ProHoster > Blog > Tsamaiso > Mosebetsi o hole kapa pono ea VPN ho Sophos XG Firewall

Mosebetsi o hole kapa pono ea VPN ho Sophos XG Firewall

Mosebetsi o hole kapa pono ea VPN ho Sophos XG Firewall

Lumelang bohle! Sengoliloeng sena se tla nehelanoa ka kakaretso ea ts'ebetso ea VPN ho sehlahisoa sa Sophos XG Firewall. Nakong e fetileng sehlooho re ile ra sheba mokhoa oa ho fumana tharollo ea ts'ireletso ea marang-rang ea lapeng mahala ka lengolo la tumello e felletseng. Kajeno re tla bua ka ts'ebetso ea VPN e hahiloeng ho Sophos XG. Ke tla leka ho hlalosa seo sehlahisoa sena se ka se etsang, hammoho le ho fana ka mehlala ea ho theha IPSec Site-to-Site VPN le tloaelo ea SSL VPN. Kahoo, a re ke re hlahlobisiseng.

Pele ho tsohle, a re shebeng tafole ea laesense:

Mosebetsi o hole kapa pono ea VPN ho Sophos XG Firewall

U ka bala haholoanyane mabapi le hore na Sophos XG Firewall e ngolisitsoe joang mona:
kgokahanyo
Empa sehloohong sena, re tla thahasella feela lintho tseo tse totobalitsoeng ka bofubelu.

Ts'ebetso ea mantlha ea VPN e kenyellelitsoe laesenseng ea mantlha mme e rekoa hang feela. Ena ke laesense ea bophelo bohle 'me ha e hloke ho nchafatsoa. Mojule oa Base VPN Options o kenyelletsa:

Sebaka sa Marang-rang:

  • SSL VPN
  • IPSec VPN

Ho fihlella hole (Client VPN):

  • SSL VPN
  • IPsec Clientless VPN (e nang le sesebelisoa sa mahala sa mosebelisi)
  • L2TP
  • PPTP

Joalokaha u bona, liprothokholo tsohle tse tsebahalang le mefuta ea likhokahano tsa VPN lia tšehetsoa.

Hape, Sophos XG Firewall e na le mefuta e meng e 'meli ea likhokahano tsa VPN tse sa kenyelletsoeng peeletso ea mantlha. Tsena ke RED VPN le HTML5 VPN. Likamano tsena tsa VPN li kenyelelitsoe ho ngoliso ea Tšireletso ea Network, e bolelang hore e le hore u sebelise mefuta ena, u tlameha ho ba le ngoliso e sebetsang, e kenyeletsang ts'ebetso ea ts'ireletso ea marang-rang - IPS le ATP modules.

RED VPN ke mong'a L2 VPN e tsoang Sophos. Mofuta ona oa khokahano ea VPN o na le melemo e mengata ho feta Site-to-site SSL kapa IPSec ha o theha VPN lipakeng tsa XG tse peli. Ho fapana le IPSec, kotopo ea RED e etsa hore ho be le sebopeho se hlakileng lipheletsong tse peli tsa kotopo, e thusang ka mathata a ho rarolla mathata, 'me ho fapana le SSL, sebopeho sena sa sebele se ka khoneha ka botlalo. Motsamaisi o na le taolo e felletseng holim'a subnet ka har'a kotopo ea RED, ho etsa hore ho be bonolo ho rarolla mathata a litsela le likhohlano tsa subnet.

HTML5 VPN kapa Clientless VPN - Mofuta o itseng oa VPN o o lumellang ho tsamaisa lits'ebeletso ka HTML5 hona sebatling. Mefuta ea litšebeletso e ka hlophisoa:

  • RDP
  • Telnet
  • SSH
  • VNC
  • FTP
  • FTPS
  • SFTP
  • SMB

Empa ho bohlokoa ho nahana hore mofuta ona oa VPN o sebelisoa feela maemong a khethehileng mme ho kgothaletswa, haeba ho khoneha, ho sebelisa mefuta ea VPN ho tsoa lethathamong le ka holimo.

Itloaetse

Ha re boneng ka ts'ebetsong mokhoa oa ho lokisa mefuta e mengata ea lithanele, e leng: Site-to-Site IPSec le SSL VPN Remote Access.

IPSec VPN ea sebaka sa marang-rang

Ha re qaleng ka mokhoa oa ho theha kotopo ea IPSec VPN ea Site-to-Site lipakeng tsa li-firewall tse peli tsa Sophos XG. Tlas'a hood, ho sebelisoa Swan e matla, e lumellang hore u hokahane le router leha e le efe ka tšehetso ea IPSec.

U ka sebelisa wizate e bonolo le e potlakileng ea ho seta, empa re tla tsamaea ka tsela e akaretsang e le hore ho latela taelo ena, Sophos XG e ka kopanngoa le lisebelisoa life kapa life tsa IPSec.

Bula fensetere ea litlhophiso tsa pholisi:

Mosebetsi o hole kapa pono ea VPN ho Sophos XG Firewall

Joalokaha re bona, ho na le litlhophiso tse seng li setiloe, empa re tla iketsetsa tsa rona.

Mosebetsi o hole kapa pono ea VPN ho Sophos XG Firewall

Mosebetsi o hole kapa pono ea VPN ho Sophos XG Firewall

Ha re lokiseng litlhophiso tsa encryption bakeng sa mokhahlelo oa pele le oa bobeli mme re boloke leano. Ka papiso, re etsa liketso tse tšoanang ho Sophos XG ea bobeli mme re tsoela pele ho theha kotopo ea IPSec ka boeona.

Mosebetsi o hole kapa pono ea VPN ho Sophos XG Firewall

Kenya lebitso, mokhoa oa ts'ebetso 'me u lokise litlhophiso tsa encryption. Ka mohlala, re tla sebelisa Preshared Key

Mosebetsi o hole kapa pono ea VPN ho Sophos XG Firewall

'me u hlalose li-subnets tsa lehae le tse hole.

Mosebetsi o hole kapa pono ea VPN ho Sophos XG Firewall

Khokahano ea rona e entsoe

Mosebetsi o hole kapa pono ea VPN ho Sophos XG Firewall

Ka papiso, re etsa litlhophiso tse tšoanang ho Sophos XG ea bobeli, ntle le mokhoa oa ho sebetsa, re beha Qala ho hokahanya moo.

Mosebetsi o hole kapa pono ea VPN ho Sophos XG Firewall

Hona joale re na le lithanele tse peli tse hlophisitsoeng. Ka mor'a moo, re hloka ho li kenya tšebetsong le ho li tsamaisa. Sena se etsoa ka mokhoa o bonolo haholo, o hloka ho tobetsa selikalikoe se sefubelu tlas'a lentsoe Active ho kenya tšebetsong le selikalikoeng se sefubelu tlas'a Khokahano ho qala khokahano.
Haeba re bona setšoantšo sena:

Mosebetsi o hole kapa pono ea VPN ho Sophos XG Firewall
Kahoo kotopo ea rona e sebetsa ka nepo. Haeba LED ea bobeli e le 'mala o mofubelu o tiileng kapa amber, ho na le ntho e sa nepahaleng ho melaoana ea khokahanyo kapa li-subnets tsa lehae le tse hole. E-re ke u hopotse hore li-setting li lokela ho etsoa seipone.

Ka thoko, ke batla ho totobatsa hore hoa khoneha ho theha lihlopha tsa Failover ho tsoa lithapong tsa IPSec bakeng sa mamello ea liphoso:

Mosebetsi o hole kapa pono ea VPN ho Sophos XG Firewall

Remote Access SSL VPN

Ha re feteleng ho Remote Access SSL VPN bakeng sa basebelisi. Tlas'a hood, OpenVPN e tloaelehileng ea bilika. Sena se lumella basebelisi ho hokela ka moreki ofe kapa ofe ea tšehetsang lifaele tsa .ovpn (mohlala, moreki ea tloaelehileng oa khokahano).

Taba ea pele, o hloka ho hlophisa maano a seva sa OpenVPN:

Mosebetsi o hole kapa pono ea VPN ho Sophos XG Firewall

Hlalosa lipalangoang bakeng sa ho hokahanya, lokisa boema-kepe, mefuta e mengata ea liaterese tsa ip bakeng sa ho hokahanya basebelisi ba hole

Mosebetsi o hole kapa pono ea VPN ho Sophos XG Firewall

Hape, o ka hlakisa litlhophiso tsa encryption.

Ka mor'a ho lokisa seva, re tsoela pele ho lokisa likhokahano tsa bareki.

Mosebetsi o hole kapa pono ea VPN ho Sophos XG Firewall

Molao o mong le o mong oa khokahano oa SSL VPN o etselitsoe sehlopha kapa mosebelisi ka mong. Mosebelisi e mong le e mong a ka ba le leano le le leng feela la khokahano. Ho ea ka litlhophiso, tse thahasellisang, bakeng sa molao o mong le o mong o joalo, o ka hlalosa hore na basebelisi ka bomong ba tla sebelisa mokhoa ona kapa sehlopha ho tloha ho AD, o ka hlahloba lebokose e le hore sephethephethe sohle se koahele kotopong ea VPN kapa u hlalose liaterese tsa ip, subnets kapa Mabitso a FQDN a fumaneha ho basebelisi. Ho ipapisitsoe le maano ana, profaele ea .ovpn e nang le litlhophiso bakeng sa moreki e tla iketsetsa.

Mosebetsi o hole kapa pono ea VPN ho Sophos XG Firewall

A sebelisa portal ea mosebelisi, mosebelisi a ka khoasolla faele ea .ovpn ka litlhophiso tsa bareki ba VPN le faele ea ho kenya moreki oa VPN e nang le faele ea litlhophiso tse kentsoeng tsa khokahano.

Mosebetsi o hole kapa pono ea VPN ho Sophos XG Firewall

fihlela qeto e

Sehloohong sena, re fetisitse ka bokhutšoanyane ts'ebetso ea VPN ho sehlahisoa sa Sophos XG Firewall. Re shebile kamoo o ka lokisang IPSec VPN le SSL VPN. Lena ha se lethathamo le felletseng la seo tharollo ena e ka se etsang. Lihloohong tse latelang ke tla leka ho hlahloba RED VPN le ho bontša hore na e shebahala joang ka tharollo ka boeona.

Ke leboha nako ea hau.

Haeba u na le lipotso mabapi le mofuta oa khoebo oa XG Firewall, u ka ikopanya le rona - k'hamphani sehlopha sa lintlha, morekisi oa Sophos. Ho lekane ho ngola ka foromo ea mahala ho [imeile e sirelelitsoe].

Source: www.habr.com

Eketsa ka tlhaloso