Sep 20, 2008

Public IP vs Private IP

很多人對於真正的所謂"合法"/"非法"/"公開"/"私有"/"真實"/"虛擬"IP的定義並不清楚,因此我今天來幫各位介紹一下IP Address的範圍劃分。

以英文正式的字眼來表示IP的屬性,通常我們習慣使用"Public"/"Private" IP來表示。所以建議各位以這兩個英文單字為基礎來翻譯比較妥當。

IP Address是32-bits所組成的位址,所以理論上可使用的範圍為0.0.0.0 ~ 255.255.255.255,但是IANA為了管理方便,針對IP Address的前幾個位元制定了以下原則:

Class A: (第一個bit為0)
Default Mask:255.0.0.0(/8)
From
0000 0000.0000 0000.0000 0000.0000 0000
(0.0.0.0)
To
0111 1111.1111 1111.1111 1111.1111 1111
(127.255.255.255)

Class B: (第一、二個bit分別為10)
Default Mask:255.255.0.0(/16)
From
1000 0000.0000 0000.0000 0000.0000 0000
(128.0.0.0)
To
1011 1111.1111 1111.1111 1111.1111 1111
(191.255.255.255)

Class C: (第一、二、三個bit分別為110)
Default Mask:255.255.255.0(/24)
From
1100 0000.0000 0000.0000 0000.0000 0000
(192.0.0.0)
To
1101 1111.1111 1111.1111 1111.1111 1111
(223.255.255.255)

在目前Internet只有Class A/B/C這三個範圍合法使用,所以各位如果在公司有使用Firewall的話,如果沒有其他Multicast額外的應用,大可將其他的IP範圍阻擋,避免一些惡意假造來源IP的UDP攻擊。

Class D: (第一、二、三、四個bit分別為1110)
Reserved for Multicast
From
1110 0000.0000 0000.0000 0000.0000 0000
(224.0.0.0)
To
1110 1111.1111 1111.1111 1111.1111 1111
(239.255.255.255)

Class E: (第一、二、三、四個bit分別為1111)
Reserved for Research
From
1111 0000.0000 0000.0000 0000.0000 0000
(240.0.0.0)
To
1111 1111.1111 1111.1111 1111.1111 1111
(255.255.255.255)

其中IANA也定義所謂的Private IP Address(Intranet)的範圍,讓大家有共同的規則可遵行,因此RFC 1918中所制定的Private IP Address同時也是不應該存在於Internet上,各位也可以在對外的Firewall上將這些網段進行阻擋。

RFC 1918
Class A(10.0.0.0~10.255.255.255)
Class B(172.16.0.0~172.31.255.255)
Class C(192.168.0.0~192.168.255.255)

漫談Unicast/Broadcast/Multicast

1.Unicast(單點傳播)
通常指的是特定的目的地位址,一般是主機之間互相傳遞封包的方式,也是最常見的網路通訊方式。
因此我們有時稱之為One-to-One的通訊方式。


2.Broadcast(廣播)
通常發生於MultiAccess網路媒介中,例如區域網路(Local Area Network)。在Layer 2中表頭的MAC目的地位址通常是FF-FF-FF-FF-FF-FF,在Layer 3中表頭的IP目的地位址通常是255.255.255.255。連接至同一個網段(Segment)網路媒介上的所有主機及網路設備都會接收到這個封包並進行處理。因此我們稱之為One-to-All的通訊方式。


3.Multicast(多播/群播)一般應用於相同的來源資料要同時傳送給一群特定的接收者(Multicast Group Client),但是來源端只要發送一份資料,因此頻寬的使用量不會因為接收者增加而增加,是網路視訊(如VoD/遠距教學/視訊會議)的最佳解決方案。因此我們稱之為One-to-Many(or Many-to-Many)的通訊方式。

OSI 7層參考模式

各個國際標準組織如CCITT, IAB/Internet Society, IEEE, ISO等,無不投注極多人力及物力來推動標準化的工作。例如IAB/Internet Society的TCP/IP已成工業標準,並為目前世界上最廣泛使用的電腦網路通訊協定。此外,如ISO 的OSI (Open System Interconnection) 也為學、研各界及各國政府極力推廣成為網路通信的標準規範。

國際標準組織(ISO)為了促進網路通訊協定的標準化,於 1983 年制訂了開放式系統連接(Open System Interconnection,簡稱 OSI)標準,以作為網路開發者在發展軟硬體設備時共同遵循的規範。OSI 參考模式具備階層式協定(Layered Protocol),總共定義了7個不同層級,其中愈上層編號愈大,愈下層編號愈小。

7 應用層(Application Layer)
6 表達層(Presentation Layer)
5 會議層(Session Layer)
4 傳輸層(Transport Layer)
3 網路層(Network Layer)
2 資料鏈結層(Data Link Layer)
1 實體層(Physical Layer)


◎應用層(Application Layer):
支援使用者應用作業,如檔案傳輸、電子郵件、虛擬終端、名錄服務、訊息處理系統。

相關網路設備:Firewall、L7 Switch

◎表現層(Presentation Layer) :
確認使用者應用作業格式以使其能夠彼此交換資料,如將 ASCII 轉換成 EBCDIC、內碼轉換、壓縮與解壓縮、加密與解密

◎會談層(Session Layer):
提供使用者應用作業同步及控制。此階層提供會談連結的建立,建立會談以及終止會談。建立傳輸規則

◎傳輸層(Transport Layer):
確保資料輸送的品質及可靠性,提供兩個系統間一可靠穩定並無錯誤的資料傳輸管道,如Connection management、Flow control、End-to-end error control

相關網路設備:L4 Switch(Load-Balance Device)

◎網路層(Network Layer):
指定使用者資料轉送至網路的界面,負責資料的包封及傳輸途徑的設定。如:Addressing、Routing

相關網路設備:Router、L3 Switch

◎資料鏈結層(Data Link Layer):
將要送經網路的資料包裝及拆裝,組織這些位元。負責將資料切割成真正的資料框,並將之送至傳輸媒介上。如:Framing,錯誤控制以及媒體存取控制(Media Access Control)。

相關網路設備:Switch、Bridge

◎實體層(Physical Layer):
控制電腦介面如何經由網路來交談,這個階層指定了電子規格。如EIA-232, V.22 bis,V.35等傳輸介質的規格、接頭的規格、資料在介質上的呈現方式

相關網路設備:RJ-45、NIC(Network Information Card)、Hub、Repeater

Sep 19, 2008

何謂"Trunking"?

您知道三層交換機技術中常提到的TRUNK是什麼意思嗎?

在技術領域中把TRUNK翻譯為中文是“主幹、幹線、中繼線、長途線”,不過一般不翻譯,直接用原文。同樣的名詞在不同場合中有不同的解釋:

1、 在網路的分層結構和頻寬的分配方面,TRUNK被解釋為“端口匯聚”,是頻寬擴展和鏈路備份的一個重要途徑。TRUNK把多個物理端口捆綁在一起當作一個邏輯端口使用,可以把多組端口的頻寬累加起來使用。TRUNK技術可以實現TRUNK內部多條鏈路互為備份的功能,即當一條鏈路出現故障時,不影響其他鏈路的工作,同時多鏈路之間還能實現流量負載均衡。

2、在電信網路的語音級的線路中,Trunk指的是“主幹網路、電話幹線”,即兩個交換局或交換機之間的連接電路或信道,它能夠在兩端之間進行轉接,並提供必要的訊號和終端設備傳輸。

3、 在Routing & Switching領域中,VLAN的端口聚合有的叫TRUNK,不過大多數都叫TRUNKING ,如CISCO。所謂的TRUNKING是用來在不同的交換機之間進行連接,以保證在跨越多個交換機上建立的同一個VLAN的成員能夠相互通訊。其中交換機之間互聯用的端口就稱為TRUNK端口。

TRUNKING是基於OSI第二層技術,如果你在2個交換機上分別劃分了多個VLAN(VLAN也是基於Layer2的),那麼分別在兩個交換機上的VLAN10和VLAN20的各自的成員如果要互通,就需要在A交換機上設為VLAN10的端口中取一個和交換機B上設為VLAN10的某個端口利用一條實體線路相連接。

那麼如果交換機上設定了10個VLAN就需要分別使用10條實體線路來跟另一個交換機上10個不同VLAN的端口互相連結。相對來說使用效率低落而且管理不易。如果交換機支援TRUNKING的話,事情就簡單多了,只需要2個交換機之間有一條實體連線,並將對應的端口設置為Trunk,這條線路就可以承載交換機上所有VLAN的資訊。這樣的話,就算交換機上設了上百個個VLAN也只要用1個端口就可以解決了。

如果交換機上相同VLAN的主機要相互通信,那麼可以通過共用的trunk端口就可以實現;如果是不同VLAN的主機之間要相互通信,就必需要通過第三方的路由功能的設備來實現。這也就是所謂的Inter-VLAN Routing。

【例】假設有兩個VLAN,分別為VLAN 1(Switch F0/2),VLAN 2(Switch F0/3),在F0/2跟F0/3上各接了一台主機,VLAN 1(192.168.0.0/24)、VLAN 2(192.168.1.0/24)分屬於不同網段;此時就需要有一台具有路由功能的設備(如Router)來負責進行Inter-VLAN Routing:將Router及Switch使用Trunking(IEEE 802.1Q or Cisco ISL,本例中使用IEEE 802.1Q)方式對接,然後在Router上設定sub-interface對應相對的VLAN。

Router F0/0 - <802.1q/ISL Trunk> - Switch F0/1
F0/2接PC1
F0/3接PC2

在Router Trunk port上設定sub-interface對應同一個VLAN的ip address當成VLAN1, VLAN2的GW

Router:
int f0/0
ip address 192.168.0.254 255.255.255.0

int f0/0.2
encapsulation dot1q 2
ip address 192.168.1.254 255.255.255.0

Switch:
int f0/1
switchport trunk encapsulation dot1q (Cat.2950 不用打此指令)
switchport mode trunk

int f0/2
switchport mode access
switchport access vlan 1

int f0/3
switchport mode access
switchport access vlan 2

Cisco IOS Upgrade/Recovery Process

在Cisco目前的正式課程中並沒有讓各位實作IOS upgrade的練習,因此我把這個動作相關的指令寫出來:

1.首先你需要一台TFTP Server,如果沒有的話,可以利用Cisco Router/Switch來充當,不過IOS必須存放於即將成為TFTP Server的Router/Switch Flash中。

Router_A# sh flash:

System flash directory:
File Length Name/status
1 16299836 c2600-ik9o3s3-mz.123-15.bin
[16299900 bytes used, 477312 available, 16777212 total]
16384K bytes of processor board System flash (Read/Write)

2.Router_A#conf t
Router_A(config)# ip tftp source-interface fastEthernet 0/0
!指定TFTP Server將會使用那個介面上的IP當Source Interface
Router_A(config)# tftp-server flash:c2600-ik9o3s3-mz.123-15.bin
!設定此Router提供那一個檔案開放TFTP下載

3.假設今天是在RouterB要昇級IOS或是Flash不小心被清空了(請千萬不要Reload…否則會無法開機):

RouterB#copy tftp: flash: =>從TFTP上複製檔案到Flash:
Address or name of remote host []? 10.1.1.1 => Router_A FastEthernet 0/0 IP Address
Source filename []? c2600-ik9o3s3-mz.123-15.bin
Destination filename [c2600-ik9o3s3-mz.123-15.bin]?

4.為了確保IOS檔案正確性,建議使用以下指令在重新開機前,請使用以下指令:
RouterB# verify flash:c2600-ik9o3s3-mz.123-15.bin

Network Bits vs Host Bits

IPv4 IP Address共有32個bits
大致分為兩個部份
-Network Bits
-Host Bits

主要的劃分則是以mask為依據
如16.0.0.0/17
IP:
0001 0000.0000 0000.0000 0000.0000 0000

Mask:
1111 1111.1111 1111.1000 0000.0000 0000

這就代表IP前面17個bits為Network Bits => 因此/8 => /17,將會有2^(17-8)個subnets
後面15個bits為Host Bits => 因此每個subnets都有2^(32-17)-2個IP

為何16.0.0.0/17的範圍是16.0.0.0~16.0.127.255
因為16.0.0.0/17中前面17個bits是Network bits,因此不可變
後面15個bits是Host bits,你利用0 and 1任意排列組合出來的結果就會是

0001 0000.0000 0000.0000 0000.0000 0000(16.0.0.0)
0001 0000.0000 0000.0000 0000.0000 0001(16.0.0.1)
0001 0000.0000 0000.0000 0000.0000 0010(16.0.0.2)
0001 0000.0000 0000.0000 0000.0000 0011(16.0.0.3)
...
0001 0000.0000 0000.0111 1111.1111 1111(16.0.127.255)

那麼下一個IP是什麼呢? 也就是下一個網段的第一個IP
我想應該不用我再多說了。

以上就是Network Bits與Host Bits的意義與區別!

子網路切割範例(一)

問:172.25.0.0/16進行子網路切割,至少要有12個以上的子網路。

答:
2^n > 12 => n=4 (Host bits被借去成為Network bits的數量),共可產生2^4 = 16個子網路

因此新的Network Bits = 16 + 4= 20,新的Host Bits = 32 – (16 + 4) = 12

子網路遮罩為 /255.255.240.0 => 我們用256減去最後一個不為0的數字 240 = 16

所以新的subnet分別為:
1. 172.25.0.0/20
2. 172.25.16.0/20
3. 172.25.32.0/20
4. 172.25.48.0/20
5. 172.25.64.0/20
6. 172.25.80.0/20
7. 172.25.96.0/20
8. 172.25.112.0/20
9. 172.25.128.0/20
10. 172.25.144.0/20
11. 172.25.160.0/20
12. 172.25.176.0/20
13. 172.25.192.0/20
14. 172.25.208.0/20
15. 172.25.224.0/20
16. 172.25.240.0/20

How to configure loopback interface appear as /24 in OSPF routing table ?

各位可能都設定過OSPF & interface loopback,不過各位有沒有注意到不論loopback interface中的ip address mask為何,在OSPF交換之後還是顯示/32 ?

R1
interface Loopback0
ip address 210.210.210.1 255.255.255.0
!
interface FastEthernet1/0
ip address 10.10.10.1 255.255.255.0
!
router ospf 1
network 10.10.10.0 0.0.0.255 area 0
network 210.210.210.0 0.0.0.255 area 0


R2
interface FastEthernet1/0
ip address 10.10.10.2 255.255.255.0
!
router ospf 1
network 10.10.10.0 0.0.0.255 area 0


以上述兩個Router為例,在R2上看到的路由表仍然會是210.210.210.1/32

R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

210.210.210.0/32 is subnetted, 1 subnets
O 210.210.210.1 [110/1] via 10.10.10.1, 00:00:05, FastEthernet1/0


所以我們可以在R1 interface loopback 0加上一行ip ospf network point-to-point,那麼R2看到的路由就不會再是/32而是原來實際的mask /24

R1
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int lo0
R1(config-if)#ip ospf network point-to-point


R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

O 210.210.210.0/24 [110/1] via 10.10.10.1, 00:00:24, FastEthernet1/0

Sep 18, 2008

uRPF(Unicast Reverse Path Forwarding)

uRPF(Unicast Reverse Path Forwarding)

大致可以分為三種:
  1. Strict uRPF - 在ingress router上設定,如果只有一條對外連線,通常會使用Strict uRPF;不但會檢查來源位址,同時也會檢查該封包進入router的interface是否與路由表一致
  2. Loose uRPF - 通常在egress router上設定;只要RIB中有存在該位址,不管是來自於那一個interface都可以
  3. iACL uRPF (Infrastructure ACL) - 主要是透過ACL來設定uRPF的功能

Strict uRPF:(檢查封包來源位址及進入router的interface與路由表是否一致)
Router(config)# ip cef
Router(config)# interface eth0/1
Router(config-if)# ip verify unicast reverse-path


Loose uRPF:(只單純檢查封包的來源位址是否存在於路由表中)
Router(config)#interface pos 1/0
Router(config-if)# ip ver unicast source reachable-via any


iACL uRPF:(檢查每一個封包的來源位址,如果不符合ACL的條件就會drop,如果加上log參數就可以紀錄下來所有失敗的封包)
Router(config)# interface pos1/0
Router(config-if)# ip verify unicast reverse-path 190
Router(config)# access-list 190 permit ip {customer network} {customer network mask} any
Router(config)# access-list 190 deny ip any any [log]

So-net宣布:光纖高速上網速率達10M/2M

So-net宣布:光纖高速上網速率達10M/2M(2008/09/19 00:54)

根據NCC資料顯示,2008年第一季我國行動上網用戶數已達1,246萬戶。(資料來源:資策會-FIND/經濟部技術處) 記者蘇湘雲/台北報導

光纖高速上網時代的腳步已經愈來愈近!台灣碩網網路娛樂公司(So-net)18日宣布,該公司所開通之光纖服務網已經搶通北、中、南等全省共17個縣市,目前所提供的上傳/下載速率為10M/2M,為目前光纖開通縣市最廣的民營ISP業者,提供用戶最火速的上網服務。

舉凡上網、購物、遊戲、通訊、視訊會議、影片、音樂及軟體的上傳/下載等,人們透過網路得到輕而易舉的便捷,越來越多人了解光纖上網帶來的好處及趨勢,如更高速、更穩定、更安全、且不受距離影響的傳輸。

挾帶日本成功光纖經驗的So-net指出,若依照目前網路服務的平均消費水平來看,升級光纖的費用是一個超值划算的方案,只要光纖鋪設到達住宅(FTTB),用戶即可為網路升級。

So-net產品規劃行銷處寬頻事業部協理蘇柏銘表示,先進國家政府如日本、香港、北歐、韓國等積極推廣光纖網路,帶動國家更強的競爭力,現今日本全國光纖覆蓋率已近 60%,主要都市更高達95%,So-net在日本已擁有七十多萬的光纖用戶的支持,藉由日本光纖成功推展經驗傳承,提供So-net在台灣更具競爭力的參考值,目前所提供的速率為10M/2M,未來將評估更高速的方案。

Sep 17, 2008

Bluecoat PacketShaper Bootcamp Day2 Notes

.Check License Key:
PacketShaper# setup keys show

Installed Keys: compatibility 1
control on
linksize 2m
compression on
acceleration on (Expires: 20081002)

.License Upgrade
Usage: setup keys add [yyyymmdd]

PacketShaper# setup keys add compatibility
PacketShaper# setup keys add control
PacketShaper# setup keys add linksize
PacketShaper# setup keys add compression
PacketShaper# setup keys add acceleration

.Measurement Engine(ME)


.Police
PacketShaper# ipfilter



show Show IP info
clear Clear IP filter[s]
onlyaccept Only accept specified packets
passthrough Passthrough specified packets
discard Discard specified packets
iponly Relay only IP trafic on|off.


.Show configuration limits
PacketShaper# sys limits


Statically allocated objects Current Remaining Total
-------------------------------------------------------------------
Traffic classes 80 176 256
Partitions 2 126 128
Dynamic Partitions 0 125 125
Policies 16 240 256
Matching rules 207 435 642
Classes with worst clients/servers 5 3 8
Classes with top talkers/listeners 10 2 12
TCP flows 618 4502 5120
Other IP flows 258 2302 2560
Legacy flows 0 1024 1024
Concurrent Hosts 5120 0 5120
MAC Cache Entries 46 4050 4096
Fragment Cache Entries 0 50 50
Command Contexts 10 20 30
Compression tunnels 0 0 0
Compression entries 0 0 0
Tunnels 0 10 10

Dynamically allocated objects Current Potential Total
-------------------------------------------------------------------
Matching rule host references 5 1299 1304
Host list DS entries 5 1166 1171
DNS names 2 3935 3937
Customer Portal users 0 256 256

Note: "Potential" for each object is an estimate allocating all
remaining dynamic memory to that object type.



PacketShaper# sys diag
(Per 15 mintues interval auto execution diagnose generates files under /DIAG/ directory by default)




PacketShaper# setup capture complete

Overwrite 9.256/cmd/config.cmd
Please confirm if you really want to proceed (YES): yes

Saved complete configuration in 9.256/cmd/config.cmd

#
# PacketShaper 1550 Configuration
#
# Address: 10.1.2.40
# Serial: 015-10008030
# Version: PacketShaper v8.3.2g1 2008-08-22
#
# Saved on Tue Sep 16 17:37:11 2008
#
setup ipaddr 10.1.2.40 255.255.255.0
setup nic inside auto-negotiate
setup nic outside auto-negotiate
setup siterouter none
setup gateway 10.1.2.1
setup timezone local
setup timezone Beijing
setup dns 168.95.192.1 168.95.1.1
setup domain none
setup secure inside off
setup secure outside off
setup link inbound 2000000
setup link outbound 2000000
synthetic options create-classes on
setup name 015-10008030
setup message default
setup access enable https
setup access enable ssh
setup access enable ftp
setup access enable http
setup access enable telnet
setup access enable snmp
setup access enable tcp-echo
hl new exceptionHosts
hl new gp1
hl add gp1 10.1.2.41-10.1.2.42
hl new gp2
hl add gp2 10.1.2.50-10.1.2.55
hl new gp4
hl add gp4 10.1.2.40-10.1.2.49
hl new violatingHosts
hl add violatingHosts 10.1.2.1
hl add violatingHosts 10.1.2.109
hl add violatingHosts 10.1.2.15
hl add violatingHosts 10.1.2.18
hl add violatingHosts 10.1.2.210
hl add violatingHosts 10.1.2.22
hl add violatingHosts 10.1.2.23
hl add violatingHosts 10.1.2.25
hl add violatingHosts 10.1.2.31
hl add violatingHosts 10.1.2.33
hl add violatingHosts 10.1.2.34
hl add violatingHosts 10.1.2.44
hl add violatingHosts 10.1.2.45
hl add violatingHosts 10.1.2.48
hl add violatingHosts 10.1.2.49
hl add violatingHosts 10.1.2.51
hl add violatingHosts 10.1.2.53
hl add violatingHosts 10.1.2.54
hl add violatingHosts 10.1.2.55
hl add violatingHosts 10.1.2.63
hl add violatingHosts 10.1.2.76
hl add violatingHosts 10.1.2.77
hl add violatingHosts 10.1.2.84
hl add violatingHosts 203.66.88.89
class id /Inbound 1
hostdb topusers start /Inbound talk
hostdb topusers start /Inbound listen
class new /Inbound Localhost nodefault sortorder:32001 inside local outside host:any
class set /Inbound/Localhost exception
class id /Inbound/Localhost 12
class note /Inbound/Localhost "Matches traffic to the unit itself"
class new /Inbound GP4 nodefault inside host:any outside host:any
class id /Inbound/GP4 448386309
class new /Inbound/GP4 GRE nodefault inside host:any GRE outside host:any
class id /Inbound/GP4/GRE 1177405195
class new /Inbound/GP4 HTTP nodefault inside host:any TCP service:Client outside host:any service:HTTP
class rule add /Inbound/GP4/HTTP inside host:any TCP service:HTTP outside host:any service:Client
class id /Inbound/GP4/HTTP 493907101
rtm hosts /Inbound/GP4/HTTP enable
class new /Inbound/GP4/HTTP Top_User_10.1.2.48 nodefault inside host:10.1.2.48 outside host:any
class id /Inbound/GP4/HTTP/Top_User_10.1.2.48 805127951
hostdb topusers start /Inbound/GP4/HTTP/Top_User_10.1.2.48 talk
hostdb topusers start /Inbound/GP4/HTTP/Top_User_10.1.2.48 listen
class new /Inbound/GP4/HTTP Default nodefault all
class id /Inbound/GP4/HTTP/Default 1246145598
class new /Inbound/GP4 Citrix nodefault inside host:any TCP service:Client outside host:any service:Citrix-ICA
class rule add /Inbound/GP4/Citrix inside host:any UDP service:Client outside host:any service:Citrix-SB
class rule add /Inbound/GP4/Citrix inside host:any TCP service:Citrix-ICA outside host:any service:Client
class rule add /Inbound/GP4/Citrix inside host:any UDP service:Citrix-SB outside host:any service:Client
class id /Inbound/GP4/Citrix 547099008
class new /Inbound/GP4 FTP nodefault inside host:any TCP service:Client outside host:any service:FTP-Cmd-Clear
class rule add /Inbound/GP4/FTP inside host:any TCP service:Client outside host:any service:FTP-Data-Clear
class rule add /Inbound/GP4/FTP inside host:any TCP service:Client outside host:any service:FTP-Cmd-Secure
class rule add /Inbound/GP4/FTP inside host:any TCP service:Client outside host:any service:FTP-Data-Secure
class rule add /Inbound/GP4/FTP inside host:any TCP service:FTP-Cmd-Clear outside host:any service:Client
class rule add /Inbound/GP4/FTP inside host:any TCP service:FTP-Data-Clear outside host:any service:Client
class rule add /Inbound/GP4/FTP inside host:any TCP service:FTP-Cmd-Secure outside host:any service:Client
class rule add /Inbound/GP4/FTP inside host:any TCP service:FTP-Data-Secure outside host:any service:Client
class id /Inbound/GP4/FTP 2034064425
class new /Inbound/GP4 lockd nodefault inside host:any UDP service:Client outside host:any service:lockd
class rule add /Inbound/GP4/lockd inside host:any UDP service:lockd outside host:any service:Client
class id /Inbound/GP4/lockd 1831273698
class new /Inbound/GP4 mDNS nodefault inside host:any UDP service:Client outside host:any service:mDNS
class rule add /Inbound/GP4/mDNS inside host:any UDP service:mDNS outside host:any service:Client
class id /Inbound/GP4/mDNS 549578609
class new /Inbound/GP4 MSN-Messenger nodefault inside host:any TCP service:Client outside host:any service:MSN-Messenger
class rule add /Inbound/GP4/MSN-Messenger inside host:any TCP service:MSN-Messenger outside host:any service:Client
class id /Inbound/GP4/MSN-Messenger 1280064832
class new /Inbound/GP4 PPTP nodefault inside host:any TCP service:Client outside host:any service:PPTP
class rule add /Inbound/GP4/PPTP inside host:any TCP service:PPTP outside host:any service:Client
class id /Inbound/GP4/PPTP 1481919796
class new /Inbound/GP4 SSDP nodefault inside host:any UDP service:Client outside host:any service:SSDP
class rule add /Inbound/GP4/SSDP inside host:any UDP service:SSDP outside host:any service:Client
class id /Inbound/GP4/SSDP 717165287
class new /Inbound/GP4 SSL nodefault inside host:any TCP service:Client outside host:any service:SSL
class rule add /Inbound/GP4/SSL inside host:any TCP service:SSL outside host:any service:Client
class id /Inbound/GP4/SSL 1707057730
class new /Inbound/GP4 SSL-No-Cert nodefault inside host:any TCP service:Client outside host:any service:SSL-No-Cert
class rule add /Inbound/GP4/SSL-No-Cert inside host:any TCP service:SSL-No-Cert outside host:any service:Client
class id /Inbound/GP4/SSL-No-Cert 494447204
class new /Inbound/GP4 WAP nodefault inside host:any UDP service:Client outside host:any service:WAP
class rule add /Inbound/GP4/WAP inside host:any UDP service:WAP outside host:any service:Client
class id /Inbound/GP4/WAP 783394616
class new /Inbound/GP4 WinMedia nodefault inside host:any TCP service:Client outside host:any service:WinMedia-TCP
class rule add /Inbound/GP4/WinMedia inside host:any UDP service:Client outside host:any service:WinMedia-UDP
class rule add /Inbound/GP4/WinMedia inside host:any TCP service:Client outside host:any service:WinMedia-MSBD
class rule add /Inbound/GP4/WinMedia inside host:any UDP service:Client outside host:any service:WinMedia-Mcast
class rule add /Inbound/GP4/WinMedia inside host:any TCP service:WinMedia-TCP outside host:any service:Client
class rule add /Inbound/GP4/WinMedia inside host:any UDP service:WinMedia-UDP outside host:any service:Client
class rule add /Inbound/GP4/WinMedia inside host:any TCP service:WinMedia-MSBD outside host:any service:Client
class rule add /Inbound/GP4/WinMedia inside host:any UDP service:WinMedia-Mcast outside host:any service:Client
class id /Inbound/GP4/WinMedia 271724449
class new /Inbound/GP4 CIFS nodefault inside host:any service:Client outside host:any service:CIFS-NB
class rule add /Inbound/GP4/CIFS inside host:any TCP service:Client outside host:any service:CIFS-TCP
class rule add /Inbound/GP4/CIFS inside host:any service:CIFS-NB outside host:any service:Client
class rule add /Inbound/GP4/CIFS inside host:any TCP service:CIFS-TCP outside host:any service:Client
class id /Inbound/GP4/CIFS 488075888
class new /Inbound/GP4 DNS nodefault inside host:any service:Client outside host:any service:DNS
class rule add /Inbound/GP4/DNS inside host:any service:DNS outside host:any service:Client
class id /Inbound/GP4/DNS 874921639
class new /Inbound/GP4 ISAKMP nodefault inside host:any service:Client outside host:any service:ISAKMP
class rule add /Inbound/GP4/ISAKMP inside host:any service:ISAKMP outside host:any service:Client
class id /Inbound/GP4/ISAKMP 16588099
class new /Inbound/GP4 Jabber nodefault inside host:any service:Client outside host:any service:Jabber
class rule add /Inbound/GP4/Jabber inside host:any service:Jabber outside host:any service:Client
class id /Inbound/GP4/Jabber 293746819
class new /Inbound/GP4 MSSQL nodefault inside host:any service:Client outside host:any service:MSSQL-Server
class rule add /Inbound/GP4/MSSQL inside host:any service:Client outside host:any service:MSSQL-Mon
class rule add /Inbound/GP4/MSSQL inside host:any service:MSSQL-Server outside host:any service:Client
class rule add /Inbound/GP4/MSSQL inside host:any service:MSSQL-Mon outside host:any service:Client
class id /Inbound/GP4/MSSQL 1502475093
class new /Inbound/GP4 NetBIOS-IP nodefault inside host:any service:Client outside host:any service:NetBIOS-IP-NS
class rule add /Inbound/GP4/NetBIOS-IP inside host:any service:Client outside host:any service:NetBIOS-IP-DGM
class rule add /Inbound/GP4/NetBIOS-IP inside host:any service:Client outside host:any service:NetBIOS-IP-SSN
class rule add /Inbound/GP4/NetBIOS-IP inside host:any service:NetBIOS-IP-NS outside host:any service:Client
class rule add /Inbound/GP4/NetBIOS-IP inside host:any service:NetBIOS-IP-DGM outside host:any service:Client
class rule add /Inbound/GP4/NetBIOS-IP inside host:any service:NetBIOS-IP-SSN outside host:any service:Client
class id /Inbound/GP4/NetBIOS-IP 107200481
class new /Inbound/GP4 QQ nodefault inside host:any service:Client outside host:any service:QQ IM
class rule add /Inbound/GP4/QQ inside host:any service:Client outside host:any service:QQ Games
class rule add /Inbound/GP4/QQ inside host:any service:Client outside host:any service:QQ Web
class rule add /Inbound/GP4/QQ inside host:any service:QQ IM outside host:any service:Client
class rule add /Inbound/GP4/QQ inside host:any service:QQ Games outside host:any service:Client
class rule add /Inbound/GP4/QQ inside host:any service:QQ Web outside host:any service:Client
class id /Inbound/GP4/QQ 155725921
class new /Inbound/GP4 Skype nodefault inside host:any service:Client outside host:any service:SkypeCommand
class rule add /Inbound/GP4/Skype inside host:any service:Client outside host:any service:SkypeData
class rule add /Inbound/GP4/Skype inside host:any service:SkypeCommand outside host:any service:Client
class rule add /Inbound/GP4/Skype inside host:any service:SkypeData outside host:any service:Client
class id /Inbound/GP4/Skype 1406093396
class new /Inbound/GP4 SLP nodefault inside host:any service:Client outside host:any service:SLP
class rule add /Inbound/GP4/SLP inside host:any service:SLP outside host:any service:Client
class id /Inbound/GP4/SLP 2009328000
class new /Inbound/GP4 SMS nodefault inside host:any service:Client outside host:any service:SMS-RC
class rule add /Inbound/GP4/SMS inside host:any service:Client outside host:any service:SMS-Chat
class rule add /Inbound/GP4/SMS inside host:any service:Client outside host:any service:SMS-File
class rule add /Inbound/GP4/SMS inside host:any service:Client outside host:any service:SMS-Auth
class rule add /Inbound/GP4/SMS inside host:any service:SMS-RC outside host:any service:Client
class rule add /Inbound/GP4/SMS inside host:any service:SMS-Chat outside host:any service:Client
class rule add /Inbound/GP4/SMS inside host:any service:SMS-File outside host:any service:Client
class rule add /Inbound/GP4/SMS inside host:any service:SMS-Auth outside host:any service:Client
class id /Inbound/GP4/SMS 1414630601
class new /Inbound/GP4 ICMP nodefault inside host:any ICMP outside host:any
class id /Inbound/GP4/ICMP 988711412
class new /Inbound/GP4 IGMP nodefault inside host:any IGMP outside host:any
class id /Inbound/GP4/IGMP 2143987805
class new /Inbound/GP4 DiscoveredPorts nodefault inside host:any outside host:any
class id /Inbound/GP4/DiscoveredPorts 1733881458
class new /Inbound/GP4/DiscoveredPorts UDP_Port_259 nodefault inside host:any UDP service:Client outside host:any service:Unknown-UDP port:259
class rule add /Inbound/GP4/DiscoveredPorts/UDP_Port_259 inside host:any UDP service:Unknown-UDP port:259 outside host:any service:Client
class id /Inbound/GP4/DiscoveredPorts/UDP_Port_259 1229856183
class new /Inbound/GP4 Default nodefault all
class id /Inbound/GP4/Default 345288248
rtm threshold /Inbound/GP4/Default 300 Total
rtm accept /Inbound/GP4/Default 100
rtm hosts /Inbound/GP4/Default enable
hostdb topusers start /Inbound/GP4/Default talk
hostdb topusers start /Inbound/GP4/Default listen
class new /Inbound OtherGs nodefault folder
class id /Inbound/OtherGs 168485358
class new /Inbound/OtherGs GRE nodefault inside host:any GRE outside host:any
class id /Inbound/OtherGs/GRE 876
class new /Inbound/OtherGs eDonkey nodefault inside host:any TCP service:Client outside host:any service:eDonkey-TCP
class rule add /Inbound/OtherGs/eDonkey inside host:any UDP service:Client outside host:any service:eDonkey-Ping
class rule add /Inbound/OtherGs/eDonkey inside host:any TCP service:eDonkey-TCP outside host:any service:Client
class rule add /Inbound/OtherGs/eDonkey inside host:any UDP service:eDonkey-Ping outside host:any service:Client
class id /Inbound/OtherGs/eDonkey 2876
class new /Inbound/OtherGs mDNS nodefault inside host:any UDP service:Client outside host:any service:mDNS
class rule add /Inbound/OtherGs/mDNS inside host:any UDP service:mDNS outside host:any service:Client
class id /Inbound/OtherGs/mDNS 3588
class new /Inbound/OtherGs MSN-Messenger nodefault inside host:any TCP service:Client outside host:any service:MSN-Messenger
class rule add /Inbound/OtherGs/MSN-Messenger inside host:any TCP service:MSN-Messenger outside host:any service:Client
class id /Inbound/OtherGs/MSN-Messenger 2316
rtm threshold /Inbound/OtherGs/MSN-Messenger 600 Total
rtm accept /Inbound/OtherGs/MSN-Messenger 100
rtm hosts /Inbound/OtherGs/MSN-Messenger enable
class new /Inbound/OtherGs SSDP nodefault inside host:any UDP service:Client outside host:any service:SSDP
class rule add /Inbound/OtherGs/SSDP inside host:any UDP service:SSDP outside host:any service:Client
class id /Inbound/OtherGs/SSDP 3180
class new /Inbound/OtherGs WAP nodefault inside host:any UDP service:Client outside host:any service:WAP
class rule add /Inbound/OtherGs/WAP inside host:any UDP service:WAP outside host:any service:Client
class id /Inbound/OtherGs/WAP 3748
class new /Inbound/OtherGs DNS nodefault inside host:any service:Client outside host:any service:DNS
class rule add /Inbound/OtherGs/DNS inside host:any service:DNS outside host:any service:Client
class id /Inbound/OtherGs/DNS 428
class new /Inbound/OtherGs Gnutella nodefault inside host:any service:Client outside host:any service:Gnutella-Init
class rule add /Inbound/OtherGs/Gnutella inside host:any TCP service:Client outside host:any service:Gnutella-Cmd
class rule add /Inbound/OtherGs/Gnutella inside host:any TCP service:Client outside host:any service:Gnutella-Upload
class rule add /Inbound/OtherGs/Gnutella inside host:any TCP service:Client outside host:any service:Gnutella-Download
class rule add /Inbound/OtherGs/Gnutella inside host:any service:Gnutella-Init outside host:any service:Client
class rule add /Inbound/OtherGs/Gnutella inside host:any TCP service:Gnutella-Cmd outside host:any service:Client
class rule add /Inbound/OtherGs/Gnutella inside host:any TCP service:Gnutella-Upload outside host:any service:Client
class rule add /Inbound/OtherGs/Gnutella inside host:any TCP service:Gnutella-Download outside host:any service:Client
class id /Inbound/OtherGs/Gnutella 2260
class new /Inbound/OtherGs ISAKMP nodefault inside host:any service:Client outside host:any service:ISAKMP
class rule add /Inbound/OtherGs/ISAKMP inside host:any service:ISAKMP outside host:any service:Client
class id /Inbound/OtherGs/ISAKMP 1556
class new /Inbound/OtherGs NetBIOS-IP nodefault inside host:any service:Client outside host:any service:NetBIOS-IP-NS
class rule add /Inbound/OtherGs/NetBIOS-IP inside host:any service:Client outside host:any service:NetBIOS-IP-DGM
class rule add /Inbound/OtherGs/NetBIOS-IP inside host:any service:Client outside host:any service:NetBIOS-IP-SSN
class rule add /Inbound/OtherGs/NetBIOS-IP inside host:any service:NetBIOS-IP-NS outside host:any service:Client
class rule add /Inbound/OtherGs/NetBIOS-IP inside host:any service:NetBIOS-IP-DGM outside host:any service:Client
class rule add /Inbound/OtherGs/NetBIOS-IP inside host:any service:NetBIOS-IP-SSN outside host:any service:Client
class id /Inbound/OtherGs/NetBIOS-IP 532
class new /Inbound/OtherGs QQ nodefault inside host:any service:Client outside host:any service:QQ IM
class rule add /Inbound/OtherGs/QQ inside host:any service:Client outside host:any service:QQ Games
class rule add /Inbound/OtherGs/QQ inside host:any service:Client outside host:any service:QQ Web
class rule add /Inbound/OtherGs/QQ inside host:any service:QQ IM outside host:any service:Client
class rule add /Inbound/OtherGs/QQ inside host:any service:QQ Games outside host:any service:Client
class rule add /Inbound/OtherGs/QQ inside host:any service:QQ Web outside host:any service:Client
class id /Inbound/OtherGs/QQ 4948
class new /Inbound/OtherGs Skype nodefault inside host:any service:Client outside host:any service:SkypeCommand
class rule add /Inbound/OtherGs/Skype inside host:any service:Client outside host:any service:SkypeData
class rule add /Inbound/OtherGs/Skype inside host:any service:SkypeCommand outside host:any service:Client
class rule add /Inbound/OtherGs/Skype inside host:any service:SkypeData outside host:any service:Client
class id /Inbound/OtherGs/Skype 3460
class new /Inbound/OtherGs SLP nodefault inside host:any service:Client outside host:any service:SLP
class rule add /Inbound/OtherGs/SLP inside host:any service:SLP outside host:any service:Client
class id /Inbound/OtherGs/SLP 1476
class new /Inbound/OtherGs SMS nodefault inside host:any service:Client outside host:any service:SMS-RC
class rule add /Inbound/OtherGs/SMS inside host:any service:Client outside host:any service:SMS-Chat
class rule add /Inbound/OtherGs/SMS inside host:any service:Client outside host:any service:SMS-File
class rule add /Inbound/OtherGs/SMS inside host:any service:Client outside host:any service:SMS-Auth
class rule add /Inbound/OtherGs/SMS inside host:any service:SMS-RC outside host:any service:Client
class rule add /Inbound/OtherGs/SMS inside host:any service:SMS-Chat outside host:any service:Client
class rule add /Inbound/OtherGs/SMS inside host:any service:SMS-File outside host:any service:Client
class rule add /Inbound/OtherGs/SMS inside host:any service:SMS-Auth outside host:any service:Client
class id /Inbound/OtherGs/SMS 1668
class new /Inbound/OtherGs ICMP nodefault inside host:any ICMP outside host:any
class id /Inbound/OtherGs/ICMP 404
class new /Inbound/OtherGs IGMP nodefault inside host:any IGMP outside host:any
class id /Inbound/OtherGs/IGMP 988
class new /Inbound/OtherGs DiscoveredPorts nodefault inside host:any outside host:any
class id /Inbound/OtherGs/DiscoveredPorts 101320743
class new /Inbound/OtherGs/DiscoveredPorts UDP_Port_259 nodefault inside host:any UDP service:Client outside host:any service:Unknown-UDP port:259
class rule add /Inbound/OtherGs/DiscoveredPorts/UDP_Port_259 inside host:any UDP service:Unknown-UDP port:259 outside host:any service:Client
class id /Inbound/OtherGs/DiscoveredPorts/UDP_Port_259 913022597
class new /Inbound/OtherGs IPv6 nodefault all IPv6
class id /Inbound/OtherGs/IPv6 1140
class new /Inbound/OtherGs Protocol_3311 nodefault all Miscellaneous protocol:0x3311
class id /Inbound/OtherGs/Protocol_3311 655986171
class id /Inbound/Default 5
hostdb topusers start /Inbound/Default talk
class id /Outbound 2
hostdb topusers start /Outbound talk
hostdb topusers start /Outbound listen
class new /Outbound Localhost nodefault sortorder:32001 inside local outside host:any
class set /Outbound/Localhost exception
class id /Outbound/Localhost 59
class note /Outbound/Localhost "Matches traffic to the unit itself"
class new /Outbound GP4 nodefault inside list:gp4 outside host:any
class id /Outbound/GP4 998681176
class new /Outbound/GP4 GRE nodefault inside host:any GRE outside host:any
class id /Outbound/GP4/GRE 399767719
class new /Outbound/GP4 HTTP nodefault inside host:any TCP service:Client outside host:any service:HTTP
class rule add /Outbound/GP4/HTTP inside host:any TCP service:HTTP outside host:any service:Client
class id /Outbound/GP4/HTTP 16707931
rtm threshold /Outbound/GP4/HTTP 200 Total
rtm accept /Outbound/GP4/HTTP 100
rtm hosts /Outbound/GP4/HTTP enable
class new /Outbound/GP4/HTTP Top_User_10.1.2.48 nodefault inside host:10.1.2.48 outside host:any
class id /Outbound/GP4/HTTP/Top_User_10.1.2.48 822353026
hostdb topusers start /Outbound/GP4/HTTP/Top_User_10.1.2.48 talk
hostdb topusers start /Outbound/GP4/HTTP/Top_User_10.1.2.48 listen
class new /Outbound/GP4/HTTP Default nodefault all
class id /Outbound/GP4/HTTP/Default 1586863498
class new /Outbound/GP4 Flickr nodefault inside host:any TCP service:Client outside host:any service:Flickr
class rule add /Outbound/GP4/Flickr inside host:any TCP service:Flickr outside host:any service:Client
class id /Outbound/GP4/Flickr 923471873
class new /Outbound/GP4 FTP nodefault inside host:any TCP service:Client outside host:any service:FTP-Cmd-Clear
class rule add /Outbound/GP4/FTP inside host:any TCP service:Client outside host:any service:FTP-Data-Clear
class rule add /Outbound/GP4/FTP inside host:any TCP service:Client outside host:any service:FTP-Cmd-Secure
class rule add /Outbound/GP4/FTP inside host:any TCP service:Client outside host:any service:FTP-Data-Secure
class rule add /Outbound/GP4/FTP inside host:any TCP service:FTP-Cmd-Clear outside host:any service:Client
class rule add /Outbound/GP4/FTP inside host:any TCP service:FTP-Data-Clear outside host:any service:Client
class rule add /Outbound/GP4/FTP inside host:any TCP service:FTP-Cmd-Secure outside host:any service:Client
class rule add /Outbound/GP4/FTP inside host:any TCP service:FTP-Data-Secure outside host:any service:Client
class id /Outbound/GP4/FTP 1642165920
class new /Outbound/GP4 MSN-Messenger nodefault inside host:any TCP service:Client outside host:any service:MSN-Messenger
class rule add /Outbound/GP4/MSN-Messenger inside host:any TCP service:MSN-Messenger outside host:any service:Client
class id /Outbound/GP4/MSN-Messenger 803993056
class new /Outbound/GP4 PPTP nodefault inside host:any TCP service:Client outside host:any service:PPTP
class rule add /Outbound/GP4/PPTP inside host:any TCP service:PPTP outside host:any service:Client
class id /Outbound/GP4/PPTP 234898674
class new /Outbound/GP4 SSDP nodefault inside host:any UDP service:Client outside host:any service:SSDP
class rule add /Outbound/GP4/SSDP inside host:any UDP service:SSDP outside host:any service:Client
class id /Outbound/GP4/SSDP 1945976556
class new /Outbound/GP4 SSL nodefault inside host:any TCP service:Client outside host:any service:SSL
class rule add /Outbound/GP4/SSL inside host:any TCP service:SSL outside host:any service:Client
class id /Outbound/GP4/SSL 1617932818
class new /Outbound/GP4 SSL-No-Cert nodefault inside host:any TCP service:Client outside host:any service:SSL-No-Cert
class rule add /Outbound/GP4/SSL-No-Cert inside host:any TCP service:SSL-No-Cert outside host:any service:Client
class id /Outbound/GP4/SSL-No-Cert 392731267
class new /Outbound/GP4 CIFS nodefault inside host:any service:Client outside host:any service:CIFS-NB
class rule add /Outbound/GP4/CIFS inside host:any TCP service:Client outside host:any service:CIFS-TCP
class rule add /Outbound/GP4/CIFS inside host:any service:CIFS-NB outside host:any service:Client
class rule add /Outbound/GP4/CIFS inside host:any TCP service:CIFS-TCP outside host:any service:Client
class id /Outbound/GP4/CIFS 2024256959
class new /Outbound/GP4 DNS nodefault inside host:any service:Client outside host:any service:DNS
class rule add /Outbound/GP4/DNS inside host:any service:DNS outside host:any service:Client
class id /Outbound/GP4/DNS 867119542
class new /Outbound/GP4 NetBIOS-IP nodefault inside host:any service:Client outside host:any service:NetBIOS-IP-NS
class rule add /Outbound/GP4/NetBIOS-IP inside host:any service:Client outside host:any service:NetBIOS-IP-DGM
class rule add /Outbound/GP4/NetBIOS-IP inside host:any service:Client outside host:any service:NetBIOS-IP-SSN
class rule add /Outbound/GP4/NetBIOS-IP inside host:any service:NetBIOS-IP-NS outside host:any service:Client
class rule add /Outbound/GP4/NetBIOS-IP inside host:any service:NetBIOS-IP-DGM outside host:any service:Client
class rule add /Outbound/GP4/NetBIOS-IP inside host:any service:NetBIOS-IP-SSN outside host:any service:Client
class id /Outbound/GP4/NetBIOS-IP 1026809618
class new /Outbound/GP4 Skype nodefault inside host:any service:Client outside host:any service:SkypeCommand
class rule add /Outbound/GP4/Skype inside host:any service:Client outside host:any service:SkypeData
class rule add /Outbound/GP4/Skype inside host:any service:SkypeCommand outside host:any service:Client
class rule add /Outbound/GP4/Skype inside host:any service:SkypeData outside host:any service:Client
class id /Outbound/GP4/Skype 15007219
class new /Outbound/GP4 ICMP nodefault inside host:any ICMP outside host:any
class id /Outbound/GP4/ICMP 838571229
class new /Outbound/GP4 IGMP nodefault inside host:any IGMP outside host:any
class id /Outbound/GP4/IGMP 838571230
class new /Outbound/GP4 Default nodefault all
class id /Outbound/GP4/Default 1262058103
rtm threshold /Outbound/GP4/Default 300 Total
rtm accept /Outbound/GP4/Default 100
rtm hosts /Outbound/GP4/Default enable
class new /Outbound OtherGs nodefault folder
class id /Outbound/OtherGs 168815646
hostdb topusers start /Outbound/OtherGs talk
class new /Outbound/OtherGs MSN-Messenger nodefault inside host:any TCP service:Client outside host:any service:MSN-Messenger
class rule add /Outbound/OtherGs/MSN-Messenger inside host:any TCP service:MSN-Messenger outside host:any service:Client
class id /Outbound/OtherGs/MSN-Messenger 2317
class new /Outbound/OtherGs SSDP nodefault inside host:any UDP service:Client outside host:any service:SSDP
class rule add /Outbound/OtherGs/SSDP inside host:any UDP service:SSDP outside host:any service:Client
class id /Outbound/OtherGs/SSDP 3181
class new /Outbound/OtherGs CIFS nodefault inside host:any service:Client outside host:any service:CIFS-NB
class rule add /Outbound/OtherGs/CIFS inside host:any TCP service:Client outside host:any service:CIFS-TCP
class rule add /Outbound/OtherGs/CIFS inside host:any service:CIFS-NB outside host:any service:Client
class rule add /Outbound/OtherGs/CIFS inside host:any TCP service:CIFS-TCP outside host:any service:Client
class id /Outbound/OtherGs/CIFS 3861
class new /Outbound/OtherGs DNS nodefault inside host:any service:Client outside host:any service:DNS
class rule add /Outbound/OtherGs/DNS inside host:any service:DNS outside host:any service:Client
class id /Outbound/OtherGs/DNS 429
class new /Outbound/OtherGs ICMP nodefault inside host:any ICMP outside host:any
class id /Outbound/OtherGs/ICMP 405
class new /Outbound/OtherGs IGMP nodefault inside host:any IGMP outside host:any
class id /Outbound/OtherGs/IGMP 989
class id /Outbound/Default 52
partition apply /Inbound uncommitted none
partition apply /Outbound uncommitted none
policy apply priority /Inbound/Localhost 6
policy admit /Inbound/Localhost squeeze nontcp
policy admit /Inbound/Localhost refuse nonweb
policy admit /Inbound/Localhost refuse web
policy apply rate /Inbound/GP4/HTTP/Default 256000 256000 3 automatic
policy admit /Inbound/GP4/HTTP/Default squeeze nontcp
policy admit /Inbound/GP4/HTTP/Default refuse nonweb
policy admit /Inbound/GP4/HTTP/Default refuse web
policy flowlimit /Inbound/GP4/HTTP/Default 10000 100000
policy apply priority /Inbound/GP4/PPTP 6
policy admit /Inbound/GP4/PPTP squeeze nontcp
policy admit /Inbound/GP4/PPTP refuse nonweb
policy admit /Inbound/GP4/PPTP refuse web
policy flowlimit /Inbound/GP4/PPTP 10000 100000
policy apply priority /Inbound/GP4/Skype 5
policy admit /Inbound/GP4/Skype squeeze nontcp
policy admit /Inbound/GP4/Skype refuse nonweb
policy admit /Inbound/GP4/Skype refuse web
policy flowlimit /Inbound/GP4/Skype 10000 100000
policy apply priority /Inbound/GP4/Default 5
policy admit /Inbound/GP4/Default squeeze nontcp
policy admit /Inbound/GP4/Default refuse nonweb
policy admit /Inbound/GP4/Default refuse web
policy flowlimit /Inbound/GP4/Default 10000 100000
policy apply priority /Inbound/OtherGs/eDonkey 0
policy admit /Inbound/OtherGs/eDonkey squeeze nontcp
policy admit /Inbound/OtherGs/eDonkey refuse nonweb
policy admit /Inbound/OtherGs/eDonkey refuse web
policy dscp /Inbound/OtherGs/eDonkey 0
policy flowlimit /Inbound/OtherGs/eDonkey 10000 100000
policy apply priority /Inbound/OtherGs/MSN-Messenger 3
policy admit /Inbound/OtherGs/MSN-Messenger squeeze nontcp
policy admit /Inbound/OtherGs/MSN-Messenger refuse nonweb
policy admit /Inbound/OtherGs/MSN-Messenger refuse web
policy dscp /Inbound/OtherGs/MSN-Messenger 3
policy flowlimit /Inbound/OtherGs/MSN-Messenger 10000 100000
policy apply priority /Inbound/OtherGs/DNS 5
policy admit /Inbound/OtherGs/DNS squeeze nontcp
policy admit /Inbound/OtherGs/DNS refuse nonweb
policy admit /Inbound/OtherGs/DNS refuse web
policy dscp /Inbound/OtherGs/DNS 5
policy flowlimit /Inbound/OtherGs/DNS 10000 100000
policy apply priority /Inbound/OtherGs/Skype 5
policy admit /Inbound/OtherGs/Skype squeeze nontcp
policy admit /Inbound/OtherGs/Skype refuse nonweb
policy admit /Inbound/OtherGs/Skype refuse web
policy dscp /Inbound/OtherGs/Skype 5
policy flowlimit /Inbound/OtherGs/Skype 10000 100000
policy apply priority /Inbound/Default 3
policy admit /Inbound/Default squeeze nontcp
policy admit /Inbound/Default refuse nonweb
policy admit /Inbound/Default refuse web
class set /Inbound/Default inherit
policy flowlimit /Inbound/Default 10000 100000
policy apply priority /Outbound/Localhost 6
policy admit /Outbound/Localhost squeeze nontcp
policy admit /Outbound/Localhost refuse nonweb
policy admit /Outbound/Localhost refuse web
policy apply rate /Outbound/GP4/HTTP/Default 10000 10000 4 automatic
policy admit /Outbound/GP4/HTTP/Default squeeze nontcp
policy admit /Outbound/GP4/HTTP/Default refuse nonweb
policy admit /Outbound/GP4/HTTP/Default refuse web
class set /Outbound/GP4/HTTP/Default inherit
policy flowlimit /Outbound/GP4/HTTP/Default 10000 100000
policy apply priority /Outbound/GP4/PPTP 6
policy admit /Outbound/GP4/PPTP squeeze nontcp
policy admit /Outbound/GP4/PPTP refuse nonweb
policy admit /Outbound/GP4/PPTP refuse web
policy flowlimit /Outbound/GP4/PPTP 10000 100000
policy apply priority /Outbound/OtherGs/MSN-Messenger 3
policy admit /Outbound/OtherGs/MSN-Messenger squeeze nontcp
policy admit /Outbound/OtherGs/MSN-Messenger refuse nonweb
policy admit /Outbound/OtherGs/MSN-Messenger refuse web
policy dscp /Outbound/OtherGs/MSN-Messenger 3
policy flowlimit /Outbound/OtherGs/MSN-Messenger 10000 100000
policy apply priority /Outbound/OtherGs/DNS 5
policy admit /Outbound/OtherGs/DNS squeeze nontcp
policy admit /Outbound/OtherGs/DNS refuse nonweb
policy admit /Outbound/OtherGs/DNS refuse web
policy dscp /Outbound/OtherGs/DNS 5
policy flowlimit /Outbound/OtherGs/DNS 10000 100000
policy apply priority /Outbound/Default 3
policy admit /Outbound/Default squeeze nontcp
policy admit /Outbound/Default refuse nonweb
policy admit /Outbound/Default refuse web
class set /Outbound/Default inherit
policy flowlimit /Outbound/Default 10000 100000
tunnel mode set enhanced
tunnel mtu auto
tunnel diffserv off
tunnel discovery on
tunnel discovery maintenance off
tunnel password default
tunnel firewall off
tunnel packing off
tunnel compression off
tunnel compression dictionary CNA 1M
tunnel acceleration off
tunnel acceleration faststart on
tunnel acceleration prefetch client off
tunnel acceleration prefetch server off
tunnel acceleration scps off
tunnel acceleration congestion-control on
tunnel holdtime glo 10
tunnel holdtime sen 1
tunnel holdtime non 10
wccp service-id 99
wccp off
host side auto
class discover /Inbound off
class discover /Outbound off
setup discover on
class discover /Inbound both
class discover /Inbound/GP4 both
class discover /Outbound both
class discover /Outbound/GP4 both
set tacacs timeout 10
set tacacs method ascii
set tacacs auth off
set tacacs acct off
set radius limit 3
set radius interval 5
set radius method chap
set radius auth off
set radius acct off
set ssh port 22
set https port 443
set syslog state off
set syslog rate 20
setup snmp syslocation "The physical location of this unit"
setup snmp syscontact "The contact person for this managed unit"
setup snmp sysname "10.1.2.40"
setup snmp configmode simple
setup snmp look public
# no SNMP views
# no SNMP access groups
# no SNMP users
# no SNMP remote users
frame options routing on default
frame options discovery on default
set sntp on
set sntp server 220.130.158.72 time-a.nist.gov
set sntp poll 300
setup email none
set adaptiveresponse on
agent new "High Bandwidth New App" "High Bandwidth New App"
agent interval "High Bandwidth New App" 60
agent parm "High Bandwidth New App" "RedThreshold" "10"
agent parm "High Bandwidth New App" "GreenThreshold" "5"
agent new "Inbound Default Traffic" "Default Traffic"
agent interval "Inbound Default Traffic" 1
agent parm "Inbound Default Traffic" "ClassName" "/Inbound/default"
agent parm "Inbound Default Traffic" "RedThreshold" "15"
agent parm "Inbound Default Traffic" "GreenThreshold" "7"
agent new "Inbound Packet Drops" "Link ME Variables"
agent interval "Inbound Packet Drops" 1
agent parm "Inbound Packet Drops" "ClassName" "/Inbound"
agent parm "Inbound Packet Drops" "MeVariableName" "rx-pkts-dropped%"
agent parm "Inbound Packet Drops" "MeDuration" "1"
agent parm "Inbound Packet Drops" "GreenOperator" "LT"
agent parm "Inbound Packet Drops" "RedOperator" "GT"
agent parm "Inbound Packet Drops" "RedThreshold" "3"
agent parm "Inbound Packet Drops" "GreenThreshold" "1"
agent new "Outbound Default Traffic" "Default Traffic"
agent interval "Outbound Default Traffic" 1
agent parm "Outbound Default Traffic" "ClassName" "/Outbound/default"
agent parm "Outbound Default Traffic" "RedThreshold" "15"
agent parm "Outbound Default Traffic" "GreenThreshold" "7"
agent new "Outbound Packet Drops" "Link ME Variables"
agent interval "Outbound Packet Drops" 1
agent parm "Outbound Packet Drops" "ClassName" "/Outbound"
agent parm "Outbound Packet Drops" "MeVariableName" "rx-pkts-dropped%"
agent parm "Outbound Packet Drops" "MeDuration" "1"
agent parm "Outbound Packet Drops" "GreenOperator" "LT"
agent parm "Outbound Packet Drops" "RedOperator" "GT"
agent parm "Outbound Packet Drops" "RedThreshold" "3"
agent parm "Outbound Packet Drops" "GreenThreshold" "1"
agent new "Quota Bandwidth Host agent" "Quota Bandwidth Host"
agent interval "Quota Bandwidth Host agent" 5
agent parm "Quota Bandwidth Host agent" "HostUsageThreshold" "5000000"
agent parm "Quota Bandwidth Host agent" "HostUsageMonitorInterval" "1"
agent parm "Quota Bandwidth Host agent" "Side" "both"
agent parm "Quota Bandwidth Host agent" "ViolatingHosts" "violatingHosts"
agent parm "Quota Bandwidth Host agent" "ExceptionHosts" "exceptionHosts"
agent parm "Quota Bandwidth Host agent" "RedThreshold" "2"
agent parm "Quota Bandwidth Host agent" "GreenThreshold" "1"
agent new "Spoofing - Client" "NFPM Side Unknown"
agent interval "Spoofing - Client" 1
agent parm "Spoofing - Client" "Side" "Client"
agent parm "Spoofing - Client" "SideThreshold" "100000"
agent parm "Spoofing - Client" "ViolatingHosts" "violatingHosts"
agent parm "Spoofing - Client" "ExceptionHosts" "exceptionHosts"
agent parm "Spoofing - Client" "RedThreshold" "1"
agent parm "Spoofing - Client" "GreenThreshold" "0"
agent new "Spoofing - Server" "NFPM Side Unknown"
agent interval "Spoofing - Server" 1
agent parm "Spoofing - Server" "Side" "Server"
agent parm "Spoofing - Server" "SideThreshold" "100000"
agent parm "Spoofing - Server" "ViolatingHosts" "violatingHosts"
agent parm "Spoofing - Server" "ExceptionHosts" "exceptionHosts"
agent parm "Spoofing - Server" "RedThreshold" "1"
agent parm "Spoofing - Server" "GreenThreshold" "0"
agent new "Syn Attack - Failed Flows" "Host Info Variables"
agent interval "Syn Attack - Failed Flows" 1
agent parm "Syn Attack - Failed Flows" "VariableName" "Failed Flows"
agent parm "Syn Attack - Failed Flows" "FlowsThreshold" "100000"
agent parm "Syn Attack - Failed Flows" "Side" "both"
agent parm "Syn Attack - Failed Flows" "ViolatingHosts" "violatingHosts"
agent parm "Syn Attack - Failed Flows" "ExceptionHosts" "exceptionHosts"
agent parm "Syn Attack - Failed Flows" "RedThreshold" "1"
agent parm "Syn Attack - Failed Flows" "GreenThreshold" "0"
agent new "System Load agent" "System Load"
agent interval "System Load agent" 1
agent parm "System Load agent" "RedThreshold" "95"
agent parm "System Load agent" "GreenThreshold" "90"
agent new "Traffic Performance agent" "Traffic Performance"
agent interval "Traffic Performance agent" 5
agent parm "Traffic Performance agent" "ClassName" "*"
agent parm "Traffic Performance agent" "Efficiency" "80"
agent parm "Traffic Performance agent" "RedThreshold" "1"
agent parm "Traffic Performance agent" "GreenThreshold" "0"
setup shaping off



PacketShaper# setup capture portable
(It will omit the local related information like ip address, in order to copy policy or rule to other device)

Overwrite 9.256/cmd/config.cmd
Please confirm if you really want to proceed (YES): yes

Saved portable configuration in 9.256/cmd/config.cmd

#
# PacketShaper 1550 Configuration
#
# Address: 10.1.2.40
# Serial: 015-10008030
# Version: PacketShaper v8.3.2g1 2008-08-22
#
# Saved on Tue Sep 16 17:40:45 2008
#
# setup ipaddr 10.1.2.40 255.255.255.0
# setup nic inside auto-negotiate
# setup nic outside auto-negotiate
# setup siterouter none
# setup gateway 10.1.2.1
# setup timezone local
# setup timezone Beijing
# setup dns 168.95.192.1 168.95.1.1
# setup domain none
# setup secure inside off
# setup secure outside off
# setup link inbound 2000000
# setup link outbound 2000000
# synthetic options create-classes on
#setup name 015-10008030
setup message default
setup access enable https
setup access enable ssh
setup access enable ftp
setup access enable http
setup access enable telnet
setup access enable snmp
setup access enable tcp-echo
hl new exceptionHosts
hl new gp1
hl add gp1 10.1.2.41-10.1.2.42
hl new gp2
hl add gp2 10.1.2.50-10.1.2.55
hl new gp4
hl add gp4 10.1.2.40-10.1.2.49
hl new violatingHosts
hl add violatingHosts 10.1.2.1
hl add violatingHosts 10.1.2.109
hl add violatingHosts 10.1.2.15
hl add violatingHosts 10.1.2.18
hl add violatingHosts 10.1.2.210
hl add violatingHosts 10.1.2.22
hl add violatingHosts 10.1.2.23
hl add violatingHosts 10.1.2.25
hl add violatingHosts 10.1.2.31
hl add violatingHosts 10.1.2.33
hl add violatingHosts 10.1.2.34
hl add violatingHosts 10.1.2.44
hl add violatingHosts 10.1.2.48
hl add violatingHosts 10.1.2.49
hl add violatingHosts 10.1.2.51
hl add violatingHosts 10.1.2.53
hl add violatingHosts 10.1.2.54
hl add violatingHosts 10.1.2.55
hl add violatingHosts 10.1.2.63
hl add violatingHosts 10.1.2.77
hl add violatingHosts 10.1.2.84
hl add violatingHosts 203.66.88.89
class id /Inbound 1
hostdb topusers start /Inbound talk
hostdb topusers start /Inbound listen
class new /Inbound Localhost nodefault sortorder:32001 inside local outside host:any
class set /Inbound/Localhost exception
class id /Inbound/Localhost 12
class note /Inbound/Localhost "Matches traffic to the unit itself"
class new /Inbound GP4 nodefault inside host:any outside host:any
class id /Inbound/GP4 448386309
class new /Inbound/GP4 GRE nodefault inside host:any GRE outside host:any
class id /Inbound/GP4/GRE 1177405195
class new /Inbound/GP4 HTTP nodefault inside host:any TCP service:Client outside host:any service:HTTP
class rule add /Inbound/GP4/HTTP inside host:any TCP service:HTTP outside host:any service:Client
class id /Inbound/GP4/HTTP 493907101
rtm hosts /Inbound/GP4/HTTP enable
class new /Inbound/GP4/HTTP Top_User_10.1.2.48 nodefault inside host:10.1.2.48 outside host:any
class id /Inbound/GP4/HTTP/Top_User_10.1.2.48 805127951
hostdb topusers start /Inbound/GP4/HTTP/Top_User_10.1.2.48 talk
hostdb topusers start /Inbound/GP4/HTTP/Top_User_10.1.2.48 listen
class new /Inbound/GP4/HTTP Default nodefault all
class id /Inbound/GP4/HTTP/Default 1246145598
class new /Inbound/GP4 Citrix nodefault inside host:any TCP service:Client outside host:any service:Citrix-ICA
class rule add /Inbound/GP4/Citrix inside host:any UDP service:Client outside host:any service:Citrix-SB
class rule add /Inbound/GP4/Citrix inside host:any TCP service:Citrix-ICA outside host:any service:Client
class rule add /Inbound/GP4/Citrix inside host:any UDP service:Citrix-SB outside host:any service:Client
class id /Inbound/GP4/Citrix 547099008
class new /Inbound/GP4 FTP nodefault inside host:any TCP service:Client outside host:any service:FTP-Cmd-Clear
class rule add /Inbound/GP4/FTP inside host:any TCP service:Client outside host:any service:FTP-Data-Clear
class rule add /Inbound/GP4/FTP inside host:any TCP service:Client outside host:any service:FTP-Cmd-Secure
class rule add /Inbound/GP4/FTP inside host:any TCP service:Client outside host:any service:FTP-Data-Secure
class rule add /Inbound/GP4/FTP inside host:any TCP service:FTP-Cmd-Clear outside host:any service:Client
class rule add /Inbound/GP4/FTP inside host:any TCP service:FTP-Data-Clear outside host:any service:Client
class rule add /Inbound/GP4/FTP inside host:any TCP service:FTP-Cmd-Secure outside host:any service:Client
class rule add /Inbound/GP4/FTP inside host:any TCP service:FTP-Data-Secure outside host:any service:Client
class id /Inbound/GP4/FTP 2034064425
class new /Inbound/GP4 lockd nodefault inside host:any UDP service:Client outside host:any service:lockd
class rule add /Inbound/GP4/lockd inside host:any UDP service:lockd outside host:any service:Client
class id /Inbound/GP4/lockd 1831273698
class new /Inbound/GP4 mDNS nodefault inside host:any UDP service:Client outside host:any service:mDNS
class rule add /Inbound/GP4/mDNS inside host:any UDP service:mDNS outside host:any service:Client
class id /Inbound/GP4/mDNS 549578609
class new /Inbound/GP4 MSN-Messenger nodefault inside host:any TCP service:Client outside host:any service:MSN-Messenger
class rule add /Inbound/GP4/MSN-Messenger inside host:any TCP service:MSN-Messenger outside host:any service:Client
class id /Inbound/GP4/MSN-Messenger 1280064832
class new /Inbound/GP4 PPTP nodefault inside host:any TCP service:Client outside host:any service:PPTP
class rule add /Inbound/GP4/PPTP inside host:any TCP service:PPTP outside host:any service:Client
class id /Inbound/GP4/PPTP 1481919796
class new /Inbound/GP4 SSDP nodefault inside host:any UDP service:Client outside host:any service:SSDP
class rule add /Inbound/GP4/SSDP inside host:any UDP service:SSDP outside host:any service:Client
class id /Inbound/GP4/SSDP 717165287
class new /Inbound/GP4 SSL nodefault inside host:any TCP service:Client outside host:any service:SSL
class rule add /Inbound/GP4/SSL inside host:any TCP service:SSL outside host:any service:Client
class id /Inbound/GP4/SSL 1707057730
class new /Inbound/GP4 SSL-No-Cert nodefault inside host:any TCP service:Client outside host:any service:SSL-No-Cert
class rule add /Inbound/GP4/SSL-No-Cert inside host:any TCP service:SSL-No-Cert outside host:any service:Client
class id /Inbound/GP4/SSL-No-Cert 494447204
class new /Inbound/GP4 WAP nodefault inside host:any UDP service:Client outside host:any service:WAP
class rule add /Inbound/GP4/WAP inside host:any UDP service:WAP outside host:any service:Client
class id /Inbound/GP4/WAP 783394616
class new /Inbound/GP4 WinMedia nodefault inside host:any TCP service:Client outside host:any service:WinMedia-TCP
class rule add /Inbound/GP4/WinMedia inside host:any UDP service:Client outside host:any service:WinMedia-UDP
class rule add /Inbound/GP4/WinMedia inside host:any TCP service:Client outside host:any service:WinMedia-MSBD
class rule add /Inbound/GP4/WinMedia inside host:any UDP service:Client outside host:any service:WinMedia-Mcast
class rule add /Inbound/GP4/WinMedia inside host:any TCP service:WinMedia-TCP outside host:any service:Client
class rule add /Inbound/GP4/WinMedia inside host:any UDP service:WinMedia-UDP outside host:any service:Client
class rule add /Inbound/GP4/WinMedia inside host:any TCP service:WinMedia-MSBD outside host:any service:Client
class rule add /Inbound/GP4/WinMedia inside host:any UDP service:WinMedia-Mcast outside host:any service:Client
class id /Inbound/GP4/WinMedia 271724449
class new /Inbound/GP4 CIFS nodefault inside host:any service:Client outside host:any service:CIFS-NB
class rule add /Inbound/GP4/CIFS inside host:any TCP service:Client outside host:any service:CIFS-TCP
class rule add /Inbound/GP4/CIFS inside host:any service:CIFS-NB outside host:any service:Client
class rule add /Inbound/GP4/CIFS inside host:any TCP service:CIFS-TCP outside host:any service:Client
class id /Inbound/GP4/CIFS 488075888
class new /Inbound/GP4 DNS nodefault inside host:any service:Client outside host:any service:DNS
class rule add /Inbound/GP4/DNS inside host:any service:DNS outside host:any service:Client
class id /Inbound/GP4/DNS 874921639
class new /Inbound/GP4 ISAKMP nodefault inside host:any service:Client outside host:any service:ISAKMP
class rule add /Inbound/GP4/ISAKMP inside host:any service:ISAKMP outside host:any service:Client
class id /Inbound/GP4/ISAKMP 16588099
class new /Inbound/GP4 Jabber nodefault inside host:any service:Client outside host:any service:Jabber
class rule add /Inbound/GP4/Jabber inside host:any service:Jabber outside host:any service:Client
class id /Inbound/GP4/Jabber 293746819
class new /Inbound/GP4 MSSQL nodefault inside host:any service:Client outside host:any service:MSSQL-Server
class rule add /Inbound/GP4/MSSQL inside host:any service:Client outside host:any service:MSSQL-Mon
class rule add /Inbound/GP4/MSSQL inside host:any service:MSSQL-Server outside host:any service:Client
class rule add /Inbound/GP4/MSSQL inside host:any service:MSSQL-Mon outside host:any service:Client
class id /Inbound/GP4/MSSQL 1502475093
class new /Inbound/GP4 NetBIOS-IP nodefault inside host:any service:Client outside host:any service:NetBIOS-IP-NS
class rule add /Inbound/GP4/NetBIOS-IP inside host:any service:Client outside host:any service:NetBIOS-IP-DGM
class rule add /Inbound/GP4/NetBIOS-IP inside host:any service:Client outside host:any service:NetBIOS-IP-SSN
class rule add /Inbound/GP4/NetBIOS-IP inside host:any service:NetBIOS-IP-NS outside host:any service:Client
class rule add /Inbound/GP4/NetBIOS-IP inside host:any service:NetBIOS-IP-DGM outside host:any service:Client
class rule add /Inbound/GP4/NetBIOS-IP inside host:any service:NetBIOS-IP-SSN outside host:any service:Client
class id /Inbound/GP4/NetBIOS-IP 107200481
class new /Inbound/GP4 QQ nodefault inside host:any service:Client outside host:any service:QQ IM
class rule add /Inbound/GP4/QQ inside host:any service:Client outside host:any service:QQ Games
class rule add /Inbound/GP4/QQ inside host:any service:Client outside host:any service:QQ Web
class rule add /Inbound/GP4/QQ inside host:any service:QQ IM outside host:any service:Client
class rule add /Inbound/GP4/QQ inside host:any service:QQ Games outside host:any service:Client
class rule add /Inbound/GP4/QQ inside host:any service:QQ Web outside host:any service:Client
class id /Inbound/GP4/QQ 155725921
class new /Inbound/GP4 Skype nodefault inside host:any service:Client outside host:any service:SkypeCommand
class rule add /Inbound/GP4/Skype inside host:any service:Client outside host:any service:SkypeData
class rule add /Inbound/GP4/Skype inside host:any service:SkypeCommand outside host:any service:Client
class rule add /Inbound/GP4/Skype inside host:any service:SkypeData outside host:any service:Client
class id /Inbound/GP4/Skype 1406093396
class new /Inbound/GP4 SLP nodefault inside host:any service:Client outside host:any service:SLP
class rule add /Inbound/GP4/SLP inside host:any service:SLP outside host:any service:Client
class id /Inbound/GP4/SLP 2009328000
class new /Inbound/GP4 SMS nodefault inside host:any service:Client outside host:any service:SMS-RC
class rule add /Inbound/GP4/SMS inside host:any service:Client outside host:any service:SMS-Chat
class rule add /Inbound/GP4/SMS inside host:any service:Client outside host:any service:SMS-File
class rule add /Inbound/GP4/SMS inside host:any service:Client outside host:any service:SMS-Auth
class rule add /Inbound/GP4/SMS inside host:any service:SMS-RC outside host:any service:Client
class rule add /Inbound/GP4/SMS inside host:any service:SMS-Chat outside host:any service:Client
class rule add /Inbound/GP4/SMS inside host:any service:SMS-File outside host:any service:Client
class rule add /Inbound/GP4/SMS inside host:any service:SMS-Auth outside host:any service:Client
class id /Inbound/GP4/SMS 1414630601
class new /Inbound/GP4 ICMP nodefault inside host:any ICMP outside host:any
class id /Inbound/GP4/ICMP 988711412
class new /Inbound/GP4 IGMP nodefault inside host:any IGMP outside host:any
class id /Inbound/GP4/IGMP 2143987805
class new /Inbound/GP4 DiscoveredPorts nodefault inside host:any outside host:any
class id /Inbound/GP4/DiscoveredPorts 1733881458
class new /Inbound/GP4/DiscoveredPorts UDP_Port_259 nodefault inside host:any UDP service:Client outside host:any service:Unknown-UDP port:259
class rule add /Inbound/GP4/DiscoveredPorts/UDP_Port_259 inside host:any UDP service:Unknown-UDP port:259 outside host:any service:Client
class id /Inbound/GP4/DiscoveredPorts/UDP_Port_259 1229856183
class new /Inbound/GP4 Default nodefault all
class id /Inbound/GP4/Default 345288248
rtm threshold /Inbound/GP4/Default 300 Total
rtm accept /Inbound/GP4/Default 100
rtm hosts /Inbound/GP4/Default enable
hostdb topusers start /Inbound/GP4/Default talk
hostdb topusers start /Inbound/GP4/Default listen
class new /Inbound OtherGs nodefault folder
class id /Inbound/OtherGs 168485358
class new /Inbound/OtherGs GRE nodefault inside host:any GRE outside host:any
class id /Inbound/OtherGs/GRE 876
class new /Inbound/OtherGs eDonkey nodefault inside host:any TCP service:Client outside host:any service:eDonkey-TCP
class rule add /Inbound/OtherGs/eDonkey inside host:any UDP service:Client outside host:any service:eDonkey-Ping
class rule add /Inbound/OtherGs/eDonkey inside host:any TCP service:eDonkey-TCP outside host:any service:Client
class rule add /Inbound/OtherGs/eDonkey inside host:any UDP service:eDonkey-Ping outside host:any service:Client
class id /Inbound/OtherGs/eDonkey 2876
class new /Inbound/OtherGs mDNS nodefault inside host:any UDP service:Client outside host:any service:mDNS
class rule add /Inbound/OtherGs/mDNS inside host:any UDP service:mDNS outside host:any service:Client
class id /Inbound/OtherGs/mDNS 3588
class new /Inbound/OtherGs MSN-Messenger nodefault inside host:any TCP service:Client outside host:any service:MSN-Messenger
class rule add /Inbound/OtherGs/MSN-Messenger inside host:any TCP service:MSN-Messenger outside host:any service:Client
class id /Inbound/OtherGs/MSN-Messenger 2316
rtm threshold /Inbound/OtherGs/MSN-Messenger 600 Total
rtm accept /Inbound/OtherGs/MSN-Messenger 100
rtm hosts /Inbound/OtherGs/MSN-Messenger enable
class new /Inbound/OtherGs SSDP nodefault inside host:any UDP service:Client outside host:any service:SSDP
class rule add /Inbound/OtherGs/SSDP inside host:any UDP service:SSDP outside host:any service:Client
class id /Inbound/OtherGs/SSDP 3180
class new /Inbound/OtherGs WAP nodefault inside host:any UDP service:Client outside host:any service:WAP
class rule add /Inbound/OtherGs/WAP inside host:any UDP service:WAP outside host:any service:Client
class id /Inbound/OtherGs/WAP 3748
class new /Inbound/OtherGs DNS nodefault inside host:any service:Client outside host:any service:DNS
class rule add /Inbound/OtherGs/DNS inside host:any service:DNS outside host:any service:Client
class id /Inbound/OtherGs/DNS 428
class new /Inbound/OtherGs Gnutella nodefault inside host:any service:Client outside host:any service:Gnutella-Init
class rule add /Inbound/OtherGs/Gnutella inside host:any TCP service:Client outside host:any service:Gnutella-Cmd
class rule add /Inbound/OtherGs/Gnutella inside host:any TCP service:Client outside host:any service:Gnutella-Upload
class rule add /Inbound/OtherGs/Gnutella inside host:any TCP service:Client outside host:any service:Gnutella-Download
class rule add /Inbound/OtherGs/Gnutella inside host:any service:Gnutella-Init outside host:any service:Client
class rule add /Inbound/OtherGs/Gnutella inside host:any TCP service:Gnutella-Cmd outside host:any service:Client
class rule add /Inbound/OtherGs/Gnutella inside host:any TCP service:Gnutella-Upload outside host:any service:Client
class rule add /Inbound/OtherGs/Gnutella inside host:any TCP service:Gnutella-Download outside host:any service:Client
class id /Inbound/OtherGs/Gnutella 2260
class new /Inbound/OtherGs ISAKMP nodefault inside host:any service:Client outside host:any service:ISAKMP
class rule add /Inbound/OtherGs/ISAKMP inside host:any service:ISAKMP outside host:any service:Client
class id /Inbound/OtherGs/ISAKMP 1556
class new /Inbound/OtherGs NetBIOS-IP nodefault inside host:any service:Client outside host:any service:NetBIOS-IP-NS
class rule add /Inbound/OtherGs/NetBIOS-IP inside host:any service:Client outside host:any service:NetBIOS-IP-DGM
class rule add /Inbound/OtherGs/NetBIOS-IP inside host:any service:Client outside host:any service:NetBIOS-IP-SSN
class rule add /Inbound/OtherGs/NetBIOS-IP inside host:any service:NetBIOS-IP-NS outside host:any service:Client
class rule add /Inbound/OtherGs/NetBIOS-IP inside host:any service:NetBIOS-IP-DGM outside host:any service:Client
class rule add /Inbound/OtherGs/NetBIOS-IP inside host:any service:NetBIOS-IP-SSN outside host:any service:Client
class id /Inbound/OtherGs/NetBIOS-IP 532
class new /Inbound/OtherGs QQ nodefault inside host:any service:Client outside host:any service:QQ IM
class rule add /Inbound/OtherGs/QQ inside host:any service:Client outside host:any service:QQ Games
class rule add /Inbound/OtherGs/QQ inside host:any service:Client outside host:any service:QQ Web
class rule add /Inbound/OtherGs/QQ inside host:any service:QQ IM outside host:any service:Client
class rule add /Inbound/OtherGs/QQ inside host:any service:QQ Games outside host:any service:Client
class rule add /Inbound/OtherGs/QQ inside host:any service:QQ Web outside host:any service:Client
class id /Inbound/OtherGs/QQ 4948
class new /Inbound/OtherGs Skype nodefault inside host:any service:Client outside host:any service:SkypeCommand
class rule add /Inbound/OtherGs/Skype inside host:any service:Client outside host:any service:SkypeData
class rule add /Inbound/OtherGs/Skype inside host:any service:SkypeCommand outside host:any service:Client
class rule add /Inbound/OtherGs/Skype inside host:any service:SkypeData outside host:any service:Client
class id /Inbound/OtherGs/Skype 3460
class new /Inbound/OtherGs SLP nodefault inside host:any service:Client outside host:any service:SLP
class rule add /Inbound/OtherGs/SLP inside host:any service:SLP outside host:any service:Client
class id /Inbound/OtherGs/SLP 1476
class new /Inbound/OtherGs SMS nodefault inside host:any service:Client outside host:any service:SMS-RC
class rule add /Inbound/OtherGs/SMS inside host:any service:Client outside host:any service:SMS-Chat
class rule add /Inbound/OtherGs/SMS inside host:any service:Client outside host:any service:SMS-File
class rule add /Inbound/OtherGs/SMS inside host:any service:Client outside host:any service:SMS-Auth
class rule add /Inbound/OtherGs/SMS inside host:any service:SMS-RC outside host:any service:Client
class rule add /Inbound/OtherGs/SMS inside host:any service:SMS-Chat outside host:any service:Client
class rule add /Inbound/OtherGs/SMS inside host:any service:SMS-File outside host:any service:Client
class rule add /Inbound/OtherGs/SMS inside host:any service:SMS-Auth outside host:any service:Client
class id /Inbound/OtherGs/SMS 1668
class new /Inbound/OtherGs ICMP nodefault inside host:any ICMP outside host:any
class id /Inbound/OtherGs/ICMP 404
class new /Inbound/OtherGs IGMP nodefault inside host:any IGMP outside host:any
class id /Inbound/OtherGs/IGMP 988
class new /Inbound/OtherGs DiscoveredPorts nodefault inside host:any outside host:any
class id /Inbound/OtherGs/DiscoveredPorts 101320743
class new /Inbound/OtherGs/DiscoveredPorts UDP_Port_259 nodefault inside host:any UDP service:Client outside host:any service:Unknown-UDP port:259
class rule add /Inbound/OtherGs/DiscoveredPorts/UDP_Port_259 inside host:any UDP service:Unknown-UDP port:259 outside host:any service:Client
class id /Inbound/OtherGs/DiscoveredPorts/UDP_Port_259 913022597
class new /Inbound/OtherGs IPv6 nodefault all IPv6
class id /Inbound/OtherGs/IPv6 1140
class new /Inbound/OtherGs Protocol_3311 nodefault all Miscellaneous protocol:0x3311
class id /Inbound/OtherGs/Protocol_3311 655986171
class id /Inbound/Default 5
hostdb topusers start /Inbound/Default talk
class id /Outbound 2
hostdb topusers start /Outbound talk
hostdb topusers start /Outbound listen
class new /Outbound Localhost nodefault sortorder:32001 inside local outside host:any
class set /Outbound/Localhost exception
class id /Outbound/Localhost 59
class note /Outbound/Localhost "Matches traffic to the unit itself"
class new /Outbound GP4 nodefault inside list:gp4 outside host:any
class id /Outbound/GP4 998681176
class new /Outbound/GP4 GRE nodefault inside host:any GRE outside host:any
class id /Outbound/GP4/GRE 399767719
class new /Outbound/GP4 HTTP nodefault inside host:any TCP service:Client outside host:any service:HTTP
class rule add /Outbound/GP4/HTTP inside host:any TCP service:HTTP outside host:any service:Client
class id /Outbound/GP4/HTTP 16707931
rtm threshold /Outbound/GP4/HTTP 200 Total
rtm accept /Outbound/GP4/HTTP 100
rtm hosts /Outbound/GP4/HTTP enable
class new /Outbound/GP4/HTTP Top_User_10.1.2.48 nodefault inside host:10.1.2.48 outside host:any
class id /Outbound/GP4/HTTP/Top_User_10.1.2.48 822353026
hostdb topusers start /Outbound/GP4/HTTP/Top_User_10.1.2.48 talk
hostdb topusers start /Outbound/GP4/HTTP/Top_User_10.1.2.48 listen
class new /Outbound/GP4/HTTP Default nodefault all
class id /Outbound/GP4/HTTP/Default 1586863498
class new /Outbound/GP4 Flickr nodefault inside host:any TCP service:Client outside host:any service:Flickr
class rule add /Outbound/GP4/Flickr inside host:any TCP service:Flickr outside host:any service:Client
class id /Outbound/GP4/Flickr 923471873
class new /Outbound/GP4 FTP nodefault inside host:any TCP service:Client outside host:any service:FTP-Cmd-Clear
class rule add /Outbound/GP4/FTP inside host:any TCP service:Client outside host:any service:FTP-Data-Clear
class rule add /Outbound/GP4/FTP inside host:any TCP service:Client outside host:any service:FTP-Cmd-Secure
class rule add /Outbound/GP4/FTP inside host:any TCP service:Client outside host:any service:FTP-Data-Secure
class rule add /Outbound/GP4/FTP inside host:any TCP service:FTP-Cmd-Clear outside host:any service:Client
class rule add /Outbound/GP4/FTP inside host:any TCP service:FTP-Data-Clear outside host:any service:Client
class rule add /Outbound/GP4/FTP inside host:any TCP service:FTP-Cmd-Secure outside host:any service:Client
class rule add /Outbound/GP4/FTP inside host:any TCP service:FTP-Data-Secure outside host:any service:Client
class id /Outbound/GP4/FTP 1642165920
class new /Outbound/GP4 MSN-Messenger nodefault inside host:any TCP service:Client outside host:any service:MSN-Messenger
class rule add /Outbound/GP4/MSN-Messenger inside host:any TCP service:MSN-Messenger outside host:any service:Client
class id /Outbound/GP4/MSN-Messenger 803993056
class new /Outbound/GP4 PPTP nodefault inside host:any TCP service:Client outside host:any service:PPTP
class rule add /Outbound/GP4/PPTP inside host:any TCP service:PPTP outside host:any service:Client
class id /Outbound/GP4/PPTP 234898674
class new /Outbound/GP4 SSDP nodefault inside host:any UDP service:Client outside host:any service:SSDP
class rule add /Outbound/GP4/SSDP inside host:any UDP service:SSDP outside host:any service:Client
class id /Outbound/GP4/SSDP 1945976556
class new /Outbound/GP4 SSL nodefault inside host:any TCP service:Client outside host:any service:SSL
class rule add /Outbound/GP4/SSL inside host:any TCP service:SSL outside host:any service:Client
class id /Outbound/GP4/SSL 1617932818
class new /Outbound/GP4 SSL-No-Cert nodefault inside host:any TCP service:Client outside host:any service:SSL-No-Cert
class rule add /Outbound/GP4/SSL-No-Cert inside host:any TCP service:SSL-No-Cert outside host:any service:Client
class id /Outbound/GP4/SSL-No-Cert 392731267
class new /Outbound/GP4 CIFS nodefault inside host:any service:Client outside host:any service:CIFS-NB
class rule add /Outbound/GP4/CIFS inside host:any TCP service:Client outside host:any service:CIFS-TCP
class rule add /Outbound/GP4/CIFS inside host:any service:CIFS-NB outside host:any service:Client
class rule add /Outbound/GP4/CIFS inside host:any TCP service:CIFS-TCP outside host:any service:Client
class id /Outbound/GP4/CIFS 2024256959
class new /Outbound/GP4 DNS nodefault inside host:any service:Client outside host:any service:DNS
class rule add /Outbound/GP4/DNS inside host:any service:DNS outside host:any service:Client
class id /Outbound/GP4/DNS 867119542
class new /Outbound/GP4 NetBIOS-IP nodefault inside host:any service:Client outside host:any service:NetBIOS-IP-NS
class rule add /Outbound/GP4/NetBIOS-IP inside host:any service:Client outside host:any service:NetBIOS-IP-DGM
class rule add /Outbound/GP4/NetBIOS-IP inside host:any service:Client outside host:any service:NetBIOS-IP-SSN
class rule add /Outbound/GP4/NetBIOS-IP inside host:any service:NetBIOS-IP-NS outside host:any service:Client
class rule add /Outbound/GP4/NetBIOS-IP inside host:any service:NetBIOS-IP-DGM outside host:any service:Client
class rule add /Outbound/GP4/NetBIOS-IP inside host:any service:NetBIOS-IP-SSN outside host:any service:Client
class id /Outbound/GP4/NetBIOS-IP 1026809618
class new /Outbound/GP4 Skype nodefault inside host:any service:Client outside host:any service:SkypeCommand
class rule add /Outbound/GP4/Skype inside host:any service:Client outside host:any service:SkypeData
class rule add /Outbound/GP4/Skype inside host:any service:SkypeCommand outside host:any service:Client
class rule add /Outbound/GP4/Skype inside host:any service:SkypeData outside host:any service:Client
class id /Outbound/GP4/Skype 15007219
class new /Outbound/GP4 ICMP nodefault inside host:any ICMP outside host:any
class id /Outbound/GP4/ICMP 838571229
class new /Outbound/GP4 IGMP nodefault inside host:any IGMP outside host:any
class id /Outbound/GP4/IGMP 838571230
class new /Outbound/GP4 Default nodefault all
class id /Outbound/GP4/Default 1262058103
rtm threshold /Outbound/GP4/Default 300 Total
rtm accept /Outbound/GP4/Default 100
rtm hosts /Outbound/GP4/Default enable
class new /Outbound OtherGs nodefault folder
class id /Outbound/OtherGs 168815646
hostdb topusers start /Outbound/OtherGs talk
class new /Outbound/OtherGs MSN-Messenger nodefault inside host:any TCP service:Client outside host:any service:MSN-Messenger
class rule add /Outbound/OtherGs/MSN-Messenger inside host:any TCP service:MSN-Messenger outside host:any service:Client
class id /Outbound/OtherGs/MSN-Messenger 2317
class new /Outbound/OtherGs SSDP nodefault inside host:any UDP service:Client outside host:any service:SSDP
class rule add /Outbound/OtherGs/SSDP inside host:any UDP service:SSDP outside host:any service:Client
class id /Outbound/OtherGs/SSDP 3181
class new /Outbound/OtherGs CIFS nodefault inside host:any service:Client outside host:any service:CIFS-NB
class rule add /Outbound/OtherGs/CIFS inside host:any TCP service:Client outside host:any service:CIFS-TCP
class rule add /Outbound/OtherGs/CIFS inside host:any service:CIFS-NB outside host:any service:Client
class rule add /Outbound/OtherGs/CIFS inside host:any TCP service:CIFS-TCP outside host:any service:Client
class id /Outbound/OtherGs/CIFS 3861
class new /Outbound/OtherGs DNS nodefault inside host:any service:Client outside host:any service:DNS
class rule add /Outbound/OtherGs/DNS inside host:any service:DNS outside host:any service:Client
class id /Outbound/OtherGs/DNS 429
class new /Outbound/OtherGs ICMP nodefault inside host:any ICMP outside host:any
class id /Outbound/OtherGs/ICMP 405
class new /Outbound/OtherGs IGMP nodefault inside host:any IGMP outside host:any
class id /Outbound/OtherGs/IGMP 989
class id /Outbound/Default 52
partition apply /Inbound uncommitted none
partition apply /Outbound uncommitted none
policy apply priority /Inbound/Localhost 6
policy admit /Inbound/Localhost squeeze nontcp
policy admit /Inbound/Localhost refuse nonweb
policy admit /Inbound/Localhost refuse web
policy apply rate /Inbound/GP4/HTTP 256000 256000 3 automatic
policy admit /Inbound/GP4/HTTP squeeze nontcp
policy admit /Inbound/GP4/HTTP refuse nonweb
policy admit /Inbound/GP4/HTTP refuse web
policy flowlimit /Inbound/GP4/HTTP 10000 100000
policy apply priority /Inbound/GP4/PPTP 6
policy admit /Inbound/GP4/PPTP squeeze nontcp
policy admit /Inbound/GP4/PPTP refuse nonweb
policy admit /Inbound/GP4/PPTP refuse web
policy flowlimit /Inbound/GP4/PPTP 10000 100000
policy apply priority /Inbound/GP4/Skype 5
policy admit /Inbound/GP4/Skype squeeze nontcp
policy admit /Inbound/GP4/Skype refuse nonweb
policy admit /Inbound/GP4/Skype refuse web
policy flowlimit /Inbound/GP4/Skype 10000 100000
policy apply priority /Inbound/GP4/Default 5
policy admit /Inbound/GP4/Default squeeze nontcp
policy admit /Inbound/GP4/Default refuse nonweb
policy admit /Inbound/GP4/Default refuse web
policy flowlimit /Inbound/GP4/Default 10000 100000
policy apply priority /Inbound/OtherGs/eDonkey 0
policy admit /Inbound/OtherGs/eDonkey squeeze nontcp
policy admit /Inbound/OtherGs/eDonkey refuse nonweb
policy admit /Inbound/OtherGs/eDonkey refuse web
policy dscp /Inbound/OtherGs/eDonkey 0
policy flowlimit /Inbound/OtherGs/eDonkey 10000 100000
policy apply priority /Inbound/OtherGs/MSN-Messenger 3
policy admit /Inbound/OtherGs/MSN-Messenger squeeze nontcp
policy admit /Inbound/OtherGs/MSN-Messenger refuse nonweb
policy admit /Inbound/OtherGs/MSN-Messenger refuse web
policy dscp /Inbound/OtherGs/MSN-Messenger 3
policy flowlimit /Inbound/OtherGs/MSN-Messenger 10000 100000
policy apply priority /Inbound/OtherGs/DNS 5
policy admit /Inbound/OtherGs/DNS squeeze nontcp
policy admit /Inbound/OtherGs/DNS refuse nonweb
policy admit /Inbound/OtherGs/DNS refuse web
policy dscp /Inbound/OtherGs/DNS 5
policy flowlimit /Inbound/OtherGs/DNS 10000 100000
policy apply priority /Inbound/OtherGs/Skype 5
policy admit /Inbound/OtherGs/Skype squeeze nontcp
policy admit /Inbound/OtherGs/Skype refuse nonweb
policy admit /Inbound/OtherGs/Skype refuse web
policy dscp /Inbound/OtherGs/Skype 5
policy flowlimit /Inbound/OtherGs/Skype 10000 100000
policy apply priority /Inbound/Default 3
policy admit /Inbound/Default squeeze nontcp
policy admit /Inbound/Default refuse nonweb
policy admit /Inbound/Default refuse web
class set /Inbound/Default inherit
policy flowlimit /Inbound/Default 10000 100000
policy apply priority /Outbound/Localhost 6
policy admit /Outbound/Localhost squeeze nontcp
policy admit /Outbound/Localhost refuse nonweb
policy admit /Outbound/Localhost refuse web
policy apply rate /Outbound/GP4/HTTP/Default 10000 10000 4 automatic
policy admit /Outbound/GP4/HTTP/Default squeeze nontcp
policy admit /Outbound/GP4/HTTP/Default refuse nonweb
policy admit /Outbound/GP4/HTTP/Default refuse web
class set /Outbound/GP4/HTTP/Default inherit
policy flowlimit /Outbound/GP4/HTTP/Default 10000 100000
policy apply priority /Outbound/GP4/PPTP 6
policy admit /Outbound/GP4/PPTP squeeze nontcp
policy admit /Outbound/GP4/PPTP refuse nonweb
policy admit /Outbound/GP4/PPTP refuse web
policy flowlimit /Outbound/GP4/PPTP 10000 100000
policy apply priority /Outbound/OtherGs/MSN-Messenger 3
policy admit /Outbound/OtherGs/MSN-Messenger squeeze nontcp
policy admit /Outbound/OtherGs/MSN-Messenger refuse nonweb
policy admit /Outbound/OtherGs/MSN-Messenger refuse web
policy dscp /Outbound/OtherGs/MSN-Messenger 3
policy flowlimit /Outbound/OtherGs/MSN-Messenger 10000 100000
policy apply priority /Outbound/OtherGs/DNS 5
policy admit /Outbound/OtherGs/DNS squeeze nontcp
policy admit /Outbound/OtherGs/DNS refuse nonweb
policy admit /Outbound/OtherGs/DNS refuse web
policy dscp /Outbound/OtherGs/DNS 5
policy flowlimit /Outbound/OtherGs/DNS 10000 100000
policy apply priority /Outbound/Default 3
policy admit /Outbound/Default squeeze nontcp
policy admit /Outbound/Default refuse nonweb
policy admit /Outbound/Default refuse web
class set /Outbound/Default inherit
policy flowlimit /Outbound/Default 10000 100000
tunnel mode set enhanced
tunnel mtu auto
tunnel diffserv off
tunnel discovery on
tunnel discovery maintenance off
tunnel password default
tunnel firewall off
tunnel packing off
tunnel compression off
tunnel compression dictionary CNA 1M
tunnel acceleration off
tunnel acceleration faststart on
tunnel acceleration prefetch client off
tunnel acceleration prefetch server off
tunnel acceleration scps off
tunnel acceleration congestion-control on
tunnel holdtime glo 10
tunnel holdtime sen 1
tunnel holdtime non 10
wccp service-id 99
wccp off
host side auto
class discover /Inbound off
class discover /Outbound off
setup discover on
class discover /Inbound both
class discover /Inbound/GP4 both
class discover /Outbound both
class discover /Outbound/GP4 both
#set tacacs timeout 10
#set tacacs method ascii
#set tacacs auth off
#set tacacs acct off
#set radius limit 3
#set radius interval 5
#set radius method chap
#set radius auth off
#set radius acct off
set ssh port 22
set https port 443
set syslog state off
set syslog rate 20
#setup snmp syslocation "The physical location of this unit"
#setup snmp syscontact "The contact person for this managed unit"
#setup snmp sysname "10.1.2.40"
setup snmp configmode simple
setup snmp look public
# no SNMP views
# no SNMP access groups
# no SNMP users
# no SNMP remote users
# frame options routing on default
# frame options discovery on default
# set sntp on
# set sntp server 220.130.158.72 time-a.nist.gov
# set sntp poll 300
# setup email none
set adaptiveresponse on
agent new "High Bandwidth New App" "High Bandwidth New App"
agent interval "High Bandwidth New App" 60
agent parm "High Bandwidth New App" "RedThreshold" "10"
agent parm "High Bandwidth New App" "GreenThreshold" "5"
agent new "Inbound Default Traffic" "Default Traffic"
agent interval "Inbound Default Traffic" 1
agent parm "Inbound Default Traffic" "ClassName" "/Inbound/default"
agent parm "Inbound Default Traffic" "RedThreshold" "15"
agent parm "Inbound Default Traffic" "GreenThreshold" "7"
agent new "Inbound Packet Drops" "Link ME Variables"
agent interval "Inbound Packet Drops" 1
agent parm "Inbound Packet Drops" "ClassName" "/Inbound"
agent parm "Inbound Packet Drops" "MeVariableName" "rx-pkts-dropped%"
agent parm "Inbound Packet Drops" "MeDuration" "1"
agent parm "Inbound Packet Drops" "GreenOperator" "LT"
agent parm "Inbound Packet Drops" "RedOperator" "GT"
agent parm "Inbound Packet Drops" "RedThreshold" "3"
agent parm "Inbound Packet Drops" "GreenThreshold" "1"
agent new "Outbound Default Traffic" "Default Traffic"
agent interval "Outbound Default Traffic" 1
agent parm "Outbound Default Traffic" "ClassName" "/Outbound/default"
agent parm "Outbound Default Traffic" "RedThreshold" "15"
agent parm "Outbound Default Traffic" "GreenThreshold" "7"
agent new "Outbound Packet Drops" "Link ME Variables"
agent interval "Outbound Packet Drops" 1
agent parm "Outbound Packet Drops" "ClassName" "/Outbound"
agent parm "Outbound Packet Drops" "MeVariableName" "rx-pkts-dropped%"
agent parm "Outbound Packet Drops" "MeDuration" "1"
agent parm "Outbound Packet Drops" "GreenOperator" "LT"
agent parm "Outbound Packet Drops" "RedOperator" "GT"
agent parm "Outbound Packet Drops" "RedThreshold" "3"
agent parm "Outbound Packet Drops" "GreenThreshold" "1"
agent new "Quota Bandwidth Host agent" "Quota Bandwidth Host"
agent interval "Quota Bandwidth Host agent" 5
agent parm "Quota Bandwidth Host agent" "HostUsageThreshold" "5000000"
agent parm "Quota Bandwidth Host agent" "HostUsageMonitorInterval" "1"
agent parm "Quota Bandwidth Host agent" "Side" "both"
agent parm "Quota Bandwidth Host agent" "ViolatingHosts" "violatingHosts"
agent parm "Quota Bandwidth Host agent" "ExceptionHosts" "exceptionHosts"
agent parm "Quota Bandwidth Host agent" "RedThreshold" "2"
agent parm "Quota Bandwidth Host agent" "GreenThreshold" "1"
agent new "Spoofing - Client" "NFPM Side Unknown"
agent interval "Spoofing - Client" 1
agent parm "Spoofing - Client" "Side" "Client"
agent parm "Spoofing - Client" "SideThreshold" "100000"
agent parm "Spoofing - Client" "ViolatingHosts" "violatingHosts"
agent parm "Spoofing - Client" "ExceptionHosts" "exceptionHosts"
agent parm "Spoofing - Client" "RedThreshold" "1"
agent parm "Spoofing - Client" "GreenThreshold" "0"
agent new "Spoofing - Server" "NFPM Side Unknown"
agent interval "Spoofing - Server" 1
agent parm "Spoofing - Server" "Side" "Server"
agent parm "Spoofing - Server" "SideThreshold" "100000"
agent parm "Spoofing - Server" "ViolatingHosts" "violatingHosts"
agent parm "Spoofing - Server" "ExceptionHosts" "exceptionHosts"
agent parm "Spoofing - Server" "RedThreshold" "1"
agent parm "Spoofing - Server" "GreenThreshold" "0"
agent new "Syn Attack - Failed Flows" "Host Info Variables"
agent interval "Syn Attack - Failed Flows" 1
agent parm "Syn Attack - Failed Flows" "VariableName" "Failed Flows"
agent parm "Syn Attack - Failed Flows" "FlowsThreshold" "100000"
agent parm "Syn Attack - Failed Flows" "Side" "both"
agent parm "Syn Attack - Failed Flows" "ViolatingHosts" "violatingHosts"
agent parm "Syn Attack - Failed Flows" "ExceptionHosts" "exceptionHosts"
agent parm "Syn Attack - Failed Flows" "RedThreshold" "1"
agent parm "Syn Attack - Failed Flows" "GreenThreshold" "0"
agent new "System Load agent" "System Load"
agent interval "System Load agent" 1
agent parm "System Load agent" "RedThreshold" "95"
agent parm "System Load agent" "GreenThreshold" "90"
agent new "Traffic Performance agent" "Traffic Performance"
agent interval "Traffic Performance agent" 5
agent parm "Traffic Performance agent" "ClassName" "*"
agent parm "Traffic Performance agent" "Efficiency" "80"
agent parm "Traffic Performance agent" "RedThreshold" "1"
agent parm "Traffic Performance agent" "GreenThreshold" "0"
setup shaping off


.Execute the backup configuration file
PacketShaper# run 9.256/cmd/config.cmd


.Compression
Only compress outbound traffic

Bluecoat PacketShaper Bootcamp Day1 Notes

今年Bluecoat併購了一家歷史優久的網路設備商Packeteer,其著名產品可能很多人都有聽過 - PacketShaper,至於為什麼Bluecoat會併購Packeteer,想當然而就是希望1+1大於2效應,兩家產品各有所長,如果可以雙劍合一對網路管理者來說當然是最好不過的事(in-line service大家都不希望看到太多可能的變數),不過短期內應該仍會是以不同系列的產品來供應市場,也許未來會有更進一步的整合計劃,就讓我們拭目以待!

在這次的Bootcamp中主要的課程內容是以實作為主,所以大部份的時間都是由講師來講解使用上的注意事項及使用經驗分享,對於第一次接觸PacketShaper的人來說有點緊湊,有一個很主要的原因那就是大家手上並沒有講義可以翻閱,有時如果一時失神沒聽到或是沒看到DEMO畫面的話,可能就會不知道剛剛miss掉了那些東西,不過整體來說至少可以對於PacketShaper產品有一個概括的了解,簡單上架設定應該是不成問題。但是如果可能的話,最好還是可以參加比較正式的課程才會有完整性的了解!

以下是小弟那兩天的筆記,不過由於PacketShaper主要是利用GUI畫面來設定,所以小弟的筆記有限只能針對CLI的部份作註記請各位諒解!


.Packetshape Password Recovery
重開機之後,在第一個輸入密碼畫面輸入'touchpwd='
(如果打錯必須再次重開機)



.密碼分為兩個層級:
touch 123 (touch level password 123, blank password in default)
look 123 (look level password 456, blank password in default)
如果password相同,會使用最高權限level



PacketShaper#reset (重開機)
PacketShaper#setup reset all (Reset to Factory Default)

.Press Q to skip prompt text

.207.78.98.254 (default IP)
.unconfigured.packeteer.com (default FQDN)



PacketShaper#net nic (check interface status)
PacketShaper#version verbose (check version information)

PacketShaper#ls (List files and Directories)
PacketShaper#pwd (To check current directory)



PacketShaper#cd 9.256/ (change current directory to Flash)
PacketShaper#cd 9.258/ (change current directory to HardDisk)


.Upgrade Image
PacketShaper#image load 832g1std.zoo (image file not support filename length
more than 8 characteristics)

PS:DO NOT use Google browser(chrome) to upgrade image. The PacketShaper will be reloaded.



If you see a warning message:
Message for /dll/obsoleted_plug-in_names, Obsoleted Plug-ins: AFS.PLG, AR825V1.PLG, MSNGR71.PLG, PANDO73.PLG, QQ73.PLG, VENTRILO.PLG

You can use rm command to delete all above plug-in files(not compatible with new image version)
PacketShaper# rm ?
usage: rm [-rif] filename...



PacketShaper# image show (Check active and backup images information)

Active Image version: PacketShaper v8.3.2g1 2008-08-22
Backup Image version: PacketShaper v8.2.5g1 2008-01-21
Bootloader version : M30 Bootloader v3.0

Inside/Outside interface set to SECURE means you can't remote control via inside/outside interface
Inside/Outside interface set to LIST means filter by ip address/network, separate by comma or space.


.Use Command to force to revert image(If new version is working)
PacketShaper# image revert (Rollback to previous image version)
PacketShaper# reset

.Press Ctrl-B when booting process, it will change back to previous version image.(If new version is not working)



.LAN Expansion Module(LEM)



.Built-in Classes should not be deleted.

#setup reset all (reset to factory default)
#setup discover off (Disable discovery)
#setup show (Check local setting)

#class reset (Reset class)
#traffic tree (show traffic tree)