Lub sijhawm tau los ua kom tiav cov kab lus hais txog tiam tshiab ntawm SMB Check Point (1500 series). Peb cia siab tias qhov no yog qhov muaj txiaj ntsig zoo rau koj thiab tias koj yuav txuas ntxiv nrog peb ntawm TS Solution blog. Lub ntsiab lus rau tsab xov xwm kawg tsis yog dav dav, tab sis tsis muaj qhov tseem ceeb - SMB kev ua tau zoo tuning. Hauv nws peb yuav tham txog cov kev xaiv kev teeb tsa rau kho vajtse thiab software ntawm NGFW, piav qhia txog cov lus txib thiab cov txheej txheem ntawm kev sib cuam tshuam.
Tag nrho cov ntawv hauv series txog NGFW rau cov lag luam me:
Tam sim no, tsis muaj ntau qhov chaw ntawm cov ntaub ntawv hais txog kev ua tau zoo tu rau SMB kev daws teeb meem vim internal OS - Gaia 80.20 Embedded. Nyob rau hauv peb tsab xov xwm peb yuav siv ib tug layout nrog centralized tswj (mob siab rau Management Server) - nws tso cai rau koj siv ntau yam cuab yeej thaum ua hauj lwm nrog NGFW.
Kho vajtse
Ua ntej kov lub Check Point SMB tsev neeg architecture, koj tuaj yeem nug koj tus khub kom siv cov khoom siv Cov cuab yeej Sizing, xaiv qhov kev daws teeb meem zoo tshaj plaws raws li cov yam ntxwv tshwj xeeb (throughput, xav tau tus naj npawb ntawm cov neeg siv, thiab lwm yam).
Cov ntawv tseem ceeb thaum cuam tshuam nrog koj cov khoom siv NGFW
-
NGFW cov kev daws teeb meem ntawm tsev neeg SMB tsis muaj peev xwm kho vajtse hloov kho cov khoom siv (CPU, RAM, HDD); nyob ntawm tus qauv, muaj kev txhawb nqa rau SD phaib, qhov no tso cai rau koj nthuav dav lub peev xwm disk, tab sis tsis loj heev.
-
Kev khiav hauj lwm ntawm network interfaces yuav tsum tau tswj. Gaia 80.20 Embedded tsis muaj ntau cov cuab yeej saib xyuas, tab sis koj tuaj yeem siv tau cov lus txib paub zoo hauv CLI ntawm Kev Txawj Ntse
#ifconfig ua
Ua tib zoo mloog cov kab hauv qab, lawv yuav tso cai rau koj los kwv yees tus lej ntawm qhov tsis raug ntawm lub interface. Nws raug nquahu kom kuaj xyuas cov kev txwv no thaum pib ua haujlwm ntawm koj NGFW, nrog rau lub sijhawm ua haujlwm.
-
Rau tag nrho-fledged Gaia muaj lus txib:
> show diag
Nrog nws cov kev pab nws muaj peev xwm tau txais cov ntaub ntawv hais txog qhov kub thiab txias ntawm lub hardware. Hmoov tsis zoo, qhov kev xaiv no tsis muaj nyob hauv 80.20 Embedded; peb yuav qhia qhov nrov tshaj plaws SNMP ntxiab:
Lub npe
piav qhia
Interface disconnected
Disabling lub interface
VLAN tshem tawm
Tshem tawm Vlans
Kev siv lub cim xeeb siab
Kev siv RAM siab
Qhov chaw disk tsawg
Tsis txaus HDD chaw
Kev siv CPU siab
Kev siv CPU siab
High CPU cuam tshuam tus nqi
Siab cuam tshuam
Kev sib txuas siab
High flow ntawm kev sib txuas tshiab
High concurrent kev sib txuas
Qib siab ntawm kev sib tw
High Firewall throughput
High throughput Firewall
Siab txais pob ntawv tus nqi
Kev txais pob ntawv siab
Cluster member state hloov
Hloov lub xeev pawg
Kev sib txuas nrog lub cav server yuam kev
Poob kev txuas nrog Log-Server
-
Kev ua haujlwm ntawm koj lub rooj vag yuav tsum tau saib xyuas RAM. Rau Gaia (Linux-zoo li OS) ua haujlwm, qhov no yog Thaum RAM noj nce mus txog 70-80% ntawm kev siv.
Lub architecture ntawm SMB cov kev daws teeb meem tsis muab rau kev siv SWAP nco, tsis zoo li qub Check Point qauv. Txawm li cas los xij, hauv Linux cov ntaub ntawv nws tau pom , uas qhia txog qhov muaj peev xwm ntawm kev hloov pauv SWAP parameter.
Software ib feem
Thaum lub sij hawm tshaj tawm tsab xov xwm Gaia version - 80.20.10. Koj yuav tsum paub tias muaj kev txwv thaum ua haujlwm hauv CLI: qee cov lus txib Linux tau txais kev txhawb nqa hauv hom kws tshaj lij. Kev ntsuas qhov ua tau zoo ntawm NGFW yuav tsum tau ntsuas qhov ua tau zoo ntawm daemons thiab cov kev pabcuam, cov ntsiab lus ntxiv txog qhov no tuaj yeem pom hauv kuv cov npoj yaig. Peb yuav saib cov lus txib ua tau rau SMB.
Ua haujlwm nrog Gaia OS
-
Xauj SecureXL templates
#fwaccelstat
-
Saib khau raj los ntawm core
# fw ctl multik stat
-
Saib tus naj npawb ntawm kev sib ntsib (kev sib txuas).
#fw ctl pstat
-
* Saib pawg xwm txheej
#cphaprob stat
-
Classic Linux TOP hais kom ua
Kev sau npe
Raws li koj twb paub lawm, muaj peb txoj hauv kev ua haujlwm nrog NGFW cav (kho, ua haujlwm): hauv zos, hauv nruab nrab thiab hauv huab. Qhov kawg ob txoj kev xaiv qhia txog qhov muaj qhov chaw - Management Server.
Muaj peev xwm NGFW tswj schemes
Cov ntaub ntawv muaj txiaj ntsig tshaj plaws
-
Cov lus kaw lus (muaj cov ntaub ntawv tsawg dua li Gaia tag nrho)
# tail -f /var/log/messages2
-
Cov lus yuam kev hauv kev ua haujlwm ntawm cov hniav (zoo heev cov ntaub ntawv muaj txiaj ntsig thaum daws teeb meem)
# tail -f /var/log/log/sfwd.elg
-
Saib cov lus los ntawm qhov tsis nyob ntawm qhov system kernel theem.
#dmesg
Hniav configuration
Tshooj lus no yuav tsis muaj cov lus qhia ua tiav rau kev teeb tsa koj qhov NGFW Check Point; nws tsuas muaj peb cov lus pom zoo, xaiv los ntawm kev paub dhau los.
Daim ntawv thov tswj / URL lim
-
Nws raug pom zoo kom zam txhua yam, NYIAJ (Qhov Chaw, Qhov Chaw) hauv cov cai.
-
Thaum qhia meej txog qhov kev cai URL, nws yuav ua tau zoo dua los siv cov lus hais tsis tu ncua xws li: (^|..)checkpoint.com
-
Tsis txhob siv ntau dhau ntawm kev txiav txim siab thiab tso saib cov nplooj ntawv thaiv (UserCheck).
-
Xyuas kom cov tshuab ua haujlwm raug "SecureXL". Feem ntau cov tsheb yuav tsum dhau mus ceev / nruab nrab txoj kev. Tsis tas li ntawd, tsis txhob hnov ββββqab lim cov cai los ntawm cov neeg siv feem ntau (thaj chaw hits ).
HTTPS-Kev tshuaj xyuas
Nws tsis pub leejtwg paub tias 70-80% ntawm cov neeg siv tsheb khiav los ntawm HTTPS kev sib txuas, uas txhais tau hais tias qhov no yuav tsum muaj peev txheej los ntawm koj lub rooj vag processor. Tsis tas li ntawd, HTTPS-Inspection koom nrog hauv kev ua haujlwm ntawm IPS, Antivirus, Antibot.
Pib los ntawm version 80.40 muaj Txhawm rau ua haujlwm nrog HTTPS cov cai tsis muaj Legacy Dashboard, ntawm no yog qee qhov kev pom zoo txoj cai:
-
Bypass rau ib pab pawg ntawm chaw nyob thiab tes hauj lwm (Destination).
-
Bypass rau ib pawg ntawm URLs.
-
Bypass rau sab hauv IP thiab tes hauj lwm uas muaj cai nkag tau (Source).
-
Tshawb xyuas cov network uas xav tau, cov neeg siv
-
Bypass rau lwm tus.
* Nws yog ib txwm zoo dua los xaiv HTTPS lossis HTTPS Proxy cov kev pabcuam thiab tawm ntawm Ib qho. Sau cov xwm txheej raws li Kev Tshawb Fawb Cov Cai.
IPS
IPS hniav tuaj yeem ua tsis tiav rau kev teeb tsa txoj cai ntawm koj NGFW yog tias siv kos npe ntau dhau lawm. Raws li los ntawm Check Point, SMB ntaus ntawv architecture tsis tsim los khiav tag nrho cov lus pom zoo IPS configuration profile.
Txhawm rau daws lossis tiv thaiv qhov teeb meem, ua raws li cov kauj ruam no:
-
Clone qhov Optimized profile hu ua "Optimized SMB" (lossis lwm qhov koj xaiv).
-
Kho qhov profile, mus rau IPS β Pre R80.Settings seem thiab tua neeg rau zaub mov tiv thaiv.
-
Ntawm koj qhov kev txiav txim siab, koj tuaj yeem lov tes taw CVEs laus dua xyoo 2010, cov kev tsis zoo no yuav tsis tshua pom hauv cov chaw ua haujlwm me, tab sis cuam tshuam rau kev ua haujlwm. Txhawm rau lov tes taw qee yam ntawm lawv, mus rau Profile β IPS β Ntxiv Ua Haujlwm β Kev Tiv Thaiv kom deactivate daim ntawv
Es tsis txhob ib tug xaus
Raws li ib feem ntawm cov kab lus hais txog lub cim tshiab ntawm NGFW ntawm SMB tsev neeg (1500), peb tau sim qhia txog lub peev xwm tseem ceeb ntawm kev daws teeb meem thiab ua kom pom kev teeb tsa ntawm cov khoom tseem ceeb ntawm kev ruaj ntseg siv cov piv txwv tshwj xeeb. Peb yuav zoo siab los teb cov lus nug txog cov khoom hauv cov lus pom. Peb nyob nrog koj, ua tsaug rau koj mloog!
. Txhawm rau kom tsis txhob nco cov ntawv tshaj tawm tshiab, ua raws cov kev hloov tshiab ntawm peb cov kev sib raug zoo (, , , , ).
Tau qhov twg los: www.hab.com