Bluecoat PacketShaper Bootcamp Day2 Notes

.Check License Key:
PacketShaper# setup keys show

Installed Keys: compatibility 1
control on
linksize 2m
compression on
acceleration on (Expires: 20081002)

.License Upgrade
Usage: setup keys add [yyyymmdd]

PacketShaper# setup keys add compatibility
PacketShaper# setup keys add control
PacketShaper# setup keys add linksize
PacketShaper# setup keys add compression
PacketShaper# setup keys add acceleration

.Measurement Engine(ME)


.Police
PacketShaper# ipfilter



show Show IP info
clear Clear IP filter[s]
onlyaccept Only accept specified packets
passthrough Passthrough specified packets
discard Discard specified packets
iponly Relay only IP trafic on|off.


.Show configuration limits
PacketShaper# sys limits


Statically allocated objects Current Remaining Total
-------------------------------------------------------------------
Traffic classes 80 176 256
Partitions 2 126 128
Dynamic Partitions 0 125 125
Policies 16 240 256
Matching rules 207 435 642
Classes with worst clients/servers 5 3 8
Classes with top talkers/listeners 10 2 12
TCP flows 618 4502 5120
Other IP flows 258 2302 2560
Legacy flows 0 1024 1024
Concurrent Hosts 5120 0 5120
MAC Cache Entries 46 4050 4096
Fragment Cache Entries 0 50 50
Command Contexts 10 20 30
Compression tunnels 0 0 0
Compression entries 0 0 0
Tunnels 0 10 10

Dynamically allocated objects Current Potential Total
-------------------------------------------------------------------
Matching rule host references 5 1299 1304
Host list DS entries 5 1166 1171
DNS names 2 3935 3937
Customer Portal users 0 256 256

Note: "Potential" for each object is an estimate allocating all
remaining dynamic memory to that object type.



PacketShaper# sys diag
(Per 15 mintues interval auto execution diagnose generates files under /DIAG/ directory by default)




PacketShaper# setup capture complete

Overwrite 9.256/cmd/config.cmd
Please confirm if you really want to proceed (YES): yes

Saved complete configuration in 9.256/cmd/config.cmd

#
# PacketShaper 1550 Configuration
#
# Address: 10.1.2.40
# Serial: 015-10008030
# Version: PacketShaper v8.3.2g1 2008-08-22
#
# Saved on Tue Sep 16 17:37:11 2008
#
setup ipaddr 10.1.2.40 255.255.255.0
setup nic inside auto-negotiate
setup nic outside auto-negotiate
setup siterouter none
setup gateway 10.1.2.1
setup timezone local
setup timezone Beijing
setup dns 168.95.192.1 168.95.1.1
setup domain none
setup secure inside off
setup secure outside off
setup link inbound 2000000
setup link outbound 2000000
synthetic options create-classes on
setup name 015-10008030
setup message default
setup access enable https
setup access enable ssh
setup access enable ftp
setup access enable http
setup access enable telnet
setup access enable snmp
setup access enable tcp-echo
hl new exceptionHosts
hl new gp1
hl add gp1 10.1.2.41-10.1.2.42
hl new gp2
hl add gp2 10.1.2.50-10.1.2.55
hl new gp4
hl add gp4 10.1.2.40-10.1.2.49
hl new violatingHosts
hl add violatingHosts 10.1.2.1
hl add violatingHosts 10.1.2.109
hl add violatingHosts 10.1.2.15
hl add violatingHosts 10.1.2.18
hl add violatingHosts 10.1.2.210
hl add violatingHosts 10.1.2.22
hl add violatingHosts 10.1.2.23
hl add violatingHosts 10.1.2.25
hl add violatingHosts 10.1.2.31
hl add violatingHosts 10.1.2.33
hl add violatingHosts 10.1.2.34
hl add violatingHosts 10.1.2.44
hl add violatingHosts 10.1.2.45
hl add violatingHosts 10.1.2.48
hl add violatingHosts 10.1.2.49
hl add violatingHosts 10.1.2.51
hl add violatingHosts 10.1.2.53
hl add violatingHosts 10.1.2.54
hl add violatingHosts 10.1.2.55
hl add violatingHosts 10.1.2.63
hl add violatingHosts 10.1.2.76
hl add violatingHosts 10.1.2.77
hl add violatingHosts 10.1.2.84
hl add violatingHosts 203.66.88.89
class id /Inbound 1
hostdb topusers start /Inbound talk
hostdb topusers start /Inbound listen
class new /Inbound Localhost nodefault sortorder:32001 inside local outside host:any
class set /Inbound/Localhost exception
class id /Inbound/Localhost 12
class note /Inbound/Localhost "Matches traffic to the unit itself"
class new /Inbound GP4 nodefault inside host:any outside host:any
class id /Inbound/GP4 448386309
class new /Inbound/GP4 GRE nodefault inside host:any GRE outside host:any
class id /Inbound/GP4/GRE 1177405195
class new /Inbound/GP4 HTTP nodefault inside host:any TCP service:Client outside host:any service:HTTP
class rule add /Inbound/GP4/HTTP inside host:any TCP service:HTTP outside host:any service:Client
class id /Inbound/GP4/HTTP 493907101
rtm hosts /Inbound/GP4/HTTP enable
class new /Inbound/GP4/HTTP Top_User_10.1.2.48 nodefault inside host:10.1.2.48 outside host:any
class id /Inbound/GP4/HTTP/Top_User_10.1.2.48 805127951
hostdb topusers start /Inbound/GP4/HTTP/Top_User_10.1.2.48 talk
hostdb topusers start /Inbound/GP4/HTTP/Top_User_10.1.2.48 listen
class new /Inbound/GP4/HTTP Default nodefault all
class id /Inbound/GP4/HTTP/Default 1246145598
class new /Inbound/GP4 Citrix nodefault inside host:any TCP service:Client outside host:any service:Citrix-ICA
class rule add /Inbound/GP4/Citrix inside host:any UDP service:Client outside host:any service:Citrix-SB
class rule add /Inbound/GP4/Citrix inside host:any TCP service:Citrix-ICA outside host:any service:Client
class rule add /Inbound/GP4/Citrix inside host:any UDP service:Citrix-SB outside host:any service:Client
class id /Inbound/GP4/Citrix 547099008
class new /Inbound/GP4 FTP nodefault inside host:any TCP service:Client outside host:any service:FTP-Cmd-Clear
class rule add /Inbound/GP4/FTP inside host:any TCP service:Client outside host:any service:FTP-Data-Clear
class rule add /Inbound/GP4/FTP inside host:any TCP service:Client outside host:any service:FTP-Cmd-Secure
class rule add /Inbound/GP4/FTP inside host:any TCP service:Client outside host:any service:FTP-Data-Secure
class rule add /Inbound/GP4/FTP inside host:any TCP service:FTP-Cmd-Clear outside host:any service:Client
class rule add /Inbound/GP4/FTP inside host:any TCP service:FTP-Data-Clear outside host:any service:Client
class rule add /Inbound/GP4/FTP inside host:any TCP service:FTP-Cmd-Secure outside host:any service:Client
class rule add /Inbound/GP4/FTP inside host:any TCP service:FTP-Data-Secure outside host:any service:Client
class id /Inbound/GP4/FTP 2034064425
class new /Inbound/GP4 lockd nodefault inside host:any UDP service:Client outside host:any service:lockd
class rule add /Inbound/GP4/lockd inside host:any UDP service:lockd outside host:any service:Client
class id /Inbound/GP4/lockd 1831273698
class new /Inbound/GP4 mDNS nodefault inside host:any UDP service:Client outside host:any service:mDNS
class rule add /Inbound/GP4/mDNS inside host:any UDP service:mDNS outside host:any service:Client
class id /Inbound/GP4/mDNS 549578609
class new /Inbound/GP4 MSN-Messenger nodefault inside host:any TCP service:Client outside host:any service:MSN-Messenger
class rule add /Inbound/GP4/MSN-Messenger inside host:any TCP service:MSN-Messenger outside host:any service:Client
class id /Inbound/GP4/MSN-Messenger 1280064832
class new /Inbound/GP4 PPTP nodefault inside host:any TCP service:Client outside host:any service:PPTP
class rule add /Inbound/GP4/PPTP inside host:any TCP service:PPTP outside host:any service:Client
class id /Inbound/GP4/PPTP 1481919796
class new /Inbound/GP4 SSDP nodefault inside host:any UDP service:Client outside host:any service:SSDP
class rule add /Inbound/GP4/SSDP inside host:any UDP service:SSDP outside host:any service:Client
class id /Inbound/GP4/SSDP 717165287
class new /Inbound/GP4 SSL nodefault inside host:any TCP service:Client outside host:any service:SSL
class rule add /Inbound/GP4/SSL inside host:any TCP service:SSL outside host:any service:Client
class id /Inbound/GP4/SSL 1707057730
class new /Inbound/GP4 SSL-No-Cert nodefault inside host:any TCP service:Client outside host:any service:SSL-No-Cert
class rule add /Inbound/GP4/SSL-No-Cert inside host:any TCP service:SSL-No-Cert outside host:any service:Client
class id /Inbound/GP4/SSL-No-Cert 494447204
class new /Inbound/GP4 WAP nodefault inside host:any UDP service:Client outside host:any service:WAP
class rule add /Inbound/GP4/WAP inside host:any UDP service:WAP outside host:any service:Client
class id /Inbound/GP4/WAP 783394616
class new /Inbound/GP4 WinMedia nodefault inside host:any TCP service:Client outside host:any service:WinMedia-TCP
class rule add /Inbound/GP4/WinMedia inside host:any UDP service:Client outside host:any service:WinMedia-UDP
class rule add /Inbound/GP4/WinMedia inside host:any TCP service:Client outside host:any service:WinMedia-MSBD
class rule add /Inbound/GP4/WinMedia inside host:any UDP service:Client outside host:any service:WinMedia-Mcast
class rule add /Inbound/GP4/WinMedia inside host:any TCP service:WinMedia-TCP outside host:any service:Client
class rule add /Inbound/GP4/WinMedia inside host:any UDP service:WinMedia-UDP outside host:any service:Client
class rule add /Inbound/GP4/WinMedia inside host:any TCP service:WinMedia-MSBD outside host:any service:Client
class rule add /Inbound/GP4/WinMedia inside host:any UDP service:WinMedia-Mcast outside host:any service:Client
class id /Inbound/GP4/WinMedia 271724449
class new /Inbound/GP4 CIFS nodefault inside host:any service:Client outside host:any service:CIFS-NB
class rule add /Inbound/GP4/CIFS inside host:any TCP service:Client outside host:any service:CIFS-TCP
class rule add /Inbound/GP4/CIFS inside host:any service:CIFS-NB outside host:any service:Client
class rule add /Inbound/GP4/CIFS inside host:any TCP service:CIFS-TCP outside host:any service:Client
class id /Inbound/GP4/CIFS 488075888
class new /Inbound/GP4 DNS nodefault inside host:any service:Client outside host:any service:DNS
class rule add /Inbound/GP4/DNS inside host:any service:DNS outside host:any service:Client
class id /Inbound/GP4/DNS 874921639
class new /Inbound/GP4 ISAKMP nodefault inside host:any service:Client outside host:any service:ISAKMP
class rule add /Inbound/GP4/ISAKMP inside host:any service:ISAKMP outside host:any service:Client
class id /Inbound/GP4/ISAKMP 16588099
class new /Inbound/GP4 Jabber nodefault inside host:any service:Client outside host:any service:Jabber
class rule add /Inbound/GP4/Jabber inside host:any service:Jabber outside host:any service:Client
class id /Inbound/GP4/Jabber 293746819
class new /Inbound/GP4 MSSQL nodefault inside host:any service:Client outside host:any service:MSSQL-Server
class rule add /Inbound/GP4/MSSQL inside host:any service:Client outside host:any service:MSSQL-Mon
class rule add /Inbound/GP4/MSSQL inside host:any service:MSSQL-Server outside host:any service:Client
class rule add /Inbound/GP4/MSSQL inside host:any service:MSSQL-Mon outside host:any service:Client
class id /Inbound/GP4/MSSQL 1502475093
class new /Inbound/GP4 NetBIOS-IP nodefault inside host:any service:Client outside host:any service:NetBIOS-IP-NS
class rule add /Inbound/GP4/NetBIOS-IP inside host:any service:Client outside host:any service:NetBIOS-IP-DGM
class rule add /Inbound/GP4/NetBIOS-IP inside host:any service:Client outside host:any service:NetBIOS-IP-SSN
class rule add /Inbound/GP4/NetBIOS-IP inside host:any service:NetBIOS-IP-NS outside host:any service:Client
class rule add /Inbound/GP4/NetBIOS-IP inside host:any service:NetBIOS-IP-DGM outside host:any service:Client
class rule add /Inbound/GP4/NetBIOS-IP inside host:any service:NetBIOS-IP-SSN outside host:any service:Client
class id /Inbound/GP4/NetBIOS-IP 107200481
class new /Inbound/GP4 QQ nodefault inside host:any service:Client outside host:any service:QQ IM
class rule add /Inbound/GP4/QQ inside host:any service:Client outside host:any service:QQ Games
class rule add /Inbound/GP4/QQ inside host:any service:Client outside host:any service:QQ Web
class rule add /Inbound/GP4/QQ inside host:any service:QQ IM outside host:any service:Client
class rule add /Inbound/GP4/QQ inside host:any service:QQ Games outside host:any service:Client
class rule add /Inbound/GP4/QQ inside host:any service:QQ Web outside host:any service:Client
class id /Inbound/GP4/QQ 155725921
class new /Inbound/GP4 Skype nodefault inside host:any service:Client outside host:any service:SkypeCommand
class rule add /Inbound/GP4/Skype inside host:any service:Client outside host:any service:SkypeData
class rule add /Inbound/GP4/Skype inside host:any service:SkypeCommand outside host:any service:Client
class rule add /Inbound/GP4/Skype inside host:any service:SkypeData outside host:any service:Client
class id /Inbound/GP4/Skype 1406093396
class new /Inbound/GP4 SLP nodefault inside host:any service:Client outside host:any service:SLP
class rule add /Inbound/GP4/SLP inside host:any service:SLP outside host:any service:Client
class id /Inbound/GP4/SLP 2009328000
class new /Inbound/GP4 SMS nodefault inside host:any service:Client outside host:any service:SMS-RC
class rule add /Inbound/GP4/SMS inside host:any service:Client outside host:any service:SMS-Chat
class rule add /Inbound/GP4/SMS inside host:any service:Client outside host:any service:SMS-File
class rule add /Inbound/GP4/SMS inside host:any service:Client outside host:any service:SMS-Auth
class rule add /Inbound/GP4/SMS inside host:any service:SMS-RC outside host:any service:Client
class rule add /Inbound/GP4/SMS inside host:any service:SMS-Chat outside host:any service:Client
class rule add /Inbound/GP4/SMS inside host:any service:SMS-File outside host:any service:Client
class rule add /Inbound/GP4/SMS inside host:any service:SMS-Auth outside host:any service:Client
class id /Inbound/GP4/SMS 1414630601
class new /Inbound/GP4 ICMP nodefault inside host:any ICMP outside host:any
class id /Inbound/GP4/ICMP 988711412
class new /Inbound/GP4 IGMP nodefault inside host:any IGMP outside host:any
class id /Inbound/GP4/IGMP 2143987805
class new /Inbound/GP4 DiscoveredPorts nodefault inside host:any outside host:any
class id /Inbound/GP4/DiscoveredPorts 1733881458
class new /Inbound/GP4/DiscoveredPorts UDP_Port_259 nodefault inside host:any UDP service:Client outside host:any service:Unknown-UDP port:259
class rule add /Inbound/GP4/DiscoveredPorts/UDP_Port_259 inside host:any UDP service:Unknown-UDP port:259 outside host:any service:Client
class id /Inbound/GP4/DiscoveredPorts/UDP_Port_259 1229856183
class new /Inbound/GP4 Default nodefault all
class id /Inbound/GP4/Default 345288248
rtm threshold /Inbound/GP4/Default 300 Total
rtm accept /Inbound/GP4/Default 100
rtm hosts /Inbound/GP4/Default enable
hostdb topusers start /Inbound/GP4/Default talk
hostdb topusers start /Inbound/GP4/Default listen
class new /Inbound OtherGs nodefault folder
class id /Inbound/OtherGs 168485358
class new /Inbound/OtherGs GRE nodefault inside host:any GRE outside host:any
class id /Inbound/OtherGs/GRE 876
class new /Inbound/OtherGs eDonkey nodefault inside host:any TCP service:Client outside host:any service:eDonkey-TCP
class rule add /Inbound/OtherGs/eDonkey inside host:any UDP service:Client outside host:any service:eDonkey-Ping
class rule add /Inbound/OtherGs/eDonkey inside host:any TCP service:eDonkey-TCP outside host:any service:Client
class rule add /Inbound/OtherGs/eDonkey inside host:any UDP service:eDonkey-Ping outside host:any service:Client
class id /Inbound/OtherGs/eDonkey 2876
class new /Inbound/OtherGs mDNS nodefault inside host:any UDP service:Client outside host:any service:mDNS
class rule add /Inbound/OtherGs/mDNS inside host:any UDP service:mDNS outside host:any service:Client
class id /Inbound/OtherGs/mDNS 3588
class new /Inbound/OtherGs MSN-Messenger nodefault inside host:any TCP service:Client outside host:any service:MSN-Messenger
class rule add /Inbound/OtherGs/MSN-Messenger inside host:any TCP service:MSN-Messenger outside host:any service:Client
class id /Inbound/OtherGs/MSN-Messenger 2316
rtm threshold /Inbound/OtherGs/MSN-Messenger 600 Total
rtm accept /Inbound/OtherGs/MSN-Messenger 100
rtm hosts /Inbound/OtherGs/MSN-Messenger enable
class new /Inbound/OtherGs SSDP nodefault inside host:any UDP service:Client outside host:any service:SSDP
class rule add /Inbound/OtherGs/SSDP inside host:any UDP service:SSDP outside host:any service:Client
class id /Inbound/OtherGs/SSDP 3180
class new /Inbound/OtherGs WAP nodefault inside host:any UDP service:Client outside host:any service:WAP
class rule add /Inbound/OtherGs/WAP inside host:any UDP service:WAP outside host:any service:Client
class id /Inbound/OtherGs/WAP 3748
class new /Inbound/OtherGs DNS nodefault inside host:any service:Client outside host:any service:DNS
class rule add /Inbound/OtherGs/DNS inside host:any service:DNS outside host:any service:Client
class id /Inbound/OtherGs/DNS 428
class new /Inbound/OtherGs Gnutella nodefault inside host:any service:Client outside host:any service:Gnutella-Init
class rule add /Inbound/OtherGs/Gnutella inside host:any TCP service:Client outside host:any service:Gnutella-Cmd
class rule add /Inbound/OtherGs/Gnutella inside host:any TCP service:Client outside host:any service:Gnutella-Upload
class rule add /Inbound/OtherGs/Gnutella inside host:any TCP service:Client outside host:any service:Gnutella-Download
class rule add /Inbound/OtherGs/Gnutella inside host:any service:Gnutella-Init outside host:any service:Client
class rule add /Inbound/OtherGs/Gnutella inside host:any TCP service:Gnutella-Cmd outside host:any service:Client
class rule add /Inbound/OtherGs/Gnutella inside host:any TCP service:Gnutella-Upload outside host:any service:Client
class rule add /Inbound/OtherGs/Gnutella inside host:any TCP service:Gnutella-Download outside host:any service:Client
class id /Inbound/OtherGs/Gnutella 2260
class new /Inbound/OtherGs ISAKMP nodefault inside host:any service:Client outside host:any service:ISAKMP
class rule add /Inbound/OtherGs/ISAKMP inside host:any service:ISAKMP outside host:any service:Client
class id /Inbound/OtherGs/ISAKMP 1556
class new /Inbound/OtherGs NetBIOS-IP nodefault inside host:any service:Client outside host:any service:NetBIOS-IP-NS
class rule add /Inbound/OtherGs/NetBIOS-IP inside host:any service:Client outside host:any service:NetBIOS-IP-DGM
class rule add /Inbound/OtherGs/NetBIOS-IP inside host:any service:Client outside host:any service:NetBIOS-IP-SSN
class rule add /Inbound/OtherGs/NetBIOS-IP inside host:any service:NetBIOS-IP-NS outside host:any service:Client
class rule add /Inbound/OtherGs/NetBIOS-IP inside host:any service:NetBIOS-IP-DGM outside host:any service:Client
class rule add /Inbound/OtherGs/NetBIOS-IP inside host:any service:NetBIOS-IP-SSN outside host:any service:Client
class id /Inbound/OtherGs/NetBIOS-IP 532
class new /Inbound/OtherGs QQ nodefault inside host:any service:Client outside host:any service:QQ IM
class rule add /Inbound/OtherGs/QQ inside host:any service:Client outside host:any service:QQ Games
class rule add /Inbound/OtherGs/QQ inside host:any service:Client outside host:any service:QQ Web
class rule add /Inbound/OtherGs/QQ inside host:any service:QQ IM outside host:any service:Client
class rule add /Inbound/OtherGs/QQ inside host:any service:QQ Games outside host:any service:Client
class rule add /Inbound/OtherGs/QQ inside host:any service:QQ Web outside host:any service:Client
class id /Inbound/OtherGs/QQ 4948
class new /Inbound/OtherGs Skype nodefault inside host:any service:Client outside host:any service:SkypeCommand
class rule add /Inbound/OtherGs/Skype inside host:any service:Client outside host:any service:SkypeData
class rule add /Inbound/OtherGs/Skype inside host:any service:SkypeCommand outside host:any service:Client
class rule add /Inbound/OtherGs/Skype inside host:any service:SkypeData outside host:any service:Client
class id /Inbound/OtherGs/Skype 3460
class new /Inbound/OtherGs SLP nodefault inside host:any service:Client outside host:any service:SLP
class rule add /Inbound/OtherGs/SLP inside host:any service:SLP outside host:any service:Client
class id /Inbound/OtherGs/SLP 1476
class new /Inbound/OtherGs SMS nodefault inside host:any service:Client outside host:any service:SMS-RC
class rule add /Inbound/OtherGs/SMS inside host:any service:Client outside host:any service:SMS-Chat
class rule add /Inbound/OtherGs/SMS inside host:any service:Client outside host:any service:SMS-File
class rule add /Inbound/OtherGs/SMS inside host:any service:Client outside host:any service:SMS-Auth
class rule add /Inbound/OtherGs/SMS inside host:any service:SMS-RC outside host:any service:Client
class rule add /Inbound/OtherGs/SMS inside host:any service:SMS-Chat outside host:any service:Client
class rule add /Inbound/OtherGs/SMS inside host:any service:SMS-File outside host:any service:Client
class rule add /Inbound/OtherGs/SMS inside host:any service:SMS-Auth outside host:any service:Client
class id /Inbound/OtherGs/SMS 1668
class new /Inbound/OtherGs ICMP nodefault inside host:any ICMP outside host:any
class id /Inbound/OtherGs/ICMP 404
class new /Inbound/OtherGs IGMP nodefault inside host:any IGMP outside host:any
class id /Inbound/OtherGs/IGMP 988
class new /Inbound/OtherGs DiscoveredPorts nodefault inside host:any outside host:any
class id /Inbound/OtherGs/DiscoveredPorts 101320743
class new /Inbound/OtherGs/DiscoveredPorts UDP_Port_259 nodefault inside host:any UDP service:Client outside host:any service:Unknown-UDP port:259
class rule add /Inbound/OtherGs/DiscoveredPorts/UDP_Port_259 inside host:any UDP service:Unknown-UDP port:259 outside host:any service:Client
class id /Inbound/OtherGs/DiscoveredPorts/UDP_Port_259 913022597
class new /Inbound/OtherGs IPv6 nodefault all IPv6
class id /Inbound/OtherGs/IPv6 1140
class new /Inbound/OtherGs Protocol_3311 nodefault all Miscellaneous protocol:0x3311
class id /Inbound/OtherGs/Protocol_3311 655986171
class id /Inbound/Default 5
hostdb topusers start /Inbound/Default talk
class id /Outbound 2
hostdb topusers start /Outbound talk
hostdb topusers start /Outbound listen
class new /Outbound Localhost nodefault sortorder:32001 inside local outside host:any
class set /Outbound/Localhost exception
class id /Outbound/Localhost 59
class note /Outbound/Localhost "Matches traffic to the unit itself"
class new /Outbound GP4 nodefault inside list:gp4 outside host:any
class id /Outbound/GP4 998681176
class new /Outbound/GP4 GRE nodefault inside host:any GRE outside host:any
class id /Outbound/GP4/GRE 399767719
class new /Outbound/GP4 HTTP nodefault inside host:any TCP service:Client outside host:any service:HTTP
class rule add /Outbound/GP4/HTTP inside host:any TCP service:HTTP outside host:any service:Client
class id /Outbound/GP4/HTTP 16707931
rtm threshold /Outbound/GP4/HTTP 200 Total
rtm accept /Outbound/GP4/HTTP 100
rtm hosts /Outbound/GP4/HTTP enable
class new /Outbound/GP4/HTTP Top_User_10.1.2.48 nodefault inside host:10.1.2.48 outside host:any
class id /Outbound/GP4/HTTP/Top_User_10.1.2.48 822353026
hostdb topusers start /Outbound/GP4/HTTP/Top_User_10.1.2.48 talk
hostdb topusers start /Outbound/GP4/HTTP/Top_User_10.1.2.48 listen
class new /Outbound/GP4/HTTP Default nodefault all
class id /Outbound/GP4/HTTP/Default 1586863498
class new /Outbound/GP4 Flickr nodefault inside host:any TCP service:Client outside host:any service:Flickr
class rule add /Outbound/GP4/Flickr inside host:any TCP service:Flickr outside host:any service:Client
class id /Outbound/GP4/Flickr 923471873
class new /Outbound/GP4 FTP nodefault inside host:any TCP service:Client outside host:any service:FTP-Cmd-Clear
class rule add /Outbound/GP4/FTP inside host:any TCP service:Client outside host:any service:FTP-Data-Clear
class rule add /Outbound/GP4/FTP inside host:any TCP service:Client outside host:any service:FTP-Cmd-Secure
class rule add /Outbound/GP4/FTP inside host:any TCP service:Client outside host:any service:FTP-Data-Secure
class rule add /Outbound/GP4/FTP inside host:any TCP service:FTP-Cmd-Clear outside host:any service:Client
class rule add /Outbound/GP4/FTP inside host:any TCP service:FTP-Data-Clear outside host:any service:Client
class rule add /Outbound/GP4/FTP inside host:any TCP service:FTP-Cmd-Secure outside host:any service:Client
class rule add /Outbound/GP4/FTP inside host:any TCP service:FTP-Data-Secure outside host:any service:Client
class id /Outbound/GP4/FTP 1642165920
class new /Outbound/GP4 MSN-Messenger nodefault inside host:any TCP service:Client outside host:any service:MSN-Messenger
class rule add /Outbound/GP4/MSN-Messenger inside host:any TCP service:MSN-Messenger outside host:any service:Client
class id /Outbound/GP4/MSN-Messenger 803993056
class new /Outbound/GP4 PPTP nodefault inside host:any TCP service:Client outside host:any service:PPTP
class rule add /Outbound/GP4/PPTP inside host:any TCP service:PPTP outside host:any service:Client
class id /Outbound/GP4/PPTP 234898674
class new /Outbound/GP4 SSDP nodefault inside host:any UDP service:Client outside host:any service:SSDP
class rule add /Outbound/GP4/SSDP inside host:any UDP service:SSDP outside host:any service:Client
class id /Outbound/GP4/SSDP 1945976556
class new /Outbound/GP4 SSL nodefault inside host:any TCP service:Client outside host:any service:SSL
class rule add /Outbound/GP4/SSL inside host:any TCP service:SSL outside host:any service:Client
class id /Outbound/GP4/SSL 1617932818
class new /Outbound/GP4 SSL-No-Cert nodefault inside host:any TCP service:Client outside host:any service:SSL-No-Cert
class rule add /Outbound/GP4/SSL-No-Cert inside host:any TCP service:SSL-No-Cert outside host:any service:Client
class id /Outbound/GP4/SSL-No-Cert 392731267
class new /Outbound/GP4 CIFS nodefault inside host:any service:Client outside host:any service:CIFS-NB
class rule add /Outbound/GP4/CIFS inside host:any TCP service:Client outside host:any service:CIFS-TCP
class rule add /Outbound/GP4/CIFS inside host:any service:CIFS-NB outside host:any service:Client
class rule add /Outbound/GP4/CIFS inside host:any TCP service:CIFS-TCP outside host:any service:Client
class id /Outbound/GP4/CIFS 2024256959
class new /Outbound/GP4 DNS nodefault inside host:any service:Client outside host:any service:DNS
class rule add /Outbound/GP4/DNS inside host:any service:DNS outside host:any service:Client
class id /Outbound/GP4/DNS 867119542
class new /Outbound/GP4 NetBIOS-IP nodefault inside host:any service:Client outside host:any service:NetBIOS-IP-NS
class rule add /Outbound/GP4/NetBIOS-IP inside host:any service:Client outside host:any service:NetBIOS-IP-DGM
class rule add /Outbound/GP4/NetBIOS-IP inside host:any service:Client outside host:any service:NetBIOS-IP-SSN
class rule add /Outbound/GP4/NetBIOS-IP inside host:any service:NetBIOS-IP-NS outside host:any service:Client
class rule add /Outbound/GP4/NetBIOS-IP inside host:any service:NetBIOS-IP-DGM outside host:any service:Client
class rule add /Outbound/GP4/NetBIOS-IP inside host:any service:NetBIOS-IP-SSN outside host:any service:Client
class id /Outbound/GP4/NetBIOS-IP 1026809618
class new /Outbound/GP4 Skype nodefault inside host:any service:Client outside host:any service:SkypeCommand
class rule add /Outbound/GP4/Skype inside host:any service:Client outside host:any service:SkypeData
class rule add /Outbound/GP4/Skype inside host:any service:SkypeCommand outside host:any service:Client
class rule add /Outbound/GP4/Skype inside host:any service:SkypeData outside host:any service:Client
class id /Outbound/GP4/Skype 15007219
class new /Outbound/GP4 ICMP nodefault inside host:any ICMP outside host:any
class id /Outbound/GP4/ICMP 838571229
class new /Outbound/GP4 IGMP nodefault inside host:any IGMP outside host:any
class id /Outbound/GP4/IGMP 838571230
class new /Outbound/GP4 Default nodefault all
class id /Outbound/GP4/Default 1262058103
rtm threshold /Outbound/GP4/Default 300 Total
rtm accept /Outbound/GP4/Default 100
rtm hosts /Outbound/GP4/Default enable
class new /Outbound OtherGs nodefault folder
class id /Outbound/OtherGs 168815646
hostdb topusers start /Outbound/OtherGs talk
class new /Outbound/OtherGs MSN-Messenger nodefault inside host:any TCP service:Client outside host:any service:MSN-Messenger
class rule add /Outbound/OtherGs/MSN-Messenger inside host:any TCP service:MSN-Messenger outside host:any service:Client
class id /Outbound/OtherGs/MSN-Messenger 2317
class new /Outbound/OtherGs SSDP nodefault inside host:any UDP service:Client outside host:any service:SSDP
class rule add /Outbound/OtherGs/SSDP inside host:any UDP service:SSDP outside host:any service:Client
class id /Outbound/OtherGs/SSDP 3181
class new /Outbound/OtherGs CIFS nodefault inside host:any service:Client outside host:any service:CIFS-NB
class rule add /Outbound/OtherGs/CIFS inside host:any TCP service:Client outside host:any service:CIFS-TCP
class rule add /Outbound/OtherGs/CIFS inside host:any service:CIFS-NB outside host:any service:Client
class rule add /Outbound/OtherGs/CIFS inside host:any TCP service:CIFS-TCP outside host:any service:Client
class id /Outbound/OtherGs/CIFS 3861
class new /Outbound/OtherGs DNS nodefault inside host:any service:Client outside host:any service:DNS
class rule add /Outbound/OtherGs/DNS inside host:any service:DNS outside host:any service:Client
class id /Outbound/OtherGs/DNS 429
class new /Outbound/OtherGs ICMP nodefault inside host:any ICMP outside host:any
class id /Outbound/OtherGs/ICMP 405
class new /Outbound/OtherGs IGMP nodefault inside host:any IGMP outside host:any
class id /Outbound/OtherGs/IGMP 989
class id /Outbound/Default 52
partition apply /Inbound uncommitted none
partition apply /Outbound uncommitted none
policy apply priority /Inbound/Localhost 6
policy admit /Inbound/Localhost squeeze nontcp
policy admit /Inbound/Localhost refuse nonweb
policy admit /Inbound/Localhost refuse web
policy apply rate /Inbound/GP4/HTTP/Default 256000 256000 3 automatic
policy admit /Inbound/GP4/HTTP/Default squeeze nontcp
policy admit /Inbound/GP4/HTTP/Default refuse nonweb
policy admit /Inbound/GP4/HTTP/Default refuse web
policy flowlimit /Inbound/GP4/HTTP/Default 10000 100000
policy apply priority /Inbound/GP4/PPTP 6
policy admit /Inbound/GP4/PPTP squeeze nontcp
policy admit /Inbound/GP4/PPTP refuse nonweb
policy admit /Inbound/GP4/PPTP refuse web
policy flowlimit /Inbound/GP4/PPTP 10000 100000
policy apply priority /Inbound/GP4/Skype 5
policy admit /Inbound/GP4/Skype squeeze nontcp
policy admit /Inbound/GP4/Skype refuse nonweb
policy admit /Inbound/GP4/Skype refuse web
policy flowlimit /Inbound/GP4/Skype 10000 100000
policy apply priority /Inbound/GP4/Default 5
policy admit /Inbound/GP4/Default squeeze nontcp
policy admit /Inbound/GP4/Default refuse nonweb
policy admit /Inbound/GP4/Default refuse web
policy flowlimit /Inbound/GP4/Default 10000 100000
policy apply priority /Inbound/OtherGs/eDonkey 0
policy admit /Inbound/OtherGs/eDonkey squeeze nontcp
policy admit /Inbound/OtherGs/eDonkey refuse nonweb
policy admit /Inbound/OtherGs/eDonkey refuse web
policy dscp /Inbound/OtherGs/eDonkey 0
policy flowlimit /Inbound/OtherGs/eDonkey 10000 100000
policy apply priority /Inbound/OtherGs/MSN-Messenger 3
policy admit /Inbound/OtherGs/MSN-Messenger squeeze nontcp
policy admit /Inbound/OtherGs/MSN-Messenger refuse nonweb
policy admit /Inbound/OtherGs/MSN-Messenger refuse web
policy dscp /Inbound/OtherGs/MSN-Messenger 3
policy flowlimit /Inbound/OtherGs/MSN-Messenger 10000 100000
policy apply priority /Inbound/OtherGs/DNS 5
policy admit /Inbound/OtherGs/DNS squeeze nontcp
policy admit /Inbound/OtherGs/DNS refuse nonweb
policy admit /Inbound/OtherGs/DNS refuse web
policy dscp /Inbound/OtherGs/DNS 5
policy flowlimit /Inbound/OtherGs/DNS 10000 100000
policy apply priority /Inbound/OtherGs/Skype 5
policy admit /Inbound/OtherGs/Skype squeeze nontcp
policy admit /Inbound/OtherGs/Skype refuse nonweb
policy admit /Inbound/OtherGs/Skype refuse web
policy dscp /Inbound/OtherGs/Skype 5
policy flowlimit /Inbound/OtherGs/Skype 10000 100000
policy apply priority /Inbound/Default 3
policy admit /Inbound/Default squeeze nontcp
policy admit /Inbound/Default refuse nonweb
policy admit /Inbound/Default refuse web
class set /Inbound/Default inherit
policy flowlimit /Inbound/Default 10000 100000
policy apply priority /Outbound/Localhost 6
policy admit /Outbound/Localhost squeeze nontcp
policy admit /Outbound/Localhost refuse nonweb
policy admit /Outbound/Localhost refuse web
policy apply rate /Outbound/GP4/HTTP/Default 10000 10000 4 automatic
policy admit /Outbound/GP4/HTTP/Default squeeze nontcp
policy admit /Outbound/GP4/HTTP/Default refuse nonweb
policy admit /Outbound/GP4/HTTP/Default refuse web
class set /Outbound/GP4/HTTP/Default inherit
policy flowlimit /Outbound/GP4/HTTP/Default 10000 100000
policy apply priority /Outbound/GP4/PPTP 6
policy admit /Outbound/GP4/PPTP squeeze nontcp
policy admit /Outbound/GP4/PPTP refuse nonweb
policy admit /Outbound/GP4/PPTP refuse web
policy flowlimit /Outbound/GP4/PPTP 10000 100000
policy apply priority /Outbound/OtherGs/MSN-Messenger 3
policy admit /Outbound/OtherGs/MSN-Messenger squeeze nontcp
policy admit /Outbound/OtherGs/MSN-Messenger refuse nonweb
policy admit /Outbound/OtherGs/MSN-Messenger refuse web
policy dscp /Outbound/OtherGs/MSN-Messenger 3
policy flowlimit /Outbound/OtherGs/MSN-Messenger 10000 100000
policy apply priority /Outbound/OtherGs/DNS 5
policy admit /Outbound/OtherGs/DNS squeeze nontcp
policy admit /Outbound/OtherGs/DNS refuse nonweb
policy admit /Outbound/OtherGs/DNS refuse web
policy dscp /Outbound/OtherGs/DNS 5
policy flowlimit /Outbound/OtherGs/DNS 10000 100000
policy apply priority /Outbound/Default 3
policy admit /Outbound/Default squeeze nontcp
policy admit /Outbound/Default refuse nonweb
policy admit /Outbound/Default refuse web
class set /Outbound/Default inherit
policy flowlimit /Outbound/Default 10000 100000
tunnel mode set enhanced
tunnel mtu auto
tunnel diffserv off
tunnel discovery on
tunnel discovery maintenance off
tunnel password default
tunnel firewall off
tunnel packing off
tunnel compression off
tunnel compression dictionary CNA 1M
tunnel acceleration off
tunnel acceleration faststart on
tunnel acceleration prefetch client off
tunnel acceleration prefetch server off
tunnel acceleration scps off
tunnel acceleration congestion-control on
tunnel holdtime glo 10
tunnel holdtime sen 1
tunnel holdtime non 10
wccp service-id 99
wccp off
host side auto
class discover /Inbound off
class discover /Outbound off
setup discover on
class discover /Inbound both
class discover /Inbound/GP4 both
class discover /Outbound both
class discover /Outbound/GP4 both
set tacacs timeout 10
set tacacs method ascii
set tacacs auth off
set tacacs acct off
set radius limit 3
set radius interval 5
set radius method chap
set radius auth off
set radius acct off
set ssh port 22
set https port 443
set syslog state off
set syslog rate 20
setup snmp syslocation "The physical location of this unit"
setup snmp syscontact "The contact person for this managed unit"
setup snmp sysname "10.1.2.40"
setup snmp configmode simple
setup snmp look public
# no SNMP views
# no SNMP access groups
# no SNMP users
# no SNMP remote users
frame options routing on default
frame options discovery on default
set sntp on
set sntp server 220.130.158.72 time-a.nist.gov
set sntp poll 300
setup email none
set adaptiveresponse on
agent new "High Bandwidth New App" "High Bandwidth New App"
agent interval "High Bandwidth New App" 60
agent parm "High Bandwidth New App" "RedThreshold" "10"
agent parm "High Bandwidth New App" "GreenThreshold" "5"
agent new "Inbound Default Traffic" "Default Traffic"
agent interval "Inbound Default Traffic" 1
agent parm "Inbound Default Traffic" "ClassName" "/Inbound/default"
agent parm "Inbound Default Traffic" "RedThreshold" "15"
agent parm "Inbound Default Traffic" "GreenThreshold" "7"
agent new "Inbound Packet Drops" "Link ME Variables"
agent interval "Inbound Packet Drops" 1
agent parm "Inbound Packet Drops" "ClassName" "/Inbound"
agent parm "Inbound Packet Drops" "MeVariableName" "rx-pkts-dropped%"
agent parm "Inbound Packet Drops" "MeDuration" "1"
agent parm "Inbound Packet Drops" "GreenOperator" "LT"
agent parm "Inbound Packet Drops" "RedOperator" "GT"
agent parm "Inbound Packet Drops" "RedThreshold" "3"
agent parm "Inbound Packet Drops" "GreenThreshold" "1"
agent new "Outbound Default Traffic" "Default Traffic"
agent interval "Outbound Default Traffic" 1
agent parm "Outbound Default Traffic" "ClassName" "/Outbound/default"
agent parm "Outbound Default Traffic" "RedThreshold" "15"
agent parm "Outbound Default Traffic" "GreenThreshold" "7"
agent new "Outbound Packet Drops" "Link ME Variables"
agent interval "Outbound Packet Drops" 1
agent parm "Outbound Packet Drops" "ClassName" "/Outbound"
agent parm "Outbound Packet Drops" "MeVariableName" "rx-pkts-dropped%"
agent parm "Outbound Packet Drops" "MeDuration" "1"
agent parm "Outbound Packet Drops" "GreenOperator" "LT"
agent parm "Outbound Packet Drops" "RedOperator" "GT"
agent parm "Outbound Packet Drops" "RedThreshold" "3"
agent parm "Outbound Packet Drops" "GreenThreshold" "1"
agent new "Quota Bandwidth Host agent" "Quota Bandwidth Host"
agent interval "Quota Bandwidth Host agent" 5
agent parm "Quota Bandwidth Host agent" "HostUsageThreshold" "5000000"
agent parm "Quota Bandwidth Host agent" "HostUsageMonitorInterval" "1"
agent parm "Quota Bandwidth Host agent" "Side" "both"
agent parm "Quota Bandwidth Host agent" "ViolatingHosts" "violatingHosts"
agent parm "Quota Bandwidth Host agent" "ExceptionHosts" "exceptionHosts"
agent parm "Quota Bandwidth Host agent" "RedThreshold" "2"
agent parm "Quota Bandwidth Host agent" "GreenThreshold" "1"
agent new "Spoofing - Client" "NFPM Side Unknown"
agent interval "Spoofing - Client" 1
agent parm "Spoofing - Client" "Side" "Client"
agent parm "Spoofing - Client" "SideThreshold" "100000"
agent parm "Spoofing - Client" "ViolatingHosts" "violatingHosts"
agent parm "Spoofing - Client" "ExceptionHosts" "exceptionHosts"
agent parm "Spoofing - Client" "RedThreshold" "1"
agent parm "Spoofing - Client" "GreenThreshold" "0"
agent new "Spoofing - Server" "NFPM Side Unknown"
agent interval "Spoofing - Server" 1
agent parm "Spoofing - Server" "Side" "Server"
agent parm "Spoofing - Server" "SideThreshold" "100000"
agent parm "Spoofing - Server" "ViolatingHosts" "violatingHosts"
agent parm "Spoofing - Server" "ExceptionHosts" "exceptionHosts"
agent parm "Spoofing - Server" "RedThreshold" "1"
agent parm "Spoofing - Server" "GreenThreshold" "0"
agent new "Syn Attack - Failed Flows" "Host Info Variables"
agent interval "Syn Attack - Failed Flows" 1
agent parm "Syn Attack - Failed Flows" "VariableName" "Failed Flows"
agent parm "Syn Attack - Failed Flows" "FlowsThreshold" "100000"
agent parm "Syn Attack - Failed Flows" "Side" "both"
agent parm "Syn Attack - Failed Flows" "ViolatingHosts" "violatingHosts"
agent parm "Syn Attack - Failed Flows" "ExceptionHosts" "exceptionHosts"
agent parm "Syn Attack - Failed Flows" "RedThreshold" "1"
agent parm "Syn Attack - Failed Flows" "GreenThreshold" "0"
agent new "System Load agent" "System Load"
agent interval "System Load agent" 1
agent parm "System Load agent" "RedThreshold" "95"
agent parm "System Load agent" "GreenThreshold" "90"
agent new "Traffic Performance agent" "Traffic Performance"
agent interval "Traffic Performance agent" 5
agent parm "Traffic Performance agent" "ClassName" "*"
agent parm "Traffic Performance agent" "Efficiency" "80"
agent parm "Traffic Performance agent" "RedThreshold" "1"
agent parm "Traffic Performance agent" "GreenThreshold" "0"
setup shaping off



PacketShaper# setup capture portable
(It will omit the local related information like ip address, in order to copy policy or rule to other device)

Overwrite 9.256/cmd/config.cmd
Please confirm if you really want to proceed (YES): yes

Saved portable configuration in 9.256/cmd/config.cmd

#
# PacketShaper 1550 Configuration
#
# Address: 10.1.2.40
# Serial: 015-10008030
# Version: PacketShaper v8.3.2g1 2008-08-22
#
# Saved on Tue Sep 16 17:40:45 2008
#
# setup ipaddr 10.1.2.40 255.255.255.0
# setup nic inside auto-negotiate
# setup nic outside auto-negotiate
# setup siterouter none
# setup gateway 10.1.2.1
# setup timezone local
# setup timezone Beijing
# setup dns 168.95.192.1 168.95.1.1
# setup domain none
# setup secure inside off
# setup secure outside off
# setup link inbound 2000000
# setup link outbound 2000000
# synthetic options create-classes on
#setup name 015-10008030
setup message default
setup access enable https
setup access enable ssh
setup access enable ftp
setup access enable http
setup access enable telnet
setup access enable snmp
setup access enable tcp-echo
hl new exceptionHosts
hl new gp1
hl add gp1 10.1.2.41-10.1.2.42
hl new gp2
hl add gp2 10.1.2.50-10.1.2.55
hl new gp4
hl add gp4 10.1.2.40-10.1.2.49
hl new violatingHosts
hl add violatingHosts 10.1.2.1
hl add violatingHosts 10.1.2.109
hl add violatingHosts 10.1.2.15
hl add violatingHosts 10.1.2.18
hl add violatingHosts 10.1.2.210
hl add violatingHosts 10.1.2.22
hl add violatingHosts 10.1.2.23
hl add violatingHosts 10.1.2.25
hl add violatingHosts 10.1.2.31
hl add violatingHosts 10.1.2.33
hl add violatingHosts 10.1.2.34
hl add violatingHosts 10.1.2.44
hl add violatingHosts 10.1.2.48
hl add violatingHosts 10.1.2.49
hl add violatingHosts 10.1.2.51
hl add violatingHosts 10.1.2.53
hl add violatingHosts 10.1.2.54
hl add violatingHosts 10.1.2.55
hl add violatingHosts 10.1.2.63
hl add violatingHosts 10.1.2.77
hl add violatingHosts 10.1.2.84
hl add violatingHosts 203.66.88.89
class id /Inbound 1
hostdb topusers start /Inbound talk
hostdb topusers start /Inbound listen
class new /Inbound Localhost nodefault sortorder:32001 inside local outside host:any
class set /Inbound/Localhost exception
class id /Inbound/Localhost 12
class note /Inbound/Localhost "Matches traffic to the unit itself"
class new /Inbound GP4 nodefault inside host:any outside host:any
class id /Inbound/GP4 448386309
class new /Inbound/GP4 GRE nodefault inside host:any GRE outside host:any
class id /Inbound/GP4/GRE 1177405195
class new /Inbound/GP4 HTTP nodefault inside host:any TCP service:Client outside host:any service:HTTP
class rule add /Inbound/GP4/HTTP inside host:any TCP service:HTTP outside host:any service:Client
class id /Inbound/GP4/HTTP 493907101
rtm hosts /Inbound/GP4/HTTP enable
class new /Inbound/GP4/HTTP Top_User_10.1.2.48 nodefault inside host:10.1.2.48 outside host:any
class id /Inbound/GP4/HTTP/Top_User_10.1.2.48 805127951
hostdb topusers start /Inbound/GP4/HTTP/Top_User_10.1.2.48 talk
hostdb topusers start /Inbound/GP4/HTTP/Top_User_10.1.2.48 listen
class new /Inbound/GP4/HTTP Default nodefault all
class id /Inbound/GP4/HTTP/Default 1246145598
class new /Inbound/GP4 Citrix nodefault inside host:any TCP service:Client outside host:any service:Citrix-ICA
class rule add /Inbound/GP4/Citrix inside host:any UDP service:Client outside host:any service:Citrix-SB
class rule add /Inbound/GP4/Citrix inside host:any TCP service:Citrix-ICA outside host:any service:Client
class rule add /Inbound/GP4/Citrix inside host:any UDP service:Citrix-SB outside host:any service:Client
class id /Inbound/GP4/Citrix 547099008
class new /Inbound/GP4 FTP nodefault inside host:any TCP service:Client outside host:any service:FTP-Cmd-Clear
class rule add /Inbound/GP4/FTP inside host:any TCP service:Client outside host:any service:FTP-Data-Clear
class rule add /Inbound/GP4/FTP inside host:any TCP service:Client outside host:any service:FTP-Cmd-Secure
class rule add /Inbound/GP4/FTP inside host:any TCP service:Client outside host:any service:FTP-Data-Secure
class rule add /Inbound/GP4/FTP inside host:any TCP service:FTP-Cmd-Clear outside host:any service:Client
class rule add /Inbound/GP4/FTP inside host:any TCP service:FTP-Data-Clear outside host:any service:Client
class rule add /Inbound/GP4/FTP inside host:any TCP service:FTP-Cmd-Secure outside host:any service:Client
class rule add /Inbound/GP4/FTP inside host:any TCP service:FTP-Data-Secure outside host:any service:Client
class id /Inbound/GP4/FTP 2034064425
class new /Inbound/GP4 lockd nodefault inside host:any UDP service:Client outside host:any service:lockd
class rule add /Inbound/GP4/lockd inside host:any UDP service:lockd outside host:any service:Client
class id /Inbound/GP4/lockd 1831273698
class new /Inbound/GP4 mDNS nodefault inside host:any UDP service:Client outside host:any service:mDNS
class rule add /Inbound/GP4/mDNS inside host:any UDP service:mDNS outside host:any service:Client
class id /Inbound/GP4/mDNS 549578609
class new /Inbound/GP4 MSN-Messenger nodefault inside host:any TCP service:Client outside host:any service:MSN-Messenger
class rule add /Inbound/GP4/MSN-Messenger inside host:any TCP service:MSN-Messenger outside host:any service:Client
class id /Inbound/GP4/MSN-Messenger 1280064832
class new /Inbound/GP4 PPTP nodefault inside host:any TCP service:Client outside host:any service:PPTP
class rule add /Inbound/GP4/PPTP inside host:any TCP service:PPTP outside host:any service:Client
class id /Inbound/GP4/PPTP 1481919796
class new /Inbound/GP4 SSDP nodefault inside host:any UDP service:Client outside host:any service:SSDP
class rule add /Inbound/GP4/SSDP inside host:any UDP service:SSDP outside host:any service:Client
class id /Inbound/GP4/SSDP 717165287
class new /Inbound/GP4 SSL nodefault inside host:any TCP service:Client outside host:any service:SSL
class rule add /Inbound/GP4/SSL inside host:any TCP service:SSL outside host:any service:Client
class id /Inbound/GP4/SSL 1707057730
class new /Inbound/GP4 SSL-No-Cert nodefault inside host:any TCP service:Client outside host:any service:SSL-No-Cert
class rule add /Inbound/GP4/SSL-No-Cert inside host:any TCP service:SSL-No-Cert outside host:any service:Client
class id /Inbound/GP4/SSL-No-Cert 494447204
class new /Inbound/GP4 WAP nodefault inside host:any UDP service:Client outside host:any service:WAP
class rule add /Inbound/GP4/WAP inside host:any UDP service:WAP outside host:any service:Client
class id /Inbound/GP4/WAP 783394616
class new /Inbound/GP4 WinMedia nodefault inside host:any TCP service:Client outside host:any service:WinMedia-TCP
class rule add /Inbound/GP4/WinMedia inside host:any UDP service:Client outside host:any service:WinMedia-UDP
class rule add /Inbound/GP4/WinMedia inside host:any TCP service:Client outside host:any service:WinMedia-MSBD
class rule add /Inbound/GP4/WinMedia inside host:any UDP service:Client outside host:any service:WinMedia-Mcast
class rule add /Inbound/GP4/WinMedia inside host:any TCP service:WinMedia-TCP outside host:any service:Client
class rule add /Inbound/GP4/WinMedia inside host:any UDP service:WinMedia-UDP outside host:any service:Client
class rule add /Inbound/GP4/WinMedia inside host:any TCP service:WinMedia-MSBD outside host:any service:Client
class rule add /Inbound/GP4/WinMedia inside host:any UDP service:WinMedia-Mcast outside host:any service:Client
class id /Inbound/GP4/WinMedia 271724449
class new /Inbound/GP4 CIFS nodefault inside host:any service:Client outside host:any service:CIFS-NB
class rule add /Inbound/GP4/CIFS inside host:any TCP service:Client outside host:any service:CIFS-TCP
class rule add /Inbound/GP4/CIFS inside host:any service:CIFS-NB outside host:any service:Client
class rule add /Inbound/GP4/CIFS inside host:any TCP service:CIFS-TCP outside host:any service:Client
class id /Inbound/GP4/CIFS 488075888
class new /Inbound/GP4 DNS nodefault inside host:any service:Client outside host:any service:DNS
class rule add /Inbound/GP4/DNS inside host:any service:DNS outside host:any service:Client
class id /Inbound/GP4/DNS 874921639
class new /Inbound/GP4 ISAKMP nodefault inside host:any service:Client outside host:any service:ISAKMP
class rule add /Inbound/GP4/ISAKMP inside host:any service:ISAKMP outside host:any service:Client
class id /Inbound/GP4/ISAKMP 16588099
class new /Inbound/GP4 Jabber nodefault inside host:any service:Client outside host:any service:Jabber
class rule add /Inbound/GP4/Jabber inside host:any service:Jabber outside host:any service:Client
class id /Inbound/GP4/Jabber 293746819
class new /Inbound/GP4 MSSQL nodefault inside host:any service:Client outside host:any service:MSSQL-Server
class rule add /Inbound/GP4/MSSQL inside host:any service:Client outside host:any service:MSSQL-Mon
class rule add /Inbound/GP4/MSSQL inside host:any service:MSSQL-Server outside host:any service:Client
class rule add /Inbound/GP4/MSSQL inside host:any service:MSSQL-Mon outside host:any service:Client
class id /Inbound/GP4/MSSQL 1502475093
class new /Inbound/GP4 NetBIOS-IP nodefault inside host:any service:Client outside host:any service:NetBIOS-IP-NS
class rule add /Inbound/GP4/NetBIOS-IP inside host:any service:Client outside host:any service:NetBIOS-IP-DGM
class rule add /Inbound/GP4/NetBIOS-IP inside host:any service:Client outside host:any service:NetBIOS-IP-SSN
class rule add /Inbound/GP4/NetBIOS-IP inside host:any service:NetBIOS-IP-NS outside host:any service:Client
class rule add /Inbound/GP4/NetBIOS-IP inside host:any service:NetBIOS-IP-DGM outside host:any service:Client
class rule add /Inbound/GP4/NetBIOS-IP inside host:any service:NetBIOS-IP-SSN outside host:any service:Client
class id /Inbound/GP4/NetBIOS-IP 107200481
class new /Inbound/GP4 QQ nodefault inside host:any service:Client outside host:any service:QQ IM
class rule add /Inbound/GP4/QQ inside host:any service:Client outside host:any service:QQ Games
class rule add /Inbound/GP4/QQ inside host:any service:Client outside host:any service:QQ Web
class rule add /Inbound/GP4/QQ inside host:any service:QQ IM outside host:any service:Client
class rule add /Inbound/GP4/QQ inside host:any service:QQ Games outside host:any service:Client
class rule add /Inbound/GP4/QQ inside host:any service:QQ Web outside host:any service:Client
class id /Inbound/GP4/QQ 155725921
class new /Inbound/GP4 Skype nodefault inside host:any service:Client outside host:any service:SkypeCommand
class rule add /Inbound/GP4/Skype inside host:any service:Client outside host:any service:SkypeData
class rule add /Inbound/GP4/Skype inside host:any service:SkypeCommand outside host:any service:Client
class rule add /Inbound/GP4/Skype inside host:any service:SkypeData outside host:any service:Client
class id /Inbound/GP4/Skype 1406093396
class new /Inbound/GP4 SLP nodefault inside host:any service:Client outside host:any service:SLP
class rule add /Inbound/GP4/SLP inside host:any service:SLP outside host:any service:Client
class id /Inbound/GP4/SLP 2009328000
class new /Inbound/GP4 SMS nodefault inside host:any service:Client outside host:any service:SMS-RC
class rule add /Inbound/GP4/SMS inside host:any service:Client outside host:any service:SMS-Chat
class rule add /Inbound/GP4/SMS inside host:any service:Client outside host:any service:SMS-File
class rule add /Inbound/GP4/SMS inside host:any service:Client outside host:any service:SMS-Auth
class rule add /Inbound/GP4/SMS inside host:any service:SMS-RC outside host:any service:Client
class rule add /Inbound/GP4/SMS inside host:any service:SMS-Chat outside host:any service:Client
class rule add /Inbound/GP4/SMS inside host:any service:SMS-File outside host:any service:Client
class rule add /Inbound/GP4/SMS inside host:any service:SMS-Auth outside host:any service:Client
class id /Inbound/GP4/SMS 1414630601
class new /Inbound/GP4 ICMP nodefault inside host:any ICMP outside host:any
class id /Inbound/GP4/ICMP 988711412
class new /Inbound/GP4 IGMP nodefault inside host:any IGMP outside host:any
class id /Inbound/GP4/IGMP 2143987805
class new /Inbound/GP4 DiscoveredPorts nodefault inside host:any outside host:any
class id /Inbound/GP4/DiscoveredPorts 1733881458
class new /Inbound/GP4/DiscoveredPorts UDP_Port_259 nodefault inside host:any UDP service:Client outside host:any service:Unknown-UDP port:259
class rule add /Inbound/GP4/DiscoveredPorts/UDP_Port_259 inside host:any UDP service:Unknown-UDP port:259 outside host:any service:Client
class id /Inbound/GP4/DiscoveredPorts/UDP_Port_259 1229856183
class new /Inbound/GP4 Default nodefault all
class id /Inbound/GP4/Default 345288248
rtm threshold /Inbound/GP4/Default 300 Total
rtm accept /Inbound/GP4/Default 100
rtm hosts /Inbound/GP4/Default enable
hostdb topusers start /Inbound/GP4/Default talk
hostdb topusers start /Inbound/GP4/Default listen
class new /Inbound OtherGs nodefault folder
class id /Inbound/OtherGs 168485358
class new /Inbound/OtherGs GRE nodefault inside host:any GRE outside host:any
class id /Inbound/OtherGs/GRE 876
class new /Inbound/OtherGs eDonkey nodefault inside host:any TCP service:Client outside host:any service:eDonkey-TCP
class rule add /Inbound/OtherGs/eDonkey inside host:any UDP service:Client outside host:any service:eDonkey-Ping
class rule add /Inbound/OtherGs/eDonkey inside host:any TCP service:eDonkey-TCP outside host:any service:Client
class rule add /Inbound/OtherGs/eDonkey inside host:any UDP service:eDonkey-Ping outside host:any service:Client
class id /Inbound/OtherGs/eDonkey 2876
class new /Inbound/OtherGs mDNS nodefault inside host:any UDP service:Client outside host:any service:mDNS
class rule add /Inbound/OtherGs/mDNS inside host:any UDP service:mDNS outside host:any service:Client
class id /Inbound/OtherGs/mDNS 3588
class new /Inbound/OtherGs MSN-Messenger nodefault inside host:any TCP service:Client outside host:any service:MSN-Messenger
class rule add /Inbound/OtherGs/MSN-Messenger inside host:any TCP service:MSN-Messenger outside host:any service:Client
class id /Inbound/OtherGs/MSN-Messenger 2316
rtm threshold /Inbound/OtherGs/MSN-Messenger 600 Total
rtm accept /Inbound/OtherGs/MSN-Messenger 100
rtm hosts /Inbound/OtherGs/MSN-Messenger enable
class new /Inbound/OtherGs SSDP nodefault inside host:any UDP service:Client outside host:any service:SSDP
class rule add /Inbound/OtherGs/SSDP inside host:any UDP service:SSDP outside host:any service:Client
class id /Inbound/OtherGs/SSDP 3180
class new /Inbound/OtherGs WAP nodefault inside host:any UDP service:Client outside host:any service:WAP
class rule add /Inbound/OtherGs/WAP inside host:any UDP service:WAP outside host:any service:Client
class id /Inbound/OtherGs/WAP 3748
class new /Inbound/OtherGs DNS nodefault inside host:any service:Client outside host:any service:DNS
class rule add /Inbound/OtherGs/DNS inside host:any service:DNS outside host:any service:Client
class id /Inbound/OtherGs/DNS 428
class new /Inbound/OtherGs Gnutella nodefault inside host:any service:Client outside host:any service:Gnutella-Init
class rule add /Inbound/OtherGs/Gnutella inside host:any TCP service:Client outside host:any service:Gnutella-Cmd
class rule add /Inbound/OtherGs/Gnutella inside host:any TCP service:Client outside host:any service:Gnutella-Upload
class rule add /Inbound/OtherGs/Gnutella inside host:any TCP service:Client outside host:any service:Gnutella-Download
class rule add /Inbound/OtherGs/Gnutella inside host:any service:Gnutella-Init outside host:any service:Client
class rule add /Inbound/OtherGs/Gnutella inside host:any TCP service:Gnutella-Cmd outside host:any service:Client
class rule add /Inbound/OtherGs/Gnutella inside host:any TCP service:Gnutella-Upload outside host:any service:Client
class rule add /Inbound/OtherGs/Gnutella inside host:any TCP service:Gnutella-Download outside host:any service:Client
class id /Inbound/OtherGs/Gnutella 2260
class new /Inbound/OtherGs ISAKMP nodefault inside host:any service:Client outside host:any service:ISAKMP
class rule add /Inbound/OtherGs/ISAKMP inside host:any service:ISAKMP outside host:any service:Client
class id /Inbound/OtherGs/ISAKMP 1556
class new /Inbound/OtherGs NetBIOS-IP nodefault inside host:any service:Client outside host:any service:NetBIOS-IP-NS
class rule add /Inbound/OtherGs/NetBIOS-IP inside host:any service:Client outside host:any service:NetBIOS-IP-DGM
class rule add /Inbound/OtherGs/NetBIOS-IP inside host:any service:Client outside host:any service:NetBIOS-IP-SSN
class rule add /Inbound/OtherGs/NetBIOS-IP inside host:any service:NetBIOS-IP-NS outside host:any service:Client
class rule add /Inbound/OtherGs/NetBIOS-IP inside host:any service:NetBIOS-IP-DGM outside host:any service:Client
class rule add /Inbound/OtherGs/NetBIOS-IP inside host:any service:NetBIOS-IP-SSN outside host:any service:Client
class id /Inbound/OtherGs/NetBIOS-IP 532
class new /Inbound/OtherGs QQ nodefault inside host:any service:Client outside host:any service:QQ IM
class rule add /Inbound/OtherGs/QQ inside host:any service:Client outside host:any service:QQ Games
class rule add /Inbound/OtherGs/QQ inside host:any service:Client outside host:any service:QQ Web
class rule add /Inbound/OtherGs/QQ inside host:any service:QQ IM outside host:any service:Client
class rule add /Inbound/OtherGs/QQ inside host:any service:QQ Games outside host:any service:Client
class rule add /Inbound/OtherGs/QQ inside host:any service:QQ Web outside host:any service:Client
class id /Inbound/OtherGs/QQ 4948
class new /Inbound/OtherGs Skype nodefault inside host:any service:Client outside host:any service:SkypeCommand
class rule add /Inbound/OtherGs/Skype inside host:any service:Client outside host:any service:SkypeData
class rule add /Inbound/OtherGs/Skype inside host:any service:SkypeCommand outside host:any service:Client
class rule add /Inbound/OtherGs/Skype inside host:any service:SkypeData outside host:any service:Client
class id /Inbound/OtherGs/Skype 3460
class new /Inbound/OtherGs SLP nodefault inside host:any service:Client outside host:any service:SLP
class rule add /Inbound/OtherGs/SLP inside host:any service:SLP outside host:any service:Client
class id /Inbound/OtherGs/SLP 1476
class new /Inbound/OtherGs SMS nodefault inside host:any service:Client outside host:any service:SMS-RC
class rule add /Inbound/OtherGs/SMS inside host:any service:Client outside host:any service:SMS-Chat
class rule add /Inbound/OtherGs/SMS inside host:any service:Client outside host:any service:SMS-File
class rule add /Inbound/OtherGs/SMS inside host:any service:Client outside host:any service:SMS-Auth
class rule add /Inbound/OtherGs/SMS inside host:any service:SMS-RC outside host:any service:Client
class rule add /Inbound/OtherGs/SMS inside host:any service:SMS-Chat outside host:any service:Client
class rule add /Inbound/OtherGs/SMS inside host:any service:SMS-File outside host:any service:Client
class rule add /Inbound/OtherGs/SMS inside host:any service:SMS-Auth outside host:any service:Client
class id /Inbound/OtherGs/SMS 1668
class new /Inbound/OtherGs ICMP nodefault inside host:any ICMP outside host:any
class id /Inbound/OtherGs/ICMP 404
class new /Inbound/OtherGs IGMP nodefault inside host:any IGMP outside host:any
class id /Inbound/OtherGs/IGMP 988
class new /Inbound/OtherGs DiscoveredPorts nodefault inside host:any outside host:any
class id /Inbound/OtherGs/DiscoveredPorts 101320743
class new /Inbound/OtherGs/DiscoveredPorts UDP_Port_259 nodefault inside host:any UDP service:Client outside host:any service:Unknown-UDP port:259
class rule add /Inbound/OtherGs/DiscoveredPorts/UDP_Port_259 inside host:any UDP service:Unknown-UDP port:259 outside host:any service:Client
class id /Inbound/OtherGs/DiscoveredPorts/UDP_Port_259 913022597
class new /Inbound/OtherGs IPv6 nodefault all IPv6
class id /Inbound/OtherGs/IPv6 1140
class new /Inbound/OtherGs Protocol_3311 nodefault all Miscellaneous protocol:0x3311
class id /Inbound/OtherGs/Protocol_3311 655986171
class id /Inbound/Default 5
hostdb topusers start /Inbound/Default talk
class id /Outbound 2
hostdb topusers start /Outbound talk
hostdb topusers start /Outbound listen
class new /Outbound Localhost nodefault sortorder:32001 inside local outside host:any
class set /Outbound/Localhost exception
class id /Outbound/Localhost 59
class note /Outbound/Localhost "Matches traffic to the unit itself"
class new /Outbound GP4 nodefault inside list:gp4 outside host:any
class id /Outbound/GP4 998681176
class new /Outbound/GP4 GRE nodefault inside host:any GRE outside host:any
class id /Outbound/GP4/GRE 399767719
class new /Outbound/GP4 HTTP nodefault inside host:any TCP service:Client outside host:any service:HTTP
class rule add /Outbound/GP4/HTTP inside host:any TCP service:HTTP outside host:any service:Client
class id /Outbound/GP4/HTTP 16707931
rtm threshold /Outbound/GP4/HTTP 200 Total
rtm accept /Outbound/GP4/HTTP 100
rtm hosts /Outbound/GP4/HTTP enable
class new /Outbound/GP4/HTTP Top_User_10.1.2.48 nodefault inside host:10.1.2.48 outside host:any
class id /Outbound/GP4/HTTP/Top_User_10.1.2.48 822353026
hostdb topusers start /Outbound/GP4/HTTP/Top_User_10.1.2.48 talk
hostdb topusers start /Outbound/GP4/HTTP/Top_User_10.1.2.48 listen
class new /Outbound/GP4/HTTP Default nodefault all
class id /Outbound/GP4/HTTP/Default 1586863498
class new /Outbound/GP4 Flickr nodefault inside host:any TCP service:Client outside host:any service:Flickr
class rule add /Outbound/GP4/Flickr inside host:any TCP service:Flickr outside host:any service:Client
class id /Outbound/GP4/Flickr 923471873
class new /Outbound/GP4 FTP nodefault inside host:any TCP service:Client outside host:any service:FTP-Cmd-Clear
class rule add /Outbound/GP4/FTP inside host:any TCP service:Client outside host:any service:FTP-Data-Clear
class rule add /Outbound/GP4/FTP inside host:any TCP service:Client outside host:any service:FTP-Cmd-Secure
class rule add /Outbound/GP4/FTP inside host:any TCP service:Client outside host:any service:FTP-Data-Secure
class rule add /Outbound/GP4/FTP inside host:any TCP service:FTP-Cmd-Clear outside host:any service:Client
class rule add /Outbound/GP4/FTP inside host:any TCP service:FTP-Data-Clear outside host:any service:Client
class rule add /Outbound/GP4/FTP inside host:any TCP service:FTP-Cmd-Secure outside host:any service:Client
class rule add /Outbound/GP4/FTP inside host:any TCP service:FTP-Data-Secure outside host:any service:Client
class id /Outbound/GP4/FTP 1642165920
class new /Outbound/GP4 MSN-Messenger nodefault inside host:any TCP service:Client outside host:any service:MSN-Messenger
class rule add /Outbound/GP4/MSN-Messenger inside host:any TCP service:MSN-Messenger outside host:any service:Client
class id /Outbound/GP4/MSN-Messenger 803993056
class new /Outbound/GP4 PPTP nodefault inside host:any TCP service:Client outside host:any service:PPTP
class rule add /Outbound/GP4/PPTP inside host:any TCP service:PPTP outside host:any service:Client
class id /Outbound/GP4/PPTP 234898674
class new /Outbound/GP4 SSDP nodefault inside host:any UDP service:Client outside host:any service:SSDP
class rule add /Outbound/GP4/SSDP inside host:any UDP service:SSDP outside host:any service:Client
class id /Outbound/GP4/SSDP 1945976556
class new /Outbound/GP4 SSL nodefault inside host:any TCP service:Client outside host:any service:SSL
class rule add /Outbound/GP4/SSL inside host:any TCP service:SSL outside host:any service:Client
class id /Outbound/GP4/SSL 1617932818
class new /Outbound/GP4 SSL-No-Cert nodefault inside host:any TCP service:Client outside host:any service:SSL-No-Cert
class rule add /Outbound/GP4/SSL-No-Cert inside host:any TCP service:SSL-No-Cert outside host:any service:Client
class id /Outbound/GP4/SSL-No-Cert 392731267
class new /Outbound/GP4 CIFS nodefault inside host:any service:Client outside host:any service:CIFS-NB
class rule add /Outbound/GP4/CIFS inside host:any TCP service:Client outside host:any service:CIFS-TCP
class rule add /Outbound/GP4/CIFS inside host:any service:CIFS-NB outside host:any service:Client
class rule add /Outbound/GP4/CIFS inside host:any TCP service:CIFS-TCP outside host:any service:Client
class id /Outbound/GP4/CIFS 2024256959
class new /Outbound/GP4 DNS nodefault inside host:any service:Client outside host:any service:DNS
class rule add /Outbound/GP4/DNS inside host:any service:DNS outside host:any service:Client
class id /Outbound/GP4/DNS 867119542
class new /Outbound/GP4 NetBIOS-IP nodefault inside host:any service:Client outside host:any service:NetBIOS-IP-NS
class rule add /Outbound/GP4/NetBIOS-IP inside host:any service:Client outside host:any service:NetBIOS-IP-DGM
class rule add /Outbound/GP4/NetBIOS-IP inside host:any service:Client outside host:any service:NetBIOS-IP-SSN
class rule add /Outbound/GP4/NetBIOS-IP inside host:any service:NetBIOS-IP-NS outside host:any service:Client
class rule add /Outbound/GP4/NetBIOS-IP inside host:any service:NetBIOS-IP-DGM outside host:any service:Client
class rule add /Outbound/GP4/NetBIOS-IP inside host:any service:NetBIOS-IP-SSN outside host:any service:Client
class id /Outbound/GP4/NetBIOS-IP 1026809618
class new /Outbound/GP4 Skype nodefault inside host:any service:Client outside host:any service:SkypeCommand
class rule add /Outbound/GP4/Skype inside host:any service:Client outside host:any service:SkypeData
class rule add /Outbound/GP4/Skype inside host:any service:SkypeCommand outside host:any service:Client
class rule add /Outbound/GP4/Skype inside host:any service:SkypeData outside host:any service:Client
class id /Outbound/GP4/Skype 15007219
class new /Outbound/GP4 ICMP nodefault inside host:any ICMP outside host:any
class id /Outbound/GP4/ICMP 838571229
class new /Outbound/GP4 IGMP nodefault inside host:any IGMP outside host:any
class id /Outbound/GP4/IGMP 838571230
class new /Outbound/GP4 Default nodefault all
class id /Outbound/GP4/Default 1262058103
rtm threshold /Outbound/GP4/Default 300 Total
rtm accept /Outbound/GP4/Default 100
rtm hosts /Outbound/GP4/Default enable
class new /Outbound OtherGs nodefault folder
class id /Outbound/OtherGs 168815646
hostdb topusers start /Outbound/OtherGs talk
class new /Outbound/OtherGs MSN-Messenger nodefault inside host:any TCP service:Client outside host:any service:MSN-Messenger
class rule add /Outbound/OtherGs/MSN-Messenger inside host:any TCP service:MSN-Messenger outside host:any service:Client
class id /Outbound/OtherGs/MSN-Messenger 2317
class new /Outbound/OtherGs SSDP nodefault inside host:any UDP service:Client outside host:any service:SSDP
class rule add /Outbound/OtherGs/SSDP inside host:any UDP service:SSDP outside host:any service:Client
class id /Outbound/OtherGs/SSDP 3181
class new /Outbound/OtherGs CIFS nodefault inside host:any service:Client outside host:any service:CIFS-NB
class rule add /Outbound/OtherGs/CIFS inside host:any TCP service:Client outside host:any service:CIFS-TCP
class rule add /Outbound/OtherGs/CIFS inside host:any service:CIFS-NB outside host:any service:Client
class rule add /Outbound/OtherGs/CIFS inside host:any TCP service:CIFS-TCP outside host:any service:Client
class id /Outbound/OtherGs/CIFS 3861
class new /Outbound/OtherGs DNS nodefault inside host:any service:Client outside host:any service:DNS
class rule add /Outbound/OtherGs/DNS inside host:any service:DNS outside host:any service:Client
class id /Outbound/OtherGs/DNS 429
class new /Outbound/OtherGs ICMP nodefault inside host:any ICMP outside host:any
class id /Outbound/OtherGs/ICMP 405
class new /Outbound/OtherGs IGMP nodefault inside host:any IGMP outside host:any
class id /Outbound/OtherGs/IGMP 989
class id /Outbound/Default 52
partition apply /Inbound uncommitted none
partition apply /Outbound uncommitted none
policy apply priority /Inbound/Localhost 6
policy admit /Inbound/Localhost squeeze nontcp
policy admit /Inbound/Localhost refuse nonweb
policy admit /Inbound/Localhost refuse web
policy apply rate /Inbound/GP4/HTTP 256000 256000 3 automatic
policy admit /Inbound/GP4/HTTP squeeze nontcp
policy admit /Inbound/GP4/HTTP refuse nonweb
policy admit /Inbound/GP4/HTTP refuse web
policy flowlimit /Inbound/GP4/HTTP 10000 100000
policy apply priority /Inbound/GP4/PPTP 6
policy admit /Inbound/GP4/PPTP squeeze nontcp
policy admit /Inbound/GP4/PPTP refuse nonweb
policy admit /Inbound/GP4/PPTP refuse web
policy flowlimit /Inbound/GP4/PPTP 10000 100000
policy apply priority /Inbound/GP4/Skype 5
policy admit /Inbound/GP4/Skype squeeze nontcp
policy admit /Inbound/GP4/Skype refuse nonweb
policy admit /Inbound/GP4/Skype refuse web
policy flowlimit /Inbound/GP4/Skype 10000 100000
policy apply priority /Inbound/GP4/Default 5
policy admit /Inbound/GP4/Default squeeze nontcp
policy admit /Inbound/GP4/Default refuse nonweb
policy admit /Inbound/GP4/Default refuse web
policy flowlimit /Inbound/GP4/Default 10000 100000
policy apply priority /Inbound/OtherGs/eDonkey 0
policy admit /Inbound/OtherGs/eDonkey squeeze nontcp
policy admit /Inbound/OtherGs/eDonkey refuse nonweb
policy admit /Inbound/OtherGs/eDonkey refuse web
policy dscp /Inbound/OtherGs/eDonkey 0
policy flowlimit /Inbound/OtherGs/eDonkey 10000 100000
policy apply priority /Inbound/OtherGs/MSN-Messenger 3
policy admit /Inbound/OtherGs/MSN-Messenger squeeze nontcp
policy admit /Inbound/OtherGs/MSN-Messenger refuse nonweb
policy admit /Inbound/OtherGs/MSN-Messenger refuse web
policy dscp /Inbound/OtherGs/MSN-Messenger 3
policy flowlimit /Inbound/OtherGs/MSN-Messenger 10000 100000
policy apply priority /Inbound/OtherGs/DNS 5
policy admit /Inbound/OtherGs/DNS squeeze nontcp
policy admit /Inbound/OtherGs/DNS refuse nonweb
policy admit /Inbound/OtherGs/DNS refuse web
policy dscp /Inbound/OtherGs/DNS 5
policy flowlimit /Inbound/OtherGs/DNS 10000 100000
policy apply priority /Inbound/OtherGs/Skype 5
policy admit /Inbound/OtherGs/Skype squeeze nontcp
policy admit /Inbound/OtherGs/Skype refuse nonweb
policy admit /Inbound/OtherGs/Skype refuse web
policy dscp /Inbound/OtherGs/Skype 5
policy flowlimit /Inbound/OtherGs/Skype 10000 100000
policy apply priority /Inbound/Default 3
policy admit /Inbound/Default squeeze nontcp
policy admit /Inbound/Default refuse nonweb
policy admit /Inbound/Default refuse web
class set /Inbound/Default inherit
policy flowlimit /Inbound/Default 10000 100000
policy apply priority /Outbound/Localhost 6
policy admit /Outbound/Localhost squeeze nontcp
policy admit /Outbound/Localhost refuse nonweb
policy admit /Outbound/Localhost refuse web
policy apply rate /Outbound/GP4/HTTP/Default 10000 10000 4 automatic
policy admit /Outbound/GP4/HTTP/Default squeeze nontcp
policy admit /Outbound/GP4/HTTP/Default refuse nonweb
policy admit /Outbound/GP4/HTTP/Default refuse web
class set /Outbound/GP4/HTTP/Default inherit
policy flowlimit /Outbound/GP4/HTTP/Default 10000 100000
policy apply priority /Outbound/GP4/PPTP 6
policy admit /Outbound/GP4/PPTP squeeze nontcp
policy admit /Outbound/GP4/PPTP refuse nonweb
policy admit /Outbound/GP4/PPTP refuse web
policy flowlimit /Outbound/GP4/PPTP 10000 100000
policy apply priority /Outbound/OtherGs/MSN-Messenger 3
policy admit /Outbound/OtherGs/MSN-Messenger squeeze nontcp
policy admit /Outbound/OtherGs/MSN-Messenger refuse nonweb
policy admit /Outbound/OtherGs/MSN-Messenger refuse web
policy dscp /Outbound/OtherGs/MSN-Messenger 3
policy flowlimit /Outbound/OtherGs/MSN-Messenger 10000 100000
policy apply priority /Outbound/OtherGs/DNS 5
policy admit /Outbound/OtherGs/DNS squeeze nontcp
policy admit /Outbound/OtherGs/DNS refuse nonweb
policy admit /Outbound/OtherGs/DNS refuse web
policy dscp /Outbound/OtherGs/DNS 5
policy flowlimit /Outbound/OtherGs/DNS 10000 100000
policy apply priority /Outbound/Default 3
policy admit /Outbound/Default squeeze nontcp
policy admit /Outbound/Default refuse nonweb
policy admit /Outbound/Default refuse web
class set /Outbound/Default inherit
policy flowlimit /Outbound/Default 10000 100000
tunnel mode set enhanced
tunnel mtu auto
tunnel diffserv off
tunnel discovery on
tunnel discovery maintenance off
tunnel password default
tunnel firewall off
tunnel packing off
tunnel compression off
tunnel compression dictionary CNA 1M
tunnel acceleration off
tunnel acceleration faststart on
tunnel acceleration prefetch client off
tunnel acceleration prefetch server off
tunnel acceleration scps off
tunnel acceleration congestion-control on
tunnel holdtime glo 10
tunnel holdtime sen 1
tunnel holdtime non 10
wccp service-id 99
wccp off
host side auto
class discover /Inbound off
class discover /Outbound off
setup discover on
class discover /Inbound both
class discover /Inbound/GP4 both
class discover /Outbound both
class discover /Outbound/GP4 both
#set tacacs timeout 10
#set tacacs method ascii
#set tacacs auth off
#set tacacs acct off
#set radius limit 3
#set radius interval 5
#set radius method chap
#set radius auth off
#set radius acct off
set ssh port 22
set https port 443
set syslog state off
set syslog rate 20
#setup snmp syslocation "The physical location of this unit"
#setup snmp syscontact "The contact person for this managed unit"
#setup snmp sysname "10.1.2.40"
setup snmp configmode simple
setup snmp look public
# no SNMP views
# no SNMP access groups
# no SNMP users
# no SNMP remote users
# frame options routing on default
# frame options discovery on default
# set sntp on
# set sntp server 220.130.158.72 time-a.nist.gov
# set sntp poll 300
# setup email none
set adaptiveresponse on
agent new "High Bandwidth New App" "High Bandwidth New App"
agent interval "High Bandwidth New App" 60
agent parm "High Bandwidth New App" "RedThreshold" "10"
agent parm "High Bandwidth New App" "GreenThreshold" "5"
agent new "Inbound Default Traffic" "Default Traffic"
agent interval "Inbound Default Traffic" 1
agent parm "Inbound Default Traffic" "ClassName" "/Inbound/default"
agent parm "Inbound Default Traffic" "RedThreshold" "15"
agent parm "Inbound Default Traffic" "GreenThreshold" "7"
agent new "Inbound Packet Drops" "Link ME Variables"
agent interval "Inbound Packet Drops" 1
agent parm "Inbound Packet Drops" "ClassName" "/Inbound"
agent parm "Inbound Packet Drops" "MeVariableName" "rx-pkts-dropped%"
agent parm "Inbound Packet Drops" "MeDuration" "1"
agent parm "Inbound Packet Drops" "GreenOperator" "LT"
agent parm "Inbound Packet Drops" "RedOperator" "GT"
agent parm "Inbound Packet Drops" "RedThreshold" "3"
agent parm "Inbound Packet Drops" "GreenThreshold" "1"
agent new "Outbound Default Traffic" "Default Traffic"
agent interval "Outbound Default Traffic" 1
agent parm "Outbound Default Traffic" "ClassName" "/Outbound/default"
agent parm "Outbound Default Traffic" "RedThreshold" "15"
agent parm "Outbound Default Traffic" "GreenThreshold" "7"
agent new "Outbound Packet Drops" "Link ME Variables"
agent interval "Outbound Packet Drops" 1
agent parm "Outbound Packet Drops" "ClassName" "/Outbound"
agent parm "Outbound Packet Drops" "MeVariableName" "rx-pkts-dropped%"
agent parm "Outbound Packet Drops" "MeDuration" "1"
agent parm "Outbound Packet Drops" "GreenOperator" "LT"
agent parm "Outbound Packet Drops" "RedOperator" "GT"
agent parm "Outbound Packet Drops" "RedThreshold" "3"
agent parm "Outbound Packet Drops" "GreenThreshold" "1"
agent new "Quota Bandwidth Host agent" "Quota Bandwidth Host"
agent interval "Quota Bandwidth Host agent" 5
agent parm "Quota Bandwidth Host agent" "HostUsageThreshold" "5000000"
agent parm "Quota Bandwidth Host agent" "HostUsageMonitorInterval" "1"
agent parm "Quota Bandwidth Host agent" "Side" "both"
agent parm "Quota Bandwidth Host agent" "ViolatingHosts" "violatingHosts"
agent parm "Quota Bandwidth Host agent" "ExceptionHosts" "exceptionHosts"
agent parm "Quota Bandwidth Host agent" "RedThreshold" "2"
agent parm "Quota Bandwidth Host agent" "GreenThreshold" "1"
agent new "Spoofing - Client" "NFPM Side Unknown"
agent interval "Spoofing - Client" 1
agent parm "Spoofing - Client" "Side" "Client"
agent parm "Spoofing - Client" "SideThreshold" "100000"
agent parm "Spoofing - Client" "ViolatingHosts" "violatingHosts"
agent parm "Spoofing - Client" "ExceptionHosts" "exceptionHosts"
agent parm "Spoofing - Client" "RedThreshold" "1"
agent parm "Spoofing - Client" "GreenThreshold" "0"
agent new "Spoofing - Server" "NFPM Side Unknown"
agent interval "Spoofing - Server" 1
agent parm "Spoofing - Server" "Side" "Server"
agent parm "Spoofing - Server" "SideThreshold" "100000"
agent parm "Spoofing - Server" "ViolatingHosts" "violatingHosts"
agent parm "Spoofing - Server" "ExceptionHosts" "exceptionHosts"
agent parm "Spoofing - Server" "RedThreshold" "1"
agent parm "Spoofing - Server" "GreenThreshold" "0"
agent new "Syn Attack - Failed Flows" "Host Info Variables"
agent interval "Syn Attack - Failed Flows" 1
agent parm "Syn Attack - Failed Flows" "VariableName" "Failed Flows"
agent parm "Syn Attack - Failed Flows" "FlowsThreshold" "100000"
agent parm "Syn Attack - Failed Flows" "Side" "both"
agent parm "Syn Attack - Failed Flows" "ViolatingHosts" "violatingHosts"
agent parm "Syn Attack - Failed Flows" "ExceptionHosts" "exceptionHosts"
agent parm "Syn Attack - Failed Flows" "RedThreshold" "1"
agent parm "Syn Attack - Failed Flows" "GreenThreshold" "0"
agent new "System Load agent" "System Load"
agent interval "System Load agent" 1
agent parm "System Load agent" "RedThreshold" "95"
agent parm "System Load agent" "GreenThreshold" "90"
agent new "Traffic Performance agent" "Traffic Performance"
agent interval "Traffic Performance agent" 5
agent parm "Traffic Performance agent" "ClassName" "*"
agent parm "Traffic Performance agent" "Efficiency" "80"
agent parm "Traffic Performance agent" "RedThreshold" "1"
agent parm "Traffic Performance agent" "GreenThreshold" "0"
setup shaping off


.Execute the backup configuration file
PacketShaper# run 9.256/cmd/config.cmd


.Compression
Only compress outbound traffic

Comments

Post a Comment

Popular posts from this blog

TCP/IP 明確擁塞通知 (ECN)

Image
當路由器擁塞的程度已經達到填滿傳入封包緩衝區而開始捨棄封包時,會影響網路而縮減頻寬,對資料損失敏感或具時效性的傳輸量流動會進而受到衝擊,而且可能在擁塞之後產生連結閒置時間。TCP/IP 明確擁塞通知 (ECN) 讓路由器能夠通知「傳輸控制通訊協定」(TCP) 對等體,由於網路擁塞,緩衝區已滿。TCP 對等體會以減緩資料傳輸來回應,協助防止封包損失。 明確擁塞通知(Explicit Congestion Notification) TCP/IP 的 ECN 支援同時使用 IP 及 TCP 標頭中的未使用位元。 • 在 (IP) 網際網路層上,轉送封包時,傳送主機必須能夠表示有能力執行 ECN,而路由器則必須能夠指出所遇到的擁塞狀況。 • 在 (TCP) 傳輸層,TCP 對等體必須彼此表明有能力執行 ECN。接收端對等體必須能夠通知傳送端對等體,已經從遇到擁塞狀況的路由器接到封包;傳送端對等體必須能夠通知接收端對等體,已經從接收端對等體接到擁塞指標,並且已經降低傳輸速率。 IP 中的 ECN 支援 IP 標頭中的 8 位元 [Type of Service (TOS)] 欄位最先定義於 RFC 791 中,指出封包由路由器進行非預設傳送的傳送優先順序、延遲、輸送量、可靠性,以及成本等特性。TOS 欄位在 RFC 2474 中重新定義,以包含 6 位元區別服務代碼點 (Differentiated Services Code Point, DSCP) 及兩個未使用的位元。DSCP 值表示的傳送優先順序會對應於先前在內部網路的路由器中設定的佇列。IP 中的 ECN 支援使用 RFC 2474 所定義 TOS 欄位的兩個未使用位元。[圖 1] 顯示 ECN 中 TOS 欄位的新定義。 圖 1:ECN 中 TOS 欄位的新定義 RFC 2474 所定義 TOS 欄位中的兩個未使用位元在 RFC 3168 中定義為 ECN 欄位,欄位的值如下: • 00 傳送主機不支援 ECN。 • 01 或 10 傳送主機支援 ECN。 • 11 路由器已遇到擁塞狀況。 具備 ECN 功能的主機傳送其封包時,會將 ECN 欄位設定為 01 或 10。對於具備 ECN 功能的主機所傳送的封包,如果路徑中的路由器具備 ECN 功能,但是正遇到擁塞狀況,則 ECN 欄位會設定為 11。一旦 ECN
Read More »

L2TPv3 Enables Layer 2 Services for IP Networks

Image
White Paper -------------------------------------------------------------------------------- Layer 2 Tunneling Protocol Version 3 Enables Layer 2 Services for IP Networks The competitive environment for service providers has changed considerably since the Internet became a global force in the 1990s. Enterprises are no longer signing up for new IP-based services for the novelty or out of fear of being left behind by the competition. The challenge for service providers today is to grow their businesses by expanding their customer base and service revenue in a more cautious spending environment. Most enterprises are taking a more conservative approach to network investments. New IP-based services give enterprises an opportunity to improve their productivity and competitiveness while lowering their existing network expenses. Service providers that offer these services and savings can grow their customer base and service revenue. This white paper focuses on one such opportunity—offering tra
Read More »

Q-in-Q(Dot1Q Tunnel) Sample Configuration

透過IEEE 802.1q in IEEE 802.1q(Q-in-Q)的方式,我們可以讓VLAN的數量增加超過4096(4096*4096),也可以讓客戶自行設定Trunk穿過Service Provider所提供的Ethernet Solution(如:FTTx)。 假設現在的網路架構為: SW1 F0/1 <- SP VLAN 10 -> SW2 F0/1 兩端的設備都是連接到VLAN 10,因此在兩端的Switch啟用Dot1q Tunnel建立Trunk SW1(config)#vlan dot1q tag native !預設,Native VLAN不會加上tag,如果在Q-in-Q中要針對native vlan加tag,必須使用上述指令 SW1(config)#int f0/1 SW1(config-if)#switchport mode dot1q-tunnel SW1(config-if)#switchport access vlan 10 SW1(config)#system mtu 1508 !一般Switch預設system mtu 1500,為了支援多層tag,必須加大MTU,設定完成必須reload switch SW2(config)#vlan dot1q tag native !預設,Native VLAN不會加上tag,如果在Q-in-Q中要針對native vlan加tag,必須使用上述指令 SW2(config)#int f0/1 SW2(config-if)#switchport mode dot1q-tunnel SW2(config-if)#switchport access vlan 10 SW2(config)#system mtu 1508 !一般Switch預設system mtu 1500,為了支援多層tag,必須加大MTU,設定完成必須reload switch
Read More »