当前位置:文档之家 › 网神安全网关配置方法

网神安全网关配置方法

  • 格式:doc
  • 大小:39.00 KB
  • 文档页数:7

下载文档原格式

  / 19
  1. 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
  2. 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
  3. 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。

1. 将计算机IP地址设置为10.50.10.44,掩码255.255.255.0,网关

10.50.10.45,连接在VPN网关的FE1口。

2. 打开VPN网关配套光盘中的Admin Cert目录,双击证书文件SecGateAdmin.p12,弹出如下窗口。

按提示进行安装,密码为“123456”,其它按默认即可安装成功。

3. 在IE浏览器中输入:https://10.50.10.45:8889,密码为firewall

进入VPN网关管理界面。

4. 进入VPN网关管理界面。

5. 选择系统配置——》导入导出。

点击“浏览”,选择配置文件fwconfig.txt。

fwconfig.txt 如下:

# hardware version: SecGate 3600-F3(SJW79)A

# software version: 3.6.4.26

# hostname: SecGate

# serial number: f6f335072669bb05

defaddr delalladdr

defaddr add DMZ 0.0.0.0/0.0.0.0 comment "DMZ"

defaddr add Trust 0.0.0.0/0.0.0.0 comment "Trust"

defaddr add Untrust 0.0.0.0/0.0.0.0 comment "Untrust"

vpn set default prekey PleaseInputPrekey ikelifetime 28800 ipseclifetime 3600 vpnstatus on vpnbak off

vpn on

vpn add remote static main psk name xian addr 222.91.74.218 prekey PleaseInputPrekey ike 3des-sha1-dh5,aes-sha1-dh5 initiate on obey off nat_t on ikelifetime 28800 dpddelay 0 dpdtimeout 0

vpn add tunnel name xian_qianxian local 61.185.40.23 remote xian auth esp ipsec aes128-md5,3des-sha1 pfs on dh_group 5 ipseclifetime 3600 proxy_localip 0.0.0.0 proxy_localmask 0.0.0.0 proxy_remoteip 0.0.0.0 proxy_remotemask 0.0.0.0

anti synflood fe1 200

anti icmpflood fe1 1000

anti pingofdeath fe1 800

anti udpflood fe1 1000

anti pingsweep fe1 10

anti tcpportscan fe1 10

anti udpportscan fe1 10

anti synflood fe2 200

anti icmpflood fe2 1000

anti pingofdeath fe2 800

anti udpflood fe2 1000

anti pingsweep fe2 10

anti tcpportscan fe2 10

anti udpportscan fe2 10

anti synflood fe3 200

anti icmpflood fe3 1000

anti pingofdeath fe3 800

anti udpflood fe3 1000

anti pingsweep fe3 10

anti tcpportscan fe3 10

anti udpportscan fe3 10

anti synflood fe4 200

anti icmpflood fe4 1000

anti pingofdeath fe4 800

anti udpflood fe4 1000

anti pingsweep fe4 10

anti tcpportscan fe4 10

anti udpportscan fe4 10

sysif set fe1 speed auto mtu 1500 ipmac off macpolicy permit mode route sroute off log off anti off nonip deny idsblock off vlan off

sysif set fe2 speed auto mtu 1500 ipmac off macpolicy permit mode route sroute off log off anti off nonip deny idsblock off vlan off

sysif set fe3 speed auto mtu 1500 ipmac off macpolicy permit mode route sroute off log off anti off nonip deny idsblock off vlan off

sysif set fe4 speed auto mtu 1500 ipmac off macpolicy permit mode route sroute off log off anti off nonip deny idsblock off vlan off

sysip add fe1 10.50.10.45 255.255.255.0 ping off admin on adminping on traceroute on

sysip add fe4 61.185.40.23 255.255.255.128 ping on admin on adminping off traceroute off

sysip add fe3 172.24.40.100 255.255.255.0 ping on admin on adminping off traceroute off

vrrpbunch delay 10

route add droute any 61.185.40.1

mngglobal set cpu 80 mem 80 fs 80 rcomm "public" wcomm "private" trapc "public" username "snmpuser" level "AuthnoPriv" authpass "12345678"

相关主题