Corporate 2 Template
O TO V CHUYN GIAOH THNG BO MT THNG TINCTY TNHH TH &TT MINH TRCT: 08 62966066Fax: 08 62966060Email: [email protected]: www.mtcsys.com.vnTrn Hi Minh
Email: [email protected]: 091 8397 2261Ni dungAstaro Security GatewayM hnh trin khaiGii thiu v cu hnh c bnCu hnh cc thng s mngQun tr
CISCO VLAN, VTP, STP Gii thiu v m hnh trin khaiHng dn cu hnh c bn Qun tr
Astaro Security Gateway
M hnh trin khaiSecuring central offices, branch offices and mobile workers
H thng mng bao gm nhiu vng khc nhau:Ngi dngMy chQun tr- internalInternet: externalDMZ: public server
4Gii thiu v TNH NNGAstaro Security GatewayKin trc Astaro Security Gateway
Central, browser-basedmanagement & reporting of all applications
VPN & wirelessextensions
Software Appliance
Flexible DeploymentVirtual Appliance
Integration of complete email, web& network protectionNetworking features for high availability and load balancing
Endpoint Security& Mobile Control
6Astaro - Thit b tt c trong 1/ SimComplete protection for your network Wireless Controller forAstaro Access PointsMulti-Zone (SSID) support Wireless Security
optionalURL FilterAntivirus & AntispywareApplication ControlWeb Security
optionaloptionalReverse ProxyWeb Application FirewallAntivirusWeb Application Security
Intrusion PreventionIPSec/SSL VPNBranch Office Security Network Security
optionalAnti Spam & PhishingDual Virus ProtectionEmail EncryptionMail Security
optionalStateful FirewallNetwork Address TranslationPPTP/L2TP Remote Access
Essential Firewall
Astaro 2008Astaro Overview Page 7Cc dng sn phm AstaroHardwareAppliance110/120220320425525625Multiple + REDEnvironmentSmall networkMedium networkMedium networkLarge networkLarge networkLarge networkLarge networks+ branchesNetwork Ports4886 & 2 SFP10 & 4 SFP10 & 8 SFPMultipleMax. recommended FW users10/8030080015003500500010000+Max. recommended UTM users10/3575200600130020005000Software Appliance *Runs on Intel-compatible PCs and serversVirtualAppliance *VMware Ready & Citrix Ready certified Runs in Hyper-V, KVM, and other virtual environments
Astaro 2008Astaro Overview Page 812 bc cu hnh asgAstaro Security GatewayBc 1 Khi ng3. Cp ngun v Khi ng thit bDefault IP: Astaro hardware: https://192.168.0.1:44444. t IP my tnh lp mng 192.168.0.x Dng web browser vo webadmin
1. Kt ni port eth0 vo switch ni b2. Kt ni port eth1 vo modem ADSL Lu chp nhn Certificate khi browser bo liBc 2 Thit lp tn t chc
Hostname: tn ca thit b trong domainCompany: tn t chcCity: thnh phCountry: VietnamUser admin password: xxxEmail ca adminBc 3 ng nhpRefresh v vo trang ng nhp. Nhp user admin, password va mi t vo qun tr
Bc 4: Ci t theo Winzard
Click Next tip tcBc 5: t IP LAN
t IP port LANBt DHCP cp IP cho my tnh14Bc 6 Ci t cng WAN
Chn interface: eth1Chn type: DSL PPPoEUsername: do nh cung cp ADSL cpPassword: do nh cung cp ADSL cpBc 7 Thit lp Firewall
Cho php nhng dch v ngi dng bn trong c th ra ngoiBc 8 Chng xm nhp
Bt h thng chng xm nhpBc 9 IM / P2P
Chn IM chattingChn P2P download(ty chn)Bc 10 Web proxy
Thit lp Web proxy(ty chn)Bc 11 Thit lp Mail Proxy
Thit lp Mail proxy(ty chn)Bc 12 - Tng kt cc thng s
Bm finish hon thnh ci tWebadmin
TheThrobberGiao din WebAdmin Main-MenuSubmenus appear when clickedRelease InformationLogin InformationContext-HelpRefreshThe Dashboard23Cu trc menu
Chn menu chnh xut hin cc menu bn diMi menu c nhiu Tab
Tm menu theo keywords
nh ngha i tng: Definitionsnh ngha cc i tng
S dng tn thay v IP addressesD dng thay i v troubleshootingC th ko th i tng d dng, nhanh chng Drag&Drop (DnD)
Cc loi i tng thuc NetworkHostDNS HostDNS GroupNetworkMulticast groupNetwork groupAvailability Group
25Network Interfaces Thit lp kt ni WAN cho thit bType: DSLHardware: eth1Username/pass ADSLMTUDefault route
26Network Settings- Static Routingnh ngha lm sao n mt lp mng no 3 loi routing:Interface routePackets c gi n trc tip port LANS dng dynamic interfaces (PPP), lc ny khng bit chnh xc gatewayGateway routePackages c gi n 1 router, IP : the next hop.Blackhole routePackets s b qua, khng routing.
.Default route c thit lp Interface.
27Network Services - DNSGlobal:Cho php nhn request t ALLOWED NetworksForwardersChuyn DSN requests n DNS servers bn ngoi hoc bn trong.Static EntriesMappings of hostnames to IP addresses.
28Network Services - DHCP ServerDHPC in ASG can be used to assign basic network parameters to client hosts. DHCP service can run on multiple interfaces, with each interface having its own configuration set. Make the following settings:InterfaceThe NIC from which the IP addresses should be assigned to the clients.Range start/end IP range to be used as an address pool on that interface. Range must be inside the network attached to the interface.DNS Server 1/2: IP addresses of the DNS servers.Default gatewayDomain nameTime after the IP addresses have to be refreshed (lease)Choose if you want have the DHCP server assign IP addresses only to clients that have an entry on the Static MAC/IP Mappings tab.WINS node typeDepending on WINS node type selection, the WINS Server text box appears where you must enter the IP address of the WINS server. The following WINS node types are available: B-, P-, M-, H-Nodes. WINS serverThe IP address of the WINS server (depending on the selected WINS node type).
29Network Services DHCP Static MappingC th gn IP c nh cho mt MAC AddressS dng packet filter rules thit lp chnh sch lc gi tin cho IP c gn.IP gn tnh nn nm ngoi vng cp ca DHCP Pool trnh trng IP.Xem bng Lease Table thy cc IP cp v ngy bt u, ngy ht hn.
30Chnh sch Bo mt mngAstaro Security Gateway Phn 2
Packet Filter TableDefault View Packet Filter TableEdit
Delete
CloneGroup nameOrderSourceDestinationActionandServiceDescription(optional)Activate/Deactivate32Packet Filter Thng sPacket filter engine ca ASG c lc biSource IPProtocol/ServiceTarget IP
Cu hnh Rules s dng cc Definition.
Cc rule trong bng c sp xp th t u tin t trn xung di..
Cc chnh sch c th thit lp:Allow : cho phpDrop : t chi v khng thng boReject : t chi v thng bo gi tin b t chi
Bt k hnh ng cho php c ty chn logging ghi traffic vo logNu khng c rule no match ng vi gi tin th gi tin s b t chi v ghi nhn li.
33Packet Filter Cc cu hnh khcRules:
Ni lu tr bng packet filter rule.ICMP:
iu khin cc hnh vi ca giao thc ICMP.Advanced:
Cc ty chn khc v IP Stack v cc thit lp nng cao.
Ngn theo a l:
Trn nn tng thng tin ca GeoIP cc packet c th b chn theo tng v tr a l, vng min. 34Packet Filter Thm/sa ruleGn vo mt group Name
Tn ca ruleChuyn rule n mt v tr trn bng rule
The sources:IP or GroupThe service:TCP/UDP/IPThe destinations:IP or GroupWhat to do: Action: Allow, Drop or RejectWhen to do:The timeLog Packets:Yes or NoComment:Whatever helpsThm rule mi
Sa rule
35Network Address Translation / Khi nim v NATAstaro Security Gateway cung cp 3 loi NAT khc nhau:Masquerading: Bt kh nng s dng IP private i ra ngoi Internet. Nhiu ngi dng chung 1 IP public.DNAT: Chuyn traffic n t bn ngoi vo my ch bn trong h thng ni b. SNAT: i IP ngun ca packet. Trng hp c nhiu IP public. Email server i 1 IP, Web Server i 1 IP khc.
RFC 1918-IP172.16.65.0/24Official IP 209.97.208.10036Intrusion prevention systemAstaro Security GatewayThit lp chng xm nhp
Lp mng c bo vBt / tt IPSXem live logThit lp chng xm nhp (tt)
Bt/Tt chng Port Scan t bn ngoi internetQun trAstaro Security GatewayKim tra Log
Xem LOGXem LOG Thi gian thcXa LOGTm kim trong LOGXem log trong trong thi gian trcXem bo co
Ngy, tun, thng, nmHardwareNetworkWebMailRemoteT ng gi bo co nh k
Gi report hng ngy v ngi qun trSao lu v phc hi cu hnh
To backupUpload backupTi v backupPhc hi backupT ng sao lu cu hnh theo ngy, tunT ng sao lu cu hnh
T ng sao lu cu hnh theo ngy, tunGi bn sao lu qua emailnh k theo tunCp nht firmware
T ng cp nht v ci t mu tn cng miT ng kim tra bn cp nht miClick ci t khi c bn cp nht miPhc hi cu hnh v mc nh
Phc hi cu hnh v mc nh bng LCD trn hardware - 1. Nhn Enter - 2. Nhn nt mi tn xung 2 ln. Dng ch Factory Reset xut hin - 3. Nhn Enter. LCD hin dng ch No. - 4. Nht nt mi tn xung ng (Yes) - 5. Nhn Enter, qu trnh reset bt u - 6. Thit b t ng tt ngun, cn bt ngun liPhc hi cu hnh v mc nh (tt)
Phc hi cu hnh mc nhReset passwordHNG DN CU HNH VTP, VLANS, STP TRN CISCO SWITCH49Gii thiu m hnh trin khai
THNG TIN- TO KT NI RING- CU HNH CC VTP- CU HNH TRUNK- CU HNH VLANS- CU HNH STP CHO RING
KT NI RING - TO KT NI RING
CU HNH VTPTrng HBK TP.HCM - Khoa Khoa hoc & Ky thut may tinh 200853Computer Network 2- S1_3750(config)#vtp mode server Device mode already VTP SERVER. - S1_3750(config)#vtp domain hvhq Changing VTP domain name from NULL to hvhq- S1_3750(config)#vtp password cisco Setting device VLAN database password to cisco - S2_3560(config)#vtp mode client Setting device to VTP CLIENT mode. - S2(config)#vtp domain hvhq Domain name already set to lab4.Cu hnh VTP- S2_3560(config)#vtp password cisco Setting device VLAN database password to cisco - S3_3560(config)#vtp mode client Setting device to VTP CLIENT mode. - S3_3560(config)#vtp domain hvhq Changing VTP domain name from NULL to lab4 S3_3560(config)#vtp password cisco Setting device VLAN database password to ciscoCu hnh TRUNK- S1_3750(config)#interface range gi0/1-2- S1_3750(config-if-range)#switchport mode trunk- S1_3750(config-if-range)#switchport trunk encap dot1.q- S1_3750(config-if-range)#no shutdown- S1_3750(config-if-range)#endCu hn
