USG2200 (V1R5版本) ipsec场景下,如何实现安全策略拦截勒索病毒445端口

发布时间:  2017-05-13 浏览次数:  170 下载次数:  0
问题描述

USG2200(V1R5)版本psec场景下,如何实现安全策略拦截勒索病毒445端口?

解决方案

鉴于遇到的情况,较多政府和大客户防火墙版本均较老,如V1R5版本。

整理案例如下参考:

 

<sysname> system-view
[sysname] ip service-set set1 type object
[sysname-object-service-set-set1] service protocol tcp destination-port 445      //定义一个服务端口445,包含在服务集set1里面
[sysname-object-service-set-set1] quit

[sysname]policy interzone trust untrust inbound                 //进方向做拦截

[sysname-policy-interzone-trust-untrust-inbound] policy 1

[sysname-policy-interzone-trust-untrust-inbound-1] policy source 192.168.1.0 0.0.0.255      //比如对端是1网段,本地2网段
[sysname-policy-interzone-trust-untrust-inbound-1] policy destination 192.168.2.0 0.0.0.255
[sysname-nat-policy-interzone-trust-untrust-inbound-1] policy service service-set set1

[sysname-policy-interzone-trust-untrust- inbound -1] action deny

[sysname-policy-interzone-trust-untrust-inbound-1]quit


[sysname]policy interzone trust untrust outbound                //出方向也做拦截

[sysname-policy-interzone-trust-untrust-outbound] policy 2

[sysname-policy-interzone-trust-untrust- outbound -2] policy source 192.168.2.0 0.0.0.255
[sysname-policy-interzone-trust-untrust- outbound -2] policy destination 192.168.1.0 0.0.0.255
[sysname-nat-policy-interzone-trust-untrust- outbound -2] policy service service-set set1

[sysname-policy-interzone-trust-untrust-outbound-2]action deny

[sysname-policy-interzone-trust-untrust-outbound-2 quit

[sysname]quit

<sysname>save

END