機能追加 #1883

【i-generation移管作業】FW設定

矢野 宗一郎3年以上前に追加. 3年以上前に更新.

ステータス:新規開始日:2020/09/30
優先度:通常期日:
担当者:-進捗 %:

0%

カテゴリ:-作業時間の記録:-
対象バージョン:-

説明

EC2のアドレス追加

set address V1-Untrust "ec2" "18.181.49.206" "255.255.255.255" 
set address V1-Untrust "rds" "i-generation-db.choe04nut0yo.ap-northeast-1.rds.amazonaws.com" "255.255.255.255" 


ssg5-serial-> get address

addr zone name V1-Untrust
V1-Untrust Addresses:
Name                 Address/Mask                    Flag  Comments
Any                  0.0.0.0/0.0.0.0                 0202  All Addr
client1              112.78.112.75/255.255.255.255   0200
client2              220.97.54.22/255.255.255.255    0200  アイハーツ事務所
client3              153.156.40.213/255.255.255.255  0200  アイハーツ事務所(新)
Dial-Up VPN          255.255.255.255/255.255.255.255 0202  Dial-Up VPN Addr
ec2                  18.181.49.206/255.255.255.255   0200
rds                  i-generation-db.choe04nut0yo.ap-northeast-1.rds.amazonaws.com 0200    255.255.255.255
Sakura VPS2G         219.94.235.108/255.255.255.255  0200  さくらVPS2G
sakurasrc            210.188.224.64/255.255.255.224  0200
sakurasrc1           210.188.224.128/255.255.255.240 0200
sakurasrc2           210.224.179.160/255.255.255.240 0200
sakurasrc3           61.211.224.8/255.255.255.248    0200
sakurasrc4           210.224.172.150/255.255.255.255 0200
監視用VPS            49.212.24.211/255.255.255.255   0200

ポリシー追加

ssg5-serial-> set policy id 1027 from V1-Untrust to V1-Trust "ec2" "web1" "ssh" permit
policy id = 1027
ssg5-serial-> set policy id 1028 from V1-Untrust to V1-Trust "ec2" "web2" "ssh" permit
policy id = 1028
ssg5-serial-> set policy id 1029 from V1-Untrust to V1-Trust "ec2" "db1" "ssh" permit
policy id = 1029
ssg5-serial-> set policy id 1030 from V1-Untrust to V1-Trust "ec2" "db2" "ssh" permit
policy id = 1030
ssg5-serial-> set policy id 1031 from V1-Untrust to V1-Trust "rds" "db1" "ssh" permit
policy id = 1031
ssg5-serial-> set policy id 1032 from V1-Untrust to V1-Trust "rds" "db2" "ssh" permit
policy id = 1032


ssg5-serial-> get policy
Total regular policies 36, Default deny, Software based policy search, new policy enabled.
    ID From     To       Src-address  Dst-address  Service              Action State   ASTLCB
     1 V1-Trust V1-Untr~ Any          Any          ANY                  Permit enabled -----X
   130 V1-Untr~ V1-Trust client1      web1         SSH                  Permit enabled -----X
   160 V1-Untr~ V1-Trust client1      manage_serv~ ANY                  Permit enabled -----X
   999 V1-Untr~ V1-Trust sakurasrc-g~ Any          ANY                  Permit enabled -----X
  1000 V1-Untr~ V1-Trust Any          web1         HTTP                 Permit enabled -----X
  1002 V1-Untr~ V1-Trust Any          web1         HTTP-EXT             Permit enabled -----X
  1001 V1-Untr~ V1-Trust client2      web1         SSH                  Permit enabled -----X
  1003 V1-Untr~ V1-Trust client2      manage_serv~ ANY                  Permit enabled -----X
  1004 V1-Untr~ V1-Trust client2      web2         SSH                  Permit enabled -----X
  1005 V1-Untr~ V1-Trust client2      db2          SSH                  Permit enabled -----X
  1006 V1-Untr~ V1-Trust 監視用VPS    web1         SSH                  Permit enabled -----X
  1007 V1-Untr~ V1-Trust Any          web2         HTTP                 Permit enabled -----X
  1008 V1-Untr~ V1-Trust Any          db2          HTTP                 Permit enabled -----X
  1009 V1-Untr~ V1-Trust Any          web2         HTTP-EXT             Permit enabled -----X
  1010 V1-Untr~ V1-Trust Any          web2         PING                 Permit enabled -----X
  1011 V1-Untr~ V1-Trust Any          db2          PING                 Permit enabled -----X
  1012 V1-Untr~ V1-Trust client2      db1          SSH                  Permit enabled -----X
  1013 V1-Untr~ V1-Trust Any          db1          HTTP                 Permit enabled -----X
  1014 V1-Untr~ V1-Trust Any          db1          PING                 Permit enabled -----X
  1015 V1-Untr~ V1-Trust Any          web1         PING                 Permit enabled -----X
  1016 V1-Untr~ V1-Trust client1      web2         SSH                  Permit enabled -----X
  1017 V1-Untr~ V1-Trust Any          web1         SMTP                 Permit enabled -----X
                                      web2
  1019 V1-Untr~ V1-Trust Any          web1         HTTPS                Permit enabled -----X
                                      web2
  1020 V1-Untr~ V1-Trust Sakura VPS2G web1         SSH                  Permit enabled -----X
  1021 V1-Untr~ V1-Trust 監視用VPS    web1         UDP-ANY              Permit enabled -----X
  1022 V1-Untr~ V1-Trust client3      web1         SSH                  Permit enabled -----X
  1023 V1-Untr~ V1-Trust client3      web2         SSH                  Permit enabled -----X
  1024 V1-Untr~ V1-Trust client3      manage_serv~ ANY                  Permit enabled -----X
  1025 V1-Untr~ V1-Trust client3      db1          SSH                  Permit enabled -----X
  1026 V1-Untr~ V1-Trust client3      db2          SSH                  Permit enabled -----X
  1027 V1-Untr~ V1-Trust ec2          web1         SSH                  Permit enabled -----X
  1028 V1-Untr~ V1-Trust ec2          web2         SSH                  Permit enabled -----X
  1029 V1-Untr~ V1-Trust ec2          db1          SSH                  Permit enabled -----X
  1030 V1-Untr~ V1-Trust ec2          db2          SSH                  Permit enabled -----X
  1031 V1-Untr~ V1-Trust rds          db1          SSH                  Permit enabled -----X
  1032 V1-Untr~ V1-Trust rds          db2          SSH                  Permit enabled -----X

履歴

#1 矢野 宗一郎3年以上前に更新

  • 説明 を更新 (diff)

#2 矢野 宗一郎3年以上前に更新

  • 説明 を更新 (diff)

他の形式にエクスポート: Atom PDF