I-ProHoster > Π‘Π»ΠΎΠ³ > Ukuphatha > Umsebenzi okude noma uhlolojikelele lwe-VPN ku-Sophos XG Firewall

Umsebenzi okude noma uhlolojikelele lwe-VPN ku-Sophos XG Firewall

Umsebenzi okude noma uhlolojikelele lwe-VPN ku-Sophos XG Firewall

Sanibonani nonke! Lesi sihloko sizobuyekeza ukusebenza kwe-VPN kumkhiqizo we-Sophos XG Firewall. Kwedlule isihloko Sibheke ukuthi singasithola kanjani lesi sixazululo sokuvikela inethiwekhi yasekhaya mahhala ngelayisensi egcwele. Namuhla sizokhuluma ngokusebenza kwe-VPN eyakhelwe ku-Sophos XG. Ngizozama ukukutshela ukuthi lo mkhiqizo ungenzani, futhi nginikeze nezibonelo zokusetha i-IPSec Site-to-Site VPN kanye ne-SSL VPN yangokwezifiso. Ngakho-ke ake siqale ngesibuyekezo.

Okokuqala, ake sibheke ithebula lamalayisensi:

Umsebenzi okude noma uhlolojikelele lwe-VPN ku-Sophos XG Firewall

Ungafunda kabanzi mayelana nokuthi i-Sophos XG Firewall ilayisensi kanjani lapha:
Izikhombo
Kodwa kulesi sihloko sizoba nesithakazelo kuphela kulezo zinto eziqokonyiswe ngokubomvu.

Umsebenzi oyinhloko we-VPN ufakiwe kulayisensi eyisisekelo futhi kuthengwa kanye kuphela. Lena ilayisensi yokuphila konke futhi ayidingi ukuvuselelwa. I-Base VPN Options module ihlanganisa:

Isayithi-kuya-Isizinda:

  • I-SSL VPN
  • IPSec VPN

Ukufinyelela Okukude (i-VPN yeklayenti):

  • I-SSL VPN
  • IPsec Clientless VPN (nohlelo lokusebenza olungokwezifiso lwamahhala)
  • L2TP
  • I-PPTP

Njengoba ubona, wonke amaphrothokholi adumile nezinhlobo zokuxhuma kwe-VPN ziyasekelwa.

Futhi, i-Sophos XG Firewall inezinhlobo ezimbili ezengeziwe zokuxhumeka kwe-VPN ezingafakiwe ekubhaliseni okuyisisekelo. Lezi yi-RED VPN ne-HTML5 VPN. Lokhu kuxhumana kwe-VPN kufakwe ekubhaliseni kokuvikelwa kwenethiwekhi, okusho ukuthi ukuze usebenzise lezi zinhlobo kufanele ube nokubhalisa okusebenzayo, okuhlanganisa nokusebenza kokuvikela inethiwekhi - amamojula e-IPS kanye ne-ATP.

I-RED VPN iyi-L2 VPN yokuphathelene evela eSophos. Lolu hlobo loxhumano lwe-VPN lunenombolo yezinzuzo ngaphezu kwe-Site-to-site SSL noma i-IPSec lapho usetha i-VPN phakathi kwama-XG amabili. Ngokungafani ne-IPSec, umhubhe RED udala ukusebenzelana okubonakalayo kuzo zombili iziphetho zomhubhe, okusiza ngezinkinga zokuxazulula izinkinga, futhi ngokungafani ne-SSL, lesi sikhombimsebenzisi esibonakalayo singenziwa ngokwezifiso ngokuphelele. Umlawuli unokulawula okugcwele phezu kwe-subnet ngaphakathi komhubhe RED, okwenza kube lula ukuxazulula izinkinga zomzila kanye nokushayisana kwe-subnet.

I-HTML5 VPN noma i-Clientless VPN - Uhlobo oluthile lwe-VPN olukuvumela ukuthi udlulisele amasevisi nge-HTML5 ngqo esipheqululini. Izinhlobo zezinsizakalo ezingalungiselelwa:

  • zomxhaso
  • I-Telnet
  • ssh
  • VNC
  • FTP
  • I-FTPS
  • SFTP
  • I-SMB

Kodwa kufanelekile ukucabangela ukuthi lolu hlobo lwe-VPN lusetshenziswa kuphela ezimweni ezikhethekile futhi kunconywa, uma kungenzeka, ukusebenzisa izinhlobo ze-VPN ezivela ezinhlwini ezingenhla.

Hlanganisa

Ake sibheke ngendlela engokoqobo indlela yokumisa ezimbalwa zalezi zinhlobo zamathaneli, okungukuthi: I-Site-to-Site IPSec kanye ne-SSL VPN Remote Access.

Isayithi-kuya-Isizinda IPSec VPN

Ake siqale ngokuthi ungasetha kanjani umhubhe we-Site-to-Site IPSec VPN phakathi kwama-Firewall amabili e-Sophos XG. Ngaphansi kwe-hood isebenzisa i-strongSwan, ekuvumela ukuthi uxhume kunoma iyiphi irutha ene-IPSec.

Ungasebenzisa iwizadi yokusetha elula nesheshayo, kodwa sizolandela indlela evamile ukuze, ngokusekelwe kule miyalo, ukwazi ukuhlanganisa i-Sophos XG nanoma yisiphi isisetshenziswa usebenzisa i-IPSec.

Masivule iwindi lezilungiselelo zenqubomgomo:

Umsebenzi okude noma uhlolojikelele lwe-VPN ku-Sophos XG Firewall

Njengoba sibona, kukhona kakade izilungiselelo esethiwe, kodwa sizodala ezethu.

Umsebenzi okude noma uhlolojikelele lwe-VPN ku-Sophos XG Firewall

Umsebenzi okude noma uhlolojikelele lwe-VPN ku-Sophos XG Firewall

Ake silungiselele amapharamitha wokubethela wesigaba sokuqala nesesibili futhi silondoloze inqubomgomo. Ngokufanisa, senza izinyathelo ezifanayo ku-Sophos XG yesibili futhi siqhubekela phambili ekusetheni umhubhe we-IPSec ngokwawo.

Umsebenzi okude noma uhlolojikelele lwe-VPN ku-Sophos XG Firewall

Faka igama, imodi yokusebenza futhi ulungiselele imingcele yokubethela. Isibonelo, sizosebenzisa Ukhiye Owabelwe ngaphambilini

Umsebenzi okude noma uhlolojikelele lwe-VPN ku-Sophos XG Firewall

futhi ikhombise ama-subnet asendaweni nakude.

Umsebenzi okude noma uhlolojikelele lwe-VPN ku-Sophos XG Firewall

Ukuxhumana kwethu sekudaliwe

Umsebenzi okude noma uhlolojikelele lwe-VPN ku-Sophos XG Firewall

Ngokufanisa, senza izilungiselelo ezifanayo ku-Sophos XG yesibili, ngaphandle kwemodi yokusebenza, lapho sizosetha Qalisa uxhumano.

Umsebenzi okude noma uhlolojikelele lwe-VPN ku-Sophos XG Firewall

Manje sesinemihubhe emibili emisiwe. Okulandelayo, sidinga ukuzisebenzisa futhi sizisebenzise. Lokhu kwenziwa kalula kakhulu, udinga ukuchofoza indingiliza ebomvu ngaphansi kwegama elithi Active ukuze uvule kanye nasendingilizini ebomvu ngaphansi kokuthi Connection ukuze uqale uxhumano.
Uma sibona lesi sithombe:

Umsebenzi okude noma uhlolojikelele lwe-VPN ku-Sophos XG Firewall
Lokhu kusho ukuthi umhubhe wethu usebenza ngendlela efanele. Uma inkomba yesibili ibomvu noma iphuzi, khona-ke okuthile akulungiselelwanga kahle kuzinqubomgomo zokubethela noma ama-subnet endawo nakude. Ake ngikukhumbuze ukuthi izilungiselelo kufanele zifaniswe.

Ngokwehlukana, ngithanda ukugqamisa ukuthi ungakha amaqembu e-Failover kusuka kumigudu ye-IPSec yokubekezelela amaphutha:

Umsebenzi okude noma uhlolojikelele lwe-VPN ku-Sophos XG Firewall

Ukufinyelela Okukude kwe-SSL VPN

Masiqhubekele ku-Remote Access SSL VPN yabasebenzisi. Ngaphansi kwe-hood kukhona i-OpenVPN evamile. Lokhu kuvumela abasebenzisi ukuthi baxhume nganoma yiliphi iklayenti elisekela amafayela okumisa okuthi .ovpn (isibonelo, iklayenti lokuxhumana elijwayelekile).

Okokuqala, udinga ukumisa izinqubomgomo zeseva ye-OpenVPN:

Umsebenzi okude noma uhlolojikelele lwe-VPN ku-Sophos XG Firewall

Cacisa ezokuthutha ukuze uxhumeke, lungiselela imbobo, ububanzi bamakheli e-IP wokuxhuma abasebenzisi abakude

Umsebenzi okude noma uhlolojikelele lwe-VPN ku-Sophos XG Firewall

Ungaphinda ucacise izilungiselelo zokubethela.

Ngemva kokusetha iseva, siqhubeka nokusetha ukuxhumana kwamaklayenti.

Umsebenzi okude noma uhlolojikelele lwe-VPN ku-Sophos XG Firewall

Umthetho ngamunye wokuxhumana we-SSL VPN wenzelwe iqembu noma umsebenzisi ngamunye. Umsebenzisi ngamunye angaba nenqubomgomo yokuxhuma eyodwa kuphela. Ngokusho kwezilungiselelo, okuthakazelisayo ukuthi kumthetho ngamunye onjalo ungacacisa abasebenzisi abangabodwana abazosebenzisa lesi silungiselelo noma iqembu elivela ku-AD, ungakwazi ukunika amandla ibhokisi lokuhlola ukuze yonke ithrafikhi isongwe emhubheni we-VPN noma ucacise amakheli e-IP, ama-subnets noma amagama e-FQDN atholakala kubasebenzisi . Ngokusekelwe kulezi zinqubomgomo, iphrofayela ye-.ovpn enezilungiselelo zeklayenti izodalwa ngokuzenzakalelayo.

Umsebenzi okude noma uhlolojikelele lwe-VPN ku-Sophos XG Firewall

Ngokusebenzisa ingosi yomsebenzisi, umsebenzisi angadawuniloda kokubili ifayela le-.ovpn elinezilungiselelo zeklayenti le-VPN, kanye nefayela lokufaka iklayenti le-VPN elinefayela lezilungiselelo ezakhelwe ngaphakathi.

Umsebenzi okude noma uhlolojikelele lwe-VPN ku-Sophos XG Firewall

isiphetho

Kulesi sihloko, sidlule kafushane ukusebenza kwe-VPN kumkhiqizo we-Sophos XG Firewall. Sibheke ukuthi ungayimisa kanjani i-IPSec VPN ne-SSL VPN. Lolu akulona uhlu oluphelele lwalokho lesi sixazululo esingakwenza. Ezihlokweni ezilandelayo ngizozama ukubukeza i-RED VPN futhi ngibonise ukuthi ibukeka kanjani kwisixazululo ngokwayo.

Ngiyabonga ngesikhathi sakho.

Uma unemibuzo mayelana nenguqulo yezohwebo ye-XG Firewall, ungaxhumana nathi, inkampani iqembu lesici, Sophos distributor. Okufanele ukwenze ukubhala ngefomu lamahhala ku [i-imeyili ivikelwe].

Source: www.habr.com

Engeza amazwana