Tambarin CISCOKanfigareshan Tsaro na CISCO SD-WAN Catalyst

Abubuwan da ke ciki boye
1 Hoton Kayayyakin Tsaro
2 Shigar da Sanya IPS/IDS, URL- F, ko AMP Manufofin Tsaro
3 Gano Sigar Hoto Mai Kyau da aka Ba da Shawarwari
4 Loda Hoton Virtual Security Virtual zuwa Cisco SD-WAN Manager
5 Haɓaka Hoton Kayataccen Tsaro
6 Takardu / Albarkatu
6.1 Magana

Hoton Kayayyakin Tsaro

Kanfigareshan Tsaro na CISCO SD-WAN - icon 1Don cimma sauƙaƙawa da daidaito, Cisco SD-WAN bayani an sake sawa azaman Cisco Catalyst SD-WAN. Bugu da ƙari, daga Cisco IOS XE SD-WAN Release 17.12.1a da Cisco Catalyst SD-WAN Release 20.12.1, waɗannan canje-canjen ɓangaren suna aiki: Cisco vManage zuwa Cisco Catalyst SD-WAN Manager, Cisco vAnalytics to Cisco Catalyst SD-WAN Nazarin, Cisco vBond zuwa Cisco Catalyst SD-WAN Validator, da Cisco vSmart zuwa Cisco Catalyst SD-WAN Controller. Dubi sabon bayanin kula na Sakin don cikakken jerin duk abubuwan da suka canza sunan alama. Yayin da muke canzawa zuwa sababbin sunaye, wasu rashin daidaituwa na iya kasancewa a cikin saitin takaddun saboda tsarin da aka tsara don sabunta mu'amalar mai amfani na samfurin software.

Cisco SD-WAN Manager yana amfani da Hoton Virtual Virtual don ba da damar fasalulluka na tsaro kamar Tsarin Rigakafin Kutse (IPS), Tsarin Gano Kutse (IDS), URL Tace (URL-F), da Babban Kariyar Malware (AMP) a kan Cisco IOS XE Catalyst SD-WAN Devices. Waɗannan fasalulluka suna ba da damar ɗaukar nauyin aikace-aikacen, bincikar zirga-zirgar ababen hawa na ainihi, da fakitin shiga kan cibiyoyin sadarwar IP. Da zarar hoton file an ɗora shi zuwa Ma'ajin Software na Cisco SD-WAN Manager, zaku iya ƙirƙirar manufofi, profile, da samfuran na'ura waɗanda za su tura manufofi da sabuntawa zuwa na'urori daidai ta atomatik.
Kafin kayi amfani da waɗannan fasalulluka, dole ne ka fara shigarwa kuma saita IPS/IDs, URL- F, ko AMP manufofin tsaro, sa'an nan kuma loda abin da ya dace Tsaro Virtual Hoton zuwa Cisco SD-WAN Manager. Bayan haɓaka software akan na'urar, dole ne ku haɓaka Hoton Virtual Virtual.
Wannan babin yana bayanin yadda ake yin waɗannan ayyuka.

  • Shigar da Sanya IPS/IDS, URL- F, ko AMP Manufofin Tsaro, shafi na 1
  • Gano Sigar Hoto Mai Kyau da Aka Ba da Shawarwari, a shafi na 4
  • Loda Hoton Virtual Security Virtual zuwa Cisco SD-WAN Manager, a shafi na 4
  • Haɓaka Hoton Farko na Tsaro, a shafi na 5

Shigar da Sanya IPS/IDS, URL- F, ko AMP Manufofin Tsaro

Shigarwa da daidaitawa IPS / IDS, URL- F, ko AMP manufofin tsaro suna buƙatar tsarin aiki mai zuwa:
Aiki na 1: Ƙirƙiri Samfurin Manufofin Tsaro don IPS/IDS, URL- F, ko AMP Tace
Aiki na 2: Ƙirƙiri Samfurin Fasalar don Tsaron App na Tsaro
Aiki na 3: Ƙirƙiri Samfurin Na'ura

Aiki na 4: Haɗa na'urori zuwa Samfuran Na'urar
Ƙirƙiri Samfuran Manufofin Tsaro

  1. Daga Cisco SD-WAN Manager menu, zaɓi Kanfigareshan> Tsaro.
  2. Danna Ƙara Tsarin Tsaro.
  3. A cikin Tagar Ƙara Tsaro, zaɓi yanayin tsaro daga jerin zaɓuɓɓuka.
  4. Danna Ci gaba.

Ƙirƙiri Samfurin Samfura don Taimakon App na Tsaro
Siffar profile samfuri yana daidaita ayyuka guda biyu:

  • NAT: Yana kunnawa ko yana hana Fassara Adireshin Sadarwar Sadarwa (NAT), wanda ke kare adiresoshin IP na ciki lokacin waje da Tacewar zaɓi.
  • Resource Profile: Yana keɓance tsoffi ko manyan albarkatu zuwa maɓalli ko na'urori daban-daban.

Kanfigareshan Tsaro na CISCO SD-WAN - icon 1Siffar profile samfuri, alhali ba a buƙata sosai ba, ana ba da shawarar.

Don ƙirƙirar fasalin profile samfuri, bi waɗannan matakan:

  1. Daga Cisco SD-WAN Manager menu, zaɓi Kanfigareshan> Samfura.
  2. Danna Feature Samfura sannan danna Ƙara Samfura.
    Kanfigareshan Tsaro na CISCO SD-WAN - icon 1 A cikin Cisco vManage Release 20.7.1 da farkon fitowar, Samfuran Fasaloli ana kiransa Feature.
  3. Daga cikin Zaɓin Na'urori, zaɓi na'urorin da kuke son haɗawa da samfuri.
  4. Ƙarƙashin Bayanan Basic, danna Tsaro App Hosting.
  5. Shigar da Samfura Sunan da Bayani.
  6. Ƙarƙashin Ma'auni na Tsaro, tsara sigogin manufofin tsaro idan an buƙata.
    • Kunna ko kashe fasalin Fassara Adireshin Sadarwa (NAT), dangane da yanayin amfanin ku. Ta hanyar tsoho, NAT yana kunne.
    • Danna kibiya mai saukewa don saita iyakoki don manufofin. Tsohuwar ita ce Default.
    Duniya: Yana ba da damar NAT ga duk na'urorin da aka haɗe zuwa samfuri.
    Specific na'ura: Yana kunna NAT kawai don takamaiman na'urori. Idan ka zaɓi takamaiman na'ura, shigar da sunan maɓallin na'ura.
    Default: Yana kunna tsohowar manufar NAT don na'urorin da aka haɗe zuwa samfuri.
    • Saita Albarkatun Profile. Wannan zaɓin yana saita adadin lokutan snort don amfani akan na'ura mai ba da hanya tsakanin hanyoyin sadarwa. Tsohuwar ita ce Low wanda ke nuna misali guda ɗaya. Matsakaici yana nuna lokuta biyu kuma Babban yana nuna lokuta uku.
    • Danna kibiya mai zazzagewa don saita iyakoki ga mai sarrafa albarkatunfile. Tsohuwar ita ce Global.
    Duniya: Yana ba da damar zaɓaɓɓen albarkatun profile don duk na'urorin da aka haɗe zuwa samfuri.
    Specific na Na'ura: Yana ba da damar profile kawai don takamaiman na'urori. Idan ka zaɓi takamaiman na'ura, shigar da sunan maɓallin na'ura.
    Default: Yana ba da damar tsohowar albarkatun profile don na'urorin da aka haɗe zuwa samfuri.
  7. Saita Zazzagewa URL Database a kan Na'ura zuwa Ee idan kana so ka sauke da URL-F database akan na'urar. A wannan yanayin, na'urar tana duba sama a cikin bayanan gida kafin a gwada binciken gajimare.
  8. Danna Ajiye.

Ƙirƙiri Samfurin Na'ura
Don kunna manufofin da kuke son aiwatarwa, zaku iya ƙirƙirar samfurin na'ura wanda zai tura manufofin zuwa na'urorin da suke buƙatar su. Zaɓuɓɓukan da ke akwai sun bambanta da nau'in na'urar. Don misaliampNa'urorin sarrafa Cisco SD-WAN suna buƙatar ƙarin iyakataccen juzu'in samfurin na'urar mafi girma. Za ku ga ingantattun zaɓuɓɓuka don ƙirar na'urar.
Don ƙirƙirar samfurin na'urar tsaro, bi wannan tsohonampLe don vEdge 2000 na'ura mai ba da hanya tsakanin hanyoyin sadarwa:

  1. Daga Cisco SD-WAN Manager menu, zaɓi Kanfigareshan> Samfura.
  2. Danna Samfuran Na'ura, sannan zaɓi Ƙirƙiri Samfura> Daga Samfuran Fasa.
    Kanfigareshan Tsaro na CISCO SD-WAN - icon 1 A cikin Cisco vManage Release 20.7.1 da farkon sakewa, ana kiran Samfuran Na'ura Na'ura.
  3. Daga jerin abubuwan da aka saukar da Model na Na'ura, zaɓi ƙirar na'urar.
  4. Daga jerin abubuwan da aka saukar na Matsayin Na'ura, zaɓi rawar na'urar.
  5. Shigar da Samfura Sunan da Bayani.
  6. Gungura ƙasa shafin zuwa menu na ƙayyadaddun ƙayyadaddun ƙayyadaddun bayanai wanda zai baka damar zaɓar samfuri mai gudana, ƙirƙirar sabon samfuri, ko view samfurin data kasance. Don misaliampDon ƙirƙirar sabon tsarin tsarin, danna Ƙirƙiri Samfura.

Haɗa na'urori zuwa Samfuran Na'urar

  1. Daga Cisco SD-WAN Manager menu, zaɓi Kanfigareshan> Samfura.
  2. Danna Samfuran Na'ura, sannan zaɓi Ƙirƙiri Samfura> Daga Samfuran Fasa.
    Kanfigareshan Tsaro na CISCO SD-WAN - icon 1 A cikin Cisco vManage Release 20.7.1 da farkon sakewa, ana kiran Samfuran Na'ura Na'ura.
  3. A cikin jeren samfurin na'urar da ake so, danna… kuma zaɓi Haɗa na'urori.
  4. A cikin taga Haɗa na'urori, zaɓi na'urorin da ake so daga jerin na'urorin da ake da su, sannan danna kibiya mai nuna dama don matsar da su zuwa jerin na'urorin da aka zaɓa.
  5. Danna Haɗa.

Gano Sigar Hoto Mai Kyau da aka Ba da Shawarwari

A wasu lokuta, ƙila za ku so a duba lambar sakin da aka ba da shawarar Tsaro Virtual Hoton (SVI) don na'urar da aka bayar. Don duba wannan ta amfani da Cisco SD-WAN Manager:
Mataki na 1
Daga Cisco SD-WAN Manager menu, zaɓi Monitor> Na'urori.
Cisco vManage Sakin 20.6.x da baya: Daga Cisco SD-WAN Manager menu, zaɓi Monitor> Network.
Mataki na 2
Zaɓi WAN - Edge.
Mataki na 3
Zaɓi na'urar da za ta gudanar da SVI.
Shafin Matsayin Tsarin yana nuni.
Mataki na 4
Gungura zuwa ƙarshen menu na na'urar, kuma danna Real Time.
A System Information page nuni.
Mataki na 5
Danna filin Zaɓuɓɓukan Na'ura, kuma zaɓi Matsayin Sigar Sigar Tsaro daga menu.
Mataki na 6
Ana nuna sunan hoton a cikin ginshiƙin Sigar Nasiha. Ya kamata ya dace da samuwan SVI don na'ura mai ba da hanya tsakanin hanyoyin sadarwa daga abubuwan zazzagewar Cisco website.

Loda Hoton Virtual Security Virtual zuwa Cisco SD-WAN Manager

Kowane hoton na'ura mai ba da hanya tsakanin hanyoyin sadarwa yana goyan bayan takamaiman kewayon juzu'i don aikace-aikacen da aka karɓa. Don IPS / IDS da URL-Tace, zaku iya samun nau'ikan nau'ikan da aka goyan baya (da kuma sigar da aka ba da shawarar) don na'ura akan shafin Zaɓuɓɓukan Na'urar ta.
Lokacin da aka cire tsarin tsaro daga na'urorin Cisco IOS XE Catalyst SD-WAN, ana kuma cire injin Virtual Image ko Snort daga na'urorin.

Mataki na 1 Daga shafin Zazzagewar software don mai ba da hanya tsakanin hanyoyin sadarwa, nemo hoton UTD Engine don IOS XE SD-WAN.
Mataki 2 Danna zazzagewa don zazzage hoton file.
Mataki 3 Daga Cisco SD-WAN Manager menu, zaɓi Maintenance> Ma'ajiyar software
Mataki na 4 Zaɓi Hotunan Kaya.
Mataki na 5 Danna Loda Hoto Mai Kyau, kuma zaɓi ko dai vManage ko Sabar Nesa – vManage. Ana buɗe taga Load Virtual Hoton zuwa vManage.
Mataki na 6 Jawo da sauke, ko lilo zuwa hoton file.
Mataki 7 Danna Upload. Lokacin da lodawa ya ƙare, saƙon tabbatarwa yana nuni. Sabon hoton kama-da-wane yana nuni a cikin Ma'ajiya na Software na Hotuna.

Haɓaka Hoton Kayataccen Tsaro

Lokacin da aka haɓaka na'urar Cisco IOS XE Catalyst SD-WAN zuwa sabon hoton software, dole ne a haɓaka hoton kama-da-wane na tsaro don su dace. Idan akwai rashin daidaituwa a cikin hotunan software, tura samfurin VPN zuwa na'urar zai gaza.
Kanfigareshan Tsaro na CISCO SD-WAN - icon 1 Idan zaɓin Sabunta Sa hannu na IPS, ana sabunta fakitin sa hannun IPS mai dacewa ta atomatik azaman wani ɓangare na haɓakawa. Kuna iya kunna saitin daga Gudanarwa> Saituna> Sabunta Sa hannun IPS.
Don haɓaka hoto mai ɗaukar hoto na na'ura, bi waɗannan matakan:

Mataki 1 Bi matakan da ke cikin Loda Madaidaicin Hoton Sirri na Tsaro na Cisco zuwa vManage don zazzage sigar da aka ba da shawarar SVI don na'ura mai ba da hanya tsakanin hanyoyin sadarwa. Lura da sigar sunan.
Mataki na 2 Daga menu na Manajan Cisco SD-WAN, zaɓi Kulawa> Ma'ajiyar Software> Hotunan Maɗaukaki don tabbatar da cewa sigar hoton da aka jera a ƙarƙashin Shagon Shawarar Shawarar ta yi daidai da hoton kama-da-wane da aka jera a teburin Hotunan Virtual.
Mataki 3 Daga Cisco SD-WAN Manager menu, zaɓi Maintenance> Haɓaka software. Shafin haɓaka software na WAN Edge yana nuni.
Mataki na 4 Zaɓi na'urorin da kuke son haɓakawa, kuma duba akwatunan rajista a cikin ginshiƙi na hagu. Lokacin da kuka zaɓi ɗaya ko fiye na'urori, jeri na zaɓuɓɓuka yana nunawa, da adadin layuka da kuka zaɓa.
Mataki na 5 Lokacin da kuka gamsu da zaɓinku, zaɓi Haɓaka Hoto Mai Kyau daga menu na zaɓuɓɓuka. Akwatin maganganu na Haɓaka Hoto Mai Kyau yana nuni.
Mataki na 6 Ga kowace na'ura da kuka zaɓa, zaɓi daidaitaccen sigar haɓakawa daga menu na saukewar haɓakawa zuwa Sigar.
Mataki na 7 Lokacin da kuka zaɓi sigar haɓakawa ga kowace na'ura, danna Haɓakawa. Lokacin da sabuntawa ya ƙare, saƙon tabbatarwa yana nuni.

Takardu / Albarkatu

Kanfigareshan Tsaro na CISCO SD-WAN Catalyst [pdf] Jagorar mai amfani
SD-WAN, SD-WAN Catalyst Tsaro Kanfigareshan, Catalyst Tsaro Kanfigareshan, Tsaro Kanfigareshan, Kanfiguration.

Magana

Bar sharhi

Ba za a buga adireshin imel ɗin ku ba. Ana yiwa filayen da ake buƙata alama *