Yin la'akari da yawan tambayoyin da suka fara zuwa mana ta hanyar SD-WAN, fasahar ta fara samun tushe sosai a Rasha. Masu sayarwa, a zahiri, ba sa barci kuma suna ba da ra'ayoyinsu, kuma wasu majagaba masu jaruntaka sun riga sun aiwatar da su akan hanyoyin sadarwar su.
Muna aiki tare da kusan dukkanin dillalai, kuma sama da shekaru da yawa a cikin dakin gwaje-gwajenmu na yi nasarar zurfafa bincike a cikin gine-ginen kowane babban mai haɓaka hanyoyin da aka ayyana software. SD-WAN daga Fortinet ya tsaya kadan kadan a nan, wanda kawai ya gina aikin daidaita zirga-zirga tsakanin tashoshin sadarwa a cikin software ta Firewall. Mafita ita ce dimokiradiyya, don haka yawanci kamfanoni ne waɗanda ba su shirya don sauye-sauyen duniya ba, amma suna son yin amfani da hanyoyin sadarwar su yadda ya kamata.
A cikin wannan labarin Ina so in gaya muku yadda ake saitawa da aiki tare da SD-WAN daga Fortinet, wanda wannan maganin ya dace da kuma waɗanne matsaloli da zaku iya fuskanta anan.
Fitattun 'yan wasa a cikin kasuwar SD-WAN ana iya rarraba su zuwa ɗayan nau'ikan biyu:
1. Farawa waɗanda suka haifar da mafita na SD-WAN daga karce. Mafi nasara daga cikin waɗannan suna samun babban ƙarfin ci gaba bayan manyan kamfanoni suka saya - wannan shine labarin Cisco / Viptela, VMWare / VeloCloud, Nuage / Nokia.
2. Manyan dillalai na cibiyar sadarwa waɗanda suka ƙirƙiri mafita na SD-WAN, haɓaka shirye-shirye da gudanarwa na masu amfani da su na gargajiya - wannan shine labarin Juniper, Huawei
Fortinet yayi nasarar gano hanyarsa. Software na Firewall yana da ginanniyar ayyuka wanda ya ba da damar haɗa mu'amalarsu zuwa tashoshi masu kama-da-wane da daidaita nauyi a tsakanin su ta amfani da hadaddun algorithms idan aka kwatanta da na al'ada. Ana kiran wannan aikin SD-WAN. Shin abin da Fortinet ya yi za a iya kiran shi SD-WAN? Kasuwar tana fahimtar a hankali cewa Software-Defined yana nufin rabuwa da Jirgin sarrafawa daga Jirgin Bayanai, masu kula da kwazo, da masu kade-kade. Fortinet ba shi da wani abu makamancin haka. Gudanar da tsakiya na zaɓi ne kuma ana bayarwa ta kayan aikin Fortimanager na gargajiya. Amma a ganina, bai kamata ku nemi gaskiya ba kuma ku ɓata lokaci kuna jayayya game da sharuɗɗan. A duniyar gaske, kowace hanya tana da fa'ida da rashin amfani. Mafi kyawun mafita shine fahimtar su kuma ku iya zaɓar mafita waɗanda suka dace da ayyukan.
Zan yi ƙoƙarin gaya muku tare da hotunan kariyar kwamfuta a hannu abin da SD-WAN daga Fortinet yayi kama da abin da zai iya yi.
Yadda duk yake aiki
Bari mu ɗauka kana da rassa biyu da aka haɗa ta tashoshin bayanai guda biyu. Waɗannan hanyoyin haɗin bayanan an haɗa su cikin rukuni, kama da yadda ake haɗa mu'amalar Ethernet na yau da kullun zuwa tashar tashar LACP-Port-Channel. Tsofaffin lokaci za su tuna da PPP Multilink - kuma kwatankwacin da ya dace. Tashoshi na iya zama tashar jiragen ruwa ta zahiri, VLAN SVI, da VPN ko GRE tunnels.
VPN ko GRE yawanci ana amfani da su lokacin haɗa cibiyoyin sadarwa na gida akan Intanet. Kuma tashoshin jiragen ruwa na zahiri - idan akwai haɗin L2 tsakanin shafuka, ko lokacin haɗawa akan keɓaɓɓen MPLS/VPN, idan mun gamsu da haɗin ba tare da rufewa da ɓoyewa ba. Wani yanayin da ake amfani da tashar jiragen ruwa ta zahiri a cikin ƙungiyar SD-WAN shine daidaita hanyar shiga cikin gida na masu amfani da Intanet.
A wurin mu akwai tacewar wuta guda hudu da kuma ramukan VPN guda biyu da ke aiki ta hanyar "masu gudanar da sadarwa" guda biyu. Jadawalin yayi kama da haka:
An saita ramukan VPN a cikin yanayin mu'amala ta yadda za su yi kama da haɗin kai-zuwa-ma'ana tsakanin na'urori masu adiresoshin IP akan mu'amalar P2P, waɗanda za a iya pinged don tabbatar da cewa sadarwa ta wani rami na aiki. Domin a rufaffen zirga-zirgar ababen hawa kuma ku je gefe na gaba, ya isa ku tura shi cikin rami. Madadin ita ce zaɓin zirga-zirga don ɓoyewa ta amfani da jerin hanyoyin sadarwa, wanda ke rikitar da mai gudanarwa sosai yayin da tsarin ya zama mai rikitarwa. A cikin babbar hanyar sadarwa, zaku iya amfani da fasahar ADVPN don gina VPN; wannan shine analogue na DMVPN daga Sisiko ko DVPN daga Huawei, wanda ke ba da damar saiti cikin sauƙi.
Saitin yanar gizo-zuwa-Gidan VPN don na'urori biyu tare da hanyar BGP a bangarorin biyu
«ЦОД» (DC)
«Филиал» (BRN)
config system interface
edit "WAN1"
set vdom "Internet"
set ip 1.1.1.1 255.255.255.252
set allowaccess ping
set role wan
set interface "DC-BRD"
set vlanid 111
next
edit "WAN2"
set vdom "Internet"
set ip 3.3.3.1 255.255.255.252
set allowaccess ping
set role lan
set interface "DC-BRD"
set vlanid 112
next
edit "BRN-Ph1-1"
set vdom "Internet"
set ip 192.168.254.1 255.255.255.255
set allowaccess ping
set type tunnel
set remote-ip 192.168.254.2 255.255.255.255
set interface "WAN1"
next
edit "BRN-Ph1-2"
set vdom "Internet"
set ip 192.168.254.3 255.255.255.255
set allowaccess ping
set type tunnel
set remote-ip 192.168.254.4 255.255.255.255
set interface "WAN2"
next
end
config vpn ipsec phase1-interface
edit "BRN-Ph1-1"
set interface "WAN1"
set local-gw 1.1.1.1
set peertype any
set net-device disable
set proposal aes128-sha1
set dhgrp 2
set remote-gw 2.2.2.1
set psksecret ***
next
edit "BRN-Ph1-2"
set interface "WAN2"
set local-gw 3.3.3.1
set peertype any
set net-device disable
set proposal aes128-sha1
set dhgrp 2
set remote-gw 4.4.4.1
set psksecret ***
next
end
config vpn ipsec phase2-interface
edit "BRN-Ph2-1"
set phase1name "BRN-Ph1-1"
set proposal aes256-sha256
set dhgrp 2
next
edit "BRN-Ph2-2"
set phase1name "BRN-Ph1-2"
set proposal aes256-sha256
set dhgrp 2
next
end
config router static
edit 1
set gateway 1.1.1.2
set device "WAN1"
next
edit 3
set gateway 3.3.3.2
set device "WAN2"
next
end
config router bgp
set as 65002
set router-id 10.1.7.1
set ebgp-multipath enable
config neighbor
edit "192.168.254.2"
set remote-as 65003
next
edit "192.168.254.4"
set remote-as 65003
next
end
config network
edit 1
set prefix 10.1.0.0 255.255.0.0
next
end
config system interface
edit "WAN1"
set vdom "Internet"
set ip 2.2.2.1 255.255.255.252
set allowaccess ping
set role wan
set interface "BRN-BRD"
set vlanid 111
next
edit "WAN2"
set vdom "Internet"
set ip 4.4.4.1 255.255.255.252
set allowaccess ping
set role wan
set interface "BRN-BRD"
set vlanid 114
next
edit "DC-Ph1-1"
set vdom "Internet"
set ip 192.168.254.2 255.255.255.255
set allowaccess ping
set type tunnel
set remote-ip 192.168.254.1 255.255.255.255
set interface "WAN1"
next
edit "DC-Ph1-2"
set vdom "Internet"
set ip 192.168.254.4 255.255.255.255
set allowaccess ping
set type tunnel
set remote-ip 192.168.254.3 255.255.255.255
set interface "WAN2"
next
end
config vpn ipsec phase1-interface
edit "DC-Ph1-1"
set interface "WAN1"
set local-gw 2.2.2.1
set peertype any
set net-device disable
set proposal aes128-sha1
set dhgrp 2
set remote-gw 1.1.1.1
set psksecret ***
next
edit "DC-Ph1-2"
set interface "WAN2"
set local-gw 4.4.4.1
set peertype any
set net-device disable
set proposal aes128-sha1
set dhgrp 2
set remote-gw 3.3.3.1
set psksecret ***
next
end
config vpn ipsec phase2-interface
edit "DC-Ph2-1"
set phase1name "DC-Ph1-1"
set proposal aes128-sha1
set dhgrp 2
next
edit "DC2-Ph2-2"
set phase1name "DC-Ph1-2"
set proposal aes128-sha1
set dhgrp 2
next
end
config router static
edit 1
set gateway 2.2.2.2
et device "WAN1"
next
edit 3
set gateway 4.4.4.2
set device "WAN2"
next
end
config router bgp
set as 65003
set router-id 10.200.7.1
set ebgp-multipath enable
config neighbor
edit "192.168.254.1"
set remote-as 65002
next
edit "192.168.254.3"
set remote-as 65002
next
end
config network
edit 1
set prefix 10.200.0.0 255.255.0.0
next
end
Ina samar da saitin a cikin nau'in rubutu, saboda, a ganina, ya fi dacewa don saita VPN ta wannan hanya. Kusan duk saitunan iri ɗaya ne a ɓangarorin biyu; a cikin sigar rubutu ana iya yin su azaman kwafi. Idan kun yi abu ɗaya a cikin haɗin yanar gizon yanar gizon, yana da sauƙi don yin kuskure - manta da alamar bincike a wani wuri, shigar da ƙimar da ba daidai ba.
Bayan mun ƙara musaya zuwa gungumen
duk hanyoyin da tsare-tsaren tsaro na iya komawa gare shi, kuma ba ga hanyoyin da aka haɗa a ciki ba. Aƙalla, kuna buƙatar ba da izinin zirga-zirga daga cibiyoyin sadarwa na ciki zuwa SD-WAN. Lokacin da kuka ƙirƙiri dokoki don su, zaku iya amfani da matakan kariya kamar IPS, riga-kafi da bayyana HTTPS.
An tsara Dokokin SD-WAN don tarin. Waɗannan ƙa'idodi ne waɗanda ke ayyana daidaita algorithm don takamaiman zirga-zirga. Sun yi kama da manufofin tafiyar da zirga-zirgar ababen hawa a cikin Hanyar Bayar da Manufofin, kawai sakamakon faɗuwar zirga-zirgar ababen hawa a ƙarƙashin manufar, ba hop-hop ko na yau da kullun mai fita ba ne aka shigar, amma abubuwan haɗin da aka ƙara zuwa tarin SD-WAN da ƙari. a zirga-zirga daidaita algorithm tsakanin wadannan musaya.
Ana iya raba zirga-zirgar ababen hawa daga gabaɗaya ta bayanan L3-L4, ta hanyar aikace-aikacen da aka sani, sabis na Intanet (URL da IP), da kuma ta sanannun masu amfani da wuraren aiki da kwamfyutoci. Bayan wannan, ana iya sanya ɗayan waɗannan algorithms masu daidaitawa zuwa ga zirga-zirgar da aka keɓe:
A cikin Lissafin Preference Interface, waɗannan musaya daga waɗanda aka riga aka ƙara zuwa tarin da za su yi amfani da irin wannan nau'in zirga-zirga an zaɓi. Ta ƙara ba duk musaya ba, zaku iya iyakance daidai waɗanne tashoshi kuke amfani da su, faɗi, imel, idan ba kwa son ɗaukar tashoshi masu tsada tare da babban SLA tare da shi. A cikin FortiOS 6.4.1, ya zama mai yiwuwa a haɗa ƙungiyoyin musaya da aka haɗa zuwa gunkin SD-WAN zuwa yankuna, ƙirƙirar, alal misali, yanki ɗaya don sadarwa tare da rukunin yanar gizo masu nisa, wani kuma don samun damar Intanet ta gida ta amfani da NAT. Ee, i, zirga-zirgar da ke zuwa Intanet ta yau da kullun kuma tana iya daidaitawa.
Game da daidaita algorithms
Game da yadda Fortigate (tacewar wuta daga Fortinet) zai iya raba zirga-zirga tsakanin tashoshi, akwai zaɓuɓɓuka biyu masu ban sha'awa waɗanda ba su da yawa a kasuwa:
Mafi ƙasƙanci (SLA) - daga duk musaya da ke gamsar da SLA a halin yanzu, wanda ke da ƙananan nauyi (farashi), wanda mai gudanarwa ya saita da hannu, an zaɓi; wannan yanayin ya dace da zirga-zirgar "yawan" kamar su madadin da canja wurin fayil.
Mafi kyawun inganci (SLA) - wannan algorithm, ban da jinkirin da aka saba da shi, jitter da asarar fakitin Fortigate, kuma yana iya amfani da nauyin tashar ta yanzu don tantance ingancin tashoshi; Wannan yanayin ya dace da zirga-zirga masu mahimmanci kamar VoIP da taron bidiyo.
Waɗannan algorithms suna buƙatar kafa mitar aikin tashar sadarwa - Ayyukan SLA. Wannan mita lokaci-lokaci (tazara tazara) tana lura da bayanai game da yarda da SLA: asarar fakiti, latency da jitter a cikin tashar sadarwa, kuma suna iya "ƙin" waɗancan tashoshi waɗanda a halin yanzu ba su cika madaidaicin madaidaicin ba - suna asarar fakiti da yawa ko kuma suna fuskantar ma. latency da yawa. Bugu da kari, mitar tana lura da matsayin tashar, kuma tana iya cire shi na ɗan lokaci daga gunkin idan an sami asarar martani akai-akai (rashin kasawa kafin aiki). Lokacin da aka dawo da shi, bayan amsawa da yawa a jere (sake hanyar haɗin gwiwa bayan), mita za ta dawo da tashar ta atomatik zuwa gunkin, kuma za a fara watsa bayanai ta hanyarta kuma.
Wannan shine yadda saitin "mita" yayi kama:
A cikin mahallin yanar gizo, ICMP-Echo-request, HTTP-GET da buƙatun DNS suna samuwa azaman ƙa'idodin gwaji. Akwai 'yan ƙarin zaɓuɓɓuka akan layin umarni: TCP-echo da UDP-echo zažužžukan suna samuwa, da kuma ƙa'idar ma'auni na musamman - TWAMP.
Hakanan za'a iya ganin sakamakon ma'aunin a cikin mahaɗin yanar gizo:
Kuma akan layin umarni:
Shirya matsala
Idan kun ƙirƙiri ƙa'ida, amma komai baya aiki kamar yadda ake tsammani, yakamata ku duba ƙimar Hit Count a cikin jerin Dokokin SD-WAN. Zai nuna ko cunkoson ababen hawa sun shiga cikin wannan ka'ida kwata-kwata:
A shafin saiti na mita kanta, zaku iya ganin canji a sigogin tashoshi akan lokaci. Layin mai dige-dige yana nuna ƙimar kofa na siga
A cikin mahallin gidan yanar gizon zaku iya ganin yadda ake rarraba zirga-zirga ta adadin bayanan da aka watsa/karɓa da adadin zaman:
Bugu da ƙari, duk wannan, akwai kyakkyawar dama don bin hanyar fakiti tare da cikakkun bayanai. Lokacin aiki a cikin hanyar sadarwa ta gaske, ƙayyadaddun na'urar tana tara manufofin kewayawa da yawa, kashe wuta, da rarraba zirga-zirga a cikin tashoshin SD-WAN. Duk wannan yana hulɗa da juna ta hanya mai sarƙaƙƙiya, kuma ko da yake mai sayarwa yana ba da cikakkun bayanai na toshe zane-zane na algorithms sarrafa fakiti, yana da matukar muhimmanci a kasa ginawa da gwada ka'idodin, amma don ganin inda zirga-zirgar ke tafiya.
Misali, saitin umarni masu zuwa
diagnose debug flow filter saddr 10.200.64.15
diagnose debug flow filter daddr 10.1.7.2
diagnose debug flow show function-name
diagnose debug enable
diagnose debug trace 2
Yana ba ku damar waƙa da fakiti biyu tare da adireshin tushe na 10.200.64.15 da adireshin makoma na 10.1.7.2.
Muna ping 10.7.1.2 daga 10.200.64.15 sau biyu kuma mu kalli fitarwa akan na'ura wasan bidiyo.
Kunshin farko:
Kunshin na biyu:
Anan fakitin farko da aka karɓa daga Tacewar zaɓi:
id=20085 trace_id=475 func=print_pkt_detail line=5605 msg="vd-Internet:0 received a packet(proto=1, 10.200.64.15:42->10.1.7.2:2048) from DMZ-Office. type=8, code=0, id=42, seq=0."
VDOM – Internet, Proto=1 (ICMP), DMZ-Office – название L3-интерфейса. Type=8 – Echo.
An kirkiro masa wani sabon zama:
msg="allocate a new session-0006a627"
Kuma an sami ashana a cikin saitunan tsarin tafiyar da hanya
msg="Match policy routing id=2136539137: to 10.1.7.2 via ifindex-110"
Ya bayyana cewa ana buƙatar aika fakitin zuwa ɗaya daga cikin tunnels na VPN:
"find a route: flag=04000000 gw-192.168.254.1 via DC-Ph1-1"
Ana gano ƙa'idar izini mai zuwa a cikin manufofin Tacewar zaɓi:
msg="Allowed by Policy-3:"
Fakitin yana ɓoye kuma an aika shi zuwa rami na VPN:
func=ipsecdev_hard_start_xmit line=789 msg="enter IPsec interface-DC-Ph1-1"
func=_ipsecdev_hard_start_xmit line=666 msg="IPsec tunnel-DC-Ph1-1"
func=esp_output4 line=905 msg="IPsec encrypt/auth"
Ana aika fakitin rufaffiyar zuwa adireshin ƙofa don wannan mu'amalar WAN:
msg="send to 2.2.2.2 via intf-WAN1"
Don fakiti na biyu, komai yana faruwa iri ɗaya, amma ana aika shi zuwa wani rami na VPN kuma ya fita ta tashar tashar wuta ta daban:
func=ipsecdev_hard_start_xmit line=789 msg="enter IPsec interface-DC-Ph1-2"
func=_ipsecdev_hard_start_xmit line=666 msg="IPsec tunnel-DC-Ph1-2"
func=esp_output4 line=905 msg="IPsec encrypt/auth"
func=ipsec_output_finish line=622 msg="send to 4.4.4.2 via intf-WAN2"
Ribobi na mafita
Dogaran ayyuka da haɗin kai mai amfani. Saitin fasalin da ke akwai a cikin FortiOS kafin zuwan SD-WAN an kiyaye shi gabaɗaya. Wato ba mu da sabbin software da aka haɓaka, amma tsarin balagagge daga tabbataccen mai siyar da bangon wuta. Tare da saitin al'ada na ayyukan cibiyar sadarwa, mai sauƙin karantawa da sauƙin koyo gidan yanar gizo. Dillalan SD-WAN nawa ne ke da, a ce, Ayyukan VPN-Imar Nesa akan na'urori masu ƙarewa?
Tsaro matakin 80. FortiGate yana ɗaya daga cikin manyan hanyoyin magance tacewar wuta. Akwai abubuwa da yawa akan Intanet akan kafawa da gudanar da ayyukan wuta, kuma a cikin kasuwar aiki akwai ƙwararrun ƙwararrun tsaro da yawa waɗanda suka riga sun ƙware hanyoyin magance masu siyarwa.
Farashin sifili don ayyukan SD-WAN. Gina hanyar sadarwar SD-WAN akan FortiGate yana biyan kuɗi ɗaya da gina hanyar sadarwar WAN ta yau da kullun akansa, tunda ba a buƙatar ƙarin lasisi don aiwatar da ayyukan SD-WAN.
Ƙananan farashin shingen shiga. Fortigate yana da kyakkyawan gradation na na'urori don matakan aiki daban-daban. Samfura mafi ƙanƙanta da mafi ƙarancin tsada sun dace sosai don faɗaɗa ofis ko wurin siyarwa ta ma'aikata 3-5. Yawancin dillalai kawai ba su da irin wannan ƙarancin aiki da ƙima mai araha.
Babban aiki. Rage ayyukan SD-WAN zuwa daidaita zirga-zirgar ababen hawa ya ba wa kamfanin damar saki na musamman SD-WAN ASIC, godiya ga wanda aikin SD-WAN baya rage aikin tacewar wuta gaba ɗaya.
Ikon aiwatar da duka ofishi akan kayan aikin Fortinet. Waɗannan su ne nau'i-nau'i na Firewalls, masu sauyawa, wuraren shiga Wi-Fi. Irin wannan ofishin yana da sauƙi kuma mai dacewa don sarrafawa - masu sauyawa da wuraren samun damar yin rajista a kan firewalls kuma ana sarrafa su daga gare su. Misali, wannan shine abin da tashar wuta zata iya yi kama daga mashigin Tacewar zaɓi wanda ke sarrafa wannan canji:
Rashin masu sarrafawa a matsayin maki guda na gazawar. Mai siyar da kansa yana mai da hankali kan wannan, amma ana iya kiran wannan fa'ida ne kawai, saboda ga masu siyar da ke da masu sarrafawa, tabbatar da haƙƙin haƙƙinsu ba shi da tsada, galibi a farashin ƙaramin adadin albarkatun ƙididdiga a cikin yanayin haɓakawa.
Abin da za a nema
Babu rabuwa tsakanin Jirgin Sarrafa da Jirgin Bayanai. Wannan yana nufin cewa dole ne a saita hanyar sadarwar ko dai da hannu ko amfani da kayan aikin gudanarwa na gargajiya da aka riga aka samu - FortiManager. Ga dillalai waɗanda suka aiwatar da irin wannan rabuwa, cibiyar sadarwar ta haɗu da kanta. Mai gudanarwa na iya buƙatar daidaita yanayin yanayinsa kawai, hana wani abu a wani wuri, ba komai ba. Koyaya, katin kati na FortiManager shine cewa yana iya sarrafa ba kawai tacewar wuta ba, har ma da sauyawa da wuraren shiga Wi-Fi, wato kusan dukkanin hanyar sadarwa.
Ƙaruwa na sharadi na sarrafawa. Saboda gaskiyar cewa ana amfani da kayan aikin gargajiya don sarrafa tsarin cibiyar sadarwa ta atomatik, sarrafa hanyar sadarwa tare da gabatarwar SD-WAN yana ƙaruwa kaɗan. A gefe guda, sabbin ayyuka suna samun saurin sauri, tun lokacin da mai siyarwa ya fara fitar da shi kawai don tsarin aiki na Tacewar zaɓi (wanda nan da nan ya sa ya yiwu a yi amfani da shi), sannan kawai yana haɓaka tsarin gudanarwa tare da musaya masu dacewa.
Wasu ayyuka na iya kasancewa daga layin umarni, amma babu shi daga mahaɗin yanar gizo. Wani lokaci ba abin tsoro ba ne don shiga cikin layin umarni don saita wani abu, amma yana da ban tsoro don ganin a cikin gidan yanar gizon yanar gizon cewa wani ya riga ya tsara wani abu daga layin umarni. Amma wannan yawanci yakan shafi sabbin fasalulluka kuma a hankali, tare da sabuntawar FortiOS, ana inganta abubuwan haɗin yanar gizon.
Wanene zai dace?
Ga wadanda ba su da rassa da yawa. Aiwatar da wani bayani na SD-WAN tare da hadaddun sassan tsakiya akan hanyar sadarwa na rassan 8-10 na iya ƙila farashin kyandir - dole ne ku kashe kuɗi akan lasisi don na'urorin SD-WAN da albarkatun tsarin haɓaka don ɗaukar nauyin abubuwan tsakiya. Ƙananan kamfani yawanci yana da iyakataccen albarkatun kwamfuta kyauta. Game da Fortinet, ya isa kawai siyan firewalls.
Ga waɗanda ke da ƙananan rassa da yawa. Ga yawancin dillalai, mafi ƙarancin farashin mafita kowane reshe yana da tsayi sosai kuma maiyuwa ba zai zama mai ban sha'awa ba daga mahangar kasuwancin abokin ciniki na ƙarshe. Fortinet yana ba da ƙananan na'urori akan farashi masu ban sha'awa.
Ga wadanda basu shirya yin nisa ba tukuna. Aiwatar da SD-WAN tare da masu sarrafawa, tsarin mallakar mallaka, da sabuwar hanyar tsarawa da gudanarwa na cibiyar sadarwa na iya zama babban mataki ga wasu abokan ciniki. Ee, irin wannan aiwatarwa zai taimaka a ƙarshe don inganta amfani da hanyoyin sadarwa da aikin masu gudanarwa, amma da farko za ku koyi sabbin abubuwa da yawa. Ga waɗanda har yanzu ba su shirya don canjin yanayi ba, amma suna son ƙarin matsi daga tashoshin sadarwar su, mafita daga Fortinet daidai ne.
source: www.habr.com