ProHoster > Blog > Utongi > 2. NGFW yemabhizinesi madiki. Unboxing uye Setup

2. NGFW yemabhizinesi madiki. Unboxing uye Setup

2. NGFW yemabhizinesi madiki. Unboxing uye Setup

Isu tinoenderera mberi nenhevedzano yezvinyorwa zvekushanda neiyo itsva SMB CheckPoint modhi renji, ngatikuyeuchidzei kuti mukati kutanga chikamu isu takatsanangura maitiro uye kugona kwemamodhi matsva, manejimendi uye nzira dzekutonga. Nhasi tichatarisa mamiriro ekutumirwa kweiyo yekare modhi munhevedzano: CheckPoint 1590 NGFW. Heino pfupiso yechikamu ichi:

  1. Kusunungura michina (tsanangudzo yezvikamu, zvemuviri uye network yekubatanidza).
  2. Yekutanga mudziyo kutanga.
  3. Kutanga setup.
  4. Performance assessment.

Kuburitsa Midziyo

Kuziva midziyo kunotanga nekubvisa midziyo mubhokisi, kupatsanura zvinhu uye kuisa zvikamu; tinya pane spoiler, uko maitiro acho anoratidzwa muchidimbu.

Kuendeswa kweNGFW 1590
2. NGFW yemabhizinesi madiki. Unboxing uye Setup

Muchidimbu nezve ma components:

  • NGFW 1590;
  • Power adapter;
  • 2 Wifi Antennas (2.4 Hz uye 5 Hz);
  • 2 LTE antennas;
  • Mabhuku ane zvinyorwa (gwara pfupi rekutanga kubatana, chibvumirano cherezinesi, nezvimwewo)

Kana ari network ports uye mainterfaces, kune ese emazuva ano ekufambisa uye kupindirana, chiteshi chakasiyana cheDMZ zone, USB 3.0 yekuwiriranisa nePC.

2. NGFW yemabhizinesi madiki. Unboxing uye Setup

Shanduro 1590 yakagamuchira dhizaini yakagadziridzwa, sarudzo dzemazuva ano dzekutaurirana dzisina waya uye kuwedzera ndangariro: 2 slots yekushanda neMicro/Nano SIM muLTE mode. (isu tinoronga kunyora nezve iyi sarudzo zvakadzama mune chimwe chezvinyorwa zvedu zvinotevera munhevedzano yakatsaurirwa kune isina waya yekubatanidza); SD kadhi slot.

Unogona kuverenga zvakawanda nezve kugona kwe1590 NGFW uye mamwe mamodheru matsva mukati 1 parts kubva munhevedzano yezvinyorwa nezve CheckPoint SMB mhinduro. Tichaenderera mberi nekutanga kwekutanga kwechigadzirwa.

Primary initialization

Vaverengi vedu venguva dzose vachatoziva kuti iyo 1500 Series SMB mutsara inoshandisa iyo itsva 80.20 Embedded OS, iyo inosanganisira yakagadziridzwa interface uye yakagadziridzwa kugona.

Kuti utange kutanga mudziyo unofanirwa:

  1. Ipa simba kugedhi.
  2. Batanidza tambo yetiweki kubva paPC yako kuenda kuLAN -1 pagedhi.
  3. Sarudzo, iwe unogona pakarepo kupa mudziyo neInternet kuwana nekubatanidza iyo interface kune WAN port.
  4. Enda kuGaia Embedded portal: https://192.168.1.1:4434/

Kana iwe wakatevera matanho ambotaurwa, saka mushure mekuenda kuGaia portal peji, iwe uchafanirwa kusimbisa kuvhura peji nechitupa chisina kuvimbwa, mushure meiyo portal marongero wizard ichavhura:

2. NGFW yemabhizinesi madiki. Unboxing uye Setup

Iwe unozokwaziswa nepeji inoratidza modhi yechishandiso chako, unofanirwa kuenda kune chikamu chinotevera:

2. NGFW yemabhizinesi madiki. Unboxing uye Setup

Isu tichakumbirwa kugadzira account yekubvumidzwa, zvinokwanisika kutsanangura yakakwira password zvinodiwa kune maneja, uye isu tinoratidza nyika kwatichashandisa gedhi.

2. NGFW yemabhizinesi madiki. Unboxing uye Setup

Iro hwindo rinotevera rine chekuita nezvemazuva uye nguva marongero; iwe unogona kuseta nemaoko kana kushandisa iyo kambani NTP server.

2. NGFW yemabhizinesi madiki. Unboxing uye Setup

Nhanho inotevera inosanganisira kuseta zita rechishandiso uye kutsanangura dura rekambani kuitira kuti masevhisi egedhi ashande nemazvo paInternet.

2. NGFW yemabhizinesi madiki. Unboxing uye Setup

Nhanho inotevera ine chekuita nekusarudzwa kweNGFW control type, pano panofanira kucherechedzwa:

  1. Local Management. Iyi isarudzo iripo yekubata gedhi munharaunda uchishandisa iyo Gaia Portal peji rewebhu.
  2. Central Management. Iri rudzi rwemanejimendi runosanganisira kuwiriranisa neyakatsaurirwa CheckPoint Management server, kuwiriranisa neiyo Smart1-Cloud gore kana neSMP (management sevhisi yeSMB).

Muchinyorwa chino, isu tichatarisa pane iyo Local Management nzira; unogona kutsanangura nzira inodiwa. Kuti uzvizive nemaitiro ekuwiriranisa neakazvitsaurira Management Server, isu tinokurudzira ссылка kubva kuCheckPoint Getting Started training series yakagadzirirwa neTS Solution.

2. NGFW yemabhizinesi madiki. Unboxing uye Setup

Tevere, hwindo rinozoratidzwa rinotsanangura maitiro ekushandisa eiyo interfaces pagedhi:

  • Shandura modhi inoreva kuwanikwa kwe subnet kubva kune imwe interface kuenda kune subnet yeimwe interface.
  • Iyo Diable Shandura modhi inoenderana inodzima iyo Shandura modhi; imwe neimwe nzira yechiteshi traffic senge yakaparadzana network chimedu.

Inokurudzirwawo kutsanangura dziva reDHCP kero iyo ichashandiswa kana ichibatanidza kune yemuno interfaces yegedhi.

2. NGFW yemabhizinesi madiki. Unboxing uye Setup

Nhanho inotevera ndeyekugadzirisa gedhi rekushanda mune isina waya modhi; isu tinoronga kukurukura chikamu ichi zvakadzama mune chimwe chinyorwa munhevedzano, saka isu takamisikidza kumisikidzwa kwezvirongwa. Iwe unogona kugadzira nyowani isina waya yekupinda nzvimbo, isa password yekubatanidza nayo uye woona maitiro ekushandisa eiyo isina waya chiteshi (2.4 Hz kana 5 Hz).

2. NGFW yemabhizinesi madiki. Unboxing uye Setup

Nhanho inotevera ichave yekugadzirisa kupinda kune gedhi revatungamiriri vekambani. Nekutadza, kodzero dzekuwana dzinobvumidzwa kana kubatana kuchibva:

  1. Internal kambani subnet
  2. Yakavimbika isina waya network
  3. VPN mugero

Sarudzo yekubatanidza kune gedhi kuburikidza neInternet yakavharwa nekusagadzika, izvi zvinotakura njodzi huru uye zvinofanirwa kururamiswa kuti zvibatanidzwe, zvikasadaro zvinokurudzirwa kuisiya semumuenzaniso wedu.Zvinogoneka zvakare kutsanangura kuti ndeipi kero yeIP ichabvumidzwa. kuti abatanidze kugedhi.

2. NGFW yemabhizinesi madiki. Unboxing uye Setup

Iwindo rinotevera rine chekuita nekuvhurwa kwemarezinesi; pakutanga kwechishandiso, iwe uchaunzwa nemazuva makumi matatu ekuyedzwa. Pane nzira mbiri dziripo activation:

  1. Kana paine chinongedzo cheInternet, rezinesi rinoitwa otomatiki.
  2. Kana iwe ukamisa rezinesi kunze kwenyika, unofanirwa kuita zvinotevera: dhawunirodha rezinesi kubva kuMushandisiCenter, nyoresa mudziyo wako pane yakakosha iyo portal. Tevere, kune ese ari maviri kesi, iwe unozofanirwa kuendesa kunze rezinesi rakatorwa nemaoko.

2. NGFW yemabhizinesi madiki. Unboxing uye Setup

Chekupedzisira, hwindo rekupedzisira mune zvigadziriso wizard rinokukurudzira kuti usarudze mablades kuti abatidzwe; cherechedza kuti QOS blade inovhurwa chete mushure mekutanga kutanga. Iwe unofanirwa kupedzisira uine hwindo rekupedzisa iro rinopfupisa marongero ako.

Kutanga setup

Chekutanga pane zvese, isu tinokurudzira kutarisa mamiriro emarezinesi; imwezve gadziriso ichaenderana neizvi. Enda kune "MUMBA" β†’ "Rezinesi" tebhu:

2. NGFW yemabhizinesi madiki. Unboxing uye Setup

Kana marezinesi akavhurwa, isu tinokurudzira nekukurumidza kugadziridza kune yazvino firmware firmware; kuti uite izvi, enda ku "DEVICE" β†’ "System Operations" tab:

2. NGFW yemabhizinesi madiki. Unboxing uye Setup

Zvigadziriso zveSisitimu zviri muFirmware Upgrade chinhu. Muchiitiko chedu, ikozvino uye yazvino firmware version yakaiswa.

Tevere, ini ndinokurudzira kutaura muchidimbu nezve kugona uye marongero eiyo system blades. Zvine musoro, vanogona kukamurwa kuita Access (Firewall, Application Control, URL Filtering) uye Threat Prevention (IPS, Antivirus, Anti-Bot, Threat Emulation) nhanho mitemo.

Ngatiendei kuAccess Policy β†’ Blade Control tab:

2. NGFW yemabhizinesi madiki. Unboxing uye Setup

Nekutadza, iyo STANDARD modhi inoshandiswa, inobvumira inobuda traffic kuInternet, traffic mukati metiweki yenzvimbo, asi panguva imwechete inovharira iyo inouya traffic kubva kuInternet.

Kana ari maAPPLICATIONS & URL FILTERING blades, nekusarudzika ivo vakagadzirirwa kuvharira mawebhusaiti ane huwandu hwengozi, block exchange application (Torrent, File Storage, nezvimwewo). Iwe unogona zvakare kuvhara mapoka emasaiti nemaoko.

Ngatitarisei sarudzo yemushandisi traffic "Limit bandwidth inodya maapplication" nekugona kudzikamisa kumhanya kweinobuda / inouya traffic yemapoka ezvishandiso.

Tevere, vhura chikamu chePolisi; nekukasira, iyo mitemo inogadzirwa otomatiki zvinoenderana neyakatsanangurwa marongero.

Chikamu cheNAT nekusarudzika chinoshanda muGlobal Hide Nat otomatiki, kureva vese vari mukati vachawana mukana weInternet kuburikidza neruzhinji IP kero. Zvinogoneka kuseta nemaoko mitemo yeNAT yekutsikisa mawebhusaiti ako kana masevhisi.

2. NGFW yemabhizinesi madiki. Unboxing uye Setup

Tevere, chikamu chine chekuita Nekusimbisa Kwemushandisi panetiweki chinopa sarudzo mbiri: Active Directory Queries (kubatanidzwa neAD yako), Browser-Yakavakirwa-Kusimbisa (mushandisi anopinda domain magwaro mune portal).

2. NGFW yemabhizinesi madiki. Unboxing uye Setup

Zvakakodzera kutaura SSL yekuongorora zvakasiyana; iyo mugove weiyo yakazara HTTPS traffic paGlobal Network iri kushingaira kukura. Ngatitarisei kuti ndeapi maficha anopihwa neCheckPoint kune SMB mhinduro. Kuti uite izvi, enda kune SSL-Inspection β†’ Policy chikamu:

2. NGFW yemabhizinesi madiki. Unboxing uye Setup

Mune zvigadziriso iwe unogona kuongorora HTTPS traffic; iwe unozofanirwa kuendesa kunze chitupa uye kuchiisa munzvimbo yakavimbika chitupa pamichina yemushandisi.

Isu tinoona iyo BYPASS modhi yeakafanotsanangurwa senge sarudzo iri nyore; izvi zvakanyanya kuchengetedza nguva kana uchigonesa kuongorora.

Mushure mekuisa mitemo paFirewall / Application level, unofanira kuenderera mberi nekugadzirisa mitemo yekuchengetedza (Threat Prevention), kuti uite izvi, enda kune chikamu chakakodzera:

2. NGFW yemabhizinesi madiki. Unboxing uye Setup

Pa peji rakavhurika tinoona mablades akagoneswa, siginecha uye dhatabhesi yekuvandudza mamiriro. Isu tinokumbirwawo kuti tisarudze chimiro chekuchengetedza network perimeter, uye inoenderana marongero anoratidzwa.

Chikamu chakasiyana "IPS Dziviriro" inokutendera iwe kuti ugadzirise chiitiko cheyakasarudzika chengetedzo siginicha.

2. NGFW yemabhizinesi madiki. Unboxing uye Setup

Nguva pfupi yapfuura takanyora pa blog yedu pamusoro pekusagadzikana kwepasi rose yeWindows Server - SigRed. Ngatitarisei kuvepo kwayo muGaia Embedded 80.20 nekupinda mubvunzo "CVE-2020-1350"

2. NGFW yemabhizinesi madiki. Unboxing uye Setup

Rekodhi yaonekwa yeiyi siginicha iyo imwe yezviito inogona kushandiswa. (nedefault Dziviriro yezinga rengozi ndiyo Yakakosha). Saizvozvo, uine mhinduro yeSMB, hausi kuzosiiwa kunze maererano nekuvandudzwa uye rutsigiro; iyi izere NGFW mhinduro kumahofisi emapazi anosvika mazana maviri evanhu kubva kuCheckPoint.

Performance assessment

Kupedzisa chinyorwa, ndinoda kuona kuwanikwa kwezvishandiso zvekugadzirisa matambudziko mushure mekutanga kutanga uye kugadzirisa kweSMB mhinduro. Iwe unogona kuenda kune "MUMBA" β†’ "Zvishandiso" chikamu. Zvimwe zvingasarudzwa:

  • kuongorora system zviwanikwa;
  • routing table;
  • kutarisa kuwanikwa kweCheckPoint cloud services;
  • CPinfo generation;

Yakavakirwa-mukati network mirairo iripo zvakare: Ping, Traceroute, Traffic Capture.

2. NGFW yemabhizinesi madiki. Unboxing uye Setup

Saka, nhasi takaongorora nekudzidza kubatanidza kwekutanga nekugadzirisa kweNGFW 1590, iwe uchaita zviito zvakafanana kune yose 1500 SMB Checkpoint series. Sarudzo dziripo dzakatiratidza kusiyanisa kwakanyanya kwezvirongwa, tsigiro yenzira dzemazuva ano dzekudzivirira traffic pane network perimeter.

Nhasi, CheckPoint mhinduro dzekuchengetedza mahofisi madiki nemapazi (kusvika ku200 vanhu) vane maturusi akawanda uye vanoshandisa tekinoroji yazvino (cloud management, SIM card support, memory kuwedzera uchishandisa SD cards, etc.). Ramba uchigara uchiziva uye uverenge zvinyorwa kubva kuTS Solution, tiri kuronga kumwe kuburitswa kwezvikamu nezve NGFW CheckPoint yemhuri yeSMB, toona iwe!

Yakakura kusarudzwa kwezvinhu paCheck Point kubva kuTS Solution. Ramba wakatarisa (teregiramu, Facebook, VK, TS Solution Blog, Yandex Zen).

Source: www.habr.com

Voeg