stone gate firewall
DESCRIPTION
Stone Gate FirewallTRANSCRIPT
-
STONEGATE FIREWALL 5.2
-
2 , , , Stonesoft:www.stonesoft.com/en/support/eula.html
StoneGate . - Stonesoft:
www.stonesoft.com/en/support/third_party_licenses.html
, , , . (), " ", (DOD Supplement to the Federal Acquisition Regulations -DFAR) 252.227-7013(c) (1). , , 52.227-19(c) (2) (Federal Acquisition Regulations - FAR). , , .
, , N:o 1334/2000 22 2000 ., ( ). , Stonesoft .
, , , , - Stonesoft:www.stonesoft.com/en/support/view_support_offering/terms/
- Stonesoft:www.stonesoft.com/en/support/view_support_offering/return_material_authorization/
. - Stonesoft:www.stonesoft.com/en/support/view_support_offering/terms/
, : 1065844, 1189410, 1231538, 1259028, 1271283, 1289183, 1289202, 1304849, 1313290, 1326393, 1379046, 1330095, 131711, 1317937 1443729 6,650,621; 6 856 621; 6,885,633; 6,912,200; 6,996,573; 7,099,284; 7,127,739; 7,130,266; 7,130,305; 7,146,421; 7,162,737; 7,234,166; 7,260,843; 7,280,540; 7,302,480; 7,386,525; 7,406,534; and 7,461,401 , . Stonesoft, Stonesoft StoneGate, Stonesoft Corporation. .
, " " Stonesoft , , , . IP- . 2011 Stonesoft Corporation. . .
Revision: SGFIG_20110222
-
1 StoneGate 7 . . . 8
2IP
3
4Serve
5 31 . . . . . . . . . . . . . . . . . . 323
. . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . 9 . . . . . . . . . . . . . 9 . . . . . . . . . 9 . . . . . . . . . . . . . . . 10 . . . . . . . . . . . . . . . . 10 . . . . . . . . . . . . . . . 10 . . . . . . . . . . . . . . . 10 . . . . . . . . . . . . . . . . . . . . . . . 10 . . . . . . . . . . . . . . . . . . . . . 10
13 StoneGate . . . 14 . . . . . . . . . . . . . . 15 . . . . . . . . . . . . . 15 . . . . . . . . . . . 16 . . . . . . . . . . 16 . . . . . . . . . . . . . 16 . . 16 . . . . . . . . . . . . . . . . . . 16 . . 17
. . 19 . . . . . . 20 . . . . . . . . . . . . . . . . . 20 . . . . . . . . . . 21 . . . . . . . . . . . . . . . . . . . 21
NAT . . . . . . . . . . . . . . . . 23 NAT . . . . . . . . . . 24 . . . . . . . . . . . . . . . . . 25 Locations. . . . . . . . . . . . . . . . . 25 SMC r . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
. 32 . . . . . . . . . . 32 . . 33 . . . . . 34 VLAN- . . . . . . . . . . . . . . . . . . 35 ADSL . . . . . . . . . 36 IP , VLAN , ADSL . . . . . . . . . . . . . . . . . . . . . . . . 38 IPv4 . . . 38 VLAN . . . . . . . . . . . . . . . . . . . . . . . . 40 IPv6 . . . 41 IP 41 . . . . . . . . 44 . 45 . . . . . . . . . . . . . . . . . . . 46
6 49 . . . . . . . . . . . . . . . . . . 50 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 . . . . . . . . . . 50 . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 . . . . . 52 VLAN- . . . . . . . . . . . . . . . . . . 54 IP . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 IPv4 . . . . . . . . . . . . 55 . . . . . . . . . . 57 . . . . . . . . . . . . . . . . . . . . . . . 59 ARP . . . . . . 61 . . . . . . . . . . . . . . . . . . . 62
-
4 7 . . . . 65 . . . . . . . . . . . . . . . . . . 66 . . . . . . . . . . . . . . . . . . . 66 . . . . . . . . . . . . . . . . . . . 69
8 SingMultLimiExaOnlin
9Serv
Expert Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 . . . . . . . 102
10 . . . . . . . . . . . . . . . . . . . . . . . . . 107
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 . . . . . . . . . . . . . . 72 le Network Link . . . . . . . . . . . . . . . . . . . 73 i-Link. . . . . . . . . . . . . . . . . . . . . . . . . . . 75 . . . . . . . . 79. . . . . . . . . . . . . . . . . . . . . . . . 81 IP Address Count ted Licenses . . . . . . . . . . . . . . . . . . . . . 81 . . . . . . . . . . . . 82 NAT Rule mple Ping Rule . . . . . . . . . . . . . . . . . . . 85 . . . . . . . . . . . . . . . . . . 86 e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Intel . . . . . . . . 91 . . . . . . . . . . . 92 . . . . . . . . . . . . . . . . . 92 . . . . . . . . . . . . . . 92 . . . . . . . . . . . . . . . 92 . . . . . . . . . . 92 . . . . . . . . . . 93 . . . . . . . . . . . . . . . . . . . . . 93 . . . . . . . . . . . . . . . . . 94 USB flash . . . . . . . . . . . . . . 94 . . . . . . . . . . . . . . . . . . . 95 . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 . . . . . . . . 97 Management er . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Management Server. . . . . . . . 101
. . . . . . . . . 108 . . . . . . . . . . . . . . . . . 109 . . . . . . . . . . 109 . . . . 110 One Proof Code . . . . . . . . . . . . . . . . . 110 Multiple Proof Codes . . . . . . . . . . . . . 111 . . . . . . . . . . . . . . . . . . 112 . . . . . . . . . . . . . . . . . . 112 . . . . . . . . 113 . . . . . . . . 115 . . . . . . 115 ZIP . . . . . . . . . . . . . 116
A . . . . . . . . . . . . . 121 . . . . . . . 127 Management Center . . . . . . . . . . . . . . 128 /VPN . . . . . . . . . 130
. . . . . . . . . . . . . 135 . . . . . . . . . . . . . . . . . . . 136 . . . . 137 Management Center . . . . . . . . . . . . . 138 . . . 138
. . . . . . . . . . . . . . . . . . 141 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
-
5 :
StoneGate - 7
-
6
-
3
7STONEGATE
, StoneGate . .
: ( 8) ( 8) ( 10)
-
8 , StoneGate VPN (StoneGate Firewall/VPN). . , .
3 StoneGate
:
:
, , .
StoneGate : . StoneGate .
3.1
.
(, , ) .
, .
, .
.
.
, .
, .
-
Online Help F1, HelpHelp Topics, Help . , , , , . 3.1 Online Help9
a a . P PDF Management Center http://www.stonesoft.com/support/.
Table 3.2
(Reference Guide)
StoneGate. . StoneGate Management Center, Firewall/VPN, StoneGate IPS.
(Installation Guide)
, StoneGate. StoneGate Management Center, Firewall/VPN, StoneGate IPS SOHO .
(Online help) . "Help" "Help", F1 . StoneGate Management Client, StoneGate Web Portal StoneGate SSL VPN Administrator.
(AdministratorsGuide)'
. StoneGate Firewall/VPN StoneGate IPS, a StoneGate SSL VPN StoneGate IPsec VPN Client.
(UsersGuide)'
. StoneGate IPsec VPN client StoneGate Web Portal.
, .
-
10
(Appliance Installation Guide)
StoneGate ( , ..). StoneGate .
Table 3.2 3 StoneGate
StoneGate . StoneGate, . StoneGate Stonesoft: http://www.stonesoft.com/support/.
StoneGate : www.stonesoft.com/en/products_and_solutions/products/. StoneGate, (Release Notes), .
, StoneGate Stonesoft, : http://www.stonesoft.com/.
License Center Stonesoft: https://my.stonesoft.com/managelicense.do.
Stonesoft StoneGate. Support Stonesoft http://www.stonesoft.com/support/.
, . . [email protected].
-
12 3 StoneGate
-
: - 15
- 21 NAT - 2513
-
14
-
4
15
, , .
: StoneGate ( 16) ( 17) ( 17) ( 17)
-
16
StoneGate StoneGate firewall StoneGate Management Center StoneGate. StoneGate , . 16 , . StoneGate 4
Management Center (SMC).
StoneGate : : Multi-Layer . . , (UTM-unified threat management).
: . .
Multi-Link: Multi-Link , . Multi-Link , VPN .
QoS : .
: StoneGate , , .
: StoneGate , VPN Multi-Link. StoneGate ISP VPN-.
StoneGate Management Center StoneGate IPS: StoneGate Firewall/VPN StoneGate IPS Management Center .
SMC, . SMC StoneGate. SMC . SMC Reference Guide SMC, IPS Reference Guide StoneGate.
. , , StoneGate Management Center 5.0 . , StoneGate Administrators Guide.
-
, StoneGate , , StoneGate. .. ( 149).17
Management Center, , .
1. ( , . ) . . ( 21).
2. NAT , (Contact Addresses). . NAT ( 25).
3. Management Client. . ( 33), ( 53).
4. . . ( 71).
5. . StoneGate, . Appliance Installation Guide, .
, . Intel ( 99).6. . .
( 77).
Firewall/VPN Reference Guide, StoneGate.
:
, StoneGate Management Center 5.0 . , 5.0, ( 21).
-
18
StoneGate. Intel- . Hardware
Requirements : http://www.stonesoft.com/en/support/.
VMware. , (Release Notes). . /VPN StoneGate VMWare ESX StoneGate Technical Documentation. 4
, Linux. .
, , , , Management Center Management Client. , Management Server . , UTC Management Server. StoneGate UTC.
IP IP , , : IP - Cluster Virtual IP Address (CVI): IP , . IP , IP .
IP - Node Dedicated IP Address (NDI): IP , . IP , Management Server, ..
CVI / NDI .
, fail-over , . . . , , .
-
, , , . . , - . , , PortFast , / / StoneGate . 19
Multicast (. Online Help Administrators Guide ). .
. Packet Dispatch , . . Firewall/VPN Reference Guide . Packet Dispatch, , MAC . MAC , . CVI (Cluster Virtual IP Address), CVI (Cluster Virtual IP Addresses). Cluster Virtual IP Address , . , StoneGate ARP . , MAC . , , MAC . , Cluster Virtual IP Address .
-
20 4
-
5
21
.
: ( 22) ( 23) ( 23)
-
22
. 5.0 , . Generate and Install New Licenses Automatically SMC, Management Server Stonesoft License Center . 5
Management Server Stonesoft License Center , 5.0 30 . , Stonesoft License Center Management Server Management Client, . management-bound, POL (proof-of-license) . POS (proof-of-serial-number) . POS, . Management Server .
, .1. Stonesoft License Center. .
( 23).2. Management Client. . ( 23).
? ,
. NAT ,
. NAT ( 25) NAT ,
. :
( 33). ( 53).
-
Stonesoft License Center POL (proof-of-license - ) POS (proof of serial - , ). - . , 23
.
1. Stonesoft License Center www.stonesoft.com/license/.2. proof-of-license proof-of-serial number
Submit. .3. Register. .4. POL Management Server , .
, . , Management Client .
5. Submit Request. . .
, Management Client. , , . StoneGate
1. Management Client FileSystem Tools Install Licenses.
2. , .
. . .
-
24
1. Configuration
Administration. Administration Configuration.1 5
2. Licenses.
3. All Licenses. . management-bound, . POS , .
? NAT
, . NAT ( 25).
NAT , . , :
( 33). ( 53).
3
-
6
NAT 25 Locations , NAT .
: NAT ( 26) Locations ( 27) SMC Server ( 29)
-
26
NAT NAT , IP , . StoneGate ( 141). StoneGate Location NAT. Default Location , 6 NAT
Location. NAT , Location, , . Properties . , , Location , Location. 6.1 Locations
, , Management Log Server . NAT, , : IP SMC . , , .
IP . IP , VPN .
NAT ( ) IP . , , Management Server .
Log/Management Server
" " Location "" Location
-
Management Server , Management Server .
, Location, . SMC Location. , VPN , Location 27 Locations
.
, :1. Location. . Locations ( 27).2. Management Server Log Server. .
SMC Server ( 29).3. Location ()
, . . ( 33) ( 53).
Locations Location, NAT. , Location, IP . IP Properties . Location
1. Configuration Administration. Administration Configuration.
1
-
28
2. Other Elements . 6 NAT
3. Locations New Location. Location Properties.
4. Name.5. ().6. Add.7. 5-6, .8. OK.
5
-
, Locations.
? Management Server Log Server ,
. SMC Server ( 29).
, : ( 33)29 SMC Server
SMC ServerManagement Server Log Server Location. , , Multi-Link . Management Server Log Server
1. Properties. Properties .
2. Location .3. Contact addressesDefault.
IP , .
( 53).
-
30
4. Exceptions Location, (Default Contact Addresses) Locations .
4 6 NAT
.
, Location, IP . , Location, , Location.
? , .
( 33). , .
( 53).
-
31
: - 33
- 53 - 71
- 77
-
32
-
7
33
. Management Center StoneGate.
. Management Client. , Management Client.
: ( 34) ( 34) ( 36) VLAN ( 37) ADSL ( 38) IP , VLAN, ADSL
( 41) ( 48) ( 50)
-
34
StoneGate Management Center (SMC), . , ., , : 7
1. . . ( 34).
2. (Physical interfaces) . . ( 36).
3. ( ) ADSL . . ADSL ( 38).
4. ( ) . . ( 48).
5. management-bound . . ( 50).
Management Center , , . : (Control interface), Management Server /VPN. , , , .
: . Management Center, Interface ID. .
ADSL ADSL . StoneGate ADSL ADSL . ADSL StoneGate Interface ID ADSL Management Center.
3G, USB . Management Center. IMEI , ID, .
-
USB flash . USB flash ,
Interface ID Management Center (eth0 Interface ID 0 ..). , Modem Interface 0 .
, Interface IDs 35
. Interface ID .
, . , Online Help Management Client StoneGate Administrators Guide . (. ( 149)).
1. System Status. System Status
2. Firewalls NewSingle Firewall. Single Firewall Properties.
3. Name.
Interface ID ADSL .
1
2
-
36
4. Log Server, . 7
5. , Location (. NAT ( 25)).
, . : Normal . Aggregated Link in High-Availability Mode . . , .
Aggregated Link in Load-Balancing Mode . .
1. Interfaces.
2
-
2. NewPhysical Interface. Physical Interface Properties.37 VLAN
3. Interface ID. .
4. Type Second Interface ID, Type Aggregated Link. IEEE 802.3ad. Aggregated Link in Load-Balancing Mode, . , (LACP) LACP .
Aggregated Link in High-Availability mode, , .
5. OK. . .
VLANVLAN . 4094 VLAN- .
? VLAN, .
VLAN ( 37). ADSL Interface, . ADSL
( 38). , . IP , VLAN,
ADSL ( 41).
-
38
VLAN 1.
NewVLAN Interface. VLAN Interface Properties. 7
2. VLAN ID (1-4094).
3. OK. VLAN ID . , VLAN- .
, VLAN . VLAN Interface-ID.VLAN-ID, 2.100 Interface ID 2 VLAN ID 100.
ADSL ADSL . ADSL StoneGate, ADSL. ADSL ANSI T1.413 i2, G. Lite, Annex A.
VLAN ID VLAN ID VLAN .
? ADSL Interface, . ADSL
( 38). , IP ,
VLAN, ADSL ( 41).
-
ADSL 1. , Interfaces.39 ADSL
2. NewADSL Interface. ADSL Interface Properties.
3. Interface ID. ADSL .
4. Select , - (Service Provider). Select Element.
-
40
5. - Select. -, Ethernet ATM ( ). - , ISP New (. ). 7
Name Country . , . Type - - Ethernet over ATM.
6. OK, ADSL Interface properties.
ISP, Ethernet ATM , ADSL .
-
IP , VLAN, ADSL
, VLAN , ADSL IPv4 . VLAN IPv6 .
?41 IP , VLAN, ADSL
IPv4 IPv4 , VLAN ,
ADSL 1. , Interfaces.
2. Physical Interface VLAN NewIPv4 Address, ADSL Interface New IPv4 Address. IP Address Properties.
3. IPv4 Address.
IPv4 , . IPv4 ( 41).
IPv6 , . IPv6 ( 44).
IP , . IP ( 45).
4
-
42
4. Netmask, . . Network Address Broadcast IP Address .
?
NAT, . IPv4 ( 42). 7
IPv4 1. Contact Address Default Dynamic,
IP . Location.
VRRP VLAN , . VLAN ( 43).
IPv4 , OK. , IPv4 VLAN .
IPv6 VLAN , . IPv6 ( 44).
, . ( 48).
, ( 49).
-
2. Locations IP , Exceptions Location.
? VRRP VLAN ,
. VLAN ( 43).
IPv6 VLAN 43 IP , VLAN, ADSL
VLAN VRRP
1. VRRP Settings. VRRP Settings.
2. Enable VRRP.
, . IPv6 ( 44). , VLAN, ADSL
, (. ( 36), VLAN ( 37), ADSL ( 38)), IP ( 45).
, ( 48).
, ( 49).
1
-
44
3. ID, Priority, IPv4 Address .
2 7
4. OK.
IPv6 IPv6
1. , Interfaces.
2. VLAN NewIPv6 Address. Interface Properties.
? , VLAN, ADSL
, (. ( 36), VLAN ( 37), ADSL ( 38)), . IP ( 45).
, ( 48).
, ( 49).
2
-
3. IPv6 Address.4. Prefix Length (0-128).5. OK. , IPv6 .
?45 IP , VLAN, ADSL
IP IPv4 , VLAN, ADSL . IPv6 . IPv4 DHCP, ( ) IP . IP (. ( 48). IP Dynamic DHCP Index.
, ( 48).
, ( 49).
? ,
NAT, IP .
IP PPPoE, PPPoE ( 46).
IP , OK. ,
( 48). ,
( 49).
-
46
IP 1. , Dynamic
. Location. 7
2. Locations IP , Exceptions Location.
PPPoE1. PPPoE Settings. PPPoE Settings.
? IP PPPoE,
PPPoE. IP , OK. ,
( 48). ,
( 49)
1
-
2. Enable PPPoE.
247
3. User Name, Password, () Service Name. , -. Hide, .
4. OK.
3G .
1. , Interfaces.
? IP ,
OK. ,
( 48). ,
( 49).
2
-
48
2. NewModem Interface. Modem Interface Properties. 7
3. Modem Number, IMEI ( ).
4. DHCP index. DHCP index , DHCP.
5. PIN, SIM , (Phone Number), .
6. (Access Point Name, Username, Password, Service Name, .
7. OK. . . 3G StoneGate.
, , Interfaces. , IP . IPv4 .
? . ( 49).
-
1. Options. Interface Options.49
2. , (Primary) Management Server.
3. ( , ) (Backup) Management Server, , .
4. Node-initiated contact to Management Server, IP NAT.
1
2
-
50
5. , Identity for Authentication Requests. ; .
.
6. OK.7. OK, Firewall Properties. 7
(. ).
8. No , .
POL Management Server POS . Management Center, management-bound licenses , .. . POS , . management-bound
1. Configuration Administration. Administration Configuration.
? , POL Management Server (
IP ), ( 50).
. . ( 71).
8
-
2. Licenses Firewall. .51
3. , Dynamic IP , Bind. Select License Binding.
4. .5. Select. . , Unbind. ( ), . . , . , Retained.
?
. . ( 71).
-
52 7
-
8
53
. Management Center StoneGate. . Management Client, , Management Client.
: ( 54) ( 54) ( 56) ( 56) VLAN ( 58) IP ( 59) ( 67)
-
54
StoneGate Management Center (SMC), . Management Client. , ., , : 8
1. . . ( 54).
2. . . ( 56).
3. . . ( 56).
4. management-bound . . ( 67).
Management Center , , . : (Control Interface) Management Server /VPN.
(Heartbeat Interface) . , .
IP - Cluster Virtual IP Address (CVI). . , , . ( 155).
Management Center, Interface ID. Interface ID . , USB flash , Interface ID (eth0 Interface ID 0 ..).
-
Interface ID .
. Online Help Management Client Administrators Guide.55
(. ( 149)).
1. System Status. System Status.
2. Firewall Cluster. Firewall Cluster Properties.
3. Name.
1
2
-
56
4. Log Server, . 8
5. , Location (. NAT ( 25)).
. 16 . , .
1. Add Node Firewall Cluster Properties. Engine Node Properties.
2. ( ) Name.
3. OK. . .
: Normal .
2
-
Aggregated Link in High-Availability Mode . . , .
Aggregated Link in Load-Balancing Mode . .
57
1. Interfaces.
2. New Physical Interface. Properties .
3. Interface ID. .
4. Type Second Interface ID , Type Aggregated Link. IEEE 802.3ad. Aggregated Link in Load-Balancing Mode, . , (LACP) LACP .
Aggregated Link in High-Availability mode, .
2
-
58
5. Packet Dispatch CVI Mode MAC Address . MAC - . Packet Dispatch . Firewall/VPN Reference Guide .
CVI . 8
6. ( ) MTU, MTU, Ethernet-default 1500.
7. OK. , .
VLANVLAN . 4094 VLAN . VLAN
1. NewVLAN Interface. VLAN Interface Properties.
IP , , MAC . MAC . MAC .
? - VLAN,
VLAN. , IP
( 59)55).
1
-
2. VLAN ID (1-4094).59 IP
3. OK. VLAN ID . , VLAN .
VLAN . VLAN Interface-ID.VLAN-ID, 2.100 Interface ID 2 VLAN ID 100.
IP IP : IP - Cluster Virtual IP Address (CVI) , . .
IP - Node Dedicated IP Address (NDI) , (, Management ). IP , Node Dedicated IP Address.
IPv4 . CVI NDI VLAN . , IP . , NDI, . VLAN Cluster Virtual IP Address Node Dedicated IP Address. Cluster Virtual IP Address , , e . Node Dedicated IP Address , Cluster Virtual IP Address, Node Dedicated IP Address.
VLAN ID VLAN ID, VLAN .
? IPv4.
-
60
IPv4 IPv4
1. , Interfaces.
2 8
2. VLAN NewIPv4 Address. IP Address Properties.
3. ( ) Cluster VIrtual IP Address, , , .
4. IPv4 Address, Cluster Virtual IP Address.5. ( ) Node Dedicated IP Address,
IP , , VLAN IP .
6. IPv4 Address IP . .
6
7
-
7. Netmask , .
? NAT,
. ( 62).
, OK. , IP 61 IP
, VPN . Cluster Virtual IP Address
1. Dynamic, IP . Location.
2. Locations IP , Exceptions Location.
VLAN , . ( 64).
-
62
Node Dedicated IP Addresses1. Contact Address ,
IP . Exceptions. 8
2. Default, IP . Location.
3. ( ) Add, , Location .
4. , , OK. , CVI / NDI.
? , OK
( 64).
1
-
, Interfaces. , IP . IPv4.
1. Options. Interface Options.63 IP
2. , (Primary) Management Server.
3. ( , ) (Backup) Management Server, , .
1
4
2
-
64
4. , (Primary) .
( ) , , , . . , , 8
5. (, ) (Backup) . , .
6. , Identity for Authentication Requests. ; .
.
7. IP Default IP for Outgoing Connections, , NDI.
8. OK. Interfaces. ( Info):
A ,
C c H h O IP
, . , , .
. , , . Online Help.
, .
-
Cluster Virtual IP Address, ARP- , ARP- ( 66). , OK, Firewall Cluster Properties. Confirmation. No.65 IP
ARP- ARP- . , ARP- . , Cluster Virtual IP Address, ARP-, IP/MAC . ARP-
1. ARP Entries. ARP Entry Properties.
? POL
Management Server, ( 67).
. ( 71).
1
-
66
2. Add ARP Entry. . 8
3. Type Static.4. Interface ID , ARP-
.5. IP Address MAC Address IP MAC .6. , , OK. , OK, Firewall Cluster Properties. Confirmation. No.
POL Management Server POS . Management Center, management-bound , .. . POS , . , .
? POL
Management Server, .
. . ( 71).
2
-
management-bound 1. Configuration
Administration. Administration Configuration.167
2. LicensesFirewall. .
3. , Dynamic IP , Bind. Select License Binding.
4. Select. . , Unbind.
3
-
68
, management-bound . ( ), . . , . 8
, Retained.
?
. ( 71).
-
9
71
Management Center .
: ( 72) ( 72)
( 75)
-
72
, Management Client, . :1. Management Client. .
( 72). 9
2. . . ( 75).
, , Management Server. " " Management Server. : .
USB flash , .
USB flash , USB flash .
1. Configuration Firewall.
Firewall Configuration.
StoneGate, .
1
-
2. Firewalls. .73
3. , , ConfigurationSave Initial Configuration. Initial Configuration.
1. ( ) ,
Management Server SSL Fingerprint .2. One-Time Password
. , .
? ,
. ,
( 74).
2
3
-
74
3. , Save As USB flash .
4. Close.
1. ( ) SSH , .
2. . 9
3. Save As USB flash , .
4. Close. , SSH Management Client. SSH . , Management Server , . (UTC), . (UTC), Management Server, . , . , , " " Management Server.
2
3
-
StoneGate. .
? 75
StoneGate, Appliance Installation Guide. , , . . ( 77), Online Help Management Client, Administrators Guide PDF.
, . . Intel ( 99).
-
76 9
-
10
77
" " Management Server, a . , . Management Client.
: ( 78) ( 89) ( 96)
-
78
Management Client. : . IP , . , 10
. , , . , , IP , .
: Network elements: IP . Router elements: next-hop , (non-Multi-Link) ISP NetLink.
NetLink elements: next-hop , Multi-Link. Multi-Link, ( -).
Routing. , , , .
Aggregated Link in Load-Balancing Mode, , LACP (Link Aggregation Control Protocol) LACP .
-
1.
Routing. Routing .79
2. , . Tools Expand All, .
, . Any Network. . . Any Network, IP , . , IP , , Any Network. (Network) Routing , . , . .
1
-
80
? -
, , . Multi-Link ( 82).
, (Default Route) ( 80). 10
(Default Route) NetLink ,
NewRouter.
IP DHCP PPP, , Gateway (DHCP Assigned) Routing. , , ( 81). IP , Router Properties, (. )
1. Name.2. IPv4 Address / IPv6 Address -.
3. OK.
-
Router,
New Any Network.81
, Any Network. Any Network Routing . Any Network, Multi-Link (. Multi-Link ( 82)).
, StoneGate. , StoneGate, . , , , , .
. .
-
82
Multi-Link NetLink ,
, NewStatic NetLink NewDynamic NetLink. NetLink Properties. 10
NetLink1. Name.
NetLink, NetLink ( 85).
2. ( NetLink) Select Gateway.
3. Network Element.
2
3
-
4. Routers 83
New Router.
5. Name.6. IPv4 Address / IPv6 Address -
NetLink.7. OK. Router NetLink- .
8. Select.
1. Select Network.
1
-
84
2. Networks. . 10
3. (Network), . NetLink ( 85). , ,
New Network. Network Properties.
4. Name.5. IPv4 Address Netmask / IPv6 Address Prefix Length (0-128).6. ( ) Broadcast and Network Addresses Included,
.7. OK.
-
85
8. Select. NetLink
1. ( ) -.
Probing Settings, Input Speed, Output Speed Multi-Link, Online Help. .
2. OK.
1
-
86
NetLink , NetLink, . Multi-Link NetLink NewAny Network. 10
, Any Network.
, -. , StoneGate, . , , , .
, , Routing. , , Routing . Router, next-hop ., non-ISP, . , Multi-Link, . ,
, , Multi-Link. Multi-Link Management Client Online Help.
.
-
NetLink Router, , (. Multi-Link ( 82)).
1. , NewRouter. Router Properties.87
2. Name.3. IPv4 Address / IPv6 Address -,
.
4. OK.
1. , , New Network.
.2. Name.
1
1
-
88
3. IPv4 Address Netmask / IPv6 Address Prefix Length (0-128). 10
4. ( ) Broadcast and Network Addresses Included, .
5. OK. .
IP - IP . . StoneGate, . , IP (source) , , Routing. , . , . Host Antispoofing , . Management Client Online Help.
? IP
, IP (IP Address Count Limited Licenses).
, .
4
-
IP (IP Address Count Limited Licenses) IP , Internet IP . , . IP 89
Internet Routing Exclude from IP Counting.
IP .
, , . , ( ). StoneGate, . IPv4 Access rule, .
1. Configuration Firewall. Firewall Configuration.
Multi-Link IP , . . www.stonesoft.com/support.
1
-
90
2. Firewall Policies NewFirewall Policy. 10
3. Name.4. . Default,
.
5. OK. . ,
RuleAdd Rule.
, .
-
ping rule1. Network Elements Host.
o Host Properties.91
2. Name.3. IPv4 Address / IPv6 Address Host.
4. OK.
5. Host Source.
-
92
6. Destination Set to ANY.7. Service ,
. 10
8. ICMP Ping Service.
9. Action Allow. , RuleAdd Rule Before RuleAdd Rule After. , . , . , , , . , . ping rule , ping, Test , . , - ping Test , .
? IP ,
IPv4 NAT , IP , . NAT Rule Example Ping Rule ( 93).
NAT , . ( 94).
-
NAT Rule Example Ping Rule NAT
1. IPv4 NAT.
Multi-Link NAT. Online Help Administrators Guide.93
2. , NAT.
3. Hosts Host , , Source.
4. Destination Set to ANY.5. ICMP Ping Service Service.6. NAT Edit NAT.
Network Address Translation.
7. Static Translation Type.8. Address IP Test .
IP Source NAT, .
2
-
94
9. OK. NAT . , IP Test . . , , . , , . 10
1. File Save and Install, .
2. .3. Add.4. Validate Policy Before Upload,
.
5. OK.
-
, , , , . , , , . Online Help Administrators Guide PDF.95
. (. ).
1. System Status.
2. SMC Status. Info .
3. Commands, / . Online . Status, , , , .
2
3
-
96 10
-
: Intel - 9997
-
98
-
11
99 INTEL
StoneGate Intel Intel, AMD.
: ( 100) ( 100) ( 101) ( 102) Expert Mode ( 112)
-
100
StoneGate . StoneGate, Appliance Installation Guide.
, . Management Center /VPN 11 Intel
.
1. ,
Stonesoft. . ( 100).2. . . ( 101).3. Management Server. .
( 102).
Stonesoft.
1. Stonesoft Downloads: https://my.stonesoft.com/download.2. .iso .
, StoneGate , , . .
, Automatic Power Management (APM), Advanced Configuration and Power Interface (ACPI) BIOS. , .
. .
? .
( 101). . .
-
MD5 SHA-1. - Stonesoft, . Windows MD5 SHA-1 , , o. -, MD5 SHA-1,
:
101
1. - : https://my.stonesoft.com/download/.
2. , (), .3. - md5sum filename
sha1sum filename, filename - . $ md5sum sg_engine_1.0.0.1000.iso
869aecd7dc39321aa2e0cfaf7fafdb8f sg_engine_1.0.0.1000.iso
4. . .
, . , CD, .iso . .iso , .
, , . . Management Center. . ( 71) . , . , . .
-. , , Stonesoft .
StoneGate .
-
102
StoneGate :1. StoneGate
. .2. YES ENTER,
. 11 Intel
3. : Full Install Full Install in expert mode. 1 Full Install. 2 Full Install in expert mode. .
4. : , 1 . , 2 . Full Install in expert mode, . Expert Mode ( 112)
5. YES , . .
, , 3G ( ). Management Server.
USB flash StoneGate. USB flash . , , , .
? ,
. . USB flash .
, , . . . ( 103).
-
, ID : Physical Interface ID 0 eth0, Physical Interface ID 1 eth1, . (Modem Numbers) (Modem Interfaces) IMEI, . , , - ID.103
USB flash :1. , ,
, Serial . 2. USB flash .3. ,
. StoneGate , USB flash , ee Management Server. , , , (sg_autoconfig.log) USB flash .
connection refused, IP Management Server.
, Management Server .
StoneGate. , , ID , ID 3G , . sg-reconfigure.
, . Management Client. . Online Help Management Client Administrators Guide.
-
104
USB flash (. ( 71)), . 11 Intel
, Import, .
, Next . . ( 105).
:1. Floppy Disk USB Memory .
2. . , .
3. Next , .
-
Configure OS Settings. , .
1. Keyboard Layout . Select Keyboard Layout.105
2. . , .
, , US_English.
1. Local Timezone . Select Timezone.
2. , .
1
1
-
106
, . (UTC). Management Server.
1. .2. root. 11 Intel
, .
3. ( ) Enable SSH Daemon , SSH.
4. Next . Configure Network Interfaces.
, . . , autodetect, . Autodetect .
, SSH, .
-
, .
? ,
, . ( 107) .107
Sniff . Sniff , . ID
1. ID, ID , .
2. , , Media .
3. Mgmt , Management Server.
Next , . . Management Server ( 109).
1. Add .
, . ID ( 107).
(management interface) , Management Center. Management Center.
1
-
108
2. . 11 Intel
? , ,
ID .
-
Management Server Prepare for Management Contact. USB flash , . Management Server , , . 109
Management Server, . , , Management Server .
(. 127), .
? IP DHCP,
Obtain Node IP address from a DHCP server . Management Server ( 110).
IP PPPoE, Use PPPoE . PPPoE.
, Use Modem . . ( 110).
IP , Enter node IP address manually IP address Netmask (!), Gateway to management ( Management Server ).
-
110
PPPoE1. Settings ENTER. PPPoE Settings.
2. , . 11 Intel
3. OK .
1. Settings Enter. Modem Settings.2. ,
.
3. OK . Management Server , , Management Server.
, ( 71).
1. Contact Contact at Reboot .
1
-
2. IP Management Server . Management Server. , Management Center . , , 111
3. () Key fingerprint, . .
4. Finish . Management Server. . connection refused, , IP Management Server . , , .
Management Server , , . ( 141), .
- , sg-reconfigure.
Management Server , Management Server , . . Management Client Unknown No Policy Installed, Connected, , Management Server .
.
? ,
( 77).
-
112
Expert Mode , ( ( 100)). Expert Mode , Expert Mode . Linux, .
Engin
Engin
Swap 11 Intel
, StoneGate , 11.1. , , .
1. , , y,
.2. . .3.
:
cmd.exe, reboot, halt, . init. Management Client.
.
11.1
e root A bootable Primary Linux 200 MB StoneGate Firewall engine.
e root B Primary Linux 200 MB
StoneGate Firewall engine. .
Logical Linux swap
, .
Swap StoneGate Firewall engine.
-
Data Logical Linux 500 MB
.
Spoo
11.1 ()
113 Expert Mode
4. , .5. Write, . , yes.6. Quit ENTER.
, StoneGate.
1. , . yes, .2. ,
, : engine root A, 1. engine root B, 2. swap, 5. data, 6. spool, 7.
3. , . yes. .
4. , , .
5. . ( 102).
l Logical Linux
.
.
-
114 11 Intel
-
:
- 117115
-
116
-
12
117 StoneGate. , .
: ( 118) ( 119) ( 120) ( 123) ( 126)
-
118
- Management Server. Management Server . , Management Client. . 12
. , . , . , . . (, ..) . , , . , . . 32- 64- . , . , 32- 64- . StoneGate . , , , Management Center . Management Center , . Management Center. (Release Notes). , . , . , . , System Status. Info, General. Info , ViewInfo.
-
, (Release Notes) , . http://www.stonesoft.com/en/support/technical_support_and_documents.
:1.
119
, (. ( 119)). Online Help.
2. , , CD, .iso .
1. , (. ( 120)). Online Help.
2. . , , , (. ( 123) ( 126)).
Management Server , , , , MD5 SHA-1. Windows MD5 SHA-1, . :
1. www.stonesoft.com/download/. : .zip . , USB flash .
.iso .2. , (), .3. - md5sum filename
sha1sum filename, filename - . $ md5sum sg_engine_1.0.0.1000.iso
869aecd7dc39321aa2e0cfaf7fafdb8f sg_engine_1.0.0.1000.iso
-
120
4. .
ZIP
-. , Stonesoft . 12
1. Management Client FileImportImport Engine Upgrades.
2. , sg_engine_version_platform.zip, Import. . Management Client.
ZIP USB flash CD-ROM-a. ISO
, CD, .iso . .iso , .
StoneGate , , StoneGate . (, 1.2.3 1.2.4), . - (, 1.2.3 1.3.0), , . ,
? , .
. ( 123), ( 126), , .
, . .
-
. Stonesoft. Online Help. .
? ,
One Proof Code ( 121). , 121
One Proof Code POL POS . multi-upgrade, (. Multiple Proof Codes ( 121)).
1. Stonesoft License Center: www.stonesoft.com/license/.2. (proof-of-license proof-of-serial number)
Submit. .
3. Update. .4. .
Multiple Proof Codes POL, .
1. Configuration Administration. Administration Configuration.
, Multiple Proof Codes ( 121).
1
-
122
2. Licenses Firewall. .
3 12
3. , .4. Export License Info.5. ,
. .
6. ( ) Yes , multi-upgrade Stonesoft License Center -.
, Stonesoft License Center www.stonesoft.com/license/ multi-upgrade. . . License Center proof-of-license proof-of-serial number.
, Management Client. StoneGate
1. FileSystem Tools Install Licenses.
2. , .
-
, . , .
1. Configuration Administration. Administration Configuration.123
2. Licenses Firewall.
. , , . (ask) , Online Help.
? , Management Client,
. . ,
. ( 126).
1
2
, . . . 32- 64- .
-
124
1. System Status. System Status.
1 12
2. ( ) , CommandsGo Offline.
2
-
3. Upgrade Software.125
4. , , .
5. .
6. (Engine Upgrade version) , .
7. OK. , . , . . Abort, .
, .
, , , . , . , sg-toggle-active. boot, . . ( 133)
, . , , .
-
126
. , .
? , /
, , . 12
, Management Server. , . , serial . , , .
, StoneGate , .iso , Stonesoft Stonesoft.
1. , (root),
( Management Client).
2. .
, . . . 32- 64- .
? . ZIP ( 128).
, . , , .
-
3. reboot. , ,. .127
4. 1, ENTER, . ..
5. , ENTER, . , , . . ( 102).
6. , Management Client CommandsGo Online. sg-cluster online.
, , , . , . , sg-toggle-active. boot, . . ( 133) . , .
? , ,
, .
-
128
ZIP , .zip . , . . , . 12
1. , (root),
( Management Client).
2. USB flash CD .3. sg-reconfigure. .4. Upgrade ENTER.
5. , .
6. ( ) Calculate SHA1 -. - .zip .
7. OK. .8. ENTER.
. , , , . , . , sg-toggle-active. boot, . . ( 133)
-. Cancel, .
-
. , .
? , /
, , .129
-
130 12
-
131
:
- 133 - 141
- 149 - 155
-
132
-
13
133 StoneGate. Administrators Guide Online Help Management Client.
: StoneGate ( 134) ( 139)
-
134
StoneGate StoneGate (, SOHO ). , . Administrators Guide Online Help Management Client. 13
-
13.1 StoneGate
sg-bshowadd [-i F[src [dst [prot[srcp[dstp[dura] |del [-i F[src [dst [prot[srcp[dstp[dura] |idde
, (blacklist). (Access Rules).:135
lacklist [-v] [-f FILENAME] |[ILENAME] | IP_ADDRESS/MASK] IP_ADDRESS/MASK]o {tcp|udp|icmp|NUM}] ort PORT{-PORT}]ort PORT{-PORT}]tion NUM]
[ILENAME] | IP_ADDRESS/MASK] IP_ADDRESS/MASK]o {tcp|udp|icmp|NUM}] ort PORT{-PORT}]ort PORT{-PORT}]tion NUM]
l NODE_ID ID |
show : engine node ID | blacklist entry ID | (internal) | entry creation time | (internal) | address and port match | originally set duration | (internal) | (internal). -f, , (/data/blacklist/db_). -v .add . (. ) -i, .del . (. ) -i, .iddel NODE_ID ID . NODE_ID - , ID - ( show).flush ./ : . . ; .src IP_ADDRESS/MASK IP . IP .dst IP_ADDRESS/MASK IP . IP .proto {tcp|udp|icmp|NUM} . IP .srcport PORT[-PORT] TCP/UDP . .dstport PORT[-PORT] TCP/UDP . .
:sg-blacklist add src 192.168.0.2/32 proto tcp dstport 80 duration 60 sg-blacklist add -i myblacklist.txt sg-blacklist del dst 192.168.1.0/24 proto 47
-
136
sg-bootconfig[--primary-cons
PORT[--se[tty0[--fl[--in[--cr[--ap[--heappl
.--primary-console=tty0|ttyS PORT,SPEED .--secondary-console= [tty0|ttyS PORT,SPEED]
sg-c
sg-c[stat[onli[lock[offl[lock[stan[safe
sg-c
13.1 StoneGate () 13
ole=tty0|ttyS ,SPEED]condary-console= |ttyS PORT,SPEED]]avor=up|smp]itrd=yes|no]ashdump=yes|no|Y@X]pend=kernel options]lp]y
.--flavor=up|smp [-kdb] .--initrd=yes|no , Ramdisk .--crashdump=yes|no|Y@X , (Y). 24M. X 16M.--append=kernel options , .--help .apply .
lear-all
, StoneGate . . , .
lusterus [-c SECONDS]]ne]-online]ine]-offline]dby]-offline]
.status [-c SECONDS] . -c SECONDS, .online .lock-online , .offline .lock-offline , .standby .safe-offline , - .
ontact-mgmt
Management Server, (. sg-reconfigure). Management Server , .
- sg-ipsec -d[-u |-s
-
138
sg-reconfigure[--boot][--maybe-contact][--no-shutdown]
.--boot . , .--maybe-contact Management Server, .
sg-s
sg-s
--fo
sg-u
sg-v
13.1 StoneGate () 13
.
elftest [-d] [-h] .-d .-h .
tatus [-l] [-h]
.-l .-h .
rce [--debug]
. . , , . , . . , /var/run/stonegate (ls-l /var/run/stonegate. SHA1 SIZE , , . , - - sg_engine_[version.build]_i386.zip file.--debug .--force .
pgrade CD-ROM. , Management Client.
ersion .
-
sginfo[-f] [
, Stonesoft support, . , Stonesoft support .-f sgInfo , .
13.1 StoneGate () 139
Linux, StoneGate. Ctrl+c.
-d] [-s] [-p] [--] [--help]-d sgInfo.-s slapcat sgInfo.-p sgInfo ( ). sgInfo .--help .
13.2
dmesg . -h, .halt .ip
ping ICMP . , . ps .
reboot . , . , .
scp . , .
sftp FTP ( ). , .
ssh SSH ( ). , .
tcpdump . -h, .
-
140
top
traceroute . , .
vpninfo VPN. ,
13.2 () 13
.
-
14
141 StoneGate , StoneGate .
: Management Center ( 142) /VPN ( 144)
-
142
Management Center , Management Center (SMC) SMC . 14.1. 14.1 SMC
LDAP-
DNS-
LDAP 14
, SMC . . . SMC , .
Stonesoft RADIUS-
TCP:443
TCP:389
UDP:1812
Management Server
Management Server
Log Server
Web Portal Server
TCP:8902-8913
89168917
+ 3021 (
)
TCP:302089168917
TCP:89038907
TCP:8902-8913
UDP:161
TCP, UDP:162/5162514/5514
Win/Linux)
14.1 Management Center /
53/UDP, 53 TCPManagement Client, Management Server, Log Server
DNS. DNS (UDP)
- 389/TCP Management Server LDAP / Management Client.
LDAP (TCP)
-
Log Server162/UDP,5162/UDP
SNMPv1 . Windows 162, Linux 5162.
SNMP (UDP)
Log S
Log S
Log S
Log S
ManaServe
ManaServe
ManaServe
RADI
ManaServe
Stone
14.1 Management Center ()
/
143 Management Center
erver
514/TCP, 514/UDP, 5514/TCP, 5514/UDP
Syslog . 514 Windows, 5514 Linux.
Syslog (UDP)[Partial match]
erver 3020/TCP Log Server, Web Portal Server . SG Log
erver 8914-8918/TCPManagement Client . SG Data Browsing
erver 8916-8917/TCP Web Portal Server .SG Data Browsing (Web Portal Server)
gement r 3021/TCP
Log Server, Web Portal Server
/ .
SG Log Initial Contact
gement r
8902-8913/TCP
Management Client, Log Server, Web Portal Server
. SG Control
161/UDP Log Server SNMP IP . SNMP (UDP)
gement r
8903, 8907/TCP
Management Server
(pull) Management Server. SG Control
US- 1812/UDP
Management Server
RADIUS . RADIUS .
RADIUS (Authentication)
gement r
8902- 8913/TCP
Management Server
(push) Management Server. SG Control
soft 443/TCP
Management Server
, , update.stonesoft.com smc.stonesoft.com.
HTTPS
-
144
Syslog-
514/UDP, , 5514/UDP Log Server
syslog-. LogServerConfiguration.txt.
Syslog (UDP)[Partial match]
14.1 Management Center ()
/
14
/VPN , /VPN SMC . 14.2, /VPN 14.3 SOHO. .15 /VPN
.16 SOHO
Log Server
Management Server
TCP:
3020
TCP:636495049878888
none*TCP:302130238906*
* node-initiated contact.
TCP:300230033010
UDP:30003001
Multicast( )
TCP:89228924
UDP:123
TCP:8923
NTP Time Log Server
Management Server
SOHO
-
.17 /VPN
DNS-LDAP- RADIUS-
TACACS+
RPC-
TCP:389636
UDP:18121645
TCP, UDP:
TCP:49
Brigh
DHCP
DNS-145 /VPN
, /VPN StoneGate . . .
DHCP- SNMP-
VPN VPN
UDP:500
27464500
UDP:68
UDP:161UDP:
67UDP:162
TCP, UDP:
UDP:7777
UDP:5004500
UDP:500
27464500
14.2 Firewall/VPN
/
80/TCP . HTTP
tCloud- 2316/TCP
BrightCloud.
BrightCloud update
- 67/UDP
DHCP- , IP .
BOOTPS (UDP)
53/UDP, 53/TCP DNS. DNS (TCP)
-
146
67/UDP
DHCP . BOOTPS (UDP)
68/UDP DHCP- DHCP. BOOTPC (UDP)
LDAP
Log S
14.2 Firewall/VPN ()
/
14
161/UDP SNMP- SNMP . SNMP (UDP)
500/UDP VPN , VPN VPN , VPN . ISAKMP (UDP)
636/TCP Management Server . LDAPS (TCP)
2543/TCP (Telnet) .SG User Authentication
2746/UDP StoneGate VPN
UDP VPN .
SG UDP Encapsulation
3000-3001/UDP 3002-3003, 3010/TCP
/VPN
.
SG State Sync (Multicast), SG State Sync (Unicast), SG Data Sync
4500/UDP VPN , VPN VPN , NAT-traversal. NAT-T
4950/TCP Management Server .SG Remote Upgrade
4987/TCP Management Server Management Server. SG Commands
8888/TCP Management Server ; , , .
SG Monitoring
15000/TCPManagement Server,
. SG Blacklisting
- 389/TCP LDAP , StartTLS. LDAP (TCP)
erver 3020/TCP ; , , , .
SG Log
-
Management Server 3021/TCP
/ ( ).
SG Initial Contact
Management Serve
SG Reverse
ManaServe
RADI
RPC-
SNMTACA
VPN
14.2 Firewall/VPN ()
/
SOHO
ManaServe147 /VPN
r 3023/TCP (). Monitoring
gement r 8906/TCP
, node-initiated contact.
SG Dynamic Control
US-
1812, 1645/UDP
RADIUS.
RADIUS (Authentication), RADIUS (Old)
111/UDP, 111/TCP RPC .
SUNRPC (UDP), Sun RPC (TCP)
7777/UDP .
SG Server Pool Monitoring
P- 162/UDP
SNMP . SNMP Trap (UDP)
CS+ 49/TCP
TACACS+. TACACS (TCP)
500/UDP, 2746/UDP ( StoneGate), 4500 UDP.
VPN . 2746 4500 .
ISAKMP (UDP)
14.3 SOHO
/
500/UDP VPN IKE (Internet Key Exchange) IPsec. ISAKMP (UDP)
gement r 8922/TCP
SOHO
Management Server. SG SOHO Control
-
148
Management Server 8924/TCP
SOHO
/ ( ).
SG SOHO Initial Contact
NTP-
RADI
14.3 SOHO ()
/
14
123/UDP SOHO . NTP (UDP)
US- 1812/UDP
SOHO RADIUS.
RADIUS (Authentication)
-
15
149 , StoneGate , : .
: ( 150) ( 151) Management Center ( 152) ( 152)
-
150
. , . : 1 2. . 15.1
ISP
21
17
(.
CV.1 15
1
A
2
Management Server
(DMZ)
ISP
172.16.1.0/24
192.168.1.0/24
129.40.1.254/24
.1 .2
.22
2.20.1.254/24
2.17.1.0/24
10.42.1.0/24
.101
.102
Log Server
(VLAN 17) (VLAN 16)
21 .22)
.21 .21
.1
.22
(.21 .22)
.1
I
.1
.2 .2
.1
.1 .1
CVI .1CVI
.1
-
. 15.1
151
. CVI: CVI .NDI: 10.42.1.1 ( 1) 10.42.1.2 ( 2).
(DMZ)
Management Server Log Server .CVI: 192.168.10.1.NDI: 192.168.10.21 ( 1) and 192.168.10.22 ( 2).
- ISP A
. - ISP A.CVI: 212.20.1.254.NDI: 212.20.1.21 ( 1) and 212.20.1.22 ( 2).Next hop : 212.20.1.1.
- ISP
. - ISP .CVI: 129.40.1.254.NDI: 129.40.1.21 ( 1) and 129.40.1.22 ( 2).Next hop : 129.40.1.1.
VLAN (VLAN ID 16) VLAN .CVI: 172.16.1.1.NDI: 172.16.1.21 ( 1) and 172.16.1.22 ( 2).
VLAN (VLAN ID 17) VLAN .CVI: 172.17.1.1.NDI: 172.17.1.21 ( 1) and 172.17.1.22 ( 2).
-
152
Management Center Management Server Log Server , DMZ. 15.2 Management Center
Management 15
, . 15.2
Center
Management Server
Management Server StoneGate Log Server .Management Server (DMZ) IP 192.168.1.101.
Log Server
Log Server . (DMZ) IP 192.168.1.102.
172.16.2.1/24.254
212.20.2.0/24
.1
-
15.3
.IP : 212.20.2.254. Next hop : 212.20.2.1.153
. IP : 172.16.2.1.
-
154 15
-
16
155
StoneGate 16.1: ID , ID ( VLAN ID, VLAN)
CVI, CVI Interface ID ( ) NDI, NDI ( ). Interface ID, CVI/NDI.
, , Interface ID.
IP , CVI NDI. MAC/IGMP IP , MAC , CVI Multicast IGMP, multicast IP , multicast MAC .
, , NDI , , IP .
. Management Client.
-
16.1 StoneGate ID
* IP MAC / IGMP IP
____
____
____
_____
CVI U M I K A _____ ._____._____.__________ ._____._____._____
MAC: ___ : ___ : ___ : ___ : ___ : ___ IGMP IP: _____ ._____._____.____
NDI H h C c D _____ ._____._____.__________ ._____._____._____
MAC: ___ : ___ : ___ : ___ : ___ : ___
_
CVI U M I K A _____ ._____._____.__________ ._____._____._____
MAC: ___ : ___ : ___ : ___ : ___ : ___ IGMP IP: _____ ._____._____.____
NDI H h C c D _____ ._____._____.__________ ._____._____._____
MAC: ___ : ___ : ___ : ___ : ___ : ___
_
CVI U M I K A _____ ._____._____.__________ ._____._____._____
MAC: ___ : ___ : ___ : ___ : ___ : ___ IGMP IP: _____ ._____._____.____
NDI H h C c D _____ ._____._____.__________ ._____._____._____
MAC: ___ : ___ : ___ : ___ : ___ : ___
_
CVI U M I K A _____ ._____._____.__________ ._____._____._____
MAC: ___ : ___ : ___ : ___ : ___ : ___ IGMP IP: _____ ._____._____.____
NDI H h C c D _____ ._____._____.__________ ._____._____._____
MAC: ___ : ___ : ___ : ___ : ___ : ___
-
____
CVI U M I K A_____ ._____._____._____
_____ ._____._____._____
MAC: ___ : ___ : ___ : ___ : ___ : ___ IGMP IP: _____ ._____._____.____
_ :
____
_ :
_ :
*) N
16.1 StoneGate ID
* IP MAC / IGMP IP 157
_
NDI H h C c D _____ ._____._____.__________ ._____._____._____
MAC: ___ : ___ : ___ : ___ : _____
_
CVI U M I K A _____ ._____._____.__________ ._____._____._____
MAC: ___ : ___ : ___ : ___ : _____ IGMP IP: _____ ._____._____.____
NDI H h C c D _____ ._____._____.__________ ._____._____._____
MAC: ___ : ___ : ___ : ___ : _____
CVI: U=Unicast MAC, M=Multicast MAC, I=Multicast IGMP, K= , A=IP , DI: H= , h= , C= IP , c= IP , D=IP
-
16.1 StoneGate ID
* IP MAC / IGMP IP
_____
CVI U M I K A _____ ._____._____.__________ ._____._____._____
MAC: ___ : ___ : ___ : ___ : ___ : ___ IGMP IP: _____ ._____._____.____
NDI H h C c D _____ ._____._____.__________ ._____._____._____
MAC: ___ : ___ : ___ : ___ : ___ : ___
_____
CVI U M I K A _____ ._____._____.__________ ._____._____._____
MAC: ___ : ___ : ___ : ___ : ___ : ___ IGMP IP: _____ ._____._____.____
NDI H h C c D _____ ._____._____.__________ ._____._____._____
MAC: ___ : ___ : ___ : ___ : ___ : ___
_____
CVI U M I K A _____ ._____._____.__________ ._____._____._____
MAC: ___ : ___ : ___ : ___ : ___ : ___ IGMP IP: _____ ._____._____.____
NDI H h C c D _____ ._____._____.__________ ._____._____._____
MAC: ___ : ___ : ___ : ___ : ___ : ___
_____
CVI U M I K A _____ ._____._____.__________ ._____._____._____
MAC: ___ : ___ : ___ : ___ : ___ : ___ IGMP IP: _____ ._____._____.____
NDI H h C c D _____ ._____._____.__________ ._____._____._____
MAC: ___ : ___ : ___ : ___ : ___ : ___
_____
CVI U M I K A _____ ._____._____.__________ ._____._____._____
MAC: ___ : ___ : ___ : ___ : ___ : ___ IGMP IP: _____ ._____._____.____
-
159
-
160 16
StoneGate :
IP
NAT Locations SMC Server
VLAN ADSL IP , VLAN, ADSL IPv4 VLAN IPv6 IP
VLAN IP IPv4 ARP-
(Default Route) NetLink Multi-Link IP (IP Address Count Limited Licenses) NAT Rule Example Ping Rule
Intel
USB flash Management Server Management Server
Expert Mode
One Proof Code Multiple Proof Codes
ZIP
/VPN
Management Center