BolΠ΅Makore maviri apfuura, takanyora kuti wese Check Point maneja munguva pfupi kana gare gare anotarisana nenyaya yekuvandudza kune imwe vhezheni. Muizvi kukwidziridzwa kubva kuR77.30 kusvika kuR80.10 kwakatsanangurwa. Nenzira, muna Ndira 2020, R77.30 yakava shanduro yakasimbiswa yeFSTEC. Nekudaro, zvakawanda zvachinja paCheck Point mumakore maviri. Muchinyorwa chino ββ inotsanangura mitsva yese, ine zvakawanda. Ichi chinyorwa chinotsanangura maitiro ekuvandudza zvakadzama sezvinobvira.
Sezvaunoziva, pane 2 sarudzo dzekuita Tarisa Point: Standalone uye Distributed, kureva, isina yakazvitsaurira manejimendi server uye ine yakazvitsaurira. Iyo Distributed sarudzo inokurudzirwa zvakanyanya nekuda kwezvikonzero zvakati:
-
mutoro pamusuwo wezviwanikwa unoderedzwa;
-
Iwe haufanirwe kuronga hwindo rekuchengetedza kuti ushande pane manejimendi server;
-
kushanda kwakakwana kweSmartEvent, sezvo zvisingaite kushanda muiyo Standalone vhezheni;
-
Inokurudzirwa zvikuru kuvaka sumbu remagedhi muDistributed configuration.
Tichifunga nezvese mabhenefiti eiyo Distributed kumisikidzwa, isu tichafunga kusimudzira manejimendi server uye kuchengetedza gedhi zvakasiyana.
Chengetedzo Yekuchengetedza Server (SMS) Yekuvandudza
Pane nzira mbiri dzekuvandudza SMS:
-
kuburikidza neCPUSE (kuburikidza neGaia Portal)
-
uchishandisa Migration Tools (yakachena kuisa inodiwa - fresh install)
Kuvandudza uchishandisa CPUSE hakukurudzirwe neCheck Point vaunoshanda navo sezvo zvisingagadzirise yako faira system vhezheni uye kernel. Zvisinei, iyi nzira haidi kutama kwemitemo uye inokurumidza uye iri nyore kupfuura nzira yechipiri.
Kuisa kwakachena uye kutama kwemitemo uchishandisa Migration Tools ndiyo nzira inokurudzirwa. Pamusoro peiyo itsva faira system uye OS kernel, zvinowanzoitika kuti dhatabhesi reSMS rinovharika, uye kuisirwa kwakachena mune iyi ndiyo mhinduro yakanakisa yekuwedzera kukurumidza kune server.
1) Nhanho yekutanga mune chero update ndeyekugadzira backups uye snapshots. Kana iwe uine sevha yekutonga yemuviri, saka backup inofanirwa kuitwa kubva kuGaia Portal web interface. Enda kune tab Maintenance> System Backup> Backup. Tevere, unotsanangura nzvimbo yekuchengetedza backup. Izvi zvinogona kunge zviri SCP, FTP, TFTP server, kana munharaunda pane mudziyo, asi ipapo uchafanirwa kurodha iyi backup kune server kana komputa gare gare.
Mufananidzo 1. Kugadzira kuchengetedza muGaia Portal
2) Tevere iwe unofanirwa kutora snapshot mune tab Maintenance β Snapshot Management β Nyowani. Musiyano uripo pakati pema backups uye snapshots ndewekuti snapshots inochengeta rumwe ruzivo, kusanganisira ese akaiswa hotfixes. Zvisinei, zviri nani kuita zvose zviri zviviri.
Kana yako manejimendi server yakaiswa senge muchina, saka zvinokurudzirwa kuita backup yemuchina chaiwo uchishandisa yakavakirwa-mukati hypervisor maturusi. Zvinongokurumidza uye zvakavimbika.
Mufananidzo 2. Kugadzira snapshot muGaia Portal
3) Sevha chigadziriso chemudziyo kubva kuGaia Portal. Iwe unogona kutora skrini ese ma tabo ezvirongwa ari muGaia Portal, kana kuisa iwo murairo kubva kuClish chengetedza kugadzirisa. Tevere, tora faira kuPC yako uchishandisa WinSCP kana mumwe mutengi.
Mufananidzo 3. Kuchengetedza gadziriro kune faira remavara)
taura pfungwa: kana WinSCP isingakubvumidze kuti ubatanidze, shandura ganda remushandisi ku / bin/bash kungave muwebhu interface muVashandisi tebhu, kana nekuisa murairo. chsh βs /bin/bash.
Kugadziridza neCPUSE
4) Matanho matatu ekutanga anosungirwa kune chero sarudzo yekuvandudza. Kana iwe ukafunga kutora yakapfava yekuvandudza nzira, saka muwebhu interface enda kune tab Kuvandudza (CPUSE)> Mamiriro uye Zviito> Mavhezheni Makuru> Tarisa Nzvimbo R80.40 Gaia Fresh Isa uye Kuvandudza. Tinya-kurudyi pane iyi update uye sarudza Verifier. Iyo yekusimbisa maitiro ichatanga kwemaminetsi mashoma, mushure meizvozvo iwe uchaona meseji yekuti mudziyo unogona kuvandudzwa. Kana ukaona zvikanganiso, zvinoda kugadziriswa.
Mufananidzo 4. Kuvandudza kuburikidza neCPUSE
5) Kugadziridza kune yazvino vhezheni yeCDT (Central Deployment Tool) - chishandiso chinomhanya pane manejimendi server uye inobvumidza iwe kuti uise zvigadziriso, masevhisi mapaketi, maneja backups, snapshots, zvinyorwa uye zvimwe zvakawanda. Shanduro yeCDT yechinyakare inogona kukonzera matambudziko nekuvandudza. Unogona kudhawunirodha CDT pa .
6) Mushure mekuisa iyo yakadhindwa dura paSMS mune chero dhairekitori kuburikidza neWinSCP, batanidza neSSH kuSMS uye pinda nyanzvi mode. Rega ndikuyeuchidze kuti mushandisi weWinSCP anofanira kunge aine goko / bin / bash!
7) Isa iyo mirairo:
cd/somepathtoCDT/
tar -zxvf .tgz
rpm -Uhv βforce CPcdt-00-00.i386.rpm
Mufananidzo 5. Kuisa Central Deployment Tool (CDT)
8) Nhanho inotevera ndeyekuisa iyo R80.40 mufananidzo. Kurudyi tinya pane update Download, ipapo Isa. Ramba uchifunga kuti iyo yekuvandudza inotora 20-30 maminetsi uye manejimendi server ichave isipo kwenguva yakati. Naizvozvo, zvine musoro kubvumirana pahwindo rebasa.
9) Ese marezinesi uye chengetedzo marongero anochengetwa, saka inotevera iwe unofanirwa kudhawunirodha imwe nyowani .
10) Batanidza kuSMS SmartConsole nyowani uye isa mitemo yekuchengetedza. Bhatani Isa Policy pakona yekumusoro kuruboshwe.
11) SMS yako yakagadziridzwa, saka iwe unofanirwa kuisa yazvino hotfix. Mune tab Kukwidziridza (CPUSE)> Chimiro uye Zviito> Hotfixes tinya bhatani rekurudyi rembeva Verifieripapo Isa Gadziriso. Chishandiso chinozozvitangazve mushure mekuisa iyo update.
Mufananidzo 6. Kuisa hotfix yazvino neCPUSE
Kugadziridza neMigration Tools
4) Kutanga, iwe unofanirwawo kugadzirisa kune yazvino vhezheni yeCDT - mapoinzi 5, 6, 7 kubva muchikamu. "Gadziridza uchishandisa CPUSE."
5) Isa iyo Migration Tools package inodiwa kutamisa marongero kubva kune manejimendi server. Maererano neizvi unogona kuwana Migration Zvishandiso zveshanduro: R80.20, R80.20 M1, R80.20 M2, R80.30, R80.40. Iwe unofanirwa kudhawunirodha Migration Zvishandiso zveiyo vhezheni kwaunoda kuvandudza, uye kwete iyo yaunayo ikozvino! Kwatiri iR80.40.
6) Tevere muSMS web interface enda kune tab Kukwidziridza (CPUSE)> Mamiriro uye Zviito> Ngenisa Package> Bhurawuza> Sarudza faira rakadhawunirodha> Ngenza.
Mufananidzo 7. Kupinza Migration Tools
7) Kubva pane nyanzvi mode paSMS, tarisa kuti Migration Tools package yakaiswa uchishandisa rairo (kubuda kwemurairo kunofanirwa kuenderana nenhamba iri muzita reMigration Tools archive):
cpprod_util CPPROD_GetValue CPupgrade-tools-R80.40 BuildNumber 1
Mufananidzo 8. Kuongorora kuiswa kweMigration Tools
8) Enda ku $FWDIR/scripts folda pane manejimendi server:
cd $FWDIR/zvinyorwa
9) Mhanya pre-kusimudzira verifier uchishandisa rairo (kana paine zvikanganiso, zvigadzirise pamberi pemamwe matanho):
./migrate_server simbisa -v R80.40
taura pfungwa: kana ukaona kukanganisa "Yatadza kuburitsa Upgrade Tools package", asi watarisa kuti dura rakaburitswa kunze kwenyika zvakabudirira (ona pfundo 4), shandisa murairo:
./migrate_server simbisa -v R80.40 -skip_upgrade_tools_check
Mufananidzo 9. Kumhanyisa script yekusimbisa
10) Export kuchengetedza mitemo uchishandisa murairo:
./migrate_server export -v R80.40 / / .tgz
Mufananidzo 10. Kutumira kunze mutemo wekuchengetedza
taura pfungwa: kana ukaona kukanganisa "Yatadza kuburitsa Upgrade Tools package", asi watarisa kuti archive yakatengeswa kunze kwenyika zvakabudirira (nhanho 7), shandisa murairo:
./migrate_server export -skip_upgrade_tools_check -v R80.40 / / .tgz
11) Verenga iyo MD5 hash sum uye chengetedza zvakabuda zvekuraira:
md5sum / / .tgz
Mufananidzo 11. Kuverenga MD5 hash sum
12) Uchishandisa WinSCP, fambisa iyi faira pakombuta yako.
13) Isa murairo df-h uye chengetedza wega iyo muzana yemadhairekitori zvichienderana nenzvimbo inogarwa.
Mufananidzo 12. Mazana emadhairekitori paSMS
14.1) Kana uine SMS chaiyo
14.1.1) Kushandisa bootable USB flash drive ine mufananidzo inogadzirwa .
14.1.2) Ini ndinokurudzira kugadzirira kanenge 2 bootable flash drives, sezvo zvichiitika kuti flash drive haiverengeki nguva dzose.
14.1.3) Semutungamiri pakombuta yako, mhanya ISOmorphic.exe. Munhanho yekutanga, sarudza mufananidzo wakatorwa weGaia R1, mudanho rechina flash drive. Shandura pfungwa 80.40 ne4 hapana kudiwa!
Mufananidzo 13. Kugadzira bootable USB flash drive
14.1.4) Sarudza chinhu "Install otomatiki pasina kusimbiswa" uye zvakakosha kutsanangura modhi yeako manejimendi server. Panyaya yeSMS, unofanira kusarudza mutsara 3 kana 4.
Mufananidzo 14. Kusarudza chigadzirwa chekushandisa kugadzira bootable USB flash drive
14.1.5) Tevere, unodzima kumusoro, isa iyo flash drive muchiteshi che USB, batanidza tambo yekoni kuburikidza neCOM port kune mudziyo uye gonesa SMS. Kuisa maitiro kunoitika otomatiki. Default IP Kero - 192.168.1.1/24, uye ruzivo rwekupinda admin / arun.
14.1.6) Nhanho inotevera ndeyekubatanidza kune web interface paGaia Portal (default address ), kwaunoenda kuburikidza nekutanga mudziyo. Panguva yekutanga unodzvanya Zvadaro, nekuti anenge ese magadzirirwo anogona kuchinjwa mune ramangwana. Nekudaro, iwe unogona nekukurumidza kuchinja iyo IP kero, DNS marongero uye zita rekutambira.
14.2) Kana iwe uine virtual SMS
14.2.1) Chero mamiriro ezvinhu haufanire kudzima iyo yekare SMS; gadzira nyowani nyowani yemuchina ine zviwanikwa zvakafanana (CPU, RAM, HDD) uye yakafanana IP kero. Nenzira, iwe unogona kuwedzera RAM uye HDD, sezvo iyo R80.40 vhezheni iri kudiwa zvishoma. Kuti udzivise kupokana kwekero yeIP, dzima iyo yekare SMS uye tanga kuisa imwe nyowani.
14.2.2) Panguva yekuiswa kweGaia, gadzirisa ikozvino IP kero uye sarudza dhairekitori / root nzvimbo yakakwana. Mazana emadhairekitori aunawo anofanira kunge ari angangoita kupona, shandisa zvinobuda df-h.
15) Panguva yekusarudza rudzi rwekuisa "Installation Type" sarudza yekutanga sarudzo, sezvo kazhinji iwe usina MDS (Multi-Domain Server). Kana MDS, saka iwe wakakwanisa akawanda madomasi kubva akasiyana eSMS masangano panguva imwe chete. Muchiitiko ichi, unofanira kusarudza chinhu chechipiri.
Mufananidzo 15. Kusarudza Gaia yekuisa mhando
16) Iyo yakakosha poindi isingagone kugadziriswa pasina kudzoreredza isarudzo yesangano. Unofanira kusarudza Security Management uye dzvanya Zvadaro. Zvimwe zvese ndezvekungogara.
Mufananidzo 16. Kusarudza rudzi rwechikwata paunenge uchiisa Gaia
17) Kana mudziyo uchinge watangazve, batanidza kuwebhu interface uchishandisa kana imwe kero yeIP yakasiyana kana waichinja.
18) Shandura zvigadziriso kubva pazvidzitiro kune ese maGaia Portal ma tabo mune chimwe chinhu chakagadziriswa, kana kumhanya murairo kubva kuclish. load configuration .txt. Iyi faira faira inofanira kutanga yaiswa kuSMS.
taura pfungwa: Nekuda kwekuti OS itsva, WinSCP haikubvumidze kuti ubatane semaneja, shandura ganda remushandisi kuita / bin/bash kungave muwebhu interface muVashandisi tebhu, kana nekupinda murairo. chsh βs /bin/bash kana kugadzira mushandisi mutsva.
19) Isa iyo faira nematongerwo ekunze kubva kune yekare manejimendi server kune chero dhairekitori. Wobva waenda kuconsole mune nyanzvi modhi uye tarisa kuti iyo MD5 hash huwandu inofanana neyakare. Zvikasadaro, kutumira kunze kunofanirwa kuitwa zvakare:
ndiri md5 / / .tgz
20) Dzokorora nhanho yechitanhatu uye isa Kusimudzira Zvishandiso pane iyo itsva SMS muGaia Portal mune tab. Kukwidziridza (CPUSE)> Chimiro uye Zviito.
21) Pinda murairo mune nyanzvi mode:
./migrate_server import -v R80.40 -skip_upgrade_tools_check / / .tgz
Mufananidzo 17. Kupinza mutemo wekuchengetedza kune imwe SMS
22) Gonesa masevhisi nemirairo cpstart.
23) Dhawunirodha itsva uye batanidza kune manejimendi server. Enda ku Menu > Tonga Marezenisi uye Mapakeji (SmartUpdate) uye tarisa kuti uchine rezinesi rako.
Mufananidzo 18. Kutarisa marezinesi akaiswa
24) Isa iyo yekuchengetedza mutemo pane gedhi kana sumbu - Isa Policy.
Chengetedzo Gedhi (SG) Update
Iyo Chengetedzo Gedhi inogona kuvandudzwa kuburikidza neCPUSE, senge sevhavhavhavha, kana kuiswa zvakare - fresh install. Kubva pane zvakaitika kwandiri, mu99% yemakesi, munhu wese anodzoreredza Chengetedzo Gateway nekuda kwekuti zvinotora ingangoita nguva yakafanana nekuvandudza kuburikidza neCPUSE, asi iwe unowana yakachena, yakagadziridzwa OS isina tsikidzi.
Nekufananidza neSMS, iwe unofanirwa kutanga wagadzira backup uye snapshot, uye zvakare chengetedza marongero kubva kuGaia Portal. Nongedzera kumapfundo 1, 2 uye 3 muchikamu "Security Management Server Update".
Kugadziridza neCPUSE
Kugadziridza Chengetedzo Gedhi kuburikidza neCPUSE kwakangofanana nekuvandudza iyo Security Management Server, saka ndapota tarisa kutanga kwechinyorwa.
Poindi yakakosha: SG update inoda kudzorerazve! Naizvozvo, gadziridza panguva yekugadzirisa hwindo. Kana iwe uine cluster, simudza iyo passive node kutanga, wobva wachinja mabasa uye kusimudzira imwe node. Muchiitiko chesumbu, mahwindo ekugadzirisa anogona kudziviswa.
Kuisa vhezheni itsva yeOS paSecurity Gateway
1.1) Kana iwe uine chaiyo SG
1.1.1) Kushandisa bootable USB flash drive ine mufananidzo inogadzirwa . Mufananidzo wacho wakafanana neSMS, asi maitiro ekugadzira bootable flash drive anotarisa zvishoma.
1.1.2) Ini ndinokurudzira kugadzirira kanenge 2 bootable flash drives, sezvo zvichiitika kuti flash drive haiverengeki nguva dzose.
1.1.3) Semutungamiri pakombuta yako, mhanya ISOmorphic.exe. Munhanho yekutanga, sarudza mufananidzo wakatorwa weGaia R1, mudanho rechina flash drive. Shandura pfungwa 80.40 ne4 hapana kudiwa!
Mufananidzo 19. Kugadzira bootable USB flash drive
1.1.4) Sarudza chinhu "Isa otomatiki pasina kusimbiswa", uye zvakakosha kuratidza muenzaniso weSecurity Gateway yako - mitsara 2 kana 3. Kana iri bhokisi rejecha remuviri (SandBlast Appliance), zvino sarudza mutsara wechishanu.
Mufananidzo 20. Kusarudza chigadzirwa chekushandisa kugadzira bootable USB flash drive
1.1.5) Tevere, unodzima kumusoro, isa iyo flash drive muchiteshi che USB, batanidza tambo yekoni kuburikidza neCOM port kune mudziyo uye wovhura gedhi. Iyo yekuisa maitiro inoitika otomatiki. Default IP Kero - 192.168.1.1/24, uye ruzivo rwekupinda admin / arun. Unofanira kuvandudza kutanga passive node, wobva waisa mutemo pairi, chinja mabasa uye wozogadzirisa imwe node. Iwe uchanyanya kuda hwindo rebasa.
1.1.6) Nhanho inotevera ndeyekubatanidza kune yewebhu interface paGaia Portal, kwaunoenda kuburikidza nekutanga kwekutanga kwemudziyo. Panguva yekutanga unodzvanya Zvadaro, nekuti anenge ese magadzirirwo anogona kuchinjwa mune ramangwana. Nekudaro, iwe unogona nekukurumidza kuchinja iyo IP kero, DNS marongero uye zita rekutambira.
1.2) Kana iwe uine chaiyo SG
1.2.1) Gadzira muchina mutsva wemashini ane zviwanikwa zvakafanana (CPU, RAM, HDD) kana kupfuura, sezvo iyo R80.40 vhezheni iri kudiwa zvishoma. Kuti udzivise kupokana kwemakero eIP, dzima gedhi rekare uye tanga kuisa imwe nyowani ine imwecheteyo IP kero. Iyo yekare SG inogona kubviswa zvakachengeteka, sezvo pasina chinhu chakakosha pairi, nekuti zvinhu zvese zvinonyanya kukosha - mutemo wekuchengetedza - uri pane manejimendi server.
1.2.2) Panguva yekuisa OS, gadzirisa ikozvino IP kero uye sarudza dhairekitori / root nzvimbo yakakwana.
3) Batanidza kugedhi kuburikidza neHTTPS port uye tanga maitiro ekutanga. Panguva yekusarudza mhando yekuisa "Installation Type" sarudza yekutanga sarudzo - Chengetedzo Gedhi uye/kana Chengetedzo Management.
Mufananidzo 21. Kusarudza Gaia yekuisa mhando
4) Pfungwa inonyanya kukosha ndeyekusarudzwa kwesangano (Zvigadzirwa). Unofanira kusarudza Security Gateway uye, kana uine cluster, tarisa bhokisi "Chikamu chikamu chesumbu, mhando: ClusterXL". Kana uine VRRP cluster, zvino sarudza rudzi urwu, asi hazvigoneki.
Mufananidzo 22. Kusarudza rudzi rwechikwata paunenge uchiisa Gaia
5) Munhanho inotevera, isa iyo SIC-yenguva-password yekumisikidza kuvimba neserver server. Uchishandisa iyi password, chitupa chinogadzirwa, uye manejimendi server inotaurirana negedhi pamusoro peiyo encrypted yekutaurirana chiteshi. Cheka chiratidzo "Batanidza kune yako Management seSevhisi" inofanira kusetwa kana manejimendi server iri mugore. Tichangobva kunyora pamusoro peizvi uye kuti zviri nyore sei uye zviri nyore iyo Cloud management server iri.
Mufananidzo 23. Kusikwa kweSIC
6) Tanga maitiro ekutanga pane inotevera tebhu. Kana mudziyo uchinge watangazve, batanidza kune wewebhu interface uye wotamisa zvigadziriso kubva pazvidzitiro kuenda kune ese maGaia Portal tabs mune chimwe chinhu chakagadziridzwa, kana mhanyisa murairo kubva kuclish. load configuration .txt. Iyi config file inofanira kutanga yaiswa kune yekuchengetedza gedhi.
taura pfungwa: Nekuda kwekuti OS itsva, WinSCP haikubvumidze kuti ubatane semaneja, shandura ganda remushandisi kuita / bin/bash kungave muwebhu interface muVashandisi tebhu, kana nekupinda murairo. chsh βs /bin/bash kana kugadzira mushandisi mutsva negoko iri.
7) Vhura uye enda muSecurity Gateway chinhu chauchangobva kudzosera. Vhura iyo tab General Properties > Communication > Reset SIC uye isa password inotsanangurwa munhanho 5.
Mufananidzo 24: Kugadzira kuvimba negedhi idzva rekuchengetedza
8) Shanduro yeGaia yechinhu inofanira kuchinja, kana ikasachinja, wozoishandura nemaoko. Wobva waisa policy pagateway.
9) MuGaia Portal, enda kune tab Kukwidziridza (CPUSE)> Chimiro uye Zviito> Hotfixes uye isa hotfix yazvino. Chishandiso chichapinda reboot panguva yekuisa!
10) Kana iri sumbu, shandura mabasa emanodhi uye ita matanho akafanana kune imwe node.
mhedziso
Ndakaedza kuita dhairekitori rakajeka uye rakazara rekusimudzira kubva kuR80.20/R80.30 kusvika kuR80.40 iripo, sezvo zvakawanda zvachinja. Version yakatoonekwa mudemo mode, asi maitiro ekuvandudza anoramba akafanana. Kutungamirirwa nemukuru kubva kuCheck Point, unogona kuona zvese zvese iwe pachako.
Kune chero mibvunzo iwe unogona kutibata nesu. Isu tichafara kubatsira neakanyanya kuomarara zvigadziriso uye makesi sechikamu chetsigiro yedu yehunyanzvi . Zvakare pane yedu zvinokwanisika kuodha kuongororwa kweCheck Point marongero kana kuisiya yakasununguka kune technical kesi.
. Ramba wakatarisa (, , , , ).
Source: www.habr.com