업무이야기/Security

FortiGate Service Objects Category별 우선 순위

쫑콩아빠 2018. 5. 8. 10:37
반응형
  1. tcp-52000-Uncategorized
  2. tcp-52000-web Access
  3. tcp-52000-File Access
  4. tcp-52000-Email
  5. tcp-52000-Network Services
  6. tcp-52000-Authentication
  7. tcp-52000-Remote Access
  8. tcp-49152-65535-Authentication
  9. tcp-49152-65535-Remote Access
  10. tcp-52000-Tunneling / tcp-49152-52000-Tunneling
  11. tcp-49152-65535-Tunneling / tcp-52000-tunneling
  12. tcp-52000-VOIP, Messaging & Other Applications / tcp-49152-52000-VOIP, Messaging & Other Applications
  13. tcp-49152-52000-VOIP, Messaging & Other Applications / tcp-52000-VOIP, Messaging & Other Applications
  14. tcp-52000-Web Proxy / tcp-49152-52000-Web Proxy
  15. tcp-49152-52000-Web Proxy / tcp-52000-Web Proxy
  16. tcp-49152-52000-Uncategorized
  17. tcp-49152-52000-Web Access
  18. tcp-49152-52000-File Access
  19. tcp-49152-52000-Email
  20. tcp-49152-52000-Network Services
  21. tcp/52000
  22. tcp-52000-General TCP-49152-65535-General : 로그 찍지 않음
 
config firewall service custom
    edit "TCP-49152-65535-general"
        set category "General"
        set tcp-portrange 49152-65535
    next
    edit "TCP-52000-uncat"
        set tcp-portrange 52000
    next
    edit "TCP-49152-65535-auth"
        set category "Authentication"
        set tcp-portrange 49152-65535
    next
    edit "TCP-49152-65535-remote"
        set category "Remote Access"
        set tcp-portrange 49152-65535
    next
    edit "TCP-49152-65535-tunnel"
        set category "Tunneling"
        set tcp-portrange 49152-65535
    next
    edit "TCP-49152-65535-voip"
        set category "VoIP, Messaging & Other Applications"
        set tcp-portrange 49152-65535
    next
    edit "TCP-49152-65535-webproxy"
        set category "Web Proxy"
        set tcp-portrange 49152-65535
    next
    edit "TCP-49152-65535-uncat"
        set tcp-portrange 49152-65535
    next
    edit "TCP-49152-65535-web"
        set category "Web Access"
        set tcp-portrange 49152-65535
    next
    edit "TCP-49152-65535-file"
        set category "File Access"
        set tcp-portrange 49152-65535
    next
    edit "TCP-49152-65535-email"
        set category "Email"
        set tcp-portrange 49152-65535
    next
    edit "TCP-49152-65535-network"
        set category "Network Services"
        set tcp-portrange 49152-65535
    next
    edit "TCP-52000-general"
        set category "General"
        set tcp-portrange 52000
    next
    edit "TCP-52000-web"
        set category "Web Access"
        set tcp-portrange 52000
    next
    edit "TCP-52000-file"
        set category "File Access"
        set tcp-portrange 52000
    next
    edit "TCP-52000-email"
        set category "Email"
        set tcp-portrange 52000
    next
    edit "TCP-52000-network"
        set category "Network Services"
        set tcp-portrange 52000
    next
    edit "TCP-52000-auth"
        set category "Authentication"
        set tcp-portrange 52000
    next
    edit "TCP-52000-remote"
        set category "Remote Access"
        set tcp-portrange 52000
    next
    edit "TCP-52000-tunnel"
        set category "Tunneling"
        set tcp-portrange 52000
    next
    edit "TCP-52000-voip"
        set category "VoIP, Messaging & Other Applications"
        set tcp-portrange 52000
    next
    edit "TCP-52000-webproxy"
        set category "Web Proxy"
        set tcp-portrange 52000
    next

 

end 

 

 

반응형
저작자표시 비영리 변경금지 (새창열림)