Ukubingelela kuwo wonke umuntu oqhubeka nokufunda uchungechunge olumayelana nesizukulwane esisha se-NGFW Check Point yomndeni we-SMB (uchungechunge lwe-1500). IN sibheke isisombululo se-SMP (ingosi yokuphatha yamasango e-SMB). Namuhla ngithanda ukukhuluma nge-Smart-1 Cloud portal, izibeka njengesixazululo esisekelwe ku-SaaS Check Point, isebenza njenge-Management Server efwini, ngakho izoba usizo kunoma iyiphi i-NGFW Check Point. Kulabo abasanda kusijoyina, ake nginikhumbuze ngezihloko okuxoxwe ngazo ngaphambilini: , , .
Ake sigqamise izici eziyinhloko ze-Smart-1 Cloud:
- Isixazululo esisodwa esimaphakathi sokuphatha yonke ingqalasizinda yakho ye-Check Point (amasango abonakalayo nangokoqobo emazingeni ahlukahlukene).
- Isethi evamile yezinqubomgomo zawo wonke ama-Blades ikuvumela ukuthi wenze lula izinqubo zokuphatha (ukudala/ukuhlela imithetho yemisebenzi eyahlukene).
- Ukusekelwa kwendlela yephrofayili lapho usebenza nezilungiselelo zesango. Unesibopho sokuhlukaniswa kwamalungelo okufinyelela lapho usebenza kuphothali, lapho abalawuli benethiwekhi, ochwepheshe bocwaningomabhuku, njll. bangenza ngesikhathi esisodwa imisebenzi ehlukahlukene.
- Ukuqapha usongo, okunikeza amalogi nokubukwa kwemicimbi endaweni eyodwa.
- Ukusekela ukusebenzisana nge-API. Umsebenzisi angasebenzisa izinqubo ezizenzakalelayo, enze imisebenzi yansuku zonke ibe lula.
- Ukufinyelela iwebhu. Isusa imikhawulo emayelana nokusekelwa kwama-OS ngamanye futhi inembile.
Kulabo asebezijwayele izixazululo ze-Check Point, amakhono abalulekile ethulwa awehlukile kunokuba neseva yokuphatha ezinikele endaweni engqalasizinda yakho. Bazobe belungile ngokwengxenye, kodwa esimweni se-Smart-1 Cloud, ukunakekelwa kweseva yokuphatha kunikezwa ochwepheshe be-Check Point. Kuhlanganisa: ukwenza izipele, ukuqapha isikhala samahhala kumidiya, ukulungisa amaphutha, ukufaka izinguqulo zesofthiwe zakamuva. Inqubo yokuthutha (ukudlulisa) izilungiselelo nayo yenziwa lula.
Ukulayisensa
Ngaphambi kokujwayelana nokusebenza kwesisombululo sokuphathwa kwamafu, masifunde izindaba zamalayisense kumphathi .
Ukuphatha isango elilodwa:
Ukubhalisa kuncike kuma-blade okulawula akhethiwe; kunezinkomba ezi-3 sezizonke:
- Abaphathi. 50 GB isitoreji, 1 GB nsuku zonke amalogi.
- Ukuphatha + SmartEvent. Isitoreji esingu-100 GB, amalogi ansuku zonke angu-3 GB, ukukhiqizwa kombiko.
- Ukuphatha + Ukuthobela + I-SmartEvent. Isitoreji esingu-100 GB, amalogi ansuku zonke angu-3 GB, ukukhiqizwa kombiko, izincomo zezilungiselelo ezisekelwe kuzinqubo zokuphepha zolwazi olujwayelekile.
*Inketho incike ezintweni eziningi: uhlobo lwamalogi, inombolo yabasebenzisi, umthamo wethrafikhi.
Kukhona futhi okubhaliselwe ukuphatha 5 amasango. Ngeke sigxile kulokhu ngokuningiliziwe - ungathola ulwazi ngaso sonke isikhathi .
Ukwethulwa kwe-Smart-1 Cloud
Noma ubani angazama isisombululo; ukwenza lokhu, udinga ukubhalisa ku-Infinity Portal - isevisi yefu evela ku-Check Point, lapho ungathola khona ukufinyelela kwesilingo kulezi zindawo ezilandelayo:
- Ukuvikelwa Kwefu (CloudGuard SaaS, CloudGuard Native);
- Ukuvikelwa Kwenethiwekhi (i-CloudGuard Connect, i-Smart-1 Cloud, i-Infinity SOC);
- I-Endpoint Protection (, I-SandBlast Agent Cloud Management, Sandblast Mobile).
Sizongena nawe ohlelweni (ukubhaliswa kuyadingeka kubasebenzisi abasha) bese siya kusixazululo se-Smart-1 Cloud:
Uzotshelwa kafushane mayelana nezinzuzo zalesi sixazululo (Ukuphathwa kwengqalasizinda, akukho ukufakwa okudingekayo, kuvuselela ngokuzenzakalelayo).
Ngemuva kokugcwalisa izinkambu, uzodinga ukulinda kuze kube yilapho i-akhawunti yakho isilungele ukungena kuphothali:
Uma ukusebenza kuphumelele, uzothola imininingwane yokubhalisa nge-imeyili (ecaciswe lapho ungena ku-Infinity Portal), futhi uzoqondiswa kabusha ekhasini lasekhaya le-Smart-1 Cloud.
Amathebhu ephothali atholakalayo:
- Yethula i-SmartConsole. Ukusebenzisa uhlelo olufakiwe ku-PC yakho, noma sebenzisa isixhumi esibonakalayo sewebhu.
- Ukuvumelanisa nento yesango.
- Ukusebenza ngezingodo.
- Amasethingi.
Ukuvumelanisa nesango
Ake siqale ngokuvumelanisa Isango Lokuphepha; ukwenza lokhu, udinga ukuyengeza njengento. Iya kuthebhu "Xhuma i-Gateway"
Kufanele ufake igama lesango elihlukile; ungakwazi ukwengeza amazwana entweni. Bese ucindezela "Bhalisa".
Kuzovela into yesango ezodinga ukuthi ivunyelaniswe Neseva Yokuphatha ngokukhipha imiyalo ye-CLI yesango:
- Qiniseka ukuthi i-JHF (Jumbo Hotfix) yakamuva ifakiwe esangweni.
- Setha ithokheni yokuxhumana: setha ama-maas esango lokuvikeleka kuthokheni ye-auth
- Hlola isimo sethaneli yokuvumelanisa:
Isimo se-MaS: Sinikwe amandla
I-MaaS Tunnel State: Phezulu
Igama lesizinda se-MaS:
Service-Identifier.maas.checkpoint.com
Isango IP lokuxhumana le-MaS: 100.64.0.1
Uma izinkonzo ze-Mass Tunnel seziphakanyisiwe, kufanele uqhubeke uthole uxhumano lwe-SIC phakathi kwesango ne-Smart-1 Cloud ku-Smartconsole. Uma ukusebenza kuphumelele, i-topology yesango izotholakala, ake sinamathisele isibonelo:
Ngakho, uma usebenzisa i-Smart-1 Cloud, isango lixhunywe kunethiwekhi "empunga" 10.64.0.1.
Ake ngengeze ukuthi ekuhlelweni kwethu isango ngokwalo lifinyelela ku-inthanethi lisebenzisa i-NAT, ngakho-ke, alikho ikheli le-IP lomphakathi esibonakalayo sayo, noma kunjalo, singayiphatha ngaphandle. Lesi esinye isici esithokozisayo se-Smart-1 Cloud, ngenxa yokuthi i-subnet yokuphatha ehlukile idalwe nechibi layo lamakheli e-IP.
isiphetho
Uma usungeze ngempumelelo isango lokuphatha nge-Smart-1 Cloud, usukwazi ukufinyelela okugcwele, njengaku-Smart Console. Ekuhlelweni kwethu, sethule inguqulo yewebhu; empeleni, ingumshini obonakalayo ophakanyisiwe oneklayenti lokuphatha elisebenzayo.
Ungakwazi njalo ukufunda okwengeziwe ngamakhono e-Smart Console kanye ne-Check Point architecture kubabhali bethu .
Yilokho kuphela okwanamuhla, silinde isihloko sokugcina sochungechunge, lapho sizothinta khona amandla okushuna ukusebenza komndeni wochungechunge lwe-SMB 1500 ene-Gaia 80.20 Embedded efakiwe.
. Hlala ubukele (, , , , )
Source: www.habr.com