{"id":602,"date":"2021-10-20T19:45:24","date_gmt":"2021-10-20T17:45:24","guid":{"rendered":"http:\/\/soledpro.cz\/?page_id=602"},"modified":"2022-06-19T11:56:10","modified_gmt":"2022-06-19T09:56:10","slug":"sophos-firewall-xgs","status":"publish","type":"page","link":"https:\/\/www.soledpro.cz\/de\/sophos\/sophos-firewall-xgs\/","title":{"rendered":"SOPHOS Firewall"},"content":{"rendered":"

Sophos XGS NG Firewall<\/h2>\n\n\n\n

S nar\u016fstaj\u00edc\u00edmi n\u00e1roky na bezpe\u010dnost a ochranu perimetru se paraleln\u011b zvy\u0161uj\u00ed i n\u00e1roky na v\u00fdkon a technologie. Nejmodern\u011bj\u0161\u00ed Sophos XGS Firewall\/UTM byl vyvinut s d\u016frazem na maxim\u00e1ln\u00ed v\u00fdkon. \u0158ada XGS pou\u017e\u00edv\u00e1 architekturu zalo\u017eenou na dvouprocesorov\u00fdch \u010dipech Xstream (v\u00edcej\u00e1drov\u00fd procesor x86 spole\u010dn\u011b s procesorem Xstream Flow) a nab\u00edz\u00ed podporu TLS inspekce, v\u010detn\u011b nativn\u00ed podpory TLS 1.3, kter\u00e1 je a\u017e 6x rychlej\u0161\u00ed ne\u017e jin\u00e9 modely aktu\u00e1ln\u011b dostupn\u00e9 na trhu. To v\u0161e spole\u010dn\u011b umo\u017e\u0148uje z\u00e1sadn\u011b akcelerovat celkov\u00fd v\u00fdkon a \u00farove\u0148 bezpe\u010dnosti, v\u010detn\u011b kontroly \u0161ifrovan\u00e9ho provozu.<\/em><\/p>\n\n\n\n

Spojen\u00ed sofistikovan\u00e9 bezpe\u010dnosti a jednoduchosti<\/strong><\/h3>\n\n\n\n

U v\u011bt\u0161iny firewall\u016f se mus\u00ed pou\u017e\u00edt k nastaven\u00ed jedn\u00e9 politiky r\u016fzn\u00e9 moduly. To v\u0161ak neplat\u00ed u firewallu Sophos XGS, kter\u00fd nab\u00edz\u00ed efektivn\u00ed model konsolidace \u0159\u00edzen\u00ed, n\u00e1hledu, filtrov\u00e1n\u00ed a \u0159azen\u00ed v\u0161ech u\u017eivatelsk\u00fdch, aplika\u010dn\u00edch i s\u00ed\u0165ov\u00fdch politik na jednom m\u00edst\u011b.<\/p>\n\n\n\n

Sophos XGS nab\u00edz\u00ed velkou flexibilitu nasazen\u00ed a vyu\u017eit\u00ed. Lze jej nasadit jako robustn\u00ed klasick\u00fd firewall i v\u00fdkonn\u00e9 UTM nab\u00edzej\u00edc\u00ed \u0161irokou \u0161k\u00e1lu bezpe\u010dnostn\u00edch modul\u016f \u2013 funkc\u00ed, ke kter\u00fdm pat\u0159\u00ed nap\u0159. revolu\u010dn\u00ed syst\u00e9m synchronizace bezpe\u010dnosti na perimetru a koncov\u00fdch za\u0159\u00edzen\u00edch Security Heartbeat\u2122<\/strong>, plnohodnotn\u00fd Web Application Firewall, kompletn\u00ed webov\u00e1 a emailov\u00e1 bezpe\u010dnost v\u010d. DLP a \u0161ifrov\u00e1n\u00ed po\u0161tovn\u00ed komunikace.<\/p>\n\n\n\n

Mo\u017enosti nasazen\u00ed<\/strong><\/td><\/tr>
Hardware appliance<\/strong> \u2013 \u0161k\u00e1lovateln\u00e1, specializovan\u00e1, vysoce v\u00fdkonn\u00e1 za\u0159\u00edzen\u00edSoftware appliance<\/strong>Virtual appliance<\/strong>
VMware, Citrix,
Microsoft Hyper-V a KVM Ka\u017ed\u00e1 z variant umo\u017e\u0148uje vyu\u017eit\u00ed v\u0161ech funkc\u00ed.<\/strong><\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

Xstream Architecture<\/strong> vynik\u00e1 zejm\u00e9na d\u00edky t\u0159em kl\u00ed\u010dov\u00fdm funkcionalit\u00e1m:<\/p>\n\n\n\n

  • Dedikovan\u00e9 procesory Xstream Flow zrychluj\u00ed p\u0159enos s\u00ed\u0165ov\u00e9 komunikace skrz FastPath \u2013 offloading d\u016fv\u011bryhodn\u00e9ho provozu z\u00a0FW rychlost\u00ed limitovanou pouze kabelem. FW kontroluje tedy jenom provoz, kter\u00fd to skute\u010dn\u011b pot\u0159ebuje.<\/li>
  • Inspekce Xstream TLS 1.3 vyu\u017e\u00edv\u00e1 d\u016fkladn\u011b p\u0159epracovan\u00fd ultrarychl\u00fd engine, podporuje nejnov\u011bj\u0161\u00ed standardy a co je nejd\u016fle\u017eit\u011bj\u0161\u00ed \u2013 je inteligentn\u011bj\u0161\u00ed v tom, co je pot\u0159eba de\u0161ifrovat a co optimalizovat pro pot\u0159eby v\u00fdkonu. I d\u00edky tomu je 5-8kr\u00e1t rychlej\u0161\u00ed v\u00a0porovn\u00e1n\u00ed s\u00a0p\u0159edch\u00e1zej\u00edc\u00ed generac\u00ed.<\/li>
  • Nov\u00fd optimalizovan\u00fd Deep Packet Inspection (DPI) engine pro hloubkovou kontrolu paket\u016f poskytuje krom\u011b nejpokrokov\u011bj\u0161\u00ed ochrany p\u0159ed zero-day hrozbami tak\u00e9 zv\u00fd\u0161enou ochranu v\u016f\u010di aplikac\u00edm m\u011bn\u00edc\u00edm hashe jako je nap\u0159. software Psiphon.<\/li><\/ul>\n\n\n\n

    Funkcionalita Cloud Application Visibility<\/strong> poskytuje p\u0159ehled a informace o datech, kter\u00e1 mohou b\u00fdt ohro\u017eena v\u00a0cloudov\u00e9m prost\u0159ed\u00ed. D\u00edky t\u00e9to funkci se m\u011bn\u00ed XGS Firewall na Cloud Access Security Broker (CASB)<\/strong>, kter\u00fd upozorn\u00ed na ne\u017e\u00e1douc\u00ed a neopr\u00e1vn\u011bn\u00e9 aktivity a umo\u017en\u00ed kontrolu nad aplikacemi. CASB mimo jin\u00e9 tak\u00e9 poskytuje p\u0159ehledn\u00fd reporting o nahr\u00e1van\u00fdch a stahovan\u00fdch datech do cloudov\u00e9ho prost\u0159ed\u00ed.<\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    Funkce synchronizovan\u00e9ho zabezpe\u010den\u00ed<\/strong><\/h3>\n\n\n\n

    Synchronized App Control<\/strong>, umo\u017e\u0148uje identifikovat, klasifikovat a kontrolovat d\u0159\u00edve nezn\u00e1m\u00e9 aplikace, kter\u00e9 jsou vyu\u017e\u00edv\u00e1ny na koncov\u00fdch za\u0159\u00edzen\u00edch. Spr\u00e1vci maj\u00ed mo\u017enost p\u0159id\u011blit nezn\u00e1m\u00fdm aplikac\u00edm kategorie. Na z\u00e1klad\u011b toho mohou b\u00fdt blokov\u00e1ny nebo up\u0159ednost\u0148ov\u00e1ny podle jejich pot\u0159eby. Interaktivn\u00ed reportov\u00e1n\u00ed aplikac\u00ed poskytuje detailn\u00ed p\u0159ehled o denn\u00edm toku dat.<\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    Revolu\u010dn\u00ed p\u0159\u00edstup k\u00a0ochran\u011b proti pokro\u010dil\u00fdm hrozb\u00e1m<\/strong><\/h3>\n\n\n\n

    Sophos Security Heartbeat\u2122<\/strong> je prvn\u00ed technologi\u00ed sv\u00e9ho druhu, kter\u00e1\u00a0propojuje koncov\u00e1 za\u0159\u00edzen\u00ed s\u00a0firewallem a kombinuje jejich schopnosti za \u00fa\u010delem identifikace kompromitovan\u00fdch syst\u00e9m\u016f dosud nezn\u00e1m\u00fdmi hrozbami. Security Heartbeat je integrov\u00e1n v\u00a0r\u00e1mci nastaven\u00ed bezpe\u010dnostn\u00edch politik a okam\u017eit\u011b spou\u0161t\u00ed akce na\u00a0koncov\u00fdch za\u0159\u00edzen\u00edch i s\u00ed\u0165ov\u00e9 \u00farovni ve smyslu izolace \u010di omezen\u00ed p\u0159\u00edstupu napaden\u00fdch syst\u00e9m\u016f do doby, ne\u017e jsou op\u011bt d\u016fv\u011bryhodn\u00e9. Tato funkce vy\u017eaduje na koncov\u00fdch za\u0159\u00edzen\u00edch syst\u00e9m Sophos Central Intercept X.<\/p>\n\n\n\n

    Secure Access Portfolio<\/strong><\/h2>\n\n\n\n

    Sophos SD-RED VPN | Bezpe\u010dn\u00e1 Wi-Fi<\/strong><\/h3>\n\n\n\n

    Sophos RED poskytuje bezpe\u010dn\u00e9 p\u0159ipojen\u00ed\/vzd\u00e1len\u00fd p\u0159\u00edstup k jak\u00fdmkoli off-site lokac\u00edm organizace (pobo\u010dky, obchodn\u00ed m\u00edsta, atp.) a ve vzd\u00e1len\u00e9 lokalit\u011b nevy\u017eaduje po obsluze t\u00e9m\u011b\u0159 \u017e\u00e1dn\u00e9 technick\u00e9 dovednosti. Na centr\u00e1ln\u00edm Sophos XGS se pouze zad\u00e1 ID za\u0159\u00edzen\u00ed a po instalaci RED se skrze automaticky sestavenou VPN sm\u011bruje bezpe\u010dn\u011b ve\u0161ker\u00fd datov\u00fd provoz na centr\u00e1ln\u00ed UTM.\u00a0 Sophos XGS um\u00ed pracovat jako centr\u00e1ln\u00ed \u201ewireless controller\u201c. P\u0159\u00edstupov\u00e9 body (APX) jsou nastaveny automaticky a dost\u00e1v\u00e1 se jim pln\u00e9 UTM ochrany.<\/p>\n\n\n\n

    Flexi Port moduly | I\/O porty<\/strong><\/h3>\n\n\n\n

    Sophos XGS lze osadit dal\u0161\u00edmi Copper \/ Fiber 1G \/ 10G porty na stejn\u00e9 appliance d\u00edky pou\u017eit\u00ed FleXi Port modul\u016f a je tak mo\u017en\u00e9 konfigurovat hardware dle pot\u0159eb dan\u00e9 infrastruktury. Flexi porty konsoliduj\u00ed po\u010det za\u0159\u00edzen\u00ed v s\u00edti, nab\u00edz\u00ed energetickou efektivitu, sn\u00ed\u017een\u00ed slo\u017eitosti s\u00edt\u011b a t\u00edm i sn\u00ed\u017een\u00ed provozn\u00edch n\u00e1klad\u016f. Nav\u00edc jsou Flexi Port moduly kompatibiln\u00ed i nap\u0159\u00ed\u010d modelovou \u0159adou (nap\u0159. v\u00a0r\u00e1mci 1U za\u0159\u00edzen\u00ed). Ka\u017ed\u00fd z\u00a0model\u016f je rovn\u011b\u017e vybaven r\u016fzn\u00fdmi I\/O porty (USB, COM (RJ45), eth, VGA), kter\u00e9 jsou nezbytn\u00e9 pro pohodlnou spr\u00e1vu bezpe\u010dnostn\u00edho za\u0159\u00edzen\u00ed.<\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    Zero Trust Network Access<\/strong><\/h3>\n\n\n\n

    Sophos ZTNA je sofistikovan\u011b zabezpe\u010den\u00e9 a transparentn\u00ed p\u0159ipojen\u00ed vzd\u00e1len\u00fdch pracovn\u00edk\u016f nebo pobo\u010dek pln\u011b kompatibiln\u00ed s XGS Firewallem a Sophos Intercept X. Koncept \u201ezero trust\u201c \u0159e\u0161\u00ed rizika, kter\u00e1 s sebou nese p\u0159ipojen\u00ed nov\u00e9ho za\u0159\u00edzen\u00ed do korpor\u00e1tn\u00ed s\u00edt\u011b skrz VPN. Pracuje s presumpc\u00ed viny a v\u0161echny za\u0159\u00edzen\u00ed pova\u017euje za rizikov\u00e9, dokud se neprok\u00e1\u017eou jako zabezpe\u010den\u00e9. Ka\u017ed\u00e9 za\u0159\u00edzen\u00ed z\u00edsk\u00e1 v s\u00edti pouze takov\u00e9 opr\u00e1vn\u011bn\u00ed, kter\u00e9 odpov\u00edd\u00e1 jeho aktu\u00e1ln\u00ed bezpe\u010dnostn\u00ed p\u0159ipravenosti = bezpe\u010dn\u00e1 alternativa k VPN.\u00a0<\/p>\n\n\n\n

    Sophos Central Firewall Reporting (CFR)<\/strong><\/h3>\n\n\n\n

    CFR nab\u00edz\u00ed \u0161irok\u00e9 mo\u017enosti p\u0159izp\u016fsoben\u00ed historick\u00fdch report\u016f s\u00ed\u0165ov\u00e9 aktivity, kter\u00e9 zabezpe\u010d\u00ed pot\u0159ebn\u00fd vhled do ji\u017e prob\u011bhl\u00fdch proces\u016f, jejich hlub\u0161\u00ed pochopen\u00ed a d\u00edky nastaviteln\u00fdm politik\u00e1m a pravidl\u016fm CFR bude pr\u00e1ce administr\u00e1tor\u016f efektivn\u011bj\u0161\u00ed a jednodu\u0161\u0161\u00ed. K\u00a0dispozici je mno\u017estv\u00ed filtr\u016f, kter\u00e9 nab\u00edz\u00ed lehk\u00e9 a rychl\u00e9 prohled\u00e1van\u00ed log\u016f z XGS firewallu, granul\u00e1rnost dat v p\u0159izp\u016fsobiteln\u00fdch tabulk\u00e1ch a grafech za obdob\u00ed a\u017e jednoho roku a u\u017eivatelsky p\u0159\u00edv\u011btiv\u00e9 p\u0159ehledn\u00e9 GUI s mo\u017enost\u00ed bohat\u00e9ho p\u0159izp\u016fsobov\u00e1n\u00ed \u0161ablon. Tento reportovac\u00ed n\u00e1stroj je integrov\u00e1n do platformy Sophos Central, administr\u00e1to\u0159i mohou tedy z\u00a0jedin\u00e9 konzole spravovat reporty z\u00a0FW a tak\u00e9 dal\u0161\u00ed komponenty bezpe\u010dnostn\u00ed infrastruktury.<\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    Funkce a vlastnosti Sophos XGS Firewall \/ UTM<\/strong><\/strong><\/h3>\n\n\n\n

    Management<\/strong><\/p>\n\n\n\n

    • U\u017eivatelsky komfortn\u00ed rozhran\u00ed s interaktivn\u00edm \u0159\u00edd\u00edc\u00edm centrem (Control Center)<\/li>
    • Navigace v GUI na 3 kliky kdekoli<\/li>
    • Kontextov\u00e1 n\u00e1pov\u011bda u ka\u017ed\u00e9 polo\u017eky menu<\/li>
    • Pokro\u010dil\u00e9 n\u00e1stroje pro \u0159e\u0161en\u00ed probl\u00e9mu v GUI (nap\u0159. Packet Capture)<\/li>
    • Administrace dle rol\u00ed \u2013 selektivn\u00ed definice opr\u00e1vn\u011bn\u00ed<\/li>
    • Automatick\u00e9 upozorn\u011bn\u00ed na aktualizace<\/li>
    • Objektov\u011b orientovan\u00fd syst\u00e9m definice pro s\u00edt\u011b, slu\u017eby, hosty, \u010dasov\u00e9 \u00faseky, u\u017eivatele a skupiny, klienty a servery<\/li>
    • Sledov\u00e1n\u00ed zm\u011bn v konfiguraci<\/li>
    • Upozor\u0148ov\u00e1n\u00ed skrze email nebo SNMP traps<\/li><\/ul>\n\n\n\n

      Routing a slu\u017eby firewallu<\/strong><\/p>\n\n\n\n

      • Vytv\u00e1\u0159en\u00ed z\u00f3n a podpora politik dle z\u00f3n<\/li>
      • P\u0159ednastaven\u00e9 z\u00f3ny pro LAN, WAN, DMZ, LOCAL, VPN a WiFi<\/li>
      • Nastaviteln\u00e9 z\u00f3ny LAN nebo DMZ<\/li>
      • Routing: statick\u00fd, multicast (PIM-SM) a dynamick\u00fd (BGP, OSPF)<\/li>
      • Bridging s podporou STP a ARP broadcast forwarding<\/li>
      • WAN link balancing: v\u00edce internetov\u00fdch p\u0159ipojen\u00ed, automatick\u00e1 kontrola funk\u010dnosti linky, automatick\u00e9 p\u0159eklopen\u00ed (failover), automatick\u00fd a v\u00e1\u017een\u00fd balancing a podrobn\u00e1 v\u00edcecestn\u00e1 pravidla<\/li>
      • Pln\u00e1 konfigurace DNS, DHCP a NTP<\/li>
      • Podpora Sophos RED<\/li>
      • Podpora a tagov\u00e1n\u00ed VLAN DHCP<\/li><\/ul>\n\n\n\n

        Pokro\u010dil\u00e1 ochrana p\u0159ed hrozbami
        a synchronizovan\u00e1 bezpe\u010dnost<\/strong><\/p>\n\n\n\n

        • Detekuje a blokuje s\u00ed\u0165ov\u00fd provoz sna\u017e\u00edc\u00ed se kontaktovat Command and Control servery vyu\u017eit\u00edm v\u00edcevrstv\u00e9 DNS, AFC, HTTP proxy a firewallu<\/li>
        • Sophos Security Heartbeat okam\u017eit\u011b identifikuje kompromitovan\u00e9 koncov\u00e9 body a zaznamen\u00e1v\u00e1 hosty, u\u017eivatele, procesy, po\u010dty a \u010dasy incident\u016f<\/li>
        • Politiky Sophos Security Heartbeat m\u016f\u017eou omezovat p\u0159\u00edstup k s\u00ed\u0165ov\u00fdm zdroj\u016fm nebo kompletn\u011b izolovat kompromitovan\u00e9 syst\u00e9mu do doby jejich n\u00e1pravy<\/li><\/ul>\n\n\n\n

          S\u00ed\u0165ov\u00e1 bezpe\u010dnost<\/strong><\/p>\n\n\n\n

          • Stavov\u00fd firewall s hloubkovou inspekc\u00ed paket\u016f<\/li>
          • Optimalizace \u201eFastPath Packet\u201c<\/li>
          • TLS inspekce s podporou TLS 1.3<\/li>
          • Ochrana proti naru\u0161en\u00ed: v\u00fdkonn\u00fd IPS syst\u00e9m s hloubkovou inspekc\u00ed paket\u016f<\/li>
          • Ochrana proti zahlcen\u00ed: blokovan\u00ed DoS, DDoS a skenov\u00e1n\u00ed port\u016f<\/li>
          • Blokov\u00e1n\u00ed na z\u00e1klad\u011b zem\u00ed (geo-IP)<\/li>
          • \u201eSite-to-site VPN\u201c: SSL, IPSec, 256-bit AES\/3DES, PFS, RSA, X.509 certifik\u00e1ty, \u201epre-shared key\u201c<\/li>
          • Vzd\u00e1len\u00fd p\u0159\u00edstup: podpora SSL, IPsec, iPhone\/iPad\/Cisco VPN klient\u016f<\/li>
          • QoS (traffic shaping) dle s\u00edt\u011b, u\u017eivatele, webu<\/li>
          • Optimalizace VoIP v re\u00e1ln\u00e9m \u010dase<\/li><\/ul>\n\n\n\n

            SD-WAN<\/strong><\/p>\n\n\n\n

            • P\u0159ipojen\u00ed p\u0159es VDSL,DSL,4G\/LTE a dal\u0161\u00ed s mo\u017enost\u00ed monitoringu, balancingu a failover mezi nimi<\/li>
            • Volba odchoz\u00ed WAN br\u00e1ny pro konkr\u00e9tn\u00ed aplikace\/u\u017eivatele\/komunikaci<\/li>
            • Centralizovan\u00fd VPN orchestr\u00e1tor<\/li>
            • Sophos SD-RED<\/li><\/ul>\n\n\n\n

              Autentizace<\/strong><\/p>\n\n\n\n

              • Transparentn\u00ed, proxy autentizace (NTLM\/Kerberos) nebo klientsk\u00e1 autentizace<\/li>
              • Autentizace s podporou: Active Directory, eDirectory, RADIUS, LDAP a TACACS+<\/li>
              • Transparentn\u00ed autentizace formou serverov\u00e9ho agenta (STAS, SATC) s podporou Active Directory<\/li>
              • Transparentn\u00ed autentizace formou klientsk\u00e9ho agenta s podporou pro Windows, Mac OS X, Linux 32\/64<\/li>
              • Autentiza\u010dn\u00ed certifik\u00e1ty pro iOS a Android<\/li>
              • Single sign-on: Active directory, eDirectory<\/li>
              • Autentiza\u010dn\u00ed slu\u017eby pro IPSec, L2TP, PPTP, SSL<\/li><\/ul>\n\n\n\n

                Mo\u017enosti VPN<\/strong><\/p>\n\n\n\n

                • IPSec, SSL, PPTP, L2TP, Cisco VPN (iOS), OpenVPN (iOS a Android)<\/li>
                • Bezklientsk\u00fd port\u00e1l vyu\u017e\u00edvaj\u00edc\u00ed unik\u00e1tn\u00ed Sophos \u0161ifrovan\u00fd HTML5 samoobslu\u017en\u00fd port\u00e1l s podporou pro RDP, SSH, Telnet a VNC<\/li>
                • Podpora Sophos Remote Ethernet Device (RED)<\/li><\/ul>\n\n\n\n

                  VPN IPsec klient<\/strong><\/p>\n\n\n\n

                  • Autentizace: \u201ePre-Shared Key\u201c (PSK), PKI (X.509), smartkarty, tokeny a XAUTH<\/li>
                  • \u0160ifrov\u00e1n\u00ed: AES (128\/192\/256), DES, 3DES (112\/168), Blowfish, RSA (a\u017e do 2048 Bit), DH skupiny 1\/2\/5\/14, MD5 a SHA-256\/384\/512<\/li>
                  • Inteligentn\u00ed \u201esplit-tunneling\u201c pro optim\u00e1ln\u00ed sm\u011brov\u00e1n\u00ed provozu<\/li>
                  • Podpora NAT-traversal<\/li><\/ul>\n\n\n\n

                    VPN SSL klient<\/strong><\/p>\n\n\n\n

                    • Osv\u011bd\u010den\u00e9 zabezpe\u010den\u00ed zalo\u017een\u00e9 na SSL (TLS)<\/li>
                    • Mo\u017enost customizovat SSL VPN port pro naslouch\u00e1n\u00ed<\/li>
                    • Sd\u00edlen\u00ed portu 443 mezi SSL VPN a WAF<\/li>
                    • Minim\u00e1ln\u00ed syst\u00e9mov\u00e9 po\u017eadavky<\/li>
                    • Podpora MD5, SHA, DES, 3DES a AES<\/li>
                    • Pr\u016fchodnost p\u0159es v\u0161echny firewally bez ohledu na proxy \u010di NAT<\/li>
                    • Podpora iOS a Android<\/li><\/ul>\n\n\n\n

                      Remote Ethernet Device (RED) VPN<\/strong><\/p>\n\n\n\n

                      • Centr\u00e1ln\u00ed spr\u00e1va pro v\u0161echna RED za\u0159\u00edzen\u00ed<\/li>
                      • \u017d\u00e1dn\u00e1 konfigurace: automatick\u00e9 spojen\u00ed skrze cloudovou slu\u017ebu<\/li>
                      • Bezpe\u010dn\u00fd \u0161ifrovan\u00fd tunel u\u017e\u00edvaj\u00edc\u00ed digit\u00e1ln\u00ed X. 509 certifik\u00e1ty a AES256 \u0161ifrov\u00e1n\u00ed<\/li>
                      • Lokality s RED jsou pln\u011b chr\u00e1n\u011bny licencemi firewallu (Network, Web and Mail security subscriptions)<\/li>
                      • Virtu\u00e1ln\u00ed ethernet pro spolehliv\u00fd p\u0159enos provozu mezi lokalitami<\/li>
                      • IP Address Management s centr\u00e1ln\u00ed konfigurac\u00ed DHCP a DNS slu\u017eeb<\/li>
                      • Komprese tunelovan\u00e9ho provozu<\/li>
                      • Mo\u017enost konfigurace VLAN na portech
                        (SD-RED 60)<\/li><\/ul>\n\n\n\n

                        Bezpe\u010dnost Wi-Fi s\u00edt\u011b<\/strong><\/p>\n\n\n\n

                        • Jednoduch\u00e9 \u201eplug-and-play\u201c nasazen\u00ed bezdr\u00e1tov\u00fdch p\u0159\u00edstupov\u00fdch bod\u016f Sopohos \u2013 automatick\u00e9 p\u0159id\u00e1n\u00ed do control centra firewallu<\/li>
                        • Centr\u00e1ln\u00ed monitoring a spr\u00e1va v\u0161ech p\u0159\u00edstupov\u00fdch bod\u016f (APX) a bezdr\u00e1tov\u00fdch klient\u016f p\u0159es bezdr\u00e1tov\u00fd kontroler<\/li>
                        • Integrovan\u00e1 bezpe\u010dnosti: Ve\u0161ker\u00fd Wi-Fi provoz je automaticky sm\u011brov\u00e1n p\u0159es firewall<\/li>
                        • Siln\u00e9 \u0161ifrov\u00e1n\u00ed podporuje nejvysp\u011blej\u0161\u00ed autentiza\u010dn\u00ed metody v\u010d. WPA2-Enterprise a IEEE 802.1X (RADIUS)<\/li>
                        • \u010casov\u011b definovan\u00fd p\u0159\u00edstup do s\u00edt\u011b
                          p\u0159es Wi-Fi<\/li>
                        • Podpora p\u0159ihl\u00e1\u0161en\u00ed p\u0159es HTTPS<\/li><\/ul>\n\n\n\n

                          Webov\u00e1 bezpe\u010dnost<\/strong><\/strong><\/p>\n\n\n\n