Tshireletso Virtual Image

Ho fihlela ho nolofatsa le ho tsitsisa, tharollo ea Cisco SD-WAN e rehiloe lebitso hape e le Cisco Catalyst SD-WAN. Ho phaella moo, ho tloha Cisco IOS XE SD-WAN Release 17.12.1a le Cisco Catalyst SD-WAN Release 20.12.1, liphetoho tse latelang tsa likarolo li sebetsa: Cisco vManage ho Cisco Catalyst SD-WAN Manager, Cisco vAnalytics ho Cisco Catalyst SD-WAN Litlhahlobo, Cisco vBond ho Cisco Catalyst SD-WAN Validator, le Cisco vSmart ho Cisco Catalyst SD-WAN Controller. Sheba Lintlha tsa Phatlalatso tsa morao-rao bakeng sa lenane le felletseng la liphetoho tsa mabitso a mofuta oa karolo. Ha re ntse re fetohela ho mabitso a macha, ho ka 'na ha e-ba le ho se lumellane ho itseng litokomaneng tse behiloeng ka lebaka la mokhoa o fokolang oa lintlafatso tsa sebopeho sa basebelisi ba sehlahisoa sa software.

Cisco SD-WAN Manager o sebelisa Sets'oants'o sa Ts'ireletso ea Ts'ireletso ho thusa likarolo tsa ts'ireletso joalo ka Intrusion Prevention System (IPS), Intrusion Detection System (IDS), URL Sefa (URL-F), le Tšireletso e Hatetseng Pele ea Malware (AMP) ho Cisco IOS XE Catalyst SD-WAN Devices. Likarolo tsena li thusa ho amohela lits'ebetso, tlhahlobo ea sephethephethe ea nako ea nnete, le ho rengoa ha lipakete ho marang-rang a IP. Hang setšoantšo file e kentsoe ho Cisco SD-WAN Manager Software Repository, o ka etsa leano, profile, le litempele tsa lisebelisoa tse tla sutumelletsa maano le lintlafatso ho lisebelisoa tse nepahetseng ka bo eona.
Pele o sebelisa likarolo tsena, o tlameha ho qala ho kenya le ho lokisa IPS/IDS, URL-F, kapa AMP maano a ts'ireletso, ebe o kenya Sets'oants'o sa Ts'ireletso se nepahetseng ho Cisco SD-WAN Manager. Kamora ho ntlafatsa software ho sesebelisoa, o tlameha hape ho ntlafatsa Setšoantšo sa Ts'ireletso sa Ts'ireletso.
Khaolo ena e hlalosa mokhoa oa ho etsa mesebetsi ena.

• Kenya le ho lokisa IPS/IDS, URL-F, kapa AMP Melao ea Tšireletso, leqepheng la 1
• Khetholla Recommended Security Virtual Image Version, leqepheng la 4
• Kenya Cisco Security Virtual Image ho Cisco SD-WAN Manager, leqepheng la 4
• Ntlafatsa Setšoantšo sa Tšireletso sa Virtual, leqepheng la 5

Kenya le ho lokisa IPS/IDS, URL-F, kapa AMP Maano a Tšireletso

Ho kenya le ho lokisa IPS/IDS, URL-F, kapa AMP maano a ts'ireletso a hloka ts'ebetso e latelang:
Mosebetsi oa 1: Etsa Setšoantšo sa Leano la Tšireletso bakeng sa IPS/IDS, URL-F, kapa AMP Ho sefa
Mosebetsi oa 2: Etsa Sets'oants'o sa Ts'ebetso bakeng sa Ts'ireletso ea Ts'ebetso ea Ts'ireletso
Mosebetsi oa 3: Etsa Template ea Sesebelisoa

Mosebetsi oa 4: Hokela Lisebelisoa ho Thempleite ea Sesebelisoa
Etsa Sebopeho sa Leano la Tšireletso

1. Ho tswa ho Cisco SD-WAN Manager menu, khetha Configuration > Tshireletso.
2. Tobetsa Add Security Policy.
3. Ka fensetere ea Add Security Policy, khetha boemo ba hau ba ts'ireletso ho tsoa lethathamong la likhetho.
4. Tobetsa Tsoela Pele.

Theha Sets'oants'o sa Sets'oants'o sa Ts'ireletso ea Ts'ebetso ea Ts'ireletso
Sebopeho sa profile template e hlophisa mesebetsi e 'meli:

• NAT: E nolofalletsa kapa e tima Phetolelo ea Aterese ea Marang-rang (NAT), e sireletsang liaterese tsa IP tsa kahare ha e le kantle ho firewall.
• Resource Profile: E abela lisebelisoa tsa kamehla kapa tse phahameng ho li-subnet kapa lisebelisoa tse fapaneng.

Sebopeho sa profile template, leha e sa hlokehe ka tieo, e khothaletsoa.

Ho theha sebopeho sa profile template, latela mehato ena:

1. Ho tswa ho Cisco SD-WAN Manager menu, khetha Configuration > Templates.
2. Tobetsa Feature Templates ebe o tobetsa Add Template.
   Ho Cisco vManage Release 20.7.1 le litokollo tsa pejana, Feature Templates e bitsoa Feature.
3. Ho tsoa lethathamong la Lisebelisoa, khetha lisebelisoa tseo u batlang ho li amahanya le template.
4. Tlas'a Tlhahisoleseding ea Motheo, tobetsa Security App Hosting.
5. Kenya Lebitso la Template le Tlhaloso.
6. Tlas'a Melao-motheo ea Leano la Tšireletso, etsa hore li-parameter tsa pholisi ea tšireletso ha li hlokeha.
   • bulela kapa o tima sebopeho sa Network Address Translation (NAT), ho ipapisitse le ts'ebeliso ea hau. Ka tsela e iketsang, NAT e butsoitse.
   • Tobetsa motsu o theohang ho beha meeli bakeng sa pholisi. Ea kamehla ke Default.
   Global: E nolofalletsa NAT bakeng sa lisebelisoa tsohle tse khomaretsoeng template.
   Specific ea Sesebelisoa: E nolofalletsa NAT feela bakeng sa lisebelisoa tse boletsoeng. Haeba o kgetha Sesebediswa Specific, kenya lebitso la konopo ya sesebediswa.
   Kamehla: E nolofalletsa leano la kamehla la NAT bakeng sa lisebelisoa tse khomaretsoeng template.
   • Seta Resource Profile. Khetho ena e beha palo ea liketsahalo tsa snort tse tla sebelisoa ho router. Taba ea kamehla ke Low e bontšang ketsahalo e le 'ngoe ea ho hula. Bohareng bo supa maemo a mabeli 'me Holimo ho supa maemo a mararo.
   • Tobetsa motsu o theohang ho beha meeli bakeng sa setsebi sa lisebelisoafile. Ea kamehla ke Global.
   Lefatšeng ka bophara: E nolofalletsa setsebi se khethiloeng sa lisebelisoafile bakeng sa lisebelisoa tsohle tse khomaretsoeng template.
   Sesebelisoa se Khethehileng: E ​​nolofalletsa setsebifile feela bakeng sa lisebelisoa tse boletsoeng. Haeba o kgetha Sesebediswa Specific, kenya lebitso la konopo ya sesebediswa.
   Ka ho sa feleng: E ​​nolofalletsa profeshenale ea kamehla ea lisebelisoafile bakeng sa lisebelisoa tse khomaretsoeng template.
7. Seta Download URL Database ho Sesebelisoa ho E haeba u batla ho khoasolla URL-F database ho sesebelisoa. Tabeng ena, sesebelisoa se sheba setsing sa polokelo ea libaka pele se leka ho sheba maru.
8. Tobetsa Boloka.

Etsa Template ea Sesebediswa
Ho kenya tšebetsong maano ao u batlang ho a sebelisa, o ka etsa template ea sesebelisoa e tla sutumelletsa maano ho lisebelisoa tse li hlokang. Likhetho tse fumanehang li fapana ho latela mofuta oa sesebelisoa. Bakeng sa mohlalaample, lisebelisoa tsa Cisco SD-WAN Manager li hloka karolo e fokolang ea template e kholo ea sesebelisoa. U tla bona likhetho tse nepahetseng feela tsa mofuta oo oa sesebelisoa.
Ho theha template ea sesebelisoa sa ts'ireletso, latela mohlala onaample bakeng sa li-routers tsa mofuta oa vEdge 2000:

1. Ho tswa ho Cisco SD-WAN Manager menu, khetha Configuration > Templates.
2. Tobetsa Lisebelisoa tsa Sesebelisoa, ebe u khetha Etsa Template> Ho tloha ho Feature Template.
   Ho Cisco vManage Release 20.7.1 le litokollo tsa pejana, Lisebelisoa tsa Sesebelisoa li bitsoa Sesebelisoa.
3. Ho tsoa lethathamong le theohang la Mohlala oa Sesebelisoa, khetha mofuta oa sesebelisoa.
4. Ho tsoa lethathamong le theohang la Karolo ea Sesebelisoa, khetha karolo ea sesebelisoa.
5. Kenya Lebitso la Template le Tlhaloso.
6. Tsamaisetsa tlase leqepheng ho ea ho li-menus tsa tlhophiso tse u lumellang hore u khethe template e teng, u thehe template e ncha, kapa view template e teng. Bakeng sa mohlalaample, ho theha template e ncha ea Sistimi, tobetsa Theha template.

Hokela Lisebelisoa ho Thempleite ea Sesebelisoa

1. Ho tswa ho Cisco SD-WAN Manager menu, khetha Configuration > Templates.
2. Tobetsa Lisebelisoa tsa Sesebelisoa, ebe u khetha Etsa Template> Ho tloha ho Feature Template.
   Ho Cisco vManage Release 20.7.1 le litokollo tsa pejana, Lisebelisoa tsa Sesebelisoa li bitsoa Sesebelisoa.
3. Moleng oa template e lakatsehang ea sesebelisoa, tlanya ... ebe u khetha Hokela Lisebelisoa.
4. Fesetereng ea Hokela Lisebelisoa, khetha lisebelisoa tse lakatsehang lethathamong la Lisebelisoa tse Fumanehang, 'me u tobetse motsu o supang ho le letona ho li isa lethathamong la Lisebelisoa tse Khethiloeng.
5. Tobetsa Hokela.

Hlalosa Recommended Security Virtual Image Version

Ka linako tse ling, u ka 'na ua batla ho hlahloba nomoro ea tokollo ea Security Virtual Image (SVI) bakeng sa sesebelisoa se fanoeng. Ho hlahloba sena ho sebelisa Cisco SD-WAN Manager:
Mohato oa 1
Ho tsoa ho menu ea Cisco SD-WAN Manager, khetha Monitor > Lisebelisoa.
Cisco vManage Release 20.6.x le pejana: Ho tswa ho Cisco SD-WAN Manager menu, khetha Monitor > Network.
Mohato oa 2
Khetha WAN - Edge.
Mohato oa 3
Khetha sesebelisoa se tla tsamaisa SVI.
Leqephe la Boemo ba Sistimi le bonts'a.
Mohato oa 4
Tsamaisetsa qetellong ea menu ea sesebelisoa, ebe o tobetsa Nako ea 'Nete.
Leqephe la Tlhahisoleseling ea Sisteme le bonts'a.
Mohato oa 5
Tobetsa sebaka sa Likhetho tsa Sesebelisoa, ebe u khetha Boemo ba Phetolelo ea Ts'ireletso ho tsoa ho menu.
Mohato oa 6
Lebitso la setšoantšo le hlaha kholomong ea Recommended Version. E lokela ho ts'oana le SVI e teng bakeng sa router ea hau ho tsoa ho downloads ea Cisco websebaka.

Kenya Cisco Security Virtual Image ho Cisco SD-WAN Manager

Setšoantšo se seng le se seng sa router se tšehetsa mefuta e fapaneng ea liphetolelo bakeng sa kopo e amohetsoeng. Bakeng sa IPS/IDS le URL-Filtering, u ka fumana mefuta e fapaneng ea liphetolelo tse tšehelitsoeng (le mofuta o khothalelitsoeng) bakeng sa sesebelisoa leqepheng la eona la Likhetho tsa Sesebelisoa.
Ha leano la tšireletso le tlosoa ho lisebelisoa tsa Cisco IOS XE Catalyst SD-WAN, mochine oa Virtual Image kapa Snort le oona o tlosoa lisebelisoa.

Mohato oa 1 Ho tsoa leqepheng la ho jarolla Software bakeng sa router ea hau, fumana setšoantšo sa UTD Engine bakeng sa IOS XE SD-WAN.
Bohato ba 2 Tobetsa ho jarolla ho jarolla setšoantšo file.
Bohato ba 3 Ho tsoa ho menu ea Cisco SD-WAN Manager, khetha Maintenance > Software Repository
Mohato oa 4 Khetha Litšoantšo tsa Virtual.
Bohato ba 5 Tobetsa Kenya Setšoantšo sa Virtual, ebe u khetha vManage kapa Remote Server - vManage. Fesetere ea Upload Virtual Image ho vManage ea buleha.
Bohato ba 6 Hula u lihele, kapa u shebelle setšoantšong file.
Mohato 7 Tobetsa Upload. Ha download e felile, molaetsa oa netefatso oa hlaha. Setšoantšo se secha se bonts'itsoeng ka har'a Virtual Images Software Repository.

Ntlafatsa Setšoantšo sa Virtual sa Tšireletso

Ha sesebelisoa sa Cisco IOS XE Catalyst SD-WAN se ntlafatsoa ho setšoantšo se secha sa software, setšoantšo sa ts'ireletso ea tšireletso le sona se tlameha ho ntlafatsoa e le hore se lumellane. Haeba ho na le ho se lumellane litšoantšong tsa software, template ea VPN push ho sesebelisoa e tla hlōleha.
Haeba khetho ea IPS Signature Update e lumelletsoe, sephutheloana se nyallanang sa signature sa IPS se tla nchafatsoa ka bohona e le karolo ea ntlafatso. U ka nolofalletsa litlhophiso ho tsoa ho Tsamaiso > Litlhophiso > IPS Signature Update.
Ho ntlafatsa sets'oants'o sa sebatli sa sesebelisoa sa sesebelisoa, latela mehato ena:

Bohato ba 1 Latela mehato ea Kenya Setšoantšo se nepahetseng sa Cisco Security Virtual ho vManage ho khoasolla mofuta o khothaletsoang oa SVI bakeng sa router ea hau. Hlokomela lebitso la phetolelo.
Bohato ba 2 Ho tsoa ho Cisco SD-WAN Manager menu, khetha Maintenance> Software Repository> Virtual Images ho netefatsa hore mofuta oa setšoantšo o thathamisitsoeng tlas'a kholumo ea Recommended Version e tsamaisana le setšoantšo se fumanehang tafoleng ea Virtual Images.
Bohato ba 3 Ho tsoa ho Cisco SD-WAN Manager menu, khetha Maintenance > Ntlafatso ea Software. Leqephe la ntlafatso la WAN Edge Software le bonts'a.
Bohato ba 4 Khetha lisebelisoa tseo u batlang ho li ntlafatsa, 'me u hlahlobe mabokose a ka ho le letšehali kholomong. Ha u khethile sesebelisoa se le seng kapa ho feta, ho tla hlaha lethathamo la likhetho, hammoho le palo ea mela eo u e khethileng.
Bohato ba 5 Ha u khotsofetse ke khetho ea hau, khetha Upgrade Virtual Image ho tsoa ho li-menu tsa likhetho. Lebokose la puisano la Virtual Image Upgrade le bonts'a.
Mohato oa 6 Bakeng sa sesebelisoa ka seng seo u se khethileng, khetha mofuta o nepahetseng oa ntlafatso ho tsoa ho menu e theohang ea Upgrade to Version.
Bohato ba 7 Ha u khethile mofuta oa ntlafatso bakeng sa sesebelisoa ka seng, tobetsa Ntlafatsa. Ha apdeite e phethehile, molaetsa oa netefatso oa hlaha.

Litokomane / Lisebelisoa

CISCO SD-WAN Sebopeho sa Tšireletso ea Catalyst [pdf] Bukana ea Mosebelisi SD-WAN, SD-WAN Tlhophiso ea Tšireletso ea Catalyst, Tlhophiso ea Tšireletso ea Catalyst, Configuration ea Tšireletso, Configuration

Litšupiso

• Bukana ea Mosebelisi