onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-18 17:27:20 +01:00
Code Issues Releases Wiki Activity

* PIXImporterNat.cpp (buildSNATRule): see #2319 "Imported nat

Browse Source 
rules with multi-line access-lists have only the first entry"
This commit is contained in:
Vadim Kurland 2011-04-07 13:50:01 -07:00
parent 3af17b4404
commit 30ee6d2f12
10 changed files with 621 additions and 349 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION
View File

@ -7,7 +7,7 @@ FWB_MICRO_VERSION=0
# build number is like "nano" version number. I am incrementing build
# number during development cycle
#
BUILD_NUM="3519"
BUILD_NUM="3520"
VERSION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION.$BUILD_NUM"

2
VERSION.h
View File

@ -1,2 +1,2 @@
#define VERSION "4.2.0.3519"
#define VERSION "4.2.0.3520"
#define GENERATION "4.2"

3
doc/ChangeLog
View File

@ -1,5 +1,8 @@
2011-04-07 vadim <vadim@netcitadel.com>
* PIXImporterNat.cpp (buildSNATRule): see #2319 "Imported nat
rules with multi-line access-lists have only the first entry"
* PIXImporterRun.cpp (run): see #2167 Implemented import of
"names" and "name" commands in PIX/ASA configs.

2
packaging/fwbuilder-static-qt.spec
View File

@ -3,7 +3,7 @@
%define name fwbuilder
%define version 4.2.0.3519
%define version 4.2.0.3520
%define release 1
%if "%_vendor" == "MandrakeSoft"

2
packaging/fwbuilder.control
View File

@ -4,6 +4,6 @@ Replaces: fwbuilder (<=4.1.1-1), fwbuilder-common, fwbuilder-bsd, fwbuilder-linu
Priority: extra
Section: checkinstall
Maintainer: vadim@fwbuilder.org
Version: 4.2.0.3519-1
Version: 4.2.0.3520-1
Depends: libqt4-gui (>= 4.3.0), libxml2, libxslt1.1, libsnmp | libsnmp15
Description: Firewall Builder GUI and policy compilers

2
packaging/fwbuilder.spec
View File

@ -1,6 +1,6 @@
%define name fwbuilder
%define version 4.2.0.3519
%define version 4.2.0.3520
%define release 1
%if "%_vendor" == "MandrakeSoft"

195
src/import/PIXImporterNat.cpp
View File

@ -162,45 +162,6 @@ void PIXImporter::buildDNATRule()
if (s) tdst->addRef( s );
}
if ( ! real_addr_acl.empty())
{
UnidirectionalRuleSet *rs = all_rulesets[real_addr_acl];
if (rs)
{
PolicyRule *policy_rule = PolicyRule::cast(
rs->ruleset->getFirstByType(PolicyRule::TYPENAME));
if (policy_rule)
{
RuleElement* osrc = rule->getOSrc();
RuleElement* osrv = rule->getOSrv();
RuleElement* tdst = rule->getTDst();
/* copy objects from a policy rule into
* rule elements of a nat rule
*
* Src --> TDst
* Dst --> OSrc
* Srv --> OSrv
*/
RuleElement *re = policy_rule->getSrc();
for (FWObject::iterator it=re->begin(); it!=re->end(); ++it)
tdst->addRef(FWReference::getObject(*it));
re = policy_rule->getDst();
for (FWObject::iterator it=re->begin(); it!=re->end(); ++it)
osrc->addRef(FWReference::getObject(*it));
re = policy_rule->getSrv();
for (FWObject::iterator it=re->begin(); it!=re->end(); ++it)
osrv->addRef(FWReference::getObject(*it));
}
rs->to_be_deleted = true;
}
}
if ( ! mapped_port_spec.empty())
{
src_port_spec = "";
@ -235,9 +196,62 @@ void PIXImporter::buildDNATRule()
assert(itf_o_re!=NULL);
itf_o_re->addRef(pre_intf);
// add it to the current ruleset
current_ruleset->ruleset->add(rule);
addStandardImportComment(rule, QString::fromUtf8(rule_comment.c_str()));
if ( ! real_addr_acl.empty())
{
UnidirectionalRuleSet *rs = all_rulesets[real_addr_acl];
if (rs)
{
for(FWObject::iterator rs_it=rs->ruleset->begin();
rs_it!=rs->ruleset->end(); ++rs_it)
{
PolicyRule *policy_rule = PolicyRule::cast(*rs_it);
if (policy_rule)
{
FWObjectDatabase *dbroot = getFirewallObject()->getRoot();
NATRule *nat_rule = NATRule::cast(
dbroot->create(NATRule::TYPENAME));
nat_rule->duplicate(rule);
RuleElement* osrc = nat_rule->getOSrc();
RuleElement* osrv = nat_rule->getOSrv();
RuleElement* tdst = nat_rule->getTDst();
/* copy objects from a policy rule into
* rule elements of a nat rule
*
* Src --> TDst
* Dst --> OSrc
* Srv --> OSrv
*/
RuleElement *re = policy_rule->getSrc();
FWObject::iterator it;
for (it=re->begin(); it!=re->end(); ++it)
tdst->addRef(FWReference::getObject(*it));
re = policy_rule->getDst();
for (it=re->begin(); it!=re->end(); ++it)
osrc->addRef(FWReference::getObject(*it));
re = policy_rule->getSrv();
for (it=re->begin(); it!=re->end(); ++it)
osrv->addRef(FWReference::getObject(*it));
current_ruleset->ruleset->add(nat_rule);
addStandardImportComment(
nat_rule, QString::fromUtf8(rule_comment.c_str()));
}
}
rs->to_be_deleted = true;
}
} else
{
// add it to the current ruleset
current_ruleset->ruleset->add(rule);
addStandardImportComment(rule, QString::fromUtf8(rule_comment.c_str()));
}
}
/*
@ -289,44 +303,6 @@ void PIXImporter::buildSNATRule()
if (s) osrc->addRef( s );
}
if ( ! nat_acl.empty())
{
UnidirectionalRuleSet *rs = all_rulesets[nat_acl];
if (rs)
{
PolicyRule *policy_rule = PolicyRule::cast(
rs->ruleset->getFirstByType(PolicyRule::TYPENAME));
if (policy_rule)
{
RuleElement* osrc = rule->getOSrc();
RuleElement* odst = rule->getODst();
RuleElement* osrv = rule->getOSrv();
/* copy objects from a policy rule into "original"
* rule elements of a nat rule
*
* Src --> OSrc
* Dst --> ODst
* Srv --> OSrv
*/
RuleElement *re = policy_rule->getSrc();
for (FWObject::iterator it=re->begin(); it!=re->end(); ++it)
osrc->addRef(FWReference::getObject(*it));
re = policy_rule->getDst();
for (FWObject::iterator it=re->begin(); it!=re->end(); ++it)
odst->addRef(FWReference::getObject(*it));
re = policy_rule->getSrv();
for (FWObject::iterator it=re->begin(); it!=re->end(); ++it)
osrv->addRef(FWReference::getObject(*it));
}
rs->to_be_deleted = true;
}
}
ObjectSignature sig(error_tracker);
FWObject *addr = NULL;
@ -361,9 +337,62 @@ void PIXImporter::buildSNATRule()
assert(itf_o_re!=NULL);
itf_o_re->addRef(post_intf);
// add it to the current ruleset
current_ruleset->ruleset->add(rule);
addStandardImportComment(rule, QString::fromUtf8(rule_comment.c_str()));
if ( ! nat_acl.empty())
{
UnidirectionalRuleSet *rs = all_rulesets[nat_acl];
if (rs)
{
for(FWObject::iterator rs_it=rs->ruleset->begin();
rs_it!=rs->ruleset->end(); ++rs_it)
{
PolicyRule *policy_rule = PolicyRule::cast(*rs_it);
if (policy_rule)
{
FWObjectDatabase *dbroot = getFirewallObject()->getRoot();
NATRule *nat_rule = NATRule::cast(
dbroot->create(NATRule::TYPENAME));
nat_rule->duplicate(rule);
RuleElement* osrc = nat_rule->getOSrc();
RuleElement* odst = nat_rule->getODst();
RuleElement* osrv = nat_rule->getOSrv();
/* copy objects from a policy rule into "original"
* rule elements of a nat rule
*
* Src --> OSrc
* Dst --> ODst
* Srv --> OSrv
*/
RuleElement *re = policy_rule->getSrc();
FWObject::iterator it;
for (it=re->begin(); it!=re->end(); ++it)
osrc->addRef(FWReference::getObject(*it));
re = policy_rule->getDst();
for (it=re->begin(); it!=re->end(); ++it)
odst->addRef(FWReference::getObject(*it));
re = policy_rule->getSrv();
for (it=re->begin(); it!=re->end(); ++it)
osrv->addRef(FWReference::getObject(*it));
current_ruleset->ruleset->add(nat_rule);
addStandardImportComment(
nat_rule, QString::fromUtf8(rule_comment.c_str()));
}
}
rs->to_be_deleted = true;
}
} else
{
// add it to the current ruleset
current_ruleset->ruleset->add(rule);
addStandardImportComment(rule,
QString::fromUtf8(rule_comment.c_str()));
}
}
}

688
src/unit_tests/PIXImporterTest/test_data/pix7-nat.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1302059684" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1302209377" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@ -442,92 +442,96 @@
<IPv4 id="id10" name="h-10.0.0.254" comment="Created during import of line 81" ro="False" address="10.0.0.254" netmask="255.255.255.255"/>
<IPv4 id="id11" name="h-10.1.1.43" comment="Created during import of line 106" ro="False" address="10.1.1.43" netmask="255.255.255.255"/>
<IPv4 id="id12" name="h-4.2.2.1" comment="Created during import of line 109" ro="False" address="4.2.2.1" netmask="255.255.255.255"/>
<IPv4 id="id13" name="h-10.1.1.20" comment="Created during import of line 111" ro="False" address="10.1.1.20" netmask="255.255.255.255"/>
<IPv4 id="id14" name="h-10.1.1.1" comment="Created during import of line 146" ro="False" address="10.1.1.1" netmask="255.255.255.255"/>
<IPv4 id="id15" name="h-192.0.2.10" comment="Created during import of line 146" ro="False" address="192.0.2.10" netmask="255.255.255.255"/>
<IPv4 id="id16" name="h-10.0.0.16" comment="Created during import of line 151" ro="False" address="10.0.0.16" netmask="255.255.255.255"/>
<IPv4 id="id17" name="h-10.0.0.100" comment="Created during import of line 152" ro="False" address="10.0.0.100" netmask="255.255.255.255"/>
<IPv4 id="id18" name="h-10.1.1.100" comment="Created during import of line 152" ro="False" address="10.1.1.100" netmask="255.255.255.255"/>
<IPv4 id="id19" name="h-10.1.1.111" comment="Created during import of line 153" ro="False" address="10.1.1.111" netmask="255.255.255.255"/>
<IPv4 id="id20" name="h-10.5.80.16" comment="Created during import of line 154" ro="False" address="10.5.80.16" netmask="255.255.255.255"/>
<IPv4 id="id21" name="h-10.5.80.200" comment="Created during import of line 155" ro="False" address="10.5.80.200" netmask="255.255.255.255"/>
<IPv4 id="id22" name="h-10.10.1.200" comment="Created during import of line 155" ro="False" address="10.10.1.200" netmask="255.255.255.255"/>
<IPv4 id="id23" name="h-192.0.2.15" comment="Created during import of line 161" ro="False" address="192.0.2.15" netmask="255.255.255.255"/>
<IPv4 id="id24" name="h-192.0.2.100" comment="Created during import of line 209" ro="False" address="192.0.2.100" netmask="255.255.255.255"/>
<IPv4 id="id13" name="h-10.1.1.20" comment="Created during import of line 114" ro="False" address="10.1.1.20" netmask="255.255.255.255"/>
<IPv4 id="id14" name="h-10.1.1.1" comment="Created during import of line 152" ro="False" address="10.1.1.1" netmask="255.255.255.255"/>
<IPv4 id="id15" name="h-192.0.2.10" comment="Created during import of line 152" ro="False" address="192.0.2.10" netmask="255.255.255.255"/>
<IPv4 id="id16" name="h-192.0.2.20" comment="Created during import of line 159" ro="False" address="192.0.2.20" netmask="255.255.255.255"/>
<IPv4 id="id17" name="h-10.0.0.16" comment="Created during import of line 161" ro="False" address="10.0.0.16" netmask="255.255.255.255"/>
<IPv4 id="id18" name="h-10.0.0.100" comment="Created during import of line 162" ro="False" address="10.0.0.100" netmask="255.255.255.255"/>
<IPv4 id="id19" name="h-10.1.1.100" comment="Created during import of line 162" ro="False" address="10.1.1.100" netmask="255.255.255.255"/>
<IPv4 id="id20" name="h-10.1.1.111" comment="Created during import of line 163" ro="False" address="10.1.1.111" netmask="255.255.255.255"/>
<IPv4 id="id21" name="h-10.5.80.16" comment="Created during import of line 164" ro="False" address="10.5.80.16" netmask="255.255.255.255"/>
<IPv4 id="id22" name="h-10.5.80.200" comment="Created during import of line 165" ro="False" address="10.5.80.200" netmask="255.255.255.255"/>
<IPv4 id="id23" name="h-10.10.1.200" comment="Created during import of line 165" ro="False" address="10.10.1.200" netmask="255.255.255.255"/>
<IPv4 id="id24" name="h-192.0.2.15" comment="Created during import of line 171" ro="False" address="192.0.2.15" netmask="255.255.255.255"/>
<IPv4 id="id25" name="h-192.0.2.100" comment="Created during import of line 222" ro="False" address="192.0.2.100" netmask="255.255.255.255"/>
</ObjectGroup>
<ObjectGroup id="id25" name="DNS Names" comment="" ro="False"/>
<ObjectGroup id="id26" name="Address Tables" comment="" ro="False"/>
<ObjectGroup id="id27" name="Groups" comment="" ro="False">
<ObjectGroup id="id28" name="outside.id12051X6282.src.net.0" comment="Created during import of line 71" ro="False">
<ObjectGroup id="id26" name="DNS Names" comment="" ro="False"/>
<ObjectGroup id="id27" name="Address Tables" comment="" ro="False"/>
<ObjectGroup id="id28" name="Groups" comment="" ro="False">
<ObjectGroup id="id29" name="outside.id12051X6282.src.net.0" comment="Created during import of line 71" ro="False">
<ObjectRef ref="id3"/>
<ObjectRef ref="id4"/>
</ObjectGroup>
<ObjectGroup id="id31" name="outside.id12051X6282.src.net.1" comment="Created during import of line 74" ro="False">
<ObjectGroup id="id32" name="outside.id12051X6282.src.net.1" comment="Created during import of line 74" ro="False">
<ObjectRef ref="id5"/>
<ObjectRef ref="id6"/>
<ObjectRef ref="id7"/>
<ObjectRef ref="id8"/>
</ObjectGroup>
<ObjectGroup id="id36" name="outside.id12051X6282.src.net.2" comment="Created during import of line 79" ro="False">
<ObjectGroup id="id37" name="outside.id12051X6282.src.net.2" comment="Created during import of line 79" ro="False">
<ObjectRef ref="id9"/>
<ObjectRef ref="id10"/>
</ObjectGroup>
<ObjectGroup id="id39" name="network-zone-inside" comment="Created during import of line 83" ro="False">
<ObjectRef ref="id45"/>
</ObjectGroup>
<ObjectGroup id="id41" name="network-zone-dmz20" comment="Created during import of line 85" ro="False">
<ObjectGroup id="id40" name="network-zone-inside" comment="Created during import of line 83" ro="False">
<ObjectRef ref="id46"/>
</ObjectGroup>
<ObjectGroup id="id42" name="network-zone-dmz20" comment="Created during import of line 85" ro="False">
<ObjectRef ref="id47"/>
</ObjectGroup>
</ObjectGroup>
<ObjectGroup id="id43" name="Hosts" comment="" ro="False"/>
<ObjectGroup id="id44" name="Networks" comment="" ro="False">
<Network id="id45" name="net-10.1.1.0/255.255.255.0" comment="Created during import of line 84" ro="False" address="10.1.1.0" netmask="255.255.255.0"/>
<Network id="id46" name="net-10.0.0.0/255.255.255.0" comment="Created during import of line 86" ro="False" address="10.0.0.0" netmask="255.255.255.0"/>
<Network id="id47" name="net-192.0.2.128/255.255.255.240" comment="Created during import of line 146" ro="False" address="192.0.2.128" netmask="255.255.255.240"/>
<Network id="id48" name="net-10.0.0.128/255.255.255.240" comment="Created during import of line 146" ro="False" address="10.0.0.128" netmask="255.255.255.240"/>
<Network id="id49" name="net-10.1.1.32/255.255.255.240" comment="Created during import of line 147" ro="False" address="10.1.1.32" netmask="255.255.255.240"/>
<Network id="id50" name="net-10.1.1.16/255.255.255.240" comment="Created during import of line 151" ro="False" address="10.1.1.16" netmask="255.255.255.240"/>
<Network id="id51" name="net-10.1.2.0/255.255.255.0" comment="Created during import of line 208" ro="False" address="10.1.2.0" netmask="255.255.255.0"/>
<ObjectGroup id="id44" name="Hosts" comment="" ro="False"/>
<ObjectGroup id="id45" name="Networks" comment="" ro="False">
<Network id="id46" name="net-10.1.1.0/255.255.255.0" comment="Created during import of line 84" ro="False" address="10.1.1.0" netmask="255.255.255.0"/>
<Network id="id47" name="net-10.0.0.0/255.255.255.0" comment="Created during import of line 86" ro="False" address="10.0.0.0" netmask="255.255.255.0"/>
<Network id="id48" name="net-192.168.2.0/255.255.255.0" comment="Created during import of line 111" ro="False" address="192.168.2.0" netmask="255.255.255.0"/>
<Network id="id49" name="net-192.168.3.0/255.255.255.0" comment="Created during import of line 112" ro="False" address="192.168.3.0" netmask="255.255.255.0"/>
<Network id="id50" name="net-192.0.2.128/255.255.255.240" comment="Created during import of line 152" ro="False" address="192.0.2.128" netmask="255.255.255.240"/>
<Network id="id51" name="net-10.0.0.128/255.255.255.240" comment="Created during import of line 152" ro="False" address="10.0.0.128" netmask="255.255.255.240"/>
<Network id="id52" name="net-10.1.1.32/255.255.255.240" comment="Created during import of line 153" ro="False" address="10.1.1.32" netmask="255.255.255.240"/>
<Network id="id53" name="net-10.1.1.16/255.255.255.240" comment="Created during import of line 161" ro="False" address="10.1.1.16" netmask="255.255.255.240"/>
<Network id="id54" name="net-10.1.2.0/255.255.255.0" comment="Created during import of line 221" ro="False" address="10.1.2.0" netmask="255.255.255.0"/>
</ObjectGroup>
<ObjectGroup id="id52" name="Address Ranges" comment="" ro="False">
<AddressRange id="id53" name="range-192.0.2.11-192.0.2.15" comment="Created during import of line 146" ro="False" start_address="192.0.2.11" end_address="192.0.2.15"/>
<ObjectGroup id="id55" name="Address Ranges" comment="" ro="False">
<AddressRange id="id56" name="range-192.0.2.11-192.0.2.15" comment="Created during import of line 152" ro="False" start_address="192.0.2.11" end_address="192.0.2.15"/>
<AddressRange id="id57" name="range-192.0.2.30-192.0.2.31" comment="Created during import of line 159" ro="False" start_address="192.0.2.30" end_address="192.0.2.31"/>
</ObjectGroup>
</ObjectGroup>
<ServiceGroup id="id54" name="Services" comment="" ro="False">
<ServiceGroup id="id55" name="Groups" comment="" ro="False"/>
<ServiceGroup id="id56" name="ICMP" comment="" ro="False"/>
<ServiceGroup id="id57" name="IP" comment="" ro="False">
<IPService id="id58" any_opt="False" dscp="" fragm="False" lsrr="False" protocol_num="0" rr="False" rtralt="False" rtralt_value="False" short_fragm="False" ssrr="False" tos="" ts="False" name="ip" comment="Created during import of line 89" ro="False"/>
<ServiceGroup id="id58" name="Services" comment="" ro="False">
<ServiceGroup id="id59" name="Groups" comment="" ro="False"/>
<ServiceGroup id="id60" name="ICMP" comment="" ro="False"/>
<ServiceGroup id="id61" name="IP" comment="" ro="False">
<IPService id="id62" any_opt="False" dscp="" fragm="False" lsrr="False" protocol_num="0" rr="False" rtralt="False" rtralt_value="False" short_fragm="False" ssrr="False" tos="" ts="False" name="ip" comment="Created during import of line 89" ro="False"/>
</ServiceGroup>
<ServiceGroup id="id59" name="TCP" comment="" ro="False">
<TCPService id="id60" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 80:80 / 0:0" comment="Created during import of line 106" ro="False" src_range_start="80" src_range_end="80" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id61" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 80:80" comment="Created during import of line 109" ro="False" src_range_start="0" src_range_end="0" dst_range_start="80" dst_range_end="80"/>
<TCPService id="id62" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 8080:8080" comment="Created during import of line 154" ro="False" src_range_start="0" src_range_end="0" dst_range_start="8080" dst_range_end="8080"/>
<TCPService id="id63" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 0:0" comment="Created during import of line 157" ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id64" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 22:22" comment="Created during import of line 207" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
<ServiceGroup id="id63" name="TCP" comment="" ro="False">
<TCPService id="id64" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 80:80 / 0:0" comment="Created during import of line 106" ro="False" src_range_start="80" src_range_end="80" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id65" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 80:80" comment="Created during import of line 109" ro="False" src_range_start="0" src_range_end="0" dst_range_start="80" dst_range_end="80"/>
<TCPService id="id66" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 8080:8080" comment="Created during import of line 164" ro="False" src_range_start="0" src_range_end="0" dst_range_start="8080" dst_range_end="8080"/>
<TCPService id="id67" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 0:0" comment="Created during import of line 167" ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id68" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 22:22" comment="Created during import of line 220" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
</ServiceGroup>
<ServiceGroup id="id65" name="UDP" comment="" ro="False">
<UDPService id="id66" name="udp 0:0 / 53:53" comment="Created during import of line 93" ro="False" src_range_start="0" src_range_end="0" dst_range_start="53" dst_range_end="53"/>
<ServiceGroup id="id69" name="UDP" comment="" ro="False">
<UDPService id="id70" name="udp 0:0 / 53:53" comment="Created during import of line 93" ro="False" src_range_start="0" src_range_end="0" dst_range_start="53" dst_range_end="53"/>
</ServiceGroup>
<ServiceGroup id="id67" name="Users" comment="" ro="False"/>
<ServiceGroup id="id68" name="Custom" comment="" ro="False"/>
<ServiceGroup id="id69" name="TagServices" comment="" ro="False"/>
<ServiceGroup id="id71" name="Users" comment="" ro="False"/>
<ServiceGroup id="id72" name="Custom" comment="" ro="False"/>
<ServiceGroup id="id73" name="TagServices" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="id70" name="Firewalls" comment="" ro="False">
<Firewall id="id71" host_OS="pix_os" lastCompiled="0" lastInstalled="0" lastModified="0" platform="pix" version="7.0" name="pix1" comment="Created during import of line 6" ro="False">
<NAT id="id279" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id282" disabled="False" group="" position="0" action="Translate" comment="Created during import of line 139">
<ObjectGroup id="id74" name="Firewalls" comment="" ro="False">
<Firewall id="id75" host_OS="pix_os" lastCompiled="0" lastInstalled="0" lastModified="0" platform="pix" version="7.0" name="pix1" comment="Created during import of line 6" ro="False">
<NAT id="id283" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id286" disabled="False" group="" position="0" action="Translate" comment="Created during import of line 143">
<OSrc neg="False">
<ObjectRef ref="id45"/>
<ObjectRef ref="id46"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id58"/>
<ServiceRef ref="id62"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id630"/>
<ObjectRef ref="id778"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
@ -536,14 +540,14 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id630"/>
<ObjectRef ref="id778"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id300" disabled="False" group="" position="1" action="Translate" comment="Created during import of line 146">
<NATRule id="id304" disabled="False" group="" position="1" action="Translate" comment="Created during import of line 152">
<OSrc neg="False">
<ObjectRef ref="id14"/>
</OSrc>
@ -563,14 +567,14 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id630"/>
<ObjectRef ref="id778"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id318" disabled="False" group="" position="2" action="Translate" comment="Created during import of line 146">
<NATRule id="id322" disabled="False" group="" position="2" action="Translate" comment="Created during import of line 152">
<OSrc neg="False">
<ObjectRef ref="id14"/>
</OSrc>
@ -581,7 +585,7 @@
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id53"/>
<ObjectRef ref="id56"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
@ -590,14 +594,14 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id630"/>
<ObjectRef ref="id778"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id336" disabled="False" group="" position="3" action="Translate" comment="Created during import of line 146">
<NATRule id="id340" disabled="False" group="" position="3" action="Translate" comment="Created during import of line 152">
<OSrc neg="False">
<ObjectRef ref="id14"/>
</OSrc>
@ -608,7 +612,7 @@
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id47"/>
<ObjectRef ref="id50"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
@ -617,14 +621,14 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id630"/>
<ObjectRef ref="id778"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id354" disabled="False" group="" position="4" action="Translate" comment="Created during import of line 146">
<NATRule id="id358" disabled="False" group="" position="4" action="Translate" comment="Created during import of line 152">
<OSrc neg="False">
<ObjectRef ref="id14"/>
</OSrc>
@ -635,7 +639,7 @@
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id48"/>
<ObjectRef ref="id51"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
@ -644,16 +648,16 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id633"/>
<ObjectRef ref="id781"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id372" disabled="False" group="" position="5" action="Translate" comment="Created during import of line 147">
<NATRule id="id376" disabled="False" group="" position="5" action="Translate" comment="Created during import of line 153">
<OSrc neg="False">
<ObjectRef ref="id49"/>
<ObjectRef ref="id52"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
@ -671,16 +675,16 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id630"/>
<ObjectRef ref="id778"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id390" disabled="False" group="" position="6" action="Translate" comment="Created during import of line 147">
<NATRule id="id394" disabled="False" group="" position="6" action="Translate" comment="Created during import of line 153">
<OSrc neg="False">
<ObjectRef ref="id49"/>
<ObjectRef ref="id52"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
@ -689,7 +693,7 @@
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id53"/>
<ObjectRef ref="id56"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
@ -698,16 +702,16 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id630"/>
<ObjectRef ref="id778"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id408" disabled="False" group="" position="7" action="Translate" comment="Created during import of line 147">
<NATRule id="id412" disabled="False" group="" position="7" action="Translate" comment="Created during import of line 153">
<OSrc neg="False">
<ObjectRef ref="id49"/>
<ObjectRef ref="id52"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
@ -716,7 +720,7 @@
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id47"/>
<ObjectRef ref="id50"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
@ -725,16 +729,16 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id630"/>
<ObjectRef ref="id778"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id426" disabled="False" group="" position="8" action="Translate" comment="Created during import of line 147">
<NATRule id="id430" disabled="False" group="" position="8" action="Translate" comment="Created during import of line 153">
<OSrc neg="False">
<ObjectRef ref="id49"/>
<ObjectRef ref="id52"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
@ -743,7 +747,7 @@
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id48"/>
<ObjectRef ref="id51"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
@ -752,25 +756,25 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id633"/>
<ObjectRef ref="id781"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id444" disabled="False" group="" position="9" action="Translate" comment="Created during import of line 149">
<NATRule id="id448" disabled="False" group="" position="9" action="Translate" comment="Created during import of line 155">
<OSrc neg="False">
<ObjectRef ref="id45"/>
<ObjectRef ref="id46"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id12"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id61"/>
<ServiceRef ref="id65"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id630"/>
<ObjectRef ref="id778"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
@ -779,41 +783,176 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id630"/>
<ObjectRef ref="id778"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id462" disabled="False" group="" position="10" action="Translate" comment="Created during import of line 151">
<NATRule id="id466" disabled="False" group="" position="10" action="Translate" comment="Created during import of line 156">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
<ObjectRef ref="id48"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id16"/>
<ObjectRef ref="id12"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
<ServiceRef ref="id65"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
<ObjectRef ref="id778"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id50"/>
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id633"/>
<ObjectRef ref="id784"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id778"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id480" disabled="False" group="" position="11" action="Translate" comment="Created during import of line 152">
<NATRule id="id484" disabled="False" group="" position="11" action="Translate" comment="Created during import of line 156">
<OSrc neg="False">
<ObjectRef ref="id49"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id12"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id65"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id778"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id784"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id778"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id502" disabled="False" group="" position="12" action="Translate" comment="Created during import of line 159">
<OSrc neg="False">
<ObjectRef ref="id48"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id12"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id65"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id16"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id784"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id778"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id520" disabled="False" group="" position="13" action="Translate" comment="Created during import of line 159">
<OSrc neg="False">
<ObjectRef ref="id49"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id12"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id65"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id16"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id784"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id778"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id538" disabled="False" group="" position="14" action="Translate" comment="Created during import of line 159">
<OSrc neg="False">
<ObjectRef ref="id48"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id12"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id65"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id57"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id784"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id778"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id556" disabled="False" group="" position="15" action="Translate" comment="Created during import of line 159">
<OSrc neg="False">
<ObjectRef ref="id49"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id12"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id65"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id57"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id784"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id778"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id574" disabled="False" group="" position="16" action="Translate" comment="Created during import of line 161">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -827,25 +966,25 @@
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id18"/>
<ObjectRef ref="id53"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id633"/>
<ObjectRef ref="id781"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id498" disabled="False" group="" position="12" action="Translate" comment="Created during import of line 153">
<NATRule id="id592" disabled="False" group="" position="17" action="Translate" comment="Created during import of line 162">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id633"/>
<ObjectRef ref="id18"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
@ -860,41 +999,41 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id633"/>
<ObjectRef ref="id781"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id516" disabled="False" group="" position="13" action="Translate" comment="Created during import of line 154">
<NATRule id="id610" disabled="False" group="" position="18" action="Translate" comment="Created during import of line 163">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id20"/>
<ObjectRef ref="id781"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id61"/>
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id50"/>
<ObjectRef ref="id20"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id62"/>
<ServiceRef ref="sysid1"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id630"/>
<ObjectRef ref="id781"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id534" disabled="False" group="" position="14" action="Translate" comment="Created during import of line 155">
<NATRule id="id628" disabled="False" group="" position="19" action="Translate" comment="Created during import of line 164">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -902,35 +1041,62 @@
<ObjectRef ref="id21"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id61"/>
<ServiceRef ref="id65"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id53"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id66"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id778"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id784"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id646" disabled="False" group="" position="20" action="Translate" comment="Created during import of line 165">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id22"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id65"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id23"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id62"/>
<ServiceRef ref="id66"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id630"/>
<ObjectRef ref="id778"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id552" disabled="False" group="" position="15" action="Translate" comment="Created during import of line 157">
<NATRule id="id664" disabled="False" group="" position="21" action="Translate" comment="Created during import of line 167">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id630"/>
<ObjectRef ref="id778"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id60"/>
<ServiceRef ref="id61"/>
<ServiceRef ref="id65"/>
<ServiceRef ref="id64"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
@ -939,26 +1105,26 @@
<ObjectRef ref="id11"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id63"/>
<ServiceRef ref="id67"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id630"/>
<ObjectRef ref="id778"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id571" disabled="False" group="" position="16" action="Translate" comment="Created during import of line 158">
<NATRule id="id683" disabled="False" group="" position="22" action="Translate" comment="Created during import of line 168">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id630"/>
<ObjectRef ref="id778"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id60"/>
<ServiceRef ref="id61"/>
<ServiceRef ref="id65"/>
<ServiceRef ref="id64"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
@ -967,25 +1133,25 @@
<ObjectRef ref="id11"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id63"/>
<ServiceRef ref="id67"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id630"/>
<ObjectRef ref="id778"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id590" disabled="False" group="" position="17" action="Translate" comment="Created during import of line 159">
<NATRule id="id702" disabled="False" group="" position="23" action="Translate" comment="Created during import of line 169">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id630"/>
<ObjectRef ref="id778"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id60"/>
<ServiceRef ref="id64"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
@ -997,22 +1163,22 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id630"/>
<ObjectRef ref="id778"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id608" disabled="False" group="" position="18" action="Translate" comment="Created during import of line 161">
<NATRule id="id720" disabled="False" group="" position="24" action="Translate" comment="Created during import of line 171">
<OSrc neg="False">
<ObjectRef ref="id12"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id23"/>
<ObjectRef ref="id24"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id58"/>
<ServiceRef ref="id62"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
@ -1024,28 +1190,82 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id630"/>
<ObjectRef ref="id778"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id738" disabled="False" group="" position="25" action="Translate" comment="Created during import of line 174">
<OSrc neg="False">
<ObjectRef ref="id12"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id24"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id65"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id48"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id778"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id784"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id756" disabled="False" group="" position="26" action="Translate" comment="Created during import of line 174">
<OSrc neg="False">
<ObjectRef ref="id12"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id24"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id65"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id49"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id778"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id784"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<RuleSetOptions/>
</NAT>
<Policy id="id73" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id75" disabled="False" group="" log="False" position="0" action="Accept" direction="Inbound" comment="Imported from ssh_commands_outside&#10;Created during import of line 209">
<Policy id="id77" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id79" disabled="False" group="" log="False" position="0" action="Accept" direction="Inbound" comment="Imported from ssh_commands_outside&#10;Created during import of line 222">
<Src neg="False">
<ObjectRef ref="id24"/>
<ObjectRef ref="id25"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id71"/>
<ObjectRef ref="id75"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id64"/>
<ServiceRef ref="id68"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id630"/>
<ObjectRef ref="id778"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -1054,18 +1274,18 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id87" disabled="False" group="" log="False" position="1" action="Accept" direction="Inbound" comment="Imported from ssh_commands_inside&#10;Created during import of line 207">
<PolicyRule id="id91" disabled="False" group="" log="False" position="1" action="Accept" direction="Inbound" comment="Imported from ssh_commands_inside&#10;Created during import of line 220">
<Src neg="False">
<ObjectRef ref="id45"/>
<ObjectRef ref="id46"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id71"/>
<ObjectRef ref="id75"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id64"/>
<ServiceRef ref="id68"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -1074,18 +1294,18 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id99" disabled="False" group="" log="False" position="2" action="Accept" direction="Inbound" comment="Imported from ssh_commands_inside&#10;Created during import of line 208">
<PolicyRule id="id103" disabled="False" group="" log="False" position="2" action="Accept" direction="Inbound" comment="Imported from ssh_commands_inside&#10;Created during import of line 221">
<Src neg="False">
<ObjectRef ref="id51"/>
<ObjectRef ref="id54"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id71"/>
<ObjectRef ref="id75"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id64"/>
<ServiceRef ref="id68"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -1094,18 +1314,18 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id111" disabled="False" group="" log="True" position="3" action="Deny" direction="Inbound" comment="Imported from inside_in&#10;Created during import of line 98">
<PolicyRule id="id115" disabled="False" group="" log="True" position="3" action="Deny" direction="Inbound" comment="Imported from inside_in&#10;Created during import of line 98">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id28"/>
<ObjectRef ref="id29"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id58"/>
<ServiceRef ref="id62"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -1115,18 +1335,18 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id123" disabled="False" group="" log="True" position="4" action="Deny" direction="Inbound" comment="Imported from inside_in&#10;Created during import of line 99">
<PolicyRule id="id127" disabled="False" group="" log="True" position="4" action="Deny" direction="Inbound" comment="Imported from inside_in&#10;Created during import of line 99">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id31"/>
<ObjectRef ref="id32"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id58"/>
<ServiceRef ref="id62"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -1136,18 +1356,18 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id135" disabled="False" group="" log="True" position="5" action="Deny" direction="Inbound" comment="Imported from inside_in&#10;Created during import of line 100">
<PolicyRule id="id139" disabled="False" group="" log="True" position="5" action="Deny" direction="Inbound" comment="Imported from inside_in&#10;Created during import of line 100">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id36"/>
<ObjectRef ref="id37"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id58"/>
<ServiceRef ref="id62"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -1157,18 +1377,18 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id147" disabled="False" group="" log="False" position="6" action="Accept" direction="Inbound" comment="Imported from inside_in&#10;Created during import of line 101">
<PolicyRule id="id151" disabled="False" group="" log="False" position="6" action="Accept" direction="Inbound" comment="Imported from inside_in&#10;Created during import of line 101">
<Src neg="False">
<ObjectRef ref="id45"/>
<ObjectRef ref="id46"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id58"/>
<ServiceRef ref="id62"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -1177,7 +1397,7 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id159" disabled="False" group="" log="True" position="7" action="Deny" direction="Inbound" comment="Imported from inside_in&#10;Created during import of line 102">
<PolicyRule id="id163" disabled="False" group="" log="True" position="7" action="Deny" direction="Inbound" comment="Imported from inside_in&#10;Created during import of line 102">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -1185,10 +1405,10 @@
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id58"/>
<ServiceRef ref="id62"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -1198,18 +1418,18 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id171" disabled="False" group="" log="True" position="8" action="Accept" direction="Outbound" comment="Imported from inside_out&#10;Created during import of line 93">
<PolicyRule id="id175" disabled="False" group="" log="True" position="8" action="Accept" direction="Outbound" comment="Imported from inside_out&#10;Created during import of line 93">
<Src neg="False">
<ObjectRef ref="id28"/>
<ObjectRef ref="id29"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id45"/>
<ObjectRef ref="id46"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id66"/>
<ServiceRef ref="id70"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -1219,18 +1439,18 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id183" disabled="False" group="" log="True" position="9" action="Accept" direction="Outbound" comment="Imported from inside_out&#10;Created during import of line 94">
<PolicyRule id="id187" disabled="False" group="" log="True" position="9" action="Accept" direction="Outbound" comment="Imported from inside_out&#10;Created during import of line 94">
<Src neg="False">
<ObjectRef ref="id31"/>
<ObjectRef ref="id32"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id45"/>
<ObjectRef ref="id46"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id66"/>
<ServiceRef ref="id70"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -1240,18 +1460,18 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id195" disabled="False" group="" log="True" position="10" action="Accept" direction="Outbound" comment="Imported from inside_out&#10;Created during import of line 95">
<PolicyRule id="id199" disabled="False" group="" log="True" position="10" action="Accept" direction="Outbound" comment="Imported from inside_out&#10;Created during import of line 95">
<Src neg="False">
<ObjectRef ref="id36"/>
<ObjectRef ref="id37"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id45"/>
<ObjectRef ref="id46"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id66"/>
<ServiceRef ref="id70"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -1261,18 +1481,18 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id207" disabled="False" group="" log="False" position="11" action="Accept" direction="Outbound" comment="Imported from inside_out&#10;Created during import of line 96">
<PolicyRule id="id211" disabled="False" group="" log="False" position="11" action="Accept" direction="Outbound" comment="Imported from inside_out&#10;Created during import of line 96">
<Src neg="False">
<ObjectRef ref="id45"/>
<ObjectRef ref="id46"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id58"/>
<ServiceRef ref="id62"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -1281,7 +1501,7 @@
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id219" disabled="False" group="" log="True" position="12" action="Deny" direction="Outbound" comment="Imported from inside_out&#10;Created during import of line 97">
<PolicyRule id="id223" disabled="False" group="" log="True" position="12" action="Deny" direction="Outbound" comment="Imported from inside_out&#10;Created during import of line 97">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -1289,10 +1509,10 @@
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id58"/>
<ServiceRef ref="id62"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id636"/>
<ObjectRef ref="id784"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -1302,18 +1522,18 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id231" disabled="False" group="" log="True" position="13" action="Deny" direction="Inbound" comment="Imported from outside_in&#10;Created during import of line 89">
<PolicyRule id="id235" disabled="False" group="" log="True" position="13" action="Deny" direction="Inbound" comment="Imported from outside_in&#10;Created during import of line 89">
<Src neg="False">
<ObjectRef ref="id28"/>
<ObjectRef ref="id29"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id58"/>
<ServiceRef ref="id62"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id630"/>
<ObjectRef ref="id778"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -1323,18 +1543,18 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id243" disabled="False" group="" log="True" position="14" action="Deny" direction="Inbound" comment="Imported from outside_in&#10;Created during import of line 90">
<PolicyRule id="id247" disabled="False" group="" log="True" position="14" action="Deny" direction="Inbound" comment="Imported from outside_in&#10;Created during import of line 90">
<Src neg="False">
<ObjectRef ref="id31"/>
<ObjectRef ref="id32"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id58"/>
<ServiceRef ref="id62"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id630"/>
<ObjectRef ref="id778"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -1344,18 +1564,18 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id255" disabled="False" group="" log="True" position="15" action="Deny" direction="Inbound" comment="Imported from outside_in&#10;Created during import of line 91">
<PolicyRule id="id259" disabled="False" group="" log="True" position="15" action="Deny" direction="Inbound" comment="Imported from outside_in&#10;Created during import of line 91">
<Src neg="False">
<ObjectRef ref="id36"/>
<ObjectRef ref="id37"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id58"/>
<ServiceRef ref="id62"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id630"/>
<ObjectRef ref="id778"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -1365,18 +1585,18 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id267" disabled="False" group="" log="True" position="16" action="Deny" direction="Inbound" comment="Imported from outside_in&#10;Created during import of line 92">
<PolicyRule id="id271" disabled="False" group="" log="True" position="16" action="Deny" direction="Inbound" comment="Imported from outside_in&#10;Created during import of line 92">
<Src neg="False">
<ObjectRef ref="id45"/>
<ObjectRef ref="id46"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id58"/>
<ServiceRef ref="id62"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id630"/>
<ObjectRef ref="id778"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -1388,28 +1608,28 @@
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Routing id="id626" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<Routing id="id774" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</Routing>
<Interface id="id628" dedicated_failover="False" dyn="False" security_level="0" unnum="True" unprotected="False" name="Ethernet0" comment="Created during import of line 16" ro="False">
<Interface id="id776" dedicated_failover="False" dyn="False" security_level="0" unnum="True" unprotected="False" name="Ethernet0" comment="Created during import of line 16" ro="False">
<InterfaceOptions/>
<Interface id="id630" dedicated_failover="False" dyn="False" label="outside" security_level="0" unnum="False" unprotected="False" name="Ethernet0.101" comment="Created during import of line 21" ro="False">
<IPv4 id="id632" name="pix1:Ethernet0.101:ip" comment="Created during import of line 24" ro="False" address="192.0.2.253" netmask="255.255.255.0"/>
<Interface id="id778" dedicated_failover="False" dyn="False" label="outside" security_level="0" unnum="False" unprotected="False" name="Ethernet0.101" comment="Created during import of line 21" ro="False">
<IPv4 id="id780" name="pix1:Ethernet0.101:ip" comment="Created during import of line 24" ro="False" address="192.0.2.253" netmask="255.255.255.0"/>
<InterfaceOptions>
<Option name="type">8021q</Option>
<Option name="vlan_id">101</Option>
</InterfaceOptions>
</Interface>
<Interface id="id633" dedicated_failover="False" dyn="False" label="dmz20" security_level="20" unnum="False" unprotected="False" name="Ethernet0.102" comment="Created during import of line 27" ro="False">
<IPv4 id="id635" name="pix1:Ethernet0.102:ip" comment="Created during import of line 30" ro="False" address="10.0.0.253" netmask="255.255.255.0"/>
<Interface id="id781" dedicated_failover="False" dyn="False" label="dmz20" security_level="20" unnum="False" unprotected="False" name="Ethernet0.102" comment="Created during import of line 27" ro="False">
<IPv4 id="id783" name="pix1:Ethernet0.102:ip" comment="Created during import of line 30" ro="False" address="10.0.0.253" netmask="255.255.255.0"/>
<InterfaceOptions>
<Option name="type">8021q</Option>
<Option name="vlan_id">102</Option>
</InterfaceOptions>
</Interface>
</Interface>
<Interface id="id636" dedicated_failover="False" dyn="False" label="inside" security_level="100" unnum="False" unprotected="False" name="Ethernet1" comment="Created during import of line 33" ro="False">
<IPv4 id="id637" name="pix1:Ethernet1:ip" comment="Created during import of line 37" ro="False" address="10.1.1.206" netmask="255.255.255.0"/>
<Interface id="id784" dedicated_failover="False" dyn="False" label="inside" security_level="100" unnum="False" unprotected="False" name="Ethernet1" comment="Created during import of line 33" ro="False">
<IPv4 id="id785" name="pix1:Ethernet1:ip" comment="Created during import of line 37" ro="False" address="10.1.1.206" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<FirewallOptions>
@ -1430,7 +1650,7 @@
</FirewallOptions>
</Firewall>
</ObjectGroup>
<ObjectGroup id="id639" name="Clusters" comment="" ro="False"/>
<IntervalGroup id="id640" name="Time" comment="" ro="False"/>
<ObjectGroup id="id787" name="Clusters" comment="" ro="False"/>
<IntervalGroup id="id788" name="Time" comment="" ro="False"/>
</Library>
</FWObjectDatabase>

61
src/unit_tests/PIXImporterTest/test_data/pix7-nat.output
View File

@ -46,31 +46,38 @@ Warning: interface Ethernet6 was not imported because it is in "shutdown" mode
104: filtering rule: access list id12251X6282.0, action permit
106: filtering rule: access list id12594X2458.0, action permit
109: filtering rule: access list WEB, action permit
111: filtering rule: access list NET1, action permit
138: Global address pool: number 1, interface outside, address range interface-interface, netmask 255.255.255.255
139: Source translation rule ("nat" command)
141: Global address pool: number 2, interface outside, address range 192.0.2.10-192.0.2.10, netmask 255.255.255.255
142: Global address pool: number 2, interface outside, address range 192.0.2.11-192.0.2.15, netmask 255.255.255.255
143: Global address pool: number 2, interface outside, address range 192.0.2.128-192.0.2.128, netmask 255.255.255.240
144: Global address pool: number 2, interface dmz20, address range 10.0.0.128-10.0.0.128, netmask 255.255.255.240
146: Source translation rule ("nat" command)
147: Source translation rule ("nat" command)
149: Source translation rule ("nat" command)
151: Destination translation rule ("static" command)
152: Destination translation rule ("static" command)
153: Destination translation rule ("static" command)
154: Destination translation rule ("static" command)
155: Destination translation rule ("static" command)
157: Destination translation rule ("static" command)
158: Destination translation rule ("static" command)
159: Destination translation rule ("static" command)
111: filtering rule: access list WEB2, action permit
112: filtering rule: access list WEB2, action permit
114: filtering rule: access list NET1, action permit
142: Global address pool: number 1, interface outside, address range interface-interface, netmask 255.255.255.255
143: Source translation rule ("nat" command)
145: Global address pool: number 2, interface outside, address range 192.0.2.10-192.0.2.10, netmask 255.255.255.255
146: Global address pool: number 2, interface outside, address range 192.0.2.11-192.0.2.15, netmask 255.255.255.255
147: Global address pool: number 2, interface outside, address range 192.0.2.128-192.0.2.128, netmask 255.255.255.240
148: Global address pool: number 2, interface dmz20, address range 10.0.0.128-10.0.0.128, netmask 255.255.255.240
149: Global address pool: number 3, interface outside, address range 192.0.2.20-192.0.2.20, netmask 255.255.255.255
150: Global address pool: number 3, interface outside, address range 192.0.2.30-192.0.2.31, netmask 255.255.255.255
152: Source translation rule ("nat" command)
153: Source translation rule ("nat" command)
155: Source translation rule ("nat" command)
156: Source translation rule ("nat" command)
159: Source translation rule ("nat" command)
161: Destination translation rule ("static" command)
164: Interface Ethernet0.101 ruleset outside_in direction 'in'
165: Interface Ethernet1 ruleset inside_in direction 'in'
166: Interface Ethernet1 ruleset inside_out direction 'out'
207: Interface Ethernet1 ruleset ssh_commands_inside direction 'in'
207: filtering rule: access list ssh_commands_inside, action permit
208: Interface Ethernet1 ruleset ssh_commands_inside direction 'in'
208: filtering rule: access list ssh_commands_inside, action permit
209: Interface Ethernet0.101 ruleset ssh_commands_outside direction 'in'
209: filtering rule: access list ssh_commands_outside, action permit
162: Destination translation rule ("static" command)
163: Destination translation rule ("static" command)
164: Destination translation rule ("static" command)
165: Destination translation rule ("static" command)
167: Destination translation rule ("static" command)
168: Destination translation rule ("static" command)
169: Destination translation rule ("static" command)
171: Destination translation rule ("static" command)
174: Destination translation rule ("static" command)
177: Interface Ethernet0.101 ruleset outside_in direction 'in'
178: Interface Ethernet1 ruleset inside_in direction 'in'
179: Interface Ethernet1 ruleset inside_out direction 'out'
220: Interface Ethernet1 ruleset ssh_commands_inside direction 'in'
220: filtering rule: access list ssh_commands_inside, action permit
221: Interface Ethernet1 ruleset ssh_commands_inside direction 'in'
221: filtering rule: access list ssh_commands_inside, action permit
222: Interface Ethernet0.101 ruleset ssh_commands_outside direction 'in'
222: filtering rule: access list ssh_commands_outside, action permit

13
src/unit_tests/PIXImporterTest/test_data/pix7-nat.test
View File

@ -108,8 +108,12 @@ access-list id12594X2458.0 permit tcp host 10.1.1.43 eq www any
! example from cisco docs, see also nat command below
access-list WEB permit tcp 10.1.1.0 255.255.255.0 4.2.2.1 255.255.255.255 eq 80
access-list WEB2 permit tcp 192.168.2.0 255.255.255.0 4.2.2.1 255.255.255.255 eq 80
access-list WEB2 permit tcp 192.168.3.0 255.255.255.0 4.2.2.1 255.255.255.255 eq 80
access-list NET1 permit ip host 10.1.1.20 host 4.2.2.1
pager lines 24
logging enable
logging emblem
@ -142,11 +146,17 @@ global (outside) 2 192.0.2.10
global (outside) 2 192.0.2.11-192.0.2.15
global (outside) 2 192.0.2.128 netmask 255.255.255.240
global (dmz20) 2 10.0.0.128 netmask 255.255.255.240
global (outside) 3 192.0.2.20
global (outside) 3 192.0.2.30-192.0.2.31
nat (inside) 2 10.1.1.1 255.255.255.255
nat (inside) 2 10.1.1.32 255.255.255.240
nat (inside) 1 access-list WEB
nat (inside) 1 access-list WEB2
! multiple address blocks in pool 3 and multiple lines in access list WEB2
nat (inside) 3 access-list WEB2
static (inside,dmz20) 10.0.0.16 10.1.1.16 netmask 255.255.255.240
static (inside,dmz20) 10.0.0.100 10.1.1.100 netmask 255.255.255.255
@ -160,6 +170,9 @@ static (inside,outside) interface access-list id12594X2458.0 0 0
static (inside,outside) 192.0.2.15 access-list NET1
! acl WEB2 has multiple lines. Does this even make sense ?
static (inside,outside) 192.0.2.15 access-list WEB2
access-group outside_in in interface outside
access-group inside_in in interface inside