Shulou(Shulou.com)06/01 Report--

Deployment Mode and benefit of SINFOR AC

1. Gateway mode

The gateway mode is suitable for users who want to implement all the audit, control, and interception functions through AC products, and are not sensitive to changes in the network topology.

The gateway mode uses SINFOR AC as the exit network of the local area network to proxy the intranet PC to access the Internet. In addition to completing the management and control functions of AC, it can also achieve network and security functions such as NAT, routing and firewall.

Deployment mode: the WAN port of AC is connected to the access line of wide area network, usually optical fiber, ADSL line or router, the LAN port of AC (DMZ port) is connected with the switch of local area network, and the PC of internal network points the gateway to the local area network port of AC, and then accesses the Internet through AC proxy.

II. Bridge mode

Bridge mode is suitable for users who want to fully monitor, control, and manage the intranet and do not want to change any network address of the local area network.

Bridge mode equates SINFOR AC with a "intelligent network cable" connected between the gateway and the switch, which can audit, manage and control all data flows through the AC.

Deployment mode: the WAN port of AC is connected with the gateway of LAN, and the LAN port (DMZ port) is connected with the LAN switch. Any network devices and PC in the LAN do not need to change the IP address.

III. Bypass (Pass-by) deployment

Bypass deployment connects the device to the mirror port of the switch to monitor the data flow in the local area network. The bypass mode is suitable for users who want to monitor and audit the intranet through AC. The deployment of bypass mode does not need to make any changes to the intranet topology, which makes it the least difficult to implement. Because the intranet data flow does not need to flow through AC devices, it avoids the degradation of network processing performance caused by too many devices in the network backbone, and reduces the probability of network single point failure. (Bypass is a bypass function, that is, two networks can be physically connected without going through the system of the network security device through a specific trigger state (power outage or crash). Therefore, with Bypass, when the network security device fails, the network connected to this device can also connect to each other. Of course, at this time, the network device will no longer deal with the packets in the network.

Deployment method: configure the image port in the outgoing × × switch machine, and connect the wide area network port of AC with the image port to monitor private network packets.

)

The benefits that can be brought after use:

1. Control the content of accessing Web, Mail and other common services, restrict and control the behavior of various P2P software such as QQ, BT, MSN, Skype, etc., and allocate reasonable Internet time to various departments and individuals according to the business situation.

2. Bandwidth optimization: you can allocate specified bandwidth to different departments and applications.

3. Comprehensive recording and preservation of URL records, FTP uploads and downloads, BBS posts and other applications

4. Block all kinds of P2P software and application identification.

5. Cooperate with SC centralized control to do unified policy distribution and log system management.

AC restores factory settings:

When the equipment is turned off, use the cross network cable to connect the LAN port and DMZ port, the alarm light will always be on, and after it flashes normally, the factory configuration of the equipment will be restored successfully, at this time, you can use the factory configuration IP to log in to the device normally. By default, a subinterface is bound to the lan port. The default ip for the lan port is 128.127.125.252 ip, which is 255.255.255.248mit.DMZ port is 10.252.252.252Universe.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.