Scribd Logo
Upload

Welcome to Scribd!

  • Microsoft Forefront TMG - Part 2 - Secure NAT - Proxy - Firewall Client

    Uploaded by

    ductai07
    5 views16 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    5 views16 pages

    Microsoft Forefront TMG - Part 2 - Secure NAT - Proxy - Firewall Client

    Uploaded by

    ductai07

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 16

    Chuyn trang dnh cho k thut vin tin hc

    CHIA S - KINH NGHIM - HC TP - TH THUT


    Microsoft Forefront TMG - Part 2 - Secure NAT - Proxy - Firewall Client
    bi trc chng ta hon tt vic ci t Forefront TMG trong bi ny chng ta s tm hiu v cc giao thc truyn ti m
    Forefront TMG tng tc cc my trong Internal Network
    cho n gin ti s dng m hnh 2 my v mng ti ln Domain l gccom.net trong :
    - PC01 l my Windows Server 2008 s ci t Forefront TMG Join vo Domain
    - PC02 va l my DC Server 2008 va ng vai tr l my Client Test
    Cu hnh IP cc my nh sau:
    My c tnh PC01 PC02
    Tn ftmg.gccom.net server.gccom.net
    Card Lan
    IP Address 192.168.1.2

    Subnet Mask 255.255.255.0

    Default
    gateway
    192.168.1.1

    Preferred DNS

    Card Cross
    IP Address 172.16.2.1 172.16.2.2
    Subnet Mask 255.255.255.0 255.255.255.0
    Default
    gateway

    172.16.2.1
    Preferred DNS
    172.16.2.2 172.16.2.2
    Card Lan: ni gin tip 2 my PC01 & PC02 vi nhau thng qua
    Switch
    Card Cross: ni trc tip cc cp my PC01 vi PC02
    Sau khi ci t FTMG thnh cng bn vo my PC02 ping th IP my PC01 & IP mng ngoi s thy khng th Ping c
    Tuy nhin vi my FTMG th ping rt tt
    1 of 16
    Nh vy ngay sau qu trnh ci t FTMG s kha tt c mi cng ra vo ca mng chng ta (172.16.2.0/24)
    By gi ti s tin hnh cu hnh FTMG sao cho cc my trong mng c th thy c nhau. Vi Forefront TMG chng ta c 3
    gii php cc my trong mng 172.16.2.0/24 truy cp c Internet:
    Dng u im Nhc im
    Secure NAT
    Kim sot c tt c mi
    Port ra vo h thng
    Khng kim sot c User,
    trang web...
    Proxy
    Kim sot c mi User,
    trang web...
    Ch kim sot c cc Port
    443,80,21
    Firewall Client
    Kim sot c tt c mi
    Port ra vo h thng
    Kim sot c mi User,
    trang web...
    Ch h tr cc h iu hnh
    Windows
    1/ Secure NAT
    Bn vo Start -> Programs -> Microsoft Forefront TMG -> Forefront TMG Management -> Forefront TMG
    Trong mn hnh chnh ca chng trnh Forefront TMG nhp phi vo Firewall Policy chn New -> Access Rule
    2 of 16
    t tn cho Rule ny v d l Internal VS Local Host
    Trong Rule Action chn Allow
    Trong Protocol bn chn All outbound traffic v nhp Next
    3 of 16
    Ti ca s Malware Inspection bn nhp chn Enable malware inspection for this rule p t ch bo v khi virus,
    malware cho tng Rule
    y l mt tnh nng mi trong Forefront TMG
    Ti Access Rule Sources nhp Add
    Chn Internal, Local Host trong th mc Networks
    4 of 16
    Mn hnh sau khi hon tt
    Ti Access Rule Destinations Add Internal, Local Host vo
    Nhp Next
    5 of 16
    Trong Filrewall Policy ta thy xut hin Rule Internal VS Local Host mi c to nhp Apply thc thi Rule ny
    By gi ti my PC02 bt DNS ln bn s thy xut hin thm Host (A) ca FTMG
    Ra Command DOS ping th my FTMG thy rt tt
    6 of 16
    Tuy nhin trn thc t ngi ta khng to Rule ny m s dng Remote Management Computers c sn ca FTMG
    Ti Firewall Policy ti xa Rule Internal i v chn Tab Toolbox bn phi, chn tip Computer Sets -> Remote
    Management Computers
    Trong mn hnh Remote Management Computers Properties nhp Add:
    Computer: ch tc ng duy nht ln mt my no
    Address Range: ch tc ng ln mt dy IP no
    Subnet: tc ng ln nguyn c Subnet
    7 of 16
    Mc nh trong Remote Management Computers Properties, FTMG ch Add cc IP ca chnh mnh m thi v vy ta phi
    Add thm cc IP hoc Network mi
    Trong v d ny ti s tc ng ln nguyn Subnet l 172.16.2.0/24 nn ti y ti chn Subnet
    t tn cho Rule ny l Subnet 172.16.2.0/24 v nhp nguyn Subnet l 172.16.2.0/24 vo sau nhp OK
    Ti my PC02 ra Command DOS ping th my FTMG thy rt tt
    8 of 16
    Nh vy n y cc my trong mng LAN c th ping thy nhau nhng cc my ny khng th ra Internet c ngoi tr
    my Forefront TMG v Rule m ta va to ch cho php truy cp qua li vi nhau gia cc my trong Internal & Local Host
    m thi.
    V vy cc my trong Internal c th truy cp c Internet ti y bn phi Add thm mt Rule na tng t vi Rule
    Internal vi thuc tnh nh sau:
    Ti Access Rule Sources Add Internal, Local Host vo
    Ti Access Rule Destinations Add External vo
    9 of 16
    Th truy cp Internet t cc my Client thy rt tt
    2/ Proxy
    Vi cch cu hnh cho cc my truy cp c Internet thng qua Proxy ta phi cu hnh li IP ca mng chng ta
    Cu hnh IP cc my nh sau:
    My c tnh PC01 PC02
    Tn ftmg.gccom.net server.gccom.net
    Card Lan
    IP Address 192.168.1.2

    Subnet Mask 255.255.255.0

    Default
    gateway
    192.168.1.1

    Preferred DNS 203.162.4.191


    Card Cross
    IP Address 172.16.2.1 172.16.2.2
    Subnet Mask 255.255.255.0 255.255.255.0
    Default
    gateway

    Preferred DNS
    172.16.2.2
    Card Lan: ni gin tip 2 my PC01 & PC02 vi nhau thng qua
    Switch
    Card Cross: ni trc tip cc cp my PC01 vi PC02
    Ti my PC02 m Internet Explorer -> Tools -> Intrenet Options chn tip Tab Connections
    Nhp chn LAN Settings
    Nhp IP ca my PC01 vo Address v Port l 8080
    10 of 16
    Tr li IE truy cp th Internet thy rt tt
    3/ Firewall Client
    Vi Firewall Client bn s tn dng c tt c cc u im ca Secure NAT v Proxy nhng i hi chng ta phi ci t
    mt cng c Firewall Client cho tt c cc my tnh trong mng phn mm ny c km theo trong b ci t Forefront TMG.
    Cu hnh IP cc my nh sau:
    My c tnh PC01 PC02
    Tn FTMG.gccom.net server.gccom.net
    Card Lan
    IP Address 192.168.1.2

    Subnet Mask 255.255.255.0

    Default
    gateway
    192.168.1.1

    Preferred DNS

    Card Cross
    IP Address 172.16.2.1 172.16.2.2
    Subnet Mask 255.255.255.0 255.255.255.0
    Default
    gateway

    172.16.2.1
    Preferred DNS 172.16.2.2 172.16.2.2
    Card Lan: ni gin tip 2 my PC01 & PC02 vi nhau thng qua
    Switch
    Card Cross: ni trc tip cc cp my PC01 vi PC02
    Ti my PC02 chn th mc Client trong Folder ci t Forefront TMG nhp chn Setup.exe ci t
    11 of 16
    Ti ca s ISA Server Computer Selection bn chn Connect to this ISA Server computer v nhp IP ca my Forefront
    TMG
    Sau khi qu trnh ci t hon tt bn thy ti System tray ca cc my Client xut hin Icon ca Firewall Client
    Ti my PC02 m Internet Explorer -> Tools -> Intrenet Options chn tip Tab Connections
    Nhp chn LAN Settings s thy Windows t ng chn cc gi tr ny vo y m ta khng cn phi nhp th cng nh lm
    ti Proxy
    12 of 16
    Tr li IE truy cp th Internet thy rt tt
    n y chng ta hon tt qu trnh ci t FTMG v cu hnh cho cc my trong mng c th ra c Internet.
    V mi cng vic trn my FTMG coi nh xong, nu bn c nhu cu truy cp FTMG chnh sa g thm trn thc t bn phi
    hn ch n mc ti a vic ngi lm vic trc tip trn my ci Forefront TMG m dng mt my Client bt k ci cng c
    Forefront TMG Management qun l FTMG m thi.
    Ti my Client bn Logon vo User Administrator ca my v chy chng trnh Setup Forefront TMG ln chn Install
    Forefront TMG
    Trong mn hnh Setup Scenarios bn ch chn Install Forefront Threat Management Gateway Management only m thi
    chn tip Next ci t
    13 of 16
    Mn hnh Component Selection nhp Next
    Sau khi ci t hon tt , tip n chy Forefront TMG Management ti my Client ln nhp phi vo Microsoft Forefront
    Threat Management Gateway v chn Connect to
    14 of 16
    Nhp IP hoc tn Domain ca my Forefront TMG vo
    Gi nguyn gi tr mc nh trong mn hnh Forefront TMG Credentials
    15 of 16
    n y Forefront TMG Management s hin th cc cng c y nh trn my Forefront TMG cho bn qun l
    OK mnh va trnh by xong phn Secure NAT - Proxy - Firewall Client - Microsoft Forefront Threat Management Gateway trong
    70-557 ca MCSA.


    Cng ty TNHH u t pht trin tin hc GC Com
    Chuyn trang k thut my vi tnh cho k thut vin tin hc
    in thoi: (073) - 3.511.373 - 6.274.294
    Website: http://www.gccom.net
    16 of 16

    You might also like