4. NGFW kwa mabizinesi ang'onoang'ono. VPN

Timapitiliza zolemba zathu za NGFW zamabizinesi ang'onoang'ono, ndiloleni ndikukumbutseni kuti tikuwunikanso mitundu yatsopano ya 1500. MU 1 magawo cycle, ndinatchula imodzi mwa njira zothandiza kwambiri pogula chipangizo cha SMB - kupereka zipata zokhala ndi zilolezo zomangidwa mu Mobile Access (kuyambira 100 mpaka 200 ogwiritsa ntchito, kutengera chitsanzo). M'nkhaniyi tiwona kukhazikitsa VPN kwa 1500 zipata zotsatizana zomwe zimabwera ndi Gaia 80.20 Embedded pre-installed. Nachi chidule:

1. Kuthekera kwa VPN kwa SMB.
2. Bungwe la Kufikira Kwakutali kwaofesi yaying'ono.
3. Makasitomala omwe alipo kuti alumikizane.

1. Zosankha za VPN za SMB

Pofuna kukonzekera zinthu zamasiku ano, mkuluyo chiwongolero cha admin mtundu R80.20.05 (omwe ulipo pa nthawi ya kufalitsidwa kwa nkhaniyi). Chifukwa chake, malinga ndi VPN yokhala ndi Gaia 80.20 Yophatikizidwa pali chithandizo cha:

1. Site-to-Site. Kupanga ngalande za VPN pakati pa maofesi anu, komwe ogwiritsa ntchito amatha kugwira ntchito ngati ali pamanetiweki a "m'deralo".

   

2. Kufikira Kwakutali. Kulumikizana kwakutali ndi zinthu zakuofesi yanu pogwiritsa ntchito zida zomaliza (ma PC, mafoni am'manja, ndi zina). Kuonjezera apo, pali SSL Network Extender, imakulolani kufalitsa mapulogalamu apadera ndikuwayendetsa pogwiritsa ntchito Java Applet, kulumikiza kudzera pa SSL. Taonani: kuti musasokonezedwe ndi Mobile Access Portal (palibe chithandizo cha Gaia Embedded).
   
   

Komanso Ndikupangira maphunziro a wolemba TS Solution - Chongani Point Remote Access VPN imawulula matekinoloje a Check Point okhudzana ndi VPN, ikukhudza nkhani zamalayisensi ndipo ili ndi malangizo okhazikitsa.

2. Kufikira kutali kwa ofesi yaying'ono

Tiyamba kukonza kulumikizana kwakutali kuofesi yanu:

1. Kuti ogwiritsa ntchito amange ngalande ya VPN yokhala ndi chipata, muyenera kukhala ndi adilesi yapagulu ya IP. Ngati mwamaliza kale kukhazikitsa (2 nkhani kuchokera kuzungulira), ndiye, monga lamulo, Ulalo Wakunja wayamba kale. Zambiri zitha kupezeka popita ku Gaia Portal: Chipangizo → Network → intaneti

   
   

   Ngati kampani yanu imagwiritsa ntchito adilesi ya IP yapagulu, mutha kukhazikitsa Dynamic DNS. Pitani ku Chipangizo → DDNS & Kufikira kwa Chipangizo

   
   

   Pakadali pano pali chithandizo chochokera kwa othandizira awiri: DynDns ndi no-ip.com. Kuti muyambitse njirayi muyenera kuyika zidziwitso zanu (login, password).

2. Chotsatira, tiyeni tipange akaunti ya ogwiritsa ntchito, zikhala zothandiza kuyesa makonda: VPN → Kufikira Kwakutali → Ogwiritsa Ntchito Akutali

   
   

   Mu gulu (mwachitsanzo: remoteaccess) tidzapanga wogwiritsa ntchito motsatira malangizo omwe ali pazithunzi. Kukhazikitsa akaunti ndikokhazikika, ikani malowedwe ndi mawu achinsinsi, ndikuwonjezeranso mwayi wa zilolezo za Remote Access.

   
   

   Ngati mwagwiritsa ntchito bwino zoikamo, zinthu ziwiri ziyenera kuwoneka: wogwiritsa ntchito wamba, gulu laogwiritsa ntchito.

   

3. Gawo lotsatira ndikupita ku VPN → Kufikira Kwakutali → Kuwongolera kwa Blade. Onetsetsani kuti tsamba lanu layatsidwa komanso kuchuluka kwa magalimoto kuchokera kwa ogwiritsa ntchito akutali ndikuloledwa.

   

4. *Zomwe zili pamwambapa zinali njira zochepa zokhazikitsira Remote Access. Koma tisanayese kulumikizana, tiyeni tifufuze zoikamo zapamwamba popita ku tabu VPN → Kufikira Kutali → Zotsogola

   
   

   Kutengera zomwe zikuchitika pano, tikuwona kuti ogwiritsa ntchito akutali akalumikizana, alandila adilesi ya IP kuchokera pa netiweki 172.16.11.0/24, chifukwa cha njira ya Office. Izi ndizokwanira ndi malo osungira kuti agwiritse ntchito zilolezo zopikisana 200 (zosonyezedwa 1590 NGFW Check Point).

   Yankho "Yendetsani kuchuluka kwa magalimoto pa intaneti kuchokera kwa makasitomala olumikizidwa kudzera pachipata ichi" ndiyosasankha ndipo ili ndi udindo wowongolera magalimoto onse kuchokera kwa ogwiritsa ntchito akutali kudzera pachipata (kuphatikiza ma intaneti). Izi zimakuthandizani kuti muyang'ane kuchuluka kwa magalimoto a wogwiritsa ntchito ndikuteteza malo ake ogwirira ntchito ku ziwopsezo zosiyanasiyana komanso pulogalamu yaumbanda.

5. *Kugwira ntchito ndi mfundo zofikira pakutali

   Titakonza Kufikira Kwakutali, lamulo lofikira zokha lidapangidwa pamlingo wa Firewall, kuti muwone muyenera kupita ku tabu: Mfundo Yofikira → Chiwombankhanga → Ndondomeko

   
   

   Pankhaniyi, ogwiritsa ntchito akutali omwe ali mamembala a gulu lomwe adapangidwa kale azitha kupeza zonse zamkati za kampaniyo; zindikirani kuti lamuloli lili mu gawo lonse. "Magalimoto obwera, amkati ndi a VPN". Kuti mulole kuchuluka kwa ogwiritsa ntchito a VPN pa intaneti, muyenera kupanga lamulo losiyana mu gawo lonse "Kufikira pa intaneti".

6. Pomaliza, tikungofunika kuwonetsetsa kuti wogwiritsa ntchitoyo atha kupanga bwino njira ya VPN pachipata chathu cha NGFW ndikupeza zinthu zamkati zamakampani. Kuti muchite izi, muyenera kukhazikitsa kasitomala wa VPN pa omwe akuyesedwa, thandizo limaperekedwa ссылка Za kutsitsa. Mukakhazikitsa, muyenera kuchita njira yowonjezerera tsamba latsopano (onetsani adilesi ya IP ya pachipata chanu). Kuti zitheke, njirayi imaperekedwa mu mawonekedwe a GIF

   
   
   Kulumikizana kukakhazikitsidwa kale, tiyeni tiwone adilesi ya IP yomwe idalandiridwa pamakina olandila pogwiritsa ntchito lamulo mu CMD: ipconfig

   
   

   Tidawonetsetsa kuti adaputala ya netiweki yalandila adilesi ya IP kuchokera ku Office Mode ya NGFW yathu, mapaketi adatumizidwa bwino. Kuti mumalize, titha kupita ku Gaia Portal: VPN → Kufikira Kutali → Ogwiritsa Ntchito Akutali

   
   

   Wogwiritsa "ntuser" akuwonetsedwa ngati olumikizidwa, tiyeni tiwone zomwe zachitika popita Zolemba & Kuwunika → Zipika Zachitetezo

   
   

   Kulumikizana kumalowetsedwa pogwiritsa ntchito adilesi ya IP monga gwero: 172.16.10.1 - iyi ndi adilesi yomwe idalandiridwa ndi wogwiritsa ntchito kudzera mu Office Mode.

   3. Makasitomala othandizira akutali

   Titawunikanso njira yolumikizirana ndi ofesi yanu pogwiritsa ntchito NGFW Check Point ya banja la SMB, ndikufuna kulemba za chithandizo chamakasitomala pazida zosiyanasiyana:

   • Endpoint VPN ya Windows/Mac OS
   • Wogula Pafoni (Android / iOS)
   • L2TP Native Client (Check Point imathandizira pulogalamu ya Microsoft ya VPN).

   Makina osiyanasiyana ogwiritsira ntchito ndi zida zimakupatsani mwayi wogwiritsa ntchito laisensi yanu yomwe imabwera ndi NGFW. Pofuna kukonza chipangizo chosiyana pali njira yabwino "Momwe mungagwirizane"

   

   Zimangopanga masitepe malinga ndi zokonda zanu, zomwe zidzalola olamulira kukhazikitsa makasitomala atsopano popanda vuto lililonse.

   Kutsiliza: Kuti tifotokoze mwachidule nkhaniyi, tidayang'ana mphamvu za VPN za banja la NGFW Check Point SMB. Kenako, tidafotokoza njira zokhazikitsira Remote Access, pankhani ya kulumikizana kwakutali kwa ogwiritsa ntchito kuofesi, kenako tidaphunzira zida zowunikira. Pamapeto pa nkhaniyi tidakambirana za makasitomala omwe alipo komanso njira zolumikizirana ndi Remote Access. Chifukwa chake, ofesi yanu yanthambi idzatha kutsimikizira kupitiliza ndi chitetezo cha ogwira ntchito pogwiritsa ntchito matekinoloje a VPN, ngakhale ziwopsezo zosiyanasiyana zakunja ndi zinthu.

   Zosankha zazikulu pa Check Point kuchokera ku TS Solution. Dzimvetserani (uthengawo, Facebook, VK, TS Solution Blog, Yandex.Zen).

Source: www.habr.com