<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>ssh &#8211; Thegioifirewall</title>
	<atom:link href="https://thegioifirewall.com/tag/ssh/feed/" rel="self" type="application/rss+xml" />
	<link>https://thegioifirewall.com</link>
	<description>Tường lửa bảo vệ doanh nghiệp, trung tâm thông tin và giá cả</description>
	<lastBuildDate>Tue, 30 Jul 2024 10:50:31 +0000</lastBuildDate>
	<language>vi</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=7.0</generator>

<image>
	<url>https://thegioifirewall.com/wp-content/uploads/vacif_icon-150x150.png</url>
	<title>ssh &#8211; Thegioifirewall</title>
	<link>https://thegioifirewall.com</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>HƯỚNG DẪN THIẾT LẬP XÁC THỰC KHÓA CÔNG KHAI ADMIN FIREWALL SOPHOS.</title>
		<link>https://thegioifirewall.com/huong-dan-thiet-lap-xac-thuc-khoa-cong-khai-admin-firewall-sophos/</link>
					<comments>https://thegioifirewall.com/huong-dan-thiet-lap-xac-thuc-khoa-cong-khai-admin-firewall-sophos/#respond</comments>
		
		<dc:creator><![CDATA[admin]]></dc:creator>
		<pubDate>Tue, 30 Jul 2024 10:30:44 +0000</pubDate>
				<category><![CDATA[Sophos Firewall]]></category>
		<category><![CDATA[khóa công khai]]></category>
		<category><![CDATA[Public key]]></category>
		<category><![CDATA[Sophos firewall]]></category>
		<category><![CDATA[ssh]]></category>
		<guid isPermaLink="false">https://thegioifirewall.com/?p=19913</guid>

					<description><![CDATA[Tổng quan SSH (Secure Shell) là một giao thức giúp người dùng quản lý và giao tiếp với server. SSH Key được sinh ra để thay thế mật khẩu thông thường nhằm đảm bảo hơn về tính bảo mật. Nó bao gồm 2 key (Public key&#160;và&#160;Private key) được mã hoá. Private key phải được đảm [&#8230;]]]></description>
										<content:encoded><![CDATA[
<p class="wp-block-paragraph"><strong>Tổng quan</strong></p>



<p class="wp-block-paragraph">SSH (Secure Shell) là một giao thức giúp người dùng quản lý và giao tiếp với server. SSH Key được sinh ra để thay thế mật khẩu thông thường nhằm đảm bảo hơn về tính bảo mật. Nó bao gồm 2 key (<strong><em>Public key</em></strong>&nbsp;và&nbsp;<strong><em>Private key</em></strong>) được mã hoá.</p>



<p class="wp-block-paragraph">Private key phải được đảm bảo giữ bí mật tuyệt đối. Bất kỳ người nào có key này đều có thể truy cập vào server. Ngược lại Public key được phép công khai nhằm mã hoá thông tin mà chỉ có thể giải mã bởi Private key.</p>



<p class="wp-block-paragraph">Bài viết này sẽ hướng dẫn thiết lập xác thực khóa công khai cho quản trị viên firewall Sophos</p>



<p class="wp-block-paragraph"><strong>Bước 1: Tạo cặp khóa RSA.</strong></p>



<p class="wp-block-paragraph">Tải xuống và cài đặt PuTTY và PuTTYGen từ <a href="http://www.putty.org">www.putty.org</a></p>



<p class="wp-block-paragraph">Mở PuTTYGen và chọn kiểu khóa RSA và nhấn vào Generate.</p>


<p><!-- wp:image--></p>
<figure class="wp-block-image size-large"><img decoding="async" src="https://thegioifirewall.com/wp-content/uploads/xac-thuc-khoa-cong-khai-admin-firewall-sophos-1.png" alt=""/></figure>
<p><!-- /wp:post-content --></p>
<p><!-- wp:paragraph --></p>
<p>Lưu Public Key và Private Key vào máy.</p>
<p><!-- /wp:paragraph --></p>
<p><!-- wp:image--></p>
<figure class="wp-block-image size-large"><img decoding="async" src="https://thegioifirewall.com/wp-content/uploads/xac-thuc-khoa-cong-khai-admin-firewall-sophos-2.png" alt=""/></figure>
<p><!-- /wp:image --></p>
<p><!-- wp:paragraph --></p>
<p>Lưu ý: PuTTYGen sẽ tạo cảnh báo nếu keyfile không được bảo vệ bằng mật khẩu (passphrase). Nên bảo vệ bằng mật khẩu như một biện pháp bảo mật bổ sung nhưng không bắt buộc để SSH hoạt động.</p>
<p><!-- /wp:paragraph --></p>
<p><!-- wp:paragraph --></p>
<p>Nếu bạn muốn đặt mật khẩu, hãy nhập mật khẩu đó vào Key passphrase và Confirm passphrase. Trước khi bạn nhấn vào Save private key.</p>
<p><!-- /wp:paragraph --></p>
<p><!-- wp:paragraph --></p>
<p><strong>Bước 2: Thêm khóa công khai vào tường lửa Sophos.</strong></p>
<p><!-- /wp:paragraph --></p>
<p><!-- wp:paragraph --></p>
<p>Sao chép Public Key từ PuTTYGen hoặc từ vị trí đã tải về máy tính của bạn.</p>
<p><!-- /wp:paragraph --></p>
<p><!-- wp:paragraph --></p>
<p>Điều hướng tới <strong>SYSTEM &gt;&nbsp; Administrator &gt; Device Access</strong>.&nbsp;</p>
<p><!-- /wp:paragraph --></p>
<p><!-- wp:paragraph --></p>
<p>Thêm phần Public Key đã sao chép vào phần <strong>Public Key Authentication </strong>và <strong>Enable Authencation</strong> lên.</p>
<p><!-- /wp:paragraph --></p>
<p><!-- wp:image--></p>
<figure class="wp-block-image size-large"><img decoding="async" src="https://thegioifirewall.com/wp-content/uploads/xac-thuc-khoa-cong-khai-admin-firewall-sophos-3.png" alt=""/></figure>
<p><!-- /wp:image --></p>
<p><!-- wp:paragraph --></p>
<p><strong>Bước 3: Thêm Private Key vào PuTTY và xác thực với firewall Sophos.</strong></p>
<p><!-- /wp:paragraph --></p>
<p><!-- wp:paragraph --></p>
<p>Mở PuTTY và di chuyển đến <strong>Connection &gt; SSH &gt; Auth &gt; Credentials</strong>&nbsp;</p>
<p><!-- /wp:paragraph --></p>
<p><!-- wp:paragraph --></p>
<p>Nhấn vào Browse để chọn keyfile .ppk vừa lưu trước đó.</p>
<p><!-- /wp:paragraph --></p>
<p><!-- wp:image--></p>
<figure class="wp-block-image size-large"><img decoding="async" src="https://thegioifirewall.com/wp-content/uploads/xac-thuc-khoa-cong-khai-admin-firewall-sophos-4.png" alt=""/></figure>
<p><!-- /wp:image --></p>
<p><!-- wp:paragraph --></p>
<p>Điều hướng đến <strong>Session</strong> và nhập địa chỉ IP hoặc tên máy chủ của Tường lửa Sophos. Đảm bảo loại kết nối được đặt thành <strong>SSH </strong>và nhấp vào <strong>Open</strong> để kết nối với Tường lửa Sophos.</p>
<p><!-- /wp:paragraph --></p>
<p><!-- wp:image--></p>
<figure class="wp-block-image size-large"><img decoding="async" src="https://thegioifirewall.com/wp-content/uploads/xac-thuc-khoa-cong-khai-admin-firewall-sophos-5.png" alt=""/></figure>
<p><!-- /wp:image --></p>
<p><!-- wp:paragraph --></p>
<p>Nhập user là <strong>admin </strong>để xác thực với tường lửa Sophos.</p>
<p><!-- /wp:paragraph --></p>
<p><!-- wp:image--></p>
<figure class="wp-block-image size-large"><img decoding="async" src="https://thegioifirewall.com/wp-content/uploads/xac-thuc-khoa-cong-khai-admin-firewall-sophos-6.png" alt=""/></figure>
<p><!-- /wp:image --></p>]]></content:encoded>
					
					<wfw:commentRss>https://thegioifirewall.com/huong-dan-thiet-lap-xac-thuc-khoa-cong-khai-admin-firewall-sophos/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>SOPHOS FIREWALL :HƯỚNG DẪN CẤU HÌNH DỊCH VỤ SSL CLIENT TO SITE CÓ XÁC THỰC OTP</title>
		<link>https://thegioifirewall.com/sophos-firewall-huong-dan-cau-hinh-dich-vu-ssl-client-to-site-co-xac-thuc-otp/</link>
					<comments>https://thegioifirewall.com/sophos-firewall-huong-dan-cau-hinh-dich-vu-ssl-client-to-site-co-xac-thuc-otp/#respond</comments>
		
		<dc:creator><![CDATA[Dino]]></dc:creator>
		<pubDate>Tue, 25 Apr 2023 15:13:32 +0000</pubDate>
				<category><![CDATA[Hướng dẫn cấu hình Firewall Sophos XG]]></category>
		<category><![CDATA[remote desktop]]></category>
		<category><![CDATA[Sophos firewall]]></category>
		<category><![CDATA[ssh]]></category>
		<category><![CDATA[SSL VPN]]></category>
		<guid isPermaLink="false">https://www.thegioifirewall.com/?p=17471</guid>

					<description><![CDATA[Overview Việc tạo nhiều tài khoản theo cách thủ công kèm theo bảo mật sẽ tốn nhiều thời gian và khó quản lý.Bài viết sẽ hướng dẫn giải quyết vấn đề này thông qua đồng bộ domain có các user đã được tạo sẵn trên windows server và xác thực bằng ứng dụng google authenticator(trên [&#8230;]]]></description>
										<content:encoded><![CDATA[
<p class="wp-block-paragraph"><strong>Overview</strong></p>



<p class="wp-block-paragraph">Việc tạo nhiều tài khoản theo cách thủ công kèm theo bảo mật sẽ tốn nhiều thời gian và khó quản lý.Bài viết sẽ hướng dẫn giải quyết vấn đề này thông qua đồng bộ domain có các user đã được tạo sẵn trên windows server và xác thực bằng ứng dụng google authenticator(trên CH Play).</p>



<p class="wp-block-paragraph"><strong>Sơ đồ mạng:</strong></p>


<div class="wp-block-image">
<figure class="aligncenter size-full"><img fetchpriority="high" decoding="async" width="624" height="381" src="https://thegioifirewall.com/wp-content/uploads/image-5214.png" alt="" class="wp-image-17472" srcset="https://thegioifirewall.com/wp-content/uploads/image-5214.png 624w, https://thegioifirewall.com/wp-content/uploads/image-5214-300x183.png 300w" sizes="(max-width: 624px) 100vw, 624px" /></figure>
</div>


<p class="wp-block-paragraph"><strong>1.Sơ lược sơ đồ</strong></p>



<p class="wp-block-paragraph">-Ta dùng cổng WAN FPT sẽ là cổng VPN đi vào</p>



<p class="wp-block-paragraph">-Chọn 1 cổng trên firewall với IP 2.2.2.250 cho vùng mạng DMZ tiến hành cấp phát DHCP,VMware Esxi thuộc DMZ ta đặt ip 2.2.2.100</p>



<p class="wp-block-paragraph">-Windows SRV tạo OU và Group,user cho IT,và được cài remote desktop</p>



<p class="wp-block-paragraph">-Ubuntu được cài web,và đã cài đặt SSH</p>



<p class="wp-block-paragraph"><strong>2.Chi tiết nội dung cấu hình</strong></p>



<p class="wp-block-paragraph">Dùng user đã được đồng bộ AD sử dụng tài khoản đó làm tài khoản đăng nhập VPN,ta tiến hành thực hiện SSL Client to Site vào firewall (kèm xác thực OTP) ,kết quả nhận được user IT có thể remote desktop vào windows SRV và SSH vào Web SRV</p>



<p class="wp-block-paragraph"><strong>3.Tiến hành cấu hình</strong></p>



<p class="wp-block-paragraph"><strong>3.1 Đồng bộ AD</strong></p>



<p class="wp-block-paragraph">Kết quả tạo OU,Group,user IT và Sale</p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img decoding="async" src="https://thegioifirewall.com/wp-content/uploads/ou.png" alt="" class="wp-image-17474" width="754" height="503" srcset="https://thegioifirewall.com/wp-content/uploads/ou.png 732w, https://thegioifirewall.com/wp-content/uploads/ou-300x200.png 300w" sizes="(max-width: 754px) 100vw, 754px" /></figure>
</div>


<p class="wp-block-paragraph">Ta vào <strong>Authentication</strong>-&gt;chọn <strong>servers-</strong>&gt; nhấn <strong>add</strong></p>



<p class="wp-block-paragraph"><strong>Server type</strong>:chọn active directory</p>



<p class="wp-block-paragraph"><strong>Server name</strong>:có thể đặt tên theo ý muốn không ảnh hưởng đến cấu hình</p>



<p class="wp-block-paragraph"><strong>Server IP/domain</strong>:điền địa chỉ IP server(ip server:2.2.2.20)</p>



<p class="wp-block-paragraph"><strong>Connection security</strong>: chọn plaintext</p>



<p class="wp-block-paragraph"><strong>Port</strong>:389</p>



<p class="wp-block-paragraph"><strong>NetBIOS domain</strong>:điền tên domain(điền firewall)</p>



<p class="wp-block-paragraph"><strong>ADS user name</strong>: điền administrator</p>



<p class="wp-block-paragraph"><strong>Password</strong>:nhập mật khẩu của server</p>



<p class="wp-block-paragraph"><strong>Domain name</strong>:điền tên đầy đủ AD server (ta điền firewall.local)</p>



<p class="wp-block-paragraph"><strong>Search queries:</strong> nhập dc=firewall, dc=local</p>



<p class="wp-block-paragraph">Nhấn <strong>save</strong></p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img decoding="async" src="https://thegioifirewall.com/wp-content/uploads/image-5216.png" alt="" class="wp-image-17475" width="876" height="445" srcset="https://thegioifirewall.com/wp-content/uploads/image-5216.png 624w, https://thegioifirewall.com/wp-content/uploads/image-5216-300x152.png 300w" sizes="(max-width: 876px) 100vw, 876px" /></figure>
</div>


<p class="wp-block-paragraph">Tiếp theo kiểm tra tệp vừa tạo,nhấn vào điểm màu vàng được đánh dấu</p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" src="https://thegioifirewall.com/wp-content/uploads/image-5217.png" alt="" class="wp-image-17477" width="884" height="293" srcset="https://thegioifirewall.com/wp-content/uploads/image-5217.png 624w, https://thegioifirewall.com/wp-content/uploads/image-5217-300x100.png 300w" sizes="auto, (max-width: 884px) 100vw, 884px" /></figure>
</div>


<p class="wp-block-paragraph">Làm theo những bước trong hình</p>



<p class="wp-block-paragraph">Nhấn <strong>Start</strong></p>


<div class="wp-block-image">
<figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="764" height="523" src="https://thegioifirewall.com/wp-content/uploads/DC.png" alt="" class="wp-image-17479" srcset="https://thegioifirewall.com/wp-content/uploads/DC.png 764w, https://thegioifirewall.com/wp-content/uploads/DC-300x205.png 300w" sizes="auto, (max-width: 764px) 100vw, 764px" /></figure>
</div>


<p class="wp-block-paragraph">Chọn dc=firewall, dc=local</p>



<p class="wp-block-paragraph">Nhấn kí tự <strong>&gt;</strong> để next</p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" src="https://thegioifirewall.com/wp-content/uploads/DC1.png" alt="" class="wp-image-17480" width="755" height="545" srcset="https://thegioifirewall.com/wp-content/uploads/DC1.png 755w, https://thegioifirewall.com/wp-content/uploads/DC1-300x217.png 300w" sizes="auto, (max-width: 755px) 100vw, 755px" /></figure>
</div>


<p class="wp-block-paragraph">Chọn group IT và Sale rồi nhấn &gt; để next</p>


<div class="wp-block-image">
<figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="760" height="529" src="https://thegioifirewall.com/wp-content/uploads/dc2-1.png" alt="" class="wp-image-17484" srcset="https://thegioifirewall.com/wp-content/uploads/dc2-1.png 760w, https://thegioifirewall.com/wp-content/uploads/dc2-1-300x209.png 300w" sizes="auto, (max-width: 760px) 100vw, 760px" /></figure>
</div>


<p class="wp-block-paragraph">Để như mặc định</p>



<p class="wp-block-paragraph">Nhấn vào &gt; để next</p>


<div class="wp-block-image">
<figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="737" height="488" src="https://thegioifirewall.com/wp-content/uploads/dc3.png" alt="" class="wp-image-17487" srcset="https://thegioifirewall.com/wp-content/uploads/dc3.png 737w, https://thegioifirewall.com/wp-content/uploads/dc3-300x199.png 300w" sizes="auto, (max-width: 737px) 100vw, 737px" /></figure>
</div>


<p class="wp-block-paragraph"></p>



<p class="wp-block-paragraph"></p>


<div class="wp-block-image">
<figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="747" height="500" src="https://thegioifirewall.com/wp-content/uploads/dc4-1.png" alt="" class="wp-image-17489" srcset="https://thegioifirewall.com/wp-content/uploads/dc4-1.png 747w, https://thegioifirewall.com/wp-content/uploads/dc4-1-300x201.png 300w" sizes="auto, (max-width: 747px) 100vw, 747px" /></figure>
</div>


<p class="wp-block-paragraph">Tiếp tục nhấn &gt; để tới bước kết thúc</p>



<p class="wp-block-paragraph">Kết quả:vào mục <strong>groups </strong>thấy group<strong> IT</strong> và<strong> Sale</strong></p>



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="401" src="https://thegioifirewall.com/wp-content/uploads/dc5-1024x401.png" alt="" class="wp-image-17491" srcset="https://thegioifirewall.com/wp-content/uploads/dc5-1024x401.png 1024w, https://thegioifirewall.com/wp-content/uploads/dc5-300x117.png 300w, https://thegioifirewall.com/wp-content/uploads/dc5-768x301.png 768w, https://thegioifirewall.com/wp-content/uploads/dc5.png 1088w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph"><strong>3.2 Cấu hình SSL VPN client to site</strong></p>



<p class="wp-block-paragraph"><strong>3.2.1 Tạo groups VPN</strong></p>



<p class="wp-block-paragraph">Vào&nbsp; <strong>Authentication</strong>-&gt;chọn <strong>groups</strong>-&gt;nhấn <strong>add</strong></p>



<p class="wp-block-paragraph"><strong>Group name</strong>:điền tên theo ý muốn(điền SSL VPN Group)</p>



<p class="wp-block-paragraph"><strong>Surfing quota</strong>: chọn unlimited internet access</p>



<p class="wp-block-paragraph"><strong>Access time</strong>:chọn allowed all the time</p>



<p class="wp-block-paragraph">Mục khác để mặc định</p>



<p class="wp-block-paragraph">Nhấn <strong>save</strong></p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" src="https://thegioifirewall.com/wp-content/uploads/image-5224.png" alt="" class="wp-image-17492" width="754" height="724" srcset="https://thegioifirewall.com/wp-content/uploads/image-5224.png 624w, https://thegioifirewall.com/wp-content/uploads/image-5224-300x288.png 300w" sizes="auto, (max-width: 754px) 100vw, 754px" /></figure>
</div>


<p class="wp-block-paragraph">Định danh cho lớp mạng VPN</p>



<p class="wp-block-paragraph">Hosts and <strong>Services</strong> -&gt; &nbsp;<strong>IP Host</strong>&nbsp;-&gt; <strong>Add</strong></p>



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="711" src="https://thegioifirewall.com/wp-content/uploads/dc6-1024x711.png" alt="" class="wp-image-17494" srcset="https://thegioifirewall.com/wp-content/uploads/dc6-1024x711.png 1024w, https://thegioifirewall.com/wp-content/uploads/dc6-300x208.png 300w, https://thegioifirewall.com/wp-content/uploads/dc6-768x533.png 768w, https://thegioifirewall.com/wp-content/uploads/dc6.png 1264w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph"><strong>3.2.2 Cấu hình SSL VPN</strong></p>



<p class="wp-block-paragraph">Ta vào<strong> Remote access VPN</strong>-&gt; chọn <strong>SSL VPN</strong>-&gt;nhấn <strong>Add</strong></p>



<p class="wp-block-paragraph"><strong>Name</strong>:nhập tên tùy chọn(SSL VPN Remote Access)</p>



<p class="wp-block-paragraph"><strong>Policy members</strong>:chọn groups IT ,Sale và SSL VPN Group</p>



<p class="wp-block-paragraph"><strong>Permitted network resources (IPv4)</strong>:chọn lớp mạng DMZ</p>



<p class="wp-block-paragraph">Nhấn<strong> Apply</strong> để tạo</p>


<div class="wp-block-image">
<figure class="aligncenter size-large"><img loading="lazy" decoding="async" width="1024" height="697" src="https://thegioifirewall.com/wp-content/uploads/dc7-1-1024x697.png" alt="" class="wp-image-17496" srcset="https://thegioifirewall.com/wp-content/uploads/dc7-1-1024x697.png 1024w, https://thegioifirewall.com/wp-content/uploads/dc7-1-300x204.png 300w, https://thegioifirewall.com/wp-content/uploads/dc7-1-768x523.png 768w, https://thegioifirewall.com/wp-content/uploads/dc7-1.png 1261w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>
</div>


<p class="wp-block-paragraph"><strong>3.2.3 Cấu hình SSL VPN Global Setting</strong></p>



<p class="wp-block-paragraph"><strong>Override hostnam</strong>e:nhập địa chỉ IP WAN</p>



<p class="wp-block-paragraph"><strong>Port</strong>:8443</p>



<p class="wp-block-paragraph"><strong>Assign IPv4 addresses</strong>:nhập dải IP cần gán cho user khi thực hiện VPN(trùng với host ip_ssl_vpn)</p>



<p class="wp-block-paragraph">Nhấn <strong>apply </strong>để tạo</p>


<div class="wp-block-image">
<figure class="aligncenter size-large"><img loading="lazy" decoding="async" width="1024" height="744" src="https://thegioifirewall.com/wp-content/uploads/dc8-1-1024x744.png" alt="" class="wp-image-17498" srcset="https://thegioifirewall.com/wp-content/uploads/dc8-1-1024x744.png 1024w, https://thegioifirewall.com/wp-content/uploads/dc8-1-300x218.png 300w, https://thegioifirewall.com/wp-content/uploads/dc8-1-768x558.png 768w, https://thegioifirewall.com/wp-content/uploads/dc8-1.png 1267w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>
</div>


<p class="wp-block-paragraph"><strong>3.2.4 Tạo rule cho VPN</strong></p>



<p class="wp-block-paragraph">Như hình</p>


<div class="wp-block-image">
<figure class="aligncenter size-large"><img loading="lazy" decoding="async" width="1024" height="745" src="https://thegioifirewall.com/wp-content/uploads/dc9-1-1024x745.png" alt="" class="wp-image-17500" srcset="https://thegioifirewall.com/wp-content/uploads/dc9-1-1024x745.png 1024w, https://thegioifirewall.com/wp-content/uploads/dc9-1-300x218.png 300w, https://thegioifirewall.com/wp-content/uploads/dc9-1-768x558.png 768w, https://thegioifirewall.com/wp-content/uploads/dc9-1.png 1224w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>
</div>


<p class="wp-block-paragraph"><strong>Cấu hình xác thực OTP</strong></p>



<p class="wp-block-paragraph">Chọn <strong>Authentication</strong>-&gt; <strong>Multi-factor authentication (MFA) settings</strong></p>



<p class="wp-block-paragraph">Chọn như hình</p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" src="https://thegioifirewall.com/wp-content/uploads/dc10.png" alt="" class="wp-image-17501" width="868" height="454" srcset="https://thegioifirewall.com/wp-content/uploads/dc10-300x157.png 300w, https://thegioifirewall.com/wp-content/uploads/dc10-768x403.png 768w" sizes="auto, (max-width: 868px) 100vw, 868px" /></figure>
</div>


<p class="wp-block-paragraph"></p>


<div class="wp-block-image">
<figure class="aligncenter size-large"><img loading="lazy" decoding="async" width="1024" height="638" src="https://thegioifirewall.com/wp-content/uploads/dc12-2-1024x638.png" alt="" class="wp-image-17506" srcset="https://thegioifirewall.com/wp-content/uploads/dc12-2-1024x638.png 1024w, https://thegioifirewall.com/wp-content/uploads/dc12-2-300x187.png 300w, https://thegioifirewall.com/wp-content/uploads/dc12-2-768x478.png 768w, https://thegioifirewall.com/wp-content/uploads/dc12-2.png 1429w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>
</div>


<p class="wp-block-paragraph"></p>



<figure class="wp-block-image size-full"><img loading="lazy" decoding="async" width="896" height="552" src="https://thegioifirewall.com/wp-content/uploads/371f8270b27c6d22346d.jpg" alt="" class="wp-image-17527" srcset="https://thegioifirewall.com/wp-content/uploads/371f8270b27c6d22346d.jpg 896w, https://thegioifirewall.com/wp-content/uploads/371f8270b27c6d22346d-300x185.jpg 300w, https://thegioifirewall.com/wp-content/uploads/371f8270b27c6d22346d-768x473.jpg 768w" sizes="auto, (max-width: 896px) 100vw, 896px" /></figure>



<p class="wp-block-paragraph"><strong>3.2.4 Đăng nhập user portal</strong></p>



<p class="wp-block-paragraph">Với cú pháp https://địa_chỉ_IP_web_sophos</p>



<p class="wp-block-paragraph">Truy cập trang user portal bằng u1(u1 là user đồng bộ AD từ windows server)</p>


<div class="wp-block-image">
<figure class="aligncenter size-large"><img loading="lazy" decoding="async" width="1024" height="623" src="https://thegioifirewall.com/wp-content/uploads/dc13-1024x623.png" alt="" class="wp-image-17508" srcset="https://thegioifirewall.com/wp-content/uploads/dc13-1024x623.png 1024w, https://thegioifirewall.com/wp-content/uploads/dc13-300x183.png 300w, https://thegioifirewall.com/wp-content/uploads/dc13-768x468.png 768w, https://thegioifirewall.com/wp-content/uploads/dc13.png 1071w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>
</div>


<p class="wp-block-paragraph">Nhấn <strong>login</strong> sẽ hiện thông tin và mã QR sau</p>


<div class="wp-block-image">
<figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="624" height="162" src="https://thegioifirewall.com/wp-content/uploads/image-5228.png" alt="" class="wp-image-17510" srcset="https://thegioifirewall.com/wp-content/uploads/image-5228.png 624w, https://thegioifirewall.com/wp-content/uploads/image-5228-300x78.png 300w" sizes="auto, (max-width: 624px) 100vw, 624px" /></figure>
</div>


<p class="wp-block-paragraph">Điện thoại Androi vào chplay tải app <strong>google authentication</strong>,sau đó quét đoạn mã rồi điền vào đây</p>


<div class="wp-block-image">
<figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="902" height="594" src="https://thegioifirewall.com/wp-content/uploads/dc14-1.png" alt="" class="wp-image-17512" srcset="https://thegioifirewall.com/wp-content/uploads/dc14-1.png 902w, https://thegioifirewall.com/wp-content/uploads/dc14-1-300x198.png 300w, https://thegioifirewall.com/wp-content/uploads/dc14-1-768x506.png 768w" sizes="auto, (max-width: 902px) 100vw, 902px" /></figure>
</div>


<p class="wp-block-paragraph">Truy cập trang user portal lại bằng u1</p>



<p class="wp-block-paragraph">Passcode lúc này =passcode củ+số xác thực trên ứng dụng google authentication</p>



<p class="wp-block-paragraph">Đăng nhập thành công tải 2 mục sau cài vào máy tính</p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" src="https://thegioifirewall.com/wp-content/uploads/image-5230.png" alt="" class="wp-image-17514" width="826" height="396" srcset="https://thegioifirewall.com/wp-content/uploads/image-5230.png 624w, https://thegioifirewall.com/wp-content/uploads/image-5230-300x144.png 300w" sizes="auto, (max-width: 826px) 100vw, 826px" /></figure>
</div>


<p class="wp-block-paragraph">Tiến hành đăng nhập dùng tài khoản u1 đăng nhập</p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" src="https://thegioifirewall.com/wp-content/uploads/image-5231.png" alt="" class="wp-image-17515" width="790" height="444" srcset="https://thegioifirewall.com/wp-content/uploads/image-5231.png 624w, https://thegioifirewall.com/wp-content/uploads/image-5231-300x169.png 300w" sizes="auto, (max-width: 790px) 100vw, 790px" /></figure>
</div>


<p class="wp-block-paragraph">Kết quả:</p>


<div class="wp-block-image">
<figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="545" height="309" src="https://thegioifirewall.com/wp-content/uploads/image-5233.png" alt="" class="wp-image-17517" srcset="https://thegioifirewall.com/wp-content/uploads/image-5233.png 545w, https://thegioifirewall.com/wp-content/uploads/image-5233-300x170.png 300w" sizes="auto, (max-width: 545px) 100vw, 545px" /></figure>
</div>


<p class="wp-block-paragraph"></p>


<div class="wp-block-image">
<figure class="aligncenter size-large"><img loading="lazy" decoding="async" width="1024" height="576" src="https://thegioifirewall.com/wp-content/uploads/dc15-2-1024x576.png" alt="" class="wp-image-17520" srcset="https://thegioifirewall.com/wp-content/uploads/dc15-2-1024x576.png 1024w, https://thegioifirewall.com/wp-content/uploads/dc15-2-300x169.png 300w, https://thegioifirewall.com/wp-content/uploads/dc15-2-768x432.png 768w, https://thegioifirewall.com/wp-content/uploads/dc15-2-1536x864.png 1536w, https://thegioifirewall.com/wp-content/uploads/dc15-2.png 1600w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>
</div>


<p class="wp-block-paragraph">Quá trình SSH tới Ubuntu</p>


<div class="wp-block-image">
<figure class="aligncenter size-large"><img loading="lazy" decoding="async" width="1024" height="593" src="https://thegioifirewall.com/wp-content/uploads/dc16-1-1024x593.png" alt="" class="wp-image-17522" srcset="https://thegioifirewall.com/wp-content/uploads/dc16-1-1024x593.png 1024w, https://thegioifirewall.com/wp-content/uploads/dc16-1-300x174.png 300w, https://thegioifirewall.com/wp-content/uploads/dc16-1-768x445.png 768w, https://thegioifirewall.com/wp-content/uploads/dc16-1.png 1101w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>
</div>]]></content:encoded>
					
					<wfw:commentRss>https://thegioifirewall.com/sophos-firewall-huong-dan-cau-hinh-dich-vu-ssl-client-to-site-co-xac-thuc-otp/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>SOPHOS FIREWALL :HƯỚNG DẪN CẤU HÌNH CHẶN DỊCH VỤ REMOTE DESKTOP VÀ SSH, LỚP MẠNG KHÔNG MONG MUỐN ĐẾN SERVER</title>
		<link>https://thegioifirewall.com/sophos-firewall-huong-dan-cau-hinh-chan-dich-vu-remote-desktop-va-ssh-lop-mang-khong-mong-muon-den-server/</link>
					<comments>https://thegioifirewall.com/sophos-firewall-huong-dan-cau-hinh-chan-dich-vu-remote-desktop-va-ssh-lop-mang-khong-mong-muon-den-server/#respond</comments>
		
		<dc:creator><![CDATA[Dino]]></dc:creator>
		<pubDate>Tue, 18 Apr 2023 17:08:33 +0000</pubDate>
				<category><![CDATA[Hướng dẫn cấu hình Firewall Sophos XG]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[remote desktop]]></category>
		<category><![CDATA[server]]></category>
		<category><![CDATA[Sophos firewall]]></category>
		<category><![CDATA[ssh]]></category>
		<guid isPermaLink="false">https://www.thegioifirewall.com/?p=17407</guid>

					<description><![CDATA[Overview Bài viết hướng dẫn cấu hình chỉ cho phép phòng ban IT SSH tới web server và remote desktop vào windows server, không cho người dùng phòng ban Sale thực hiện tương tự như phòng ban IT,bằng 2 phương pháp . Sơ đồ mạng: Các cấu hình chuẩn bị trước: -Windows srv được cài [&#8230;]]]></description>
										<content:encoded><![CDATA[
<p class="wp-block-paragraph"><strong>Overview</strong></p>



<p class="wp-block-paragraph">Bài viết hướng dẫn cấu hình chỉ cho phép phòng ban IT SSH tới web server và remote desktop vào windows server, không cho người dùng phòng ban Sale thực hiện tương tự như phòng ban IT,bằng 2 phương pháp .</p>



<p class="wp-block-paragraph"><strong>Sơ đồ mạng:</strong></p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" src="https://thegioifirewall.com/wp-content/uploads/image-5201.png" alt="" class="wp-image-17412" width="577" height="352" srcset="https://thegioifirewall.com/wp-content/uploads/image-5201.png 624w, https://thegioifirewall.com/wp-content/uploads/image-5201-300x183.png 300w" sizes="auto, (max-width: 577px) 100vw, 577px" /></figure>
</div>


<p class="wp-block-paragraph"><strong>Các cấu hình chuẩn bị trước</strong>:</p>



<p class="wp-block-paragraph">-Windows srv được cài AD,các PC phòng IT và Sale ping được lớp mạng windows srv,web srv</p>



<p class="wp-block-paragraph">-Ubuntu cài đặt Web srv,cấu hình SSH </p>



<p class="wp-block-paragraph">Cài web link tham khảo: https://www.thegioifirewall.com/linux-huong-dan-cai-dat-lamp-stack-tren-ubuntu-server/</p>



<p class="wp-block-paragraph">-Windows srv cấu hình remote desktop</p>



<p class="wp-block-paragraph">-PC phòng ban IT và Sale tất cả được join domain</p>



<p class="wp-block-paragraph"><strong>Hướng dẫn cấu hình:</strong></p>



<p class="wp-block-paragraph"><strong>Cách 1: Application Control<br>1.1.Cấu hình Application Control cho remode desktop và SSH</strong></p>



<ul class="wp-block-list">
<li>Ta vào<strong> Protect</strong>-&gt;chọn <strong>Applications</strong>-&gt;tiếp <strong>Application Filter</strong>-&gt;nhấn <strong>Add</strong></li>



<li><strong>Name</strong>: Nhập tên tùy ý</li>



<li><strong>Template</strong>: Allow All</li>



<li>Nhấn <strong>Save</strong> để tạo</li>
</ul>


<div class="wp-block-image">
<figure class="aligncenter size-large is-resized"><img loading="lazy" decoding="async" src="https://thegioifirewall.com/wp-content/uploads/1-119-1024x391.png" alt="" class="wp-image-17420" width="840" height="320" srcset="https://thegioifirewall.com/wp-content/uploads/1-119-1024x391.png 1024w, https://thegioifirewall.com/wp-content/uploads/1-119-300x115.png 300w, https://thegioifirewall.com/wp-content/uploads/1-119-768x293.png 768w, https://thegioifirewall.com/wp-content/uploads/1-119.png 1312w" sizes="auto, (max-width: 840px) 100vw, 840px" /></figure>
</div>


<ul class="wp-block-list">
<li>Tại <strong>smart filter</strong> ta nhập lần lược <strong>SSH</strong> và <strong>windows remote desktop</strong></li>



<li>Tại <strong>Action</strong> chọn <strong>deny</strong></li>



<li>Nhấn <strong>save</strong> để tạo</li>
</ul>



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="407" src="https://thegioifirewall.com/wp-content/uploads/2-118-1024x407.png" alt="" class="wp-image-17455" srcset="https://thegioifirewall.com/wp-content/uploads/2-118-1024x407.png 1024w, https://thegioifirewall.com/wp-content/uploads/2-118-300x119.png 300w, https://thegioifirewall.com/wp-content/uploads/2-118-768x305.png 768w, https://thegioifirewall.com/wp-content/uploads/2-118.png 1304w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph"></p>



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="403" src="https://thegioifirewall.com/wp-content/uploads/3-114-1024x403.png" alt="" class="wp-image-17457" srcset="https://thegioifirewall.com/wp-content/uploads/3-114-1024x403.png 1024w, https://thegioifirewall.com/wp-content/uploads/3-114-300x118.png 300w, https://thegioifirewall.com/wp-content/uploads/3-114-768x303.png 768w, https://thegioifirewall.com/wp-content/uploads/3-114.png 1297w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph"><strong>1.2 Định danh cho lớp mạng</strong></p>



<ul class="wp-block-list">
<li>Ta vào <strong>System</strong>-&gt;chọn <strong>Hosts and services</strong> -&gt;nhấn <strong>Add</strong></li>



<li><strong>Name</strong>: Nhập tên tùy ý</li>



<li><strong>Type</strong>:Chọn network</li>



<li><strong>IP address</strong>:Nhập ip local</li>
</ul>



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="371" src="https://thegioifirewall.com/wp-content/uploads/17-43-1024x371.png" alt="" class="wp-image-17459" srcset="https://thegioifirewall.com/wp-content/uploads/17-43-1024x371.png 1024w, https://thegioifirewall.com/wp-content/uploads/17-43-300x109.png 300w, https://thegioifirewall.com/wp-content/uploads/17-43-768x278.png 768w, https://thegioifirewall.com/wp-content/uploads/17-43.png 1198w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">Làm tương tự</p>



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="366" src="https://thegioifirewall.com/wp-content/uploads/18-42-1024x366.png" alt="" class="wp-image-17460" srcset="https://thegioifirewall.com/wp-content/uploads/18-42-1024x366.png 1024w, https://thegioifirewall.com/wp-content/uploads/18-42-300x107.png 300w, https://thegioifirewall.com/wp-content/uploads/18-42-768x275.png 768w, https://thegioifirewall.com/wp-content/uploads/18-42.png 1199w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph"><strong>1.3 Tạo rule và add block applications vào Identify and control applications (App control)</strong></p>



<ul class="wp-block-list">
<li>Ta vào <strong>Protect</strong>-&gt;chọn <strong>rules and policies</strong>-&gt; nhấn <strong>add firewall rule</strong></li>



<li><strong>Source zones</strong>:ta chọn mạng nội bộ LAN</li>



<li><strong>Source networks and devices</strong>:ta chọn lớp mạng cần đi</li>



<li><strong>Destination zones</strong>:ta chọn lớp mạng của server (có thể LAN hoặc DMZ)</li>



<li><strong>Destination networks</strong>:ta chọn lớp mạng của server</li>



<li><strong>Identify and control applications</strong>:ta add Block_RDP vào</li>
</ul>


<div class="wp-block-image">
<figure class="aligncenter size-large is-resized"><img loading="lazy" decoding="async" src="https://thegioifirewall.com/wp-content/uploads/4-109-1024x662.png" alt="" class="wp-image-17429" width="678" height="438" srcset="https://thegioifirewall.com/wp-content/uploads/4-109-1024x662.png 1024w, https://thegioifirewall.com/wp-content/uploads/4-109-300x194.png 300w, https://thegioifirewall.com/wp-content/uploads/4-109-768x497.png 768w, https://thegioifirewall.com/wp-content/uploads/4-109.png 1200w" sizes="auto, (max-width: 678px) 100vw, 678px" /></figure>
</div>

<div class="wp-block-image">
<figure class="aligncenter size-large is-resized"><img loading="lazy" decoding="async" src="https://thegioifirewall.com/wp-content/uploads/5-106-1024x757.png" alt="" class="wp-image-17430" width="678" height="500" srcset="https://thegioifirewall.com/wp-content/uploads/5-106-1024x757.png 1024w, https://thegioifirewall.com/wp-content/uploads/5-106-300x222.png 300w, https://thegioifirewall.com/wp-content/uploads/5-106-768x568.png 768w, https://thegioifirewall.com/wp-content/uploads/5-106.png 1194w" sizes="auto, (max-width: 678px) 100vw, 678px" /></figure>
</div>


<p class="wp-block-paragraph"><strong>Kết Quả</strong>: Dùng máy PC thuộc Sale điều bị block khi SSH vào web server và remote desktop vào windows server<br><strong>Kết quả</strong> không remote desktop được</p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" src="https://thegioifirewall.com/wp-content/uploads/7-83.png" alt="" class="wp-image-17432" width="544" height="379" srcset="https://thegioifirewall.com/wp-content/uploads/7-83.png 544w, https://thegioifirewall.com/wp-content/uploads/7-83-300x209.png 300w" sizes="auto, (max-width: 544px) 100vw, 544px" /></figure>
</div>


<p class="wp-block-paragraph"><strong>Kết quả</strong> không SSH tới web server được</p>


<div class="wp-block-image">
<figure class="aligncenter size-large is-resized"><img loading="lazy" decoding="async" src="https://thegioifirewall.com/wp-content/uploads/8-80-1024x592.png" alt="" class="wp-image-17433" width="674" height="389" srcset="https://thegioifirewall.com/wp-content/uploads/8-80-1024x592.png 1024w, https://thegioifirewall.com/wp-content/uploads/8-80-300x173.png 300w, https://thegioifirewall.com/wp-content/uploads/8-80-768x444.png 768w, https://thegioifirewall.com/wp-content/uploads/8-80.png 1100w" sizes="auto, (max-width: 674px) 100vw, 674px" /></figure>
</div>


<p class="wp-block-paragraph"><strong>Cách 2: Cấu hình cấu hình services trong rules and policies</strong></p>



<p class="wp-block-paragraph">1.<strong>Tạo services cho giao thức UDP và TCP có thể join domain</strong></p>



<ul class="wp-block-list">
<li>Ta vào <strong>system</strong>-&gt;chọn <strong>Hosts and services</strong> -&gt; vào <strong>services</strong>-&gt;gõ như hình</li>
</ul>


<div class="wp-block-image">
<figure class="aligncenter size-large is-resized"><img loading="lazy" decoding="async" src="https://thegioifirewall.com/wp-content/uploads/9-79-1024x527.png" alt="" class="wp-image-17436" width="739" height="380" srcset="https://thegioifirewall.com/wp-content/uploads/9-79-1024x527.png 1024w, https://thegioifirewall.com/wp-content/uploads/9-79-300x154.png 300w, https://thegioifirewall.com/wp-content/uploads/9-79-768x395.png 768w, https://thegioifirewall.com/wp-content/uploads/9-79-1536x790.png 1536w, https://thegioifirewall.com/wp-content/uploads/9-79.png 1614w" sizes="auto, (max-width: 739px) 100vw, 739px" /></figure>
</div>


<ol class="wp-block-list" start="2">
<li><strong>Tạo rules cho từng phòng ban đến server<br>2.1 Rules cho phòng ban IT đến server</strong></li>
</ol>



<p class="wp-block-paragraph">          Tạo lớp mạng local cho phòng ban IT</p>


<div class="wp-block-image">
<figure class="aligncenter size-large is-resized"><img loading="lazy" decoding="async" src="https://thegioifirewall.com/wp-content/uploads/20-36-1024x376.png" alt="" class="wp-image-17466" width="733" height="269" srcset="https://thegioifirewall.com/wp-content/uploads/20-36-1024x376.png 1024w, https://thegioifirewall.com/wp-content/uploads/20-36-300x110.png 300w, https://thegioifirewall.com/wp-content/uploads/20-36-768x282.png 768w, https://thegioifirewall.com/wp-content/uploads/20-36.png 1287w" sizes="auto, (max-width: 733px) 100vw, 733px" /></figure>
</div>


<ul class="wp-block-list">
<li> Tương tự tạo rule ở trên (xem tại mục 1.3)</li>



<li> Phần<strong> services</strong> ta <strong>add</strong> như hình</li>
</ul>


<div class="wp-block-image">
<figure class="aligncenter size-large is-resized"><img loading="lazy" decoding="async" src="https://thegioifirewall.com/wp-content/uploads/10-70-1024x756.png" alt="" class="wp-image-17437" width="729" height="537" srcset="https://thegioifirewall.com/wp-content/uploads/10-70-1024x756.png 1024w, https://thegioifirewall.com/wp-content/uploads/10-70-300x221.png 300w, https://thegioifirewall.com/wp-content/uploads/10-70-768x567.png 768w, https://thegioifirewall.com/wp-content/uploads/10-70.png 1207w" sizes="auto, (max-width: 729px) 100vw, 729px" /></figure>
</div>


<p class="wp-block-paragraph"><strong>2.2 Rules cho phòng ban Sale đến server</strong></p>



<ul class="wp-block-list">
<li>Cách tạo rules như trên (xem tại mục 1.3)</li>



<li>Phần <strong>services</strong>:ta add <strong>DNS,Ping,UDP&amp;TCP-AD</strong></li>
</ul>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" src="https://thegioifirewall.com/wp-content/uploads/13-54.png" alt="" class="wp-image-17442" width="732" height="504" srcset="https://thegioifirewall.com/wp-content/uploads/13-54.png 1013w, https://thegioifirewall.com/wp-content/uploads/13-54-300x207.png 300w, https://thegioifirewall.com/wp-content/uploads/13-54-768x530.png 768w" sizes="auto, (max-width: 732px) 100vw, 732px" /></figure>
</div>


<p class="wp-block-paragraph"><strong>2.3 Tạo rule cho Server đi đến mạng lan<br></strong>Cách tạo rules như trên (xem mục 1.3)</p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" src="https://thegioifirewall.com/wp-content/uploads/14-51.png" alt="" class="wp-image-17443" width="729" height="505" srcset="https://thegioifirewall.com/wp-content/uploads/14-51.png 990w, https://thegioifirewall.com/wp-content/uploads/14-51-300x208.png 300w, https://thegioifirewall.com/wp-content/uploads/14-51-768x533.png 768w" sizes="auto, (max-width: 729px) 100vw, 729px" /></figure>
</div>


<p class="wp-block-paragraph">Kết quả:<br>U2 thuộc sale không thể SSH tới web server và không remote desktop tới windows server</p>


<div class="wp-block-image">
<figure class="aligncenter size-large is-resized"><img loading="lazy" decoding="async" src="https://thegioifirewall.com/wp-content/uploads/16-47-1024x585.png" alt="" class="wp-image-17447" width="721" height="411" srcset="https://thegioifirewall.com/wp-content/uploads/16-47-1024x585.png 1024w, https://thegioifirewall.com/wp-content/uploads/16-47-300x171.png 300w, https://thegioifirewall.com/wp-content/uploads/16-47-768x439.png 768w, https://thegioifirewall.com/wp-content/uploads/16-47.png 1292w" sizes="auto, (max-width: 721px) 100vw, 721px" /></figure>
</div>]]></content:encoded>
					
					<wfw:commentRss>https://thegioifirewall.com/sophos-firewall-huong-dan-cau-hinh-chan-dich-vu-remote-desktop-va-ssh-lop-mang-khong-mong-muon-den-server/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
	</channel>
</rss>
