Isigcawu sewebhu okanye indawo esembindini yenethiwekhi esasazwayo

Yintoni omele uyijonge xa ​​ukhetha i-router yeVPN kwinethiwekhi esasazwayo? Kwaye yeyiphi imisebenzi ekufuneka ibenayo? Yile nto yethu uphononongo lweZyWALL VPN1000 lunikezelwe kuyo.

Intshayelelo

Ngaphambili, uninzi lweempapasho zethu bezinikezelwe kwizixhobo ezisezantsi zeVPN zokufikelela kwinethiwekhi kwiindawo ezisecaleni. Ngokomzekelo, ukudibanisa amasebe ahlukeneyo kunye nekomkhulu, ukufikelela kwiNethiwekhi yeenkampani ezincinci ezizimeleyo, okanye izindlu zabucala. Lixesha lokuthetha malunga ne-node ephakathi kwinethiwekhi esasazwayo.

Kucacile ukuba akunakwenzeka ukwakha inethiwekhi yanamhlanje yeshishini elikhulu kuphela ngesiseko sezixhobo zodidi lwezoqoqosho. Kwaye uququzelele inkonzo yefu ukubonelela ngeenkonzo kubathengi, nabo. Endaweni ethile kufuneka kubekho izixhobo ezifakelweyo ezinokukhonza inani elikhulu labathengi ngexesha elinye. Ngeli xesha siza kuthetha ngesixhobo esinye esinjalo - Zyxel VPN1000.

Kubathathi-nxaxheba abakhulu nabancinci kutshintshiselwano lwenethiwekhi, kunokwenzeka ukuchonga imilinganiselo apho ukufaneleka kwesixhobo esithile sokusombulula ingxaki kuvavanywa.

Ngezantsi zezona ziphambili:

• ubuchule bobugcisa kunye nokusebenza;
• ulawulo;
• khu seleko;
• ukunyamezela iimpazamo.

Kunzima ukugqiba ukuba yintoni ebaluleke ngakumbi kwaye yintoni enokwenziwa ngaphandle kwayo. Yonke into iyadingeka. Ukuba isixhobo asihlangabezani neemfuno ngokwekhrayitheriya ethile, oku kugcwele iingxaki kwixesha elizayo.

Nangona kunjalo, iimpawu ezithile zezixhobo ezenzelwe ukuqinisekisa ukusebenza kweeyunithi ezisembindini kunye nezixhobo ezisebenza ikakhulu kwi-periphery zinokwahluka kakhulu.

Kwi-node ephakathi, amandla ekhompyutheni eza kuqala - oku kukhokelela ekupholiseni okunyanzeliswayo, kwaye, ngenxa yoko, ingxolo evela kumqhubi. Kwizixhobo ze-peripheral, ezihlala eziofisini nasemakhaya, ukusebenza ngengxolo phantse akwamkelekanga.

Enye inqaku elinomdla kukusasazwa kwamachweba. Kwizixhobo ze-peripheral kucace ngakumbi okanye ngaphantsi ukuba iya kusetyenziswa njani kwaye bangaphi abathengi abaya kudityaniswa. Ke ngoko, unokuseta ulwahlulo olungqongqo lwezibuko kwi-WAN, LAN, DMZ, bopha ngokungqongqo kwiprotocol, njalo njalo. Akukho siqinisekiso esinjalo kwindawo ephakathi. Umzekelo, songeze icandelo elitsha lothungelwano elifuna uqhagamshelo ngojongano lwalo - kwaye ungayenza njani le nto? Oku kufuna isisombululo esiphezulu esinamandla okuqwalasela ujongano oluguquguqukayo.

I-nuance ebalulekileyo kukuba isixhobo sisityebi kwimisebenzi eyahlukeneyo. Kakade ke, indlela yokuba isixhobo esinye senze umsebenzi omnye kakuhle ineengenelo zayo. Kodwa eyona meko inomdla iqala xa kufuneka uthathe inyathelo ukuya ngakwesobunxele, inyathelo ukuya ngasekunene. Kakade ke, ngomsebenzi omtsha ngamnye unako ukuthenga esinye isixhobo target. Kwaye njalo de uhlahlo lwabiwo-mali okanye indawo yokubeka iphelile.

Ngokwahlukileyo, iseti eyandisiweyo yemisebenzi ikuvumela ukuba uphumelele ngesixhobo esinye xa usombulula imiba emininzi. Ngokomzekelo, i-ZyWALL VPN1000 isekela iindidi ezininzi ze-VPN, kuquka i-SSL kunye ne-IPsec VPN, kunye noqhagamshelwano olukude lwabasebenzi. Oko kukuthi, isiqwenga esinye se-hardware sigubungela imiba yonxibelelwano lwe-cross-site kunye nomthengi. Kodwa kukho enye "kodwa". Ukuze oku kusebenze, kufuneka ube nogcino lokusebenza. Ngokomzekelo, kwimeko ye-ZyWALL VPN1000, i-IPsec VPN i-hardware core inikezela ngokusebenza okuphezulu kwe-tunnel ye-VPN, kunye ne-VPN yokulinganisa / ukuchithwa kunye ne-SHA-2 kunye ne-IKEv2 algorithms inikeza ukuthembeka okuphezulu kunye nokhuseleko kwishishini.

Apha ngezantsi kukho iimpawu eziluncedo ezigubungela indawo enye okanye ngaphezulu kwezi zichazwe ngasentla.

I-SD-WAN ibonelela ngeqonga lolawulo lwamafu, ukufumana izibonelelo zolawulo oluphakathi lonxibelelwano phakathi kweendawo ezikwaziyo ukulawula ukude kunye nokubeka iliso. I-ZyWALL VPN1000 iphinde ixhase indlela yokusebenza ehambelanayo apho kufuneka imisebenzi ye-VPN ephezulu.

Inkxaso yamaqonga elifu kwiinkonzo ezibalulekileyo zobuthunywa. I-ZyWALL VPN1000 ivavanyelwe ukusetyenziswa kunye ne-Microsoft Azure kunye ne-AWS. Ukusetyenziswa kwezixhobo ezihlolwe kwangaphambili zikhethwa kwintlangano nayiphi na inqanaba, ngakumbi ukuba isiseko se-IT sisebenzisa indibaniselwano yenethiwekhi yendawo kunye nefu.

Uhluzo lomxholo Yomeleza ukhuseleko ngokuthintela ukufikelela kwiiwebhusayithi ezinobungozi okanye ezingafunwayo. Ikhusela i-malware ekubeni ikhutshelwe kwiindawo ezingathembekanga okanye ezigqekeziweyo. Kwimeko yeZyWALL VPN1000, ilayisenisi yonyaka yale nkonzo sele ifakiwe kwiphakheji.

Geo-ezopolitiko (Geo IP) ikuvumela ukuba ubeke iliso kwi-traffic kwaye uhlalutye indawo yeedilesi ze-IP, ukwala ukufikelela kwiindawo ezingeyomfuneko okanye ezinokuba yingozi. Ilayisenisi yonyaka yale nkonzo ikwabandakanyiwe xa kuthengwa isixhobo.

Ulawulo lomnatha ongenazingcingo I-ZyWALL VPN1000 ibandakanya isilawuli senethiwekhi engenazintambo evumela ukuba ulawule ukuya kwii-1032 iindawo zokufikelela kwi-interface yomsebenzisi ophakathi. Amashishini anokuhambisa okanye andise inethiwekhi ye-Wi-Fi elawulwayo ngomzamo omncinci. Kuyaphawuleka ukuba inani 1032 ngokwenene kakhulu. Ngokusekelwe ekubaleni ukuba ukuya kuthi ga kwi-10 abasebenzisi banokuqhagamshela kwindawo enye yokufikelela, lo ngumfanekiso onomtsalane.

Ukulinganisela kunye nokungafuneki. Uchungechunge lweVPN luxhasa ukulinganisa umthwalo kunye nokuphindaphinda kwiindlela ezininzi zangaphandle. Oko kukuthi, unokuqhagamshela amajelo amaninzi kubaboneleli abaninzi, ngaloo ndlela uzikhusele kwiingxaki zonxibelelwano.

Ukubanakho kokungabikho kwesixhobo (Isixhobo HA) kuxhulumaniso olungayekiyo, naxa enye yezixhobo ingaphumeleli. Kunzima ukwenza ngaphandle koku ukuba ufuna ukulungelelanisa umsebenzi 24/7 kunye nexesha elincinci lokuphumla.

Isixhobo seZyxel HA Pro sisebenza ngaphakathi esebenzayo/enziwayo, engadingi inkqubo enzima yokuseta. Oku kukuvumela ukuba wehlise umda wokungena kwaye ngoko nangoko uqale ukusebenzisa ugcino. Ngokungafaniyo esebenzayo/esebenzayo, xa umlawuli wenkqubo efuna ukufumana uqeqesho olongezelelweyo, akwazi ukuqwalasela umzila oguquguqukayo, uqonde ukuba zeziphi iipakethi ze-asymmetric, njl. — useto lwemowudi esebenzayo/enziwayo Isebenza lula kakhulu kwaye ifuna ixesha elincinci.

Xa usebenzisa iZyxel Device HA Pro, izixhobo zokutshintshiselana ngeempawu intliziyo ngezibuko elizinikeleyo. Amazibuko esixhobo esisebenzayo kunye nesisenziwayo intliziyo iqhagamshelwe ngentambo ye-Ethernet. Isixhobo sokwenziwa singqamanisa ngokupheleleyo ulwazi kunye nesixhobo esisebenzayo. Ngokukodwa, zonke iiseshini, iitonela, kunye neeakhawunti zabasebenzisi zilungelelaniswa phakathi kwezixhobo. Ukongeza, isixhobo sokwenziwa sigcina ikopi egciniweyo yefayile yoqwalaselo xa ifowuni esebenzayo ingaphumeleli. Oku kuqinisekisa utshintsho olungenamthungo kwimeko yokusilela kwesixhobo sokuqala.

Kubalulekile ukuba uqaphele ukuba kwiinkqubo ezisebenzayo/esebenzayo kusafuneka ugcine i-20-25% yemithombo yenkqubo ye-failover. Nge esebenzayo/enziwayo isixhobo esinye sikwimo yokulinda ngokupheleleyo, kwaye silungele ukusetyenzwa ngoko nangoko i-traffic yenethiwekhi kunye nokugcina ukusebenza kwesiqhelo kwenethiwekhi.

Ngamagama alula: "Xa usebenzisa i-Zyxel Device HA Pro kwaye uneshaneli yokugcina, ishishini likhuselwe zombini ekulahlekeni konxibelelwano ngenxa yephutha lomnikezeli, kunye neengxaki ezibangelwa ukungaphumeleli kwe-router.

Ukushwankathela konke oku kungasentla

Kwi-node ephakathi yothungelwano olusasazwayo, kungcono ukusebenzisa isixhobo kunye nonikezelo oluthile lwamachweba (uqhagamshelwano loqhagamshelwano). Kule meko, kuyinqweneleka ukuba ube ne-RJ45 i-interfaces yokulula kunye noxhulumaniso lweendleko, kunye ne-SFP yokukhetha phakathi kwe-fiber-optic connection kunye ne-twisted pair.

Esi sixhobo kufuneka sibe:

• imveliso, ilungele utshintsho ngokukhawuleza kumthwalo;
• ngojongano olucacileyo;
• kunye nesityebi, kodwa kungekhona inani eligqithisileyo lemisebenzi eyakhelweyo, kubandakanywa nezo zinxulumene nokhuseleko;
• ngesakhono sokwakha iisekethe ezikwaziyo ukunyamezela impazamo - ukuphinda-phindwa kwetshaneli kunye nokuphinda isixhobo;
• ulawulo oluxhasayo ukwenzela ukuba yonke iziseko ezingundoqo ze-branched ngendlela ye-node ephakathi kunye nezixhobo ze-peripheral zingalawulwa ukusuka kwindawo enye;
• njenge "cherry kwikhekhe" - inkxaso yeendlela zanamhlanje ezifana nokudityaniswa nezixhobo zamafu njalo njalo.

I-ZyWALL VPN1000 njengeyona ndawo iphambili yenethiwekhi

Ekuqalekeni kwiZyWALL VPN1000, kuyacaca ukuba iZyxel ayizange igcine amachweba.

Si:

• Izibuko ze-RJ‑12 (GBE) ezilungisekayo ezili-45;

• Izibuko ze-SFP ezi-2 (GBE);

• I-2 USB 3.0 izibuko kunye nenkxaso yeemodem ze-3G / 4G.

Umzobo 1. Umbono jikelele weZyWALL VPN1000.

Kufuneka kuqatshelwe kwangoko ukuba isixhobo asikho kwiofisi yasekhaya, ngokuyintloko ngenxa yabalandeli abanamandla. Zine apha.

Umzobo 2. ZyWALL VPN1000 ipaneli yangasemva.

Makhe sibone ukuba i-interface ijongeka njani.

Kufuneka ngokukhawuleza unikele ingqalelo kwimeko ebalulekileyo. Kukho imisebenzi emininzi, kwaye ayiyi kukwazi ukuyichaza ngokubanzi kwinqaku elinye. Kodwa yintoni enhle malunga neemveliso zeZyxel kukuba kukho amaxwebhu aneenkcukacha kakhulu, okokuqala, umsebenzisi (umlawuli) manual. Ke ngoko, ukufumana umbono wobutyebi bemisebenzi, makhe sidlule nje kwiithebhu.

Ngokungagqibekanga, izibuko 1 kunye nezibuko 2 zabelwe iWAN. Ukuqala kwizibuko lesithathu kukho ujongano lwenethiwekhi yendawo.

Izibuko le-3 eline-IP engagqibekanga 192.168.1.1 ilungele udibaniso.

Sidibanisa i-patchcord, yiya kwidilesi https://192.168.1.1 kwaye ungajonga ifestile yobhaliso lomsebenzisi kujongano lwewebhu.

Qaphela:. Kulawulo, ungasebenzisa inkqubo yokulawula ifu ye-SD-WAN.

Umzobo 3. Ifestile yokungena ngemvume kunye negama lokugqitha

Sihamba ngenkqubo yokufaka igama lokungena kunye negama lokugqitha kwaye sifumane iwindow yeDashboard kwisikrini. Ngokwenyani, njengoko kufanelekile kwiDashboard - ulwazi oluphezulu lokusebenza kwiqhekeza ngalinye lesithuba sesikrini.

Umzobo 4. ZyWALL VPN1000 - Dashboard.

UkuSeta ngokukhawuleza iTab (iWizards)

Kukho abancedisi ababini kwi-interface: ukuseta i-WAN kunye nokuseta i-VPN. Enyanisweni, abancedisi bayinto elungileyo; Ewe, kwabo bafuna ngaphezulu, njengoko kukhankanyiwe ngasentla, kukho amaxwebhu aneenkcukacha.

Umzobo 5. Ithebhu yokuSeta ngokukhawuleza.

Ithebhu yokubeka iliso

Kuyabonakala ukuba, iinjineli zaseZyxel zagqiba kwelokuba zilandele umgaqo: sibeka iliso kuyo yonke into esinokuyenza. Ngokuqinisekileyo, kwisixhobo esisebenza njenge-hub ephakathi, ulawulo olupheleleyo aluyi kulimaza konke.

Kwanokwandisa nje zonke izinto kwibar esecaleni, ubutyebi bokukhetha bubonakala.

Umzobo 6. Ithebhu yokubeka iliso enezinto ezincinci ezandisiweyo.

Ithebhu yoqwalaselo

Apha ubutyebi bemisebenzi bubonakala ngakumbi.

Umzekelo, ulawulo lwezibuko lwesixhobo luyilwe kakuhle kakhulu.

Umzobo 7. Ithebhu yoqwalaselo kunye nezinto ezincinci ezandisiweyo.

Ithebhu yogcino

Iqulethe amacandelwana okuhlaziya i-firmware, i-diagnostics, imigaqo yokujonga indlela kunye nokuvala.

Le misebenzi yeyohlobo oluncedisayo kwaye ikhona kwidigri enye okanye enye phantse kuzo zonke izixhobo zothungelwano.

Umzobo 8. Ithebhu yokugcina kunye nezinto ezincinci ezandisiweyo.

Iimpawu zokuthelekisa

Uphononongo lwethu luya kuba lungaphelelanga ngaphandle kokuthelekisa nezinye ii-analogues.

Ngezantsi itheyibhile yee-analogues ezisondeleyo kwi-ZyWALL VPN1000 kunye noluhlu lwemisebenzi yokuthelekisa.

Itheyibhile 1. Ukuthelekiswa kwe-ZyWALL VPN1000 kunye ne-analogues.

Iingcaciso zeTheyibhile 1:

*1: Ilayisensi iyafuneka

*2: Ubonelelo loMcimbi oPhantsi: Umlawuli kufuneka aqale aqwalasele isixhobo kwindawo phambi kwe-ZTP.

*I-3: Iseshini esekwe: I-DPS iya kusebenza kuphela kwiseshoni entsha; oku akuyi kuchaphazela iseshoni yangoku.

Njengoko ubona, ngandlela thile ii-analogues zibamba iqhawe lophononongo lwethu, umzekelo, iFortinet FG-100E ikwane-WAN eyakhelwe-ngaphakathi, kwaye iMeraki MX100 ine-AutoVPN eyakhelwe-ngaphakathi (indawo yokuya). -site) umsebenzi, kodwa ngokubanzi, i-ZyWALL VPN1000 ayicacanga kwiseti yayo ebanzi yemisebenzi iphambili.

Iingcebiso xa ukhetha izixhobo zendawo ephakathi (hayi iZyxel kuphela)

Xa ukhetha izixhobo zokuququzelela i-node ephakathi yenethiwekhi ebanzi kunye namasebe amaninzi, kufuneka ugxininise kwiiparitha ezininzi: amandla obugcisa, ukukhululeka kolawulo, ukhuseleko kunye nokunyamezela impazamo.

Uluhlu olubanzi lwemisebenzi, inani elikhulu lamachweba angokwenyama kunye noqwalaselo oluguquguqukayo: i-WAN, i-LAN, i-DMZ kunye nobukho beminye imisebenzi emihle, njengomlawuli wokulawula indawo yokufikelela, ikuvumela ukuba ugqibezele imisebenzi emininzi kanye.

Indima ebalulekileyo idlalwe kukufumaneka kwamaxwebhu kunye ne-interface yolawulo elula.

Ukuba nezinto ezibonakala zilula esandleni, akunzima kangako ukwenza iziseko zothungelwano ezithatha iindawo ezahlukeneyo kunye neendawo, kwaye ukusetyenziswa kwelifu le-SD-WAN likuvumela ukuba wenze oku ngokuguquguquka okukhulu kunye nokhuseleko.

amakhonkco aluncedo

Uhlalutyo lwemarike ye-SD-WAN: zeziphi izisombululo ezikhoyo kwaye ngubani ozifunayo

Isixhobo se-Zyxel HA Pro siphucula ukuqina kwenethiwekhi

Ukusebenzisa i-GeoIP kwi-ATP/VPN/Zywall/USG uthotho lwamasango okhuseleko

Yintoni eya kusala kwigumbi lomncedisi?

Ababini kwenye, okanye ukufuduka komlawuli wendawo yokufikelela kwisango

Incoko yeTelegram yeZyxel yeengcali

umthombo: www.habr.com