{ "servers": { "cr": { "hostname": "cr", "ip": "172.19.20.2", "prefix": "24", "gw": "172.19.20.1", "domain": "avndr.ru", "description": "ЦР ПУЦ + TLS", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "cs": { "hostname": "cs", "ip": "172.19.20.3", "prefix": "24", "gw": "172.19.20.1", "domain": "avndr.ru", "description": "ЦС ПУЦ + TLS", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "rk-uc": { "hostname": "rk-uc", "ip": "172.19.40.3", "prefix": "24", "gw": "172.19.40.1", "domain": "avndr.ru", "description": "Сервер РК", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "ntp": { "hostname": "ntp", "ip": "172.19.40.4", "prefix": "24", "gw": "172.19.40.1", "domain": "avndr.ru", "description": "Сервер точного времени-1", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "pki": { "hostname": "pki", "ip": "172.19.100.4", "prefix": "24", "gw": "172.19.100.1", "domain": "avndr.ru", "description": "PKI-кластер", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "mps": { "hostname": "mps", "ip": "172.19.100.5", "prefix": "24", "gw": "172.19.100.1", "domain": "avndr.ru", "description": "МПС", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "esia": { "hostname": "esia", "ip": "172.19.150.4", "prefix": "24", "gw": "172.19.150.1", "domain": "avndr.ru", "description": "ТР-ЕСИА", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "ko-app": { "hostname": "ko-app", "ip": "172.19.110.4", "prefix": "24", "gw": "172.19.110.1", "domain": "avndr.ru", "description": "Сервер КО", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "ko-db": { "hostname": "ko-db", "ip": "172.19.110.5", "prefix": "24", "gw": "172.19.110.1", "domain": "avndr.ru", "description": "Сервер КО СУБД", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "ko-csp": { "hostname": "ko-csp", "ip": "172.19.110.6", "prefix": "24", "gw": "172.19.110.1", "domain": "avndr.ru", "description": "Сервер КО СКЗИ", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "kk-app": { "hostname": "kk-app", "ip": "172.19.120.4", "prefix": "24", "gw": "172.19.120.1", "domain": "avndr.ru", "description": "Сервер КК", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "kk-db": { "hostname": "kk-db", "ip": "172.19.120.5", "prefix": "24", "gw": "172.19.120.1", "domain": "avndr.ru", "description": "Сервер КК СУБД", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "kk-csp": { "hostname": "kk-csp", "ip": "172.19.120.6", "prefix": "24", "gw": "172.19.120.1", "domain": "avndr.ru", "description": "Сервер КК СКЗИ", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "core": { "hostname": "core", "ip": "172.19.130.4", "prefix": "24", "gw": "172.19.130.1", "domain": "avndr.ru", "description": "Ядро ВВС", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "core-db": { "hostname": "core-db", "ip": "172.19.130.5", "prefix": "24", "gw": "172.19.130.1", "domain": "avndr.ru", "description": "СУБД Ядро ВВС", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "arch": { "hostname": "arch", "ip": "172.19.130.6", "prefix": "24", "gw": "172.19.130.1", "domain": "avndr.ru", "description": "Модуль архивирования", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "arch-db": { "hostname": "arch-db", "ip": "172.19.130.7", "prefix": "24", "gw": "172.19.130.1", "domain": "avndr.ru", "description": "СУБД Модуль архивирования", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "web-apps": { "hostname": "web-apps", "ip": "172.19.130.8", "prefix": "24", "gw": "172.19.130.1", "domain": "avndr.ru", "description": "Сервер веб-приложений СС", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "aldp": { "hostname": "aldp", "ip": "172.19.140.4", "prefix": "24", "gw": "172.19.140.1", "domain": "avndr.ru", "description": "Сервер ИБ-1 (ALD Pro)", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "alds": { "hostname": "alds", "ip": "172.19.140.5", "prefix": "24", "gw": "172.19.140.1", "domain": "avndr.ru", "description": "Сервер ИБ-2 (ALD Pro)", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "rk": { "hostname": "rk", "ip": "172.19.140.6", "prefix": "24", "gw": "172.19.140.1", "domain": "avndr.ru", "description": "Сервер РК", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "ksc": { "hostname": "ksc", "ip": "172.19.140.7", "prefix": "24", "gw": "172.19.140.1", "domain": "avndr.ru", "description": "ВМ Kaspersky Security Center", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "log": { "hostname": "log", "ip": "172.19.140.8", "prefix": "24", "gw": "172.19.140.1", "domain": "avndr.ru", "description": "ВМ Сервер журналирования", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "repo": { "hostname": "repo", "ip": "172.19.140.9", "prefix": "24", "gw": "172.19.140.1", "domain": "avndr.ru", "description": "ВМ Сервер репозиторий ПО", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "zbx": { "hostname": "zbx", "ip": "172.19.140.10", "prefix": "24", "gw": "172.19.140.1", "domain": "avndr.ru", "description": "ВМ Сервер мониторинга (ZbxProxy)", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "arm-cont4": { "hostname": "arm-cont4", "ip": "172.19.210.2", "prefix": "24", "gw": "172.19.210.1", "domain": "avndr.ru", "description": "АРМ ЦУС Континент 4", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "arm-web-oper": { "hostname": "arm-web-oper", "ip": "172.19.220.2", "prefix": "24", "gw": "172.19.220.1", "domain": "avndr.ru", "description": "ВВС АРМ WEB (1)", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "arm-web-adm": { "hostname": "arm-web-adm", "ip": "172.19.230.2", "prefix": "24", "gw": "172.19.230.1", "domain": "avndr.ru", "description": "ВВС АРМ WEB (2)", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "arm-web-pki": { "hostname": "arm-web-pki", "ip": "172.19.230.2", "prefix": "24", "gw": "172.19.230.1", "domain": "avndr.ru", "description": "АРМ адм САВС", "type": "host", "affinity": [ "fw_cr", "fw_cr_ca" ] } }, "nets": { "net_any": { "hostname": "net_any", "ip": "0.0.0.0", "prefix": "0", "gw": "", "domain": "avndr.ru", "description": "Any", "type": "network", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "net_uc_srv": { "hostname": "net_uc_srv", "ip": "172.19.20.0", "prefix": "24", "gw": "", "domain": "avndr.ru", "description": "Сегмент УЦ ПУЦ+TLS", "type": "network", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "net_uc_adm_srv": { "hostname": "net_uc_adm_srv", "ip": "172.19.40.0", "prefix": "24", "gw": "", "domain": "avndr.ru", "description": "Административный сегмент УЦ", "type": "network", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "net_dr_pki": { "hostname": "net_dr_pki", "ip": "172.19.100.0", "prefix": "24", "gw": "", "domain": "avndr.ru", "description": "Сегмент САВС", "type": "network", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "net_dr_ko": { "hostname": "net_dr_ko", "ip": "172.19.110.0", "prefix": "24", "gw": "", "domain": "avndr.ru", "description": "Сегмент КО", "type": "network", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "net_dr_kk": { "hostname": "net_dr_kk", "ip": "172.19.120.0", "prefix": "24", "gw": "", "domain": "avndr.ru", "description": "Сегмент КК", "type": "network", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "net_dr_core_srv": { "hostname": "net_dr_core_srv", "ip": "172.19.130.0", "prefix": "24", "gw": "", "domain": "avndr.ru", "description": "Сегмент интеграции", "type": "network", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "net_dr_adm_srv": { "hostname": "net_dr_adm_srv", "ip": "172.19.140.0", "prefix": "24", "gw": "", "domain": "avndr.ru", "description": "Административный сегмент", "type": "network", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "net_dr_gis_esia": { "hostname": "net_dr_gis_esia", "ip": "172.19.150.0", "prefix": "24", "gw": "", "domain": "avndr.ru", "description": "Сегмент ГИС ЕСИА", "type": "network", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "net_dr_adm_arm_cont4": { "hostname": "net_dr_adm_arm_cont4", "ip": "172.19.210.0", "prefix": "24", "gw": "", "domain": "avndr.ru", "description": "Сегмент администраторов ЦР", "type": "network", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "net_dr_adm_arm_web1": { "hostname": "net_dr_adm_arm_web1", "ip": "172.19.220.0", "prefix": "24", "gw": "", "domain": "avndr.ru", "description": "Сегмент администраторов ЦР", "type": "network", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "net_dr_adm_arm_web2": { "hostname": "net_dr_adm_arm_web2", "ip": "172.19.230.0", "prefix": "24", "gw": "", "domain": "avndr.ru", "description": "Сегмент администраторов ЦР", "type": "network", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "net_dr_adm_arm_pki": { "hostname": "net_dr_adm_arm_pki", "ip": "172.19.230.0", "prefix": "24", "gw": "", "domain": "avndr.ru", "description": "Сегмент администраторов ЦР", "type": "network", "affinity": [ "fw_cr", "fw_cr_ca" ] }, "net_dr_adm_arm_ngate": { "hostname": "net_dr_adm_arm_ngate", "ip": "172.19.250.0", "prefix": "24", "gw": "", "domain": "avndr.ru", "description": "Сегмент администраторов ЦР", "type": "network", "affinity": [ "fw_cr", "fw_cr_ca" ] } }, "groups": { "net_any": { "name": "net_any", "items": [ { "hostname": "0.0.0.0/0" } ] }, "prot_set_uc_adm": { "name": "prot_set_uc_adm", "items": [ { "hostname": "arm-cont3" }, { "hostname": "arm-cr" } ] }, "prot_set_uc_arm_reg_dr": { "name": "prot_set_uc_arm_reg_dr", "items": [ { "hostname": "arm-cr" } ] }, "prot_set_uc_arm_reg_tls": { "name": "prot_set_uc_arm_reg_tls", "items": [ { "hostname": "arm-cr" } ] }, "prot_set_uc_reg_dr": { "name": "prot_set_uc_reg_dr", "items": [ { "hostname": "cr" } ] }, "prot_set_uc_reg_tls": { "name": "prot_set_uc_reg_tls", "items": [ { "hostname": "cr" } ] }, "set_abs": { "name": "set_abs", "items": [] }, "set_cdp": { "name": "set_cdp", "items": [] }, "set_dbo": { "name": "set_dbo", "items": [] }, "set_dns": { "name": "set_dns", "items": [] }, "set_dr": { "name": "set_dr", "items": [ { "hostname": "net_dr_pki" }, { "hostname": "net_dr_gis_esia" }, { "hostname": "net_dr_ko" }, { "hostname": "net_dr_kk" }, { "hostname": "net_dr_core_srv" }, { "hostname": "net_dr_adm_arm_cont4" }, { "hostname": "net_dr_adm_arm_web1" }, { "hostname": "net_dr_adm_arm_web2" }, { "hostname": "net_dr_adm_arm_pki" }, { "hostname": "net_dr_adm_arm_ngate" } ] }, "set_dr_adm_pki_cl": { "name": "set_dr_adm_pki_cl", "items": [ { "hostname": "pki.avndr.ru" } ] }, "set_dr_adm_web_adm": { "name": "set_dr_adm_web_adm", "items": [ { "hostname": "arm-web-adm.avndr.ru" } ] }, "set_dr_adm_web_oper": { "name": "set_dr_adm_web_oper", "items": [ { "hostname": "arm-web-oper.avndr.ru" } ] }, "set_dr_arm_ngate": { "name": "set_dr_arm_ngate", "items": [ { "hostname": "arm-ngate.avndr.ru" } ] }, "set_dr_esia_tr": { "name": "set_dr_esia_tr", "items": [ { "hostname": "esia.avndr.ru" } ] }, "set_dr_gateout": { "name": "set_dr_gateout", "items": [ { "hostname": "core.avndr.ru" } ] }, "set_dr_kk_be": { "name": "set_dr_kk_be", "items": [ { "hostname": "kk-app.avndr.ru" } ] }, "set_dr_kk_crypto": { "name": "set_dr_kk_crypto", "items": [ { "hostname": "kk-csp.avnd.ru" } ] }, "set_dr_kk_db": { "name": "set_dr_kk_db", "items": [ { "hostname": "kk-db.avndr.ru" } ] }, "set_dr_ko_be": { "name": "set_dr_ko_be", "items": [ { "hostname": "ko-app.avndr.ru" } ] }, "set_dr_ko_crypto": { "name": "set_dr_ko_crypto", "items": [ { "hostname": "ko-csp.avndr.ru" } ] }, "set_dr_ko_db": { "name": "set_dr_ko_db", "items": [ { "hostname": "ko-db.avndr.ru" } ] }, "set_dr_ngate": { "name": "set_dr_ngate", "items": [ { "hostname": "ngate-mgmt" }, { "hostname": "ngate-node01" }, { "hostname": "ngate-node02" } ] }, "set_dr_ngate_mgmt": { "name": "set_dr_ngate_mgmt", "items": [ { "hostname": "ngate-mgmt" } ] }, "set_dr_ngate_nodes": { "name": "set_dr_ngate_nodes", "items": [ { "hostname": "ngate-node01" }, { "hostname": "ngate-node02" } ] }, "set_dr_pki_cluster": { "name": "set_dr_pki_cluster", "items": [ { "hostname": "pki.avndr.ru" } ] }, "set_dr_plcr": { "name": "set_dr_plcr", "items": [ { "hostname": "cbr_cd-tuz01" }, { "hostname": "cbr_cd-tuz02" }, { "hostname": "cbr_cd-tuz03" }, { "hostname": "cbr_cd-tuz04" } ] }, "set_dr_savs_mps": { "name": "set_dr_savs_mps", "items": [ { "hostname": "mps.avndr.ru" } ] }, "set_dr_savs_mps_be": { "name": "set_dr_savs_mps_be", "items": [ { "hostname": "mps.avndr.ru" } ] }, "set_dr_savs_mps_crypto": { "name": "set_dr_savs_mps_crypto", "items": [ { "hostname": "mps.avndr.ru" } ] }, "set_dr_savs_mps_db": { "name": "set_dr_savs_mps_db", "items": [ { "hostname": "mps.avndr.ru" } ] }, "set_dr_ss_arch_be": { "name": "set_dr_ss_arch_be", "items": [ { "hostname": "core.avndr.ru" } ] }, "set_dr_ss_arch_db": { "name": "set_dr_ss_arch_db", "items": [ { "hostname": "arch-db.avndr.ru" } ] }, "set_dr_ss_core_bbs": { "name": "set_dr_ss_core_bbs", "items": [ { "hostname": "core.avndr.ru" } ] }, "set_dr_ss_core_bbs_db": { "name": "set_dr_ss_core_bbs_db", "items": [ { "hostname": "core-db.avndr.ru" } ] }, "set_dr_ss_integr_be": { "name": "set_dr_ss_integr_be", "items": [ { "hostname": "core.avndr.ru" } ] }, "set_dr_ss_keycloak": { "name": "set_dr_ss_keycloak", "items": [ { "hostname": "core.avndr.ru" } ] }, "set_dr_ss_nginx": { "name": "set_dr_ss_nginx", "items": [ { "hostname": "core.avndr.ru" } ] }, "set_dr_tech_server": { "name": "set_dr_tech_server", "items": [ { "hostname": "-" } ] }, "set_hsm": { "name": "set_hsm", "items": [ { "hostname": "-" } ] }, "set_ksc": { "name": "set_ksc", "items": [ { "hostname": "ksc.avndr.ru" } ] }, "set_ntp": { "name": "set_ntp", "items": [] }, "set_rubackup_servers": { "name": "set_rubackup_servers", "items": [ { "hostname": "rk.avndr.ru" } ] }, "set_siem": { "name": "set_siem", "items": [] }, "set_uc": { "name": "set_uc", "items": [ { "hostname": "net_uc_srv" }, { "hostname": "net_uc_adm_srv" }, { "hostname": "net_uc_cus_adm" }, { "hostname": "net_uc_arm_ra" } ] }, "set_uc_adm_arm_reg": { "name": "set_uc_adm_arm_reg", "items": [ { "hostname": "arm-cr" } ] }, "set_uc_arm_hsm": { "name": "set_uc_arm_hsm", "items": [ { "hostname": "arm-hsm" } ] }, "set_uc_cgw_ncc3": { "name": "set_uc_cgw_ncc3", "items": [ { "hostname": "gw-uc" }, { "hostname": "ncc-uc" } ] }, "set_uc_cgw_ncc4": { "name": "set_uc_cgw_ncc4", "items": [ { "hostname": "ncc.avndr.ru" }, { "hostname": "gw.avndr.ru" }, { "hostname": "gw02.avndr.ru" }, { "hostname": "gw.avndr.ru" } ] }, "set_uc_cgw3": { "name": "set_uc_cgw3", "items": [ { "hostname": "gw-uc" } ] }, "set_uc_cgw4": { "name": "set_uc_cgw4", "items": [ { "hostname": "gw.avndr.ru" }, { "hostname": "gw02.avndr.ru" }, { "hostname": "gw.avndr.ru" } ] }, "set_uc_ncc3": { "name": "set_uc_ncc3", "items": [ { "hostname": "ncc-uc" } ] }, "set_uc_ncc4": { "name": "set_uc_ncc4", "items": [ { "hostname": "ncc.avndr.ru" } ] }, "set_uc_ntp": { "name": "set_uc_ntp", "items": [ { "hostname": "ntp" } ] }, "set_uc_ntp_prot": { "name": "set_uc_ntp_prot", "items": [ { "hostname": "ntp" } ] }, "set_uc_reg_dr": { "name": "set_uc_reg_dr", "items": [ { "hostname": "cs" } ] }, "set_uc_reg_tls": { "name": "set_uc_reg_tls", "items": [ { "hostname": "cr" } ] }, "set_uc_rubackup_servers": { "name": "set_uc_rubackup_servers", "items": [ { "hostname": "rk-uc" } ] }, "set_zabbix": { "name": "set_zabbix", "items": [] }, "set_uc_cert_tls": { "name": "set_uc_cert_tls", "items": [ { "hostname": "cs" } ] }, "set_uc_dr": { "name": "set_uc_dr", "items": [ { "hostname": "cs" } ] }, "grp_web_servers": { "name": "grp_web_servers", "items": [ { "hostname": "web01" }, { "hostname": "web02" }, { "hostname": "net_dmz" } ] } }, "services": { "dc-locator": { "name": "dc-locator-389-udp", "sport": "any", "dport": "389", "proto": "udp" }, "dns-tcp": { "name": "dns-53-tcp", "sport": "any", "dport": "53", "proto": "tcp" }, "dns-udp": { "name": "dns-53-udp", "sport": "any", "dport": "53", "proto": "udp" }, "globalcatalog-tcp": { "name": "globalcatalog-3268-tcp", "sport": "any", "dport": "3268", "proto": "tcp" }, "globalcatalog-udp": { "name": "globalcatalog-3268-udp", "sport": "any", "dport": "3268", "proto": "udp" }, "ngate-webcon": { "name": "ngate-webcon-8000-tcp", "sport": "any", "dport": "8000", "proto": "tcp" }, "icmp": { "name": "icmp-echo", "sport": "-", "dport": "-", "proto": "icmp-request" }, "syslog-tcp": { "name": "syslog-514-tcp", "sport": "any", "dport": "514", "proto": "tcp" }, "syslog-udp": { "name": "syslog-514-udp", "sport": "any", "dport": "514", "proto": "udp" }, "syslog-10514-udp": { "name": "syslog-10514-udp", "sport": "any", "dport": "10514", "proto": "udp" }, "ssh": { "name": "ssh-22-tcp", "sport": "any", "dport": "22", "proto": "tcp" }, "smtp": { "name": "smtp-25-tcp", "sport": "any", "dport": "25", "proto": "tcp" }, "smtp-tls": { "name": "smtp-tls-587-tcp", "sport": "any", "dport": "587", "proto": "tcp" }, "smtp-ssl": { "name": "smtp-ssl-465-tcp", "sport": "any", "dport": "465", "proto": "tcp" }, "smb": { "name": "smb-445-tcp", "sport": "any", "dport": "445", "proto": "tcp" }, "sn-tls": { "name": "sn-tls-443-tcp", "sport": "any", "dport": "443", "proto": "tcp" }, "sn-pwd-change-tcp": { "name": "sn-pwd-change-42464-tcp", "sport": "any", "dport": "42464", "proto": "tcp" }, "sn-pwd-change-udp": { "name": "sn-pwd-change-42464-udp", "sport": "any", "dport": "42464", "proto": "udp" }, "sn-lds-tls": { "name": "sn-lds-tls-50001-tcp", "sport": "any", "dport": "30001", "proto": "tcp" }, "sn-lds": { "name": "sn-lds-50000-tcp", "sport": "any", "dport": "30000", "proto": "tcp" }, "sn-kerberos-tcp": { "name": "sn-kerberos-42088-tcp", "sport": "any", "dport": "42088", "proto": "tcp" }, "sn-kerberos-udp": { "name": "sn-kerberos-42088-udp", "sport": "any", "dport": "42088", "proto": "udp" }, "sn-gc-lds-tls": { "name": "sn-gc-lds-tls-50003-tcp", "sport": "any", "dport": "30003", "proto": "tcp" }, "sn-gc-lds": { "name": "sn-gc-lds-50002-tcp", "sport": "any", "dport": "30002", "proto": "tcp" }, "snmp-trap-162-udp": { "name": "snmp-trap-162-udp", "sport": "any", "dport": "162", "proto": "udp" }, "snmp-161-udp": { "name": "snmp-161-udp", "sport": "any", "dport": "161", "proto": "udp" }, "tls-pcr-processing-ul": { "name": "tls-pcr-processing-ul-443-tcp (change)", "sport": "any", "dport": "443", "proto": "tcp" }, "tls-pcr-processing-fl": { "name": "tls-pcr-processing-fl-443-tcl (change)", "sport": "any", "dport": "443", "proto": "tcp" }, "tls-pcr-processing-fp": { "name": "tls-pcr-processing-fp-443-tcp (change)", "sport": "any", "dport": "443", "proto": "tcp" }, "rdp-tcp": { "name": "rdp-3389-tcp", "sport": "any", "dport": "3389", "proto": "tcp" }, "rdp-udp": { "name": "rdp-3389-udp", "sport": "any", "dport": "3389", "proto": "udp" }, "psql-tcp": { "name": "psql-5432-tcp", "sport": "any", "dport": "5432", "proto": "tcp" }, "ntp": { "name": "ntp-123-udp", "sport": "any", "dport": "123", "proto": "udp" }, "netbios-137-udp": { "name": "netbios-137-udp", "sport": "any", "dport": "137", "proto": "udp" }, "netbios-138-udp": { "name": "netbios-138-udp", "sport": "any", "dport": "138", "proto": "udp" }, "netbios-139-tcp": { "name": "netbios-139-tcp", "sport": "any", "dport": "139", "proto": "tcp" }, "ldaps": { "name": "ldaps-636-tcp", "sport": "any", "dport": "636", "proto": "tcp" }, "ldap": { "name": "ldap-389-tcp", "sport": "any", "dport": "389", "proto": "tcp" }, "ksc-klserver-13000-udp": { "name": "ksc-klserver-13000-udp", "sport": "any", "dport": "13000", "proto": "udp" }, "ksc-klserver-13000-tcp": { "name": "ksc-klserver-13000-tcp", "sport": "any", "dport": "13000", "proto": "tcp" }, "ksc-klnagent-14000-tcp": { "name": "ksc-klnagent-14000-tcp", "sport": "any", "dport": "14000", "proto": "tcp" }, "ksc-distribution-tls": { "name": "ksc-distribution-tls-8061-tcp", "sport": "any", "dport": "8061", "proto": "tcp" }, "ksc-distribution": { "name": "ksc-distribution-8060-tcp", "sport": "any", "dport": "8060", "proto": "tcp" }, "ksc-webcon": { "name": "ksc-webcon-8080-tcp", "sport": "any", "dport": "8080", "proto": "tcp" }, "klnagent": { "name": "klnagent-15000-udp", "sport": "any", "dport": "15000", "proto": "udp" }, "krb-password-tcp": { "name": "krb-password-464-tcp", "sport": "any", "dport": "464", "proto": "tcp" }, "krb-password-udp": { "name": "krb-password-464-udp", "sport": "any", "dport": "464", "proto": "udp" }, "krb-88-udp": { "name": "krb-88-udp", "sport": "any", "dport": "88", "proto": "udp" }, "krb-88-tcp": { "name": "krb-88-tcp", "sport": "any", "dport": "88", "proto": "tcp" }, "k3-vpn": { "name": "k3-vpn-10000-10031-udp", "sport": "10000-10031", "dport": "10000-10031", "proto": "udp" }, "k3-sd-to-ap": { "name": "k3-sd-to-ap-7500-udp", "sport": "any", "dport": "7500", "proto": "udp" }, "k3-filetransfer-5103": { "name": "k3-filetransfer-5103-tcp", "sport": "any", "dport": "5103", "proto": "tcp" }, "k3-messages-5100": { "name": "k3-messages-5100-udp", "sport": "any", "dport": "5100", "proto": "udp" }, "k3-messages-5106-5107": { "name": "k3-messages-5106-5107-udp", "sport": "any", "dport": "5106,5107", "proto": "udp" }, "k3-messages-5109": { "name": "k3-messages-5109-udp", "sport": "5100", "dport": "5109", "proto": "udp" }, "k3-messages-5109-tcp": { "name": "k3-messages-5109-tcp", "sport": "5100", "dport": "5109", "proto": "tcp" }, "zabbix-agent-active": { "name": "zabbix-agent(active)-10051-tcp", "sport": "any", "dport": "10051", "proto": "tcp" }, "zabbix-agent": { "name": "zabbix-agent-10050-tcp", "sport": "any", "dport": "10050", "proto": "tcp" }, "http": { "name": "http-80-tcp", "sport": "any", "dport": "80", "proto": "tcp" }, "TLS": { "name": "TLS", "sport": "any", "dport": "443", "proto": "tcp" }, "nats-tech-4223": { "name": "nats-tech-4223-tcp", "sport": "any", "dport": "4223", "proto": "tcp" }, "nats-digrub-4222": { "name": "nats-digrub-4222-tcp", "sport": "any", "dport": "4222", "proto": "tcp" }, "nats-tls-4224": { "name": "nats-tls-4224-tcp", "sport": "any", "dport": "4224", "proto": "tcp" }, "ra-tech-1443": { "name": "ra-tech-442-tcp", "sport": "any", "dport": "1443", "proto": "tcp" }, "ra-digrub-443": { "name": "ra-digrub-443-tcp", "sport": "any", "dport": "443", "proto": "tcp" }, "ra-tls-2443": { "name": "ra-tls-444-tcp", "sport": "any", "dport": "2443", "proto": "tcp" }, "drweb-ess-2193-tcp": { "name": "drweb-ess-2193-tcp", "sport": "any", "dport": "2193", "proto": "tcp" } }, "service_groups": { "sg_dns": { "name": "sg_dns", "items": [ "dns-tcp", "dns-udp" ] }, "sn-in": { "name": "SecretNet-In", "items": [ "sn-pwd-change-tcp", "sn-pwd-change-udp", "sn-lds-tls", "sn-lds", "sn-kerberos-tcp", "sn-kerberos-udp", "sn-gc-lds-tls", "sn-gc-lds" ] }, "ad-ds-in": { "name": "ADDS-In", "items": [ "dns-tcp", "dns-udp", "globalcatalog-tcp", "globalcatalog-udp", "ntp", "netbios-137-udp", "netbios-138-udp", "netbios-139-tcp", "ldaps", "ldap", "krb-password-tcp", "krb-password-udp", "krb-88-udp", "krb-88-tcp", "dc-locator", "smb" ] }, "ksc-in": { "name": "KasperskySecurityCenter-In", "items": [ "ksc-klserver-13000-udp", "ksc-klserver-13000-tcp", "ksc-klnagent-14000-tcp", "ksc-distribution-tls", "ksc-distribution" ] }, "klnagent-in": { "name": "KasperskyLabsNetworkAgent-In", "items": [ "klnagent" ] }, "cyberbackup-in": { "name": "Cyberbackup-In", "items": [ "cyberbackup-7780", "cyberbackup-9877", "smb" ] } }, "rules": [ { "name": "Инфраструктурные правила", "order": 1000, "type": "span", "affinity": [ "fw_cr" ] }, { "name": "ICMP Echo", "order": 1010, "type": "rule", "affinity": [ "fw_ca_cgw", "fw_core" ], "description": "Разрешить ICMP", "action": "allow", "log": "false", "idp": "false", "src_list": [ { "ref_type": "group", "ref_key": "set_dr" } ], "dst_list": [ { "ref_type": "group", "ref_key": "net_any" } ], "service_list": [ "icmp" ], "service_group_list": [] }, { "name": "ICMP Echo-ext", "order": 1020, "type": "rule", "affinity": [ "fw_ca_cgw", "fw_core" ], "description": "Разрешить ICMP", "action": "allow", "log": "false", "idp": "false", "src_list": [ { "ref_type": "group", "ref_key": "net_any" } ], "dst_list": [ { "ref_type": "group", "ref_key": "set_dr" } ], "service_list": [ "icmp" ], "service_group_list": [] }, { "name": "to_dns", "order": 1030, "type": "rule", "affinity": [ "fw_ca_cgw", "fw_core" ], "description": "Разрешить доступ к DNS", "action": "allow", "log": "false", "idp": "false", "src_list": [ { "ref_type": "group", "ref_key": "set_dr" } ], "dst_list": [ { "ref_type": "group", "ref_key": "set_dns" } ], "service_list": [ "ssh" ], "service_group_list": [] }, { "name": "to_syslog", "order": 1040, "type": "rule", "affinity": [ "fw_ca_cgw", "fw_core" ], "description": "Разрешить доступ к Syslog", "action": "allow", "log": "false", "idp": "false", "src_list": [ { "ref_type": "group", "ref_key": "set_dr" } ], "dst_list": [ { "ref_type": "group", "ref_key": "set_siem" } ], "service_list": [ "syslog-tcp" ], "service_group_list": [] }, { "name": "to_ksc", "order": 1050, "type": "rule", "affinity": [ "fw_ca_cgw", "fw_core" ], "description": "Разрешить доступ к Kaspersky Security Center", "action": "allow", "log": "false", "idp": "false", "src_list": [ { "ref_type": "group", "ref_key": "set_dr" } ], "dst_list": [ { "ref_type": "group", "ref_key": "set_ksc" } ], "service_list": [ "ssh" ], "service_group_list": [] }, { "name": "to_kaspersky_updates", "order": 1060, "type": "rule", "affinity": [ "fw_ca_cgw", "fw_core" ], "description": "Разрешить доступ к папке обновлений Kaspersky", "action": "allow", "log": "false", "idp": "false", "src_list": [ { "ref_type": "group", "ref_key": "set_dr" } ], "dst_list": [ { "ref_type": "group", "ref_key": "set_ksc" } ], "service_list": [ "ssh" ], "service_group_list": [] }, { "name": "to_zabbix", "order": 1070, "type": "rule", "affinity": [ "fw_ca_cgw", "fw_core" ], "description": "Разрешить доступ к серверам Zabbix", "action": "allow", "log": "false", "idp": "false", "src_list": [ { "ref_type": "group", "ref_key": "set_dr" } ], "dst_list": [ { "ref_type": "group", "ref_key": "set_zabbix" } ], "service_list": [ "ssh" ], "service_group_list": [] }, { "name": "Взаимодействие в УЦ", "order": 1080, "type": "span", "affinity": [ "fw_cr" ] }, { "name": "pki_cluster_tls", "order": 1090, "type": "rule", "affinity": [ "fw_ca_cgw" ], "description": "Разрешить обращения PKI-кластер к Центру регистрации УЦ TLS", "action": "allow", "log": "false", "idp": "false", "src_list": [ { "ref_type": "server", "ref_key": "pki" }, { "ref_type": "group", "ref_key": "set_dr_pki_cluster" } ], "dst_list": [ { "ref_type": "group", "ref_key": "set_uc_reg_tls" } ], "service_list": [ "ssh" ], "service_group_list": [] }, { "name": "pki_cluster_dr", "order": 1100, "type": "rule", "affinity": [ "fw_ca_cgw" ], "description": "Разрешить обращения PKI-кластер к Центру регистрации УЦ УНЭП", "action": "allow", "log": "false", "idp": "false", "src_list": [ { "ref_type": "group", "ref_key": "set_dr_pki_cluster" } ], "dst_list": [ { "ref_type": "group", "ref_key": "set_uc_reg_dr" } ], "service_list": [ "ssh" ], "service_group_list": [] }, { "name": "crl_request_tls_external", "order": 1110, "type": "rule", "affinity": [ "fw_ca_cgw" ], "description": "Разрешить доступ к CRL из сети предприятия", "action": "allow", "log": "false", "idp": "false", "src_list": [ { "ref_type": "group", "ref_key": "net_any" } ], "dst_list": [ { "ref_type": "group", "ref_key": "set_uc_reg_tls" } ], "service_list": [ "ssh" ], "service_group_list": [] }, { "name": "crl_request_dr_external", "order": 1120, "type": "rule", "affinity": [ "fw_ca_cgw" ], "description": "Разрешить доступ к CRL из сети предприятия", "action": "allow", "log": "false", "idp": "false", "src_list": [ { "ref_type": "group", "ref_key": "net_any" } ], "dst_list": [ { "ref_type": "group", "ref_key": "set_uc_reg_dr" } ], "service_list": [ "ssh" ], "service_group_list": [] }, { "name": "rubackup-cmd", "order": 1130, "type": "rule", "affinity": [ "fw_ca_cgw" ], "description": "Управление операциями на клиенте резервного копирования", "action": "allow", "log": "false", "idp": "false", "src_list": [ { "ref_type": "group", "ref_key": "set_dr" } ], "dst_list": [ { "ref_type": "group", "ref_key": "set_rubackup_servers" } ], "service_list": [ "ssh" ], "service_group_list": [] }, { "name": "rubackup-media", "order": 1140, "type": "rule", "affinity": [ "fw_ca_cgw" ], "description": "Передача данных между медиасервером и клиентом", "action": "allow", "log": "false", "idp": "false", "src_list": [ { "ref_type": "group", "ref_key": "set_dr" } ], "dst_list": [ { "ref_type": "group", "ref_key": "set_rubackup_servers" } ], "service_list": [ "ssh" ], "service_group_list": [] }, { "name": "rubackup-api", "order": 1150, "type": "rule", "affinity": [ "fw_ca_cgw" ], "description": "Управление операциями RuBackup через REST API", "action": "allow", "log": "false", "idp": "false", "src_list": [ { "ref_type": "group", "ref_key": "set_dr" } ], "dst_list": [ { "ref_type": "group", "ref_key": "set_rubackup_servers" } ], "service_list": [ "ssh" ], "service_group_list": [] }, { "name": "repo", "order": 1160, "type": "rule", "affinity": [ "fw_cr" ], "description": "Внутренний репозиторий", "action": "allow", "log": "false", "idp": "false", "src_list": [ { "ref_type": "group", "ref_key": "set_dr" } ], "dst_list": [ { "ref_type": "group", "ref_key": "set_dr_tech_server" } ], "service_list": [ "ssh" ], "service_group_list": [] }, { "name": "CC", "order": 1170, "type": "span", "affinity": [ "fw_cr" ] }, { "name": "cc_mps_to_pki_cluster", "order": 2000, "type": "rule", "description": "Обращения от МПС до PKI-кластера", "action": "allow", "log": "false", "idp": "false", "affinity": [ "fw_cr" ], "src_list": [ { "ref_key": "set_dr_savs_mps", "ref_type": "group" } ], "dst_list": [ { "ref_key": "set_dr_pki_cluster", "ref_type": "group" } ], "service_list": [ "TLS" ], "service_group_list": [] } ] }