!
!Device Configuration
!Date: 16-06-2009 01:24:30
!DeviceDescription: AppDirector with Cookie Persistency
!Base MAC Address: 00:03:b2:4d:0e:80
!Software Version: 2.10.00 (Build date Apr 7 2009, 22:33:12,Build#150)
!APSolute OS Version: 10.31-03.05(40):2.06.09
!
!
! The following commands will take effect only
! once the device has been rebooted!
!
system tune bridge-fft-table set 1024 system tune ip-fft-table set 100000 system tune arp-table set 1024 system tune client-table set 500000 system tune routing-table set 512 system tune url-table set 256 system tune request-table set 2000 system tune nat-address-table set 10 system tune nat-ports-table set 64511 system tune session-id-table set 16000 system tune l3-client-table-size set 20 system tune outbound-nat-address set 10 system tune outbound-nat-ports set 64511 system tune outbound-intrcpt-tbl set 10 system tune radius-attribute-table set 1 system tune segments set 15
system tune l4-policy-table set 512 system tune static-dns-persistency set 5 system tune dynamic-dns-persistency set 10
manage snmp versions-after-reset set "v1 & v2c & v3"
system tune session-pasv-protocols set 16 system tune session set 512
system tune session-resets set 100
!
! The following commands take effect immediately
! upon execution!
!
health-monitoring check create ocs.SIP.AV.tcp.5063.server.1 -id 0 -m \
"TCP Port" -p 5063 -i 3 -r 2 -t 1 -d 192.168.1.21
health-monitoring check create ocs.SIP.AV.tcp.5063.server.2 -id 1 -m \
"TCP Port" -p 5063 -i 3 -r 2 -t 1 -d 192.168.1.22
health-monitoring check create ocs.HTTPS.conf.tcp.444.server.1 -id 2 -m \
"TCP Port" -p 444 -i 3 -r 2 -t 1 -d 192.168.1.21
health-monitoring check create ocs.HTTPS.web.tcp.443.server.1 -id 4 -m \
"TCP Port" -p 443 -i 3 -r 2 -t 1 -d 192.168.1.21
health-monitoring check create ocs.HTTPS.web.tcp.443.server.2 -id 5 -m \
"TCP Port" -p 443 -i 3 -r 2 -t 1 -d 192.168.1.22
health-monitoring check create ocs.MTLS.tcp.5061.server.1 -id 6 -m \
"TCP Port" -p 5061 -i 3 -r 2 -t 1 -d 192.168.1.21
health-monitoring check create ocs.MTLS.tcp.5061.server.2 -id 7 -m \
"TCP Port" -p 5061 -i 3 -r 2 -t 1 -d 192.168.1.22
9 -m "TCP Port" -p 5065 -i 3 -r 2 -t 1 -d 192.168.1.22
health-monitoring check create ocs.HTTPS.conf.tcp.444.server.2 -id 10 -m \
"TCP Port" -p 5065 -d 192.168.1.22
net ip-interface create 192.168.1.2 255.255.255.0 G-1 -pa 192.168.1.1 net ip-interface create 192.168.2.2 255.255.255.0 G-1 -pa 192.168.2.1 net ip-interface create 10.210.6.3 255.255.0.0 MNG-1 -pa 10.210.6.4 net route table create 11.1.10.0 255.255.255.0 192.168.1.254 -i G-1 net route table create 11.1.2.0 255.255.255.0 192.168.1.254 -i G-1 net route table create 10.1.0.0 255.255.0.0 192.168.1.254 -i G-1 net route table create 10.2.0.0 255.255.0.0 192.168.1.254 -i G-1 net route table create 10.3.0.0 255.255.0.0 192.168.1.254 -i G-1 net route table create 10.4.0.0 255.255.0.0 192.168.1.254 -i G-1 net route table create 11.1.11.0 255.255.255.0 192.168.1.254 -i G-1 net route table create 0.0.0.0 0.0.0.0 10.210.1.1 -i MNG-1
redundancy mode set VRRP
system mib2-name set AppDirector_peer
appdirector farm table setCreate ocs.frontend.SIP.5060.farm -at 1200 -cm \
"No Checks" -sm ServerPerSession
appdirector farm table setCreate ocs.frontend.HTTPS.conf.444.farm -at \ 1200 -cm "No Checks" -sm ServerPerSession
appdirector farm table setCreate ocs.frontend.HTTPS.443.farm -at 1200 -cm \
"No Checks" -sm ServerPerSession
appdirector farm table setCreate ocs.frontend.MTLS.5061.farm -at 1200 -cm \
"No Checks" -sm ServerPerSession
appdirector farm table setCreate ocs.frontend.DCOM.135.farm -at 1200 -cm \
"No Checks" -sm ServerPerSession
appdirector farm table setCreate ocs.frontend.SIP.app.sharing.5065.farm \ -at 1200 -cm "No Checks" -sm ServerPerSession
appdirector farm server table create ocs.frontend.SIP.5060.farm\
192.168.1.21 None -sn OCS.Server.1 -id 0 -cn Enabled -nr 192.168.1.201 appdirector farm server table create ocs.frontend.SIP.5060.farm\
192.168.1.22 None -sn OCS.Server.2 -id 1 -cn Enabled -nr 192.168.1.201 appdirector farm server table create ocs.frontend.HTTPS.443.farm\
192.168.1.21 None -sn OCS.Server.1 -id 3 -cn Enabled -nr 192.168.1.201 appdirector farm server table create ocs.frontend.HTTPS.443.farm\
192.168.1.22 None -sn OCS.Server.2 -id 4 -cn Enabled -nr 192.168.1.201 appdirector farm server table create ocs.frontend.HTTPS.conf.444.farm\
192.168.1.21 None -sn OCS.Server.1 -id 5 -cn Enabled -nr 192.168.1.201 appdirector farm server table create ocs.frontend.HTTPS.conf.444.farm\
192.168.1.22 None -sn OCS.Server.2 -id 6 -cn Enabled -nr 192.168.1.201 appdirector farm server table create ocs.frontend.MTLS.5061.farm\
192.168.1.21 None -sn OCS.Server.1 -id 7 -cn Enabled -nr 192.168.1.201 appdirector farm server table create ocs.frontend.MTLS.5061.farm\
192.168.1.22 None -sn OCS.Server.2 -id 8 -cn Enabled -nr 192.168.1.201 appdirector farm server table create ocs.frontend.DCOM.135.farm\
192.168.1.21 None -sn OCS.Server.1 -id 9 -cn Enabled -nr 192.168.1.201 appdirector farm server table create ocs.frontend.DCOM.135.farm\
192.168.1.22 None -sn OCS.Server.2 -id 10 -cn Enabled -nr 192.168.1.201 appdirector farm server table create\
ocs.frontend.SIP.app.sharing.5065.farm 192.168.1.21 None -sn OCS.Server.1 \ -id 11
appdirector farm server table create\
ocs.frontend.SIP.app.sharing.5065.farm 192.168.1.22 None -sn OCS.Server.2 \ -id 12
redundancy interface-group set Enabled redundancy mirror backup status set Enabled redundancy mirror main client-status set Disabled redundancy backup-in-vlan set Enabled
appdirector farm connectivity-check httpcode setCreate\
ocs.frontend.SIP.5060.farm "200 - OK"
appdirector farm connectivity-check httpcode setCreate\
ocs.frontend.HTTPS.conf.444.farm "200 - OK"
appdirector farm connectivity-check httpcode setCreate\
ocs.frontend.HTTPS.443.farm "200 - OK"
net next-hop-router setCreate 10.210.1.1 -cm Ping -id 13 -fl 0 appdirector farm extended-params set ocs.frontend.SIP.5060.farm -nr \ 192.168.1.201 -sc Enabled
appdirector farm extended-params set ocs.frontend.HTTPS.conf.444.farm -nr \ 192.168.1.201 -sc Enabled
appdirector farm extended-params set ocs.frontend.HTTPS.443.farm -nr \ 192.168.1.201 -sc Enabled
appdirector farm extended-params set ocs.frontend.MTLS.5061.farm -nr \ 192.168.1.201 -sc Enabled
appdirector farm extended-params set ocs.frontend.DCOM.135.farm -nr \ 192.168.1.201 -sc Enabled
appdirector farm extended-params set\
ocs.frontend.SIP.app.sharing.5065.farm -sc Enabled
appdirector nat client address-range setCreate 192.168.1.201 -t \ 192.168.1.201
appdirector nat client range-to-nat setCreate 192.168.1.21 -t \ 192.168.1.22
appdirector nat client range-to-nat setCreate 11.1.11.1 -t 11.1.11.2 appdirector nat client range-to-nat setCreate 192.168.2.20 -t \ 192.168.2.150
appdirector nat client range-to-nat setCreate 192.168.1.25 -t \ 192.168.1.150
appdirector nat client status set Enabled redundancy backup-interface-group set Enabled net vlan-tag-handling set Retain
appdirector nat outbound status set Disabled
appdirector l4-policy table create 192.168.1.200 TCP 5060 0.0.0.0\
ocs.frontend.SIP.5060.L4policy -fn ocs.frontend.SIP.5060.farm -rs Backup appdirector l4-policy table create 192.168.1.200 TCP 444 0.0.0.0\
ocs.frontend.HTTPS.conf.444.L4policy -fn ocs.frontend.HTTPS.conf.444.farm \ -rs Backup
appdirector l4-policy table create 192.168.1.200 TCP 5061 0.0.0.0\
ocs.frontend.MTLS.5061.L4policy -fn ocs.frontend.MTLS.5061.farm -rs \ Backup
appdirector l4-policy table create 192.168.1.200 TCP 443 0.0.0.0\
ocs.frontend.HTTPS.443.L4policy -fn ocs.frontend.HTTPS.443.farm -rs \ Backup
appdirector l4-policy table create 192.168.1.200 TCP 135 0.0.0.0\
ocs.frontend.DCOM.135.L4policy -fn ocs.frontend.DCOM.135.farm -rs Backup appdirector l4-policy table create 192.168.1.200 TCP 5065 0.0.0.0\
ocs.frontend.SIP.app.sharing.5065.L4policy -fn \ ocs.frontend.SIP.app.sharing.5065.farm -rs Backup redundancy mirror main dns-status set Disabled redundancy vrrp automated-config-update set Enabled redundancy mirror main sid-status set Disabled
redundancy global-configuration failure-action set Ignore health-monitoring binding create 0 0
health-monitoring binding create 1 1 health-monitoring binding create 4 3 health-monitoring binding create 6 7 health-monitoring binding create 2 5 health-monitoring binding create 5 4 health-monitoring binding create 7 8 health-monitoring binding create 8 11 health-monitoring binding create 9 12 health-monitoring binding create 10 6 health-monitoring status set disable
health-monitoring response-level-samples set 0
redundancy vrrp virtual-routers create G-1 101 -as Up -p 154 -pip \ 192.168.1.2
redundancy vrrp associated-ip create G-1 101 192.168.1.1 redundancy vrrp associated-ip create G-1 101 192.168.1.200 redundancy vrrp associated-ip create G-1 101 192.168.1.201
manage user table create radware -pw GndridF04zNWSGOrZjKFV78REiEra/Qm manage telnet status set enable
manage telnet server-port set 23 manage web status set enable manage ssh status set enable
net l2-interface set 100063 -ad up
redundancy vrrp global-advertise-int set 0
manage terminal prompt set AppD.OCSR2.Lan.Active_peer manage snmp groups create SNMPv1 public -gn initial
manage snmp groups create SNMPv1 ReadOnlySecurity -gn InitialReadOnly manage snmp groups create SNMPv2c public -gn initial
manage snmp groups create SNMPv2c ReadOnlySecurity -gn InitialReadOnly manage snmp groups create UserBased radware -gn initial
manage snmp groups create UserBased ReadOnlySecurity -gn InitialReadOnly manage snmp access create initial SNMPv1 noAuthNoPriv -rvn iso -wvn iso \ -nvn iso
manage snmp access create InitialReadOnly SNMPv1 noAuthNoPriv -rvn \ ReadOnlyView
manage snmp access create initial SNMPv2c noAuthNoPriv -rvn iso -wvn iso \ -nvn iso
manage snmp access create InitialReadOnly SNMPv2c noAuthNoPriv -rvn \ ReadOnlyView
manage snmp access create initial UserBased authPriv -rvn iso -wvn iso \ -nvn iso
manage snmp access create InitialReadOnly UserBased authPriv -rvn \ ReadOnlyView
manage snmp views create iso 1
manage snmp views create ReadOnlyView 1
manage snmp views create ReadOnlyView 1.3.6.1.4.1.89.2.7.2 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.18.1.1 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.15.1.2.2 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.4.1.89.35.1.61 -cm \ excluded
manage snmp views create ReadOnlyView 1.3.6.1.6.3.16.1.2 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.16.1.4 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.16.1.5 -cm excluded manage snmp notify create allTraps -ta v3Traps
manage snmp global engine-id set 80000059030003b24d0e80 manage snmp users create radware -cf 0.0 -ap MD5 -akc \ 40f3230bf7e18487d950dc23e1f85cd2 -pp DES -pkc \
40f3230bf7e18487d950dc23e1f85cd2
manage snmp target-address create v3MngStations -tl v3Traps -p \ radware-authPriv
manage snmp target-parameters create public-v1 -d SNMPv1 -sm SNMPv1 -sn \ public -sl noAuthNoPriv
manage snmp target-parameters create public-v2 -d SNMPv2c -sm SNMPv2c -sn \ public -sl noAuthNoPriv
manage snmp target-parameters create radware-authPriv -d SNMPv3 -sm \ UserBased -sn radware -sl authPriv
manage snmp community create public -n public -sn public manage telnet session-timeout set 5
manage telnet auth-timeout set 30
system diagnostics policies setCreate any
system diagnostics capture output file set "ram drive"
system diagnostics capture output term set Disabled system diagnostics capture point set both
redundancy force-down-ports-time set 0
system diagnostics capture traffic-match-mode set "Inbound and Outbound"
appdirector global connectivity-check tcp-timeout set 3 security certificate table \
Name: radware \
---BEGIN CERTIFICATE--- \