6312| 92
|
[安全Sec] 中国移动ASA防火墙异构整体实施方案 思科ASA防火墙项目实战 |
中国移动ASA防火墙异构整体实施方案
节选:一、文档前言 ............................................................................................................................................... 4 1.1 文档目的 .................................................................................................................................................................. 4 1.2 文档内容 .................................................................................................................................................................. 4 1.3 目标读者 .................................................................................................................................................................. 4 1.4 实施原则 .................................................................................................................................................................. 4 1.5 实施进度计划 .......................................................................................................................................................... 5 二、准备工作 ............................................................................................................................................... 6 2.1 设备上架 .................................................................................................................................................................. 6 2.2 设备加电测试 .......................................................................................................................................................... 6 三、网络拓扑 ............................................................................................................................................... 7 3.1 总体网络拓扑 .......................................................................................................................................................... 7 3.1.1 总体网络拓扑图 ......................................................................................................................................... 7 3.1.2 总体网络拓扑描述 ..................................................................................................................................... 7 3.2 异构区域拓扑 .......................................................................................................................................................... 8 3.2.1 区域网络拓扑图 ......................................................................................................................................... 8 3.2.2 区域网络拓扑描述 ..................................................................................................................................... 8 四、方案设计 ............................................................................................................................................... 9 4.1 总体原则 .................................................................................................................................................................. 9 4.2 设备命名规范 .......................................................................................................................................................... 9 4.3 链路标签及描述规范 .............................................................................................................................................. 9 4.4 IP 地址规范和划分 ............................................................................................................................................... 10 4.5 路由设计 ................................................................................................................................................................ 10 4.6 风险评估 ................................................................................................................................................................ 10 4.7 网络拓扑设计 ........................................................................................................................................................ 11 4.7.1 第一阶段异构网络拓扑 ............................................................................................................................ 11 4.7.2 第一阶段异构隐患 ................................................................................................................................... 12 4.7.3 第二阶段异构网络拓扑 ............................................................................................................................ 13 五、项目实施步骤 ..................................................................................................................................... 14 5.1 备份设备配置 ........................................................................................................................................................ 14 5.2 设备配置 ................................................................................................................................................................ 14 5.2.1 ASA 5520 配置 .......................................................................................................................................... 14 5.2.2 4506 交换机配置 ...................................................................................................................................... 15 5.2.3 SSG550 配置 .............................................................................................................................................. 15 5.3 物理线缆连接 ........................................................................................................................................................ 15 5.4 策略预配置 ............................................................................................................................................................ 15 5.5 通信验证测试 ........................................................................................................................................................ 15 5.6 静态路由配置 ........................................................................................................................................................ 16 5.6.1 4506 静态路由配置 .................................................................................................................................. 16 5.6.2 ASA5520 静态路由配置 ............................................................................................................................. 16 5.6.3 SSG550 静态路由配置 ............................................................................................................................... 17 5.7 通信验证测试 ........................................................................................................................................................ 17 5.8 AAA 配置 ................................................................................................................................................................. 18 5.9 SSH 和ASDM 配置 ................................................................................................................................................... 19 5.10 Logging 配置 ....................................................................................................................................................... 20 5.11 Failover 配置 ..................................................................................................................................................... 20 5.11.1 Primary 端配置 ...................................................................................................................................... 20 5.11.2 Secondary 端配置 .................................................................................................................................. 20 5.11.3 Failover 同步 ........................................................................................................................................ 20 5.11.4 检查Failover 状态 ............................................................................................................................... 20 5.12 访问策略配置 ...................................................................................................................................................... 21 5.12.1 Untrust 至Trust 策略 ........................................................................................................................... 21 5.12.2 Trust 至Untust 策略 ............................................................................................................................. 23 5.13 业务验证测试 ...................................................................................................................................................... 27 六、应急方案 ............................................................................................................................................. 27 6.1 应急方案说明 ........................................................................................................................................................ 27 6.2 拓扑设计 ................................................................................................................................................................ 28 6.3 实施步骤 ................................................................................................................................................................ 28 6.3.1 防火墙配置 ............................................................................................................................................... 28 6.3.2 SSG550 配置 .............................................................................................................................................. 29 6.3.3 4506 交换机配置 ...................................................................................................................................... 30 6.3.5 通信验证测试 ........................................................................................................................................... 31 6.3.5 访问策略配置 ........................................................................................................................................... 31 6.3.6 业务验证测试 ........................................................................................................................................... 31 七、回退计划 ............................................................................................................................................. 31
购买主题
已有 8 人购买
本主题需向作者支付 4 金币 才能浏览
| |
发表于 2014-3-18 12:17:32
|
显示全部楼层
| ||
发表于 2014-3-30 01:15:43
|
显示全部楼层
| ||
发表于 2014-9-20 13:03:39
|
显示全部楼层
| ||
发表于 2014-9-28 08:20:42
|
显示全部楼层
| ||
发表于 2014-11-7 16:35:37
|
显示全部楼层
| ||
发表于 2014-11-29 15:36:55
|
显示全部楼层
| ||
发表于 2015-1-28 18:26:07
|
显示全部楼层
| ||