Shunze ¾Ç¶é >¸ê°T³]³Æ±M°Ï >Sophos XG > ¡m¤À¨É¡nV18ª©¤Æ²¬°Ác¡H «¢Åo¡AÁÙ¨S¦³µù¥U©ÎªÌµn¤J¡C½Ð§A[µù¥U|µn¤J]
« ¤W¤@½g¥DÃD ¤U¤@½g¥DÃD » Åã¥Ü¦¨¦C¦L¼Ò¦¡ | ¼W¥[¨ì§Úªº³Ì·R
µoªí·s¥DÃD µoªí¦^ÂÐ
§@ªÌ
¥DÃD
shunze
¤u¤Í§B§B


µù¥U¤é´Á: 2002 04
¨Ó¦Û: ¼é¦Á²×¤î¤§¦a
¤å³¹: 2370

shunze Â÷½u
¡m¤À¨É¡nV18ª©¤Æ²¬°Ác¡H¤Þ¥Î¦^ÂÐ ½s¿è/§R°£¤å³¹ ·j´M¥Ñ  µoªíªº¨ä¥L¤å³¹ ¦^³øµ¹ª©¥D IP ¦ì¸m ¦^¦¹­¶³Ì¤W¤è

Sophos SFOS¦ÛV18ª©«á°µ¤F­«¤jÅÜ­²¡A±N­ì¥»³æ¤@firewall rule¥i¥H§¹¦¨ªº¤u§@¡A
µw¬O¤À©î¦¨¤TºØ³W«h¨Ó¨ó¤O¹F¦¨¡C
¹ï¬J¦³V17ª©ªºuser¨Ó»¡³y¦¨¤F¤£¤pªº½ÄÀ»¡A
¤]ÄAÂФFSophos¥H©¹ªº¤f¸¹ Security made Simple¡C



¤£¹LV17.5ª©²´¬ÝµÛ´N­n¦b2021/11/30¥þ­±°±¤î§Þ³N¤ä´©¡A
¤Æ²¬°Ác¡A¤É¯Å¨ìV18¡A¦ü¥G¤]¬O¤@­Ó¤£±o¤£­±¹ïªº°ÝÃD¤F...


SFOS¦bV18¶}©l¡A§â­ì¥»§t¦bfirewall rule¤¤ªºNAT³W«h¡A¤À©î¦¨¤@­Ó¿W¥ßªº­¶­±¡A
¦pªG­ì¥»ªºfirewall rule¨Ã¤£»Ý­n°µ¨Ó·½©Î¥Øªº¦aªºNAT¡A
¨Ò¦pLAN to DMZ©Î¬OVPN to LAN³o¼Ëªº³W«h¡A
¨º»ò¨Ã¤£»Ý­n¥h¼W¥[NAT³W«h¨Ó¹ïÀ³­ì¥»ªºfirewall rule¡A¥Ñ³o±øfirewall rule§Y¥i¿W¥ß¹F¦¨¡C

¦ý¤Ï¹L¨Ó»¡¡A¦pªG­ì¥»ªºfirewall rule»Ý­n°µNAT¡A
¤£½×¬O¤º¨ì¥~¡A±N¤º³¡¨p¦³µêÀÀIPÂনXG¤¶­±IP¦A³s¥~ªº¨Ó·½ºÝNAT (SNAT)¡A
©Î¬O´£¨Ñ¥~³¡IP³s¨ì¤º³¡¨p¦³µêÀÀIP¦øªA¾¹ªº¥Øªº¦aºÝNAT (DNAT)¡A
¨º´N»Ý­nNAT³o­Ó·s­¶­±ªº³W«h¡C

¥H¤U§Ú­Ì´N¨Ó¬Ý¬ÝSNAT»PDNAT¸Ó¦p¦ó³]©w¡C



♥¶¶¤l¦Ñ±Cªººô©ç¡A½Ð¦hÃö·Ó¡ã

If you don't like something, change it.
If you can't change it, change your attitude.
Don't complain!




2021-10-06, 15:31 shunze ªº­Ó¤H¸ê®Æ §â shunze ¥[¤J¦n¤Í¦Cªí µo°eEmailµ¹ shunze ÂsÄý shunze ªººô¯¸ MSN : shunze@gmail.com
shunze
¤u¤Í§B§B


µù¥U¤é´Á: 2002 04
¨Ó¦Û: ¼é¦Á²×¤î¤§¦a
¤å³¹: 2370

shunze Â÷½u
¨Ó·½ºÝNAT³W«h (SNAT)¤Þ¥Î¦^ÂÐ ½s¿è/§R°£¤å³¹ ·j´M¥Ñ  µoªíªº¨ä¥L¤å³¹ ¦^³øµ¹ª©¥D IP ¦ì¸m ¦^¦¹­¶³Ì¤W¤è

¦b¤º¨ì¥~ªº¨Ó·½ºÝSNAT³W«h¤W¡A
SFOS¤w¦³¤@±ø¤º«ØªºSNAT³W«h - Default SNAT IPv4¡C
³z¹L³o±ø³W«h·|§â¤º³¡¥h¨ì¥~³¡public IPªº©Ò¦³traffic¡A²Î¤@¶i¦æSFOS¤¶­±IPªºMASQÂà§}«á¡A¦A³s¨ì¥~³¡¡A
Åý¤º³¡¨ì¥~³¡public IP¯à°÷¥HSFOSªº¤¶­±IP¥h³X°Ý¡A¦Ó¤£¬O¥H¤º³¡µêÀÀIP¥h»r©b¡C
³o±ø³W«h¹w³]¾A¥Î©ó©Ò¦³¤º³¡IP¡A¥]§tLAN¡BDMZ¡BWifi¡BVPNµ¥zone¹ï¥~ªº¬y¶q¡C



¤£¹L­Y¬O¦ÛV17ª©¤É¯Å¨ìV18ª©¡A³o±ø¹w³]SNAT³W«h¬O³Q°±¥Îªº¡A
¥i¥H¦b²M¾ã©Ò¦³¤º¹ï¥~ªº³W«h«á¡A¦A±Ò¥Î³o±ø³W«h¨Ó¨ú¥N¡C

§Ú­Ì­Y·Q³]©w¤£¦P¨Ó·½IP©Ò¹ïÀ³ªºSNAT¹ï¥~³W«h®É¡A¥i¥H°Ñ¦Ò³o±ø¹w³]³W«h¨Ó³]©w¡A
¥u­n§â¨Ó·½ºÝ¹ïÀ³¨ì·Q­n®M¥ÎªºIP°Ï¬q§Y¥i¡C

¥t¥~¡A­Y¤¶­±¤W¦³¦h­Óalias IP¥i¥Î¡A¹ï¥~·Q¥Î¤£¦Pªºalias IP¥h³sµ²¡A
«h¥i¥H¦bMAQS IP³oÃä±a¤W§A­nªºalias IP¥h¨ú¥N¡C



♥¶¶¤l¦Ñ±Cªººô©ç¡A½Ð¦hÃö·Ó¡ã

If you don't like something, change it.
If you can't change it, change your attitude.
Don't complain!




2021-10-06, 15:32 shunze ªº­Ó¤H¸ê®Æ §â shunze ¥[¤J¦n¤Í¦Cªí µo°eEmailµ¹ shunze ÂsÄý shunze ªººô¯¸ MSN : shunze@gmail.com
shunze
¤u¤Í§B§B


µù¥U¤é´Á: 2002 04
¨Ó¦Û: ¼é¦Á²×¤î¤§¦a
¤å³¹: 2370

shunze Â÷½u
¥Øªº¦aºÝNAT³W«h (DNAT)¤Þ¥Î¦^ÂÐ ½s¿è/§R°£¤å³¹ ·j´M¥Ñ  µoªíªº¨ä¥L¤å³¹ ¦^³øµ¹ª©¥D IP ¦ì¸m ¦^¦¹­¶³Ì¤W¤è

¦b´£¨Ñ¹ï¥~ªA°Èªº¥Øªº¦aºÝDNAT³W«h¤W¡A
¶¶¤l«Øijªì¦¸±µ¤âªº¤uµ{®v³z¹LDNATºëÆF¨Ó«Ø¥ß¡C
¤£¹L¥ÑDNATºëÆF«Ø¥ßªº³W«h¤£¨£±o§¹¥þ¾A¥Î¡A¥i¯à»Ý­n­×§ï¨ä¤º®e¡A
¥Ñ§Ú­Ì¥i¥Ñ³o¼Ëªº½d¥»³W«h¨Ó«Ø¥ß²Å¦X¦Û¤v»Ý¨Dªºfirewall»PDNAT rule¡C

°²³]SFOS¤Wªº°tÓ_¦p¤U¡A
Port1 LAN 192.168.23.1/24
Port2 WAN 123.123.123.1/24
Port3 DMZ 172.18.10.254/24

§Ú­Ì­n«Ø¤@±øDNAT³W«h¡AÅýDMZ°ÏªºFTP server 172.18.10.1¯à°÷´£¨Ñ¹ï¥~ªA°È¡A
¨º»ò§Ú­Ì¥i¥H¥ý«Ø¥ß¤@±ø¦p¤Ufirewall rule¡C



µM«á¦A«Ø¥ß¦p¤U¹ïÀ³ªºDNAT rule¡A±N³s±µ¨ìXG¤¶­±ªºFTPªA°ÈÂà¨ì¤º³¡ªº172.18.10.1 FTP server¡C



°ò¥»¤W³z¹L¥H¤W¨â±ø³W«hªº¨ó¤O¦X§@¡A´N¥i¥HÅýFTP Server³z¹LXG¤WWAN IP´£¨Ñ¹ï¥~ªA°È¤F¡ã



♥¶¶¤l¦Ñ±Cªººô©ç¡A½Ð¦hÃö·Ó¡ã

If you don't like something, change it.
If you can't change it, change your attitude.
Don't complain!




2021-10-06, 15:33 shunze ªº­Ó¤H¸ê®Æ §â shunze ¥[¤J¦n¤Í¦Cªí µo°eEmailµ¹ shunze ÂsÄý shunze ªººô¯¸ MSN : shunze@gmail.com
shunze
¤u¤Í§B§B


µù¥U¤é´Á: 2002 04
¨Ó¦Û: ¼é¦Á²×¤î¤§¦a
¤å³¹: 2370

shunze Â÷½u
Loopback³W«h (SNAT+DNAT)¤Þ¥Î¦^ÂÐ ½s¿è/§R°£¤å³¹ ·j´M¥Ñ  µoªíªº¨ä¥L¤å³¹ ¦^³øµ¹ª©¥D IP ¦ì¸m ¦^¦¹­¶³Ì¤W¤è

¦p¤W±¡¹Ò¡A°²³]DMZ°Ïªº¨ä¥¦¥D¾÷¤]·|³z¹LXG¤Wªº¥~³¡IP¨Ó³s¨ì¦P¬°DMZ°ÏªºFTP Server¡A
¨º»ò±¡¹Ò¤W¦³¤°»ò¤£¦P©O¡H

³oºØ¦Pºô¬q¹q¸£¡A³s¨ìSFOSªº¥~³¡IP«á¦A¾É¦^¦Pºô¬q¥D¾÷ªº¤º³¡ªA°Èªº»Ý¨D¡A
¦bCyberoam¨t¦C¤Wªº¨¾¤õÀð³£¥²»Ý³z¹LLoopback³W«h¨Ó¹F¦¨¡C
Loopback¸Ô²Ó»¡©ú¥i°Ñ¦Ò ³o½g¡C

Loopback³W«h¤@­Ó³]©w¤Wªº­«ÂI´N¬O­n°µSNAT¡I
¦Ó­ì¥»¹ï¥~ªA°Èªº³W«h¤w¸g°µ¤FDNAT¡A
©Ò¥H³o±øloopback³W«h±N¦P®É¶i¦æSNAT»PDNATÂà§}¡A
³o¬Oloopback³W«h³]©w¤W³Ì¯S§Oªº¦a¤è¡I



Loopback³W«h§¹¦¨«á¡A¦A§â­ì¥»firewall ruleªºsource zone¥[¤WDMZ¡A
¦P®É¤¹³\¨Ó¦Û¢åAN»PDMZªº³s½u¡A³o¼Ëloopback³W«h´N§¹¦¨¤F¡ã

¨º¨ä¥¦¤º³¡zone¥h¦s¨úDMZªº¥~³¡ªA°È®É¡A¤]»Ý­n³z¹Lloopback¨Ó§¹¦¨¶Ü¡H
¨ä¹ê­n³z¹Lloopback¨Ó¾É¦V¤]¤£¬O¤£¦æ¡A
¦ý³z¹Lloopback¾É¦V«á¡A¦]¬°°µ¤FSNAT¡A©Ò¥HªA°Èserver¬Ý¨ìªº¨Ó·½IP²Î¤@·|Åܦ¨XGªº¤¶­±IP¡A
µLªk¥¿½TÃѧO¨Ó·½IP¡A¦w¥þ©Ê¸û§C¡A¦]¦¹¤£«Øij³z¹Lloopback³W«h¨Ó¾É³q¡A
³oºØ±¡§Î¶¶¤l«Øij¦b­ì¨Óªºfirewall rule¤¤¡Aª½±µ§â¤º³¡zone¥[¶i¥hsource zone§Y¥i¡C

¥B¥H¤W­z½d¨ÒÀô¹Ò¨Ó»¡¡ALAN¨ìDMZªº¥~³¡ªA°ÈIP¦A¾É¦^DMZ¡A¨Ã¨S¦³¤£¹ïºÙ¸ô¥Ñªº°ÝÃD¡A¤£»Ý­n°µSNAT¡A
©Ò¥H°£¤F¬Û¦Pzoneªº¦s¨ú¥H¥~¡A¨ä¥¦¤º³¡zone¥h¦s¨ú¥~³¡ªA°È¡A³z¹L°ò¥»ªºDNAT´N¥i¥H¹F¦¨¡C

¦Ó¦b¹ï¥~ªA°È¦P®É¦³DNAT»PLoopback³W«hªº±¡ªp¤U¡A
³o¨â±øªºÀu¥ý¶¶§Ç¸Ó¦p¦ó±Æ¦C©O¡H


¥Ñ©óloopback³W«hªº¨Ó·½½d³ò¸û¤p¡A¥uÂê©w¦b»PªA°È¥D¾÷©ÒÄݪººô¬q¡F
¦ÓDNATªº¨Ó·½½d³ò¬OAny¡A©Ò¥H¦b®M¥Î®É¡AÀ³¸Ó¬O¥ýloopback³W«h¡AµM«á¤~¬ODNAT³W«h¡C



♥¶¶¤l¦Ñ±Cªººô©ç¡A½Ð¦hÃö·Ó¡ã

If you don't like something, change it.
If you can't change it, change your attitude.
Don't complain!




2021-10-06, 15:34 shunze ªº­Ó¤H¸ê®Æ §â shunze ¥[¤J¦n¤Í¦Cªí µo°eEmailµ¹ shunze ÂsÄý shunze ªººô¯¸ MSN : shunze@gmail.com
shunze
¤u¤Í§B§B


µù¥U¤é´Á: 2002 04
¨Ó¦Û: ¼é¦Á²×¤î¤§¦a
¤å³¹: 2370

shunze Â÷½u
SD WAN Policy Route¤Þ¥Î¦^ÂÐ ½s¿è/§R°£¤å³¹ ·j´M¥Ñ  µoªíªº¨ä¥L¤å³¹ ¦^³øµ¹ª©¥D IP ¦ì¸m ¦^¦¹­¶³Ì¤W¤è

¶¶¤l¦b³o½g¤å³¹¤@¶}©l´N´£¨ì¦ÛV18«á¡§±N­ì¥»³æ¤@firewall rule¥i¥H§¹¦¨ªº¤u§@¡Aµw¬O¤À©î¦¨¤TºØ³W«h¨Ó¨ó¤O¹F¦¨¡¨¡A
²{¦b¦³firewall rule¡A¦³NAT rule¡A¨º²Ä¤TºØ³W«h¬O¤°»ò¡H

²Ä¤TºØ³W«h´N¬OSD WAN Policy Route¡C

­ì¥»¦bV17¤¤¡A¥i¥Hª½±µ¦bfirewall ruleùØ«ü©w³o±ø³W«h­n³z¹L­þ¤@­ÓWAN port³s¥~¡A
³o­Ó¥\¯à¦bV18¤¤¤]³Q­é¹Ü¤F...

¦bV18ª©¤¤¡A¦hWANªº±¡¹Ò¤U¡A­n«ü©w³z¹L­þ¤@­ÓWAN³s¥~¡A
²{¦b¥u¯à³z¹LSD WAN Policy Route¨Ó³]©w¤F...



¥t¥~¡A­Y±z¬O¥ÑV17¤Éª©¨ìV18¡A¦b³o­ÓSD WAN Policy Route­¶­±ÁÙ¥i¥H¬Ý¨ì³]©w³Q²¾Âà¹L¨Óªº¹ï¥~²ÕºA³]©w¡C



³o­Ó²¾Âà¹L¨Óªº²ÕºA³]©w¥u´£¨Ñ­×§ï»P§R°£ªº¥\¯à¡A
­n«Ø¥ß·sªº¹ï¥~ºÝ¤f³]©w¡A´N¥u¯à³z¹L·sªºSD WAN Policy Route¨Ó«Ø¥ß¤F¡C

³Ì«á´£¿ô¤@¤U¡A­Y¦³¨Ï¥ÎSD WAN policy Routeªº¸Ü¡A¶¶¤l«Øij°Ñ¦Ò ³o½g ½Õ¾ã¸ô¥ÑªºÀu¥ý¶¶§Ç¬°vpn static sdwan_policyroute¡A
¦]¬°¹w³]ªº¸ô¥ÑÀu¥ý¶¶§Ç¦b¦³site to stie VPN»PÀRºA¸ô¥Ñªº±¡ªp¤U¬O¤£¾A¦Xªº¡C


§Ú­Ì©h¥B¤£½×V18¦bfirewall UI¤W¤£«Kªº¦a¤è¡A
¦ý³W«h¤@©î¤T¡A«ç»ò¬Ý³£¬O¤Æ²¬°Ác¡A¦³¹HSophosªºªì°J¡I

¤£¹L¦bV17´N­n¦b2021/11/30°±¤î¤ä´©ªº±¡ªp¤U¡A
©Î³\¤]¸Ó¬O®É­Ô¡A¬D­Ó¾A¦Xªº®É¶¡¤É¯Å¨ìV18¤F...



♥¶¶¤l¦Ñ±Cªººô©ç¡A½Ð¦hÃö·Ó¡ã

If you don't like something, change it.
If you can't change it, change your attitude.
Don't complain!




2021-10-06, 15:39 shunze ªº­Ó¤H¸ê®Æ §â shunze ¥[¤J¦n¤Í¦Cªí µo°eEmailµ¹ shunze ÂsÄý shunze ªººô¯¸ MSN : shunze@gmail.com
  « ¤W¤@½g¥DÃD ¤U¤@½g¥DÃD »
µoªí·s¥DÃD µoªí¦^ÂÐ
¸õ¨ì:

Powered by: Burning Board 1.1.1 2001 WoltLab GbR