#system
set hostname lish
set adminhost retries 1
set system time zone 8
set dns primary 222.85.85.85
#snmp
set snmp name SG
#link detection
#zonebook
#functional zone
 #zone vsi0
 #zone vsi1
 #zone vsi2
 #zone vsi3
 #zone vsi4
 #zone NULL
 #zone pppoe
 #zone ipsec
 #zone pptp
 #zone l2tp
 #zone ssl***
 #zone ssl***client
#security zone
 #zone trust (eth0 eth2 ath0)
 #zone untrust (eth1 eth3 eth4)
 #zone dmz
 #zone l2-trust
 #zone l2-untrust
 #zone l2-dmz
#addressbook
#schedulebook
#servicebook
#authserver
#wlan ath0
 set wlan ath0 proto 11g
 set wlan ath0 ssid zzhdt
 set wlan ath0 channel 7
 set wlan ath0 txpower 14
 set wlan ath0 rate 54
 set wlan ath0 key wpa password zzhdt123.456
#interface
#interface eth0
 set interface eth0 ip 192.168.200.254/24
 set interface eth0 nat
 set interface eth0 up
 set interface eth0 zone trust
 set interface eth0 manage-ip 192.168.200.252/24
 set interface eth0 manage-service ssh
 set interface eth0 manage-service web
 set interface eth0 dhcp server option gateway 192.168.200.254
 set interface eth0 dhcp server option netmask 255.255.255.0
 set interface eth0 dhcp server option dns1 222.85.85.85
 set interface eth0 dhcp server option lease 592000
 set interface eth0 dhcp server range 192.168.200.100 192.168.200.199
 set interface eth0 dhcp server service
#interface eth1
 set interface eth1 ip 222.85.108.50/30
 set interface eth1 up
 set interface eth1 zone untrust
 set interface eth1 manage-service web
 set interface eth1 manage-service ping
 set interface eth1 manage-service ssh
 set interface eth1 manage-service snmp
 set interface eth1 manage-service telnet
#interface eth2
 set interface eth2 ip 192.168.6.254/24
 set interface eth2 nat
 set interface eth2 up
 set interface eth2 zone trust
 set interface eth2 manage-service web
 set interface eth2 manage-service ping
 set interface eth2 manage-service ssh
 set interface eth2 manage-service snmp
 set interface eth2 manage-service telnet
 set interface eth2 dhcp server option dns1 222.85.85.85
 set interface eth2 dhcp server option gateway 192.168.1.254
 set interface eth2 dhcp server option netmask 255.255.255.0
 set interface eth2 dhcp server option lease 592000
 set interface eth2 dhcp server range 192.168.1.100 192.168.1.199
 set interface eth2 dhcp server service
#interface eth3
 set interface eth3 up
 set interface eth3 zone untrust
#interface eth4
 set interface eth4 up
 set interface eth4 zone untrust
#interface ath0
 set interface ath0 ip 192.168.0.254/24
 set interface ath0 nat
 set interface ath0 up
 set interface ath0 zone trust
 set interface ath0 manage-ip 192.168.0.252/24
 set interface ath0 manage-service web
 set interface ath0 alias-ip 192.168.2.0/24
 set interface ath0 dhcp server option netmask 255.255.255.0
 set interface ath0 dhcp server option gateway 192.168.0.254
 set interface ath0 dhcp server option dns1 222.85.85.85
 set interface ath0 dhcp server option lease 592000
 set interface ath0 dhcp server range 192.168.0.100 192.168.0.200
#interface vsi0
#interface vsi1
#interface vsi2
#interface vsi3
#interface vsi4
#pppoe
#dhcpclient
#vsi
set vsi vsi0 stp off
#vsi
set vsi vsi1 stp off
#vsi
set vsi vsi2 stp off
#vsi
set vsi vsi3 stp off
#vsi
set vsi vsi4 stp off
#route
set route 0.0.0.0/0 gateway 222.85.108.49
#policy route
#ospf
#rip
#arp
set arp 222.85.108.49 00:0F:E2:A5:73:B0
set arp 192.168.200.199 00:09:0F:78:2F:20
#set arp firewall
#set arp probe
  set arp probe self_start
  set arp probe server_start
  set arp probe interval 10
  set arp probe count 10
  set arp probe start
#log
#email log
#syslog log
#event log
#config log
#traffic log
#policy
#global policy
#policy group trustToself
 1 set policy from trust to self any any any permit
#policy group trustTountrust
 1 set policy from trust to untrust any any any permit
#policy group untrustTotrust
 1 set policy from untrust to trust any any any permit
#policy group untrustToself
 1 set policy from untrust to self any any any permit
#policy group trustTotrust
 1 set policy from trust to trust any any dhcpTcp permit
#policy group ipsecTotrust
 1 set policy from ipsec to trust any any any permit
#policy group trustToipsec
 1 set policy from trust to ipsec any any any permit
#policy group pptpTotrust
 1 set policy from pptp to trust any any any permit
#trafficpolicyList
#trafficPolicy
 set traffic name AP-outside from  ath0 to eth1 any any any
#snat
#userbook
set authuser user password ******
#*** ipsec
#manual tunnel
#proposal1
 set ipsec proposal1 a
 set ipsec proposal1 a group g1 encryption 3des authentication md5
#proposal2
 set ipsec proposal2 b
 set ipsec proposal2 b pfsgroup g2
 set ipsec proposal2 b encryption 3des authentication md5
#gateway
 set ipsec gateway test ip 10.10.10.10 main interface eth1 presharekey 123456
roposal a
 set ipsec initial-contact single-gateway test
#ike tunnel
 set ipsec ike t gateway test authby esp proposal b
#ipsec channel
 set ipsec channel ttt 192.168.1.0/24 192.168.2.0/24 tunnel t
#l2tp ipsec channel
#*** l2tp
set l2tp pppauth mschap-v1
set l2tp auth-server local
#*** pptp (enabled)
set pptp ippool 192.168.1.80 192.168.1.89
set pptp pppauth mschap-v1
set pptp dns primary 222.85.85.85
set pptp auth-server local
set pptp encrypt mppe-128
set pptp channel
#anti-x
#http-av (stopped)
#ftp-anti-x  (stopped)
#smtp-anti-x (stopped)
#pop3-anti-x (stopped)
#imap-anti-x (stopped)
#engine
#virus
#spam
#spam-default-action
#spam-user-rule
#spam-user-white-list
#spam-user-custom-rule
#spam-user-max-receiver-rule
#spam-user-max-attach-rule
#spam-user-max-email-rule
#spam-user-sender-keyword-rule
#spam-user-receiver-keyword-rule
#spam-user-subject-keyword-rule
#spam-user-content-keyword-rule
#spam-user-attach-name-rule
#spam-user-email-address-rule
#IPS
#cpms
#ha
#xupdate
#ddnsList
#ntp
#ssl*** (stopped)
#traffic-analysis  (started)
set traffic-analysis log enable
set traffic-analysis log filesize 1
set traffic-analysis top enable
set traffic-analysis top number 10
set traffic-analysis cachesize 20
set traffic-analysis maxip 256
set traffic-analysis recoverlog
set traffic-analysis graph enable
set traffic-analysis graph interval 5
set traffic-analysis network 192.168.1.0/24
set traffic-analysis start
#sslclientList