set vip multi-port [Enter]
save [Enter]
reset [Enter]
The multi-port command will match the first port it sees in the custom service.
Next, define a custom service for PPTP and apply this service in the VIP. From the CLI:
set service CustomPPTP group "other" 47 src 2048-2048 dst 2048-2048 [Enter]
set service CustomPPTP + tcp src 0-65535 dst 1723-1723 [Enter]
set interface ethernet0/0 vip 2048 CustomPPTP 10.1.1.10 [Enter]
Finally, create an incoming policy with destination address as the VIP using the custom service object. From the CLI:
set policy from untrust to trust "any" "VIP::1" "CustomPPTP" permit [Enter]
save [Enter]
原文出处:Netkiller 系列 手札
本文作者:陈景峯
转载请与作者联系,同时请务必标明文章原始出处和作者信息及本声明。