GRANDSTREAM GCC601X(W) One Networking Solution Firewall User Manual

The overview Tsamba limapatsa ogwiritsa ntchito chidziwitso chapadziko lonse lapansi pa GCC firewall module komanso ziwopsezo zachitetezo ndi ziwerengero,view tsamba lili ndi:

Firewall Service: imawonetsa ntchito yozimitsa moto ndi mawonekedwe ake okhala ndi masiku ogwira ntchito komanso otha ntchito.
Logi Yachitetezo Chapamwamba: ikuwonetsa zipika zapamwamba pagulu lililonse, wogwiritsa ntchito amatha kusankha gululo pamndandanda wotsikira pansi kapena dinani chizindikiro cha muvi kuti mulowetsedwe patsamba la chipika chachitetezo kuti mudziwe zambiri.

Ziwerengero za Chitetezo: zikuwonetsa ziwerengero zosiyanasiyana zachitetezo, pali mwayi wochotsa ziwerengero zonse podina pazithunzi zosintha.
Mapulogalamu Osefedwa Pamwamba: amawonetsa mapulogalamu apamwamba omwe asefedwa ndi nambala yowerengera.

Kachilombo Files: ikuwonetsa zojambulidwa files ndipo anapeza kachilombo files komanso, kuti athe / kuletsa anti-yaumbanda omwe ogwiritsa ntchito amatha kudina pazithunzi zoikamo.
Mulingo Wowopseza: ikuwonetsa mulingo wowopseza kuyambira wovuta mpaka wawung'ono wokhala ndi mtundu wamtundu.

Mtundu Wowopseza: Imawonetsa mitundu yowopseza ndi nambala yamitundu ndi kuchuluka kwa kubwereza, ogwiritsa ntchito amatha kusuntha cholozera cha mbewa pamtunduwo kuti awonetse dzina ndi kupezeka kwa nambala.
Ziwopsezo Zapamwamba: zikuwonetsa ziwopsezo zapamwamba zokhala ndi mtundu ndi kuwerengera.

Ogwiritsa ntchito amatha kuwona mosavuta zidziwitso zofunika kwambiri komanso zowopseza.

Ogwiritsa ntchito amatha kudina chizindikiro cha muvi pansi pa Top Security Log kuti alowetsedwe ku gawo la Security Log, kapena kukwera pamwamba pa chizindikiro cha gear pansi pa Protection Statistics kuti muchotse ziwerengero kapena pansi pa Virus. files kuletsa Anti-malware. Pansi pa Threat Level ndi Threat Type, ogwiritsa ntchito amathanso kuyang'ana pazithunzi kuti awonetse zambiri. Chonde onani ziwerengero pamwambapa.

MFUNDO YA FIREWALL

Malamulo Policy

Malamulo amalola kufotokozera momwe chipangizo cha GCC chidzagwiritsire ntchito magalimoto olowera. Izi zimachitika pa WAN, VLAN, ndi VPN.

Ndondomeko Yolowera: Fotokozani chisankho chomwe chipangizo cha GCC chidzatenge pamayendedwe oyambika kuchokera ku WAN kapena VLAN. Zosankha zomwe zilipo ndi Kuvomereza, Kukana, ndi Kugwetsa.

IP Masquerading: Yambitsani IP masquerading. Izi zidzabisa ma adilesi a IP a omwe ali mkati.
MSS Clamping: Kuthandizira njirayi kudzalola kuti MSS (Maximum Segment Size) ikambirane panthawi ya zokambirana za TCP

Log Drop / Kanani Magalimoto: Kuyang'anira njirayi kutulutsa chipika chambiri zonse zomwe zatsitsidwa kapena kukanidwa.
Dontho / Kanani Malire Olowetsa Magalimoto: Nenani kuchuluka kwa zipika pamphindikati, mphindi, ola kapena tsiku. Mitunduyi ndi 1 ~ 99999999, ngati ilibe kanthu, palibe malire.

Malamulo Olowera

GCC601X(W) imalola kusefa kwa magalimoto omwe akubwera ku gulu la ma network kapena doko la WAN ndikugwiritsa ntchito malamulo monga:

Landirani: Kulola kuti magalimoto adutse.
Kukana: Yankho lidzatumizidwa ku mbali yakutali kunena kuti paketi yakanidwa.

Dontho: Phukusili lidzagwetsedwa popanda chidziwitso kumbali yakutali.

Kutumiza Malamulo

GCC601X(W) imapereka mwayi wololeza kuchuluka kwa magalimoto pakati pamagulu osiyanasiyana ndi ma interfaces (WAN/VLAN/VPN).
Kuti muwonjezere lamulo lotumizira, chonde pitani ku Firewall Module → Firewall Policy → Malamulo Otumizira, kenako dinani batani la "Onjezani" kuti muwonjezere lamulo latsopano lotumizira kapena dinani chizindikiro cha "Sinthani" kuti musinthe lamulo.

Zowonjezera NAT

NAT kapena kumasulira kwa maadiresi a Netiweki monga momwe dzina limasonyezera kuti ndi kumasulira kapena kupanga maadiresi achinsinsi kapena amkati ku ma adilesi a IP agulu kapena mosemphanitsa, ndipo GCC601X(W) imathandizira zonse ziwiri.

SNAT: Gwero la NAT limatanthawuza kujambulidwa kwa ma adilesi a IP amakasitomala (Maadiresi Achinsinsi Kapena Amkati) kwa anthu onse.
DNAT: Kopita NAT ndi njira yobwereranso ya SNAT pomwe mapaketi adzatumizidwa ku adilesi inayake yamkati.

Tsamba la Firewall Advanced NAT limapereka kuthekera kokhazikitsa masinthidwe a gwero ndi kopita NAT. Yendetsani ku Firewall Module → Firewall Policy → Advanced NAT.

SNAT

Kuti muwonjezere SNAT dinani batani la "Add" kuti muwonjezere SNAT yatsopano kapena dinani chizindikiro cha "Sinthani" kuti musinthe chomwe chidapangidwa kale. Onani zithunzi ndi tebulo ili m'munsimu:

Onani tebulo ili m'munsimu popanga kapena kusintha cholowa cha SNAT:

Mtengo wa DNAT
Kuti muwonjezere DNAT dinani batani la "Add" kuti muwonjezere DNAT yatsopano kapena dinani chizindikiro cha "Sinthani" kuti musinthe chomwe chidapangidwa kale. Onani zithunzi ndi tebulo ili m'munsimu:

Onani tebulo ili m'munsimu popanga kapena kusintha DNAT:

Kusintha Kwapadziko Lonse

Flush Connection Reload

Njirayi ikayatsidwa ndipo zosintha zakusintha kwa firewall zapangidwa, kulumikizana komwe kulipo komwe kumaloledwa ndi malamulo am'mbuyomu a firewall kudzathetsedwa.

Ngati malamulo atsopano a firewall salola kugwirizana komwe kunakhazikitsidwa kale, kutha ndipo sikudzatha kugwirizanitsa. Ndi njira iyi yolephereka, maulumikizidwe omwe alipo amaloledwa kupitiliza mpaka nthawi yake itatha, ngakhale malamulo atsopanowo sangalole kuti kulumikizanaku kukhazikitsidwe.

KUTETEZA NTCHITO

Chitetezo cha DoS
Zokonda Zoyambira - Chitetezo cha Chitetezo
Denial-of-Service Attack ndi kuwukira komwe kumapangitsa kuti ma network asapezeke kwa ogwiritsa ntchito ovomerezeka mwa kusefukira pamakina omwe akuwafunira ndi zopempha zambiri zomwe zimapangitsa kuti makinawo achuluke kapena kugwa kapena kuzimitsa.

IP Kupatula

Patsambali, ogwiritsa ntchito atha kuwonjezera ma adilesi a IP kapena ma IP kuti achotsedwe pazithunzi za DoS Defense. Kuti muwonjezere adilesi ya IP kapena mtundu wa IP pamndandanda, dinani batani la "Add" monga momwe zilili pansipa:

Tchulani dzina, kenako sinthani ON pambuyo pake tchulani adilesi ya IP kapena mtundu wa IP.

Chitetezo chobowoleza

Gawo lachitetezo cha Spoofing limapereka njira zingapo zotsutsana ndi njira zosiyanasiyana zowononga. Kuti muteteze maukonde anu kuti asasokonezedwe, chonde yang'anirani njira zotsatirazi kuti muchepetse chiwopsezo choti magalimoto anu atsekedwe ndikusokonekera. Zipangizo za GCC601X(W) zimapereka njira zothanirana ndi kusokonekera kwa chidziwitso cha ARP, komanso zambiri za IP.

Chitetezo cha ARP Spoofing

Block ARP Replies with Inconsistent Source MAC Address: Chipangizo cha GCC chidzatsimikizira komwe adilesi ya MAC ikupita pa paketi inayake, ndipo yankho likalandiridwa ndi chipangizocho, lidzatsimikizira komwe adilesi ya MAC ikuchokera ndipo iwonetsetsa kuti ikugwirizana. Apo ayi, chipangizo cha GCC sichidzatumiza paketi.

Letsani Mayankho a ARP ndi Ma Adilesi Osagwirizana a MAC: GCC601X(W) idzatsimikizira komwe adilesi ya MAC imachokera yankho likalandiridwa. Chipangizocho chidzatsimikizira komwe adilesi ya MAC ikupita ndipo iwonetsetsa kuti ikugwirizana.
Kupanda kutero, chipangizocho sichingatumize paketi.
Decline VRRP MAC Mu ARP Table: GCC601X(W) itsika kuphatikiza adilesi iliyonse yopangidwa ndi MAC patebulo la ARP.

ANTI-MALWARE

Mugawoli, ogwiritsa ntchito amatha kuyambitsa Anti-malware ndikusintha zidziwitso zalaibulale yawo.

Kusintha

Kuti mutsegule Anti-malware, pitani ku gawo la Firewall → Anti-Malware → Kukonzekera.
Anti-malware: sinthani ON / OFF kuti mutsegule / kuletsa Anti-malware.

Zindikirani:
Kuti musefe ma HTTP URL, chonde yambitsani "SSL Proxy".

Chitetezo chobowoleza

Chitetezo cha ARP Spoofing

Block ARP Replies with Inconsistent Source MAC Address: Chipangizo cha GCC chidzatsimikizira komwe adilesi ya MAC ikupita pa paketi inayake, ndipo yankho likalandiridwa ndi chipangizocho, lidzatsimikizira komwe adilesi ya MAC ikuchokera ndipo iwonetsetsa kuti ikugwirizana. Apo ayi, chipangizo cha GCC sichidzatumiza paketi.

Letsani Mayankho a ARP ndi Ma Adilesi Osagwirizana a MAC: GCC601X(W) idzatsimikizira komwe adilesi ya MAC imachokera yankho likalandiridwa. Chipangizocho chidzatsimikizira komwe adilesi ya MAC ikupita ndipo iwonetsetsa kuti ikugwirizana.

Kupanda kutero, chipangizocho sichingatumize paketi.
Decline VRRP MAC Mu ARP Table: GCC601X(W) itsika kuphatikiza adilesi iliyonse yopangidwa ndi MAC patebulo la ARP.

ANTI-MALWARE

Mugawoli, ogwiritsa ntchito amatha kuyambitsa Anti-malware ndikusintha zidziwitso zalaibulale yawo.

Kusintha

Kuti mutsegule Anti-malware, pitani ku gawo la Firewall → Anti-Malware → Kukonzekera.
Anti-malware: sinthani ON / OFF kuti mutsegule / kuletsa Anti-malware.

Kuzama Kwa Packet Packet: Yang'anani zomwe zili pamapaketi amtundu uliwonse malinga ndi kasinthidwe. Kuzama kwakuya, kumapangitsa kuchuluka kwa kuzindikira komanso kuchuluka kwa ma CPU. Pali magawo atatu akuya otsika, apakati komanso apamwamba.

Jambulani Woponderezedwa Files: imathandizira kusanthula kwa wothinikizidwa files

Pa Kupitiriraview tsamba, ogwiritsa ntchito akhoza kuyang'ana ziwerengero ndikukhala ndi overview. Komanso, ndizotheka kuletsa Anti-malware mwachindunji patsamba lino podina chizindikiro cha zoikamo monga momwe zilili pansipa:

Ndizothekanso kuyang'ana chipika chachitetezo kuti mumve zambiri

Virus Signature Library
Patsambali, ogwiritsa ntchito atha kusinthira pamanja zidziwitso za laibulale yotsutsa pulogalamu yaumbanda, kusintha tsiku lililonse kapena kupanga ndandanda, chonde onani chithunzi chomwe chili pansipa:

Zindikirani:
Mwachikhazikitso, imasinthidwa nthawi ndi nthawi (00:00-6:00) tsiku lililonse.

KUTETEZA KULOWA

Intrusion Prevention System (IPS) ndi Intrusion Detection System (IDS) ndi njira zachitetezo zomwe zimawunika kuchuluka kwa anthu pamanetiweki pazinthu zokayikitsa komanso kuyesa kosavomerezeka. IDS imazindikiritsa ziwopsezo zomwe zingayambitse chitetezo posanthula mapaketi a netiweki ndi logi, pomwe IPS imateteza mwachangu ziwopsezozi poletsa kapena kuchepetsa kuchuluka kwa anthu oyipa munthawi yeniyeni. Pamodzi, IPS ndi IDS zimapereka njira yosanjikiza chitetezo chamaneti, zomwe zimathandiza kuteteza motsutsana ndi ma cyberattack komanso kuteteza zidziwitso zachinsinsi. Botnet ndi netiweki yamakompyuta omwe ali pachiwopsezo omwe ali ndi pulogalamu yaumbanda ndipo amawongoleredwa ndi wochita zoyipa, omwe amagwiritsidwa ntchito kuchita ziwopsezo zazikulu zapaintaneti kapena zinthu zosayenera.

IDS/IPS

Zokonda Zoyambira - IDS/IPS
Pa tabu iyi, ogwiritsa ntchito amatha kusankha mawonekedwe a IDS/IPS, Mulingo Woteteza Chitetezo.

IDS/IPS Mode:

Dziwitsani: zindikirani kuchuluka kwa magalimoto ndikungodziwitsa ogwiritsa ntchito popanda kuwaletsa, izi ndizofanana ndi IDS (Intrusion Detection System).
Dziwani & Block: amazindikira kapena kutsekereza magalimoto ndikudziwitsa zachitetezo, izi ndizofanana ndi IPS (Intrusion Prevention System).
Palibe Chochita: palibe zidziwitso kapena kupewa, IDS/IPS ndiyoyimitsidwa pankhaniyi.

Mulingo Woteteza Chitetezo: Sankhani mulingo wachitetezo (Wotsika, Wapakatikati, Wapamwamba, Wapamwamba Kwambiri komanso Mwachizolowezi). Magawo osiyanasiyana achitetezo amafanana ndi magawo osiyanasiyana achitetezo. Ogwiritsa amatha kusintha mtundu wachitetezo. Kukwera kwa mulingo wachitetezo, m'pamenenso malamulo achitetezo ambiri, ndipo Mwambo udzathandiza ogwiritsa ntchito kusankha zomwe IDS/IPS ingazindikire.

Ndizothekanso kusankha mulingo wachitetezo chodzitchinjiriza ndikusankha pamndandanda zomwe ziwopseza zenizeni. Chonde onani chithunzi chomwe chili pansipa:

Kuti muwone zidziwitso ndi zomwe mwachita, pansi pa chipika cha Chitetezo, sankhani IDS/IPS kuchokera pamndandanda wotsikira pansi monga momwe zilili pansipa:

IP Kupatula
Ma adilesi a IP omwe ali pamndandandawu sadzazindikirika ndi IDS/IPS. Kuti muwonjezere adilesi ya IP pamndandanda, dinani batani la "Add" monga momwe zilili pansipa:

Lowetsani dzina, kenako yambitsani mawonekedwe, ndiyeno sankhani mtundu (Magwero kapena Kopita) pa ma adilesi a IP. Kuti muwonjezere adilesi ya IP dinani chizindikiro cha "+" ndikuchotsa adilesi ya IP dinani "-" chithunzi chomwe chili pansipa:

Botnet
Zokonda Zoyambira - Botnet
Patsambali, ogwiritsa ntchito amatha kukonza zoyambira zowonera Botnet IP ndi Botnet Domain Name ndipo pali njira zitatu:
Monitor: ma alarm amapangidwa koma samatsekedwa.
Block: oyang'anira ndi kutsekereza ma adilesi a IP / Maina a Domain omwe amapeza ma botnet.
Palibe Chochita: Adilesi ya IP / Domain dzina la botnet yotuluka silipezeka.

IP/Domain Name Kupatulapo
Ma adilesi a IP omwe ali pamndandandawu sapezeka pa Botnets. Kuti muwonjezere adilesi ya IP pamndandanda, dinani batani la "Add" monga momwe zilili pansipa:
Lowetsani dzina, kenako yambitsani mawonekedwe. Kuti muwonjezere adilesi ya IP/Dzina la Domain dinani chizindikiro cha "+" ndikuchotsa adilesi ya IP/Dzina la Domain dinani chizindikiro cha "-" monga momwe zili pansipa:

Signature Library - Botnet
Patsambali, ogwiritsa ntchito amatha kusintha zidziwitso za library ya IDS/IPS ndi Botnet pamanja, kusintha tsiku lililonse kapena kupanga ndandanda, chonde onani chithunzi chomwe chili pansipa:

Zindikirani:
Mwachikhazikitso, imasinthidwa nthawi ndi nthawi (00:00-6:00) tsiku lililonse.

KULAMULIRA ZINTHU

Gawo la Content Control limapatsa ogwiritsa ntchito mwayi wosefa (kulola kapena kuletsa) magalimoto kutengera DNS, URL, mawu osakira, ndi kugwiritsa ntchito.

Kusefa kwa DNS

Kuti musefe kuchuluka kwa magalimoto kutengera DNS, pitani ku gawo la Firewall → Kuwongolera Zinthu → Kusefa kwa DNS. Dinani pa "Add" batani kuwonjezera latsopano DNS Sefa monga pansipa:

Kenako, lowetsani dzina la fyuluta ya DNS, yambitsani mawonekedwe, ndikusankha zochita (Lolani kapena Tsekani) ngati Zosefera DNS, pali njira ziwiri:

Machesi Osavuta: dzina la domain limathandizira kufananiza kwa mayina amitundu yambiri.
Wildcard: mawu osakira ndi wildcard * atha kulowetsedwa, wildcard * akhoza kungowonjezera mawu osakira asanayambe kapena atatha. Za example: *.imag, news*, *news*. The * pakati amatengedwa ngati wamba.

Kuti muwone DNS yosefedwa, ogwiritsa ntchito atha kuyipeza pa Overview tsamba kapena pansi pachitetezo chachitetezo monga momwe tawonetsera pansipa:

Web Kusefa
Zokonda Zoyambira - Web Kusefa
Patsamba, ogwiritsa ntchito amatha kuloleza / kuletsa zapadziko lonse lapansi web kusefa, ndiye ogwiritsa atha kuyatsa kapena kuletsa web URL kusefa, URL kusefa m'gulu ndi kusefa mawu osakira paokha ndikusefa ma HTTP URLs, chonde yambitsani "SSL Proxy".

URL Kusefa
URL kusefa kumathandizira ogwiritsa ntchito kusefa URL ma adilesi pogwiritsa ntchito Machesi Osavuta (dzina la domain kapena adilesi ya IP) kapena kugwiritsa ntchito Wildcard (mwachitsanzo *example*).
Kupanga a URL kusefa, yendani ku Firewall Module → Kusefera Zamkatimu → Web Tsamba losefa → URL Sefa tabu, ndiye dinani "Add" batani monga pansipa:

Tchulani dzina, kenako sinthani mawonekedwe, sankhani zochita (Lolani, Tsekani), ndipo pomaliza tchulani URL mwina pogwiritsa ntchito dzina losavuta, adilesi ya IP (Machesi Osavuta), kapena kugwiritsa ntchito khadi yakutchire. Chonde onani chithunzi chomwe chili pansipa:

URL Gulu Sefa
Ogwiritsanso ntchito ali ndi mwayi osati kungosefa ndi domain/IP adilesi kapena wildcard, komanso kusefa ndi magulu a ex.ample Zowukira ndi Zowopsa, Akuluakulu, etc.
Kuti mulepheretse kapena kulola gulu lonse, dinani njira yoyamba pamzere ndikusankha Zonse Lolani kapena Chotsani Zonse. Ndizothekanso kuletsa / kulola ndi magawo ang'onoang'ono monga momwe tawonetsera pansipa:

Kusefa Mawu Ofunika
Kusefa kwa mawu osakira kumathandizira ogwiritsa ntchito kusefa pogwiritsa ntchito mawu okhazikika kapena Wildcard (mwachitsanzo, *example*).
Kuti mupange kusefa kwa mawu osakira, pitani ku Firewall Module → Kusefa Zamkatimu → Web Tsamba losefa → Kusefa kwa Mawu Ofunikira, kenako dinani batani la "Add" monga momwe zilili pansipa:

Tchulani dzina, kenaka sinthani mawonekedwe, sankhani zochita (Lolani, Tsekani), ndipo pomaliza tchulani zomwe zasefedwa pogwiritsa ntchito mawu okhazikika kapena chikwangwani. Chonde onani chithunzi chomwe chili pansipa:

Pamene kusefa kwa mawu osakira KULI ON ndipo zochitazo zimayikidwa ku Block. Ngati ogwiritsa ntchito ayesa kupeza ma exampndi "YouTube" pa msakatuli, adzauzidwa ndi chenjezo la firewall monga momwe zilili pansipa:

Example la keywords_sefa pa Msakatuli
Kuti mumve zambiri za chenjezo, ogwiritsa ntchito amatha kupita ku gawo la Firewall → Log Security.

URL Signature Library
Patsamba lino, ogwiritsa ntchito akhoza kusintha Web Kusefa zidziwitso zamasiginecha pamanja, sinthani tsiku lililonse, kapena pangani ndandanda, chonde onani chithunzi chomwe chili pansipa:

Zindikirani:
Mwachikhazikitso, imasinthidwa nthawi ndi nthawi (00:00-6:00) tsiku lililonse.

Kugwiritsa Ntchito Sefa
Zokonda Zoyambira - Kusefa kwa Ntchito
Patsamba, ogwiritsa ntchito atha kuloleza / kuletsa kusefa kwapadziko lonse lapansi, ndiye ogwiritsa ntchito amatha kuloleza kapena kuletsa ndi magulu apulogalamu.
Yendetsani ku gawo la Firewall → Kuwongolera Zinthu → Kusefa kwa Ntchito, ndi pa zoikamo zoyambira, yambitsani Kusefa kwa Ntchito padziko lonse lapansi, ndizothekanso kupangitsa Kuzindikirika kwa AI kuti mugawike bwino.

Zindikirani:
Kuzindikira kwa AI kukakhala koyatsidwa, ma algorithms ozama a AI adzagwiritsidwa ntchito kukhathamiritsa kulondola ndi kudalirika kwa gulu la mapulogalamu, omwe atha kugwiritsa ntchito ma CPU ambiri ndi zinthu zokumbukira.

Malamulo Osefa Mapulogalamu

Patsamba la Malamulo Osefera Mapulogalamu, ogwiritsa ntchito atha Lolani/Kuletsa ndi gulu la pulogalamu monga momwe zilili pansipa:

Chotsani Malamulo Osefa
Ngati gulu la pulogalamu lasankhidwa, ogwiritsa ntchito azikhalabe ndi mwayi wophwanya lamulo lanthawi zonse (gulu la pulogalamu) ndi malamulo ochotsa zosefera.
Za example, ngati gulu la pulogalamu ya Osakatuli lakhazikitsidwa ku Block, ndiye titha kuwonjezera lamulo losefera kuti tilole Opera Mini, motere gulu lonse la asakatuli latsekedwa kupatula Opera Mini.
Kuti mupange lamulo Losefera lowonjezera, dinani batani la "Add" monga momwe zilili pansipa:

Kenako, tchulani dzina ndikusintha mawonekedwe ON, khazikitsani zomwe Lolani kapena Tsekani ndipo pomaliza sankhani pamndandanda mapulogalamu omwe adzaloledwe kapena oletsedwa. Chonde onani chithunzi chomwe chili pansipa:

Laibulale ya Signature - Kusefa kwa Ntchito
Patsambali, ogwiritsa ntchito amatha kusintha zidziwitso zalaibulale ya Siginecha Yosefera pamanja, kusinthira tsiku lililonse kapena kupanga ndandanda, chonde onani zomwe zili pansipa:

Zindikirani:
Mwachikhazikitso, imasinthidwa nthawi ndi nthawi (00:00-6:00) tsiku lililonse.

SSL PROXY

Woyimira SSL ndi seva yomwe imagwiritsa ntchito encryption ya SSL kuteteza kusamutsa kwa data pakati pa kasitomala ndi seva. Imagwira ntchito mowonekera, kubisa ndi kubisa deta popanda kuzindikirika. Kwenikweni, zimatsimikizira kutumizidwa kotetezeka kwa zidziwitso zachinsinsi pa intaneti.
SSL Proxy ikayatsidwa, GCC601x(w) ikhala ngati seva ya Proxy ya SSL kwa makasitomala olumikizidwa.

Zikhazikiko Zoyambira - SSL Proxy

Kuyatsa zinthu ngati SSL Proxy, Web Kusefa, kapena Anti-malware kumathandiza kuzindikira mitundu ina ya ziwonetsero webmasamba, monga jekeseni wa SQL ndi kuukira kwapaintaneti (XSS). Izi zimayesa kuvulaza kapena kuba zambiri webmasamba.

Izi zikagwira ntchito, zimapanga zipika zochenjeza pansi pa Security Log.
Komabe, zinthuzi zikayatsidwa, ogwiritsa ntchito amatha kuwona machenjezo okhudza satifiketi akamasakatula web. Izi zimachitika chifukwa msakatuli samazindikira satifiketi yomwe ikugwiritsidwa ntchito. Pofuna kupewa machenjezo awa, ogwiritsa ntchito amatha kukhazikitsa satifiketi mu msakatuli wawo. Ngati satifiketiyo ndi yosadalirika, mapulogalamu ena sangagwire bwino ntchito mukalowa pa intaneti
Pazosefera za HTTPS, ogwiritsa ntchito atha kuloleza projekiti ya SSL polowera ku Firewall module → SSL Proxy → Basic Settings, kenako sinthani ON SSL proxy, mutatha kusankha Sitifiketi ya CA pamndandanda wotsitsa kapena dinani batani la "Add" kuti mupange satifiketi yatsopano ya CA. Chonde onani ziwerengero ndi tebulo ili pansipa:

]

Kuti SSL Proxy iyambe kugwira ntchito, ogwiritsa ntchito amatha kutsitsa pamanja satifiketi ya CA podina chizindikiro chotsitsa monga momwe zilili pansipa:

Kenako, satifiketi ya CA ikhoza kuwonjezeredwa pazida zomwe zikufunidwa pansi pa satifiketi yodalirika.

Adilesi Yochokera
Ngati palibe ma adilesi omwe atchulidwa, maulalo onse otuluka amangoyendetsedwa kudzera pa proxy ya SSL. Komabe, powonjezera pamanja maadiresi atsopano, okhawo omwe akuphatikizidwa ndi omwe adzatumizidwe kudzera mu SSL, kuonetsetsa kuti mwasankha kubisa malinga ndi momwe anthu amafotokozera.

Mndandanda Wosavomerezeka wa SSL
Proxy ya SSL imaphatikizapo kulowetsa ndi kuyang'ana kuchuluka kwa magalimoto a SSL/TLS pakati pa kasitomala ndi seva, zomwe nthawi zambiri zimachitidwa pofuna chitetezo ndi kuyang'anira mkati mwa makampani. Komabe, pali zochitika zina pomwe woyimira SSL sangakhale wofunikira kapena wothandiza mwachindunji webmasamba kapena madambwe.
Mndandanda wamapulogalamuwa umalola ogwiritsa ntchito kufotokoza ma adilesi awo a IP, madambwe, mtundu wa IP, ndi web gulu kuti lichotsedwe ku projekiti ya SSL.
Dinani pa batani la "Add" kuti muwonjezere kumasulidwa kwa SSL monga momwe zilili pansipa:

Pansi pa "Content", ogwiritsa akhoza kuwonjezera zomwe zili podina batani "+" ndikuchotsa podina "- chithunzi" monga momwe zilili pansipa:

CHINENERO CHACHITENDERO

chipika
Patsambali, zipika zachitetezo zidzalembedwa zambiri monga Source IP, Source interface, Attack Type, Action, ndi Time. Dinani pa "Refresh" batani kuti mutsitsimutse mndandandawo ndi batani la "Export" kuti mutsitse mndandandawo kumakina akomweko.

Ogwiritsanso ali ndi mwayi wosefa zipikazo ndi:

1. Nthawi
Zindikirani:
Zipika zimasungidwa mwachisawawa kwa masiku 180. Malo a disk akafika pachimake, zipika zachitetezo zimachotsedwa zokha.
2. Kuukira
Sanjani zolowa ndi:
1. Gwero la IP
2. Source Interface
3. Mtundu Wowukira
4. Zochita

Kuti mumve zambiri, dinani "chizindikiro cha kufuula" pansi pazatsatanetsatane monga tawonera pamwambapa:
Chipika chachitetezo

Ogwiritsa akadina batani la "Export", ndi Excel file adzatsitsidwa ku makina awo akumeneko. Chonde onani chithunzi chomwe chili pansipa:

Makalata Otumizira
Patsamba, ogwiritsa ntchito amatha kusankha ziwopsezo zachitetezo zomwe angadziwitsidwe pogwiritsa ntchito ma adilesi a Imelo. Sankhani zomwe mukufuna kudziwitsidwa pamndandanda.
Zindikirani:
Zikhazikiko za Imelo ziyenera kukhazikitsidwa kaye, dinani "Zikhazikiko za Imelo" kuti muyambitse ndikusintha zidziwitso za Imelo. Chonde onani chithunzi chomwe chili pansipa:
E

Zofotokozera:

Mtundu Wazogulitsa: GCC601X(W) Firewall
Imathandizira: WAN, VLAN, VPN
Mawonekedwe: Malamulo a Malamulo, Malamulo Otumizira, Advanced NAT

Mafunso Ofunsidwa Kawirikawiri (FAQ)

Q: Kodi ndingachotse bwanji Ziwerengero za Chitetezo?

A: Yendetsani pamwamba pa chizindikiro cha gear pansi pa Chitetezo cha Statistics ndikudina kuti muchotse ziwerengerozo.

Zolemba / Zothandizira

GRANDSTREAM GCC601X(W) One Networking Solution Firewall [pdf] Buku Logwiritsa Ntchito
GCC601X W, GCC601X W One Networking Solution Firewall, GCC601X W, One Networking Solution Firewall, Networking Solution Firewall, Solution Firewall, Firewall

Maumboni

Buku Logwiritsa Ntchito

GRANDSTREAM GCC601X(W) One Networking Solution Firewall

ZATHAVIEW

MFUNDO YA FIREWALL

Kusintha Kwapadziko Lonse

KUTETEZA NTCHITO

Chitetezo chobowoleza

ANTI-MALWARE

KUTETEZA KULOWA

KULAMULIRA ZINTHU

SSL PROXY

CHINENERO CHACHITENDERO

Zofotokozera:

Mafunso Ofunsidwa Kawirikawiri (FAQ)

Q: Kodi ndingachotse bwanji Ziwerengero za Chitetezo?

Zolemba / Zothandizira

Maumboni

Siyani ndemanga

Letsani yankho