paloalto防火墙配置手册(paloalto防火墙怎么样)
导语:Paloalto防火墙GlobalProtect设置及更改默认443端口
型号:Paloalto PA-220
OS版本:8.0
教程目的:
1.Paloalto防火墙GlobalProtect设置
2.GloabalProtect默认是使用443端口, 目前固定公网IP若未备案是无法使用默认443端口的。下面我们来更改GP默认端口。
第一步:新建区域
Network>Zone 点击左下角”Add”按钮
![](http://image.lingbiren.com/d/file/p/2023/10/muddzxnisdt.jpg)
第二步:新建隧道
Network>Interfaces>Tunnel
![](http://image.lingbiren.com/d/file/p/2023/10/2bl5gixrw25.jpg)
第三步:常见自签名证书
Device>Certificate Management>Certificates 点击下面”Generate”按钮
![](http://image.lingbiren.com/d/file/p/2023/10/15wsani0kda.jpg)
![](http://image.lingbiren.com/d/file/p/2023/10/lpa5zbh4htk.jpg)
第四步:创建SSL/TLS配置文件
Device>Certificate Management>SSL/TLS Service Profile 点击左下角”Add”
![](http://image.lingbiren.com/d/file/p/2023/10/5fus1bqyu1h.jpg)
第五步:创建本地用户组
Device>Local User Database>User Groups 点击左下角”Add”
![](http://image.lingbiren.com/d/file/p/2023/10/wfm1gfpaicx.jpg)
第六步:创建身份验证配置文件
Device>Authentication Profile 点击左下角”Add”
![](http://image.lingbiren.com/d/file/p/2023/10/s2yd4mdccl4.jpg)
![](http://image.lingbiren.com/d/file/p/2023/10/xb5tfwq3tuh.jpg)
第七步:配置GobalProtect 门户
Network>GlobalProtect>Portals 点击左下角”Add”
![](http://image.lingbiren.com/d/file/p/2023/10/zxopv03vqqm.jpg)
Network>GlobalProtect>Authentication
![](http://image.lingbiren.com/d/file/p/2023/10/1ami3g3zffh.jpg)
Network>GlobalProtect>Agent
![](http://image.lingbiren.com/d/file/p/2023/10/fdpfgghpcjk.jpg)
![](http://image.lingbiren.com/d/file/p/2023/10/spnlgl5xzsw.jpg)
![](http://image.lingbiren.com/d/file/p/2023/10/esuqpl5d50z.jpg)
![](http://image.lingbiren.com/d/file/p/2023/10/5rfdno0er3f.jpg)
![](http://image.lingbiren.com/d/file/p/2023/10/rgadtccj15x.jpg)
![](http://image.lingbiren.com/d/file/p/2023/10/rvcmdwc2dou.jpg)
![](http://image.lingbiren.com/d/file/p/2023/10/4qtrrenylx1.jpg)
第八步:配置GlobalProtect网关
Network>GlobalProtect>Gateways 点击左下角”Add”
![](http://image.lingbiren.com/d/file/p/2023/10/cvaj1pmlwbw.jpg)
![](http://image.lingbiren.com/d/file/p/2023/10/xsftfl3ujs1.jpg)
![](http://image.lingbiren.com/d/file/p/2023/10/twe5pbqk55b.jpg)
![](http://image.lingbiren.com/d/file/p/2023/10/fo40kjwep21.jpg)
![](http://image.lingbiren.com/d/file/p/2023/10/5vwbxnjz2e4.jpg)
第九步:配置防火墙规则
Policies>Security 点击左下角”Add”
![](http://image.lingbiren.com/d/file/p/2023/10/02izflzv5kz.jpg)
![](http://image.lingbiren.com/d/file/p/2023/10/csfhwnfn2kt.jpg)
![](https://ftp.850a.com/kkwl/20230310/i4pxajovf.jpg)
![](http://image.lingbiren.com/d/file/p/2023/10/x4mil3xpuij.jpg)
![](http://image.lingbiren.com/d/file/p/2023/10/3mw0gny1jv5.jpg)
GloabalProtect默认是使用443端口, 目前固定公网IP若未备案是无法使用默认443端口的。下面我们来更改GP默认端口。
第一步:新建loopback接口
Network>Interface>Loopback
![](http://image.lingbiren.com/d/file/p/2023/10/yfp2vigycxg.jpg)
![](http://image.lingbiren.com/d/file/p/2023/10/ir1g3okiq4h.jpg)
![](http://image.lingbiren.com/d/file/p/2023/10/dmzjbq034id.jpg)
第二步:GlobalProtect Portals中绑定Loopback接口
![](http://image.lingbiren.com/d/file/p/2023/10/rp4c5wm4db5.jpg)
第三步:GlobalProtect Gateways中绑定Loopback接口
![](http://image.lingbiren.com/d/file/p/2023/10/ozmp14v0lk5.jpg)
第四步:设定NAT规则
Policies>NAT
![](http://image.lingbiren.com/d/file/p/2023/10/vyqv1zpelav.jpg)
![](http://image.lingbiren.com/d/file/p/2023/10/pl32fzuq4ir.jpg)
![](http://image.lingbiren.com/d/file/p/2023/10/umdc1w1uwet.jpg)
第五步:更改上面新建的防火墙规则
![](http://image.lingbiren.com/d/file/p/2023/10/obkuu0ipdnp.jpg)
第六步:修改里面的外部网关External
Network>GlobalProtec>Portals>Agent
![](http://image.lingbiren.com/d/file/p/2023/10/xebspg3n545.jpg)
免责声明:本站部份内容由优秀作者和原创用户编辑投稿,本站仅提供存储服务,不拥有所有权,不承担法律责任。若涉嫌侵权/违法的,请与我联系,一经查实立刻删除内容。本文内容由快快网络小故创作整理编辑!