129 lines
5.9 KiB
INI
129 lines
5.9 KiB
INI
; ----------------------------------------------------------------------------------------
|
|
; Security Gateway Configuration
|
|
;
|
|
; The format of this file is a series of key/value pairs, separated by one or more spaces.
|
|
; The key part is a string, the value part can either be a string or a list. A list is
|
|
; simply a series of key/value pairs enclosed in braces. The values in a list can contain
|
|
; more lists for arbitrary nesting. A value may be enclosed in double-quotes (") if it
|
|
; contains spaces which should be considered part of the value. The expected type of a
|
|
; value depends on which key it is a part of and its context.
|
|
;
|
|
; Finally, comments can be added on any line by prepending it with a semicolon.
|
|
; ----------------------------------------------------------------------------------------
|
|
|
|
; ----------------------------------------------------------------------------------------
|
|
; Client Configuration
|
|
;
|
|
; This section specifies the maximum number of simultaneous clients that can be supported,
|
|
; as well as the number of past clients that are remembered to defend against replaying
|
|
; valid key-exchange initiator packets repeatedly.
|
|
; ----------------------------------------------------------------------------------------
|
|
|
|
EnableConnectionServices 1 ; Provide connection services to clients
|
|
;SgToXbScanFrequencyInSeconds 5
|
|
;SgToXbTimeoutInSeconds 20
|
|
;SgToXbKeyExTimeoutInSeconds 10
|
|
;SgToXbPulseTimeoutInSeconds 5
|
|
;XbToSgTimeoutInSeconds 20
|
|
;XbToSgPulseTimeoutInSeconds 5
|
|
;SpiFlow 1 ; Trace data packets flowing through the gateway
|
|
;SpiFlowDataLimit 16 ; Trace first few bytes of data packet payloads
|
|
|
|
; ----------------------------------------------------------------------------------------
|
|
; Datacenter Configuration
|
|
; ----------------------------------------------------------------------------------------
|
|
|
|
PresenceServer
|
|
{
|
|
Ip 10.0.0.1 ; IP of the presence server
|
|
Port 80 ; Port of the presence server
|
|
}
|
|
|
|
MonitoringServer
|
|
{
|
|
Ip 10.0.0.1 ; IP of monitoring server
|
|
Port 4002 ; Port of monitoring server
|
|
}
|
|
|
|
MonitoringServer
|
|
{
|
|
Ip 10.0.0.3 ; IP of monitoring server
|
|
Port 4002 ; Port of monitoring server
|
|
}
|
|
|
|
; ----------------------------------------------------------------------------------------
|
|
; Network Interfaces
|
|
;
|
|
; This section specifies the set of network interfaces the gateway is connected to.
|
|
; There must be at least one Internet and one Datacenter Network Interface defined.
|
|
; ----------------------------------------------------------------------------------------
|
|
|
|
NetworkInterface
|
|
{
|
|
Type Internet ; Interface is connected to the Internet
|
|
Ip 10.0.0.2 ; Static IP address of this interface
|
|
IpMask 255.0.0.0 ; Subnet mask of this interface
|
|
IpGateway 10.0.0.1 ; Gateway of this interface
|
|
VLan sg@Internet ; VLan this interface is connected to
|
|
}
|
|
|
|
NetworkInterface
|
|
{
|
|
Type Datacenter ; Interface is connected to the Datacenter
|
|
Ip 10.1.0.1 ; Static IP address of this interface
|
|
IpEnd 10.1.254.254 ; Static IP address of this interface
|
|
IpMask 255.0.0.0 ; Subnet mask of this interface
|
|
IpGateway 10.0.0.1 ; Gateway of this interface
|
|
IpAdmin 10.0.0.100 ; Admin IP address of this interface
|
|
VLan sg@Datacenter ; VLan this interface is connected to
|
|
}
|
|
|
|
; ----------------------------------------------------------------------------------------
|
|
; Services
|
|
;
|
|
; This section specifies the Id and Name of each service that any of the servers
|
|
; behind the gateway provide. There is a maximum of 32 services that can be specified.
|
|
; Note that only those services which are referenced by the Servers section need be
|
|
; listed here.
|
|
; ----------------------------------------------------------------------------------------
|
|
|
|
Service
|
|
{
|
|
Id 0 ; Id of the service
|
|
Name Default ; Name of the service
|
|
}
|
|
|
|
; ----------------------------------------------------------------------------------------
|
|
; Servers
|
|
;
|
|
; Each server in the datacenter is assigned an Id that the client uses as the destination
|
|
; port to address UDP or TCP packets. This port is used to route the packet to the
|
|
; given server on the datacenter. Note that each server must have a unique Ip/Port pair.
|
|
; That is, it is illegal for two server records to point to the same Ip/Port. It is
|
|
; acceptable, however, to have two server records point to the same Ip on different Ports.
|
|
; ----------------------------------------------------------------------------------------
|
|
|
|
Server
|
|
{
|
|
Id 1 ; The Id of this server (dest port to client)
|
|
Ip 10.0.0.4 ; Ip of server in datacenter
|
|
Port 127 ; Port of server in datacenter
|
|
Service Default ; Service this server provides
|
|
}
|
|
|
|
Server
|
|
{
|
|
Id 2 ; The Id of this server (dest port to client)
|
|
Ip 10.0.0.5 ; Ip of server in datacenter
|
|
Port 80 ; Port of server in datacenter
|
|
Service Default ; Service this server provides
|
|
}
|
|
|
|
Server
|
|
{
|
|
Id 3 ; The id of this server (dest port to client)
|
|
Ip 10.0.0.6 ; Ip of server in datacenter
|
|
Port 123 ; Port of server in datacenter
|
|
Service Default ; Service this server provides
|
|
}
|