技術情報 #1880: 【i-generation移管作業】FW設定値確認 - i-generation - Redmine

技術情報 #1880

【i-generation移管作業】FW設定値確認

矢野宗一郎が約5年前に追加. 約5年前に更新.

ステータス:

新規

開始日:

2020/09/14

優先度:

通常

期日:

担当者:

矢野宗一郎

進捗 %:

カテゴリ:

サーバー環境構築

作業時間の記録:

対象バージョン:

説明

ssg5-serial-> get policy
Total regular policies 30, Default deny, Software based policy search, new policy enabled.
    ID From     To       Src-address  Dst-address  Service              Action State   ASTLCB
     1 V1-Trust V1-Untr~ Any          Any          ANY                  Permit enabled -----X
   130 V1-Untr~ V1-Trust client1      web1         SSH                  Permit enabled -----X
   160 V1-Untr~ V1-Trust client1      manage_serv~ ANY                  Permit enabled -----X
   999 V1-Untr~ V1-Trust sakurasrc-g~ Any          ANY                  Permit enabled -----X
  1000 V1-Untr~ V1-Trust Any          web1         HTTP                 Permit enabled -----X
  1002 V1-Untr~ V1-Trust Any          web1         HTTP-EXT             Permit enabled -----X
  1001 V1-Untr~ V1-Trust client2      web1         SSH                  Permit enabled -----X
  1003 V1-Untr~ V1-Trust client2      manage_serv~ ANY                  Permit enabled -----X
  1004 V1-Untr~ V1-Trust client2      web2         SSH                  Permit enabled -----X
  1005 V1-Untr~ V1-Trust client2      db2          SSH                  Permit enabled -----X
  1006 V1-Untr~ V1-Trust ?ﾰVPS    web1         SSH                  Permit enabled -----X
  1007 V1-Untr~ V1-Trust Any          web2         HTTP                 Permit enabled -----X
  1008 V1-Untr~ V1-Trust Any          db2          HTTP                 Permit enabled -----X
  1009 V1-Untr~ V1-Trust Any          web2         HTTP-EXT             Permit enabled -----X
  1010 V1-Untr~ V1-Trust Any          web2         PING                 Permit enabled -----X
  1011 V1-Untr~ V1-Trust Any          db2          PING                 Permit enabled -----X
  1012 V1-Untr~ V1-Trust client2      db1          SSH                  Permit enabled -----X
  1013 V1-Untr~ V1-Trust Any          db1          HTTP                 Permit enabled -----X
  1014 V1-Untr~ V1-Trust Any          db1          PING                 Permit enabled -----X
  1015 V1-Untr~ V1-Trust Any          web1         PING                 Permit enabled -----X
  1016 V1-Untr~ V1-Trust client1      web2         SSH                  Permit enabled -----X
  1017 V1-Untr~ V1-Trust Any          web1         SMTP                 Permit enabled -----X
                                      web2
  1019 V1-Untr~ V1-Trust Any          web1         HTTPS                Permit enabled -----X
                                      web2
  1020 V1-Untr~ V1-Trust Sakura VPS2G web1         SSH                  Permit enabled -----X
  1021 V1-Untr~ V1-Trust ?ﾰVPS    web1         UDP-ANY              Permit enabled -----X
  1022 V1-Untr~ V1-Trust client3      web1         SSH                  Permit enabled -----X
  1023 V1-Untr~ V1-Trust client3      web2         SSH                  Permit enabled -----X
  1024 V1-Untr~ V1-Trust client3      manage_serv~ ANY                  Permit enabled -----X
  1025 V1-Untr~ V1-Trust client3      db1          SSH                  Permit enabled -----X
  1026 V1-Untr~ V1-Trust client3      db2          SSH                  Permit enabled -----X

ssg5-serial-> get address
Total 30 addresses and 1 user groups in security zone address books of vsys "Root".

addr zone name Trust
Trust Addresses:
Name                 Address/Mask                    Flag  Comments
Any                  0.0.0.0/0.0.0.0                 0202  All Addr
Dial-Up VPN          255.255.255.255/255.255.255.255 0202  Dial-Up VPN Addr

addr zone name Untrust
Untrust Addresses:
Name                 Address/Mask                    Flag  Comments
Any                  0.0.0.0/0.0.0.0                 0202  All Addr
Dial-Up VPN          255.255.255.255/255.255.255.255 0202  Dial-Up VPN Addr

addr zone name Global
Global Addresses:
Name                 Address/Mask                    Flag  Comments
Any                  0.0.0.0/0.0.0.0                 0202  All Addr

addr zone name V1-Null
V1-Null Addresses:
Name                 Address/Mask                    Flag  Comments
Any                  0.0.0.0/0.0.0.0                 0202  All Addr
Dial-Up VPN          255.255.255.255/255.255.255.255 0202  Dial-Up VPN Addr

addr zone name V1-Trust
V1-Trust Addresses:
Name                 Address/Mask                    Flag  Comments
Any                  0.0.0.0/0.0.0.0                 0202  All Addr
db1                  182.48.31.135/255.255.255.255   0200  db1
db2                  182.48.31.137/255.255.255.255   0200  db2
Dial-Up VPN          255.255.255.255/255.255.255.255 0202  Dial-Up VPN Addr
manage_server        182.48.31.141/255.255.255.255   0200
web1                 182.48.31.134/255.255.255.255   0200  web1
web2                 182.48.31.136/255.255.255.255   0200  web2

V1-Trust Group Addresses:
No groups have been defined

addr zone name V1-Untrust
V1-Untrust Addresses:
Name                 Address/Mask                    Flag  Comments
Any                  0.0.0.0/0.0.0.0                 0202  All Addr
client1              112.78.112.75/255.255.255.255   0200
client2              220.97.54.22/255.255.255.255    0200  ACn[cｱ
client3              153.156.40.213/255.255.255.255  0200  ACn[cｱ?脋
Dial-Up VPN          255.255.255.255/255.255.255.255 0202  Dial-Up VPN Addr
Sakura VPS2G         219.94.235.108/255.255.255.255  0200  ??舫PS2G
sakurasrc            210.188.224.64/255.255.255.224  0200
sakurasrc1           210.188.224.128/255.255.255.240 0200
sakurasrc2           210.224.179.160/255.255.255.240 0200
sakurasrc3           61.211.224.8/255.255.255.248    0200
sakurasrc4           210.224.172.150/255.255.255.255 0200
監視用VPS            49.212.24.211/255.255.255.255   0200

V1-Untrust Group Addresses:
Group Name                    Count IP Comment                         Type
sakurasrc-grp                     5 v4                                 User-defined

addr zone name DMZ
DMZ Addresses:
Name                 Address/Mask                    Flag  Comments
Any                  0.0.0.0/0.0.0.0                 0202  All Addr
Dial-Up VPN          255.255.255.255/255.255.255.255 0202  Dial-Up VPN Addr
ssg5-serial-> get address
Total 30 addresses and 1 user groups in security zone address books of vsys "Root".

addr zone name Trust
Trust Addresses:
Name                 Address/Mask                    Flag  Comments
Any                  0.0.0.0/0.0.0.0                 0202  All Addr
Dial-Up VPN          255.255.255.255/255.255.255.255 0202  Dial-Up VPN Addr

addr zone name Untrust
Untrust Addresses:
Name                 Address/Mask                    Flag  Comments
Any                  0.0.0.0/0.0.0.0                 0202  All Addr
Dial-Up VPN          255.255.255.255/255.255.255.255 0202  Dial-Up VPN Addr

addr zone name Global
Global Addresses:
Name                 Address/Mask                    Flag  Comments
Any                  0.0.0.0/0.0.0.0                 0202  All Addr

addr zone name V1-Null
V1-Null Addresses:
Name                 Address/Mask                    Flag  Comments
Any                  0.0.0.0/0.0.0.0                 0202  All Addr
Dial-Up VPN          255.255.255.255/255.255.255.255 0202  Dial-Up VPN Addr

addr zone name V1-Trust
V1-Trust Addresses:
Name                 Address/Mask                    Flag  Comments
Any                  0.0.0.0/0.0.0.0                 0202  All Addr
db1                  182.48.31.135/255.255.255.255   0200  db1
db2                  182.48.31.137/255.255.255.255   0200  db2
Dial-Up VPN          255.255.255.255/255.255.255.255 0202  Dial-Up VPN Addr
manage_server        182.48.31.141/255.255.255.255   0200
web1                 182.48.31.134/255.255.255.255   0200  web1
web2                 182.48.31.136/255.255.255.255   0200  web2

V1-Trust Group Addresses:
No groups have been defined

addr zone name V1-Untrust
V1-Untrust Addresses:
Name                 Address/Mask                    Flag  Comments
Any                  0.0.0.0/0.0.0.0                 0202  All Addr
client1              112.78.112.75/255.255.255.255   0200
client2              220.97.54.22/255.255.255.255    0200  アイハーツ事務所
client3              153.156.40.213/255.255.255.255  0200  アイハーツ事務所(新)
Dial-Up VPN          255.255.255.255/255.255.255.255 0202  Dial-Up VPN Addr
Sakura VPS2G         219.94.235.108/255.255.255.255  0200  さくらVPS2G
sakurasrc            210.188.224.64/255.255.255.224  0200
sakurasrc1           210.188.224.128/255.255.255.240 0200
sakurasrc2           210.224.179.160/255.255.255.240 0200
sakurasrc3           61.211.224.8/255.255.255.248    0200
sakurasrc4           210.224.172.150/255.255.255.255 0200
監視用VPS            49.212.24.211/255.255.255.255   0200

V1-Untrust Group Addresses:
Group Name                    Count IP Comment                         Type
sakurasrc-grp                     5 v4                                 User-defined

addr zone name DMZ
DMZ Addresses:
Name                 Address/Mask                    Flag  Comments
Any                  0.0.0.0/0.0.0.0                 0202  All Addr
Dial-Up VPN          255.255.255.255/255.255.255.255 0202  Dial-Up VPN Addr

addr zone name V1-DMZ
V1-DMZ Addresses:
Name                 Address/Mask                    Flag  Comments
Any                  0.0.0.0/0.0.0.0                 0202  All Addr
Dial-Up VPN          255.255.255.255/255.255.255.255 0202  Dial-Up VPN Addr

履歴

#1 矢野宗一郎が約5年前に更新

説明を更新 (diff)

他の形式にエクスポート: Atom PDF

i-generation

チケット

カスタムクエリ

技術情報 #1880

【i-generation移管作業】FW設定値確認

履歴

#1 矢野宗一郎が約5年前に更新

i-generation

チケット

カスタムクエリ

技術情報 #1880

【i-generation移管作業】FW設定値確認

履歴

#1 矢野 宗一郎 が約5年前に更新

#1 矢野宗一郎が約5年前に更新