Click here to load reader
Upload
dangtuong
View
338
Download
4
Embed Size (px)
Citation preview
V1.6
SDN
http://www.cloudguarding.com
2017
72102
201210
http://www.cloudguarding.com
+86-021-51355830
+86-021-51355830
1CloudASG9
1.19
1.29
1.39
211
312
3.1CloudASG12
3.2CloudASG12
415
4.115
4.216
518
5.118
5.1.119
5.1.221
5.224
5.2.125
5.326
5.3.126
5.427
5.528
631
6.131
6.1.132
6.1.234
6.1.335
6.1.437
739
7.139
7.242
7.344
7.444
7.546
7.5.146
7.5.249
7.5.351
7.652
7.6.152
7.6.255
7.6.356
7.6.457
7.7WEB57
7.7.1WEB58
7.7.2WEB59
7.7.3WEB59
7.8CC60
7.9CSRF64
7.9.1CSRF64
7.9.2CSRF66
7.9.3CSRF67
7.1067
7.10.168
7.10.268
7.10.369
7.10.469
7.1172
7.11.173
7.11.274
7.11.374
7.11.475
7.11.575
7.1275
7.12.176
7.12.276
7.12.377
878
8.178
8.279
8.380
8.480
8.581
8.682
8.6.1/83
8.6.283
8.784
8.7.1/85
8.7.286
8.888
8.8.190
8.8.291
8.9HTTP/HTTPS92
8.1093
8.10.194
8.10.296
8.10.396
8.10.497
8.10.598
8.11101
9102
9.1102
9.1.1102
9.1.2105
9.2109
9.2.1109
9.2.2113
10119
10.1119
10.2120
10.3121
10.4/122
11124
12126
12.1126
12.1.1126
12.1.2syslog127
12.1.3128
12.1.4129
12.1.5131
12.1.6132
12.2134
12.2.1134
12.2.2137
12.3139
12.3.1139
12.3.2141
12.3.3142
12.4142
12.4.1143
12.4.2145
12.5148
12.6149
12.6.1149
12.6.2150
12.6.3153
12.7153
12.7.1154
12.7.2156
13157
14158
1 CloudASG1.1
1-1
CloudASGCloudASGCloudASGWEBCloudASGIPMAC
1.2
1-2
CloudASGCloudASGWEB
1.3
CloudASGHTTPCloudASG
1-3
2
1 -\
2 -
3 ->
4 ->WEBCCCSRF
5 -
3 3.1 CloudASG
ChromeFirefoxIE10CloudASGhttps://management_IP/CloudASG
3-1
3-2
3.2 CloudASG
CloudASG
3-3
CloudASG
1
TOP10
CloudASGCPUCloudASG
2
CloudASG
CloudASG
CloudASG
CloudASG
CloudASG
3 CloudASG.
4 CloudASGWEBCCCSRF
5 CloudASG
6 ,wordPDF
7 /
8 syslog
4
CPU
4.1
TOP10
-
4-1
TOP10TOP10
----
4.2
CloudASGCPUCloudASG
-
4-2
CloudASGCPU
CloudASG
4-3
CloudASGcpu
4-4
5
CloudASG
CloudASG
5.1
->
5-1
IPURI
IPURI5.1.1
CSVCSV
IPURIIP5.1.2
5.1.1
IPURI
5-2
ctrl
IPIP
URIURI
ctrl
ctrl
5.1.2
5-3
:
IP:IP
:
:HOSTIP
URI:url
IP:IP
:
HTTPUser-AgentRefererHostCookie
CloudASGHTTP
CloudASGHTTP
CloudASGHTTP
User-AgentHTTP,CPU
RefererRefererHTTP,URLURL
:8.7.2
:
:
HTTP3
Content-Length
webcccsrf7.4
:,8.5
httphttp
5.2
CloudASG
->
5-4
IP
5-5
CloudASG
IP5.2.1
CSV
CSV
5.2.1
IP
5-6
ctrl
IPIP
ctrl
5.3
->
5-7
IPURI
IPURL5.3.1
5.3.1
5-8
IDID
IDID
IDID
IPIP
URLurl
5.4
->
5-9
IPURI
CSV
CSV
5.5
CloudASG
5-10
CloudASG
URL
REFFERRefererHTTP,URLURL
6
CloudASG
6.1
CloudASGCloudASG
-
6-1
ASGIP
ASG
ASG
CloudASG
CloudASGCloudASGAscendCloudAscendCloud
1CloudASG
IPASGIP[eth0: 192.168.7.105][ASGIP]
ASG
ASGCloudASG
ASGCloudASG
ASG
ASG
ASG
ASG
ASG
90%BYPASS
WEBWEB200M
IP
ASGIP6.1.1ASG
6.1.2
ASG6.1.3
ASG6.1.4
6.1.1
ASGIP
1
6-2
2IP
3
ASG
CloudASG1 CloudASG
WEBWEB200M
DNSASGDNSDNS
ASGDNS
ASG
90%BYPASS
6.1.2
ASGCloudASG
1ASG-
6-3
BypassBypass
2
6-4
3
CloudASGbypass
6.1.3
1ASG-
6-5
6.1.3.16.1.3.26.1.3.36.1.3.4
6.1.3.1
HA
1
6-6
2
HAHAIP
IPIP
IP
IP
6.1.3.2
1
6-7
2
stpSpanning Tree Protocol
6.1.3.3
:stp
1
6-8
2
6.1.3.4
1-
6-9
2
6.1.4
6-10
ASG
IDASGID
ASG
ASG
ASG
7.4
7
WEBCCCSRF
->
7-1
IP
webCCCSRF7.4
7.1
1
7-1-1
2
7-1-2
CloudASG
URLURL
IPIPIPX-Forwarded-ForX-Real-IPIP
IPIP
X-Forwarded-For()IPX-Forwarded-For4.4.4.4headerX-Forwarded-For: 1.1.1.1, 2.2.2.2, 3.3.3.3 1.1.1.12.2.2.23.3.3.3IP4.4.4.4
X-Real-IPIP
HTTPS
CloudASG
CloudASG
CloudASGkeepalive
CloudASGkeepalive
+++++++
CloudASG
CloudASG
CloudASG
7.2
1
7-2-1
2
3
7.3
1
2
7-3-1
7.4
7-4-1
IDID
8.5
WEBCCCSRF
7.5
,http/httpsweb
->
7-5-1
6.1.4
7.5.1
webhttp
web
7.5.1.1
ASG
7-5-2
HTTPHTTPSHTTPS
ASG
IP
1-65535
ASG
7.5.1.2
ASG
7-5-3
HTTPHTTPSHTTPHTTPSHTTP
ASG
IPASGIPASGIP
1-65535
IP
1-65535
7.5.1.3
ASG
7-5-4
HTTPHTTPSHTTPS
ASG
IP
1-65535
7.5.2
1
7-5-5
7-5-6
7-5-7
2
3
7.5.3
1
7-5-8
2
7-5-9
7.6
IPIP
->
7-6-1
IPIPURL
7.6.1
IPIP
1
7-6-2
2
7-6-3
7-6-4
IP
:IP
:IP
:IP
,
7-6-5
IPIPIPX-Forwarded-ForX-Real-IPIP
IPIP
X-Forwarded-For()IPX-Forwarded-For
X-Real-IPIP
IPIPIP
IPIPIPIP192.168.2/24
URLURLURLURLURL
URL
IP
IPURL
IP
URLURL
5.1
7.6.2
1
7-6-6
2
3
7.6.3
1
7-6-7
2
7-6-8
7.6.4
1/
7-6-9
7-6-10
7.7 WEB
Webwebweb
->Web
7-7-1Web
URL
URL
Web
7.7.1 WEB
Webwebweb
1WebWEBweb
7-7-2 Web
2 WebWeb
Web
URLWEBURLURL
URL
doc,docx,ppt,pptx,xls,xlsx,txtgif,jpg,jpeg,pnghtml,htmCtrl
7-7-3
7.7.2 WEB
Web
1 WEBweb
7-7-4 Web
2WebWeb
3
7.7.3 WEB
WEBWEB
1WEBWEB
7-7-5WEB
2WEBWEBWEB
7-7-6WEB
7.8 CC
CCCCCC
->CC
7-8-1 CC
URLIP
URL
CC
7.8.1.1 CC
CCCC
1CCCCCC
7-8-2 CC
2 CCCC
CC
URLURLURLCC
IPIPIPX-Forwarded-ForX-Real-IPIP
IPIP
X-Forwarded-For()IPX-Forwarded-For
X-Real-IPIP
/
CC
CC,:
: CC
:CC
:CC
,
7-8-3 CC
CC
5.1
CC
CC
CC
7.8.1.2 CC
CC
1CCCC
7-8-4 CC
2CCCC
3
7.8.1.3 CC
CCCC
1CCCC
7-8-5CC
2CCCCCC
7-8-6CC
7.9 CSRF
CSRFCross-Site Request Forgery
CSRF,CSRF
CSRF
->CSRF
7-9-1 CSRF
URL
URL
CSRF
7.9.1 CSRF
CSRFCSRF
1CSRFCSRFCSRF
7-9-2CSRF
2CSRFCSRF
CSRF
URLURLURLCSRF
CSRF,:
: CSRF
:CSRF
:CSRF
,
7-9-3 CSRF
CSRF
CSRF5.1
CSRF
CSRF
CSRF
CSRF
7.9.2 CSRF
CSRF
1CSRFCSRF
7-9-4 CSRF
2CSRFCSRF
3
7.9.3 CSRF
CSRFCSRF
1CSRFCSRF
7-9-5CSRF
2CSRFCSRFCSRF
7-9-6CSRF
7.10
,
->
7-10-1
7.10.1
1
7-10-2