[USG2210]display current-configuration
14:10:20 2010/03/16
#
acl number 2000
step 1
rule 1 permit source 192.168.3.66 0
rule 2 permit source 192.168.4.10 0
rule 3 permit source 192.168.4.11 0
rule 4 permit source 192.168.4.12 0
rule 5 permit source 192.168.4.13 0
rule 6 permit source 192.168.4.14 0
rule 7 permit source 192.168.4.15 0
rule 8 permit source 192.168.2.10 0
rule 9 permit source 192.168.2.11 0
rule 10 permit source 192.168.2.12 0
rule 11 permit source 192.168.2.13 0
rule 12 permit source 192.168.2.14 0
rule 13 permit source 192.168.2.15 0
rule 14 permit source 192.168.2.16 0
rule 15 permit source 192.168.2.17 0
rule 16 permit source 192.168.2.18 0
rule 17 permit source 192.168.2.19 0
rule 19 permit source 192.168.2.21 0
rule 20 permit source 192.168.2.22 0
rule 21 permit source 192.168.2.23 0
rule 22 permit source 192.168.2.24 0
rule 24 permit source 192.168.2.26 0
rule 25 permit source 192.168.2.27 0
rule 27 permit source 192.168.1.58 0
rule 28 permit source 192.168.1.56 0
rule 29 permit source 192.168.2.50 0
rule 30 permit source 192.168.2.198 0
rule 31 permit source 192.168.1.2 0
rule 32 permit source 192.168.2.98 0
rule 33 permit source 192.168.2.209 0
rule 67 permit source 192.168.3.67 0
rule 68 permit source 192.168.1.9 0
rule 69 permit source 192.168.1.45 0
rule 200 permit source 192.168.2.200 0
rule 201 permit source 192.168.2.201 0
rule 300 permit source 192.168.6.0 0.0.0.255
rule 301 permit source 192.168.1.3 0
rule 2000 deny source 192.168.0.0 0.0.255.255
#
acl number 3000
rule 5 permit ip source 192.168.0.0 0.0.255.255
#
sysname USG2210
#
web-manager enable
#
info-center timestamp debugging date
#
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction inbound
firewall packet-filter default permit interzone local untrust direction outboun
d
#
nat address-group 1 121.15.135.81 121.15.135.82
#
firewall blacklist enable
firewall blacklist filter-type icmp
firewall blacklist filter-type tcp
firewall blacklist filter-type udp
firewall blacklist filter-type others
#
firewall mac-binding 192.168.2.200 000d-6077-ef94
#
firewall defend ip-spoofing enable
firewall defend land enable
firewall defend smurf enable
firewall defend fraggle enable
firewall defend winnuke enable
firewall defend icmp-redirect enable
firewall defend icmp-unreachable enable
firewall defend source-route enable
firewall defend route-record enable
firewall defend tracert enable
firewall defend time-stamp enable
firewall defend ping-of-death enable
firewall defend teardrop enable
firewall defend tcp-flag enable
firewall defend ip-fragment enable
firewall defend large-icmp enable
firewall defend ip-sweep enable
firewall defend port-scan enable
firewall defend syn-flood enable
firewall defend udp-flood enable
firewall defend icmp-flood enable
firewall defend get-flood enable
firewall defend dns-flood enable
firewall defend tcp-illegal-session enable
firewall defend arp-flood enable
firewall defend arp-spoofing enable
#
firewall statistic system enable
#
interface GigabitEthernet0/0/0
speed 100
description to-switch
ip address 192.168.6.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 121.15.135.81 255.255.255.248
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
#
firewall zone untrust
set priority 5
add interface GigabitEthernet0/0/1
#
firewall zone dmz
set priority 50
#
firewall interzone trust untrust
packet-filter 2000 outbound
nat outbound 3000 address-group 1
detect ftp
detect http
#
aaa
local-user hsadmin password cipher 4E=CC4S,53%LaN9G%UD&AA!!
local-user hsadmin service-type ftp web telnet
local-user hsadmin level 3
local-user hsadmin ftp-directory flash:
local-user xj password cipher YP*C^"L28LELaN9G%UD&AA!!
local-user xj service-type web telnet
local-user xj level 3
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
slb
#
ip route-static 0.0.0.0 0.0.0.0 121.15.135.86
ip route-static 192.168.0.0 255.255.0.0 192.168.6.1
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa
protocol inbound telnet
#
return
[USG2210]
14:10:20 2010/03/16
#
acl number 2000
step 1
rule 1 permit source 192.168.3.66 0
rule 2 permit source 192.168.4.10 0
rule 3 permit source 192.168.4.11 0
rule 4 permit source 192.168.4.12 0
rule 5 permit source 192.168.4.13 0
rule 6 permit source 192.168.4.14 0
rule 7 permit source 192.168.4.15 0
rule 8 permit source 192.168.2.10 0
rule 9 permit source 192.168.2.11 0
rule 10 permit source 192.168.2.12 0
rule 11 permit source 192.168.2.13 0
rule 12 permit source 192.168.2.14 0
rule 13 permit source 192.168.2.15 0
rule 14 permit source 192.168.2.16 0
rule 15 permit source 192.168.2.17 0
rule 16 permit source 192.168.2.18 0
rule 17 permit source 192.168.2.19 0
rule 19 permit source 192.168.2.21 0
rule 20 permit source 192.168.2.22 0
rule 21 permit source 192.168.2.23 0
rule 22 permit source 192.168.2.24 0
rule 24 permit source 192.168.2.26 0
rule 25 permit source 192.168.2.27 0
rule 27 permit source 192.168.1.58 0
rule 28 permit source 192.168.1.56 0
rule 29 permit source 192.168.2.50 0
rule 30 permit source 192.168.2.198 0
rule 31 permit source 192.168.1.2 0
rule 32 permit source 192.168.2.98 0
rule 33 permit source 192.168.2.209 0
rule 67 permit source 192.168.3.67 0
rule 68 permit source 192.168.1.9 0
rule 69 permit source 192.168.1.45 0
rule 200 permit source 192.168.2.200 0
rule 201 permit source 192.168.2.201 0
rule 300 permit source 192.168.6.0 0.0.0.255
rule 301 permit source 192.168.1.3 0
rule 2000 deny source 192.168.0.0 0.0.255.255
#
acl number 3000
rule 5 permit ip source 192.168.0.0 0.0.255.255
#
sysname USG2210
#
web-manager enable
#
info-center timestamp debugging date
#
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction inbound
firewall packet-filter default permit interzone local untrust direction outboun
d
#
nat address-group 1 121.15.135.81 121.15.135.82
#
firewall blacklist enable
firewall blacklist filter-type icmp
firewall blacklist filter-type tcp
firewall blacklist filter-type udp
firewall blacklist filter-type others
#
firewall mac-binding 192.168.2.200 000d-6077-ef94
#
firewall defend ip-spoofing enable
firewall defend land enable
firewall defend smurf enable
firewall defend fraggle enable
firewall defend winnuke enable
firewall defend icmp-redirect enable
firewall defend icmp-unreachable enable
firewall defend source-route enable
firewall defend route-record enable
firewall defend tracert enable
firewall defend time-stamp enable
firewall defend ping-of-death enable
firewall defend teardrop enable
firewall defend tcp-flag enable
firewall defend ip-fragment enable
firewall defend large-icmp enable
firewall defend ip-sweep enable
firewall defend port-scan enable
firewall defend syn-flood enable
firewall defend udp-flood enable
firewall defend icmp-flood enable
firewall defend get-flood enable
firewall defend dns-flood enable
firewall defend tcp-illegal-session enable
firewall defend arp-flood enable
firewall defend arp-spoofing enable
#
firewall statistic system enable
#
interface GigabitEthernet0/0/0
speed 100
description to-switch
ip address 192.168.6.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 121.15.135.81 255.255.255.248
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
#
firewall zone untrust
set priority 5
add interface GigabitEthernet0/0/1
#
firewall zone dmz
set priority 50
#
firewall interzone trust untrust
packet-filter 2000 outbound
nat outbound 3000 address-group 1
detect ftp
detect http
#
aaa
local-user hsadmin password cipher 4E=CC4S,53%LaN9G%UD&AA!!
local-user hsadmin service-type ftp web telnet
local-user hsadmin level 3
local-user hsadmin ftp-directory flash:
local-user xj password cipher YP*C^"L28LELaN9G%UD&AA!!
local-user xj service-type web telnet
local-user xj level 3
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
slb
#
ip route-static 0.0.0.0 0.0.0.0 121.15.135.86
ip route-static 192.168.0.0 255.255.0.0 192.168.6.1
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa
protocol inbound telnet
#
return
[USG2210]