Kev txiav txim los ntawm tus naj npawb ntawm cov lus nug uas pib tuaj txog rau peb ntawm SD-WAN, thev naus laus zis tau pib ua hauv paus hauv tebchaws Russia. Cov neeg muag khoom, ib txwm muaj, tsis tsaug zog thiab muab lawv cov tswv yim, thiab qee tus neeg siab tawv pioneers twb tau siv lawv ntawm lawv tes hauj lwm.
Peb ua haujlwm nrog yuav luag txhua tus neeg muag khoom, thiab ntau xyoo hauv peb chav kuaj kuv tau tswj xyuas kom nkag siab txog cov qauv tsim ntawm txhua tus neeg tsim khoom loj ntawm cov kev daws teeb meem software. SD-WAN los ntawm Fortinet sawv sib nrug me ntsis ntawm no, uas yooj yim ua lub luag haujlwm ntawm kev sib npaug ntawm kev sib txuas lus hauv cov software firewall. Txoj kev daws teeb meem yog kev ywj pheej, yog li nws feem ntau yog txiav txim siab los ntawm cov tuam txhab uas tseem tsis tau npaj rau kev hloov pauv thoob ntiaj teb, tab sis xav siv lawv cov kev sib txuas lus zoo dua.
Hauv tsab xov xwm no kuv xav qhia koj yuav ua li cas teeb tsa thiab ua haujlwm nrog SD-WAN los ntawm Fortinet, leej twg qhov kev daws teeb meem no tsim nyog rau thiab qhov pitfalls koj yuav ntsib ntawm no.
Cov neeg ua si tseem ceeb tshaj plaws hauv SD-WAN kev ua lag luam tuaj yeem muab faib ua ib qho ntawm ob hom:
1. Startups uas tau tsim SD-WAN kev daws teeb meem los ntawm kos. Qhov zoo tshaj plaws ntawm cov no tau txais lub zog loj rau kev txhim kho tom qab tau yuav los ntawm cov tuam txhab loj - qhov no yog zaj dab neeg ntawm Cisco / Viptela, VMWare / VeloCloud, Nuage / Nokia
2. Cov neeg muag khoom loj hauv lub network uas tau tsim cov kev daws teeb meem SD-WAN, tsim cov programmability thiab kev tswj hwm ntawm lawv cov routers ib txwm muaj - qhov no yog zaj dab neeg ntawm Juniper, Huawei
Fortinet tswj nrhiav nws txoj hauv kev. Lub firewall software tau tsim ua haujlwm ua haujlwm uas ua rau nws tuaj yeem sib txuas lawv cov kev sib txuas rau hauv cov channel virtual thiab sib npaug cov khoom nruab nrab ntawm lawv siv cov algorithms nyuaj piv rau cov qauv siv. Qhov kev ua haujlwm no hu ua SD-WAN. Yuav ua li cas Fortinet hu ua SD-WAN? Kev ua lag luam maj mam nkag siab tias Software-Defined txhais tau hais tias kev sib cais ntawm Kev Tswj Dav Hlau los ntawm Cov Ntaub Ntawv Dav Hlau, cov tswj hwm tshwj xeeb, thiab cov kws tshaj lij. Fortinet tsis muaj dab tsi zoo li ntawd. Centralized tswj yog xaiv tau thiab muaj los ntawm cov cuab yeej Fortimanager ib txwm muaj. Tab sis hauv kuv lub tswv yim, koj yuav tsum tsis txhob nrhiav qhov tseeb tsis meej thiab nkim sij hawm sib cav txog cov ntsiab lus. Hauv lub ntiaj teb tiag tiag, txhua txoj hauv kev muaj nws qhov zoo thiab qhov tsis zoo. Txoj hauv kev zoo tshaj plaws yog kom nkag siab lawv thiab muaj peev xwm xaiv cov kev daws teeb meem uas sib haum rau cov dej num.
Kuv mam li sim qhia koj nrog screenshots hauv tes seb SD-WAN los ntawm Fortinet zoo li cas thiab nws tuaj yeem ua li cas.
Yuav ua li cas txhua yam ua haujlwm
Cia peb xav tias koj muaj ob ceg txuas los ntawm ob cov ntaub ntawv raws. Cov ntaub ntawv txuas no tau muab tso ua ke rau hauv ib pab pawg, zoo ib yam li Ethernet interfaces li niaj zaus ua ke rau hauv LACP-Port-Channel. Cov laus-timers yuav nco ntsoov PPP Multilink - kuj yog ib qho piv txwv tsim nyog. Raws tuaj yeem yog lub cev chaw nres nkoj, VLAN SVI, nrog rau VPN lossis GRE qhov.
VPN lossis GRE feem ntau yog siv thaum txuas cov ceg hauv zos hauv Is Taws Nem. Thiab cov chaw nres nkoj lub cev - yog tias muaj L2 kev sib txuas ntawm cov chaw, lossis thaum sib txuas ntawm MPLS / VPN siab, yog tias peb txaus siab rau kev sib txuas yam tsis muaj Overlay thiab encryption. Lwm qhov xwm txheej uas siv cov chaw nres nkoj lub cev hauv SD-WAN pab pawg yog ntsuas cov neeg siv hauv zos nkag mus rau Is Taws Nem.
Ntawm peb qhov sawv ntsug muaj plaub lub foob pob hluav taws thiab ob lub VPN tunnels ua haujlwm los ntawm ob "tus neeg ua haujlwm sib txuas lus". Daim duab zoo li no:
VPN tunnels tau teeb tsa hauv hom kev sib txuas kom lawv zoo ib yam li cov ntsiab lus sib txuas ntawm cov khoom siv nrog IP chaw nyob ntawm P2P interfaces, uas tuaj yeem pinged los xyuas kom meej tias kev sib txuas lus los ntawm ib qho chaw ua haujlwm. Nyob rau hauv thiaj li yuav kom cov tsheb khiav mus rau encrypted thiab mus rau lub opposite sab, nws yog txaus rau txoj kev mus rau hauv lub qhov. Lwm txoj hauv kev yog xaiv cov tsheb khiav mus rau encryption siv cov npe ntawm cov subnets, uas ua rau cov thawj coj tsis meej pem vim qhov kev teeb tsa ua ntau dua. Hauv lub network loj, koj tuaj yeem siv ADVPN thev naus laus zis los tsim lub VPN; qhov no yog qhov sib piv ntawm DMVPN los ntawm Cisco lossis DVPN los ntawm Huawei, uas tso cai rau kev teeb tsa yooj yim dua.
Site-to-Site VPN config rau ob pab kiag li lawm nrog BGP routing ntawm ob sab
«ЦОД» (DC)
«Филиал» (BRN)
config system interface
edit "WAN1"
set vdom "Internet"
set ip 1.1.1.1 255.255.255.252
set allowaccess ping
set role wan
set interface "DC-BRD"
set vlanid 111
next
edit "WAN2"
set vdom "Internet"
set ip 3.3.3.1 255.255.255.252
set allowaccess ping
set role lan
set interface "DC-BRD"
set vlanid 112
next
edit "BRN-Ph1-1"
set vdom "Internet"
set ip 192.168.254.1 255.255.255.255
set allowaccess ping
set type tunnel
set remote-ip 192.168.254.2 255.255.255.255
set interface "WAN1"
next
edit "BRN-Ph1-2"
set vdom "Internet"
set ip 192.168.254.3 255.255.255.255
set allowaccess ping
set type tunnel
set remote-ip 192.168.254.4 255.255.255.255
set interface "WAN2"
next
end
config vpn ipsec phase1-interface
edit "BRN-Ph1-1"
set interface "WAN1"
set local-gw 1.1.1.1
set peertype any
set net-device disable
set proposal aes128-sha1
set dhgrp 2
set remote-gw 2.2.2.1
set psksecret ***
next
edit "BRN-Ph1-2"
set interface "WAN2"
set local-gw 3.3.3.1
set peertype any
set net-device disable
set proposal aes128-sha1
set dhgrp 2
set remote-gw 4.4.4.1
set psksecret ***
next
end
config vpn ipsec phase2-interface
edit "BRN-Ph2-1"
set phase1name "BRN-Ph1-1"
set proposal aes256-sha256
set dhgrp 2
next
edit "BRN-Ph2-2"
set phase1name "BRN-Ph1-2"
set proposal aes256-sha256
set dhgrp 2
next
end
config router static
edit 1
set gateway 1.1.1.2
set device "WAN1"
next
edit 3
set gateway 3.3.3.2
set device "WAN2"
next
end
config router bgp
set as 65002
set router-id 10.1.7.1
set ebgp-multipath enable
config neighbor
edit "192.168.254.2"
set remote-as 65003
next
edit "192.168.254.4"
set remote-as 65003
next
end
config network
edit 1
set prefix 10.1.0.0 255.255.0.0
next
end
config system interface
edit "WAN1"
set vdom "Internet"
set ip 2.2.2.1 255.255.255.252
set allowaccess ping
set role wan
set interface "BRN-BRD"
set vlanid 111
next
edit "WAN2"
set vdom "Internet"
set ip 4.4.4.1 255.255.255.252
set allowaccess ping
set role wan
set interface "BRN-BRD"
set vlanid 114
next
edit "DC-Ph1-1"
set vdom "Internet"
set ip 192.168.254.2 255.255.255.255
set allowaccess ping
set type tunnel
set remote-ip 192.168.254.1 255.255.255.255
set interface "WAN1"
next
edit "DC-Ph1-2"
set vdom "Internet"
set ip 192.168.254.4 255.255.255.255
set allowaccess ping
set type tunnel
set remote-ip 192.168.254.3 255.255.255.255
set interface "WAN2"
next
end
config vpn ipsec phase1-interface
edit "DC-Ph1-1"
set interface "WAN1"
set local-gw 2.2.2.1
set peertype any
set net-device disable
set proposal aes128-sha1
set dhgrp 2
set remote-gw 1.1.1.1
set psksecret ***
next
edit "DC-Ph1-2"
set interface "WAN2"
set local-gw 4.4.4.1
set peertype any
set net-device disable
set proposal aes128-sha1
set dhgrp 2
set remote-gw 3.3.3.1
set psksecret ***
next
end
config vpn ipsec phase2-interface
edit "DC-Ph2-1"
set phase1name "DC-Ph1-1"
set proposal aes128-sha1
set dhgrp 2
next
edit "DC2-Ph2-2"
set phase1name "DC-Ph1-2"
set proposal aes128-sha1
set dhgrp 2
next
end
config router static
edit 1
set gateway 2.2.2.2
et device "WAN1"
next
edit 3
set gateway 4.4.4.2
set device "WAN2"
next
end
config router bgp
set as 65003
set router-id 10.200.7.1
set ebgp-multipath enable
config neighbor
edit "192.168.254.1"
set remote-as 65002
next
edit "192.168.254.3"
set remote-as 65002
next
end
config network
edit 1
set prefix 10.200.0.0 255.255.0.0
next
end
Kuv tab tom muab kev teeb tsa hauv daim ntawv, vim tias, hauv kuv lub tswv yim, nws yooj yim dua los teeb tsa VPN txoj kev no. Yuav luag txhua qhov teeb tsa zoo ib yam ntawm ob sab; hauv daim ntawv ntawv lawv tuaj yeem ua tau raws li daim ntawv luam tawm. Yog tias koj ua tib yam hauv lub vev xaib interface, nws yooj yim rau kev ua yuam kev - tsis nco qab lub cim rau qhov chaw, nkag mus rau qhov tsis raug.
Tom qab peb ntxiv cov interfaces rau hauv pob
txhua txoj hauv kev thiab txoj cai kev nyab xeeb tuaj yeem xa mus rau nws, thiab tsis yog rau cov interfaces suav nrog hauv nws. Yam tsawg kawg nkaus, koj yuav tsum tso cai rau kev khiav tsheb los ntawm kev sib txuas sab hauv mus rau SD-WAN. Thaum koj tsim cov cai rau lawv, koj tuaj yeem siv cov kev tiv thaiv xws li IPS, antivirus thiab HTTPS tshaj tawm.
SD-WAN Cov Cai tau teeb tsa rau pob khoom. Cov no yog cov kev cai uas txhais cov algorithm sib npaug rau cov tsheb khiav. Lawv zoo ib yam li cov cai tswj hauv Txoj Cai Raws Li Txoj Cai Routing, tsuas yog vim muaj kev khiav tsheb poob raws li txoj cai, nws tsis yog qhov txuas ntxiv mus lossis qhov cuam tshuam ib txwm muaj uas tau teeb tsa, tab sis cov interfaces ntxiv rau SD-WAN pob ntxiv. ib qho kev sib npaug ntawm cov algorithm ntawm cov interfaces no.
Kev khiav tsheb tuaj yeem raug cais tawm ntawm cov dej ntws dav dav los ntawm L3-L4 cov ntaub ntawv, los ntawm kev lees paub cov ntawv thov, kev pabcuam hauv Is Taws Nem (URL thiab IP), nrog rau los ntawm cov neeg siv cov chaw ua haujlwm thiab cov khoos phis tawj lees paub. Tom qab ntawd, ib qho ntawm cov kev ntsuas ntsuas hauv qab no tuaj yeem raug xa mus rau kev faib tsheb khiav:
Hauv daim ntawv teev npe nyiam Interface, cov kev cuam tshuam los ntawm cov uas twb tau ntxiv rau hauv cov pob khoom uas yuav ua haujlwm rau hom kev khiav tsheb no raug xaiv. Los ntawm kev ntxiv tsis yog tag nrho cov kev sib tshuam, koj tuaj yeem txwv cov channel uas koj siv, hais, email, yog tias koj tsis xav ua lub nra hnyav nrog SLA siab nrog nws. Hauv FortiOS 6.4.1, nws tau dhau los ua pab pawg sib txuas ntxiv rau SD-WAN pob rau hauv ib cheeb tsam, tsim, piv txwv li, ib cheeb tsam rau kev sib txuas lus nrog cov chaw nyob deb, thiab lwm qhov rau kev siv Internet hauv zos siv NAT. Yog, yog, kev khiav mus rau hauv Internet tsis tu ncua kuj tuaj yeem sib npaug.
Hais txog balancing algorithms
Hais txog yuav ua li cas Fortigate (ib lub foob pob hluav taws los ntawm Fortinet) tuaj yeem faib cov tsheb khiav ntawm cov channel, muaj ob qhov kev xaiv nthuav dav uas tsis muaj ntau ntawm kev ua lag luam:
Tus nqi qis tshaj (SLA) - los ntawm tag nrho cov kev sib tshuam uas txaus siab rau SLA tam sim no, ib qho uas muaj qhov hnyav dua (tus nqi), manually teem los ntawm tus thawj coj, raug xaiv; hom no yog tsim rau "bulk" tsheb xws li thaub qab thiab hloov ntaub ntawv.
Qhov zoo tshaj plaws (SLA) - qhov algorithm no, ntxiv rau qhov ncua sij hawm ib txwm, jitter thiab poob ntawm cov pob ntawv Fortigate, tseem tuaj yeem siv cov channel tam sim no los ntsuas qhov zoo ntawm cov channel; Hom no tsim nyog rau kev khiav ceev xws li VoIP thiab kev sib tham hauv video.
Cov algorithms no yuav tsum teeb tsa kev sib txuas lus channel kev ntsuas kev ua tau zoo - Performance SLA. Qhov ntsuas ntsuas no ib ntus (kho lub sijhawm) saib xyuas cov ntaub ntawv hais txog kev ua raws li SLA: pob ntawv poob, ncua sijhawm (latency) thiab jitter (jitter) hauv kev sib txuas lus, thiab tuaj yeem "tsis lees paub" cov channel uas tam sim no tsis ua raws li qhov zoo - lawv poob. ntau pob ntawv los yog muaj latency ntau dhau lawm. Tsis tas li ntawd, lub 'meter' saib xyuas cov xwm txheej ntawm cov channel, thiab tuaj yeem tshem tawm ib ntus ntawm lub nras thaum rov ua cov lus teb rov qab (ua tsis tiav ua ntej tsis ua haujlwm). Thaum rov qab los, tom qab ob peb cov lus teb sib law liag (rov qab txuas tom qab), lub ntsuas yuav cia li rov qab cov channel mus rau hauv pob, thiab cov ntaub ntawv yuav pib xa rov qab los ntawm nws dua.
Qhov no yog qhov kev teeb tsa "meter" zoo li:
Hauv qhov web interface, ICMP-Echo-thov, HTTP-GET thiab DNS thov yog muaj raws li cov txheej txheem xeem. Muaj qee qhov kev xaiv ntxiv me ntsis ntawm kab hais kom ua: TCP-echo thiab UDP-echo xaiv muaj, nrog rau cov txheej txheem ntsuas tshwj xeeb - TWAMP.
Cov txiaj ntsig ntsuas kuj tuaj yeem pom hauv web interface:
Thiab ntawm kab hais kom ua:
Kev daws teeb meem
Yog tias koj tsim ib txoj cai, tab sis txhua yam tsis ua haujlwm raws li qhov xav tau, koj yuav tsum saib tus nqi ntaus nqi hauv SD-WAN Cov Cai. Nws yuav qhia seb qhov kev khiav tsheb puas poob rau hauv txoj cai no tag nrho:
Ntawm nplooj ntawv teeb tsa ntawm lub ntsuas hluav taws xob nws tus kheej, koj tuaj yeem pom qhov hloov pauv hauv channel tsis dhau sijhawm. Cov kab dotted qhia txog tus nqi pib ntawm qhov parameter
Nyob rau hauv lub web interface koj tuaj yeem pom yuav ua li cas kev khiav tsheb yog faib los ntawm tus nqi ntawm cov ntaub ntawv xa mus / tau txais thiab tus naj npawb ntawm ntu:
Ntxiv rau tag nrho cov no, muaj lub sijhawm zoo los taug qab cov kab lus ntawm cov pob ntawv nrog cov ntsiab lus siab tshaj plaws. Thaum ua haujlwm hauv lub network tiag tiag, cov cuab yeej teeb tsa tau sau ntau txoj cai tswjfwm, firewalling, thiab kev faib tsheb khiav hla SD-WAN cov chaw nres nkoj. Tag nrho cov no cuam tshuam nrog ib leeg hauv txoj hauv kev nyuaj, thiab txawm hais tias tus neeg muag khoom muab cov ncauj lus kom ntxaws ntawm cov txheej txheem kev ntim khoom, nws yog ib qho tseem ceeb heev uas yuav tsum tsis txhob tsim thiab sim cov kev xav, tab sis saib seb cov tsheb khiav mus li cas.
Piv txwv li, cov lus txib nram qab no
diagnose debug flow filter saddr 10.200.64.15
diagnose debug flow filter daddr 10.1.7.2
diagnose debug flow show function-name
diagnose debug enable
diagnose debug trace 2
Tso cai rau koj taug qab ob pob ntawv nrog qhov chaw nyob ntawm 10.200.64.15 thiab qhov chaw nyob ntawm 10.1.7.2.
Peb ping 10.7.1.2 los ntawm 10.200.64.15 ob zaug thiab saib cov zis ntawm lub console.
Thawj pob:
Ob pob:
Nov yog thawj pob ntawv tau txais los ntawm firewall:
id=20085 trace_id=475 func=print_pkt_detail line=5605 msg="vd-Internet:0 received a packet(proto=1, 10.200.64.15:42->10.1.7.2:2048) from DMZ-Office. type=8, code=0, id=42, seq=0."
VDOM – Internet, Proto=1 (ICMP), DMZ-Office – название L3-интерфейса. Type=8 – Echo.
Kev sib tham tshiab tau tsim rau nws:
msg="allocate a new session-0006a627"
Thiab ib qho kev sib tw tau pom nyob rau hauv txoj cai tswj kev teeb tsa
msg="Match policy routing id=2136539137: to 10.1.7.2 via ifindex-110"
Nws hloov tawm tias pob ntawv yuav tsum raug xa mus rau ib qho ntawm VPN tunnels:
"find a route: flag=04000000 gw-192.168.254.1 via DC-Ph1-1"
Cov cai hauv qab no tso cai raug kuaj pom hauv firewall cov cai:
msg="Allowed by Policy-3:"
Cov pob ntawv tau encrypted thiab xa mus rau VPN qhov:
func=ipsecdev_hard_start_xmit line=789 msg="enter IPsec interface-DC-Ph1-1"
func=_ipsecdev_hard_start_xmit line=666 msg="IPsec tunnel-DC-Ph1-1"
func=esp_output4 line=905 msg="IPsec encrypt/auth"
Cov pob ntawv encrypted raug xa mus rau qhov chaw nyob qhov rooj rau WAN interface:
msg="send to 2.2.2.2 via intf-WAN1"
Rau pob ntawv thib ob, txhua yam tshwm sim zoo ib yam, tab sis nws raug xa mus rau lwm qhov VPN qhov thiab tawm los ntawm qhov chaw nres nkoj firewall sib txawv:
func=ipsecdev_hard_start_xmit line=789 msg="enter IPsec interface-DC-Ph1-2"
func=_ipsecdev_hard_start_xmit line=666 msg="IPsec tunnel-DC-Ph1-2"
func=esp_output4 line=905 msg="IPsec encrypt/auth"
func=ipsec_output_finish line=622 msg="send to 4.4.4.2 via intf-WAN2"
Pros ntawm kev daws
Txhim khu kev qha functionality thiab user-friendly interface. Cov txheej txheem tshwj xeeb uas muaj nyob hauv FortiOS ua ntej qhov tshwm sim ntawm SD-WAN tau khaws cia tag nrho. Ntawd yog, peb tsis muaj software tsim tshiab, tab sis ib qho kev paub tab los ntawm cov neeg muag khoom pov thawj firewall. Nrog cov txheej txheem ib txwm ua haujlwm ntawm lub network, qhov yooj yim thiab yooj yim-rau-kawm web interface. Muaj pes tsawg tus neeg muag khoom SD-WAN muaj, hais, Chaw Taws Teeb-Access VPN ua haujlwm ntawm cov khoom siv kawg?
Kev ruaj ntseg qib 80. FortiGate yog ib qho ntawm cov kev daws teeb meem saum toj kawg nkaus. Muaj ntau yam khoom siv hauv Is Taws Nem ntawm kev teeb tsa thiab tswj cov firewalls, thiab hauv kev ua lag luam muaj ntau tus kws tshaj lij kev ruaj ntseg uas twb tau paub txog tus neeg muag khoom cov kev daws teeb meem.
Zero nqi rau SD-WAN kev ua haujlwm. Tsim kom muaj SD-WAN network ntawm FortiGate tus nqi ib yam li tsim lub WAN network ib txwm muaj rau nws, vim tsis muaj ntawv tso cai ntxiv los siv SD-WAN kev ua haujlwm.
Tus nqi qis nkag barrier. Fortigate muaj qhov gradation zoo ntawm cov khoom siv rau ntau qib kev ua tau zoo. Cov qauv hluas tshaj plaws thiab pheej yig tshaj plaws yog qhov tsim nyog rau kev nthuav dav chaw ua haujlwm lossis chaw muag khoom los ntawm, hais, 3-5 tus neeg ua haujlwm. Ntau tus neeg muag khoom tsuas yog tsis muaj cov qauv ua haujlwm qis thiab pheej yig.
Kev ua haujlwm siab. Kev txo qis SD-WAN kev ua haujlwm rau kev sib npaug ntawm cov tsheb tau tso cai rau lub tuam txhab tso tawm qhov tshwj xeeb SD-WAN ASIC, ua tsaug rau qhov kev ua haujlwm ntawm SD-WAN tsis txo qhov kev ua haujlwm ntawm firewall tag nrho.
Lub peev xwm los siv tag nrho lub chaw ua haujlwm ntawm Fortinet cov cuab yeej. Cov no yog ob lub firewalls, keyboards, Wi-Fi nkag mus. Cov chaw ua haujlwm zoo li no yooj yim thiab yooj yim rau kev tswj hwm - cov keyboards thiab cov ntsiab lus nkag tau sau npe ntawm firewalls thiab tswj los ntawm lawv. Piv txwv li, qhov no yog qhov hloov chaw nres nkoj yuav zoo li los ntawm firewall interface uas tswj qhov hloov pauv no:
Tsis muaj kev tswj hwm raws li ib qho kev ua tsis tiav. Tus neeg muag khoom nws tus kheej tsom ntsoov rau qhov no, tab sis qhov no tsuas yog hu ua qhov txiaj ntsig ntawm ib feem, vim hais tias rau cov neeg muag khoom uas muaj cov tswj hwm, ua kom lawv qhov kev ua txhaum cai yog pheej yig, feem ntau ntawm tus nqi me me ntawm cov khoom siv hauv ib puag ncig virtualization.
Dab tsi los saib
Tsis muaj kev sib cais ntawm Control Plane thiab Data Plane. Qhov no txhais tau hais tias lub network yuav tsum tau teeb tsa manually lossis siv cov cuab yeej tswj hwm ib txwm muaj - FortiManager. Rau cov neeg muag khoom uas tau ua raws li kev sib cais, lub network tau sib sau ua ke nws tus kheej. Tus thawj coj tsuas yog yuav tsum tau kho nws cov topology, txwv qee qhov chaw, tsis muaj dab tsi ntxiv. Txawm li cas los xij, FortiManager's trump card yog tias nws tuaj yeem tswj tsis tau tsuas yog firewalls, tab sis kuj hloov thiab Wi-Fi nkag mus rau cov ntsiab lus, uas yog, yuav luag tag nrho cov network.
Conditional nce hauv controllability. Vim qhov tseeb tias cov cuab yeej ib txwm siv los ua kom muaj kev sib txuas hauv network, kev tswj hwm kev sib txuas nrog kev qhia txog SD-WAN nce me ntsis. Ntawm qhov tod tes, kev ua haujlwm tshiab yuav muaj sai dua, txij li tus neeg muag khoom thawj zaug tso tawm tsuas yog rau lub firewall operating system (uas tam sim ntawd ua rau nws muaj peev xwm siv tau), thiab tsuas yog tom qab ntawd ntxiv cov kev tswj hwm nrog qhov tsim nyog interfaces.
Qee qhov kev ua haujlwm yuav muaj los ntawm kab hais kom ua, tab sis tsis muaj los ntawm lub vev xaib interface. Qee lub sij hawm nws tsis txaus ntshai mus rau hauv kab lus hais kom teeb tsa ib yam dab tsi, tab sis nws txaus ntshai tsis pom hauv lub vev xaib interface uas ib tus neeg tau teeb tsa ib yam dab tsi los ntawm kab hais kom ua. Tab sis qhov no feem ntau siv rau cov yam ntxwv tshiab tshaj plaws thiab maj mam, nrog FortiOS hloov tshiab, lub peev xwm ntawm lub vev xaib interface tau txhim kho.
Leej twg yuav haum
Rau cov uas tsis muaj ntau ceg. Ua raws li kev daws teeb meem SD-WAN nrog cov khoom siv hauv nruab nrab ntawm lub network ntawm 8-10 ceg yuav tsis raug nqi taws tswm ciab - koj yuav tsum tau siv nyiaj rau cov ntawv tso cai rau SD-WAN cov khoom siv thiab cov peev txheej virtualization los tuav lub hauv paus Cheebtsam. Ib lub tuam txhab me feem ntau muaj kev txwv kev siv suav dawb. Nyob rau hauv cov ntaub ntawv ntawm Fortinet, nws yog txaus kom tsuas yuav firewalls.
Rau cov neeg uas muaj ntau ceg me me. Rau ntau tus neeg muag khoom, qhov tsawg kawg nkaus daws tus nqi ntawm ib ceg yog siab heev thiab tej zaum yuav tsis nthuav los ntawm qhov pom ntawm qhov kawg ntawm cov neeg siv khoom lag luam. Fortinet muab cov khoom siv me me ntawm tus nqi txaus nyiam heev.
Rau cov uas tseem tsis tau npaj txhij mus deb dhau lawm. Kev ua raws SD-WAN nrog cov tswj hwm, kev tswj hwm tus kheej, thiab txoj hauv kev tshiab rau kev npaj thiab kev tswj hwm network yuav yog ib kauj ruam loj rau qee cov neeg siv khoom. Yog lawm, qhov kev siv no thaum kawg yuav pab txhim kho kev siv cov kev sib txuas lus thiab kev ua haujlwm ntawm cov thawj coj, tab sis ua ntej koj yuav tau kawm ntau yam tshiab. Rau cov neeg uas tseem tsis tau npaj txhij rau kev hloov pauv hloov pauv, tab sis xav nyem ntxiv ntawm lawv cov kev sib txuas lus, kev daws teeb meem los ntawm Fortinet yog txoj cai.
Tau qhov twg los: www.hab.com