391 lines
12 KiB
XML
391 lines
12 KiB
XML
<?xml version="1.0"?>
|
|
<config version="7.0.0" urldb="paloaltonetworks">
|
|
<mgt-config>
|
|
<users>
|
|
<entry name="admin">
|
|
<phash>fnRL/G5lXVMug</phash>
|
|
<permissions>
|
|
<role-based>
|
|
<superuser>yes</superuser>
|
|
</role-based>
|
|
</permissions>
|
|
</entry>
|
|
</users>
|
|
</mgt-config>
|
|
<shared>
|
|
<application/>
|
|
<application-group/>
|
|
<service/>
|
|
<service-group/>
|
|
<botnet>
|
|
<configuration>
|
|
<http>
|
|
<dynamic-dns>
|
|
<enabled>yes</enabled>
|
|
<threshold>5</threshold>
|
|
</dynamic-dns>
|
|
<malware-sites>
|
|
<enabled>yes</enabled>
|
|
<threshold>5</threshold>
|
|
</malware-sites>
|
|
<recent-domains>
|
|
<enabled>yes</enabled>
|
|
<threshold>5</threshold>
|
|
</recent-domains>
|
|
<ip-domains>
|
|
<enabled>yes</enabled>
|
|
<threshold>10</threshold>
|
|
</ip-domains>
|
|
<executables-from-unknown-sites>
|
|
<enabled>yes</enabled>
|
|
<threshold>5</threshold>
|
|
</executables-from-unknown-sites>
|
|
</http>
|
|
<other-applications>
|
|
<irc>yes</irc>
|
|
</other-applications>
|
|
<unknown-applications>
|
|
<unknown-tcp>
|
|
<destinations-per-hour>10</destinations-per-hour>
|
|
<sessions-per-hour>10</sessions-per-hour>
|
|
<session-length>
|
|
<maximum-bytes>100</maximum-bytes>
|
|
<minimum-bytes>50</minimum-bytes>
|
|
</session-length>
|
|
</unknown-tcp>
|
|
<unknown-udp>
|
|
<destinations-per-hour>10</destinations-per-hour>
|
|
<sessions-per-hour>10</sessions-per-hour>
|
|
<session-length>
|
|
<maximum-bytes>100</maximum-bytes>
|
|
<minimum-bytes>50</minimum-bytes>
|
|
</session-length>
|
|
</unknown-udp>
|
|
</unknown-applications>
|
|
</configuration>
|
|
<report>
|
|
<topn>100</topn>
|
|
<scheduled>yes</scheduled>
|
|
</report>
|
|
</botnet>
|
|
</shared>
|
|
<devices>
|
|
<entry name="localhost.localdomain">
|
|
<network>
|
|
<interface>
|
|
<ethernet>
|
|
<entry name="ethernet1/1">
|
|
<layer3>
|
|
<ipv6>
|
|
<neighbor-discovery>
|
|
<router-advertisement>
|
|
<enable>no</enable>
|
|
</router-advertisement>
|
|
</neighbor-discovery>
|
|
</ipv6>
|
|
<ndp-proxy>
|
|
<enabled>no</enabled>
|
|
</ndp-proxy>
|
|
<lldp>
|
|
<enable>no</enable>
|
|
</lldp>
|
|
<ip>
|
|
<entry name="%ZONEIP%"/>
|
|
</ip>
|
|
<interface-management-profile>mgmt-all</interface-management-profile>
|
|
</layer3>
|
|
</entry>
|
|
</ethernet>
|
|
</interface>
|
|
<profiles>
|
|
<monitor-profile>
|
|
<entry name="default">
|
|
<interval>3</interval>
|
|
<threshold>5</threshold>
|
|
<action>wait-recover</action>
|
|
</entry>
|
|
</monitor-profile>
|
|
<interface-management-profile>
|
|
<entry name="mgmt-all">
|
|
<permitted-ip>
|
|
<entry name="0.0.0.0/0"/>
|
|
</permitted-ip>
|
|
<http>yes</http>
|
|
<https>yes</https>
|
|
<http-ocsp>yes</http-ocsp>
|
|
<ssh>yes</ssh>
|
|
<snmp>yes</snmp>
|
|
<ping>yes</ping>
|
|
<response-pages>yes</response-pages>
|
|
<telnet>yes</telnet>
|
|
</entry>
|
|
</interface-management-profile>
|
|
</profiles>
|
|
<ike>
|
|
<crypto-profiles>
|
|
<ike-crypto-profiles>
|
|
<entry name="default">
|
|
<encryption>
|
|
<member>aes-128-cbc</member>
|
|
<member>3des</member>
|
|
</encryption>
|
|
<hash>
|
|
<member>sha1</member>
|
|
</hash>
|
|
<dh-group>
|
|
<member>group2</member>
|
|
</dh-group>
|
|
<lifetime>
|
|
<hours>8</hours>
|
|
</lifetime>
|
|
</entry>
|
|
<entry name="Suite-B-GCM-128">
|
|
<encryption>
|
|
<member>aes-128-cbc</member>
|
|
</encryption>
|
|
<hash>
|
|
<member>sha256</member>
|
|
</hash>
|
|
<dh-group>
|
|
<member>group19</member>
|
|
</dh-group>
|
|
<lifetime>
|
|
<hours>8</hours>
|
|
</lifetime>
|
|
</entry>
|
|
<entry name="Suite-B-GCM-256">
|
|
<encryption>
|
|
<member>aes-256-cbc</member>
|
|
</encryption>
|
|
<hash>
|
|
<member>sha384</member>
|
|
</hash>
|
|
<dh-group>
|
|
<member>group20</member>
|
|
</dh-group>
|
|
<lifetime>
|
|
<hours>8</hours>
|
|
</lifetime>
|
|
</entry>
|
|
</ike-crypto-profiles>
|
|
<ipsec-crypto-profiles>
|
|
<entry name="default">
|
|
<esp>
|
|
<encryption>
|
|
<member>aes-128-cbc</member>
|
|
<member>3des</member>
|
|
</encryption>
|
|
<authentication>
|
|
<member>sha1</member>
|
|
</authentication>
|
|
</esp>
|
|
<dh-group>group2</dh-group>
|
|
<lifetime>
|
|
<hours>1</hours>
|
|
</lifetime>
|
|
</entry>
|
|
<entry name="Suite-B-GCM-128">
|
|
<esp>
|
|
<encryption>
|
|
<member>aes-128-gcm</member>
|
|
</encryption>
|
|
<authentication>
|
|
<member>none</member>
|
|
</authentication>
|
|
</esp>
|
|
<dh-group>group19</dh-group>
|
|
<lifetime>
|
|
<hours>1</hours>
|
|
</lifetime>
|
|
</entry>
|
|
<entry name="Suite-B-GCM-256">
|
|
<esp>
|
|
<encryption>
|
|
<member>aes-256-gcm</member>
|
|
</encryption>
|
|
<authentication>
|
|
<member>none</member>
|
|
</authentication>
|
|
</esp>
|
|
<dh-group>group20</dh-group>
|
|
<lifetime>
|
|
<hours>1</hours>
|
|
</lifetime>
|
|
</entry>
|
|
</ipsec-crypto-profiles>
|
|
<global-protect-app-crypto-profiles>
|
|
<entry name="default">
|
|
<encryption>
|
|
<member>aes-128-cbc</member>
|
|
</encryption>
|
|
<authentication>
|
|
<member>sha1</member>
|
|
</authentication>
|
|
</entry>
|
|
</global-protect-app-crypto-profiles>
|
|
</crypto-profiles>
|
|
</ike>
|
|
<qos>
|
|
<profile>
|
|
<entry name="default">
|
|
<class>
|
|
<entry name="class1">
|
|
<priority>real-time</priority>
|
|
</entry>
|
|
<entry name="class2">
|
|
<priority>high</priority>
|
|
</entry>
|
|
<entry name="class3">
|
|
<priority>high</priority>
|
|
</entry>
|
|
<entry name="class4">
|
|
<priority>medium</priority>
|
|
</entry>
|
|
<entry name="class5">
|
|
<priority>medium</priority>
|
|
</entry>
|
|
<entry name="class6">
|
|
<priority>low</priority>
|
|
</entry>
|
|
<entry name="class7">
|
|
<priority>low</priority>
|
|
</entry>
|
|
<entry name="class8">
|
|
<priority>low</priority>
|
|
</entry>
|
|
</class>
|
|
</entry>
|
|
</profile>
|
|
</qos>
|
|
<virtual-router>
|
|
<entry name="default">
|
|
<protocol>
|
|
<bgp>
|
|
<enable>no</enable>
|
|
<dampening-profile>
|
|
<entry name="default">
|
|
<cutoff>1.25</cutoff>
|
|
<reuse>0.5</reuse>
|
|
<max-hold-time>900</max-hold-time>
|
|
<decay-half-life-reachable>300</decay-half-life-reachable>
|
|
<decay-half-life-unreachable>900</decay-half-life-unreachable>
|
|
<enable>yes</enable>
|
|
</entry>
|
|
</dampening-profile>
|
|
</bgp>
|
|
</protocol>
|
|
<interface>
|
|
<member>ethernet1/1</member>
|
|
</interface>
|
|
</entry>
|
|
</virtual-router>
|
|
</network>
|
|
<deviceconfig>
|
|
<system>
|
|
<update-server>updates.paloaltonetworks.com</update-server>
|
|
<update-schedule>
|
|
<threats>
|
|
<recurring>
|
|
<weekly>
|
|
<day-of-week>wednesday</day-of-week>
|
|
<at>01:02</at>
|
|
<action>download-only</action>
|
|
</weekly>
|
|
</recurring>
|
|
</threats>
|
|
</update-schedule>
|
|
<timezone>US/Pacific</timezone>
|
|
<service>
|
|
<disable-telnet>yes</disable-telnet>
|
|
<disable-http>yes</disable-http>
|
|
</service>
|
|
<hostname>PA-VM</hostname>
|
|
</system>
|
|
<setting>
|
|
<config>
|
|
<rematch>yes</rematch>
|
|
</config>
|
|
<management>
|
|
<hostname-type-in-syslog>FQDN</hostname-type-in-syslog>
|
|
</management>
|
|
<auto-mac-detect>yes</auto-mac-detect>
|
|
<tcp>
|
|
<asymmetric-path>bypass</asymmetric-path>
|
|
</tcp>
|
|
</setting>
|
|
</deviceconfig>
|
|
<vsys>
|
|
<entry name="vsys1">
|
|
<application/>
|
|
<application-group/>
|
|
<zone>
|
|
<entry name="left">
|
|
<network>
|
|
<layer3>
|
|
<member>ethernet1/1</member>
|
|
</layer3>
|
|
</network>
|
|
</entry>
|
|
</zone>
|
|
<service/>
|
|
<service-group/>
|
|
<schedule/>
|
|
<rulebase>
|
|
<security>
|
|
<rules>
|
|
<entry name="test-sfc">
|
|
<to>
|
|
<member>any</member>
|
|
</to>
|
|
<from>
|
|
<member>any</member>
|
|
</from>
|
|
<source>
|
|
<member>any</member>
|
|
</source>
|
|
<destination>
|
|
<member>any</member>
|
|
</destination>
|
|
<source-user>
|
|
<member>any</member>
|
|
</source-user>
|
|
<category>
|
|
<member>any</member>
|
|
</category>
|
|
<application>
|
|
<member>any</member>
|
|
</application>
|
|
<service>
|
|
<member>any</member>
|
|
</service>
|
|
<hip-profiles>
|
|
<member>any</member>
|
|
</hip-profiles>
|
|
<action>allow</action>
|
|
<rule-type>intrazone</rule-type>
|
|
<option>
|
|
<disable-server-response-inspection>no</disable-server-response-inspection>
|
|
</option>
|
|
<log-start>yes</log-start>
|
|
</entry>
|
|
</rules>
|
|
</security>
|
|
</rulebase>
|
|
<address>
|
|
<entry name="%ZONEIP%">
|
|
<ip-netmask>%ZONEIP%/24</ip-netmask>
|
|
</entry>
|
|
</address>
|
|
<import>
|
|
<network>
|
|
<interface>
|
|
<member>ethernet1/1</member>
|
|
</interface>
|
|
</network>
|
|
</import>
|
|
</entry>
|
|
</vsys>
|
|
</entry>
|
|
</devices>
|
|
</config>
|