Kugamuchirwa kuchidzidzo chechipiri chekosi . Nhasi tichataura nezve mashandiro e administrative domains pa , isu tichakurukurawo maitiro ekugadzirisa matanda - kunzwisisa misimboti yekushanda kwemaitiro aya kwakakosha kune ekutanga marongero. . Uye mushure meizvozvo isu tichakurukura marongero atichashandisa panguva yekosi, pamwe nekuita yekutanga gadziriso . Chikamu che theoretical, pamwe nekurekodha kwakazara kwechidzidzo chevhidhiyo, chiri pasi pekuchekwa.
Chekutanga, ngatitaure nezve administrative domains zvakare. Pane zvinhu zvishoma zvaunofanira kuziva nezvazvo usati watanga kuzvishandisa:
- Iko kugona kugadzira administrative domains inogoneswa uye yakadzimwa nechepakati.
- Yakasiyana yekutonga domain inodiwa kunyoresa chero zvishandiso kunze kweFortiGate. Ndokunge, kana iwe uchida kunyoresa akawanda FortiMail zvishandiso pane mudziyo, iwe unoda yakaparadzana yekutonga domain kuti uite kudaro. Asi izvi hazvipokane chokwadi chekuti kuti zvive nyore kuunganidza FortiGate zvishandiso, unogona kugadzira akasiyana manejimendi ekutonga.
- Huwandu hwehuwandu hwematunhu ekutonga anotsigirwa zvinoenderana neFortiAnalyzer unit modhi.
- Kana uchigonesa kugona kugadzira administrative domains, iwe unofanirwa kusarudza yavo yekushandisa mode - Yakajairika kana Yepamberi. MuNormal mode, haugone kuwedzera akasiyana madomasi (kana neimwe nzira maVDOM) eiyo FortiGate yakafanana kune akasiyana ekutonga madomasi eFortiAnalyzer mudziyo. Izvi zvinogoneka mune Advanced mode. Yepamberi modhi inobvumidza iwe kugadzirisa data kubva kwakasiyana siyana madomasi uye kugamuchira akasiyana mishumo pazviri. Kana iwe wakanganwa kuti ndeapi chaiwo madomasi, tarisa , inotsanangurwa imomo muudzame hwakati.
Tichatarisa kugadzira madomasi ekutonga uye kugovera ndangariro pakati pawo pave paya sechikamu chechikamu chinoshanda chechidzidzo.
Zvino ngatitaure nezve mashini yekurekodha uye kugadzirisa matanda anouya kuFortiAnalyzer.
Marogi anogamuchirwa neFortiAnalyzer anomanikidzwa uye anochengetwa mufaira regi. Kana iyi faira yasvika pane imwe saizi, inonyorwa uye inochengetwa mudura. Matanda akadaro anonzi archive. Iwo anoonekwa seasina matanda nekuti haagone kuongororwa munguva chaiyo. Iwo anowanikwa kuti atariswe chete mumhando yakasvibirira. Iyo dhizaini yekuchengetera data mudura rekutonga inotara kuti matanda akadaro achachengetwa kwenguva yakareba sei mundangariro yemudziyo.
Panguva imwecheteyo, matanda anonyorwa muSQL database. Aya matanda anoshandiswa kuongorora data uchishandisa Log View, FortiView uye Mishumo nzira. Iyo dhizaini yekuchengetera dhata munharaunda yekutonga inotarisa kuti matanda akadaro achachengetwa kwenguva yakareba sei mundangariro yemudziyo. Mushure mekunge matanda aya adzimwa kubva mundangariro yemudziyo, anogona kuramba ari muchimiro chezvinyorwa zvakachengetwa, asi izvi zvinoenderana nemutemo wekuchengetedza data mudura rekutonga.
Kuti tinzwisise marongero ekutanga, ruzivo urwu rwakatikwanira isu. Zvino ngatikurukurei marongerwo edu:
Pairi unoona zvishandiso zvitanhatu - FortiGate, FortiMail, FortiAnalyzer, mutongi wedunhu, komputa yemushandisi wekunze uye komputa yemushandisi wemukati. FortiGate neFortiMail inodiwa kugadzira matanda emhando dzakasiyana siyana dzeFortinet kuitira kushandisa muenzaniso kufunga nezvekushanda neakasiyana matunhu ekutonga. Vashandisi vemukati nevekunze, pamwe chete nedare rekutonga vanodiwa kugadzira traffic dzakasiyana. Windows yakaiswa pakombuta yemushandisi wemukati, uye Kali Linux yakaiswa pakombuta yemushandisi wekunze.
Mumuenzaniso uyu, FortiMail inoshanda muServer modhi, zvichireva kuti iri rakaparadzana mail server kuburikidza nemukati nekunze vashandisi vanogona kuchinjana mameseji eemail. Inodiwa marongero senge MX marekodhi anogadziriswa pane domain controller. Kune wekunze mushandisi, iyo DNS server ndiyo yemukati domain controller - izvi zvinoitwa uchishandisa port forwarding (kana imwe Virtual IP tekinoroji) paFortiGate.
Aya marongero haana kufukidzwa panguva yechidzidzo nekuti haaenderane nemusoro wekosi. Kuendesa uye yekutanga kumisikidzwa kweiyo FortiAnalyzer unit ichavharwa. Izvo zvikamu zvakasara zvekugadzirisa ikozvino zvakagadzirirwa kare.
Izvo zvinodiwa sisitimu yezvishandiso zvakasiyana zvinoratidzwa pazasi. Kwandiri, iyi dhizaini inoshanda pamushini wakafanogadzirirwa muVMWare Workstation virtual nharaunda. Hunhu hwemuchina uyu hwakanyorwawo pazasi.
Device
RAM GB
vCPU
HDD, GB
Domain controller
6
3
40
Mushandisi wemukati
4
2
32
Mushandisi wekunze
2
2
8
FortiGate
2
2
30
FortiAnalyzer
8
4
80
FortiMail
2
4
50
Layout muchina
28
19
280
Izvo zvinodikanwa zvehurongwa zvakanyorwa mutafura iyi zvidiki; mune chaiyo-yepasirese mamiriro, zvimwe zviwanikwa zvinowanzodiwa. Ruzivo rwekuwedzera nezvezvinodiwa system inogona kuwanikwa pa .
Vhidhiyo yekudzidzisa inopa iyo theoretical zvinhu zvakakurukurwa pamusoro, pamwe nechikamu chinoshanda - nekutanga kumisikidzwa kweFortiAnalyzer mudziyo. Nakidzwa nekuona!
Muchidzidzo chinotevera tichatarisa zvakadzama pamativi ekushanda nematanda. Kuti urege kuipotsa, nyorera kune yedu .
Iwe unogona zvakare kutevedzera zvigadziriso pane zvinotevera zviwanikwa:
Source: www.habr.com