Marka la eego tirada su'aalaha bilaabay inay nagu soo galaan SD-WAN, tignoolajiyada ayaa bilaabay inay si fiican u xididdo Ruushka. Iibiyeyaasha, si dabiici ah, ma seexdaan oo waxay bixiyaan fikradahooda, iyo qaar ka mid ah hormuudka geesiyaasha ah ayaa horayba uga hirgeliyay shabakadahooda.
Waxaan la shaqeynaa ku dhawaad dhammaan iibiyeyaasha, dhowr sano oo aan ku jiray shaybaarkeena waxaan ku guuleystey inaan dhex galo qaab dhismeedka horumariye kasta oo weyn oo software-qeexay. SD-WAN oo ka socda Fortinet ayaa halkan ka taagan wax yar, kaas oo si fudud u dhisay shaqeynta isku dheelitirka taraafikada u dhexeeya kanaalada isgaarsiinta ee software-ka firewall-ka. Xalku waa mid dimuqraadi ah, sidaas darteed waxaa badanaa tixgeliyaa shirkadaha aan weli diyaar u ahayn isbeddellada caalamiga ah, laakiin waxay rabaan inay si waxtar leh u isticmaalaan kanaalada isgaarsiinta.
Maqaalkan waxaan rabaa inaan kuu sheego sida loo habeeyo oo loola shaqeeyo SD-WAN oo ka socda Fortinet, yaa xalkani ku habboon yahay iyo wixii dhib ah ee aad la kulmi karto halkan.
Ciyaartoyda ugu caansan suuqa SD-WAN waxaa loo kala saari karaa mid ka mid ah laba nooc:
1. Bilawga abuuray xalalka SD-WAN ee xoqan. Kuwa ugu guulaha badan kuwan waxay helayaan dhiirigelin weyn oo horumarineed ka dib markii ay iibsadeen shirkado waaweyn - tani waa sheekada Cisco/Viptela, VMWare / VeloCloud, Nuage/Nokia
2. Iibiyaasha shabakadaha waaweyn kuwaas oo abuuray xalalka SD-WAN, horumarinta barnaamijka iyo maaraynta router-kooda caadiga ah - tani waa sheekada Juniper, Huawei
Fortinet waxay ku guulaysatay inay hesho jidkeeda. Software-ka dab-damiska waxa uu lahaa shaqayn ku dhisan taas oo suurtagelisay in la isku daro is-dhexgalkooda kanaalada farsamada iyo isku dheelitirka culeyska u dhexeeya iyaga oo isticmaalaya algorithms adag marka loo eego marin-u-socodka caadiga ah. Shaqadan waxaa loo yaqaan SD-WAN. Waxa Fortinet lagu magacaabi karaa SD-WAN? Suuqa ayaa si tartiib tartiib ah u fahmaya in Software-Defined macnaheedu yahay kala soocida Diyaaradda Xakamaynta ee Diyaaradda Xogta, kontaroolayaasha u go'an, iyo orchestrators. Fortinet ma laha wax la mid ah. Maaraynta dhexe waa ikhtiyaar waxaana lagu bixiyaa agabka caadiga ah ee Fortimanager. Laakiin fikradayda, waa inaadan raadin runta aan la taaban karin oo aad waqti ku lumiso inaad ka dooddo shuruudaha. Dunida dhabta ah, hab kastaa wuxuu leeyahay faa'iidooyin iyo khasaare. Sida ugu wanaagsan ee looga bixi karo waa in la fahmo oo aad awoodo inaad doorato xalal u dhigma hawlaha.
Waxaan isku dayi doonaa inaan kuu sheego shaashadaha gacanta ku haya waxa SD-WAN ee Fortinet u eg iyo waxa ay sameyn karto.
Sida ay u wada shaqeeyaan
Aynu ka soo qaadno inaad leedahay laba laamood oo ay ku xidhan yihiin laba kanaal xogeed. Xidhiidhiyayaashan xogta waxa lagu daray koox, oo la mid ah sida isku xidhka Ethernet caadiga ah loogu daro LACP-Port-Channel. Dadka waayeelka ah waxay xasuusan doonaan PPP Multilink - sidoo kale isbarbardhig ku habboon. Kanaalka waxay noqon karaan dekedo jireed, VLAN SVI, iyo sidoo kale VPN ama tunnels GRE.
VPN ama GRE ayaa sida caadiga ah loo isticmaalaa marka laanta shabakadaha gudaha lagu xiro internetka. Iyo dekedaha jireed - haddii ay jiraan isku xirka L2 ee ka dhexeeya goobaha, ama marka la isku xidho MPLS/VPN u go'an, haddii aan ku qanacsanahay xidhiidhka iyada oo aan la daboolin iyo sir. Xaalad kale oo dekedaha jireed ee loo isticmaalo kooxda SD-WAN ayaa isku dheelitiraya gelitaanka maxalliga ah ee isticmaaleyaasha internetka.
Meeshayada waxa ku yaal afar dab-damis iyo laba tunnel oo VPN ah oo ka dhex shaqeeya laba “wadayaasha xidhiidhka”. Jaantusku wuxuu u eg yahay sidan:
Tunnel-yada VPN waxaa loo habeeyey qaab interface si ay ula mid noqdaan isku xirka barta-ilaa-dhibcaha ee u dhexeeya aaladaha leh ciwaanka IP-ga ee ku yaal isdhexgalka P2P, kaas oo lagu dhejin karo si loo hubiyo in isgaadhsiinta iyada oo loo marayo tunnel gaar ah uu shaqeynayo. Si gaadiidka si qarsoodi ah loo dhigo oo loo aado dhinaca ka soo horjeeda, waa ku filan inaad u gudubto tunnel-ka. Beddelka ayaa ah in la doorto taraafikada sirta iyadoo la adeegsanayo liisaska shabakadaha hoose, taas oo aad u jahawareeraysa maamulaha maadaama qaabayntu ay noqoto mid aad u adag. Shabakad weyn, waxaad isticmaali kartaa tignoolajiyada ADVPN si aad u dhisto VPN; tani waa analoogga DMVPN ee Cisco ama DVPN ee Huawei, taas oo u oggolaanaysa habayn fudud.
Isku-xidhka goobta VPN ee laba qalab oo leh BGP-ga labada dhinacba
«ЦОД» (DC)
«Филиал» (BRN)
config system interface
edit "WAN1"
set vdom "Internet"
set ip 1.1.1.1 255.255.255.252
set allowaccess ping
set role wan
set interface "DC-BRD"
set vlanid 111
next
edit "WAN2"
set vdom "Internet"
set ip 3.3.3.1 255.255.255.252
set allowaccess ping
set role lan
set interface "DC-BRD"
set vlanid 112
next
edit "BRN-Ph1-1"
set vdom "Internet"
set ip 192.168.254.1 255.255.255.255
set allowaccess ping
set type tunnel
set remote-ip 192.168.254.2 255.255.255.255
set interface "WAN1"
next
edit "BRN-Ph1-2"
set vdom "Internet"
set ip 192.168.254.3 255.255.255.255
set allowaccess ping
set type tunnel
set remote-ip 192.168.254.4 255.255.255.255
set interface "WAN2"
next
end
config vpn ipsec phase1-interface
edit "BRN-Ph1-1"
set interface "WAN1"
set local-gw 1.1.1.1
set peertype any
set net-device disable
set proposal aes128-sha1
set dhgrp 2
set remote-gw 2.2.2.1
set psksecret ***
next
edit "BRN-Ph1-2"
set interface "WAN2"
set local-gw 3.3.3.1
set peertype any
set net-device disable
set proposal aes128-sha1
set dhgrp 2
set remote-gw 4.4.4.1
set psksecret ***
next
end
config vpn ipsec phase2-interface
edit "BRN-Ph2-1"
set phase1name "BRN-Ph1-1"
set proposal aes256-sha256
set dhgrp 2
next
edit "BRN-Ph2-2"
set phase1name "BRN-Ph1-2"
set proposal aes256-sha256
set dhgrp 2
next
end
config router static
edit 1
set gateway 1.1.1.2
set device "WAN1"
next
edit 3
set gateway 3.3.3.2
set device "WAN2"
next
end
config router bgp
set as 65002
set router-id 10.1.7.1
set ebgp-multipath enable
config neighbor
edit "192.168.254.2"
set remote-as 65003
next
edit "192.168.254.4"
set remote-as 65003
next
end
config network
edit 1
set prefix 10.1.0.0 255.255.0.0
next
end
config system interface
edit "WAN1"
set vdom "Internet"
set ip 2.2.2.1 255.255.255.252
set allowaccess ping
set role wan
set interface "BRN-BRD"
set vlanid 111
next
edit "WAN2"
set vdom "Internet"
set ip 4.4.4.1 255.255.255.252
set allowaccess ping
set role wan
set interface "BRN-BRD"
set vlanid 114
next
edit "DC-Ph1-1"
set vdom "Internet"
set ip 192.168.254.2 255.255.255.255
set allowaccess ping
set type tunnel
set remote-ip 192.168.254.1 255.255.255.255
set interface "WAN1"
next
edit "DC-Ph1-2"
set vdom "Internet"
set ip 192.168.254.4 255.255.255.255
set allowaccess ping
set type tunnel
set remote-ip 192.168.254.3 255.255.255.255
set interface "WAN2"
next
end
config vpn ipsec phase1-interface
edit "DC-Ph1-1"
set interface "WAN1"
set local-gw 2.2.2.1
set peertype any
set net-device disable
set proposal aes128-sha1
set dhgrp 2
set remote-gw 1.1.1.1
set psksecret ***
next
edit "DC-Ph1-2"
set interface "WAN2"
set local-gw 4.4.4.1
set peertype any
set net-device disable
set proposal aes128-sha1
set dhgrp 2
set remote-gw 3.3.3.1
set psksecret ***
next
end
config vpn ipsec phase2-interface
edit "DC-Ph2-1"
set phase1name "DC-Ph1-1"
set proposal aes128-sha1
set dhgrp 2
next
edit "DC2-Ph2-2"
set phase1name "DC-Ph1-2"
set proposal aes128-sha1
set dhgrp 2
next
end
config router static
edit 1
set gateway 2.2.2.2
et device "WAN1"
next
edit 3
set gateway 4.4.4.2
set device "WAN2"
next
end
config router bgp
set as 65003
set router-id 10.200.7.1
set ebgp-multipath enable
config neighbor
edit "192.168.254.1"
set remote-as 65002
next
edit "192.168.254.3"
set remote-as 65002
next
end
config network
edit 1
set prefix 10.200.0.0 255.255.0.0
next
end
Waxaan ku bixinayaa qaabeynta qaabka qoraalka, sababtoo ah, fikradeyda, way ku habboon tahay in loo habeeyo VPN sidan. Ku dhawaad dhammaan goobaha waa isku mid labada dhinacba; qaab qoraal ahaan waxaa loo samayn karaa sidii koobi-koobi ah. Haddii aad ku sameyso wax la mid ah interface-ka shabakadda, way fududahay inaad qalad sameyso - ilow calaamadda calaamadda meel, geli qiimaha khaldan.
Ka dib markii aan ku daray interfaces xidhmada
dhammaan waddooyinka iyo siyaasadaha amniga ayaa tixraaci kara, ee ma tixraaci karaan is-dhexgalka ku jira. Ugu yaraan, waxaad u baahan tahay inaad ogolaato taraafikada shabakadaha gudaha ilaa SD-WAN. Markaad u abuurto xeerar iyaga, waxaad isticmaali kartaa tillaabooyinka ilaalinta sida IPS, antivirus iyo HTTPS siidaynta.
Xeerarka SD-WAN waxa loo habeeyey xidhmada Kuwani waa xeerar qeexaya isku dheelitirka algorithm ee gaadiidka gaarka ah. Waxay la mid yihiin siyaasadaha jiheynta ee Jidka-Siyaasiga ku salaysan, kaliya natiijada taraafikada ee hoos timaada siyaasadda, ma aha hop-ka xiga ama interface-ka caadiga ah ee la rakibay, laakiin is-dhexgalka ayaa lagu daray xirmada SD-WAN oo lagu daray Algorithm isku dheelitirka taraafigga ee u dhexeeya is-dhexgalkan.
Gaadiidka waxaa lagu kala saari karaa socodka guud ee macluumaadka L3-L4, codsiyada la aqoonsan yahay, adeegyada internetka (URL iyo IP), iyo sidoo kale isticmaalayaasha la aqoonsan yahay ee goobaha shaqada iyo laptops. Taas ka dib, mid ka mid ah algorithms-ka dheelitirka ee soo socda ayaa lagu meelayn karaa taraafikada loo qoondeeyay:
Liiska Xulashada Interface, is dhexgalyada kuwa hore loogu daray xidhmada u adeegi doona taraafikada noocaan ah ayaa la doortay. Markaad ku darto dhammaan is-dhexgalka, waxaad xaddidi kartaa kanaalada aad isticmaashid, dheh, iimayl, haddii aadan rabin inaad culeyska saarto kanaalada qaaliga ah ee SLA sare leh. Gudaha FortiOS 6.4.1, waxaa suurtagal noqotay in koox-is-dhexgalka lagu daro xirmada SD-WAN ee aagagga, abuurista, tusaale ahaan, hal aag oo loogu talagalay isgaarsiinta goobaha fog, iyo mid kale oo loogu talagalay gelitaanka internetka ee maxaliga ah iyadoo la adeegsanayo NAT. Haa, haa, taraafikada taga intarneedka caadiga ah sidoo kale waa la miisaami karaa.
Ku saabsan isku dheelitirka algorithms
Marka la eego sida Fortigate (firewall ka Fortinet) u kala qaybin karo taraafikada inta u dhaxaysa kanaalada, waxaa jira laba ikhtiyaar oo xiiso leh oo aan caan ku ahayn suuqa:
Qiimaha ugu hooseeya (SLA) - laga bilaabo dhammaan is-dhexgalka ee ku qanacsan SLA xilligan, midka leh miisaanka hoose (qiimaha), oo uu gacanta ku dejiyay maamulaha, ayaa la doortay; habkani wuxuu ku habboon yahay taraafikada "badan" sida kaydinta iyo wareejinta faylka.
Tayada ugu Fiican (SLA) - Algorithm-kan, marka lagu daro daahitaanka caadiga ah, jitter iyo luminta xirmooyinka Fortigate, waxay sidoo kale isticmaali kartaa culeyska kanaalka si loo qiimeeyo tayada kanaalka; Habkani waxa uu ku habboon yahay taraafikada xasaasiga ah sida VoIP iyo shirarka fiidyowga ah.
Algorithms-yadani waxay u baahan yihiin dejinta mitir waxqabadka kanaalka isgaarsiinta - Waxqabadka SLA. Mitirkani si xilliyo ah (hubi inta u dhaxaysa) waxay kormeertaa macluumaadka ku saabsan u hoggaansanaanta SLA: luminta xirmada, daahitaanka iyo jitter-ka kanaalka isgaarsiinta, waxayna " diidi kartaa" kanaalada aan hadda buuxin heerarka tayada - waxay luminayaan xirmooyin aad u badan ama sidoo kale waxay la kulmaan daahitaan badan. Intaa waxaa dheer, mitirku wuxuu la socdaa heerka kanaalka, wuxuuna si ku meel gaar ah uga saari karaa xirmada haddii ay dhacdo in jawaabaha soo noqnoqda ay lumiyaan (guuldarrooyinka ka hor inta aan firfircoonayn). Marka dib loo soo celiyo, ka dib dhawr jawaabood oo xidhiidhsan (soo celinta xidhiidhka ka dib), mitirku wuxuu si toos ah ugu soo celin doonaa kanaalka xidhmada, xogtana waxay bilaabi doontaa in mar kale lagu gudbiyo.
Tani waa sida "mitirka" u eg yahay:
Isku xirka shabakada, ICMP-Echo-codsi, HTTP-GET iyo codsiga DNS ayaa diyaar u ah borotokool ahaan. Waxaa jira wax yar oo dheeraad ah oo ku saabsan khadka taliska: TCP-echo iyo UDP-echo fursadaha ayaa diyaar ah, iyo sidoo kale borotokoolka cabbiraadda tayada gaarka ah - TWAMP.
Natiijooyinka cabbiraadda waxa kale oo laga arki karaa interneedka shabakadda:
Iyo khadka taliska:
Ciladaynta
Haddii aad abuurtay qaanuun, laakiin wax walba uma shaqeeyaan sidii la filayay, waa inaad eegtaa qiimaha Hit Count ee liiska SD-WAN Rules. Waxay tusi doontaa in taraafikada gabi ahaanba ku dhacdo sharcigan:
Bogga dejinta ee mitirka laftiisa, waxaad ku arki kartaa isbeddelka xuduudaha kanaalka waqti ka dib. Xariiqda dhibicda leh waxay tilmaantaa qiimaha bilowga ee cabbirka
Isku xirka shabakada waxaad ku arki kartaa sida taraafikada loo qaybiyo qadarka xogta la gudbiyay/helay iyo tirada fadhiyada:
Waxaa intaa dheer waxaas oo dhan, waxaa jira fursad aad u fiican oo lagula socdo marinka baakadaha oo leh tafatirka ugu sarreeya. Markaad ka shaqeyneyso shabakad dhab ah, qaabeynta aaladda waxay aruurisaa siyaasado badan oo marin ah, dab-damis, iyo qaybinta taraafikada dhammaan dekedaha SD-WAN. Waxaas oo dhami waxay la falgalaan midba midka kale si kakan, iyo in kasta oo iibiyuhu uu bixiyo jaantusyo xaddidan oo faahfaahsan oo ku saabsan algorithms-ka baakadka, waxaa aad muhiim u ah in aan la dhisin oo la tijaabin aragtiyaha, laakiin si loo arko halka taraafikada dhabta ah ay tagto.
Tusaale ahaan, amarka soo socda
diagnose debug flow filter saddr 10.200.64.15
diagnose debug flow filter daddr 10.1.7.2
diagnose debug flow show function-name
diagnose debug enable
diagnose debug trace 2
Waxay kuu ogolaanaysaa inaad la socoto laba baakidh oo leh ciwaanka isha ee 10.200.64.15 iyo ciwaanka goobta 10.1.7.2.
Waxaan ping 10.7.1.2 ka 10.200.64.15 laba jeer oo fiiri wax soo saarka on console.
Xirmada koowaad:
xirmo labaad:
Halkan waxaa ah baakidhkii ugu horreeyay ee uu helo firewall:
id=20085 trace_id=475 func=print_pkt_detail line=5605 msg="vd-Internet:0 received a packet(proto=1, 10.200.64.15:42->10.1.7.2:2048) from DMZ-Office. type=8, code=0, id=42, seq=0."
VDOM – Internet, Proto=1 (ICMP), DMZ-Office – название L3-интерфейса. Type=8 – Echo.
Kalfadhi cusub ayaa loo sameeyay:
msg="allocate a new session-0006a627"
Waxaana ciyaar laga dhex helay habaynta siyaasada
msg="Match policy routing id=2136539137: to 10.1.7.2 via ifindex-110"
Waxay soo baxday in baakadda loo baahan yahay in loo diro mid ka mid ah tunnel-ka VPN:
"find a route: flag=04000000 gw-192.168.254.1 via DC-Ph1-1"
Xeerka oggolaanshaha soo socda ayaa lagu ogaaday siyaasadaha firewall:
msg="Allowed by Policy-3:"
Xirmada waa la sirsan yahay waxaana loo diraa tunnelka VPN:
func=ipsecdev_hard_start_xmit line=789 msg="enter IPsec interface-DC-Ph1-1"
func=_ipsecdev_hard_start_xmit line=666 msg="IPsec tunnel-DC-Ph1-1"
func=esp_output4 line=905 msg="IPsec encrypt/auth"
Xirmada sir ah waxaa loo diraa ciwaanka albaabka ee interface-kan WAN:
msg="send to 2.2.2.2 via intf-WAN1"
Xirmada labaad, wax walbaa waxay u dhacaan si isku mid ah, laakiin waxaa loo diraa tunnel kale oo VPN ah oo ka baxa deked dab-damis oo kala duwan:
func=ipsecdev_hard_start_xmit line=789 msg="enter IPsec interface-DC-Ph1-2"
func=_ipsecdev_hard_start_xmit line=666 msg="IPsec tunnel-DC-Ph1-2"
func=esp_output4 line=905 msg="IPsec encrypt/auth"
func=ipsec_output_finish line=622 msg="send to 4.4.4.2 via intf-WAN2"
Faa'iidooyinka xalka
Shaqaale la isku halayn karo iyo is-afgarad-saaxiibtinimo. Qaabka qaabaysan ee laga heli jiray FortiOS kahor imaatinka SD-WAN si buuxda ayaa loo xafiday. Taasi waa, ma hayno software dhawaan la sameeyay, laakiin nidaam qaan gaar ah oo ka yimid iibiyaha dab-damiska. Iyada oo leh shabakad dhaqameed oo hawlo shabakadeed ah, shabakad shabakad ku habboon oo si fudud loo baran karo. Immisa iibiyayaal SD-WAN ah ayaa leh, dhaha, Helitaanka Fog ee VPN shaqaynta qalabka dhamaadka?
Heerka amniga 80. FortiGate waa mid ka mid ah xalalka ugu sarreeya ee dab-damiska. Waxaa jira waxyaabo badan oo internetka ah oo ku saabsan dejinta iyo maamulka dab-damiska, iyo suuqa shaqada waxaa jira khabiiro badan oo ku takhasusay amniga kuwaas oo horey u bartay xalalka iibiyaha.
Qiimaha eber ee shaqeynta SD-WAN Dhisida shabakada SD-WAN ee FortiGate waxay la mid tahay dhisida shabakad WAN oo joogto ah, maadaama aan shatiyo dheeraad ah loo baahnayn si loo hirgaliyo shaqaynta SD-WAN.
Qiimaha xannibaadda gelitaanka hooseeya. Fortigate waxay leedahay qalabyo heer sare ah oo heerar waxqabad oo kala duwan ah. Moodooyinka ugu da'da yar iyo kuwa ugu jaban waxay ku habboon yihiin ballaarinta xafiis ama goobta iibka, dheh, 3-5 shaqaale. Iibiyeyaal badan ayaan si fudud u haysanin wax-qabad hooseeya oo la awoodi karo.
Waxqabad sare. Hoos u dhigista waxqabadka SD-WAN ee isu dheelitirka taraafikada ayaa u ogolaatay shirkaddu inay sii deyso SD-WAN ASIC gaar ah, taas oo ay ugu mahadcelineyso hawlgalka SD-WAN ma yareynayo waxqabadka dab-damiska guud ahaan.
Awoodda lagu hirgelinayo xafiis dhan oo ku yaal qalabka Fortinet. Kuwani waa laba dab-damis, furayaasha, meelaha laga galo Wi-Fi. Xafiiska noocan oo kale ah waa sahlan tahay oo ku habboon in la maareeyo - furayaasha iyo meelaha laga galo ayaa ka diiwaan gashan dab-damiska oo laga maamulo iyaga. Tusaale ahaan, kani waa waxa ay u ekaan karto deked-bedelka interfiyuuga dab-damiska ee maamula beddelkan:
La'aanta kontaroolayaasha oo ah hal dhibic oo guul darro ah. Iibiyaha laftiisa ayaa diiradda saaraya tan, laakiin tan waxaa loogu yeeri karaa oo kaliya faa'iido qayb ahaan, sababtoo ah kuwa iibiya kuwaas oo haysta kontaroolayaasha, hubinta dulqaadkooda khaladku waa mid aan qaali ahayn, inta badan qiimaha qadar yar oo xisaabinta khayraadka ee jawiga farsamada.
Maxaa la raadinayaa
Ma kala soocna Diyaarada Xakamaynta iyo Diyaarada Xogta. Tani waxay ka dhigan tahay in shabakadu ay tahay in lagu habeeyo gacanta ama iyadoo la adeegsanayo qalabka maaraynta dhaqanka ee horeyba loo heli karo - FortiManager. Iibiyeyaasha fuliyay kala-soociddan oo kale, shabakadu waa la isu keenay. Maamuluhu waxa laga yaabaa inuu u baahdo oo kaliya inuu hagaajiyo topology-giisa, ka mamnuuco shay meel, wax kale maaha. Si kastaba ha ahaatee, FortiManager's trump kaarka waa in ay maareyn karto oo kaliya ma aha dab-damiska, laakiin sidoo kale furayaasha iyo dhibcaha gelitaanka Wi-Fi, taas oo ah, ku dhawaad shabakada oo dhan.
Kordhinta shuruuda ah ee xakamaynta. Sababtoo ah xaqiiqda ah in aaladaha dhaqameed loo isticmaalo si otomaatig ah qaabeynta shabakada, maaraynta shabakada ee hordhaca ah ee SD-WAN waxay kordhisaa wax yar. Dhanka kale, shaqeynta cusubi waxay noqotaa mid si dhakhso ah loo heli karo, maadaama iibiyuhu marka hore u sii daayo kaliya nidaamka hawlgalka dab-damiska (taas oo isla markiiba suurtogal ka dhigaysa in la isticmaalo), ka dibna kaliya waxay ku kordhisaa nidaamka maaraynta isdhexgalka lagama maarmaanka ah.
Waxqabadyada qaar ayaa laga yaabaa in laga helo khadka taliska, laakiin lagama heli karo interneedka shabakadda. Mararka qaarkood maahan wax cabsi leh in la galo khadka taliska si loo habeeyo shay, laakiin waa cabsi in aan lagu arkin shabakada internetka in qof uu mar hore wax ka sameeyay khadka taliska. Laakiin tani inta badan waxay khusaysaa astaamaha cusub oo si tartiib tartiib ah, iyadoo la cusbooneysiiyay FortiOS, awoodaha isku xirka shabakadda waa la hagaajiyay.
Ayaa ku habboonaan doona
Kuwa aan lahayn laamo badan. Hirgelinta xalka SD-WAN oo leh qaybo dhexe oo adag oo isku xidhan oo ka kooban 8-10 laamood ayaa laga yaabaa inaanay ku kacayn shumaca - waa inaad lacag ku kharash garaysaa shatiyada aaladaha SD-WAN iyo agabka nidaamka wax-qabadka si aad u martigeliso qaybaha dhexe. Shirkad yar ayaa inta badan haysata agab xisaabeed bilaash ah oo xadidan. Xaaladda Fortinet, waa ku filan inaad si fudud u iibsato dab-damiska.
Kuwa leh laamo yaryar oo badan. Iibiyeyaal badan, qiimaha xalka ugu yar ee laan kasta waa mid aad u sarreeya waxaana laga yaabaa inaysan xiiso u yeelan aragtida ganacsiga ugu dambeeya ee macaamilka. Fortinet waxay bixisaa qalab yar oo qiimo aad u soo jiidasho leh.
Kuwa aan diyaar u ahayn inay aad u fogaadaan weli. Hirgelinta SD-WAN ee leh kontaroolayaasha, dariiqa lahaanshaha, iyo hab cusub oo loo maro qorsheynta iyo maamulka shabakada waxay noqon kartaa tallaabo aad ugu weyn macaamiisha qaarkood. Haa, hirgelinta noocan oo kale ah ayaa ugu dambeyntii gacan ka geysan doonta hagaajinta isticmaalka kanaalada isgaarsiinta iyo shaqada maamulayaasha, laakiin marka hore waxaad u baahan doontaa inaad barato waxyaabo badan oo cusub. Kuwa aan weli diyaar u ahayn isbeddelka isbeddelka, laakiin raba inay wax badan ka saaraan kanaalada isgaarsiinta, xalka Fortinet waa sax.
Source: www.habr.com