Spider ya ukonde kapena node yapakati pa netiweki yogawidwa

Zomwe muyenera kuyang'ana posankha rauta ya VPN pa netiweki yogawidwa? Ndipo iyenera kukhala ndi mbali zotani? Izi ndi zomwe ndemanga yathu ya ZyWALL VPN1000 idaperekedwa.

Mau oyamba

Izi zisanachitike, zofalitsa zathu zambiri zidaperekedwa ku zida zazing'ono za VPN kuti zitha kulumikizana ndi netiweki kuchokera kuzinthu zotumphukira. Mwachitsanzo, kulumikiza nthambi zosiyanasiyana ndi likulu, kupeza Network ya makampani ang'onoang'ono odziimira okha, kapena ngakhale nyumba. Yakwana nthawi yoti mulankhule zapakati pa node yogawidwa.

Zikuwonekeratu kuti sizingagwire ntchito kumanga maukonde amakono a bizinesi yayikulu pokhapokha pazida zamagulu azachuma. Ndipo konzekerani ntchito yamtambo kuti ipereke chithandizo kwa ogula - nawonso. Kwinakwake, zida ziyenera kukhazikitsidwa zomwe zitha kutumikila makasitomala ambiri nthawi imodzi. Nthawi ino tikambirana za chipangizo chimodzi chotere - Zyxel VPN1000.

Kwa omwe akutenga nawo mbali akulu ndi ang'onoang'ono pakusinthana kwa maukonde, njira zitha kuzindikirika ndi zomwe kuyenerera kwa chipangizo china chothetsera vuto kumayesedwa.

M'munsimu muli zikuluzikulu:

• luso ndi ntchito;
• kulamulira;
• chitetezo;
• kulekerera zolakwika.

Ndizovuta kusiyanitsa zomwe zili zofunika kwambiri, ndi zomwe zingatheke popanda. Chilichonse chikufunika. Ngati chipangizocho, malinga ndi ndondomeko ina, sichifika pamlingo wa zofunikira, izi zimakhala ndi mavuto m'tsogolomu.

Komabe, zinthu zina za zida zomwe zimapangidwira kuti zitsimikizire kugwira ntchito kwa node zapakati ndi zida zomwe zimagwira ntchito makamaka m'mphepete mwake zimatha kusiyana kwambiri.

Kwa node yapakati, mphamvu yamakompyuta imabwera koyamba - izi zimabweretsa kuzizira kokakamiza, ndipo, motero, phokoso la fan. Kwa zotumphukira, zomwe nthawi zambiri zimapezeka m'maofesi ndi malo okhala, kuchita phokoso kumakhala kosavomerezeka.

Mfundo ina yosangalatsa ndikugawa madoko. Pazida zotumphukira, ndizodziwika bwino momwe zidzagwiritsire ntchito komanso kuchuluka kwa makasitomala omwe alumikizidwa. Chifukwa chake, mutha kukhazikitsa magawo olimba a madoko pa WAN, LAN, DMZ, kumangirira mwamphamvu ku protocol, ndi zina zotero. Palibe chitsimikizo chotere mu node yapakati. Mwachitsanzo, adawonjezera gawo latsopano la netiweki lomwe limafunikira kulumikizana kudzera mu mawonekedwe ake - ndi momwe angachitire? Izi zimafuna yankho lachilengedwe chonse ndi kuthekera kosintha zolumikizirana.

Chofunika kwambiri ndikudzaza kwa chipangizocho ndi ntchito zosiyanasiyana. Inde, pali ubwino wokhala ndi chida chimodzi chimagwira ntchito imodzi bwino. Koma zinthu zosangalatsa kwambiri zimayamba pamene muyenera kupita kumanzere, sitepe kupita kumanja. Kumene, mukhoza kuwonjezera kugula chipangizo chandamale china chilichonse ntchito yatsopano. Ndi zina zotero mpaka bajeti kapena malo opangira rack amatha.

Mosiyana ndi izi, ntchito zowonjezera zimakulolani kuti muzitha kugwiritsa ntchito chipangizo chimodzi pothetsa nkhani zingapo. Mwachitsanzo, ZyWALL VPN1000 imathandizira mitundu ingapo ya kulumikizana kwa VPN, kuphatikiza SSL ndi IPsec VPN, komanso kulumikizana kwakutali kwa ogwira ntchito. Ndiko kuti, "chidutswa chimodzi chachitsulo" chimatseka nkhani zamagulu onse apakati ndi makasitomala. Koma pali mmodzi "koma". Kuti izi zitheke, muyenera kukhala ndi malire a magwiridwe antchito. Mwachitsanzo, pa nkhani ya ZyWALL VPN1000, IPsec VPN hardware core imapereka ntchito yapamwamba ya VPN, pamene VPN kusanja / redundancy ndi SHA-2 ndi IKEv2 ma algorithms amatsimikizira kudalirika kwakukulu ndi chitetezo cha bizinesi.

M'munsimu muli zinthu zina zothandiza zomwe zili ndi njira imodzi kapena zingapo zomwe zafotokozedwa pamwambapa.

Sd-WAN imapereka nsanja yoyang'anira mitambo, kugwiritsa ntchito mwayi wowongolera kulumikizana pakati pa malo omwe amatha kuwongolera ndi kuyang'anira patali. ZyWALL VPN1000 imathandiziranso njira yoyenera yogwirira ntchito pomwe zida zapamwamba za VPN zimafunikira.

Thandizo la nsanja zamtambo pazantchito zovuta. ZyWALL VPN1000 imatsimikiziridwa kuti igwiritsidwe ntchito ndi Microsoft Azure ndi AWS. Kugwiritsa ntchito zida zomwe zidatsimikizidwa kale ndikwabwino pagulu lililonse, makamaka ngati zida za IT zimagwiritsa ntchito ma netiweki am'deralo ndi mtambo.

Sefa zokhutira kumawonjezera chitetezo poletsa kulowa mawebusayiti oyipa kapena osafunikira. Imaletsa pulogalamu yaumbanda kuti isatsitsidwe kuchokera kumasamba osadalirika kapena obedwa. Pankhani ya ZyWALL VPN1000, chilolezo chapachaka cha ntchitoyi chimaphatikizidwa nthawi yomweyo mu phukusi.

Geo Policy (GeoIP) amakulolani kuti muzitha kuyang'anira kuchuluka kwa magalimoto ndi kusanthula komwe kuli ma adilesi a IP, kukana kulowa m'malo osafunikira kapena omwe angakhale oopsa. Chilolezo chapachaka chautumikiwu chikuphatikizidwanso ndi kugula kwa chipangizocho.

Kasamalidwe ka netiweki opanda zingwe ZyWALL VPN1000 imaphatikizapo wowongolera opanda zingwe omwe amakupatsani mwayi wowongolera mpaka malo ofikira 1032 kuchokera pamawonekedwe apakati ogwiritsa ntchito. Mabizinesi amatha kugwiritsa ntchito kapena kukulitsa netiweki yoyendetsedwa ya Wi-Fi mosavutikira. Ndizofunikira kudziwa kuti nambala 1032 ndiyochuluka kwambiri. Kutengera kuti ogwiritsa ntchito mpaka 10 amatha kulumikizana ndi malo amodzi, chithunzi chowoneka bwino chimapezedwa.

Kusamalitsa ndi Redundancy. Mndandanda wa VPN umathandizira kusanja kwa katundu ndi kubwezeretsanso panjira zingapo zakunja. Ndiko kuti, mutha kulumikiza njira zingapo kuchokera kwa othandizira angapo, potero kudziteteza ku zovuta zoyankhulirana.

Kutha kwa chipangizo (Chipangizo HA) kwa kulumikizana kosayimitsa, ngakhale chimodzi mwa zidazo chikalephera. Ndizovuta kuchita popanda izo ngati mukufuna kukonza ntchito 24/7 ndi nthawi yochepa yopuma.

Zyxel Chipangizo HA Pro ili mkati yogwira/yopanda, zomwe sizifuna njira yovuta yokhazikitsira. Izi zimakuthandizani kuti muchepetse malo olowera ndikuyamba kugwiritsa ntchito kusungitsako nthawi yomweyo. Mosiyana yogwira/yogwirapamene woyang'anira dongosolo akufunika kuphunzitsidwa zina, athe kukonza njira zosinthira, kumvetsetsa kuti mapaketi asymmetric ndi chiyani, ndi zina zotero. - Kukhazikitsa mode yogwira/yopanda zosavuta komanso zosawononga nthawi.

Mukamagwiritsa ntchito Zyxel Chipangizo HA Pro, zida zimasinthanitsa ma sign kugunda kwa mtima kudzera padoko lodzipereka. Madoko achipangizo achangu komanso osagwira ntchito kugunda kwa mtima cholumikizidwa kudzera pa chingwe cha Ethernet. Chipangizo chongolankhula chimagwirizanitsa chidziwitso ndi chipangizo chogwira ntchito. Makamaka, magawo onse, tunnel, maakaunti a ogwiritsa ntchito amalumikizidwa pakati pa zida. Kuphatikiza apo, chipangizocho chimasunga zosunga zobwezeretsera za fayilo yosinthira ngati chipangizo chogwira chitha. Choncho, pakagwa kulephera kwa chipangizo chachikulu, kusinthako kumakhala kosasunthika.

Tiyenera kuzindikira kuti mu machitidwe ogwira ntchito/zochita mukuyenerabe kusungira 20-25% yazinthu zamakina kuti zitheke. Pa yogwira/yopanda chipangizo chimodzi chiri mu standby state, ndipo ali wokonzeka nthawi yomweyo kukonza maukonde magalimoto ndi kusunga yachibadwa ntchito maukonde.

M'mawu osavuta: "Mukagwiritsa ntchito Zyxel Chipangizo HA Pro ndikukhala ndi njira yosunga zobwezeretsera, bizinesiyo imatetezedwa kutayika kwa kulumikizana chifukwa cha vuto la wopereka chithandizo, komanso kumavuto chifukwa cha kulephera kwa rauta.

Kufotokozera mwachidule zonsezi

Kwa node yapakati ya netiweki yogawidwa, ndi bwino kugwiritsa ntchito chipangizo chokhala ndi madoko ena (zolumikizira zolumikizira). Nthawi yomweyo, ndikofunikira kukhala ndi mawonekedwe onse a RJ45 kuti akhale osavuta komanso otsika mtengo kulumikizana, ndi SFP posankha pakati pa kugwirizana kwa fiber optic ndi awiri opotoka.

Chipangizochi chiyenera kukhala:

• zogwira mtima, zosinthidwa kuti zisinthe mwadzidzidzi;
• ndi mawonekedwe omveka bwino;
• zokhala ndi zinthu zambiri zomangidwa, kuphatikiza zomwe zimagwirizana ndi chitetezo;
• ndi kuthekera kopanga ziwembu zololera zolakwika - kubwereza kwa mayendedwe ndi kubwereza kwa zida;
• kasamalidwe kothandizira, kotero kuti maziko onse a nthambi ngati mawonekedwe apakati ndi zida zotumphukira zimayendetsedwa kuchokera kumalo amodzi;
• monga "icing pa keke" - kuthandizira zochitika zamakono monga kuphatikiza ndi zinthu zamtambo ndi zina zotero.

ZyWALL VPN1000 ngati node yapakati pamaneti

Mukayang'ana koyamba ZyWALL VPN1000, mutha kuwona kuti madoko a Zyxel sanasiyidwe.

Tili ndi:

• 12 madoko a RJ-45 osinthika (GBE);

• 2 madoko a SFP osinthika (GBE);

• 2 USB 3.0 madoko ndi thandizo la 3G/4G modem.

Chithunzi 1. Malingaliro ambiri a ZyWALL VPN1000.

Tiyenera kuzindikira nthawi yomweyo kuti chipangizocho sichiri cha ofesi ya kunyumba, makamaka chifukwa cha mafani ogwira ntchito. Pali anayi a iwo pano.

Chithunzi 2. Gulu lakumbuyo la ZyWALL VPN1000.

Tiyeni tiwone momwe mawonekedwe amawonekera.

Nthawi yomweyo ndi bwino kulabadira chinthu chofunika. Pali ntchito zambiri, ndipo sizingatheke kufotokoza mwatsatanetsatane mkati mwa ndondomeko imodzi. Koma chomwe chili chabwino pazogulitsa za Zyxel ndikuti pali zolembedwa zatsatanetsatane, choyamba, buku la ogwiritsa (woyang'anira). Chifukwa chake kuti tipeze lingaliro la kuchuluka kwa mawonekedwe, tiyeni tingoyang'ana ma tabu.

Mwachikhazikitso, doko 1 ndi doko 2 zimaperekedwa kwa WAN. Kuyambira pa doko lachitatu, pali zolumikizira za netiweki yakomweko.

Doko lachitatu lokhala ndi IP 3 losakhazikika ndiloyenera kulumikizana.

Timagwirizanitsa chingwe cha chigamba, pitani ku adilesi https://192.168.1.1 ndipo mutha kuwona zenera lolembetsa la ogwiritsa ntchito pa intaneti.

ndemanga. Kuwongolera, mutha kugwiritsa ntchito SD-WAN cloud management system.

Chithunzi 3. Mawindo olowera ndi achinsinsi

Timadutsa njira yolowera malowedwe ndi mawu achinsinsi ndikupeza zenera la Dashboard pazenera. Kwenikweni, monga momwe ziyenera kukhalira Dashboard - zambiri zogwirira ntchito pachidutswa chilichonse chazithunzi.

Chithunzi 4. ZyWALL VPN1000 - Dashboard.

Quick Setup Tab (Mfiti)

Pali othandizira awiri pamawonekedwe: pakukonza WAN ndikusintha VPN. M'malo mwake, othandizira ndi chinthu chabwino, amakulolani kuti mupange ma templates popanda kukhala ndi chidziwitso ndi chipangizocho. Chabwino, kwa iwo omwe akufuna zambiri, monga tafotokozera pamwambapa, pali zolembedwa zatsatanetsatane.

Chithunzi 5. Tsamba la Kukonzekera Mwamsanga.

Monitoring tabu

Mwachiwonekere, akatswiri ochokera ku Zyxel adasankha kutsatira mfundoyi: timayang'anira zonse zomwe zingatheke. Inde, kwa chipangizo chomwe chimagwira ntchito ngati node yapakati, kulamulira kwathunthu sikupweteka konse.

Ngakhale kungokulitsa zinthu zonse zomwe zili pamzere wam'mbali, kuchuluka kwa zosankha kumawonekera.

Chithunzi 6. Tabu yowunikira yokhala ndi tinthu tating'onoting'ono.

Kusintha tabu

Apa, kuchuluka kwa zinthu kumawonekera kwambiri.

Mwachitsanzo, kasamalidwe ka doko la chipangizocho adapangidwa mwabwino kwambiri.

Chithunzi 7. Tabu yokonzekera yokhala ndi zinthu zazing'ono zowonjezera.

Tabu yosamalira

Lili ndi magawo osinthira firmware, diagnostics, kuwona malamulo amayendedwe, ndi kutseka.

Ntchitozi ndizothandiza ndipo zimapezeka mwanjira ina pafupifupi pafupifupi chipangizo chilichonse chamaneti.

Chithunzi 8. Tabu yosamalira ndi zinthu zazing'ono zowonjezera.

Makhalidwe oyerekeza

Ndemanga yathu ingakhale yosakwanira popanda kuyerekeza ndi ma analogi ena.

Pansipa pali tebulo la zofananira zapafupi kwambiri ndi ZyWALL VPN1000 ndi mndandanda wazinthu zofananira.

Table 1. Kuyerekeza kwa ZyWALL VPN1000 ndi ma analogi.

Kufotokozera kwa tebulo 1:

*1: Chilolezo chikufunika

* 2: Low Touch Provision: Woyang'anira ayenera kukonza kachipangizo kwanuko pamaso pa ZTP.

* 3: Gawo lokhazikika: DPS idzagwira ntchito ku gawo latsopano; sichidzakhudza gawo lapano.

Monga mukuwonera, ma analogi akukumana ndi ngwazi yakuwunika kwathu mwanjira zina, mwachitsanzo, Fortinet FG-100E ilinso ndi kukhathamiritsa kwa WAN, ndipo Meraki MX100 ili ndi AutoVPN yomangidwa (malo-to-site) ntchito, koma kawirikawiri, ZyWALL VPN1000 mosakayikira ili patsogolo.

Malangizo pakusankha zida zapakati (osati Zyxel chabe)

Posankha zida zokonzekera node yapakati pamaneti ambiri okhala ndi nthambi zambiri, munthu ayenera kuyang'ana pazigawo zingapo: luso laukadaulo, kuwongolera kosavuta, chitetezo ndi kulolerana kolakwa.

Ntchito zosiyanasiyana, madoko ambiri akuthupi okhala ndi kuthekera kosinthika kosinthika: WAN, LAN, DMZ ndi kukhalapo kwa zinthu zina zabwino, monga wowongolera malo olowera, amakulolani kutseka ntchito zambiri nthawi imodzi.

Udindo wofunikira umasewera ndi kupezeka kwa zolemba komanso mawonekedwe owongolera osavuta.

Ndi zinthu zooneka ngati zosavuta zomwe zili pafupi, sikovuta kupanga zida zapaintaneti zomwe zimagwira malo ndi malo osiyanasiyana, komanso kugwiritsa ntchito mtambo wa SD-WAN kumakupatsani mwayi wochita izi momasuka komanso motetezeka momwe mungathere.

maulalo othandiza

Kuwunika kwa msika wa SD-WAN: mayankho omwe alipo komanso omwe amawafuna

Zyxel Chipangizo HA Pro imathandizira kulimba kwa netiweki

Kugwiritsa Ntchito Ntchito ya GeoIP mu ATP/VPN/Zywall/USG Series Security Gateways

Ndi chiyani chomwe chidzasiyidwe mu chipinda cha seva?

Awiri mwa m'modzi, kapena kusamutsa woyang'anira malo olowera pachipata

Telegraph kucheza Zyxel kwa akatswiri

Source: www.habr.com