機能追加 #1883
EC2のアドレス追加
<pre>
set address V1-Untrust "ec2" "18.181.49.206" "255.255.255.255"
set address V1-Untrust "rds" "i-generation-db.choe04nut0yo.ap-northeast-1.rds.amazonaws.com" "255.255.255.255"
</pre>
<pre>
ssg5-serial-> get address
addr zone name V1-Untrust
V1-Untrust Addresses:
Name Address/Mask Flag Comments
Any 0.0.0.0/0.0.0.0 0202 All Addr
client1 112.78.112.75/255.255.255.255 0200
client2 220.97.54.22/255.255.255.255 0200 アイハーツ事務所
client3 153.156.40.213/255.255.255.255 0200 アイハーツ事務所(新)
Dial-Up VPN 255.255.255.255/255.255.255.255 0202 Dial-Up VPN Addr
ec2 18.181.49.206/255.255.255.255 0200
rds i-generation-db.choe04nut0yo.ap-northeast-1.rds.amazonaws.com 0200 255.255.255.255
Sakura VPS2G 219.94.235.108/255.255.255.255 0200 さくらVPS2G
sakurasrc 210.188.224.64/255.255.255.224 0200
sakurasrc1 210.188.224.128/255.255.255.240 0200
sakurasrc2 210.224.179.160/255.255.255.240 0200
sakurasrc3 61.211.224.8/255.255.255.248 0200
sakurasrc4 210.224.172.150/255.255.255.255 0200
監視用VPS 49.212.24.211/255.255.255.255 0200
</pre>
ポリシー追加
<pre>
ssg5-serial-> set policy id 1027 from V1-Untrust to V1-Trust "ec2" "web1" "ssh" permit
policy id = 1027
ssg5-serial-> set policy id 1028 from V1-Untrust to V1-Trust "ec2" "web2" "ssh" permit
policy id = 1028
ssg5-serial-> set policy id 1029 from V1-Untrust to V1-Trust "ec2" "db1" "ssh" permit
policy id = 1029
ssg5-serial-> set policy id 1030 from V1-Untrust to V1-Trust "ec2" "db2" "ssh" permit
policy id = 1030
ssg5-serial-> set policy id 1031 from V1-Untrust to V1-Trust "rds" "db1" "ssh" permit
policy id = 1031
ssg5-serial-> set policy id 1032 from V1-Untrust to V1-Trust "rds" "db2" "ssh" permit
policy id = 1032
</pre>
<pre>
ssg5-serial-> get policy
Total regular policies 36, 34, Default deny, Software based policy search, new policy enabled.
ID From To Src-address Dst-address Service Action State ASTLCB
1 V1-Trust V1-Untr~ Any Any ANY Permit enabled -----X
130 V1-Untr~ V1-Trust client1 web1 SSH Permit enabled -----X
160 V1-Untr~ V1-Trust client1 manage_serv~ ANY Permit enabled -----X
999 V1-Untr~ V1-Trust sakurasrc-g~ Any ANY Permit enabled -----X
1000 V1-Untr~ V1-Trust Any web1 HTTP Permit enabled -----X
1002 V1-Untr~ V1-Trust Any web1 HTTP-EXT Permit enabled -----X
1001 V1-Untr~ V1-Trust client2 web1 SSH Permit enabled -----X
1003 V1-Untr~ V1-Trust client2 manage_serv~ ANY Permit enabled -----X
1004 V1-Untr~ V1-Trust client2 web2 SSH Permit enabled -----X
1005 V1-Untr~ V1-Trust client2 db2 SSH Permit enabled -----X
1006 V1-Untr~ V1-Trust 監視用VPS web1 SSH Permit enabled -----X
1007 V1-Untr~ V1-Trust Any web2 HTTP Permit enabled -----X
1008 V1-Untr~ V1-Trust Any db2 HTTP Permit enabled -----X
1009 V1-Untr~ V1-Trust Any web2 HTTP-EXT Permit enabled -----X
1010 V1-Untr~ V1-Trust Any web2 PING Permit enabled -----X
1011 V1-Untr~ V1-Trust Any db2 PING Permit enabled -----X
1012 V1-Untr~ V1-Trust client2 db1 SSH Permit enabled -----X
1013 V1-Untr~ V1-Trust Any db1 HTTP Permit enabled -----X
1014 V1-Untr~ V1-Trust Any db1 PING Permit enabled -----X
1015 V1-Untr~ V1-Trust Any web1 PING Permit enabled -----X
1016 V1-Untr~ V1-Trust client1 web2 SSH Permit enabled -----X
1017 V1-Untr~ V1-Trust Any web1 SMTP Permit enabled -----X
web2
1019 V1-Untr~ V1-Trust Any web1 HTTPS Permit enabled -----X
web2
1020 V1-Untr~ V1-Trust Sakura VPS2G web1 SSH Permit enabled -----X
1021 V1-Untr~ V1-Trust 監視用VPS web1 UDP-ANY Permit enabled -----X
1022 V1-Untr~ V1-Trust client3 web1 SSH Permit enabled -----X
1023 V1-Untr~ V1-Trust client3 web2 SSH Permit enabled -----X
1024 V1-Untr~ V1-Trust client3 manage_serv~ ANY Permit enabled -----X
1025 V1-Untr~ V1-Trust client3 db1 SSH Permit enabled -----X
1026 V1-Untr~ V1-Trust client3 db2 SSH Permit enabled -----X
1027 V1-Untr~ V1-Trust ec2 web1 SSH Permit enabled -----X
1028 V1-Untr~ V1-Trust ec2 web2 SSH Permit enabled -----X
1029 V1-Untr~ V1-Trust ec2 db1 SSH Permit enabled -----X
1030 V1-Untr~ V1-Trust ec2 db2 SSH Permit enabled -----X
1031 V1-Untr~ V1-Trust rds db1 SSH Permit enabled -----X
1032 V1-Untr~ V1-Trust rds db2 SSH Permit enabled -----X
</pre>
<pre>
set address V1-Untrust "ec2" "18.181.49.206" "255.255.255.255"
set address V1-Untrust "rds" "i-generation-db.choe04nut0yo.ap-northeast-1.rds.amazonaws.com" "255.255.255.255"
</pre>
<pre>
ssg5-serial-> get address
addr zone name V1-Untrust
V1-Untrust Addresses:
Name Address/Mask Flag Comments
Any 0.0.0.0/0.0.0.0 0202 All Addr
client1 112.78.112.75/255.255.255.255 0200
client2 220.97.54.22/255.255.255.255 0200 アイハーツ事務所
client3 153.156.40.213/255.255.255.255 0200 アイハーツ事務所(新)
Dial-Up VPN 255.255.255.255/255.255.255.255 0202 Dial-Up VPN Addr
ec2 18.181.49.206/255.255.255.255 0200
rds i-generation-db.choe04nut0yo.ap-northeast-1.rds.amazonaws.com 0200 255.255.255.255
Sakura VPS2G 219.94.235.108/255.255.255.255 0200 さくらVPS2G
sakurasrc 210.188.224.64/255.255.255.224 0200
sakurasrc1 210.188.224.128/255.255.255.240 0200
sakurasrc2 210.224.179.160/255.255.255.240 0200
sakurasrc3 61.211.224.8/255.255.255.248 0200
sakurasrc4 210.224.172.150/255.255.255.255 0200
監視用VPS 49.212.24.211/255.255.255.255 0200
</pre>
ポリシー追加
<pre>
ssg5-serial-> set policy id 1027 from V1-Untrust to V1-Trust "ec2" "web1" "ssh" permit
policy id = 1027
ssg5-serial-> set policy id 1028 from V1-Untrust to V1-Trust "ec2" "web2" "ssh" permit
policy id = 1028
ssg5-serial-> set policy id 1029 from V1-Untrust to V1-Trust "ec2" "db1" "ssh" permit
policy id = 1029
ssg5-serial-> set policy id 1030 from V1-Untrust to V1-Trust "ec2" "db2" "ssh" permit
policy id = 1030
ssg5-serial-> set policy id 1031 from V1-Untrust to V1-Trust "rds" "db1" "ssh" permit
policy id = 1031
ssg5-serial-> set policy id 1032 from V1-Untrust to V1-Trust "rds" "db2" "ssh" permit
policy id = 1032
</pre>
<pre>
ssg5-serial-> get policy
Total regular policies 36, 34, Default deny, Software based policy search, new policy enabled.
ID From To Src-address Dst-address Service Action State ASTLCB
1 V1-Trust V1-Untr~ Any Any ANY Permit enabled -----X
130 V1-Untr~ V1-Trust client1 web1 SSH Permit enabled -----X
160 V1-Untr~ V1-Trust client1 manage_serv~ ANY Permit enabled -----X
999 V1-Untr~ V1-Trust sakurasrc-g~ Any ANY Permit enabled -----X
1000 V1-Untr~ V1-Trust Any web1 HTTP Permit enabled -----X
1002 V1-Untr~ V1-Trust Any web1 HTTP-EXT Permit enabled -----X
1001 V1-Untr~ V1-Trust client2 web1 SSH Permit enabled -----X
1003 V1-Untr~ V1-Trust client2 manage_serv~ ANY Permit enabled -----X
1004 V1-Untr~ V1-Trust client2 web2 SSH Permit enabled -----X
1005 V1-Untr~ V1-Trust client2 db2 SSH Permit enabled -----X
1006 V1-Untr~ V1-Trust 監視用VPS web1 SSH Permit enabled -----X
1007 V1-Untr~ V1-Trust Any web2 HTTP Permit enabled -----X
1008 V1-Untr~ V1-Trust Any db2 HTTP Permit enabled -----X
1009 V1-Untr~ V1-Trust Any web2 HTTP-EXT Permit enabled -----X
1010 V1-Untr~ V1-Trust Any web2 PING Permit enabled -----X
1011 V1-Untr~ V1-Trust Any db2 PING Permit enabled -----X
1012 V1-Untr~ V1-Trust client2 db1 SSH Permit enabled -----X
1013 V1-Untr~ V1-Trust Any db1 HTTP Permit enabled -----X
1014 V1-Untr~ V1-Trust Any db1 PING Permit enabled -----X
1015 V1-Untr~ V1-Trust Any web1 PING Permit enabled -----X
1016 V1-Untr~ V1-Trust client1 web2 SSH Permit enabled -----X
1017 V1-Untr~ V1-Trust Any web1 SMTP Permit enabled -----X
web2
1019 V1-Untr~ V1-Trust Any web1 HTTPS Permit enabled -----X
web2
1020 V1-Untr~ V1-Trust Sakura VPS2G web1 SSH Permit enabled -----X
1021 V1-Untr~ V1-Trust 監視用VPS web1 UDP-ANY Permit enabled -----X
1022 V1-Untr~ V1-Trust client3 web1 SSH Permit enabled -----X
1023 V1-Untr~ V1-Trust client3 web2 SSH Permit enabled -----X
1024 V1-Untr~ V1-Trust client3 manage_serv~ ANY Permit enabled -----X
1025 V1-Untr~ V1-Trust client3 db1 SSH Permit enabled -----X
1026 V1-Untr~ V1-Trust client3 db2 SSH Permit enabled -----X
1027 V1-Untr~ V1-Trust ec2 web1 SSH Permit enabled -----X
1028 V1-Untr~ V1-Trust ec2 web2 SSH Permit enabled -----X
1029 V1-Untr~ V1-Trust ec2 db1 SSH Permit enabled -----X
1030 V1-Untr~ V1-Trust ec2 db2 SSH Permit enabled -----X
1031 V1-Untr~ V1-Trust rds db1 SSH Permit enabled -----X
1032 V1-Untr~ V1-Trust rds db2 SSH Permit enabled -----X
</pre>