1
|
<?xml version="1.0" encoding="utf-8"?>
|
2
|
<pfsense>
|
3
|
<version>15.4</version>
|
4
|
<lastchange />
|
5
|
<theme>pfsense_ng</theme>
|
6
|
<system>
|
7
|
<optimization>conservative</optimization>
|
8
|
<hostname>remote</hostname>
|
9
|
<domain>avant.ca</domain>
|
10
|
<group>
|
11
|
<name>admins</name>
|
12
|
<description><![CDATA[System Administrators]]></description>
|
13
|
<scope>system</scope>
|
14
|
<gid>1999</gid>
|
15
|
<member>0</member>
|
16
|
<priv>page-all</priv>
|
17
|
</group>
|
18
|
<group>
|
19
|
<name>all</name>
|
20
|
<description><![CDATA[All Users]]></description>
|
21
|
<scope>system</scope>
|
22
|
<gid>1998</gid>
|
23
|
</group>
|
24
|
<group>
|
25
|
<name>vpnusers</name>
|
26
|
<description />
|
27
|
<gid>2000</gid>
|
28
|
<priv>user-ipsec-xauth-dialin</priv>
|
29
|
<priv>user-l2tp-dialin</priv>
|
30
|
<priv>user-pppoe-dialin</priv>
|
31
|
<priv>user-pptp-dialin</priv>
|
32
|
<member>2001</member>
|
33
|
</group>
|
34
|
<user>
|
35
|
<name>admin</name>
|
36
|
<descr><![CDATA[System Administrator]]></descr>
|
37
|
<scope>system</scope>
|
38
|
<groupname>admins</groupname>
|
39
|
<password></password>
|
40
|
<uid>0</uid>
|
41
|
<priv>user-shell-access</priv>
|
42
|
<md5-hash></md5-hash>
|
43
|
</user>
|
44
|
<user>
|
45
|
<scope>user</scope>
|
46
|
<password></password>
|
47
|
<md5-hash></md5-hash>
|
48
|
<name>vpnuser</name>
|
49
|
<descr><![CDATA[VPN User]]></descr>
|
50
|
<expires />
|
51
|
<authorizedkeys />
|
52
|
<ipsecpsk />
|
53
|
<uid>2001</uid>
|
54
|
</user>
|
55
|
<nextuid>2002</nextuid>
|
56
|
<nextgid>2001</nextgid>
|
57
|
<timezone>America/Winnipeg</timezone>
|
58
|
<time-update-interval />
|
59
|
<timeservers>2.ca.pool.ntp.org 2.pool.ntp.org ntp6a.rollernet.us clock.fmt.he.net</timeservers>
|
60
|
<webgui>
|
61
|
<protocol>https</protocol>
|
62
|
<loginautocomplete />
|
63
|
<ssl-certref>55cca9a47b7b3</ssl-certref>
|
64
|
<port>8443</port>
|
65
|
<max_procs>2</max_procs>
|
66
|
<althostnames>remote.avant.ca guardian.asg.local guardian.ad.avant.ca remote guardian</althostnames>
|
67
|
<dashboardcolumns>2</dashboardcolumns>
|
68
|
<webguicss>pfSense.css</webguicss>
|
69
|
<webguileftcolumnhyper />
|
70
|
<dashboardavailablewidgetspanel />
|
71
|
<systemlogsfilterpanel />
|
72
|
<systemlogsmanagelogpanel />
|
73
|
<statusmonitoringsettingspanel />
|
74
|
</webgui>
|
75
|
<disablesegmentationoffloading />
|
76
|
<disablelargereceiveoffloading />
|
77
|
<ipv6allow />
|
78
|
<powerd_ac_mode>hadp</powerd_ac_mode>
|
79
|
<powerd_battery_mode>hadp</powerd_battery_mode>
|
80
|
<powerd_normal_mode>hadp</powerd_normal_mode>
|
81
|
<bogons>
|
82
|
<interval>daily</interval>
|
83
|
</bogons>
|
84
|
<serialspeed>115200</serialspeed>
|
85
|
<primaryconsole>serial</primaryconsole>
|
86
|
<enablesshd>enabled</enablesshd>
|
87
|
<scrubnodf>enabled</scrubnodf>
|
88
|
<scrubrnid>enabled</scrubrnid>
|
89
|
<maximumstates />
|
90
|
<aliasesresolveinterval />
|
91
|
<maximumtableentries />
|
92
|
<enablebinatreflection>yes</enablebinatreflection>
|
93
|
<enablenatreflectionhelper>yes</enablenatreflectionhelper>
|
94
|
<reflectiontimeout />
|
95
|
<powerd_enable />
|
96
|
<use_mfs_tmp_size />
|
97
|
<use_mfs_var_size />
|
98
|
<language>en_US</language>
|
99
|
<dns1gw>none</dns1gw>
|
100
|
<dns2gw>none</dns2gw>
|
101
|
<dns3gw>none</dns3gw>
|
102
|
<dns4gw>none</dns4gw>
|
103
|
<ssh>
|
104
|
<port>2022</port>
|
105
|
</ssh>
|
106
|
<authserver>
|
107
|
<refid>562f84c16e1ac</refid>
|
108
|
<type>ldap</type>
|
109
|
<name>ad.avant.ca</name>
|
110
|
<ldap_caref>5540ed69a904b</ldap_caref>
|
111
|
<host>ad.avant.ca</host>
|
112
|
<ldap_port>389</ldap_port>
|
113
|
<ldap_urltype>TCP - Standard</ldap_urltype>
|
114
|
<ldap_protver>3</ldap_protver>
|
115
|
<ldap_scope>subtree</ldap_scope>
|
116
|
<ldap_basedn><![CDATA[DC=AD,DC=AVANT,DC=CA]]></ldap_basedn>
|
117
|
<ldap_authcn><![CDATA[DC=AD,DC=AVANT,DC=CA]]></ldap_authcn>
|
118
|
<ldap_extended_enabled />
|
119
|
<ldap_extended_query />
|
120
|
<ldap_attr_user><![CDATA[samAccountName]]></ldap_attr_user>
|
121
|
<ldap_attr_group><![CDATA[cn]]></ldap_attr_group>
|
122
|
<ldap_attr_member><![CDATA[memberOf]]></ldap_attr_member>
|
123
|
<ldap_utf8 />
|
124
|
<ldap_binddn><![CDATA[CN=LDAP BindAccount,OU=Service Accounts,OU=Avant,DC=AD,DC=AVANT,DC=CA]]></ldap_binddn>
|
125
|
<ldap_bindpw><![CDATA[]]></ldap_bindpw>
|
126
|
</authserver>
|
127
|
<dnsserver>192.168.158.10</dnsserver>
|
128
|
<dnsserver>192.168.158.20</dnsserver>
|
129
|
</system>
|
130
|
<interfaces>
|
131
|
<wan>
|
132
|
<if>em0</if>
|
133
|
<blockbogons />
|
134
|
<descr><![CDATA[MTSDSL]]></descr>
|
135
|
<spoofmac />
|
136
|
<alias-address />
|
137
|
<alias-subnet>32</alias-subnet>
|
138
|
<enable />
|
139
|
<ipaddr>dhcp</ipaddr>
|
140
|
<dhcphostname />
|
141
|
<dhcprejectfrom />
|
142
|
<adv_dhcp_pt_timeout />
|
143
|
<adv_dhcp_pt_retry />
|
144
|
<adv_dhcp_pt_select_timeout />
|
145
|
<adv_dhcp_pt_reboot />
|
146
|
<adv_dhcp_pt_backoff_cutoff />
|
147
|
<adv_dhcp_pt_initial_interval />
|
148
|
<adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
|
149
|
<adv_dhcp_send_options />
|
150
|
<adv_dhcp_request_options />
|
151
|
<adv_dhcp_required_options />
|
152
|
<adv_dhcp_option_modifiers />
|
153
|
<adv_dhcp_config_advanced />
|
154
|
<adv_dhcp_config_file_override />
|
155
|
<adv_dhcp_config_file_override_path />
|
156
|
</wan>
|
157
|
<lan>
|
158
|
<enable />
|
159
|
<if>bge0</if>
|
160
|
<descr><![CDATA[LAN]]></descr>
|
161
|
<spoofmac />
|
162
|
<ipaddr>192.168.100.1</ipaddr>
|
163
|
<subnet>24</subnet>
|
164
|
<ipaddrv6>fd60:7f9c:65d8:100::1</ipaddrv6>
|
165
|
<subnetv6>128</subnetv6>
|
166
|
</lan>
|
167
|
<opt1>
|
168
|
<if>bge0_vlan156</if>
|
169
|
<descr><![CDATA[DMZ]]></descr>
|
170
|
<enable />
|
171
|
<spoofmac />
|
172
|
<ipaddr>192.168.101.1</ipaddr>
|
173
|
<subnet>24</subnet>
|
174
|
<ipaddrv6>fd60:7f9c:65d8:101::1</ipaddrv6>
|
175
|
<subnetv6>64</subnetv6>
|
176
|
</opt1>
|
177
|
<opt2>
|
178
|
<descr><![CDATA[VOICE]]></descr>
|
179
|
<if>hme0_vlan8</if>
|
180
|
<enable />
|
181
|
<alias-address />
|
182
|
<alias-subnet>32</alias-subnet>
|
183
|
<spoofmac />
|
184
|
<ipaddr>192.168.10.1</ipaddr>
|
185
|
<subnet>24</subnet>
|
186
|
</opt2>
|
187
|
<opt3>
|
188
|
<descr><![CDATA[NEWLAN]]></descr>
|
189
|
<if>bge0_vlan158</if>
|
190
|
<enable />
|
191
|
<spoofmac />
|
192
|
<ipaddr>192.168.158.1</ipaddr>
|
193
|
<subnet>24</subnet>
|
194
|
<ipaddrv6>fd60:7f9c:65d8:158::1</ipaddrv6>
|
195
|
<subnetv6>64</subnetv6>
|
196
|
</opt3>
|
197
|
<opt4>
|
198
|
<descr><![CDATA[HEtunnel]]></descr>
|
199
|
<if>gif0</if>
|
200
|
<enable />
|
201
|
<spoofmac />
|
202
|
</opt4>
|
203
|
</interfaces>
|
204
|
<staticroutes />
|
205
|
<dhcpd>
|
206
|
<lan>
|
207
|
<range>
|
208
|
<from>192.168.100.10</from>
|
209
|
<to>192.168.100.245</to>
|
210
|
</range>
|
211
|
</lan>
|
212
|
</dhcpd>
|
213
|
<snmpd>
|
214
|
<syslocation />
|
215
|
<syscontact />
|
216
|
<rocommunity>Avant123</rocommunity>
|
217
|
<modules>
|
218
|
<mibii />
|
219
|
<netgraph />
|
220
|
<pf />
|
221
|
<hostres />
|
222
|
<ucd />
|
223
|
<regex />
|
224
|
</modules>
|
225
|
<enable />
|
226
|
<pollport>161</pollport>
|
227
|
<trapserver />
|
228
|
<trapserverport>162</trapserverport>
|
229
|
<trapstring />
|
230
|
<bindip />
|
231
|
</snmpd>
|
232
|
<diag>
|
233
|
<ipv6nat />
|
234
|
</diag>
|
235
|
<bridge />
|
236
|
<syslog />
|
237
|
<nat>
|
238
|
<outbound>
|
239
|
<mode>hybrid</mode>
|
240
|
<rule>
|
241
|
<source>
|
242
|
<network>192.168.101.0/24</network>
|
243
|
</source>
|
244
|
<sourceport />
|
245
|
<descr><![CDATA[NAT outbound from DMZ]]></descr>
|
246
|
<target />
|
247
|
<targetip />
|
248
|
<targetip_subnet>0</targetip_subnet>
|
249
|
<interface>wan</interface>
|
250
|
<poolopts />
|
251
|
<destination>
|
252
|
<any />
|
253
|
</destination>
|
254
|
<created>
|
255
|
<time>1428538526</time>
|
256
|
<username>admin@192.168.100.114</username>
|
257
|
</created>
|
258
|
<updated>
|
259
|
<time>1428538549</time>
|
260
|
<username>admin@192.168.100.114</username>
|
261
|
</updated>
|
262
|
</rule>
|
263
|
<rule>
|
264
|
<source>
|
265
|
<network>192.168.158.0/24</network>
|
266
|
</source>
|
267
|
<sourceport />
|
268
|
<descr><![CDATA[NAT outbound from NEWLAN]]></descr>
|
269
|
<target />
|
270
|
<targetip />
|
271
|
<targetip_subnet>0</targetip_subnet>
|
272
|
<interface>wan</interface>
|
273
|
<poolopts />
|
274
|
<destination>
|
275
|
<any />
|
276
|
</destination>
|
277
|
<updated>
|
278
|
<time>1431440946</time>
|
279
|
<username>admin@192.168.100.114</username>
|
280
|
</updated>
|
281
|
<created>
|
282
|
<time>1431440946</time>
|
283
|
<username>admin@192.168.100.114</username>
|
284
|
</created>
|
285
|
</rule>
|
286
|
<rule>
|
287
|
<source>
|
288
|
<network>192.168.158.0/24</network>
|
289
|
</source>
|
290
|
<sourceport />
|
291
|
<descr><![CDATA[allow NEWLAN-DMZ traffic (required since otherwise remote GW replies to sandbox network instead of back to NEWLAN)]]></descr>
|
292
|
<target />
|
293
|
<targetip />
|
294
|
<targetip_subnet />
|
295
|
<interface>opt1</interface>
|
296
|
<poolopts />
|
297
|
<destination>
|
298
|
<address>192.168.101.0/24</address>
|
299
|
</destination>
|
300
|
<updated>
|
301
|
<time>1462467438</time>
|
302
|
<username>admin@192.168.158.159</username>
|
303
|
</updated>
|
304
|
<created>
|
305
|
<time>1462467438</time>
|
306
|
<username>admin@192.168.158.159</username>
|
307
|
</created>
|
308
|
</rule>
|
309
|
</outbound>
|
310
|
<rule>
|
311
|
<source>
|
312
|
<any />
|
313
|
</source>
|
314
|
<destination>
|
315
|
<network>wanip</network>
|
316
|
<port>80</port>
|
317
|
</destination>
|
318
|
<protocol>tcp</protocol>
|
319
|
<target>192.168.158.16</target>
|
320
|
<local-port>80</local-port>
|
321
|
<interface>wan</interface>
|
322
|
<descr><![CDATA[support.avant.ca - nginx reverse proxy]]></descr>
|
323
|
<associated-rule-id>nat_5525c70360ccb0.32850910</associated-rule-id>
|
324
|
<natreflection>enable</natreflection>
|
325
|
<created>
|
326
|
<time>1428539139</time>
|
327
|
<username>admin@192.168.100.114</username>
|
328
|
</created>
|
329
|
<updated>
|
330
|
<time>1439818233</time>
|
331
|
<username>admin@192.168.100.114</username>
|
332
|
</updated>
|
333
|
</rule>
|
334
|
<rule>
|
335
|
<source>
|
336
|
<any />
|
337
|
</source>
|
338
|
<destination>
|
339
|
<network>wanip</network>
|
340
|
<port>443</port>
|
341
|
</destination>
|
342
|
<protocol>tcp</protocol>
|
343
|
<target>192.168.158.16</target>
|
344
|
<local-port>443</local-port>
|
345
|
<interface>wan</interface>
|
346
|
<descr><![CDATA[support.avant.ca - nginx reverse proxy]]></descr>
|
347
|
<associated-rule-id>nat_5525c70e1c0134.82856379</associated-rule-id>
|
348
|
<natreflection>enable</natreflection>
|
349
|
<created>
|
350
|
<time>1428539150</time>
|
351
|
<username>admin@192.168.100.114</username>
|
352
|
</created>
|
353
|
<updated>
|
354
|
<time>1439818250</time>
|
355
|
<username>admin@192.168.100.114</username>
|
356
|
</updated>
|
357
|
</rule>
|
358
|
<rule>
|
359
|
<disabled />
|
360
|
<source>
|
361
|
<any />
|
362
|
</source>
|
363
|
<destination>
|
364
|
<network>wanip</network>
|
365
|
<port>8080</port>
|
366
|
</destination>
|
367
|
<protocol>tcp</protocol>
|
368
|
<target>192.168.101.3</target>
|
369
|
<local-port>8080</local-port>
|
370
|
<interface>wan</interface>
|
371
|
<descr><![CDATA[support.avant.ca]]></descr>
|
372
|
<associated-rule-id>nat_5525c71c7fc5a4.55088909</associated-rule-id>
|
373
|
<natreflection>enable</natreflection>
|
374
|
<created>
|
375
|
<time>1428539164</time>
|
376
|
<username>admin@192.168.100.114</username>
|
377
|
</created>
|
378
|
<updated>
|
379
|
<time>1439818320</time>
|
380
|
<username>admin@192.168.100.114</username>
|
381
|
</updated>
|
382
|
</rule>
|
383
|
<rule>
|
384
|
<source>
|
385
|
<any />
|
386
|
</source>
|
387
|
<destination>
|
388
|
<network>(self)</network>
|
389
|
<port>22</port>
|
390
|
</destination>
|
391
|
<protocol>tcp</protocol>
|
392
|
<target>192.168.100.1</target>
|
393
|
<local-port>2022</local-port>
|
394
|
<interface>lan</interface>
|
395
|
<descr><![CDATA[redirect regular SSH port to 2022 on LAN]]></descr>
|
396
|
<associated-rule-id>nat_552af2a9573625.75210539</associated-rule-id>
|
397
|
<natreflection>enable</natreflection>
|
398
|
<updated>
|
399
|
<time>1428877993</time>
|
400
|
<username>admin@192.168.100.114</username>
|
401
|
</updated>
|
402
|
<created>
|
403
|
<time>1428877993</time>
|
404
|
<username>admin@192.168.100.114</username>
|
405
|
</created>
|
406
|
</rule>
|
407
|
<rule>
|
408
|
<source>
|
409
|
<any />
|
410
|
</source>
|
411
|
<destination>
|
412
|
<network>(self)</network>
|
413
|
<port>22</port>
|
414
|
</destination>
|
415
|
<protocol>tcp</protocol>
|
416
|
<target>192.168.158.1</target>
|
417
|
<local-port>2022</local-port>
|
418
|
<interface>opt3</interface>
|
419
|
<descr><![CDATA[redirect regular SSH port to 2022 on LAN]]></descr>
|
420
|
<associated-rule-id>nat_55520c83632903.91711398</associated-rule-id>
|
421
|
<natreflection>enable</natreflection>
|
422
|
<updated>
|
423
|
<time>1431440515</time>
|
424
|
<username>admin@192.168.100.114</username>
|
425
|
</updated>
|
426
|
<created>
|
427
|
<time>1431440515</time>
|
428
|
<username>admin@192.168.100.114</username>
|
429
|
</created>
|
430
|
</rule>
|
431
|
<rule>
|
432
|
<source>
|
433
|
<network>opt3</network>
|
434
|
</source>
|
435
|
<destination>
|
436
|
<network>wanip</network>
|
437
|
<port>54663</port>
|
438
|
</destination>
|
439
|
<protocol>tcp</protocol>
|
440
|
<target>192.168.158.54</target>
|
441
|
<local-port>54663</local-port>
|
442
|
<interface>wan</interface>
|
443
|
<descr><![CDATA[Bamboo JMS port]]></descr>
|
444
|
<associated-rule-id>nat_56982a9c514cd4.39339044</associated-rule-id>
|
445
|
<natreflection>enable</natreflection>
|
446
|
<created>
|
447
|
<time>1452812956</time>
|
448
|
<username>admin@192.168.158.144</username>
|
449
|
</created>
|
450
|
<updated>
|
451
|
<time>1452813136</time>
|
452
|
<username>admin@192.168.158.144</username>
|
453
|
</updated>
|
454
|
</rule>
|
455
|
<npt>
|
456
|
<descr><![CDATA[NEWLAN-to-HETUNNEL]]></descr>
|
457
|
<interface>opt4</interface>
|
458
|
<source>
|
459
|
<address>fd60:7f9c:65d8:158::/64</address>
|
460
|
</source>
|
461
|
<destination>
|
462
|
<address>2001:470:1f11:103d::/64</address>
|
463
|
</destination>
|
464
|
</npt>
|
465
|
<separator />
|
466
|
<onetoone>
|
467
|
<external>192.168.101.10</external>
|
468
|
<descr><![CDATA[fake DC1 for sandbox]]></descr>
|
469
|
<interface>opt1</interface>
|
470
|
<source>
|
471
|
<address>192.168.158.10</address>
|
472
|
</source>
|
473
|
<destination>
|
474
|
<any />
|
475
|
</destination>
|
476
|
</onetoone>
|
477
|
<onetoone>
|
478
|
<external>192.168.101.20</external>
|
479
|
<descr><![CDATA[fake DC2 for sandbox]]></descr>
|
480
|
<interface>opt1</interface>
|
481
|
<source>
|
482
|
<address>192.168.158.20</address>
|
483
|
</source>
|
484
|
<destination>
|
485
|
<any />
|
486
|
</destination>
|
487
|
</onetoone>
|
488
|
</nat>
|
489
|
<filter>
|
490
|
<rule>
|
491
|
<id />
|
492
|
<tracker>1428525653</tracker>
|
493
|
<type>pass</type>
|
494
|
<interface>wan</interface>
|
495
|
<ipprotocol>inet46</ipprotocol>
|
496
|
<tag />
|
497
|
<tagged />
|
498
|
<max />
|
499
|
<max-src-nodes />
|
500
|
<max-src-conn />
|
501
|
<max-src-states />
|
502
|
<statetimeout />
|
503
|
<statetype>keep state</statetype>
|
504
|
<os />
|
505
|
<source>
|
506
|
<any />
|
507
|
</source>
|
508
|
<destination>
|
509
|
<network>(self)</network>
|
510
|
</destination>
|
511
|
<descr><![CDATA[allow all inbound to firewall]]></descr>
|
512
|
<created>
|
513
|
<time>1428525653</time>
|
514
|
<username>admin@192.168.100.114</username>
|
515
|
</created>
|
516
|
<updated>
|
517
|
<time>1429197255</time>
|
518
|
<username>admin@192.168.100.114</username>
|
519
|
</updated>
|
520
|
</rule>
|
521
|
<rule>
|
522
|
<source>
|
523
|
<any />
|
524
|
</source>
|
525
|
<interface>wan</interface>
|
526
|
<protocol>tcp</protocol>
|
527
|
<destination>
|
528
|
<address>192.168.158.16</address>
|
529
|
<port>80</port>
|
530
|
</destination>
|
531
|
<descr><![CDATA[NAT support.avant.ca - nginx reverse proxy]]></descr>
|
532
|
<associated-rule-id>nat_5525c70360ccb0.32850910</associated-rule-id>
|
533
|
<created>
|
534
|
<time>1428539139</time>
|
535
|
<username>NAT Port Forward</username>
|
536
|
</created>
|
537
|
<tracker>1460561401</tracker>
|
538
|
</rule>
|
539
|
<rule>
|
540
|
<source>
|
541
|
<any />
|
542
|
</source>
|
543
|
<interface>wan</interface>
|
544
|
<protocol>tcp</protocol>
|
545
|
<destination>
|
546
|
<address>192.168.158.16</address>
|
547
|
<port>443</port>
|
548
|
</destination>
|
549
|
<descr><![CDATA[NAT support.avant.ca - nginx reverse proxy]]></descr>
|
550
|
<associated-rule-id>nat_5525c70e1c0134.82856379</associated-rule-id>
|
551
|
<created>
|
552
|
<time>1428539150</time>
|
553
|
<username>NAT Port Forward</username>
|
554
|
</created>
|
555
|
<tracker>1460561402</tracker>
|
556
|
</rule>
|
557
|
<rule>
|
558
|
<source>
|
559
|
<any />
|
560
|
</source>
|
561
|
<interface>wan</interface>
|
562
|
<protocol>tcp</protocol>
|
563
|
<destination>
|
564
|
<address>192.168.101.3</address>
|
565
|
<port>8080</port>
|
566
|
</destination>
|
567
|
<descr><![CDATA[NAT support.avant.ca]]></descr>
|
568
|
<associated-rule-id>nat_5525c71c7fc5a4.55088909</associated-rule-id>
|
569
|
<created>
|
570
|
<time>1428539164</time>
|
571
|
<username>NAT Port Forward</username>
|
572
|
</created>
|
573
|
<tracker>1460561403</tracker>
|
574
|
</rule>
|
575
|
<rule>
|
576
|
<descr><![CDATA[OpenVPN wizard]]></descr>
|
577
|
<direction>in</direction>
|
578
|
<source>
|
579
|
<any />
|
580
|
</source>
|
581
|
<destination>
|
582
|
<network>wanip</network>
|
583
|
<port>1194</port>
|
584
|
</destination>
|
585
|
<interface>wan</interface>
|
586
|
<protocol>udp</protocol>
|
587
|
<type>pass</type>
|
588
|
<enabled>on</enabled>
|
589
|
<created>
|
590
|
<time>1433942735</time>
|
591
|
<username>OpenVPN Wizard</username>
|
592
|
</created>
|
593
|
<tracker>1460561404</tracker>
|
594
|
</rule>
|
595
|
<rule>
|
596
|
<id />
|
597
|
<tracker>1439308790</tracker>
|
598
|
<type>pass</type>
|
599
|
<interface>wan</interface>
|
600
|
<ipprotocol>inet</ipprotocol>
|
601
|
<tag />
|
602
|
<tagged />
|
603
|
<max />
|
604
|
<max-src-nodes />
|
605
|
<max-src-conn />
|
606
|
<max-src-states />
|
607
|
<statetimeout />
|
608
|
<statetype>keep state</statetype>
|
609
|
<os />
|
610
|
<protocol>tcp</protocol>
|
611
|
<source>
|
612
|
<any />
|
613
|
</source>
|
614
|
<destination>
|
615
|
<network>wanip</network>
|
616
|
<port>1195</port>
|
617
|
</destination>
|
618
|
<descr><![CDATA[OpenVPN ]]></descr>
|
619
|
<updated>
|
620
|
<time>1439308790</time>
|
621
|
<username>admin@204.16.145.145</username>
|
622
|
</updated>
|
623
|
<created>
|
624
|
<time>1439308790</time>
|
625
|
<username>admin@204.16.145.145</username>
|
626
|
</created>
|
627
|
</rule>
|
628
|
<rule>
|
629
|
<id />
|
630
|
<tracker>1452813164</tracker>
|
631
|
<type>pass</type>
|
632
|
<interface>wan</interface>
|
633
|
<ipprotocol>inet</ipprotocol>
|
634
|
<tag />
|
635
|
<tagged />
|
636
|
<max />
|
637
|
<max-src-nodes />
|
638
|
<max-src-conn />
|
639
|
<max-src-states />
|
640
|
<statetimeout />
|
641
|
<statetype>keep state</statetype>
|
642
|
<os />
|
643
|
<protocol>tcp</protocol>
|
644
|
<source>
|
645
|
<network>opt3</network>
|
646
|
</source>
|
647
|
<destination>
|
648
|
<address>192.168.158.54</address>
|
649
|
<port>54663</port>
|
650
|
</destination>
|
651
|
<descr><![CDATA[NAT Bamboo JMS port]]></descr>
|
652
|
<associated-rule-id>nat_56982a9c514cd4.39339044</associated-rule-id>
|
653
|
<created>
|
654
|
<time>1452812956</time>
|
655
|
<username>NAT Port Forward</username>
|
656
|
</created>
|
657
|
<updated>
|
658
|
<time>1452813196</time>
|
659
|
<username>admin@192.168.158.144</username>
|
660
|
</updated>
|
661
|
</rule>
|
662
|
<rule>
|
663
|
<source>
|
664
|
<any />
|
665
|
</source>
|
666
|
<interface>lan</interface>
|
667
|
<protocol>tcp</protocol>
|
668
|
<destination>
|
669
|
<address>192.168.100.1</address>
|
670
|
<port>2022</port>
|
671
|
</destination>
|
672
|
<descr><![CDATA[NAT redirect regular SSH port to 2022 on LAN]]></descr>
|
673
|
<associated-rule-id>nat_552af2a9573625.75210539</associated-rule-id>
|
674
|
<created>
|
675
|
<time>1428877993</time>
|
676
|
<username>NAT Port Forward</username>
|
677
|
</created>
|
678
|
<tracker>1460561405</tracker>
|
679
|
</rule>
|
680
|
<rule>
|
681
|
<id />
|
682
|
<tracker>1446059294</tracker>
|
683
|
<type>pass</type>
|
684
|
<interface>lan</interface>
|
685
|
<ipprotocol>inet46</ipprotocol>
|
686
|
<tcpflags_any />
|
687
|
<tag />
|
688
|
<tagged />
|
689
|
<allowopts />
|
690
|
<disablereplyto />
|
691
|
<max />
|
692
|
<max-src-nodes />
|
693
|
<max-src-conn />
|
694
|
<max-src-states />
|
695
|
<statetimeout />
|
696
|
<statetype>sloppy state</statetype>
|
697
|
<os />
|
698
|
<nopfsync />
|
699
|
<source>
|
700
|
<network>lan</network>
|
701
|
</source>
|
702
|
<destination>
|
703
|
<network>opt3</network>
|
704
|
</destination>
|
705
|
<descr><![CDATA[skip state on LAN<-->NEWLAN]]></descr>
|
706
|
<created>
|
707
|
<time>1446059294</time>
|
708
|
<username>admin@192.168.100.114</username>
|
709
|
</created>
|
710
|
<updated>
|
711
|
<time>1462463122</time>
|
712
|
<username>admin@192.168.158.159</username>
|
713
|
</updated>
|
714
|
</rule>
|
715
|
<rule>
|
716
|
<id />
|
717
|
<tracker>0100000101</tracker>
|
718
|
<type>pass</type>
|
719
|
<interface>lan</interface>
|
720
|
<ipprotocol>inet46</ipprotocol>
|
721
|
<tag />
|
722
|
<tagged />
|
723
|
<max />
|
724
|
<max-src-nodes />
|
725
|
<max-src-conn />
|
726
|
<max-src-states />
|
727
|
<statetimeout />
|
728
|
<statetype>keep state</statetype>
|
729
|
<os />
|
730
|
<source>
|
731
|
<any />
|
732
|
</source>
|
733
|
<destination>
|
734
|
<any />
|
735
|
</destination>
|
736
|
<descr><![CDATA[Default allow LAN to any rule]]></descr>
|
737
|
<updated>
|
738
|
<time>1446059255</time>
|
739
|
<username>admin@192.168.100.114</username>
|
740
|
</updated>
|
741
|
</rule>
|
742
|
<rule>
|
743
|
<id />
|
744
|
<tracker>1434292491</tracker>
|
745
|
<type>pass</type>
|
746
|
<interface>enc0</interface>
|
747
|
<ipprotocol>inet46</ipprotocol>
|
748
|
<tag />
|
749
|
<tagged />
|
750
|
<max />
|
751
|
<max-src-nodes />
|
752
|
<max-src-conn />
|
753
|
<max-src-states />
|
754
|
<statetimeout />
|
755
|
<statetype>keep state</statetype>
|
756
|
<os />
|
757
|
<source>
|
758
|
<any />
|
759
|
</source>
|
760
|
<destination>
|
761
|
<any />
|
762
|
</destination>
|
763
|
<descr><![CDATA[Allow all IPSec traffic]]></descr>
|
764
|
<created>
|
765
|
<time>1434292491</time>
|
766
|
<username>admin@137.122.64.20</username>
|
767
|
</created>
|
768
|
<updated>
|
769
|
<time>1434902080</time>
|
770
|
<username>admin@50.72.224.18</username>
|
771
|
</updated>
|
772
|
</rule>
|
773
|
<rule>
|
774
|
<id />
|
775
|
<tracker>1430323239</tracker>
|
776
|
<type>pass</type>
|
777
|
<interface>openvpn</interface>
|
778
|
<ipprotocol>inet46</ipprotocol>
|
779
|
<tag />
|
780
|
<tagged />
|
781
|
<max />
|
782
|
<max-src-nodes />
|
783
|
<max-src-conn />
|
784
|
<max-src-states />
|
785
|
<statetimeout />
|
786
|
<statetype>keep state</statetype>
|
787
|
<os />
|
788
|
<source>
|
789
|
<any />
|
790
|
</source>
|
791
|
<destination>
|
792
|
<any />
|
793
|
</destination>
|
794
|
<descr />
|
795
|
<updated>
|
796
|
<time>1430323239</time>
|
797
|
<username>admin@198.51.75.21</username>
|
798
|
</updated>
|
799
|
<created>
|
800
|
<time>1430323239</time>
|
801
|
<username>admin@198.51.75.21</username>
|
802
|
</created>
|
803
|
</rule>
|
804
|
<rule>
|
805
|
<id />
|
806
|
<tracker>1428537964</tracker>
|
807
|
<type>pass</type>
|
808
|
<interface>opt1</interface>
|
809
|
<ipprotocol>inet46</ipprotocol>
|
810
|
<tag />
|
811
|
<tagged />
|
812
|
<max />
|
813
|
<max-src-nodes />
|
814
|
<max-src-conn />
|
815
|
<max-src-states />
|
816
|
<statetimeout />
|
817
|
<statetype>keep state</statetype>
|
818
|
<os />
|
819
|
<source>
|
820
|
<any />
|
821
|
</source>
|
822
|
<destination>
|
823
|
<network>(self)</network>
|
824
|
</destination>
|
825
|
<descr><![CDATA[allow all inbound to firewall]]></descr>
|
826
|
<created>
|
827
|
<time>1428537964</time>
|
828
|
<username>admin@192.168.100.114</username>
|
829
|
</created>
|
830
|
<updated>
|
831
|
<time>1429197288</time>
|
832
|
<username>admin@192.168.100.114</username>
|
833
|
</updated>
|
834
|
</rule>
|
835
|
<rule>
|
836
|
<id />
|
837
|
<tracker>1428538625</tracker>
|
838
|
<type>pass</type>
|
839
|
<interface>opt1</interface>
|
840
|
<ipprotocol>inet46</ipprotocol>
|
841
|
<tag />
|
842
|
<tagged />
|
843
|
<max />
|
844
|
<max-src-nodes />
|
845
|
<max-src-conn />
|
846
|
<max-src-states />
|
847
|
<statetimeout />
|
848
|
<statetype>keep state</statetype>
|
849
|
<os />
|
850
|
<source>
|
851
|
<network>opt1</network>
|
852
|
</source>
|
853
|
<destination>
|
854
|
<any />
|
855
|
</destination>
|
856
|
<descr><![CDATA[allow all outbound from DMZ]]></descr>
|
857
|
<created>
|
858
|
<time>1428538625</time>
|
859
|
<username>admin@192.168.100.114</username>
|
860
|
</created>
|
861
|
<updated>
|
862
|
<time>1429197294</time>
|
863
|
<username>admin@192.168.100.114</username>
|
864
|
</updated>
|
865
|
</rule>
|
866
|
<rule>
|
867
|
<id />
|
868
|
<tracker>1428943315</tracker>
|
869
|
<type>pass</type>
|
870
|
<interface>opt2</interface>
|
871
|
<ipprotocol>inet46</ipprotocol>
|
872
|
<tag />
|
873
|
<tagged />
|
874
|
<max />
|
875
|
<max-src-nodes />
|
876
|
<max-src-conn />
|
877
|
<max-src-states />
|
878
|
<statetimeout />
|
879
|
<statetype>keep state</statetype>
|
880
|
<os />
|
881
|
<source>
|
882
|
<any />
|
883
|
</source>
|
884
|
<destination>
|
885
|
<any />
|
886
|
</destination>
|
887
|
<descr><![CDATA[allow all from VoIP network]]></descr>
|
888
|
<created>
|
889
|
<time>1428943315</time>
|
890
|
<username>admin@192.168.100.114</username>
|
891
|
</created>
|
892
|
<updated>
|
893
|
<time>1429197303</time>
|
894
|
<username>admin@192.168.100.114</username>
|
895
|
</updated>
|
896
|
</rule>
|
897
|
<rule>
|
898
|
<id />
|
899
|
<tracker>1431440602</tracker>
|
900
|
<type>pass</type>
|
901
|
<interface>opt3</interface>
|
902
|
<ipprotocol>inet46</ipprotocol>
|
903
|
<tag />
|
904
|
<tagged />
|
905
|
<max />
|
906
|
<max-src-nodes />
|
907
|
<max-src-conn />
|
908
|
<max-src-states />
|
909
|
<statetimeout />
|
910
|
<statetype>keep state</statetype>
|
911
|
<os />
|
912
|
<source>
|
913
|
<any />
|
914
|
</source>
|
915
|
<destination>
|
916
|
<network>(self)</network>
|
917
|
</destination>
|
918
|
<descr><![CDATA[allow all traffic to myself]]></descr>
|
919
|
<updated>
|
920
|
<time>1431440602</time>
|
921
|
<username>admin@192.168.100.114</username>
|
922
|
</updated>
|
923
|
<created>
|
924
|
<time>1431440602</time>
|
925
|
<username>admin@192.168.100.114</username>
|
926
|
</created>
|
927
|
</rule>
|
928
|
<rule>
|
929
|
<source>
|
930
|
<any />
|
931
|
</source>
|
932
|
<interface>opt3</interface>
|
933
|
<protocol>tcp</protocol>
|
934
|
<destination>
|
935
|
<address>192.168.158.1</address>
|
936
|
<port>2022</port>
|
937
|
</destination>
|
938
|
<descr><![CDATA[NAT redirect regular SSH port to 2022 on LAN]]></descr>
|
939
|
<associated-rule-id>nat_55520c83632903.91711398</associated-rule-id>
|
940
|
<created>
|
941
|
<time>1431440515</time>
|
942
|
<username>NAT Port Forward</username>
|
943
|
</created>
|
944
|
<tracker>1460561407</tracker>
|
945
|
</rule>
|
946
|
<rule>
|
947
|
<id />
|
948
|
<tracker>1438007182</tracker>
|
949
|
<type>block</type>
|
950
|
<interface>opt3</interface>
|
951
|
<ipprotocol>inet</ipprotocol>
|
952
|
<tag />
|
953
|
<tagged />
|
954
|
<max />
|
955
|
<max-src-nodes />
|
956
|
<max-src-conn />
|
957
|
<max-src-states />
|
958
|
<statetimeout />
|
959
|
<statetype>keep state</statetype>
|
960
|
<os />
|
961
|
<source>
|
962
|
<any />
|
963
|
</source>
|
964
|
<destination>
|
965
|
<address>209.85.220.69</address>
|
966
|
</destination>
|
967
|
<descr><![CDATA[silently drop PVE multicast traffic]]></descr>
|
968
|
<updated>
|
969
|
<time>1438007182</time>
|
970
|
<username>admin@192.168.100.114</username>
|
971
|
</updated>
|
972
|
<created>
|
973
|
<time>1438007182</time>
|
974
|
<username>admin@192.168.100.114</username>
|
975
|
</created>
|
976
|
</rule>
|
977
|
<rule>
|
978
|
<id />
|
979
|
<tracker>1446059352</tracker>
|
980
|
<type>pass</type>
|
981
|
<interface>opt3</interface>
|
982
|
<ipprotocol>inet46</ipprotocol>
|
983
|
<tcpflags_any />
|
984
|
<tag />
|
985
|
<tagged />
|
986
|
<allowopts />
|
987
|
<disablereplyto />
|
988
|
<max />
|
989
|
<max-src-nodes />
|
990
|
<max-src-conn />
|
991
|
<max-src-states />
|
992
|
<statetimeout />
|
993
|
<statetype>sloppy state</statetype>
|
994
|
<os />
|
995
|
<nopfsync />
|
996
|
<source>
|
997
|
<network>opt3</network>
|
998
|
</source>
|
999
|
<destination>
|
1000
|
<network>lan</network>
|
1001
|
</destination>
|
1002
|
<descr><![CDATA[skip state on all NEWLAN<-->LAN traffic]]></descr>
|
1003
|
<created>
|
1004
|
<time>1446059352</time>
|
1005
|
<username>admin@192.168.100.114</username>
|
1006
|
</created>
|
1007
|
<updated>
|
1008
|
<time>1462463261</time>
|
1009
|
<username>admin@192.168.158.159</username>
|
1010
|
</updated>
|
1011
|
</rule>
|
1012
|
<rule>
|
1013
|
<id />
|
1014
|
<tracker>1431440556</tracker>
|
1015
|
<type>pass</type>
|
1016
|
<interface>opt3</interface>
|
1017
|
<ipprotocol>inet46</ipprotocol>
|
1018
|
<tag />
|
1019
|
<tagged />
|
1020
|
<max />
|
1021
|
<max-src-nodes />
|
1022
|
<max-src-conn />
|
1023
|
<max-src-states />
|
1024
|
<statetimeout />
|
1025
|
<statetype>keep state</statetype>
|
1026
|
<os />
|
1027
|
<source>
|
1028
|
<any />
|
1029
|
</source>
|
1030
|
<destination>
|
1031
|
<any />
|
1032
|
</destination>
|
1033
|
<descr><![CDATA[allow all outbound traffic]]></descr>
|
1034
|
<updated>
|
1035
|
<time>1431440556</time>
|
1036
|
<username>admin@192.168.100.114</username>
|
1037
|
</updated>
|
1038
|
<created>
|
1039
|
<time>1431440556</time>
|
1040
|
<username>admin@192.168.100.114</username>
|
1041
|
</created>
|
1042
|
</rule>
|
1043
|
<rule>
|
1044
|
<id />
|
1045
|
<tracker>1434737487</tracker>
|
1046
|
<type>pass</type>
|
1047
|
<interface>opt4</interface>
|
1048
|
<ipprotocol>inet46</ipprotocol>
|
1049
|
<tag />
|
1050
|
<tagged />
|
1051
|
<max />
|
1052
|
<max-src-nodes />
|
1053
|
<max-src-conn />
|
1054
|
<max-src-states />
|
1055
|
<statetimeout />
|
1056
|
<statetype>keep state</statetype>
|
1057
|
<os />
|
1058
|
<source>
|
1059
|
<any />
|
1060
|
</source>
|
1061
|
<destination>
|
1062
|
<network>(self)</network>
|
1063
|
</destination>
|
1064
|
<descr><![CDATA[allow traffic to the firewall]]></descr>
|
1065
|
<updated>
|
1066
|
<time>1434737487</time>
|
1067
|
<username>admin@198.51.75.21</username>
|
1068
|
</updated>
|
1069
|
<created>
|
1070
|
<time>1434737487</time>
|
1071
|
<username>admin@198.51.75.21</username>
|
1072
|
</created>
|
1073
|
</rule>
|
1074
|
<separator>
|
1075
|
<lan />
|
1076
|
<openvpn />
|
1077
|
</separator>
|
1078
|
</filter>
|
1079
|
<shaper>
|
1080
|
<queue>
|
1081
|
<interface>wan</interface>
|
1082
|
<name>wan</name>
|
1083
|
<scheduler>HFSC</scheduler>
|
1084
|
<bandwidth>2</bandwidth>
|
1085
|
<bandwidthtype>Mb</bandwidthtype>
|
1086
|
<enabled>on</enabled>
|
1087
|
<queue>
|
1088
|
<name>qInternet</name>
|
1089
|
<interface>wan</interface>
|
1090
|
<bandwidth>2</bandwidth>
|
1091
|
<bandwidthtype>Mb</bandwidthtype>
|
1092
|
<enabled>on</enabled>
|
1093
|
<ecn>ecn</ecn>
|
1094
|
<linkshare3>1.9Mb</linkshare3>
|
1095
|
<upperlimit3>1.9Mb</upperlimit3>
|
1096
|
<queue>
|
1097
|
<name>qACK</name>
|
1098
|
<interface>wan</interface>
|
1099
|
<priority>6</priority>
|
1100
|
<bandwidth>20</bandwidth>
|
1101
|
<bandwidthtype>%</bandwidthtype>
|
1102
|
<enabled>on</enabled>
|
1103
|
<ecn>on</ecn>
|
1104
|
<linkshare3>20%</linkshare3>
|
1105
|
<linkshare>on</linkshare>
|
1106
|
</queue>
|
1107
|
<queue>
|
1108
|
<name>qDefault</name>
|
1109
|
<interface>wan</interface>
|
1110
|
<priority>3</priority>
|
1111
|
<bandwidth>10</bandwidth>
|
1112
|
<bandwidthtype>%</bandwidthtype>
|
1113
|
<enabled>on</enabled>
|
1114
|
<default>on</default>
|
1115
|
<ecn>on</ecn>
|
1116
|
</queue>
|
1117
|
<linkshare>on</linkshare>
|
1118
|
<upperlimit>on</upperlimit>
|
1119
|
</queue>
|
1120
|
</queue>
|
1121
|
<queue>
|
1122
|
<interface>lan</interface>
|
1123
|
<name>lan</name>
|
1124
|
<scheduler>HFSC</scheduler>
|
1125
|
<bandwidth>1048576</bandwidth>
|
1126
|
<bandwidthtype>Kb</bandwidthtype>
|
1127
|
<enabled>on</enabled>
|
1128
|
<queue>
|
1129
|
<name>qLink</name>
|
1130
|
<interface>lan</interface>
|
1131
|
<qlimit>500</qlimit>
|
1132
|
<priority>2</priority>
|
1133
|
<bandwidth>20</bandwidth>
|
1134
|
<bandwidthtype>%</bandwidthtype>
|
1135
|
<enabled>on</enabled>
|
1136
|
<default>on</default>
|
1137
|
<ecn>on</ecn>
|
1138
|
</queue>
|
1139
|
<queue>
|
1140
|
<name>qInternet</name>
|
1141
|
<interface>lan</interface>
|
1142
|
<bandwidth>26214.4</bandwidth>
|
1143
|
<bandwidthtype>Kb</bandwidthtype>
|
1144
|
<enabled>on</enabled>
|
1145
|
<ecn>on</ecn>
|
1146
|
<linkshare3>26214.4Kb</linkshare3>
|
1147
|
<linkshare>on</linkshare>
|
1148
|
<upperlimit3>26214.4Kb</upperlimit3>
|
1149
|
<upperlimit>on</upperlimit>
|
1150
|
<queue>
|
1151
|
<name>qACK</name>
|
1152
|
<interface>lan</interface>
|
1153
|
<priority>6</priority>
|
1154
|
<bandwidth>20</bandwidth>
|
1155
|
<bandwidthtype>%</bandwidthtype>
|
1156
|
<enabled>on</enabled>
|
1157
|
<ecn>on</ecn>
|
1158
|
<linkshare3>20%</linkshare3>
|
1159
|
<linkshare>on</linkshare>
|
1160
|
</queue>
|
1161
|
</queue>
|
1162
|
</queue>
|
1163
|
<queue>
|
1164
|
<interface>opt1</interface>
|
1165
|
<name>opt1</name>
|
1166
|
<scheduler>HFSC</scheduler>
|
1167
|
<bandwidth>1048576</bandwidth>
|
1168
|
<bandwidthtype>Kb</bandwidthtype>
|
1169
|
<enabled>on</enabled>
|
1170
|
<queue>
|
1171
|
<name>qLink</name>
|
1172
|
<interface>opt1</interface>
|
1173
|
<qlimit>500</qlimit>
|
1174
|
<priority>2</priority>
|
1175
|
<bandwidth>20</bandwidth>
|
1176
|
<bandwidthtype>%</bandwidthtype>
|
1177
|
<enabled>on</enabled>
|
1178
|
<default>on</default>
|
1179
|
<ecn>on</ecn>
|
1180
|
</queue>
|
1181
|
<queue>
|
1182
|
<name>qInternet</name>
|
1183
|
<interface>opt1</interface>
|
1184
|
<bandwidth>26214.4</bandwidth>
|
1185
|
<bandwidthtype>Kb</bandwidthtype>
|
1186
|
<enabled>on</enabled>
|
1187
|
<ecn>on</ecn>
|
1188
|
<linkshare3>26214.4Kb</linkshare3>
|
1189
|
<linkshare>on</linkshare>
|
1190
|
<upperlimit3>26214.4Kb</upperlimit3>
|
1191
|
<upperlimit>on</upperlimit>
|
1192
|
<queue>
|
1193
|
<name>qACK</name>
|
1194
|
<interface>opt1</interface>
|
1195
|
<priority>6</priority>
|
1196
|
<bandwidth>20</bandwidth>
|
1197
|
<bandwidthtype>%</bandwidthtype>
|
1198
|
<enabled>on</enabled>
|
1199
|
<ecn>on</ecn>
|
1200
|
<linkshare3>20%</linkshare3>
|
1201
|
<linkshare>on</linkshare>
|
1202
|
</queue>
|
1203
|
</queue>
|
1204
|
</queue>
|
1205
|
<queue>
|
1206
|
<interface>opt2</interface>
|
1207
|
<name>opt2</name>
|
1208
|
<scheduler>HFSC</scheduler>
|
1209
|
<bandwidth>1048576</bandwidth>
|
1210
|
<bandwidthtype>Kb</bandwidthtype>
|
1211
|
<enabled>on</enabled>
|
1212
|
<queue>
|
1213
|
<name>qLink</name>
|
1214
|
<interface>opt2</interface>
|
1215
|
<qlimit>500</qlimit>
|
1216
|
<priority>2</priority>
|
1217
|
<bandwidth>20</bandwidth>
|
1218
|
<bandwidthtype>%</bandwidthtype>
|
1219
|
<enabled>on</enabled>
|
1220
|
<default>on</default>
|
1221
|
<ecn>on</ecn>
|
1222
|
</queue>
|
1223
|
<queue>
|
1224
|
<name>qInternet</name>
|
1225
|
<interface>opt2</interface>
|
1226
|
<bandwidth>26214.4</bandwidth>
|
1227
|
<bandwidthtype>Kb</bandwidthtype>
|
1228
|
<enabled>on</enabled>
|
1229
|
<ecn>on</ecn>
|
1230
|
<linkshare3>26214.4Kb</linkshare3>
|
1231
|
<linkshare>on</linkshare>
|
1232
|
<upperlimit3>26214.4Kb</upperlimit3>
|
1233
|
<upperlimit>on</upperlimit>
|
1234
|
<queue>
|
1235
|
<name>qACK</name>
|
1236
|
<interface>opt2</interface>
|
1237
|
<priority>6</priority>
|
1238
|
<bandwidth>20</bandwidth>
|
1239
|
<bandwidthtype>%</bandwidthtype>
|
1240
|
<enabled>on</enabled>
|
1241
|
<ecn>on</ecn>
|
1242
|
<linkshare3>20%</linkshare3>
|
1243
|
<linkshare>on</linkshare>
|
1244
|
</queue>
|
1245
|
</queue>
|
1246
|
</queue>
|
1247
|
<queue>
|
1248
|
<interface>opt3</interface>
|
1249
|
<name>opt3</name>
|
1250
|
<scheduler>HFSC</scheduler>
|
1251
|
<bandwidth>1048576</bandwidth>
|
1252
|
<bandwidthtype>Kb</bandwidthtype>
|
1253
|
<enabled>on</enabled>
|
1254
|
<queue>
|
1255
|
<name>qLink</name>
|
1256
|
<interface>opt3</interface>
|
1257
|
<qlimit>500</qlimit>
|
1258
|
<priority>2</priority>
|
1259
|
<bandwidth>20</bandwidth>
|
1260
|
<bandwidthtype>%</bandwidthtype>
|
1261
|
<enabled>on</enabled>
|
1262
|
<default>on</default>
|
1263
|
<ecn>on</ecn>
|
1264
|
</queue>
|
1265
|
<queue>
|
1266
|
<name>qInternet</name>
|
1267
|
<interface>opt3</interface>
|
1268
|
<bandwidth>26214.4</bandwidth>
|
1269
|
<bandwidthtype>Kb</bandwidthtype>
|
1270
|
<enabled>on</enabled>
|
1271
|
<ecn>on</ecn>
|
1272
|
<linkshare3>26214.4Kb</linkshare3>
|
1273
|
<linkshare>on</linkshare>
|
1274
|
<upperlimit3>26214.4Kb</upperlimit3>
|
1275
|
<upperlimit>on</upperlimit>
|
1276
|
<queue>
|
1277
|
<name>qACK</name>
|
1278
|
<interface>opt3</interface>
|
1279
|
<priority>6</priority>
|
1280
|
<bandwidth>20</bandwidth>
|
1281
|
<bandwidthtype>%</bandwidthtype>
|
1282
|
<enabled>on</enabled>
|
1283
|
<ecn>on</ecn>
|
1284
|
<linkshare3>20%</linkshare3>
|
1285
|
<linkshare>on</linkshare>
|
1286
|
</queue>
|
1287
|
</queue>
|
1288
|
</queue>
|
1289
|
</shaper>
|
1290
|
<ipsec>
|
1291
|
<client>
|
1292
|
<enable />
|
1293
|
<user_source>Local Database</user_source>
|
1294
|
<group_source>none</group_source>
|
1295
|
<pool_address>192.168.98.0</pool_address>
|
1296
|
<pool_netbits>24</pool_netbits>
|
1297
|
<net_list />
|
1298
|
<save_passwd />
|
1299
|
<dns_domain>ad.avant.ca</dns_domain>
|
1300
|
<dns_split>ad.avant.ca</dns_split>
|
1301
|
<dns_server1>192.168.158.10</dns_server1>
|
1302
|
<dns_server2>192.168.158.20</dns_server2>
|
1303
|
<dns_server3 />
|
1304
|
<dns_server4 />
|
1305
|
<wins_server1>192.168.158.10</wins_server1>
|
1306
|
<wins_server2>192.168.158.20</wins_server2>
|
1307
|
<login_banner><![CDATA[This is a banner.]]></login_banner>
|
1308
|
</client>
|
1309
|
<compression />
|
1310
|
<uniqueids>yes</uniqueids>
|
1311
|
<noshuntlaninterfaces />
|
1312
|
<acceptunencryptedmainmode />
|
1313
|
<enable />
|
1314
|
<phase1>
|
1315
|
<ikeid>2</ikeid>
|
1316
|
<iketype>ikev2</iketype>
|
1317
|
<interface>wan</interface>
|
1318
|
<mobile />
|
1319
|
<protocol>inet</protocol>
|
1320
|
<myid_type>fqdn</myid_type>
|
1321
|
<myid_data>remote.avant.ca</myid_data>
|
1322
|
<peerid_type>user_fqdn</peerid_type>
|
1323
|
<peerid_data>vpnuser@avant.ca</peerid_data>
|
1324
|
<encryption-algorithm>
|
1325
|
<name>aes</name>
|
1326
|
<keylen>256</keylen>
|
1327
|
</encryption-algorithm>
|
1328
|
<hash-algorithm>sha1</hash-algorithm>
|
1329
|
<dhgroup>2</dhgroup>
|
1330
|
<lifetime>28800</lifetime>
|
1331
|
<pre-shared-key>Avant123</pre-shared-key>
|
1332
|
<private-key />
|
1333
|
<certref>557781ff419d8</certref>
|
1334
|
<caref>557b8b98e24da</caref>
|
1335
|
<authentication_method>hybrid_rsa_server</authentication_method>
|
1336
|
<descr />
|
1337
|
<nat_traversal>on</nat_traversal>
|
1338
|
<mobike>on</mobike>
|
1339
|
<responderonly />
|
1340
|
<dpd_delay>3</dpd_delay>
|
1341
|
<dpd_maxfail>3</dpd_maxfail>
|
1342
|
<disabled />
|
1343
|
</phase1>
|
1344
|
<phase1>
|
1345
|
<ikeid>1</ikeid>
|
1346
|
<iketype>ikev2</iketype>
|
1347
|
<interface>wan</interface>
|
1348
|
<remote-gateway>204.16.144.114</remote-gateway>
|
1349
|
<protocol>inet</protocol>
|
1350
|
<myid_type>myaddress</myid_type>
|
1351
|
<myid_data />
|
1352
|
<peerid_type>peeraddress</peerid_type>
|
1353
|
<peerid_data />
|
1354
|
<encryption-algorithm>
|
1355
|
<name>aes</name>
|
1356
|
<keylen>256</keylen>
|
1357
|
</encryption-algorithm>
|
1358
|
<hash-algorithm>sha1</hash-algorithm>
|
1359
|
<dhgroup>2</dhgroup>
|
1360
|
<lifetime>28800</lifetime>
|
1361
|
<pre-shared-key>r011over</pre-shared-key>
|
1362
|
<private-key />
|
1363
|
<certref />
|
1364
|
<caref />
|
1365
|
<authentication_method>pre_shared_key</authentication_method>
|
1366
|
<descr><![CDATA[Adam - home]]></descr>
|
1367
|
<nat_traversal>on</nat_traversal>
|
1368
|
<mobike>off</mobike>
|
1369
|
<dpd_delay>10</dpd_delay>
|
1370
|
<dpd_maxfail>5</dpd_maxfail>
|
1371
|
<disabled />
|
1372
|
</phase1>
|
1373
|
<phase2>
|
1374
|
<ikeid>2</ikeid>
|
1375
|
<uniqid>55ad776349282</uniqid>
|
1376
|
<mode>tunnel</mode>
|
1377
|
<reqid>1</reqid>
|
1378
|
<localid>
|
1379
|
<type>lan</type>
|
1380
|
</localid>
|
1381
|
<remoteid>
|
1382
|
<type>mobile</type>
|
1383
|
</remoteid>
|
1384
|
<protocol>esp</protocol>
|
1385
|
<encryption-algorithm-option>
|
1386
|
<name>aes</name>
|
1387
|
<keylen>auto</keylen>
|
1388
|
</encryption-algorithm-option>
|
1389
|
<hash-algorithm-option>hmac_sha1</hash-algorithm-option>
|
1390
|
<hash-algorithm-option>hmac_sha256</hash-algorithm-option>
|
1391
|
<pfsgroup>2</pfsgroup>
|
1392
|
<lifetime>3600</lifetime>
|
1393
|
<pinghost />
|
1394
|
<descr />
|
1395
|
<mobile />
|
1396
|
</phase2>
|
1397
|
<phase2>
|
1398
|
<ikeid>2</ikeid>
|
1399
|
<uniqid>55ad777de96f0</uniqid>
|
1400
|
<mode>tunnel</mode>
|
1401
|
<reqid>2</reqid>
|
1402
|
<localid>
|
1403
|
<type>opt3</type>
|
1404
|
</localid>
|
1405
|
<remoteid>
|
1406
|
<type>mobile</type>
|
1407
|
</remoteid>
|
1408
|
<protocol>esp</protocol>
|
1409
|
<encryption-algorithm-option>
|
1410
|
<name>aes</name>
|
1411
|
<keylen>auto</keylen>
|
1412
|
</encryption-algorithm-option>
|
1413
|
<hash-algorithm-option>hmac_sha1</hash-algorithm-option>
|
1414
|
<hash-algorithm-option>hmac_sha256</hash-algorithm-option>
|
1415
|
<pfsgroup>2</pfsgroup>
|
1416
|
<lifetime>3600</lifetime>
|
1417
|
<pinghost />
|
1418
|
<descr />
|
1419
|
<mobile />
|
1420
|
</phase2>
|
1421
|
<phase2>
|
1422
|
<ikeid>1</ikeid>
|
1423
|
<uniqid>55edbd1115de9</uniqid>
|
1424
|
<mode>tunnel</mode>
|
1425
|
<reqid>3</reqid>
|
1426
|
<localid>
|
1427
|
<type>opt3</type>
|
1428
|
</localid>
|
1429
|
<remoteid>
|
1430
|
<type>network</type>
|
1431
|
<address>192.168.160.0</address>
|
1432
|
<netbits>24</netbits>
|
1433
|
</remoteid>
|
1434
|
<protocol>esp</protocol>
|
1435
|
<encryption-algorithm-option>
|
1436
|
<name>aes</name>
|
1437
|
<keylen>auto</keylen>
|
1438
|
</encryption-algorithm-option>
|
1439
|
<hash-algorithm-option>hmac_sha1</hash-algorithm-option>
|
1440
|
<pfsgroup>0</pfsgroup>
|
1441
|
<lifetime>3600</lifetime>
|
1442
|
<pinghost />
|
1443
|
<descr />
|
1444
|
</phase2>
|
1445
|
<phase2>
|
1446
|
<ikeid>1</ikeid>
|
1447
|
<uniqid>55edbeeedf087</uniqid>
|
1448
|
<mode>tunnel</mode>
|
1449
|
<reqid>4</reqid>
|
1450
|
<localid>
|
1451
|
<type>lan</type>
|
1452
|
</localid>
|
1453
|
<remoteid>
|
1454
|
<type>network</type>
|
1455
|
<address>192.168.160.0</address>
|
1456
|
<netbits>24</netbits>
|
1457
|
</remoteid>
|
1458
|
<protocol>esp</protocol>
|
1459
|
<encryption-algorithm-option>
|
1460
|
<name>aes</name>
|
1461
|
<keylen>auto</keylen>
|
1462
|
</encryption-algorithm-option>
|
1463
|
<hash-algorithm-option>hmac_sha1</hash-algorithm-option>
|
1464
|
<pfsgroup>0</pfsgroup>
|
1465
|
<lifetime>3600</lifetime>
|
1466
|
<pinghost />
|
1467
|
<descr />
|
1468
|
</phase2>
|
1469
|
<logging>
|
1470
|
<dmn>1</dmn>
|
1471
|
<mgr>1</mgr>
|
1472
|
<ike>1</ike>
|
1473
|
<chd>1</chd>
|
1474
|
<job>1</job>
|
1475
|
<cfg>1</cfg>
|
1476
|
<knl>1</knl>
|
1477
|
<net>1</net>
|
1478
|
<asn>1</asn>
|
1479
|
<enc>1</enc>
|
1480
|
<imc>1</imc>
|
1481
|
<imv>1</imv>
|
1482
|
<pts>1</pts>
|
1483
|
<tls>1</tls>
|
1484
|
<esp>1</esp>
|
1485
|
<lib>1</lib>
|
1486
|
</logging>
|
1487
|
</ipsec>
|
1488
|
<aliases />
|
1489
|
<proxyarp />
|
1490
|
<cron>
|
1491
|
<item>
|
1492
|
<minute>1,31</minute>
|
1493
|
<hour>0-5</hour>
|
1494
|
<mday>*</mday>
|
1495
|
<month>*</month>
|
1496
|
<wday>*</wday>
|
1497
|
<who>root</who>
|
1498
|
<command>/usr/bin/nice -n20 adjkerntz -a</command>
|
1499
|
</item>
|
1500
|
<item>
|
1501
|
<minute>1</minute>
|
1502
|
<hour>3</hour>
|
1503
|
<mday>*</mday>
|
1504
|
<month>*</month>
|
1505
|
<wday>*</wday>
|
1506
|
<who>root</who>
|
1507
|
<command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command>
|
1508
|
</item>
|
1509
|
<item>
|
1510
|
<minute>*/60</minute>
|
1511
|
<hour>*</hour>
|
1512
|
<mday>*</mday>
|
1513
|
<month>*</month>
|
1514
|
<wday>*</wday>
|
1515
|
<who>root</who>
|
1516
|
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout</command>
|
1517
|
</item>
|
1518
|
<item>
|
1519
|
<minute>*/60</minute>
|
1520
|
<hour>*</hour>
|
1521
|
<mday>*</mday>
|
1522
|
<month>*</month>
|
1523
|
<wday>*</wday>
|
1524
|
<who>root</who>
|
1525
|
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout</command>
|
1526
|
</item>
|
1527
|
<item>
|
1528
|
<minute>1</minute>
|
1529
|
<hour>1</hour>
|
1530
|
<mday>*</mday>
|
1531
|
<month>*</month>
|
1532
|
<wday>*</wday>
|
1533
|
<who>root</who>
|
1534
|
<command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command>
|
1535
|
</item>
|
1536
|
<item>
|
1537
|
<minute>*/60</minute>
|
1538
|
<hour>*</hour>
|
1539
|
<mday>*</mday>
|
1540
|
<month>*</month>
|
1541
|
<wday>*</wday>
|
1542
|
<who>root</who>
|
1543
|
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot</command>
|
1544
|
</item>
|
1545
|
<item>
|
1546
|
<minute>30</minute>
|
1547
|
<hour>12</hour>
|
1548
|
<mday>*</mday>
|
1549
|
<month>*</month>
|
1550
|
<wday>*</wday>
|
1551
|
<who>root</who>
|
1552
|
<command>/usr/bin/nice -n20 /etc/rc.update_urltables</command>
|
1553
|
</item>
|
1554
|
<item>
|
1555
|
<minute>*/120</minute>
|
1556
|
<hour>*</hour>
|
1557
|
<mday>*</mday>
|
1558
|
<month>*</month>
|
1559
|
<wday>*</wday>
|
1560
|
<who>root</who>
|
1561
|
<command>/etc/rc.haproxy_ocsp.sh</command>
|
1562
|
</item>
|
1563
|
<item>
|
1564
|
<minute>*/5</minute>
|
1565
|
<hour>*</hour>
|
1566
|
<mday>*</mday>
|
1567
|
<month>*</month>
|
1568
|
<wday>*</wday>
|
1569
|
<who>root</who>
|
1570
|
<command>/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc</command>
|
1571
|
</item>
|
1572
|
<item>
|
1573
|
<minute>5</minute>
|
1574
|
<hour>0,6,12,18</hour>
|
1575
|
<mday>*</mday>
|
1576
|
<month>*</month>
|
1577
|
<wday>*</wday>
|
1578
|
<who>root</who>
|
1579
|
<command>/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php</command>
|
1580
|
</item>
|
1581
|
<item>
|
1582
|
<minute>*/5</minute>
|
1583
|
<hour>*</hour>
|
1584
|
<mday>*</mday>
|
1585
|
<month>*</month>
|
1586
|
<wday>*</wday>
|
1587
|
<who>root</who>
|
1588
|
<command>/usr/bin/nice -n20 /sbin/pfctl -q -t snort2c -T expire 3600</command>
|
1589
|
</item>
|
1590
|
</cron>
|
1591
|
<wol />
|
1592
|
<rrd>
|
1593
|
<enable />
|
1594
|
</rrd>
|
1595
|
<load_balancer>
|
1596
|
<monitor_type>
|
1597
|
<name>ICMP</name>
|
1598
|
<type>icmp</type>
|
1599
|
<descr><![CDATA[ICMP]]></descr>
|
1600
|
<options />
|
1601
|
</monitor_type>
|
1602
|
<monitor_type>
|
1603
|
<name>TCP</name>
|
1604
|
<type>tcp</type>
|
1605
|
<descr><![CDATA[Generic TCP]]></descr>
|
1606
|
<options />
|
1607
|
</monitor_type>
|
1608
|
<monitor_type>
|
1609
|
<name>HTTP</name>
|
1610
|
<type>http</type>
|
1611
|
<descr><![CDATA[Generic HTTP]]></descr>
|
1612
|
<options>
|
1613
|
<path>/</path>
|
1614
|
<host />
|
1615
|
<code>200</code>
|
1616
|
</options>
|
1617
|
</monitor_type>
|
1618
|
<monitor_type>
|
1619
|
<name>HTTPS</name>
|
1620
|
<type>https</type>
|
1621
|
<descr><![CDATA[Generic HTTPS]]></descr>
|
1622
|
<options>
|
1623
|
<path>/</path>
|
1624
|
<host />
|
1625
|
<code>200</code>
|
1626
|
</options>
|
1627
|
</monitor_type>
|
1628
|
<monitor_type>
|
1629
|
<name>SMTP</name>
|
1630
|
<type>send</type>
|
1631
|
<descr><![CDATA[Generic SMTP]]></descr>
|
1632
|
<options>
|
1633
|
<send />
|
1634
|
<expect>220 *</expect>
|
1635
|
</options>
|
1636
|
</monitor_type>
|
1637
|
</load_balancer>
|
1638
|
<widgets>
|
1639
|
<sequence>system_information:col1:open,gmirror_status:col1:open,smart_status:col1:open,services_status:col1:open,snort_alerts:col1:open,interfaces:col2:open,carp_status:col2:open,gateways:col2:open,ipsec:col2:open,openvpn:col2:open,undefined:col2:close,traffic_graphs:col2:open</sequence>
|
1640
|
<trafficgraphs>
|
1641
|
<shown>
|
1642
|
<item>wan</item>
|
1643
|
<item>lan</item>
|
1644
|
<item>opt1</item>
|
1645
|
</shown>
|
1646
|
<refreshinterval>1</refreshinterval>
|
1647
|
<scale_type>follow</scale_type>
|
1648
|
</trafficgraphs>
|
1649
|
<widget_snort_display_lines>10</widget_snort_display_lines>
|
1650
|
</widgets>
|
1651
|
<openvpn>
|
1652
|
<openvpn-server>
|
1653
|
<vpnid>1</vpnid>
|
1654
|
<mode>server_user</mode>
|
1655
|
<authmode>ad.avant.ca</authmode>
|
1656
|
<protocol>TCP</protocol>
|
1657
|
<dev_mode>tun</dev_mode>
|
1658
|
<ipaddr />
|
1659
|
<interface>wan</interface>
|
1660
|
<local_port>1194</local_port>
|
1661
|
<description />
|
1662
|
<custom_options />
|
1663
|
<tls></tls>
|
1664
|
<caref>5540ed69a904b</caref>
|
1665
|
<crlref>5540ed9583c81</crlref>
|
1666
|
<certref>5540ef186ee99</certref>
|
1667
|
<dh_length>1024</dh_length>
|
1668
|
<cert_depth>1</cert_depth>
|
1669
|
<crypto>AES-128-CBC</crypto>
|
1670
|
<digest>SHA1</digest>
|
1671
|
<engine>cryptodev</engine>
|
1672
|
<tunnel_network>192.168.99.0/24</tunnel_network>
|
1673
|
<tunnel_networkv6>fd60:7f9c:65d8:99::/64</tunnel_networkv6>
|
1674
|
<remote_network />
|
1675
|
<remote_networkv6 />
|
1676
|
<gwredir />
|
1677
|
<local_network>192.168.100.0/24,192.168.10.0/24,192.168.158.0/24,192.168.101.0/24</local_network>
|
1678
|
<local_networkv6>fd60:7f9c:65d8::/48</local_networkv6>
|
1679
|
<maxclients />
|
1680
|
<compression />
|
1681
|
<passtos>yes</passtos>
|
1682
|
<client2client>yes</client2client>
|
1683
|
<dynamic_ip>yes</dynamic_ip>
|
1684
|
<pool_enable>yes</pool_enable>
|
1685
|
<topology>subnet</topology>
|
1686
|
<serverbridge_dhcp />
|
1687
|
<serverbridge_interface>none</serverbridge_interface>
|
1688
|
<serverbridge_dhcp_start />
|
1689
|
<serverbridge_dhcp_end />
|
1690
|
<dns_domain>ad.avant.ca</dns_domain>
|
1691
|
<dns_server1>192.168.158.10</dns_server1>
|
1692
|
<dns_server2>192.168.158.20</dns_server2>
|
1693
|
<dns_server3>192.168.158.1</dns_server3>
|
1694
|
<dns_server4 />
|
1695
|
<push_register_dns>yes</push_register_dns>
|
1696
|
<ntp_server1>192.168.158.1</ntp_server1>
|
1697
|
<ntp_server2 />
|
1698
|
<netbios_enable>yes</netbios_enable>
|
1699
|
<netbios_ntype>8</netbios_ntype>
|
1700
|
<netbios_scope />
|
1701
|
<no_tun_ipv6 />
|
1702
|
<verbosity_level>4</verbosity_level>
|
1703
|
<wins_server1>192.168.158.10</wins_server1>
|
1704
|
<wins_server2>192.168.158.20</wins_server2>
|
1705
|
<nbdd_server1 />
|
1706
|
<duplicate_cn />
|
1707
|
</openvpn-server>
|
1708
|
<openvpn-server>
|
1709
|
<vpnid>2</vpnid>
|
1710
|
<disable />
|
1711
|
<mode>p2p_shared_key</mode>
|
1712
|
<protocol>UDP</protocol>
|
1713
|
<dev_mode>tun</dev_mode>
|
1714
|
<ipaddr />
|
1715
|
<interface>wan</interface>
|
1716
|
<local_port>1160</local_port>
|
1717
|
<description><![CDATA[Adam home]]></description>
|
1718
|
<custom_options />
|
1719
|
<shared_key></shared_key>
|
1720
|
<crypto>AES-128-CBC</crypto>
|
1721
|
<digest>SHA1</digest>
|
1722
|
<engine>cryptodev</engine>
|
1723
|
<tunnel_network>192.168.98.0/24</tunnel_network>
|
1724
|
<tunnel_networkv6>fd60:7f9c:65d8:98::/64</tunnel_networkv6>
|
1725
|
<remote_network>192.168.160.0/24</remote_network>
|
1726
|
<remote_networkv6 />
|
1727
|
<gwredir />
|
1728
|
<local_network />
|
1729
|
<local_networkv6 />
|
1730
|
<maxclients />
|
1731
|
<compression>adaptive</compression>
|
1732
|
<passtos>yes</passtos>
|
1733
|
<client2client />
|
1734
|
<dynamic_ip />
|
1735
|
<pool_enable>yes</pool_enable>
|
1736
|
<topology>subnet</topology>
|
1737
|
<serverbridge_dhcp />
|
1738
|
<serverbridge_interface>none</serverbridge_interface>
|
1739
|
<serverbridge_dhcp_start />
|
1740
|
<serverbridge_dhcp_end />
|
1741
|
<netbios_enable />
|
1742
|
<netbios_ntype>0</netbios_ntype>
|
1743
|
<netbios_scope />
|
1744
|
<no_tun_ipv6>yes</no_tun_ipv6>
|
1745
|
<verbosity_level>1</verbosity_level>
|
1746
|
</openvpn-server>
|
1747
|
</openvpn>
|
1748
|
<dnshaper />
|
1749
|
<unbound>
|
1750
|
<dnssec />
|
1751
|
<active_interface>lan,opt1,opt2,opt3,_vip570e65f92fe6d,lo0</active_interface>
|
1752
|
<outgoing_interface>all</outgoing_interface>
|
1753
|
<custom_options />
|
1754
|
<dnssecstripped />
|
1755
|
<forwarding />
|
1756
|
<regdhcp />
|
1757
|
<regdhcpstatic />
|
1758
|
<txtsupport />
|
1759
|
<prefetch />
|
1760
|
<prefetchkey />
|
1761
|
<msgcachesize>4</msgcachesize>
|
1762
|
<outgoing_num_tcp>10</outgoing_num_tcp>
|
1763
|
<incoming_num_tcp>10</incoming_num_tcp>
|
1764
|
<edns_buffer_size>4096</edns_buffer_size>
|
1765
|
<num_queries_per_thread>512</num_queries_per_thread>
|
1766
|
<jostle_timeout>200</jostle_timeout>
|
1767
|
<cache_max_ttl>86400</cache_max_ttl>
|
1768
|
<cache_min_ttl>0</cache_min_ttl>
|
1769
|
<infra_host_ttl>900</infra_host_ttl>
|
1770
|
<infra_cache_numhosts>10000</infra_cache_numhosts>
|
1771
|
<unwanted_reply_threshold>10000000</unwanted_reply_threshold>
|
1772
|
<log_verbosity>1</log_verbosity>
|
1773
|
<use_caps />
|
1774
|
<domainoverrides>
|
1775
|
<domain>asg.local.</domain>
|
1776
|
<ip>192.168.100.50</ip>
|
1777
|
<descr />
|
1778
|
</domainoverrides>
|
1779
|
<domainoverrides>
|
1780
|
<domain>asg.local.</domain>
|
1781
|
<ip>192.168.100.52</ip>
|
1782
|
<descr />
|
1783
|
</domainoverrides>
|
1784
|
<domainoverrides>
|
1785
|
<domain>100.168.192.in-addr.arpa.</domain>
|
1786
|
<ip>192.168.100.50</ip>
|
1787
|
<descr />
|
1788
|
</domainoverrides>
|
1789
|
<domainoverrides>
|
1790
|
<domain>100.168.192.in-addr.arpa.</domain>
|
1791
|
<ip>192.168.100.52</ip>
|
1792
|
<descr />
|
1793
|
</domainoverrides>
|
1794
|
<domainoverrides>
|
1795
|
<domain>158.168.192.in-addr.arpa.</domain>
|
1796
|
<ip>192.168.158.10</ip>
|
1797
|
<descr />
|
1798
|
</domainoverrides>
|
1799
|
<domainoverrides>
|
1800
|
<domain>158.168.192.in-addr.arpa.</domain>
|
1801
|
<ip>192.168.158.20</ip>
|
1802
|
<descr />
|
1803
|
</domainoverrides>
|
1804
|
<hideidentity />
|
1805
|
<hideversion />
|
1806
|
<port />
|
1807
|
<system_domain_local_zone_type>transparent</system_domain_local_zone_type>
|
1808
|
<enable />
|
1809
|
</unbound>
|
1810
|
<revision>
|
1811
|
<time>1465167925</time>
|
1812
|
<description><![CDATA[(system): Snort pkg: updated status for updated rules package(s) check.]]></description>
|
1813
|
<username>(system)</username>
|
1814
|
</revision>
|
1815
|
<dhcpdv6>
|
1816
|
<opt3>
|
1817
|
<ramode>assist</ramode>
|
1818
|
<rapriority>medium</rapriority>
|
1819
|
<rainterface />
|
1820
|
<radomainsearchlist>ad.avant.ca;asg.local;avant.local;avant.ca</radomainsearchlist>
|
1821
|
<radnsserver>fd60:7f9c:65d8:158::dc1</radnsserver>
|
1822
|
<radnsserver>fd60:7f9c:65d8:158::dc2</radnsserver>
|
1823
|
</opt3>
|
1824
|
</dhcpdv6>
|
1825
|
<cert>
|
1826
|
<refid>551b1fc6bec50</refid>
|
1827
|
<descr><![CDATA[webConfigurator default (551b1fc6bec50)]]></descr>
|
1828
|
<type>server</type>
|
1829
|
<crt></crt>
|
1830
|
<prv></prv>
|
1831
|
</cert>
|
1832
|
<cert>
|
1833
|
<refid>5540ef186ee99</refid>
|
1834
|
<descr><![CDATA[Avant-OpenVPN]]></descr>
|
1835
|
<type>server</type>
|
1836
|
<caref>5540ed69a904b</caref>
|
1837
|
<crt></crt>
|
1838
|
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRREJaWlk1d1pab3p0T3gKMGE0RUhRK092Q1o1WHcvVEQ1Vmg0QUJjUUlEVWlxS0F0cVN2UUozb2VPMkZ4UWJoVWtzdVI3Nk45QmlOREh3aApKU1JSTEpGZlk0Q20zMjZJL1ZwK2N0a3RYSEJlMXhLaXFwUnhkdzlmUm5RMC9pM0tmUnZNejFqcllCK1JZN0xzCmhaL015QXZrTmZCcGFZUFRIa1ZVOU9BSzRVdVNNUWM0TXJrZmZzYmRzSThUR05hMTNEeDRSeHEvdEdPYytMc3UKQUVBL01XSTB1K0tpTXI5MjZQUVJ4a3o0U1p6aU93R2FUaXlxOStKU3MvMnZON05rekR4YWlwR2pITkNuL1FlUQptRVdiNUtlOFNjcFJ3Y0VCcUtJZFF6MmpKRnliSmVIRUd1amphZ2M2ZnBCUm94N0MxTmV0bVVZVFppSjdRNFZPCnNIWFZIbTBaQWdNQkFBRUNnZ0VBUld5WVB1ZDFmTzR5SkRVbkNLYjkvTGtoL3BQWGRHYTFzMHJjRmtHNWZaSysKdndIUm9HL0x2N1laWGRuYW5Hd1VQT3JZUnRFSE55cnlMRnZPNjZ6YUNxb0hkdC9pS0I3NnEwWERISHVBZ3lzbApyMnNZbXBxbzFBVFFsbTFnTnI0dWlwa3NUR0pYTXJQZGVQYUc1Tll6SHBzV1VHRG1SNVVvUWxVZFVBcU1QRS9wCmllcU4zRGYzNVJmUDFUdTFnVTI3elgzazFma1d6WDBRQVZMbWhaVmhjWUM0Zm41NW0veFdRZzFtSmJMb29aTnIKb2owUG9tL0NkdlY5QjM0eGRzNTQ0MEl5VUJTcnJsVHpWTFU1dHZoRmR4WFI0K3plTHd0UWdXa3gvdnd2WDJhRApodnFNUVFLemVZVHgxNVcvYVgwaGx5MWZ0ZEIwUFpnNDlDM01QMm9LdVFLQmdRRGhhczdlY2t1YTFhQzdiUVRoCmtQcElTR1htWC94ZXZXVVNuV3RHWnY0NXZrY2YvMkR6QUN2VllvNkhYSUFoeDVjTnBaTS9RMzMraTdjVHE4OHgKaUYyQTI5eTBJZHdDbWloWVByNk10czFubFJtL0tJMzM0MDM5NXBzclkwM2hJUmZZc0o0OHB4RWxCbzViSTE2RQpiZkdSdlJoN3lOQ2xZYW5FV0E4UTFlaTRwd0tCZ1FEYm9xVnQxS0wzMVBjU2JKQWJ2YXNUcjg2TXpJNmppcytPCllTWnhUQmIycmtiY29UaGptcHJpUG5IbUxSRDlzeEdyYkUrb2ZGcUU3UGNVNjJsMFZkUC82ODlCTFZoeE9TZUUKNHFKN2xnRHdTZzlkMGZlaGpkb29ITEpEVFRMTU9QdjJRYXJuOVdraXFiZElRdUhVcjlvVDBNaWU1NG04YUpMMQpLemxMOU1La1B3S0JnUUNPd1RXQmFxQzJ6ZE9jM3MzWWpCZjA3dVNab1BBU2o1OFN5dDdGRnpTcEhQZXVLKzBaCjkySExJVDlpT2hKclVoczNhVVIzTENiK3JUeWtHSXArcy8yRFBibm4yZ21iSEVXd25RdlAwWFVEeEVrcDVtVUMKTjlHTW1oNXF1OWoyV2g3ZisvbzZMeE9NZnpwb1BWMytRQ0pjU1lUWDM3VkRCemFjUWFoSTRTOGd3UUtCZ0RtYgpGaktSVTlFV3ZWckt1SjFlQ05IWUNaK3FRenNudkRxR3hwTnV0cE1xc0pGTGc4TzBHQzJBM1ZUV3V4OGZhV0lCCnZYN2Vac3Q0YjNIQU1OOS9aMlEzVUJ1ekxnQThVbDRySnh5dEFrQUQzTFhwelQ1Rk8xUEwrd0ZsN1EzZFlGQjkKZHJyeUJnbytZMEVEc2NHY0FlR3luL3YxbEkyakMvQmJ6dUphSnZiM0FvR0FHOXhoR3l3dGRiUjczUmxIeE9HdgpGY3VZeVpiSTVTTTIwVlVZYUszUU8vb0ZJSytpWit2dU15STIzaDNTaHUyQyt3T2puOWVka3lFZGxPYmhYclJICmxRRjZqZWRxWEJjOE02SzBGbWNnRjg2OG11NWtXWTY2QUEzeFViV1hXa0NtMktrVW00TlN2S2wvSUY5TzhyMHAKRUNyODRtb2o5WFZMWXB2NjVNK1R2MlE9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K</prv>
|
1839
|
</cert>
|
1840
|
<cert>
|
1841
|
<refid>557781ff419d8</refid>
|
1842
|
<descr><![CDATA[remote.avant.ca-StartSSL]]></descr>
|
1843
|
<prv></prv>
|
1844
|
<crt></crt>
|
1845
|
<caref>557b8b98e24da</caref>
|
1846
|
</cert>
|
1847
|
<cert>
|
1848
|
<refid>557db4510f671</refid>
|
1849
|
<descr><![CDATA[IPSec test cert]]></descr>
|
1850
|
<type>user</type>
|
1851
|
<caref>5540ed69a904b</caref>
|
1852
|
<crt></crt>
|
1853
|
<prv></prv>
|
1854
|
</cert>
|
1855
|
<cert>
|
1856
|
<refid>55cca9a47b7b3</refid>
|
1857
|
<descr><![CDATA[Wildcard *.avant.ca]]></descr>
|
1858
|
<crt></crt>
|
1859
|
<prv></prv>
|
1860
|
<caref>557b8b98e24da</caref>
|
1861
|
</cert>
|
1862
|
<ppps />
|
1863
|
<notifications>
|
1864
|
<growl>
|
1865
|
<ipaddress />
|
1866
|
<password />
|
1867
|
<name>PHP-Growl</name>
|
1868
|
<notification_name>pfSense growl alert</notification_name>
|
1869
|
</growl>
|
1870
|
<smtp>
|
1871
|
<ipaddress>mailrelay.asg.local</ipaddress>
|
1872
|
<port>25</port>
|
1873
|
<notifyemailaddress>avantsysadm@avant.ca</notifyemailaddress>
|
1874
|
<username />
|
1875
|
<password />
|
1876
|
<authentication_mechanism>PLAIN</authentication_mechanism>
|
1877
|
<fromaddress>avantsysadm@avant.ca</fromaddress>
|
1878
|
</smtp>
|
1879
|
</notifications>
|
1880
|
<gateways>
|
1881
|
<gateway_item>
|
1882
|
<interface>opt4</interface>
|
1883
|
<gateway>dynamic</gateway>
|
1884
|
<name>HETUNNEL_TUNNELV6</name>
|
1885
|
<weight>1</weight>
|
1886
|
<ipprotocol>inet6</ipprotocol>
|
1887
|
<interval />
|
1888
|
<descr><![CDATA[Interface HETUNNEL_TUNNELV6 Gateway]]></descr>
|
1889
|
<defaultgw />
|
1890
|
</gateway_item>
|
1891
|
</gateways>
|
1892
|
<installedpackages>
|
1893
|
<package>
|
1894
|
<name>LADVD</name>
|
1895
|
<descr><![CDATA[Send and decode link layer advertisements. Support for LLDP (Link Layer Discovery Protocol), CDP (Cisco Discovery Protocol), EDP (Extreme Discovery Protocol) and NDP (Nortel Discovery Protocol).]]></descr>
|
1896
|
<website>https://github.com/sspans/ladvd</website>
|
1897
|
<version>1.2.1_2</version>
|
1898
|
<configurationfile>ladvd.xml</configurationfile>
|
1899
|
</package>
|
1900
|
<package>
|
1901
|
<name>mtr-nox11</name>
|
1902
|
<descr><![CDATA[Enhanced traceroute replacement. mtr combines the functionality of the traceroute and ping programs in a single network diagnostic tool.]]></descr>
|
1903
|
<website>http://www.bitwizard.nl/mtr/</website>
|
1904
|
<version>0.85.6_1</version>
|
1905
|
<configurationfile>mtr-nox11.xml</configurationfile>
|
1906
|
</package>
|
1907
|
<package>
|
1908
|
<name>nmap</name>
|
1909
|
<descr><![CDATA[NMap is a utility for network exploration or security auditing.<br/>
|
1910
|
It supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification).
|
1911
|
It also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more.]]></descr>
|
1912
|
<version>1.4.4_1</version>
|
1913
|
<pkginfolink>https://doc.pfsense.org/index.php/Nmap_package</pkginfolink>
|
1914
|
<configurationfile>nmap.xml</configurationfile>
|
1915
|
</package>
|
1916
|
<package>
|
1917
|
<name>OpenVPN Client Export Utility</name>
|
1918
|
<internal_name>openvpn-client-export</internal_name>
|
1919
|
<descr><![CDATA[Allows a pre-configured OpenVPN Windows Client or Mac OS X's Viscosity configuration bundle to be exported directly from pfSense.]]></descr>
|
1920
|
<version>1.3.8</version>
|
1921
|
<configurationfile>openvpn-client-export.xml</configurationfile>
|
1922
|
</package>
|
1923
|
<package>
|
1924
|
<name>snort</name>
|
1925
|
<pkginfolink>https://doc.pfsense.org/index.php/Setup_Snort_Package</pkginfolink>
|
1926
|
<website>http://www.snort.org</website>
|
1927
|
<descr><![CDATA[Snort is an open source network intrusion prevention and detection system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection.]]></descr>
|
1928
|
<version>3.2.9.1_12</version>
|
1929
|
<configurationfile>/snort.xml</configurationfile>
|
1930
|
<after_install_info>Please visit Services - Snort - Interfaces tab first and select your desired rules. Afterwards visit the Updates tab to download your configured rulesets.</after_install_info>
|
1931
|
</package>
|
1932
|
<package>
|
1933
|
<name>Zabbix Agent LTS</name>
|
1934
|
<internal_name>zabbix-agent</internal_name>
|
1935
|
<descr><![CDATA[LTS (Long Term Support) release of Zabbix Monitoring agent. Zabbix LTS releases are supported for
|
1936
|
Zabbix customers during five (5) years i.e. 3 years of Full Support (general, critical and security issues)
|
1937
|
and 2 additional years of Limited Support (critical and security issues only). Zabbix LTS version release
|
1938
|
will result in change of the first version number.<br />
|
1939
|
More info in <a href="http://www.zabbix.com/life_cycle_and_release_policy.php">Zabbix Life Cycle and Release Policy</a>.]]></descr>
|
1940
|
<website>http://www.zabbix.com/product.php</website>
|
1941
|
<version>0.8.9_2</version>
|
1942
|
<configurationfile>zabbix-agent-lts.xml</configurationfile>
|
1943
|
</package>
|
1944
|
<package>
|
1945
|
<name>AutoConfigBackup</name>
|
1946
|
<descr><![CDATA[Automatically backs up your pfSense configuration. All contents are encrypted before being sent to the server.<br />
|
1947
|
Requires Gold Subscription from <a href="https://portal.pfsense.org">pfSense Portal</a>.]]></descr>
|
1948
|
<website>https://portal.pfsense.org</website>
|
1949
|
<version>1.45</version>
|
1950
|
<pkginfolink>https://doc.pfsense.org/index.php/AutoConfigBackup</pkginfolink>
|
1951
|
<configurationfile>autoconfigbackup.xml</configurationfile>
|
1952
|
</package>
|
1953
|
<menu>
|
1954
|
<name>LADVD</name>
|
1955
|
<tooltiptext>Modify LADVD settings.</tooltiptext>
|
1956
|
<section>Services</section>
|
1957
|
<url>/pkg_edit.php?xml=ladvd.xml&id=0</url>
|
1958
|
</menu>
|
1959
|
<menu>
|
1960
|
<name>LADVD Status</name>
|
1961
|
<tooltiptext />
|
1962
|
<section>Status</section>
|
1963
|
<url>/status_ladvd.php</url>
|
1964
|
</menu>
|
1965
|
<menu>
|
1966
|
<name>mtr</name>
|
1967
|
<tooltiptext>mtr combines the functionality of the "traceroute" and "ping" programs into a single network diagnostic tool</tooltiptext>
|
1968
|
<section>Diagnostics</section>
|
1969
|
<configfile>mtr-nox11.xml</configfile>
|
1970
|
</menu>
|
1971
|
<menu>
|
1972
|
<name>NMap</name>
|
1973
|
<tooltiptext>NMap is a utility for network exploration or security auditing. It supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is runing on a port), and TCP/IP fingerprinting (remote host OS or device identification). It also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. Most Unix and Windows platforms are supported in both GUI and command line modes. Several popular handheld devices are also supported, including the Sharp Zaurus and the iPAQ.</tooltiptext>
|
1974
|
<section>Diagnostics</section>
|
1975
|
<configfile>nmap.xml</configfile>
|
1976
|
</menu>
|
1977
|
<menu>
|
1978
|
<name>Zabbix Agent LTS</name>
|
1979
|
<tooltiptext>Setup Zabbix Agent specific settings</tooltiptext>
|
1980
|
<section>Services</section>
|
1981
|
<url>/pkg_edit.php?xml=zabbix-agent-lts.xml&id=0</url>
|
1982
|
</menu>
|
1983
|
<menu>
|
1984
|
<name>AutoConfigBackup</name>
|
1985
|
<tooltiptext>Set autoconfigbackup settings such as password and port.</tooltiptext>
|
1986
|
<section>Diagnostics</section>
|
1987
|
<url>/autoconfigbackup.php</url>
|
1988
|
</menu>
|
1989
|
<menu>
|
1990
|
<name>Snort</name>
|
1991
|
<tooltiptext>Set up snort specific settings</tooltiptext>
|
1992
|
<section>Services</section>
|
1993
|
<url>/snort/snort_interfaces.php</url>
|
1994
|
</menu>
|
1995
|
<service>
|
1996
|
<name>ladvd</name>
|
1997
|
<rcfile>ladvd.sh</rcfile>
|
1998
|
<executable>ladvd</executable>
|
1999
|
<description><![CDATA[Send and decode link layer advertisements.]]></description>
|
2000
|
</service>
|
2001
|
<service>
|
2002
|
<name>zabbix_agentd_lts</name>
|
2003
|
<rcfile>zabbix_agentd_lts.sh</rcfile>
|
2004
|
<executable>zabbix_agentd</executable>
|
2005
|
<description><![CDATA[Zabbix Agent LTS Host Monitor Daemon]]></description>
|
2006
|
</service>
|
2007
|
<service>
|
2008
|
<name>snort</name>
|
2009
|
<rcfile>snort.sh</rcfile>
|
2010
|
<executable>snort</executable>
|
2011
|
<description><![CDATA[Snort IDS/IPS Daemon]]></description>
|
2012
|
</service>
|
2013
|
<snortglobal>
|
2014
|
<snort_config_ver>3.2.9.1_12</snort_config_ver>
|
2015
|
<snortdownload>on</snortdownload>
|
2016
|
<snortcommunityrules>on</snortcommunityrules>
|
2017
|
<emergingthreats>on</emergingthreats>
|
2018
|
<emergingthreats_pro>off</emergingthreats_pro>
|
2019
|
<clearblocks>on</clearblocks>
|
2020
|
<verbose_logging>on</verbose_logging>
|
2021
|
<openappid_detectors>on</openappid_detectors>
|
2022
|
<oinkmastercode>f93ad62162271d867b9d624b2df19f7854f137ef</oinkmastercode>
|
2023
|
<etpro_code />
|
2024
|
<rm_blocked>1h_b</rm_blocked>
|
2025
|
<autorulesupdate7>6h_up</autorulesupdate7>
|
2026
|
<rule_update_starttime>00:05</rule_update_starttime>
|
2027
|
<forcekeepsettings>on</forcekeepsettings>
|
2028
|
<last_rule_upd_status>success</last_rule_upd_status>
|
2029
|
<last_rule_upd_time>1465167925</last_rule_upd_time>
|
2030
|
<auto_manage_sids>on</auto_manage_sids>
|
2031
|
<enable_log_mgmt>on</enable_log_mgmt>
|
2032
|
<clearlogs>off</clearlogs>
|
2033
|
<snortloglimit>on</snortloglimit>
|
2034
|
<snortloglimitsize>12007</snortloglimitsize>
|
2035
|
<alert_log_limit_size>500</alert_log_limit_size>
|
2036
|
<alert_log_retention>336</alert_log_retention>
|
2037
|
<stats_log_limit_size>500</stats_log_limit_size>
|
2038
|
<stats_log_retention>168</stats_log_retention>
|
2039
|
<sid_changes_log_limit_size>250</sid_changes_log_limit_size>
|
2040
|
<sid_changes_log_retention>336</sid_changes_log_retention>
|
2041
|
<event_pkts_log_limit_size>0</event_pkts_log_limit_size>
|
2042
|
<event_pkts_log_retention>336</event_pkts_log_retention>
|
2043
|
<appid_stats_log_limit_size>1000</appid_stats_log_limit_size>
|
2044
|
<appid_stats_log_retention>168</appid_stats_log_retention>
|
2045
|
<dashboard_widget>snort_alerts-container:col1:show</dashboard_widget>
|
2046
|
<rule>
|
2047
|
<interface>wan</interface>
|
2048
|
<enable>on</enable>
|
2049
|
<uuid>51513</uuid>
|
2050
|
<descr><![CDATA[MTSDSL]]></descr>
|
2051
|
<performance>ac-bnfa</performance>
|
2052
|
<blockoffenders7>off</blockoffenders7>
|
2053
|
<homelistname>default</homelistname>
|
2054
|
<externallistname>default</externallistname>
|
2055
|
<suppresslistname>default</suppresslistname>
|
2056
|
<alertsystemlog>on</alertsystemlog>
|
2057
|
<alertsystemlog_facility>log_auth</alertsystemlog_facility>
|
2058
|
<alertsystemlog_priority>log_alert</alertsystemlog_priority>
|
2059
|
<cksumcheck>on</cksumcheck>
|
2060
|
<fpm_split_any_any>off</fpm_split_any_any>
|
2061
|
<fpm_search_optimize>on</fpm_search_optimize>
|
2062
|
<fpm_no_stream_inserts>off</fpm_no_stream_inserts>
|
2063
|
<max_attribute_hosts>10000</max_attribute_hosts>
|
2064
|
<max_attribute_services_per_host>10</max_attribute_services_per_host>
|
2065
|
<max_paf>16000</max_paf>
|
2066
|
<ftp_preprocessor>on</ftp_preprocessor>
|
2067
|
<ftp_telnet_inspection_type>stateful</ftp_telnet_inspection_type>
|
2068
|
<ftp_telnet_alert_encrypted>off</ftp_telnet_alert_encrypted>
|
2069
|
<ftp_telnet_check_encrypted>on</ftp_telnet_check_encrypted>
|
2070
|
<ftp_telnet_normalize>on</ftp_telnet_normalize>
|
2071
|
<ftp_telnet_detect_anomalies>on</ftp_telnet_detect_anomalies>
|
2072
|
<ftp_telnet_ayt_attack_threshold>20</ftp_telnet_ayt_attack_threshold>
|
2073
|
<ftp_client_engine>
|
2074
|
<item>
|
2075
|
<name>default</name>
|
2076
|
<bind_to>all</bind_to>
|
2077
|
<max_resp_len>256</max_resp_len>
|
2078
|
<telnet_cmds>no</telnet_cmds>
|
2079
|
<ignore_telnet_erase_cmds>yes</ignore_telnet_erase_cmds>
|
2080
|
<bounce>yes</bounce>
|
2081
|
<bounce_to_net />
|
2082
|
<bounce_to_port />
|
2083
|
</item>
|
2084
|
</ftp_client_engine>
|
2085
|
<ftp_server_engine>
|
2086
|
<item>
|
2087
|
<name>default</name>
|
2088
|
<bind_to>all</bind_to>
|
2089
|
<ports>default</ports>
|
2090
|
<telnet_cmds>no</telnet_cmds>
|
2091
|
<ignore_telnet_erase_cmds>yes</ignore_telnet_erase_cmds>
|
2092
|
<ignore_data_chan>no</ignore_data_chan>
|
2093
|
<def_max_param_len>100</def_max_param_len>
|
2094
|
</item>
|
2095
|
</ftp_server_engine>
|
2096
|
<smtp_preprocessor>on</smtp_preprocessor>
|
2097
|
<smtp_memcap>838860</smtp_memcap>
|
2098
|
<smtp_max_mime_mem>838860</smtp_max_mime_mem>
|
2099
|
<smtp_b64_decode_depth>65535</smtp_b64_decode_depth>
|
2100
|
<smtp_qp_decode_depth>65535</smtp_qp_decode_depth>
|
2101
|
<smtp_bitenc_decode_depth>65535</smtp_bitenc_decode_depth>
|
2102
|
<smtp_uu_decode_depth>65535</smtp_uu_decode_depth>
|
2103
|
<smtp_email_hdrs_log_depth>1464</smtp_email_hdrs_log_depth>
|
2104
|
<smtp_ignore_data>off</smtp_ignore_data>
|
2105
|
<smtp_ignore_tls_data>on</smtp_ignore_tls_data>
|
2106
|
<smtp_log_mail_from>on</smtp_log_mail_from>
|
2107
|
<smtp_log_rcpt_to>on</smtp_log_rcpt_to>
|
2108
|
<smtp_log_filename>on</smtp_log_filename>
|
2109
|
<smtp_log_email_hdrs>on</smtp_log_email_hdrs>
|
2110
|
<dce_rpc_2>on</dce_rpc_2>
|
2111
|
<dns_preprocessor>on</dns_preprocessor>
|
2112
|
<ssl_preproc>on</ssl_preproc>
|
2113
|
<pop_preproc>on</pop_preproc>
|
2114
|
<pop_memcap>838860</pop_memcap>
|
2115
|
<pop_b64_decode_depth>0</pop_b64_decode_depth>
|
2116
|
<pop_qp_decode_depth>0</pop_qp_decode_depth>
|
2117
|
<pop_bitenc_decode_depth>0</pop_bitenc_decode_depth>
|
2118
|
<pop_uu_decode_depth>0</pop_uu_decode_depth>
|
2119
|
<imap_preproc>on</imap_preproc>
|
2120
|
<imap_memcap>838860</imap_memcap>
|
2121
|
<imap_b64_decode_depth>65535</imap_b64_decode_depth>
|
2122
|
<imap_qp_decode_depth>65535</imap_qp_decode_depth>
|
2123
|
<imap_bitenc_decode_depth>65535</imap_bitenc_decode_depth>
|
2124
|
<imap_uu_decode_depth>65535</imap_uu_decode_depth>
|
2125
|
<sip_preproc>on</sip_preproc>
|
2126
|
<other_preprocs>on</other_preprocs>
|
2127
|
<pscan_protocol>all</pscan_protocol>
|
2128
|
<pscan_type>all</pscan_type>
|
2129
|
<pscan_memcap>10000000</pscan_memcap>
|
2130
|
<pscan_sense_level>medium</pscan_sense_level>
|
2131
|
<http_inspect>on</http_inspect>
|
2132
|
<http_inspect_proxy_alert>off</http_inspect_proxy_alert>
|
2133
|
<http_inspect_memcap>150994944</http_inspect_memcap>
|
2134
|
<http_inspect_max_gzip_mem>838860</http_inspect_max_gzip_mem>
|
2135
|
<http_inspect_engine>
|
2136
|
<item>
|
2137
|
<name>default</name>
|
2138
|
<bind_to>all</bind_to>
|
2139
|
<server_profile>all</server_profile>
|
2140
|
<enable_xff>off</enable_xff>
|
2141
|
<log_uri>off</log_uri>
|
2142
|
<log_hostname>off</log_hostname>
|
2143
|
<server_flow_depth>65535</server_flow_depth>
|
2144
|
<enable_cookie>on</enable_cookie>
|
2145
|
<client_flow_depth>1460</client_flow_depth>
|
2146
|
<extended_response_inspection>on</extended_response_inspection>
|
2147
|
<no_alerts>off</no_alerts>
|
2148
|
<unlimited_decompress>on</unlimited_decompress>
|
2149
|
<inspect_gzip>on</inspect_gzip>
|
2150
|
<normalize_cookies>on</normalize_cookies>
|
2151
|
<normalize_headers>on</normalize_headers>
|
2152
|
<normalize_utf>on</normalize_utf>
|
2153
|
<normalize_javascript>on</normalize_javascript>
|
2154
|
<allow_proxy_use>off</allow_proxy_use>
|
2155
|
<inspect_uri_only>off</inspect_uri_only>
|
2156
|
<max_javascript_whitespaces>200</max_javascript_whitespaces>
|
2157
|
<post_depth>-1</post_depth>
|
2158
|
<max_headers>0</max_headers>
|
2159
|
<max_spaces>0</max_spaces>
|
2160
|
<max_header_length>0</max_header_length>
|
2161
|
<ports>default</ports>
|
2162
|
</item>
|
2163
|
</http_inspect_engine>
|
2164
|
<frag3_max_frags>8192</frag3_max_frags>
|
2165
|
<frag3_memcap>4194304</frag3_memcap>
|
2166
|
<frag3_detection>on</frag3_detection>
|
2167
|
<frag3_engine>
|
2168
|
<item>
|
2169
|
<name>default</name>
|
2170
|
<bind_to>all</bind_to>
|
2171
|
<policy>bsd</policy>
|
2172
|
<timeout>60</timeout>
|
2173
|
<min_ttl>1</min_ttl>
|
2174
|
<detect_anomalies>on</detect_anomalies>
|
2175
|
<overlap_limit>0</overlap_limit>
|
2176
|
<min_frag_len>0</min_frag_len>
|
2177
|
</item>
|
2178
|
</frag3_engine>
|
2179
|
<stream5_reassembly>on</stream5_reassembly>
|
2180
|
<stream5_flush_on_alert>off</stream5_flush_on_alert>
|
2181
|
<stream5_prune_log_max>1048576</stream5_prune_log_max>
|
2182
|
<stream5_track_tcp>on</stream5_track_tcp>
|
2183
|
<stream5_max_tcp>262144</stream5_max_tcp>
|
2184
|
<stream5_track_udp>on</stream5_track_udp>
|
2185
|
<stream5_max_udp>131072</stream5_max_udp>
|
2186
|
<stream5_udp_timeout>30</stream5_udp_timeout>
|
2187
|
<stream5_track_icmp>off</stream5_track_icmp>
|
2188
|
<stream5_max_icmp>65536</stream5_max_icmp>
|
2189
|
<stream5_icmp_timeout>30</stream5_icmp_timeout>
|
2190
|
<stream5_mem_cap>8388608</stream5_mem_cap>
|
2191
|
<stream5_tcp_engine>
|
2192
|
<item>
|
2193
|
<name>default</name>
|
2194
|
<bind_to>all</bind_to>
|
2195
|
<policy>bsd</policy>
|
2196
|
<timeout>30</timeout>
|
2197
|
<max_queued_bytes>1048576</max_queued_bytes>
|
2198
|
<detect_anomalies>off</detect_anomalies>
|
2199
|
<overlap_limit>0</overlap_limit>
|
2200
|
<max_queued_segs>2621</max_queued_segs>
|
2201
|
<require_3whs>off</require_3whs>
|
2202
|
<startup_3whs_timeout>0</startup_3whs_timeout>
|
2203
|
<no_reassemble_async>off</no_reassemble_async>
|
2204
|
<max_window>0</max_window>
|
2205
|
<use_static_footprint_sizes>off</use_static_footprint_sizes>
|
2206
|
<check_session_hijacking>off</check_session_hijacking>
|
2207
|
<dont_store_lg_pkts>off</dont_store_lg_pkts>
|
2208
|
<ports_client>default</ports_client>
|
2209
|
<ports_both>default</ports_both>
|
2210
|
<ports_server>none</ports_server>
|
2211
|
</item>
|
2212
|
</stream5_tcp_engine>
|
2213
|
<appid_preproc>off</appid_preproc>
|
2214
|
<sf_appid_mem_cap>256</sf_appid_mem_cap>
|
2215
|
<sf_appid_statslog>on</sf_appid_statslog>
|
2216
|
<sf_appid_stats_period>300</sf_appid_stats_period>
|
2217
|
<ips_policy_enable>on</ips_policy_enable>
|
2218
|
<ips_policy>connectivity</ips_policy>
|
2219
|
<rulesets />
|
2220
|
<autoflowbitrules>on</autoflowbitrules>
|
2221
|
<sdf_alert_data_type>Credit Card,Email Addresses,U.S. Phone Numbers,U.S. Social Security Numbers</sdf_alert_data_type>
|
2222
|
<sdf_alert_threshold>25</sdf_alert_threshold>
|
2223
|
<sdf_mask_output>off</sdf_mask_output>
|
2224
|
<ssh_preproc>on</ssh_preproc>
|
2225
|
<pscan_ignore_scanners />
|
2226
|
<perform_stat>on</perform_stat>
|
2227
|
<host_attribute_table>off</host_attribute_table>
|
2228
|
<sf_portscan>on</sf_portscan>
|
2229
|
<sensitive_data>off</sensitive_data>
|
2230
|
<dnp3_preproc>off</dnp3_preproc>
|
2231
|
<modbus_preproc>off</modbus_preproc>
|
2232
|
<gtp_preproc>on</gtp_preproc>
|
2233
|
<preproc_auto_rule_disable>off</preproc_auto_rule_disable>
|
2234
|
<protect_preproc_rules>off</protect_preproc_rules>
|
2235
|
<wlist_files />
|
2236
|
<blist_files />
|
2237
|
<iprep_memcap>500</iprep_memcap>
|
2238
|
<iprep_priority>whitelist</iprep_priority>
|
2239
|
<iprep_nested_ip>both</iprep_nested_ip>
|
2240
|
<iprep_white>unblack</iprep_white>
|
2241
|
<reputation_preproc>on</reputation_preproc>
|
2242
|
<iprep_scan_local>off</iprep_scan_local>
|
2243
|
</rule>
|
2244
|
<alertsblocks>
|
2245
|
<arefresh>on</arefresh>
|
2246
|
<alertnumber>250</alertnumber>
|
2247
|
</alertsblocks>
|
2248
|
<hide_deprecated_rules>off</hide_deprecated_rules>
|
2249
|
</snortglobal>
|
2250
|
<ladvd>
|
2251
|
<config>
|
2252
|
<enable>on</enable>
|
2253
|
<iface_array>lan,opt1,opt2,opt3,opt4,wan,lo0</iface_array>
|
2254
|
<autoenable>on</autoenable>
|
2255
|
<silent />
|
2256
|
<management>opt3</management>
|
2257
|
<location />
|
2258
|
<lldp>on</lldp>
|
2259
|
<cdp>on</cdp>
|
2260
|
<edp>on</edp>
|
2261
|
<ndp>on</ndp>
|
2262
|
</config>
|
2263
|
</ladvd>
|
2264
|
<snortsync>
|
2265
|
<config>
|
2266
|
<varsynconchanges>auto</varsynconchanges>
|
2267
|
<varsynctimeout>150</varsynctimeout>
|
2268
|
<vardownloadrules>yes</vardownloadrules>
|
2269
|
<row>
|
2270
|
<varsyncprotocol>http</varsyncprotocol>
|
2271
|
<varsyncipaddress />
|
2272
|
<varsyncport />
|
2273
|
<varsyncpassword />
|
2274
|
<varsyncsnortstart>ON</varsyncsnortstart>
|
2275
|
</row>
|
2276
|
</config>
|
2277
|
</snortsync>
|
2278
|
<miniupnpd>
|
2279
|
<config>
|
2280
|
<enable>on</enable>
|
2281
|
<enable_upnp>on</enable_upnp>
|
2282
|
<enable_natpmp>on</enable_natpmp>
|
2283
|
<ext_iface />
|
2284
|
<iface_array>lan</iface_array>
|
2285
|
<download />
|
2286
|
<upload />
|
2287
|
<overridewanip />
|
2288
|
<upnpqueue />
|
2289
|
<logpackets>on</logpackets>
|
2290
|
<sysuptime>on</sysuptime>
|
2291
|
<permdefault />
|
2292
|
</config>
|
2293
|
</miniupnpd>
|
2294
|
<arpwatch>
|
2295
|
<config>
|
2296
|
<interface>lan</interface>
|
2297
|
<enable_email />
|
2298
|
</config>
|
2299
|
</arpwatch>
|
2300
|
<tab>
|
2301
|
<name>Client Export</name>
|
2302
|
<tabgroup>OpenVPN</tabgroup>
|
2303
|
<url>/vpn_openvpn_export.php</url>
|
2304
|
</tab>
|
2305
|
<tab>
|
2306
|
<name>Shared Key Export</name>
|
2307
|
<tabgroup>OpenVPN</tabgroup>
|
2308
|
<url>/vpn_openvpn_export_shared.php</url>
|
2309
|
</tab>
|
2310
|
<autoconfigbackup>
|
2311
|
<config>
|
2312
|
<username>athompso</username>
|
2313
|
<password>y5ajUBkrDC01</password>
|
2314
|
<passwordagain>y5ajUBkrDC01</passwordagain>
|
2315
|
<crypto_password>avant</crypto_password>
|
2316
|
<crypto_password2>avant</crypto_password2>
|
2317
|
</config>
|
2318
|
</autoconfigbackup>
|
2319
|
<zabbixagentlts>
|
2320
|
<config>
|
2321
|
<agentenabled>on</agentenabled>
|
2322
|
<server>zabbix.ad.avant.ca</server>
|
2323
|
<serveractive>zabbix.ad.avant.ca</serveractive>
|
2324
|
<hostname>remote.avant.ca</hostname>
|
2325
|
<listenip>0.0.0.0</listenip>
|
2326
|
<listenport>10050</listenport>
|
2327
|
<refreshactchecks>120</refreshactchecks>
|
2328
|
<timeout>3</timeout>
|
2329
|
<buffersend>5</buffersend>
|
2330
|
<buffersize>100</buffersize>
|
2331
|
<startagents>3</startagents>
|
2332
|
<userparams />
|
2333
|
</config>
|
2334
|
</zabbixagentlts>
|
2335
|
<haproxy>
|
2336
|
<ha_backends>
|
2337
|
<item>
|
2338
|
<name>support.avant.ca</name>
|
2339
|
<desc />
|
2340
|
<status>disable</status>
|
2341
|
<secondary />
|
2342
|
<primary_frontend />
|
2343
|
<type>http</type>
|
2344
|
<forwardfor>yes</forwardfor>
|
2345
|
<httpclose>http-keep-alive</httpclose>
|
2346
|
<extaddr />
|
2347
|
<backend_serverpool />
|
2348
|
<max_connections />
|
2349
|
<client_timeout />
|
2350
|
<port />
|
2351
|
<advanced_bind />
|
2352
|
<ssloffloadcert>55cca9a47b7b3</ssloffloadcert>
|
2353
|
<dcertadv />
|
2354
|
<ssloffload />
|
2355
|
<ssloffloadacl />
|
2356
|
<ssloffloadacladditional />
|
2357
|
<sslclientcert-none>yes</sslclientcert-none>
|
2358
|
<sslclientcert-invalid>yes</sslclientcert-invalid>
|
2359
|
<sslocsp>yes</sslocsp>
|
2360
|
<socket-stats>yes</socket-stats>
|
2361
|
<dontlognull />
|
2362
|
<dontlog-normal />
|
2363
|
<log-separate-errors />
|
2364
|
<log-detailed>yes</log-detailed>
|
2365
|
<advanced />
|
2366
|
<ha_acls />
|
2367
|
<ha_certificates />
|
2368
|
<clientcert_ca />
|
2369
|
<clientcert_crl />
|
2370
|
<a_extaddr>
|
2371
|
<item>
|
2372
|
<extaddr>wan_ipv4</extaddr>
|
2373
|
<extaddr_custom />
|
2374
|
<extaddr_port>443</extaddr_port>
|
2375
|
<extaddr_ssl>yes</extaddr_ssl>
|
2376
|
<extaddr_advanced />
|
2377
|
<_index />
|
2378
|
</item>
|
2379
|
</a_extaddr>
|
2380
|
<a_actionitems />
|
2381
|
<a_errorfiles />
|
2382
|
<ssloffloadacl_an />
|
2383
|
<ssloffloadacladditional_an />
|
2384
|
</item>
|
2385
|
</ha_backends>
|
2386
|
<configversion>00.32</configversion>
|
2387
|
<ha_pools>
|
2388
|
<item />
|
2389
|
</ha_pools>
|
2390
|
<maxconn>1000</maxconn>
|
2391
|
<enablesync />
|
2392
|
<remotesyslog>/var/run/log</remotesyslog>
|
2393
|
<logfacility>local0</logfacility>
|
2394
|
<loglevel>info</loglevel>
|
2395
|
<localstatsport>2200</localstatsport>
|
2396
|
<localstats_refreshtime>10</localstats_refreshtime>
|
2397
|
<localstats_sticktable_refreshtime>10</localstats_sticktable_refreshtime>
|
2398
|
<log-send-hostname />
|
2399
|
<ssldefaultdhparam>2048</ssldefaultdhparam>
|
2400
|
<email_mailers>
|
2401
|
<items />
|
2402
|
</email_mailers>
|
2403
|
<dns_resolvers />
|
2404
|
<files>
|
2405
|
<item />
|
2406
|
</files>
|
2407
|
<nbproc />
|
2408
|
<email_level />
|
2409
|
<email_myhostname />
|
2410
|
<email_from />
|
2411
|
<email_to />
|
2412
|
<resolver_retries />
|
2413
|
<resolver_timeoutretry />
|
2414
|
<resolver_holdvalid />
|
2415
|
</haproxy>
|
2416
|
</installedpackages>
|
2417
|
<ntpd>
|
2418
|
<statsgraph>yes</statsgraph>
|
2419
|
<gps>
|
2420
|
<type>Default</type>
|
2421
|
</gps>
|
2422
|
<logpeer>yes</logpeer>
|
2423
|
<logsys>yes</logsys>
|
2424
|
<prefer>clock.fmt.he.net </prefer>
|
2425
|
<clockstats>yes</clockstats>
|
2426
|
<loopstats>yes</loopstats>
|
2427
|
<peerstats>yes</peerstats>
|
2428
|
</ntpd>
|
2429
|
<vlans>
|
2430
|
<vlan>
|
2431
|
<if>hme0</if>
|
2432
|
<tag>8</tag>
|
2433
|
<descr><![CDATA[Mitel VoIP VLAN]]></descr>
|
2434
|
<vlanif>hme0_vlan8</vlanif>
|
2435
|
</vlan>
|
2436
|
<vlan>
|
2437
|
<if>bge0</if>
|
2438
|
<tag>158</tag>
|
2439
|
<descr><![CDATA[new LAN]]></descr>
|
2440
|
<vlanif>bge0_vlan158</vlanif>
|
2441
|
</vlan>
|
2442
|
<vlan>
|
2443
|
<if>bge0</if>
|
2444
|
<tag>156</tag>
|
2445
|
<descr><![CDATA[DMZ1]]></descr>
|
2446
|
<vlanif>bge0_vlan156</vlanif>
|
2447
|
</vlan>
|
2448
|
</vlans>
|
2449
|
<virtualip>
|
2450
|
<vip>
|
2451
|
<mode>carp</mode>
|
2452
|
<interface>lan</interface>
|
2453
|
<vhid>1</vhid>
|
2454
|
<advskew>0</advskew>
|
2455
|
<advbase>1</advbase>
|
2456
|
<password>asdf</password>
|
2457
|
<descr><![CDATA[old switch1 IP address]]></descr>
|
2458
|
<type>single</type>
|
2459
|
<subnet_bits>24</subnet_bits>
|
2460
|
<subnet>192.168.100.254</subnet>
|
2461
|
<uniqid>570e65f92fe6d</uniqid>
|
2462
|
</vip>
|
2463
|
<vip>
|
2464
|
<mode>ipalias</mode>
|
2465
|
<interface>opt1</interface>
|
2466
|
<uniqid>572d0132ad85e</uniqid>
|
2467
|
<descr><![CDATA[fake DC1 for sandbox]]></descr>
|
2468
|
<type>single</type>
|
2469
|
<subnet_bits>32</subnet_bits>
|
2470
|
<subnet>192.168.101.10</subnet>
|
2471
|
</vip>
|
2472
|
<vip>
|
2473
|
<mode>ipalias</mode>
|
2474
|
<interface>opt1</interface>
|
2475
|
<uniqid>572d0154590df</uniqid>
|
2476
|
<descr><![CDATA[fake DC2 for sandbox]]></descr>
|
2477
|
<type>single</type>
|
2478
|
<subnet_bits>32</subnet_bits>
|
2479
|
<subnet>192.168.101.20</subnet>
|
2480
|
</vip>
|
2481
|
</virtualip>
|
2482
|
<hasync>
|
2483
|
<pfsyncpeerip />
|
2484
|
<pfsyncinterface>lan</pfsyncinterface>
|
2485
|
<synchronizetoip />
|
2486
|
<username />
|
2487
|
<password />
|
2488
|
</hasync>
|
2489
|
<dhcrelay />
|
2490
|
<dhcrelay6 />
|
2491
|
<ca>
|
2492
|
<refid>5540ed69a904b</refid>
|
2493
|
<descr><![CDATA[Avant-OpenVPN-CA]]></descr>
|
2494
|
<crt></crt>
|
2495
|
<prv></prv>
|
2496
|
<serial>2</serial>
|
2497
|
</ca>
|
2498
|
<ca>
|
2499
|
<refid>557b8b583c276</refid>
|
2500
|
<descr><![CDATA[StartSSL Root]]></descr>
|
2501
|
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlIeVRDQ0JiR2dBd0lCQWdJQkFUQU5CZ2txaGtpRzl3MEJBUVVGQURCOU1Rc3dDUVlEVlFRR0V3SkpUREVXDQpNQlFHQTFVRUNoTU5VM1JoY25SRGIyMGdUSFJrTGpFck1Da0dBMVVFQ3hNaVUyVmpkWEpsSUVScFoybDBZV3dnDQpRMlZ5ZEdsbWFXTmhkR1VnVTJsbmJtbHVaekVwTUNjR0ExVUVBeE1nVTNSaGNuUkRiMjBnUTJWeWRHbG1hV05oDQpkR2x2YmlCQmRYUm9iM0pwZEhrd0hoY05NRFl3T1RFM01UazBOak0yV2hjTk16WXdPVEUzTVRrME5qTTJXakI5DQpNUXN3Q1FZRFZRUUdFd0pKVERFV01CUUdBMVVFQ2hNTlUzUmhjblJEYjIwZ1RIUmtMakVyTUNrR0ExVUVDeE1pDQpVMlZqZFhKbElFUnBaMmwwWVd3Z1EyVnlkR2xtYVdOaGRHVWdVMmxuYm1sdVp6RXBNQ2NHQTFVRUF4TWdVM1JoDQpjblJEYjIwZ1EyVnlkR2xtYVdOaGRHbHZiaUJCZFhSb2IzSnBkSGt3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBDQpBNElDRHdBd2dnSUtBb0lDQVFEQmlOc0p2R3hHZkhpZmxYdTFNNUR5Y21MV3dUWWdJaVJlenVsMzhrTUtvZ1prDQpwTXlPTnZnNDVpUHdibTJ4UE4xeW80VWNvZE05dERNcjB5K3YvdXF3UVZsbnRzUUdmUXFlZElYV2VVeUFOM3JmDQpPUVZTV2ZmMEcwWkRwTktGaGRMRGNmTjFZalM2TElwL0hvL3U3VFRRRWNlV3pWSTl1alBXM1UzZUN6dEtTNS9DDQpKaS82dFJZY2NqVjN5anhkNXNyaEpvc2FOblpjQWR0MEZDWCs3YldnaUEvZGVNb3RId2VYTUFFdGNubjZSdFlUDQpLcWk1cHF1RFNSM2w4dS9kNUFHT0dBcVBZMU1XaFdLcERoazZ6TFZtcHNKcmRBZmtLK0YyUHJSdDJQWkU0WE5pDQpIenZFdnFCVFZpVnNVUW4zcXF2S3YzYjliWnZ6bmR1L1BXYThERmFxcjVoSWxUcEwzNmRZVU5rNGRhbGI2a01NDQpBditaNitoc1RYQmJLV1djM2FwZHpLOEJNZXdNNjlLTjZPcWNlK1p1OXlkbURCcEkxMjVDNHovZUlUNTc0UTF3DQorMk9xcUd3YVZMUmNKWHJKb3NtTEZxYTdMSDRYWGdWTldHNFNIUUh1RWhBTnhqSi9HUC84OVByTmJwSG9Oa20rDQpHa2hwaThLV1RSb1NzbWtYd1FxUTF2cDVJa2kvdW50cCtIREgrbm8zMk5nTjBuWlBWLytRdCtPUjB0M3Z3bUMzDQpaenJkL3FxYzhOU0xmM0lpenNhZmw3YjRyNHFnRUtqWit4akd0clZjVWp5SnRoa3Fjd0VLRHdPekVtRHllaStCDQoyNk51L3lZd2wvV0wzWWxYdHEwOXM2OHJ4YmQyQXZDbDFpdWFoaFFxY3Ziak00eGRDVXNUMzd1TWRCTlNTd0lEDQpBUUFCbzRJQ1VqQ0NBazR3REFZRFZSMFRCQVV3QXdFQi96QUxCZ05WSFE4RUJBTUNBYTR3SFFZRFZSME9CQllFDQpGRTRMN3hxa1FGdWxGMm1ITU1vMGFFUFFRYTd5TUdRR0ExVWRId1JkTUZzd0xLQXFvQ2lHSm1oMGRIQTZMeTlqDQpaWEowTG5OMFlYSjBZMjl0TG05eVp5OXpabk5qWVMxamNtd3VZM0pzTUN1Z0thQW5oaVZvZEhSd09pOHZZM0pzDQpMbk4wWVhKMFkyOXRMbTl5Wnk5elpuTmpZUzFqY213dVkzSnNNSUlCWFFZRFZSMGdCSUlCVkRDQ0FWQXdnZ0ZNDQpCZ3NyQmdFRUFZRzFOd0VCQVRDQ0FUc3dMd1lJS3dZQkJRVUhBZ0VXSTJoMGRIQTZMeTlqWlhKMExuTjBZWEowDQpZMjl0TG05eVp5OXdiMnhwWTNrdWNHUm1NRFVHQ0NzR0FRVUZCd0lCRmlsb2RIUndPaTh2WTJWeWRDNXpkR0Z5DQpkR052YlM1dmNtY3ZhVzUwWlhKdFpXUnBZWFJsTG5Ca1pqQ0IwQVlJS3dZQkJRVUhBZ0l3Z2NNd0p4WWdVM1JoDQpjblFnUTI5dGJXVnlZMmxoYkNBb1UzUmhjblJEYjIwcElFeDBaQzR3QXdJQkFScUJsMHhwYldsMFpXUWdUR2xoDQpZbWxzYVhSNUxDQnlaV0ZrSUhSb1pTQnpaV04wYVc5dUlDcE1aV2RoYkNCTWFXMXBkR0YwYVc5dWN5b2diMllnDQpkR2hsSUZOMFlYSjBRMjl0SUVObGNuUnBabWxqWVhScGIyNGdRWFYwYUc5eWFYUjVJRkJ2YkdsamVTQmhkbUZwDQpiR0ZpYkdVZ1lYUWdhSFIwY0RvdkwyTmxjblF1YzNSaGNuUmpiMjB1YjNKbkwzQnZiR2xqZVM1d1pHWXdFUVlKDQpZSVpJQVliNFFnRUJCQVFEQWdBSE1EZ0dDV0NHU0FHRytFSUJEUVFyRmlsVGRHRnlkRU52YlNCR2NtVmxJRk5UDQpUQ0JEWlhKMGFXWnBZMkYwYVc5dUlFRjFkR2h2Y21sMGVUQU5CZ2txaGtpRzl3MEJBUVVGQUFPQ0FnRUFGbXlaDQo5R1lNTlBYUWhWNTlDdXphRUU0NEhGN2ZwaVVGUzVFeXdlZzc4VDNkUkFsYkIwbUtLY3RtQXJleG12Y2xtQWs4DQpqaHZoM1RhSEswdTdhTk01WmoyZ0pzZnlPWkVkVWF1Q2UzN1Z6bHJrNGdOWGNHbVhDUGxlV0tZSzM0d0dta1VXDQpGamdLWGxmMllzZDZBZ1htdkI2MThwNzBxU21EK0xJVTQyNG9oMFREa0JyZU9LazhyRU5OWkVYTzNTaXBYUEp6DQpld1Q0RitpcnNmTXVYR1J1Y3pFNkVyaThzeEhrZlkrQlVabzdqWW4wVFpObWV6d0Q3ZE9hSFpyelpWRDFvTkIxDQpueSt2OE9xQ1E1ajRhWnlKZWNSRGprWnk0MlEyRXEvM0pSNDRpWkIzZnNOcmFybkR5MFJMckhpUWkrZkhMQjVMDQpFVVRJTkZJbnpRcGRuNFhCaWRVYWVQS1ZFRk15M1lDRVpuWFp0V2dvKzJFdXZvU29PTUNaRW9hbEhtZGtyUVl1DQpMNmx3aGNlV0QzeUpaZldPUTFRT3E5MmxnRG1VWU1BMHlaWndMS01TOVI5SWU3MGNmbXUzblpEMElqdXUrUHdxDQp5dnFDVXFEdnIwdFZrK3ZCdGZBaWk2dzBUaVlpQktHSExIVkt0K1Y5RTllNERHVEFOdExKTDRZU2pDTUp3UnVDDQpPM05KbzJwWGg1VGwxbmpGbVVOajQwM2dkeTNoWlpseWFRUWFSd25tRHdGV0pQc2Z2dzU1cVZndXVjUUpBWDZWDQp1bTBBQmo2eTZrb1FPZGpRSy9XLzdIVy9sd0xGQ1JzSTNGVTM0b0g3TjRSRFlpREs1MVpMWmVyK2JNRWtreVNoDQpOT3NGLzVvaXJwdDlQL0ZsVVFxbU1HcXo5SWdjZ0EzOGNvcm9nMTQ9DQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tDQo=</crt>
|
2502
|
</ca>
|
2503
|
<ca>
|
2504
|
<refid>557b8b98e24da</refid>
|
2505
|
<descr><![CDATA[StartSSL Intermediate]]></descr>
|
2506
|
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGMlRDQ0E4R2dBd0lCQWdJSEhLczJSeTJjVVRBTkJna3Foa2lHOXcwQkFRc0ZBREI5TVFzd0NRWURWUVFHDQpFd0pKVERFV01CUUdBMVVFQ2hNTlUzUmhjblJEYjIwZ1RIUmtMakVyTUNrR0ExVUVDeE1pVTJWamRYSmxJRVJwDQpaMmwwWVd3Z1EyVnlkR2xtYVdOaGRHVWdVMmxuYm1sdVp6RXBNQ2NHQTFVRUF4TWdVM1JoY25SRGIyMGdRMlZ5DQpkR2xtYVdOaGRHbHZiaUJCZFhSb2IzSnBkSGt3SGhjTk1EY3hNREUwTWpBMU56QTVXaGNOTWpJeE1ERTBNakExDQpOekE1V2pDQmpERUxNQWtHQTFVRUJoTUNTVXd4RmpBVUJnTlZCQW9URFZOMFlYSjBRMjl0SUV4MFpDNHhLekFwDQpCZ05WQkFzVElsTmxZM1Z5WlNCRWFXZHBkR0ZzSUVObGNuUnBabWxqWVhSbElGTnBaMjVwYm1jeE9EQTJCZ05WDQpCQU1UTDFOMFlYSjBRMjl0SUVOc1lYTnpJRElnVUhKcGJXRnllU0JKYm5SbGNtMWxaR2xoZEdVZ1UyVnlkbVZ5DQpJRU5CTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE0azg1TDZHTW1vV3RDQTRJDQpQbGZ5aUFFaEc1U3BiT0s0MjZvWkdFWTZVcUgxRC9SdWpPcVdqSmFIZVJOQVVTOGk4Z3lMaHc5bDMzRjBORU5WDQpzVFVKbTltOEgvcnJRdENYUUhLM1E1WTl1cGFkWFZBQ0hKdVJqWnpBck5lN0x4Zlh5ejZDblhQckIwS1NzczFrDQpzM1JWRzdSTGhpRXM5M2lITXVBVzVOcTlUSlhxcEFwK3Rnb05Mb3JQVmF2RDVkMUJpazdtYjJWc3NrRFBGMTI1DQp3Mm9MSnhHRWQySDJ3bnp0d0kxNEZCaVpnWmwxWTdmb1U5TzZZZWtPK3FJdzgwYWl1Y2tmYklCYVFLd243VWhIDQpNN0JVeGtZYTh6Vmh3UUlwa0ZSK1pFM0VNRklDZ3RmZnppRnVHSkhYdUt1TUp4ZTE4S01CTDQ3U0xvYzZQYlFwDQpaNHJFQXdJREFRQUJvNElCVERDQ0FVZ3dFZ1lEVlIwVEFRSC9CQWd3QmdFQi93SUJBREFPQmdOVkhROEJBZjhFDQpCQU1DQVFZd0hRWURWUjBPQkJZRUZCSGJJMFg5Vk14cWNXK0VpZ1BYdnZjQkx5YUdNQjhHQTFVZEl3UVlNQmFBDQpGRTRMN3hxa1FGdWxGMm1ITU1vMGFFUFFRYTd5TUdrR0NDc0dBUVVGQndFQkJGMHdXekFuQmdnckJnRUZCUWN3DQpBWVliYUhSMGNEb3ZMMjlqYzNBdWMzUmhjblJ6YzJ3dVkyOXRMMk5oTURBR0NDc0dBUVVGQnpBQ2hpUm9kSFJ3DQpPaTh2WVdsaExuTjBZWEowYzNOc0xtTnZiUzlqWlhKMGN5OWpZUzVqY25Rd01nWURWUjBmQkNzd0tUQW5vQ1dnDQpJNFloYUhSMGNEb3ZMMk55YkM1emRHRnlkSE56YkM1amIyMHZjMlp6WTJFdVkzSnNNRU1HQTFVZElBUThNRG93DQpPQVlFVlIwZ0FEQXdNQzRHQ0NzR0FRVUZCd0lCRmlKb2RIUndPaTh2ZDNkM0xuTjBZWEowYzNOc0xtTnZiUzl3DQpiMnhwWTNrdWNHUm1NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUJTeWIzenZjdjU2NkxFTXNxR2N2elB2NmN3DQp0ZjJSOTlXQjRTRUVyUUJNLyttTEo5ci84aVROL0I4UGY5TFI1WUdTSTNnVzdtc0RMcDBBU0UrdWdtVXVoMi91DQphZ2RmUzFadTk1WkdRZWJkL2tXNVlpcWFpbmJwcmIzV2M3TzhNU3ZRTE5Wc2E3eHFPaVdIcWFpbERkZUY4V3hzDQpCUTcwd1dqTHV5cUJXS1UrbWNTZjl4K0VqcUI2MFUzYnVBR2NEWUUweW9MK0kySk5QMjJrVXNCTVh2SnBTTEh5DQozNnhFWkdtd1JpbkhyZkR5d0oxb0k0cW9aM0VpRjc3T2lYcDJ2bFJzazF5TDhCcHVydTJPcnNJRnJoTlg1cm5uDQpjTWd6dUo3OVNqRGptTlFUYSs1T3VlYnMzODdxb0o1MmFwZXE2dDgwUlVMMTJrM1doM1p0Lzg1cGhucUJYOXV5DQpUODZ3NEdkZ09VU3dSUkNGWlpjU2VkL1VsOWg0SVF5RW1NNjdUMnNQR2RxRmFaRkJiQmNjeHJuMkZLN3lvWUI2DQo0dW1WN3lLS3pQODQyL3doVnV5QS9XMmloWkVwQStxckE3MHNZRVNDQURYbkZHeDJPMENEVmRWYzM4Y29vMW5WDQppWGcrRCtBRy9kVlhpaVFjcDJJNEhZV1RTL21UZi9ORSttT1ludTBtaVozMi92aERiQ1gvQi9rU1BKNFJzTk9BDQo3dXlyT3d5a2NnT1NGRGJwdnVhS09wR0xyUXdHcUxPRGdtK3A5VFk1Z2lNTWp1cjlYSDdUUzF3ejAyZEl6MDd1DQp5Mk53WVdkVjY3dmNuQXQ2UXhSSVNhcDVSYmFQdml5UVp4ejRuRmFTbFRBd0hvUGFXMXl1VlMxMXRtc1JPTWxSDQpSTnZiYUF4SVU0VTY3WWFaU3c9PQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ0K</crt>
|
2507
|
<caref>557b8b583c276</caref>
|
2508
|
</ca>
|
2509
|
<crl>
|
2510
|
<refid>5540ed9583c81</refid>
|
2511
|
<descr><![CDATA[Avant-OpenVPN-CRL]]></descr>
|
2512
|
<caref>5540ed69a904b</caref>
|
2513
|
<method>internal</method>
|
2514
|
<serial>9999</serial>
|
2515
|
<lifetime>9999</lifetime>
|
2516
|
</crl>
|
2517
|
<gifs>
|
2518
|
<gif>
|
2519
|
<ipaddr />
|
2520
|
<if>wan</if>
|
2521
|
<tunnel-local-addr>2001:470:1f10:103d::2</tunnel-local-addr>
|
2522
|
<tunnel-remote-addr>2001:470:1f10:103d::1</tunnel-remote-addr>
|
2523
|
<tunnel-remote-net>64</tunnel-remote-net>
|
2524
|
<remote-addr>184.105.253.14</remote-addr>
|
2525
|
<descr><![CDATA[HE tunnel]]></descr>
|
2526
|
<gifif>gif0</gifif>
|
2527
|
</gif>
|
2528
|
</gifs>
|
2529
|
<igmpproxy>
|
2530
|
<igmpentry>
|
2531
|
<ifname>wan</ifname>
|
2532
|
<threshold />
|
2533
|
<type>upstream</type>
|
2534
|
<address />
|
2535
|
<descr />
|
2536
|
</igmpentry>
|
2537
|
<igmpentry>
|
2538
|
<ifname>opt3</ifname>
|
2539
|
<threshold />
|
2540
|
<type>downstream</type>
|
2541
|
<address>192.168.158.0/24</address>
|
2542
|
<descr />
|
2543
|
</igmpentry>
|
2544
|
<igmpentry>
|
2545
|
<ifname>lan</ifname>
|
2546
|
<threshold />
|
2547
|
<type>downstream</type>
|
2548
|
<address>192.168.100.0/24</address>
|
2549
|
<descr />
|
2550
|
</igmpentry>
|
2551
|
</igmpproxy>
|
2552
|
<ovpnserver>
|
2553
|
<step1>
|
2554
|
<type>local</type>
|
2555
|
</step1>
|
2556
|
<step6>
|
2557
|
<authcertca>5540ed69a904b</authcertca>
|
2558
|
</step6>
|
2559
|
<step9>
|
2560
|
<authcertname>5540ef186ee99</authcertname>
|
2561
|
</step9>
|
2562
|
<step10>
|
2563
|
<protocol>UDP</protocol>
|
2564
|
<localport>1194</localport>
|
2565
|
<gentlskey>on</gentlskey>
|
2566
|
<dhkey>2048</dhkey>
|
2567
|
<crypto>AES-256-CBC</crypto>
|
2568
|
<digest>SHA1</digest>
|
2569
|
<engine>cryptodev</engine>
|
2570
|
<dynip>on</dynip>
|
2571
|
<addrpool>on</addrpool>
|
2572
|
<nbttype>8</nbttype>
|
2573
|
<interface>wan</interface>
|
2574
|
<tlsauth>on</tlsauth>
|
2575
|
<tunnelnet>192.168.99.0/24</tunnelnet>
|
2576
|
<localnet>192.168.100.0/24</localnet>
|
2577
|
<defaultdomain>asg.local</defaultdomain>
|
2578
|
<dns1>192.168.100.50</dns1>
|
2579
|
<dns2>192.168.100.52</dns2>
|
2580
|
<ntp1>192.168.100.1</ntp1>
|
2581
|
<nbtenable>on</nbtenable>
|
2582
|
<wins1>192.168.100.50</wins1>
|
2583
|
<wins2>192.168.100.52</wins2>
|
2584
|
</step10>
|
2585
|
<step11>
|
2586
|
<ovpnrule>on</ovpnrule>
|
2587
|
<ovpnallow>on</ovpnallow>
|
2588
|
</step11>
|
2589
|
</ovpnserver>
|
2590
|
<ezshaper>
|
2591
|
<step1>
|
2592
|
<numberofconnections>1</numberofconnections>
|
2593
|
<numberoflocalinterfaces>4</numberoflocalinterfaces>
|
2594
|
</step1>
|
2595
|
<step2>
|
2596
|
<local0downloadscheduler>HFSC</local0downloadscheduler>
|
2597
|
<local0interface>lan</local0interface>
|
2598
|
<local1downloadscheduler>HFSC</local1downloadscheduler>
|
2599
|
<local1interface>opt1</local1interface>
|
2600
|
<local2downloadscheduler>HFSC</local2downloadscheduler>
|
2601
|
<local2interface>opt2</local2interface>
|
2602
|
<local3downloadscheduler>HFSC</local3downloadscheduler>
|
2603
|
<local3interface>opt3</local3interface>
|
2604
|
<conn0uploadscheduler>HFSC</conn0uploadscheduler>
|
2605
|
<conn0upload>1.9</conn0upload>
|
2606
|
<conn0uploadspeed>Mb</conn0uploadspeed>
|
2607
|
<conn0download>25</conn0download>
|
2608
|
<conn0downloadspeed>Mb</conn0downloadspeed>
|
2609
|
<conn0interface>wan</conn0interface>
|
2610
|
</step2>
|
2611
|
<step3>
|
2612
|
<local0download>1</local0download>
|
2613
|
<local0downloadspeed>Mb</local0downloadspeed>
|
2614
|
<local1download>1</local1download>
|
2615
|
<local1downloadspeed>Mb</local1downloadspeed>
|
2616
|
<local2download>1</local2download>
|
2617
|
<local2downloadspeed>Mb</local2downloadspeed>
|
2618
|
<local3download>1</local3download>
|
2619
|
<local3downloadspeed>Mb</local3downloadspeed>
|
2620
|
<conn0upload>1</conn0upload>
|
2621
|
<conn0uploadspeed>Mb</conn0uploadspeed>
|
2622
|
</step3>
|
2623
|
<step5 />
|
2624
|
<step7 />
|
2625
|
</ezshaper>
|
2626
|
<dyndnses />
|
2627
|
</pfsense>
|