Pehea e loiloi ai i ka pono o ke kani ʻana o NGFW
ʻO ka hana maʻamau ka nānā ʻana i ka maikaʻi o ka hoʻonohonoho ʻana o kāu pā ahi. No ka hana ʻana i kēia, aia nā lako manuahi a me nā lawelawe mai nā hui e pili ana me NGFW.
No ka laʻana, ma lalo hiki iā ʻoe ke ʻike i ka Palo Alto Networks i hiki ke hele pololei mai holo i ka helu helu pā ahi - hōʻike SLR a i ʻole ka hoʻomaʻamaʻa hoʻomaʻamaʻa hoʻokō maikaʻi loa - hōʻike BPA. He mau pono pūnaewele manuahi kēia e hiki ai iā ʻoe ke hoʻohana me ka ʻole o ka hoʻokomo ʻana i kekahi mea.
KA HOOHOLO O NA KOMO
ʻO ka huakaʻi (Mea Hoʻokele)
ʻO kahi koho paʻakikī no ka nānā ʻana i kāu hoʻonohonoho ʻana ʻo ka hoʻoiho ʻana i kahi pono manuahi (mea hana Migration mua). Hoʻoiho ʻia ʻo ia ma ke ʻano he Virtual Appliance no VMware, ʻaʻohe mea e koi ʻia me ia - pono ʻoe e hoʻoiho i ke kiʻi a kau ʻia ma lalo o ka VMware hypervisor, holo a hele i ka ʻaoʻao pūnaewele. Pono kēia mea hoʻohana i kahi moʻolelo kaʻawale, ʻo ka papa wale nō e lawe i nā lā 5, aia nā hana he nui i kēia manawa, me ka Machine Learning a me ka neʻe ʻana o nā ʻano hoʻonohonoho like ʻole o nā kulekele, NAT a me nā mea no nā mea hana Firewall ʻē aʻe. E pili ana i ke aʻo ʻana i ka mīkini, e kākau hou wau ma hope o ka kikokikona.
Mea hoʻoponopono kulekele
A ʻo ka koho maʻalahi loa (IMHO), aʻu e kamaʻilio nui ai i kēia lā, ʻo ia ka mea hoʻoponopono kulekele i kūkulu ʻia i loko o ka Palo Alto Networks interface ponoʻī. No ka hōʻike ʻana, ua kau wau i kahi pā ahi ma koʻu home a kākau i kahi lula maʻalahi: ʻae i kekahi i kekahi. Ma ke kumu, ʻike wau i kekahi manawa i nā lula ʻoiai ma nā ʻoihana hui. Ma keʻano maʻamau, ua hiki iaʻu ke hoʻohana i nā ʻaoʻao palekana NGFW āpau, e like me kāu e ʻike ai ma ke kiʻi:
Hōʻike ka kiʻi kiʻi ma lalo nei i kahi laʻana o koʻu home unconfigured firewall, kahi kokoke i nā pili āpau e hāʻule i ka lula hope: AllowAll, e like me ka ʻike ʻia mai nā helu helu ma ka kolamu Hit Count.
Hilinaʻi hilinaʻi
Aia kahi ala i ka palekana i kapa ʻia . He aha kēia: pono mākou e ʻae i ka poʻe i loko o ka pūnaewele i nā pilina e pono ai lākou a pāpā i nā mea āpau. ʻO ia hoʻi, pono mākou e hoʻohui i nā lula maʻemaʻe no nā noi, nā mea hoʻohana, nā ʻāpana URL, nā ʻano faila; hiki i nā pūlima IPS a me nā antivirus āpau, hiki i ka sandbox, ka pale DNS, hoʻohana iā IoC mai nā ʻikepili Threat Intelligence i loaʻa. Ma keʻano laulā, aia ka nui o nā hana i ka hoʻonohonoho ʻana i kahi pā ahi.
Ma ke ala, ua wehewehe ʻia ka palena liʻiliʻi o nā hoʻonohonoho pono no Palo Alto Networks NGFW ma kekahi o nā palapala SANS: Paipai au e hoʻomaka me ia. A ʻoiaʻiʻo, aia kahi hoʻonohonoho o nā hana maikaʻi loa no ka hoʻonohonoho ʻana i kahi pā ahi mai ka mea hana: .
No laila, loaʻa iaʻu kahi pā ahi ma ka home no hoʻokahi pule. E ʻike kākou i ke kaʻa o kaʻu pūnaewele:
Inā hoʻonohonoho ʻia e ka helu o nā kau, a laila hana ʻia ka hapa nui o lākou e bittorent, a laila hele mai SSL, a laila QUIC. ʻO kēia nā helu helu no nā kaʻa komo a i waho: he nui nā hiʻohiʻona waho o kaʻu mea ala. Aia he 150 mau noi like ʻole ma kaʻu pūnaewele.
No laila, ua hoʻokuʻu ʻia e ka lula hoʻokahi. I kēia manawa e ʻike kākou i ka ʻōlelo a ka Policy Optimizer e pili ana i kēia. Inā ʻoe e nānā i ke kiʻi kiʻi o ka interface me nā lula palekana ma luna, a laila ʻike ʻoe i kahi puka makani liʻiliʻi ma ka ʻaoʻao hema, e hōʻike ana iaʻu aia nā lula e hiki ke hoʻonui ʻia. E kaomi ma laila.
He aha ka Policy Optimizer e hōʻike nei:
- ʻO nā kulekele i hoʻohana ʻole ʻia, 30 lā, 90 lā. Kōkua kēia i ka hoʻoholo ʻana e wehe loa iā lākou.
- ʻO nā noi i kuhikuhi ʻia i loko o nā kulekele, akā ʻaʻole i loaʻa nā noi like ʻole i ke kaʻa. ʻAe kēia iā ʻoe e wehe i nā noi pono ʻole i nā lula ʻae.
- ʻO nā kulekele i ʻae i nā mea āpau i ka lālani, akā aia maoli nā noi e maikaʻi e hōʻike pololei e like me ke ʻano o ka Zero Trust.
Kaomi ma Unused.
No ka hōʻike ʻana i ke ʻano o ka hana ʻana, ua hoʻohui au i kekahi mau lula a hiki i kēia manawa ʻaʻole lākou i hala i hoʻokahi ʻeke a hiki i kēia manawa. Eia kā lākou papa inoa:
Malia paha, i ka wā lōʻihi, e hala nā kaʻa ma laila a laila nalowale lākou mai kēia papa inoa. A inā aia lākou ma kēia papa inoa no nā lā 90, a laila hiki iā ʻoe ke hoʻoholo e wehe i kēia mau lula. Ma hope o nā mea a pau, hāʻawi kēlā me kēia lula i kahi manawa no kahi hacker.
Aia kekahi pilikia maoli me ka hoʻonohonoho ʻana i ka pā ahi: hele mai kahi limahana hou, nānā i nā lula o ka pā ahi, inā ʻaʻohe o lākou manaʻo a ʻaʻole maopopo i ke kumu i hana ʻia ai kēia lula, pono anei ia, hiki ke holoi ʻia: hiki koke ke kanaka. ma ka hoʻomaha a ma o 30 mau lā e hele hou nā kaʻa mai ka lawelawe e pono ai. A ʻo kēia hana wale nō ke kōkua iā ia e hoʻoholo - ʻaʻohe mea hoʻohana - holoi iā ia!
Kaomi ma ka Unused App.
Kaomi mākou ma ka Unused App i ka optimizer a ʻike i ka wehe ʻana o ka ʻike hoihoi i ka puka aniani.
ʻIke mākou he ʻekolu mau lula, ʻokoʻa ka helu o nā noi i ʻae ʻia a me ka helu o nā noi i hala maoli i kēia lula.
Hiki iā mākou ke kaomi a ʻike i kahi papa inoa o kēia mau noi a hoʻohālikelike i kēia mau papa inoa.
No ka laʻana, e kaomi i ke pihi Compare no ka lula Max.
Maanei hiki iā ʻoe ke ʻike ua ʻae ʻia nā noi facebook, instagram, telegram, vkontakte. Akā ʻo ka ʻoiaʻiʻo, ua hele wale ke kaʻa ma kahi o nā sub-application. Maanei ʻoe e hoʻomaopopo ai aia i ka noi facebook kekahi mau sub-apono.
Hiki ke ʻike ʻia ka papa inoa holoʻokoʻa o nā noi NGFW ma ka puka a ma ka ʻaoʻao pā ahi ponoʻī, ma ka ʻāpana Objects->Applications a ma ka ʻimi ʻana, e kākau i ka inoa o ka noi: facebook, e loaʻa iā ʻoe kēia hopena:
No laila, ʻike ʻo NGFW i kekahi o kēia mau sub-applications, akā ʻaʻole kekahi. I ka ʻoiaʻiʻo, hiki iā ʻoe ke hoʻokaʻawale a hoʻololi i nā subfunctions facebook ʻokoʻa. No ka laʻana, ʻae iā ʻoe e nānā i nā memo, akā pāpā i ke kamaʻilio ʻana a i ʻole ka hoʻoili ʻana i nā faila. No laila, kamaʻilio ka Policy Optimizer e pili ana i kēia a hiki iā ʻoe ke hoʻoholo: ʻaʻole e ʻae i nā noi Facebook āpau, akā ʻo nā mea nui wale nō.
No laila, ua ʻike mākou he ʻokoʻa nā papa inoa. Hiki iā ʻoe ke hōʻoia i ka ʻae ʻana o nā lula i kēlā mau noi e holo maoli i ka pūnaewele. No ka hana ʻana i kēia, kaomi i ke pihi MatchUsage. E like me kēia:
A hiki iā ʻoe ke hoʻohui i nā noi āu e manaʻo ai he pono - ke pihi Add ma ka ʻaoʻao hema o ka pukaaniani:
A laila hiki ke hoʻohana a hoʻāʻo ʻia kēia lula. Hoʻomaikaʻi!
Kaomi ʻAʻole nā polokalamu i kuhikuhi ʻia.
I kēia hihia, e wehe ʻia kahi puka makani palekana koʻikoʻi.
Loaʻa paha ka nui o ia mau lula kahi i hōʻike ʻole ʻia ai ka noi pae L7 i kāu pūnaewele. A i loko o kaʻu pūnaewele aia kahi lula - e hoʻomanaʻo wau iā ʻoe ua hana wau i ka wā o ka hoʻonohonoho mua, e hōʻike i ke ʻano o ka hana ʻana o ka Policy Optimizer.
Hōʻike ke kiʻi ua hala ka lula ʻAllowAll i 9 gigabytes o ke kaʻa i ka manawa mai Malaki 17 a Malaki 220, ʻo ia ka huina o 150 mau noi like ʻole ma kaʻu pūnaewele. A ʻaʻole lawa kēia. ʻO ka maʻamau, he 200-300 mau noi ʻokoʻa ka ʻoihana ʻoihana liʻiliʻi.
No laila, ʻaʻole i hala kekahi lula ma kahi o 150 mau noi. ʻO ke ʻano maʻamau, ua hoʻonohonoho hewa ʻia ka pā ahi, no ka mea maʻamau 1-10 mau noi no nā kumu like ʻole e lele ʻia i hoʻokahi lula. E ʻike kākou i ke ʻano o kēia mau noi: kaomi i ke pihi Compare.
ʻO ka mea kupanaha loa no ka luna hoʻomalu i ka hiʻohiʻona Policy Optimizer ʻo ia ke pihi Match Usage - hiki iā ʻoe ke hana i kahi lula me hoʻokahi kaomi, kahi e hoʻokomo ai ʻoe i nā noi 150 āpau i ka lula. E lōʻihi loa ka hana ʻana me ka lima. ʻO ka nui o nā hana no ka luna hoʻomalu, ʻoiai ma kaʻu pūnaewele o 10 mau mea, he nui.
Loaʻa iaʻu he 150 mau noi like ʻole e holo ana ma ka home, e hoʻouna ana i nā gigabytes o ke kaʻa! A pehea ka nui o kāu?
Akā he aha ka mea e hana ai i kahi pūnaewele o 100 mau polokalamu a i ʻole 1000 a i ʻole 10000? Ua ʻike au i nā pā ahi me nā lula 8000 a hauʻoli nui wau i ka loaʻa ʻana o nā mea hoʻoponopono i kēia manawa i nā mea hana maʻalahi.
ʻAʻole pono ʻoe i kekahi o nā noi i ʻike ʻia a hōʻike ʻia e ka module loiloi noi L7 ma NGFW ma ka pūnaewele, no laila e wehe wale ʻoe iā lākou mai ka papa inoa o ka lula ʻae, a i ʻole clone i nā lula me ka pihi Clone (ma ka papa kuhikuhi nui). a ʻae i loko o hoʻokahi lula noi, a ma Block nā noi ʻē aʻe me he mea lā ʻaʻole pono lākou ma kāu pūnaewele. Ua lilo ia mau noi i bittorent, mahu, ultrasurf, tor, huna huna e like me tcp-over-dns a me na mea e ae.
ʻAe, kaomi ma luna o kekahi lula - ka mea āu e ʻike ai ma laila:
ʻAe, aia nā noi kikoʻī no ka multicast. Pono mākou e ʻae iā lākou i mea e hana ai ka nānā wikiō ma luna o ka pūnaewele. Kaomi match Usage. Nui! Mahalo iā Policy Optimizer.
Pehea e pili ana i ke aʻo mīkini?
I kēia manawa he mea maʻamau ke kamaʻilio e pili ana i ka automation. ʻO kaʻu mea i wehewehe ai i puka mai - kōkua nui ia. Aia kekahi mea hiki iaʻu ke haʻi aku. ʻO kēia ka hana Machine Learning i kūkulu ʻia i loko o ka pono Expedition i ʻōlelo ʻia ma luna. Ma kēia pono, hiki ke hoʻololi i nā lula mai kāu pā ahi kahiko mai kahi mea hana ʻē aʻe. A aia nō hoʻi ka hiki ke hoʻopaʻa inoa i nā loina kalepa ʻo Palo Alto Networks a hōʻike i nā lula e kākau ai. Ua like kēia me ka Policy Optimizer functionality, akā i ka Expedition ʻoi aku ka holomua a hāʻawi ʻia ʻoe i kahi papa inoa o nā lula i mākaukau - pono ʻoe e ʻae iā lākou.
No ka hoʻāʻo ʻana i kēia hana, aia kahi hana hoʻokolohua - kapa mākou iā ia he kaʻa hoʻāʻo. Hiki ke hana ʻia kēia hoʻāʻo ma ka hele ʻana i nā pā ahi virtual e hoʻomaka ai nā limahana o ke keʻena ʻo Palo Alto Networks Moscow ma kāu noi.
Hiki ke hoʻouna ʻia ke noi i [pale ʻia ka leka uila] a ma ka noi e kākau: "Makemake au e hana i kahi UTD no ke Kaʻina Migration."
ʻOiaʻiʻo, aia kekahi mau koho no nā labs i kapa ʻia ʻo Unified Test Drive (UTD) a ʻo lākou āpau mahope o ke noi.
Hiki i nā mea hoʻohana i hoʻopaʻa inoa ʻia ke komo i ka noiʻi. , e 'oluʻolu.
Makemake ʻoe i kekahi e kōkua iā ʻoe e hoʻomaikaʻi i kāu mau kulekele pā ahi?
-
ia
-
No
-
E hana wau ia'u iho i na mea a pau
ʻAʻohe kanaka i koho balota. ʻAʻohe haʻalele.
Source: www.habr.com