权 (36)4.1.3网口 (37)4.1.4系统 (37)4.2网络流量 (38)4.2.1网络概况 (38)4.2.2实时流速 (41)4.3在线用户 (43)4.3.1过滤条件管理 (45)4.4会话连接 (49)4.4.1过滤条件管理 (50)4.5流量管理监控 (53)4.5.1限额监控 (53)4.5.2通道监控 (58)4.6异常行为监控 (61)4.6.1爬虫监控 (61)4.6.2共享接入监控 (62)4.7失陷主机监控 (68)4.8故障监控中心 (70)4.8.1网络故障监测 (70)4.8.2权限策略故障监测 (72)4.8.3设置过滤条件 (74)4.8.4清空过滤条件 (76)4.8.5用户认证故障监测 (76)4.8.6设置过滤条件 (77)4.8.7清空过滤条件 (78)4.8.8Web访问质量监测 (78)4.8.9单用户检测 (83)4.9临时屏蔽IP (85)4.9.1新建临时屏蔽IP (86)5上网安全 (87)5.1网络攻击防护 (87)5.1.1流量报警配置 (89)5.1.2ARP防护报警 (89)5.1.3DDoS防护配置 (89)5.2恶意网站防护 (90)5.3病毒文件云查 (91)5.4失陷主机检测 (93)5.5异常行为管控 (94)5.5.1爬虫行为管控 (94)5.5.2共享接入策略 (95)5.6访问控制策略 (102)5.6.1新建访问控制策略 (104)5.7协同防御 (105)5.7.1镜像流量外发 (105)5.7.2解密流量外发 (108)5.7.3ICAP策略 (109)5.7.4NGSOC/天眼联动 (115)6上网管理 (116)6.1策略网段 (117)6.1.1新建策略网段 (118)6.2黑白名单 (118)6.2.1IP黑白名单 (119)6.2.2域名黑白名单 (122)6.2.3发帖免审计名单 (126)6.2.4特权用户 (128)6.3应用控制策略 (132)6.3.1新建应用控制策略 (135)6.4上网审计策略 (137)6.4.1网页浏览策略 (139)6.4.2网页搜索策略 (144)6.4.3发帖审计策略 (147)6.4.4邮件审计策略 (150)6.4.5文件审计策略 (155)6.4.6IM审计策略 (159)6.4.7数据库审计策略 (163)6.4.8协议审计策略 (167)6.4.9虚拟身份审计策略 (189)6.5流量管理 (191)6.5.1带宽通道对象 (191)6.5.2通道控制策略 (196)6.5.3每用户控制策略 (201)6.6客户端管控 (221)6.6.1客户端检测对象 (221)6.6.2客户端推送 (240)6.6.3客户端联动策略 (249)6.7SSL解密 (282)6.7.1SSL解密主机 (283)6.7.2解密白名单 (286)6.7.3解密证书管理 (287)6.7.4解密协议配置 (290)6.7.5解密策略 (294)6.7.6根证书推送 (297)6.8代理上网 (301)6.8.1全局配置 (302)6.8.2代理上网策略 (303)6.8.3代理认证策略 (311)6.9安全软件准入 (316)6.9.1安全软件准入对象 (316)6.9.2安全软件准入策略 (319)6.10广告推送 (322)6.10.1广告对象 (322)6.10.2广告推送策略 (326)7数据防泄漏 (331)7.1外发途径管控 (331)7.1.1新建外发途径管控策略 (333)7.2外发文件限制 (335)7.2.1新建外发文件限制策略 (337)7.3外发内容过滤 (339)7.3.1敏感信息对象 (339)7.3.2外发内容过滤 (341)8业务防护 (345)8.1业务系统对象 (345)8.1.1新建业务系统对象 (346)8.2业务访问策略 (347)8.2.1新建业务访问策略 (349)8.3业务安全防护 (351)8.3.1文件hash对象 (351)8.3.2入侵防护 (353)8.3.3病毒防护 (354)8.3.4沙箱检测 (356)9用户管理 (358)9.1组织结构 (358)9.1.1新建普通组 (361)9.1.2新建权限组 (363)9.1.3新建镜像组 (365)9.1.4新建用户 (366)9.1.5批量处理 (369)9.1.6扩展属性设置 (371)9.2认证管理 (372)9.2.1透明识别配置 (373)9.2.2认证服务配置 (388)9.2.3认证页面配置 (413)9.2.4认证高级配置 (425)9.3认证策略 (431)9.3.1新建认证策略 (433)9.4第三方服务器 (438)9.4.1服务器 (438)9.4.2LDAP服务器类型 (459)9.4.3Windows集成身份认证 (463)9.5用户导入 (465)9.5.1外部服务器导入 (465)9.5.2IP导入 (471)9.5.3文件导入 (474)9.6其他配置 (475)9.6.1免认证IP (475)9.6.2免认证域名 (477)9.6.3用户绑定 (478)9.6.4成功页面推送策略 (487)9.6.5交换机配置 (490)9.6.6多设备上线联动 (493)9.6.7分时访问配置 (494)10对象管理 (496)10.1时间对象 (496)10.1.1新建时间对象 (497)10.2用户 (498)10.2.1用户对象 (498)10.2.2属性组 (501)10.3策略 (505)10.3.1应用协议对象 (505)10.3.2网站分类对象 (513)10.3.3关键字对象 (518)10.3.4文件类型对象 (521)10.4IP对象 (523)10.4.1新建IP对象 (525)10.5MAC对象 (526)10.5.1新建MAC对象 (528)10.6服务对象 (529)10.6.1新建服务对象 (530)10.7位置对象 (531)10.7.1新建普通组 (533)10.7.2新建位置 (534)10.8阻塞页面 (535)10.8.1新建阻塞页面 (538)10.9报警对象 (539)10.9.1新建报警对象 (541)11数据中心 (542)11.1通用操作 (542)11.1.1设置过滤条件 (542)11.1.2过滤条件管理 (544)11.1.3导出和发送日志 (545)11.2日志总览 (546)11.3上网安全日志 (547)11.3.1网络防护日志 (548)11.3.2安全防护日志 (550)11.3.3爬虫检测日志 (554)11.3.4共享接入日志 (556)11.3.5协同防御日志 (557)11.4上网管理日志 (560)11.4.1应用日志 (560)11.4.2审计日志 (564)11.4.3客户端管控日志 (592)11.4.4SSL解密日志 (594)11.4.5代理上网日志 (595)11.4.6安全软件准入日志 (597)11.5数据防泄漏日志 (598)11.5.1外发途径管控 (598)11.5.2外发文件限制 (600)11.5.3外发内容过滤 (601)11.6业务防护 (602)11.6.1业务访问日志 (602)11.6.2业务防护日志 (604)11.7上线日志 (607)11.8策略告警日志 (609)11.9系统日志 (611)11.9.1操作日志 (611)11.9.2系统告警日志 (612)11.9.3短信发送日志 (614)11.10日志存储管理 (615)11.10.1外部数据中心 (615)11.10.2日志导出 (618)11.10.3日志归档 (622)11.11统计 (623)11.11.1收藏中心 (624)11.11.2订阅中心 (625)11.11.3网站分类 (627)11.11.4搜索关键字 (630)11.11.5论坛发帖 (632)11.11.6应用活动 (635)11.11.7邮件收发 (637)11.11.8IM聊天 (640)11.11.9文件审计 (643)11.11.10上网时长 (645)11.11.11安全防护 (648)11.11.12通道分析 (656)11.12报表中心 (661)11.12.1报表列表 (661)11.12.2订阅历史 (685)12网络配置 (686)12.1模式配置 (686)12.1.1网关模式配置 (686)12.1.2网桥模式配置 (690)12.1.3镜像模式配置 (692)12.2接口配置 (695)12.2.1物理口 (695)12.2.2桥接口 (697)12.2.3网关接口 (699)12.2.4镜像口 (706)12.2.5Trunk接口 (707)12.2.6GRE接口 (710)12.2.7聚合链路接口 (712)12.2.8镜像外发接口 (714)12.3管理口配置 (715)12.4路由配置 (717)12.4.1自定义地址 (717)12.4.2策略路由 (720)12.4.3负载均衡 (723)12.4.4静态路由 (737)12.4.5动态路由 (740)12.5域名解析配置 (746)12.6DHCP服务 (747)12.6.1新建DHCP服务 (749)12.7NAT策略 (750)12.7.1源NAT策略 (750)12.7.2目的NAT策略 (753)12.8VPN配置 (756)12.8.1隧道配置 (757)12.8.2隧道状态 (760)12.8.3VPN证书管理 (761)12.9高级配置 (763)12.9.1MSS配置 (763)12.9.2协议解封装配置 (764)12.9.3静态ARP配置 (766)13系统配置 (767)13.1服务授权 (767)13.1.1产品授权 (768)13.1.2增值服务授权 (769)13.1.3系统升级授权 (770)13.1.4恶意网站防护授权 (770)13.1.5杀毒服务授权 (771)13.1.6失陷主机检测授权 (771)13.1.7沙箱检测授权 (772)13.1.8入侵防护库升级授权 (772)13.2日期与时间 (773)13.3界面配置 (774)13.4权限配置 (775)13.4.1权限模式 (777)13.4.2普通模式的权限配置 (778)13.4.3三权模式的权限配置 (787)13.5邮件服务器 (790)13.6集中管理 (791)13.7HA配置 (793)13.7.1网关模式HA配置 (793)13.7.2网桥和镜像模式HA配置 (797)13.8系统更新 (800)13.8.1版本升级 (800)13.8.2Hotfix (802)13.8.3特征库更新 (804)13.8.4升级代理 (808)13.9系统维护 (809)13.9.1配置备份恢复 (809)13.9.2诊断工具 (813)13.9.3网管工具 (814)13.9.4补丁安装 (816)13.9.5关机重启 (817)13.9.6远程连接 (818)13.9.7资料查询 (819)13.10高级配置 (823)13.10.1系统参数 (823)13.10.2审计参数 (829)13.10.3控制参数 (832)13.10.4短信服务器 (833)13.10.5设备认证模式 (843)14附录 (844)14.1正则表达式 (844)14.2AD嗅探器安装指导 (847)14.2.1AD嗅探器服务版配置步骤 (848)14.2.2AD嗅探器绿色版配置步骤 (850)14.3AD登陆注销脚本安装指导 (852)14.3.1登陆注销脚本配置步骤 (852)14.3.2登陆注销脚本参数说明 (857)14.4AD域证书服务器部署指导 (858)14.5使用非管理员组账号进行AD服务器监控权限的设置 (860)14.5.1域服务器上开启登录账户的查看日志权限 (861)14.5.2域服务器上开启COM远程访问权限 (861)14.5.3域服务器上开启登录账户WMI权限 (865)14.6微信认证第三方服务器部署指导 (867)14.6.1场景一嵌入代码说明 (868)14.6.2场景二嵌入代码说明 (871)14.6.3demo实例 (873)14.7企业微信开发者平台配置 (875)14.7.1企业微信认证流程 (875)14.7.2企业微信配置前提条件 (876)14.7.3企业微信开发平台配置 (876)14.8阿里钉钉开发者平台配置 (881)14.8.1阿里钉钉认证流程 (881)14.8.2阿里钉钉开认证前提条件 (881)14.8.3阿里钉钉开发者平台配置-新版 (881)14.8.4阿里钉钉开发者平台配置-旧版 (882)14.8.5阿里钉钉开发者平台配置-录入配置-新版 (883)14.8.6阿里钉钉开发者平台配置-录入配置-旧版 (885)14.9受限Shell (886)14.10API接口文档 (886)前言帮助手册包括十四章，用于快速引导管理员了解并使用本产品，以及帮助管理员解决使用过程中遇到的问题。

Copyright 1984-2001 Wind River Systems, Inc.VxWorks: VxWorks5.4.2Created: Sep 16 2005, 13:09:04############################################################################## >> WITHIN 4 SECONDS, PRESS 'r' FOR FACTORY DEFAULTS OR 'i' TO SET STATIC IP << ##############################################################################Initializing Database...Loading default Database ........................................Loading Help...Loading Messages...Done.登陆<d7a98d71> Login: admin -------用户名Password: -------密码修改密码Quintum# con -----进入配置模式config# main -----进入main模式maintain# password -----输入修改密码口令Type the old password: -----输入旧密码Type the new password: -----输入新密码Type the new password again: -----再次输入新密码配置IP地址config# ei ------进入IP地址配置config-EthernetInterface-SL1DV1EI1# set ipa 192.168.1.200 ------设置IP地址config-EthernetInterface-SL1DV1EI1* set sm 255.255.255.0 ------设置子网掩码config-EthernetInterface-SL1DV1EI1* siprd ------进入配置出局IPconfig-StaticIPRouteDir-1* change 1 g 192.168.1.1 ------设置默认网关地址config-StaticIPRouteDir-1* sub ------保存config-EthernetInterface-SL1DV1EI1# main mc ------进入main mcmaintain-MasterChassis-1# reset ------重启命令Are you sure that you want to reset the MasterChassis (Yes/No)?yes配置DHCP 地址config# eiconfig-EthernetInterface-SL1DV1EI1# set dhcpe 1 -----采用DHCP模式config-EthernetInterface-SL1DV1EI1* subconfig-EthernetInterface-SL1DV1EI1# main mcmaintain-MasterChassis-1# resetAre you sure that you want to reset the MasterChassis (Yes/No)?yesPPPOE方式获得IP地址Quintum# conconfig# eiconfig-EthernetInterface-SL1DV1EI1# set pppoee 1 ------打开PPPOE模式config-EthernetInterface-SL1DV1EI1* subconfig-EthernetInterface-SL1DV1EI1# set pppoeusername qwerty ------设置pppoeusername config-EthernetInterface-SL1DV1EI1* set pppoepassword poiuyt ------设置pppoepassword config-EthernetInterface-SL1DV1EI1* subconfig-EthernetInterface-SL1DV1EI1# main mcmaintain-MasterChassis-1# resetAre you sure that you want to reset the MasterChassis (Yes/No)?yes配置H323config# h323config-H323SignalingGroup-1# set pgkipa xxx.xxx.xxx.xxx -----配置h323网守的地址config-H323SignalingGroup-1* set aeip 1配置自动更新ei中的ExternalNATIPAddr,如果不设置项,可能会导致电话单通config-H323SignalingGroup-1* set h323id xxxxx -----h323id,用于用户识别和计费config-H323SignalingGroup-1*sub设置配置拨号规则：Quintum# dp ------进入DialPlan目录Quintum-DialPlan-1# con ------进入config配置模式config-DialPlan-1# set maxdn 30 ------设置最多拨30位的号码config-DialPlan-1* set mindn 1 ------设置最少拨1位的号码config-DialPlan-1* set ldp ------设置本地长途前序为空config-DialPlan-1* set cpp ------设置运营商号码为空config-DialPlan-1* set intlp[1] ------设置第一个国际长途前序为空config-DialPlan-1* set ptc 1 ------设置拨号国家为中国config-DialPlan-1*sub ------保存以上设置config-DialPlan-1# sh ------查看修改后的设置.sh为show命令的缩写替换规则Quintum# conconfig#config# hndconfig-HopoffNumberDirectory-1# shconfig-HopoffNumberDirectory-1# add 5566 r 0 -----添加一个规则把5566替换成0config-HopoffNumberDirectory-1# remove ? -----去掉一个?规则config-HopoffNumberDirectory-1* sub查看各端口的状态config# cmd linestat -1O口做落地,必须添加服务器IP与网关自身IPQuintum# conconfig# epadconfig-EndPointAddressDirectory-1# add 服务器IP m 255.255.255.255 at 1config-EndPointAddressDirectory-1# add 网关IP m 255.255.255.255 at 1config-EndPointAddressDirectory-1* sub显示设备所有参数的配置命令Quintum# sh –xc查看序列号码（SN号码）Quintum# sh -v显示Debug 信息Quintum# ev l3 chQuintum# ev qu退出log信息,按q分配模拟网关的端口例如：只使用1...5的FXO口Quintum# conconfig# ai lineconfig-AnalogInterface-line# map 1..5 cg lineconfig-AnalogInterface-line* sub例如：只使用1,3,5的FXO口Quintum# conconfig# ai lineconfig-AnalogInterface-line# map 1,3,5 cg lineconfig-AnalogInterface-line* sub恢复出厂值Quintum# conconfig# setfactoryconfig# main mcmaintain-MasterChassis-1# reset如何打开/关闭没有使用的FXO端口？Quintum# conconfig# sl 2config-SIot-SL2# ai lineconfig-AnalogInterface-line# map +/-2..8 cg line ------(+)开/(-)关二到八端口config-AnalogInterface-line* sub如何解决FXO咬线问题？Quintum# conconfig# cassg lineconfig-CASSignalingGroup-line# set tbs 3 ------打开语音检测功能config-CASSignalingGroup-line* subconfig-CASSignalingGroup-line# tpconfig-ToneProfile-1# set dtf1 250 -----适当调大dtf1和dtf2频率范围config-ToneProfile-1* set dtf2 650config-ToneProfile-1* subconfig-ToneProfile-1# set dtont 350 ----适当调大DiscToneONTime和DiscToneOFFTime的时间config-ToneProfile-1* set dtofft 350config-ToneProfile-1* subconfig-ToneProfile-1# cassg phoneconfig-CASSignalingGroup-phone# set dtpa tp-1config-CASSignalingGroup-phone* subO口出现假记费，如何调整Quintum# conconfig# cassg lineconfig-CASSignalingGroup-line# set ad 60config-CASSignalingGroup-line* set tbs 3config-CASSignalingGroup-line* set asms 1config-CASSignalingGroup-line* set asda 1config-CASSignalingGroup-line* sub如何设置反极计费？Quintum# conconfig# cass lineconfig# set st 2 -------1是关掉反极计费功能如何送#号到FXO口？Quintum# conconfig# tcrgconfig-tcrg# AddEndOfDialDigit =1config-tcrg* sub如何检测PSTN是否带反极信号？Quintum# conconfig# main mcconfig-MasterChassis-1# cmd linestat 1Printing Status for Line 1Line Current = 19 mALine Voltage = -5 V -----通话前电压config-MasterChassis-1# cmd linestat 1Printing Status for Line 1Line Current = 18 mALine Voltage = -5 V -----通话中电压，如果带反极信号通话前后不会都是负电压如何设置网关主叫号码？Quintum# conconfig#isdn 1config-ISDNSignalingGroup-1#set dani 12345678 ------12345678即是主叫号码config-ISDNSignalingGroup-1*subconfig-ISDNSignalingGroup-1#main mcmaintain-MasterChassis-1# reset如何设置网关输出音量大小？Quintum# conconfig#iprgconfig-IPRoutingGroup-default# set rg/tg 2 ----set rg(输出)/tg(输入) 是设置输入音量大小命令config-IPRoutingGroup-default*sub如何设置最大通话时间？Quintum# conconfig# iprgconfig-IPRoutingGroup-default# set mtt 0 ----0参数是不限通话时间如何查看中继当前通话线数？Quintum# cmd calls ----任何命令层都可以合作该命令查看通话线数如何设置网关并发线？Quintum# conconfig# iprgconfig-IPRoutingGroup-default# set mica 30 ----30是并发线数接通率参数修改Quintum# conconfig# dpconfig-DialPlan-1# shconfig-DialPlan-1# set idt 3 ----接通时间为3秒sendConnected Event. leg(1) ----网关发出信号出去ocall tackSendDtmf ----表示接通Quintum AX OS 基本设置讲解常用命令Show //显示本目录内容Sub //保存刚修改的配置Discard //放弃保存未保存的配置New {name} //新建一项，如 new tcrg 1 (新建一个tcrg1组)Delete {name} //删除指定的项目，如 delete tcrg-1Exit //返回上一级目录Change //修改功能表中选项的属性Add //增加功能表中的选项Remove //删除功能表中的选项Setfactory //还原出厂设置（本机IP地址是不会变的）？ //提供当前目录所能用的命令的帮助status gktable //显示CMS中网守的路由表status ds1 //显示全部的数字中继卡接口的状态log //退出控制要进入某层目录时只需要写该目录名在系统中名字的大写部分。

最全Quintum 模拟FXO(FXS)网关设置文件－－之一1推荐红色的字体是要输入的命令底色为灰色的是终端上显示的内容双斜线（//）后面的是解释常用命令Show //显示本目录内容Sub //保存刚修改的配置Discard //放弃保存未保存的配置New {name} //新建一项，如new tcrg 1 (新建一个tcrg1组)Delete {name} //删除指定的项目，如delete tcrg-1Exit //返回上一级目录Change //修改功能表中选项的属性Add //增加功能表中的选项Remove //删除功能表中的选项Setfactory //还原出厂设置（本机IP地址是不会变的）？//提供当前目录所能用的命令的帮助status gktable //显示CMS中网守的路由表status ds1 //显示全部的数字中继卡接口的状态log //退出控制要进入某层目录时只需要写该目录名在系统中名字的大写部分。

如要进入到“GateKeeperParam”时只要写“gkp”操作模式配置模式写config(con)可进入。

该模式能让用户配置CMS的所有功能。

如：set、new、delete等诊断模式写diagnostics(diag)可进入。

在这里能用一些关于诊断和测试的命令。

如：ping维护模式写maintenance(main)可进入。

重起机器要在该模式下执行。

如：reset 监控模式写monitoring(mon)可进入。

监控系统母板、系统中心控制卡、DSP 卡等情况。

如：status最全Quintum 模拟FXO(FXS)网关设置文件－－之二1推荐在config下的指令树Quintum# show –l-VOIPNetwork-1-SIte-1-TimeServer-1 配置时钟服务器-DialPlan-1 配置拨号方式，如最长拨号规定是25位等-IPDialPlan-1 配置经过IP网的数字规则-PRIVateNumberingPlan-1 配置私人拨号方式的字冠-PUBlicNumberingPlan-1 配置公共拨号方式的字冠，如中国是86，广州是20等-MasterChassis-1-SYSLogServer-1 配置系统日志服务器-CDRServer-1 配置CDR话单服务器-CDRServer-2-ChannelGroup-line电话线口的信道组，在这里定义该所用的信令和路由-ChannelGroup-phone-SLot-SL2-DeVice-SL2DV1-AnalogInterface-SL2DV1AI1-CHannel-1..4-AnalogInterface-SL2DV1AI2-CHannel-1..4-DeVice-SL2DV2 第一张DSP卡的位置-DeVice-SL2DV3 第二张DSP卡的位置-SLot-SL1-DeVice-SL1DV1-EthernetInterface-SL1DV1EI1第一个以太网接口的位置-StaticIPRouteDir-1 以太网的网关的位置-DoMain-1-BorderElement-1 中心网守的位置-ZOne-1-GateWay-1-NumberDirectories-1-BypassNumberDirectory-1 旁路电话表-HuntLDNDirectory-pub1 公共号码表-HuntLDNDirectory-prv1-HopoffNumberDirectory-1号码转换表，最多能有64个表，每个表最多有40条路由转换-HopoffNumberDirectory-2-AutoSwitchNumberDir-1 定义selectnet功能的电话表-V oiceCodec-723-V oiceCodec-729-CodecProfile-1-ISDNSignalingGroup-1-H323SignalingGroup-1-TrunkCircuitRoutingGroup-1-LineCircuitRoutingGroup-1-FaxProfile-1 配置传真协议的地方-IPRoutingGroup-1-ToneProfile-1-GateKeeperParam-1-EndPointAddressDirectory-1 配置允许或禁止与本网关通讯的IP 地址-QOSPolicy-1使用selectnet功能的最大允许值-RouteDirectory-1-StaticRoute-1 第一个静态路由表在监控模式（Monitoring）下的指令树-monitor-alarm //显示所有的告警状态。

Juniper路由器配置详解第一章：Juniper路由器概述Juniper Networks是全球知名的网络设备供应商之一，其路由器产品以高性能和可靠性而闻名。

本章将介绍Juniper路由器的基本概念和架构。

首先将介绍Junos操作系统，然后探讨Juniper路由器的不同系列和型号。

第二章：Juniper路由器接口配置Juniper路由器的接口配置非常重要，它决定了如何连接路由器以及与其他设备进行通信。

本章将详细讨论接口类型、接口配置命令以及不同接口的特性和用途。

第三章：基本路由配置路由是网络中数据包传输的基础，对于Juniper路由器的配置来说非常重要。

本章将介绍如何配置静态路由和动态路由，包括OSPF和BGP等常用路由协议。

第四章：高级路由配置高级路由配置允许更复杂的路由策略和动态路由选择。

本章将讨论路由策略配置和路由过滤列表等高级路由功能，以及如何实现路由红istribution和路由聚合。

第五章：安全配置网络安全对于任何企业来说都是至关重要的。

本章将介绍如何配置Juniper路由器的安全功能，包括防火墙、虚拟私有网络（VPN）和安全策略等。

我们还将谈及如何使用Juniper安全套件提供的高级保护机制来保护网络。

第六章：QoS配置服务质量（QoS）是保证网络性能的重要因素之一。

本章将详细讨论如何使用Juniper路由器的QoS功能来管理带宽、优化流量和提供最佳用户体验。

第七章：管理配置管理配置是确保Juniper路由器正常运行的关键。

本章将讨论如何配置远程访问、系统日志和故障排除等管理功能。

我们还将介绍如何使用Junos Space网络管理平台来实现集中化管理和配置。

第八章：高可用性配置高可用性是企业网络的重要要求之一。

本章将介绍如何配置Juniper路由器的高可用性功能，包括冗余路由器、Virtual Chassis和Link Aggregation等。

我们还将讨论如何实现网络故障恢复和负载均衡。

Juniper防火墙简单配置说明Netscreen-25从左向右依次为Trust Interface、DMZ Interface、Untrust Interface、Null。

其中Trust Interface相当于HUB口，下行连接内部网络设备。

Untrust Interface相当于主机口，上行连接上公网的路由器等外部网关设备；两端口速率自适应（10M/100M）。

DMZ Interface、 Null介绍从略。

下文仅简单地以马可尼网管服务器和南瑞通信综合网管系统中一台前置机通信为例。

南瑞综合网管系统前置机地址为192.168.1.4，马可尼传输网管地址为192.168.0.32。

配置完成后，实现马可尼网管只能与192.168.1.4前置机通信，其他192.168.1.X机器都无法访问马可尼网管。

配置前的准备1.先更改控制终端(如果用自己笔记本调试自己笔记本就是控制终端)的IP地址为192.168.1.X，子网255.255.255.0控制终端通过直通网线与Trust Interface相连（也就是第一个口），用IE登录设备主页（最好用IE，其他浏览器可能会出现不兼容的状况）。

在地址栏里输入192.168.1.1。

出现下图：跳跃过初始化防火墙步骤. 选择第三行,点击next.输入缺省登陆帐号: netscreen 密码:netscreen登陆后出现主页面展开左边资源树，单击Interface后，出现下图界面。

首先配置ethernet1口（即第一个口）的IP和子网掩码。

单击上图ethernet1行中的Edit，出现下图：Netscreen-25防火墙默认第一个口为Trust区，即信任区。

选择Static IP输入ethernet1端口的配置地址192.168.1.243/24后点击Apply 后单击OK。

如果不点击OK，设备重启配置则无效。

用同样方法配置第三个口Untrust区，即非信任区。

设置IP为192.168.0.243/24设置完成后点击OK，保存设置。