148 lines
4.2 KiB
Django/Jinja
148 lines
4.2 KiB
Django/Jinja
[MAAT]
|
|
PROFILE="./tsgconf/maat.conf"
|
|
|
|
[TSG_LOG]
|
|
IPFIX_SCHEMA_PROFILE=./tsgconf/firewall_logger_ipfix_schema.json
|
|
LOGGER_SCHEMA_PROFILE=./tsgconf/firewall_logger_transmitter_schema.json
|
|
|
|
TRAFFIC_VSYSTEM_ID={% raw %}{{ vsys_id }}
|
|
{% endraw %}
|
|
|
|
NIC_NAME="{{ control_and_policy.nic_name }}"
|
|
|
|
COMMON_FIELD_FILE="tsgconf/tsg_log_field.conf"
|
|
{% raw %}
|
|
{% if sessionrecord.enable_contains_app_id == 1 %}
|
|
SEND_APP_ID_SWITCH=1
|
|
{% else %}
|
|
SEND_APP_ID_SWITCH=0
|
|
{% endif %}
|
|
{% if sessionrecord.enable_interim_record == 1 %}
|
|
SEND_INTERIM_RECORD=1
|
|
{% else %}
|
|
SEND_INTERIM_RECORD=0
|
|
{% endif %}
|
|
{% if sessionrecord.enable_transcation_record == 1 %}
|
|
SEND_TRANSACTION_RECORD=1
|
|
{% else %}
|
|
SEND_TRANSACTION_RECORD=0
|
|
{% endif %}
|
|
{% endraw %}
|
|
TCP_MIN_PKTS=3
|
|
TCP_MIN_BYTES=5
|
|
UDP_MIN_PKTS=3
|
|
UDP_MIN_BYTES=5
|
|
|
|
[SYSTEM]
|
|
NIC_NAME="{{ control_and_policy.nic_name }}"
|
|
{% raw %}{% if data_center.id is defined %}
|
|
DATACENTER_ID={{ data_center.id }}
|
|
{% elif session_id_generator.snowflake_worker_id_base is defined %}
|
|
DATACENTER_ID={{ session_id_generator.snowflake_worker_id_base }}
|
|
{% else %}
|
|
DATACENTER_ID={{ session_id_generator.snowflake_worker_id_base }}
|
|
{% endif %}
|
|
{% endraw %}
|
|
LOG_LEVEL=30
|
|
LOG_PATH="firewall.log"
|
|
L7_PROTOCOL_FILE="./tsgconf/firewall_l7_protocol.conf"
|
|
DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'adc' '{print $2}'"
|
|
{% raw %}{% if device.sequence_in_data_center is defined %}
|
|
DEVICE_SEQ_IN_DATA_CENTER={{ device.sequence_in_data_center }}
|
|
{% elif session_id_generator.snowflake_worker_id_offset is defined %}
|
|
DEVICE_SEQ_IN_DATA_CENTER={{ session_id_generator.snowflake_worker_id_offset }}
|
|
{% else %}
|
|
DEVICE_SEQ_IN_DATA_CENTER={{ session_id_generator.snowflake_worker_id_offset }}
|
|
{% endif %}
|
|
{% endraw %}
|
|
GENERATE_JA3_FINGERPRINT=1
|
|
PERIODIC_SCAN_INTERVAL_MS=120000
|
|
|
|
[FIREWALL]
|
|
# hijack, replace
|
|
DNS_RESPONSE_MODE=replace
|
|
HTTP_PAGE200=./tsgconf/HTTP200.html
|
|
HTTP_PAGE204=./tsgconf/HTTP204.html
|
|
HTTP_PAGE403=./tsgconf/HTTP403.html
|
|
HTTP_PAGE404=./tsgconf/HTTP404.html
|
|
|
|
[FIREWALL_LOCAL_STAT]
|
|
STAT_NAME="firewall"
|
|
STAT_INTERVAL_TIME_S=5
|
|
STAT_OUTPATH="metrics/firewall_local_file_stat.json"
|
|
|
|
[context_based_detector]
|
|
LOG_LEVEL=30
|
|
LOG_PATH="log/context_based_detector.log"
|
|
SENDBACK_SWITCH=0
|
|
|
|
[APP_SKETCH_FEEDBACK]
|
|
QOS=0
|
|
PUBLISH_TOPIC="APP_SIGNATURE_ID"
|
|
#CLIENT_ID=
|
|
#BROKER_IP=
|
|
#BROKER_PORT=
|
|
|
|
[qdpi_detector]
|
|
debug_swtich=30
|
|
intput_max_packet=20
|
|
qmdpi_engine_config=injection_mode=stream;nb_workers={{ workload_firewall.worker_threads }};nb_flows=8000;basic_dpi_enable=1;classification_cache_enable=0;fm_flow_table_alloc_mode=0
|
|
|
|
[TSG_DDOS_SKETCH]
|
|
debug_swtich=30
|
|
en_screen=1
|
|
throughput=1
|
|
mv_depth=4
|
|
mv_width=13660
|
|
timestemp=5
|
|
max_report_num=5000
|
|
min_report_num=0
|
|
{% raw %}tcp_flood_thresh="{{ ddossketch.tcp_flood_report_thresh }}"
|
|
udp_flood_thresh="{{ ddossketch.udp_flood_report_thresh }}"
|
|
icmp_flood_thresh="{{ ddossketch.icmp_flood_report_thresh }}"
|
|
dns_flood_thresh="{{ ddossketch.dns_flood_report_thresh }}"
|
|
{% endraw %}
|
|
|
|
{% if dp_steering_firewall.enable_mirror == 1 %}
|
|
[TRAFFIC_MIRROR]
|
|
TRAFFIC_MIRROR_ENABLE=1
|
|
NIC_NAME="{{ dp_traffic_mirror.nic_name }}"
|
|
DEFAULT_VLAN_ID={{ dp_traffic_mirror.traffic_mirror_vlan_id }}
|
|
{% endif %}
|
|
|
|
{% raw %}
|
|
[SHAPING]
|
|
SWARMKV_CLUSTER_NAME="tsg-shaping-vsys{{ vsys_id }}"
|
|
SWARMKV_NODE_IP="0.0.0.0"
|
|
SWARMKV_NODE_PORT=8551
|
|
SWARMKV_CONSUL_IP="127.0.0.1"
|
|
SWARMKV_CONSUL_PORT=8500
|
|
|
|
SWARMKV_CLUSTER_ANNOUNCE_IP="127.0.0.1"
|
|
SWARMKV_CLUSTER_ANNOUNCE_PORT=8551
|
|
|
|
SWARMKV_HEALTH_CHECK_PORT=8552
|
|
SWARMKV_HEALTH_CHECK_ANNOUNCE_PORT=8552
|
|
|
|
TELEGRAF_IP="127.0.0.1"
|
|
TELEGRAF_PORT=8200
|
|
SESSION_QUEUE_LEN_MAX=128
|
|
PRIORITY_QUEUE_LEN_MAX=1024
|
|
#POLLING_NODE_NUM_MAX=[ 3, 2, 2, 1, 1, 1, 1, 1, 1, 1 ]
|
|
POLLING_NODE_NUM_MAX={"polling_node_num_max":[ 3, 2, 2, 1, 1, 1, 1, 1, 1, 1 ]}
|
|
{% endraw %}
|
|
|
|
[PROTO_IDENTIFY]
|
|
MAX_IDENTIFY_PACKETS=10
|
|
|
|
[SESSION_FLAGS]
|
|
#RANDOM_LOOKING_JUDGE_LIST={"random_looking_judge_list":[ "frequency", "block_frequency", "cumulative_sums", "runs", "longest_run", "rank", "non_overlapping_template_matching", "overlapping_template_matching", "universal", "random_excursions", "random_excursions_variant", "poker_detect", "runs_distribution", "self_correlation", "binary_derivative" ]}
|
|
RANDOM_LOOKING_JUDGE_LIST={"random_looking_judge_list":[]}
|
|
|
|
[SF_CLASSIFIER]
|
|
SYNC_MODE=1
|
|
|
|
[STAT_POLICY_ENFORCER]
|
|
POLICY_CYCLE_INTERVAL_S=1
|
|
POLICY_CYCLE_NUM_SUBMIT=4
|