ࡱ> k"bjbj88@xRbxRb74a a a a a u u u 8 T!u :bR""""""###aaaaaaa$dBgPa9a #####aa a ""Ha;;;#Xa "a "a;#a;;%\0^"{G3U]$a b0:by]hg'9gH^^\ga =_D##;#####aa/;|###:b####g#########m ':">40B>: 2 4> B5=45@=>W 4>:C<5=B0FVW "%' !&$&/ I>4> ?@54<5B0 70:C?V2;V: >4 70  021:2015: 72260000-5: >A;C38, ?>2 O70=V 7 ?@>3@0<=8< 70157?5G5==O< (>A;C38 7 ?@8410==O 2V@BC0;L=8E ;VF5=7V9 =0 B5;5:><C=V:0FV9=5 >1;04=0==O)  " # ! 7/??8A =5>1EV4=>W B5E=V:8/>1;04=0==OV;L:VABL1>A;C30 7 ?@8410==O ?@>3@0<=>3>70157?5G5==OFortiGateFG500E1Y24x7Unified(UTM)Protection (:>4 28@>1=8:0 FC-10-0500E-950-02-12) 09<5=C20==O 8<>38 4> 1 >48=8FV 030;L=V 28<>38 5>1EV4=V ;VF5=7VW ?>28==V 1CB8 AC<VA=8< 7 C65 =0O2=8< C 70<>2=8:0 FortiGate 500E 45=B8DV:0FVO B0 :>=B@>;L 70AB>AC20=L (AC/ AVC) >ABC? 1078 40==8E A83=0BC@ 70AB>AC=:V2 28@>1=8:0 (application control/application visibility control) 0E8AB 2V4 703@>7 =0 >A=>2V A83=0BC@=>3> 0=0;V7C (IPS) >ABC? 4> >AB0==VE >=>2;5=L IPS A83=0BC@ 2V4 28@>1=8:0 0E8AB 2V4 malware (Antivirus/AMP) VF5=7VO ?>28==0 2:;NG0B8 2 A515 4>ABC? 4> 1078 40==8E >AB0==VE AV A83=0BC@ 28@>1=8:0 Web B0 DNS-DV;LB@0FVO >ABC? 4> :0B53>@V9 WEB-!5@2VAV2 (Web-D8;LB@0FVO) >ABC? 4> :0B53>@V9 DNS (DNS-DV;LB@0FVO) >ABC? 4> 078 0==8E Botnet <5@56 0E8AB 2V4 =52V4><8E 703@>7 (0-day) V4?@02:0 D09;V2 7 :>@8ABC20FL:>3> B@0DV:C =0 0=0;V7 C cloud sandbox 4;O 28O2;5==O =52V4><8E 703@>7 :;0AC "0-day" VF5=7C20==O <0T 4>72>;OB8 V=A?5:BC20B8 C cloud sandbox =5 <5=H5 =V6 10 000 D09;V2 =0 45=L (24 3>48=8) "5E=VG=0 A5@2VA=0 ?V4B@8<:0 "5E=VG=0 A5@2VA=0 ?V4B@8<:0 ?>28==0 =04020B8AL AB@>:>< =5 <5=H5 =V6 12 <VAOFV2 7 @V2=5< A5@2VAC 24*7 >ABV9=89 4>ABC? 4> F5=B@C B5E=VG=>W ?V4B@8<:8 28@>1=8:0 G5@57 A09B, 5;5:B@>==>N ?>HB>N 01> 70 B5;5D>=>< 24*7 >ABV9=89 02B>@87>20=89 4>ABC? 4> A09BC 28@>1=8:0 24*7 B@8<0==O 0:BC0;L=8E @5?CB0FV9=8E 107, A83=0BC@ 70E8ABC B0 2AVE =5>1EV4=8E >=>2;5=L 4;O A5@2VAV2 157?5:8 B@8<0==O >A=>2=8E B0 ?@><V6=8E @5;V7V2 ?@>3@0<=>3> 70157?5G5==O G5@57 A09B, ?V4B@8<:0 ?@>3@0<=8E :>4V2 C 0:BC0;L=><C AB0=V 2V4?>2V4=> 4> @5:><5=40FV9 28@>1=8:0 >6;82VABL @5TAB@0FVW A5@2VA=8E 28?04:V2 2 @568<V 24*7*365, 4>AB02:C V 70<V=C 70?0A=8E G0AB8= C @568<V Next Business Day 2 <. 8W2 (>1;04=0==O 4;O 70<V=8 4>AB02;OTBLAO =0ABC?=>3> 4=O ?VA;O ?V4B25@465==O 70<V=8 A5@2VA>< ?V4B@8<:8 28@>1=8:0) 2>A;C30 7 ?@8410==O ?@>3@0<=>3> 70157?5G5==O FortiGate-VM04V (:>4 28@>1=8:0 FG-VM04V) (2V@BC0;L=89 ?@8AB@V9, @>7@>1;5=89 4;O 2AVE ?V4B@8<C20=8E ?;0BD>@<) 09<5=C20==O 8<>38 4> 1 >48=8FV 030;L=V 28<>38 5@565289 ?@8AB@V9 157?5:8 I> ?@>?>=CTBLAO, ?>28=5= O2;OB8 A>1>N <V6<5@565289 5:@0= =0ABC?=>3> ?>:>;V==O (NGFW) B0 74V9A=N20B8 V=A?5:FVN <5@5652>3> B@0DV:C B0 70E8AB :>@?>@0B82=>W V=D@0AB@C:BC@8 2V4?>2V4=> 4> =86G5=02545=8E 28<>3 /:I> 2V4?>2V4=> 4> DC=:FV>=0;L=>ABV ?@8AB@>W2/A8AB5< 01> 73V4=> 0@EVB5:BC@=>3> ?V4E>4C @50;V70FVO B5E=VG=8E 28<>3 ?>B@51CT 4>40B:>28E ?@8AB@>W2/A8AB5< (:;0AB5@870FVW, <0@H@CB870B>@8, :><CB0B>@8) 01> ;VF5=7V9, B> 2A5 F5 <0T 1CB8 70:;045=> 2 :><?;5:B ?>AB02:8 7 C@0EC20==O< 28<>3 4> AB@>:C B0 DC=:FV>=0;L=>ABV B5E=VG=>W ?V4B@8<:8 AV =5>1EV4=V ;VF5=7VW 4;O 70157?5G5==O 707=0G5=>3> 2 F8E 28<>30E DC=:FV>=0;C B0 :V;L:VA=8E ?>:07=8:V2 ?@>4C:B82=>ABV <0NBL 1CB8 C :><?;5:BV 70?@>?>=>20=>3> @VH5==O 0 >1;04=0==O =5 <0T 1CB8 0=>=AV2 end-of-sale B0 end-of life (EOS/EOL) 2V4 28@>1=8:0 @EVB5:BC@0 B0 D>@<-D0:B>@ /:I> B0:8E ?@8AB@>W2, 4;O 28:>=0==O 28<>3 ", ?>28==> 1CB8 45:V;L:0 (:;0AB5@870FVO, 4>40B:>2V <>4C;V 157?5:8, <0@H@CB870B>@8, B>I>) 2>=8 CAV <0NBL 1CB8 C :><?;5:BV ?>AB02:8 @VH5==O. V?5@2V7>@8, I> ?V4B@8<CNBLAO: VMware ESXi 5.0/5.1/5.5/6.0/6.5/7.0, Citrix XenServer 5.6 SP2/6.0 +, Microsoft Hyper-V 2008 R2/2012/2016/2019, KVM (qemu 0.12.1), AWS, Microsoft Azure !8AB5<=0 A?5F8DV:0FVO i;L:iABL 2i@BC0;L=8E ?@>F5A>@=8E O45@ (<V=V<C</<0:A8<C<): 1/4; >=B@>;L>20=V 1574@>B>2V B>G:8 4>ABC?C (BC=5;L=V / 3;>10;L=V): 512 / 1,024; $V78G=0 ?0< OBL: 32Gb/2TB >;VB8: 1@0=4<0C5@0: 10,000; 0:A8<0;L=0 :V;L:VABL 70@5TAB@>20=8E :V=F528E B>G>:: 8,000 8A>:0 4>ABC?=VABL (high availability) Active-Active Active-Standby L2 DC=:FV>=0; B0 <5@5652V A;C618 3@530FVO ?>@BV2 (802.3ad) VLAN (802.1Q B0 Trunking) 1C4>20=89 DHCP, NTP, DNS-A5@25@0 NAT CB0B8G=89 NAT 8=0<VG=89 NAT PAT  Multicast Sparse B0 dense @568< V4B@8<:0 PIM !5@2VA8 157?5:8 Stateful Firewall 45=B8DV:0FVO B0 :>=B@>;L 70AB>AC20=L (AC/AVC) 0E8AB 2V4 703@>7 =0 >A=>2V A83=0BC@=>3> 0=0;V7C (IPS) 0E8AB 2V4 malware (Antivirus/AMP) Web B0 DNS-DV;LB@0FVO I=A?5:BC20==O/A:0=C20==O SSL/TLS B@0DV:C =0 703@>78 0E8AB 2V4 =52V4><8E 703@>7 (0-day) 0?>1V30==O 28B>:C 40=8E (DLP) 0E8AB 2V4 DOS-0B0: IPSec VPN, SSL VPN =0;V70B>@ @V2=O 157?5:8 NGFW Stateful Firewall 568<8 @>1>B8: NAT/<0@H@CB870B>@ ?@>7>@89 @568< (<VAB) V4B@8<:0 VoIP B@0DV:C: 3;81>:0 V=A?5:FVO B0 70E8AB 2V4 0B0: =0 ?@>B>:>; SIP 8:>=0==O @>;V ?@>:AV 4;O 0=0;V7C, V=A?5:BC20==O B0 70157?5G5==O :>@5:B=>W @>1>B8 A5AV9 @V7=8E ?@>B>:>;V2 (session helpers, application layer gateway) 45=B8DV:0FVO B0 :>=B@>;L 70AB>AC20=L (AC/ AVC) =A?5:BC20==O B0 70AB>AC20==O 4V9 4> <5@5652>3> B@0DV:C =0 >A=>2V A83=0BC@=>3> 0=0;V7C B0 ?52=>W :0B53>@VW 4>40B:V2 (application control/application visibility control) >=DV3C@0FVO 2V4?>2V4=8E 4> :>@8ABC20FL:>3> >B>G5==O AC/AVC-A5=A>@V2 7 =5>1EV4=8< =01>@>< A83=0BC@ >=DV3C@0FVO 28:;NG5=L C 4VOE 7 ?52=8<8 4>40B:0<8 (exemption/override) !B2>@5==O :>@8ABC20FL:8E A83=0BC@ 4>40B:V2 0E8AB 2V4 703@>7 =0 >A=>2V A83=0BC@=>3> 0=0;V7C (IPS) =A?5:BC20==O B0 70AB>AC20==O 4V9 4> <5@5652>3> B@0DV:C =0 >A=>2V A83=0BC@=>3> 0=0;V7C B0 28O2;5==O 2V4><8E 0B0: (intrusion prevention system) >=DV3C@0FVO 2V4?>2V4=8E 4> :>@8ABC20FL:>3> >B>G5==O IPS-A5=A>@V2 7 =5>1EV4=8< =01>@>< A83=0BC@ >=DV3C@0FVO 28:;NG5=L C 4VOE 7 ?52=8<8 A83=0BC@0<8 (exemption/override) 0E8AB 2V4 malware (Antivirus/AMP) Anti-Virus / Anti-malware 70E8AB 8O2;5==O B0 1;>:C20==O =51060=8E ?@>3@0<8 01> D09;V2 (grayware) 8O2;5==O B0 1;>:C20==O D09;V2 =0 >A=>2V =0;0HB>20=8E ?>@>3>28E 7=0G5=L WE @>7<V@C 4;O @V7=8E ?@>B>:>;V2 0E8AB 2V4 7;>2<8A=8E ?@>3@0< 4;O <>1V;L=8E ?@8AB@>W2 Web B0 DNS-DV;LB@0FVO ;>:C20==O ?52=8E =5157?5G=8E 5;5<5=BV2 web-A09BV2 (Java Applet, ActiveX scripts, B>I>) !B0B8G=V blacklists B0 whitelists SSL/TLS-V=A?5:FVO 5@5E>?;5==O, @>7H8D@C20==O B0 V=A?5:FVO HTTPS, IMAPS, POP3S, SMTPS, FTPS-A5AV9 >=DV3C@0FVO 28:;NG5=L 7 SSL/TLS-V=A?5:FVW ?52=8E IP-04@5A, URL, B>I> (exemption/override) =A?5:BC20==O SSL/TLS-A5@B8DV:0BC =0 2V4?>2V4=VABL ?52=><C web-@5AC@AC 4> O:>3> 74V9A=NTBLAO ?V4:;NG5==O B0 AB@>:C 4V9A=>ABV (SSL/TLS Aertificate Vnspection) >2=>FV==5 V=A?5:BC20==O :>=B5=BC 70H8D@>20=8E A5AV9 (full SSL/TLS Vnspection) =A?5:BC20==O SSL/TLS-B@0DV:0 <0T 2:;NG0B8 =0ABC?=V V=A?5:FVW: IPS, AC/AVC, AV/AMP, Web-D8;LB@0FVN, DLP 0E8AB 2V4 =52V4><8E 703@>7 (0-day) =B53@0FVO 7 A8AB5<>N 70E8ABC 2V4 A:;04=8E 0B0: =C;L>2>3> 4=O 0?>1V30==O 28B>:C 40=8E (Data Loss Prevention) 0?>1V30==O 28B>:C :>=DV45=FV9=8E 40=8E H;OE>2 ?5@52V@:8 B@0DV:C (70 =072>N D09;V2, B8?>< D09;V2, @>7<V@>< D09;V2, @53C;O@=8<8 28@070<8) H J P   r v p pipYMYhBOJPJQJ^JhBOJPJQJ^JmHsH hBhBhB5OJPJQJ\^JhXThpM5mH sH hXTh y5hzhz5 hXTh y hXTh\ *hXThE* *hhR5CJ\aJ *hh}'5CJ\aJ *hhR5CJaJ hpM5h\h\5h yh y5h|7h|75 h y5JLxJ  ob $$ a$gd#$ 2( Px 4 #\'*.25@91$a$gd#$ 2( Px 4 #\'*.25@91$a$gd\#$ 2( Px 4 #\'*.25@91$a$gd|7#$ 2( Px 4 #\'*.25@91$a$gd|7    \ p r v RF $$Ifa$gd ykd$$IflFr"-'"  t06    44 laQpytXT $$Ifa$gdGv aV? & F ?x$*$If^?`K$ $$*$IfK$kd$IfK$L$l0 t0644 lap $$$*$Ifa$K$ $Ifgd y &,2jphl NTX^ xDNP^Ѳ䡔 hXTh yhB5OJPJQJ^J!hB5OJPJQJ^JmHsHhBB*OJPJQJ^JphhB5OJPJQJ\^J$hB5OJPJQJ\^JmHsH hBhB'hBB*OJPJQJ^JmHphsH3 xmV & F ?x$*$If^?`K$ $$*$IfK$kdW$IfK$L$l0 t0644 lap 02xodM & F ?x$*$If^?`K$ $IfgdBK$ $IfgdBkd$IfK$L$l0 t0644 lapxmV & F ?x$*$If^?`K$ $IfgdBK$kd$IfK$L$l0 t0644 lap&xxmXXA & F ?x$*$If^?`K$ & F ?x$*$If^?` $IfgdBK$kd($IfK$L$l0 t0644 lap xmXA & F ?x$*$If^?`K$ & F ?x$*$If^?` $IfgdBK$kd$IfK$L$l0 t0644 lap"xmXXXXX & F ?x$*$If^?` $$*$IfK$kd^$IfK$L$l0 t0644 lap" aQE $$Ifa$gd y$h$If^ha$gdBkd$IfK$L$l0 t0644 lap & F ?x$*$If^?`K$  LB,r 4! $$8$:$<$>$ĽısaĀ"hB5B*OJPJQJ^JphhB5OJPJQJ^J'hBB*OJPJQJ^JmHphsHhBB*OJPJQJ^JphhBOJPJQJ\^JhBOJPJQJ^J hBhBhB5OJPJQJ\^JhXThXT5PJhzhz5PJ hXThXT hXTh yhXTh ymH sH &  B^\P;-- $$$*$Ifa$K$$-D@&IfM gdXT $$Ifa$gdXTkd$$IflFr"-'"  t06    44 laQpytXTtR xmXXXA & F ?x$*$If^?`K$ & F ?x$*$If^?` $$*$IfK$kdZ$IfK$L$l0D t0644 lap 4!" $xmXA & F ?x$*$If^?`K$ & F ?x$*$If^?` $IfgdBK$kd$IfK$L$l0D t0644 lap $$:$$T%%%8&xmXXXXA & F ?x$*$If^?`K$ & F ?x$*$If^?` $$*$IfK$kd$IfK$L$l0D t0644 lap>$D$F$P$R$T%%%%*&,&8&:&&&&&'r''''''''''(((d(f(((((()l)r)v))*$*&*,****f+h++++,뼭ۼ뼭ۼۼۼhB5OJPJQJ^J$hB5OJPJQJ\^JmHsHhB5OJPJQJ\^J hBhBhBOJPJQJmHsHhBOJPJQJhBB*OJPJQJ^Jph'hBB*OJPJQJ^JmHphsH78&:&&&&xmXA & F ?x$*$If^?`K$ & F ?x$*$If^?` $$*$IfK$kd+$IfK$L$l0D t0644 lap&&'>'r''xmXXA & F ?x$*$If^?`K$ & F ?x$*$If^?` $$*$IfK$kd$IfK$L$l0D t0644 lap'''''(xmXXX & F ?x$*$If^?` $$*$IfK$kdg $IfK$L$l0D t0644 lap(((H(d(xmXA & F ?x$*$If^?`K$ & F ?x$*$If^?` $$*$IfK$kd $IfK$L$l0D t0644 lapd(f((()v)))T***xmXXXXXXXX & F ?x$*$If^?` $$*$IfK$kd $IfK$L$l0D t0644 lap *+(+f+h+++LA $$*$IfK$kd8 $IfK$L$l0D t0644 lap & F ?x$*$If^?`K$ & F ?x$*$If^?`+++,--?kd $IfK$L$l0D t0644 lap & F ?x$*$If^?`K$ & F ?x$*$If^?`  & Fx$*$If,,,,l-z-|----------...".&./&/(/6/8/N/P/d/f/t/////00000$1&1111z2222223$333344 4ԡhB5OJPJQJ^J!hB5OJPJQJ^JmHsHhB5OJPJQJ\^J$hB5OJPJQJ\^JmHsH hBhB'hBB*OJPJQJ^JmHphsHhBB*OJPJQJ^Jph:-&.x/>00$1&1Akdt $IfK$L$l0D t0644 lap & F ?x$*$If^?`K$ & F ?x$*$If^?` $$*$IfK$&1112t34 48kd $IfK$L$l0D t0644 lap & F ?x$*$If^?`K$ & F ?x$*$If^?` $IfgdBK$ $IfgdB 4P4455R6T6607Xkd $IfK$L$l0D t0644 lap & F ?x$*$If^?` $IfgdBK$ 4P4455R6T66t7v77;;;f<h<<= "JXZ<>F(.x~̇·އ48:@JVǶU!hB5OJPJQJ^JmHsH hBhB'hBB*OJPJQJ^JmHphsHhBB*OJPJQJ^JphhB5OJPJQJ^JG07t7v77:88,::aVAAAA & F ?x$*$If^?` $IfgdBK$kdE$IfK$L$l0D t0644 lap & F ?x$*$If^?`K$:;;;f<aV $IfgdBK$kd$IfK$L$l0D t0644 lap & F ?x$*$If^?`K$f<h<<=2 xmXXA & F ?x$*$If^?`K$ & F ?x$*$If^?` $IfgdBK$kd{$IfK$L$l0D t0644 lap0?>1V30==O 28B>:C :>=DV45=FV9=8E 40=8E H;OE>2 ?5@52V@:8 B@0DV:0 70 4>?><>3>N 70740;53V4L 287=0G5=>W V=D>@<0FVW (credit card numbers, SIN numbers, B>I>) $C=:FV>=0; DLP <0T 70?>1V30B8 28B>:C G5@57 =0ABC?=V ?@>B>:>;8: HTTP-POST, HTTP-GET, SMTP, POP3, IMAP, MAPI, FTP, NNTP 0E8AB 2V4 DOS-0B0: >6;82VABL @>7?V7=020==O B0 1;>:C20==O DoS 0B0:: TCP Syn flood TCP/UDP/SCTP port scan ICMP sweep TCP/UDP/SCTP/ICMP session flooding IPSec VPN, SSL VPN ;3>@8B<8 H8D@C20==O: 3DES, AES128, AES192, AES256 ;3>@8B<8 E5HC20==O: MD5, SHA256, SHA384, SHA512 Diffie-Hellman Group: 1, 2, 5, 14 V4B@8<:0 Hub & Spoke B>?>;>3VW, Spoke & Spoke (mesh) B>?>;>3VW, DMVPN/ADVPN 01> 0=0;>3 QoS Traffic Shaping Traffic Policing 0@H@CB870FVW B0 SD-WAN !B0B8G=0 <0@H@CB870FVO B0 <0@H@CB870FVO ?> ?>;VB8:0E (PBR) 8=0<VG=V ?@>B>:>;8 <0@H@CB870FVW: RIP v1/v2, OSPF v2/v3, IS-IS, BGP4 $>@<C20==O ;>3VG=>3> SD-WAN V=B5@D59AC H;OE>< >1 T4=0==O DV78G=8E B0 ;>3VG=8E V=B5@D59AV2 7 @V7=>B8?=8<8 ?V4:;NG5==O<8 (MPLS, broadband Internet, LTE, B>I>) FV=:0 O:>ABV :0=0;V2 72'O7:C SD-WAN H;OE>< 2V4?@02;5==O ?0:5BV2 G8 70?8BV2 4> ?52=8E 2C7;V2 C <5@56V >=B@>;L E0@0:B5@8AB8:8 :0=0;V2 72'O7:C 2 @568<V @50;L=>3> G0AC (packet loss, jitter, latancy) B0 VE 3@0DVG=5 2V4>1@065==O (gui real-time monitor) 87=0G5==O SLA 4;O :>@8ABC20FL:8E 4>40B:V2 (applications) 7 28:>@8AB0==O< E0@0:B5@8AB8: :0=0;V2 72'O7:C (packet loss, jitter, latancy) 87=0G5==O @V7=>?;0=>28E AB@0B53V9 281>@C :0=0;V2 72'O7:C 4;O <0@H@CB870FVW B@0DV:C 4>40B:V2 B0 A5@2VAV2 28E>4OG8 7 :@8B5@VW2 2V4?>2V4=>ABV SLA, :@0I8E 7=0G5=L E0@0:B5@8AB8: :0=0;V2 72'O7:C, B>I> 87=0G5==O ?@028; <0@H@CB870FVW B@0DV:C 4>40B:V2 B0 A5@2VAV2 G5@57 :0=0;8 SD-WAN C C@0EC20==O< AB@0B53V9 B0 SLA 2B><0B8G=5 10;0=AC20==O =020=B065==O, ?5@5:;NG5==O V @575@2C20==O :0=0;V2 72 O7:C 4;O :>@8ABC20FL:8E 4>40B:V2 B0 A5@2VAV2 ?@8 7<V=V E@0:B5@8AB8: <5@56528E 7 T4=0=L (loss, jitter, latancy) 2 @50;L=><C G0AV 8=0<VG=> 28?@02;OB8 2B@0B8 ?0:5BV2 01> 2V4=>2;N20B8 ?0:5B8 7 ?><8;:0<8 28:;8:0=V =5A?@8OB;828<8 C<>20<8 WAN-:0=0;V2 ?V4 G0A @>1>B8 G5@57 VPN (Forward Error Correction) 0;0=AC20==O ?0:5BV2 >4=VTW A5AVW G5@57 420 IPSec VPN BC=5;O =0 >A=>2V "per packet" 10;0=AC20==O 2B5=B8DV:0FVO, 02B>@870FVO B0 >1;V: (AAA) >:0;L=0 1070 40=8E :>@8ABC20GV2 V4B@8<:0 ?@>B>:>;V2 LDAP, RADIUS, TACACS+ V4B@8<:0 2-D0:B>@=>W 02B5=B8DV:0FVW (two-factor authentication) =0 >A=>2V ?@>3@0<=8E B>:5=V2 5 <5=H5 =V6 2 ?@>3@0<=V B>:5=8 4;O 2AB0=>2;5==O =0 <>1V;L=V ?@8AB@>W (A<0@BD>=8) Single Sign-On: V=B53@0FVO A Windows AD PKI B0 A5@B8DV:0B8: X.509, SCEP support, AB2>@5==O Certificate Signing Request (CSR), 02B><0B8G=5 ?>=>2;5==O A5@B8DV:0BV2 4> 70:V=G5==O B5@<V=C 4VW, ?V4B@8<:0 OCSP 5@C20==O, 72VB=VABL, V=B53@0FVO @0DVG=89 251-V=B5@D59A (Web GUI) =B5@D59A :><0=4=>3> @O4:0 (CLI) V4B@8<:0 F5=B@0;V7>20=>W A8AB5<8 :5@C20==O >;5289 4>ABC? 04<V=VAB@0B>@V2 (RBAC) V4B@8<:0 REST API &5=B@0;V7>20=5 2545==O 6C@=0;V2 B0 72VB=>ABV (logging and reporting) $C=:FV>=0; 70?8AC ?0:5BV2 7 <5@56528E V=B5@D59AV2 4;O ?>40;LH>3> WE 0=0;V7C (packet capture) $C=:FV>=0; @575@2=>3> :>?VN20==O B0 2V4=>2;5==O D09;V2 :>=DV3C@0FVW SNMP v1, v2, v3 sFlow v5/Netflow v9, syslog "5E=VG=0 A5@2VA=0 ?V4B@8<:0 >ABV9=89 4>ABC? 4> F5=B@C B5E=VG=>W ?V4B@8<:8 28@>1=8:0 G5@57 A09B, 5;5:B@>==>N ?>HB>N 01> 70 B5;5D>=>< 24*7 >ABV9=89 02B>@87>20=89 4>ABC? 4> A09BC 28@>1=8:0 24*7 >6;82VABL @5TAB@0FVW A5@2VA=8E 28?04:V2 2 @568<V 24*7*90 1>A;C30 7 ?@8410==O ?@>3@0<=>3> 70157?5G5==O FortiGate-VM04V 1 @V: C=VDV:>20=>3> 70E8ABC 2V4 703@>7 (UTP) (:>4 28@>1=8:0 FC-10-FG4VM-963-02-12) 09<5=C20==O 8<>38 4> 1 >48=8FV 030;L=V 28<>38 5>1EV4=V ;VF5=7VW ?>28==V 1CB8 AC<VA=8< 7 C65 =0O2=8< C 70<>2=8:0 FortiGate VM04V 45=B8DV:0FVO B0 :>=B@>;L 70AB>AC20=L (AC/ AVC) >ABC? 1078 40==8E A83=0BC@ 70AB>AC=:V2 28@>1=8:0 (application control/application visibility control) 0E8AB 2V4 703@>7 =0 >A=>2V A83=0BC@=>3> 0=0;V7C (IPS) >ABC? 4> >AB0==VE >=>2;5=L IPS A83=0BC@ 2V4 28@>1=8:0 0E8AB 2V4 malware (Antivirus/AMP) VF5=7VO ?>28==0 2:;NG0B8 2 A515 4>ABC? 4> 1078 40==8E >AB0==VE AV A83=0BC@ 28@>1=8:0 Web B0 DNS-DV;LB@0FVO >ABC? 4> :0B53>@V9 WEB-!5@2VAV2 (Web-D8;LB@0FVO) >ABC? 4> :0B53>@V9 DNS (DNS-DV;LB@0FVO) >ABC? 4> 078 0==8E Botnet <5@56 0E8AB 2V4 =52V4><8E 703@>7 (0-day) V4?@02:0 D09;V2 7 :>@8ABC20FL:>3> B@0DV:C =0 0=0;V7 C cloud sandbox 4;O 28O2;5==O =52V4><8E 703@>7 :;0AC "0-day" VF5=7C20==O <0T 4>72>;OB8 V=A?5:BC20B8 C cloud sandbox =5 <5=H5 =V6 10 000 D09;V2 =0 45=L (24 3>48=8) "5E=VG=0 A5@2VA=0 ?V4B@8<:0 "5E=VG=0 A5@2VA=0 ?V4B@8<:0 ?>28==0 =04020B8AL AB@>:>< =5 <5=H5 =V6 12 <VAOFV2 7 @V2=5< A5@2VAC 24*7 >ABV9=89 4>ABC? 4> F5=B@C B5E=VG=>W ?V4B@8<:8 28@>1=8:0 G5@57 A09B, 5;5:B@>==>N ?>HB>N 01> 70 B5;5D>=>< 24*7 >ABV9=89 02B>@87>20=89 4>ABC? 4> A09BC 28@>1=8:0 24*7 B@8<0==O 0:BC0;L=8E @5?CB0FV9=8E 107, A83=0BC@ 70E8ABC B0 2AVE =5>1EV4=8E >=>2;5=L 4;O A5@2VAV2 157?5:8 B@8<0==O >A=>2=8E B0 ?@><V6=8E @5;V7V2 ?@>3@0<=>3> 70157?5G5==O G5@57 A09B, ?V4B@8<:0 ?@>3@0<=8E :>4V2 C 0:BC0;L=><C AB0=V 2V4?>2V4=> 4> @5:><5=40FV9 28@>1=8:0 >6;82VABL @5TAB@0FVW A5@2VA=8E 28?04:V2 2 @568<V 24*7*365, 4>AB02:C V 70<V=C 70?0A=8E G0AB8= C @568<V Next Business Day 2 <. 8W2 (>1;04=0==O 4;O 70<V=8 4>AB02;OTBLAO =0ABC?=>3> 4=O ?VA;O ?V4B25@465==O 70<V=8 A5@2VA>< ?V4B@8<:8 28@>1=8:0) 1 030;L=V 28<>38 4> ?@54<5BC 70:C?V2;V @54<5B 70:C?V2;V ?>28=5= 2V4?>2V40B8 28<>30< 017. 4 ?. 2 G. 1 @>7?>@O465==O 01V=5BC <V=VAB@V2 #:@0W=8 @> ?@>?>78FVW I>4> 70AB>AC20==O ?5@A>=0;L=8E A?5FV0;L=8E 5:>=><VG=8E B0 V=H8E >1<56C20;L=8E 70E>4V2 2V4 11.09.2014@. ! 829-@, 73V4=> 7 O:8< 701>@>=5=> 74V9A=5==O 45@602=8E 70:C?V25;L B>20@V2, @>1VB V ?>A;C3 C N@848G=8E >AV1 - @57845=BV2 >AV9AL:>W $545@0FVW 45@602=>W D>@<8 2;0A=>ABV B0 N@848G=8E >AV1, G0AB:0 AB0BCB=>3> :0?VB0;C O:8E ?5@51C20T C 2;0A=>ABV >AV9AL:>W $545@0FVW, 0 B0:>6 C V=H8E AC1 T:BV2 3>A?>40@N20==O, I> 74V9A=NNBL ?@>406 B>20@V2, @>1VB V ?>A;C3 ?>E>465==O< 7 >AV9AL:>W $545@0FVW, :@V< 28?04:V2, :>;8 70<VI5==O B0:8E ?@54<5BV2 70:C?V2;V V=H8<8 =5<>6;825, I> ?V4B25@465=> V=VAB5@AB2>< 5:>=><VG=>3> @>728B:C V B>@3V2;V. >6=8< CG0A=8:>< C A:;04V B5=45@=>W ?@>?>78FVW ?>40TBLAO ?>@V2=O;L=0 B01;8FO 2V4?>2V4=>ABV 70?@>?>=>20=>3> ?@>3@0<<=>3> 70157?5G5==O B5E=VG=8< 28<>30< 0<>2=8:0. ;O ?5@52V@:8 70?@>?>=>20=>3> ?@>3@0<<=>3> 70157?5G5==O B5E=VG=8< 28<>30< 0<>2=8:0 CG0A=8:>< >1>2 O7:>2> 707=0G0TBLAO 2 ?>@V2=O;L=V9 B01;8FV V=D>@<0FVO ?@> 28@>1=8:0 B0 <>45;L 70?@>?>=>20=>3> ?@>3@0<<=>3> 70157?5G5==O.     PAGE PAGE6 "JʂxmXKKK  & Fx$*$If & F ?x$*$If^?` $IfgdBK$kd$IfK$L$l0D t0644 lapXZHi^III & F ?x$*$If^?` $IfgdBK$kd$IfK$L$l0D t0644 lap & Fx$*$IfK$<>FhaVA & F ?x$*$If^?` $IfgdBK$kdL$IfK$L$l0D t0644 lap & F ?x$*$If^?`K$2ȈfxmXXXXXXXX & F ?x$*$If^?` $IfgdBK$kd$IfK$L$l0D t0644 lap VX`dptƉȉЉ҉ډ܉ F^̊Ί֊ڊ &^dʎΎ܎ .0:<PdjnƒjFföԶhB5OJPJQJ^J!hB5OJPJQJ^JmHsH hBhBhBB*OJPJQJ^Jph'hBB*OJPJQJ^JmHphsHFfTnLC $*$IfK$kd$IfK$L$l0D t0644 lap & F ?x$*$If^?`K$ & F ?x$*$If^?`ƒjFLC $*$IfK$kd$IfK$L$l0D t0644 lap & F ?x$*$If^?`K$ & F ?x$*$If^?`̕&r"ܗf & F ?x$*$If^?`K$ & F ?x$*$If^?` ԙBxmXXA & F ?x$*$If^?`K$ & F ?x$*$If^?` $$*$IfK$kd$IfK$L$l0D t0644 lapš(*JBFJPT"$̞ҞJʟΟ$LRhnօtgtݘgݘgݘݘݘhB5OJPJQJ^J!hB5OJPJQJ^JmHsH$hB5OJPJQJ\^JmHsHhBB*OJPJQJ^JphhBOJPJQJ^JhpMhXThXT5hzhz5 hXThpM hXThXT hBhB'hBB*OJPJQJ^JmHphsHhB5OJPJQJ\^J(xoc $$Ifa$gdXT $IfgdXTkdS$IfK$L$l0D t0644 lapš(\PGG99 $$$*$Ifa$K$ $IfgdXT $$Ifa$gd ykd$$IflFr"-'"  t06    44 laQpytXT(*JxmV & F ?x$*$If^?`K$ $$*$IfK$kd$IfK$L$l0 t0644 lapT"xmV & F ?x$*$If^?`K$ $$*$IfK$kdU$IfK$L$l0 t0644 lap"$xodM & F ?x$*$If^?`K$ $IfgdBK$ $IfgdBkd$IfK$L$l0 t0644 lapJxmV & F ?x$*$If^?`K$ $IfgdBK$kd$IfK$L$l0 t0644 lap$ڠ xmXXA & F ?x$*$If^?`K$ & F ?x$*$If^?` $IfgdBK$kd&$IfK$L$l0 t0644 lap "lڡHN"$\dfhnpjFZԴԭ|ujujujub *hXTh9 hXTh9 mHsH hXTh9  *hXTh *hXThq9 *hXThq95B*ph *hXThmHsH hXThpM hXThBhB5OJPJQJ\^J!hB5OJPJQJ^JmHsH hBhBhBB*OJPJQJ^Jph'hBB*OJPJQJ^JmHphsH$ "lR"xmXA & F ?x$*$If^?`K$ & F ?x$*$If^?` $IfgdBK$kd$IfK$L$l0 t0644 lap"$\&pBxmXXXXX & F ?x$*$If^?` $$*$IfK$kd\$IfK$L$l0 t0644 lapdfhlaXL $$Ifa$gd y $IfgdXTkd$IfK$L$l0 t0644 lap & F ?x$*$If^?`K$lnp\L$;^`;a$gdXTkd$$IflFr"-'"  t06    44 laQpytBptrrrrrrrr$^`a$gdXT$ & F ^`a$gdXT6$7$d%d&d'd(dNOPQR`7a$gdXT2$$d%d&d'd(dNOPQRa$gdXT ƲȲʲ̲βвҲŽů *hXTh9 hRhRB*ph333jh6B*Uph333*hzB*mHnHph333uh6B*ph333jh6B*Uph333hGhRB*phh6B*phjh6B*Uphh,%jh,%UβвҲ$^`a$gdXT1 %$d%d&d'd(dNOPQR4$ %$d%d&d'd(dNOPQRa$ > 00P:p7}. A!"7#$%q Dp$$IfQ!vh#v#v" #v:V l t0655" 5aQpytXT$IfK$L$q!vh#v#v:V l t0655p$IfK$L$q!vh#v#v:V l t0655p$IfK$L$q!vh#v#v:V l t0655p$IfK$L$q!vh#v#v:V l t0655p$IfK$L$q!vh#v#v:V l t0655p$IfK$L$q!vh#v#v:V l t0655p$IfK$L$q!vh#v#v:V l t0655p$IfK$L$q!vh#v#v:V l t0655p$$IfQ!vh#v#v" #v:V l t06,55" 5aQpytXT$IfK$L$q!vh#v#vD:V l t0655Dp$IfK$L$q!vh#v#vD:V l t0655Dp$IfK$L$q!vh#v#vD:V l t0655Dp$IfK$L$q!vh#v#vD:V l t06,55Dp$IfK$L$q!vh#v#vD:V l t0655Dp$IfK$L$q!vh#v#vD:V l t0655Dp$IfK$L$q!vh#v#vD:V l t0655Dp$IfK$L$q!vh#v#vD:V l t0655Dp$IfK$L$q!vh#v#vD:V l t0655Dp$IfK$L$q!vh#v#vD:V l t06,55Dp$IfK$L$q!vh#v#vD:V l t0655Dp$IfK$L$q!vh#v#vD:V l t0655Dp$IfK$L$q!vh#v#vD:V l t0655Dp$IfK$L$q!vh#v#vD:V l t0655Dp$IfK$L$q!vh#v#vD:V l t0655Dp$IfK$L$q!vh#v#vD:V l t0655Dp$IfK$L$q!vh#v#vD:V l t0655Dp$IfK$L$q!vh#v#vD:V l t0655Dp$IfK$L$q!vh#v#vD:V l t0655Dp$IfK$L$q!vh#v#vD:V l t0655Dp$IfK$L$q!vh#v#vD:V l t0655Dp$IfK$L$q!vh#v#vD:V l t0655Dp$IfK$L$q!vh#v#vD:V l t0655Dp$IfK$L$q!vh#v#vD:V l t0655Dp$$IfQ!vh#v#v" #v:V l t06,,55" 5aQpytXT$IfK$L$q!vh#v#v:V l t0655p$IfK$L$q!vh#v#v:V l t0655p$IfK$L$q!vh#v#v:V l t0655p$IfK$L$q!vh#v#v:V l t0655p$IfK$L$q!vh#v#v:V l t0655p$IfK$L$q!vh#v#v:V l t0655p$IfK$L$q!vh#v#v:V l t0655p$IfK$L$q!vh#v#v:V l t0655p$$IfQ!vh#v#v" #v:V l t06,55" 5aQpytB$s666666666vvvvvvvvv666666>6666666666666666666666666666666666666666666666666hH66666666666666666666666666666666666666666666666666666666666666666p62&6FVfv2(&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv8XV~ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@_HmH"nH"sH"tH":`: 1KG=K9_HmH"sH"tH @@ 03>;>2>: 1 $@&a$5HH 03>;>2>: 2 $@&a$ 5CJaJ\\ 03>;>2>: 3$<@&5CJOJPJQJ^JaJll 03>;>2>: 4$$dP@&!B*CJOJPJQJ^JaJphfffll 03>;>2>: 5$$dP@&!B*CJOJPJQJ^JaJphfffLL 03>;>2>: 6$<@&a$ 5CJ aJ BA B A=>2=>9 H@8DB 0170F0Xi@X 01KG=0O B01;8F04 l4a .k . 0 5B A?8A:0 V/V Table Normal1 :V4_HmH"sH"tH T>T 03>;>2>: 1$^@a$5CJOJPJQJ^JaJJJJ >4703>;>2>: dha$ 5CJaJ2#2 :V4d44232 :V4 l44<B< 0"5:AB ?@8<5G0=8OBQB 0"5:AB ?@8<5G0=8O =0:>' a> 0=0: ?@8<5G0=8OCJaJ@jAB@ P0"5<0 ?@8<5G0=8O5\F/F P0"5<0 ?@8<5G0=8O =0:5\JJ P0 "5:AB 2K=>A:8CJOJQJ^JaJP/P P0"5:AB 2K=>A:8 =0:CJOJQJ^JaJ:U : P0 8?5@AAK;:0 >*B*ph@  170F A?8A:0,170F A?8A:C 1,B2-170F A?8A:0,=0720=85 B01;/@8A,703>;>2>: 1.1,List Paragraph (numbered (a)),List_Paragraph,Multilevel para_II,List Paragraph1,List Paragraph-ExecSummary,Akapit z list BS,Bullets,List Paragraph 1,References,Number Bullets ^m$J J 7}086=89 :>;>=B8BC; E$DD 7}086=89 :>;>=B8BC; =0:/ ,Z 170F A?8A:0 =0:,170F A?8A:C 1 =0:,B2-170F A?8A:0 =0:,=0720=85 B01;/@8A =0:,703>;>2>: 1.1 =0:,List Paragraph (numbered (a)) =0:,List_Paragraph =0:,Multilevel para_II =0:,List Paragraph1 =0:,List Paragraph-ExecSummary =0:,Bullets =0:TT !,Z ToR_WB_LVL3 x7*$^a$CJ</<  ,ZToR_WB_LVL3 =0:CJ8/!8 \tlid-translation3 Bp !5B:0 B01;8FK7:V#0#CJOJPJQJ^JaJPK![Content_Types].xmlN0EH-J@%ǎǢ|ș$زULTB l,3;rØJB+$G]7O٭V{+N8aq-*GlLi˽6Lj3~pmGo 1*?f8&,ɴ8N>hR*Պ"(zsy2!#YQ$\h2軧>:HC A84Bq.UJR_O]-4k!ᣄD=zvg?s6re؝GT{<˷/|N:OWB_?>xo'hGIs ;WY ;ɛY CDtv<(Fr Ȃ`3Ax&sA,/fvXb9<'O:*B{Yg2A E@Sc.Ɩ Ĉ6%pn5$CcT< / AȷNQ۪xD½S#\r""`t\ SƘs֫%Ȍ=tD]ϋ1eA ; qc?Pȹ„ ;D~ 4<   >$, 4V#+08<^ckq v "  $8&&'(d(*+-&1 407:f< f(" "lp !"$%&'()*,-./12345679:;=>?Z[\]_`abdefghijlmnopr !!T # @H 0(  0(  B S  ?;Zhm78@ADIxy 89OQst*+;CXY^gku'1_a|}~OZ" . 6 B M S ^ n r  9 ? ( , V W ` f }        2 4 N P [^CSad #.1;BLTU)1MNOZgm  JKn|!Tb,GQfgFRYg'3HI (*?Khs*FHOY\^dx !PYdsw245@cp=>DER`jpv 3>JU[]bjsuz-/9;LXhiQ[T Y l x 0!|p>v^`o(.^`.pL^p`L.@ ^@ `.^`.L^`L.^`.^`.PL^P`L.-^-`o(.^`. L^ `L. ^ `.m^m`.=L^=`L. ^ `.^`.L^`L.h^h`56B*CJaJph.7^7`..7^`7...^`....\ ^\ `OJPJQJ^J%L^`L.^`.^`.PL^P`L.h^h`o(^`o(.0^`0o(..0^`0o(...  ^ `o( .... @ ^@ `o( ..... `^``o( ...... x`^x``o(....... H^H`o(........F^F`OJPJQJ^J-^`OJPJQJ^Jo ^ `OJPJQJ^J% ^ `OJPJQJ^J%^`OJPJQJ^JoV^V`OJPJQJ^J%&^&`OJPJQJ^J%^`OJPJQJ^Jo^`OJPJQJ^J% ^ `OJPJQJ^J-p^p`OJPJQJ^J-@ ^@ `OJPJQJ^J%^`OJPJQJ^J%^`OJPJQJ^Jo^`OJPJQJ^J%^`OJPJQJ^J%P^P`OJPJQJ^Jo ^ `OJPJQJ^J%F^F`OJPJQJ^J-^`OJPJQJ^Jo ^ `OJPJQJ^J% ^ `OJPJQJ^J%^`OJPJQJ^JoV^V`OJPJQJ^J%&^&`OJPJQJ^J%^`OJPJQJ^Jo^`OJPJQJ^J%^`OJPJQJ^Jo(-^`OJQJ^Jo(o p^p`OJQJo( @ ^@ `OJQJo(^`OJQJ^Jo(o ^`OJQJo( ^`OJQJo(^`OJQJ^Jo(o P^P`OJQJo(^`o(.^`.pL^p`L.@ ^@ `.^`.L^`L.^`.^`.PL^P`L.h^h`56B*CJaJph.7^7`..7^`7...^`....\ ^\ `OJPJQJ^J%L^`L.^`.^`.PL^P`L. ^`OJQJo(^`OJQJ^Jo(o p^p`OJQJo( @ ^@ `OJQJo(^`OJQJ^Jo(o ^`OJQJo( ^`OJQJo(^`OJQJ^Jo(o P^P`OJQJo( ^`OJQJo(^`OJQJ^Jo(o p^p`OJQJo( @ ^@ `OJQJo(^`OJQJ^Jo(o ^`OJQJo( ^`OJQJo(^`OJQJ^Jo(o P^P`OJQJo(^`OJPJQJo(-^`OJQJ^Jo(o p^p`OJQJo( @ ^@ `OJQJo(^`OJQJ^Jo(o ^`OJQJo( ^`OJQJo(^`OJQJ^Jo(o P^P`OJQJo( ^`OJQJo(^`OJQJ^Jo(o p^p`OJQJo( @ ^@ `OJQJo(^`OJQJ^Jo(o ^`OJQJo( ^`OJQJo(^`OJQJ^Jo(o P^P`OJQJo(^`o(.h^h`.8 L^8 `L. ^ `.^`.L^`L.x^x`.H^H`.L^`L.IdD8S  B)t<hY_$nuaO>|[9X*at[l{pT ex#H""""""""Bt        """""""""                  """"""""         eEg4( Xfw\R,Z!O8l  yYZleKNOmAc{0"-Mu (1bl9 W B!?%}'y'Z_)h),k,wg1@47|7q9Zr9#@HD{7GOIeMOPXT V V0YpY`X]2^?`abd eLfulm`nsnYpopmq8r)7s y;yz7}DM}H          Oh+'0p   , 8 DPX`hGrabNormal 3Microsoft Office Word@F#@z@ɝ@jB! ՜.+,0  hp|  *(4   Title  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrsuvwxyz{|}~Root Entry F{Data tX1TablegWordDocument@SummaryInformation(DocumentSummaryInformation8CompObjr  F Microsoft Word 97-2003 MSWordDocWord.Document.89q