! ---------- EDR-G902 ----------
mode router
bridge address 192.168.127.254 255.255.255.0
interface wan
 ip address static 192.168.150.50 255.255.252.0 192.168.150.1 
 warning-notification port-event event link-on
 warning-notification port-event event link-off
firewall 1
 action accept
 interface WAN LAN
 protocol all
 mode mac
 src-mac 0a:bf:4c:7e:da:2b
 src-ip all
 src-port all
 dst-ip all
 dst-port all
 logging severity 6
 logging syslog
firewall 2
 action accept
 interface WAN LAN
 protocol all
 mode mac
 src-mac 50:2a:8a:ef:9e:56
 src-ip all
 src-port all
 dst-ip all
 dst-port all
 logging severity 6
 logging syslog
firewall 3
 action accept
 interface WAN LAN
 protocol all
 mode mac
 src-mac 40:3f:7b:4e:d3:51
 src-ip all
 src-port all
 dst-ip all
 dst-port all
 logging severity 6
 logging syslog
firewall 4
 action accept
 interface WAN LAN
 protocol all
 mode mac
 src-mac 30:56:3a:66:c2:10
 src-ip all
 src-port all
 dst-ip all
 dst-port all
 logging severity 6
 logging syslog
firewall 5
 action accept
 interface WAN LAN
 protocol all
 mode mac
 src-mac a8:45:cd:a7:f6:2c
 src-ip all
 src-port all
 dst-ip all
 dst-port all
 logging severity 6
 logging syslog
firewall 6
 action accept
  interface WAN LAN
 protocol all
 mode mac
 src-mac 23:34:10:87:1a:4f
 src-ip all
 src-port all
 dst-ip all
 dst-port all
 logging severity 6
 logging syslog
firewall 7
 action drop
 interface WAN all
 protocol all
 mode ip
 src-ip all
 src-port all
 dst-ip all
 dst-port all
 logging severity 6
 logging syslog
firewall 8
 action accept
 interface LAN WAN
 protocol all
 mode ip
 src-ip all
 src-port all
 dst-ip all
 dst-port all
 logging severity 6
 logging syslog
firewall 9
 action drop
 interface LAN WAN
 protocol tcp
 mode ip
 src-ip all
 src-port all
 dst-ip all
 dst-port single 80
 logging severity 6
 logging syslog
firewall 10
 action accept
 interface WAN LAN
 protocol tcp
 mode ip
 src-ip all
 src-port all
 dst-ip all
 dst-port all
 logging severity 6
firewall 16 disable
logging firewall
firewall malformed
firewall malformed logging severity 4
firewall malformed logging flash
firewall malformed logging syslog
ip nat dynamic inside 192.168.127.1 192.168.127.252 outside WAN
ip nat 1 disable
ip nat static tcp inside 192.168.103.102 3389 outside WAN 3392
ip nat static tcp inside 192.168.103.103 3389 outside WAN 3393
ip nat static tcp inside 192.168.103.122 3389 outside WAN 3394
ip nat static tcp inside 192.168.103.132 3389 outside WAN 3395
ip nat static tcp inside 192.168.103.113 3389 outside WAN 3396
ip nat dynamic inside 192.168.103.1 192.168.103.250 outside WAN
dos icmp-death 1000
dos syn-flood 4000
no dos syn-flood
logging dos
logging dos severity 4
logging dos flash
logging dos syslog
traffic priority interface lan
 max-bw 100
 default-priority 3
 priority 0 max-bw 10 min-bw 10
 priority 1 max-bw 20 min-bw 20
 priority 2 max-bw 30 min-bw 30
 priority 3 max-bw 40 min-bw 40
traffic priority interface wan
 max-bw 100
 default-priority 3
 priority 0 max-bw 10 min-bw 10
 priority 1 max-bw 20 min-bw 20
 priority 2 max-bw 30 min-bw 30
 priority 3 max-bw 40 min-bw 40
traffic policy incoming 1
 interface wan
 priority 0
 protocol all
 mode ip
 src-ip all
 src-port all
 dst-ip all
 dst-port all
traffic policy incoming 1 enable
traffic policy outgoing 1
 interface wan
 priority 0
 protocol all
 mode ip
 src-ip all
 src-port all
 dst-ip all
 dst-port all
traffic policy outgoing 1 enable
email-warning server 192.168.150.10 25
email-warning account b.ac efeecb13a7e8211cdeeb0ef1b38382fddeeb0ef1b38382fddeeb0ef1b38382fde484cb5447a4c794ca34872ea69ee5a3
email-warning sender b.ac@ngs.ru
email-warning mail-address 1 b.ac@ngs.ru
email-warning mail-address 2 e.bl@ngs.ru
email-warning mail-address 3 ebl@ngs.ru
warning-notification system-event cold-start active
warning-notification system-event warm-start active
warning-notification system-event pwr-trans-off active
warning-notification system-event pwr-trans-on active
warning-notification system-event config-changed active
warning-notification system-event auth-fail active
snmp-server trap-mode trap-v1
interface lan 
 ip address static 192.168.103.1 255.255.255.0
 warning-notification port-event event link-on
 warning-notification port-event event link-off
ip dhcp 
 network 192.168.103.150 192.168.103.200
 lease-time 60
clock timezone gmt 7
ntp server 
ntp synchornize 
ntp remote-server 192.168.150.1 
ip ddns service disable
relay-warning config relay 1
relay-warning override 
no lldp enable 
lldp timer 30
hostname Firewall/VPN Router 03617
snmp-server location Device Location
settingcheck firewall
settingcheck nat
settingcheck trusted-access
settingcheck timer 180
logging trusted-access severity 0
modbus-filter 1
 action accept
 protocol all
 src-ip all
 dst-ip all
 function 0
 uid 0
 interface all all 
modbus-filter 1 disable
username admin password cf6f0f2d6d517230deeb0ef1b38382fddeeb0ef1b38382fddeeb0ef1b38382fdc21cb01d25bea4553ce9382c0606afcc privilege 1
username user password c9e1dc3aed77c496deeb0ef1b38382fddeeb0ef1b38382fddeeb0ef1b38382fde2631217ae70c8923165d49700ecd69f privilege 2
moxa-utility 
ip telnet port 23
ip telnet
ip ssh port 22
ip ssh
ip telnet max-login-users 5
ip http-server port 80
ip http-server
ip http-server secure port 443
ip http-server secure
ip http-server max-login-users 5
ip auto-logout 0
auth radius auth-type pap
openvpn server 1
 device-type tun
 protocol udp
 port 1195
 no client-to-client 
 no comp-lzo 
 keepalive 
 cipher AES-256-CBC
 hash MD5
 network 192.168.104.0 255.255.255.0
 push route 192.168.103.0 255.255.255.0
 ca certificate cacert.cer
 certificate server.p12
 server-bridge 
 bridge-if LAN
 username In password As
 username E password ijE
 username A password ey
openvpn server 1 disable
openvpn client 1
 device-type tun
 protocol udp
 server 0.0.0.0 port 1194
 cipher BF-CBC
 hash SHA1
 comp-lzo 
 client-auth certificate
openvpn client 1 disable
openvpn client 2
 device-type tun
 bridge-if LAN
 protocol udp
 server 0.0.0.0 port 1194
 cipher BF-CBC
 hash SHA1
 comp-lzo 
 client-auth certificate
openvpn client 2 disable
password-policy minimum-length 4
no password-policy complexity-check
no password-policy complexity-check digit
no password-policy complexity-check alphabet
no password-policy complexity-check special-characters
no login-lockout 
login-lockout retry-threshold 5
login-lockout lockout-time 5
logging-capacity 85
no logging-capacity snmp-trap-warning
logging-capacity email-warning
logging-capacity over-size-action overwrite-oldest
mtu wan 1500
mtu lan 1500
hw-acc 
no hw-acc pppoe 
no hw-acc vlan