Huab Based: Stealthwatch huab dawb sim - ntawm no Netflow los ntawm koj lub cuab yeej yuav ntws mus rau hauv huab thiab yuav raug tshuaj xyuas los ntawm StealthWatch software;
On-premise POV (GVE thov) - txoj kev kuv ua raws, lawv yuav xa koj 4 OVF cov ntaub ntawv ntawm lub tshuab virtual nrog cov ntawv tso cai ua haujlwm rau 90 hnub, uas tuaj yeem xa mus rau ntawm tus neeg rau zaub mov mob siab rau ntawm lub tuam txhab network.
Txawm hais tias muaj ntau ntawm rub tawm cov tshuab virtual, rau kev teeb tsa ua haujlwm tsawg kawg nkaus xwb 2 txaus: StealthWatch Management Console thiab FlowCollector. Txawm li cas los xij, yog tias tsis muaj cov khoom siv network uas tuaj yeem xa tawm Netflow mus rau FlowCollector, ces nws tseem yuav tsum tau siv FlowSensor, txij li tom kawg tso cai rau koj los sau Netflow siv SPAN / RSPAN thev naus laus zis.
Raws li kuv tau hais ua ntej lawm, koj lub network tiag tiag tuaj yeem ua raws li lub rooj zaum hauv chav kuaj, txij li StealthWatch tsuas yog xav tau daim ntawv theej, lossis, ntau dua, yog qhov nyem ntawm daim ntawv luam. Daim duab hauv qab no qhia kuv lub network, qhov twg ntawm lub qhov rooj ruaj ntseg kuv yuav teeb tsa Netflow Exporter thiab, yog li ntawd, yuav xa Netflow mus rau tus sau.
Txhawm rau nkag mus rau VMs yav tom ntej, cov chaw nres nkoj hauv qab no yuav tsum tso cai rau ntawm koj lub firewall, yog tias koj muaj:
TCP 22 l TCP 25 l TCP 389 l TCP 443 l TCP 2393 l TCP 5222 l UDP 53 l UDP 123 l UDP 161 l UDP 162 l UDP 389 l UDP 514 l UDP 2055 l UDP 6343
Qee tus ntawm lawv yog cov kev pabcuam uas paub zoo, qee qhov yog tshwj tseg rau Cisco cov kev pabcuam.
Hauv kuv qhov xwm txheej, kuv tsuas yog xa mus rau StelathWatch ntawm tib lub network li Check Point, thiab tsis tas yuav teeb tsa cov cai tso cai.
2. Txhim kho FlowCollector siv VMware vSphere ua piv txwv
2.9. Peb qhia lub npe thiab server qhov twg peb xa nws.
2.10. Yog li ntawd, peb tau txais daim duab hauv qab no thiab nyem "Finish".
2.11. Peb ua raws tib cov kauj ruam kom xa mus rau StealthWatch Management Console.
2.12. Tam sim no koj yuav tsum tau qhia kom meej cov kev sib txuas tsim nyog hauv cov kev sib tshuam kom FlowCollector pom ob qho tib si SMC thiab cov khoom siv los ntawm Netflow yuav raug xa tawm.
3. Initializing StealthWatch Management Console
3.1. Los ntawm kev mus rau lub console ntawm lub tshuab SMCVE ntsia, koj yuav pom qhov chaw nkag rau koj tus ID nkag mus thiab lo lus zais, los ntawm lub neej ntawd sysadmin/lan1cope.
3.2. Peb mus rau Cov Khoom Tswj Xyuas, teeb tsa tus IP chaw nyob thiab lwm yam tsis sib xws, tom qab ntawd lees paub lawv cov kev hloov pauv. Tus ntaus ntawv yuav reboot.
3.3. Mus rau lub vev xaib interface (ntawm https mus rau qhov chaw nyob uas koj tau teev tseg hauv SMC) thiab pib lub console, nkag mus / tus password - admin/lan411cope.
PS: Nws tshwm sim tias nws tsis qhib hauv Google Chrome, Explorer yuav ib txwm pab tawm.
3.4. Nco ntsoov hloov tus password, teeb tsa DNS, NTP servers, sau npe, thiab lwm yam. Cov kev teeb tsa yog intuitive.
3.5. Tom qab txhaj rau "Thov" khawm, lub cuab yeej yuav rov pib dua. Tom qab 5-7 feeb koj tuaj yeem txuas ntxiv mus rau qhov chaw nyob no; StealthWatch yuav raug tswj los ntawm lub vev xaib interface.
4. Kev teeb tsa FlowCollector
4.1. Nws zoo ib yam nrog tus sau. Ua ntej, hauv CLI peb qhia tus IP chaw nyob, daim npog qhov ncauj, sau npe, ces FC reboots. Tom qab ntawd koj tuaj yeem txuas mus rau lub vev xaib interface ntawm qhov chaw nyob uas tau teev tseg thiab ua tiav tib qhov kev teeb tsa yooj yim. Vim lub fact tias cov chaw zoo sib xws, cov ncauj lus kom ntxaws screenshots raug rho tawm. Cov ntaub ntawv pov thawj nkag mus tib yam.
4.2. Thaum lub sijhawm kawg, koj yuav tsum teeb tsa tus IP chaw nyob ntawm SMC, qhov no lub console yuav pom lub cuab yeej, koj yuav tsum paub meej tias qhov teeb tsa no los ntawm kev nkag mus rau koj daim ntawv pov thawj.
4.3. Xaiv lub npe rau StealthWatch, nws tau teem ua ntej, thiab qhov chaw nres nkoj 2055 - Netflow tsis tu ncua, yog tias koj ua haujlwm nrog sFlow, chaw nres nkoj 6343.
5. Netflow Exporter teeb tsa
5.1. Txhawm rau teeb tsa Netflow exporter, Kuv xav kom tig mus rau qhov no peev txheej , ntawm no yog cov lus qhia tseem ceeb rau kev teeb tsa Netflow exporter rau ntau yam khoom siv: Cisco, Check Point, Fortinet.
5.2. Hauv peb cov ntaub ntawv, kuv rov hais dua, peb tab tom xa tawm Netflow los ntawm Lub Rooj Sib Tham Check Point. Netflow exporter tau teeb tsa hauv ib lub tab ntawm tib lub npe hauv lub vev xaib interface (Gaia Portal). Txhawm rau ua qhov no, nyem "Ntxiv", qhia meej Netflow version thiab qhov chaw nres nkoj xav tau.
6. Kev soj ntsuam ntawm StealthWatch ua haujlwm
6.1. Mus rau SMC lub vev xaib interface, ntawm thawj nplooj ntawv ntawm Dashboards> Network Security koj tuaj yeem pom tias cov tsheb khiav tau pib!
6.2. Qee qhov chaw, piv txwv li, faib cov tswv rau hauv pab pawg, saib xyuas ib tus neeg cuam tshuam, lawv cov khoom thauj, tswj cov neeg sau khoom, thiab ntau dua, tsuas yog tuaj yeem pom hauv StealthWatch Java daim ntawv thov. Tau kawg, Cisco maj mam hloov tag nrho cov haujlwm ua haujlwm rau qhov browser version thiab sai sai no peb yuav tso tseg cov neeg siv khoom zoo li no.
Txhawm rau nruab daim ntawv thov, koj yuav tsum xub nruab JRE (Kuv tau nruab version 8, txawm hais tias nws tau hais tias nws txhawb nqa txog 10) los ntawm lub vev xaib official Oracle.
Nyob rau sab xis saum toj ntawm lub vev xaib interface ntawm kev tswj hwm console, txhawm rau rub tawm, koj yuav tsum nyem lub pob "Desktop Client".