Yintoni i-Bypass?
Isixhobo soKhuseleko lweNethiwekhi sisetyenziswa rhoqo phakathi kwenethiwekhi ezimbini okanye ngaphezulu, njengaphakathi kwenethiwekhi yangaphakathi nenethiwekhi yangaphandle. Isixhobo soKhuseleko lweNethiwekhi ngokusebenzisa uhlalutyo lwaso lweepakethi zenethiwekhi, ukufumanisa ukuba kukho umngcipheko na, emva kokucutshungulwa ngokwemigaqo ethile yokuhambisa, ukuhambisa ipakethi ukuba iphume, kwaye ukuba isixhobo sokhuseleko lwenethiwekhi asisebenzi kakuhle, Umzekelo, emva kokusilela kombane okanye ukuphahlazeka, amacandelo enethiwekhi aqhagamshelwe kwisixhobo ayaqhagamshelwa kwenye. Kwimeko enjalo, ukuba inethiwekhi nganye kufuneka iqhagamshelwe kwenye, kufuneka kuvele i-Bypass.
Umsebenzi we-Bypass, njengoko igama lisitsho, uvumela iinethiwekhi ezimbini ukuba ziqhagamshelane ngokwasemzimbeni ngaphandle kokudlula kwinkqubo yesixhobo sokhuseleko lwenethiwekhi kwimeko ethile yokubangela (ukusilela kombane okanye ukuphahlazeka). Ke ngoko, xa isixhobo sokhuseleko lwenethiwekhi singaphumeleli, inethiwekhi eqhagamshelwe kwisixhobo se-Bypass inokunxibelelana. Kakade ke, isixhobo senethiwekhi asicubunguli iipakethi kwinethiwekhi.
Indlela yokwahlulahlula iMowudi yesicelo se-Bypass?
I-Bypass yahlulwe kwiindlela zokulawula okanye ze-trigger, ezizezi zilandelayo
1. Iqaliswa lubonelelo lwamandla. Kule meko, umsebenzi we-Bypass uvula xa isixhobo sivuliwe. Ukuba isixhobo sivuliwe, umsebenzi we-Bypass uya kucinywa ngoko nangoko.
2. Ilawulwa yi-GPIO. Emva kokungena kwi-OS, ungasebenzisa i-GPIO ukusebenzisa amazibuko athile ukulawula iswitshi ye-Bypass.
3. Ulawulo yiWatchdog. Olu lolwandiso lwendlela yesi-2. Ungasebenzisa iWatchdog ukulawula ukuvula kunye nokukhubaza inkqubo yeGPIO Bypass ukulawula imeko yeBypass. Ngale ndlela, ukuba iqonga liyawa, iBypass inokuvulwa yiWatchdog.
Kwiinkqubo ezisebenzayo, ezi meko zintathu zihlala zikhona ngaxeshanye, ingakumbi iindlela ezimbini 1 kunye no-2. Indlela eqhelekileyo yesicelo yile: xa isixhobo sivuliwe, i-Bypass iyasebenza. Emva kokuba isixhobo sivuliwe, i-Bypass iyasebenza yi-BIOS. Emva kokuba i-BIOS ithathe ulawulo lwesixhobo, i-Bypass isasebenza. Cima i-Bypass ukuze usetyenziso lusebenze. Ngexesha lonke lenkqubo yokuqalisa, phantse akukho kuqhawuka kwenethiwekhi.
Yintoni iMigaqo yokuphunyezwa kwe-Bypass?
1. Inqanaba lehardware
Kwinqanaba lehardware, iirelay zisetyenziswa kakhulu ukufezekisa iBypass. Ezi relay ziqhagamshelwe kwiintambo zesignali zezibuko ezimbini zenethiwekhi yeBypass. Umfanekiso olandelayo ubonisa indlela yokusebenza yerelay kusetyenziswa intambo yesignali enye.
Umzekelo, thabatha isixhobo sokuqalisa umbane. Kwimeko yokusilela kombane, iswitshi kwi-relay iya kutsiba iye kwimo ye-1, oko kukuthi, i-Rx kwi-interface ye-RJ45 ye-LAN1 iya kuqhagamshela ngqo kwi-RJ45 Tx ye-LAN2, kwaye xa isixhobo sivuliwe, iswitshi iya kuqhagamshela kwi-2. Ngale ndlela, ukuba unxibelelwano lwenethiwekhi phakathi kwe-LAN1 ne-LAN2 luyimfuneko, kufuneka wenze oko ngesicelo esikwisixhobo.
2. Inqanaba leSoftware
Kwindlela yokwahlulahlula i-Bypass, i-GPIO kunye ne-Watchdog zikhankanywa ukuba zilawula kwaye ziqalise i-Bypass. Enyanisweni, zombini ezi ndlela zimbini zisebenza i-GPIO, kwaye i-GPIO ilawula i-relay kwi-hardware ukuze yenze ukutsiba okufanelekileyo. Ngokukodwa, ukuba i-GPIO ehambelanayo imiselwe kwinqanaba eliphezulu, i-relay iya kutsiba kwindawo yoku-1 ngokuhambelanayo, ngelixa ukuba indebe ye-GPIO imiselwe kwinqanaba eliphantsi, i-relay iya kutsiba kwindawo yesi-2 ngokuhambelanayo.
Kwi-Watchdog Bypass, yongezwa i-Watchdog control Bypass ngokusekelwe kulawulo lwe-GPIO olungentla. Emva kokuba i-watchdog iqalile ukusebenza, setha isenzo sokudlula kwi-BIOS. Inkqubo ivuselela umsebenzi we-watchdog. Emva kokuba i-watchdog iqalile ukusebenza, i-network port bypass ehambelanayo iyavulwa kwaye isixhobo singena kwimeko ye-bypass. Enyanisweni, i-Bypass ikwalawulwa yi-GPIO, kodwa kule meko, ukubhalwa kwamanqanaba aphantsi kwi-GPIO kwenziwa yi-Watchdog, kwaye akukho nkqubo yongezelelweyo ifunekayo ukubhala i-GPIO.
Umsebenzi we-hardware Bypass ngumsebenzi onyanzelekileyo weemveliso zokhuseleko lwenethiwekhi. Xa isixhobo sisebenza okanye siphukile, amazibuko angaphakathi nangaphandle aqhagamshelwe ngokwasemzimbeni ukwenza intambo yenethiwekhi. Ngale ndlela, ithrafikhi yedatha inokudlula ngqo kwisixhobo ngaphandle kokuchaphazeleka yimeko yangoku yesixhobo.
Isicelo sokuFumaneka okuPhezulu (HA):
I-Mylinking™ ibonelela ngezisombululo ezibini ezifumaneka kakhulu (HA), i-Active/Standby kunye ne-Active/Active. Ukufakwa kwe-Active Standby (okanye i-active/passive) kwizixhobo ezincedisayo ukubonelela nge-failover ukusuka kwizixhobo eziphambili ukuya kwi-backup. Kwaye i-Active/Active ithunyelwe kwiikhonkco ezingafunekiyo ukubonelela nge-failover xa nasiphi na isixhobo esisebenzayo singaphumeleli.
I-Mylinking™ Bypass TAP ixhasa izixhobo ezibini ezingafunekiyo ezikwi-inline, ezinokusetyenziswa kwisisombululo se-Active/Standby. Esinye sisebenza njengesixhobo esiphambili okanye "esisebenzayo". Isixhobo se-Standby okanye se-"Passive" sisafumana ithrafikhi yexesha langempela ngothotho lwe-Bypass kodwa asithathwa njengesixhobo esikwi-inline. Oku kubonelela ngokungafuneki "kwe-Hot Standby". Ukuba isixhobo esisebenzayo siyasilela kwaye i-Bypass TAP iyeke ukufumana ukubetha kwentliziyo, isixhobo esikwi-standby sithatha indawo ngokuzenzekelayo njengesixhobo esiphambili kwaye singene kwi-intanethi ngoko nangoko.
Ziziphi iingenelo onokuzifumana ngokusekelwe kwi-Bypass yethu?
1-Yabela ithrafikhi ngaphambi nasemva kwesixhobo esisemgceni (njenge-WAF, i-NGFW, okanye i-IPS) kwisixhobo esingaphandle kwebhendi
2-Ukulawula izixhobo ezininzi ezikwi-intanethi ngaxeshanye kwenza kube lula ukugcinwa kwe-security stack kwaye kunciphisa ubunzima benethiwekhi
3-Ibonelela ngokucoca, ukuhlanganisa, kunye nokulinganisela umthwalo kwiikhonkco ezikwi-intanethi
4-Nciphisa umngcipheko wexesha lokuphumla elingacwangciswanga
5-Ukungaphumeleli, ukufumaneka okuphezulu [HA]
Ixesha lokuthumela: Disemba-23-2021
