网神安全网关配置方法

1.将计算机IP地址设置为10.50.10.44，掩码255.255.255.0，网关10.50.10.45，连接在VPN网关的FE1口。2.打开VPN网关配套光盘中的AdminCert目录，双击证书文件SecGateAdmin.p12，弹出如下窗口。按提示进行安装，密码为“123456”，其它按默认即可安装成功。3.在IE浏览器中输入：，密码为firewall进入VPN网关管理界面。4.进入VPN网关管理界面。5.选择系统配置——》导入导出。点击“浏览”，选择配置文件fwconfig.txt。fwconfig.txt如下：#hardwareversion:SecGate3600-F3(SJW79)A#softwareversion:3.6.4.26#hostname:SecGate#serialnumber:f6f335072669bb05defaddrdelalladdrdefaddraddDMZ0.0.0.0/0.0.0.0commentDMZdefaddraddTrust0.0.0.0/0.0.0.0commentTrustdefaddraddUntrust0.0.0.0/0.0.0.0commentUntrustvpnsetdefaultprekeyPleaseInputPrekeyikelifetime28800ipseclifetime3600vpnstatusonvpnbakoffvpnonvpnaddremotestaticmainpsknamexianaddr222.91.74.218prekeyPleaseInputPrekeyike3des-sha1-dh5,aes-sha1-dh5initiateonobeyoffnat_tonikelifetime28800dpddelay0dpdtimeout0vpnaddtunnelnamexian_qianxianlocal61.185.40.23remotexianauthespipsecaes128-md5,3des-sha1pfsondh_group5ipseclifetime3600proxy_localip0.0.0.0proxy_localmask0.0.0.0proxy_remoteip0.0.0.0proxy_remotemask0.0.0.0antisynfloodfe1200antiicmpfloodfe11000antipingofdeathfe1800antiudpfloodfe11000antipingsweepfe110antitcpportscanfe110antiudpportscanfe110antisynfloodfe2200antiicmpfloodfe21000antipingofdeathfe2800antiudpfloodfe21000antipingsweepfe210antitcpportscanfe210antiudpportscanfe210antisynfloodfe3200antiicmpfloodfe31000antipingofdeathfe3800antiudpfloodfe31000antipingsweepfe310antitcpportscanfe310antiudpportscanfe310antisynfloodfe4200antiicmpfloodfe41000antipingofdeathfe4800antiudpfloodfe41000antipingsweepfe410antitcpportscanfe410antiudpportscanfe410sysifsetfe1speedautomtu1500ipmacoffmacpolicypermitmoderoutesrouteofflogoffantioffnonipdenyidsblockoffvlanoffsysifsetfe2speedautomtu1500ipmacoffmacpolicypermitmoderoutesrouteofflogoffantioffnonipdenyidsblockoffvlanoffsysifsetfe3speedautomtu1500ipmacoffmacpolicypermitmoderoutesrouteofflogoffantioffnonipdenyidsblockoffvlanoffsysifsetfe4speedautomtu1500ipmacoffmacpolicypermitmoderoutesrouteofflogoffantioffnonipdenyidsblockoffvlanoffsysipaddfe110.50.10.45255.255.255.0pingoffadminonadminpingontracerouteonsysipaddfe461.185.40.23255.255.255.128pingonadminonadminpingofftracerouteoffsysipaddfe3172.24.40.100255.255.255.0pingonadminonadminpingofftracerouteoffvrrpbunchdelay10routeadddrouteany61.185.40.1mngglobalsetcpu80mem80fs80rcommpublicwcommprivatetrapcpublicusernamesnmpuserlevelAuthnoPrivauthpass12345678cryptMD5mngglobaladdsnmpip222.91.74.218mngglobalonlogsrvset222.91.74.218514udpmngacctsetadminpasswordfirewallmngacctmultionmngacctfailtime5blocktime30period120dnssetsysnameSecGateipcftcheckofflongconnset1800statetableudp20icmp5statetableovertimeestablish1800syn120dnsrelaysetautordwebsrcaddranydstaddranyrdwebdstport80vpnsetdhcpactiveoffdhcpserver127.0.0.1interfacelotimeoutsetweb600bandwidthaddp2p_bandpriority3minbw60maxbw160comment建议仅用于P2P带宽限制ftpactiveport20keepofftcpmssset1460defsvcsetftpftp21defsvcseth323h3231720defsvcsetsqlnetsqlnet1521defsvcsetsipsip5060defsvcsetrtsprtsp554defsvcsetmmsmms1755defsvcsetpptppptp1723defsvcsetgkgk1719defsvcsettftptftp69defsvcsetftpcomment文件传输协议defsvcseth323commentNetmeeting服务defsvcsetsqlnetcommentoracle数据库网络连接defsvcsetsipcomment基于sip协议的动态服务defsvcsetrtspcommentRTSP服务defsvcsetmmscommentMMS服务defsvcsetpptpcomment点到点隧道协议的动态服务defsvcsetgkcommentH.323网守服务defsvcsettftpcommentTFTP协议defsvcseticmpicmpcommentICMP服务defsvcsetpingicmptype8commentPING请求defsvcsetpongicmptype0commentPING回应defsvcsettcpprototcpanyanycommenttcp协议的所有服务defsvcsetudpprotoudpanyanycommentudp协议的所有服务defsvcsetgreproto47comment封装协议defsvcsetespproto50commentVPN加密认证协议defsvcsetahproto51comment加密协议defsvcsetvrrpproto112commentHA负载均衡协议defsvcsetsshprototcpany22comment远程加密登录defsvcsettelnetprototcpany23comment远程登录协议defsvcsetsmtpprototcpany25comment邮件发送服务defsvcsethttpprototcpany80comment:68commentdhcp&bootpdefsvcsethttpsprototcpany443commenthttps服务defsvcsetpptp_serverprototcpany1723proto47comment点到点隧道协议（用于防火墙作为PPTP服务器）defsvcsetdnsprototcpany53protoudpany53comment域名解析服务defsvcsetsnmpprotoudpany161comment简单网络管理协议defsvcsetsnmptrapprotoudpany162commentsnmptrap发送服务defsvcsetsyslogprotoudpany514comment日志传输协议defsvcsetoicqcprotoudpany4000commentQQ客户端打开端口defsvcsetoicqsprotoudpany8000commentQQ服务器打开端口defsvcsetsecgate_authprototcpany9998protoudpany9998commentSecGate安全网关用户认证defsvcsetsecgate_globalprototcpany161protoudpany161commentSecGate安全网关集中管理defsvcsetsecgate_httpsprototcpany8889prototcpany8888commentSecGate安全网关WEB管理defsvcsetsecgate_ha_confprototcpany9223protoudpany9455commentSecGate安全网关HA功能配置同步服务defsvcsetvirus_blasterprototcpany135:139protoudpany135:139prototcpany4444protoudpany69comment冲击波影响端口defsvcsetvirus_sasserprototcpany445prototcpany1025prototcpany1068prototcpany5554prototcpany9995:9996protoudpany9995:9996comment震荡波影响端口defsvcsetvirus_sqlwormprotoudpany1434commentSQL蠕虫影响端口defsvcsetpcanywhereprototcpany5631:5632protoud