ProHoster > Ibhulogi > Ulawulo > Khangela iPoint Gaia R80.40. Yintoni entsha?

Khangela iPoint Gaia R80.40. Yintoni entsha?

Khangela iPoint Gaia R80.40. Yintoni entsha?

Ukukhululwa okulandelayo kwenkqubo yokusebenza kusondela Gaia R80.40. Kwiiveki ezimbalwa ezidlulileyo Inkqubo yoFikelelo kwangethuba iqalisiwe, apho unokufikelela khona ukuvavanya unikezelo. Njengesiqhelo, sipapasha ulwazi malunga nokuba yintoni entsha, kwaye sikwaqaqambisa amanqaku anomdla kakhulu ngokwembono yethu. Ukujonga phambili, ndingatsho ukuba izinto ezintsha zibalulekile ngokwenene. Ke ngoko, kufanelekile ukulungiselela inkqubo yohlaziyo kwangoko. Ngaphambili sele sinayo upapashe inqaku indlela yokwenza oku (ukufumana ulwazi oluthe kratya, nceda undwendwele qhagamshelana apha). Masingene kwisihloko...

Yintoni entsha

Makhe sijonge izinto ezintsha ezibhengezwe ngokusesikweni apha. Ulwazi oluthathwe kwindawo Jonga Amaqabane (uluntu olusemthethweni lweCheck Point). Ngemvume yakho, andiyi kuguqulela lo mbhalo, ngethamsanqa abaphulaphuli bakaHabr bayayivumela. Kunoko, ndiza kushiya amagqabaza am kwisahluko esilandelayo.

1. Ukhuseleko lwe-IoT. Iimpawu ezintsha ezinxulumene ne-Intanethi yeZinto

  • Qokelela izixhobo ze-IoT kunye neempawu zetrafikhi kwiinjini zokufumanisa i-IoT eziqinisekisiweyo (okwangoku ixhasa iMedigate, CyberMDX, Cynerio, Claroty, Indegy, SAM kunye neArmis).
  • Qwalasela i-IoT entsha ezinikeleyo yoMgaqo-nkqubo kulawulo lomgaqo-nkqubo.
  • Qwalasela kwaye ulawule imithetho yokhuseleko esekelwe kwiimpawu zezixhobo ze-IoT.

Ukuhlolwa kwe-TLSI-HTTP/2:

  • I-HTTP/2 luhlaziyo lweprotocol yeHTTP. Uhlaziyo lubonelela ngokuphucuka kwisantya, ukusebenza kakuhle kunye nokhuseleko kunye neziphumo ezinolwazi olungcono lomsebenzisi.
  • Khangela iSango loKhuseleko lweNqanaba ngoku lixhasa i-HTTP / 2 kwaye lixhamla isantya esingcono kunye nokusebenza kakuhle ngelixa ufumana ukhuseleko olupheleleyo, kunye nazo zonke iiChwephelo zokuThintela kunye noLawulo lokuFikelela, kunye nokukhuselwa okutsha kwe-HTTP / 2 protocol.
  • Inkxaso yezombini ezicacileyo kunye ne-SSL ye-encrypted traffic kwaye ihlanganiswe ngokupheleleyo kunye ne-HTTPS/TLS
  • Uhlolo lwezakhono.

Uluhlu loHlolo lwe-TLS. Izinto ezintsha malunga nokuhlolwa kwe-HTTPS:

  • Uluhlu olutsha lwePolisi kwi-SmartConsole enikezelwe kuHlolo lwe-TLS.
  • Iingqimba ezahlukeneyo zoHlolo lwe-TLS zingasetyenziswa kwiipakethe zomgaqo-nkqubo ezahlukeneyo.
  • Ukwabelana ngoMaleko woHlolo lwe-TLS kuzo zonke iipakethe zepolisi ezininzi.
  • I-API yemisebenzi ye-TLS.

3. UThintelo lweNgozi

  • Ukongezwa kobuchule ngokubanzi kwiinkqubo zoThintelo lweNgozi kunye nohlaziyo.
  • Uhlaziyo oluzenzekelayo kwiNjini yokuThwelwa koMsongelo.
  • Izinto eziDynamic, iDomain kunye neziHlaziywayo ngoku zingasetyenziswa kuThintelo lwezoyikiso kunye nemigaqo-nkqubo yoHlolo lwe-TLS. Izinto ezihlaziyiweyo zizinto zenethiwekhi ezimele inkonzo yangaphandle okanye uluhlu oluguquguqukayo olwaziwayo lweedilesi ze-IP, umzekelo - I-Office365 / i-Google / i-Azure / i-AWS idilesi ye-IP kunye nezinto ze-Geo.
  • I-Anti-Virus ngoku isebenzisa i-SHA-1 kunye ne-SHA-256 izisongelo zokuvala iifayile ezisekelwe kwi-hashes yazo. Ngenisa izalathi ezitsha kwi-SmartConsole Threat Indicators umbono okanye iCustom Intelligence Feed CLI.
  • I-Anti-Virus kunye ne-SandBlast Threat Emulation ngoku ixhasa ukuhlolwa kwe-imeyile ye-traffic kwi-protocol ye-POP3, kunye nokuhlolwa okuphuculweyo kwetrafikhi ye-imeyile kwi-protocol ye-IMAP.
  • I-Anti-Virus kunye ne-SandBlast Threat Emulation ngoku sebenzisa i-fitsha yokuhlola ye-SSH esanda kuqaliswa ukuhlola iifayile ezidluliselwe kwi-SCP kunye ne-SFTP protocol.
  • I-Anti-Virus kunye ne-SandBlast Threat Emulation ngoku ibonelela ngenkxaso ephuculweyo yokuhlolwa kwe-SMBv3 (3.0, 3.0.2, 3.1.1), equka ukuhlolwa koqhagamshelwano lwamajelo amaninzi. Indawo yokuKhangela ngoku kuphela komthengisi oxhasa ukuhlolwa kokudluliselwa kwefayile ngeendlela ezininzi (uphawu oluhlala luhlala lukhona kuzo zonke iimeko zeWindows). Oku kuvumela abathengi ukuba bahlale bekhuselekile ngelixa besebenza ngolu phawu lokuphucula ukusebenza.

4. Ukwazisa ngesazisi

  • Inkxaso yokudityaniswa kwePortal eBanjiweyo kunye ne-SAML 2.0 kunye nabaBoneleli beSazisi beqela lesithathu.
  • Inkxaso ye-Identity Broker yokwabelana nge-scalable kunye negranular yolwazi lwesazisi phakathi kwe-PDPs, kunye nokwabelana nge-cross-domain.
  • Ukomelezwa kwi-Arhente yeeSeva zeSitena ukwenzela ukukala ngcono kunye nokuhambelana.

5. IPsec VPN

  • Qwalasela imimandla eyahlukeneyo ye-encryption ye-VPN kwiSango loKhuseleko elilungu leendawo ezininzi zeVPN. Oku kubonelela:
  • Uphuculo lwabucala — Uthungelwano lwangaphakathi aluchazwanga kuthethwano lweprotocol ye-IKE.
  • Ukuphuculwa kokhuseleko kunye ne-granularity - Cacisa ukuba zeziphi iinethiwekhi ezifikelelekayo kwindawo ethile ye-VPN.
  • Ukusebenzisana okuphuculweyo - Iinkcazo ze-VPN ezisekwe kwindlela elula (ecetyiswayo xa usebenza nge-encryption domain ye-VPN engenanto).
  • Yenza kwaye usebenze ngokungenamthungo kunye nemekobume ye-VPN enkulu (LSV) ngoncedo lweeprofayili ze-LSV.

6. Uhluzo lwe-URL

  • Ukuphuculwa kokuqina kunye nokuqina.
  • Izakhono ezongeziweyo zokusombulula ingxaki.

7.NAT

  • Indlela yonikezelo yezibuko ye-NAT eyomeleziweyo - kuMasango oKhuseleko anemizekelo emi-6 okanye ngaphezulu ye-CoreXL yoFirewall, zonke iimeko zisebenzisa ichibi elifanayo lezibuko le-NAT, elikhulisa ukusetyenziswa kwezibuko nokusetyenziswa kwakhona.
  • Ukujongwa kokusetyenziswa kwezibuko le-NAT kwi-CPView kunye ne-SNMP.

8. Ilizwi nge-IP (VoIP)Iimeko ezininzi zeCoreXL zoFirewall ziphatha iprotocol ye-SIP ukuphucula ukusebenza.

9. Ukufikelela kude kwi-VPNSebenzisa isatifikethi sikamatshini ukwahlula phakathi kwee-asethi zeshishini nezingezizo ezeshishini kunye nokumisela umgaqo-nkqubo onyanzelisa ukusetyenziswa kwee-asethi zeshishini kuphela. Ukunyanzeliswa kunokuba yi-logon yangaphambili (ukuqinisekiswa kwesixhobo kuphela) okanye i-post-logon (isixhobo kunye nokuqinisekiswa komsebenzisi).

10. I-Agent ye-Mobile Access PortalUkhuseleko lweNdawo yokuPhelela eyomeleziweyo kwiMfuno ngaphakathi kwe-Mobile Access Portal Agent ukuxhasa zonke iibhrawuza ezinkulu zewebhu. Ngolwazi oluthe vetshe, bona sk113410.

I-11.CoreXL kunye ne-Multi-Queue

  • Inkxaso yonikezelo oluzenzekelayo lwe-CoreXL SNDs kunye neemeko ze-Firewall ezingadingi i-Security Gateway reboot.
  • Ukuphuculwa kwamava ebhokisi - Isango loKhuseleko litshintsha ngokuzenzekelayo inani le-CoreXL SNDs kunye neemeko ze-Firewall kunye nokucwangciswa kwe-Multi-Queue esekelwe kumthwalo wendlela yangoku.

12. Ukudibanisa

  • Inkxaso yeProtocol yoLawulo lweCluster kwimodi ye-Unicast ephelisa imfuno yeCCP

Iimowudi zosasazo okanye usasazo oluninzi:

  • Uguqulelo oluntsonkothileyo lweProtocol yeCluster ngoku yenziwe ngokungagqibekanga.
  • Imowudi entsha ye-ClusterXL -Iyasebenza / Esebenzayo, exhasa Amalungu eCluster kwiindawo ezahlukeneyo zejografi ezifumaneka kwii-subnets ezahlukeneyo kwaye zineedilesi ezahlukeneyo ze-IP.
  • Inkxaso yaMalungu eQela leClusterXL asebenzisa iinguqulelo ezahlukeneyo zesoftware.
  • Kupheliswe imfuno yoqwalaselo lomlingo we-MAC xa amaqela amaninzi eqhagamshelwe kwi-subnet efanayo.

13. VSX

  • Inkxaso yokuphuculwa kweVSX ngeCPUSE kwiGaia Portal.
  • Inkxaso ye-Active Up mode kwi-VSLS.
  • Inkxaso yeengxelo zamanani e-CPView yeNkqubo nganye yeVirtual

14. Zero TouchInkqubo yokuseta iPlag & Dlala elula yokuhlohla isixhobo sombane — ukususa imfuno yobuchule bobugcisa kunye nokuba kuqhagamshelwe kwisixhobo ukulungiselela uqwalaselo lokuqala.

15. I-Gaia REST APII-Gaia REST API inikeza indlela entsha yokufunda nokuthumela ulwazi kwiiseva eziqhuba i-Gaia Operating System. Jonga sk143612.

16. Advanced Routing

  • Iziphuculo kwi-OSPF kunye ne-BGP zivumela ukuseta kwakhona kwaye uqalise kwakhona i-OSPF ebumelwaneni kwimeko nganye ye-CoreXL Firewall ngaphandle kwesidingo sokuphinda uqalise i-daemon ehanjiswayo.
  • Ukuphucula uhlaziyo lwendlela yokuphathwa okuphuculweyo kokungangqinelani kwemizila ye-BGP.

17. Izakhono ezintsha zekernel

  • Uphuculo lwe-Linux kernel
  • Inkqubo entsha yokwahlulahlula (gpt):
  • Ixhasa ngaphezulu kwe-2TB ye-drive ebonakalayo/enengqondo
  • Inkqubo yefayile ekhawulezayo (xfs)
  • Ukuxhasa ukugcinwa kwenkqubo enkulu (ukuya kuthi ga kwi-48TB ivavanyiwe)
  • I/O enxulumene nokuphuculwa kwentsebenzo
  • Imigca emininzi:
  • Inkxaso epheleleyo yeGaia Clish yemiyalelo yeMigcele emininzi
  • Ulungelelwaniso oluzenzekelayo "luvuleleke ngokungagqibekanga".
  • Inkxaso ye-SMB v2/3 kwi-Mobile Access blade
  • Inkxaso eyongeziweyo ye-NFSv4 (umxhasi) (NFS v4.2 luguqulelo lweNFS oluhlala lusetyenziswa)
  • Inkxaso yezixhobo zenkqubo entsha yokulungisa, ukubeka iliso kunye nokuqwalasela inkqubo

18. UMlawuli we-CloudGuard

  • Ukomelezwa kwentsebenzo kuqhagamshelo kuMaziko eDatha angaphandle.
  • Ukudityaniswa neVMware NSX-T.
  • Inkxaso yemiyalelo eyongezelelweyo ye-API yokudala nokuhlela izinto zeSeva yeZiko leDatha.

19. Iseva ye-Multi-Domain

  • Gcina kwaye ubuyisele iSeva yoLawulo lweDomain enye kwiSeva yeeDomain ezininzi.
  • Hambisa i-Domain Management Server kwenye i-Multi-Domain Server ukuya kuLawulo loKhuseleko lwe-Multi-Domain.
  • Hambisa iSeva yoLawulo loKhuseleko ukuba ibe yiSeva yoLawulo lweDomain kwiSeva yeeDomain ezininzi.
  • Hambisa iSeva yoLawulo lweDomain ukuze ibe yiSeva yoLawulo loKhuseleko.
  • Buyisela i-Domain kwi-Multi-Domain Server, okanye iSeva yoLawulo loKhuseleko kuhlaziyo lwangaphambili ukulungiselela ukuhlelwa okungakumbi.

20. I-SmartTasks kunye ne-API

  • Indlela yokuqinisekisa yoLawulo olutsha lwe-API esebenzisa iSitshixo se-API esenziwe ngokuzenzekelayo.
  • Ulawulo olutsha lwe-API luyalela ukwenza izinto zeqela.
  • I-Central Deployment ye-Jumbo Hotfix Accumulator kunye ne-Hotfixes esuka kwi-SmartConsole okanye nge-API ivumela ukufaka okanye ukuphucula iiSango zoKhuseleko ezininzi kunye namaQela ngokufanayo.
  • I-SmartTasks - Lungiselela izikripthi ezizenzekelayo okanye izicelo ze-HTTPS ezibangelwa yimisebenzi yomlawuli, njengokupapasha iseshoni okanye ukufakela umgaqo-nkqubo.

21. UkusasazwaI-Central Deployment ye-Jumbo Hotfix Accumulator kunye ne-Hotfixes esuka kwi-SmartConsole okanye nge-API ivumela ukufaka okanye ukuphucula iiSango zoKhuseleko ezininzi kunye namaQela ngokufanayo.

22. SmartEventYabelana ngeembono zeSmartView kunye neengxelo nabanye abalawuli.

23.Log ngaphandleIlogs ezithunyelwa ngaphandle zihluzwe ngokwamaxabiso entsimi.

24. Ukhuseleko lweNdawo yokuphela

  • Inkxaso yoguqulelo oluntsonkothileyo lweBitLocker yokuFihlwa kweDiski epheleleyo.
  • Inkxaso yezatifikethi zeGunya leSatifikethi sangaphandle kumthengi woKhuseleko lwe-Endpoint
  • uqinisekiso kunye nonxibelelwano kunye ne-Endpoint Security Management Server.
  • Inkxaso yobungakanani obuguquguqukayo beepakethe zoMxumi woKhuseleko lwesiphelo esekwe kokukhethiweyo
  • iimpawu zokusasazwa.
  • Umgaqo-nkqubo ngoku unokulawula inqanaba lezaziso kubasebenzisi bokuphela.
  • Inkxaso yoBume be-VDI obuZingileyo kuLawulo loMgaqo-nkqubo we-Endpoint.

Eyona nto siyithanda kakhulu (ngokusekwe kwimisebenzi yabathengi)

Njengoko ubona, zininzi izinto ezintsha. Kodwa kuthi, njengoko isihlanganisi inkqubo, kukho amanqaku amaninzi anomdla kakhulu (akwanomdla kubaxhasi bethu). I-10 yethu ephezulu:

  1. Ekugqibeleni, inkxaso epheleleyo yezixhobo ze-IoT ibonakala. Sele kunzima kakhulu ukufumana inkampani engenazo izixhobo ezinjalo.
  2. Uhlolo lwe-TLS ngoku lubekwe kuluhlu olwahlukileyo (uMaleko). Ilunge ngakumbi kunangoku (ngo-80.30). Akusekho ukuqhuba iDashboard yeLegasy endala. Ngaphezu koko, ngoku ungasebenzisa izinto eziHlaziyiweyo kumgaqo-nkqubo wokuhlola we-HTTPS, njenge-Ofisi365, i-Google, i-Azure, i-AWS, njl. iinkonzo. Oku kulula kakhulu xa ufuna ukuseta ngaphandle. Nangona kunjalo, akukabikho nkxaso ye-tls 1.3. Ngokucacileyo baya "kubamba" kunye ne-hotfix elandelayo.
  3. Utshintsho olubalulekileyo lwe-Anti-Virus kunye ne-SandBlast. Ngoku ungajonga iiprothokholi ezifana ne-SCP, SFTP kunye ne-SMBv3 (ngendlela, akukho mntu unokujonga le protocol yamajelo amaninzi kwakhona).
  4. Kukho uphuculo oluninzi malunga neSite-to-Site VPN. Ngoku ungaqwalasela iindawo ezininzi zeVPN kwisango eliyinxalenye yoluntu oluninzi lweVPN. Iluncedo kakhulu kwaye ikhuseleke kakhulu. Ukongeza, i-Check Point ekugqibeleni yakhumbula i-Route Based VPN kwaye yaphucula kancinci ukuzinza kwayo / ukuhambelana.
  5. Uphawu oludume kakhulu kubasebenzisi abakude luye lwavela. Ngoku unokuqinisekisa kungekuphela nje umsebenzisi, kodwa kunye nesixhobo axhuma kuso. Umzekelo, sifuna ukuvumela uqhagamshelo lweVPN kuphela kwizixhobo zenkampani. Oku kwenziwa, ngokuqinisekileyo, ngoncedo lwezatifikethi. Kuyenzeka ukuba unyuse ngokuzenzekelayo (i-SMB v2/3) izabelo zefayile kubasebenzisi abakude kunye nomxhasi weVPN.
  6. Kukho utshintsho oluninzi ekusebenzeni kweqela. Kodwa mhlawumbi enye yeyona nto inomdla kakhulu kukukwazi ukusebenzisa iqela apho amasango aneenguqulelo ezahlukeneyo zeGaia. Oku kulungele xa ucwangcisa uhlaziyo.
  7. Uphuculo lwezakhono zero Touch. Into eluncedo kwabo bahlala befakela "amancinci" amasango (umzekelo, kwii-ATM).
  8. Kwiilogi, ukugcinwa ukuya kuthi ga kwi-48TB kuyaxhaswa ngoku.
  9. Ungabelana ngeedeshibhodi zakho zeSmartEvent nabanye abalawuli.
  10. Ilog yangaphandle ngoku ikuvumela ukuba ucoce kwangaphambili imiyalezo ethunyelweyo usebenzisa iindawo ezifunekayo. Ezo. Kuphela ziilogi eziyimfuneko kunye neziganeko eziya kuthunyelwa kwiisistim zakho ze-SIEM

Hlaziya

Mhlawumbi abaninzi sele becinga ngokuhlaziya. Akukho mfuneko yakungxama. Ukuqala, uguqulelo 80.40 kufuneka luye kuFumaneko Jikelele. Kodwa nasemva koko, akufuneki uhlaziye kwangoko. Kungcono ukulinda ubuncinane i-hotfix yokuqala.
Mhlawumbi abaninzi “bahleli” kwiinguqulelo ezindala. Ndiyakwazi ukuthetha ukuba ubuncinci sele bunokwenzeka (kwaye kuyimfuneko) ukuhlaziya kwi-80.30. Le sele iyinkqubo ezinzileyo kwaye eqinisekisiweyo!

Ungarhuma kumaphepha ethu oluntu (yocingo, Facebook, VK, TS Solution Blog), apho unokulandela ukuvela kwezinto ezintsha kwi-Check Point kunye nezinye iimveliso zokhuseleko.

Ngabasebenzisi ababhalisiweyo kuphela abanokuthatha inxaxheba kuphando. Ngena, ndiyacela.

Loluphi uhlobo lweGaia oyisebenzisayo?

  • R77.10

  • R77.30

  • R80.10

  • R80.20

  • R80.30

  • omnye

Bali-13 abasebenzisi abavotileyo. Abasebenzisi abasi-6 abakhange.

umthombo: www.habr.com

Yongeza izimvo