Click here to load reader

03-Cau hinh FortiGate

  • View
    581

  • Download
    4

Embed Size (px)

Text of 03-Cau hinh FortiGate

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh FortiGateNguyn Hu Tin Hyperlogy JSC.

Ni dungCu hnh FortiGateCu hnh giao din, zone, a ch, cc dch v, di ch policy, profile, profile,

Theo di hot ng ca FortiGate hoTrang theo di trng thi tr th Theo di log Dng lnh trn mn hnh console

Hyperlogy JSC.

2

Cc cch cu hnh FortiGateWeb: http, https CLI: Console, Telnet, Secure Shell FortiManager: SNMP FortiManager:

Hyperlogy JSC.

3

Copyright 2007 Hyperlogy JSC.

1

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Giao din web diM trnh duyt v g vo a ch v d tr duy ch nh sau: sau:http://192.168.1.1 https://192.168.1.1 Mn hnh ng nhp s hin ra nh sau: nh hi sau:

Hyperlogy JSC.

4

Giao din web di

Hyperlogy JSC.

5

Giao din web di

Hyperlogy JSC.

6

Copyright 2007 Hyperlogy JSC.

2

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Giao din web diNAT/Route Mode Ch ny l ch mc nh. Mi interface l mt mng khc nhau. Cho php Firewall hot ng nh mt gateway Transparent Mode Firewall hot ng nh mt cu ni. Qun l Firewall qua mt a ch IP.Hyperlogy JSC. 7

Cu hnh zoneSystem->Network->Zone System- >Network-

Hyperlogy JSC.

8

Cu hnh zoneTrong phn cu hnh zone ta c th nhm ph th nh cc giao din vo cng mt zone. di Mc ch c th to lut cho zone gm th lu nhiu giao din cng map mt lut. nhi di lu Hin th lung thng tin gia cc giao din Hi th lu gi di trong cng mt zone nu chn block. chHyperlogy JSC. 9

Copyright 2007 Hyperlogy JSC.

3

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh giao din diSystem->Network SystemChn giao din cn cu hnh xong nhn Ch di nh Edit. Trong phn ny bn c th: ph thThay i a ch IP cho giao din. ch di Thay i cc giao thc truy cp qun tr th qu tr Firewall trn giao din ny. di Bt ch log khi lu lng qua giao din. ch l diHyperlogy JSC. 10

Cu hnh giao din di

Hyperlogy JSC.

11

Cu hnh UpdateMun update phi ng k sn phm trn Mu ph ph trang: trang:http://support.fortinet.com

C 2 cch update:Update bng tay. tay. Update t ng. ng.

Hyperlogy JSC.

12

Copyright 2007 Hyperlogy JSC.

4

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh UpdateUpdate bng tayUpdate Antivirus cho Firewall Update h iu hnh cho Firewall

Update IPS cho Firewall

Hyperlogy JSC.

13

Cu hnh UpdateUpdate t ng: ng:System->Maintenance->Update Center System- >Maintenance-

Hyperlogy JSC.

14

Cu hnh nh tuyn tuynh tuyn tnh (Static Route) tuy

Hyperlogy JSC.

15

Copyright 2007 Hyperlogy JSC.

5

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh nh tuyn tuyTo mt tuyn ng i t lp a ch trn tuy ch giao din ti ch qua mt gateway xc di nh. nh.V d:ch: 10.238.254.0/24 ch: Gateway: 192.168.2.3/24 Giao din: wan1 di Distance: 10 ( u tin nh tuyn) ( tuy

Hyperlogy JSC.

16

Cu hnh nh tuyn tuyPolicy Route

Hyperlogy JSC.

17

Cu hnh nh tuyn tuyMc ch ca Policy Route l nh tuyn tuy lung tin i theo mt ng xc nh trc lu tr khi map theo Static route bn ngoi. ngo Ch : ChS dng tnh nng ny khi thc s cn thit th thi Nm r c lung thng tin i qua cc giao din lu di Lut y c map theo kiu t trn xung di Lu ki xu d

Hyperlogy JSC.

18

Copyright 2007 Hyperlogy JSC.

6

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh nh tuyn tuyMc ch ca Policy Route l nh tuyn tuy lung tin i theo mt ng xc nh trc lu tr khi map theo Static route bn ngoi. ngo Ch : ChS dng tnh nng ny khi thc s cn thit th thi Nm r c lung thng tin i qua cc giao din lu di Lut y c map theo kiu t trn xung di Lu ki xu d

Hyperlogy JSC.

19

Cu hnh nh tuyn tuyMonitor

Hyperlogy JSC.

20

Cu hnh a ch ch

Hyperlogy JSC.

21

Copyright 2007 Hyperlogy JSC.

7

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh a ch chVo tn v lp a ch cn thm. ch thm. Mc ch: Khi to lut trong phn Policy c ch: lu ph th s dng cc vng a ch to ra. th ch ra. Phn Group l to mt nhm cc a ch Ph nh ch cn dng. . ng

Hyperlogy JSC.

22

Cu hnh dch vDch v

Hyperlogy JSC.

23

Cu hnh dch vCustom: To dch v theo ngi s dng ng

Hyperlogy JSC.

24

Copyright 2007 Hyperlogy JSC.

8

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh dch vNhm: To nhm dch v theo ngi s Nh nh ng dng

Hyperlogy JSC.

25

Cu hnh policyMc ny l mc quan trng nht ca tr nh Firewall. Cu hnh Policy cho php cc vng i vo ph nhau c s dng dch v g. V d:T Internal vo Wan1 c s dng dch v http. T Dmz vo Internal c s dng dch v LotusNote. LotusNote.Hyperlogy JSC. 26

Cu hnh policy

Hyperlogy JSC.

27

Copyright 2007 Hyperlogy JSC.

9

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh Policy

Hyperlogy JSC.

28

Cu hnh VIPVIP Chc nng dng map mt trang web hoc Ch ho mt dch v no trong mng ni b ra ngoi ngo internet thng qua mt a ch IP public bn ch ngoi. ngo VIP c 2 ch l Static nat v Port Forwarding. chStatic nat l nat tnh mt a ch tht t ngoi vo ch th ngo trong. trong. Port Forwarding l nat mt port t a ch ngoi vo ch ngo mt port trong ca mt a ch bn trong. ch trong.Hyperlogy JSC. 29

Cu hnh VIP

Hyperlogy JSC.

30

Copyright 2007 Hyperlogy JSC.

10

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh profileChc nng ny dng kch hot tnh Ch ho nng lc chn virus, chn file, chn spam, ch ch ch lc web, chng tn cng IPS. ch Mc nh c cc Protection Profile sau: sau:Strict, scan, web, unfiltered. Ngi s dng c th to thm cc Profile Ng th khc theo yu cu s dng. kh ng.

Hyperlogy JSC.

31

Cu hnh profile

Hyperlogy JSC.

32

Cu hnh ProfileTo mt Profile mi:

Hyperlogy JSC.

33

Copyright 2007 Hyperlogy JSC.

11

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh IPSIPS chng tn cng h thng do cc bug ch th ca chng trnh ng dng ang chy. tr chSignature: Cc mu tn cng ng dng sn c . Animaly: Tnh bt thng ca lung tin qua Animaly: th lu li. Nh icmp, v.v icmp, v.v

Hyperlogy JSC.

34

Cu hnh IPS

Hyperlogy JSC.

35

Cu hnh AntiVirusTnh nng ny chng cc loi virus c ch lo cp nht qua cc trung tm nghin cu nh ca fortinet trn ton th gii. to th gi Phn ny c 2 tnh nng chnh l Ph chFile block. Virus List.

Hyperlogy JSC.

36

Copyright 2007 Hyperlogy JSC.

12

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh IPS

Hyperlogy JSC.

37

Cu hnh AntiSpamSpam l mt vn rt ln trn th gii th gi hin nay. hi Vic lc chn spam rt kh khn do spam Vi ch kh c bin i di nhiu hnh thc khc bi d nhi th kh nhau. Ph bin nht by gi l th rc. nhau. Ph bi nh gi Trong firewall FG c tnh nng chng spam ch theo cc mc sau: sau:Fortiguard Antispam IP addressHyperlogy JSC. 38

Cu hnh AntiSpamDNSBL Email-address EmailMime Headers Banned Word

Hyperlogy JSC.

39

Copyright 2007 Hyperlogy JSC.

13

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh Web filteringTnh nng tip theo l lc web tiContent Block URL Block URL Exempt Category Block Script Filter

Hyperlogy JSC.

40

Cu hnh Lc Web

Hyperlogy JSC.

41

Cu hnh log v cnh boTrong phn log c hai phn chnh ph ph chCu hnh logt log hin th. hi th Thng bo qua email. Lc thng tin hin th log. hi th

Xem logXem event. Xem tn cng. cng. Xem virus tn cng. cng. Xem spam. Xem thng tin v trang c lc. Hyperlogy JSC. 42

Copyright 2007 Hyperlogy JSC.

14

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh log v cnh boTrong dng firewall cho doanh nghip va nghi ln v ISP c lp thm cng lu log. Cn xem log trn firewall c th xem log th trn mem. . mem Xem log trn thit b Fortilog. thi Fortilog.

Hyperlogy JSC.

43

Cu hnh log v cnh bo

Hyperlogy JSC.

44

Cu hnh CLINu s dng cu hnh qua cng console th c th s dng cc cng c sau: th th sau:HyperTerminal SecureCRT v.v.v. v.v.v.

Nu s dng cu hnh qua telnet,ssh th c th th s dng putty, command, SecureCRT. th SecureCRT.

Hyperlogy JSC.

45

Copyright 2007 Hyperlogy JSC.

15

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Cu hnh CLI

Hyperlogy JSC.

46

Cu hnh CLIS dng dng lnh c th kim tra c th ki gi tin ang i v debug c li xy ra trong qu trnh kt ni trn Firewall. qu tr V ddiagnose sniffer packet internal 'tcp and port 80 'tcp 80 diagnose debug application ike 7 diagnose debug enable

Hyperlogy JSC.

47

Cu hnh CLINu s dng cu hnh qua cng console th c th s dng cc cng c sau: th th sau:HyperTerminal SecureCRT v.v.v. v.v.v.

Nu s dng cu hnh qua telnet,ssh th c th th s dng putty, command, SecureCRT. th SecureCRT.

Hyperlogy JSC.

48

Copyright 2007 Hyperlogy JSC.

16

Cu hnh firewall FortiGate - Ti liu lu hnh ni b

Trn trng cm n ! trHyperlogy JSC.

Copyright 2007 Hyperlogy JSC.

17