myUnifiedGateway
myUnifiedGateway
#NS13.0 Build 47.24 # Last modified by `save config`, Sun May 3 11:28:16 2020 set ns config -IPAddress 192.168.195.93 -netmask 255.255.255.0 enable ns feature WL SP LB CS SSL SSLVPN AAA IPv6PT CH enable ns mode FR L3 MBF Edge USNIP PMTUD set system parameter -doppler DISABLED set system user nsroot 25e504f67319854120e7e9774094937b04e7a067d98fadf98bf20b0cf81122ae435dc45eafe9f494867facc00c3aeb9af6423449e5ef93b6ebdf833ae46a867cf3d4fa485 -encrypted -hashmethod SHA512 add system user testuser 23293a0bb62f046cf399fc995c2740d7dee1fa0d5e2189037be2890451115d891234e6699bb35047e884adb8fa9019029826bb9b0214aac263defcf65527ef2a56d18fcc5 -encrypted -hashmethod SHA512 add system group test_nsadmin add system group test_nsoperators add system group test_nsreadonly set rsskeytype -rsstype ASYMMETRIC set lacp -sysPriority 32768 -mac 00:0c:29:5a:50:94 set ns hostName vpx13-test set interface 0/1 -throughput 0 -bandwidthHigh 0 -bandwidthNormal 0 -intftype "XEN Interface" -ifnum 0/1 set interface 1/1 -throughput 0 -bandwidthHigh 0 -bandwidthNormal 0 -intftype "XEN Interface" -ifnum 1/1 set interface 1/2 -throughput 0 -bandwidthHigh 0 -bandwidthNormal 0 -intftype "XEN Interface" -ifnum 1/2 set interface 1/3 -throughput 0 -bandwidthHigh 0 -bandwidthNormal 0 -intftype "XEN Interface" -ifnum 1/3 set interface LO/1 -haMonitor OFF -haHeartbeat OFF -throughput 0 -bandwidthHigh 0 -bandwidthNormal 0 -intftype Loopback -ifnum LO/1 add vlan 11 add vlan 12 add vlan 13 add ns ip6 fe80::20c:29ff:fe5a:5094/64 -scope link-local -type NSIP -vlan 1 -vServer DISABLED -mgmtAccess ENABLED -dynamicRouting ENABLED add ns ip 192.168.195.94 255.255.255.0 -vServer DISABLED -telnet DISABLED -ftp DISABLED -mgmtAccess ENABLED add ns ip 192.168.1.101 255.255.255.0 -type VIP add ns ip 10.0.100.101 255.255.255.0 -type VIP add ns ip 192.168.185.94 255.255.255.0 -vServer DISABLED bind vlan 11 -ifnum 1/1 bind vlan 11 -IPAddress 192.168.1.101 255.255.255.0 bind vlan 12 -ifnum 1/2 bind vlan 12 -IPAddress 10.0.100.101 255.255.255.0 bind vlan 13 -ifnum 1/3 bind vlan 13 -IPAddress 192.168.185.94 255.255.255.0 set nd6RAvariables -vlan 1 add netProfile net_pf_ct -srcIP 192.168.1.101 -MBF ENABLED add netProfile net_pf_cnc -srcIP 10.0.100.101 -MBF ENABLED set snmp alarm CLUSTER-BACKPLANE-HB-MISSING -time 86400 set snmp alarm CLUSTER-NODE-HEALTH -time 86400 set snmp alarm CLUSTER-NODE-QUORUM -time 86400 set snmp alarm CLUSTER-VERSION-MISMATCH -time 86400 set snmp alarm COMPACT-FLASH-ERRORS -time 86400 set snmp alarm HA-BAD-SECONDARY-STATE -time 86400 set snmp alarm HA-NO-HEARTBEATS -time 86400 set snmp alarm HA-SYNC-FAILURE -time 86400 set snmp alarm HA-VERSION-MISMATCH -time 86400 set snmp alarm HARD-DISK-DRIVE-ERRORS -time 86400 set snmp alarm PORT-ALLOC-FAILED -time 3600 bind policy patset ns_vpn_client_useragents AGEE -index 1 -charset ASCII bind policy patset ns_vpn_client_useragents CitrixReceiver -index 2 -charset ASCII bind policy patset ns_vpn_client_useragents AGMacClient -index 3 -charset ASCII bind policy patset ns_vpn_client_useragents "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0" -index 4 -charset ASCII bind policy patset ns_vpn_client_useragents "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:22.0) Gecko/20100101 Firefox/22.0" -index 5 -charset ASCII bind policy patset ns_aaa_activesync_useragents Apple-iPhone -index 1 -charset ASCII bind policy patset ns_aaa_activesync_useragents Apple-iPad -index 2 -charset ASCII bind policy patset ns_aaa_activesync_useragents SAMSUNG-GT -index 3 -charset ASCII bind policy patset ns_aaa_activesync_useragents "SAMSUNG GT" -index 4 -charset ASCII bind policy patset ns_aaa_activesync_useragents AirWatch -index 5 -charset ASCII bind policy patset ns_aaa_activesync_useragents "TouchDown(MSRPC)" -index 6 -charset ASCII bind policy patset ns_videoopt_quic_abr_sni_whitelist googlevideo.com -index 1 bind policy patset ns_videoopt_quic_abr_sni_whitelist c.youtube.com -index 2 bind policy patset ns_videoopt_quic_abr_sni_blacklist manifest.googlevideo.com -index 1 bind policy patset ns_videoopt_quic_abr_sni_blacklist redirector.googlevideo.com -index 2 set ns encryptionParams -method AES256 -keyValue d0ad68d8d1a38a780321fffc7f56075fc49bcedc826a3a9cd723f559a9f527b4a95dbb9274f1059f46bc27cce0569e9d1c6c37f021808ab53f7bf98236178875150d072d9ae9f3a69fed2e9f1a1ed4ea -encrypted -encryptmethod ENCMTHD_3 set dns profile default-dns-profile -cacheRecords DISABLED set cmp parameter -policyType ADVANCED add server srv_isp_ct 192.168.1.1 add server srv_isp_cnc 10.0.100.1 add server srv_dns_lan_srv 192.168.185.191 add service svc_isp_ct srv_isp_ct ANY * -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport NO -sp OFF -cltTimeout 120 -svrTimeout 120 -CKA NO -TCPB NO -CMP NO -netProfile net_pf_ct add service svc_isp_cnc srv_isp_cnc ANY * -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport NO -sp OFF -cltTimeout 120 -svrTimeout 120 -CKA NO -TCPB NO -CMP NO -netProfile net_pf_cnc add service svc_dns_lan_srv srv_dns_lan_srv DNS 53 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport NO -sp OFF -cltTimeout 120 -svrTimeout 120 -CKA NO -TCPB NO -CMP NO add service svc_dns_isp_ct srv_isp_ct DNS 53 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport NO -sp OFF -cltTimeout 120 -svrTimeout 120 -CKA NO -TCPB NO -CMP NO -state DISABLED -netProfile net_pf_ct add service svc_dns_isp_cnc srv_isp_cnc DNS 53 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport NO -sp OFF -cltTimeout 120 -svrTimeout 120 -CKA NO -TCPB NO -CMP NO -state DISABLED -netProfile net_pf_cnc add aaa user testvpn -password a97b63d13999dff529526c60beef5b0fa2a3b897fafd556254039e78c2a61a82 -encrypted -encryptmethod ENCMTHD_3 add db user root -password 071dd8f36a1fd75b30a65d8a1b46e378f7b033d9741177317165247877613f81 -encrypted -encryptmethod ENCMTHD_3 add aaa group test_adpuser add authentication noAuthAction NO_AUTHN add ssl certKey ns-server-certificate -cert ns-server.cert -key ns-server.key add ssl certKey sfwan-mtestadp-server.cert_CERT -cert sfwan-mtestadp-server.cert -key sfwan-mtestadp-server.key add ssl certKey ns-root-certificate -cert ns-root.cert add ssl certKey mtestadp-root-certificate -cert mtestadp-root.cer add ssl certKey ns-sftrust-server-certificate -cert ns-sftrust.cert -key ns-sftrust.key add ssl certKey ugwan-mtestadp-server.cert_CERT -cert ugwan-mtestadp-server.cert -key ugwan-mtestadp-server.key link ssl certKey ns-server-certificate ns-root-certificate link ssl certKey sfwan-mtestadp-server.cert_CERT mtestadp-root-certificate link ssl certKey ugwan-mtestadp-server.cert_CERT mtestadp-root-certificate add authentication authnProfile _auth_pr10.0.100.101_443 -authnVsName auth_vs_10.0.100.101_443 add authentication ldapAction 192.168.185.191_LDAP -serverIP 192.168.185.191 -ldapBase "dc=mtestadp, dc=com" -ldapBindDn "cn=adpuser01, ou=ADPUsers, ou=TestADP, dc=mtestadp, dc=com" -ldapBindDnPassword 6261d365250963de267def7414dfb91222382ccabe1326f4dd7af99459ca51e6 -encrypted -encryptmethod ENCMTHD_3 -ldapLoginName sAMAccountName -groupAttrName memberOf -subAttributeName cn add authentication storefrontAuthAction 10.0.100.101_443_sf_act -serverURL "https://ctxlic.mtestadp.com/Citrix/Authentication/ExplicitJson" -domain mtestadp.com set authentication storefrontAuthAction 10.0.100.101_443_sf_act -serverURL "https://ctxlic.mtestadp.com/Citrix/Authentication/ExplicitJson" -domain mtestadp.com add authentication loginSchema auth_vs_10.0.100.101_443_schema -authenticationSchema "/nsconfig/loginschema/LoginSchema/SingleAuth.xml" add vpn url bing bing "https://cn.bing.com/mkt=zh-CN" -clientlessAccess ON -applicationtype VPN add vpn url doge doge "https://www.dogedoge.com/" -clientlessAccess ON -applicationtype VPN add vpn url baidu baidu "https://www.baidu.com/" -clientlessAccess ON -applicationtype VPN add vpn url certsrv certsrv "https://mdns-win2008r2.mtestadp.com/certsrv/" -clientlessAccess ON -applicationtype VPN add vpn intranetApplication Intranet ANY 192.168.185.0 -netmask 255.255.255.0 -destPort 1-65535 -interception TRANSPARENT add system cmdPolicy cmdPolicy_show_only ALLOW "(^show\\s+.*)" add authentication localPolicy NS_GATEWAY_DEFAULT_LOCAL_POL NS_TRUE add authentication ldapPolicy 192.168.185.191_LDAP_pol NS_TRUE 192.168.185.191_LDAP add authentication loginSchemaPolicy auth_vs_10.0.100.101_443_schemapol -rule true -action auth_vs_10.0.100.101_443_schema add authorization policy auth_pol_group "HTTP.REQ.USER.IS_MEMBER_OF(\"test_adpuser\")" ALLOW add authorization policy auth_pol_user "HTTP.REQ.USER.NAME.EQ(\"testvpn\")" ALLOW set lb parameter -sessionsThreshold 150000 add lb vserver lb_vsrv_llb_ct ANY 0.0.0.0 0 -persistenceType DESTIP -lbMethod ROUNDROBIN -cltTimeout 120 -backupVServer lb_vsrv_llb_all add lb vserver lb_vsrv_llb_cnc ANY 0.0.0.0 0 -persistenceType DESTIP -lbMethod ROUNDROBIN -cltTimeout 120 -backupVServer lb_vsrv_llb_all add lb vserver lb_vsrv_llb_all ANY 0.0.0.0 0 -persistenceType DESTIP -lbMethod ROUNDROBIN -cltTimeout 120 add lb vserver lb_vsrv_dns_proxy DNS 192.168.185.99 53 -persistenceType SOURCEIP -lbMethod ROUNDROBIN -cltTimeout 120 add lb vserver 10.0.100.101http_redirect HTTP 10.0.100.101 80 -persistenceType NONE -redirectURL "https://sfwan.mtestadp.com" -cltTimeout 180 set cache parameter -via "NS-CACHE-10.0: 93" add authentication vserver auth_vs_10.0.100.101_443 SSL 0.0.0.0 add cs vserver myUnifiedGateway SSL 10.0.100.201 443 -cltTimeout 180 -persistenceType NONE add vpn vserver _XD_10.0.100.101_443 SSL 10.0.100.101 443 -icaOnly ON -Listenpolicy NONE -tcpProfileName nstcp_default_XA_XD_profile -deploymentType ICA_STOREFRONT -authnProfile _auth_pr10.0.100.101_443 -vserverFqdn sfwan.mtestadp.com add vpn vserver UG_VPN_myUnifiedGateway SSL 0.0.0.0 -icaOnly ON -loginOnce ON -Listenpolicy NONE -vserverFqdn ugwan.mtestadp.com add cs action UG_CSACT_myUnifiedGateway -targetVserver UG_VPN_myUnifiedGateway add cs policy UG_CSPOL_myUnifiedGateway -rule is_vpn_url -action UG_CSACT_myUnifiedGateway set aaa parameter -maxAAAUsers 4294967295 set ns rpcNode 192.168.195.93 -password aae9b78407738ebdb4284e4002b8ea3c9ebc3a34355d71fe2349b07760b441e91d7800e326281c717984766c5ba507bb -encrypted -encryptmethod ENCMTHD_3 -srcIP 192.168.195.93 bind rewrite policylabel ns_cvpn_v2_url_label ns_cvpn_v2_bypass_url_pol 20000 NEXT bind cmp global ns_adv_nocmp_xml_ie -priority 8700 -gotoPriorityExpression END -type RES_DEFAULT bind cmp global ns_adv_nocmp_mozilla_47 -priority 8800 -gotoPriorityExpression END -type RES_DEFAULT bind cmp global ns_adv_cmp_mscss -priority 8900 -gotoPriorityExpression END -type RES_DEFAULT bind cmp global ns_adv_cmp_msapp -priority 9000 -gotoPriorityExpression END -type RES_DEFAULT bind cmp global ns_adv_cmp_content_type -priority 10000 -gotoPriorityExpression END -type RES_DEFAULT set appflow param -observationDomainName Default -observationPointId 1573103808 add cache contentGroup DEFAULT set cache contentGroup NSFEO -maxResSize 1994752 add cache contentGroup BASEFILE -relExpiry 86000 -weakNegRelExpiry 600 -maxResSize 256 -memLimit 2 add cache contentGroup DELTAJS -relExpiry 86000 -weakNegRelExpiry 600 -insertAge NO -maxResSize 256 -memLimit 1 -pinned YES add cache contentGroup ctx_cg_poc -relExpiry 86000 -weakNegRelExpiry 600 -insertAge NO -maxResSize 500 -memLimit 256 -pinned YES add cache policy _nonGetReq -rule "!HTTP.REQ.METHOD.eq(GET)" -action NOCACHE add cache policy _advancedConditionalReq -rule "HTTP.REQ.HEADER(\"If-Match\").EXISTS || HTTP.REQ.HEADER(\"If-Unmodified-Since\").EXISTS" -action NOCACHE add cache policy _personalizedReq -rule "HTTP.REQ.HEADER(\"Cookie\").EXISTS || HTTP.REQ.HEADER(\"Authorization\").EXISTS || HTTP.REQ.HEADER(\"Proxy-Authorization\").EXISTS || HTTP.REQ.IS_NTLM_OR_NEGOTIATE" -action MAY_NOCACHE add cache policy _uncacheableStatusRes -rule "! ((HTTP.RES.STATUS.EQ(200)) || (HTTP.RES.STATUS.EQ(304)) || (HTTP.RES.STATUS.BETWEEN(400,499)) || (HTTP.RES.STATUS.BETWEEN(300, 302)) || (HTTP.RES.STATUS.EQ(307))|| (HTTP.RES.STATUS.EQ(203)))" -action NOCACHE add cache policy _uncacheableCacheControlRes -rule "((HTTP.RES.CACHE_CONTROL.IS_PRIVATE) || (HTTP.RES.CACHE_CONTROL.IS_NO_CACHE) || (HTTP.RES.CACHE_CONTROL.IS_NO_STORE) || (HTTP.RES.CACHE_CONTROL.IS_INVALID))" -action NOCACHE add cache policy _cacheableCacheControlRes -rule "((HTTP.RES.CACHE_CONTROL.IS_PUBLIC) || (HTTP.RES.CACHE_CONTROL.IS_MAX_AGE) || (HTTP.RES.CACHE_CONTROL.IS_MUST_REVALIDATE) || (HTTP.RES.CACHE_CONTROL.IS_PROXY_REVALIDATE) || (HTTP.RES.CACHE_CONTROL.IS_S_MAXAGE))" -action CACHE -storeInGroup DEFAULT add cache policy _uncacheableVaryRes -rule "((HTTP.RES.HEADER(\"Vary\").EXISTS) && ((HTTP.RES.HEADER(\"Vary\").INSTANCE(1).LENGTH > 0) || (!HTTP.RES.HEADER(\"Vary\").STRIP_END_WS.SET_TEXT_MODE(IGNORECASE).eq(\"Accept-Encoding\"))))" -action NOCACHE add cache policy _uncacheablePragmaRes -rule "HTTP.RES.HEADER(\"Pragma\").EXISTS" -action NOCACHE add cache policy _cacheableExpiryRes -rule "HTTP.RES.HEADER(\"Expires\").EXISTS" -action CACHE -storeInGroup DEFAULT add cache policy _imageRes -rule "HTTP.RES.HEADER(\"Content-Type\").SET_TEXT_MODE(IGNORECASE).STARTSWITH(\"image/\")" -action CACHE -storeInGroup DEFAULT add cache policy _personalizedRes -rule "HTTP.RES.HEADER(\"Set-Cookie\").EXISTS || HTTP.RES.HEADER(\"Set-Cookie2\").EXISTS" -action NOCACHE add cache policy ctx_images -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS_INDEX(\"ctx_file_extensions\").BETWEEN(101,150)" -action CACHE -storeInGroup ctx_cg_poc add cache policy ctx_web_css -rule "HTTP.REQ.URL.ENDSWITH(\".css\")" -action CACHE -storeInGroup ctx_cg_poc add cache policy ctx_doc_pdf -rule "HTTP.REQ.URL.ENDSWITH(\".pdf\")" -action CACHE -storeInGroup ctx_cg_poc add cache policy ctx_web_JavaScript -rule "HTTP.REQ.URL.ENDSWITH(\".js\")" -action CACHE -storeInGroup ctx_cg_poc add cache policy ctx_web_JavaScript-Res -rule "HTTP.RES.HEADER(\"Content-Type\").CONTAINS(\"application/x-javascript\")" -action CACHE -storeInGroup ctx_cg_poc add cache policy ctx_NOCACHE_Cleanup -rule TRUE -action NOCACHE add cache policylabel _reqBuiltinDefaults -evaluates REQ add cache policylabel _resBuiltinDefaults -evaluates RES bind cache policylabel _reqBuiltinDefaults -policyName _nonGetReq -priority 100 -gotoPriorityExpression END bind cache policylabel _reqBuiltinDefaults -policyName _advancedConditionalReq -priority 200 -gotoPriorityExpression END bind cache policylabel _reqBuiltinDefaults -policyName _personalizedReq -priority 300 -gotoPriorityExpression END bind cache policylabel _resBuiltinDefaults -policyName _uncacheableStatusRes -priority 100 -gotoPriorityExpression END bind cache policylabel _resBuiltinDefaults -policyName _uncacheableVaryRes -priority 200 -gotoPriorityExpression END bind cache policylabel _resBuiltinDefaults -policyName _uncacheableCacheControlRes -priority 300 -gotoPriorityExpression END bind cache policylabel _resBuiltinDefaults -policyName _cacheableCacheControlRes -priority 400 -gotoPriorityExpression END bind cache policylabel _resBuiltinDefaults -policyName _uncacheablePragmaRes -priority 500 -gotoPriorityExpression END bind cache policylabel _resBuiltinDefaults -policyName _cacheableExpiryRes -priority 600 -gotoPriorityExpression END bind cache policylabel _resBuiltinDefaults -policyName _imageRes -priority 700 -gotoPriorityExpression END bind cache policylabel _resBuiltinDefaults -policyName _personalizedRes -priority 800 -gotoPriorityExpression END bind cache global NOPOLICY -priority 185883 -gotoPriorityExpression USE_INVOCATION_RESULT -type REQ_DEFAULT -invoke policylabel _reqBuiltinDefaults bind cache global NOPOLICY -priority 185883 -gotoPriorityExpression USE_INVOCATION_RESULT -type RES_DEFAULT -invoke policylabel _resBuiltinDefaults bind lb vserver lb_vsrv_llb_ct svc_isp_ct bind lb vserver lb_vsrv_llb_cnc svc_isp_cnc bind lb vserver lb_vsrv_llb_all svc_isp_ct bind lb vserver lb_vsrv_llb_all svc_isp_cnc bind lb vserver lb_vsrv_dns_proxy svc_dns_lan_srv bind lb vserver lb_vsrv_dns_proxy svc_dns_isp_ct bind lb vserver lb_vsrv_dns_proxy svc_dns_isp_cnc set dns parameter -recursion ENABLED add dns nsRec . a.root-servers.net -TTL 3600000 add dns nsRec . b.root-servers.net -TTL 3600000 add dns nsRec . c.root-servers.net -TTL 3600000 add dns nsRec . d.root-servers.net -TTL 3600000 add dns nsRec . e.root-servers.net -TTL 3600000 add dns nsRec . f.root-servers.net -TTL 3600000 add dns nsRec . g.root-servers.net -TTL 3600000 add dns nsRec . h.root-servers.net -TTL 3600000 add dns nsRec . i.root-servers.net -TTL 3600000 add dns nsRec . j.root-servers.net -TTL 3600000 add dns nsRec . k.root-servers.net -TTL 3600000 add dns nsRec . l.root-servers.net -TTL 3600000 add dns nsRec . m.root-servers.net -TTL 3600000 bind cs vserver myUnifiedGateway -policyName UG_CSPOL_myUnifiedGateway -priority 63000 add dns nameServer lb_vsrv_dns_proxy set ns diameter -identity netscaler.com -realm com set subscriber gxInterface -pcrfRealm pcrf.com -servicePathAVP 262099 -servicePathVendorid 3845 set ns tcpbufParam -memLimit 200 add dns addRec k.root-servers.net 193.0.14.129 -TTL 3600000 add dns addRec l.root-servers.net 199.7.83.42 -TTL 3600000 add dns addRec a.root-servers.net 198.41.0.4 -TTL 3600000 add dns addRec b.root-servers.net 192.228.79.201 -TTL 3600000 add dns addRec c.root-servers.net 192.33.4.12 -TTL 3600000 add dns addRec d.root-servers.net 199.7.91.13 -TTL 3600000 add dns addRec m.root-servers.net 202.12.27.33 -TTL 3600000 add dns addRec i.root-servers.net 192.36.148.17 -TTL 3600000 add dns addRec j.root-servers.net 192.58.128.30 -TTL 3600000 add dns addRec g.root-servers.net 192.112.36.4 -TTL 3600000 add dns addRec h.root-servers.net 198.97.190.53 -TTL 3600000 add dns addRec e.root-servers.net 192.203.230.10 -TTL 3600000 add dns addRec f.root-servers.net 192.5.5.241 -TTL 3600000 set lb monitor ldns-dns LDNS-DNS -query . -queryType Address -deviation 0 -interval 6 -resptimeout 3 -downTime 20 set lb monitor stasecure CITRIX-STA-SERVICE -deviation 0 -interval 2 MIN -resptimeout 4 -downTime 5 set lb monitor sta CITRIX-STA-SERVICE -deviation 0 -interval 2 MIN -resptimeout 4 -downTime 5 add lb monitor mon_tcp_ct TCP -LRTM DISABLED -destIP 8.8.8.8 -destPort 53 -transparent YES -netProfile net_pf_ct add lb monitor mon_tcp_cnc TCP -LRTM DISABLED -destIP 8.8.8.8 -destPort 53 -transparent YES -netProfile net_pf_cnc add lb monitor mon_tcp_sync_ct TCP -LRTM DISABLED -destIP 8.8.8.8 -destPort 53 -netProfile net_pf_ct add lb monitor mon_tcp_sync_cnc TCP -LRTM DISABLED -destIP 8.8.8.8 -destPort 53 -netProfile net_pf_cnc add lb monitor mon_dns_lan_srv DNS -query sfwan.mtestadp.com -queryType Address -LRTM DISABLED -IPAddress 10.0.100.101 add lb monitor mon_dns_isp_ct DNS -query www.chinaunicom.com.cn -queryType Address -LRTM DISABLED -IPAddress 120.52.99.224 -netProfile net_pf_ct add lb monitor mon_dns_isp_cnc DNS -query www.chinaunicom.com.cn -queryType Address -LRTM DISABLED -IPAddress 120.52.99.224 -netProfile net_pf_cnc bind service svc_dns_isp_cnc -monitorName mon_dns_isp_cnc bind service svc_dns_isp_ct -monitorName mon_dns_isp_ct bind service svc_dns_lan_srv -monitorName mon_dns_lan_srv bind service svc_isp_cnc -monitorName mon_tcp_cnc bind service svc_isp_ct -monitorName mon_tcp_ct set ssl service vpndbssvc_-1330815517 -sessReuse ENABLED -sessTimeout 120 -ssl3 DISABLED -tls1 DISABLED -dtls1 DISABLED set ssl service nshttps-192.168.195.94-443 -eRSA ENABLED -sessReuse DISABLED -dtls1 DISABLED set ssl service nsrpcs-192.168.195.94-3008 -eRSA ENABLED -sessReuse DISABLED -dtls1 DISABLED set ssl service nsrnatsip-127.0.0.1-5061 -eRSA ENABLED -sessReuse DISABLED -dtls1 DISABLED set ssl service nskrpcs-127.0.0.1-3009 -eRSA ENABLED -sessReuse DISABLED -dtls1 DISABLED set ssl service nshttps-::1l-443 -eRSA ENABLED -sessReuse DISABLED -dtls1 DISABLED set ssl service nsrpcs-::1l-3008 -eRSA ENABLED -sessReuse DISABLED -dtls1 DISABLED set ssl service nshttps-127.0.0.1-443 -eRSA ENABLED -sessReuse DISABLED -dtls1 DISABLED set ssl service nsrpcs-127.0.0.1-3008 -eRSA ENABLED -sessReuse DISABLED -dtls1 DISABLED set ssl vserver auth_vs_10.0.100.101_443 -dtls1 DISABLED set ssl vserver _XD_10.0.100.101_443 -dtls1 DISABLED set ssl vserver myUnifiedGateway -dtls1 DISABLED set ssl vserver UG_VPN_myUnifiedGateway -dtls1 DISABLED add authentication Policy 10.0.100.101_443_sf_act_pol -rule true -action 10.0.100.101_443_sf_act add vpn sessionAction AC_OS_10.0.100.101 -transparentInterception OFF -defaultAuthorizationAction ALLOW -SSO ON -ssoCredential PRIMARY -icaProxy ON -wihome "https://ctxlic.mtestadp.com/Citrix/StoreWeb" -ClientChoices OFF -ntDomain mtestadp.com -clientlessVpnMode OFF -storefronturl "https://ctxlic.mtestadp.com" -sfGatewayAuthType sfAuth add vpn sessionAction AC_WB_10.0.100.101 -transparentInterception OFF -defaultAuthorizationAction ALLOW -SSO ON -ssoCredential PRIMARY -icaProxy ON -wihome "https://ctxlic.mtestadp.com/Citrix/StoreWeb" -ClientChoices OFF -ntDomain mtestadp.com -clientlessVpnMode OFF -sfGatewayAuthType sfAuth add vpn sessionAction UG_VPN_SAct_10.0.100.201 -transparentInterception ON -defaultAuthorizationAction ALLOW -SSO ON -ClientChoices ON -clientlessVpnMode ON add vpn sessionPolicy PL_OS_10.0.100.101 "HTTP.REQ.HEADER(\"User-Agent\").CONTAINS(\"CitrixReceiver\")" AC_OS_10.0.100.101 add vpn sessionPolicy PL_WB_10.0.100.101 "HTTP.REQ.HEADER(\"User-Agent\").CONTAINS(\"CitrixReceiver\").NOT" AC_WB_10.0.100.101 add vpn sessionPolicy UG_VPN_SPol_10.0.100.201 true UG_VPN_SAct_10.0.100.201 set vpn parameter -forceCleanup none -clientConfiguration all bind audit syslogGlobal -policyName SETSYSLOGPARAMS_ADV_POL -priority 2000000000 bind audit nslogGlobal -policyName SETNSLOGPARAMS_ADV_POL -priority 2000000000 add lb route 0.0.0.0 0.0.0.0 lb_vsrv_llb_all add lb route 4.2.2.1 255.255.255.255 lb_vsrv_llb_ct add lb route 4.2.2.2 255.255.255.255 lb_vsrv_llb_cnc bind aaa user testvpn -policy UG_VPN_SPol_10.0.100.201 -priority 80 -gotoPriorityExpression NEXT bind aaa user testvpn -policy auth_pol_user -priority 100 -gotoPriorityExpression END bind aaa group test_adpuser -policy UG_VPN_SPol_10.0.100.201 -priority 90 -gotoPriorityExpression NEXT bind aaa group test_adpuser -policy auth_pol_group -priority 100 -gotoPriorityExpression END bind system user testuser cmdPolicy_show_only 100 bind system group test_nsadmin -policyName superuser 100 bind system group test_nsoperators -policyName operator 100 bind system group test_nsreadonly -policyName read-only 100 bind tunnel global ns_tunnel_nocmp bind tunnel global ns_tunnel_msdocs -priority 4000 bind tunnel global ns_tunnel_mimetext -priority 6000 bind system global 192.168.185.191_LDAP_pol -priority 100 bind tm global -policyName SETTMSESSPARAMS_ADV_POL -priority 65534 -gotoPriorityExpression NEXT bind vpn vserver UG_VPN_myUnifiedGateway -intranetIP 192.168.185.80 255.255.255.248 bind vpn vserver _XD_10.0.100.101_443 -staServer "https://ctxlic.mtestadp.com" bind vpn vserver _XD_10.0.100.101_443 -portaltheme RfWebUI bind vpn vserver UG_VPN_myUnifiedGateway -portaltheme Greenbubble bind vpn vserver _XD_10.0.100.101_443 -policy _cacheTCVPNStaticObjects -priority 10 -gotoPriorityExpression END -type REQUEST bind vpn vserver _XD_10.0.100.101_443 -policy _cacheOCVPNStaticObjects -priority 20 -gotoPriorityExpression END -type REQUEST bind vpn vserver _XD_10.0.100.101_443 -policy _cacheVPNStaticObjects -priority 30 -gotoPriorityExpression END -type REQUEST bind vpn vserver _XD_10.0.100.101_443 -policy _mayNoCacheReq -priority 40 -gotoPriorityExpression END -type REQUEST bind vpn vserver _XD_10.0.100.101_443 -policy _cacheWFStaticObjects -priority 10 -gotoPriorityExpression END -type RESPONSE bind vpn vserver _XD_10.0.100.101_443 -policy _noCacheRest -priority 20 -gotoPriorityExpression END -type RESPONSE bind vpn vserver _XD_10.0.100.101_443 -policy PL_OS_10.0.100.101 -priority 100 -gotoPriorityExpression NEXT -type REQUEST bind vpn vserver _XD_10.0.100.101_443 -policy PL_WB_10.0.100.101 -priority 110 -gotoPriorityExpression NEXT -type REQUEST bind vpn vserver UG_VPN_myUnifiedGateway -policy 192.168.185.191_LDAP_pol -priority 60 bind vpn vserver UG_VPN_myUnifiedGateway -policy NS_GATEWAY_DEFAULT_LOCAL_POL -priority 64000 bind vpn vserver UG_VPN_myUnifiedGateway -urlName bing bind vpn vserver UG_VPN_myUnifiedGateway -urlName baidu bind vpn vserver UG_VPN_myUnifiedGateway -urlName certsrv bind vpn vserver UG_VPN_myUnifiedGateway -urlName doge bind vpn vserver UG_VPN_myUnifiedGateway -intranetApplication Intranet bind authentication vserver auth_vs_10.0.100.101_443 -policy _cacheTCVPNStaticObjects -priority 10 -gotoPriorityExpression END -type REQUEST bind authentication vserver auth_vs_10.0.100.101_443 -policy _cacheOCVPNStaticObjects -priority 20 -gotoPriorityExpression END -type REQUEST bind authentication vserver auth_vs_10.0.100.101_443 -policy _cacheVPNStaticObjects -priority 30 -gotoPriorityExpression END -type REQUEST bind authentication vserver auth_vs_10.0.100.101_443 -policy _mayNoCacheReq -priority 40 -gotoPriorityExpression END -type REQUEST bind authentication vserver auth_vs_10.0.100.101_443 -policy _cacheWFStaticObjects -priority 10 -gotoPriorityExpression END -type RESPONSE bind authentication vserver auth_vs_10.0.100.101_443 -policy _noCacheRest -priority 20 -gotoPriorityExpression END -type RESPONSE bind authentication vserver auth_vs_10.0.100.101_443 -policy auth_vs_10.0.100.101_443_schemapol -priority 1 -gotoPriorityExpression END bind authentication vserver auth_vs_10.0.100.101_443 -policy 10.0.100.101_443_sf_act_pol -priority 100 -gotoPriorityExpression NEXT add rnat rnat_lan_srv 192.168.185.0 255.255.255.0 bind rnat rnat_lan_srv 192.168.1.101 bind rnat rnat_lan_srv 10.0.100.101 bind ssl service nshttps-192.168.195.94-443 -certkeyName ns-server-certificate bind ssl service nsrpcs-192.168.195.94-3008 -certkeyName ns-server-certificate bind ssl service nsrnatsip-127.0.0.1-5061 -certkeyName ns-server-certificate bind ssl service nskrpcs-127.0.0.1-3009 -certkeyName ns-server-certificate bind ssl service nshttps-::1l-443 -certkeyName ns-server-certificate bind ssl service nsrpcs-::1l-3008 -certkeyName ns-server-certificate bind ssl service nshttps-127.0.0.1-443 -certkeyName ns-server-certificate bind ssl service nsrpcs-127.0.0.1-3008 -certkeyName ns-server-certificate bind ssl service nshttps-192.168.195.94-443 -eccCurveName P_256 bind ssl service nshttps-192.168.195.94-443 -eccCurveName P_384 bind ssl service nshttps-192.168.195.94-443 -eccCurveName P_224 bind ssl service nshttps-192.168.195.94-443 -eccCurveName P_521 bind ssl service nsrpcs-192.168.195.94-3008 -eccCurveName P_256 bind ssl service nsrpcs-192.168.195.94-3008 -eccCurveName P_384 bind ssl service nsrpcs-192.168.195.94-3008 -eccCurveName P_224 bind ssl service nsrpcs-192.168.195.94-3008 -eccCurveName P_521 bind ssl vserver auth_vs_10.0.100.101_443 -certkeyName sfwan-mtestadp-server.cert_CERT bind ssl vserver auth_vs_10.0.100.101_443 -certkeyName mtestadp-root-certificate -CA -ocspCheck Optional bind ssl vserver _XD_10.0.100.101_443 -certkeyName sfwan-mtestadp-server.cert_CERT bind ssl vserver _XD_10.0.100.101_443 -certkeyName mtestadp-root-certificate -CA -ocspCheck Optional bind ssl vserver myUnifiedGateway -certkeyName ugwan-mtestadp-server.cert_CERT bind ssl vserver UG_VPN_myUnifiedGateway -certkeyName ugwan-mtestadp-server.cert_CERT bind ssl vserver UG_VPN_myUnifiedGateway -certkeyName mtestadp-root-certificate -CA -ocspCheck Optional bind ssl vserver auth_vs_10.0.100.101_443 -eccCurveName P_256 bind ssl vserver auth_vs_10.0.100.101_443 -eccCurveName P_384 bind ssl vserver auth_vs_10.0.100.101_443 -eccCurveName P_224 bind ssl vserver auth_vs_10.0.100.101_443 -eccCurveName P_521 bind ssl vserver _XD_10.0.100.101_443 -eccCurveName P_256 bind ssl vserver _XD_10.0.100.101_443 -eccCurveName P_384 bind ssl vserver _XD_10.0.100.101_443 -eccCurveName P_224 bind ssl vserver _XD_10.0.100.101_443 -eccCurveName P_521 bind ssl vserver myUnifiedGateway -eccCurveName P_256 bind ssl vserver myUnifiedGateway -eccCurveName P_384 bind ssl vserver myUnifiedGateway -eccCurveName P_224 bind ssl vserver myUnifiedGateway -eccCurveName P_521 bind ssl vserver UG_VPN_myUnifiedGateway -eccCurveName P_256 bind ssl vserver UG_VPN_myUnifiedGateway -eccCurveName P_384 bind ssl vserver UG_VPN_myUnifiedGateway -eccCurveName P_224 bind ssl vserver UG_VPN_myUnifiedGateway -eccCurveName P_521 add appfw JSONContentType "^application/json$" -isRegex REGEX add appfw XMLContentType ".*/xml" -isRegex REGEX add appfw XMLContentType ".*/.*\\+xml" -isRegex REGEX add appfw XMLContentType ".*/xml-.*" -isRegex REGEX set ip6TunnelParam -srcIP :: set ptp -state ENABLE set ns param -cookieversion 1 -timezone "GMT+08:00-CST-Asia/Shanghai" set ns cqaparam -lr1probthresh 0.00e+00 -lr2probthresh 0.00e+00 set qos parameters -debuglevel 0 -dumpcore 4294967295 -dumpsession 0 -dumpqp 0 set urlfiltering parameter -HoursBetweenDBUpdates 24 -TimeOfDayToUpdateDB 03:00 -MaxNumberOfCloudThreads 4 -CloudKeepAliveTimeout 120000 -CloudServerConnectTimeout 1000 -CloudDBLookupTimeout 2000 -seedDBSizeLevel 1 -LocalDatabaseThreads 1 set videooptimization parameter -RandomSamplingPercentage 0.00e+00
=============== End
分类:
ns
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 阿里最新开源QwQ-32B,效果媲美deepseek-r1满血版,部署成本又又又降低了!
· SQL Server 2025 AI相关能力初探
· AI编程工具终极对决:字节Trae VS Cursor,谁才是开发者新宠?
· 开源Multi-agent AI智能体框架aevatar.ai,欢迎大家贡献代码
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南