• No results found

Primary AppDirector Front-End Configuration File

Appendix 1 – Primary AppDirector Front-End Configuration File

!

!Device Configuration

!Date: 16-06-2009 01:21:23

!DeviceDescription: AppDirector with Cookie Persistency

!Base MAC Address: 00:03:b2:4d:0e:80

!Software Version: 2.10.00 (Build date Apr 7 2009, 22:33:12,Build#150)

!APSolute OS Version: 10.31-03.05(40):2.06.09

!

!

! The following commands will take effect only

! once the device has been rebooted!

!

system tune bridge-fft-table set 1024 system tune ip-fft-table set 100000 system tune arp-table set 1024 system tune client-table set 500000 system tune routing-table set 512 system tune url-table set 256 system tune request-table set 2000 system tune nat-address-table set 10 system tune nat-ports-table set 64511 system tune session-id-table set 16000 system tune l3-client-table-size set 20 system tune outbound-nat-address set 10 system tune outbound-nat-ports set 64511 system tune outbound-intrcpt-tbl set 10 system tune radius-attribute-table set 1 system tune segments set 15

system tune l4-policy-table set 512 system tune static-dns-persistency set 5 system tune dynamic-dns-persistency set 10

manage snmp versions-after-reset set "v1 & v2c & v3"

system tune session-pasv-protocols set 16 system tune session set 512

system tune session-resets set 100

!

! The following commands take effect immediately

! upon execution!

!

health-monitoring check create ocs.SIP.AV.tcp.5063.server.1 -id 0 -m \

"TCP Port" -p 5063 -i 3 -r 2 -t 1 -d 192.168.1.21

health-monitoring check create ocs.SIP.AV.tcp.5063.server.2 -id 1 -m \

"TCP Port" -p 5063 -i 3 -r 2 -t 1 -d 192.168.1.22

health-monitoring check create ocs.HTTPS.conf.tcp.444.server.1 -id 2 -m \

"TCP Port" -p 444 -i 3 -r 2 -t 1 -d 192.168.1.21

health-monitoring check create ocs.HTTPS.web.tcp.443.server.1 -id 4 -m \

"TCP Port" -p 443 -i 3 -r 2 -t 1 -d 192.168.1.21

health-monitoring check create ocs.HTTPS.web.tcp.443.server.2 -id 5 -m \

"TCP Port" -p 443 -i 3 -r 2 -t 1 -d 192.168.1.22

health-monitoring check create ocs.MTLS.tcp.5061.server.1 -id 6 -m \

"TCP Port" -p 5061 -i 3 -r 2 -t 1 -d 192.168.1.21

health-monitoring check create ocs.MTLS.tcp.5061.server.2 -id 7 -m \

"TCP Port" -p 5061 -i 3 -r 2 -t 1 -d 192.168.1.22

health-monitoring check create ocs.SIP.app.sharing.tcp.5065.server.1 -id \ 8 -m "TCP Port" -p 5065 -i 3 -r 2 -t 1 -d 192.168.1.21

health-monitoring check create ocs.SIP.app.sharing.tcp.5065.server.2 -id \ 9 -m "TCP Port" -p 5065 -i 3 -r 2 -t 1 -d 192.168.1.22

net ip-interface create 192.168.2.1 255.255.255.0 G-1 -pa 192.168.2.2 net ip-interface create 10.210.6.4 255.255.0.0 MNG-1 -pa 10.210.6.3 net route table create 11.1.10.0 255.255.255.0 192.168.1.254 -i G-1 net route table create 11.1.2.0 255.255.255.0 192.168.1.254 -i G-1 net route table create 10.1.0.0 255.255.0.0 192.168.1.254 -i G-1 net route table create 10.2.0.0 255.255.0.0 192.168.1.254 -i G-1 net route table create 10.3.0.0 255.255.0.0 192.168.1.254 -i G-1 net route table create 10.4.0.0 255.255.0.0 192.168.1.254 -i G-1 net route table create 11.1.11.0 255.255.255.0 192.168.1.254 -i G-1 net route table create 0.0.0.0 0.0.0.0 10.210.1.1 -i MNG-1

redundancy mode set VRRP

appdirector farm table setCreate ocs.frontend.SIP.5060.farm -at 1200 -cm \

"No Checks" -sm ServerPerSession

appdirector farm table setCreate ocs.frontend.HTTPS.conf.444.farm -at \ 1200 -cm "No Checks" -sm ServerPerSession

appdirector farm table setCreate ocs.frontend.HTTPS.443.farm -at 1200 -cm \

"No Checks" -sm ServerPerSession

appdirector farm table setCreate ocs.frontend.MTLS.5061.farm -at 1200 -cm \

"No Checks" -sm ServerPerSession

appdirector farm table setCreate ocs.frontend.DCOM.135.farm -at 1200 -cm \

"No Checks" -sm ServerPerSession

appdirector farm table setCreate ocs.frontend.SIP.app.sharing.5065.farm \ -at 1200 -cm "No Checks" -sm ServerPerSession

appdirector farm server table create ocs.frontend.SIP.5060.farm\

192.168.1.21 None -sn OCS.Server.1 -id 0 -cn Enabled -nr 192.168.1.201 appdirector farm server table create ocs.frontend.SIP.5060.farm\

192.168.1.22 None -sn OCS.Server.2 -id 1 -cn Enabled -nr 192.168.1.201 appdirector farm server table create ocs.frontend.HTTPS.443.farm\

192.168.1.21 None -sn OCS.Server.1 -id 3 -cn Enabled -nr 192.168.1.201 appdirector farm server table create ocs.frontend.HTTPS.443.farm\

192.168.1.22 None -sn OCS.Server.2 -id 4 -cn Enabled -nr 192.168.1.201 appdirector farm server table create ocs.frontend.HTTPS.conf.444.farm\

192.168.1.21 None -sn OCS.Server.1 -id 5 -cn Enabled -nr 192.168.1.201 appdirector farm server table create ocs.frontend.HTTPS.conf.444.farm\

192.168.1.22 None -sn OCS.Server.2 -id 6 -cn Enabled -nr 192.168.1.201 appdirector farm server table create ocs.frontend.MTLS.5061.farm\

192.168.1.21 None -sn OCS.Server.1 -id 7 -cn Enabled -nr 192.168.1.201 appdirector farm server table create ocs.frontend.MTLS.5061.farm\

192.168.1.22 None -sn OCS.Server.2 -id 8 -cn Enabled -nr 192.168.1.201 appdirector farm server table create ocs.frontend.DCOM.135.farm\

192.168.1.21 None -sn OCS.Server.1 -id 9 -cn Enabled -nr 192.168.1.201 appdirector farm server table create ocs.frontend.DCOM.135.farm\

192.168.1.22 None -sn OCS.Server.2 -id 10 -cn Enabled -nr 192.168.1.201 appdirector farm server table create\

ocs.frontend.SIP.app.sharing.5065.farm 192.168.1.21 None -sn OCS.Server.1 \ -id 11

appdirector farm server table create\

ocs.frontend.SIP.app.sharing.5065.farm 192.168.1.22 None -sn OCS.Server.2 \ -id 12

redundancy interface-group set Enabled

redundancy mirror main client-status set Enabled redundancy mirror address setCreate 192.168.1.2 redundancy backup-in-vlan set Disabled

appdirector farm connectivity-check httpcode setCreate\

ocs.frontend.SIP.5060.farm "200 - OK"

appdirector farm connectivity-check httpcode setCreate\

ocs.frontend.HTTPS.conf.444.farm "200 - OK"

appdirector farm connectivity-check httpcode setCreate\

ocs.frontend.HTTPS.443.farm "200 - OK"

appdirector farm connectivity-check httpcode setCreate\

ocs.frontend.MTLS.5061.farm "200 - OK"

appdirector farm connectivity-check httpcode setCreate\

ocs.frontend.DCOM.135.farm "200 - OK"

appdirector farm connectivity-check httpcode setCreate\

appdirector farm extended-params set ocs.frontend.HTTPS.443.farm -nr \ 192.168.1.201 -sc Enabled

appdirector farm extended-params set ocs.frontend.MTLS.5061.farm -nr \ 192.168.1.201 -sc Enabled

appdirector farm extended-params set ocs.frontend.DCOM.135.farm -nr \ 192.168.1.201 -sc Enabled

appdirector farm extended-params set\

ocs.frontend.SIP.app.sharing.5065.farm -sc Enabled

appdirector nat client address-range setCreate 192.168.1.201 -t \ 192.168.1.201

appdirector nat client range-to-nat setCreate 192.168.1.21 -t \ 192.168.1.22

appdirector nat client range-to-nat setCreate 11.1.11.1 -t 11.1.11.2 appdirector nat client range-to-nat setCreate 192.168.2.20 -t \ 192.168.2.150

appdirector nat client range-to-nat setCreate 192.168.1.25 -t \ 192.168.1.150

appdirector nat client status set Enabled redundancy backup-interface-group set Enabled net vlan-tag-handling set Retain

appdirector nat outbound status set Disabled

appdirector l4-policy table create 192.168.1.200 TCP 5060 0.0.0.0\

ocs.frontend.SIP.5060.L4policy -fn ocs.frontend.SIP.5060.farm appdirector l4-policy table create 192.168.1.200 TCP 444 0.0.0.0\

ocs.frontend.HTTPS.conf.444.L4policy -fn ocs.frontend.HTTPS.conf.444.farm appdirector l4-policy table create 192.168.1.200 TCP 5061 0.0.0.0\

ocs.frontend.MTLS.5061.L4policy -fn ocs.frontend.MTLS.5061.farm appdirector l4-policy table create 192.168.1.200 TCP 443 0.0.0.0\

ocs.frontend.HTTPS.443.L4policy -fn ocs.frontend.HTTPS.443.farm appdirector l4-policy table create 192.168.1.200 TCP 135 0.0.0.0\

ocs.frontend.DCOM.135.L4policy -fn ocs.frontend.DCOM.135.farm appdirector l4-policy table create 192.168.1.200 TCP 5065 0.0.0.0\

ocs.frontend.SIP.app.sharing.5065.L4policy -fn \ ocs.frontend.SIP.app.sharing.5065.farm

redundancy vrrp automated-config-update set Enabled redundancy mirror main sid-status set Disabled

redundancy global-configuration failure-action set Ignore health-monitoring binding create 0 0

health-monitoring binding create 1 1 health-monitoring binding create 4 3 health-monitoring binding create 6 7 health-monitoring binding create 2 5 health-monitoring binding create 5 4 health-monitoring binding create 7 8 health-monitoring binding create 8 11 health-monitoring binding create 9 12 health-monitoring binding create 10 6 health-monitoring status set disable

health-monitoring response-level-samples set 0

redundancy vrrp virtual-routers create G-1 101 -as Up -p 255 -pip \ 192.168.1.1

redundancy vrrp associated-ip create G-1 101 192.168.1.1 redundancy vrrp associated-ip create G-1 101 192.168.1.200 redundancy vrrp associated-ip create G-1 101 192.168.1.201

manage user table create radware -pw GndridF04zNWSGOrZjKFV78REiEra/Qm manage telnet status set enable

manage telnet server-port set 23 manage web status set enable manage ssh status set enable manage secure-web status set enable redundancy arp-interface-group set Send net l2-interface set 100001 -ad up net l2-interface set 100063 -ad up

redundancy vrrp global-advertise-int set 0 manage terminal prompt set AppD.OCSR2.Lan.Active manage snmp groups create SNMPv1 public -gn initial

manage snmp groups create SNMPv1 ReadOnlySecurity -gn InitialReadOnly manage snmp groups create SNMPv2c public -gn initial

manage snmp access create initial SNMPv1 noAuthNoPriv -rvn iso -wvn iso \ -nvn iso

manage snmp access create InitialReadOnly SNMPv1 noAuthNoPriv -rvn \ ReadOnlyView

manage snmp access create initial SNMPv2c noAuthNoPriv -rvn iso -wvn iso \ -nvn iso

manage snmp access create InitialReadOnly SNMPv2c noAuthNoPriv -rvn \ ReadOnlyView

manage snmp access create initial UserBased authPriv -rvn iso -wvn iso \ -nvn iso

manage snmp access create InitialReadOnly UserBased authPriv -rvn \ ReadOnlyView

manage snmp views create iso 1

manage snmp views create ReadOnlyView 1

manage snmp views create ReadOnlyView 1.3.6.1.4.1.89.2.7.2 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.18.1.1 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.15.1.2.2 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.4.1.89.35.1.61 -cm \ excluded

manage snmp views create ReadOnlyView 1.3.6.1.6.3.16.1.2 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.16.1.4 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.16.1.5 -cm excluded manage snmp notify create allTraps -ta v3Traps

manage snmp global engine-id set 80000059030003b24d0e80 manage snmp users create radware -cf 0.0 -ap MD5 -akc \ 40f3230bf7e18487d950dc23e1f85cd2 -pp DES -pkc \

40f3230bf7e18487d950dc23e1f85cd2

manage snmp target-address create v3MngStations -tl v3Traps -p \ radware-authPriv

manage snmp target-parameters create public-v1 -d SNMPv1 -sm SNMPv1 -sn \ public -sl noAuthNoPriv

manage snmp target-parameters create public-v2 -d SNMPv2c -sm SNMPv2c -sn \ public -sl noAuthNoPriv

manage snmp target-parameters create radware-authPriv -d SNMPv3 -sm \ UserBased -sn radware -sl authPriv

manage snmp community create public -n public -sn public manage telnet session-timeout set 5

manage telnet auth-timeout set 30

system diagnostics policies setCreate any

system diagnostics capture output file set "ram drive"

system diagnostics capture output term set Disabled system diagnostics capture point set both

redundancy force-down-ports-time set 0

system diagnostics capture traffic-match-mode set "Inbound and Outbound"

appdirector global connectivity-check tcp-timeout set 3 security certificate table \

Name: radware \

96JAxSJvogyMRtqIpb+KquETzunilhJ3MpofKTfG4d0CAwEAATANBgkqhkiG9w0B \ AQQFAANBAKiSnX6C+zqUYnW85xN6gdmBMYiFNbUXQdGvNEdYIlnYcE9CswN0eUZy \ OUPRQBj1I/0OXEUHJ4erWbk/rxEkcL8= \

---END CERTIFICATE---

!File Signature: cbcbb179b40f1f26b462c8c331e62b8d

Download now "Radware s AppDirector...."

Outline

Related documents