ProHoster > Блог > Gudanarwa > Duba Point Gaia R80.40. Me ke faruwa?

Duba Point Gaia R80.40. Me ke faruwa?

Duba Point Gaia R80.40. Me ke faruwa?

Sakin na gaba na tsarin aiki yana gabatowa Gaba R80.40. Makonni kadan da suka gabata An fara shirin shiga da wuri, inda za ku iya samun dama don gwada rarrabawa. Kamar yadda muka saba, muna buga bayanai game da sabon abu, kuma muna haskaka abubuwan da suka fi ban sha'awa daga ra'ayinmu. Duban gaba, zan iya cewa sabbin abubuwa suna da mahimmanci da gaske. Saboda haka, yana da daraja shirya don farkon sabunta hanya. A baya muna da ya buga labarin kan yadda ake yin wannan (don ƙarin bayani, da fatan za a ziyarci tuntuɓar nan). Muje kan batun...

Me ke faruwa

Bari mu kalli sabbin abubuwan da aka sanar a hukumance anan. Bayanin da aka ɗauka daga rukunin yanar gizon Duba Mates (jami'ar Check Point Community). Da izininka, ba zan fassara wannan rubutu ba, da fatan masu sauraron Habr sun yarda da shi. A maimakon haka, zan bar sharhi na don babi na gaba.

1. Tsaro na IoT. Sabbin abubuwa masu alaƙa da Intanet na Abubuwa

  • Tattara na'urorin IoT da halayen zirga-zirga daga injunan ganowa na IoT da aka ba da izini (a halin yanzu yana tallafawa Medigate, CyberMDX, Cynerio, Claroty, Indegy, SAM da Armis).
  • Sanya sabon Layer Policy sadaukarwa na IoT a cikin sarrafa manufofin.
  • Tsara da sarrafa dokokin tsaro waɗanda suka dogara da halayen na'urorin IoT.

2.TLS DubawaHTTP/2:

  • HTTP/2 sabuntawa ne ga ka'idar HTTP. Sabuntawa yana ba da haɓakawa zuwa sauri, inganci da tsaro da sakamako tare da ingantaccen ƙwarewar mai amfani.
  • Duba Ƙofar Tsaro ta Point yanzu tana goyan bayan HTTP/2 kuma tana fa'ida mafi kyawun gudu da inganci yayin samun cikakken tsaro, tare da duk rigakafin Barazana da ɓangarorin Gudanarwa, da kuma sabbin kariyar ka'idar HTTP/2.
  • Taimako don duka bayanan sirri ne da ɓoyayyen zirga-zirgar SSL kuma an haɗa shi da cikakken HTTPS/TLS
  • Abubuwan dubawa.

TLS dubawa Layer. Sabbin abubuwa game da binciken HTTPS:

  • Wani sabon Layer Policy a cikin SmartConsole sadaukar don Binciken TLS.
  • Za a iya amfani da yadudduka Dubawa na TLS daban-daban a cikin fakitin manufofi daban-daban.
  • Raba Layer Inspection TLS a cikin fakitin manufofi da yawa.
  • API don ayyukan TLS.

3. Rigakafin Barazana

  • Gabaɗaya haɓaka ingantaccen aiki don hanyoyin rigakafin Barazana da sabuntawa.
  • Sabuntawa ta atomatik zuwa Injin Haɓakar Barazana.
  • Za a iya amfani da Maɗaukaki, Domain da Abubuwan Sabuntawa yanzu a cikin Rigakafin Barazana da manufofin Binciken TLS. Abubuwan da ake sabuntawa abubuwa ne na hanyar sadarwa waɗanda ke wakiltar sabis na waje ko sanannen jerin adiresoshin IP masu ƙarfi, misali - adiresoshin IP na Office365 / Google / Azure / AWS da abubuwan Geo.
  • Anti-Virus yanzu yana amfani da alamun barazanar SHA-1 da SHA-256 don toshe fayiloli dangane da hashes. Shigo da sabbin masu nuni daga duban Manufofin Barazana na SmartConsole ko CLI na Ciyarwar Hankali ta Musamman.
  • Anti-Virus da SandBlast Barazana Emulation yanzu suna goyan bayan duba zirga-zirgar imel akan ka'idar POP3, da kuma ingantaccen duba zirga-zirgar imel akan ka'idar IMAP.
  • Anti-Virus da SandBlast Barazana Emulation yanzu suna amfani da sabon fasalin binciken SSH don bincika fayilolin da aka canjawa wuri akan ka'idojin SCP da SFTP.
  • Anti-Virus da SandBlast Barazana Emulation yanzu suna ba da ingantaccen tallafi don duba SMBv3 (3.0, 3.0.2, 3.1.1), wanda ya haɗa da duba hanyoyin haɗin tashoshi da yawa. Duba Point yanzu shine kawai mai siyarwa don tallafawa duba canja wurin fayil ta hanyar tashoshi da yawa (samfurin da ke gaba-gaba a duk mahallin Windows). Wannan yana ba abokan ciniki damar kasancewa cikin aminci yayin aiki tare da wannan fasalin haɓaka aikin.

4. Sanin Sanin Mutum

  • Taimako don haɗin kai Portal tare da SAML 2.0 da Masu Ba da Shaida na ɓangare na uku.
  • Goyon bayan Dillalan Identity don daidaitawa da musayar bayanan sirri tsakanin PDPs, da kuma raba tsakanin yanki.
  • Haɓakawa ga Wakilin Sabar Tasha don ingantacciyar ƙira da dacewa.

5. IPsec VPN

  • Sanya wuraren ɓoye daban-daban na VPN akan hanyar Tsaro wanda shine memba na al'ummomin VPN da yawa. Wannan yana ba da:
  • Ingantaccen sirri - Ba a bayyana hanyoyin sadarwa na ciki a cikin tattaunawar yarjejeniya ta IKE.
  • Ingantattun tsaro da girman kai - Ƙayyade waɗanne cibiyoyin sadarwa ne ke samun dama a cikin ƙayyadadden al'ummar VPN.
  • Ingantattun ma'amala - Sauƙaƙe ma'anar VPN na tushen hanya (an bada shawarar lokacin da kuke aiki tare da yankin ɓoye ɓoyayyen fanko na VPN).
  • Ƙirƙiri da aiki ba tare da matsala ba tare da Babban Sikelin VPN (LSV) tare da taimakon bayanan bayanan LSV.

6. URL Tace

  • Inganta scalability da juriya.
  • Ƙwararren damar magance matsala.

7. NAT

  • Ingantacciyar hanyar rarraba tashar tashar NAT - akan Ƙofar Tsaro tare da 6 ko fiye da misalin CoreXL Firewall, duk lokuta suna amfani da tafkin guda ɗaya na tashoshin jiragen ruwa na NAT, wanda ke inganta amfani da tashar jiragen ruwa da sake amfani da shi.
  • Kulawar amfani da tashar tashar NAT a cikin CPView kuma tare da SNMP.

8. Voice over IP (VoIP)Misalin CoreXL Firewall da yawa suna ɗaukar ka'idar SIP don haɓaka aiki.

9. VPN mai nisaYi amfani da takardar shaidar inji don bambance tsakanin kamfanoni da kadarorin da ba na kamfani ba da kuma saita manufofin tilasta amfani da kadarorin kamfani kawai. Ƙaddamarwa na iya zama pre-logon (tabbacin na'ura kawai) ko bayan-logon (na'urar da amincin mai amfani).

10. Wakilin Shiga Ta Wayar hannuIngantattun Tsaron Ƙarshen Ƙarshe akan Buƙatu a cikin Wakilin Harshen Wayar hannu don tallafawa duk manyan masu binciken gidan yanar gizo. Don ƙarin bayani, duba sk113410.

11.CoreXL da Multi-Queue

  • Taimako don rarrabawa ta atomatik na CoreXL SNDs da misalin Firewall waɗanda baya buƙatar sake kunna Ƙofar Tsaro.
  • Inganta daga cikin kwarjinin akwatin - Ƙofar Tsaro ta atomatik tana canza adadin CoreXL SNDs da misalin Firewall da daidaitawar Multi-Queue dangane da nauyin zirga-zirga na yanzu.

12. Tari

  • Taimako don Yarjejeniyar Sarrafa Cluster a yanayin Unicast wanda ke kawar da buƙatar CCP

Hanyoyin Watsa shirye-shirye ko Multicast:

  • An kunna boye-boye-hannun ka'idar Sarrafawa ta Cluster yanzu ta tsohuwa.
  • Sabon yanayin ClusterXL -Active/Active, wanda ke goyan bayan Membobin Cluster a wurare daban-daban na yanki waɗanda ke kan rukunin gidajen yanar gizo daban-daban kuma suna da adiresoshin IP daban-daban.
  • Taimakawa ga Membobin ClusterXL waɗanda ke gudanar da nau'ikan software daban-daban.
  • An kawar da buƙatar daidaitawar MAC Magic lokacin da aka haɗa tari da yawa zuwa gidan yanar gizo iri ɗaya.

13. VSX

  • Taimako don haɓaka VSX tare da CPUSE a cikin Gaia Portal.
  • Taimako don Yanayin Up Active a cikin VSLS.
  • Taimako don rahotannin ƙididdiga na CPView don kowane Tsarin Kaya

14. Zero TouchTsarin saitin Plug & Play mai sauƙi don shigar da na'ura - kawar da buƙatar ƙwarewar fasaha da kuma haɗawa da na'urar don daidaitawar farko.

15. Gaia REST APIGaia REST API yana ba da sabuwar hanya don karantawa da aika bayanai zuwa sabar da ke tafiyar da Tsarin Gaia. Duba sk143612.

16. Advanced Routing

  • Haɓakawa ga OSPF da BGP suna ba da damar sake saitawa da sake kunna OSPF maƙwabta don kowane misali na CoreXL Firewall ba tare da buƙatar sake kunna daemon ba.
  • Haɓaka wartsakar da hanya don ingantacciyar kulawar rashin daidaituwar hanyar BGP.

17. Sabbin damar kwaya

  • An inganta Linux kwaya
  • Sabon tsarin rarraba (gpt):
  • Yana goyan bayan abubuwan motsa jiki sama da 2TB
  • Tsarin fayil mai sauri (xfs)
  • Yana goyan bayan tsarin ajiya mafi girma (har zuwa 48TB an gwada)
  • Haɓaka ayyukan I/O masu alaƙa
  • Multi-Queue:
  • Cikakken tallafin Gaia Clish don umarnin Multi-Queue
  • Tsarin "kunna ta tsohuwa" ta atomatik
  • SMB v2/3 Dutsen tallafi a cikin ruwan shiga Wayar hannu
  • Ƙara goyon bayan NFSv4 (abokin ciniki) (NFS v4.2 shine tsohuwar sigar NFS da aka yi amfani da ita)
  • Taimakawa sababbin kayan aikin tsarin don gyarawa, saka idanu da daidaita tsarin

18. CloudGuard Controller

  • Haɓaka ayyuka don haɗin kai zuwa Cibiyoyin Bayanai na waje.
  • Haɗin kai tare da VMware NSX-T.
  • Goyon baya don ƙarin umarnin API don ƙirƙira da shirya abubuwan uwar garken Cibiyar Bayanai.

19. Multi-Domain Server

  • Ajiye da maido da uwar garken Gudanarwar Yanki ɗaya akan Sabar Domain Multi-Domain.
  • Ƙaura Sabar Gudanar da Domain akan Sabar Domain Multi-Domain guda ɗaya zuwa wani Gudanarwar Tsaro na Yanki dabam dabam.
  • Ƙaura Sabar Gudanar da Tsaro don zama Sabar Gudanar da Yanki akan Sabar Domain Multi-Domain.
  • Ƙaura Sabar Gudanar da Domain don zama Sabar Gudanar da Tsaro.
  • Mayar da Domain akan Sabar Wuri Mai Yawa, ko Sabar Gudanar da Tsaro zuwa wani bita na baya don ƙarin gyarawa.

20. SmartTasks da API

  • Sabuwar Hanyar tantancewar API na Gudanarwa wacce ke amfani da Maɓallin API mai sarrafa kansa.
  • Sabbin Gudanarwa API yayi umarni don ƙirƙirar abubuwan tari.
  • Tsakiyar Tsara Jumbo Hotfix Accumulator da Hotfixes daga SmartConsole ko tare da API yana ba da damar shigarwa ko haɓaka Ƙofar Tsaro da Tari da yawa a layi daya.
  • SmartTasks - Sanya rubutun atomatik ko buƙatun HTTPS waɗanda ayyukan gudanarwa suka jawo, kamar buga zaman ko shigar da manufa.

21. Aiwatar da aikiTsakiyar Tsara Jumbo Hotfix Accumulator da Hotfixes daga SmartConsole ko tare da API yana ba da damar shigarwa ko haɓaka Ƙofar Tsaro da Tari da yawa a layi daya.

22. SmartEventRaba ra'ayoyin SmartView da rahotanni tare da sauran masu gudanarwa.

23.Log ExporterTace rajistan ayyukan fitarwa bisa ga ƙimar filin.

24. Ƙarshen Tsaro

  • Taimako don boye-boye na BitLocker don Cikakkiyar Rufewar Disk.
  • Taimako don takaddun shaida na Hukumar Takaddun shaida na waje don abokin ciniki na Tsaro na Ƙarshen
  • tantancewa da sadarwa tare da Sabar Gudanar da Tsaro na Ƙarshen.
  • Taimako don girman girman fakitin Abokin Tsaro na Ƙarshe bisa zaɓin da aka zaɓa
  • fasali don turawa.
  • Manufofin yanzu na iya sarrafa matakin sanarwar zuwa ƙarshen masu amfani.
  • Taimakawa ga yanayin VDI na dindindin a Gudanar da Manufofin Ƙarshen.

Abin da muka fi so (dangane da ayyukan abokin ciniki)

Kamar yadda kuke gani, akwai sabbin abubuwa da yawa. Amma a gare mu, amma tsarin hadawa, akwai abubuwa da yawa masu ban sha'awa (wanda kuma yana da ban sha'awa ga abokan cinikinmu). Manyan Mu 10:

  1. A ƙarshe, cikakken tallafi ga na'urorin IoT ya bayyana. Ya riga ya yi wuya a sami kamfani wanda ba shi da irin waɗannan na'urori.
  2. Binciken TLS yanzu an sanya shi a cikin wani Layer dabam (Layer). Ya fi dacewa fiye da yanzu (a 80.30). Babu sauran tafiyar da tsohon Legasy Dashboard. Bugu da kari, yanzu zaku iya amfani da abubuwan da ake ɗaukakawa a cikin manufofin dubawa na HTTPS, kamar ayyukan Office365, Google, Azure, AWS, da sauransu. Wannan ya dace sosai lokacin da kuke buƙatar saita keɓantawa. Koyaya, har yanzu babu tallafi ga tls 1.3. A fili za su "kama" tare da hotfix na gaba.
  3. Muhimman canje-canje don Anti-Virus da SandBlast. Yanzu za ku iya duba ladabi irin su SCP, SFTP da SMBv3 (ta hanyar, ba wanda zai iya duba wannan ka'idar multi-channel kuma).
  4. Akwai haɓaka da yawa game da VPN Site-to-Site. Yanzu zaku iya saita wuraren VPN da yawa akan ƙofa wanda ke cikin al'ummomin VPN da yawa. Ya dace sosai kuma ya fi aminci. Bugu da kari, a karshe Check Point ya tuna Route Based VPN kuma ya dan inganta kwanciyar hankali/daidaituwa.
  5. Shahararriyar fasalin ga masu amfani da nesa ta bayyana. Yanzu zaku iya tantancewa ba kawai mai amfani ba, har ma da na'urar da yake haɗawa. Misali, muna so mu ƙyale haɗin VPN daga na'urorin kamfanoni kawai. Ana yin wannan, ba shakka, tare da taimakon takaddun shaida. Hakanan yana yiwuwa a sanya hannun jari ta atomatik (SMB v2/3) don masu amfani da nesa tare da abokin ciniki na VPN.
  6. Akwai sauye-sauye da yawa a cikin aikin tari. Amma watakila ɗayan mafi ban sha'awa shine yuwuwar yin aiki da gungu inda ƙofofin ke da nau'ikan Gaia daban-daban. Wannan ya dace lokacin tsara sabuntawa.
  7. Ingantattun damar Zero Touch. Abu mai amfani ga waɗanda suka saba shigar da ƙofofin “kananan” (misali, na ATMs).
  8. Don rajistan ayyukan, ajiya har zuwa 48TB yanzu ana tallafawa.
  9. Kuna iya raba dashboards na SmartEvent tare da wasu masu gudanarwa.
  10. Log Exporter yanzu yana ba ku damar tace saƙonnin da aka aiko kafin tace ta amfani da filayen da ake buƙata. Wadancan. Abubuwan rajistan ayyukan da ake buƙata kawai za a watsa su zuwa tsarin SIEM ɗin ku

Sabuntawa

Wataƙila da yawa sun riga sun yi tunanin sabuntawa. Babu buƙatar gaggawa. Don farawa, sigar 80.40 dole ne ta matsa zuwa Gabaɗaya Kasancewa. Amma ko da bayan haka, bai kamata ku sabunta nan da nan ba. Yana da kyau a jira aƙalla hotfix na farko.
Wataƙila da yawa suna "zaune" akan tsofaffin sigogin. Zan iya faɗi cewa aƙalla yana yiwuwa (har ma ya zama dole) don sabuntawa zuwa 80.30. Wannan ya rigaya ya kasance tabbatacce kuma ingantaccen tsarin!

Hakanan zaka iya biyan kuɗi zuwa shafukanmu na jama'a (sakon waya, Facebook, VK, TS Magani Blog), inda zaku iya bin fitowar sabbin kayayyaki akan Check Point da sauran samfuran tsaro.

Masu amfani da rajista kawai za su iya shiga cikin binciken. Shigadon Allah.

Wane sigar Gaia kuke amfani da shi?

  • R77.10

  • R77.30

  • R80.10

  • R80.20

  • R80.30

  • Other

Masu amfani 13 sun kada kuri'a. Masu amfani 6 sun kaurace.

source: www.habr.com

Add a comment