Kwaziwai shamwari! Uye takazosvika kune yekupedzisira, chidzidzo chekupedzisira cheCheck Point Getting Start. Nhasi tichataura nezvenyaya yakakosha zvikuru - Rezinesi. Ndinokasira kukuyambirai kuti chidzidzo ichi hachisi gwara rinoperera pakusarudza michina kana marezinesi. Iyi ingori pfupiso yemapoinzi akakosha ayo chero Check Point maneja anofanira kuziva. Kana iwe uchinetseka chaizvo nesarudzo yerezinesi kana mudziyo, saka zviri nani kutendeukira kune nyanzvi, i.e. kwatiri :). Kune akawanda misungo inonetsa kutaura nezvayo mukosi, uye haugone kuzvirangarira ipapo ipapo.
Chidzidzo chedu chinenge chakanyatso dzidziso, saka unogona kudzima maseva ako ekunyomba uye zorora. Pakupera kwechinyorwa iwe unowana vhidhiyo chidzidzo apo ini ndinotsanangura zvese zvakadzama.
Gateway Licensing
Ngatitangei netsananguro yemarezenisi maficha ekuchengetedza magedhi. Uyezve, izvi zvinoshanda kune ese ari maviri hardware uplines uye chaiwo muchina. Ngatiti iwe wafunga kutenga gedhi. Hazvibviri kungotenga chidimbu chehardware kana muchina chaiwo pasina "kunyoreswa"! Pane matatu ekunyorera sarudzo:
Uye zvino chinhu chekutanga chinonakidza! Unogona chete kutenga mudziyo kana muchina chaiwo une NGTP kana NGTX kunyoreswa. Asi kana iwe uchivandudza kunyorera kwako, unogona kutosarudza iyo NGFW package kana iwe usingade AV, AB, URL, AS, TE uye TX blades. Iyi ndiyo nguva. Kunyoreswa pachako kunogona kutengwa kwenguva yegore rimwe, maviri kana matatu.
Ndinogona kufanotaura mubvunzo wako wekutanga! βChii chinoitika kana kuzvinyoresa kukasavandudzwa?" Ini ndakanyatso simbisa mune yegirini iwo mablades anozogara achishanda, uye PASINA ekuwedzera. Izvo zvinonzi perpetual pales. Iwo asara mablades anoda kugara achigadziridzwa anongomira kushanda. Zvakanaka, pamwe iyo IPS icharamba iine masiginecha akakosha anoshanda (asi pane mashoma kwazvo). Izvi ndezvechokwadi kune ese ari maviri hardware uye chaiwo michina, i.e. vSec.
Sechinhu chakasiyana, ndakasimbisa mashizha matatu asina kubatanidzwa mune chero kiti: DLP, MAB uye Capsule.
Uyewo yeuka kuti kana ukatenga mhinduro ye cluster, zvino sarudza modhi ine suffix HA (kureva Kuwanikwa Kwepamusoro) semudziyo wechipiri. Mufananidzo unoratidza muenzaniso wegedhi 5400. Izvi zvine chekuita nemasuwo. Iye zvino manejimendi server.
Management server rezinesi
Sezvatakambotaura muzvidzidzo zvekutanga, pane mamiriro maviri ekuita Check Point: Standalone (apo ese gedhi uye manejimendi ari pamudziyo mumwe) uye Distributed (kana manejimendi server yaiswa pane yakaparadzana mudziyo). Nekudaro, sarudzo hadzipereri ipapo. Ngatitarisei matatu akajairwa mamiriro ekutumira manejimendi server:
- Kutenga yakatsaurirwa NGSM. Iyo inonyanya kufarirwa sarudzo. Sarudza ingave Smart-1 hardware kana virtual hardware. Iwe unosarudza, hongu, zvichienderana nekuti mangani magedhi aunozopa, 5, 10, 25, nezvimwe. Nekuisa mudziyo uyu, unogona kushandisa mana makiyi mablades eiyo manejimendi server: NPM (i.e. policy management), Logging and Status (kureva matanda), Smart Chiitiko (SIEM kubva Check Point, iyo inotipa zvese kushuma) uye Kuteerera (izvi ongororo yemhando yezvirongwa, kungave kwekuteedzera zvimwe zvinodikanwa zvekutonga, iyo yakafanana PCI DSS, kana kungoti Best Practice). Iwe unogona kuona pakarepo kuti NPM neLS blades mashizha asingagumi, i.e. ichashanda pasina kuvandudzwa kwekunyoreswa, asi Smart Chiitiko uye Compliance blades inosanganisirwa chete kwegore rekutanga! Zvadaro vanoda kuvandudzwa nokuda kwemari yakasiyana. Ichi chinhu chakakosha, usakanganwa. Uye kana iwe uchigona kurarama pasina blade yeCompliance, saka munhu wese anoda Smart Chiitiko.
- Kutenga yakatsaurirwa Chiitiko Management server MUMWE CHETE kune iripo NGSM manejimendi server. Nei izvi zvichidiwa? Icho chokwadi ndechekuti basa rekucheka matanda uye kunyanya Smart Chiitiko "inodya kure" yakanyatso hunhu system zviwanikwa. Uye kana paine matanda akawanda, saka izvi zvinogona kutungamirira ku "mabhureki" pane control server. Naizvozvo, inowanzoitwa kufambisa basa iri kune rakasiyana mudziyo, Smart-1 Hardware kana, zvakare, muchina chaiwo. Kubatanidzwa kwakakura nehuwandu hukuru hwematanda anenge anogara achida sevha yakatsaurirwa yeSmart Chiitiko. Inogonawo kugamuchira matanda. Nenzira iyi yako manejimendi server inongoita manejimendi mabasa. Izvi zvinovandudza zvakanyanya kugadzikana kwehurongwa uye kupindura. Sezvauri kuona, kana iwe uchitenga yakatsaurirwa Smart Chiitiko server, iwe unowana aya maviri mablades ekushandiswa zvachose, kunyangwe pasina kuvandudzwa. Pamusoro pemakore 3-4, izvi zvichatonyanya kudhura kupfuura kutenga Smart Chiitiko chekuwedzera kune yenguva dzose NGSM server gore rega.
- Dedicated Log management server, iyo inouya mukuwedzera kune NGSM uye Smart Chiitiko maseva. Ndinofunga kuti zvinoreva zvakajeka. Kana paine VERY yakakura nhamba yematanda, tinogona kufambisa basa rekucheka kune imwe sevha. Iyo yakatsaurirwa Log server zvakare ine rezinesi rekusingaperi uye haidi kuvandudzwa.
Vhidhiyo chidzidzo
Tsvaga rumwe ruzivo nezve manejimendi manejimendi uye Tarisa Point technical rutsigiro pano:
Source: www.habr.com