BolеEminyakeni emibili edlule, sabhala ukuthi wonke umlawuli we-Check Point ngokushesha noma kamuva uzobhekana nenkinga yokubuyekeza inguqulo entsha. Kulokhu
Njengoba wazi, kunezinketho ezi-2 zokuqalisa i-Check Point: I-Standalone ne-Distributed, okungukuthi, ngaphandle kweseva yokuphatha ezinikele futhi enezinikezele. Inketho ethi Distributed inconywa kakhulu ngenxa yezizathu ezimbalwa:
-
umthwalo wezinsiza zesango uyancishiswa;
-
Awudingi ukuhlela iwindi lokulungisa ukuze usebenze kuseva yokuphatha;
-
ukusebenza okwanele kwe-SmartEvent, njengoba kungenakwenzeka ukuthi isebenze kunguqulo ye-Standalone;
-
Kunconywa kakhulu ukwakha iqoqo lamasango ekucushweni Okusabalalisiwe.
Ngokunikezwa kwazo zonke izinzuzo zokucushwa Okusabalalisa, sizocabangela ukuthuthukisa iseva yokuphatha kanye nesango lokuvikela ngokuhlukana.
Isibuyekezo Seseva Yokulawulwa Kokuphepha (i-SMS).
Kunezindlela ezi-2 zokubuyekeza i-SMS:
-
nge-CPUSE (nge-Gaia Portal)
-
usebenzisa Amathuluzi Okuthutha (ukufaka okuhlanzekile kuyadingeka - ukufaka okusha)
Ukubuyekeza usebenzisa i-CPUSE akunconyiwe ozakwethu be-Check Point ngoba ngeke kubuyekeze inguqulo yesistimu yefayela lakho kanye ne-kernel. Nokho, le ndlela ayidingi ukufuduka kwezinqubomgomo futhi ishesha kakhulu futhi ilula kunendlela yesibili.
Ukufakwa okuhlanzekile nokuthuthwa kwezinqubomgomo kusetshenziswa Amathuluzi Okuthutha kuyindlela enconyiwe. Ngaphezu kwesistimu entsha yefayela kanye ne-OS kernel, kuvame ukwenzeka ukuthi i-database ye-SMS ivalekile, futhi ukufakwa okuhlanzekile kulokhu kuyisixazululo esihle kakhulu sokwengeza isivinini kuseva.
1) Isinyathelo sokuqala kunoma yisiphi isibuyekezo ukudala izipele nezifinyezo. Uma unesiphakeli sokuphatha esiphathekayo, ikhophi yasenqolobaneni kufanele yenziwe kusukela kusixhumi esibonakalayo sewebhu ye-Gaia Portal. Iya kuthebhu Ukunakekela > Isipele Sesistimu > Isipele. Okulandelayo, ucacisa indawo ukuze ulondoloze isipele. Lokhu kungaba iseva ye-SCP, FTP, TFTP, noma endaweni kudivayisi, kodwa kuzodingeka ukuthi ulayishe lesi sipele kuseva noma ikhompuyutha kamuva.
Umfanekiso 1. Ukudala ikhophi yasenqolobaneni ku-Gaia Portal
2) Okulandelayo kufanele uthathe isifinyezo kuthebhu Ukunakekela → Ukuphatha Isifinyezo → Okusha. Umehluko phakathi kwama-backups nezifinyezo ukuthi izifinyezo zigcina ulwazi olwengeziwe, okuhlanganisa zonke izici ezifakiwe ezishisayo. Nokho, kungcono ukukwenza kokubili.
Uma iseva yakho yokuphatha ifakwe njengomshini obonakalayo, ngakho-ke kuyanconywa ukwenza ikhophi yasenqolobaneni yomshini obonakalayo usebenzisa amathuluzi e-hypervisor eyakhelwe ngaphakathi. Imane ishesha futhi ithembekile.
Umfanekiso 2. Ukudala isifinyezo ku-Gaia Portal
3) Londoloza ukucushwa kwedivayisi kusuka ku-Gaia Portal. Ungathwebula wonke amathebhu wezilungiselelo aku-Gaia Portal, noma ufake umyalo ovela ku-Clish gcina ukucushwa . Okulandelayo, yisa ifayela kwi-PC yakho usebenzisa i-WinSCP noma elinye iklayenti.
Umfanekiso 3. Igcina ukucushwa kufayela lombhalo)
Ukubhala: uma i-WinSCP ingakuvumeli ukuthi uxhume, shintsha igobolondo lomsebenzisi libe ngu-/bin/bash noma kusixhumi esibonakalayo sewebhu kuthebhu Abasebenzisi, noma ngokufaka umyalo. chsh –s /bin/bash .
Ibuyekeza nge-CPUSE
4) Izinyathelo zokuqala ezi-3 ziyimpoqo kunoma iyiphi inketho yokuvuselela. Uma unquma ukuthatha indlela yokuvuselela elula, bese kusixhumi esibonakalayo sewebhu uye kuthebhu Ukuthuthukiswa (CPUSE) > Isimo Nezenzo > Izinguqulo Ezinkulu > Hlola Iphuzu R80.40 I-Gaia Fresh Faka futhi Uthuthukise. Chofoza kwesokudla kulesi sibuyekezo bese ukhetha Isiqinisekisi. Inqubo yokuqinisekisa izoqala imizuzu embalwa, ngemva kwalokho uzobona umlayezo wokuthi idivayisi ingabuyekezwa. Uma ubona amaphutha, adinga ukulungiswa.
Umfanekiso 4. Buyekeza nge-CPUSE
5) Buyekeza enguqulweni yakamuva ye-CDT (Ithuluzi Lokumisa Elimaphakathi) - insiza esebenza kuseva yokuphatha futhi ikuvumela ukuthi ufake izibuyekezo, amaphakethe wesevisi, uphathe izipele, izifinyezo, imibhalo nokunye okuningi. Inguqulo ye-CDT ephelelwe yisikhathi ingase ibangele izinkinga ngokubuyekezwa. Ungalanda i-CDT ku
6) Ngemva kokubeka ingobo yomlando elandiwe ku-SMS kunoma iyiphi inkomba nge-WinSCP, xhuma nge-SSH ku-SMS bese ufaka imodi yochwepheshe. Ake ngikukhumbuze ukuthi umsebenzisi we-WinSCP kufanele abe negobolondo / bin / bash!
7) Faka imiyalo:
cd/somepathtoCDT/
tar -zxvf .tgz
rpm -Uhv —phoqa CPcdt-00-00.i386.rpm
Umfanekiso 5. Ukufaka Ithuluzi Elimaphakathi Lokuthunyelwa (CDT)
8) Isinyathelo esilandelayo ukufaka isithombe sika-R80.40. Chofoza kwesokudla kusibuyekezo Landa, ke Faka. Khumbula ukuthi isibuyekezo sizothatha amaminithi angu-20-30 futhi iseva yokuphatha izobe ingatholakali isikhathi esithile. Ngakho-ke, kunengqondo ukuvumelana ngefasitela lesevisi.
9) Wonke amalayisensi nezinqubomgomo zokuphepha zigcinwa, ngakho-ke ngokulandelayo kufanele ulande entsha
10) Xhuma ku-SMS i-SmartConsole entsha bese usetha izinqubomgomo zokuphepha. Inkinobho Faka Inqubomgomo ekhoneni eliphezulu kwesokunxele.
11) I-SMS yakho ibuyekeziwe, kufanele ufake i-hotfix yakamuva. Kuthebhu Ukuthuthukiswa (CPUSE) > Isimo Nezenzo > Okushisayo chofoza inkinobho yegundane kwesokudla Isiqinisekisike Faka isibuyekezo. Idivayisi izoziqalisa kabusha ngemva kokufaka isibuyekezo.
Umfanekiso 6. Ukufaka i-hotfix yakamuva nge-CPUSE
Ibuyekeza Ngamathuluzi Okuthutha
4) Okokuqala, kufanele futhi ubuyekezele enguqulweni yakamuva ye-CDT - amaphuzu 5, 6, 7 kusukela esigabeni "Buyekeza usebenzisa i-CPUSE."
5) Faka iphakheji Yamathuluzi Okuthutha edingekayo ukuze uthuthe izinqubomgomo ukusuka kuseva yokuphatha. Ngokusho kwalokhu
6) Okulandelayo kusixhumi esibonakalayo sewebhu ye-SMS hamba kuthebhu Ukuthuthukiswa (CPUSE) > Isimo Nezenzo > Ngenisa Iphakheji > Phequlula > Khetha ifayela elilandiwe > Ngenisa.
Umfanekiso 7. Ukungenisa Amathuluzi Okuthutha
7) Kumodi yochwepheshe ku-SMS, hlola ukuthi iphakheji Yamathuluzi Okuthutha ifakiwe kusetshenziswa umyalo (okukhiphayo komyalo kufanele kufane nenombolo esegameni lengobo yomlando Yamathuluzi Okuthutha):
cpprod_util CPPROD_GetValue CPupgrade-tools-R80.40 BuildNumber 1
Umfanekiso 8. Ukuqinisekisa ukufakwa Kwamathuluzi Okuthutha
8) Iya ku-$FWDIR/scripts ifolda kuseva yokuphatha:
cd $FWDIR/scripts
9) Qalisa isiqinisekisi sangaphambi kokuthuthukisa usebenzisa umyalo (uma kukhona amaphutha, walungise ngaphambi kwezinyathelo ezengeziwe):
./migrate_server qinisekisa -v R80.40
Ukubhala: uma ubona iphutha “Yehlulekile ukubuyisa iphakheji yamathuluzi okuthuthukisa”, kodwa uhlole ukuthi ingobo yomlando ingeniswe ngempumelelo yini (bona iphuzu 4), sebenzisa umyalo:
./migrate_server qinisekisa -v R80.40 -skip_upgrade_tools_check
Umfanekiso 9. Ukuqalisa iskripthi sokuqinisekisa
10) Thumela izinqubomgomo zokuphepha usebenzisa umyalo:
./migrate_server export -v R80.40 //.tgz
Umfanekiso 10. Ukuthekelisa inqubomgomo yezokuphepha
Ukubhala: uma ubona iphutha “Yehlulekile ukubuyisa iphakheji yamathuluzi okuthuthukisa”, kodwa uhlole ukuthi ingobo yomlando ingeniswe ngempumelelo yini (isinyathelo 7), sebenzisa umyalo:
./migrate_server export -skip_upgrade_tools_check -v R80.40 //.tgz
11) Bala isamba se-MD5 hashi bese ulondoloza umphumela womyalo:
md5sum //.tgz
Umfanekiso 11. Ukubala isamba se-MD5 hash
12) Ngokusebenzisa i-WinSCP, hambisa leli fayela ekhompyutheni yakho.
13) Faka umyalo df -h futhi uzisindise iphesenti lezinkomba ngokusekelwe esikhaleni esithathiwe.
Umfanekiso 12. Amaphesenti ezinkomba nge-SMS ngayinye
14.1) Uma kwenzeka une-SMS yangempela
14.1.1) Ukusebenzisa
14.1.2) Ngincoma ukuthi ulungiselele okungenani ama-flash drive angama-2 abhuthayo, ngoba kwenzeka ukuthi i-flash drive ayifundeki njalo.
14.1.3) Njengomlawuli kukhompyutha yakho, sebenzisa ISOmorphic.exe. Esinyathelweni soku-1, khetha isithombe esilandiwe se-Gaia R80.40, esinyathelweni sesi-4 i-flash drive. Shintsha amaphuzu 2 no-3 Asikho isidingo!
Umfanekiso 13. Ukudala i-bootable USB flash drive
14.1.4) Khetha into “Faka ngokuzenzakalelayo ngaphandle kokuqinisekisa” futhi kubalulekile ukucacisa imodeli yesiphakeli sakho sokuphatha. Endabeni ye-SMS, kufanele ukhethe umugqa 3 noma 4.
Umfanekiso 14. Ukukhetha imodeli yedivayisi ukuze udale i-bootable USB flash drive
14.1.5) Okulandelayo, uvala i-upline, faka i-flash drive embobeni ye-USB, xhuma ikhebula le-console ngembobo ye-COM kudivayisi bese uvula i-SMS. Inqubo yokufaka izenzekela. Ikheli le-IP elizenzakalelayo - 192.168.1.1/24, kanye nolwazi lokungena umphathi / umphathi.
14.1.6) Isinyathelo esilandelayo ukuxhuma kusixhumi esibonakalayo sewebhu ku-Gaia Portal (ikheli elizenzakalelayo
14.2) Uma kwenzeka une-SMS ebonakalayo
14.2.1) Akufanele nanini nanini ususe i-SMS endala; dala umshini omusha obonakalayo onezinsiza ezifanayo (CPU, RAM, HDD) kanye nekheli le-IP elifanayo. Ngendlela, ungakwazi ukwengeza i-RAM ne-HDD, njengoba inguqulo ye-R80.40 idinga kancane. Ukuze ugweme ukungqubuzana kwekheli le-IP, vala i-SMS endala bese uqala ukufaka entsha.
14.2.2) Ngesikhathi sokufakwa kwe-Gaia, lungiselela ikheli le-IP lamanje bese ukhetha uhla lwemibhalo / izimpande indawo eyanele. Amaphesenti ohla lwemibhalo onawo kufanele abe cishe sinda, sebenzisa okukhiphayo df -h.
15) Ngesikhathi sokukhetha uhlobo lokufakwa "Uhlobo Lokufaka" khetha inketho yokuqala, njengoba kungenzeka ukuthi awunayo i-MDS (Iseva Yesizinda Esiningi). Uma i-MDS, lapho-ke uphathe izizinda eziningi ezivela ezinkampanini ezihlukene ze-SMS ngesikhathi esisodwa. Kulokhu, kufanele ukhethe into yesibili.
Umfanekiso 15. Ukukhetha uhlobo lokufaka lwe-Gaia
16) Iphuzu elibaluleke kakhulu elingakwazi ukulungiswa ngaphandle kokufaka kabusha ukukhetha kwebhizinisi. Kufanele ukhethe Ukuphathwa kwezokuphepha bese ucindezela Olandelayo. Konke okunye kuzenzakalela.
Umfanekiso 16. Ukukhetha uhlobo lwebhizinisi lapho ufaka i-Gaia
17) Uma idivayisi iqala kabusha, xhuma kusixhumi esibonakalayo sewebhu usebenzisa
18) Dlulisela izilungiselelo kusuka kuzithombe-skrini kuye kuwo wonke amathebhu we-Gaia Portal lapho okuthile kulungiselelwe, noma sebenzisa umyalo usuka ku-clish. ukulayisha ukucushwa .txt. Leli fayela lokumisa kufanele liqale lilayishwe ku-SMS.
Ukubhala: Ngenxa yokuthi i-OS yintsha, i-WinSCP ngeke ikuvumele ukuthi uxhumeke njengomlawuli, shintsha igobolondo lomsebenzisi libe yi-/bin/bash noma kusixhumi esibonakalayo sewebhu kuthebhu ethi Abasebenzisi, noma ngokufaka umyalo. chsh –s /bin/bash noma dala umsebenzisi omusha.
19) Layisha ifayela ngezinqubomgomo ezithunyelwe kusuka kuseva yokuphatha endala kuya kunoma iyiphi inkomba. Bese uya kukhonsoli kwimodi yochwepheshe bese uhlola ukuthi inani le-MD5 hashi lifana nedlule. Uma kungenjalo, ukuthunyelwa kufanele kwenziwe futhi:
md5sum //.tgz
20) Phinda isinyathelo 6 bese ufaka Thuthukisa Amathuluzi ku-SMS entsha ku-Gaia Portal kuthebhu Ukuthuthukiswa (CPUSE) > Isimo Nezenzo.
21) Faka umyalo ngemodi yochwepheshe:
./migrate_server import -v R80.40 -skip_upgrade_tools_check //.tgz
Umfanekiso 17. Ukungenisa inqubomgomo yokuphepha ku-SMS entsha
22) Nika amandla izinsizakalo ngomyalo cpstart.
23) Landa entsha
Umfanekiso 18. Ukuhlola amalayisensi afakiwe
24) Setha inqubomgomo yezokuphepha esangweni noma iqoqo - Faka Inqubomgomo.
Isibuyekezo Sesango Lokuphepha (SG).
I-Security Gateway ingabuyekezwa nge-CPUSE, njengeseva yokuphatha, noma ifakwe futhi - ukufaka okusha. Kusukela kokuhlangenwe nakho kwami, ku-99% yamacala, wonke umuntu ufaka kabusha i-Security Gateway ngenxa yokuthi kuthatha cishe isikhathi esifanayo nokubuyekeza nge-CPUSE, kodwa uthola i-OS ehlanzekile, ebuyekeziwe engenazo iziphazamisi.
Ngokufanisa ne-SMS, okokuqala udinga ukudala ikhophi yasenqolobaneni nesifinyezo, futhi ulondoloze izilungiselelo ku-Gaia Portal. Bheka amaphuzu 1, 2 no-3 esigabeni "Isibuyekezo Seseva Yokuphathwa Kwezokuphepha".
Ibuyekeza nge-CPUSE
Ukubuyekeza Isango Lokuvikela nge-CPUSE kufana ncamashi nokubuyekeza Iseva Yokuphathwa Kwezokuphepha, ngakho-ke sicela ubhekisele ekuqaleni kwesihloko.
Iphuzu elibalulekile: Kudingeka isibuyekezo se-SG iqalisa kabusha! Ngakho-ke, buyekeza ngesikhathi sewindi lokulungisa. Uma une-cluster, thuthukisa i-passive node kuqala, bese ushintsha izindima futhi uthuthukise enye i-node. Endabeni yeqoqo, amafasitela okulungisa angagwenywa.
Ifaka inguqulo entsha ye-OS Kusango Lokuphepha
1.1) Uma kwenzeka une-SG yangempela
1.1.1) Ukusebenzisa
1.1.2) Ngincoma ukuthi ulungiselele okungenani ama-flash drive angama-2 abhuthayo, ngoba kwenzeka ukuthi i-flash drive ayifundeki njalo.
1.1.3) Njengomlawuli kukhompyutha yakho, sebenzisa ISOmorphic.exe. Esinyathelweni soku-1, khetha isithombe esilandiwe se-Gaia R80.40, esinyathelweni sesi-4 i-flash drive. Shintsha amaphuzu 2 no-3 Asikho isidingo!
Umfanekiso 19. Ukudala i-bootable USB flash drive
1.1.4) Khetha into "Faka ngokuzenzakalelayo ngaphandle kokuqinisekisa", futhi kubalulekile ukukhombisa imodeli yeSango Lokuphepha lakho - imigqa yesi-2 noma yesi-3. Uma leli kuyibhokisi lesihlabathi elibonakalayo (I-SandBlast Appliance), bese ukhetha umugqa wesi-5.
Umfanekiso 20. Ukukhetha imodeli yedivayisi ukuze udale i-bootable USB flash drive
1.1.5) Okulandelayo, ucisha i-upline, ufake i-flash drive embobeni ye-USB, uxhume ikhebula le-console ngembobo ye-COM kudivayisi bese uvule isango. Inqubo yokufaka izenzekela. Ikheli le-IP elizenzakalelayo - 192.168.1.1/24, kanye nolwazi lokungena umphathi / umphathi. Kufanele ubuyekeze kuqala i-passive node, bese ufaka inqubomgomo kuyo, ushintshe izindima bese ubuyekeza enye indawo. Cishe uzodinga iwindi lokulungisa.
1.1.6) Isinyathelo esilandelayo ukuxhuma kusixhumi esibonakalayo sewebhu ku-Gaia Portal, lapho udlula ekuqaliseni kokuqala kwedivayisi. Ngesikhathi sokuqalisa ucindezela ngokuyisisekelo Olandelayo, ngoba cishe zonke izilungiselelo zingashintshwa esikhathini esizayo. Nokho, ungakwazi ukushintsha ngokushesha ikheli le-IP, izilungiselelo ze-DNS kanye negama lomethuleli.
1.2) Uma kwenzeka une-SG ebonakalayo
1.2.1) Dala umshini omusha we-virtual onezinsiza ezifanayo (CPU, RAM, HDD) noma ngaphezulu, njengoba inguqulo engu-R80.40 ifuna kakhulu. Ukuze ugweme ukungqubuzana kwamakheli e-IP, vala isango elidala bese uqala ukufaka elisha elinekheli le-IP elifanayo. I-SG endala ingasuswa ngokuphepha, ngoba akukho lutho oluyigugu kuyo, ngoba zonke izinto ezibaluleke kakhulu - inqubomgomo yokuphepha - zitholakala kuseva yokuphatha.
1.2.2) Ngesikhathi sokufakwa kwe-OS, lungiselela ikheli le-IP lamanje bese ukhetha uhla lwemibhalo / izimpande indawo eyanele.
3) Xhuma esangweni ngembobo ye-HTTPS bese uqala inqubo yokuqalisa. Ngesikhathi sokukhetha uhlobo lokufaka "Uhlobo Lokufaka" khetha inketho yokuqala - Isango Lokuphepha kanye/noma Ukuphathwa Kwezokuphepha.
Umfanekiso 21. Ukukhetha uhlobo lokufaka lwe-Gaia
4) Iphuzu elibaluleke kakhulu ukukhetha kwenhlangano (Imikhiqizo). Kufanele ukhethe Ezokuphepha futhi, uma uneqoqo, maka ibhokisi “Iyunithi iyingxenye yeqoqo, uhlobo: ClusterXL”. Uma uneqoqo le-VRRP, bese ukhetha lolu hlobo, kodwa akunakwenzeka.
Umfanekiso 22. Ukukhetha uhlobo lwebhizinisi lapho ufaka i-Gaia
5) Esinyathelweni esilandelayo, setha iphasiwedi yesikhathi esisodwa ye-SIC ukuze uthole ukwethenjwa neseva yokuphatha. Ngokusebenzisa le phasiwedi, isitifiketi siyakhiqizwa, futhi iseva yokuphatha izoxhumana nesango lesiteshi sokuxhumana esibethelwe. Hlola umaki “Xhuma Kubaphathi Bakho Njengesevisi” kufanele isethwe uma ngabe iseva yokuphatha itholakala emafini. Sisanda kubhala ngalokhu
Umfanekiso 23. Ukudalwa kwe-SIC
6) Qala inqubo yokuqalisa kuthebhu elandelayo. Ngokushesha nje lapho idivayisi iqalisa kabusha, xhuma kusixhumi esibonakalayo sewebhu futhi udlulisele izilungiselelo ukusuka kuzithombe-skrini kuye kuwo wonke amathebhu we-Gaia Portal lapho okuthile kulungiswe khona, noma sebenzisa umyalo ovela ku-clish. ukulayisha ukucushwa .txt. Leli fayela lokumisa kufanele liqale lilayishwe esangweni lokuvikela.
Ukubhala: Ngenxa yokuthi i-OS yintsha, i-WinSCP ngeke ikuvumele ukuthi uxhumeke njengomlawuli, shintsha igobolondo lomsebenzisi libe yi-/bin/bash noma kusixhumi esibonakalayo sewebhu kuthebhu ethi Abasebenzisi, noma ngokufaka umyalo. chsh –s /bin/bash noma dala umsebenzisi omusha ngale shell.
7) Vula
Umfanekiso 24: Ukusungula ukwethembana ngesango elisha lokuvikela
8) Inguqulo ye-Gaia yento kufanele ishintshe, uma ingashintshi, bese uyishintsha ngesandla. Bese ufaka inqubomgomo esangweni.
9) Ku-Gaia Portal, hamba kuthebhu Ukuthuthukiswa (CPUSE) > Isimo Nezenzo > Okushisayo futhi ufake i-hotfix yakamuva. Idivayisi izongena qalisa kabusha ngesikhathi sokufakwa!
10) Uma kwenzeka iqoqo, shintsha izindima zamanodi futhi wenze izinyathelo ezifanayo kwenye indawo.
isiphetho
Ngizamile ukwenza umhlahlandlela ocace kakhulu futhi obanzi wokuthuthukiswa kusuka ku-R80.20/R80.30 kuya ku-R80.40 wamanje, njengoba kuningi okushintshile. Inguqulo
Nganoma yimiphi imibuzo ungaxhumana nathi. Sizokujabulela ukusiza ngezibuyekezo eziyinkimbinkimbi kakhulu namacala njengengxenye yosekelo lwethu lobuchwepheshe
Source: www.habr.com