1. I-NGFW yamabhizinisi amancane. I-CheckPoint 1500 Security Gateway Line entsha

Ngemva kokushicilelwa izindatshana Sekudlule iminyaka engaphezu kwemibili, amamodeli ochungechunge lwe-1400 manje asusiwe ekuthengisweni. Isikhathi sesifikile sezinguquko kanye nezinto ezintsha, umsebenzi i-CheckPoint eyazama ukuwenza ochungechungeni lwe-1500. Esihlokweni sizobheka amamodeli okuvikela amahhovisi amancane noma amagatsha ezinkampani, sizokwethula izici zobuchwepheshe, izici zokulethwa (amalayisensi, izikimu zokuphatha nezokuphatha), futhi sithinte ubuchwepheshe obusha nezinketho.

Ukuhlanganisa

Izinhlobo ezintsha ze-SMB yilezi: 1530, 1550, 1570, 1570R. Ungabuka imikhiqizo ku ikhasi Ingosi ye-CheckPoint. Ngokunengqondo, sizowahlukanisa abe amaqembu amathathu: isango lokuphepha lehhovisi elinokusekelwa kwe-WIFI (1530, 1550), isango lokuphepha lehhovisi elinokusekelwa kwe-WIFI + 4G/LTE (1570, 1550), isango lokuphepha lemboni (1570R).

Uchungechunge 1530, 1550

Amamodeli anezixhumanisi zenethiwekhi ezi-5 zenethiwekhi yendawo kanye nesixhumi esibonakalayo esi-1 sokufinyelela ku-inthanethi, umkhawulokudonsa wawo ngu-1 GB. Okunye okutholakalayo kukhonsoli ye-USB-C. Ngokuqondene nezici zobuchwepheshe, ke Ishidi le-data Lawa mamodeli anikeza inani elikhulu lamapharamitha alinganisiwe, kodwa sizogxila kokubaluleke kakhulu (ngombono wethu).

Izici

1530

1550

Inombolo enkulu yokuxhumeka ngesekhondi ngalinye

10 500

14 000

Inombolo enkulu yokuxhumana ngasikhathi sinye

500 000

500 000

Ukudluliswa kwe-Firewall + Ukuvimbela Usongo (Mbit/C)

340

450

Ukudluliswa kwe-Firewall + IPS (Mbit/C)

600

800

I-Firewall Bandwidth (Mbps)

1000

1000

* Ukuvimbela Usongo kubhekisela kulawa ma-blade alandelayo asebenzayo: I-Firewall, Ukulawulwa Kwezicelo kanye ne-IPS.

Amamodeli 1530, 1550 anenombolo yokusebenza:

• I-Gaia 80.20 Uhlu olushumekiwe lwezinketho zethulwa ku SK Iphoyinti Lokuhlola
• Ilayisense Yokufinyeleleka Kweselula yokuxhumana okungu-100 ngesikhathi esisodwa ifakiwe ekuthengweni kwanoma iyiphi idivayisi. Kuyafaneleka ukucabangela ukuthi lesi sici sebanga lemodeli ye-SMB NGFW sikuvumela ukuthi ulondoloze ekuthengeni okuhlukile kwamalayisensi e-Mobile Access, angafakiwe uma uthenga olunye uchungechunge lwemodeli ye-CheckPoint.
• Ikhono lokuphatha isango lokuvikeleka usebenzisa uhlelo lokusebenza lweselula lwe-Watch Tower (imininingwane eyengeziwe yabhalwa kweyethu isihloko.)

Ngobani uchungechunge 1530, 1550: lo mzila ulungele amahhovisi egatsha anabantu abangafika ku-100, uxhumeke ezindaweni ezikude, nezindlela ezihlukahlukene zokuphatha ziyatholakala.

Uchungechunge 1570, 1590

Amamodeli amadala kulayini wochungechunge lwe-1500 anokuxhumana okuyisi-8 kokuxhumana kwendawo, isixhumi esibonakalayo esi-1 se-DMZ nesixhumi esibonakalayo esi-1 soxhumano lwe-inthanethi (umkhawulokudonsa wawo wonke amachweba ngu-1 GB/s). Okunye okutholakalayo yi-USB 3.0 Port kanye ne-USB-C Console. Amamodeli eza nokusekelwa kwamamodemu e-4G/LTE. Ukusekelwa kwamakhadi e-Micro-SD kufakiwe ukuze kwandiswe inkumbulo yangaphakathi yedivayisi.

Imininingwane inikezwa ngezansi:

Izici

1570

1590

Inombolo enkulu yokuxhumeka ngesekhondi ngalinye

15 750

21 000

Inombolo enkulu yokuxhumana ngasikhathi sinye

500 000

500 000

I-Threat Prevention Throughput (Mbps)

500

660

Ukudluliswa kwe-Firewall + IPS (Mbit/C)

970

1300

I-Firewall Bandwidth (Mbps)

2800

2800

Amamodeli 1570, 1590 anenombolo yokusebenza:

• I-Gaia 80.20 Uhlu olushumekiwe lwezinketho zethulwa ku SK.
• Ilayisense ye-Mobile Access yokuxhumana okuhambisanayo okungu-200
  iza nokuthengwa kwanoma iyiphi idivayisi. Kuyafaneleka ukucabangela ukuthi lesi sici sebanga lemodeli ye-SMB NGFW sikuvumela ukuthi ulondoloze ekuthengeni okuhlukile kwamalayisensi e-Mobile Access, angafakiwe uma uthenga olunye uchungechunge lwemodeli ye-CheckPoint.
• Ikhono lokuphatha isango lokuvikeleka usebenzisa uhlelo lokusebenza lweselula lwe-Watch Tower (imininingwane eyengeziwe yabhalwa kweyethu isihloko).

Ngobani uchungechunge 1570, 1590: lo mugqa ulungele amahhovisi abantu abangafika kwabangu-200, uhlinzeka ngoxhumano olukude, futhi unokusebenza okuphezulu kakhulu phakathi komndeni we-SMB.

Ukuze uqhathanise izinkomba amamodeli wangaphambilini:

Izici

1470

1490

I-Input With Threat Prevention + Firewall (Mbit/C)

500

550

Ukudluliswa kwe-Firewall + IPS (Mbit/C)

625

800

1570R

I-NGFW 1570R CheckPoint idinga ukunakwa okukhethekile. Yakhelwe ngokukhethekile imboni yezimboni futhi izoba nesithakazelo ezinkampanini ezisebenza emkhakheni: ezokuthutha, ukukhishwa kwemithombo yamaminerali (uwoyela, igesi, njll.), ukukhiqizwa kwemikhiqizo ehlukahlukene.

I-1570R yakhelwe kucatshangelwa izici nemibandela yokusetshenziswa kwayo:

• ukuphepha kwe-perimeter yenethiwekhi nokulawula kumadivayisi ahlakaniphile;
• ukusekelwa kwezivumelwano zezimboni ze-ICS/SCADA, isixhumi se-GPS;
• ukubekezelelana kwamaphutha lapho usebenza ezimweni ezimbi kakhulu (amazinga okushisa aphezulu/aphansi, imvula, ukudlidliza okwandisiwe).

Izici ze-NGFW

1570 Eziqinile

Inombolo enkulu yokuxhumeka ngesekhondi ngalinye

13 500

Inombolo enkulu yokuxhumana ngasikhathi sinye

500 000

I-Threat Prevention Throughput (Mbps)

400

Ukudluliswa kwe-Firewall + IPS (Mbit/C)

700

I-Firewall Bandwidth (Mbps)

1900

Izimo zokusebenza zokusetshenziswa

-40ºC ~ 75ºC (-40ºF ~ +167ºF)

Izitifiketi zamandla

I-EN/IEC 60529, IEC 60068-2-27 ukushaqeka, IEC 60068-2-6 vibration

Ngaphezu kwalokho, sizogqamisa ngokwehlukana inani lemisebenzi ye-1570R:

• I-Gaia 80.20 Uhlu olushumekiwe lwezinketho zethulwa ku SK.
• Ilayisense ye-Mobile Access yokuxhumana okuhambisanayo okungu-200
  ehlinzekwa ngokuthengwa kocingo. Kuyafaneleka ukucabangela ukuthi lesi sici sohlu olusha lwemodeli ye-SMB NGFW sikuvumela ukuthi ulondoloze ekuthengeni okuhlukile kwamalayisensi e-Mobile Access, angafakiwe uma uthenga olunye uchungechunge lwemodeli ye-CheckPoint.
• Ikhono lokuphatha isango lokuvikeleka usebenzisa uhlelo lokusebenza lweselula lwe-Watch Tower (imininingwane eyengeziwe yabhalwa kweyethu isihloko)
• Ukukhiqiza ngokuzenzakalelayo izinqubomgomo/imithetho yamadivayisi e-IoT lapho exhumeke kunethiwekhi yakho yendawo. Umthetho ukhiqizwa kudivayisi ngayinye ehlakaniphile futhi uvumela kuphela lawo maphrothokholi ewadingayo ukuthi asebenze ngendlela efanele.

Ukulawulwa kochungechunge lwe-1500

Ngemva kokucabangela izici zobuchwepheshe kanye namakhono emishini emisha yomndeni we-SMB, kubalulekile ukuqaphela ukuthi kunezindlela ezahlukene zokuphatha nokuphatha kwazo. Izikimu ezilandelayo ezijwayelekile zikhona:

1. Ukulawula kwendawo.

   Ivamise ukusetshenziswa emabhizinisini amancane lapho kunamahhovisi amaningana futhi kungekho ukuphathwa okumaphakathi kwengqalasizinda. Izinzuzo zifaka: ukuthunyelwa okufinyelelekayo nokuphathwa kwe-NGFW, ikhono lokuxhumana namadivayisi endaweni. Okubi kuhlanganisa ukulinganiselwa okuhlotshaniswa namakhono ka-Gaia: ukuntuleka kwezinga lokuhlukaniswa kwemithetho, amathuluzi okuqapha alinganiselwe, ukuntuleka kokugcinwa endaweni eyodwa kwamalogi.

   

2. Ukuphatha okumaphakathi ngeSeva Yokuphatha ezinikele. Le ndlela isetshenziswa esimweni lapho umlawuli ekwazi ukuphatha ama-NGFW ambalwa; angatholakala kumasayithi ahlukene. Inzuzo yale ndlela ukuguquguquka nokulawula phezu kwesimo sonke sengqalasizinda, futhi ezinye izinketho ezishumekiwe ze-Gaia 80.20 zitholakala kuphela ngalolu hlelo.

   

3. Ukuphathwa okumaphakathi nge I-Smart-1 Cloud. Lesi iskripthi esisha sabaphathi be-NGFW kusuka ku-CheckPoint. Iseva Yakho Yokuphatha isetshenziswa endaweni yamafu, konke ukuphatha kwenzeka nge-Web Interface, okukuvumela ukuthi unganciki ku-OS ye-PC yakho. Ukwengeza, iseva yokuphatha igcinwa ochwepheshe be-CheckPoint, ukusebenza kwayo kuncike ngokuqondile kumapharamitha akhethiwe futhi kulula ukukala.

   

4. Ukuphathwa okumaphakathi nge I-SMP (Iphothali Yezokuphathwa Kwezokuphepha). Lesi sixazululo sihlanganisa ukuthunyelwa kwamafu noma emagcekeni kwengosi eyodwa yewebhu eyabiwe ekwazi ukuphatha amadivayisi afinyelela kwangu-10 e-SMB ngesikhathi esisodwa.
5. Ikhono lokulawula ngomakhalekhukhwini we-Watch Tower litholakala kuphela ngemva kokusebenzisa indlela yokulawula egcwele (bheka amaphuzu 1-4). Funda kabanzi mayelana nalesi sici ekhasini lethu isihloko.

Ake sigqamise okubaluleke kakhulu ngokombono wethu:

1. Ukuntula ikhono lokusebenzisa i-Mobile Access Portal. Abasebenzisi bazokwazi ukusebenzisa Ukufinyelela Okukude ukuze bafinyelele izinsiza zenkampani yangaphakathi, kodwa ngeke bakwazi ukuxhuma kuphothali ye-SSL ngezinhlelo zakho zokusebenza ezishicilelwe.
2. Ama-blade alandelayo noma izinketho azisekelwe: Ukuqwashisa Ngokuqukethwe, i-DLP, Izinto Ezibuyekezwayo, ukuhlolwa kwe-SSL ngaphandle kokuhlukaniswa ngezigaba, Ukukhishwa Kosongo, i-MTA enokuhlola Kokulingisa Usongo, I-Antivirus yokuskena izingobo zomlando, i-ClusterXL kumodi Yokwabelana Ngemithwalo.

Ekupheleni kwesihloko, ngithanda ukuqaphela ukuthi isihloko sezixazululo ze-NGFW ze-SMB sesifinyelele ezingeni elisha lokusekela nokusebenzisana; ngenxa yokukhishwa kwenguqulo 80.20 Eshumekiwe, ibhalansi ifinyelelwe phakathi kwezinketho ze- okufushane umnyuziki we-Gaia namandla we-hardware wemishini yamahhovisi amancane. Sihlela ukuqhubeka nokushicilela uchungechunge lwama-athikili okuqeqesha, lapho sizocabangela ukucushwa okuyisisekelo kwezixazululo ze-SMB, ukushuna ukusebenza kanye nezinketho zazo ezintsha.

Ukukhethwa okukhulu kwezinto zokwakha ku-Check Point kusuka ku-TS Solution. Hlala ubukele (yocingo, Facebook, VK, I-TS Solution Blog, I-Yandex.Zen).

Source: www.habr.com