Uma sibheka inani lemibuzo eqale ukufika kithi nge-SD-WAN, ubuchwepheshe sebuqale ukugxila eRussia. Abathengisi, ngokwemvelo, abalali futhi banikeza imiqondo yabo, futhi amanye amaphayona anesibindi asevele ewasebenzisa kumanethiwekhi abo.
Sisebenza cishe nabo bonke abathengisi, futhi eminyakeni embalwa elabhorethri yethu ngikwazile ukuphenya ekwakhiweni kwawo wonke umthuthukisi omkhulu wezixazululo ezichazwe yisoftware. I-SD-WAN evela e-Fortinet ime ngokuhlukana kancane lapha, okuvele kwakha ukusebenza kokulinganisa ithrafikhi phakathi kweziteshi zokuxhumana ku-software yokuvikela umlilo. Isixazululo esikhundleni sentando yeningi, ngakho ngokuvamile sibhekwa izinkampani ezingakalungeli izinguquko zomhlaba, kodwa ezifuna ukusebenzisa iziteshi zabo zokuxhumana ngempumelelo.
Kulesi sihloko ngifuna ukukutshela ukuthi ungalungisa kanjani futhi usebenze nge-SD-WAN evela e-Fortinet, ngubani lesi sixazululo esifanelekile nokuthi yiziphi izingibe ongahlangabezana nazo lapha.
Abadlali abavelele emakethe ye-SD-WAN bangahlukaniswa ngezinhlobo ezimbili:
1. Iziqalisi ezidale izixazululo ze-SD-WAN kusukela ekuqaleni. Abaphumelele kakhulu kulawa bathola umfutho omkhulu wentuthuko ngemuva kokuthengwa yizinkampani ezinkulu - lena indaba kaCisco/Viptela, VMWare/VeloCloud, Nuage/Nokia
2. Abathengisi benethiwekhi abakhulu abadale izixazululo ze-SD-WAN, ukuthuthukisa ukuhleleka nokuphathwa kwamarutha abo endabuko - lena indaba kaJuniper, Huawei
I-Fortinet ikwazile ukuthola indlela yayo. Isofthiwe ye-firewall yayinomsebenzi owakhelwe ngaphakathi okwenze kwaba nokwenzeka ukuhlanganisa izindawo zokuhlangana kuzo zibe amashaneli abonakalayo futhi kulinganisele umthwalo phakathi kwazo kusetshenziswa ama-algorithms ayinkimbinkimbi uma kuqhathaniswa nomzila ovamile. Lokhu kusebenza kwabizwa nge-SD-WAN. Ngabe iFortinet yayibizwa nge-SD-WAN? Imakethe iqonda kancane kancane ukuthi i-Software-Defined isho ukuhlukaniswa kwe-Control Plane kusukela ku-Data Plane, abalawuli abazinikele, nama-orchestrators. I-Fortinet ayikho into enjalo. Ukuphatha okumaphakathi kungokuzithandela futhi kunikezwa ngethuluzi le-Fortimanager elivamile. Kodwa ngokubona kwami, akufanele ufune iqiniso elingaqondakali futhi uchithe isikhathi uphikisana ngamatemu. Ezweni langempela, indlela ngayinye inezinzuzo zayo kanye nokubi. Indlela engcono kakhulu yokuphuma ukuziqonda futhi ukwazi ukukhetha izixazululo ezihambisana nemisebenzi.
Ngizozama ukukutshela ngezithombe-skrini esandleni ukuthi i-SD-WAN evela eFortinet ibukeka kanjani nokuthi ingenzani.
Konke kusebenza kanjani
Ake sicabange ukuthi unamagatsha amabili axhunywe iziteshi ezimbili zedatha. Lezi zixhumanisi zedatha zihlanganiswa zibe yiqembu, elifana nendlela ukuxhumana okujwayelekile kwe-Ethernet kuhlanganiswa ngayo kube i-LACP-Port-Channel. Abantu abadala bazokhumbula i-PPP Multilink - nayo isifaniso esifanele. Iziteshi zingaba amachweba angokoqobo, i-VLAN SVI, kanye nemigudu ye-VPN noma ye-GRE.
I-VPN noma i-GRE ivame ukusetshenziswa lapho kuxhunywa amanethiwekhi endawo egatsha nge-inthanethi. Futhi izimbobo ezibonakalayo - uma kukhona ukuxhumana kwe-L2 phakathi kwamasayithi, noma lapho kuxhunywa nge-MPLS/VPN ezinikele, uma saneliseke ngoxhumo ngaphandle kwe-Overlay nokubethela. Esinye isimo lapho kusetshenziswa izimbobo ezibonakalayo eqenjini le-SD-WAN kulinganisa ukufinyelela kwasendaweni kwabasebenzisi ku-inthanethi.
Esitobhini sethu kunezicishamlilo ezine kanye nemigudu emibili ye-VPN esebenza “ngama-opharetha ezokuxhumana” amabili. Umdwebo ubukeka kanje:
Imigudu ye-VPN ihlelwe kumodi yokusebenzelana ukuze ifane nokuxhumana kwephoyinti nephuzu phakathi kwamadivayisi anamakheli e-IP ku-interface ye-P2P, engacushwa ukuze kuqinisekiswe ukuthi ukuxhumana ngomhubhe othile kuyasebenza. Ukuze ithrafikhi ibethelwe futhi iye kolunye uhlangothi, kwanele ukuyihambisa emhubheni. Okunye ukukhetha ithrafikhi yokubethela usebenzisa uhlu lwamanethi angaphansi, okudida kakhulu umlawuli njengoba ukucupha kuba nzima kakhulu. Kunethiwekhi enkulu, ungasebenzisa ubuchwepheshe be-ADVPN ukwakha i-VPN; lena i-analogue ye-DMVPN evela ku-Cisco noma i-DVPN evela ku-Huawei, evumela ukusethwa kalula.
Ukulungiselelwa kwe-Site-to-Site VPN kumadivayisi amabili anomzila we-BGP nhlangothi zombili
«ЦОД» (DC)
«Филиал» (BRN)
config system interface
edit "WAN1"
set vdom "Internet"
set ip 1.1.1.1 255.255.255.252
set allowaccess ping
set role wan
set interface "DC-BRD"
set vlanid 111
next
edit "WAN2"
set vdom "Internet"
set ip 3.3.3.1 255.255.255.252
set allowaccess ping
set role lan
set interface "DC-BRD"
set vlanid 112
next
edit "BRN-Ph1-1"
set vdom "Internet"
set ip 192.168.254.1 255.255.255.255
set allowaccess ping
set type tunnel
set remote-ip 192.168.254.2 255.255.255.255
set interface "WAN1"
next
edit "BRN-Ph1-2"
set vdom "Internet"
set ip 192.168.254.3 255.255.255.255
set allowaccess ping
set type tunnel
set remote-ip 192.168.254.4 255.255.255.255
set interface "WAN2"
next
end
config vpn ipsec phase1-interface
edit "BRN-Ph1-1"
set interface "WAN1"
set local-gw 1.1.1.1
set peertype any
set net-device disable
set proposal aes128-sha1
set dhgrp 2
set remote-gw 2.2.2.1
set psksecret ***
next
edit "BRN-Ph1-2"
set interface "WAN2"
set local-gw 3.3.3.1
set peertype any
set net-device disable
set proposal aes128-sha1
set dhgrp 2
set remote-gw 4.4.4.1
set psksecret ***
next
end
config vpn ipsec phase2-interface
edit "BRN-Ph2-1"
set phase1name "BRN-Ph1-1"
set proposal aes256-sha256
set dhgrp 2
next
edit "BRN-Ph2-2"
set phase1name "BRN-Ph1-2"
set proposal aes256-sha256
set dhgrp 2
next
end
config router static
edit 1
set gateway 1.1.1.2
set device "WAN1"
next
edit 3
set gateway 3.3.3.2
set device "WAN2"
next
end
config router bgp
set as 65002
set router-id 10.1.7.1
set ebgp-multipath enable
config neighbor
edit "192.168.254.2"
set remote-as 65003
next
edit "192.168.254.4"
set remote-as 65003
next
end
config network
edit 1
set prefix 10.1.0.0 255.255.0.0
next
end
config system interface
edit "WAN1"
set vdom "Internet"
set ip 2.2.2.1 255.255.255.252
set allowaccess ping
set role wan
set interface "BRN-BRD"
set vlanid 111
next
edit "WAN2"
set vdom "Internet"
set ip 4.4.4.1 255.255.255.252
set allowaccess ping
set role wan
set interface "BRN-BRD"
set vlanid 114
next
edit "DC-Ph1-1"
set vdom "Internet"
set ip 192.168.254.2 255.255.255.255
set allowaccess ping
set type tunnel
set remote-ip 192.168.254.1 255.255.255.255
set interface "WAN1"
next
edit "DC-Ph1-2"
set vdom "Internet"
set ip 192.168.254.4 255.255.255.255
set allowaccess ping
set type tunnel
set remote-ip 192.168.254.3 255.255.255.255
set interface "WAN2"
next
end
config vpn ipsec phase1-interface
edit "DC-Ph1-1"
set interface "WAN1"
set local-gw 2.2.2.1
set peertype any
set net-device disable
set proposal aes128-sha1
set dhgrp 2
set remote-gw 1.1.1.1
set psksecret ***
next
edit "DC-Ph1-2"
set interface "WAN2"
set local-gw 4.4.4.1
set peertype any
set net-device disable
set proposal aes128-sha1
set dhgrp 2
set remote-gw 3.3.3.1
set psksecret ***
next
end
config vpn ipsec phase2-interface
edit "DC-Ph2-1"
set phase1name "DC-Ph1-1"
set proposal aes128-sha1
set dhgrp 2
next
edit "DC2-Ph2-2"
set phase1name "DC-Ph1-2"
set proposal aes128-sha1
set dhgrp 2
next
end
config router static
edit 1
set gateway 2.2.2.2
et device "WAN1"
next
edit 3
set gateway 4.4.4.2
set device "WAN2"
next
end
config router bgp
set as 65003
set router-id 10.200.7.1
set ebgp-multipath enable
config neighbor
edit "192.168.254.1"
set remote-as 65002
next
edit "192.168.254.3"
set remote-as 65002
next
end
config network
edit 1
set prefix 10.200.0.0 255.255.0.0
next
end
Ngihlinzeka ngokulungiselelwa ngefomu lombhalo, ngoba, ngokubona kwami, kulula kakhulu ukulungisa i-VPN ngale ndlela. Cishe zonke izilungiselelo ziyefana nhlangothi zombili; ngendlela yombhalo zingenziwa njengekhophi-unamathisele. Uma wenza into efanayo kusixhumi esibonakalayo sewebhu, kulula ukwenza iphutha - khohlwa umaki wokuhlola endaweni ethile, faka inani elingalungile.
Ngemuva kokuthi sengeze ama-interfaces kunqwaba
yonke imizila nezinqubomgomo zokuphepha zingabhekisela kuyo, hhayi ezindaweni ezifakwe kuyo. Okungenani, udinga ukuvumela ithrafikhi esuka kunethiwekhi yangaphakathi iye ku-SD-WAN. Uma ubadalela imithetho, ungasebenzisa izinyathelo zokuzivikela ezifana ne-IPS, isivikeli magciwane kanye nokudalulwa kwe-HTTPS.
Imithetho ye-SD-WAN ilungiselelwe inqwaba. Lena imithetho echaza i-algorithm yokulinganisa yethrafikhi ethile. Ziyafana nezinqubomgomo zomzila Kumzila Osekelwe Kunqubomgomo, kuphela ngenxa yethrafikhi ewela ngaphansi kwenqubomgomo, akuyona i-next-hop noma isixhumi esibonakalayo esiphumayo esifakiwe, kodwa izixhumi ezibonakalayo zengezwe kunqwaba ye-SD-WAN i-algorithm yokulinganisa ithrafikhi phakathi kwalezi zindawo zokusebenzelana.
Ithrafikhi ingahlukaniswa nokugeleza okuvamile ngolwazi lwe-L3-L4, ngezinhlelo zokusebenza ezaziwayo, izinsiza ze-inthanethi (i-URL ne-IP), kanye nabasebenzisi abaziwayo beziteshi zokusebenza namakhompyutha aphathekayo. Ngemuva kwalokhu, enye yalezi zindlela ezilandelayo zokulinganisa inganikezwa kuthrafikhi eyabiwe:
Ohlwini lwe-Interface Preference Preference, lezo zokuxhumana ezisuka kulezo esezingezwe kunqwaba ezizonikeza lolu hlobo lwethrafikhi ziyakhethwa. Ngokungeza hhayi zonke izixhumanisi, ungakhawulela ngqo ukuthi iziphi iziteshi ozisebenzisayo, yithi, i-imeyili, uma ungafuni ukuthwala iziteshi ezibizayo nge-SLA ephezulu ngayo. Ku-FortiOS 6.4.1, kube nokwenzeka ukuhlanganisa izixhumanisi zeqembu ezengezwe kunqwaba ye-SD-WAN zibe izindawo, ukudala, isibonelo, indawo eyodwa yokuxhumana nezingosi ezikude, kanye nenye yokufinyelela ku-inthanethi yendawo kusetshenziswa i-NAT. Yebo, yebo, ithrafikhi eya ku-inthanethi evamile nayo ingalinganiswa.
Mayelana nokulinganisa ama-algorithms
Mayelana nokuthi i-Fortigate (i-firewall evela e-Fortinet) ingahlukanisa kanjani ithrafikhi phakathi kwamashaneli, kunezinketho ezimbili ezithokozisayo ezingajwayelekile kakhulu emakethe:
Izindleko Eziphansi (SLA) - kuzo zonke i-interfaces ezanelisa i-SLA okwamanje, leyo enesisindo esincane (izindleko), esethwe ngesandla ngumlawuli, ikhethiwe; le modi ifanele ithrafikhi "yenqwaba" njengezipele nokudluliselwa kwamafayela.
Ikhwalithi Engcono Kakhulu (SLA) - le-algorithm, ngaphezu kokubambezeleka okuvamile, i-jitter kanye nokulahlekelwa kwamaphakethe we-Fortigate, ingaphinda isebenzise umthwalo wamanje wesiteshi ukuhlola ikhwalithi yamashaneli; Le modi ifanele ithrafikhi ebucayi njenge-VoIP kanye nenkomfa ngevidiyo.
Lawa ma-algorithms adinga ukusetha imitha yokusebenza kwesiteshi sokuxhumana - Performance SLA. Leli mitha ngezikhathi ezithile (hlola isikhawu) liqapha ulwazi olumayelana nokuthobela i-SLA: ukulahleka kwephakethe, ukubambezeleka (ukubambezeleka) kanye ne-jitter (jitter) esiteshini sokuxhumana, futhi “lingenqaba” lawo mashaneli okwamanje angahlangabezani nemingcele yekhwalithi - ayalahlekelwa. amaphakethe amaningi kakhulu noma ukubambezeleka kakhulu. Ngaphezu kwalokho, imitha iqapha isimo sesiteshi, futhi ingasisusa okwesikhashana kunqwaba uma kwenzeka ukulahlekelwa okuphindaphindiwe kwezimpendulo (ukwehluleka ngaphambi kokungasebenzi). Lapho ibuyiselwe, ngemva kwezimpendulo eziningana ezilandelanayo (buyisela isixhumanisi ngemva kwalokho), imitha izobuyisela ngokuzenzakalelayo isiteshi kunqwaba, futhi idatha izoqala ukudluliselwa ngayo futhi.
Yile ndlela isilungiselelo "imitha" esibukeka ngayo:
Kusixhumi esibonakalayo sewebhu, isicelo se-ICMP-Echo-, i-HTTP-GET kanye nesicelo se-DNS ziyatholakala njengezivumelwano zokuhlola. Kunezinketho eziningi ezengeziwe kulayini womyalo: Izinketho ze-TCP-echo ne-UDP-echo ziyatholakala, kanye nephrothokholi yokulinganisa ikhwalithi ekhethekile - i-TWAMP.
Imiphumela yokulinganisa ingaphinda ibonakale kusixhumi esibonakalayo sewebhu:
Futhi kulayini womyalo:
Ukuxazulula inkinga
Uma udale umthetho, kodwa yonke into ingasebenzi njengoba bekulindelekile, kufanele ubheke inani le-Hit Count ohlwini lwemithetho ye-SD-WAN. Izokhombisa ukuthi ithrafikhi iwela kulo mthetho nhlobo:
Ekhasini lezilungiselelo lemitha ngokwayo, ungabona ushintsho kumapharamitha wesiteshi ngokuhamba kwesikhathi. Ulayini onamachashazi ubonisa inani lepharamitha
Kusixhumi esibonakalayo sewebhu ungabona ukuthi ithrafikhi isatshalaliswa kanjani ngenani ledatha edluliswayo/etholiwe kanye nenani lamaseshini:
Ngaphezu kwakho konke lokhu, kunethuba elihle kakhulu lokulandelela ukudlula kwamaphakethe ngemininingwane ephezulu. Uma usebenza kunethiwekhi yangempela, ukulungiselelwa kwedivayisi kuqongelela izinqubomgomo eziningi zomzila, i-firewalling, nokusabalalisa kwethrafikhi kuzo zonke izimbobo ze-SD-WAN. Konke lokhu kusebenzisana ngendlela eyinkimbinkimbi, futhi nakuba umthengisi ehlinzeka ngemidwebo enemininingwane ye-block ye-packet processing algorithms, kubaluleke kakhulu ukungakwazi ukwakha nokuhlola izinkolelo-mbono, kodwa ukubona ukuthi ithrafikhi iya kuphi ngempela.
Isibonelo, isethi yemiyalo elandelayo
diagnose debug flow filter saddr 10.200.64.15
diagnose debug flow filter daddr 10.1.7.2
diagnose debug flow show function-name
diagnose debug enable
diagnose debug trace 2
Ikuvumela ukuthi ulandelele amaphakethe amabili anekheli lomthombo elithi 10.200.64.15 kanye nekheli lendawo elingu-10.1.7.2.
Sifaka i-ping 10.7.1.2 kusuka ku-10.200.64.15 kabili futhi sibheke okukhiphayo ku-console.
Iphakheji yokuqala:
Iphakheji yesibili:
Nali iphakethe lokuqala elitholwe yi-firewall:
id=20085 trace_id=475 func=print_pkt_detail line=5605 msg="vd-Internet:0 received a packet(proto=1, 10.200.64.15:42->10.1.7.2:2048) from DMZ-Office. type=8, code=0, id=42, seq=0."
VDOM – Internet, Proto=1 (ICMP), DMZ-Office – название L3-интерфейса. Type=8 – Echo.
Iseshini entsha idalelwe yena:
msg="allocate a new session-0006a627"
Futhi okufanayo kutholwe kuzilungiselelo zenqubomgomo yomzila
msg="Match policy routing id=2136539137: to 10.1.7.2 via ifindex-110"
Kuvele ukuthi iphakethe lidinga ukuthunyelwa komunye wemigudu ye-VPN:
"find a route: flag=04000000 gw-192.168.254.1 via DC-Ph1-1"
Isimiso sokuvumela esilandelayo sitholwa kuzinqubomgomo zohlelo lokuvikela:
msg="Allowed by Policy-3:"
Iphakethe libethelwe futhi lithunyelwa emhubheni we-VPN:
func=ipsecdev_hard_start_xmit line=789 msg="enter IPsec interface-DC-Ph1-1"
func=_ipsecdev_hard_start_xmit line=666 msg="IPsec tunnel-DC-Ph1-1"
func=esp_output4 line=905 msg="IPsec encrypt/auth"
Iphakethe elibethelwe lithunyelwa ekhelini lesango lalesi sikhombimsebenzisi se-WAN:
msg="send to 2.2.2.2 via intf-WAN1"
Ephaketheni lesibili, konke kwenzeka ngendlela efanayo, kodwa ithunyelwa komunye umhubhe we-VPN futhi iphuma ngembobo ehlukile yokuvikela umlilo:
func=ipsecdev_hard_start_xmit line=789 msg="enter IPsec interface-DC-Ph1-2"
func=_ipsecdev_hard_start_xmit line=666 msg="IPsec tunnel-DC-Ph1-2"
func=esp_output4 line=905 msg="IPsec encrypt/auth"
func=ipsec_output_finish line=622 msg="send to 4.4.4.2 via intf-WAN2"
Izinzuzo zesixazululo
Ukusebenza okuthembekile nesixhumi esibonakalayo esisebenziseka kalula. Isethi yesici ebitholakala ku-FortiOS ngaphambi kokufika kwe-SD-WAN igcinwe ngokuphelele. Okusho ukuthi, asinayo isofthiwe esanda kuthuthukiswa, kodwa uhlelo oluvuthiwe oluvela kumthengisi ofakazelwe we-firewall. Ngesethi evamile yemisebenzi yenethiwekhi, isixhumi esibonakalayo sewebhu esilula nesifundeka kalula. Bangaki abathengisi be-SD-WAN abanabo, yithi, ukusebenza kwe-Remote-Access VPN kumadivayisi wokugcina?
Izinga lezokuphepha 80. I-FortiGate ingesinye sezixazululo eziphezulu ze-firewall. Kunezinto eziningi eziku-inthanethi zokusetha nokuphatha izindonga zomlilo, futhi emakethe yezabasebenzi kukhona ochwepheshe abaningi bezokuphepha asebevele bazi kahle izixazululo zomthengisi.
Intengo enguziro yokusebenza kwe-SD-WAN. Ukwakha inethiwekhi ye-SD-WAN ku-FortiGate kubiza okufanayo nokwakha inethiwekhi evamile ye-WAN kuyo, njengoba awekho amalayisensi engeziwe adingekayo ukuze kusetshenziswe ukusebenza kwe-SD-WAN.
Intengo yesithiyo sokungena ephansi. I-Fortigate inokudidiyela okuhle kwamadivayisi amaleveli okusebenza ahlukene. Amamodeli amancane kakhulu futhi angabizi kakhulu afaneleka kakhulu ukukhulisa ihhovisi noma indawo yokuthengisa, yithi, abasebenzi abangu-3-5. Abathengisi abaningi bamane nje abanawo amamodeli angasebenzi kahle futhi athengekayo.
Ukusebenza okuphezulu. Ukunciphisa ukusebenza kwe-SD-WAN ekulinganiseni kwethrafikhi kuvumele inkampani ukuthi ikhiphe i-SD-WAN ASIC ekhethekile, ngenxa yokuthi ukusebenza kwe-SD-WAN kunganciphisi ukusebenza kwe-firewall iyonke.
Amandla wokusebenzisa ihhovisi lonke kumishini ye-Fortinet. Lawa ama-firewall, amaswishi, izindawo zokufinyelela ze-Wi-Fi. Ihhovisi elinjalo lilula futhi lilungele ukuphatha - ukushintshwa nezindawo zokufinyelela kubhaliswa kuma-firewall futhi aphethwe kuwo. Isibonelo, nansi indlela imbobo yokushintsha engase ibukeke ngayo kusukela kusixhumi esibonakalayo sohlelo lokuvikela olulawula le swishi:
Ukushoda kwezilawuli njengephuzu elilodwa lokwehluleka. Umthengisi ngokwakhe ugxile kulokhu, kodwa lokhu kungabizwa kuphela njengenzuzo ngokwengxenye, ngoba kulabo abathengisi abanabalawuli, ukuqinisekisa ukubekezelelana kwabo kwamaphutha akubizi, ngokuvamile ngentengo yenani elincane lezinsiza zekhompiyutha endaweni ye-virtualization.
Yini okufanele uyibheke
Akukho ukuhlukana phakathi kwe-Control Plane ne-Data Plane. Lokhu kusho ukuthi inethiwekhi kufanele imiswe ngokuzenzela noma kusetshenziswa amathuluzi okuphatha endabuko asevele ekhona - FortiManager. Kubathengisi abasebenzise ukuhlukaniswa okunjalo, inethiwekhi ihlangene ngokwayo. Umlawuli angase adinge kuphela ukulungisa i-topology yayo, anqabele okuthile endaweni ethile, akukho okunye. Kodwa-ke, ikhadi lecilongo le-FortiManager liwukuthi alikwazi ukuphatha ama-firewall kuphela, kodwa futhi nokushintsha kanye namaphoyinti okufinyelela e-Wi-Fi, okungukuthi, cishe yonke inethiwekhi.
Ukwanda okunemibandela ekulawuleni. Ngenxa yokuthi amathuluzi endabuko asetshenziselwa ukucushwa kwenethiwekhi ngokuzenzakalelayo, ukuphathwa kwenethiwekhi ngokwethulwa kwe-SD-WAN kukhuphuka kancane. Ngakolunye uhlangothi, ukusebenza okusha kutholakala ngokushesha, njengoba umthengisi eqala ukuyikhulula kuphela ngohlelo lokusebenza lwe-firewall (olwenza ukuthi lukwazi ukuyisebenzisa ngokushesha), bese lugcwalisa uhlelo lokuphatha ngezixhumi ezibonakalayo ezidingekayo.
Okunye ukusebenza kungase kutholakale kulayini womyalo, kodwa akutholakali kusixhumi esibonakalayo sewebhu. Ngezinye izikhathi akwesabi kangako ukungena emgqeni womyalo ukuze ulungise okuthile, kodwa kuyethusa ukungaboni ku-interface yewebhu ukuthi othile usevele ulungiselele okuthile kusuka kulayini womyalo. Kodwa lokhu kuvame ukusebenza ezicini ezintsha kakhulu futhi kancane kancane, ngezibuyekezo ze-FortiOS, amandla esixhumi esibonakalayo sewebhu ayathuthukiswa.
Ubani ozofanela
Kulabo abangenawo amagatsha amaningi. Ukusebenzisa isixazululo se-SD-WAN esinezingxenye ezimaphakathi eziyinkimbinkimbi kunethiwekhi yamagatsha angu-8-10 kungase kungabizi ikhandlela - kuzodingeka uchithe imali kumalayisense wamadivayisi we-SD-WAN kanye nezinsiza zesistimu yokwenza izinto ezibonakalayo ukuze ubambe izingxenye ezimaphakathi. Inkampani encane ivamise ukuba nezinsiza zekhompuyutha ezilinganiselwe. Endabeni ye-Fortinet, kwanele ukumane uthenge ama-firewall.
Kulabo abanamagatsha amaningi amancane. Kubathengisi abaningi, inani elincane lesixazululo segatsha ngalinye liphezulu kakhulu futhi lingase lingathakazelisi ngokombono webhizinisi lekhasimende lokugcina. I-Fortinet inikeza amadivaysi amancane ngamanani akhangayo kakhulu.
Kulabo abangakalungeli ukunyathela kude kakhulu. Ukusebenzisa i-SD-WAN ngezilawuli, umzila wobunikazi, nendlela entsha yokuhlela nokuphatha inethiwekhi kungase kube isinyathelo esikhulu kakhulu kwamanye amakhasimende. Yebo, ukuqaliswa okunjalo kuzosiza ekugcineni ukusetshenziswa kweziteshi zokuxhumana nomsebenzi wabaphathi, kodwa okokuqala kuzodingeka ufunde izinto eziningi ezintsha. Kulabo abangakakulungeli ukushintshwa kwepharadigm, kodwa abafuna ukucindezela okuningi eziteshini zabo zokuxhumana, isisombululo esivela ku-Fortinet silungile.
Source: www.habr.com