機能追加 #1883
【i-generation移管作業】FW設定
ステータス: | 新規 | 開始日: | 2020/09/30 | |
---|---|---|---|---|
優先度: | 通常 | 期日: | ||
担当者: | - | 進捗 %: | 0% | |
カテゴリ: | - | 作業時間の記録: | - | |
対象バージョン: | - |
説明
EC2のアドレス追加
set address V1-Untrust "ec2" "18.181.49.206" "255.255.255.255" set address V1-Untrust "rds" "i-generation-db.choe04nut0yo.ap-northeast-1.rds.amazonaws.com" "255.255.255.255"
ssg5-serial-> get address addr zone name V1-Untrust V1-Untrust Addresses: Name Address/Mask Flag Comments Any 0.0.0.0/0.0.0.0 0202 All Addr client1 112.78.112.75/255.255.255.255 0200 client2 220.97.54.22/255.255.255.255 0200 アイハーツ事務所 client3 153.156.40.213/255.255.255.255 0200 アイハーツ事務所(新) Dial-Up VPN 255.255.255.255/255.255.255.255 0202 Dial-Up VPN Addr ec2 18.181.49.206/255.255.255.255 0200 rds i-generation-db.choe04nut0yo.ap-northeast-1.rds.amazonaws.com 0200 255.255.255.255 Sakura VPS2G 219.94.235.108/255.255.255.255 0200 さくらVPS2G sakurasrc 210.188.224.64/255.255.255.224 0200 sakurasrc1 210.188.224.128/255.255.255.240 0200 sakurasrc2 210.224.179.160/255.255.255.240 0200 sakurasrc3 61.211.224.8/255.255.255.248 0200 sakurasrc4 210.224.172.150/255.255.255.255 0200 監視用VPS 49.212.24.211/255.255.255.255 0200
ポリシー追加
ssg5-serial-> set policy id 1027 from V1-Untrust to V1-Trust "ec2" "web1" "ssh" permit policy id = 1027 ssg5-serial-> set policy id 1028 from V1-Untrust to V1-Trust "ec2" "web2" "ssh" permit policy id = 1028 ssg5-serial-> set policy id 1029 from V1-Untrust to V1-Trust "ec2" "db1" "ssh" permit policy id = 1029 ssg5-serial-> set policy id 1030 from V1-Untrust to V1-Trust "ec2" "db2" "ssh" permit policy id = 1030 ssg5-serial-> set policy id 1031 from V1-Untrust to V1-Trust "rds" "db1" "ssh" permit policy id = 1031 ssg5-serial-> set policy id 1032 from V1-Untrust to V1-Trust "rds" "db2" "ssh" permit policy id = 1032
ssg5-serial-> get policy Total regular policies 36, Default deny, Software based policy search, new policy enabled. ID From To Src-address Dst-address Service Action State ASTLCB 1 V1-Trust V1-Untr~ Any Any ANY Permit enabled -----X 130 V1-Untr~ V1-Trust client1 web1 SSH Permit enabled -----X 160 V1-Untr~ V1-Trust client1 manage_serv~ ANY Permit enabled -----X 999 V1-Untr~ V1-Trust sakurasrc-g~ Any ANY Permit enabled -----X 1000 V1-Untr~ V1-Trust Any web1 HTTP Permit enabled -----X 1002 V1-Untr~ V1-Trust Any web1 HTTP-EXT Permit enabled -----X 1001 V1-Untr~ V1-Trust client2 web1 SSH Permit enabled -----X 1003 V1-Untr~ V1-Trust client2 manage_serv~ ANY Permit enabled -----X 1004 V1-Untr~ V1-Trust client2 web2 SSH Permit enabled -----X 1005 V1-Untr~ V1-Trust client2 db2 SSH Permit enabled -----X 1006 V1-Untr~ V1-Trust 監視用VPS web1 SSH Permit enabled -----X 1007 V1-Untr~ V1-Trust Any web2 HTTP Permit enabled -----X 1008 V1-Untr~ V1-Trust Any db2 HTTP Permit enabled -----X 1009 V1-Untr~ V1-Trust Any web2 HTTP-EXT Permit enabled -----X 1010 V1-Untr~ V1-Trust Any web2 PING Permit enabled -----X 1011 V1-Untr~ V1-Trust Any db2 PING Permit enabled -----X 1012 V1-Untr~ V1-Trust client2 db1 SSH Permit enabled -----X 1013 V1-Untr~ V1-Trust Any db1 HTTP Permit enabled -----X 1014 V1-Untr~ V1-Trust Any db1 PING Permit enabled -----X 1015 V1-Untr~ V1-Trust Any web1 PING Permit enabled -----X 1016 V1-Untr~ V1-Trust client1 web2 SSH Permit enabled -----X 1017 V1-Untr~ V1-Trust Any web1 SMTP Permit enabled -----X web2 1019 V1-Untr~ V1-Trust Any web1 HTTPS Permit enabled -----X web2 1020 V1-Untr~ V1-Trust Sakura VPS2G web1 SSH Permit enabled -----X 1021 V1-Untr~ V1-Trust 監視用VPS web1 UDP-ANY Permit enabled -----X 1022 V1-Untr~ V1-Trust client3 web1 SSH Permit enabled -----X 1023 V1-Untr~ V1-Trust client3 web2 SSH Permit enabled -----X 1024 V1-Untr~ V1-Trust client3 manage_serv~ ANY Permit enabled -----X 1025 V1-Untr~ V1-Trust client3 db1 SSH Permit enabled -----X 1026 V1-Untr~ V1-Trust client3 db2 SSH Permit enabled -----X 1027 V1-Untr~ V1-Trust ec2 web1 SSH Permit enabled -----X 1028 V1-Untr~ V1-Trust ec2 web2 SSH Permit enabled -----X 1029 V1-Untr~ V1-Trust ec2 db1 SSH Permit enabled -----X 1030 V1-Untr~ V1-Trust ec2 db2 SSH Permit enabled -----X 1031 V1-Untr~ V1-Trust rds db1 SSH Permit enabled -----X 1032 V1-Untr~ V1-Trust rds db2 SSH Permit enabled -----X