Nyob zoo, qhov no yog tsab xov xwm thib ob hais txog NGFW kev daws teeb meem los ntawm lub tuam txhab . Lub hom phiaj ntawm tsab xov xwm no yog qhia yuav ua li cas rau nruab UserGate firewall ntawm lub tshuab virtual (Kuv yuav siv VMware Workstation virtualization software) thiab ua nws qhov kev teeb tsa thawj zaug (tso cai nkag los ntawm lub network hauv zos los ntawm UserGate rooj vag mus rau Is Taws Nem).
1. Taw qhia
Txhawm rau pib, kuv yuav piav qhia txog ntau txoj hauv kev los siv qhov rooj nkag mus rau hauv lub network. Kuv xav kom nco ntsoov tias nyob ntawm qhov kev xaiv kev sib txuas, qee qhov kev ua haujlwm ntawm lub rooj vag yuav tsis muaj. UserGate kev daws teeb meem txhawb cov kev sib txuas hauv qab no:
-
L3-L7 firewall
-
L2 pob tshab choj
-
L3 pob tshab choj
-
Zoo rau hauv qhov sib txawv, siv WCCP raws tu qauv
-
Zoo nyob rau hauv qhov sib txawv, siv Txoj Cai Raws li Routing
-
Router ntawm Stick
-
Qhia meej meej WEB proxy
-
UserGate ua lub rooj vag qub
-
Daim iav chaw nres nkoj saib xyuas
UserGate txhawb 2 hom pawg:
-
Cluster configuration. Cov nodes ua ke rau hauv ib pawg configuration tswj kev teeb tsa zoo ib yam thoob plaws pawg.
-
Failover pawg. Txog li 4 configuration pawg nodes tuaj yeem ua ke rau hauv pawg tsis ua haujlwm uas txhawb nqa kev ua haujlwm hauv Active-Active lossis Active-Passive hom. Nws tuaj yeem sib sau ua ke ntau pawg tsis ua haujlwm.
2. Kev teeb tsa
Raws li tau hais nyob rau hauv tsab xov xwm dhau los, UserGate tau muab los ua khoom kho vajtse thiab software pob lossis siv rau hauv ib puag ncig virtual. Los ntawm koj tus kheej tus account ntawm lub vev xaib rub tawm cov duab hauv OVF (Qhib Virtualization Format), hom ntawv no haum rau VMWare thiab Oracle Virtualbox cov neeg muag khoom. Virtual tshuab disk duab yog muab rau Microsoft Hyper-v thiab KVM.
Raws li UserGate lub vev xaib, rau lub tshuab virtual ua haujlwm kom raug, nws raug nquahu kom siv tsawg kawg 8Gb ntawm RAM thiab 2-core virtual processor. Tus hypervisor yuav tsum txhawb 64-ntsis operating systems.
Lub installation pib los ntawm importing cov duab mus rau hauv cov xaiv hypervisor (VirtualBox thiab VMWare). Nyob rau hauv rooj plaub ntawm Microsoft Hyper-v thiab KVM, koj yuav tsum tsim lub tshuab virtual thiab qhia meej cov duab rub tawm raws li lub disk, thiab tom qab ntawd lov tes taw kev pabcuam kev koom ua ke hauv cov chaw ntawm lub tshuab virtual tsim.
Los ntawm lub neej ntawd, tom qab importing rau hauv VMWare, lub tshuab virtual yog tsim nrog cov chaw hauv qab no:
Raws li tau sau tseg saum toj no, yuav tsum muaj tsawg kawg yog 8Gb ntawm RAM thiab ntxiv rau koj yuav tsum ntxiv 1Gb rau txhua 100 tus neeg siv. Lub neej ntawd hard drive loj yog 100Gb, tab sis qhov no feem ntau tsis txaus los khaws tag nrho cov cav thiab chaw. Qhov loj me uas pom zoo yog 300Gb lossis ntau dua. Yog li ntawd, hauv cov khoom ntawm lub tshuab virtual, peb hloov lub disk loj rau qhov xav tau. Thaum pib, virtual UserGate UTM los nrog plaub qhov cuam tshuam rau thaj chaw:
Kev tswj hwm - thawj qhov sib cuam tshuam ntawm lub tshuab virtual, thaj tsam rau kev sib txuas cov kev ntseeg siab los ntawm kev tswj hwm UserGate tau tso cai.
Trusted yog qhov thib ob interface ntawm lub tshuab virtual, ib cheeb tsam rau kev sib txuas cov kev ntseeg siab, piv txwv li, LAN tes hauj lwm.
Tsis ntseeg yog qhov thib peb interface ntawm lub tshuab virtual, ib cheeb tsam rau kev sib txuas nrog cov tes hauj lwm tsis ntseeg, piv txwv li, hauv Is Taws Nem.
DMZ yog qhov thib plaub interface ntawm lub tshuab virtual, thaj tsam rau kev sib txuas nrog DMZ network.
Tom ntej no, peb tso lub tshuab virtual, txawm hais tias phau ntawv hais tias koj yuav tsum xaiv Cov cuab yeej txhawb nqa thiab ua Hoobkas pib dua UTM, tab sis raws li koj tuaj yeem pom, tsuas muaj ib qho kev xaiv (UTM First Boot). Thaum lub sijhawm no, UTM teeb tsa lub network adapters thiab nce qhov loj ntawm hard drive faib rau tag nrho disk loj:
Txhawm rau txuas mus rau UserGate lub vev xaib, koj yuav tsum nkag mus rau hauv thaj chaw Tswj; qhov no yog lub luag haujlwm ntawm eth0 interface, uas tau teeb tsa kom tau txais IP chaw nyob ncaj qha (DHCP). Yog tias nws tsis tuaj yeem muab qhov chaw nyob rau Kev Tswj Xyuas interface tau siv DHCP, ces nws tuaj yeem raug teeb tsa ncaj qha siv CLI (Command Line Interface). Txhawm rau ua qhov no, koj yuav tsum nkag mus rau hauv CLI siv tus username thiab password nrog Tag Nrho cov cai tswj hwm (Admin nrog tsab ntawv peev los ntawm lub neej ntawd). Yog tias UserGate ntaus ntawv tsis tau pib pib, ces nkag mus rau CLI koj yuav tsum siv Admin ua tus username thiab utm raws li tus password. Thiab ntaus cov lus txib xws li iface config -name eth0 -ipv4 192.168.1.254/24 -enable true -mode static. Tom qab ntawd peb mus rau UserGate lub vev xaib ntawm qhov chaw nyob, nws yuav tsum zoo li no:https://UserGateIPaddress:8001:
Hauv lub vev xaib console peb txuas ntxiv kev teeb tsa, peb yuav tsum xaiv cov lus interface (tam sim no nws yog Lavxias lossis Askiv), lub sijhawm thaj tsam, tom qab ntawd nyeem thiab pom zoo rau daim ntawv tso cai daim ntawv cog lus. Teem tus ID nkag mus thiab lo lus zais nkag mus rau hauv lub vev xaib tswj hwm interface.
3. Teeb tsa
Tom qab kev teeb tsa, qhov no yog qhov kev tswj hwm lub vev xaib web interface qhov rai zoo li:
Tom qab ntawd koj yuav tsum configure lub network interfaces. Txhawm rau ua qhov no, hauv ntu "Interfaces" koj yuav tsum qhib lawv, teeb tsa tus IP chaw nyob thiab muab cov cheeb tsam tsim nyog.
Ntu "Interfaces" qhia tag nrho lub cev thiab virtual interfaces muaj nyob rau hauv lub kaw lus, tso cai rau koj hloov lawv cov chaw thiab ntxiv VLAN interfaces. Nws kuj qhia tag nrho cov interfaces ntawm txhua pawg node. Kev teeb tsa interface yog tshwj xeeb rau txhua qhov ntawm, uas yog, lawv tsis yog thoob ntiaj teb.
Hauv cov khoom siv interface:
-
Qhib lossis kaw lub interface
-
Qhia meej hom interface - Txheej 3 lossis Daim iav
-
Muab ib cheeb tsam rau ib qho interface
-
Muab Netflow profile xa cov ntaub ntawv txheeb xyuas mus rau Netflow collector
-
Hloov lub cev tsis ua haujlwm ntawm lub interface - MAC chaw nyob thiab MTU loj
-
Xaiv hom IP chaw nyob - tsis muaj chaw nyob, IP chaw nyob zoo li qub lossis tau los ntawm DHCP
-
Configure DHCP relay ntawm lub interface xaiv.
Lub "Ntxiv" khawm tso cai rau koj ntxiv cov nram qab no hom kev sib txuas lus:
-
VLANs
-
Bond
-
Choj
-
PPPoE
-
VPN
-
Qhov
Ntxiv rau thaj chaw uas tau teev tseg yav dhau los uas Usergate cov duab xa nrog, muaj peb yam ntxiv ua ntej:
Cluster - cheeb tsam rau kev sib tshuam siv rau kev ua haujlwm hauv pawg
VPN rau Site-to-Site - ib cheeb tsam uas txhua tus neeg siv Office-Office txuas nrog UserGate ntawm VPN muab tso rau
VPN rau kev nkag mus rau tej thaj chaw deb - thaj tsam uas suav nrog txhua tus neeg siv mobile txuas nrog UserGate ntawm VPN
UserGate cov thawj coj tuaj yeem hloov qhov chaw ntawm thaj chaw ua ntej thiab tseem tsim cov cheeb tsam ntxiv, tab sis raws li tau hais hauv phau ntawv version 5, qhov siab tshaj plaws ntawm 15 thaj chaw tuaj yeem tsim tau. Txhawm rau hloov lossis tsim lawv, koj yuav tsum mus rau ntu ntu. Rau txhua cheeb tsam, koj tuaj yeem teeb tsa pob ntawv poob qhov pib; SYN, UDP, ICMP tau txais kev txhawb nqa. Kev tswj kev nkag mus rau Usergate cov kev pabcuam tseem raug teeb tsa, thiab kev tiv thaiv kev ua tsis ncaj ncees tau qhib.
Tom qab teeb tsa cov interfaces, koj yuav tsum teeb tsa txoj hauv kev nyob rau hauv ntu "Gateways". Cov. Txhawm rau txuas UserGate rau Is Taws Nem, koj yuav tsum qhia tus IP chaw nyob ntawm ib lossis ntau lub rooj vag. Yog tias koj siv ntau tus neeg muab kev pabcuam los txuas rau Is Taws Nem, koj yuav tsum qhia ntau lub rooj vag. Lub rooj vag configuration yog tshwj xeeb rau txhua pawg node. Yog tias ob lossis ntau lub rooj vag tau teev tseg, 2 txoj kev xaiv tau:
-
Ntsuas kev khiav tsheb ntawm lub rooj vag.
-
Lub rooj vag loj nrog hloov mus rau ib qho khoom seem.
Lub rooj vag xwm txheej (muaj - ntsuab, tsis muaj - liab) yog txiav txim raws li hauv qab no:
-
Kev kuaj xyuas lub network tsis ua haujlwm - lub rooj vag yog suav tias siv tau yog tias UserGate tuaj yeem tau txais nws qhov chaw nyob MAC siv ARP thov. Tsis muaj kev txheeb xyuas kev nkag mus hauv Internet los ntawm lub rooj vag no. Yog tias lub rooj vag qhov chaw nyob MAC tsis tuaj yeem txiav txim siab, lub rooj vag yog suav tias tsis tuaj yeem ncav cuag.
-
Kev kuaj xyuas network tau qhib - lub rooj vag yog suav tias siv tau yog tias:
-
UserGate tuaj yeem tau txais nws qhov chaw nyob MAC siv qhov kev thov ARP.
-
Kev txheeb xyuas kev siv Internet los ntawm lub rooj vag no tau ua tiav tiav.
Txwv tsis pub, lub rooj vag yog suav tias yog tsis muaj.
Hauv seem "DNS" koj yuav tsum ntxiv cov DNS servers uas UserGate yuav siv. Qhov kev teeb tsa no tau teev tseg hauv System DNS Servers cheeb tsam. Hauv qab no yog cov chaw rau kev tswj DNS thov los ntawm cov neeg siv. UserGate tso cai rau koj siv lub npe DNS. Cov kev pabcuam DNS tso cai rau koj cuam tshuam DNS thov los ntawm cov neeg siv thiab hloov lawv nyob ntawm qhov xav tau ntawm tus thawj tswj hwm. DNS proxy cov cai tuaj yeem siv los qhia cov DNS servers uas thov rau cov npe tshwj xeeb raug xa mus. Tsis tas li ntawd, siv lub npe DNS, koj tuaj yeem teeb tsa cov ntaub ntawv zoo li qub ntawm hom tswv tsev (A cov ntaub ntawv).
Hauv seem "NAT thiab Routing" koj yuav tsum tsim cov cai NAT tsim nyog. Rau kev nkag mus rau Is Taws Nem los ntawm cov neeg siv ntawm Trusted network, NAT txoj cai twb tau tsim - "Trusted-> Tsis ntseeg", txhua yam uas tseem tshuav yog los pab nws. Cov cai yog siv los ntawm sab saum toj mus rau hauv qab nyob rau hauv qhov kev txiav txim lawv tau teev nyob rau hauv lub console. Tsuas yog thawj txoj cai uas cov xwm txheej tau teev tseg hauv txoj cai sib tw yeej ib txwm ua tiav. Rau txoj cai yuav tsum tau triggered, tag nrho cov tej yam kev mob teev nyob rau hauv txoj cai parameters yuav tsum sib phim. UserGate pom zoo kom tsim NAT cov cai dav dav, piv txwv li, NAT txoj cai los ntawm lub network hauv zos (feem ntau yog thaj chaw Trusted) mus rau Is Taws Nem (feem ntau yog thaj chaw tsis ntseeg), thiab txwv tsis pub nkag los ntawm cov neeg siv, cov kev pabcuam, thiab cov ntawv thov siv cov cai firewall.
Nws tseem ua tau los tsim DNAT cov cai, chaw nres nkoj xa mus, Txoj Cai-raws li txoj kev, Network map.
Tom qab ntawd, hauv ntu "Firewall" koj yuav tsum tsim cov cai ntawm firewall. Rau kev nkag mus rau hauv Internet tsis txwv rau cov neeg siv ntawm Trusted network, txoj cai firewall kuj tau tsim - "Internet for Trusted" thiab yuav tsum tau qhib. Siv cov kev cai firewall, tus thawj tswj hwm tuaj yeem tso cai lossis tsis lees paub txhua hom kev thauj mus los hauv network uas dhau los ntawm UserGate. Cov kev cai muaj peev xwm suav nrog thaj chaw thiab qhov chaw / chaw nyob IP chaw nyob, cov neeg siv thiab pab pawg, cov kev pabcuam thiab cov ntawv thov. Cov kev cai siv tib yam li hauv seem "NAT thiab Routing", i.e. saum toj. Yog tias tsis muaj kev cai lij choj tau tsim, ces ib qho kev thauj mus los ntawm UserGate raug txwv.
4. Xaus
Qhov no xaus lus. Peb tau teeb tsa UserGate firewall ntawm lub tshuab virtual thiab ua qhov tsim nyog tsawg kawg nkaus rau Is Taws Nem ua haujlwm ntawm Trusted network. Peb yuav xav txog kev teeb tsa ntxiv hauv cov lus hauv qab no.
Ua raws li peb cov channel rau kev hloov tshiab (, , , )!
Tau qhov twg los: www.hab.com