取消
显示结果 
搜索替代 
您的意思是: 
cancel
公告

December 2020

December 2020

291
查看次数
5
有帮助
2
回复

大佬们求帮忙看看这些防火墙的配置的含义

各位大佬麻烦帮忙看一下如下配置:   哪些是默认配置呢,如果不是默认配置,那代表的含义是什么呢!虚心求教!

timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local

 

ip audit info action alarm
ip audit attack action alarm

 

再次感谢各位大佬!

1 个已接受解答

已接受的解答
ilay
Collaborator


timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute


1.这些是防火墙定义针对一些协议的定义的timeout 时间,基本上算是默认值(可以在全局模式通过timeout ?查看各协议的默认值)

 

aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local

2.这一部分是定义的aaa-server的设置,属于自己添加的内容,


ip audit info action alarm
ip audit attack action alarm


3. 这个是防火墙IDS功能针对info信息和attack启用log 告警,

在原帖中查看解决方案

2 条回复2
YilinChen
Advocate

看着没啥问题,你可以认为是默认配置;

ilay
Collaborator


timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute


1.这些是防火墙定义针对一些协议的定义的timeout 时间,基本上算是默认值(可以在全局模式通过timeout ?查看各协议的默认值)

 

aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local

2.这一部分是定义的aaa-server的设置,属于自己添加的内容,


ip audit info action alarm
ip audit attack action alarm


3. 这个是防火墙IDS功能针对info信息和attack启用log 告警,

创建
认可您的同行
Content for Community-Ad