Pulogalamu ya ProHoster > Blog > Ulamuliro > Ntchito yakutali kapena kuwunika kwa VPN mu Sophos XG Firewall

Ntchito yakutali kapena kuwunika kwa VPN mu Sophos XG Firewall

Ntchito yakutali kapena kuwunika kwa VPN mu Sophos XG Firewall

Moni nonse! Nkhaniyi iwonanso magwiridwe antchito a VPN pamtundu wa Sophos XG Firewall. M'mbuyomu nkhani Tidayang'ana momwe tingapezere yankho lachitetezo chapaintaneti iyi kwaulere ndi chilolezo chathunthu. Lero tikambirana za magwiridwe antchito a VPN omwe amapangidwa mu Sophos XG. Ndiyesera kukuuzani zomwe mankhwalawa angachite, ndikuperekanso zitsanzo za kukhazikitsa IPSec Site-to-Site VPN ndi SSL VPN yachizolowezi. Ndiye tiyeni tiyambe ndi ndemanga.

Choyamba, tiyeni tiwone tebulo lachilolezo:

Ntchito yakutali kapena kuwunika kwa VPN mu Sophos XG Firewall

Mutha kuwerenga zambiri zamomwe Sophos XG Firewall ali ndi chilolezo Pano:
kugwirizana
Koma m'nkhaniyi tidzakhala ndi chidwi ndi zinthu zokhazo zomwe zasonyezedwa mofiira.

Ntchito yayikulu ya VPN ikuphatikizidwa mu layisensi yoyambira ndipo imagulidwa kamodzi kokha. Ichi ndi chiphaso cha moyo wonse ndipo sichifuna kukonzanso. Base VPN Options module ikuphatikiza:

Tsamba ndi Malo:

  • SSL VPN
  • IPSec VPN

Kufikira Kutali (VPN kasitomala):

  • SSL VPN
  • IPsec Clientless VPN (yokhala ndi pulogalamu yaulere)
  • L2TP
  • PPTP

Monga mukuwonera, ma protocol onse otchuka ndi mitundu yolumikizirana ya VPN imathandizidwa.

Komanso, Sophos XG Firewall ili ndi mitundu ina iwiri yolumikizira VPN yomwe siyikuphatikizidwa pakulembetsa koyambira. Izi ndi RED VPN ndi HTML5 VPN. Malumikizidwe a VPN awa akuphatikizidwa muzolembetsa za Network Protection, zomwe zikutanthauza kuti kuti mugwiritse ntchito mitundu iyi muyenera kukhala ndi zolembetsa zogwira ntchito, zomwe zimaphatikizanso ntchito zoteteza maukonde - ma module a IPS ndi ATP.

RED VPN ndi eni ake a L2 VPN kuchokera ku Sophos. Mtundu uwu wa kulumikizana kwa VPN uli ndi maubwino angapo pa Site-to-site SSL kapena IPSec pokhazikitsa VPN pakati pa ma XG awiri. Mosiyana ndi IPSec, msewu wa RED umapanga mawonekedwe owoneka bwino pamapeto onse a ngalandeyo, zomwe zimathandiza kuthana ndi mavuto, ndipo mosiyana ndi SSL, mawonekedwe awa ndi osinthika kwathunthu. Woyang'anira ali ndi ulamuliro wonse pa subnet mkati mwa ngalande ya RED, zomwe zimapangitsa kuti zikhale zosavuta kuthetsa mavuto amayendedwe ndi mikangano ya subnet.

HTML5 VPN kapena Clientless VPN - Mtundu wina wa VPN womwe umakupatsani mwayi wotumizira mautumiki kudzera pa HTML5 mwachindunji pasakatuli. Mitundu ya ntchito zomwe zitha kukhazikitsidwa:

  • RDP
  • Telnet
  • SSH
  • VNC
  • FTP
  • FTPS
  • SFTP
  • SMB

Koma m'pofunika kuganizira kuti mtundu uwu wa VPN umagwiritsidwa ntchito pazochitika zapadera ndipo ndikulimbikitsidwa, ngati n'kotheka, kugwiritsa ntchito mitundu ya VPN kuchokera pamndandanda womwe uli pamwambapa.

Yesetsani

Tiyeni tiwone momwe tingakhazikitsire njira zingapo zamitundu iyi, zomwe ndi: Site-to-Site IPSec ndi SSL VPN Remote Access.

Site-to-Site IPSec VPN

Tiyeni tiyambe ndi momwe tingakhazikitsire njira ya Site-to-Site IPSec VPN pakati pa ma Firewall awiri a Sophos XG. Pansi pa hood imagwiritsa ntchito Swan yolimba, yomwe imakupatsani mwayi wolumikizana ndi rauta iliyonse yothandizidwa ndi IPSec.

Mutha kugwiritsa ntchito wizard yabwino komanso yofulumira, koma tidzatsata njira yonse kuti, motengera malangizowa, mutha kuphatikiza Sophos XG ndi zida zilizonse pogwiritsa ntchito IPSec.

Tiyeni titsegule zenera lokhazikitsira mfundo:

Ntchito yakutali kapena kuwunika kwa VPN mu Sophos XG Firewall

Monga tikuwonera, pali zoikika kale, koma tipanga zathu.

Ntchito yakutali kapena kuwunika kwa VPN mu Sophos XG Firewall

Ntchito yakutali kapena kuwunika kwa VPN mu Sophos XG Firewall

Tiyeni tikonze magawo obisala gawo loyamba ndi lachiwiri ndikusunga ndondomeko. Mwa fanizo, timachita zomwezo pa Sophos XG yachiwiri ndikupita patsogolo ndikukhazikitsa njira ya IPSec yokha.

Ntchito yakutali kapena kuwunika kwa VPN mu Sophos XG Firewall

Lowetsani dzina, mawonekedwe ogwiritsira ntchito ndikusintha magawo a encryption. Mwachitsanzo, tidzagwiritsa ntchito Preshared Key

Ntchito yakutali kapena kuwunika kwa VPN mu Sophos XG Firewall

ndikuwonetsa ma subnet apafupi ndi akutali.

Ntchito yakutali kapena kuwunika kwa VPN mu Sophos XG Firewall

Kulumikizana kwathu kwapangidwa

Ntchito yakutali kapena kuwunika kwa VPN mu Sophos XG Firewall

Mwa fanizo, timapanga makonda omwewo pa Sophos XG yachiwiri, kupatula njira yogwiritsira ntchito, pamenepo tidzakhazikitsa Yambitsani kulumikizana.

Ntchito yakutali kapena kuwunika kwa VPN mu Sophos XG Firewall

Tsopano tili ndi tunnel ziwiri zokonzedwa. Kenako, tiyenera kuwayambitsa ndi kuwayendetsa. Izi zachitika mophweka kwambiri, muyenera dinani bwalo lofiira pansi pa mawu Ogwira ntchito kuti mutsegule ndi pa bwalo lofiira pansi pa Connection kuti muyambe kugwirizana.
Ngati tiwona chithunzi ichi:

Ntchito yakutali kapena kuwunika kwa VPN mu Sophos XG Firewall
Izi zikutanthauza kuti ngalande yathu ikugwira ntchito moyenera. Ngati chizindikiro chachiwiri ndi chofiira kapena chachikasu, ndiye kuti china chake sichinakonzedwe bwino mu ndondomeko zolembera kapena ma subnets am'deralo ndi akutali. Ndikoyenera kukumbukira kuti zosintha ziyenera kusinthidwa.

Payokha, ndikufuna kuwunikira kuti mutha kupanga magulu a Failover kuchokera kumachubu a IPSec kuti mulole zolakwika:

Ntchito yakutali kapena kuwunika kwa VPN mu Sophos XG Firewall

Remote Access SSL VPN

Tiyeni tipitirire ku Remote Access SSL VPN kwa ogwiritsa ntchito. Pansi pa hood pali OpenVPN yokhazikika. Izi zimalola ogwiritsa ntchito kulumikiza kudzera mwa kasitomala aliyense yemwe amathandizira mafayilo osintha a .ovpn (mwachitsanzo, kasitomala wolumikizana wokhazikika).

Choyamba, muyenera kukonza ndondomeko za seva ya OpenVPN:

Ntchito yakutali kapena kuwunika kwa VPN mu Sophos XG Firewall

Tchulani zoyendera kuti zilumikizidwe, sinthani doko, ma adilesi osiyanasiyana a IP olumikiza ogwiritsa ntchito akutali

Ntchito yakutali kapena kuwunika kwa VPN mu Sophos XG Firewall

Mukhozanso kutchula zokonda za encryption.

Pambuyo kukhazikitsa seva, timapitiriza kukhazikitsa malumikizano a kasitomala.

Ntchito yakutali kapena kuwunika kwa VPN mu Sophos XG Firewall

Lamulo lililonse lolumikizana ndi SSL VPN limapangidwira gulu kapena wogwiritsa ntchito payekha. Wogwiritsa ntchito aliyense akhoza kukhala ndi ndondomeko imodzi yokha yolumikizira. Malinga ndi zoikamo, chosangalatsa ndichakuti pa lamulo lililonse lotere mutha kufotokozera ogwiritsa ntchito omwe adzagwiritse ntchito izi kapena gulu kuchokera ku AD, mutha kuloleza bokosilo kuti magalimoto onse azikulungidwa mumsewu wa VPN kapena tchulani ma adilesi a IP, ma subnets kapena mayina a FQDN omwe amapezeka kwa ogwiritsa ntchito. Kutengera ndi mfundozi, mbiri ya .ovpn yokhala ndi zokonda za kasitomala idzapangidwa yokha.

Ntchito yakutali kapena kuwunika kwa VPN mu Sophos XG Firewall

Pogwiritsa ntchito portal yogwiritsira ntchito, wogwiritsa ntchito akhoza kukopera mafayilo onse a .ovpn ndi zoikamo za kasitomala wa VPN, ndi fayilo yoyika kasitomala ya VPN yokhala ndi fayilo yolumikizira yolumikizidwa.

Ntchito yakutali kapena kuwunika kwa VPN mu Sophos XG Firewall

Pomaliza

M'nkhaniyi, tidakambirana mwachidule magwiridwe antchito a VPN pamtundu wa Sophos XG Firewall. Tinayang'ana momwe mungakhazikitsire IPSec VPN ndi SSL VPN. Uwu si mndandanda wathunthu wa zomwe yankholi lingachite. M'nkhani zotsatirazi ndiyesera kubwereza RED VPN ndikuwonetsa momwe zimawonekera mu yankho lokha.

Zikomo chifukwa cha nthawi yanu.

Ngati muli ndi mafunso okhudza mtundu wamalonda wa XG Firewall, mutha kulumikizana nafe, kampaniyo Gulu la zinthu, Wogulitsa Sophos. Zomwe muyenera kuchita ndikulemba mu fomu yaulere pa [imelo ndiotetezedwa].

Source: www.habr.com

Kuwonjezera ndemanga