ProHoster > Blog > Utongi > Spider yedandemutande kana yepakati node ye network yakagoverwa

Spider yedandemutande kana yepakati node ye network yakagoverwa

Spider yedandemutande kana yepakati node ye network yakagoverwa
Chii chekutarisa kana uchisarudza VPN router yetiweki yakagoverwa? Uye ndeapi mabasa ainofanira kuva nawo? Izvi ndizvo izvo ZyWALL VPN1000 yedu ongororo yakatsaurirwa.

Nhanganyaya

Pakutanga, akawanda ezvinyorwa zvedu zvakatsaurirwa kune yakaderera-yekupedzisira VPN zvishandiso zvetiweki yekuwana kubva kunzvimbo dzepamhepo. Somuenzaniso, kubatanidza mapazi akasiyana-siyana nedzimbahwe, kuwana kune Network yemakambani maduku akazvimirira, kana kunyange dzimba dzevanhu. Inguva yekutaura nezve central node ye network yakagoverwa.

Zviri pachena kuti hazvizogoneki kuvaka network yemazuva ano yebhizinesi rakakura chete pahwaro hwehupfumi-kirasi michina. Uye ronga sevhisi yegore kuti ipe masevhisi kune vatengi, zvakare. Kumwe kunofanirwa kuve nemidziyo yakaiswa iyo inogona kushandira nhamba huru yevatengi panguva imwe chete. Panguva ino tichataura nezvechimwe chishandiso chakadaro - Zyxel VPN1000.

Kune vese vakuru nevadiki vatori vechikamu mukutsinhana kwenetiweki, zvinokwanisika kuona maitiro ayo kukodzera kweimwe mudziyo wekugadzirisa dambudziko kunoongororwa.

Pazasi ndiwo makuru:

  • hunyanzvi uye kugona kushanda;
  • control;
  • kuchengeteka;
  • kukanganisa kushivirira.

Zvakaoma kuziva kuti chii chinonyanya kukosha uye chii chingaitwa pasina. Zvose zvinodiwa. Kana chigadziro chacho chisingasviki nezvinodiwa maererano nemamwe maitiro, izvi zvakazara nematambudziko mune ramangwana.

Nekudaro, mamwe maficha emidziyo akagadzirirwa kuve nechokwadi chekushanda kweyepakati mayuniti uye zvishandiso zvinoshanda zvakanyanya pariferi zvinogona kusiyana zvakanyanya.

Kune iyo yepakati node, simba rekombuta rinouya pekutanga - izvi zvinotungamira mukumanikidzwa kutonhora, uye, nekudaro, ruzha kubva kune fan. Pamidziyo yeperipheral, iyo inowanzowanikwa mumahofisi nedzimba, kuita ruzha kunenge kusingatenderwe.

Imwe pfungwa inofadza ndeyekugoverwa kwezviteshi. Mumidziyo yeperipheral zviri pachena kana zvishoma kuti ichashandiswa sei uye vangani vatengi vachabatanidzwa. Naizvozvo, iwe unogona kuseta kupatsanurwa kwakasimba kwezvikepe muWAN, LAN, DMZ, kusungira zvakasimba kune protocol, zvichingodaro. Iko hakuna chokwadi chakadaro pacentral hub. Semuenzaniso, isu takawedzera chikamu chitsva chetiweki chinoda kubatana kuburikidza neyayo interface - uye maitiro ekuita izvi? Izvi zvinoda imwe mhinduro yepasirese nekugona kuchinjika kugadzirisa mainterface.

Chinhu chakakosha nuance ndechekuti mudziyo wakapfuma mumabasa akasiyana. Ehe, nzira yekuve nechidimbu chemidziyo ichiita basa rimwe chete zvakanaka ine zvayakanakira. Asi iyo inonyanya kufadza mamiriro ezvinhu inotanga kana iwe uchida kutora nhanho kuruboshwe, nhanho kurudyi. Ehe, nebasa idzva rega rega iwe unogona zvakare kutenga imwe yakananga mudziyo. Uye zvichingodaro kusvikira bhajeti kana rack nzvimbo yapera.

Mukupesana, yakawedzera seti yemabasa inobvumidza iwe kuti upfuure nemudziyo mumwe paunenge uchigadzirisa akati wandei. Semuenzaniso, iyo ZyWALL VPN1000 inotsigira akawanda marudzi eVPN kubatana, kusanganisira SSL uye IPsec VPN, pamwe nekure kure kubatana kwevashandi. Ndokunge, chidimbu chimwe chehardware chinovhara nyaya dzezvese zviri zviviri muchinjiko-saiti uye mutengi kubatana. Asi pane imwe "asi". Kuti izvi zvishande, iwe unofanirwa kuve uine performance reserve. Semuenzaniso, munyaya yeZyWALL VPN1000, iyo IPsec VPN hardware core inopa yakakwirira yeVPN tunnel performance, uye VPN kuenzanisa / redundancy neSHA-2 uye IKEv2 algorithms inopa kuvimbika kwepamusoro uye kuchengeteka kwebhizimisi.

Pazasi pane zvimwe zvinobatsira zvinobata imwe kana kupfuura yenzvimbo dzatsanangurwa pamusoro apa.

SD WAN inopa chikuva chekutonga kwegore, kuwana mabhenefiti epakati manejimendi ekutaurirana pakati pesaiti nekukwanisa kudzora kure uye kutarisa. ZyWALL VPN1000 inotsigirawo nzira inoenderana nekushanda uko kunodiwa mabasa epamusoro eVPN.

Tsigiro yemapuratifomu emakore emishini-yakakosha masevhisi. ZyWALL VPN1000 inoedzwa kushandiswa neMicrosoft Azure uye AWS. Iko kushandiswa kwemidziyo isati yaedzwa kunodiwa kune sangano chero nhanho, kunyanya kana iyo IT sisitimu inoshandisa musanganiswa wetiweki yenzvimbo uye gore.

Sefa yemukati Inosimbisa chengetedzo nekuvhara kupinda kune yakaipa kana kusada mawebhusaiti. Inodzivirira malware kubva kudhawunirodha kubva kune isina kuvimbika kana yakabiwa masaiti. Panyaya yeZyWALL VPN1000, rezinesi repagore resevhisi iyi yatoverengerwa mupakeji.

Geo-zvematongerwo enyika (Geo IP) inokutendera kuti utarise traffic uye kuongorora nzvimbo yeIP kero, uchiramba kuwana kubva kune zvisina basa kana nharaunda dzine njodzi. Rezinesi repagore resevhisi iyi rinosanganisirwawo paunenge uchitenga mudziyo.

Wireless Network Management Iyo ZyWALL VPN1000 inosanganisira isina waya network controller iyo inokutendera iwe kubata kusvika 1032 nzvimbo dzekuwana kubva kune yepakati mushandisi interface. Mabhizinesi anogona kuendesa kana kuwedzera inokwenenzverwa yeWi-Fi network nekushoma kuedza. Zvakakosha kuziva kuti nhamba 1032 yakawanda chaizvo. Zvichienderana nekuverenga kuti vanosvika gumi vashandisi vanogona kubatana kune imwe nzvimbo yekuwana, iyi inhamba inoshamisa.

Kuenzanisa uye redundancy. Iyo VPN nhevedzano inotsigira kuyera kuyera uye redundancy pane akawanda ekunze interfaces. Ndiko kuti, iwe unogona kubatanidza nzira dzinoverengeka kubva kune akati wandei vanopa, nekudaro uchizvidzivirira kubva kumatambudziko ekutaurirana.

Kugona kwemudziyo redundancy (mudziyo HA) yekubatanidza isina kumira, kunyangwe imwe yemidziyo ikatadza. Zvakaoma kuita pasina izvi kana iwe uchida kuronga basa 24/7 nekuderera kushoma nguva.

Zyxel Device HA Pro inoshanda mukati active/passive, iyo isingadi nzira yakaoma yekugadzirisa. Izvi zvinokutendera kuti udzikise chikumbaridzo chekupinda uye wobva watanga kushandisa kubhuroka. Kusiyana active/active, kana sisitimu maneja inoda kuwedzererwa kudzidziswa, kugona kugadzirisa inochinja nzira, kunzwisisa kuti asymmetric mapaketi chii, nezvimwe. - Mode setting active/passive Inoshanda nyore nyore uye inoda nguva shoma.

Paunenge uchishandisa Zyxel Device HA Pro, zvishandiso zvinochinjana masaini heartbeat kuburikidza nechiteshi chakatsaurirwa. Active uye passive mudziyo zviteshi zve heartbeat yakabatana netambo yeEthernet. Iyo passive mudziyo inonyatso wiriranisa ruzivo neiyo inoshanda mudziyo. Kunyanya, ese masesheni, tunnel, uye mushandisi maakaundi anowiriraniswa pakati pemidziyo. Mukuwedzera, iyo passive mudziyo inochengetedza kopi yekuchengetedza yefaira yekumisikidza kana mudziyo unoshanda ukatadza. Izvi zvinogonesa shanduko isina musono muchiitiko chekutadza kwekutanga mudziyo.

Zvakakosha kucherechedza kuti mumasisitimu anoshanda/active iwe uchiri kufanira kuchengetedza 20-25% yehurongwa zviwanikwa zve failover. At active/passive mudziyo mumwe wakanyatsomira, uye wakagadzirira kukurumidza kugadzirisa network traffic uye kuchengetedza yakajairika network kushanda.

Nemashoko akareruka: "Paunenge uchishandisa Zyxel Device HA Pro uye uine chekuchengetedza chiteshi, bhizinesi rinodzivirirwa kubva pakurasikirwa kwekutaurirana nekuda kwekukanganisa kweanopa, uye kubva kumatambudziko anokonzerwa nekutadza kweiyo router.

Kupfupikisa zvese zviri pamusoro

Kune iyo yepakati node yetiweki yakagoverwa, zviri nani kushandisa mudziyo une kumwe kupihwa kwezviteshi (connection interfaces). Muchiitiko ichi, zvinodikanwa kuva nezvose RJ45 interfaces yekureruka uye inodhura-inoshanda yekubatanidza, uye SFP yekusarudza pakati pefiber-optic yekubatanidza uye twisted pair.

Ichi chishandiso chinofanira kuva:

  • inobereka, yakagadziridzwa kuchinja kamwe kamwe mumutoro;
  • ine chimiro chakajeka;
  • ine hupfumi, asi kwete yakawandisa nhamba yakavakirwa-mukati mabasa, kusanganisira ayo ane hukama nekuchengetedza;
  • nekwaniso yekuvaka zvikanganiso-anoshivirira maseketi - dhizaini dhizaini uye dhizaini yechigadzirwa;
  • kutsigira manejimendi kuitira kuti iyo yese branched zvivakwa muchimiro chepakati node uye peripheral zvishandiso zvinogona kutungamirwa kubva pane imwe nzvimbo;
  • se "icing on the cake" - tsigiro yemaitiro emazuva ano sekubatanidza ne cloud resources nezvimwe zvakadaro.

ZyWALL VPN1000 seyepakati node yetiweki

Pakutanga kutarisa paZyWALL VPN1000, zviri pachena kuti Zyxel haina kuchengetedza zviteshi.

Tine:

  • 12 inogadziriswa RJ-45 (GBE) zviteshi;

  • 2 inogadziriswa SFP ports (GBE);

  • 2 USB 3.0 ports ine tsigiro ye3G/4G modem.

Spider yedandemutande kana yepakati node ye network yakagoverwa
Mufananidzo 1. General maonero eZyWALL VPN1000.

Izvo zvinofanirwa kucherechedzwa ipapo kuti mudziyo hausi wehofisi yemba, zvakanyanya nekuda kwevane simba mafeni. Kune vana vavo pano.

Spider yedandemutande kana yepakati node ye network yakagoverwa
Mufananidzo 2. ZyWALL VPN1000 rear panel.

Ngatione kuti iyo interface inotaridzika sei.

Iwe unofanirwa kubva wanyatsoteerera kune yakakosha mamiriro. Kune akawanda mabasa, uye hazvizogone kutsanangura iwo zvakadzama muchinyorwa chimwe. Asi chakanaka pamusoro pezvigadzirwa zveZyxel ndezvekuti pane zvinyorwa zvakanyatsotsanangurwa, chekutanga, mushandisi (mutongi) bhuku. Naizvozvo, kuti uwane pfungwa yehupfumi hwemabasa, ngatingopfuura nematabu.

Nekumisikidza, port 1 uye port 2 inopihwa kuWAN. Kutanga kubva pachiteshi chechitatu pane mainterfaces enzvimbo network.

Iyo 3rd port ine default IP 192.168.1.1 yakanyatsokodzera kubatana.

Isu tinobatanidza patchcord, enda kukero https://192.168.1.1 uye iwe unogona kutarisa hwindo rekunyoresa mushandisi wewebhu interface.

taura pfungwa. Kune manejimendi, unogona kushandisa iyo SD-WAN gore manejimendi system.

Spider yedandemutande kana yepakati node ye network yakagoverwa
Mufananidzo 3. Hwindo rekupinda mukati uye password

Isu tinoenda kuburikidza nemaitiro ekupinda mukati uye password uye tora iyo Dashboard hwindo pachiratidziro. Chaizvoizvo, sezvazvinofanira kunge zviri zveDashboard - yakanyanya ruzivo rwekushandisa pane yega yega nzvimbo yekrini.

Spider yedandemutande kana yepakati node ye network yakagoverwa
Mufananidzo 4. ZyWALL VPN1000 - Dashboard.

Kurumidza Setup Tab (Wizards)

Kune vaviri vabatsiri mune iyo interface: yekumisikidza WAN uye kumisikidza VPN. Muchokwadi, vabatsiri chinhu chakanaka; ivo vanokutendera iwe kuti uite template marongero kunyangwe usina ruzivo rwekushanda nemudziyo. Zvakanaka, kune avo vanoda zvimwe, sezvataurwa pamusoro apa, pane zvinyorwa zvakadzama.

Spider yedandemutande kana yepakati node ye network yakagoverwa
Mufananidzo 5. Quick Setup tab.

Monitoring tab

Sezviri pachena, mainjiniya kubva kuZyxel vakasarudza kutevedzera musimboti: isu tinotarisisa zvese zvatinogona. Ehe, kune mudziyo unoshanda sepakati hub, kutonga kwakazara hakuzokuvadze zvachose.

Kunyangwe kungowedzera zvinhu zvese zviri padivi, hupfumi hwesarudzo hunova pachena.

Spider yedandemutande kana yepakati node ye network yakagoverwa
Mufananidzo 6. Monitoring tab ine yakawedzerwa-duku-zvinhu.

Configuration tab

Pano hupfumi hwemabasa hunotonyanya kuoneka.

Semuyenzaniso, mudziyo wekushandisa port management wakagadzirwa zvakanaka kwazvo.

Spider yedandemutande kana yepakati node ye network yakagoverwa
Mufananidzo 7. Kugadzirisa tab ine yakawedzerwa-duku-zvinhu.

Maintenance tab

Iine zvikamu zvidiki zvekuvandudza firmware, diagnostics, yekuona routing mitemo uye kuvhara.

Aya mabasa ndeemubatsiri uye aripo kune imwe dhigirii kana imwe munenge mune yega yega network.

Spider yedandemutande kana yepakati node ye network yakagoverwa
Mufananidzo 8. Tabhu yekuchengetedza ine zvinhu zviduku zvakawedzerwa.

Kuenzanisa hunhu

Ongororo yedu yaizove isina kukwana pasina kuenzanisa nemamwe analogues.

Pazasi pane tafura yeanalogues iri padyo neZyWALL VPN1000 uye rondedzero yemabasa ekuenzanisa.

Tafura 1. Kuenzanisa kweZyWALL VPN1000 neanalogues.

Spider yedandemutande kana yepakati node ye network yakagoverwa

Tsanangudzo dzeTafura 1:

*1: Rezinesi inodiwa

*2: Yakaderera Kubata Kupihwa: Mutariri anofanira kutanga agadzirisa mudziyo munharaunda pamberi peZTP.

* 3: Session based: DPS inongoshanda kuchikamu chitsva; izvi hazvizokanganisa chikamu chazvino.

Sezvauri kuona, mune dzimwe nzira analogues ari kubata negamba rekuongorora kwedu, semuenzaniso, iyo Fortinet FG-100E zvakare yakavaka-mukati WAN optimization, uye iyo Meraki MX100 ine yakavakirwa-mukati AutoVPN (saiti-ku. -saiti) basa, asi kazhinji, iyo ZyWALL VPN1000 haina kujeka mune yayo yakazara seti yemabasa iri kutungamira.

Zvinokurudzira pakusarudza zvishandiso zvepakati node (kwete chete Zyxel)

Paunosarudza zvishandiso zvekuronga iyo yepakati node ye network yakakura ine matavi mazhinji, iwe unofanirwa kutarisa kune akati wandei paramita: tekinoroji kugona, nyore manejimendi, chengetedzo uye kukanganisa kushivirira.

Basa rakasiyana-siyana, nhamba huru yezviteshi zvemuviri zvine flexible configuration: WAN, LAN, DMZ uye kuvapo kwemamwe mabasa akanaka, akadai semutongi wekugadzirisa nzvimbo yekuwana, inokubvumira kupedzisa mabasa akawanda panguva imwe chete.

Basa rakakosha rinoitwa nekuwanikwa kwezvinyorwa uye yakanakira manejimendi interface.

Kuve nezvinhu zvinoita kunge zviri nyore zvakadaro, hazvina kuoma kugadzira network network inotora nzvimbo dzakasiyana siyana nenzvimbo, uye kushandiswa kweiyo SD-WAN gore kunokutendera kuti uite izvi nekunyanya kushanduka uye kuchengetedzeka.

Useful links

Ongororo yemusika weSD-WAN: ndedzipi mhinduro dziripo uye ndiani anodzida

Zyxel Chishandiso HA Pro inovandudza network kusimba

Kushandisa GeoIP chimiro muATP/VPN/Zywall/USG akatevedzana ekuchengetedza gedhi

Chii chichasara muimba ye server?

Vaviri mune imwe, kana kutama kwenzvimbo yekupinda controller kuenda kugedhi

Teregiramu chat Zyxel kune nyanzvi

Source: www.habr.com

Voeg