gfwleak/tsg-tsg-os-buildimage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-09-14. You can view files and clone it, but cannot push or open issues or pull requests.
Files
1671b671c3db69feff724ce72ed2f8635cb91c72
tsg-tsg-os-buildimage/ansible/roles/firewall/templates/main.conf.j2.j2

214 lines
5.3 KiB
Django/Jinja
Raw Blame History

[MAAT]
PROFILE="./tsgconf/maat.conf"
SUBSCRIBER_ID_TABLE="TSG_OBJ_SUBSCRIBER_ID"
CB_SUBSCRIBER_IP_TABLE="TSG_DYN_SUBSCRIBER_IP"
IP_ADDR_TABLE="TSG_SECURITY_ADDR"
LOCATION_TABLE_TYPE=19
[TSG_LOG]
MODE=1
VSYSTEM_ID={% raw %}{{ vsys_id }}
{% endraw %}
NAMESPACE_ID=1
NIC_NAME="{{ control_and_policy.nic_name }}"
MAX_SERVICE=1
LOG_LEVEL=30
LOG_PATH="log/master.kafka"
SASL_USERNAME="admin"
SASL_PASSWD="galaxy2019"
{% raw %}BROKER_LIST="{{ olap.kafka_broker.address_list | join(",") }}"
{% endraw %}
COMMON_FIELD_FILE="tsgconf/tsg_log_field.conf"
SEND_APP_ID_SWITCH=0
SEND_NAT_LINKINFO_SWITCH=0
[SECURITY_HITS]
CYCLE=1000
TELEGRAF_PORT=8400
TELEGRAF_IP="127.0.0.1"
APP_NAME="security_rule_hits"
[STATISTIC]
CYCLE=5
TELEGRAF_PORT=8100
TELEGRAF_IP="127.0.0.1"
OUTPUT_PATH="./tsg_statistic.log"
APP_NAME="statistic"
[FIELD_STAT]
CYCLE=5
TELEGRAF_PORT=8100
TELEGRAF_IP="127.0.0.1"
OUTPUT_PATH="./tsg_stat.log"
APP_NAME="tsg_master"
[SYSTEM]
NIC_NAME="{{ control_and_policy.nic_name }}"
{% raw %}{% if data_center.id is defined %}
DATACENTER_ID={{ data_center.id }}
{% elif session_id_generator.snowflake_worker_id_base is defined %}
DATACENTER_ID={{ session_id_generator.snowflake_worker_id_base }}
{% else %}
DATACENTER_ID={{ session_id_generator.snowflake_worker_id_base }}
{% endif %}
{% endraw %}
LOG_LEVEL=30
LOG_PATH="log/master.log"
POLICY_PRIORITY_LABEL="POLICY_PRIORITY"
L7_PROTOCOL_FILE="./tsgconf/tsg_l7_protocol.conf"
DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'adc' '{print $2}'"
{% raw %}{% if device.sequence_in_data_center is defined %}
DEVICE_SEQ_IN_DATA_CENTER={{ device.sequence_in_data_center }}
{% elif session_id_generator.snowflake_worker_id_offset is defined %}
DEVICE_SEQ_IN_DATA_CENTER={{ session_id_generator.snowflake_worker_id_offset }}
{% else %}
DEVICE_SEQ_IN_DATA_CENTER={{ session_id_generator.snowflake_worker_id_offset }}
{% endif %}
{% endraw %}
FEATURE_TAMPER=1
[TSG_CONN_SKETCH]
tcp_min_pkts=3
tcp_min_bytes=5
udp_min_pkts=3
udp_min_bytes=5
log_service=2
interim_service=6
transaction_service=7
{% raw %}
{% if sessionrecord.enable_interim_record == 1 %}
interim_service_switch=1
{% else %}
interim_service_switch=0
{% endif %}
{% if sessionrecord.enable_transcation_record == 1 %}
transaction_service_switch=1
{% else %}
transaction_service_switch=0
{% endif %}
{% endraw %}
interim_intervals_time = 120
sendlog_in_tcp_close=1
send_dns_rr_switch=0
[HOS_CONF]
{% raw %}
{% if firewall.enable_hos == 1 %}
hos_serverip="{{ olap.hos_server.address }}"
hos_serverport={{ olap.hos_server.port }}
hos_token="{{ olap.hos_server.token }}"
hos_log_level=30
hos_timeout=20
hos_connection_timeout=10
hos_thread_max_store_request_num=5000
hos_thread_max_store_size=1073741824
hos_thread_batch_request_num=20
hos_thread_max_connection_num=10
hos_fd_request_cache_size=1500
hos_fd_request_cache_count=10
{% endif %}
{% endraw %}
[APP_SKETCH_LOCAL]
LOG_LEVEL=30
LOG_PATH="log/app_sketch.log"
SENDBACK_SWITCH=0
SCAN_UDP_PAYLOAD_NUM=8
SCAN_TCP_PAYLOAD_NUM=8
C2S_PKT_SIZE_NUM=4
S2C_PKT_SIZE_NUM=4
[APP_SKETCH_FEEDBACK]
QOS=0
PUBLISH_TOPIC="APP_SIGNATURE_ID"
#CLIENT_ID=
#BROKER_IP=
#BROKER_PORT=
[APP_PROTO_ENGINE]
debug_swtich=30
nb_flows=8000
classification_cache_enable=0
basic_dpi_enable=1
[TSG_DDOS_SKETCH]
debug_swtich=30
throughput=1
mv_depth=4
mv_width=13660
timestemp=5
max_report_num=5000
min_report_num=0
{% raw %}tcp_flood_thresh="{{ ddossketch.tcp_flood_report_thresh }}"
udp_flood_thresh="{{ ddossketch.udp_flood_report_thresh }}"
icmp_flood_thresh="{{ ddossketch.icmp_flood_report_thresh }}"
dns_flood_thresh="{{ ddossketch.dns_flood_report_thresh }}"
{% endraw %}
{% if dp_steering_firewall.enable_mirror == 1 %}
[TRAFFIC_MIRROR]
TRAFFIC_MIRROR_ENABLE=1
NIC_NAME="{{ dp_traffic_mirror.nic_name }}"
DEFAULT_VLAN_ID={{ dp_traffic_mirror.traffic_mirror_vlan_id }}
{% endif %}
[RADIUS_PLUG]
{% raw %}{% set tags_list = [] %}
{% if data_center.name is defined %}
{% set tag_json = "{\"tag\":\"" ~ "data_center" ~ "\",\"value\":\"" ~ data_center.name ~ "\"}" %}
{{tags_list.append(tag_json)}}{% endif %}
{% if device.tags is defined %}
{% for device_tag in device.tags %}
{% for key,value in device_tag.items() %}
{% set tag_json = "{\"tag\":\"" ~ key ~ "\",\"value\":\"" ~ value ~ "\"}" %}
{{tags_list.append(tag_json)}}{% endfor %}
{% endfor %}
{% endif %}
{% if data_center.name is not defined and device.tags is not defined %}
{{ device.tags }}
{% endif %}
DEVICE_TAGS={"tags":[{{ tags_list | join(",") }}]}
{% endraw %}
PACKET_TYPE_FLAG=16
COLLECT_TOPIC="RADIUS-RECORD"
SERVICE_ID=162
LOG_PATH="./log/radius_collect_plug/radius_collect_plug"
LOG_LEVEL=30
[GTP_SIGNALING]
{% raw %}{% if gtp.enable_gtp_c_record == 1 %}
SENDLOG_SWITCH=1
{% else %}
SENDLOG_SWITCH=0
{% endif %}
{% endraw %}
#NO/HASH/REDIS
SIGNALING_ORIGIN="REDIS"
[CAPTURE]
{% raw %}
HOS_IP="{{ olap.hos_server.address }}"
HOS_PORT={{ olap.hos_server.port }}
{% endraw %}
{% raw %}
[SHAPING]
SWARMKV_CLUSTER_NAME="tsg-shaping-vsys{{ vsys_id }}"
SWARMKV_NODE_IP="0.0.0.0"
SWARMKV_NODE_PORT=8551
SWARMKV_CONSUL_IP="127.0.0.1"
SWARMKV_CONSUL_PORT=8500
SWARMKV_CLUSTER_ANNOUNCE_IP="127.0.0.1"
SWARMKV_CLUSTER_ANNOUNCE_PORT=8551
SWARMKV_HEALTH_CHECK_PORT=8552
SWARMKV_HEALTH_CHECK_ANNOUNCE_PORT=8552
TELEGRAF_IP="127.0.0.1"
TELEGRAF_PORT=8200
SESSION_QUEUE_LEN_MAX=128
PRIORITY_QUEUE_LEN_MAX=1024
#POLLING_NODE_NUM_MAX=[ 3, 2, 2, 1, 1, 1, 1, 1, 1, 1 ]
POLLING_NODE_NUM_MAX={"polling_node_num_max":[ 3, 2, 2, 1, 1, 1, 1, 1, 1, 1 ]}
{% endraw %}
Reference in New Issue View Git Blame Copy Permalink