Professional Documents
Culture Documents
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 2
LI CM N
gy nay chng ta c th ni rng cng ngh thng tin l mt thnh phn khng th
thiu trong s pht trin ca x hi bi nhng tnh nng v kh nng u vit m n
mang li tiu biu l s pht trin ca mng din rng to nn cuc cch mng mi
v cng ngh trong s pht trin ca x hi. Bn cnh mt tch cc lun l s xut hin ca
tiu cc, nhiu tin tc li dng s pht trin ca h thng mng m chng ph s pht trin
ca cc doanh nghip v chnh ph. Chnh v th nhiu bui chuyn , hi tho v mng bo
mt c trin khai nhm tm ra nhng gii php ti u bo v cho cc h thng mng
trn. Trong ti ny chng ti xin gii thiu mt gii php bo mt cho mng doanh nghip
da trn nhng kin thc hc v nhng kin thc tm hiu nng cao. Chng ti xin c
a ra nhng gii php bo mt da trn nn tng tng la mm ca Microsoft l Microsoft
Forefront Threat Managerment Gateway (TMG) 2010 cho cng ty C Phn Thng Mi Dch V
D.M.A Computer Technology.
hon thnh tt ti ny chng ti xin chn thnh cm n ban lnh o Trng Cao ng
Ngh CNTT Ispace cng tt c cc ging vin to iu kin thun li v nhit tnh ging dy
cho chng ti trong sut thi gian hc va qua chng ti c th hc tp tt v t c kt
qu nh ngy hm nay. Chng ti cng xin chn thnh gi li cm n n thy Nguyn Siu
ng tn tnh hng dn cho chng ti v ti v ng thi chng ti cng xin gi li cm
n n cc bn thnh vin mt s webiste v din n cung cp thm mt s thng tin
hu ch cho chng ti thc hin tt ti ny.
Do quy m ti, thi gian v kin thc cn hn ch nn khng trnh khi nhng sai st.
Nhm chng ti knh mong qu thy c v cc bn nhit tnh ng gp kin chng ti
cng c, b sung v hon thin thm kin thc cho mnh.
Trn Trng.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 3
LI NI U
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 4
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 5
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 6
MC LC
LI CM N ...................................................................................................................................... 3
LI NI U ..................................................................................................................................... 4
NHN XT CA DOANH NGHIP ......................................................................................................... 5
NHN XT CA GING VIN HNG DN ........................................................................................... 6
MC LC ........................................................................................................................................... 7
I.
2.
Lch s .......................................................................................................................... 15
2.2.
3.
4.
5.
II.
4.1.
4.2.
4.3.
5.2.
5.2.1.
5.2.2.
5.2.3.
5.2.4.
2.
3.
4.
4.2.
4.3.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 7
4.3.1.
4.3.2.
4.3.2.1.
4.3.2.2.
4.3.2.3.
4.3.2.4.
Single-NIC .............................................................................................................. 39
5.
YU CU H THNG ............................................................................................................. 40
5.1.
5.2.
Yu cu Phn mm ........................................................................................................ 41
5.3.
5.3.1.
5.3.2.
Xc thc .................................................................................................................... 43
5.4.
6.
7.
XC NH H S TRAFFIC .................................................................................................... 44
7.1.
Bn mng ................................................................................................................. 45
7.2.
Bn ng dng ........................................................................................................... 45
8.
9.
9.1.1.
9.1.2.
9.2.
9.3.
10.
10.1.
10.2.
10.3.
10.4.
10.5.
11.
Di tr TMG ........................................................................................................................ 60
12.
12.1.
12.2.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 8
12.3.
12.4.
12.5.
12.6.
12.7.
12.8.
12.9.
13.
13.1.
13.2.
Monitoring ................................................................................................................. 73
13.3.
13.4.
13.5.
E-Mail Policy............................................................................................................... 74
13.6.
14.
14.1.
14.2.
14.3.
14.4.
14.5.
14.6.
The Join Array and Disjoin Array Wizards (TMG 2010 only) ........................................... 82
14.7.
The Connect to Forefront Protection Manager 2010 Wizard (TMG 2010 only) ................. 83
14.8.
14.9.
14.10.
15.
15.1.
15.2.
15.3.
15.4.
15.5.
15.6.
16.
CN BNG TI .................................................................................................................. 93
16.1.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 9
16.2.
16.3.
16.4.
17.
17.1.
17.2.
18.
18.1.
18.2.
19.
19.1.
19.2.
19.2.1.
19.2.2.
19.2.3.
Storage.................................................................................................................... 106
19.2.4.
19.2.5.
19.3.
19.3.1.
19.3.2.
19.4.
20.
HTTP AND HTTPS INSPECTION TRONG NG DNG LC WEB PROXY ................................ 114
21.
21.1.
21.2.
21.3.
21.4.
21.5.
22.
22.1.
22.1.1.
22.1.2.
Protocols.................................................................................................................. 132
22.1.2.1.
22.1.2.2.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 10
22.1.2.3.
22.1.2.4.
22.1.3.
22.1.4.
23.
23.1.
23.2.
III.
1.
1.2.
1.3.
1.4.
1.5.
2.
2.2.
I.
II. Virtual Private Networking (VPN) (H tr ngi dung di ng v lm vic hiu qu, H tr kt
ni an ton gia cc site vi VPN thng ra Internet). ................................................................ 150
3.
IV.
III.
IV.
3.2.
3.3.
1.
2.
3.
3.2.
3.3.
3.4.
3.5.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 11
3.6.
3.7.
4.
5.
6.
7.
8.
9.
10.
11.
12.
V.
NH GI TI ............................................................................................................... 233
1.1.
1.1.1.
1.1.2.
1.2.
1.3.
1.3.1.
1.3.2.
1.3.3.
VI.
VII.
PH LC ............................................................................................................................. 241
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 12
I.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 13
Do , cc h thng mng doanh nghip trn ton cu u cp thit tm gii php bo mt,
ngn chn cc mi nguy hi t cc cuc tn cng t Internet. Song song c rt nhiu
cng ty bo mt trn th gii a ra hng lot cc gii php, sn phm v thit b h tr
cho vic an ninh h thng mng. Trong s , cng ty phn mm hng u th gii
Microsoft trnh lng Microsoft Forefront Threat Management Gateway (TMG) 2010, mt
th h mi ca phn mm tng la pht trin trn nn tng Microsoft Internet Security
Acceleration (ISA) 2006, tch hp cc tnh nng mi c kh nng cnh bo, ngn chn tn
cng v lc cc m c hi khi truy cp Internet. Hn th na, Microsoft Forefront TMG
2010 chnh l phin bn tch hp cc ng dng: Microsoft ISA Server 2006, Forefront Client
Security, Forefront Security for Exchange Server v Forefront Security for Sharepoint nn n
cung cp cc c im ni bt v bo mt nh:
Theo Microsoft gii thiu th Forefront TMG l mt bc tng la (Firewall) l chng trnh
chuyn v bo mt h thng mng. Mi thng tin ra vo h thng ca chng ta u phi
qua Forefront TMG kim duyt rt k lng. Microsoft Forefront TMG 2010 cho php thit
lp bo mt h thng mng LAN, cc ngi dng trong cng ty s dng Internet kinh
doanh m khng cn lo ngi v phm mm c hi v cc mi e da khc. N cung cp
nhiu lp bo v lin tc c cp nht, bao gm tt c cc tnh nng c tch hp vo
mt, (TMG) cho php bn d qun l mng, gim chi ph v phc tp ca vic bo mt
web. Hay ni cch khc khi dng Forefront TMG ln m hnh mng ca chng ta s c
chia ra lm 3 phn ring bit:
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 14
Trc kia, Microsoft a ra 2 phin bn software firewall chnh l ISA 2004, ISA 2006
nhng 2 phin bn firewall ny ch c h tr trn cc h iu hnh trc nh:
Windows Server 2000, Windows XP, Windows Server 2003 m khng c h tr trn cc
h iu hnh mi ca Microsoft nh: Windows 7, Windows Server 2008. V th ci t
mt tng la trn cc h iu hnh nh Windows 7 hay Windows Server 2008 chng ta s
phi s dng n mt software mi ca Microsoft l Microsoft forefront Threat
Management Gateway 2010.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 15
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 16
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 17
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 18
Enhanced Voice over IP - Cho php kt ni & s dng VoIP thng qua TMG.
ISP Link Redundancy - H tr Load Balancing & Failover cho nhiu ng truyn
internet.
Web Anti-Malware - Qut virus, phn mm c hi & cc mi e da khc khi
truy cp web.
URL Filtering - Cho php hoc cm truy cp cc trang web theo danh sch phn
loi ni dung sn c nh: ni dung khiu dm, ma ty, mua sm, chat...
HTTPS Inspection - Kim sot cc gi tin c m ha HTTPS phng chng
phn mm c hi & kim tra tnh hp l ca cc SSL Certificate
E-mail Protection Subscription Service - Tch hp vi Forefront Protection 2010
for Exchange Server & Exchange Edge Transport Server kim sot virus,
malware, spam e-mail trong h thng Mail Exchange
Network Inspection System (NIS) - Ngn chn cc cuc tn cng da vo l
hng bo mt
Network Access Protection (NAP) Integration - Tch hp vi NAP kim tra
tnh trng an ton ca cc client trc khi cho php client kt ni VPN
Security Socket Tunneling Protocol (SSTP) Integration - H tr VPN-SSTP
Windows Server 2008 with 64-bit support - H tr Windows Server 2008 &
Windows Server 2008 R2 64-bit
Bng I.4.2.1 So snh cc tnh nng trong Forefront TMG Standard v Enterprise
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 19
Bng I.4.2.2 So snh cc tnh nng gia ISA 2006 v Forefront TMG
Bng I.4.3.1 Yu cu ci t
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 20
5. CC M HNH FIREWALL
Forefront TMG s dng mt khi nim multi networking. nh ngha topo mng, u
tin chng ta cn to cc mng trong Forefront TMG. Sau khi tt c cc mng cn thit,
chng ta cn c to quan h cho cc mng ny vi nhau di dng cc network rule.
Forefront TMG h tr hai kiu network rule l:
Route y l kiu s thit lp mt kt ni mng hai chiu gia hai mng, kiu
thit lp ny s nh tuyn cc a ch IP gc gia hai mng.
NAT y l kiu thit lp kt ni mng theo mt hng duy nht gia hai mng,
kiu thit lp ny s che giu cc a ch IP trong cc on mng bng a ch IP
ca network adapter tng ng.
Sau khi to cc mng v cc network rule cho mng, bn phi to cc rule cho tng
la cho php hoc t chi traffic gia cc mng c kt ni.
5.1. Network template.
d dng cho vic cu hnh Forefront TMG, TMG cung cp cc mu c thit k sn
(Network Template) cho php to cc kch bn Firewall in hnh. Bn hon ton c
th thay i thit k mng sau ci t ban u. y tt c nhng g bn cn thc
hin l chy Getting Started Wizard trong giao din qun l TMG Management.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 21
Edge Firewall
3-Leg perimeter
Back firewall
Single network Adapter
trong mt DMZ l Web Server, DNS Server hoc WLAN network. Mt 3-Leg Perimeter
Firewall cng thng c gi l Poor Mans Firewall, n khng phi l mt DMZ ch
thc. Mt DMZ ch thc chnh l vng gia hai Firewall khc nhau.
5.2.3. Back Firewall
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 24
II.
* TMG MBE c pht hnh vi Windows EBS vo cui nm 2008. TMG 2010 c pht hnh vo cui nm 2009.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 25
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 26
3. CC TNH NNG MI
H tr Windows Server 2008, Windows Server 2008 R2 v Native 64-Bit
Bi v s gia tng s lng ngi s dng trong c cc mng ln nn cn thit phi c
cc thit b x l lu lng truy cp nhanh. ISA Server l mt "phn mm" tng la
da trn h iu hnh Windows. Mt hn ch c bit n ca ISA Server l n khng
th c ci t trn mt nn tng 64-bit. TMG khng c gii hn ny, bn phi ci t
chng trn h iu hnh 64-bit. Windows Server 2008 v Windows EBS cng h tr mi
trng 64-bit. Vi vic gii thiu h tr 64-bit, tng la TMG c th s dng hn 4
gigabyte (GB) b nh RAM.
H tr Web Antivirus v Anti-Malware
Tng la TMG c th pht hin v c lp ni dung c hi trong lung thng tin HTTP
trc khi n n n khch hng. Tnh nng ny cung cp thm lp bo v v tng
cng an ninh cho tt c cc host trn mng c bo v bi TMG.
Cc b lc HTTP Malware l mt b lc web chn lung d liu gia ngi dng v my
ch Web. Ni dung ca lung d liu ny c lu tr trong b nh hoc trn a, ty
thuc vo kch thc ca ni dung. MPEngine TMG (Microsoft Malware Protection
Engine) qut ni dung trc khi n c phn phi cho ngi dng.
hiu r hn qu trnh ny, hnh II.3.1 minh ha lm th no cc yu cu t ngi
dng ly t my ch Web, chn bi cc bc tng la TMG, thng qua MPEngine v
cui cng, tr li cho ngi dng sau khi x l.
3)
4)
5)
6)
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 28
Bng II.3.1 So snh chc nng trong TMG MBE v TMG 2010
URL Filtering
Cc tnh nng lc URL cho php bn thc thi cc chnh sch an ninh. S dng lc URL,
bn c th ngn chn truy cp ca ngi dng vo cc trang web c th gy ra mt
nguy c bo mt hoc b cm theo chnh sch duyt web ca cng ty.
L ngi qun tr, bn c th xc nh cc loi URL chng hn nh phn mm c hi.
Sau , bn c th s dng Web Access Wizard to cho php hoc t chi chnh
sch i vi cc loi ny. Bn cng c th ch ty chnh t chi thng bo cho cc trang
* SRS-kch hot mc nh ca IIS lng nghe trn cng TCP 8008 v khng phi trn TCP cng 80 cung cp mt b mt tn cng
thp hn.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 29
TMG s dng Network Intrusion System (NIS) cung cp chc nng IPS. TMG 2010
cng cung cp da trn ng k URL v lc ch k phn mm c hi.
ISP Sharing/Failover
TMG cng h tr kt ni dual ISP (Lin kt bn ngoi) c th hot ng theo mt trong
hai ch : chuyn i d phng ISP hoc ISP chia s. Trong ch chuyn i d
phng ISP, nu mt ISP kt ni b hng, TMG c th cung cp kh nng chu li bng
cch t ng chuyn sang kt ni ISP khc. iu ny gip TMG cung cp cn bng ti
nng ng gia cc nh cung cp dch v Internet vi d phng v kh nng chuyn
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 32
Bng II.3.2 so snh tnh nng gia ISA 2006 vi TMG MBE v TMG 2010
Vn l i khi khch hng sau mt edge firewall ch cho php HTTP v HTTPS
outbound traffic, nh th hin trong Hnh II.4.1.1. iu ny thng lm tht vng ngi
dng cui bi v khi i PPTP hoc L2TP/IPsec kt ni b t chi. V vy, thut ng truy
cp t bt c ni no thc s khng p dng khi ni v kt ni lp mng VPN.
Hnh II.4.1.1 cho thy rng cng ngh SSL VPN khng b cc vn kt ni vn c
trong cc kt ni lp mng VPN. Con s ny cho thy mt Edge Firewall ch cho php
HTTP v HTTPS mi i ra bn ngoi v hai pha sau tng la ny. Cc khch hng
bng cch s dng mt truyn thng VPN (chng hn nh PPTP) kt ni vi my ch
VPN b chn bi cc tng la, trong khi cc my khch SSL VPN l khng. iu ny
minh ha s linh hot ln hn cng ngh SSL VPN, cho php truy cp tng cng an
ninh m khng cn phi i ph vi cc vn kt ni c th c p t bi cc hn
ch. SSL VPN lm cho cc my trm khch hng t xa d dng kt ni vi cng thng
tin HTTPS v t kt ni vi cc ngun ti nguyn ni b (my ch, my trm) v nh
vy t mt s a im khc nhau m khng cn phi lo lng v cc vn kt ni
c ph bin gp phi trong qu kh.
Cng ngh SSL VPN l mt chun cho php truy cp t xa. Server 2008 cho php bn
cu hnh RRAS nh mt my ch SSL VPN bng cch s dng Secure Socket Tunneling
Protocol (SSTP) VPN mi.
4.2. Nhng im mi trong UAG
Trong khi IAG l mt gii php thit b, UAG m rng ny cung cp vi mt phn mm,
my ch trin khai ty chn ci t. UAG s cung cp cho bn hai la chn: ci t sn
phin bn ca UAG trn mt thit b phn cng OEM v mt tp tin ti v. Bn c th
trin khai UAG trong mt mi trng o, bng cch s dng Microsoft Hyper-V hay
SVVP (Server Virtualization Validation Program).
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 34
Cch tt nht hiu s khc bit gia IAG v UAG l thng qua mt so snh ngn gn
ca hai sn phm, nh minh ha trong bng di.
Cc tnh nng mi lm nn mt s khc bit ln khi so snh IAG vi UAG bao gm:
UAG Native 64-bit s c gi trong mt phin bn 64-bit.
Tch hp vi Network Access Protection (NAP) tch hp ny cung cp thm mt
lp bo v truy cp mng ni b ca cc thit b u cui khng c bo m.
Web tnh nng cn bng ti tnh nng ny cho php bn publish mt Farm ca
cc my ch Web v phn phi cc yu cu ng u gia cc my ch. y l
mt ci tin quan trng trong m bn khng cn phi mua cc thit b cn bng
ti ring bit t c nhim v ny.
4.3. Thit k mng bo v
4.3.1. Trin khai UAG
UAG c thit k cung cp sau y:
Truy cp vo cc ng dng ca bn t Internet
H tr c ch single sign-on (SSO)
Gia tng trust ca ngi s dng v my tnh ca ngi dng
Gia tng nhn thc v ng dng v kim sot tng cng hn hnh vi ng dng
Mt di rng cc nh cung cp dch v xc thc
SSL VPN truy cp t xa
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 35
UAG cho php cc mng phc v nhu cu ca ngi s dng in thoi di ng truy
cp ngun lc cng ty t cc a im c kt ni Internet, trong khi ng thi p ng
yu cu ca cng ty cn phi kim sot truy cp da trn mt nh ngha ca s tin cy
v an ninh cho ngi dng kt ni v my tnh.
UAG c thit k v th nghim hot ng nh cng vo Internet-Facing. t mt
tng la gia UAG v Internet c th gy ra vn khng th c gii quyt c
bng cch thay i cu hnh UAG. V UAG li dng cc chc nng tng la ca TMG.
UAG cng c th tn dng li th ca m hnh a mng TMG publish ng dng c
th c phn lp t cc mng khc. iu ny cho php bn tng tng th mc bo
mt ca bn bng cch thc hin mt m hnh an ninh mng nhiu lp.
4.3.2. Trin khai TMG?
TMG c thit k phc v trin khai yu cu bo mt c th bao gm:
Proxy v firewall cp ng dng chung
n gin ho vic truy cp vo dch v ng dng, chng hn nh SMTP, POP3,
v giao thc khc
nh gi s tin cy ca my tnh khch hng
c bo v truy cp Internet v mng ni b
SSTP, PPTP, v L2TP/IPsec kt ni VPN
Khng ging nh UAG, TMG c thit k phc v nhu cu ln hn i vi c bn
ngoi v ng dng truy cp ni b. Hnh II.4.3.2.1 th hin nhng tnh nng mi trong
TMG v UAG.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 36
Edge Firewall
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 37
4.3.2.2.
3-Leg perimeter
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 38
4.3.2.3.
Back Firewall
4.3.2.4.
Single-NIC
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 40
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 41
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 43
7.1. Bn mng
iu u tin bn phi lm l t c mt s hiu bit tt hn v c s h tng mng s
c phc v bi TMG. V d: cng ty ca bn c th l mt t chc phn phi, vi a s
ca bn vn phng ti Houston v cc vn phng v tinh London, Eilat, v Buenos Aires.
Bn cn phi c mt s hiu bit r rng ca cc mng ny c kt ni, cng nh bt k
tuyn ng sao lu hoc chia nh tuyn c s h tng. c bit, TMG c th khng x l
c phn chia nh tuyn. Hnh II.7.1.1 l mt v d ca mt bn mng n gin.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 46
1. Dyn = 1025-65535 trn win server 2k3 tr v trc; 49152-65536 Dnh cho Vista tr
ln
2. Nego = cng kt ni c thit lp gia Client/Server
3. Ch cn thit nu server cu hnh dch v LDAP-SSL
4. RFC ch nh NTP client s dng ngun UDP:123, nhng Windows thng s dng
cng ng
5. Kt ni th 2 transport/protocols c tha thun trong knh i khin theo ng
dng ca Client Winsock
6. FWM dc dng bi OEM cung cp s qun l ca ISA server ko cn thng qua
MMC
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 47
7. Vic qun l t xa ca ISA Server s dng ISA Managerment MMC. Lin quan n
vic dng cu trc RPC gim st trng thi dch v ISA
8. Vic ci t ISA server to ra mt kt ni SMB ti CSS chng thc thng qua la
chn ca user
Sau khi c s h tng mng v cc bn ng dng c nh ngha, bn cn phi xc
nh giao thc c s dng trn mng ca bn. Hai giao thc phc v tp kh khn
lp bn chnh xc l RPC v DCOM. Thng thng, c hai u bt u vi mt kt ni
n my ch RPC Endpoint Mapper ti cng TCP 135. Tip theo l kt ni n my ch ca
ng dng lng nghe cng. S phc tp ny lm cho RPC v DCOM kh theo di v kh
khn nh nhau vt qua trn mt bc tng la. TMG bao gm mt b lc ng dng
m hiu Giao thc RPC, nhng v vic k kt gi v m ha c s dng trong hu ht
cc DCOM truyn thng, TMG khng th h tr DCOM qua n. Phc tp hn, cc giao thc
m phn h tr ng dng cc b lc TMG bao gm FTP, TFTP, SIP, Media Streaming
(RTSP, MMS), v PPTP. Hnh II.7.2.4 minh ha ng dng cc b lc c cung cp vi
TMG.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 48
my
giao
hnh
hnh
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 51
Mc d y l kch bn ph bin nht v khuyn ngh chung cho nhm lm vic, trong
mt s kch bn khc truy cp n DNS ni b khng cho php bo mt chnh sch ca
cng ty. Trong nhng tnh hung ny, bn c th thc hin mt s phng php thay
th:
S dng mt my ch DNS: Cho php phn gii tn y cho bn trong v bn ngoi
ti nguyn bng cch thm mt my ch DNS c th s dng Forwarders c iu kin.
Mt forwarders iu kin l mt my ch DNS c th c s dng chuyn tip cc
truy vn DNS theo tn min DNS nhn c truy vn. V d, mt my ch DNS c th
c cu hnh chuyn tip tt c cc truy vn nhn c cho cc tn kt thc bng
contoso.com n a ch IP ca mt my ch DNS c th (v d, IP ca DNS ni b).
Ci t dch v DNS trn TMG: Trong thit lp ny, TMG c ci t dch v DNS v c
th c cu hnh s dng mt Forwarders c iu kin cho Internal Domain v
Forwarders cho External Domain. Mt la chn khc l to ra mt khu vc th 2 cho
Internal Domain v s dng Forwarders (hoc Root Hints) cho External Domains. Mc
d y l mt thay th kh thi, n khng thng c s dng bi v vic tch nhim
v v chi ph hnh chnh tng ln. V nhiu l do, bn khng mun thm dch v khc
vo firewall ca bn. L do chnh l by gi bn s c hai thnh phn c th khng c
cng mt ca s bo tr. V d, nu bn c k hoch cp nht dch v DNS ca bn
vi cc bn cp nht bo mt mi nht, bn c th cn phi khi ng li my ch, do
, tng la ca bn cng s c offline trong thi gian . Bng tm tt nhng li
ch v hn ch ca mi ty chn.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 52
Bng cch s dng Edge Firewall network template, bn p dng mt cu hnh phn nh
mc tiu chnh ca TMG v tr cnh ca bn. Mu ny gi nh rng bn c hai giao din:
mt kt ni ni b mng v mt kt ni vi mng bn ngoi. Thng thng cc giao din
bn ngoi l mt trong nhng kt ni trc tip vi Internet (thng qua mt b nh tuyn),
nhng n cng c th c t ng sau mt thit b tng la hoc NAT. Thng thng,
giao din bn ngoi l NIC cu hnh vi mt cng mc nh.
Khi bn chy Getting Started Wizard, chn mu Edge Firewall, nh c hin th trong hnh
II.10.1.1.
3-Leg Perimeter h tr bn trong vic thc hin mt mng vnh ai, c gi l khu vc
phi qun s hoc DMZ. Mng vnh ai ny c s dng phi by an ton ti nguyn
c chia s bi nhng ngi dng n t cc mng khng tin cy (chng hn nh
Internet) v mng ng tin cy (mng bo v TMG). Mu thit lp TMG vi ba giao din
mng: Mt card mng c kt ni vi Internet (bn ngoi mng), mt kt ni vo mng
ni b, v mt kt ni vi mng vnh ai. Ty chn 3-Leg Perimeter l khng c sn nu
bn c t hn ba NIC c ci t trn TMG. Khi bn chy Getting Started Wizard, bn c
th chn mu Perimeter-3 Leg, nh th hin trong Hnh II.10.2.1.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 55
S dng mu Single NIC khi bn mun gii hn bc tng la vi mt hoc nhiu vai tr
sau y :
A
A
A
A
Bn khng th s dng mt TMG Single NIC bo v cc cnh mng ca bn. TMG Single
NIC khng c khi nim ca mt mng bn ngoi, bi v n ch c mt giao din mng v
cng mc nh cho kt ni vt ra ngoi mng ring ca bn nm trn cng mt card
mng. Do , cc mng ch c localhost (bn thn TMG) v ni b. Ngoi ra, Single NIC
khng c h tr 1 s tnh nng:
0.0.0.0
255.255.255.255
127.0.0.0 - 127.255.255.255
224.0.0.0 - 254.255.255.255
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 58
10.5.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 59
11. Di tr TMG
TMG ch chy trn Windows 2008 SP2 hoc R2 x64. Bi v ISA Server ch chy trn Windows
2000 (ISA 2004 SE) hoc Windows 2003 x86, mt my ch hon ton xy dng li (hoc
thay th nu cc b vi x l 32-bit) l bt buc trc khi TMG c th c ci t trn n.
Bi v vic di tr t ISA Server ln TMG yu cu mt h iu hnh hon ton mi, nng cp
ti ch ln TMG khng h n gin. Bn phi p ng cc iu kin sau y cho cc k
hoch chuyn i ca bn:
Tt c cc thnh vin trong mng phi s dng mc cp nht h thng iu hnh tng
t, bt u vi Windows Server 2008 Service Pack 2.
Tt c cc thnh vin trong mng phi s dng cng mt phin bn Windows. Bn khng
th kt hp my tnh chy h iu hnh Windows Server 2008 (SP2) v Windows Server
2008 R2 trong cng mt mng.
Ngoi ra, trc khi bn bt u chuyn i, bn phi nng cp cho my ch ISA ca bn
mi nht, h tr mc cp nht nh chi tit trong Bng cp nht.
Di c t TMG MBE trn Windows Server Essential Business Server (EBS) ln TMG
2010 khng c h tr ca EBS uprgrade Wizard.
Bng patchs tm tt cc con ng di c c h tr bn c th lm theo.
Du (*) ch TMG 2010 Enterprise Edition Standalone Array. Du hiu thng (#) ch
Windows Essential Business Server (EBS).
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 60
Bn c th nhn thy t Bng patchs rng bn khng th di chuyn trc tip t ISA Server
Standard, TMG Enterprise Edition (SE), TMG Medium Business Edition (MBE), hoc TMG
2010 SE trc tip ln TMG Enterprise Edition (EE) EMS-managed arrays. iu ny l do di
chuyn n mt EMS-Managed Array, trc tin bn phi nng cp ln TMG Enterprise hay
Standard Edition, sau bn c th join TMG n mt Enterprise Edition EMS-Managed
Array. Khng c nng cp t TMG MBE trn Windows Essential Business Server (EBS) m
khng c vic s dng cc WEBS R2 Upgrade Wizards.
Hnh II.11.1 xc nh traffic profile n gin ha cho v d di tr. Giao thc SIP l mt b
sung cho vic trin khai cc dch v v TMG h tr giao thc ny trong khi ISA Server
khng.
SIP, t vit tt ca Session Initiation Protocol (Giao thc Khi to Phin) l mt giao thc
tn hiu in thoi IP dng thit lp, sa i v kt thc cc cuc gi in thoi VOIP.
SIP c pht trin bi IETF v ban hnh trong ti liu RFC 3261. SIP m t nhng giao
tip cn c thit lp mt cuc in thoi. Giao thc ny ging nh giao thc HTTP, l
giao thc dng vn bn, rt cng khai v linh hot.
Hnh II.11.1 V d v di tr
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 61
12.2.
Nhiu ng dng c th hot ng nh mt my khch Web proxy. Tuy nhin, trnh duyt
Web l thng s dng ng dng cu hnh lm nh vy. V d sau y s dng mt
trnh duyt Web chng minh lm th no mt client Web proxy s gi mt yu cu HTTP
n TMG. Trong v d ny, cc trnh duyt Web c cu hnh s dng TMG nh l mt
Proxy Web v ngi dng truy cp http://www.contoso.com.
Client gi mt HTTP GET yu cu TMG trn cc cng lng nghe client Web proxy yu cu.
Theo mc nh, TMG c cu hnh cho php cc kt ni client Web proxy trn TCP
cng 8080. Sau khi TMG nhn c cc kt ni t my khch Web Proxy, Microsoft Firewall
kim tra quy tc truy cp xc nh nhng quy tc p dng cho HTTP c xc nh
trc giao thc nh ngha (port 80). iu ny xc nh xem yu cu c cho php hoc b
t chi t ngun n cc my ch ch.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 62
Trong khi thc hin vic kim tra dch v Firewall thc hin phn gii tn DNS xc nh
xem mt quy tc da trn a ch IP ny p dng cho yu cu. Nu yu cu l c cho
php, Firewall chuyn tip dch v yu cu n b lc Web Proxy, kt ni n my ch ch
trn cng quy nh trong URL (mc nh cng 80).
Nu cn thit, TMG cng s yu cu client cho cc thng tin bng cch s dng HTTP
xc thc (NTLM, Negotiate, Basic, Digest, Kerberos)
TMG thc hin lc lp ng dng cho cc yu cu HTTP t cc client Web Proxy. Hnh
II.12.2.1 cho thy cc thnh phn ct li c s dng bi TMG cho yu cu ny.
Hnh II.12.2.1 Thnh phn ct li ca TMG trong x l HTTP request t web proxy client
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 63
Theo mc nh ch c hai cng c cho php bi TMG cho SSL ng hm: cng
TCP 443 v cng TCP 593.
12.3.
Cu hnh Server-Side
Theo mc nh, TMG cho php truy cp cho Web Proxy Client nm trn mng ni b
mc nh. Cng mc nh lng nghe l TCP cng 8080. Bn c th xc nhn iu ny bng
cch lm theo cc bc sau:
1) M Forefront TMG Management Console.
2) M rng nt Forefront TMG (Name Server) trong khung bn tri.
3) Nhp vo nt mng khung bn tri v sau nhp vo tab mng gia ca s.
Nhp vo mng ni b.
4) Nhp vo chnh sa mng c la chn trong khung bn phi.
5) Trong hp thoi Internal Properties, nhn vo tab Web Proxy.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 64
12.4.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 65
SecureNET Clients
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 66
12.6.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 67
Cc client SecureNET l la chn duy nht ca bn h tr cc giao thc khng phi Web
cho Non-Windows Client. Vn l TMG client khng c h tr client khng phi
Windows. Nh vy, client SecureNET l la chn duy nht ca bn h tr giao thc web
cho client khng phi l Windows. Cc client SecureNET l loi client duy nht c h tr
giao thc Non-TCP/UDP. Hai cc giao thc Non-TCP/UDP ph bin nht c s dng bi
cc qun tr vin TMG l ICMP v PPTP. PPTP s dng mt s kt hp ca cng TCP 1743
v Generic Routing Encapsulation (GRE), trong s dng giao thc IP 47. ICMP v GRE
thay th UDP hoc TCP nh trong phn giao thc vn chuyn ca mng stack v do
khng th b chn v nh gi bi phn mm my khch TMG.
12.8.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 68
12.9.
Hnh II.12.9.1 cho thy tab Forefront TMG client trong hp thoi Default Internal Network
Properties.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 69
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 70
SECURE NAT
FIREWALL
CLIENT
WEB PROXY
Khng cn ci t ng
dng no
Khng cn ci t ng
dng
Khai bo tn hoc IP
v port 8080 cho
Proxy Server
H iu
Hnh
H tr TCP/IP
windows
Giao Thc
Mi giao thc
Chng Thc
Khng
Ci t
Ci t chng
trnh Firewall
Client
Bng II.12.9.3 So snh nhng tnh nng gia SecureNAT, Web Porxy v Firewall Client
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 71
TMG 2010
Hnh II.13.1.1 cho thy TMG chnh 2010 giao din iu khin.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 72
Hnh II.13.1.2 Nhng tnh nng mi trong TMG 2010 so vi TMG MBE
13.2.
Monitoring
Vo tab Services, cch TMG trnh by chy dch v cng thay i. By gi cc dch v
bo co c chia thnh cc nhm ring. iu ny l c li trong vic gip bn hiu thnh
phn nhu cu cc dch v. Hnh II.13.2.2 cho thy cc mc mi trong tab Services.
13.3.
Firewall policy
Nhng thay i khc c t trong ca s nhim v v cng c lin quan n tnh nng
mi ca TMG 2010, chng hn nh ty chn cu hnh Voice over Internet Protocol (VoIP).
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 73
13.4.
Chnh sch Web Access khng thay i iu trong TMG 2010 n l mt tnh nng mi
trong TMG MBE. Ch thm cc ty chn truy cp vo lc URL v kim tra HTTPS, nh th
hin trong hnh II.13.4.1.
Ngoi ra, nhng thay i thanh cng c khi bn chn Web Access Policy v cung cp cc
phm tt mi cho cc ty chn khc, nh th hin trong hnh II.13.4.2.
13.5.
E-Mail Policy
E-mail bo v l mt trong nhng lnh vc chnh TMG 2010 gii thiu tp hp cc tnh nng
mi. Ty chn ny c thit k cung cp truy cp d dng cu hnh chnh sch
E-mail, lc th rc, virus v lc ni dung. Tab u tin (E-Mail Policy) c cc ty chn
to mt hnh mi chnh sch v kt hp n n my ch SMTP ni b. Hnh II.13.5.1 cho
thy cc ty chn cho E-Mail Policy tab.
Khi bn nhp vo tab E-Mail Policy, ca s nhim v cho cc ty chn c hin th trong
Hnh II.13.5.2.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 74
Hnh II.13.5.3 v II.13.5.4 cho thy cc ty chn c sn cho hai tab khc.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 75
13.6.
Sau khi cch nhn vo Tab Network Inspection System, bn c cc ty chn c hin th
trong Hnh II.13.6.3.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 76
Tab Network Adapter, cho php bn xem cu hnh IP ca giao din mng trn my tnh
TMG. iu ny c th gip bn tit kim thi gian nu bn mun nhanh chng xem xt cu
hnh TCP/IP ca bn bi v bn khng cn phi m Control Panel ca Windows v m
Network and Sharing Center. Hnh II.13.6.5 cho thy iu ny.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 77
Tab cui cng, ISP Redundancy, s c tt theo mc nh, nh th hin trong hnh
II.13.6.7.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 78
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 79
Khi bn nhn thy Getting Started Wizard cho ln u tin, ba nhim v chnh c th c
thc hin theo th t c trnh by. Khi nhng cng vic ny c hon thnh, bn c
th s dng chng trong bt k th t bn mun.
14.2.
Network Setup Wizard l mt m rng ca ISA Server 2006 Network Template Wizard.
Cng ging nh ISA Server 2006 Network Template Wizard, bn c th la chn bn mng
cu hnh c bn:
Edge Firewall
3-Leg Perimeter ( b v hiu ha trong EBS)
Back Firewall
Single-Network Adapter
Khng ging nh ISA Server 2006 hng dn Network Template, TMG Network Setup
Wizard cng cho php bn xc nh cc thit lp IP cho NIC mi khi bn lin kt n vi TMG
lin quan mng.
Mt ci tin khc trn ISA Server 2006 Network Template Wizard c trnh by khi bn
chn 3-Leg hoc mu Back Firewall. Trong nhng trng hp ny, Network Setup Wizard
cung cp cho bn kh nng la chn cc mi quan h mng cho chu vi mng. y l mt
ci tin ln, trn mng ISA Server 2006 Mu Wizard trong khng c gi nh v mi quan
h ny, l s la chn ca bn lm mt mi lin kt NAT hoc Route. Hnh II.14.2.1
minh ha nhng b sung ny.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 80
14.3.
System Configuration Wizard cho php bn xc nh tnh cht hot ng cho TMG:
Computer name
Domain or workgroup membership
Primary DNS suffix
14.4.
Deployment Wizard
14.5.
Web Access Policy Wizard cung cp mt phng php hng dn thng qua bn c th
nh ngha HTTP truy cp da trn quy tc. N cng cho php bn cu hnh chnh sch ny
trong bi cnh ca phn mm kim tra c hi. Bn c th chnh sa cc chnh sch ny
ph hp vi yu cu c th ca bn.
14.6.
The Join Array and Disjoin Array Wizards (TMG 2010 only)
Join Array Wizard nm trong ca s nhim v khi bn chn Forefront TMG (ArrayName).
Hnh II.14.6.1 cho thy cc mng lin kt tham gia, trong khi Hnh II.14.6.2 cho thy cc
mng lin kt chia r.
14.7.
The Connect to Forefront Protection Manager 2010 Wizard (TMG 2010
only)
Lin kt vi Forefront Protection Manager (FPM) 2010 cung cp cc phng tin tham
gia Forefront TMG Array ca h thng FPM 2010
14.8.
Wizard ny cho php bn cu hnh TMG h tr lu lng VoIP bng cch s dng giao
thc tnh hiu khi xng (SIP). Hnh II.14.8.1 cho thy cc lin kt n Configure SIP
Wizard.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 83
14.9.
14.10.
Wizard ny cho php bn cu hnh Forefront TMG s dng hai kt ni ISP c th s dng
mt trong hai cch sau:
ISP Redundancy ch ny cho php TMG s dng ng thi c hai kt ni
ISP v do cung cp bng thng ln hn.
ISP Failover ch ny cho php TMG s dng mt ISP kt ni ti mt thi im
v chuyn sang cc kt ni khc nu kt ni chnh b li.
Route Relationships
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 84
15.2.
NAT Relationships
Mt mi quan h NAT thng bo TMG rng n phi p dng chnh sa a ch IP cho traffic
mng khi n i gia cc my ch.
Mt mi quan h NAT nh ngha mt mi quan h mt chiu traffic qua TMG, c ngha l,
a ch IP i din cho cc my ch pha ngun ca mi quan h s lun lun c thay
i. Cc hnh vi cho cc a ch IP my ch pha ch ca mi quan h ph thuc vo loi
quy tc tng la c s dng x l lu lng truy cp. Bn c th xc nh hai hnh
thc NAT:
Full-NAT Trong trng hp ny, a ch ch l thay i ph hp vi a ch IP
cc my ch c cng b v a ch IP ngun c thay i phn nh TMG mc
nh a ch IP trong mng c lin quan.
Half-NAT Trong trng hp ny, ch c a ch ch l thay i ph hp vi a
ch IP cc my ch Publish. Cc a ch ngun khng thay i.
Hnh II.15.2.1 v loi qui tc danh sch sau minh ha cho hnh vi lu lng truy cp khc
nhau trn ton mt mi quan h NAT.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 85
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 86
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 87
15.3.
Mng Rules
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 88
15.4.
Built-In Mng
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 90
15.5.
Cu hnh mng c bo v ca bn
Sau khi chy Getting Started Wizard v truy cp Web Wizard, bn sn sng s dng
TMG. Tuy nhin, bn c th cu hnh mt s ty chn b sung sau . truy cp vo la
chn cho mng li bo v ni b, thc hin theo cc bc sau:
1. Trn my tnh TMG, m Forefront TMG Management Console.
2. Nhp vo Forefront TMG (Server Name) trong khung bn tri.
3. Nhp vo nt mng trong khung bn tri ca giao din iu khin v sau nhp vo
Internal Tab trong gia Panel.
4. Nhp vo chnh sa mng c la chn trong khung bn phi v bn s thy mt hp
thoi tng t mt hin th trong hnh II.15.5.2.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 91
15.6.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 92
16. CN BNG TI
16.1.
ISP Redundancy l g?
ISP Redundancy l mt tnh nng trong TMG cung cp tnh sn sng cao hoc chia s ti
trng ca kt ni Internet bng cch s dng ca hai link ISP. Tnh nng ny m bo rng
nu link ISP chnh b down, TMG s di chuyn tt c cc kt ni khch hng n link ISP
th cp. Sau khi link ISP chnh l tr li, TMG di chuyn tt c cc kt ni tr li link ISP
chnh, nh th hin trong hnh II.16.1.1. C hai kch bn khc nhau trong ISP-R:
ISP Failover Trong kch bn ny bn c th cu hnh chuyn i d phng t mt
link ISP chnh mt link ISP th. Cc link ISP th cp hoc d phng ch c s
dng khi chnh l khng c. iu ny c bit hu ch khi bn tr tin cho lu
lng truy cp kt ni nh l mt bn sao lu, c s dng ch khi cc ISP link l
down. ISP Failover khng cung cp kh nng cn bng ti.
ISP Load Balancing Trong kch bn ny, bn c th cu hnh cn bng ti gia hai
ISP link lu lng truy cp c th c cn bng gia chng. ISP Load Balancing
cho php bn s dng tt c cc ISP c sn bng thng cng nh cung cp kh
nng chuyn i d phng ISP. Vi cn bng ti ISP, bn c th cung cp cho mi
ISP s dng iu khin giao thng bng cch xc nh mt t l trng lng tng
i mi ISP kt ni.
16.2.
Enabling ISP-R
Bn cho php ISP-R thng qua cc link c sn trn tab Nhim v khi cc nt mng chn
trong khung bn tri cu hnh, nh th hin trong hnh II.16.2.1.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 93
16.3.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 94
16.4.
Bn c th xem trng thi ca cc dch v NLB trong mng a phng hoc mt thnh vin
khc ca mng trn tab vo nt Monitoring trong phn panel bn tri ca giao din iu
khin. Trong Console TMG, Gim st t tab Services, bn c th xem cc ty chn c
hin th Hnh II.16.4.1. Bn c th s dng cc ty chn trong mt s tnh hung x l s
c, chng hn nh nhng ngi th hin trong hnh II.16.4.2.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 95
Cnh bo u tin c chn trong hnh II.16.4.3 cho thy mt s tht bi cu hnh gy ra
NLB ngng lm vic. di cng ca ca s, bn c th xem thng tin cnh bo vi cc
chi tit v vn ny.
17. NETWORK INSPECTION SYSTEM
Kim tra h thng mng (NIS) l mt c ch phn tch giao thng mi c trong TMG. NIS
c xy dng trn cng vic phn tch giao thc mng c thc hin bi Microsoft
nghin cu trn Generic Application-Level Protocol Analyzer (GAPA)
Khi mi gi tin nhn c bi TMG, n c lc qua cc cng c chnh sch v giao thc b
lc trc khi c x l bi NIS. Khi c kch hot mt ch k NIS, NIS c kh nng
ng mt kt ni nu pht hin NIS cho vic k kt c thit lp Chn.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 96
cu hnh (NIS) trong TMG c chia thnh ba la chn chnh: cu hnh chung, trng hp
ngoi l, v cp nht. Trc tin, bn nn xc nh hnh vi chung t NIS, sau bn thm
ngoi l cho quy lut chung, v cui cng bn c th cu hnh nh th no NIS s kim tra
cc bn cp nht ch k.
cu hnh h thng kim tra mng, m Console TMG v i n Intrusion Prevention
System node trong khung bn tri ca giao din iu khin.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 97
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 98
17.2.
Cc kiu tn cng
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 99
18. CACHING
18.1.
Forefront TMG 2010 cung cp tnh nng b nh m Web cung cp hiu sut tt hn v
thi gian p ng cho cc yu cu Web. Bn c th cu hnh Forefront TMG 2010 Web b
nh cache i tng thng xuyn c yu cu ca ngi dng cui. Khi mt ngi s
dng cui cng yu cu Internet, Forefront TMG 2010 c th phc v cc yu cu t b
nh cache ca n thay v thc hin mt yu cu Internet. B nh m Web c th cung cp
hai li ch chnh:
Nhanh hn truy cp Internet Bi v cc yu cu web c phc v t b nh cache
ca a phng thay v c gi n mt my ch Web t xa trn Internet, b nh
m Web cung cp truy cp nhanh ni dung web cho ngi dng cui. B nh m
cung cp truy cp nhanh hn cho ngi s dng Internet bng cch tr li ni dung
t b nh cache thay v yu cu t Web Server do gim ti trn my ch Web.
Gim lu lng truy cp Internet Bi v thng xuyn yu cu ni dung c th c
phc v t b nh cache, bng thng c lu bng cch gim s lng lu lng
gi n Internet.
18.2.
l khng c kch hot trn Forefront TMG 2010 v khng c khng gian a c phn b
cho b nh m. Khi b nh m c kch hot, mt qun tr vin c th nh ngha cc
quy tc b nh cache xc nh ni dung t cc trang web c ch nh c lu gi v ly
ra t b nh cache Forefront TMG 2010.
Nu yu cu l cho php truy cp, Forefront TMG 2010 phn tch ca n cu hnh b nh
cache v cc i tng lu tr xc nh xem mt yu cu cn c phc v t b nh
cache hoc ly t my ch Web. Nu i tng khng c mt trong b nh cache,
Forefront TMG 2010 kim tra cc quy tc Web Chaining xc nh xem yu cu cn c
chuyn trc tip n my ch Web yu cu, mt my ch proxy hoc mt im n thay
th. Nu yu cu hin ti trong b nh cache, Forefront TMG 2010 thc hin cc bc sau
y:
1. Forefront TMG 2010 kim tra xem i tng c gi tr. Nu i tng l hp l
Forefront TMG 2010 ly cc i tng t b nh cache v tr v cho ngi s dng.
Forefront TMG 2010 xc nh xem i tng c gi tr bng cch thc hin cc kim
tra sau:
Time to Live (TTL) quy nh ti ngun cha ht hn.
TTL cu hnh trong cng vic ti ni dung ht hn.
TTL c cu hnh cho cc i tng ht hn.
2. Nu i tng khng hp l, Forefront TMG 2010 kim tra cc quy tc Web
Chaining.
3. Nu mt quy tc Web Chaining ph hp vi yu cu, Forefront TMG 2010 thc hin
cc hnh ng quy nh c th cc quy tc Web Chaining; v d, tuyn ng yu
cu trc tip n mt my ch Web quy nh, mt proxy, mt my ch thay th quy
nh.
4. Nu cc quy tc Web Chaining c cu hnh nh tuyn yu cu n mt my
ch Web, Forefront TMG 2010 xc nh xem my ch Web c th truy cp.
5. Nu my ch Web khng th truy cp, Forefront TMG 2010 xc nh liu b nh
cache c cu hnh tr v cc i tng ht hn. Nu b nh cache c
cu hnh cho php Forefront TMG 2010 tr v mt i tng ht hn min l
ti a c th ht hn thi gian khng c thng qua, i tng c tr v t
b nh cache cho ngi dng cui.
6. Nu my ch Web c sn, Forefront TMG 2010 xc nh xem i tng c th c
lu tr ty thuc vo vic cc quy tc b nh cache c thit lp b nh cache
phn ng. Nu c, Forefront TMG 2010 lu tr cc i tng v tr v i tng
cho ngi dng cui.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 101
TMG Malware Inspection c thit k pht hin v ngn chn cc bit c hi trong
HTTP c gi cho khch hng trong cc mng c bo v trc khi cc bit c hi ny
c th truy cp my tnh ngi dng khng nghi ng v ly lang thit hi khng th khc
phc.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 102
Gim
Cung
Gim
Cung
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 103
19.2.
19.2.1.
Inspection Settings
19.2.2.
Content Delivery
Phng php ny s dng giao gi tin chm cho ngi dng gi kt ni cn sng v
do trnh s tht bi ng dng.Phng php khc c sn cho phn phi ni dung
c gi l nhanh nh git. Nu bn chn phng php ny TMG gi d liu cho ngi
dng cng nhanh cng tt, nhng trong phn cui cng ca chuyn giao d liu c
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 105
t chc cho n khi TMG hon thnh qu trnh qut. Bn cng c th xc nh loi ni
dung s c loi tr t Malware Inspection.
19.2.3.
Storage
19.2.4.
Update Configuration
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 106
19.2.5.
License
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 107
19.3.
URL Filtering
19.3.1.
URL filtering chnh sch iu khin truy cp cc trang Web c da trn cc thnh vin
loi URL. Khng ging nh cc chnh sch da trn b tn min hoc b URL, tnh nng
ny hot ng t ng. Cc trang web c phn loi theo cc Microsoft Reputation
Service (MRS) c ng Microsoft Update (MU) v ti v t MU bi TMG. MRS tp hp
d liu t nhiu nh cung cp v s dng t xa ci thin tnh chnh xc ca d liu.
Hnh II.19.3.1.1 cho thy mi quan h gia hnh ng filtering URL v cp nht.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 108
Com
fabrikam.com
www.fabrikam.com
www.fabrikam.com/patha
www.fabrikam.com/patha/pathb
Com unknown
fabrikam.com general business
www.fabrikam.com unknown
www.fabrikam.com/patha phishing (Not inherited)
www.fabrikam.com/somepath/pathb anonymizer
xc nh
Subpath
cho
nh
Da trn nhng phn ng, TMG bit rng hai loi c th p dng cho URL ny:
General business
Anonymizer
Trong v d ny, chng ta c th xem xt loi Anonymizer c th l th loi quan trng
nht, c ngha l th loi m mt qun tr vin c th mun chn truy cp vo. Cc th
loi URL thng tin thu c t MRS sau c s dng ti cc a im khc nhau
trong TMG nh sau:
Firewall rules - Cho php hoc t chi theo cc th loi
Web Proxy Log - loi ng nhp ny c vit trong nht k cho mi yu cu
(s c s dng bo co)
Enterprise Malware Protection (EMP) - danh sch loi tr
Danh sch loi tr HTTPS (V d, chng ti khng mun kim tra cc trang
web thuc v th loi ti chnh)
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 110
19.3.2.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 111
19.4.
E-Mail Protection
Trong Exchange Server, cc lung mail hot ng nh th hin trong hnh II.19.4.2 v
m t trong cc bc sau y.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 113
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 114
Lm th no Publish mt my ch Web?
21.2.
1. Trn my tnh TMG Server, click Start, g mmc, v sau nhn Enter hoc click OK.
Mt hp thoi MMC tng t nh Hnh II.21.3.1.
2. Nhp vo trnh n File v sau nhp vo Add/Remove Snap-in hoc nhn Ctrl+M.
3. Theo Snap-in c sn, bm vo giy chng nhn v sau nhn Add nh th hin
trong hnh II.21.3.2.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 116
4. Chn ti khon my tnh v sau kch Next, nh th hin trong hnh II.21.3.3.
5. Click vo my tnh local computer v sau nhn Finish, nh th hin trong hnh
II.21.3.4.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 117
6. Kch OK trong hp thoi Add Or Remove Snap-in, nh th hin trong hnh II.21.3.5.
8. Hp thoi Welcome to the Certificate Import Wizard xut hin. Nhn Next.
9. File Import, loi v tr ni m giy chng nhn c v tr nh th hin trong hnh
II.21.3.7 v kch Next.
12. Cc Hon thnh Giy chng nhn trang Import Wizard s xut hin vi mt bn tm
tt la chn ca bn. Xem li cc trang v nhn Finish.
Ti thi im ny, giy chng nhn c ci t trong ca hng my tnh a phng
ca TMG v snap- s hin th cc chng ch mi trong khung bn phi. xc nhn
rng chng ch ny l hp l, kch chut phi vo n v chn Open. Nu chng ch ny
c ban hnh da trn mt mu CNG, li TMG s ch ra mt loi kha khng chnh
xc, nh th hin trong hnh II.21.3.10.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 120
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 121
4. Trang web Wizard Listener mi xut hin. Nhp tn cho Web listener ny v kch
Next.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 122
6. Trn trang Web Listener a ch IP, chn bn ngoi nh th hin trong hnh II.21.4.3
v click Next.
7. Trn trang Listener Giy chng nhn SSL, nhp vo Chn Giy chng nhn, giy
chng nhn cho nghe ny, v sau nhp vo Chn nh trong hnh II.21.4.4.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 123
8. Trn trang Listener SSL Giy chng nhn, xc nhn rng chng ch c chn xut
hin nh th hin trong hnh II.21.4.5 v kch Next.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 124
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 125
11. Trn cc Hon thnh trang web Hng dn mi Listener, xem xt cc la chn nh
th hin trong hnh II.21.4.8. Nhn Finish v sau nhn Apply xc nhn thay
i.
21.5.
Thc hin theo cc bc sau to ra mt quy tc Web Publishing an ton trn TMG bng
cch s dng ngi nghe to ra trc :
1. M rng Forefront TMG (mng Name) trong khung bn tri.
2. Kch chut phi vo Firewall Policy, chn New, v nhn vo Web Site Publishing Rule
nh th hin trong Hnh II.21.5.1.
3. Welcome To trang Web Publishing Rule Wizard xut hin. Nhp tn cho nguyn tc
ny publish v kch Next.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 126
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 128
9. Trn trang Thng tin chi tit Tn cng cng, bn cn phi ch nh tn m client t
xa s s dng ni vi my ch publish. G vo payroll.contoso.com, ri khi
ty chn nh mc nh nh th hin trong hnh II.21.5.6, v kch Next.
10. Trn trang Select Web Listener, chn HTTPS Listener (Web Listener That Was To
Trc y) t Web Listener danh sch th xung, nh th hin trong hnh II.21.5.7.
Nhn Next.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 129
11. Trn trang Authentication on, nhp vo danh sch th xung v chn Basic
Xc thc, nh trong hnh II.21.5.8. Nhn Next.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 130
13. Cu hnh hon tt public rule, tm tt trong nhng la chn cho quy tc ny. xc
nhn rng cc quy tc publish ang lm vic ng, bm vo Test Rule. Nu tt c
mi th c cu hnh ng, kt qu s tng t nh nhng g th hin trong hnh
II.21.5.10. Nhn Finish v sau nhn Apply xc nhn thay i.
VPN l mt mng ring o s dng h thng mng cng cng (thng l Internet) kt
ni cc a im hoc ngi s dng t xa vi mt mng LAN tr s trung tm. Thay v
dng kt ni tht kh phc tp nh ng dy thu bao s, VPN to ra cc lin kt o c
truyn qua Internet gia mng ring ca mt t chc vi a im hoc ngi s dng
xa. Cc giao thc VPN c s dng khc nhau ty theo kh nng ca VPN client v my
ch cng nh cc yu cu chc nng v an ninh ca t chc.
Bi v cc ng hm VPN c nh c an ton v ng tin cy, cung cp m ha
mnh m v phng php xc thc. Ngoi ra, n s dng qun l ng hm kim sot
lu lng giao thng qua ng hm. Hnh II.22.1.1 minh ha mi quan h gia cc chc
nng VPN.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 131
Tunnel types
Protocols
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 132
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 134
22.1.3.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 135
22.1.4.
Tch hp NAP
Windows Server 2008 Network Access Protection (NAP) l mt nn tng thc thi ph
hp vi yu cu sc khe my tnh truy cp mng. Forefront TMG tch hp vi iu
bng cch hnh ng nh mt my ch VPN, nh th hin trong hnh II.22.1.4.1.
TMG vai tr quan trng trong c s h tng NAP l yu cu cc thng tin t khch hng
VPN v gi yu cu xc thc cho Network Policy Server (NPS). Nu kt ni c chp
thun v khch hng l ph hp, NPS TMG cho php lu lng truy cp t my ch
ph hp vi cc chnh sch giao thng hin c ca TMG. TMG chp nhn kt ni v
chuyn tip p ng truy cp vo my tnh ca khch hng. Vic nng cao c thm
vo ca TMG l kh nng kim tra VPN giao thng v cung cp cc quy tc truy cp
hn ch truy cp t khch hng t xa.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 136
23.1.
Kt ni my khch DirectAccess
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 138
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 140
III.
1. KHO ST NHU CU D N
1.1. Tnh hung ti:
Cng Ty C Phn Thng Mi Dch V D.M.A Computer Technology c mt tr s ti Q1,
Tp. HCM v mt tr s khc ti H Ni vi tn min dma.vn. D.M.A chuyn:
Kinh doanh cc mt hng thit b in t my tnh
Cung cp thit b my tnh cho doanh nghip, trng hc
T vn h tr khch hng qua mng
Cng ty c phn thng mi dch v D.M.A Computer Technology c sng h tng h
thng cng ngh thng tin. Vi nhu cu pht trin, m rng v i hi tnh n nh, an ton
v hiu qu trong kinh doanh. B phn IT kho st tng th v a ra m hnh trin
khai nh sau:
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 141
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 142
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 143
M t
Tnh tng
thch vi
Windows Server
2008, 64-bit
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 144
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 145
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 147
Cu hnh qun
l truy cp web
Cho php cu hnh qun l vic truy cp web ch bng 1 thao tc.
Mt trong nhng tnh nng ni tri ca Forefront TMG 2010 so vi
Microsoft ISA Server l Secure Web Gateway (SWG). SWG c chc
nng lc & kim sot nhng chng trnh c hi (malware),
virus, cc website c hi.. t nhng phin kt ni internet ca
ngi s dng trong h thng mng doanh nghip. Ngoi ra SWG
c th p t chnh sch cho php nhn vin s dng ti nguyn
internet mt cch an ton & hiu qu. Trn Forefront TMG 2010,
SWG bao gm 3 thnh phn chnh:
URL filtering - phn loi cc website c bit n vo
cc nhm, kch hot bo co ton din cng nh kha
mt s website, hoc website c cho php truy cp,
nguy c bo mt
Malicious code filtering - loi b tt c m c v
khng mong mun t vic truy cp Web.
Web application-level control - cho php cc doanh
nghip qun l c phng php v s dng cc ng dng
cng cng trn nn tng Internet, nh IM, Internet
telephony, lu tr web, peer-to-peer, web conferencing,
chat,
Forefront TMG cung cp kh nng bo v ton din i vi nhng
nguy c t internet, lc URL, kim tra m c, kh nng phng
chng xm nhp n web client.
Forefront TMG d dng trin khai vi doanh nghip vi mi quy
m.
Ci thin tnh nng bo co t ISA Server bng cch s dng SQL
Reporting Services to cc bo co ty chnh hoc tng hp
bo co.
Ngi qun tr vin c th dng Web Access Wizard cu hnh
Forefront TMG p t chnh sch ca t chc cho vic truy cp
Web.
Forefront TMG cung cp vic qun l h thng cp
enterprise, lin kt lin mch vi Active Directory dng cho vic
chng thc, cp quyn.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 148
nh trc
M t
Tng la s to ra
nhng form bn
in vo bng cch
chng thc theo dng
form base
Remote access n
Terminal Services bng
SSL
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 149
Thi hnh cc kt ni
RPC trong Microsoft
Exchange t Microsoft
Outlook v client dng
kt ni MAPI
Microsoft Office
SharePoint Server
Publishing
II.
M t
Kt ni n vn phng
chi nhnh bng VPN
SecureNAT client h tr
cho VPN clients kt ni
n TMG VPN server
VPN Quarantine
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 150
M t
D dng s dng cc
tnh nng qun l
TMG Microsoft
Operations Manager
(MOM) Management
Pack
M rng SDK
M rng h tr cc sn
phm khc
IV.
M t
Xem firewall, Web Proxy, v SMTP Message Screener logs
TMG Server Management hin th th trc quan cc mc ng
nhp ging nh ang quay li qu trnh ng nhp ca ngi
dng.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 151
Xy dng truy
vn c s ng
nhp
Gim st v lc
session da trn
firewall sessions
Kt ni xc thc
Ty bin bo co
TMG
Tu bin nng cao tnh nng cho thm thng tin chi tit trong
firewall report
Report
publishing
Thng bo bng
email sau khi to
ra bo co
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 152
3. DANH MC THIT B
3.1. Danh mc cc server
STT
Tn my ch
V tr
Chc Nng
intranet
My ch iu khin
min (domain
controller), m
nhim chc nng
lm active directory,
DHCP, DNS.
My ch th tn in
t
AD Server
Mail Server
Dmz
Web Server
Dmz
My ch web
FTP Server
Dmz
My ch chia s d
liu
File server
intranet
TMG 1
Local host
TMG 2
Local host
My ch lu tr v
share d liu ni b,
ng thi lm
addional domain
controller
Tng la bo v h
thng
Tng la bo v h
thng
H iu
Hnh
Windows
Server 2008
Standard
editions 64bit
Windows
Server 2008
Standard
editions 64bit
Windows
Server 2008
Standard
editions 64bit
Windows
Server 2008
Standard
editions 64bit
Windows
Server 2008
Standard
editions 64bit
Windows
Server 2008
Standard
editions 64bit
Windows
Server 2008
Standard
editions 64bit
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 153
Model: 7945L2A
Kiu my ch: Rack 2U
Vi x l: 1 x Intel Xeon Six Core Processor X5660, 2.80GHz, 12M L3
Bus h thng: Intel QuickPath Interconnect up to 6.4 GT/s
B nh: 3 x 4GB DDR3 1333 h tr ECC
cng: 300GB SEAGATE SAVVIO SAS2.0 6GB/S Hot Swap
H tr raid: 0, 1, 5, 10
a quang: IBM UltraSlim Enhanced SATA DVD-ROM
Card mng: Integrated dual Gigabit Ethernet (2 ports standard, plus 2 ports optional)
h tr 10BASE-T, 100BASE-TX, and 1000BASE-T, RJ45
Ngun: 1x Power Supply 675watt HS
S lng
41848
2058
11998
Ghi ch
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 154
IV.
THC HIN
Sau khi update hon tt, chy run preparation tool trn trang installation wizard ca
Forefront TMG 2010 ci t cc tnh nng cn thit trc khi ci Forefront TMG.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 155
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 156
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 157
Chn m hnh mng l 3-Leg perimeter theo m hnh cng ty D.M.A Computer
Technology
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 158
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 159
Cc bc trin khai trong cu hnh ny bao gm: cu hnh dch v update v cc tnh
nng bo v h thng.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 160
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 161
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 162
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 163
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 164
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 165
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 166
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 167
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 168
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 169
2. Cu hnh v thc hin update cc engine v signature cho vic ngn chn malware xm
nhp vo h thng.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 170
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 171
4. Thc hin kim tra cu hnh Malware inspection vi file virus mu download t trang
eicar.org
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 172
Hnh IV.3.3.9 Forefront thc hin block chc nng download ngay khi pht hin virus
Hnh IV.3.4.1 Cu hnh tnh nng HTTPs Inspection trong Task Web Access Policy
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 173
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 174
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 175
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 176
Hnh IV.3.4.9 Trin khai chng ch trn domain dma thnh cng
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 177
3. Thc hin kim tra tnh nng HTTPS va cu hnh vi trang eicar.org
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 178
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 179
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 180
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 181
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 182
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 183
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 184
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 185
2. Cu hnh thuc tnh cho i tng Chat va disable. Trong mc URL Catalogy
Override, chn Add, nhp vo URL: vietfun.com/* v lu cu hnh va to.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 186
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 187
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 188
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 189
Kim tra rule: cho cc my client trong vng perimeter join vo domain
Hnh IV.3.7.9 Cc Client trong vng Perimeter join domain thnh cng
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 191
2. Cu hnh NIS
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 192
Hnh IV.4.5 Cho php NIS phn ng li trc nhng traffic bt thng
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 193
3. Gim St NIS
Thc hin gim st NIS thng qua log and report
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 194
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 195
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 196
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 197
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 198
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 199
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 200
HN site:
Cc bc cu hnh tng t HCM site tuy nhin cn lu user chng thc cn phi
trng vi user bn HCM site to.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 201
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 202
Hnh IV.6.2 Cu hnh cho php user vpn1 ng nhp domain t bn ngoi
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 203
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 204
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 205
Ti my Client ta to 1 kt ni o n my ch
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 206
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 207
Sau khi ci t hon tt, tin hnh update trong mc update source and proxy server
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 209
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 210
Cho php t ng b ha
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 211
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 212
Bt u ci t FCS
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 213
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 214
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 215
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 216
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 217
Sau khi ci t v hon thnh cu hnh c bn trong getting started wizard, chng ta
tin hnh cu hnh UAG lm directaccess server.
Bc 1: Cu hnh Client v GPOs
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 218
Bc 2: Cu hnh
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 219
10. Bo mt my ch Exchange
Tin hnh ci t Forefront Security for Exchange Server
Forefront Security cho php tch hp vi nhng chng trnh ca hng th 3 (nh
Kaspersky, Norman, Sophos, v.v.)
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 220
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 221
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 222
Hnh IV.11.2 Chn Load balancing with failover capability (mc nh)
Ti ISP Connection 1
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 223
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 224
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 225
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 226
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 227
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 228
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 229
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 230
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 231
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 232
V.
1. NH GI TI
1.1. Kh nng p dng v m rng:
1.1.1. Kh nng p dng ca Forefront:
Microsoft Forefront cung cp ton din, cc gii php end-to-end, c hai c s v trong
m my, gip bo v ngi dng v cho php truy cp an ton hu nh bt c ni
no. Vi danh mc u t tch hp bo v ca chng ti, nhn dng, v cc sn phm
truy cp, bn c th bo v mi trng ca bn v qun l truy cp trn cc d liu,
ngi s dng, v h thng.
Bo v nhiu lp Forefront cung cp gii php phn mm c hi bo v hng u
trn ton nhn tin, thit b u cui v my ch ng dng cng tc v cnh mng.
Forefront Endpoint Protection 2010 Cc phin bn tip theo ca Forefront
Client Security, gip cho php cc doanh nghip n gin ha v ci thin bo v
thit b u cui trong khi lm gim ng k chi ph c s h tng.
Forefront Protection 2010 cho Exchange Server Kt hp nhiu c my qut t
cc i tc hng u ngnh cng nghip vo mt gii php duy nht pht hin
virus v spyware nhanh hn v hiu qu hn cc gii php mt ng c.
Forefront Bo v trc tuyn cho Exchange Cung cp cc cng ngh lp tch
cc gip bo v cc doanh nghip trong v ngoi e-mail t th rc, virus, la
o phishing, v vi phm chnh sch e-mail.
Forefront Protection 2010 cho SharePoint Kt hp nhiu cng c qut chng
phn mm c hi t cc i tc an ninh ngnh cng nghip hng u th gii vi
tp tin v t kha lc gip cung cp bo v ton din chng li cc mi e da
mi nht.
Forefront Threat Management Cng 2010 Cung cp mt cng web an ton
bo v ngi dng t phn mm c hi v cc mi e da da trn web khc.
Truy cp da trn nhn dng Microsoft da trn nhn dng ca cng ngh truy
cp v cc gii php Forefront xy dng da trn c s h tng Active Directory
cho php ngi dng truy cp da trn chnh sch cc ng dng, thit b, v
thng tin.
Microsoft Forefront Identity Manager 2010 Cung cp mt gii php ton din
cho bn sc qun l, thng tin, v chnh sch nhn dng truy cp da trn mi
trng khng ng nht.
Cng Forefront truy cp hp nht 2010 Cung cp truy cp ton din, an ton t
xa n cc ti nguyn cng ty cho nhn vin, i tc v nh cung cp trn c hai
my tnh c nhn qun l v khng c qun l v cc thit b di ng.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 233
Forefront cung cp cho Cng ty, doanh nghip ton din cc sn phm bo mt c hiu qu
cao. Bng cch tp trung cc n lc ca chng ti vo cc kha cnh hi nhp v qun l an
ninh, cc sn phm Forefront c th gip ngn nga sai, cho php t chc trin khai sn
phm bo mt hn khp ni, v cung cp cho bn mt ci nhn thng nht vo tnh trng
bo mt ca mng ca bn. Bng cch gii quyt vn hot ng Forefront gip lm cho
mng ca bn an ton hn. Cu hnh chnh xc, an ninh, c trin khai, ni n l cn
thit, v qun l v bo co c n gin ha.
1.3. Hn ch ca gii php hin ti:
Mt s h s nh hng n s n nh v hiu sut ca tng la TMG: Tng la
Forefront Threat Management Gateway (TMG) 2010 l mt cng bo mt tch hp c kh
nng cung cp cc dch v bo mt lp ng dng v lp mng nng cao. N c th thc
hin thanh tra giao thc mc thp, thanh tra lu lng ln ng dng, xc thc ngi
dng, cho php iu khin da trn danh ting v thanh tra truyn thng HTTPS. Cc tnh
nng nng cao ny tiu tn rt nhiu ti nguyn v c th cn tr thng lng v lm chm
nu h thng c cu hnh khng ng hoc c kch thc khng thch hp.
1.3.1. Cu hnh phn cng:
Trc khi bt u bt c tho lun no v tng la TMG v hiu sut, mt iu quan
trng cn lu l phn cng nm bn di i vi nhim v h tr ca TMG trong
vai tr m n c trin khai. Cch tt nht l chng ta nn s dng phn cng lp
my ch cht lng cao hoc thit b bo mt chuyn dng. c kt qu tt nht,
phn cng cn phi c kch thc ng cch cho mi trng ca n v c lng ti
thch hp. Tnh nng thanh tra lp ng dng v lp mng nng cao ca TMG c th lm
dng ng k ti nguyn ph thuc vo h thng, v vy c c sc mnh x l
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 235
tha ng, b nh, dung lng a v mng chnh l iu quan trng mang tnh nn
tng i vi s n nh v hiu sut cao ca gii php.
Vic xc nh c dung lng phn cng yu cu l bao nhiu cho mt thc thi c th
l ht sc kh khn, nguyn nhn l mi mt trin khai mang tnh duy nht v c nhiu
h s ph thuc. h tr vic xc nh cc yu cu v phn cng, Microsoft gii
thiu cng c Forefront TMG Capacity Planning Tool. Cng c ny cho php bn c th
nhp vo cc chi tit c th v mi trng ca mnh cn li n s cung cp li khuyn
v cc chi tit k thut phn cng bng cch da trn s lng ngi dng mong i v
bng thng m bn c cng nh cc tnh nng bo v s c s dng. Cn c mt k
hoch d tha i vi CPU v b nh bo m c c hiu sut tt nht, y cng
l bin php d phng trong cc trng hp cn m rng sau ny.
1.3.2. Cc dch v c s h tng
Tng la TMG da phn ln vo vic h tr cc dch v c s h tng thc hin cc
nhim v ca n. Hiu sut tng th ca gii php ph thuc vo cch cc dch v
chng hn nh Active Directory v DNS hot ng tt nh th no. Nu tn ti cc vn
vi Active Directory hay DNS s khng c cch no iu khin TMG khc phc
c vn hiu sut. Tuy c nhiu th c th i sai lnh i vi Active Directory hoc
DNS nhng chng ti s khng cung cp mt danh sch ton din nhng vn m ch
nu mt s vn chung c th lm gim ng k hiu sut ca TMG l:
Kt ni mng Hiu sut c th b nh hng kh tiu cc nu tng la TMG
khng c kt ni mng tin cy vi Active Directory hoc DNS. TMG cn phi
c kt ni tt vi cc dch v ny; l tng khi chng c t trong cng v
tr vt l v c kt ni tc gigabit. Cn bo m tt c cc thit b trung gian
nh router, switch, u lm vic tt v khng c xut hin du hiu li.
Cu hnh site Active Directory i khi hiu sut ngho cng c th do tng
la TMG thc hin xc thc cc domain controller nh v trong cc vng a l
khc nhau. iu ny b gy ra bi cch cu hnh cc site Active Directory khng
ng. Do cn bo m rng cc Active Directory IP subnet phi c nh
ngha ng v site Active Directory c cu hnh c cha cc domain controller
nm cng vi tng la TMG.
1.3.3. Ni mng
mc thp nht, TMG l mt tng la nh tuyn c tc dng phn phi d liu t
mt giao din ny ti giao din khc nu chnh sch cho php. Nh vy cu hnh mng
ng vai tr quan trng trong vn hiu sut ca h thng. y l mt s thit lp
cu hnh chnh v cc khuyn ngh ti u thng lng cng nh hiu sut mng:
Tc cng v ch song cng - Li tc cng hoc thit lp song cng
(duplex) s lm gim hiu sut mng mt cch khng khip. hot ng
ng, cc thit lp ny phi ging nh ti cc kt ni. iu c ngha rng nu
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 236
bn thc hin cu hnh th cng cc thit lp trn giao din mng ca tng la
TMG th bn cng phi thc hin thit lp nh vy trn switch m n c kt
ni n. Nu switch m n kt ni n l mt switch t do, bn cng phi t
cc thit lp ca giao din mng tng la TMG ch auto-negotiate (t
ng iu nh). Bn khng th cu hnh mt pha ny th cng v pha kia
t ng. D bt c tnh hung no cng khng nn s dng hub trong mi
trng sn xut.
Cu hnh DNS/Th t lin kt giao din mng - y l mt trong nhng li
cu hnh hay gp nht v c th gy nn tnh trng km hiu sut phn gii tn
cng nh hin tng xc thc khng tin cy. Cc my ch DNS cn c cu
hnh ch trn giao din mng bn trong. Thm vo , v c bn giao din mng
bn trong trn nhiu tng la cn c cu hnh trc trong danh sch th t
cc giao din mng.
Cc on mng c cch ly - Mt tng tuyt vi khi t cc giao din
mng ca tng la TMG trong cc on mng cch ly bt c khi no c th.
Bng cch ny chng ta c th ci thin c c hai vn hiu sut v bo
mt, lm gim ri ro ca kiu tn cng ARP cache poisoning v lm cho mng
tr nn kh b pht hin hn. Nu Network Load Balancing (NLB) c kch hot
th iu ny thm ch cn quan trng hn. Mc nh, NLB s qung b cc thng
tin ng b tt c cc host trn on mng c th thy. Cc tng la TMG
c cu hnh trong cc on mng cch ly s hn ch c s qung b, n s
ch qung b cho cc host yu cu n.
Cu hnh tng la pha sau - Tng la TMG khng phi l mt cu hnh ti
u di dng bo mt v hiu sut. Cc host b l din trc tip vi Internet u
c bo v bng cc b qut v kim tra. Vic cu hnh tng la TMG nh
mt tng la pha sau cho tng l khc c th gim s lng tp nhiu m n
phi x l. Cho v d, mt Cisco ASA ti network edge c cu hnh cho php
ch cc giao thc m TMG s x l s gii phng c rt nhiu ti nguyn
thc hin hnh ng xc thc v thanh tra lu lng lp ng dng nng cao.
Mt li ch na y l gim c s nhim bn ghi, lm cho d liu bn
ghi tr nn trong sng v d hiu hn, d nhn bit cc lu lng bt thng.
Web Proxy client - Vic cu hnh cc my client lm my Web Proxy client
mang li kh nhiu li ch v hiu sut, mc d nhiu qun tr vin thch cu
hnh SecureNAT client v n khng yu cu thay i phn mm client. Cc my
SecureNAT client v c bn s tiu tn lng ti nguyn trn tng la TMG
nhiu hn so vi cc my Web Proxy client v my Web Proxy client s thit lp t
kt ni TCP n cc b lng nghe web proxy ca tng la TMG nhm ly li ni
dung web hn. Cho v d, khi kt ni n mt trang web ph bin no (trong
v d ny l espn.com), my SecureNAT client thit lp 31 kt ni TCP
hin th trang chnh.
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 237
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 238
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 239
VI.
Cc Website V Cc Din n:
http://www.nhatnghe.com/forum
http://www.microsoft.com
http://technetvietnam.net/blogs/hoangho
http://quantrimangvnn.wordpress.com
http://forum.itlab.com.vn
http://technetvietnam.net/blogs/hieudd
http://msopenlab.com
http://tuonglua.net
http://quantrimaychu.vn/forum
Ebook Tham Kho:
Microsoft Forefront Threat Managerment Gateway (TMG) Administrators Companion
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 240
VII.
PH LC
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 241
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 242
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 243
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 244
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 245
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 246
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 247
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
Hnh
_____________________________________________________________________________________
Trng C Ngh CNTT Ispace Khoa: CNTT: ti tt nghip
Trang 248