#
# アプリケーションごとに経路選択とフィルタリング(DPIを利用) : コマンド設定例 + Web GUI設定例
#

#
# 拠点
#

#
# ゲートウェイの設定
#
ip routing process normal
ip route default gateway pp 1 dpi 600001 600002 gateway tunnel 1
ip route (センターの固定グローバルIPアドレス) gateway pp 1

#
# LANインターフェースの設定
# (LAN1ポートを使用)
#
ip lan1 address 192.168.101.1/24

#
# WANインターフェースの設定
# (LAN2ポートを使用)
#
pp select 1
pp always-on on
pppoe use lan2
pp auth accept pap chap
pp auth myname (ISP2に接続するID) (ISP2に接続するパスワード)
ppp lcp mru on 1454
ppp ipcp msext on
ppp ccp type none
ip pp address (拠点の固定グローバルIPアドレス)
ip pp dpi filter in 600004 600005 600100
ip pp nat descriptor 1
pp enable 1

#
# VPN(IPsec)の設定
#
tunnel select 1
ipsec tunnel 1
ipsec sa policy 1 1 esp aes-cbc sha-hmac
ipsec ike keepalive log 1 off
ipsec ike keepalive use 1 on
ipsec ike local address 1 192.168.101.1
ipsec ike nat-traversal 1 on
ipsec ike pre-shared-key 1 text (事前共有鍵)
ipsec ike remote address 1 (センターの固定グローバルIPアドレス)
tunnel enable 1

#
# VPN(IPsec)の設定 (共通項目)
#
ipsec auto refresh on

#
# フィルターの設定
#
ip dpi filter 600001 pass * * 10001
ip dpi filter 600002 pass * * 10002
ip dpi filter 600003 pass * * 10003
ip dpi filter 600004 reject * * 10004
ip dpi filter 600005 reject * * 10005
ip dpi filter 600006 pass * * 10006
ip dpi filter 600100 pass * * *
dpi group set 10001 name=ymh_dpi_office365 office365 sharepoint_online lync_online outlook ms_sway ms_planner ms_onenote excel_online one_drive word_online powerpoint_online office_docs power_bi ms_teams
dpi group set 10002 name=ymh_dpi_win_apple_update windows_update apple_update ios_ota_update
dpi group set 10003 name=ymh_dpi_video_and_music @audio_video youtube
dpi group set 10004 name=ymh_dpi_games @game secondlife hangame qq_games xboxlive_marketplace call_of_duty
dpi group set 10005 name=ymh_dpi_p2p bittorrent winmx winny share perfect_dark
dpi group set 10006 name=ymh_dpi_sns facebook mixi orkut twitter qq_weibo google_plus instagram twipple tiktok

#
# NATの設定
#
nat descriptor type 1 masquerade
nat descriptor masquerade static 1 1 192.168.101.1 udp 500
nat descriptor masquerade static 1 2 192.168.101.1 esp

#
# DHCPの設定
#
dhcp service server
dhcp server rfc2131 compliant except remain-silent
dhcp scope 1 192.168.101.2-192.168.101.100/24

#
# DNSの設定
#
dns host lan1
dns server 192.168.100.1
dns private address spoof on

#
# DPIの設定
#
dpi use on
external-memory dpi signature directory (保存先のディレクトリーパス)

#
# 統計機能の設定
#
external-memory statistics filename prefix (保存先の外部メモリー):/(ファイル名のプレフィックス)
statistics cpu on
statistics memory on
statistics traffic on
statistics flow on
statistics nat on
statistics filter on
statistics application on