ProHoster > Ibhulogi > Ulawulo > Umsebenzi okude okanye uphononongo lweVPN kwiSophos XG Firewall

Umsebenzi okude okanye uphononongo lweVPN kwiSophos XG Firewall

Umsebenzi okude okanye uphononongo lweVPN kwiSophos XG Firewall

Molweni nonke! Eli nqaku liza kuphonononga ukusebenza kweVPN kwimveliso yeSophos XG Firewall. Ngaphambili nqaku Sijonge indlela yokufumana esi sisombululo sokhuseleko lwenethiwekhi yekhaya simahla kunye nelayisensi epheleleyo. Namhlanje siza kuthetha malunga nokusebenza kweVPN eyakhelwe kwiSophos XG. Ndiza kuzama ukukuxelela ukuba le mveliso inokwenza ntoni, kwaye iphinde inike imizekelo yokumisela i-IPSec Site-to-Site VPN kunye ne-SSL VPN yesiko. Ke masiqale ngophononongo.

Okokuqala, makhe sijonge itafile yelayisensi:

Umsebenzi okude okanye uphononongo lweVPN kwiSophos XG Firewall

Unokufunda ngakumbi malunga nendlela iSophos XG Firewall enikwe ngayo ilayisenisi apha:
Imbekiselo
Kodwa kweli nqaku siya kuba nomdla kuphela kwezo zinto zigxininiswe ebomvu.

Umsebenzi oyintloko weVPN ufakiwe kwilayisensi eyisiseko kwaye ithengwa kanye kuphela. Le yilayisensi yobomi bonke kwaye ayifuni ukuhlaziywa. Imodyuli yoKhetho lweSiseko seVPN ibandakanya:

Indawo-kuya-kwiNdawo:

  • I-SSL yeVPN
  • IPSec VPN

Ukufikelela kude (iVPN yomxhasi):

  • I-SSL yeVPN
  • IPsec Clientless VPN (eneapp yasimahla yesiko)
  • L2TP
  • PPTP

Njengoko ubona, zonke iiprotocol ezidumileyo kunye neentlobo zoqhagamshelo lweVPN ziyaxhaswa.

Kwakhona, i-Sophos XG Firewall ineentlobo ezimbini ezingakumbi zoqhagamshelwano lwe-VPN olungabandakanywa kubhaliso olusisiseko. Ezi zi-RED VPN kunye ne-HTML5 VPN. Olu xhulumaniso lwe-VPN lufakwe kwi-Network Protection subscription, oku kuthetha ukuba ukuze usebenzise ezi ntlobo kufuneka ube nokubhaliselwa okusebenzayo, okubandakanya nokusebenza kokukhusela inethiwekhi - iimodyuli ze-IPS kunye ne-ATP.

I-RED VPN ngumnini weL2 VPN evela eSophos. Olu hlobo loxhulumaniso lwe-VPN luneenzuzo ezininzi kwi-Site-to-site SSL okanye i-IPSec xa useka i-VPN phakathi kwee-XG ezimbini. Ngokungafani ne-IPSec, i-RED tunnel idala i-interface ebonakalayo kuzo zombini iziphelo zetonela, enceda kwiingxaki zokusombulula ingxaki, kwaye ngokungafaniyo ne-SSL, le interface ebonakalayo inokwenziwa ngokwezifiso ngokupheleleyo. Umlawuli unolawulo olupheleleyo kwi-subnet ngaphakathi kwe-RED tunnel, eyenza kube lula ukusombulula iingxaki zomzila kunye neengxabano ze-subnet.

HTML5 VPN okanye Clientless VPN - Uhlobo oluthile lwe-VPN ekuvumela ukuba uthumele iinkonzo nge-HTML5 ngokuthe ngqo kwisikhangeli. Iindidi zeenkonzo ezinokuthi ziqwalaselwe:

  • I-RDP
  • Telnet
  • SSH
  • VNC
  • FTP
  • FTPS
  • SFTP
  • SMB

Kodwa kuyafaneleka ukuqwalasela ukuba olu hlobo lwe-VPN lusetyenziswa kuphela kwiimeko ezikhethekileyo kwaye kuyacetyiswa, ukuba kunokwenzeka, ukusebenzisa iintlobo zeVPN kwizintlu ezingentla.

Zenza

Makhe sijonge okubonakalayo kwindlela yokuqwalasela ezininzi zezi ntlobo zetonela, ezizezi: Isayithi-ukuya-kwiNdawo IPSec kunye ne-SSL VPN Ufikelelo olukude.

Site-to-Site IPSec VPN

Masiqale ngendlela yokuseta itonela ye-Site-to-Site IPSec VPN phakathi kwee-Firewalls ezimbini ze-Sophos XG. Ngaphantsi kwe-hood isebenzisa iSwan eqinile, ekuvumela ukuba udibanise kuyo nayiphi na i-router enikwe amandla yi-IPSec.

Ungasebenzisa iwizadi eluncedo kwaye ekhawulezayo yokuseta, kodwa siya kulandela umendo ngokubanzi ukuze, ngokusekwe kule miyalelo, unokudibanisa iSophos XG kunye nasiphi na isixhobo usebenzisa i-IPSec.

Masivule ifestile yezicwangciso zenkqubo:

Umsebenzi okude okanye uphononongo lweVPN kwiSophos XG Firewall

Njengoko sibona, kukho iisetingi esele zisetwe, kodwa siya kudala ezethu.

Umsebenzi okude okanye uphononongo lweVPN kwiSophos XG Firewall

Umsebenzi okude okanye uphononongo lweVPN kwiSophos XG Firewall

Masiqwalasele iiparamitha zofihlo kwisigaba sokuqala nesesibini kwaye sigcine umgaqo-nkqubo. Ngomzekeliso, senza amanyathelo afanayo kwi-Sophos XG yesibini kwaye siqhubele phambili ekusetesheni itonela ye-IPSec ngokwayo.

Umsebenzi okude okanye uphononongo lweVPN kwiSophos XG Firewall

Ngenisa igama, imo yokusebenza kwaye uqwalasele iiparamitha zofihlo. Umzekelo, siya kusebenzisa i-Preshared Key

Umsebenzi okude okanye uphononongo lweVPN kwiSophos XG Firewall

kwaye ubonise ii-subnets zasekhaya kunye nezikude.

Umsebenzi okude okanye uphononongo lweVPN kwiSophos XG Firewall

Uqhagamshelwano lwethu lwenziwe

Umsebenzi okude okanye uphononongo lweVPN kwiSophos XG Firewall

Ngomzekeliso, senza izicwangciso ezifanayo kwi-Sophos XG yesibini, ngaphandle kwendlela yokusebenza, apho siya kucwangcisa Qalisa uxhulumaniso.

Umsebenzi okude okanye uphononongo lweVPN kwiSophos XG Firewall

Ngoku sineetonela ezimbini ezimiselweyo. Okulandelayo, kufuneka sizivule kwaye siziqhube. Oku kwenziwa ngokulula kakhulu, kufuneka ucofe kwisangqa esibomvu phantsi kwegama Iyasebenza ukuze usebenze nakwisangqa esibomvu phantsi koQhagamshelwano ukuqalisa uxhulumaniso.
Ukuba sibona lo mfanekiso:

Umsebenzi okude okanye uphononongo lweVPN kwiSophos XG Firewall
Oku kuthetha ukuba itonela yethu isebenza ngokuchanekileyo. Ukuba isalathisi sesibini sibomvu okanye siphuzi, ngoko into ethile ayilungiswanga ngendlela engafanelekanga kwimigaqo-nkqubo yokufihla okanye i-subnets yendawo kunye nekude. Makhe ndikukhumbuze ukuba useto kufuneka lubonakaliswe.

Ngokwahlukileyo, ndingathanda ukuqaqambisa ukuba ungadala amaqela eFailover ukusuka kwiitonela ze-IPSec zokunyamezela iimpazamo:

Umsebenzi okude okanye uphononongo lweVPN kwiSophos XG Firewall

Ukufikelela kude kwi-SSL VPN

Masiqhubele phambili kwi-Remote Access SSL VPN yabasebenzisi. Ngaphantsi kwe-hood kukho i-OpenVPN eqhelekileyo. Oku kuvumela abasebenzisi ukuba badibanise ngokusebenzisa nawuphi na umxhasi oxhasa iifayile zoqwalaselo .ovpn (umzekelo, umxhasi woqhagamshelwano oluqhelekileyo).

Okokuqala, kufuneka uqwalasele imigaqo-nkqubo yeseva ye-OpenVPN:

Umsebenzi okude okanye uphononongo lweVPN kwiSophos XG Firewall

Cacisa uthutho loqhagamshelwano, qwalasela i-port, uluhlu lweedilesi ze-IP zokudibanisa abasebenzisi abakude

Umsebenzi okude okanye uphononongo lweVPN kwiSophos XG Firewall

Ungakhankanya kwakhona useto loguqulelo oluntsonkothileyo.

Emva kokuseta iseva, siqhubeka nokuseta unxibelelwano lwabaxhasi.

Umsebenzi okude okanye uphononongo lweVPN kwiSophos XG Firewall

Umgaqo ngamnye woqhagamshelwano lwe-SSL VPN wenzelwe iqela okanye umsebenzisi ngamnye. Umsebenzisi ngamnye unokuba nomgaqo-nkqubo woqhagamshelwano omnye kuphela. Ngokwezicwangciso, into enomdla kukuba kumgaqo ngamnye onjalo unokuchaza abasebenzisi ngabanye abaza kusebenzisa olu cwangciso okanye iqela elivela kwi-AD, unokwenza ibhokisi yokukhangela ukuze yonke i-traffic isongwe kwitonela ye-VPN okanye ucacise iidilesi ze-IP, ii-subnets okanye amagama e-FQDN afumanekayo kubasebenzisi. Ngokusekwe kule migaqo-nkqubo, iprofayile ye.ovpn enemimiselo yomthengi iyakwenziwa ngokuzenzekelayo.

Umsebenzi okude okanye uphononongo lweVPN kwiSophos XG Firewall

Ukusebenzisa i-portal yomsebenzisi, umsebenzisi unokukhuphela zombini ifayile ye-ovpn kunye nezicwangciso zomthengi we-VPN, kunye nefayile yokufakela umxhasi we-VPN kunye nefayile yesethingi eyakhelwe-ngaphakathi.

Umsebenzi okude okanye uphononongo lweVPN kwiSophos XG Firewall

isiphelo

Kweli nqaku, siye ngokufutshane malunga nokusebenza kweVPN kwimveliso yeSophos XG Firewall. Sijonge indlela onokuthi uqwalasele ngayo i-IPSec VPN kunye ne-SSL VPN. Olu ayiloluhlu olupheleleyo lwento esi sisombululo sinokuyenza. Kumanqaku alandelayo ndiya kuzama ukuphonononga iRED VPN kwaye ndibonise ukuba ibonakala njani kwisisombululo ngokwayo.

Enkosi ngexesha lakho.

Ukuba unayo nayiphi na imibuzo malunga noshicilelo lwentengiso lwe-XG Firewall, ungaqhagamshelana nathi, inkampani iqela lezinto, Umthengisi weSophos. Okufuneka ukwenze kukubhala ngefomu yasimahla apha [imeyile ikhuselwe].

umthombo: www.habr.com

Yongeza izimvo