ProHoster > Blog > Tsamaiso > Sheba Ntlha ea Gaia R80.40. Tse ncha ke life?

Sheba Ntlha ea Gaia R80.40. Tse ncha ke life?

Sheba Ntlha ea Gaia R80.40. Tse ncha ke life?

Tokollo e latelang ea sistimi e sebetsang e ntse e atamela Gaia R80.40. Libeke tse 'maloa tse fetileng Lenaneo la ho Fumana Early le qadile, moo o ka fihlelang ho leka kabo. Joalo ka tloaelo, re phatlalatsa tlhahisoleseling mabapi le se secha, hape re totobatsa lintlha tse khahlang haholo ho latela pono ea rona. Ha ke sheba pele, nka bolela hore lintlafatso li bohlokoa e le kannete. Ka hona, ho bohlokoa ho itokisetsa ts'ebetso ea ntlafatso ea pele. Pele re se re ntse re e hatisitse sehlooho mabapi le mokhoa oa ho etsa sena (bakeng sa tlhaiso-leseling e batsi, ka kopo etela ikopanya le mona). Ha re kene sehloohong...

Tse ncha ke life

Ha re shebeng lintlafatso tse phatlalalitsoeng ka molao mona. Lintlha tse nkiloeng setšeng Sheba Matsoalo (sechaba sa Check Point sa semmuso). Ka tumello ea hau, nke ke ka fetolela temana ena, ka lehlohonolo bamameli ba Habr ba e lumella. Ho e-na le hoo, ke tla siea litlhaloso tsa ka bakeng sa khaolo e latelang.

1. Tšireletso ea IoT. Lintlha tse ncha tse amanang le Marang-rang a Lintho

  • Bokella lisebelisoa tsa IoT le litšobotsi tsa sephethephethe ho tsoa lienjineng tse netefalitsoeng tsa ho sibolla IoT (hajoale e tšehetsa Medigate, CyberMDX, Cynerio, Claroty, Indegy, SAM le Armis).
  • Lokisa Leano le lecha la Leano la IoT taolong ea maano.
  • Beakanya le ho laola melao ea ts'ireletso e ipapisitseng le litšobotsi tsa lisebelisoa tsa IoT.

2.TLS TlhahloboHTTP / 2:

  • HTTP/2 ke ntjhafatso ho protocol ea HTTP. Ntlafatso e fana ka lintlafatso ho lebelo, ts'ebetso le ts'ireletso le liphetho ka boiphihlelo bo betere ba mosebelisi.
  • Check Point's Security Gateway e se e ts'ehetsa HTTP/2 mme e rua molemo ka lebelo le ts'ebetso e ntle ha o ntse o fumana ts'ireletso e felletseng, ka li-blades tsohle tsa Thibelo le Thibelo ea Phihlelo, hammoho le ts'ireletso e ncha ea protocol ea HTTP/2.
  • Ts'ehetso ke ea sephethephethe se hlakileng le sa SSL se patiloeng 'me se kopantsoe ka botlalo le HTTPS/TLS
  • Bokhoni ba ho hlahloba.

Lera la Tlhahlobo la TLS. Mekhoa e mecha mabapi le tlhahlobo ea HTTPS:

  • Leano le lecha la Leano ho SmartConsole le etselitsoeng Tlhahlobo ea TLS.
  • Likarolo tse fapaneng tsa tlhahlobo ea TLS li ka sebelisoa ka har'a liphutheloana tse fapaneng tsa maano.
  • Ho arolelana lera la Tlhahlobo ea TLS ho pholletsa le liphutheloana tse ngata tsa maano.
  • API bakeng sa ts'ebetso ea TLS.

3. Thibelo ea Kotsi

  • Ntlafatso e akaretsang ea ts'ebetso bakeng sa lits'ebetso le lintlafatso tsa Thibelo ea Tšokelo.
  • Lintlafatso tse iketsahallang ho Threat Extraction Engine.
  • Lintho Tse Matla, Tse Hlahang le Lintho Tse Nchafatsoang joale li ka sebelisoa ho Melaoana ea Thibelo ea Litšokelo le Tlhahlobo ea TLS. Lintho tse nchafalitsoeng ke lintho tsa marang-rang tse emelang tšebeletso ea kantle kapa lethathamo le tsebahalang la liaterese tsa IP, mohlala - liaterese tsa IP tsa Office365 / Google / Azure / AWS le lintho tsa Geo.
  • Anti-Virus joale e sebelisa matšoao a tšokelo a SHA-1 le SHA-256 ho thibela lifaele tse ipapisitseng le li-hashes tsa tsona. Kenya matšoao a macha ho tsoa ponong ea SmartConsole Threat Indicators kapa Custom Intelligence Feed CLI.
  • Anti-Virus le SandBlast Threat Emulation joale li tšehetsa tlhahlobo ea sephethephethe sa mangolo-tsoibila holim'a protocol ea POP3, hammoho le tlhahlobo e ntlafalitsoeng ea sephethephethe sa lengolo-tsoibila holima protocol ea IMAP.
  • Anti-Virus le SandBlast Threat Emulation joale sebelisa sesebelisoa sa tlhahlobo sa SSH se sa tsoa hlahisoa ho hlahloba lifaele tse fetisitsoeng holim'a liprothokholo tsa SCP le SFTP.
  • Anti-Virus le SandBlast Threat Emulation joale li fana ka tšehetso e ntlafetseng bakeng sa tlhahlobo ea SMBv3 (3.0, 3.0.2, 3.1.1), e kenyeletsang tlhahlobo ea likhokahano tsa likanale tse ngata. Hona joale Check Point ke eena feela morekisi ea tšehetsang tlhahlobo ea phetisetso ea faele ka liteishene tse ngata (e leng tšobotsi e fumanehang ka ho sa feleng libakeng tsohle tsa Windows). Sena se lumella bareki ho lula ba bolokehile ha ba ntse ba sebetsa ka karolo ena e ntlafatsang ts'ebetso.

4. Tlhokomeliso ea Boitsebiso

  • Tšehetso bakeng sa khokahanyo ea Captive Portal le SAML 2.0 le batho ba boraro ba fanang ka boitsebiso.
  • Tšehetso bakeng sa Identity Broker bakeng sa ho arolelana lintlha tsa boitsebiso pakeng tsa PDPs, hammoho le ho arolelana libaka tse fapaneng.
  • Lintlafatso ho Moemeli oa Li-terminal Servers bakeng sa ho hola le ho lumellana hantle.

5. IPsec VPN

  • Lokisa libaka tse fapaneng tsa encryption tsa VPN ho Seterateng sa Tšireletso eo e leng setho sa lichaba tse ngata tsa VPN. Sena se fana ka:
  • Lekunutu le ntlafalitsoeng - Marang-rang a ka hare ha a senoloe lipuisanong tsa protocol ea IKE.
  • Tšireletseho e ntlafetseng le granularity - Hlalosa hore na ke marang-rang afe a fumanehang sechabeng sa VPN se boletsoeng.
  • Tšebelisano e ntlafalitsoeng - Litlhaloso tse bonolo tsa VPN tse thehiloeng tseleng (tse khothalelitsoeng ha u sebetsa le sebaka se se nang letho sa VPN sa encryption).
  • Theha 'me u sebetse ka mokhoa o se nang moeli ka tikoloho ea Large Scale VPN (LSV) ka thuso ea liprofaele tsa LSV.

6. Sefa URL

  • scalability e ntlafetseng le botsitso.
  • Matla a atolositsoeng a ho rarolla mathata.

7.NAT

  • Mokhoa o ntlafalitsoeng oa kabo ea boema-kepe ba NAT - ho Li- Gateways tsa Tšireletso tse nang le maemo a 6 kapa ho feta a CoreXL Firewall, maemo ohle a sebelisa letamo le tšoanang la likou tsa NAT, tse ntlafatsang tšebeliso ea boema-kepe le ho e sebelisa hape.
  • Tlhokomelo ea ts'ebeliso ea boema-kepe ba NAT ho CPView le SNMP.

8. Voice over IP (VoIP)Maemo a mangata a CoreXL Firewall a sebetsana le protocol ea SIP ho ntlafatsa ts'ebetso.

9.Remote Access VPNSebelisa setifikeiti sa mochini ho khetholla pakeng tsa thepa ea khoebo le eo e seng ea khoebo le ho theha leano le qobellang tšebeliso ea thepa ea khoebo feela. Ts'ebetso e ka ba pele ho logon (netefatso ea sesebelisoa feela) kapa post-logon (sesebelisoa le netefatso ea mosebelisi).

10. Moemeli oa Phatlalatso ea MohalaTšireletso e ntlafetseng ea Endpoint on Demand ka hare ho Moemeli oa Mobile Access Portal ho tšehetsa libatli tsohle tse kholo tsa marang-rang. Ho fumana lintlha tse ling, sheba sk113410.

11.CoreXL le Multi-Queue

  • Ts'ehetso ea kabo ea othomathiki ea li-CoreXL SNDs le maemo a Firewall tse sa hlokeng hore Security Gateway e qale hape.
  • Boiphihlelo bo ntlafalitsoeng ka ntle ho lebokose - Security Gateway e fetola ka bo eona palo ea liketsahalo tsa CoreXL SNDs le Firewall le tlhophiso ea Multi-Queue e ipapisitseng le sephethephethe sa hajoale.

12. Ho kopanya

  • Tšehetso bakeng sa Protocol ea Cluster Control ka mokhoa oa Unicast o felisang tlhokahalo ea CCP

Mekhoa ea phatlalatso kapa ea Multicast:

  • Cluster Control Protocol e se e entsoe ka mokhoa oa kamehla.
  • Mokhoa o mocha oa ClusterXL -Active/Active, o tšehetsang Litho tsa Cluster libakeng tse fapaneng tsa libaka tse fumanehang ho li-subnet tse fapaneng le tse nang le liaterese tse fapaneng tsa IP.
  • Ts'ehetso bakeng sa Litho tsa ClusterXL Cluster tse tsamaisang mefuta e fapaneng ea software.
  • E felisitse tlhoko ea tlhophiso ea MAC Magic ha lihlopha tse 'maloa li hokahantsoe le subnet e tšoanang.

13. VSX

  • Ts'ehetso ea ntlafatso ea VSX ka CPUSE ho Gaia Portal.
  • Tšehetso ea Active Up mode ho VSLS.
  • Ts'ehetso bakeng sa litlaleho tsa lipalo tsa CPView bakeng sa Sistimi e 'ngoe le e 'ngoe ea Virtual

14. Zero TouchMokhoa o bonolo oa ho seta oa Plug & Play bakeng sa ho kenya sesebelisoa - o tlosa tlhoko ea boitseanape ba tekheniki le ho hokahana le sesebelisoa bakeng sa phetisetso ea pele.

15. Gaia REST APIGaia REST API e fana ka mokhoa o mocha oa ho bala le ho romella tlhahisoleseling ho li-server tse tsamaisang Gaia Operating System. Sheba sk143612.

16. Tsela e tsoetseng pele

  • Lintlafatso ho OSPF le BGP li lumella ho seta bocha le ho qala bocha OSPF boahelani bakeng sa mohlala o mong le o mong oa CoreXL Firewall ntle le tlhoko ea ho qala daemon e tsamaisitsoeng bocha.
  • Ntlafatso ea ho nchafatsa litsela bakeng sa ts'ebetso e ntlafetseng ea ho se lumellane ha litsela tsa BGP.

17. Tsebo e ncha ea kernel

  • Linux kernel e ntlafalitsoeng
  • Sistimi e ncha ea ho arola (gpt):
  • E tšehetsa li-drive tse fetang 2TB tsa 'mele / tse utloahalang
  • Sistimi ea faele e potlakileng (xfs)
  • E ts'ehetsa polokelo e kholo ea sistimi (ho fihla ho 48TB e lekoa)
  • Lintlafatso tsa tšebetso tse amanang le I/O
  • Mela e mengata:
  • Ts'ehetso e felletseng ea Gaia Clish bakeng sa litaelo tsa Multi-Queue
  • Tlhophiso ea "othomathike ka ho sa feleng".
  • SMB v2/3 mount tshehetso ho Mobile Access blade
  • Ts'ehetso ea NFSv4 (client) e ekelitsoeng (NFS v4.2 ke mofuta oa kamehla oa NFS o sebelisitsoeng)
  • Ts'ehetso ea lisebelisoa tse ncha tsa sistimi bakeng sa ho lokisa liphoso, ho lekola le ho hlophisa sistimi

18. Mookameli oa CloudGuard

  • Lintlafatso tsa ts'ebetso bakeng sa likhokahano le Litsi tsa data tsa kantle.
  • Ho kopanya le VMware NSX-T.
  • Ts'ehetso bakeng sa litaelo tse eketsehileng tsa API ho theha le ho hlophisa lintho tsa Seva ea Setsi sa Data.

19. Multi-Domain Server

  • Etsa bekapo 'me u tsosolose Seva ea Tsamaiso ea Domain ka bomong ho Multi-Domain Server.
  • Tsamaisa Seva ea Tsamaiso ea Domain ho Seva e le 'ngoe ea Multi-Domain ho ea ho Tsamaiso e fapaneng ea Multi-Domain Security.
  • Tsamaisa Seva ea Tsamaiso ea Ts'ireletso hore e be Seva ea Tsamaiso ea Domain ho Multi-Domain Server.
  • Tsamaisa Seva ea Tsamaiso ea Domain ho ba Seva ea Tsamaiso ea Ts'ireletso.
  • Khutlisetsa Domain ho Multi-Domain Server, kapa Seva ea Tsamaiso ea Ts'ireletso tokisong e fetileng bakeng sa ntlafatso e tsoelang pele.

20. SmartTasks le API

  • Mokhoa o mocha oa netefatso oa API o sebelisang senotlolo sa API se iketselitseng.
  • New Management API e laela ho theha lintho tsa sehlopha.
  • Central Deployment ea Jumbo Hotfix Accumulator le Hotfixes ho tloha SmartConsole kapa ka API e lumella ho kenya kapa ho ntlafatsa mekhoa e mengata ea Tšireletso le Li-Cluster ka ho tšoana.
  • SmartTasks - Lokisa lingoloa tsa othomathike kapa likopo tsa HTTPS tse hlahisitsoeng ke mesebetsi ea batsamaisi, joalo ka ho phatlalatsa seshene kapa ho kenya leano.

21. PhahamisoCentral Deployment ea Jumbo Hotfix Accumulator le Hotfixes ho tloha SmartConsole kapa ka API e lumella ho kenya kapa ho ntlafatsa mekhoa e mengata ea Tšireletso le Li-Cluster ka ho tšoana.

22. SmartEventArolelana maikutlo le litlaleho tsa SmartView le balaoli ba bang.

23.Log ExporterRomella likutung tse tlhotliloeng ho latela maemo a sebaka.

24. Tšireletso ea Qetellong

  • Ts'ehetso bakeng sa encryption ea BitLocker bakeng sa encryption e felletseng ea Disk.
  • Ts'ehetso bakeng sa litifikeiti tsa kantle tsa Setifikeiti sa Setifikeiti bakeng sa moreki oa Endpoint Security
  • netefatso le puisano le Endpoint Security Management Server.
  • Tšehetso bakeng sa boholo bo matla ba liphutheloana tsa Endpoint Security Client tse thehiloeng ho tse khethiloeng
  • likarolo bakeng sa ho romelloa.
  • Pholisi joale e ka laola boemo ba litsebiso ho basebelisi ba ho qetela.
  • Tšehetso bakeng sa tikoloho e tsitsitseng ea VDI ho Tsamaiso ea Leano la Endpoint.

Seo re se ratileng haholo (ho ipapisitse le mesebetsi ea bareki)

Joalokaha u ka bona, ho na le lintho tse ngata tse ncha. Empa bakeng sa rona, joalo ka mohokahanyi oa tsamaiso, ho na le lintlha tse 'maloa tse thahasellisang haholo (tseo le tsona li thahasellisang ho bareki ba rona). Tse 10 tsa rona tse holimo:

  1. Qetellong, tšehetso e felletseng ea lisebelisoa tsa IoT e hlahile. Ho se ho ntse ho le thata ho fumana k'hamphani e se nang lisebelisoa tse joalo.
  2. Tlhahlobo ea TLS e se e behiloe karolong e arohaneng (Lera). Ho bonolo haholo ho feta hona joale (ho 80.30). Ha ho sa tla ba le Dashboard ea khale ea Legasy. Hape, joale o ka sebelisa lintho tse ka ntlafatsoang leanong la tlhahlobo la HTTPS, joalo ka lits'ebeletso tsa Office365, Google, Azure, AWS, joalo-joalo. Sena se bonolo haholo ha o hloka ho theha mekhelo. Leha ho le joalo, ha ho na tšehetso bakeng sa tls 1.3. Kamoo ho bonahalang kateng ba tla "tšoara" le hotfix e latelang.
  3. Liphetoho tse kholo bakeng sa Anti-Virus le SandBlast. Joale o ka sheba liprothokholo tse kang SCP, SFTP le SMBv3 (ka tsela, ha ho motho ea ka hlolang a hlahloba protocol ena ea li-channel tse ngata).
  4. Ho na le lintlafatso tse ngata mabapi le Site-to-Site VPN. Hona joale o ka lokisa libaka tse 'maloa tsa VPN monyako oa heke eo e leng karolo ea metse e mengata ea VPN. E bonolo haholo ebile e bolokehile haholoanyane. Ntle le moo, Check Point e ile ea qetella e hopotse Route Based VPN mme e ntlafalitse botsitso ba eona / ho tsamaellana ha eona hanyane.
  5. Ho hlahile tšobotsi e tsebahalang haholo bakeng sa basebelisi ba hole. Hona joale o ka netefatsa eseng mosebelisi feela, empa hape le sesebelisoa seo a se kopanyang. Ka mohlala, re batla ho lumella likhokahano tsa VPN ho tsoa ho lisebelisoa tsa khoebo feela. Sena se etsoa, ​​​​ehlile, ka thuso ea litifikeiti. Hape hoa khonahala ho kenya likarolo tsa faele (SMB v2/3) ka bo eona bakeng sa basebelisi ba hole le moreki oa VPN.
  6. Ho na le liphetoho tse ngata ts'ebetsong ea sehlopha. Empa mohlomong e 'ngoe ea tse khahlang haholo ke monyetla oa ho sebetsa sehlopha moo liheke li nang le mefuta e fapaneng ea Gaia. Sena se loketse ha o rera ntlafatso.
  7. Matla a ntlafalitsoeng a Zero Touch. Ntho e molemo bakeng sa ba atisang ho kenya liheke "tse nyenyane" (mohlala, bakeng sa ATM).
  8. Bakeng sa lits'oants'o, polokelo e fihlang ho 48TB e se e tšehetsoa.
  9. U ka arolelana li-dashboard tsa hau tsa SmartEvent le batsamaisi ba bang.
  10. Log Exporter joale e u lumella ho sefa pele melaetsa e rometsoeng u sebelisa likarolo tse hlokahalang. Tseo. Ke feela lintlha le liketsahalo tse hlokahalang tse tla fetisetsoa litsamaisong tsa hau tsa SIEM

Phetoho

Mohlomong ba bangata ba se ba ntse ba nahana ka ho ntlafatsa. Ha ho hlokahale ho potlaka. Ho qala, mofuta oa 80.40 o tlameha ho fallela ho General Availability. Empa le ka mor'a moo, ha ua lokela ho ntlafatsa hang-hang. Ho molemo ho emela bonyane hotfix ea pele.
Mohlomong ba bangata ba "lutse" liphetolelong tsa khale. Nka bolela hore bonyane ho se ho ntse ho khoneha (esita le ho hlokahala) ho ntlafatsa ho 80.30. Ena e se e ntse e le tsamaiso e tsitsitseng le e netefalitsoeng!

U ka boela ua ngolisa maqepheng a rona a sechaba (thelekramo, Facebook, VK, TS Solution Blog), moo o ka latelang ho hlaha ha lisebelisoa tse ncha ho Check Point le lihlahisoa tse ling tsa ts'ireletso.

Ke basebelisi ba ngolisitsoeng feela ba ka kenyang letsoho phuputsong. kenaka kopo.

U sebelisa mofuta ofe oa Gaia?

  • R77.10

  • R77.30

  • R80.10

  • R80.20

  • R80.30

  • Other

Basebelisi ba 13 ba ile ba khetha. Basebelisi ba 6 ba ile ba hana.

Source: www.habr.com

Eketsa ka tlhaloso