fortigate防火墻管理系統(tǒng)應用-文庫吧資料
2024-10-07 21:23本頁面
【正文】 免遭受攻擊 ? 可以讓企業(yè)內(nèi)部使用更多的主機 NAT ( Network Address Translation) 轉(zhuǎn)址運作原理 ? 防火牆 Policy (啓動 NAT). ? 將內(nèi)部來源 IP轉(zhuǎn)址成 FG外部網(wǎng)路介面 IP, Fortigate會記錄 NAT 轉(zhuǎn)址表 . ? 將內(nèi)部來源 IP轉(zhuǎn)址成 FG所定義 IP pool中的 IP, Fortigate會記錄 NAT轉(zhuǎn)址表 . ? RFC1918: Indicates Private IP Networks. Inter .5 .5 HttpServer .1 SrcIP DstIP Prot SrcPort DstPort Data 6 12345 80 Get SrcIP DstIP Prot SrcPort DstPort Data 6 54321 80 Get NAT Route 路 由運作原理 Inter .5 .5 HttpServer .1 SrcIP DstIP Prot SrcPort DstPort Data 6 12345 80 Get SrcIP DstIP Prot SrcPort DstPort Data 6 12345 80 Get Route ? 防火牆 policy (不啓動 NAT). ? FG只檢查路由表 ,根據(jù)路由表將封包送往所指定的位址 ,而不變動來源 IP或來源埠 Transparent 通透模式運作原理 ? 防火牆 policy ? 沒有 NAT或路由 ,FG單純地檢查經(jīng)過的封包 Inter .5 .5 HttpServer .1 SrcIP DstIP Prot SrcPort DstPort Data 6 12345 80 Get SrcIP DstIP Prot SrcPort DstPort Data 6 12345 80 Get Trans Authentication ? A User object is a instance of an authentication method ? A User Group object is a container for User objects ? Identifies group members ? Protection Profile and Type provides authorization attributes for members ? FortiGate units control access to resources based on group membership ? The bination of User Group and Firewall Policy defines the authorization for a particular user ? Firewall Policy: VPN (SSL/IPSec/PPTP/L2TP), FWUA (firewall user authentication) Authentication – User/Server Types ? Local password file ? Username and password prompt ? RADIUS ? Username and password prompt ? LDAP / AD ? Username and password prompt ? FSAE / NTLM (AD) ? Single Sign On based on earlier authentication event ? PKI ? Certificate ba
教學課件相關(guān)推薦
鄂ICP備17016276號-1