Download Sophos UTM
Transcript
Sophos UTM 管çã¬ã€ã 補åããŒãžã§ã³:9.100 ããã¥ã¡ã³ãäœææ¥:2013幎10æ7æ¥ åœææžã«èšèŒãããŠããä»æ§ãšæ å ±ã¯ãäºåãªãå€æŽãããå ŽåããããŸããäŸã§äœ¿çšãããŠããäŒç€Ÿã ååãããŒã¿ã¯ãæèšãããŠããå Žåãé€ãæ¶ç©ºã®ãã®ã§ããAstaro GmbH & Co. KG ã®æžé¢ã«ããæ瀺ç ãªèš±å¯ãªããåœææžã®äžéšãŸãã¯å šäœãæ段ãåããè€è£œãŸãã¯é åžããããšã¯ããããªãçç±ã«ãã ãŠãèš±å¯ãããŸãããæ¬ããã¥ã¢ã«åæã®ç¿»èš³ã«ã¯ããããã¥ã¢ã«åæã®ç¿»èš³( Translation of the original manual) ããšèšèŒããªããã°ãªããŸããã © 2000â2013 Astaro GmbH & Co. KG. All rights reserved. Amalienbadstraße 41/Bau 52, 76227 Karlsruhe, Germany http://www.sophos.co.jp Sophos UTMãSophos UTM ManagerãAstaro Security GatewayãAstaro Command CenterãAstaro Gateway Managerãããã³ WebAdmin ã¯ãAstaro GmbH & Co. KG ã®ç»é²åæšã§ããCisco ã¯ãCisco Systems Inc. ã®ç» é²åæšã§ããiOS ã¯ãApple Inc. ã®ç»é²åæšã§ããLinux ã¯ãLinus Torvalds ã®ç»é²åæšã§ããä»ã®ãã¹ãŠã® åæšã¯ã該åœããææè ã®è²¡ç£ã§ãã éå®ä¿èšŒ åœææžã«èšèŒãããŠããæ å ±ã®æ£ç¢ºæ§ã¯ä¿èšŒãããŸãããã³ã¡ã³ããä¿®æ£ã«ã€ããŠã¯ã[email protected]ãŸã§ãé£çµ¡ãã ããã ç®æ¬¡ 1 ã€ã³ã¹ããŒã« 1.1 åèè³æ 1.2 ã·ã¹ãã èŠä»¶ 1.2.1 UPS ããã€ã¹ã®ãµããŒã 1.2.2 RAID ãµããŒã 1.3 ã€ã³ã¹ããŒã«æé 1.3.1 ã€ã³ã¹ããŒã«äžã®äž»ãªæ©èœ 1.3.2 ã€ã³ã¹ããŒã«äžã®ç¹å¥ãªãªãã·ã§ã³ 1.3.3 ã€ã³ã¹ããŒã« Sophos UTM 1.4 åºæ¬èšå® 1.5 ããã¯ã¢ãããªã¹ã㢠2 WebAdmin 2.1 WebAdmin ã¡ãã¥ãŒ 2.2 ãã¿ã³ã㌠2.3 ãªã¹ã 2.4 ãªã¹ãã®æ€çŽ¢ 2.5 ãã€ã¢ãã°ããã¯ã¹ 2.6 ãã¿ã³ãšã¢ã€ã³ã³ 2.7 ãªããžã§ã¯ããªã¹ã 3 ããã·ã¥ããŒã 3.1 ããã·ã¥ããŒãèšå® 3.2 ãããŒã¢ãã¿ 4 ãããžã¡ã³ã 4.1 ã·ã¹ãã èšå® 4.1.1 çµç¹ 4.1.2 ãã¹ãå 4.1.3 æ¥ä»ãšæå» 4.1.4 ã·ã§ã«ã¢ã¯ã»ã¹ 4.1.5 ã¹ãã£ã³èšå® 4.1.6 èšå®ãŸãã¯ãã¹ã¯ãŒãã®ãªã»ãã 4.2 WebAdmin èšå® 4.2.1 äžè¬ 4.2.2 ã¢ã¯ã»ã¹å¶åŸ¡ 4.2.3 HTTPS 蚌ææž 4.2.4 ãŠãŒã¶èšå® 4.2.5 詳现 15 15 15 16 17 17 17 18 18 21 26 29 30 31 32 33 34 35 37 39 41 42 47 47 48 48 48 51 52 52 53 53 54 55 56 57 ç®æ¬¡ 4.3 ã©ã€ã»ã³ã¹ 4.3.1 ã©ã€ã»ã³ã¹ã®ååŸæ¹æ³ 4.3.2 ã©ã€ã»ã³ã¹ã¢ãã« 4.3.3 æŠèŠ 4.3.4 ã€ã³ã¹ããŒã« 4.3.5 ã¢ã¯ãã£ã㪠IP ã¢ãã¬ã¹ 4.4 Up2Date 4.4.1 æŠèŠ 4.4.2 èšå® 4.4.3 詳现 4.5 ããã¯ã¢ãã/ãªã¹ã㢠4.5.1 ããã¯ã¢ãã/ãªã¹ã㢠4.5.2 èªåããã¯ã¢ãã 4.6 ãŠãŒã¶ããŒã¿ã« 4.6.1 ã°ããŒãã« 4.6.2 詳现 4.7 éç¥ 4.7.1 ã°ããŒãã« 4.7.2 éç¥ 4.7.3 詳现 4.8 ã«ã¹ã¿ãã€ãº 4.8.1 ã°ããŒãã« 4.8.2 Web ã¡ãã»ãŒãž 4.8.2.1 Web ã¡ãã»ãŒãžã®ä¿®æ£ 4.8.2.2 ããŠã³ããŒããããŒãžã£ 4.8.3 Web ãã³ãã¬ãŒã 4.8.3.1 Web ãã³ãã¬ãŒãã®ã«ã¹ã¿ãã€ãº 4.8.3.2 ã«ã¹ã¿ã Web ãã³ãã¬ãŒããšç»åã®ã¢ããããŒã 4.8.4 ã¡ãŒã«ã¡ãã»ãŒãž 4.9 SNMP 4.9.1 ã¯ãšãª 4.9.2 ãã©ãã 4.10 éäžç®¡ç(HA) 4.10.1 Sophos UTM Manager 4.11 åé·å(HA) 4.11.1 ããŒããŠã§ã¢ãšãœãããŠã§ã¢ã®èŠä»¶ 4.11.2 ã¹ããŒã¿ã¹ 4.11.3 ã·ã¹ãã ã¹ããŒã¿ã¹ 4.11.4 èšå® 4.12 ã·ã£ããããŠã³ãšãªã¹ã¿ãŒã 5 å®çŸ©ãšãŠãŒã¶ iv 59 59 61 64 65 66 66 66 68 69 70 70 73 74 77 77 78 79 79 79 80 80 82 84 84 85 85 86 86 87 88 89 90 90 93 94 95 96 96 100 101 UTM 9 管çã¬ã€ã ç®æ¬¡ 5.1 ãããã¯ãŒã¯å®çŸ© 5.1.1 ãããã¯ãŒã¯å®çŸ© 5.1.2 MAC ã¢ãã¬ã¹å®çŸ© 5.2 ãµãŒãã¹å®çŸ© 5.3 æé垯å®çŸ© 5.4 ãŠãŒã¶ãšã°ã«ãŒã 5.4.1 ãŠãŒã¶ 5.4.2 ã°ã«ãŒã 5.5 ã¯ã©ã€ã¢ã³ãèªèšŒ 5.6 èªèšŒãµãŒã 5.6.1 ã°ããŒãã«èšå® 5.6.2 ãµãŒã 5.6.2.1 eDirectory 5.6.2.2 Active Directory 5.6.2.3 LDAP 5.6.2.4 RADIUS 5.6.2.5 TACACS+ 5.6.3 ã·ã³ã°ã«ãµã€ã³ãªã³ 5.6.4 詳现 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.1 ã€ã³ã¿ãã§ãŒã¹ 6.1.1 ã€ã³ã¿ãã§ãŒã¹ 6.1.1.1 èªåã€ã³ã¿ãã§ãŒã¹ãããã¯ãŒã¯å®çŸ© 6.1.1.2 ã€ã³ã¿ãã§ãŒã¹ã¿ã€ã 6.1.1.3 ã°ã«ãŒã 6.1.1.4 3G/UMTS 6.1.1.5 ã€ãŒãµãããã¹ã¿ãã£ã㯠6.1.1.6 ã€ãŒãµããã VLAN 6.1.1.7 ã€ãŒãµããã DHCP 6.1.1.8 DSL (PPPoE) 6.1.1.9 DSL (PPPoA/PPTP) 6.1.1.10 ã¢ãã (PPP) 6.1.2 è¿œå ã¢ãã¬ã¹ 6.1.3 ãªã³ã¯ã¢ã°ãªã²ãŒã·ã§ã³ 6.1.4 ã¢ãããªã³ã¯ãã©ã³ã·ã³ã° 6.1.5 ãã«ããã¹ã«ãŒã« 6.1.6 ããŒããŠã§ã¢ 6.2 ããªããž 6.2.1 ã¹ããŒã¿ã¹ 6.2.2 詳现 UTM 9 管çã¬ã€ã 101 101 106 107 109 110 110 113 115 117 117 118 119 120 123 124 126 127 129 131 131 132 133 133 135 136 138 140 142 143 146 148 150 151 152 156 158 160 160 161 v ç®æ¬¡ 6.3 QoS 6.3.1 ã¹ããŒã¿ã¹ 6.3.2 ãã©ãã£ãã¯ã»ã¬ã¯ã¿ 6.3.3 垯åå¹ ããŒã« 6.3.4 ããŠã³ããŒã垯åå¹ èª¿æŽ 6.3.5 詳现 6.4 ã¢ãããªã³ã¯ã¢ãã¿ãªã³ã° 6.4.1 ã°ããŒãã« 6.4.2 ã¢ã¯ã·ã§ã³ 6.4.3 詳现 6.5 IPv6 6.5.1 ã°ããŒãã« 6.5.2 ãã¬ãã£ãã¯ã¹åºå 6.5.3 åå²ãåœãŠ 6.5.4 6to4 6.5.5 ãã³ãã«ãããŒã«ãŒ 6.6 ã¹ã¿ãã£ãã¯ã«ãŒãã£ã³ã° 6.6.1 æšæºã¹ã¿ãã£ãã¯ã«ãŒã 6.6.2 ããªã·ãŒã«ãŒã 6.7 OSPF 6.7.1 ã°ããŒãã« 6.7.2 ãšãªã¢ 6.7.3 ã€ã³ã¿ãã§ãŒã¹ 6.7.4 ã¡ãã»ãŒãžãã€ãžã§ã¹ã 6.7.5 ãããã° 6.7.6 詳现 6.8 BGP 6.8.1 ã°ããŒãã« 6.8.2 ã·ã¹ãã 6.8.3 ãã€ã㌠6.8.4 ã«ãŒãããã 6.8.5 ãã£ã«ã¿ãªã¹ã 6.8.6 詳现 6.9 ãã«ããã£ã¹ãã«ãŒãã£ã³ã° (PIM-SM) 6.9.1 ã°ããŒãã« 6.9.2 ã€ã³ã¿ãã§ãŒã¹ 6.9.3 RPã«ãŒã¿ 6.9.4 ã«ãŒã 6.9.5 詳现 7 ãããã¯ãŒã¯ãµãŒãã¹ vi 162 162 164 168 169 170 171 171 172 173 175 176 176 177 178 179 180 180 181 183 183 184 186 187 188 188 189 190 190 191 193 194 195 196 197 198 199 199 200 203 UTM 9 管çã¬ã€ã ç®æ¬¡ 7.1 DNS 7.1.1 ã°ããŒãã« 7.1.2 ãã©ã¯ãŒã 7.1.3 ãªã¯ãšã¹ãã«ãŒãã£ã³ã° 7.1.4 ã¹ã¿ãã£ãã¯ãšã³ã㪠7.1.5 DynDNS 7.2 DHCP 7.2.1 ãµãŒã 7.2.2 ãªã¬ãŒ 7.2.3 ã¹ã¿ãã£ãã¯ãããã³ã° 7.2.4 IPv4 ãªãŒã¹ããŒãã« 7.2.5 IPv6 ãªãŒã¹ããŒãã« 7.2.6 ãªãã·ã§ã³ 7.3 NTP 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ 8.1 ãã¡ã€ã¢ãŠã©ãŒã« 8.1.1 ã«ãŒã« 8.1.2 éåä¿¡åœå¥ããã㯠8.1.3 éåä¿¡åœé€å€ 8.1.4 ICMP 8.1.5 詳现 8.2 NAT 8.2.1 ãã¹ã«ã¬ãŒã 8.2.2 NAT 8.3 äŸµå ¥é²åŸ¡(IPS) 8.3.1 ã°ããŒãã« 8.3.2 æ»æãã¿ãŒã³ 8.3.3 DoS/ãã©ããé²åŸ¡ 8.3.4 ããŒãã¹ãã£ã³é²åŸ¡ 8.3.5 é€å€ 8.3.6 詳现 8.4 ãµãŒãããŒããã©ã³ã·ã³ã° 8.4.1 åæ£ã«ãŒã« 8.5 VoIP 8.5.1 SIP 8.5.2 H.323 8.6 詳现 8.6.1 ãžã§ããªãã¯ãããã· 8.6.2 SOCKS ãããã· 8.6.3 IDENTãªããŒã¹ãããã· UTM 9 管çã¬ã€ã 203 203 204 205 205 205 208 208 211 212 212 213 215 217 219 219 219 223 224 225 226 229 229 230 233 234 235 236 238 239 241 242 242 245 245 246 247 247 248 249 vii ç®æ¬¡ 9 Web ãããã¯ã·ã§ã³ 9.1 Web ãã£ã«ã¿ãªã³ã° 9.1.1 ã°ããŒãã« 9.1.2 ãŠã€ã«ã¹/ãã«ãŠã§ã¢å¯Ÿç 9.1.3 URL ãã£ã«ã¿ãªã³ã° 9.1.4 URL ãã£ã«ã¿ãªã³ã°ã«ããŽãª 9.1.5 é€å€ 9.1.6 詳现 9.1.7 HTTPS CA 9.2 Web ãã£ã«ã¿ãªã³ã°ãããã¡ã€ã« 9.2.1 æŠèŠ 9.2.2 ãããã·ãããã¡ã€ã« 9.2.3 ãã£ã«ã¿å²åœãŠ 9.2.4 ãã£ã«ã¿ã¢ã¯ã·ã§ã³ 9.2.5 芪ãããã· 9.3 ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã« 9.3.1 ãããã¯ãŒã¯å¯èŠå 9.3.2 ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã«ã«ãŒã« 9.3.3 詳现 9.4 FTP 9.4.1 ã°ããŒãã« 9.4.2 ãŠã€ã«ã¹å¯Ÿç 9.4.3 é€å€ 9.4.4 詳现 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 10.1 SMTP 10.1.1 ã°ããŒãã« 10.1.2 ã«ãŒãã£ã³ã° 10.1.3 ãŠã€ã«ã¹å¯Ÿç 10.1.4 ã¹ãã 察ç 10.1.5 é€å€ 10.1.6 ãªã¬ãŒ 10.1.7 詳现 10.2 SMTP ãããã¡ã€ã« 10.3 POP3 10.3.1 ã°ããŒãã« 10.3.2 ãŠã€ã«ã¹å¯Ÿç 10.3.3 ã¹ãã 察ç 10.3.4 é€å€ 10.3.5 詳现 viii 251 252 252 256 257 261 262 264 270 273 274 275 280 281 285 286 286 287 289 290 290 291 292 293 295 295 295 296 298 301 306 307 309 312 316 316 317 318 319 320 UTM 9 管çã¬ã€ã ç®æ¬¡ 10.4 æå·å 10.4.1 ã°ããŒãã« 10.4.2 ãªãã·ã§ã³ 10.4.3 å éšãŠãŒã¶ 10.4.4 S/MIME èªèšŒå± 10.4.5 S/MIME 蚌ææž 10.4.6 OpenPGP å ¬ééµ 10.5 éé¢ã¬ããŒã 10.5.1 ã°ããŒãã« 10.5.2 é€å€ 10.5.3 詳现 10.6 ã¡ãŒã«ãããŒãžã£ 10.6.1 ã¡ãŒã«ãããŒãžã£ãŠã£ã³ã㊠10.6.1.1 SMTP/POP3 éé¢ 10.6.1.2 SMTP Spool 10.6.1.3 SMTP ãã° 10.6.2 ã°ããŒãã« 10.6.3 èšå® 11 ãšã³ããã€ã³ããããã¯ã·ã§ã³ 11.1 ã³ã³ãã¥ãŒã¿ç®¡ç 11.1.1 ã°ããŒãã« 11.1.2 ãšãŒãžã§ã³ãã®å°å ¥ 11.1.3 ã³ã³ãã¥ãŒã¿ã®ç®¡ç 11.1.4 ã°ã«ãŒã管ç 11.1.5 詳现 11.2 ãŠã€ã«ã¹å¯Ÿç 11.2.1 ããªã·ãŒ 11.2.2 é€å€ 11.3 ããã€ã¹ã³ã³ãããŒã« 11.3.1 ããªã·ãŒ 11.3.2 é€å€ 11.4 Webã³ã³ãããŒã« 11.4.1 ã°ããŒãã« 11.4.2 詳现 11.4.3 察å¿ããŠããªãæ©èœ 12 ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ 12.1 ã°ããŒãã«èšå® 12.1.1 ã°ããŒãã«èšå® 12.1.2 詳现 12.2 ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ UTM 9 管çã¬ã€ã 325 327 328 329 331 332 333 334 335 336 337 338 339 339 341 342 343 344 347 349 349 350 351 352 354 354 354 356 358 358 359 361 362 362 362 365 366 366 367 367 ix ç®æ¬¡ 12.3 ã¢ã¯ã»ã¹ãã€ã³ã 12.3.1 æŠèŠ 12.3.2 ã°ã«ãŒãå 12.4 ã¡ãã·ã¥ãããã¯ãŒã¯ 12.5 ã¯ã€ã€ã¬ã¹ã¯ã©ã€ã¢ã³ã 12.6 ãããã¹ããã 12.6.1 ã°ããŒãã« 12.6.2 ãããã¹ããã 12.6.3 ããŠãã£ãŒå®çŸ© 12.6.4 詳现 13 Web ãµãŒããããã¯ã·ã§ã³ 13.1 WAF 13.1.1 ã°ããŒãã« 13.1.2 ä»®æ³ Web ãµãŒã 13.1.3 ããã¯ãšã³ãWebãµãŒã 13.1.4 ãã¡ã€ã¢ãŠã©ãŒã«ãããã¡ã€ã« 13.1.5 é€å€ 13.1.6 ãµã€ããã¹ã«ãŒãã£ã³ã° 13.1.7 詳现 13.2 蚌ææžç®¡ç 13.2.1 蚌ææž 13.2.2 èªèšŒå± (CA) 13.2.3 蚌ææžå€±å¹ãªã¹ã(CRL) 13.2.4 詳现 14 RED ãããžã¡ã³ã 14.1 æŠèŠ 14.2 ã°ããŒãã«èšå® 14.3 [ãµãŒã] ã¯ã©ã€ã¢ã³ããããžã¡ã³ã 14.4 [ãµãŒã] å°å ¥ãã«ã 14.5 [ã¯ã©ã€ã¢ã³ã] ãã³ãã«ãããžã¡ã³ã 15 ãµã€ãé VPN 15.1 Amazon VPC 15.1.1 ã¹ããŒã¿ã¹ 15.1.2 ã»ããã¢ãã 15.2 IPsec 15.2.1 ã³ãã¯ã·ã§ã³ 15.2.2 ãªã¢ãŒãã²ãŒããŠã§ã€ 15.2.3 ããªã·ãŒ 15.2.4 ããŒã«ã« RSA éµ x 371 372 376 377 380 381 382 383 385 386 387 387 387 388 390 391 395 396 398 398 398 398 399 399 401 402 402 403 410 413 415 416 416 417 418 421 422 425 428 UTM 9 管çã¬ã€ã ç®æ¬¡ 15.2.5 詳现 15.2.6 ãããã° 15.3 SSL 15.3.1 ã³ãã¯ã·ã§ã³ 15.3.2 èšå® 15.3.3 詳现 15.4 蚌ææžç®¡ç 15.4.1 蚌ææž 15.4.2 èªèšŒå± 15.4.3 蚌ææžå€±å¹ãªã¹ã(CRL) 15.4.4 詳现 16 ãªã¢ãŒãã¢ã¯ã»ã¹ 16.1 SSL 16.1.1 ãããã¡ã€ã« 16.1.2 èšå® 16.1.3 詳现 16.2 PPTP 16.2.1 ã°ããŒãã« 16.2.2 iOS ããã€ã¹ 16.2.3 詳现 16.3 L2TP over IPsec 16.3.1 ã°ããŒãã« 16.3.2 iOS ããã€ã¹ 16.3.3 ãããã° 16.4 IPsec 16.4.1 ã³ãã¯ã·ã§ã³ 16.4.2 ããªã·ãŒ 16.4.3 詳现 16.4.4 ãããã° 16.5 HTML5 VPN ããŒã¿ã« 16.5.1 ã°ããŒãã« 16.6 Cisco VPN ã¯ã©ã€ã¢ã³ã 16.6.1 ã°ããŒãã« 16.6.2 iOS ããã€ã¹ 16.6.3 ãããã° 16.7 詳现 16.8 蚌ææžç®¡ç 16.8.1 蚌ææž 16.8.2 èªèšŒå± (CA) 16.8.3 蚌ææžå€±å¹ãªã¹ã(CRL) UTM 9 管çã¬ã€ã 429 431 432 432 434 435 436 437 439 440 440 443 444 444 445 446 448 448 450 450 451 451 454 454 455 458 459 463 465 465 466 469 469 470 471 472 472 473 473 473 xi ç®æ¬¡ 16.8.4 詳现 473 17 ãã°ãšã¬ããŒã 475 17.1 ãã°ãã¡ã€ã«ã®é²èŠ§ 17.1.1 ä»æ¥ã®ãã°ãã¡ã€ã« 17.1.2 ã¢ãŒã«ã€ããã°ãã¡ã€ã« 17.1.3 ãã°ãã¡ã€ã«ã®æ€çŽ¢ 17.2 ããŒããŠã§ã¢ 17.2.1 ãã€ãªãŒ 17.2.2 ãŠã£ãŒã¯ãªãŒ 17.2.3 ãã³ã¹ãªãŒ 17.2.4 幎次 17.3 ãããã¯ãŒã¯äœ¿çšç¶æ³ 17.3.1 ãã€ãªãŒ 17.3.2 ãŠã£ãŒã¯ãªãŒ 17.3.3 ãã³ã¹ãªãŒ 17.3.4 幎次 17.3.5 垯å䜿çšç¶æ³ 17.4 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ 17.4.1 ãã€ãªãŒ 17.4.2 ãŠã£ãŒã¯ãªãŒ 17.4.3 ãã³ã¹ãªãŒ 17.4.4 幎次 17.4.5 ãã¡ã€ã¢ãŠã©ãŒã« 17.4.6 IPS 17.5 Webãããã¯ã·ã§ã³ 17.5.1 Web 䜿çšç¶æ³ã¬ããŒã 17.5.2 æ€çŽ¢ãšã³ãžã³ã¬ããŒã 17.5.3 éšé 17.5.4 ã¹ã±ãžã¥ãŒã«ã¬ããŒã 17.5.5 ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã« 17.5.6 éå¿åå 17.6 Eã¡ãŒã«ãããã¯ã·ã§ã³ 17.6.1 䜿çšç¶æ³ã°ã©ã 17.6.2 ã¡ãŒã«äœ¿çšç¶æ³ 17.6.3 ãããã¯ã¡ãŒã« 17.6.4 éå¿åå 17.7 ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ 17.7.1 ãã€ãªãŒ 17.7.2 ãŠã£ãŒã¯ãªãŒ 17.7.3 ãã³ã¹ãªãŒ xii 477 477 477 478 478 478 479 479 479 479 480 480 480 480 480 482 482 482 482 482 483 483 484 484 487 490 491 491 492 493 493 493 494 494 495 495 495 495 UTM 9 管çã¬ã€ã ç®æ¬¡ 17.7.4 幎次 17.8 ãªã¢ãŒãã¢ã¯ã»ã¹ 17.8.1 ã¢ã¯ãã£ãã㣠17.8.2 ã»ãã·ã§ã³ 17.9 Web ãµãŒããããã¯ã·ã§ã³ 17.9.1 䜿çšç¶æ³ã°ã©ã 17.9.2 詳现 17.10 ãšã°ãŒã¯ãã£ãã¬ããŒã 17.10.1 ã¬ããŒããèŠã 17.10.2 ã¢ãŒã«ã€ããšã°ãŒã¯ãã£ãã¬ããŒã 17.10.3 èšå® 17.11 ãã°èšå® 17.11.1 ããŒã«ã«ãã° 17.11.2 Syslogéä¿¡ãã°éžæ 17.11.3 ãªã¢ãŒããã°ãã¡ã€ã«ã¢ãŒã«ã€ã 17.12 ã¬ããŒãèšå® 17.12.1 èšå® 17.12.2 é€å€ 17.12.3 å¿åå 18 ãµããŒã 18.1 ããã¥ã¡ã³ã 18.2 å°å·å¯èœåœ¢åŒèšå®æ å ± 18.3 ãµããŒãçªå£ 18.4 ããŒã« 18.4.1 Ping ãã§ã㯠18.4.2 Traceroute 18.4.3 DNS ã«ãã¯ã¢ãã 18.5 詳现 18.5.1 ããã»ã¹ãªã¹ã 18.5.2 LAN ã³ãã¯ã·ã§ã³ 18.5.3 ã«ãŒãã£ã³ã°ããŒãã« 18.5.4 ã€ã³ã¿ãã§ãŒã¹ããŒãã« 18.5.5 ã³ã³ãã£ã°ãã³ã 18.5.6 REF_ ããªãŸã«ã 496 496 496 496 497 497 497 498 498 498 498 499 499 500 501 503 503 506 507 509 509 510 510 511 511 512 512 513 513 513 513 513 514 514 19 ãã°ãªã 515 20 ãŠãŒã¶ããŒã¿ã« 517 20.1 ãŠãŒã¶ããŒã¿ã«:éé¢ã¡ãŒã« 20.2 ãŠãŒã¶ããŒã¿ã«:ã¡ãŒã«ãã° 20.3 ãŠãŒã¶ããŒã¿ã«:POP3 ã¢ã«ãŠã³ã UTM 9 管çã¬ã€ã 517 519 520 xiii ç®æ¬¡ 20.4 ãŠãŒã¶ããŒã¿ã«:éä¿¡è ãã¯ã€ããªã¹ã 20.5 ãŠãŒã¶ããŒã¿ã«:éä¿¡è ãã©ãã¯ãªã¹ã 20.6 ãŠãŒã¶ããŒã¿ã«:ãããã¹ããã 20.7 ãŠãŒã¶ããŒã¿ã«:ã¯ã©ã€ã¢ã³ãèªèšŒ 20.8 ãŠãŒã¶ããŒã¿ã«:ãªã¢ãŒãã¢ã¯ã»ã¹ 20.9 ãŠãŒã¶ããŒã¿ã«:HTML5 VPNããŒã¿ã« 20.10 ãŠãŒã¶ããŒã¿ã«:ãã¹ã¯ãŒãã®å€æŽ 20.11 ãŠãŒã¶ããŒã¿ã«:HTTPS ãããã· xiv 520 521 521 524 524 524 526 526 UTM 9 管çã¬ã€ã 1 ã€ã³ã¹ããŒã« ãã®ã»ã¯ã·ã§ã³ã¯ããããã¯ãŒã¯ãžã®Sophos UTMã®ã€ã³ã¹ããŒã«ãšã»ããã¢ããã«ã€ããŠã®æ å ±ãæ äŸããŸããSophos UTMã®ã€ã³ã¹ããŒã«ã¯ã2ã€ã®ã¹ãããã§è¡ããŸãããŸããœãããŠã§ã¢ãã€ã³ã¹ã㌠ã«ãã次ã«åºæ¬ã·ã¹ãã èšå®ãè¡ããŸãããœãããŠã§ã¢ã®ã€ã³ã¹ããŒã«ã«å¿ èŠãªåæã»ããã¢ãã ã¯ãã³ã³ãœãŒã«ããŒã¹ã®ã€ã³ã¹ããŒã«ã¡ãã¥ãŒã§è¡ããŸããå éšèšå®ã¯ã管çã¯ãŒã¯ã¹ããŒã·ã§ã³ ã§ãSophos UTMã® Web ããŒã¹ã®ç®¡ççšã€ã³ã¿ãã§ãŒã¹ã§ãã WebAdmin ã䜿çšããŠå®è¡ã§ããŸãã ã€ã³ã¹ããŒã«ãéå§ããåã«ãããŒããŠã§ã¢ãã·ã¹ãã ã®æäœèŠä»¶ãæºãããŠããããšã確èªããŠã ã ããã 泚 âSophos UTMããŒããŠã§ã¢ã¢ãã©ã€ã¢ã³ã¹ã䜿çšããå Žåã次ã®ã»ã¯ã·ã§ã³ãã¹ãããããŠãåº æ¬èšå® ã®ã»ã¯ã·ã§ã³ã«çŽæ¥é²ãããšãã§ããŸãããã®çç±ã¯ããã¹ãŠã®Sophos UTMããŒããŠã§ã¢ ã¢ãã©ã€ã¢ã³ã¹ã¯UTMãœãããŠã§ã¢ããã¬ã€ã³ã¹ããŒã«ãããç¶æ ã§åºè·ãããããã§ãã ãã®ç« ã§ã¯ã次ã®ãããã¯ã«ã€ããŠèª¬æããŸãã l åèè³æ l ã·ã¹ãã èŠä»¶ l ã€ã³ã¹ããŒã«æé l åºæ¬èšå® l ããã¯ã¢ãããªã¹ã㢠1.1 åèè³æ ã€ã³ã¹ããŒã«ãå§ããåã«ãSophos UTM補åã®èšå®ã®äžå©ãšãªã以äžã®ããã¥ã¢ã«ãèªãããšã ãå§ãããŸãããããã®ããã¥ã¢ã«ããSophos UTMããŒããŠã§ã¢ã¢ãã©ã€ã¢ã³ã¹è£ 眮ã«å梱ãã㊠ããŸãããŸãã Sophos UTM ãªãœãŒã¹ã»ã³ã¿ãŒã§ããå©çšããã ããŸãã l ã¯ã€ãã¯ã¹ã¿ãŒãã¬ã€ãããŒããŠã§ã¢ l åæ±èª¬ææž( Operating Instructions) 1.2 ã·ã¹ãã èŠä»¶ UTMã®ã€ã³ã¹ããŒã«ããã³äœ¿çšã®ããã®æäœéã®ããŒããŠã§ã¢èŠä»¶ã¯ä»¥äžã®ãšããã§ãã 1.2 ã·ã¹ãã èŠä»¶ 1 ã€ã³ã¹ããŒã« l ããã»ããµ:Pentium 4 (1.5GHz) (ãããã¯äºæã®ãã®) l ã¡ã¢ãª:1GB RAM l HDD:20 GB IDE ãŸã㯠SCSI ããŒããã£ã¹ã¯ãã©ã€ã l CD-ROM ãã©ã€ã:ããŒãå¯èœãª IDE ãŸã㯠SCSI CD-ROMãã©ã€ã l NIC:2æ以äžã® PCI ã€ãŒãµããããããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ã«ãŒã l NIC (ãªãã·ã§ã³):1æã®ããŒãããŒãå¯Ÿå¿ PCI ã€ãŒãµããããããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ã«ãŒãã åé·åã·ã¹ãã ã§ã¯ããã©ã€ããªã·ã¹ãã ãšã»ã«ã³ããªã·ã¹ãã ããããããããŒãããŒãèŠ æ±ãä»ããŠäºãã«éä¿¡ããŸããåé·åã·ã¹ãã ãã»ããã¢ããããå Žåã¯ãäž¡æ¹ã®ãŠãããã« ããŒãããŒã察å¿ã®ãããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ã«ãŒããè£ åããå¿ èŠããããŸãã l USB (ãªãã·ã§ã³):UPS ããã€ã¹ã®éä¿¡çšã« 1ã€ã® USB ããŒã l ã¹ã€ãã (ãªãã·ã§ã³):ãããã¯ãŒã¯ã»ã°ã¡ã³ãã®æ¥ç¶ (ããã³ãã®éã®éžæ) ãè¡ãããã ã¯ãŒã¯ããã€ã¹ããã®ã¹ã€ããã¯ãžã£ã³ããã¬ãŒã ããµããŒãããããšãå¿ èŠã§ãã Sophos ã§ã¯ãUTMãœãããŠã§ã¢ãšäºææ§ãæã€ããŒããŠã§ã¢ããã€ã¹ã®ãªã¹ããçšæããŠããŸãã ããŒããŠã§ã¢äºææ§ãªã¹ã (HCL) ã¯Sophos ãµããŒãããŒã¿ããŒã¹ãããå©çšããã ããŸããUTM㜠ãããŠã§ã¢ã®ã€ã³ã¹ããŒã«ãšäœ¿çšã§ãšã©ãŒã®çºçãé²æ¢ããããã«ãHCL ã«ãªã¹ããããããŒããŠã§ ã¢ã®ã¿ã䜿çšããŠãã ãããWebAdmin ãžã®ã¢ã¯ã»ã¹ã«äœ¿çšãããã¯ã©ã€ã¢ã³ã PC ã«å¿ èŠãªããŒã ãŠã§ã¢ããã³ãœãããŠã§ã¢ã®æ¡ä»¶ã以äžã«ç€ºããŸãã l ããã»ããµ:ã¯ããã¯åšæ³¢æ°: 1GHz ä»¥äž l ãã©ãŠã¶:ææ°ããŒãžã§ã³ã® Firefox (æšå¥š)ãææ°ããŒãžã§ã³ã® Chromeãææ°ããŒãžã§ã³ã® SafariããŸã㯠Microsoft Internet Explorer 8 以éãJavaScript ãæå¹ã«ããå¿ èŠããããŸãã ããã«ãUTMã®å éšãããã¯ãŒã¯ã«ãŒãã® IP ã¢ãã¬ã¹ (eth0) ã«ãããã·ã䜿çšããªãããã«ã ã©ãŠã¶ãèšå®ããå¿ èŠããããŸãã 1.2.1 UPS ããã€ã¹ã®ãµããŒã ç¡åé»é»æºè£ 眮 (UPS) ããã€ã¹ã¯ãå ¬å ±ã®é»åãå©çšã§ããªãå Žåã«ãå¥åã®é»æºããæ¥ç¶ã ãæ©åšã«é»åãäŸçµŠããŠçµŠé»ãç¶æããŸããSophos UTMSophos UTM ã¯ãMGE UPS Systems ãã ã³ APC ã® UPS ããã€ã¹ããµããŒãããŠããŸããUPS ããã€ã¹ãšSophos UTMã®é信㯠USB ã€ã³ã¿ ãã§ãŒã¹ãä»ããŠè¡ãããŸãã UPS ããã€ã¹ãããããªãªãã¬ãŒã·ã§ã³ãå§åãããšã管çè ã«éç¥ãéä¿¡ãããŸããåé»ãé·æ éç¶ã㊠UPS ããã€ã¹ã®é»å§ãéçå€ã«è¿ã¥ããå Žåã¯ã管çè ã«å¥ã®ã¡ãã»ãŒãžãéä¿¡ãã ãŸãããããŠãSophos UTMã¯èªåçã«ã·ã£ããããŠã³ããŸãã 16 UTM 9 管çã¬ã€ã 1 ã€ã³ã¹ããŒã« 1.3 ã€ã³ã¹ããŒã«æé 泚 â Sophos UTMã«UPS ããã€ã¹ãæ¥ç¶ãããšãã¯ãUPS ããã€ã¹ã®äœ¿çšèª¬ææžããèªã¿ãã ã ããUTMã®USB ã€ã³ã¿ãã§ãŒã¹ãä»ããŠããŒã (èµ·å) ãããšãUTM 㯠UPS ããã€ã¹ãèªèã㟠ããUSB ã€ã³ã¿ãã§ãŒã¹ãçžäºã«æ¥ç¶ããŠããSophos UTMãããŒãããŠãã ããã 1.2.2 RAID ãµããŒã RAID (Redundant Array of Independent Disks) ãšã¯ãè€æ°ã®ããŒããã©ã€ãã䜿çšããŠãã©ã€ãé㧠ããŒã¿ãå ±æãããã¯è€è£œããããŒã¿ã¹ãã¬ãŒãžæè¡ã§ããRAID ã·ã¹ãã ãæ€åºãããŠããã·ã¥ ããŒãã«æ£ãã衚瀺ãããããã«ããã«ã¯ãSophos UTMã§ãµããŒãããã RAID ã³ã³ãããŒã©ã䜿çšã ãããšãå¿ èŠã§ãããµããŒããããŠãã RAID ã³ã³ãããŒã©ã確èªããã«ã¯ãHCL ããã§ãã¯ããŠãã ã ããHCL ã¯Sophos ãµããŒãããŒã¿ããŒã¹ã§æäŸãããŠããŸãããHCLããæ€çŽ¢çšèªãšããŠäœ¿çšããŠã 該åœããããŒãžãæ¢ããŠãã ããã 1.3 ã€ã³ã¹ããŒã«æé 次ã«ãSophos UTMãœãããŠã§ã¢ã®ã€ã³ã¹ããŒã«ããã»ã¹ãé ãè¿œã£ãŠèª¬æããŸãã ã€ã³ã¹ããŒã«ãå§ããåã«ã次ã®ã¢ã€ãã ããæå ã«ããããšã確èªããŠãã ããã l Sophos UTM CD-ROM l Sophos UTMã©ã€ã»ã³ã¹ã㌠ã»ããã¢ããããã°ã©ã ãã·ã¹ãã ã®ããŒããŠã§ã¢ããã§ãã¯ããŠãããPC ã«ãœãããŠã§ã¢ãã€ã³ã¹ ããŒã«ããŸãã 1.3.1 ã€ã³ã¹ããŒã«äžã®äž»ãªæ©èœ ã¡ãã¥ãŒã®ããã²ãŒã·ã§ã³ã«ã¯ã次ã®ããŒã䜿çšããŸã (ç»é¢ã®äžéšã«ãè¿œå ã®ããŒæ©èœããªã¹ã ãããŠããŸã)ã l F1:ã³ã³ããã¹ãã«å¿ãããã«ãç»é¢ã衚瀺ãããŸãã l ã«ãŒãœã«ããŒ:ãããã®ããŒã䜿çšããŠãããã¹ãããã¯ã¹éãããã²ãŒã·ã§ã³ããŸã (ããšã ã°ãã©ã€ã»ã³ã¹æ¡ä»¶ããããŒããŒãã¬ã€ã¢ãŠãã®éžææ)ã l Tab ããŒ:ããã¹ãããã¯ã¹ããªã¹ãããã¿ã³ãååŸã«ç§»åããŸãã l Enter ããŒ:å ¥åããæ å ±ã確å®ãããã€ã³ã¹ããŒã«ã次ã®ã¹ãããã«é²ã¿ãŸãã l Space ããŒ:ã¢ã¹ã¿ãªã¹ã¯ (*) ã®ä»ãããªãã·ã§ã³ãéžæãŸãã¯éžæ解é€ããŸãã UTM 9 管çã¬ã€ã 17 1.3 ã€ã³ã¹ããŒã«æé l Alt-F2:ã€ã³ã¹ããŒã«ã³ã³ãœãŒã«ã«åãæ¿ããŸãã l Alt-F4:ãã°ã«åãæ¿ããŸãã l Alt-F1:ã€ã³ã¿ã©ã¯ãã£ãããã·ã¥ã·ã§ã«ã«åãæ¿ããŸãã l Alt-F1:ã¡ã€ã³ã®ã€ã³ã¹ããŒã«ç»é¢ã«æ»ããŸãã 1 ã€ã³ã¹ããŒã« 1.3.2 ã€ã³ã¹ããŒã«äžã®ç¹å¥ãªãªãã·ã§ã³ äžéšã®ç»é¢ã«ã¯è¿œå ã®ãªãã·ã§ã³ããããŸãã ãã°ã®é²èŠ§:ã€ã³ã¹ããŒã«ãã°ãéããŸãã ãµããŒã:ãµããŒããã€ã¢ãã°ç»é¢ãéããŸãã USB ã¹ãã£ãã¯ãž:ã€ã³ã¹ããŒã«ãã°ã zip ãã¡ã€ã«ãšã㊠USB ã¹ãã£ãã¯ãžæžã蟌ã¿ãŸãããã®ãªã ã·ã§ã³ã確å®ããåã«ãå¿ ã USB ã¹ãã£ãã¯ãå·®ã蟌ãã§ãã ããããã® zip ãã¡ã€ã«ã¯ãã€ã³ã¹ããŒã« ã§ã®åé¡ãSophos UTMãµããŒãããŒã ãªã©ã解決ããéã«äœ¿çšãããŸãã æ»ã:åã®ç»é¢ã«æ»ããŸãã ãã£ã³ã»ã«:ã€ã³ã¹ããŒã«ã®äžæ¢ã確èªãããã€ã¢ãã°ãŠã£ã³ããŠãéããŸãã ãã«ã:ã³ã³ããã¹ãã«å¿ãããã«ãç»é¢ã衚瀺ãããŸãã 1.3.3 ã€ã³ã¹ããŒã« Sophos UTM 1. CD-ROM ãã©ã€ããã PC ãããŒãããŸãã ã€ã³ã¹ããŒã«éå§ç»é¢ã衚瀺ãããŸãã 泚 â ãã€ã§ã F1 ãæŒããŠãã«ãã¡ãã¥ãŒãå©çšããããšãã§ããŸããéå§ç»é¢ã§ F3 ãæŒ ããšããã©ãã«ã·ã¥ãŒãã£ã³ã°ã®ç»é¢ãéããŸãã 2. Enter ãæŒããŸãã ãéå§ ãç»é¢ã衚瀺ãããŸãã 3. ãã€ã³ã¹ããŒã«éå§ ããéžæããŸãã ãããŒããŠã§ã¢æ€åº ãç»é¢ã衚瀺ãããŸãã ãœãããŠã§ã¢ã次ã®ããŒããŠã§ã¢ã³ã³ããŒãã³ãããã§ãã¯ããŸãã 18 l CPU l ããŒããã£ã¹ã¯ãã©ã€ãã®ãµã€ãºãšã¿ã€ã UTM 9 管çã¬ã€ã 1 ã€ã³ã¹ããŒã« l CD-ROM ãã©ã€ã l ãããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ã«ãŒã l IDE ãŸã㯠SCSI ã³ã³ãããŒã© 1.3 ã€ã³ã¹ããŒã«æé ã·ã¹ãã ãæäœèŠä»¶ãæºãããŠããªãå Žåããšã©ãŒãå ±åãããã€ã³ã¹ããŒã«ã¯äžæ¢ãã㟠ãã ããŒããŠã§ã¢æ€åºãå®äºãããšããæ€åºãããããŒããŠã§ã¢ ãç»é¢ãåèãšããŠè¡šç€ºãã㟠ãã 4. EnterãæŒããŸãã ãããŒããŒãéžæ ãç»é¢ã衚瀺ãããŸãã 5. ããŒããŒãã®ã¬ã€ã¢ãŠããéžæããŸãã ã«ãŒãœã«ããŒã䜿çšããŠããŒããŒãã¬ã€ã¢ãŠã (äŸ: English (UK)) ãéžæããEnter ãæŒããŠç¶ è¡ããŸãã ãã¿ã€ã ãŸãŒã³éžæ ãç»é¢ã衚瀺ãããŸãã 6. ãšãªã¢ãéžæããŸãã ã«ãŒãœã«ããŒã䜿çšããŠãšãªã¢ (äŸ: Europe) ãéžæããEnter ãæŒããŠç¶è¡ããŸãã 7. ã¿ã€ã ãŸãŒã³ãéžæããŸãã ã«ãŒãœã«ããŒã䜿çšããŠã¿ã€ã ãŸãŒã³ (äŸ: London) ãéžæããEnter ãæŒããŠç¶è¡ããŸãã ãæ¥ä»ãšæå» ãç»é¢ã衚瀺ãããŸãã 8. æ¥ä»ãšæå»ãèšå®ããŸãã æ¥ä»ãšæå»ãæ£ãããªãå Žåãããã§å€æŽã§ããŸããTab ããŒãšã«ãŒãœã«ããŒã䜿çšããŠãã ãã¹ãããã¯ã¹éãåãæ¿ããŸããããã¹ãã¯ããã¯ã¯ UTCããªãã·ã§ã³ã®éžæã解é€ããã« ã¯ãSpace ããŒãæŒããŸããç¡å¹ãªãšã³ããªã¯åŽäžãããŸããèšå®ã Enter ããŒã§ç¢ºèªã㟠ãã ã管çã€ã³ã¿ãã§ãŒã¹éžæ ãç»é¢ã衚瀺ãããŸãã 9. å éšãããã¯ãŒã¯ã«ãŒããéžæããŸãã WebAdmin ããŒã«ã䜿çšããŠSophos UTMã®æ®ãã®èšå®ãè¡ãå Žåãå éšãããã¯ãŒã¯ã«ãŒã (eth0) ãšãããããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ã«ãŒããéžæããŸãããªã¹ããã䜿çšå¯èœãªããã ã¯ãŒã¯ã«ãŒãã1ã€éžæããEnter ããŒã§éžæã確èªããŸãã 泚 â ã¢ã¯ãã£ããªæ¥ç¶ãããã€ã³ã¿ãã§ãŒã¹ã¯ã[link] ãšè¡šç€ºãããŸãã ããããã¯ãŒã¯èšå® ãç»é¢ã衚瀺ãããŸãã UTM 9 管çã¬ã€ã 19 1.3 ã€ã³ã¹ããŒã«æé 1 ã€ã³ã¹ããŒã« 10. 管çãããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ãèšå®ããŸãã 管çãããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ãšããå éšã€ã³ã¿ãã§ãŒã¹ã® IP ã¢ãã¬ã¹ããããã¯ãŒã¯ã ã¹ã¯ãã²ãŒããŠã§ã€ãå®çŸ©ããŸããããã©ã«ãå€ã¯ä»¥äžã®ãšããã§ãã ã¢ãã¬ã¹:192.168.2.100 ããããã¹ã¯:255.255.255.0 ã²ãŒããŠã§ã€: ãªã ããããã¹ã¯ã§å®çŸ©ããããµããããå€ã«ããã¯ãŒã¯ã¹ããŒã·ã§ã³ãã WebAdmin ã€ã³ã¿ãã§ãŒ ã¹ã䜿çšãããå Žåã®ã¿ãã²ãŒããŠã§ã€å€ãå€æŽããå¿ èŠããããŸããã²ãŒããŠã§ã€èªäœã ãµããããå ã«ããå¿ èŠããããŸãã1 èšå®ã Enter ããŒã§ç¢ºèªããŸãã CPU ã 64 ãããããµããŒãããŠããå Žåãã64ãããã«ãŒãã«ã®ãµããŒããç»é¢ã衚瀺ãã㟠ãããµããŒãããŠããªãå Žåãç¶ããŠãEnterprise Toolkitãç»é¢ã衚瀺ãããŸãã 11. 64ãããã«ãŒãã«ãã€ã³ã¹ããŒã«ããŸãã ãã¯ãããéžæãããš 64ãããã«ãŒãã«ãããããã ããã€ã³ã¹ããŒã«ãããš 32ãããã«ãŒãã«ã ã€ã³ã¹ããŒã«ãããŸãã ãEnterprise Toolkitãç»é¢ã衚瀺ãããŸãã 12. Enterprise Toolkit ã®ã€ã³ã¹ããŒã«ã«åæããŸãã Enterprise Toolkit ã¯Sophos UTMãœãããŠã§ã¢ããæ§æãããŠããŸããOpen Source ãœãããŠã§ ã¢ã®ã€ã³ã¹ããŒã«ã®ã¿ã決å®ã§ããŸãããã ããSophos UTMã®å šæ©èœã䜿çšããããã« ã¯ãEnterprise Toolkit ãã€ã³ã¹ããŒã«ããããšããå§ãããŸãã Enter ãæŒããŠäž¡æ¹ã®ãœãããŠã§ã¢ããã±ãŒãžãã€ã³ã¹ããŒã«ãããããããã ããéžæã㊠Open Source ãœãããŠã§ã¢ã®ã¿ãã€ã³ã¹ããŒã«ããŸãã ã€ã³ã¹ããŒã«:ãããŒãã£ã·ã§ãã³ã°ãç»é¢ã衚瀺ãããŸãã 1ããšãã°ã255.255.255.0 ãšãããããã¯ãŒã¯ãã¹ã¯ã䜿çšããŠããå Žåããµããããã¯ã¢ãã¬ã¹ ã®æåã® 3ãªã¯ãããã§å®çŸ©ãããŸãããã®å Žåã¯ã192.168.2 ã§ãã管çã³ã³ãã¥ãŒã¿ã®IPã¢ã㬠ã¹ã 192.168.10.5 ã§ããå Žåãåããµããããäžã«ãªããããã²ãŒããŠã§ã€ãå¿ èŠã«ãªããŸãã ã²ãŒããŠã§ã€ã«ãŒã¿ã¯ã192.168.2 ãµããããäžã«ã€ã³ã¿ãã§ãŒã¹ãå¿ èŠã§ããã管çã³ã³ãã¥ãŒã¿ ã«é£çµ¡ã§ããªããã°ãªããŸããããã®äŸã§ã¯ãã²ãŒããŠã§ã€ã® IP ã¢ãã¬ã¹ã¯ 192.168.2.1 ãšã㟠ãã 20 UTM 9 管çã¬ã€ã 1 ã€ã³ã¹ããŒã« 1.4 åºæ¬èšå® 13. èŠåã¡ãã»ãŒãžã確èªããŠã€ã³ã¹ããŒã«ãéå§ããŸãã èŠåã¯æ³šæããŠèªãã§ãã ããã確èªåŸãPC ã«ãã§ã«ååšãããã¹ãŠã®ããŒã¿ãåé€ãã ãŸãã ã€ã³ã¹ããŒã«ããã£ã³ã»ã«ããŠãªããŒãããã«ã¯ããããã ããéžæããŸãã èŠå â ã€ã³ã¹ããŒã«ããã»ã¹ãè¡ããšãããŒããã£ã¹ã¯ãã©ã€ãäžã®ãã¹ãŠã®ããŒã¿ãåé€ ãããŸãã ãœãããŠã§ã¢ã®ã€ã³ã¹ããŒã«ããã»ã¹ã«ã¯æ倧2ã3åãããå¯èœæ§ããããŸãã ãã€ã³ã¹ããŒã«å®äº ãç»é¢ã衚瀺ãããŸãã 14. CD-ROM ãåãåºããŠãå éšãããã¯ãŒã¯ã«æ¥ç¶ããã·ã¹ãã ããªããŒãããŸãã ã€ã³ã¹ããŒã«ããã»ã¹ãå®äºãããããã©ã€ããã CD-ROM ãåãåºããŠãeth0 ãããã¯ãŒã¯ ã«ãŒããå éšãããã¯ãŒã¯ã«æ¥ç¶ããŸããå éšãããã¯ãŒã¯ã«ãŒã (eth0) ãé€ãããããã¯ãŒã¯ ã«ãŒãã®é åºã¯ãéåžž PCI ID ããã³ã«ãŒãã«ãã©ã€ãã«ãã£ãŠæ±ºå®ãããŸããããŒããŠã§ã¢ æ§æãå€æŽãããš (ç¹ã«ãããã¯ãŒã¯ã«ãŒããåãå€ããå Žåãè¿œå ããå Žåãªã©)ãããã ã¯ãŒãã«ãŒãåã®é åºãå€ããå¯èœæ§ããããŸãã 次ã«ãã€ã³ã¹ããŒã«ç»é¢ã§ Enter ãæŒããUTMããªããŒãããŸããããŒãããã»ã¹äžã«ãå éš ãããã¯ãŒã¯ã«ãŒãã® IP ã¢ãã¬ã¹ãå€ãããŸãããã®ãšããã€ã³ã¹ããŒã«ã«ãŒãã³ã³ã³ãœãŒã« (Alt+F1) ã«ããeth0 ã« IP ãªã (No IP on eth0)ããšããã¡ãã»ãŒãžã衚瀺ãããŸãã Sophos UTMã®ãªããŒãåŸ (ããŒããŠã§ã¢ã«ãã£ãŠã¯ããã®ããã»ã¹ã¯æ°åããããŸã)ãeth0 ã€ã³ã¿ ãã§ãŒã¹ã® IP ã¢ãã¬ã¹ã ping ãããã®ã¢ãã¬ã¹ãå°éå¯èœã§ããããšã確èªããŸããæ¥ç¶ã§ããªãå Ž åã次ã®ããããã®åé¡ãçºçããŠããªãããã§ãã¯ããŠãã ããã l Sophos UTMã® IP ã¢ãã¬ã¹ã誀ã£ãŠããã l 管çè ã³ã³ãã¥ãŒã¿ã® IP ã¢ãã¬ã¹ãæ£ãããªãã l ã¯ã©ã€ã¢ã³ãã®ããã©ã«ãã²ãŒããŠã§ã€ãæ£ãããªãã l æ£ãããªããããã¯ãŒã¯ã«ãŒãã«ãããã¯ãŒã¯ã±ãŒãã«ãæ¥ç¶ãããŠããã l ãã¹ãŠã®ãããã¯ãŒã¯ã«ãŒããåãããã«æ¥ç¶ãããŠããã 1.4 åºæ¬èšå® ã€ã³ã¹ããŒã«ã® 2çªç®ã®ã¹ããã㯠WebAdmin ã§è¡ããŸããããã¯ãWeb ããŒã¹ã®Sophos UTM管ç ã€ã³ã¿ãã§ãŒã¹ã§ããåºæ¬ã·ã¹ãã èšå®ã®åã«ãSophos UTMããããã¯ãŒã¯ã«çµ±åããæ¹æ³ãèšç» UTM 9 管çã¬ã€ã 21 1.4 åºæ¬èšå® 1 ã€ã³ã¹ããŒã« ããŠããå¿ èŠããããŸããã©ã®ãããªæ©èœãæäŸããã (ããªããžã¢ãŒããšæšæº (ã«ãŒãã£ã³ã°) ã¢ãŒã ã®ã©ã¡ãã§éçšããããã€ã³ã¿ãã§ãŒã¹éã§ããŒã¿ãã±ããã®æµããã©ã®ããã«ã³ã³ãããŒã«ããã㪠ã©) ã決å®ããå¿ èŠããããŸãããã ããSophos UTMã¯åŸã§ãã€ã§ãåèšå®ã§ããŸããããã㣠ãŠãSophos UTMããããã¯ãŒã¯ã«çµ±åããæ¹æ³ããŸã èšç»ããŠããªãå Žåã§ããããã«åºæ¬èšå®ã« çæããããšãå¯èœã§ãã 1. ãã©ãŠã¶ãèµ·åããŠãWebAdminãéããŸãã Sophos UTMã® URLSophos UTM (eth0 ã® IP ã¢ãã¬ã¹ãªã©) ãåç §ããŸããäžèšã®èšå®äŸãšã® æŽåæ§ãä¿ã€ããã«ããã㯠https://192.168.2.100:4444 ãšããŸã (ãããã³ã«ã HTTPSã§ãããããŒãçªå·ã 4444 ã§ããããšã«æ³šæããŠãã ãã) ã èšå®äŸãšç°ãªããåSophos UTMã®åºè·æã¯æ¬¡ã®ããã©ã«ãèšå®ã«ãªã£ãŠããŸãã l ã€ã³ã¿ãã§ãŒã¹:å éšãããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ (eth0) l IP ã¢ãã¬ã¹:192.168.0.1 l ãããã¯ãŒã¯ãã¹ã¯:255.255.255.0 l ããã©ã«ãã²ãŒããŠã§ã€: ãªã ä»»æã®Sophos UTMã® WebAdmin ã«ã¢ã¯ã»ã¹ããã«ã¯ã代ããã«æ¬¡ã® URL ãå ¥åããŸãã https://192.168.0.1:4444 èªèšŒããã³æå·åãããéä¿¡ãæäŸããããã«ãSophos UTMã«ã¯ãèªå·±çœ²åæžã¿ã®ã» ãã¥ãªãã£èšŒææžãå«ãŸããŠããŸãããã®èšŒææžã¯ãWebAdmin ãžã® HTTPS æ¥ç¶ã確ç«ã ããš Web ãã©ãŠã¶ã«å¯ŸããŠæ瀺ãããŸãã蚌ææžã®æå¹æéã確èªã§ããªãå Žåããã©ãŠ ã¶ã¯ã»ãã¥ãªãã£èŠåã衚瀺ããŸãã蚌ææžã«åæãããšãæåã®ãã°ã€ã³ããŒãžã衚瀺ã ããŸãã 22 UTM 9 管çã¬ã€ã 1 ã€ã³ã¹ããŒã« 1.4 åºæ¬èšå® Figure 1 WebAdmin:åæãã°ã€ã³ããŒãž 2. ãåºæ¬ã·ã¹ãã èšå®ããã©ãŒã ã«å¿ èŠäºé ãå ¥åããŸãã ããã«è¡šç€ºãããããã¹ãããã¯ã¹ã«äŒç€Ÿã®æ å ±ãæ£ç¢ºã«å ¥åããŸããããã«ã管çè ã¢ã«ãŠ ã³ãã®ãã¹ã¯ãŒããšæå¹ãªã¡ãŒã«ã¢ãã¬ã¹ãæå®ããŸããã©ã€ã»ã³ã¹æ¡ä»¶ã«åæããå Žåã¯ã ãåºæ¬ã·ã¹ãã èšå®ã®å®è¡ ããã¿ã³ãã¯ãªãã¯ããŠãã°ã€ã³ãç¶è¡ããŸããåºæ¬ã·ã¹ãã èšå® ã®å®è¡äžãå€æ°ã®èšŒææžãšèªèšŒå±ãäœæãããŸãã l WebAdmin CA:WebAdmin 蚌ææžã眲åããã CA (ããããžã¡ã³ã > WebAdmin ã®èšå® > HTTPS 蚌ææž ããåç §)ã l VPN ã«çœ²åãã CA:VPN æ¥ç¶ã«äœ¿çšãããããžã¿ã«èšŒææžã«çœ²åãã CA (ããµã€ã é VPN > èªèšŒç®¡ç > èªèšŒå± ããåç §)ã l WebAdmin 蚌ææž:WebAdmin ã®ããžã¿ã«èšŒææž (ããµã€ãé VPN > 蚌ææžç®¡ç > 蚌æ æž ããåç §)ã l ããŒã«ã« X.509 蚌ææž:VPN æ¥ç¶ã«äœ¿çšããããSophos UTMã®ããžã¿ã«èšŒææž (ããµ ã€ãé VPN > 蚌ææžç®¡ç > 蚌ææž ããåç §)ã ãã°ã€ã³ããŒãžã衚瀺ãããŸãã(ãã ããå ¥åããå€ã«åºã¥ããŠèšŒææžãå€æŽãããŠãã ãããäžéšã®ãã©ãŠã¶ã§ã¯ãããã«ã»ãã¥ãªãã£èŠåã衚瀺ãããå ŽåããããŸãã) UTM 9 管çã¬ã€ã 23 1.4 åºæ¬èšå® 1 ã€ã³ã¹ããŒã« Figure 2 WebAdmin:éåžžã®ãã°ã€ã³ããŒãž 3. WebAdmin ã«ãã°ã€ã³ããŸãã ããŠãŒã¶å ããã£ãŒã«ãã«ãadminããšå ¥åããåã®ç»é¢ã§æå®ãããã¹ã¯ãŒããå ¥åããŸãã åæèšå®ããã»ã¹ãã¬ã€ãããèšå®ãŠã£ã¶ãŒãã衚瀺ãããŸãããŠã£ã¶ãŒãã®ã¹ãããã«åŸ ããSophos UTMã®åºæ¬èšå®ãè¡ããŸãã ããã¯ã¢ãããã¡ã€ã«ãããå Žåã代ããã«ãã®ããã¯ã¢ãããã¡ã€ã«ããªã¹ãã¢ããããšã㧠ããŸã (ãããã¯ã¢ãããªã¹ãã¢ãã®ã»ã¯ã·ã§ã³ãåç §)ã ãããã¯ã(ãŠã£ã¶ãŒãã®ä»»æã®ã¹ãããã§)ããã£ã³ã»ã« ããã¯ãªãã¯ããå®å šã«ãŠã£ã¶ãŒããçµ äºããããšãã§ããŸã (Sophos UTMã WebAdmin ã§çŽæ¥èšå®ãããå Žåãªã©)ãã©ã®æ®µéã§ã ãçµäº ããã¯ãªãã¯ãããããŸã§ã®èšå®ãä¿åããŠãŠã£ã¶ãŒããçµäºã§ããŸãã 4. ã©ã€ã»ã³ã¹ãã€ã³ã¹ããŒã«ããŸãã è³Œå ¥ããã©ã€ã»ã³ã¹ (ããã¹ããã¡ã€ã«) ãã¢ããããŒãããã«ã¯ããã©ã«ãã®ã¢ã€ã³ã³ã㯠ãªãã¯ããŸããã次㞠ããã¯ãªãã¯ããŠã©ã€ã»ã³ã¹ãã€ã³ã¹ããŒã«ããŸããã©ã€ã»ã³ã¹ãè³Œå ¥ããŠã ãªãå Žåãã次㞠ããã¯ãªãã¯ããŠã補åã«çµã¿èŸŒãŸãã 30æ¥éã®ãã©ã€ã¢ã«ã©ã€ã»ã³ã¹ã䜿 çšããŠãã ãããSophos UTMã«æèŒããããã¹ãŠã®æ©èœãæå¹ã«ãªããŸãã 5. å éšãããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ãèšå®ããŸãã å éšãããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ (eth0) ã«å¯ŸããŠè¡šç€ºãããèšå®ã確èªããŸãããã®ã€ã³ã¿ ãã§ãŒã¹ã®èšå®ã¯ããœãããŠã§ã¢ã®ã€ã³ã¹ããŒã«æã«æäŸããæ å ±ã«åºã¥ããŠããŸãããã ã«ããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŠãSophos UTMãå éšã€ã³ã¿ãã§ãŒã¹ã§ DHCP ãµãŒã ãšããŠæ©èœããããã«èšå®ããããšãã§ããŸãã 泚 â å éšã€ã³ã¿ãã§ãŒã¹ã® IP ã¢ãã¬ã¹ãå€æŽããå ŽåããŠã£ã¶ãŒãçµäºåŸã«æ°ãã IP ã¢ã ã¬ã¹ã䜿çšã㊠WebAdmin ã«æ¥ç¶ãçŽãå¿ èŠããããŸãã 24 UTM 9 管çã¬ã€ã 1 ã€ã³ã¹ããŒã« 1.4 åºæ¬èšå® 6. å€éšã€ã³ã¿ãã§ãŒã¹ã®ã¢ãããªã³ã¯ã¿ã€ããéžæããŸãã å€éšãããã¯ãŒã¯ã«ãŒãã§äœ¿çšããã¢ãããªã³ã¯/ã€ã³ã¿ãŒãããæ¥ç¶ã®æ¥ç¶ã¿ã€ããéžæã㟠ããã€ã³ã¿ãã§ãŒã¹ã®ã¿ã€ããšãã®èšå®ã¯ãã©ã®ãããªçš®é¡ã®ã€ã³ã¿ãŒãããæ¥ç¶ã䜿çšãã ãã«ãã£ãŠç°ãªããŸããã次㞠ããã¯ãªãã¯ããŸãã Sophos UTMã«ã¢ãããªã³ã¯ããªãããä»ããèšå®ããããªãå Žåã«ã¯ããã€ã³ã¿ãŒãããã¢ãã ãªã³ã¯ã¿ã€ããå ¥åããã¯ã¹ã空æ¬ã®ãŸãŸæ®ããŸããã€ã³ã¿ãŒãããã¢ãããªã³ã¯ãèšå®ãããšã å éšãããã¯ãŒã¯ããã€ã³ã¿ãŒããããžã®æ¥ç¶çšã« IPãã¹ã«ã¬ãŒããèªåèšå®ãããŸãã ãã¹ã¿ãã£ã㯠IP ã¢ãã¬ã¹ã«ããæšæºã€ãŒãµãããã€ã³ã¿ãã§ãŒã¹ ããéžæããå Žåããããã©ã« ãã²ãŒããŠã§ã€ãã®æå®ã¯ãªãã·ã§ã³ã§ããããã¹ãããã¯ã¹ã空æ¬ã®ãŸãŸã«ãããšãã€ã³ã¹ã㌠ã«æã® ããã©ã«ãã²ãŒããŠã§ã€èšå®ãç¶æãããŸããã次㞠ããã¯ãªãã¯ããŠãæ®ãã®åã¹ãã ããã¹ãããããããšãã§ããŸããã¹ãããããèšå®ã¯ãåŸã§WebAdminã§èšå®ã»å€æŽã§ã㟠ãã 7. åºæ¬çãªãã¡ã€ã¢ãŠã©ãŒã«èšå®ãè¡ããŸãã ããã§ãã€ã³ã¿ãŒãããã§èš±å¯ãããµãŒãã¹ã®ã¿ã€ããéžæã§ããŸããã次㞠ããã¯ãªãã¯ããŠèš å®ã確èªããŸãã 8. åºæ¬çãªäŸµå ¥é²åŸ¡(IPS)èšå®ãè¡ããŸãã ããã§ãè€æ°ã®ãªãã¬ãŒã·ã§ã³ã·ã¹ãã ãšããŒã¿ããŒã¹ã«å¯ŸããäŸµå ¥é²åŸ¡ãèšå®ã§ããŸãã ã次㞠ããã¯ãªãã¯ããŠèšå®ã確èªããŸãã 9. ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã«ãšãããã¯ãŒã¯å¯èŠåã®èšå®ãè¡ããŸãã ãããã¯ãŒã¯å¯èŠåãæå¹ã«ããå Žåã¯ãããã§éžæã§ããŸããã次㞠ããã¯ãªãã¯ããŠèšå®ã 確èªããŸãã 10. Web ãããã¯ã·ã§ã³èšå®ãè¡ããŸãã ããã§ãWeb ãã©ãã£ãã¯ã«å¯ŸããŠãŠã€ã«ã¹ãã¹ãã€ãŠã§ã¢ã®ã¹ãã£ã³ãè¡ããã©ãããéžæ㧠ããŸããããã«ãç¹å®ã®ã«ããŽãªã«å±ãã Web ããŒãžã®ãããã¯ãéžæã§ããŸããã次㞠ãã㯠ãªãã¯ããŠèšå®ã確èªããŸãã 11. ã¡ãŒã«ãããã¯ã·ã§ã³èšå®ãè¡ããŸãã ããã§ã¯ãæåã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŠãPOP3 ãããã·ãæå¹ã«ããããšã㧠ããŸããããã§ã¯ã2ã€ç®ã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŠãUTMãã€ã³ããŠã³ã SMTP 㪠ã¬ãŒãšããŠæå¹ã«ããããšãã§ããŸããå éšã¡ãŒã«ãµãŒãã® IP ã¢ãã¬ã¹ãå ¥åããSMTP ãã¡ ã€ã³ãã«ãŒãã«è¿œå ããŸããã次㞠ããã¯ãªãã¯ããŠèšå®ã確èªããŸãã 12. èšå®ã確èªããŸãã èšå®ã®ãµããªã衚瀺ãããŸãããçµäº ããã¯ãªãã¯ããŠç¢ºèªãããããæ»ãããã¯ãªãã¯ããŠå€æŽ ããŸãããããã¯åŸã§WebAdminã§å€æŽããããšãã§ããŸãã UTM 9 管çã¬ã€ã 25 1.5 ããã¯ã¢ãããªã¹ã㢠1 ã€ã³ã¹ããŒã« ãçµäº ããã¯ãªãã¯ãããšèšå®ã¯ä¿åããããŠãŒã¶ã¯ WebAdmin ã®ããã·ã¥ããŒãã«ãªãã€ã¬ã¯ ããããŸããããã«ã¯ãSophos UTMãŠãããã®æãéèŠãªã·ã¹ãã ã¹ããŒã¿ã¹æ å ±ã衚瀺ã ããŸãã Figure 3 WebAdmin:ããã·ã¥ããŒã ãããã®ã¹ãããã®å®è¡äžã«åé¡ãçºçããå Žåã¯ãSophos UTMãµãã©ã€ã€ã®ãµããŒãéš éã«ãåãåãããã ããã次㮠Web ãµã€ãã§ã詳现æ å ±ãæäŸããŠããŸãã l Sophos UTM ãµããŒããã©ãŒã©ã l Sophos ãµããŒãããŒã¿ããŒã¹ 1.5 ããã¯ã¢ãããªã¹ã㢠WebAdmin èšå®ãŠã£ã¶ãŒã (ãåºæ¬èšå® ãã®ã»ã¯ã·ã§ã³ãåç §) ã䜿çšãããšãåºæ¬èšå®ããã»ã¹ãã ã¹ãŠå®è¡ãã代ããã«ãæ¢åã®ããã¯ã¢ãããã¡ã€ã«ããªã¹ãã¢ããããšãã§ããŸãã以äžã®æé ã« åŸã£ãŠãã ããã 26 UTM 9 管çã¬ã€ã 1 ã€ã³ã¹ããŒã« 1.5 ããã¯ã¢ãããªã¹ã㢠1. èšå®ãŠã£ã¶ãŒãã§ãæ¢åã®ããã¯ã¢ãããã¡ã€ã«ã®ãªã¹ã㢠ããéžæããŸãã èšå®ãŠã£ã¶ãŒãã§ãæ¢åã®ããã¯ã¢ãããã¡ã€ã«ã®ãªã¹ã㢠ããéžæããã次㞠ããã¯ãªãã¯ã㟠ãã ã¢ããããŒãããŒãžã衚瀺ãããŸãã 2. ããã¯ã¢ãããã¢ããããŒãããŸãã ãã©ã«ãã¢ã€ã³ã³ãã¯ãªãã¯ãããªã¹ãã¢ããããã¯ã¢ãããã¡ã€ã«ãéžæããŠããã¢ããããŒãé å§ ããã¯ãªãã¯ããŸãã 3. ããã¯ã¢ããããªã¹ãã¢ããŸãã ãçµäº ããã¯ãªãã¯ããŠããã¯ã¢ããããªã¹ãã¢ããŸãã éèŠ â åŸã§èšå®ãŠã£ã¶ãŒãã䜿çšããããšã¯ã§ããŸããã ããã¯ã¢ããã®ãªã¹ãã¢ãæåãããšããã°ã€ã³ããŒãžã«ãªãã€ã¬ã¯ããããŸãã UTM 9 管çã¬ã€ã 27 2 WebAdmin WebAdmin 㯠Web ããŒã¹ã®ç®¡çã€ã³ã¿ãã§ãŒã¹ã§ãããã§ã¯Sophos UTMã®ããããå±é¢ã®èšå®ãè¡ ãããšãã§ããŸããWebAdmin ã¯ã¡ãã¥ãŒãšããŒãžã§æ§æããããããã®å€ãã«ã¯è€æ°ã®ã¿ããå«ãŸ ããŠããŸããç»é¢å·ŠåŽã®ã¡ãã¥ãŒã«ã¯ãSophos UTMã®æ©èœãè«ççã«æ§æãããŠããŸãã ãNetwork Protectionããªã©ã®ã¡ãã¥ãŒé ç®ãéžæãããšããããæ¡å€§ããŠãµãã¡ãã¥ãŒã衚瀺ãã ããé¢é£ããŒãžãéããŸããã¡ãã¥ãŒé ç®ã®äžã«ã¯ãé¢é£ããŒãžããªããã®ããããŸããåã«éžæ ããã¡ãã¥ãŒãŸãã¯ãµãã¡ãã¥ãŒé ç®ã®ããŒãžã¯ããã®ãŸãŸè¡šç€ºãããŸãããµãã¡ãã¥ãŒé ç®ã®ã ããããéžæãããšãããã«ãã£ãŠæåã®ã¿ãã®é¢é£ããŒãžãéããŸãã ãã®ããã¥ã¡ã³ãã®æé ã«åŸã£ãŠã¡ãã¥ãŒé ç®ããµãã¡ãã¥ãŒé ç®ãããã³ã¿ããæå®ãããšããŒãž ãéããŸããäŸ:ãã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° > ã€ã³ã¿ãã§ãŒã¹ > ããŒããŠã§ã¢ ãã¿ãã§ã ... ãèšå®ã ãŸã ... Figure 4 WebAdmin:æŠèŠ 2.1 WebAdmin ã¡ãã¥ãŒ 2 WebAdmin 2.1 WebAdmin ã¡ãã¥ãŒ WebAdmin ã¡ãã¥ãŒã¯ãSophos UTMã®ãã¹ãŠã®èšå®ãªãã·ã§ã³ãžã®ã¢ã¯ã»ã¹ãæäŸããŸãããã ãã£ãŠãç¹å®ãã©ã¡ãŒã¿ã®èšå®ã«ã³ãã³ãã©ã€ã³ã€ã³ã¿ãã§ãŒã¹ã䜿çšããå¿ èŠã¯ãããŸããã 30 l ããã·ã¥ããŒã:ããã·ã¥ããŒãã¯ãSophos UTM ãŠãããã®çŸåšã®æäœç¶æ³ãã°ã©ãã£ã«ã«ã« 衚瀺ããŸãã l 管ç:åºæ¬çãªã·ã¹ãã èšå®ãWebAdmin èšå®ãããã³ãŠãããã®èšå®ã«é¢ãããã¹ãŠã®èš å®ãæ§æããŸãã l å®çŸ©ãšãŠãŒã¶:Sophos UTM ãŠãããã§äœ¿çšãããããã¯ãŒã¯ããµãŒãã¹ãæé垯å®çŸ©ãããã³ ãŠãŒã¶ã¢ã«ãŠã³ãããŠãŒã¶ã°ã«ãŒããå€éšèªèšŒãµãŒããæ§æããŸãã l ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã°:ãããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ããã³ã«ãŒãã£ã³ã°ãªãã·ã§ã³ãªã©ã® ã·ã¹ãã æ©èœãèšå®ããŸãã l ãããã¯ãŒã¯ãµãŒãã¹:DNS ã DHCP ãªã©ã®ãããã¯ãŒã¯ãµãŒãã¹ãèšå®ããŸãã l ãããã¯ãŒã¯ãããã¯ã·ã§ã³:ãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ãVoIPãäŸµå ¥é²åŸ¡èšå®ãªã©ã®åºæ¬ç㪠ãããã¯ãŒã¯ãããã¯ã·ã§ã³æ©èœãèšå®ããŸãã l Webãããã¯ã·ã§ã³:Sophos UTM ãŠãããã® Web ãã£ã«ã¿ããã³ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã«ã ãªãã³ã« FTP ãããã·ãèšå®ããŸãã l Eã¡ãŒã«ãããã¯ã·ã§ã³:Sophos UTM ãŠãããã® SMTP ããã³ POP3 ãããã·ãããã«ã¡ãŒã«æ å·åãèšå®ããŸãã l ãšã³ããã€ã³ããããã¯ã·ã§ã³:ãããã¯ãŒã¯äžã®ãšã³ããã€ã³ãããã€ã¹ã®ä¿è·ãèšå®ã»ç®¡çã ãŸãã l ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³:ã²ãŒããŠã§ã€ã®ã¯ã€ã€ã¬ã¹ã¢ã¯ã»ã¹ãã€ã³ããèšå®ããŸãã l WebãµãŒããããã¯ã·ã§ã³:Web ãµãŒããã¯ãã¹ãµã€ãã¹ã¯ãªããã£ã³ã°ã SQL ã€ã³ãžã§ã¯ã·ã§ã³ ãªã©ã®æ»æããé²åŸ¡ããŸãã l REDãããžã¡ã³ã:RED (Remote Ethernet Device) ã¢ãã©ã€ã¢ã³ã¹ãèšå®ããŸãã l ãµã€ãé VPN:ãµã€ãé VPN (ããŒãã£ã« ãã©ã€ããŒã ãããã¯ãŒã¯) ãèšå®ããŸãã l ãªã¢ãŒãã¢ã¯ã»ã¹:Sophos UTM ãŠããããžã®ãªã¢ãŒãã¢ã¯ã»ã¹ VPN æ¥ç¶ãèšå®ããŸãã l ãã°ãšã¬ããŒã:Sophos UTM ãŠãããã®äœ¿çšç¶æ³ã«é¢ãããã°ã¡ãã»ãŒãžãšçµ±èšã衚瀺ããã ã°ããã³ã¬ããŒãã£ã³ã°ã«é¢ããèšå®ãæ§æããŸãã UTM 9 管çã¬ã€ã 2 WebAdmin l ãµããŒã:Sophos UTM ãŠãããã§å©çšã§ãããµããŒãããŒã«ã«ã¢ã¯ã»ã¹ããŸãã l ãã°ãªã:ãŠãŒã¶ã€ã³ã¿ãã§ãŒã¹ãããã°ã¢ãŠãããŸãã 2.2 ãã¿ã³ã㌠ã¡ãã¥ãŒã®æ€çŽ¢ ã¡ãã¥ãŒäžéšã«æ€çŽ¢ããã¯ã¹ããããŸããããã§ã¯ããŒã¯ãŒãã«ã€ããŠã¡ãã¥ãŒãæ€çŽ¢ããç¹å®ã®ã ããã¯ã«é¢ããã¡ãã¥ãŒã容æã«æ€çŽ¢ã§ããŸããæ€çŽ¢æ©èœã¯ã¡ãã¥ãŒåãæ€çŽ¢ããŸãããé衚瀺㮠玢åŒä»ããããå¥åãããŒã¯ãŒããæ€çŽ¢ã§ããŸãã æ€çŽ¢ããã¯ã¹ã«å ¥åãéå§ãããšããã«ãé¢é£ããã¡ãã¥ãŒé ç®ã®ã¿ãèªåçã«è¡šç€ºãããŸãã æ€çŽ¢ããã¯ã¹ã¯ãã®ãŸãŸã«ããŠã該åœãããšäºæ³ãããã¡ãã¥ãŒé ç®ãã¯ãªãã¯ããŠãã ãããå°ãªã ãªã£ãã¡ãã¥ãŒé ç®ã¯ãã®ãŸãŸæ®ãããã®é£ãã®ãªã»ãããã¿ã³ãã¯ãªãã¯ãããŸã§æ€çŽ¢çµæã衚瀺 ãããŸãã ãã³ã â ããŒããŒãã·ã§ãŒãã«ãã CTRL+Y ã§æ€çŽ¢ããã¯ã¹ã«ãã©ãŒã«ã¹ããããšãã§ããŸãã 2.2 ãã¿ã³ã㌠WebAdmin ã®å³äžé ã«ãããã¿ã³ããã次ã®æ©èœã«ã¢ã¯ã»ã¹ã§ããŸãã l ãŠãŒã¶å/IP:çŸåšãã°ã€ã³ããŠãããŠãŒã¶ãšãWebAdmin ã«ã¢ã¯ã»ã¹ããŠãã IP ã¢ãã¬ã¹ã瀺 ããŸããçŸåšä»ã®ãŠãŒã¶ããã°ã€ã³ããŠããå Žåã¯ãä»ã®ãŠãŒã¶ã®ããŒã¿ã衚瀺ãããŸãã l ã©ã€ããã°ãéã:ãã®ãã¿ã³ãã¯ãªãã¯ãããšãçŸåšäœ¿çšããŠãã WebAdmin ã¡ãã¥ãŒãŸãã¯ã¿ ãã«é¢é£ããã©ã€ããã°ãéããŸããã¡ãã¥ãŒãŸãã¯ã¿ããå€æŽããªããŠãä»ã®ã©ã€ããã°ã 衚瀺ããã«ã¯ãã©ã€ããã° (Live Log) ãã¿ã³ã®äžã«ã«ãŒãœã«ãåãããŸããæ°ç§åŸã«äœ¿çšå¯ èœãªãã¹ãŠã®ã©ã€ããã°ã®ãªã¹ãã衚瀺ããããããããã§è¡šç€ºããã©ã€ããã°ãéžæã§ã㟠ãããã®éžæã¯ãåã WebAdmin ã¡ãã¥ãŒãŸãã¯ã¿ãã䜿çšããéããèšæ¶ãããŸãã ãã³ã â å€ãã® WebAdmin ããŒãžã«çšæããããã©ã€ããã°ãéãããã¿ã³ãã¯ãªãã¯ããŠãã©ã€ ããã°ãéãããšãã§ããŸãã l ãªã³ã©ã€ã³ãã«ã:ãã¹ãŠã®ã¡ãã¥ãŒããµãã¡ãã¥ãŒãã¿ãã«ã¯ãªã³ã©ã€ã³ãã«ãç»é¢ãã ããWebAdmin ã®çŸåšããŒãžã®ã³ã³ãããŒã«ã«é¢é£ããã³ã³ããã¹ãã«å¿ããæ å ±ãæé ãæ äŸããŸãã UTM 9 管çã¬ã€ã 31 2.3 ãªã¹ã 2 WebAdmin 泚â ãªã³ã©ã€ã³ãã«ãã¯ããŒãžã§ã³ã«åºã¥ããŠããããã¿ãŒã³ã«ãã£ãŠæŽæ°ãããŸããæ°ã ããã¡ãŒã ãŠã§ã¢ããŒãžã§ã³ã«æŽæ°ãããšãã«ããªã³ã©ã€ã³ãã«ãã®æŽæ°ãå©çšã§ããå Žå ã¯ããªã³ã©ã€ã³ãã«ããæŽæ°ãããŸãã l ãªããŒã:ãã§ã«è¡šç€ºãããŠãã WebAdmin ããŒãžãåã³èŠæ±ããå Žåãå¿ ãããªããŒã ããã¿ ã³ãã¯ãªãã¯ããŠãã ããã 泚 â ãã©ãŠã¶ã®ãåèªã¿èŸŒã¿ããã¿ã³ããæŽæ°ããã¿ã³ã¯äœ¿çšããªãã§ãã ããããããè¡ã ãšãWebAdmin ãããã°ã¢ãŠãããããšã«ãªããŸãã 2.3 ãªã¹ã WebAdmin ã®å€ãã®ããŒãžã«ã¯ãªã¹ãããããŸããåãªã¹ãã®å·Šã«ãããã¿ã³ã䜿çšãããšãã¢ã€ãã ã®ç·šéãåé€ããŸãã¯è€è£œãå¯èœã§ã (詳ããã¯ããã¿ã³ãšã¢ã€ã³ã³ãã»ã¯ã·ã§ã³ãåç §ããŠãã ãã)ã ãªã¹ãã«ã¢ã€ãã ãè¿œå ããã«ã¯ããæ°èŠ...ããã¿ã³ãã¯ãªãã¯ããŸããããã§ã...ãã¯ãäœæäžã®ãªã ãžã§ã¯ã (ã€ã³ã¿ãã§ãŒã¹ãªã©) ã瀺ããã¬ãŒã¹ãã«ãã§ãããã€ã¢ãã°ããã¯ã¹ãéããæ°èŠãªã ãžã§ã¯ãã®ããããã£ãå®çŸ©ããããšãã§ããŸãã Figure 5 WebAdmin:ãªã¹ãã®äŸ äžéšã®ããããããŠã³ãªã¹ãã䜿çšããŠãã¿ã€ããã°ã«ãŒãããšã«ã¢ã€ãã ããã£ã«ã¿ãªã³ã°è¡šç€ºã§ã ãŸããäžéšã«ãã 2ã€ç®ã®ãã£ãŒã«ãã§ã¯ãå ·äœçãªã¢ã€ãã ãæ€çŽ¢ããããšãã§ããŸããæ€çŽ¢æå åãå ¥åãããæ€çŽ¢ ããã¯ãªãã¯ããŸãã ã¢ã€ãã ã 11å以äžå«ãŸãããªã¹ãã¯ãè€æ°ããŒãžã«åå²ãããã>ã(次ãž) ãã¿ã³ãšã<ã(åãž) ãã¿ ã³ã䜿çšããŠç§»åããããšãã§ããŸãããã ãããã®èšå®ã¯ããŠãŒã¶èšå® ãã¿ãã§å€æŽã§ããŸãã ãªã¹ãã®ãããã«ã¯ãæ©èœããããŸããéåžžãããããã£ãŒã«ããã¯ãªãã¯ãããšããã®ååã®ãã®ãª ããžã§ã¯ããã£ãŒã«ãã«ãããªã¹ãããœãŒããããŸããããšãã°ããåå ããã£ãŒã«ããã¯ãªãã¯ãããšã㪠ããžã§ã¯ãåã«ãããªã¹ãããœãŒããããŸãããããã®ãã¢ã¯ã·ã§ã³ããã£ãŒã«ãã«ã¯ãéžæããŠãããªã¹ 32 UTM 9 管çã¬ã€ã 2 WebAdmin 2.4 ãªã¹ãã®æ€çŽ¢ ããªããžã§ã¯ãã«å¯ŸããŠå®è¡ã§ããããããªãã·ã§ã³ããããŸãããªããžã§ã¯ããéžæããã«ã¯ã ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŸãããã®éžæã¯ãè€æ°ããŒãžã«ããã£ãŠç¶æãããŸããã€ãŸ ãããªã¹ããæ°ããŒãžã«ããã£ãŠé²èŠ§ããéãæ¢ã«éžæãããªããžã§ã¯ããéžæãããç¶æ ã§ç¶æã ããŸãã ãã³ã â æ å ±ã¢ã€ã³ã³ãã¯ãªãã¯ãããšããã®ãªããžã§ã¯ãã䜿çšãããŠãããã¹ãŠã®èšå®ãªãã·ã§ ã³ã衚瀺ãããŸãã 2.4 ãªã¹ãã®æ€çŽ¢ ãã£ã«ã¿ãã£ãŒã«ãã䜿çšãããšããªã¹ãã«è¡šç€ºãããé ç®æ°ãå¶éããããšãã§ããŸããããã«ã ããç®çã®ãªããžã§ã¯ããçŽ æ©ãæ¢ãããšãã§ããŸãã éèŠäºé l ãªã¹ãã®æ€çŽ¢ã§ã¯ãéåžžè€æ°ã®ãã£ãŒã«ãã§æ€çŽ¢åŒãæ€çŽ¢ããŸããããšãã°ãããŠãŒã¶ãšã° ã«ãŒããã§æ€çŽ¢ãè¡ããšããŠãŒã¶åãå®éã®ååãã³ã¡ã³ããäž»èŠã¡ãŒã«ã¢ãã¬ã¹ãæ€çŽ¢ãã ãŸããäžè¬çã«ãæ å ±ã¢ã€ã³ã³ã䜿çšããŠè¡šç€ºãããæ å ±ãé€ããŠããªã¹ãã«è¡šç€ºãããã ã¹ãŠã®ããã¹ãã«æ€çŽ¢ãè¡ãããŸãã l ãªã¹ãã®æ€çŽ¢ã§ã¯ã倧æåãšå°æåãåºå¥ãããªãããã倧æåãŸãã¯å°æåã®ã©ã¡ãã å ¥åããŠãåãçµæã«ãªããŸããæ€çŽ¢çµæã«ã¯ãäžèŽãã倧æåãšå°æåã®ããã¹ããè¡š 瀺ãããŸãã倧æåãŸãã¯å°æåã®ããã¹ããéå®ããŠæ€çŽ¢ããããšã¯ã§ããŸããã l ãªã¹ãã®æ€çŽ¢ã¯ãPerl æ£èŠè¡šçŸæ§æã«åºã¥ããŠããŸã (ãããã倧æåãšå°æåã¯åºå¥ãã ãŸãã)ãããã¹ããšãã£ã¿ãªã©ã§ãã䜿çšããã * ã ? ãªã©ã®åçŽãªã¯ã€ã«ãã«ãŒãæ åãAND ã OR ãªã©ã®æŒç®åãã¯ãããšããæ€çŽ¢åŒã¯ããªã¹ãæ€çŽ¢ã§ã¯ æ©èœããŸããã äŸ ããã«ã¯ã圹ç«ã€æ€çŽ¢æååãããã€ã瀺ããŸãã åçŽãªæåå:æå®ããæååãå«ããã¹ãŠã®åèªãæ€çŽ¢ããŸããããšãã°ã"inter" ãæå®ãã ãšã"Internet"ã"interface"ã"printer" ãæ€çŽ¢ãããŸãã åèªã®æå:æ€çŽ¢æååã®æåã«\bãä»å ããŸããããšãã°ã\binter ãæå®ãããšã"Internet" ãš "interface" ãæ€çŽ¢ãããŸããã"printer" ã¯æ€çŽ¢ãããŸããã UTM 9 管çã¬ã€ã 33 2.5 ãã€ã¢ãã°ããã¯ã¹ 2 WebAdmin åèªã®æåŸ:æ€çŽ¢æååã®æåŸã«\bãä»å ããŸããããšãã°ãhttp\b ãæå®ãããšã"http" ãæ€ çŽ¢ãããŸããã"https" ã¯æ€çŽ¢ãããŸããã ãšã³ããªã®æå:æ€çŽ¢æååã®æåã« ^ ãä»å ããŸããããšãã°ã^inter ãæå®ãããšã"Internet Uplink" ãæ€çŽ¢ãããŸããã"Uplink Interfaces" ã¯æ€çŽ¢ãããŸããã IP ã¢ãã¬ã¹:IP ã¢ãã¬ã¹ãæ€çŽ¢ããå Žåã¯ãããããããã¯ã¹ã©ãã·ã¥ã§ãšã¹ã±ãŒãããå¿ èŠããã㟠ããããšãã°ã192\.168 ãæå®ãããšã"192.168" ãæ€çŽ¢ãããŸãã IP ã¢ãã¬ã¹ãäžè¬çã«æ€çŽ¢ããã«ã¯ã\d ã䜿çšããŠããããæ¡ãæ€çŽ¢ããŸãã\d+ ãæå®ãããšã è¡ã®è€æ°ã®æ¡ãäžèŽããŸããããšãã°ã\d+\.\d+\.\d+\.\d+ ãæå®ãããšããããã IPv4 ã¢ã ã¬ã¹ãæ€çŽ¢ãããŸãã 泚 â ããå®å šãªæ€çŽ¢æååãæå®ãããšãäºæ³ããªãçµæãåŸãããããäžæ£ç¢ºãªçµè«ãå°ãã ãšã«ãªããããããããã¯ç°¡åã§ç¡é£ãªæ€çŽ¢æååã䜿çšããŠå€ãã®æ€çŽ¢çµæãåŸãããšããå§ ãããŸãã æ£èŠè¡šçŸã®è©³çŽ°ãš Sophos UTM ã§ã®äœ¿çšæ¹æ³ã«ã€ããŠã¯ããSophosããåç §ããŠãã ããã 2.5 ãã€ã¢ãã°ããã¯ã¹ ãã€ã¢ãã°ããã¯ã¹ãšã¯ãç¹å®ã®æ å ±ã®å ¥åãæ±ããããã« WebAdmin ã䜿çšããç¹å¥ãªãŠã£ã³ã ãŠã§ããäŸãšããŠããã€ã³ã¿ãã§ãŒã¹ïŒã«ãŒãã£ã³ã° > ã¹ã¿ãã£ãã¯ã«ãŒãã£ã³ã°ãã¡ãã¥ãŒã§è¡šç€ºãã ããæ°ããã¹ã¿ãã£ãã¯ã«ãŒããäœæããããã®ãã€ã¢ãã°ããã¯ã¹ã瀺ããŸãã Figure 6 WebAdmin:ãã€ã¢ãã°ããã¯ã¹ã®äŸ åãã€ã¢ãã°ããã¯ã¹ã¯ãããã¹ãããã¯ã¹ããã§ãã¯ããã¯ã¹ãªã©ã®åçš®ãŠã£ãžã§ããããæ§æãã ãŠããŸããããã«ãå€ãã®ãã€ã¢ãã°ããã¯ã¹ã«ã¯ãã©ãã°ïŒããããæ©èœããããDND ãšèšãããç¹ 34 UTM 9 管çã¬ã€ã 2 WebAdmin 2.6 ãã¿ã³ãšã¢ã€ã³ã³ å¥ãªèæ¯ã§èå¥ãããŸãããã®ãããªããã¯ã¹ã衚瀺ãããå Žåãããã¯ã¹ã«ãªããžã§ã¯ãããã©ã ã°ããããšãã§ããŸãããªããžã§ã¯ãããã©ãã°ããå ã®å Žæãšãªããªããžã§ã¯ããªã¹ããéãã«ã¯ãã ãã¹ãããã¯ã¹ã®ãã暪ã«ããããã©ã«ããã¢ã€ã³ã³ãã¯ãªãã¯ããŸããããã«ãããèšå®ãªãã·ã§ã³ã«å¿ ããŠã䜿çšå¯èœãªãããã¯ãŒã¯ãã€ã³ã¿ãã§ãŒã¹ããŠãŒã¶/ã°ã«ãŒãããŸãã¯ãµãŒãã¹ã®ãªã¹ããéã ãŸããç·è²ã®ã+ãã¢ã€ã³ã³ãã¯ãªãã¯ãããšãæ°ããå®çŸ©ãäœæããããã®ãã€ã¢ãã°ããã¯ã¹ãéã ãŸããç¹å®ã®èšå®ã§äžèŠãªãŠã£ãžã§ããã¯ãã°ã¬ãŒã¢ãŠã衚瀺ãããŸãããããã®ãŠã£ãžã§ãããç·šé ã§ããå ŽåããããŸãããå¹æã¯ãããŸããã 泚 â WebAdmin ã«ã¯ããä¿å ããã¿ã³ãšãé©çš ããã¿ã³ã®äž¡æ¹ãååšããŸãããä¿å ããã¿ã³ã¯ãã¹ã¿ ãã£ãã¯ã«ãŒãããããã¯ãŒã¯å®çŸ©ãšãã£ã WebAdmin å ã®ãªããžã§ã¯ããäœæãŸãã¯ç·šéãããšã ã«äœ¿çšããŸããåžžã«ã察å¿ããããã£ã³ã»ã« ããã¿ã³ãçšæãããŠããŸããäžæ¹ããé©çš ããã¿ã³ã¯ã ããã¯ãšã³ãã§èšå®ã確èªããéããã«æå¹ã«ããããã«äœ¿çšããŸãã 2.6 ãã¿ã³ãšã¢ã€ã³ã³ ããã§ã¯ãWebAdmin ã§äœ¿çšãããŠãããã¿ã³ãšã¢ã€ã³ã³ã®çšéã«ã€ããŠèª¬æããŸãã ãã¿ã³ æå³ ãªããžã§ã¯ãã®è©³çŽ°æ å ±ã瀺ããã€ã¢ãã°ãŠã£ã³ããŠã衚瀺ãããŸãã ãªããžã§ã¯ãã®ããããã£ãç·šéããããã®ãã€ã¢ãã°ãŠã£ã³ããŠãéã㟠ãã ãªããžã§ã¯ããåé€ããŸãããã®ãªããžã§ã¯ããä»ã®ç®æã§ãŸã 䜿çšãã ãŠããå Žåã¯ãèŠåã衚瀺ãããŸãã䜿çšäžã®ãªããžã§ã¯ãã¯åé€ã§ã ãªãå ŽåããããŸãã åãèšå®ãããããã£ã§å¥ã®ãªããžã§ã¯ããäœæããããã®ãã€ã¢ãã°ãŠã£ ã³ããŠãéããŸããåãèšå®ãäœåºŠãç¹°ãè¿ãå ¥åããå¿ èŠãªããé¡äŒŒã® ãªããžã§ã¯ããäœæã§ããŸãã æ©èœ æå³ ã¢ã€ ã³ã³ æ å ±:ãªããžã§ã¯ãã䜿çšãããŠãããã¹ãŠã®èšå®ã衚瀺ãããŸãã 詳现:ãã®ãããã¯ã«ã€ããŠã®è©³çŽ°ãªæ å ±ã¯ä»ã® 管çã¬ã€ã ããŒãžã«ãªã³ã¯ãããŠã㟠ãã UTM 9 管çã¬ã€ã 35 2.6 ãã¿ã³ãšã¢ã€ã³ã³ 2 WebAdmin æ©èœ æå³ ã¢ã€ ã³ã³ ãã°ã«ã¹ã€ãã:æ©èœãæå¹ãŸãã¯ç¡å¹ã«ããŸããæå¹ãªå Žåã¯ç·ãç¡å¹ãªå Žåã¯ã° ã¬ãŒãæå¹åããåã«èšå®ãå¿ èŠãªå Žåã¯ã¢ã³ããŒãšãªããŸãã ãã©ã«ã:2çš®é¡ã®æ©èœããããŸãã(1) å·ŠåŽã«ãããªããžã§ã¯ããªã¹ããéã (äžã®ã»ã¯ ã·ã§ã³ãåç §)ãããã§é©åãªãªããžã§ã¯ããéžæã§ããŸãã(2) ãã¡ã€ã«ã®ã¢ããããŒãçš ã®ãã€ã¢ãã°ãŠã£ã³ããŠãéãã ãã©ã¹ (+):å¿ èŠãªã¿ã€ãã®æ°ãããªããžã§ã¯ããè¿œå ããããã®ãŠã£ã³ããŠãéããŸãã ã¢ã¯ã·ã§ã³:ããããããŠã³ã¡ãã¥ãŒããã®ãã¿ã³ã§éããŸãããã®ã¢ã€ã³ã³ã¯ããŒãžã«ãã æ©èœã¯ç°ãªããŸãã(1) ãªã¹ããããã«ããå Žåããæå¹å ãããç¡å¹å ãããåé€ ããéžæã ããªããžã§ã¯ãã«é©çšã(ïŒ) ããã¹ãããã¯ã¹ã«ããå Žåããã€ã³ããŒãã/ããšã¯ã¹ããŒããã 䜿çšããŠãããã¹ããã€ã³ããŒã/ãšã¯ã¹ããŒãã§ããŸãããŸããã空ã«ãããã䜿ã£ãŠãã³ã³ ãã³ãå šäœãåé€ããããšãã§ããŸããäžéšã®èŠçŽ ã«ãªã¹ããçµãããã®ãã£ã«ã¿ãã£ãŒ ã«ããæäŸãããŠããŸãããã£ã«ã¿ã§ã¯å€§æåãšå°æåãåºå¥ãããŸãã 空ã«ãã:ãªããžã§ã¯ãã®åã«ããå ŽåãçŸåšã®èšå®ãããªããžã§ã¯ããé€å»ããŸãã ãã¢ã¯ã·ã§ã³ãã¡ãã¥ãŒã«ããå Žåãããã¯ã¹ãããã¹ãŠã®ãªããžã§ã¯ããé€å»ããŸãã ãã ãããã®ãªããžã§ã¯ãã¯åé€ãããããã§ã¯ãããŸããã ã€ã³ããŒã:è€æ°ã®ã¢ã€ãã ãŸãã¯è¡ãæã€ããã¹ããã€ã³ããŒãããããã®ãã€ã¢ãã° ãŠã£ã³ããŠãéããŸããè€æ°ã®ã¢ã€ãã ãåå¥ã«å ¥åããã®ã§ã¯ãªãããŸãšããŠè¿œå ã ãããšãã§ããŸã (ããšãã°ãURL ãã©ãã¯ãªã¹ãã«å€§èŠæš¡ãªãã©ãã¯ãªã¹ããè¿œå ãã)ã ä»»æã®å Žæããããã¹ããã³ããŒããCTRL+V ã§è²Œãä»ããŸãã ãšã¯ã¹ããŒã:æ¢åã®ã¢ã€ãã ããã¹ãŠãšã¯ã¹ããŒãããããã®ãã€ã¢ãã°ãŠã£ã³ããŠã éããŸããã¢ã€ãã ãåºåãããã®åºåãæåãšããŠãæ°ããè¡ãã³ãã³ãã³ã³ãã®ãã ãããéžæã§ããŸããã¢ã€ãã ãããã¹ããšããŠãšã¯ã¹ããŒãããã«ã¯ãããšã¯ã¹ããŒãã ãããã¹ãããã£ãŒã«ãã§ããã¹ãå šäœãéžæããCTRL+C ãæŒããŠã³ããŒããŸããç¶ã ãŠãCTRL+V ã䜿çšããŠãã¹ãŠã®å ±éã¢ããªã±ãŒã·ã§ã³ (ããã¹ããšãã£ã¿ãªã©) ã«ããã 貌ãä»ããŸãã ãœãŒã:2ã€ã®ç¢å°ã䜿çšããŠãªã¹ãã®åèŠçŽ ãäžäžã«åããã䞊ã¹æ¿ããããšãã§ã㟠ãã åãž/次ãž:ããŒãžã«ãã£ãŠã¯ã2ã€ã®ç¢å°ã䜿çšããŠé·ããªã¹ãã®ããŒãžéã®ç§»åãã å€æŽãèšå®ã®å±¥æŽãåãž (ãŸãã¯åŸããž) 移åããããšãã§ããŸãã PDF:çŸåšè¡šç€ºãããŠããããŒã¿ã PDF ãã¡ã€ã«ã«ä¿åããŠãããä¿åãããã¡ã€ã«ãã ãŠã³ããŒãããããã®ãã€ã¢ãã°ãŠã£ã³ããŠãéããŸãã CSV:çŸåšè¡šç€ºãããŠããããŒã¿ã CSV (ã³ã³ãåºåãå€) ãã¡ã€ã«ã«ä¿åããŠãããä¿å ãããã¡ã€ã«ãããŠã³ããŒãããããã®ãã€ã¢ãã°ãŠã£ã³ããŠãéããŸãã 36 UTM 9 管çã¬ã€ã 2 WebAdmin 2.7 ãªããžã§ã¯ããªã¹ã 2.7 ãªããžã§ã¯ããªã¹ã ãªããžã§ã¯ããªã¹ããšã¯ãWebAdmin ã®å·ŠåŽã«äžæçã«è¡šç€ºããããã©ãã°ïŒãããããªã¹ãã§ãã¡ã€ã³ ã¡ãã¥ãŒãã«ããŒããŸãã Figure 7 WebAdmin:ãªããžã§ã¯ã ãªã¹ã ãããã¯ãŒã¯ ãããªããžã§ã¯ãããã©ãã°ãã ãªããžã§ã¯ããªã¹ãã¯ãããã©ã«ããã¢ã€ã³ã³ãã¯ãªãã¯ãããšèªåçã«éããŸã (äžã®ã»ã¯ã·ã§ã³ãå ç §)ããããã¯ãããŒããŒãã·ã§ãŒãã«ããã䜿çšããŠæåã§éãããšãã§ããŸã (ã管ç > WebAdmin èš å® >ãŠãŒã¶èšå® ããåç §)ã ãªããžã§ã¯ããªã¹ãããããŠãŒã¶/ã°ã«ãŒããã€ã³ã¿ãã§ãŒã¹ããããã¯ãŒã¯ããµãŒãã¹ãªã©ã® WebAdmin ãªããžã§ã¯ãã«ãã°ããã¢ã¯ã»ã¹ããèšå®æã«éžæããããšãã§ããŸãããªããžã§ã¯ããéžæããã« ã¯ãçŸåšã®èšå®ã«ãªããžã§ã¯ãããã©ãã°ïŒããããããã ãã§ãã æ¢åã®åçš®ãªããžã§ã¯ãã¿ã€ãã«åŸãããªããžã§ã¯ããªã¹ãã«ã¯ 5ã€ã®ã¿ã€ãããããŸããããã©ã«ãã ã¢ã€ã³ã³ãã¯ãªãã¯ãããšãçŸåšã®èšå®ã§å¿ èŠãªã¿ã€ããåžžã«éããŸãã UTM 9 管çã¬ã€ã 37 3 ããã·ã¥ããŒã ããã·ã¥ããŒãã¯ãSophos UTMã®çŸåšã®æäœç¶æ³ãã°ã©ãã£ã«ã«ã«è¡šç€ºããŸãã ãã®ããã·ã¥ããŒãã«ã¯ããã©ã«ãã§ããŠãŒã¶ãã〠WebAdmin ã«ãã°ã€ã³ããã®ãã瀺ãæ å ±ãšæ¬¡ ã®æ å ±ã衚瀺ãããŸãã ãã³ã â å³äžã®ããã·ã¥ããŒãèšå®ã¢ã€ã³ã³ãã¯ãªãã¯ãããšãã€ã¢ãã°ãŠã£ã³ããŠãéããããã§ã© ã®ãããã¯ã»ã¯ã·ã§ã³ã衚瀺ããããªã©ãèšå®ã§ããŸãã l äžè¬æ å ± :ãŠãããã®ãã¹ãåãã¢ãã«ãã©ã€ã»ã³ã¹ IDãã¢ããã¿ã€ã ããµãã¹ã¯ãªãã·ã§ã³ã®è¡š 瀺è²ã¯ãæå¹æéãåãã 30æ¥åãããªã¬ã³ãžè²ã«å€ãããŸãã7æ¥åããããŸãæå¹æ éãåãããšããµãã¹ã¯ãªãã·ã§ã³ã®è¡šç€ºè²ã¯èµ€ã«ãªããŸãã l ããŒãžã§ã³æ å ±çŸåšã€ã³ã¹ããŒã«ãããŠãããã¡ãŒã ãŠã§ã¢ãšãã¿ãŒã³ããŒãžã§ã³ãããã³å© çšå¯èœãªæŽæ°ããã±ãŒãžã®æ å ±ã l ãªãœãŒã¹äœ¿çšç¶æ³:次ã®ã³ã³ããŒãã³ããå«ãã·ã¹ãã ã®çŸåšã®äœ¿çšç¶æ³ã l CPU 䜿çšç (%) l l RAM 䜿çšç (%) l ãã°ããŒãã£ã·ã§ã³ã§æ¶è²»ãããŠããããŒããã£ã¹ã¯ã®å®¹é (%) l ã«ãŒãããŒãã£ã·ã§ã³ã§æ¶è²»ãããŠããããŒããã£ã¹ã¯ã®å®¹é (%) l UPS (ç¡åé»é»æºè£ 眮) ã¢ãžã¥ãŒã«ãããå Žåã¯ãã®ç¶æ³ ä»æ¥ã®è åšã¹ããŒã¿ã¹ :æ·±å€ä»¥éã«æ€åºãããé¢é£ããã»ãã¥ãªãã£è åšã®ã«ãŠã³ã¿: l ãã°ãæå¹ã«ãªã£ãŠãããããããããããŒã¿ãã±ãããšæåŠãããããŒã¿ãã±ããã® åèš l äŸµå ¥ããããã¯ãããåæ°ã®åèš l ãããã¯ããããŠã€ã«ã¹ã®åèš (å šãããã·) l ãããã¯ãããã¹ãã ã¡ãã»ãŒãžã®åèš (SMTP/POP3) l ãããã¯ãããã¹ãã€ãŠã§ã¢ã®åèš (å šãããã·) l ãããã¯ããã URL ã®åèš (HTTP/S) l ãããã¯ããã Web ãµãŒãæ»æã®åèš (WAF) 3 ããã·ã¥ããŒã 40 l ã€ã³ã¿ãã§ãŒã¹:èšå®ãããŠãããããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ã«ãŒãã®ååãšã¹ããŒã¿ã¹ãããã«ã åä¿¡ãã©ãã£ãã¯ãšéä¿¡ãã©ãã£ãã¯ã®äž¡æ¹ã«å¯Ÿããéå» 75ç§éã®å¹³åãããã¬ãŒãã«é¢ãã æ å ±ã衚瀺ãããŸãã衚瀺ãããå€ã¯ã15ç§ééã§åéããããµã³ãã«ã«åºã¥ãå¹³åããã ã¬ãŒãããååŸãããŸããã€ã³ã¿ãã§ãŒã¹ã®ãã©ãã£ãã¯ã¢ã€ã³ã³ãã¯ãªãã¯ãããšããããŒã¢ãã¿ ãæ°ãããŠã£ã³ããŠã§éããŸãããããŒã¢ãã¿ã«ã¯ãéå»10åéã®ãã©ãã£ãã¯ã衚瀺ããã çãééã§èªåæŽæ°ãããŸãããããŒã¢ãã¿ã«ã€ããŠè©³ããã¯ãããããŒã¢ãã¿ããåç §ããŠã ã ããã l çŸåšã®ã·ã¹ãã èšå®:é¢é£ã»ãã¥ãªãã£æ©èœãæå¹ã§ãããç¡å¹ã§ãããã瀺ããŸãããšã³ ããªãã¯ãªãã¯ãããš WebAdmin page ãéããåèšå®ã衚瀺ãããŸãã l ãã¡ã€ã¢ãŠã©ãŒã«:ã¢ã¯ãã£ããã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ã®åèšã«é¢ããæ å ±ã l IPS:äŸµå ¥é²åŸ¡ã·ã¹ãã (IPS) ã¯ãã·ã°ããã£ã«åºã¥ã IPS ã«ãŒã«ã»ãããå©çšããŠæ» æãèªèããŸãã l Web ãã£ã«ã¿ãªã³ã°:HTTP/S ãããã³ã«çšã®ã¢ããªã±ãŒã·ã§ã³ã¬ãã«ã®ã²ãŒããŠã§ã€ã ãµãŒãã¹ã®äœ¿çšãèš±å¯ãããŠãããããã¯ãŒã¯ã«å¯Ÿããè±å¯ãª Web ãã£ã«ã¿æè¡ãæ äŸããŸãã l ãããã¯ãŒã¯ã®å¯èŠå:SophosSophos ã®ã¬ã€ã€7ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã«ã䜿çšã ããšããããã¯ãŒã¯ãã©ãã£ãã¯ãåé¡ããã³ã³ã³ãããŒã«ã§ããŸãã l SMTP ãããã·:SMTP (ç°¡æã¡ãŒã«è»¢éãããã³ã«) ã䜿çšããã¡ãã»ãŒãžéä¿¡çšã®ã¢ ããªã±ãŒã·ã§ã³ã¬ãã«ã®ã²ãŒããŠã§ã€ã l POP3 ãããã·:POP3 (Post Office Protocol 3) ã䜿çšããã¡ãã»ãŒãžéä¿¡çšã®ã¢ã㪠ã±ãŒã·ã§ã³ã¬ãã«ã®ã²ãŒããŠã§ã€ã l RED:æ¯åºã®ã»ãã¥ãªãã£çšã® Remote Ethernet Device (RED) ã¢ãã©ã€ã¢ã³ã¹ã®èšå®ã l ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³:ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ããã³ã¢ã¯ã»ã¹ãã€ã³ãã®èšå®ã l ãšã³ããã€ã³ããããã¯ã·ã§ã³:ãããã¯ãŒã¯äžã®ãšã³ããã€ã³ã端æ«ã®ç®¡çãæ¥ç¶äžã® ãšã³ããã€ã³ãã®æ°ãèŠåã衚瀺ããŸãã l ãµã€ãé VPN:ãµã€ãé VPN ã·ããªãªã®èšå®ã l ãªã¢ãŒãã¢ã¯ã»ã¹:ããŒããŠã©ãªã¢ VPN ã·ããªãªã®èšå®ã l WAF:Web ãµãŒããã¯ãã¹ãµã€ãã¹ã¯ãªããã£ã³ã°ã SQL ã€ã³ãžã§ã¯ã·ã§ã³ãªã©ã®æ»æ ããé²åŸ¡ããããã®ã¢ããªã±ãŒã·ã§ã³ã¬ãã«ã®ã²ãŒããŠã§ã€ã l HA/ã¯ã©ã¹ã¿:åé·å (HA) ãã§ã€ã«ãªãŒããŒããã³ã¯ã©ã¹ã¿ãªã³ã°ãã€ãŸããåŠçéçŽ åã®ã¿ã¹ã¯ (ã³ã³ãã³ããã£ã«ã¿ããŠã€ã«ã¹ã¹ãã£ã³ãäŸµå ¥æ€ç¥ã埩å·åãªã©) ãè€æ° ã®ã¯ã©ã¹ã¿ããŒãã«åäžã«åæ£ããŸãã UTM 9 管çã¬ã€ã 3 ããã·ã¥ããŒã 3.1 ããã·ã¥ããŒãèšå® l Sophos UTM Manager:éäžç®¡çããŒã« Sophos UTM Manager (SUM) çµç±ã§ã® Sophos UTM ã¢ãã©ã€ã¢ã³ã¹ã®ç®¡çã l ãŠã€ã«ã¹å¯Ÿç:ãŠã€ã«ã¹ãã¯ãŒã ããã®ä»ã®ãã«ãŠã§ã¢ãªã©ã®æ害ã§å±éºãªã³ã³ãã³ã ãäŒéãã Web ãã©ãã£ãã¯ãããããã¯ãŒã¯ãä¿è·ããŸãã l ã¹ãã 察ç:æªæ¿è«Ÿã®ã¹ãã ã¡ãŒã«ãæ€ç¥ããæ¢ç¥ã® (ãŸãã¯çããã) ã¹ãã çºä¿¡ è ããã®ã¹ãã éä¿¡ãç¹å®ããŸãã l ã¹ãã€ãŠã§ã¢å¯Ÿç:ã·ã°ããã£ããŒã¿ããŒã¹ãšã¹ãã€ãŠã§ã¢ãã£ã«ã¿ãªã³ã°æè¡ãå®æ çã«æŽæ°ããã 2çš®é¡ã®ãŠã€ã«ã¹ã¹ãã£ã³ãšã³ãžã³ã䜿çšããŠãã¹ãã€ãŠã§ã¢ææã é²æ¢ããŸããåä¿¡ãã©ãã£ãã¯ãšéä¿¡ãã©ãã£ãã¯ã®äž¡æ¹ãä¿è·ããŸãã 3.1 ããã·ã¥ããŒãèšå® ããã·ã¥ããŒãã§ã¯ãããã€ãã®èšå®ãå€æŽã§ããŸããããã·ã¥ããŒãå³äžã®ããã·ã¥ããŒãèšå®ã¢ ã€ã³ã³ãã¯ãªãã¯ãããšãããã·ã¥ããŒãèšå®ã®ç·šé ããã€ã¢ãã°ãŠã£ã³ããŠãéããŸãã ããã·ã¥ããŒãã®æŽæ°:ããã©ã«ãã§ãããã·ã¥ããŒã㯠5ç§ééã§æŽæ°ãããŸããæŽæ°ééã¯ãç¡ ããïœã60ç§ ãã®éã§èšå®ã§ããŸãã å·Šã®å â å³ã®å:ããã·ã¥ããŒãã¯ãåãããã¯ã«é¢ããæ å ±ã瀺ãããã€ãã®ãããã¯ã»ã¯ã·ã§ã³ã« åãããŠããŸãããå·Šã®å ãããã³ãå³ã®å ãã® 2ã€ã®ããã¯ã¹ã䜿çšãããšããããã®ãããã¯ã»ã¯ ã·ã§ã³ã®é 眮ãå€ãããã衚瀺ã«è¿œå ããã衚瀺ããåé€ããããšãã§ããŸãããããã®èšå®ãã ã®åŸããã·ã¥ããŒãã«åæ ãããŸããåã®ãããã¯ã»ã¯ã·ã§ã³ã䞊ã¹æ¿ããã«ã¯ãç¢å°ã¢ã€ã³ã³ã䜿 çšããŸããç¹å®ã®ãããã¯ã»ã¯ã·ã§ã³ã衚瀺ã«è¿œå ããã衚瀺ããåé€ããã«ã¯ããã§ãã¯ããã¯ã¹ ã«ãã§ãã¯ãå ¥ããããå€ããŸãã ããã©ã«ãã§è¡šç€ºããããããã¯ã»ã¯ã·ã§ã³ã«ã€ããŠã¯ããããã·ã¥ããŒããã®ç« ãåç §ããŠãã ããã è¿œå ã®ãããã¯ã»ã¯ã·ã§ã³ã衚瀺ããããšãã§ããããã§ããã«ã€ããŠèª¬æããŸãã l Web ãããã¯ã·ã§ã³:äžäœã¢ããªã±ãŒã·ã§ã³:æããã䜿çšãããŠããã¢ããªã±ãŒã·ã§ã³ã®æŠèŠãã ã®ã»ã¯ã·ã§ã³ã§ã¯ãã¢ããªã±ãŒã·ã§ã³åã®äžã«ã«ãŒãœã«ãåããããšãè¿œå æ©èœã 1ã€ãŸã㯠2ã€è¡šç€ºãããŸãã l Block ã¢ã€ã³ã³ãã¯ãªãã¯ãããšãçŸæç¹ãã該åœã¢ããªã±ãŒã·ã§ã³ããããã¯ãã㟠ãã ããã«ããããã¢ããªã±ãŒã·ã§ã³ ã³ã³ãããŒã« ãããŒãžã«ã«ãŒã«ãäœæãããŸããã ã®ãªãã·ã§ã³ã¯ãSophos UTMã®æ£åžžãªãªãã¬ãŒã·ã§ã³ã«å¿ èŠãªã¢ããªã±ãŒã·ã§ã³ã«å¯Ÿ ããŠã¯å©çšã§ããŸãããããšãã°ãWebAdmin ãã©ãã£ãã¯ã¯ãããã¯ã§ããŸããããã ããããã¯ãããšããŠãŒã¶èªèº«ã WebAdmin ããã·ã£ããã¢ãŠããããŠããŸããŸããæªå é¡ã®ãã©ãã£ãã¯ããããã¯ã§ããŸããã UTM 9 管çã¬ã€ã 41 3.2 ãããŒã¢ãã¿ l 3 ããã·ã¥ããŒã Shape ã¢ã€ã³ã³ãã¯ãªãã¯ãããšãåœè©²ã¢ããªã±ãŒã·ã§ã³ã®ãã©ãã£ãã¯ã·ã§ãŒãã³ã°ãæ å¹ã«ãªããŸãã ãã€ã¢ãã°ãŠã£ã³ããŠãéããã«ãŒã«èšå®ãå®çŸ©ããããèŠæ±ãã㟠ããå®äºããããä¿å ããã¯ãªãã¯ããŸããããã«ãããããã©ãã£ãã¯ã»ã¬ã¯ã¿ãããã³ã垯 åå¹ ããŒã« ãããŒãžã«ã«ãŒã«ãäœæãããŸãã ã·ã§ãŒãã³ã°ã¯ã€ã³ã¿ãã§ãŒã¹åäœã§æ©èœãããããããã¹ãŠã®ã€ã³ã¿ãã§ãŒã¹ ããã㌠ã¢ãã¿ãé²èŠ§ããŠããéã¯ãã©ãã£ãã¯ã·ã§ãŒãã³ã°ãå©çšã§ããŸããã l Web ãããã¯ã·ã§ã³:Top ãµã€ãæéå¥:æãããé²èŠ§ããããã¡ã€ã³ã®æéå¥ã®æŠèŠã l Web ãããã¯ã·ã§ã³:ãã©ãã£ãã¯ã®å€ããµã€ã:æãããé²èŠ§ããããã¡ã€ã³ã®ãã©ãã£ãã¯å¥ã®æŠ èŠã l ãã°:ãã£ã¹ã¯ã®æ®å®¹éããã£ã«ã¢ããã¬ãŒã (䜿çšéå¢å é床) ã®æ å ±ãå«ã Sophos UTM ㊠ãããã®ãã°ããŒãã£ã·ã§ã³ã®ã¹ããŒã¿ã¹ã l ãã¥ãŒã¹ãã£ãŒã:Sophos ããã³ãã®è£œåã«é¢ãããã¥ãŒã¹ã l ã°ã©ã:åææ¥ç¶æ°:åææ¥ç¶ã®ç·æ°ã«é¢ããæ¥ã ã®çµ±èšããã³ãã¹ãã°ã©ã ã l ã°ã©ã:ãã°ããŒãã£ã·ã§ã³ ã¹ããŒã¿ã¹:ãã°ããŒãã£ã·ã§ã³ã®äœ¿çšç¶æ³ã«é¢ããéå» 4é±éã® çµ±èšããã³ãã¹ãã°ã©ã ã l ã°ã©ã:CPU 䜿çšç:çŸåšã®ããã»ããµäœ¿çšç¶æ³ (%) ã«é¢ããæ¥ã ã®çµ±èšããã³ãã¹ãã°ã© ã ã l ã°ã©ã:ã¡ã¢ãª/ã¹ã¯ããã®äœ¿çšç¶æ³:ã¡ã¢ãªããã³ã¹ã¯ããã®äœ¿çšç¶æ³ (%) ã«é¢ããæ¥ã ã®çµ± èšããã³ãã¹ãã°ã©ã ã l ã°ã©ã:ããŒãã£ã·ã§ã³ã®äœ¿çšç¶æ³:éžæããããŒãã£ã·ã§ã³ã®äœ¿çšç¶æ³ (%) ã«é¢ããæ¥ã ã®çµ± èšããã³ãã¹ãã°ã©ã ã ããã·ã¥ããŒãã§ã®èªåã°ã«ãŒãåã®æå¹å:ããã·ã¥ããŒãäžã«ã³ã³ãã¯ãã«æ å ±ã衚瀺ããã«ã¯ ãã®ãªãã·ã§ã³ãéžæããŸãããã®ãªãã·ã§ã³ã¯ãå·Šã®åã®ãWeb ãããã¯ã·ã§ã³ãã®éžæé ç®ãšãå³ ã®åã®ãã°ã©ã ãã®éžæé ç®ã®ã¿ã«åœ±é¿ãåãŒããŸãããããéžæãããšãåæ å ±èŠçŽ ãããã·ã¥ ããŒãäžã®ã¿ããšããŠéãªã£ãŠè¡šç€ºãããŸããéžæã解é€ãããšãæ å ±èŠçŽ ãå·Šå³ã«äžŠãã§è¡šç€ºã ããŸãã ãä¿å ããã¯ãªãã¯ããŠèšå®ãä¿åããŸãã 3.2 ãããŒã¢ãã¿ Sophos UTMã®ãããŒã¢ãã¿ã¯ãçŸåšUTMã®ã€ã³ã¿ãã§ãŒã¹ãééããŠãããããã¯ãŒã¯ãã©ãã£ãã¯ã« é¢ããæ å ±ãçŽ æ©ã確èªããããã®ã¢ããªã±ãŒã·ã§ã³ã§ããããã·ã¥ããŒãã®å³äžã§ããããã®ã€ ã³ã¿ãã§ãŒã¹ãã¯ãªãã¯ããããšã«ããç°¡åã«ã¢ã¯ã»ã¹ã§ããŸããããã¹ãŠã®ã€ã³ã¿ãã§ãŒã¹ ããã¯ãªã㯠42 UTM 9 管çã¬ã€ã 3 ããã·ã¥ããŒã 3.2 ãããŒã¢ãã¿ ãããšããã¹ãŠã®ã¢ã¯ãã£ããªã€ã³ã¿ãã§ãŒã¹ã«ã€ããŠèç©ããããã©ãã£ãã¯ããããŒã¢ãã¿ã«è¡šç€º ãããŸããåäžã®ã€ã³ã¿ãã§ãŒã¹ãã¯ãªãã¯ãããšããã®ã€ã³ã¿ãã§ãŒã¹ã®ãã©ãã£ãã¯ã®ã¿ããããŒã¢ ãã¿ã«è¡šç€ºãããŸãã 泚 â ãããŒã¢ãã¿ã¯æ°ãããã©ãŠã¶ãŠã£ã³ããŠã§éããŸãããã®ãŠã£ã³ããŠã¯ãããã¢ãããããã«ã« ãã£ãŠãããã¯ãããå¯èœæ§ããããããWebAdmin ã«å¯ŸããŠãããã¢ãããããã«ãç¡å¹ã«ããã ãšããå§ãããŸãã ãããŒã¢ãã¿ã«ã¯ããã£ãŒã (Chart) ãšããŒãã« (Tabular) ãšãã2çš®é¡ã®ãã¥ãŒããããŸãããããã ã«ã€ããŠã¯åŸè¿°ããŸãããã¥ãŒã¯ 5ç§ééã§æŽæ°ãããŸããæŽæ°ãåæ¢ããã«ã¯ãäžæåæ¢ ããã¿ ã³ãã¯ãªãã¯ããŸãããç¶è¡ ããã¯ãªãã¯ããŠæŽæ°ãåéãããšããããŒã¢ãã¿ãææ°ã®ãã©ãã£ãã¯æ å ± ã«æŽæ°ããŸãã ãã£ãŒããã¥ãŒ ãããŒã¢ãã¿ã®ãã£ãŒãã«ã¯ãéå» 10åéã®ãããã¯ãŒã¯ãã©ãã£ãã¯ã衚瀺ãããŸãã暪軞ã¯æé ãã瞊軞ã¯ã¹ã«ãŒãããã«ã¹ã±ãŒã«ãåçã«é©çšãããšãã®ãã©ãã£ãã¯éã瀺ããŸãã ãã£ãŒããã¥ãŒã®äžéšã«ã¯ãã€ã³ã¿ãã§ãŒã¹ãééãããã©ãã£ãã¯ã®çš®é¡ã瀺ãå¡äŸã衚瀺ãã㟠ãããã©ãã£ãã¯ã¯çš®é¡ããšã«è²åããããããããã£ãŒãå ã§ç°¡åã«èŠåããããšãã§ããŸãã 泚 â ãããã¯ãŒã¯å¯èŠåãæå¹ã«ããå Žå (ãWeb ãããã¯ã·ã§ã³ > ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã« > ãããã¯ãŒã¯å¯èŠå ãã®ç« ãåç §) ããããŒã¢ãã¿ã¯ãã©ãã£ãã¯ã«ã€ããŠããå·®å¥åãããæ å ±ã 衚瀺ããŸãã ããŠã¹ã®ã«ãŒãœã«ãã°ã©ãäžã«çœ®ããšã倧ããªããã (ç¹) ã衚瀺ãããã°ã©ãã®ãã®éšåã®è©³çŽ°ãª æ å ±ã衚瀺ãããŸãããã®ãããã¯ãã°ã©ãã®ç·ã«æ²¿ã£ãŠç§»åããŸããããŠã¹ã®ã«ãŒãœã«ã移åãã ãšãããããããã«åŸã£ãŠç§»åããŸããã°ã©ãã«äœæ¬ãã®ç·ãããå Žåããããã¯ããŠã¹ã«ãŒãœã«ã® 移åã«åŸã£ãŠç·ã®éã移åããŸããããã«ããããã®è²ã¯ãããã衚瀺ããŠããæ å ±ãã©ã®ç·ã«é¢ é£ãããã«ãã£ãŠå€ãããããç·ãäºãã«è¿æ¥ããŠããå Žåã«åœ¹ç«ã¡ãŸãã ãããã¯ãããæç¹ã§ ã®ãã©ãã£ãã¯ã®çš®é¡ãšãµã€ãºã«é¢ããæ å ±ã瀺ããŸãã ããŒãã«ãã¥ãŒ ãããŒã¢ãã¿ã®ããŒãã«ã«ã¯ãéå» 5ç§éã®ãããã¯ãŒã¯ãã©ãã£ãã¯ã«é¢ããæ å ±ã衚瀺ãã㟠ãã #:ãã©ãã£ãã¯ã¯ãçŸåšã®åž¯åå¹ äœ¿çšç¶æ³ã«åºã¥ããŠã©ã³ã¯ä»ããããŸãã UTM 9 管çã¬ã€ã 43 3.2 ãããŒã¢ãã¿ 3 ããã·ã¥ããŒã Application(ã¢ããªã±ãŒã·ã§ã³):å©çšå¯èœãªå Žåããããã¯ãŒã¯ãã©ãã£ãã¯ã®ãããã³ã«ãŸãã¯ååã æªåé¡ã®ãã©ãã£ãã¯ã¯ãã·ã¹ãã ã«ãšã£ãŠäžæãªçš®é¡ã®ãã©ãã£ãã¯ã§ããã¢ããªã±ãŒã·ã§ã³ã㯠ãªãã¯ãããšããŠã£ã³ããŠã«ãµãŒãã䜿çšããŒãããµãŒãæ¥ç¶ããšã®åž¯åå¹ ã®äœ¿çšç¶æ³ãåèšãã© ãã£ãã¯ã®æ å ±ã衚瀺ãããŸãã Client(ã¯ã©ã€ã¢ã³ã):ã¢ããªã±ãŒã·ã§ã³ã䜿çšããŠããã¯ã©ã€ã¢ã³ãæ¥ç¶æ°ãã¯ã©ã€ã¢ã³ããã¯ãªãã¯ãã ãšããŠã£ã³ããŠã«ã¯ã©ã€ã¢ã³ãã® IP ã¢ãã¬ã¹ãã¯ã©ã€ã¢ã³ãæ¥ç¶ããšã«äœ¿çšããã垯åå¹ ãåèšãã© ãã£ãã¯ã®æ å ±ã衚瀺ãããŸããæªåé¡ã®ãã©ãã£ãã¯ã®å Žåã¯ãããŒãã«å ã®ã¯ã©ã€ã¢ã³ãæ°ãè¿œ å æ å ±ãŠã£ã³ããŠã«è¡šç€ºãããã¯ã©ã€ã¢ã³ãæ°ãããå€ããªãå¯èœæ§ããããŸããããã¯ãæªåé¡ãã« è€æ°ã®ã¢ããªã±ãŒã·ã§ã³ãå«ãŸããããã§ãããããã£ãŠãæ å ±ãŠã£ã³ããŠã®ã¯ã©ã€ã¢ã³ãæ°ã 1〠ã§ãããŒãã«ã«ã¯ 3ã€ã®ã¯ã©ã€ã¢ã³ããååšããå ŽåããããŸããããã¯ã1ã€ã®ã¯ã©ã€ã¢ã³ãã 3çš® é¡ã®æªåé¡ã®ã¢ããªã±ãŒã·ã§ã³ã«æ¥ç¶ããŠããããšãèããããŸãã Bandwidth Usage now(çŸåšã®åž¯åå¹ äœ¿çšç¶æ³):éå» 5ç§éã®åž¯åå¹ äœ¿çšç¶æ³ã垯åå¹ ãã¯ãªã㯠ãããšããŠã£ã³ããŠã«ã¢ããªã±ãŒã·ã§ã³æ¥ç¶ã®ããŠã³ããŒãé床ãšã¢ããããŒãé床ã®æ å ±ã衚瀺ã ããŸãã Total Traffic(åèšãã©ãã£ãã¯):æ¥ç¶ã®ãã©ã€ãã¿ã€ã ãäžã«çæããããããã¯ãŒã¯ãã©ãã£ãã¯ã®åèš æ°ãäŸ 1:ããŠã³ããŒãããéå»ã®ããæç¹ã§éå§ããããŸã ç¶ç¶äžã§ããããŠã³ããŒãéå§æç¹ã ããæéäžã«çæããããã©ãã£ãã¯å šäœã衚瀺ãããŸããäŸ 2:è€æ°ã®ã¯ã©ã€ã¢ã³ãã Facebook ã 䜿çšããŠããŸãããããã 1ã€ã®ã¯ã©ã€ã¢ã³ããæ¥ç¶ããªãŒãã³ã«ããŠããéãããã¹ãŠã®ã¯ã©ã€ã¢ ã³ãã«ãã£ãŠãããŸã§ã«çæããããã©ãã£ãã¯ããã¹ãŠèç©ãããŠåèšãã©ãã£ãã¯ã«è¡šç€ºãã㟠ãã åèšãã©ãã£ãã¯ãã¯ãªãã¯ãããšããŠã£ã³ããŠã«ã¢ããªã±ãŒã·ã§ã³æ¥ç¶ã®ç·åããŠã³ããŒãé床ãšã¢ã ãããŒãé床ã®æ å ±ã衚瀺ãããŸãã Actions(ã¢ã¯ã·ã§ã³):ã¢ããªã±ãŒã·ã§ã³ã®çš®é¡ã«å¿ããŠãå©çšå¯èœãªã¢ã¯ã·ã§ã³ããããŸã (æªåé¡ã® ãã©ãã£ãã¯ãé€ã)ã 44 l ãããã¯:Block ãã¿ã³ãã¯ãªãã¯ãããšãçŸæç¹ãã該åœã¢ããªã±ãŒã·ã§ã³ããããã¯ãããŸãã ããã«ããããã¢ããªã±ãŒã·ã§ã³ ã³ã³ãããŒã« ãããŒãžã«ã«ãŒã«ãäœæãããŸãããã®ãªãã·ã§ã³ ã¯ãSophos UTMã®æ£åžžãªãªãã¬ãŒã·ã§ã³ã«å¿ èŠãªã¢ããªã±ãŒã·ã§ã³ã«å¯ŸããŠã¯å©çšã§ããŸã ããããšãã°ãWebAdmin ãã©ãã£ãã¯ã¯ãããã¯ã§ããŸãããããããããã¯ãããšããŠãŒã¶èª 身ã WebAdmin ããã·ã£ããã¢ãŠããããŠããŸããŸããæªåé¡ã®ãã©ãã£ãã¯ããããã¯ã§ã㟠ããã l ãã©ãã£ãã¯ã·ã§ãŒãã³ã°:Shape ãã¿ã³ãã¯ãªãã¯ãããšãåœè©²ã¢ããªã±ãŒã·ã§ã³ã®ãã©ãã£ã㯠ã·ã§ãŒãã³ã°ãæå¹ã«ãªããŸãã ãã€ã¢ãã°ãŠã£ã³ããŠãéããã«ãŒã«èšå®ãå®çŸ©ããããèŠ æ±ãããŸããå®äºããããä¿å ããã¯ãªãã¯ããŸããããã«ãããããã©ãã£ãã¯ã»ã¬ã¯ã¿ãããã³ ã垯åå¹ ããŒã« ãããŒãžã«ã«ãŒã«ãäœæãããŸãã UTM 9 管çã¬ã€ã 3 ããã·ã¥ããŒã 3.2 ãããŒã¢ãã¿ ã·ã§ãŒãã³ã°ã¯ã€ã³ã¿ãã§ãŒã¹åäœã§æ©èœãããããããã¹ãŠã®ã€ã³ã¿ãã§ãŒã¹ ããããŒã¢ãã¿ ãé²èŠ§ããŠããéã¯ãã©ãã£ãã¯ã·ã§ãŒãã³ã°ãå©çšã§ããŸããã l ããŠã³ããŒã垯åå¹ èª¿æŽ:Throttle ãã¿ã³ãã¯ãªãã¯ãããšãåœè©²ã¢ããªã±ãŒã·ã§ã³ã®ããŠã³ã㌠ã垯åå¹ ã®èª¿æŽãæå¹ã«ãªããŸãããã€ã¢ãã°ãŠã£ã³ããŠãéããã«ãŒã«èšå®ãå®çŸ©ããã ãèŠæ±ãããŸããå®äºããããä¿å ããã¯ãªãã¯ããŸããããã«ãããããã©ãã£ãã¯ã»ã¬ã¯ã¿ããã ã³ãããŠã³ããŒã垯åå¹ èª¿æŽ ãããŒãžã«ã«ãŒã«ãäœæãããŸããããŠã³ããŒã垯åå¹ èª¿æŽã¯ ã€ã³ã¿ãã§ãŒã¹åäœã§æ©èœããããããã¹ãŠã®ã€ã³ã¿ãã§ãŒã¹ ãããŒã¢ãã¿ãé²èŠ§ããŠããé ã¯ããŠã³ããŒã垯åå¹ èª¿æŽãå©çšã§ããŸããã UTM 9 管çã¬ã€ã 45 4 ãããžã¡ã³ã ãã®ç« ã§ã¯ãåºæ¬ã·ã¹ãã èšå®ããSophos UTMãWebAdmin ãªã©ã® Web ããŒã¹ç®¡çã€ã³ã¿ãã§ãŒã¹ ã®èšå®ãå®çŸ©ããæ¹æ³ã説æããŸãããæŠèŠ ãããŒãžã«ã¯ãå ããããå¯èœæ§ã®ããå€æŽãå«ãã æè¿ã® WebAdmin ã»ãã·ã§ã³ã®çµ±èšã衚瀺ãããŸããå€æŽã®è©³çŽ°ã確èªããã«ã¯ããå€æŽãã°ãå ã®ã衚瀺 ããã¿ã³ãã¯ãªãã¯ããŸãã ãç¶æ ãåã«ã¯ãååã® WebAdmin ã»ãã·ã§ã³ã®çµäºæéã衚瀺ãããŸãã 泚 â WebAdmin ã®ã»ãã·ã§ã³ãçµäºããã«ã¯ãããã°ãªã ãã¡ãã¥ãŒãã¯ãªãã¯ããŸããããã°ãªã ãã¡ ãã¥ãŒãã¯ãªãã¯ããªãã§ãã©ãŠã¶ãéããå Žåãããããžã¡ã³ãã>ãWebAdmin èšå®ã>ã詳现ãã¿ã㧠å®çŸ©ããæéãçµéãããšãã»ãã·ã§ã³ã¯ã¿ã€ã ã¢ãŠããšãªããŸãã ãã®ç« ã§ã¯ã次ã®ãããã¯ã«ã€ããŠèª¬æããŸãã l ã·ã¹ãã èšå® l WebAdminèšå® l ã©ã€ã»ã³ã¹ l Up2Date l ããã¯ã¢ãã/ãªã¹ã㢠l ãŠãŒã¶ããŒã¿ã« l éç¥ l ã«ã¹ã¿ãã€ãº l SNMP l éäžç®¡ç(SUM) l åé·å (HA) l ã·ã£ããããŠã³/ãªã¹ã¿ãŒã 4.1 ã·ã¹ãã èšå® ãã·ã¹ãã èšå® ãã®äžã«ããã¿ãã§ããã¹ãåãæ¥ä»ãæå»ãªã©ãUTM ã®åºæ¬èšå®ãè¡ãããšãã§ã ãŸãã 4.1 ã·ã¹ãã èšå® 4 ãããžã¡ã³ã 4.1.1 çµç¹ çµç¹ã®ååãšæåšå°ãããã³ Sophos UTM ã®éçšãæè¡çã«æ åœããæ åœè ãŸãã¯æ åœéšçœ²ã® ã¡ãŒã«ã¢ãã¬ã¹ãå ¥åããŸãããã®ããŒã¿ã¯ãIPsecãã¡ãŒã«æå·åãããã³ WebAdmin ã®èšŒææžã§ ã䜿çšãããŸãã 4.1.2 ãã¹ãå ãã®ãã£ãŒã«ãã«UTM ã®ãã¹ãåãå®å šä¿®é£Ÿãã¡ã€ã³å (FQDN) ã§å ¥åããŸã (äŸ: utm.example.com)ããã¹ãåã«ã¯è±æ°åãããããããã³ãã€ãã³ã䜿çšã§ããŸãããã¹ãåã®æ« å°Ÿã«ã¯comãorgãdeãªã©ã®ç¹æ®ãªèå¥åã䜿çšããå¿ èŠããããŸãããã¹ãåã¯ãéç¥ã¡ãã»ãŒ ãžã§UTMãèå¥ããããã«äœ¿çšãããŸãããŸãã Web ãã£ã«ã¿ããéä¿¡ãããã¹ããŒã¿ã¹ã¡ãã»ãŒãž ã«ã衚瀺ãããŸããã客æ§ã®ãã¡ã€ã³ã® DNS ãŸãŒã³ã«ãã¹ãåãç»é²ããå¿ èŠã¯ãããŸããã 4.1.3 æ¥ä»ãšæå» UTMã§ã¯ãæ¥ä»ãšæå»ãåžžã«æ£ããèšå®ããŠããå¿ èŠããããŸããããã¯ããã°ããã³ã¬ããŒãã£ã³ ã°ã·ã¹ãã ããæ£ããæ å ±ãååŸããããã€ã³ã¿ãŒãããäžã®ä»ã®ã³ã³ãã¥ãŒã¿ãšã®çžäºéçšæ§ãä¿ èšŒããããã«å¿ èŠã§ãã éåžžã¯ãæ¥ä»ãšæå»ãæåã§èšå®ããå¿ èŠã¯ãããŸãããããã©ã«ãã§ããããªãã¯ã®ã€ã³ã¿ãŒãã ããµãŒããšã®èªååæãæå¹åãããŠããŸã (ãã€ã³ã¿ãŒããããµãŒããšæéãåæ ãã®ã»ã¯ã·ã§ã³ ãåç §)ã ãŸãã§ã¯ãããŸãããã¿ã€ã ãµãŒããšã®åæãç¡å¹ã«ããå¿ èŠãããå Žåãæå»ãšæ¥ä»ãæå㧠å€æŽããããšãã§ããŸãããã ãããããè¡ãå Žåã¯ã以äžã®èŠåã«æ³šæããŠãã ããã 48 l ã·ã¹ãã æéãæšæºæéãããµããŒã¿ã€ã ã« (ãããã¯ãã®éã«) å€æŽããªãã§ãã ãããã ã®å€æŽã¯ãã¿ã€ã ãµãŒããšã®èªååæãç¡å¹ã«ããå Žåã§ããã¿ã€ã ãŸãŒã³ã®èšå®ã«ãã£ãŠ èªåçã«è¡ãããŸãã l ã¿ã€ã ãµãŒããšã®åæãæå¹ã«ãªã£ãŠããå Žåã¯ãæ¥ä»ãŸãã¯æå»ãæåã§å€æŽããªã㧠ãã ãããå€ãã®å Žåãèªååæã«ãããæåã§è¡ã£ãå€æŽãããã«åãæ¶ãããŸããæ¥ä»ãŸ ãã¯æå»ãæåã§èšå®ããå¿ èŠãããå Žåãæåã«ãNTP ãµãŒã ãããã¯ã¹ (äžã®ãã€ã³ã¿ãŒ ããããµãŒããšæéãåæ ãã»ã¯ã·ã§ã³) ãããã¹ãŠã®ãµãŒããåé€ãããé©çš ããã¯ãªãã¯ã㊠ãã ããã l ã·ã¹ãã æéãæåã§å€æŽããŠãããå€æŽãæåããããšãéç¥ããç·è²ã®ç¢ºèªã¡ãã»ãŒ ãžã衚瀺ããããŸã§åŸ æ©ããŸãã次ã«ãã·ã¹ãã ããªããŒãããŸã (ããããžã¡ã³ã > ã·ã£ããã UTM 9 管çã¬ã€ã 4 ãããžã¡ã³ã 4.1 ã·ã¹ãã èšå® ãŠã³/ãªã¹ã¿ãŒãã)ãå€ãã®ãµãŒãã¹ã§ã¯ãæéã¯é£ç¶çã«å€åããæ¥ã«å€åããèš³ã§ã¯ãªã ãšããäºå®ã«äŸåããŠããããããããæšå¥šãããŸããæéã«é£ã³ããããšãæ§ã ãªãµãŒã ã¹ã®èª€äœåã«ã€ãªããå¯èœæ§ããããŸãããã®ã¢ããã€ã¹ã¯ãããããçš®é¡ã®ã³ã³ãã¥ãŒã¿ ã·ã¹ãã ã«å ±éããŠè©²åœããŸãã l ãŸãã«ãã·ã¹ãã æéãå€æŽãããšãWebAdmin ã»ãã·ã§ã³ã匷å¶çµäºãããå¯èœæ§ããã ãŸãããããçºçããå Žåããã°ã€ã³ãçŽããŠãæå»ãæ£ããèšå®ãããŠããããšã確èªããåŸ ã§ã·ã¹ãã ãåèµ·åããŠãã ããã ããã€ãã®ã¿ã€ã ãŸãŒã³ã«ãŸãããçžäºæ¥ç¶ãããè€æ°ã®UTMãéçšããŠããå Žåã¯ããã¹ãŠã® ããã€ã¹ã«åãã¿ã€ã ãŸãŒã³ãéžæããŸã (äŸ: UTC (åå®äžçæ))ãããã«ããããã°ã¡ãã»ãŒãžãã ãç°¡åã«æ¯èŒã§ããŸãã ã·ã¹ãã æéãæåã§å€æŽãããšãã·ã¹ãã ãæ£ããåèµ·åããå Žåã§ããè€æ°ã®å¯äœçšãäºæ³ã ããŸãã l æå»ãæ©ãã l æå»ã«åºã¥ãã¬ããŒãã®å Žåãã¹ããããããæéã®ããŒã¿ããªããªããŸããã»ãšãã© ã®ã°ã©ãã§ã¯ããã®æéã¯ãæè¿èšé²ãããå€ãçŽç·ã§è¡šç€ºãããŸãã l l ã¢ã«ãŠã³ãã£ã³ã°ã¬ããŒãã§ã¯ããã®æéã¯ããã¹ãŠã®å€æ°ã 0 ã§è¡šç€ºãããŸãã æå»ãæ»ã l æå»ã«åºã¥ãã¬ããŒãã«ã¯ã該åœããæéã®ãã°ããŒã¿ããã§ã«ååšããŸãã l ã»ãšãã©ã®å³ã¯ããã®æéã«èšé²ãããå€ãå§çž®ããŠè¡šç€ºããŸãã l ããã·ã¥ããŒãã§è¡šç€ºãããæåŸã®ãã¿ãŒã³ãã§ãã¯ããã®çµéæéã¯ãããšãæåŸ ã®ãã§ãã¯ãã»ãã®æ°ååã«è¡ãããå Žåã§ãã£ãŠããå€ã«ã€ããŠããªãããšè¡šç€ºã ãŸãã l UTMäžã§èªåçã«äœæããã蚌ææžã¯ããããã®æå¹æéã®éå§æ¥ä»ãå°æ¥ã« ãªã£ãŠããå Žåã¯ç¡å¹ã«ãªããŸãã l ã¢ã«ãŠã³ãã£ã³ã°ã¬ããŒãã¯å°æ¥ã®æå»ããèšé²ãããå€ãä¿æããŸããå床å€æŽã è¡ã£ãæå»ã«ãªããšãã¢ã«ãŠã³ãã£ã³ã°ããŒã¿ã¯å床éåžžã©ããã«èšè¿°ãããŸãã ããããæ¬ ç¹ããããããã·ã¹ãã æéã¯ã·ã¹ãã ã®ã»ããã¢ããæã«äžåºŠã ãèšå®ãããã®åŸã¯ å°ã調æŽããã ãã«ããã¹ãã§ããããã¯ãã¬ããŒãããŒã¿ãããã«åŠçããå¿ èŠãããå Žåã ããŒã¿ã®ç²ŸåºŠãéèŠãªå Žåã«ã¯ãç¹ã«èšããããšã§ãã æ¥ä»ãšæå»ã®èšå® ã·ã¹ãã æéãæåã§èšå®ããã«ã¯ãæ¥ä»ãšæå»ãããããã®ããããããŠã³ãªã¹ãããéžæã㟠ãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã UTM 9 管çã¬ã€ã 49 4.1 ã·ã¹ãã èšå® 4 ãããžã¡ã³ã ã¿ã€ã ãŸãŒã³ ã®èšå® ã·ã¹ãã ã®ã¿ã€ã ãŸãŒã³ãå€æŽããã«ã¯ãããããããŠã³ãªã¹ãããå°åãŸãã¯ã¿ã€ã ãŸãŒã³ãéžæã ãŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã ã¿ã€ã ãŸãŒã³ãå€æŽããŠãã·ã¹ãã æéã¯å€æŽãããã圱é¿ãããã®ã¯ããã®ã³ã°ããŒã¿ãã¬ã㌠ãã£ã³ã°ããŒã¿ãªã©ã®åºåã«ãããæéã®è¡šç€ºã®ã¿ã§ããããã«ãã£ãŠãµãŒãã¹ãäžæããããšã¯ ãããŸãããããã¹ãŠã®ãµãŒãã¹ã§æ°ããæéèšå®ã䜿çšããããã«ãåŸã§åèµ·åããããšãæšå¥š ããŸãã ã€ã³ ã¿ãŒããã ãµãŒããšæéãåæ ã¿ã€ã ãµãŒãã䜿çšããŠã·ã¹ãã æå»ã®åæããšãã«ã¯ã1å°ä»¥äžã® NTP ãµãŒããéžæããŸããèš å®ãçµäºããããé©çš ããã¯ãªãã¯ããŸãã NTP ãµãŒã:ããã©ã«ãã§ã¯ãNTP Server PoolããéžæãããŠããŸãããã®ãããã¯ãŒã¯å®çŸ©ã¯ pool.ntp.org ãããžã§ã¯ãã®ãããªãã¯ã¿ã€ã ãµãŒãã®å€§ããªä»®æ³ã¯ã©ã¹ã¿ã«ãªã³ã¯ããŠããŸããã€ã³ ã¿ãŒããããµãŒãã¹ãããã€ãã顧客çšã« NTP ãµãŒããéçšããŠããããããã®ãµãŒããžã®ã¢ã¯ã» ã¹æš©ãããå ŽåãNTP Server Poolãåé€ããŠãããã€ãã®ãµãŒãã䜿çšããããšãæšå¥šãããŸãã ç¬èªã®ãµãŒããŸãã¯ãããã€ãã®ãµãŒããéžæããå Žåãè€æ°ã®ãµãŒãã䜿çšãããšã粟床ã ä¿¡é Œæ§ãåäžããŸãã3ã€ã®ç¬ç«ãããµãŒãã䜿çšããã°ãåžžã«ååã§ãããã以äžã®ãµãŒãã è¿œå ããŠãããããªãæ¹è¯ã¯ã»ãšãã©æåŸ ã§ããããµãŒãã®è² è·ãå¢å ããŸããNTP Server Poolãš ç¬èªãŸãã¯ãããã€ãã®ãµãŒãã®äž¡æ¹ã䜿çšããŠãã粟床ãä¿¡é Œæ§ã¯åäžããªãããã䜿çšã¯ æšå¥šãããŸããã 泚 â ã¯ã©ã€ã¢ã³ããã·ã³ããããã® NTP ãµãŒãã«æ¥ç¶ã§ããããã«ããã«ã¯ãããããã¯ãŒã¯ãµãŒ ãã¹ > NTP ãããŒãžã®èš±å¯ãããŠãããããã¯ãŒã¯ã«ãããã®ãã·ã³ãè¿œå ããŸãã ãã¹ãæ§æãµãŒã:ããã€ã¹ããéžæããã NTP ãµãŒããžã®æ¥ç¶ã確ç«ã§ããããšãšãNTP ãµãŒã ã䜿çšå¯èœãªæå»ããŒã¿ãè¿ãããšããã¹ãããéã¯ããã®ãã¿ã³ãã¯ãªãã¯ããŸããããã§ãã䜿ã ã®ã·ã¹ãã ãšãµãŒãéã®æéã®ãªãã»ããã枬å®ããŸããã䜿ãã®ã·ã¹ãã ãæ£ããèšå®ãããŠã ããäžå®æéã«ããã£ãŠå®å®ããç¶æ ã§åäœããŠããå Žåã¯ããªãã»ããã¯äžè¬çã«1ç§æªæºã«ãª ããŸãã éåžžãNTP ãæå¹åãããä»ã®ãµãŒããè¿œå ããçŽåŸã¯ããªãã»ãããããããé·ããªããŸããæé ã®é£ã³ãé²ãããã«ãNTP ã¯ãã£ãããšã·ã¹ãã æéãããããŸãããããŠãã·ã¹ãã æéã¯æé ã®é£ã³ãªãè£æ£ãããŸãããã®ãããªç¶æ³ãçºçããå Žåã¯ããã°ããåŸ æ©ããŠãã ãããç¹ã«ããã® ãããªå Žåã«ã¯ãã·ã¹ãã ãåèµ·å ããªãã§ãã ããããã®ä»£ããã«ãçŽ 1æéåŸã«åã³ãã§ãã¯ã ãŠãã ããããªãã»ãããæžå°ãããšããã¹ãŠãæ£ããæ©èœããããã«ãªããŸãã 50 UTM 9 管çã¬ã€ã 4 ãããžã¡ã³ã 4.1 ã·ã¹ãã èšå® 4.1.4 ã·ã§ã«ã¢ã¯ã»ã¹ ã»ãã¥ã¢ã·ã§ã« (SSH) ã¯ã³ãã³ãã©ã€ã³ã¢ã¯ã»ã¹ã¢ãŒãã§ãããäž»ã«UTMãžã®ãªã¢ãŒãã·ã§ã«ã¢ã¯ã» ã¹ãååŸããããã«äœ¿çšãããŸããããã¯éåžžãããæ·±ãã¬ãã«ã®ã¡ã³ããã³ã¹ããã©ãã«ã·ã¥ãŒ ãã£ã³ã°ã«äœ¿çšãããŸãããã®ã·ã§ã«ã«ã¢ã¯ã»ã¹ããã«ã¯ãSSH ã¯ã©ã€ã¢ã³ããå¿ èŠã§ããSSH㯠㩠ã€ã¢ã³ãã¯äžè¬çã«ãã»ãšãã©ã® Linux ãã£ã¹ããªãã¥ãŒã·ã§ã³ã«è£ åãããŠããŸãã èš±å¯ããã 㯠ãŒã¯ ãèš±å¯ãããã¯ãŒã¯ ãã³ã³ãããŒã«ã䜿çšããŠããã®æ©èœãžã®ã¢ã¯ã»ã¹ãç¹å®ãããã¯ãŒã¯ã®ã¿ã«å¶é ããŸããããã«ãªã¹ãããããããã¯ãŒã¯ã¯ãSSH ãµãŒãã¹ã«æ¥ç¶ã§ããŸãã èªèšŒ ãã®ã»ã¯ã·ã§ã³ã§ãSSH ã¢ã¯ã»ã¹ã®èªèšŒæ¹æ³ãšã¢ã¯ã»ã¹ã®å³æ Œããå®çŸ©ã§ããŸãã以äžã®èªèšŒæ¹æ³ ãå©çšã§ããŸãã l ãã¹ã¯ãŒã (ããã©ã«ã) l å ¬ééµ l ãã¹ã¯ãŒããšå ¬ééµ ãå ¬ééµèªèšŒ ãã䜿çšããã«ã¯ãå ¬ééµã§ã®èªèšŒãèš±å¯ãããåãŠãŒã¶ã«ã€ããŠãããããã®å ¬ ééµãããã°ã€ã³ãŠãŒã¶ã«æ¿èªãããéµ ããã£ãŒã«ãã«ã¢ããããŒãããå¿ èŠããããŸãã root ãã°ã€ã³èš±å¯:root ãŠãŒã¶ã«å¯Ÿã㊠SSH ã¢ã¯ã»ã¹ãèš±å¯ã§ããŸãããã®ãªãã·ã§ã³ãæå¹ã«ãã ãšã»ãã¥ãªãã£ãªã¹ã¯ãé«ããªããããããã©ã«ãã§ã¯ç¡å¹ã«ãªã£ãŠããŸãããã®ãªãã·ã§ã³ãæå¹ã« ãããšãã«ãŒããŠãŒã¶ã¯å ¬ééµãä»ããŠãã°ã€ã³ã§ããŸãããroot çšã®å ¬ééµ ããã£ãŒã«ãã« root ãŠãŒã¶ã®å ¬ééµãã¢ããããŒãããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã ã·ã§ã« ãŠãŒã¶ ãã¹ã¯ ãŒã ããã©ã«ãã®ã·ã§ã«ã¢ã«ãŠã³ã root (ã«ãŒã) ããã³ loginuser (ãã°ã€ã³ãŠãŒã¶) çšã®ãã¹ã¯ãŒãã å ¥åããŸããããã 2ã€ã®ã¢ã«ãŠã³ãã®ããããäžæ¹ã®ãã¹ã¯ãŒãã®ã¿ãå€æŽããã«ã¯ãä»æ¹ã®ã¢ ã«ãŠã³ãã®å ¥åããã¯ã¹ã空çœã®ãŸãŸã«ããŸãã 泚 â SSH ã·ã§ã«ã¢ã¯ã»ã¹ãæå¹ã«ããã«ã¯ãæåã«ãã¹ã¯ãŒããèšå®ããå¿ èŠããããŸãããã ã«ããå®çŸ©ãšãŠãŒã¶ > èªèšŒãµãŒã > 詳现 ãã¿ãã§èšå®ãããã¹ã¯ãŒãã®è€éãã®èšå®ã«æºæ ãã UTM 9 管çã¬ã€ã 51 4.1 ã·ã¹ãã èšå® 4 ãããžã¡ã³ã ãã¹ã¯ãŒãã®ã¿ãæå®ã§ããŸããã€ãŸããè€éãªãã¹ã¯ãŒããæå¹ã«ããå Žåã¯ãã·ã§ã«ãŠãŒã¶ ã®ãã¹ã¯ãŒããåãèŠä»¶ãæºããããšãå¿ èŠã«ãªããŸãã SSH ããŒã¢ã³ ãªã¹ãã³ ã° ããŒã ãã®ãªãã·ã§ã³ã§ãSSH ã«äœ¿çšãã TCP ããŒããå€æŽã§ããŸããããã©ã«ãã§ã¯ãæšæº SSH ããŒãã® 22 ãèšå®ãããŠããŸããããŒããå€æŽããã«ã¯ã1024ïœ65535ã®é©åãªå€ããããŒãçªå· ããã㯠ã¹ã«å ¥åãããé©çš ããã¯ãªãã¯ããŸãã 4.1.5 ã¹ãã£ã³èšå® ã¢ã³ ã㊠ã€ã«ã¹ãšã³ ãžã³ èšå® WebAdmin ãéããŠãã¹ãŠã®ã·ã³ã°ã«ã¹ãã£ã³èšå®ã«äœ¿çšããã¢ã³ããŠã€ã«ã¹ãšã³ãžã³ãéžæã㟠ãããã¥ã¢ã«ã¹ãã£ã³èšå®ã§ã¯ãäž¡æ¹ã®ã¢ã³ããŠã€ã«ã¹ãšã³ãžã³ã䜿çšãããŸããBasic Guad ãµã ã¹ã¯ãªãã·ã§ã³ã§ã¯ãã¥ã¢ã«ã¹ãã£ã³ã¯å©çšã§ããŸããã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ã ãŸãã 4.1.6 èšå®ãŸãã¯ãã¹ã¯ãŒãã®ãªã»ãã ãèšå®ãŸãã¯ãã¹ã¯ãŒãã®ãªã»ãããã¿ãã®ãªãã·ã§ã³ã§ãã·ã§ã«ãŠãŒã¶ã®ãã¹ã¯ãŒããåé€ã§ã㟠ããããã«ãå·¥å Žåºè·æã®ç¶æ ã«æ»ãããšãã§ããŸãã ã·ã¹ãã ãã¹ã¯ãŒãã®ãªã»ãã:ãã®æ©èœãå®è¡ãããšã以äžã®ãŠãŒã¶ã®ãã¹ã¯ãŒãããªã»ãããã㟠ãã l root ãŠãŒã¶( ã·ã§ã«ãŠãŒã¶) l loginuser (ã·ã§ã«ãŠãŒã¶) l admin (äºåã«å®çŸ©ãããŠãã管çè ã¢ã«ãŠã³ã) ããã«ãã·ã¹ãã ãåæ¢ããã«ã¯ããåŸã§ã·ã¹ãã ãã·ã£ããããŠã³ããªãã·ã§ã³ãéžæããŸãã ã»ãã¥ãªãã£ã«é¢ããæ³šèš â 次㫠WebAdmin ã«æ¥ç¶ãã人ã«å¯ŸããŠããadmin ãã¹ã¯ãŒãèšå® ãã〠ã¢ãã°ãŠã€ã³ããŠã衚瀺ãããŸãããããã£ãŠããã¹ã¯ãŒãããªã»ããããããããã«ãã°ã¢ãŠããã ãã©ãŠã¶ã§ãã®ããŒãžããªããŒã (åèªã¿èŸŒã¿) ããŠãæ°ãã admin ãã¹ã¯ãŒããèšå®ããŠãã ã ãã 52 UTM 9 管çã¬ã€ã 4 ãããžã¡ã³ã 4.2 WebAdmin èšå® ãŸããããããžã¡ã³ã > ã·ã¹ãã èšå® > ã·ã§ã«ã¢ã¯ã»ã¹ ãã¿ãã§æ°ããã·ã§ã«ãã¹ã¯ãŒããèšå®ããªã éããã·ã§ã«ã¢ã¯ã»ã¹ã¯å®è¡ã§ããªããªããŸãã åºè·æèšå®ã«åæåãã:ãã®æ©èœã¯ãå·¥å Žåºè·æã®ããã©ã«ãã®èšå®ã«ããã€ã¹ããªã»ããã㟠ãã以äžã®ããŒã¿ãåé€ãããŸãã l ã·ã¹ãã èšå® l Web ãã£ã«ã¿ãã£ãã·ã¥ l ãã°ããã³ã¬ããŒãã£ã³ã°ããŒã¿ l ããŒã¿ããŒã¹ l æŽæ°ããã±ãŒãž l ã©ã€ã»ã³ã¹ l ãã¹ã¯ãŒã l åé·åã¹ããŒã¿ã¹ ãã ããSophos UTMãœãããŠã§ã¢ã®ããŒãžã§ã³çªå·ã¯ãã®ãŸãŸã§ããã€ãŸããã€ã³ã¹ããŒã«ãããã ã¹ãŠã®ãã¡ãŒã ãŠã§ã¢ããã³ãã¿ãŒã³ã®æŽæ°ãç¶æããããšããããšã§ãã 泚 âSophos UTM ã¯ãåºè·æèšå®ãžã®åæåãéå§ãããšã·ã£ããããŠã³ããŸãã 4.2 WebAdmin èšå® ããããžã¡ã³ã > WebAdmin èšå® ãã®äžã«ããã¿ãã§ãTCP ããŒãããŠãŒã¶èšå®ãããã³ WebAdmin ã® èšèªãšãã£ã WebAdmin ã®åºæ¬èšå®ãæ§æã§ããŸãã 4.2.1 äžè¬ ãWebAdmin èšå® > äžè¬ ãã¿ãã§ãWebAdmin èšèªãšåºæ¬ã¢ã¯ã»ã¹èšå®ãæ§æã§ããŸãã We b Ad min èšèª WebAdmin ã®èšèªãéžæããŸããéžæããèšèªã¯ WebAdmin ã®åºåã«ãäžéšäœ¿çšãããŸãã (äŸ: ã¡ãŒã«éç¥ããšã°ãŒã¯ãã£ãã¬ããŒããªã©)ããã¯ã°ããŒãã«èšå®ã§ããã¹ãŠã®ãŠãŒã¶ã«é©çšãã㟠ãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã èšèªãå€æŽããåŸã¯ããã¹ãŠã®ããã¹ããæ£ããèšèªã§è¡šç€ºãããããã«ãã©ãŠã¶ã®ãã£ãã·ã¥ã 空ã«ããå¿ èŠãããå ŽåããããŸãã UTM 9 管çã¬ã€ã 53 4.2 WebAdmin èšå® 4 ãããžã¡ã³ã Web Ad min ã¢ã¯ã»ã¹èšå® ããã§ãWebAdmin ãžã®ã¢ã¯ã»ã¹ãèš±å¯ããããŠãŒã¶ããããã¯ãŒã¯ãèšå®ã§ããŸãã èš±å¯ãã管çè :Sophos UTMSophos UTM ã¯åæã«è€æ°ã®ç®¡çè ã«ãã£ãŠç®¡çã§ããŸãããèš±å¯ã ãã管çè ãããã¯ã¹ã§ãWebAdmin ã€ã³ã¿ãã§ãŒã¹ãžã®ç¡å¶éã®èªã¿åãããã³æžã蟌ã¿ã¢ã¯ã» ã¹ãæã€ãŠãŒã¶ãŸãã¯ã°ã«ãŒããæå®ã§ããŸããããã©ã«ãã§ã¯ããã㯠SuperAdmins ã®ã°ã«ãŒã ã«ãªããŸãã èš±å¯ãããã¯ãŒã¯:ãèš±å¯ãããã¯ãŒã¯ ãããã¯ã¹ã§ãWebAdmin ã€ã³ã¿ãã§ãŒã¹ã«æ¥ç¶ã§ããããã ã¯ãŒã¯ãå®çŸ©ã§ããŸããUTMãã¹ã ãŒãºã«ã€ã³ã¹ããŒã«ããããã«ãããã©ã«ãã¯ããã¹ãŠãã«ãªã£ãŠ ããŸããããã¯ãWebAdmin ã€ã³ã¿ãã§ãŒã¹ã¯ã©ãããã§ãã¢ã¯ã»ã¹ã§ããããšãæå³ããŸãããã®èš å®ã¯ãã§ããã ãæ©ãå éšãããã¯ãŒã¯ã«å€æŽããŠãã ããããã ããæãã»ãã¥ã¢ãªãœãªã¥ãŒã·ã§ã³ ã¯ãHTTPS çµç±ã® 1å°ã®ç®¡çè çš PC ã®ã¿ã«ã¢ã¯ã»ã¹ãå¶éããããšã§ãã ã¢ã¯ã»ã¹ãã©ãã£ãã¯ããã°:ãã¹ãŠã® WebAdmin ã¢ã¯ã»ã¹ã¢ã¯ãã£ããã£ããã¡ã€ã¢ãŠã©ãŒã«ãã°ã«ã ã°ããå Žåã¯ããã¢ã¯ã»ã¹ãã©ãã¯ããã°ããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŸãã 4.2.2 ã¢ã¯ã»ã¹å¶åŸ¡ ãWebAdmin èšå® > ã¢ã¯ã»ã¹å¶åŸ¡ ãã¿ãã§ãç¹å®ã®ãŠãŒã¶ã«å¯Ÿã㊠WebAdmin ããŒã«ãäœæããããš ãã§ããŸããããã«ãããWebAdmin ãŠãŒã¶ã«ä»äžã§ããæš©éã现ããå®çŸ©ããããšãã§ããŸãã 以äžã® 2ã€ã®ãŠãŒã¶ããŒã«ããããããå®çŸ©ãããŠããŸãã AUDITOR(ç£æ»æ åœè ):ãã®ããŒã«ã®ãŠãŒã¶ã¯ããã°ããŒã¿ãã¬ããŒãããŒã¿ãåç §ã§ããŸãã READONLY(èªåå°çš):ãã®ããŒã«ã®ãŠãŒã¶ã¯ãWebAdmin å ã®ãã¹ãŠãåç §ã§ããŸãããç·šéã äœæãåé€ã¯äžåã§ããŸããã ãããã®ããããã®ããŒã«ããŠãŒã¶ãŸãã¯ã°ã«ãŒãã«å²ãåœãŠãã«ã¯ããç·šé ããã¿ã³ãã¯ãªãã¯ãã åãŠãŒã¶ãŸãã¯ã°ã«ãŒãããã¡ã³ã ãããã¯ã¹ã«è¿œå ããŸãã ã»ãã¥ãªãã£ããªã·ãŒã«å¿ããŠãè¿œå ã®ããŒã«ãäœæããããšãã§ããŸãã以äžã®æé ã«åŸã£ãŠãã ããã 1. ãã¢ã¯ã»ã¹å¶åŸ¡ ãã¿ãã§ããæ°èŠããŒã« ããã¯ãªãã¯ããŸãã ãããŒã«ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã®å®çŸ©ã説æããååãå ¥åããŸãã ã¡ã³ããŒ:ãã®ããŒã«ãå²ãåœãŠããŠãŒã¶ãšã°ã«ãŒãããã®ããã¯ã¹ã«è¿œå ããŸãã 54 UTM 9 管çã¬ã€ã 4 ãããžã¡ã³ã 4.2 WebAdmin èšå® èªåå°çšã¢ã¯ã»ã¹ã®ã¿èš±å¯ (ãªãã·ã§ã³):ãã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ãã ãšãWebAdmin ã®ãã¹ãŠã®ãšãªã¢ãžã®èªåå°çšã¢ã¯ã»ã¹ããæå®ã¡ã³ããŒã«ä»äžãããŸãã æš©é:ãã®ããã¯ã¹ã§ã¯ãWebAdmin ã®ç°ãªãè·çš® (Auditor:ç£æ»æ åœè ãšManager:管çè ) 㫠察ããç°ãªãæš©éã¬ãã«ãå«ãŸããŠããŸããManagerã¯åæ©èœã«å¯Ÿããå®å šãªç®¡çæš©éã æã¡ãŸãããAuditorã¯åç §æš©éã®ã¿ã§ããæš©éã®åã«ãããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ ããŠã1ã€ä»¥äžã®æš©éãéžæããããšãã§ããŸãã äŸ:ãŠãŒã¶ Jon Doe ã«ãã¡ãŒã«ãããã¯ã·ã§ã³ã®Manageræš©éãä»äžããè¿œå ã§ãèªåå°çšã¢ã¯ ã»ã¹ãä»äž ããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ãããšããŸãããã®ãŠãŒã¶ã¯ãã¡ãŒã«ãããã¯ã·ã§ ã³ã®ã»ã¯ã·ã§ã³ã§ã¯èšå®ãå€æŽã§ããŸãããWebAdmin ã®ãã®ä»ã®ãšãªã¢ã§ã¯åç §ã®ã¿å¯ èœã§ãå€æŽã¯äžåã§ããŸããã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã ããŒã«ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸããAUDITORãšREADONLYã®å ããŒã«ã¯åé€ã§ããŸããã 4.2.3 HTTPS 蚌ææž ããããžã¡ã³ã > WebAdmin èšå® > HTTPS 蚌ææž ãã¿ãã§ãWebAdmin CA 蚌ææžããã©ãŠã¶ã«ã€ã³ ããŒãããããWebAdmin 蚌ææžãåçæããããWebAdmin ãšãŠãŒã¶ããŒã¿ã«ã§ã®çœ²å蚌ææžã®äœ¿ çšãéžæãããã§ããŸãã WebAdmin ã¢ã¯ã»ã¹ã®ååã»ããã¢ããæã«ãããŒã«ã« CA 蚌ææžãUTMã§äœæããŸããããã® CA 蚌ææžã®å ¬ééµãã䜿ãã®ãã©ãŠã¶ã«ã€ã³ã¹ããŒã«ãããšãWebAdmin ã€ã³ã¿ãã§ãŒã¹ãžã®ã¢ã¯ã»ã¹ æã«ã»ãã¥ãªãã£èŠåã衚瀺ãããªããªããŸãã CA 蚌ææžãã€ã³ããŒãããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ãHTTPS 蚌ææž ãã¿ãã§ãCA 蚌ææžãã€ã³ããŒãããã¯ãªãã¯ããŸãã CA 蚌ææžã®å ¬ééµããšã¯ã¹ããŒããããŸãã CA 蚌ææžã®å ¬ééµã¯ããã£ã¹ã¯ã«ä¿åããããã䜿ãã®ãã©ãŠã¶ã«ã€ã³ã¹ããŒã«ã§ã㟠ãã 2. 蚌ææžãã€ã³ã¹ããŒã«ããŸã (ãªãã·ã§ã³)ã ãã©ãŠã¶ã«ãã€ã¢ãã°ããã¯ã¹ã衚瀺ããã蚌ææžã®ã€ã³ã¹ããŒã«ãããã«éžæã§ããŸãã UTM 9 管çã¬ã€ã 55 4.2 WebAdmin èšå® 4 ãããžã¡ã³ã 泚 â ã·ã¹ãã æå»ãšã¿ã€ã ãŸãŒã³ã®éãã«ãã£ãŠèšŒææžãäœæããŠãããã«æå¹ã«ãªããªãå Žå ããããŸãããã®å Žåãã»ãšãã©ã®ãã©ãŠã¶ã§ã¯ã蚌ææžãæéåãã§ãããšè¡šç€ºãããŸããã ãã®è¡šç€ºã¯ééã£ãŠããŸãããã ãã蚌ææžã¯ 24æé以å ã«ã¯èªåçã«æå¹ã«ãªãããã®åŸ 27 幎éæå¹æéãæç¶ããŸãã Web Ad min 蚌ææžã®åçæ WebAdmin 蚌ææžã¯ãã客æ§ãååãã°ã€ã³æã«æå®ãããã¹ãåãåç §ããŸãããã®éã«ãã¹ã åãå€æŽãããå Žåã¯ããã©ãŠã¶ãã»ãã¥ãªãã£èŠåã衚瀺ããŸãããã®åé¡ãé¿ããããã«ãæ° ãããã¹ãåãèæ ®ã«å ¥ããŠèšŒææžãäœæã§ããŸãããã®ãããªãã¹ãåãå ¥åããŠãé©çš ãã㯠ãªãã¯ããŸãã蚌ææžã®å€æŽåŸãWebAdmin ã§åŒãç¶ãäœæ¥ãè¡ãã«ã¯ãå€ãã®å Žåãã䜿ãã® Web ãã©ãŠã¶ã§ããŒãžããªããŒã (åèªã¿èŸŒã¿)ããæ°ãã蚌ææžãæ¿èªããŠãWebadmin ã«å床ãã°ã€ã³ ããå¿ èŠããããŸãã Web Ad min / ãŠãŒã¶ããŒã¿ã«èšŒææžã®éžæ CA 蚌ææžãã€ã³ããŒããã代ããã«ãç¬èªã«çœ²åãã蚌ææžã WebAdmin ããã³ãŠãŒã¶ããŒã¿ã« ã§äœ¿çšãããå Žåãããã§ãã®èšŒææžãéžæããŸãããã ããããããããŠã³ãªã¹ãã§èšŒææžãéžæ ã§ããããã«ããããã«ã¯ãæåã«ããªã¢ãŒãã¢ã¯ã»ã¹ > 蚌ææžç®¡ç > 蚌ææž ãã¿ãã«ãããŠã蚌æ æžãCAãç§å¯éµãå«ãŸãã蚌ææžã PKCS#12 圢åŒã§ã¢ããããŒãããå¿ èŠããããŸããã¢ãã ããŒãããã蚌ææžã䜿çšããã«ã¯ãã蚌ææž ãããããããŠã³ãªã¹ãããéžæãããé©çš ããã¯ãªãã¯ã ãŸãã 4.2.4 ãŠãŒã¶èšå® ããããžã¡ã³ã > WebAdmin èšå® > ãŠãŒã¶èšå® ãã¿ãã§ãçŸåšãã°ã€ã³ããŠãããŠãŒã¶ã®ããã«ã°ã㌠ãã«ã·ã§ãŒãã«ãããããŒãžãããã®ã¢ã€ãã ãšãã£ããŠãŒã¶ããªãã¡ã¬ã³ã¹ (åºæ¬èšå®) ãæ§æã§ã ãŸãã Web Ad min ã·ã§ãŒã ã«ãã ã®èšå® ããã§ã¯ãå€ãã®èšå®ã«äœ¿çšããããã©ãã°ïŒããããã®ãªããžã§ã¯ããªã¹ããéãããéãããããã ãã®ããŒããŒãã·ã§ãŒãã«ãããèšå®ã§ããŸã (詳现ã¯ããWebAdmin > ãªããžã§ã¯ããªã¹ãããåç §)ã㟠ããæ€çŽ¢ããã¯ã¹ã®ã«ãŒãœã«ãã©ãŒã«ã¹ãèšå®ã§ããŸã (ãWebAdmin > WebAdmin ã¡ãã¥ãŒããåç §)ã ããããããŠã³ãªã¹ãã䜿çšããŠãAltãCtrlãShift ãªã©ã®å皮修食ããŒãšããã¹ãããã¯ã¹ãéžæãã ç°ãªãæåãå ¥åããŠãã ããããŸããããããããŠã³ãªã¹ãã§ããªã ããéžæããŠãããŒããŒãã·ã§ãŒã ã«ããããªãã«ã§ããŸãã 56 UTM 9 管çã¬ã€ã 4 ãããžã¡ã³ã 4.2 WebAdmin èšå® ããã©ã«ãã®èšå®ã«æ»ãã«ã¯ããåºè·æèšå®ã«ãªã»ããããã¿ã³ãã¯ãªãã¯ããŸãã èšå®ãä¿åããã« ã¯ãé©çš ããã¯ãªãã¯ããŸãã ããŒãã«ã ãŒãžã£ãªãã·ã§ã³ ãã㧠WebAdmin ã®ããŒãã«ã®ããŒãžããŒã·ã§ã³ (ããŒãžå²ã)ãã€ãŸããããŒãžãããã®ã¢ã€ãã 㮠衚瀺æ°ãã°ããŒãã«ã«å®çŸ©ã§ããŸããããããããŠã³ãªã¹ããã¯ãªãã¯ããŠå€ãéžæããŸãã èšå®ã ä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã We b Ad min ãã©ãŠ ã¶ã¿ã€ã ã«ã®ã«ã¹ã¿ãã€ãº ããã§ã¯ãWebAdmin ãã©ãŠã¶ã®ãŠã£ã³ããŠãŸãã¯ã¿ãã«è¡šç€ºããã©ãã«ãå€æŽã§ããŸãããã¬ãŒã³ã ãã¹ããå ¥åãããã次ã®å€æ°ã䜿çšã§ããŸãã l %h: ãã¹ãå l %u: ãŠãŒã¶å l %i: ãªã¢ãŒã IP ã¢ãã¬ã¹ ããã©ã«ãèšå®ã¯ãWebAdmin - User %u - Device %h ã§ãããã¯ããšãã°ãWebAdmin - User admin - Device my_gateway.example.com ã®ããã«è¡šç€ºãããŸãã èšå®ãä¿åããã«ã¯ãé©çš ãã㯠ãªãã¯ããŸãã 4.2.5 詳现 We b Ad min ã¢ã€ãã«ã¿ã€ã ã¢ãŠ ã åŸ ã¡æé:ãã®ãã£ãŒã«ãã§ã¯ãã©ãããã WebAdmin ã»ãã·ã§ã³ã®ã¢ã€ãã«æéãç¶ããã管çè ã«å床ãã°ã€ã³ãèŠæ±ããããç§åäœã§æå®ã§ããŸããããã©ã«ãã§ã¯ãã¢ã€ãã«ã¿ã€ã ã¢ãŠã㯠300ç§ã«èšå®ãããŠããŸããæå®ã§ããç¯å²ã¯ 60ïœ86,400ç§ã§ãã ããã·ã¥ããŒãç»é¢ã§ããã°ã¢ãŠã:WebAdmin ã®ãããã·ã¥ããŒã ãããŒãžãéããšãèªåãã°ã¢ãŠãæ© èœã¯ããã©ã«ãã§ç¡å¹ã«ãªã£ãŠããŸãããã ãããã®ãªãã·ã§ã³ãéžæããŠãèªåãã°ã¢ãŠãæ©èœã ããã·ã¥ããŒãã§ãæå¹åããããšãã§ããŸãã We b Ad min TCPããŒã ããã©ã«ãã§ã¯ãããŒã 4444 ã WebAdmin ã® TCP ããŒããšããŠäœ¿çšããŸãããTCP ããŒããããã¯ã¹ã« ã¯ã443 ããã㯠1024ïœ65535 ã®ä»»æã®å€ãå ¥åã§ããŸãããã ããäžéšã®ããŒãã¯ä»ã®ãµãŒã ã¹çšã«äºçŽãããŠããŸããç¹ã«ãããŒã 10443 ã¯äœ¿çšã§ããŸããããŸãããŠãŒã¶ããŒã¿ã«ããã㯠SSL ãªã¢ãŒãã¢ã¯ã»ã¹ã«äœ¿çšããŠãããã®ãšåãããŒãã¯äœ¿çšã§ããŸãããWebAdmin ã«ã¢ã¯ã»ã¹ã ããšãã¯ããã©ãŠã¶ã®ã¢ãã¬ã¹ããŒã§ããŒãçªå·ã IP ã¢ãã¬ã¹ã« (ã³ãã³ã§åºåã£ãŠ) è¿œå ããå¿ èŠ ããããŸããããšãã°ãhttps://192.168.0.1:4444 ã®ããã«æå®ããŸãã UTM 9 管çã¬ã€ã 57 4.2 WebAdmin èšå® 4 ãããžã¡ã³ã å©çšèŠçŽ äŒç€Ÿããªã·ãŒã§ãWebAdmin ãžã®ã¢ã¯ã»ã¹ãæ±ãããŠãŒã¶ã«å©çšèŠçŽãžã®åæãæ±ããããšãã§ã ãŸãããŠãŒã¶ã WebAdmin ã«ãã°ã€ã³ãããã³ã«å©çšèŠçŽã«åæããããšãèŠæ±ããã«ã¯ãããã°ã€ ã³åŸã«ãå©çšèŠçŽãã衚瀺 ããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŸããããã«ããããŠãŒã¶ããã°ã€ã³ã ããšå©çšæ¡ä»¶ã衚瀺ãããããã«ãªããŸããå©çšæ¡ä»¶ã«åæããªããšãåã³ãã°ã¢ãŠããããŸãã å¿ èŠã«å¿ããŠå©çšèŠçŽã®æé¢ãå€æŽããããšãã§ããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªã㯠ããŸãã Sop hos U TM Imp r ove men t Pr ogr am çŸåšã®èšå®ã«é¢ããäžè¬çãªå¿åæ å ±ãæ€ç¥ãããŠã€ã«ã¹ã«é¢ããæ å ±ãSophos UTMã«è»¢é ããããšã§ãSophos UTMã®æ¹åã«ãååãã ããããã®çš®ã®æ å ±ãããŠãŒã¶ãç¹å®ããããšã¯ãã ãŸããããŸãç¹å®ããããšãã§ããŸããããŠãŒã¶åºæã®æ å ±ãã€ãŸããŠãŒã¶åããªããžã§ã¯ãåãã³ã¡ ã³ãããã®ä»ã®å人æ å ±ãåéããããšã¯ãããŸããããã ããWeb ãã£ã«ã¿ã®ã¢ã³ããŠã€ã«ã¹ã¹ ãã£ã³ãæå¹ã«ãªã£ãŠããå Žåã¯ããŠã€ã«ã¹ãçºèŠããã URL æ å ±ã¯éä¿¡ãããŸãã æ å ±ã¯ãSSL ã«ããæå·åããŠSophosã«éä¿¡ãããŸããéä¿¡ãããããŒã¿ã¯éèšåœ¢åŒã§ä¿åãã ãŸããSophosã®ãœãããŠã§ã¢ã¢ãŒããã¯ãã¯ããã®ããŒã¿ãåºã«èšèšé¢é£ã®æ±ºå®ãè¡ããå°æ¥ã® ããŒãžã§ã³ã®Sophos UTMã®åäžã«åœ¹ç«ãŠãŸãã ãå¿ååãã䜿çšç¶æ³çµ±èšãéä¿¡ ããªãã·ã§ã³ãæå¹ã«ãããšãUTMã§ã¯æ¬¡ã®æ å ±ãåéããŸãã l èšå®ãšäœ¿çšç¶æ³ã«é¢ããããŒã¿:ã·ã¹ãã ãã Sophos ã®ãµãŒãã«é±ã«äžåºŠã次ã®ããŒã¿ã éä¿¡ãããŸãã l 次ã®ãããªããŒããŠã§ã¢ããã³ã©ã€ã»ã³ã¹æ å ± (ææè ãé€ã): processor Intel(R) Core(TM)2 Duo CPU E8200 @ 2.66GHz memory 512MiB System Memory eth0 network 82545EM Gigabit Ethernet Controller id: UTM version:9.000000 type: virtual license: standard mode: standalone active_ips:2 system_id:58174596-276f-39b8-854b-ffa1886e3c6c 58 UTM 9 管çã¬ã€ã 4 ãããžã¡ã³ã 4.3 ã©ã€ã»ã³ã¹ ã·ã¹ãã IDã¯ãåã€ã³ã¹ããŒã«ã®åŸãªã©ã«ãã·ã¹ãã æ å ±ã誀ã£ãŠ 2ååéãããã ãšããªãããã«ç¢ºèªã§ããç¯å²ã®ã¿ã§UTMãèå¥ããŸãã l 次ã®ãããªæ©èœã®äœ¿çšç¶æ³ (æå¹ãç¡å¹ãã®ç¹å®ã®ã¿): main->backup->status:1 main->ha->status: off l 次ã®ãããªèšå®ãªããžã§ã¯ãã®æ°ïŒ objects->interface->ethernet:2 objects->http->profile:5 l l éå» 7æ¥éã® CPUãã¡ã¢ãªããã³ã¹ã¯ããã®äœ¿çšç¶æ³ (%) ãŠã€ã«ã¹ããŒã¿:ã·ã¹ãã ã¯æ¬¡ã®ããŒã¿ããã¡ã€ã«ã«æžã蟌ã¿ã15åããã« Sophos ã®ãµãŒã ã«èªåã¢ããããŒãããŸãã l l Web ãããã¯ã·ã§ã³ã«ããæ€ç¥ããããŠã€ã«ã¹ã«é¢ããæ å ± (äŸ: è åšåãMIME ã¿ã€ ããèŠæ±ãã URLããã¡ã€ã«ãµã€ãºãªã©) IPS (äŸµå ¥é²åŸ¡ã®çµ±èš):æ°ããèŠåããããã1åããã« IPS ãã°ããã§ãã¯ãããŸããæ°ãã èŠåãããå Žåããã ã¡ã«æ¬¡ã®ããŒã¿ã Sophos ã«éä¿¡ãããŸãã l Snort ã«ãŒã« ID ãã¿ã€ã ã¹ã¿ã³ããªã©ãèŠåã«é¢ããæ å ±ã 4.3 ã©ã€ã»ã³ã¹ Sophos UTMã®ç¹å®ã®æ©èœã䜿çšã§ãããåŠãã¯ãã©ã€ã»ã³ã¹ãšãµãã¹ã¯ãªãã·ã§ã³ã«ãã£ãŠå®çŸ©ã ããŠããŸããã€ãŸããUTMãšãšãã«è³Œå ¥ããã©ã€ã»ã³ã¹ãšãµãã¹ã¯ãªãã·ã§ã³ã«å¿ããŠãäžéšã®æ©èœã¯ 䜿çšã§ããä»ã®æ©èœã¯äœ¿çšã§ããªããªããŸãã 4.3.1 ã©ã€ã»ã³ã¹ã®ååŸæ¹æ³ Sophos UTM ã«ã¯ããã¹ãŠã®æ©èœãæå¹ã«ãªã 30æ¥éã®ãã©ã€ã¢ã«ã©ã€ã»ã³ã¹ãä»å±ããŠããŸãã ãã®ã©ã€ã»ã³ã¹ã®æéæºäºåŸã«Sophos UTMãæäœãããå Žåã«ã¯ãæå¹ãªã©ã€ã»ã³ã¹ãã€ã³ã¹ã㌠ã«ããå¿ èŠããããŸãããã¹ãŠã®ã©ã€ã»ã³ã¹ (ç¡æã®ããŒã ãŠãŒã¶ã©ã€ã»ã³ã¹ãå«ã) ã¯MyAstaro ããŒã¿ã«ã§äœæãããŸãã UTMã©ã€ã»ã³ã¹ã®è³Œå ¥åŸã«ãã¢ã¯ãã£ããŒã·ã§ã³ããŒãã¡ãŒã«ã§éä¿¡ãããŸãããããã®ããŒãäœ¿çš ããŠãã©ã€ã»ã³ã¹ãäœæããããæ¢åã®ã©ã€ã»ã³ã¹ãã¢ããã°ã¬ãŒãããŠãã ãããã©ã€ã»ã³ã¹ãæå¹ ã«ããã«ã¯ãMyAstaro ããŒã¿ã«ã«ãã°ã€ã³ããã©ã€ã»ã³ã¹ç®¡çã®ããŒãžã«ã¢ã¯ã»ã¹ããŠãã ããã UTM 9 管çã¬ã€ã 59 4.3 ã©ã€ã»ã³ã¹ 4 ãããžã¡ã³ã ããŒãžäžéšã«ãããã©ãŒã ã®è©²åœãã£ãŒã«ãã«ãã¡ãŒã«ããã¢ã¯ãã£ããŒã·ã§ã³ããŒãã«ããïŒããŒã¹ ãããŸãã Figure 8 MyAstaro ããŒã¿ã« å¥ã®ãã©ãŒã ã衚瀺ãããŸããããã§ãã客æ§ãã©ã€ã»ã³ã¹ãè³Œå ¥ãã代çåºã«ã€ããŠã®æ å ±ãšã ã客æ§èªèº«ã®è©³çŽ°æ å ±ãå ¥åããŠãã ããããã®ãã©ãŒã ã«ã¯ããããéãã®æ å ±ããããããå ¥ åãããŠããŸãããŸãã該åœããå ŽåãSophosã¯UTMããŒããŠã§ã¢ã®ã·ãªã¢ã«çªå·ããã®ãã©ãŒã ããåéããŸãããã©ãŒã ã®éä¿¡åŸãã©ã€ã»ã³ã¹ãäœæãããã©ã€ã»ã³ã¹è©³çŽ°ããŒãžã衚瀺ãã㟠ããããã§ãã©ã€ã»ã³ã¹ãã¡ã€ã«ãããŠã³ããŒãããããšãã§ããŸãã ã©ã€ã»ã³ã¹ãå®éã«äœ¿çšããå Žåãã©ã€ã»ã³ã¹ãã¡ã€ã«ãããŒããã©ã€ãã«ããŠã³ããŒãããŠãã€ã³ã¹ ããŒã«ãããŠãã WebAdmin ã«ãã°ã€ã³ããå¿ èŠããããŸããWebAdminã§ãããããžã¡ã³ã > ã©ã€ã»ã³ ã¹ > ã€ã³ã¹ãã¬ãŒã·ã§ã³ãã¿ãã«ã¢ã¯ã»ã¹ããã¢ããããŒãæ©èœã䜿çšããŠããŒããã©ã€ãäžã®ã©ã€ã»ã³ ã¹ããã¹ããã¡ã€ã«ãæ€çŽ¢ããŸããã©ã€ã»ã³ã¹ãã¡ã€ã«ãã¢ããããŒããããšãWebAdmin ããããåŠç ããŠããã¹ãŠã®ãµãã¹ã¯ãªãã·ã§ã³ãšãã©ã€ã»ã³ã¹ã«èŠå®ããããã®ä»ã®èšå®ãæå¹ã«ããŸãã 泚 â ã¡ãŒã«ã§åä¿¡ããã¢ã¯ãã£ããŒã·ã§ã³ããŒã WebAdmin ã«ã€ã³ããŒãããããšã¯ã§ããŸãããã ã®ããŒã¯ãã©ã€ã»ã³ã¹ã®æå¹åã ãã«äœ¿çšãããŸããUTMã«ã€ã³ããŒãã§ããã®ã¯ã©ã€ã»ã³ã¹ãã¡ ã€ã«ã®ã¿ã§ãã 60 UTM 9 管çã¬ã€ã 4 ãããžã¡ã³ã 4.3 ã©ã€ã»ã³ã¹ 4.3.2 ã©ã€ã»ã³ã¹ã¢ãã« Sophosã®ã¢ãžã¥ãŒã«åŒã©ã€ã»ã³ã¹ã¢ãã«ã¯éåžžã«æè»ã§ãããŸããåºæ¬ã©ã€ã»ã³ã¹ã§ã¯ãåºæ¬æ© èœãç¡æã§æäŸããŠããŸã (äžã®è¡šãåç §)ã次ã«ã6çš®é¡ã®è¿œå ãµãã¹ã¯ãªãã·ã§ã³ããããŸãã l ãããã¯ãŒã¯ãããã¯ã·ã§ã³ l Web ãããã¯ã·ã§ã³ l Eã¡ãŒã«ãããã¯ã·ã§ã³ l ãšã³ããã€ã³ããããã¯ã·ã§ã³ l ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ l WebãµãŒããããã¯ã·ã§ã³ ãããã¯ãããŒãºã«åãããŠåå¥ã«è³Œå ¥ããããšãçµã¿åãããŠè³Œå ¥ããããšãã§ã㟠ããFullGuard ã©ã€ã»ã³ã¹ã«ã¯ãã¹ãŠã®ãµãã¹ã¯ãªãã·ã§ã³ãå«ãŸããŠããŸããããããã®ãµãã¹ã¯ ãªãã·ã§ã³ã䜿çšããŠã補åã®ç¹å®ã®æ©èœãå©çšã§ããŸããäžã®è¡šã¯ãã©ã®ãµãã¹ã¯ãªãã·ã§ã³ã§ã© ã®æ©èœã䜿çšã§ãããã瀺ããŠããŸãã æ©èœ åºæ¬ã©ã€ ã»ã³ã¹ ããã ã¯ãŒã¯ Web Eã¡ãŒã« ãšã³ãã ã¯ã€ã€ã¬ Web ãµãŒ ã€ã³ã ã¹ ã 管ç (ããã¯ã¢ããã éç¥ãSNMPãSYM ãªã©) ããŒã«ã«èªèšŒ (ãŠãŒ ã¶ãã°ã«ãŒã) åºæ¬ãããã¯ãŒãã³ ã° (ã¹ã¿ãã£ãã¯ã«ãŒ ãã£ã³ ã°ãDHCPãDNSãAuto QoSãNTP ãªã©) ãã¡ã€ã¢ãŠã©ãŒ ã«/NAT (DNATãSNAT ãªã©) PPTP & L2TP ãªã¢ãŒ ãã¢ã¯ã»ã¹ UTM 9 管çã¬ã€ã 61 4.3 ã©ã€ã»ã³ã¹ æ©èœ 4 ãããžã¡ã³ã åºæ¬ã©ã€ ã»ã³ã¹ ããã ã¯ãŒã¯ Web Eã¡ãŒã« ãšã³ãã ã¯ã€ã€ã¬ Web ãµãŒ ã€ã³ã ã¹ ã ããŒã«ã«ãã°ãæšæº ãšã°ãŒã¯ãã£ãã¬ã㌠ã äŸµå ¥é²åŸ¡ (ãã¿ãŒ ã³ãDoSããã©ããã ããŒãã¹ãã£ã³ãªã©) IPsec & SSL ãµã€ãé VPNãIPsec & SSL 㪠ã¢ãŒãã¢ã¯ã»ã¹ ã¢ããã³ã¹ãããã ã¯ãŒãã³ã° (ãªã³ã¯ã¢ ã°ãªã²ãŒã·ã§ã³ã㪠ã³ã¯ãã©ã³ã·ã³ã°ãã ãªã·ãŒã«ãŒãã£ã³ ã°ãOSPFããã«ã ãã£ã¹ããã«ã¹ã¿ã QoSããµãŒãããŒã ãã©ã³ã·ã³ã°ããžã§ã ãªãã¯ãããã·ãªã©) ( ) ( ) ãŠãŒã¶ããŒã¿ã« åé·å (HA) ãªã¢ãŒãèªèšŒ (ADãeDirãRADIUS ãªã©) ãªã¢ãŒããã°ã詳现㚠ã°ãŒã¯ãã£ãã¬ããŒã (ã¢ãŒã«ã€ããèšå®) åºæ¬ Web ãã£ã«ã¿ãª ã³ã° & FTP ãããã· Web & FTP ãã«ãŠã§ ã¢ãã£ã«ã¿ãªã³ã° ã¢ããªã±ãŒã·ã§ã³ã³ã³ ãããŒã« 62 UTM 9 管çã¬ã€ã 4 ãããžã¡ã³ã æ©èœ 4.3 ã©ã€ã»ã³ã¹ åºæ¬ã©ã€ ã»ã³ã¹ ããã ã¯ãŒã¯ Web Eã¡ãŒã« ãšã³ãã ã¯ã€ã€ã¬ Web ãµãŒ ã€ã³ã ã¹ ã åºæ¬ SMTP ããã ã·ãéé¢ã¬ããŒãã ã¡ãŒã«ãããŒãžã£ SMTP & POP3 ãã« ãŠã§ã¢ãã£ã«ã¿ãªã³ã° ãšã³ããã€ã³ããã ãã¯ã·ã§ã³ãã¢ã³ã㊠ã€ã«ã¹ ãšã³ããã€ã³ããã ãã¯ã·ã§ã³ãããã€ã¹ ã³ã³ãããŒã« ã¯ã€ã€ã¬ã¹ããã㯠ã·ã§ã³ Web ãµãŒãããã㯠ã·ã§ã³ ãŸããUTM ã¢ãã©ã€ã¢ã³ã¹ ã¢ãã« 100 ã§éžæå¯èœãªããŒã·ãã¯ã¬ãŒããµãã¹ã¯ãªãã·ã§ã³ããã㟠ããããã¯ãäžèšã®åºæ¬æ©èœãæäŸããŸã (詳现ã¯è£œåæ å ±ããŒãžãåç §ããŠãã ãã)ã UTMæ©åšã¯ Sophos UTM Manager (SUM) çµç±ã§äžæ¬ç®¡çããã³ã©ã€ã»ã³ã¹èš±å¯ã§ããŸãããã®å Ž åãSUM ã MSP (Managed Service Provider) ã©ã€ã»ã³ã¹ãUTMã«æäŸãããã€ã³ã¹ããŒã« ãã¿ãã¯ç¡å¹ åãããŸãããµãã¹ã¯ãªãã·ã§ã³ã¯ SUM ãµãŒãã¹ãããã€ããŒã«ãã£ãŠã®ã¿æå¹åã§ããŸãã ãµãã¹ã¯ãªãã·ã§ã³ãšãã®æ©èœã»ããã«ã€ããŠè©³ããã¯ãèªå®UTMããŒãããŒãŸãã¯Sophos UTM Web ããŒãžãŸã§ãåãåãããã ããã ãµãã¹ã¯ãªãã·ã§ã³ããªããšãWebAdmin ã®ã¿ããç¡å¹ã«ãªããŸããã¿ãã®äžã«ã¯ãã©ã€ã»ã³ã¹èŠå ã¡ãã»ãŒãžã衚瀺ãããŸãã UTM 9 管çã¬ã€ã 63 4.3 ã©ã€ã»ã³ã¹ 4 ãããžã¡ã³ã Figure 9 ã©ã€ã»ã³ã¹:ãµãã¹ã¯ãªãã·ã§ã³èŠåã¡ãã»ãŒãž Up2Date åãµãã¹ã¯ãªãã·ã§ã³ã¯ãèªåã¢ããããŒããå®å šã«ãµããŒãããŸããæ°ãããã¡ãŒã ãŠã§ã¢ã®ã¢ãã ããŒãããããšèªåçã«éç¥ãåä¿¡ããŸãããŸãããã¡ãŒã ãŠã§ã¢ãšãã¿ãŒã³æŽæ°ãèªåçã«ããŠã³ ããŒã (ããã³ã€ã³ã¹ããŒã«) ã§ããŸãã ãµãã¹ã¯ãªãã·ã§ã³ãªãã®åºæ¬ã©ã€ã»ã³ã¹ã§ã¯ãèªåæŽæ°ã«å¶éããããŸãããªã³ã©ã€ã³ãã«ãã®æŽ æ°ãªã©ã®ãã¿ãŒã³æŽæ°ã«éããèªåçã«ããŠã³ããŒããããã€ã³ã¹ããŒã«ãããŸããã䜿çšå¯èœãª ãã¡ãŒã ãŠã§ã¢æŽæ°ã«ã€ããŠã¯éç¥ãããããã¡ãŒã ãŠã§ã¢æŽæ°ã¯æåã§ããŠã³ããŒãããå¿ èŠã ãããŸããæ°ãããã¡ãŒã ãŠã§ã¢ã®éç¥ã¯Sophos UTM Up2Date ããã°ã«è¡šç€ºãããŸãã ãµããŒããšã¡ã³ããã³ã¹ åºæ¬ã©ã€ã»ã³ã¹ã«ã¯ Web ãµããŒããå«ãŸããŸããSophos UTM ãµããŒããã©ãŒã©ã ããã³Sophos ãµ ããŒãããŒã¿ããŒã¹ã䜿çšã§ããŸãã ããããã®ãµãã¹ã¯ãªãã·ã§ã³ãè³Œå ¥ãããšãããã«æšæºãµããŒãã«èªåçã«ã¢ããã°ã¬ãŒããã㟠ããããã«ãããããã« MyAstaro ããŒã¿ã« ã§ãµããŒããåããããèªå®æžã¿ã®UTMããŒãããŒã«å ãåãããããããšãã§ããŸãã UTMãšã³ãžãã¢ãæ åœè ãšã㊠24æé幎äžç¡äŒã®ãµããŒããæäŸãããã¬ãã¢ã ãµããŒããµã ã¹ã¯ãªãã·ã§ã³ãè³Œå ¥ããããšãã§ããŸãã 4.3.3 æŠèŠ ãã©ã€ã»ã³ã¹ > æŠèŠ ãã¿ãã«ã¯ãã©ã€ã»ã³ã¹ã«é¢ãã詳现æ å ±ã衚瀺ããã次ã®ããã«è€æ°ã®ãšãªã¢ ã«åå²ãããŠããŸãã 64 UTM 9 管çã¬ã€ã 4 ãããžã¡ã³ã 4.3 ã©ã€ã»ã³ã¹ l åºæ¬ã©ã€ã»ã³ã¹:ææè ãIDãç»é²æ¥ãªã©ã®åºæ¬çãªã©ã€ã»ã³ã¹ãã©ã¡ãŒã¿ã衚瀺ãããŸãã l ããŒã·ãã¯ã¬ãŒãããããã¯ãŒã¯ãããã¯ã·ã§ã³ãEã¡ãŒã«ãããã¯ã·ã§ã³ãWeb ãããã¯ã·ã§ ã³ãWebãµãŒããããã¯ã·ã§ã³ãã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ããšã³ããã€ã³ããããã¯ã·ã§ã³:ãµã ã¹ã¯ãªãã·ã§ã³ã«é¢ããæ å ± (è³Œå ¥ãããã®ãåŠããæå¹åãããŠããããæå¹æéãããã³ æäŸããæ©èœã®ç°¡åãªèª¬æãªã©) ã衚瀺ãããŸãã 泚 âMSP ã©ã€ã»ã³ã¹ã䜿çšããŠããå Žåã¯ãã©ã€ã»ã³ã¹ã¯ Sophos UTM Manager (SUM) 㧠管çãããŠãããããæå¹æéã¯è¡šç€ºãããŸãããåŸæ¥ã®ããŒããã³ãµãã¹ã¯ãªãã·ã§ã³ 㯠SUM MSP ã·ã¹ãã ã«çœ®ãæããããŸããSUM ã®ç®¡çã«ã€ããŠã®è©³çŽ°ã¯ããéäžç®¡ç > Sophos UTM Managerããåç §ããŠãã ããã l ãµããŒããµãŒãã¹:ãµããŒãã¬ãã«ãšæå¹æéã衚瀺ãããŸãã 4.3.4 ã€ã³ã¹ããŒã« ããããžã¡ã³ã > ã©ã€ã»ã³ã¹ > ã€ã³ã¹ããŒã« ãã¿ãã§ã¯ãæ°ããã©ã€ã»ã³ã¹ã®ã¢ããããŒãããã³ã€ã³ã¹ ããŒã«ãå®è¡ã§ããŸãã 泚 âMSP ã©ã€ã»ã³ã¹ã䜿çšããŠããå Žåã¯ãã©ã€ã»ã³ã¹ã¯ Sophos UTM Manager (SUM) ã§ç®¡çã ããŠãããããã¿ãã¯ç¡å¹åãããŠããŸããæ°ããã©ã€ã»ã³ã¹ã¯ SUM ãµãŒãã¹ãããã€ããŒã« ãã£ãŠã€ã³ã¹ããŒã«å¯èœã§ããSUM ã®ç®¡çã«ã€ããŠã®è©³çŽ°ã¯ããéäžç®¡çã>ãSophos UTM Managerããåç §ããŠãã ããã ã©ã€ã»ã³ã¹ãã€ã³ã¹ããŒã«ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ããã¡ã€ã«ã®ã¢ããããŒã ããã€ã¢ãã°ããã¯ã¹ãéããŸãã ãã©ã€ã»ã³ã¹ãã¡ã€ã« ãããã¯ã¹ã®æšªã«ãããã©ã«ãã¢ã€ã³ã³ãã¯ãªãã¯ããŸãã ããã¡ã€ã«ã®ã¢ããããŒã ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. ã©ã€ã»ã³ã¹ãã¡ã€ã«ãéžæããŸãã ã©ã€ã»ã³ã¹ãã¡ã€ã«ãä¿åãããŠãããã£ã¬ã¯ããªãåç §ããŸãã ã¢ããããŒãããã©ã€ã»ã³ã¹ãã¡ã€ã«ãéžæããŸãã 3. ãã¢ããããŒãéå§ ããã¯ãªãã¯ããŸãã ã©ã€ã»ã³ã¹ãã¡ã€ã«ãã¢ããããŒããããŸãã 4. ãé©çš ããã¯ãªãã¯ããŸãã ã©ã€ã»ã³ã¹ãã€ã³ã¹ããŒã«ãããŸããæ°ããã©ã€ã»ã³ã¹ã¯ããã§ã«ã€ã³ã¹ããŒã«ãããŠããä» ã®ã©ã€ã»ã³ã¹ãèªåçã«çœ®ãæããŸãã UTM 9 管çã¬ã€ã 65 4.4 Up2Date 4 ãããžã¡ã³ã ã©ã€ã»ã³ã¹ã®ã€ã³ã¹ããŒã«ã«ã¯çŽ 60ç§ããããŸãã 4.3.5 ã¢ã¯ãã£ã㪠IP ã¢ãã¬ã¹ ãŠãŒã¶ (IP ã¢ãã¬ã¹) ãç¡å¶éã«èš±å¯ãããã©ã€ã»ã³ã¹ããæã¡ã§ãªãå Žåã¯ãã客æ§ã®ã©ã€ã»ã³ ã¹ã§ã«ããŒããã IP ã¢ãã¬ã¹ã«é¢ããæ å ±ããã®ã¿ãã«è¡šç€ºãããŸããã客æ§ã®ã©ã€ã»ã³ã¹ã®ç¯ å²å€ãšãªã IP ã¢ãã¬ã¹ã¯ãå¥ã®ãªã¹ãã«èšèŒãããŠããŸããå¶éãè¶ ãããšãå®æçã«ã¡ãŒã«éç¥ ãéä¿¡ãããŸãã 泚 â 7æ¥éã«ããã£ãŠäœ¿çšãããªãã£ã IP ã¢ãã¬ã¹ã¯ãã©ã€ã»ã³ã¹ã«ãŠã³ã¿ããèªåçã«åé€ã ããŸãã 4.4 Up2Date ããããžã¡ã³ã > Up2Dateãã¡ãã¥ãŒã䜿çšããŠãSophos UTMã®æŽæ°ãµãŒãã¹ãèšå®ã§ããŸããå®æ çã«æŽæ°ããã±ãŒãžãã€ã³ã¹ããŒã«ããããšã§ãUTMããã°ãã£ãã¯ã¹ã補åæ¹åæ©èœããŠã€ã«ã¹ã ã¿ãŒã³ãªã©ãææ°ã«ä¿ãããŸããåæŽæ°ããã±ãŒãžã¯ãã«ãã£ãŠSophosããžã¿ã«çœ²åãããŠã㟠ãã眲åããªããã®ãåœé ãããæŽæ°ã¯æåŠãããŸãã 2çš®é¡ã®æŽæ°ãå©çšã§ããŸãã l ãã¡ãŒã ãŠã§ã¢ã®æŽæ°:ãã¡ãŒã ãŠã§ã¢ã®æŽæ°ã«ã¯ãSophos UTMãœãããŠã§ã¢ã®ãã°ãã£ãã¯ã¹ ããã³æ¡åŒµæ©èœãå«ãŸããŠããŸãã l ãã¿ãŒã³ã®æŽæ°:ãã¿ãŒã³ã®æŽæ°ã«ãã£ãŠãã¢ã³ããŠã€ã«ã¹ãã¢ã³ãã¹ãã ãIPSã®ã«ãŒã«ãã ãã³ãªã³ã©ã€ã³ãã«ããææ°ç¶æ ã«ä¿ãããŸãã Up2Date ããã±ãŒãžãããŠã³ããŒãããããã«ãUTMã¯æŽæ°ãµãŒãã«å¯Ÿãã TCP æ¥ç¶ãããŒã 443 ã§éããŸãããã®ããããã®æ¥ç¶ã¯ç®¡çè ã®èª¿æŽãªãã§äœ¿çšã§ããŸãããã ããéäžã«å¥ã®ãã¡ã€ ã¢ãŠã©ãŒã«ãããå Žåã¯ãããŒã 443 TCP ãä»ããæŽæ°ãµãŒããžã®éä¿¡ãæ瀺çã«èš±å¯ããå¿ èŠããããŸãã 4.4.1 æŠèŠ ããããžã¡ã³ã > Up2Date > æŠèŠ ãã¿ãã«ã¯ãã䜿ãã®ã·ã¹ãã ãææ°ã®ãã®ã§ãããã©ããã瀺ã æŠèŠã衚瀺ãããŸããããã§ãæ°ãããã¡ãŒã ãŠã§ã¢ããã¿ãŒã³ã®æŽæ°ããã±ãŒãžãã€ã³ã¹ããŒã«ã§ ããŸãã 66 UTM 9 管çã¬ã€ã 4 ãããžã¡ã³ã 4.4 Up2Date U p 2D ate é²è¡ç¶æ³ ãã®ã»ã¯ã·ã§ã³ã¯ã€ã³ã¹ããŒã«ããã»ã¹ãéå§ããå Žåã®ã¿è¡šç€ºãããŸãããUp2Date ã®é²è¡ç¶æ³ ãæ°ãããŠã£ã³ããŠã§ç¢ºèªããããã¿ã³ãã¯ãªãã¯ããŠãæŽæ°ã®é²è¡ç¶æ³ãã¢ãã¿ããŠãã ããããã©ãŠ ã¶ã§ãããã¢ãããŠã€ã³ããŠã®è¡šç€ºãçŠæ¢ããŠããªãéããæŽæ°ã®é²è¡ç¶æ³ã瀺ãæ°ãããŠã€ã³ã ãŠã衚瀺ãããŸãã衚瀺ãããªãå Žåã¯ããããã¢ãããŠã€ã³ããŠãæ瀺çã«èš±å¯ããå¿ èŠããã ãŸãã 泚 â ã€ã³ã¹ããŒã«ããã»ã¹ãéå§ããåã«ãæšæºããã¯ã¢ããã¡ãŒã«åä¿¡è ã«ããã¯ã¢ãããé ä¿¡ãããŸãã Figure 10 Up2Date:é²æãŠã£ã³ã㊠ãã¡ãŒã ㊠ã§ã¢ ããã¡ãŒã ãŠã§ã¢ ãã»ã¯ã·ã§ã³ã«ã¯ãçŸåšã€ã³ã¹ããŒã«ãããŠãããã¡ãŒã ãŠã§ã¢ã®ããŒãžã§ã³ã衚瀺ã ããŸããæŽæ°ããã±ãŒãžãå©çšã§ããå Žåã¯ããããã«ææ°ããŒãžã§ã³ã«æŽæ° ããã¿ã³ã衚瀺ãã ãŸãããŸãããå©çšå¯èœãªãã¡ãŒã ãŠã§ã¢ã®æŠèŠ ãã»ã¯ã·ã§ã³ã«ã¡ãã»ãŒãžã衚瀺ãããŸããããã§æ æ°ã®æŽæ°ããã±ãŒãžãçŽæ¥ããŠã³ããŒãããŠã€ã³ã¹ããŒã«ã§ããŸãããããã«ææ°ããŒãžã§ã³ã«æŽ æ° ããã¯ãªãã¯ãããšãæ°ãããŠã€ã³ããŠã«æŽæ°ã®é²è¡ç¶æ³ã衚瀺ãããŸããããã«ã¯ãWebadmin ã® ããªããŒã ããã¿ã³ãã¯ãªãã¯ããŸãã UTM 9 管çã¬ã€ã 67 4.4 Up2Date 4 ãããžã¡ã³ã å©çšå¯èœãªãã¡ãŒã ㊠ã§ã¢ã®æŠèŠ ãèšå® ãã¿ãã§ãæå ããéžæãããšããã®ã»ã¯ã·ã§ã³ã«ãããã« Up2Date ããã±ãŒãžãç¢ºèª ããã¿ã³ã 衚瀺ãããŸãããã®ãã¿ã³ã䜿çšããŠããã¡ãŒã ãŠã§ã¢ã® Up2Date ããã±ãŒãžãæåã§ããŠã³ããŒã ã§ããŸããUp2Date ãè€æ°å©çšã§ããå Žåã¯ãã©ããã€ã³ã¹ããŒã«ããããéžæã§ããŸããææ°ã® ããŒãžã§ã³ãçŽæ¥ã€ã³ã¹ããŒã«ããå Žåã¯ãããã¡ãŒã ãŠã§ã¢ ãã»ã¯ã·ã§ã³ã§ãããã«ææ°ããŒãžã§ã³ã« æŽæ° ããã¿ã³ã䜿çšã§ããŸãã å Up2Date ã«ã¯ãã¹ã±ãžã¥ãŒã« ããã¿ã³ããããæŽæ°ããã±ãŒãžãèªåçã«ã€ã³ã¹ããŒã«ããæ¥æã æå®ã§ããŸããã¹ã±ãžã¥ãŒã«ããã€ã³ã¹ããŒã«ãåãæ¶ãå Žåã¯ãããã£ã³ã»ã« ããã¯ãªãã¯ããŸãã ãæé»çãã€ã³ã¹ããŒã«ã«é¢ãã泚èš:ã¹ã±ãžã¥ãŒã«ãã Up2Date ããã±ãŒãžããå€ã Up2Date ãã ã±ãŒãžãæåã«ã€ã³ã¹ããŒã«ããããšãå¿ èŠãšããå ŽåããããŸãããã®å Žåããã®å€ã Up2Date ããã±ãŒãžã¯ãå®éã® Up2Date ããã±ãŒãžã®åã«ã€ã³ã¹ããŒã«ããããèªåçã«ã¹ã±ãžã¥ãŒã«ãã ãŸãããã®ããã±ãŒãžã«ç¹å®ã®ã¿ã€ãã³ã°ãæå®ããããšãã§ããŸããããã®ã€ã³ã¹ããŒã«ãæ¢ããã ãšã¯ã§ããŸããã ãã¿ãŒã³ ããã¿ãŒã³ãã»ã¯ã·ã§ã³ã«ã¯ãã€ã³ã¹ããŒã«ãããã¿ãŒã³ã®çŸåšã®ããŒãžã§ã³ã衚瀺ãããŸãããèšå® ã ã¿ãã§ãæå ããéžæãããšããããã«ãã¿ãŒã³ãæŽæ° ããã¿ã³ã衚瀺ãããŸãããã®ãã¿ã³ã䜿çšã ãŠã䜿çšå¯èœãªæ°ãããã¿ãŒã³ãããŠã³ããŒãããŠã€ã³ã¹ããŒã«ããŸãã 泚 âUTMãæ£åžžã«åäœãããããã«ãçŸåšã®ãã¿ãŒã³ããŒãžã§ã³ãšå©çšå¯èœãªææ°ã®ãã¿ãŒã³ ããŒãžã§ã³ãäžèŽããŠããå¿ èŠã¯ãããŸãããã䜿ãã®ãŠãããã«æ°ãããã¿ãŒã³ãé©çšã§ããªã å Žåã¯ãçŸåšã®ãã¿ãŒã³ããŒãžã§ã³ãšå©çšã§ããææ°ãã¿ãŒã³ããŒãžã§ã³ãç°ãªã£ãŠããŸããã©ã® ãã¿ãŒã³ãããŠã³ããŒããããã¯ãã客æ§ã®èšå®ãšããŒããŠã§ã¢ã®æ§æã«ãããŸããããšã ã°ãSophos UTMã®IPSæ©èœã䜿çšããªãå Žåã¯ãæ°ããå©çšå¯èœã«ãªã£ã IPS ãã¿ãŒã³ã¯ã€ã³ã¹ ããŒã«ãããŸããããã®ããã«ããŠãçŸåšã€ã³ã¹ããŒã«ãããŠãããã¿ãŒã³ããŒãžã§ã³ãšå©çšã§ãã ææ°ã®ãã¿ãŒã³ããŒãžã§ã³ã®éãã倧ãããªã£ãŠãããŸãã 4.4.2 èšå® ããã©ã«ãã§ã¯ãæ°ããæŽæ°ããã±ãŒãžã¯èªåçã«UTMã«ããŠã³ããŒããããŸãã ãã¡ãŒã ㊠ã§ã¢ã®ã㊠㳠ã ãŒãéé ãã®ãªãã·ã§ã³ã¯ãããã©ã«ã㧠15åã«èšå®ãããŠããŸããã€ãŸããSophos UTMã¯ã15åæ¯ã«å©çš ã§ãããã¡ãŒã ãŠã§ã¢ã®æŽæ°ã確èªããŸããSophos UTMã¯ãå©çšã§ãããã¡ãŒã ãŠã§ã¢æŽæ°ãã ã±ãŒãžãèªåçã«ããŠã³ããŒãããŸã (ã€ã³ã¹ããŒã«ã¯è¡ããŸãã)ããããè¡ãããå®éã®æé 68 UTM 9 管çã¬ã€ã 4 ãããžã¡ã³ã 4.4 Up2Date ã¯ãéžæãããééã®å¶éå ã§ã©ã³ãã ã«æ±ºå®ãããŸããæé·ã§ããã³ã¹ãªãŒãã®ééãæå®ã§ã ãŸãããŸãã¯ãããããããŠã³ãªã¹ããããæå ããéžæããããšã§ããã¡ãŒã ãŠã§ã¢ã®èªåããŠã³ã㌠ããç¡å¹ã«ã§ããŸãããæå ããéžæããå Žåã¯ããããã« Up2Date ããã±ãŒãžãç¢ºèª ããã¿ã³ããæŠ èŠ ãã¿ãã«è¡šç€ºãããŸãã ãã¿ãŒã³ ã®ã㊠㳠ã ãŒã/ ã€ã³ ã¹ã ãŒã«éé ãã®ãªãã·ã§ã³ã¯ãããã©ã«ãã§15åã«èšå®ãããŠããŸããã€ãŸããSophos UTMã¯ã15åæ¯ã«å©çšã§ ãããã¿ãŒã³ã®æŽæ°ã確èªããŸããSophos UTMã¯ãå©çšã§ãããã¿ãŒã³æŽæ°ããã±ãŒãžãèªåçã« ããŠã³ããŒãããŠã€ã³ã¹ããŒã«ããŸãããããè¡ãããå®éã®æéã¯ãéžæãããééã®å¶éå 㧠ã©ã³ãã ã«æ±ºå®ãããŸããæé·ã§ããã³ã¹ãªãŒãã®ééãæå®ã§ããŸãããŸãã¯ãããããããŠã³ãªã¹ ããããæå ããéžæããããšã§ããã¿ãŒã³ã®èªåããŠã³ããŒããšã€ã³ã¹ããŒã«ãç¡å¹ã«ã§ããŸãããæ å ããéžæããå Žåã¯ããããã«ãã¿ãŒã³ãæŽæ° ããã¿ã³ããæŠèŠ ãã¿ãã«è¡šç€ºãããŸãã 4.4.3 詳现 ããããžã¡ã³ã > Up2Date > 詳现 ãã¿ãã§ã詳现㪠Up2Date ãªãã·ã§ã³ãèšå®ã§ããŸããããšã ã°ãUTMçšã«èŠªãããã·ãŸã㯠Up2Date ãã£ãã·ã¥ãéžæããããšãªã©ãã§ããŸãã 泚 â æŽæ°ããã±ãŒãžã¯Sophos UTM FTP ãµãŒãããããŠã³ããŒãã§ããŸãã æå Up2Date ããã±ãŒãžã¢ããããŒã:UTMãæ°èŠæŽæ°ããã±ãŒãžãçŽæ¥ããŠã³ããŒãããããã« ã€ã³ã¿ãŒããããŸã㯠Up2Date ãã£ãã·ã¥ã«çŽæ¥ã¢ã¯ã»ã¹ã§ããªãå Žåã¯ãæŽæ°ããã±ãŒãžãæå ã§ã¢ããããŒãã§ããŸããæåã§ã¢ããããŒãããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ããã¡ã€ã«ã®ã¢ããããŒã ããã€ã¢ãã°ããã¯ã¹ãéããŸãã ãUp2Date ãã¡ã€ã« ãããã¯ã¹ã®æšªã«ãããã©ã«ãã¢ã€ã³ã³ãã¯ãªãã¯ããŸãã ããã¡ã€ã«ã®ã¢ããããŒã ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. æŽæ°ããã±ãŒãžãéžæããŸãã ããã¡ã€ã«ã®ã¢ããããŒã ããã€ã¢ãã°ããã¯ã¹ã®ãåç § ããã¯ãªãã¯ããŠãã¢ããããŒãããæŽæ° ããã±ãŒãžãéžæããŸãã 3. ãã¢ããããŒãéå§ ããã¯ãªãã¯ããŸãã æŽæ°ããã±ãŒãžãUTMã«ã¢ããããŒããããŸãã 4. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã UTM 9 管çã¬ã€ã 69 4.5 ããã¯ã¢ãã/ãªã¹ã㢠4 ãããžã¡ã³ã 芪ãã ã㷠芪ãããã·ã¯ãå€ãã®å Žåãæ¿åºæ¿èªã®ãããã·ãµãŒããéããŠã€ã³ã¿ãŒãããã¢ã¯ã»ã¹ãã«ãŒã㣠ã³ã°ããå¿ èŠã®ããåœãªã©ã§å¿ èŠãšãããŸãã芪ãããã·ã®äœ¿çšãã»ãã¥ãªãã£ããªã·ãŒã§æ±ãã ããŠããå Žåãããã§ãã¹ãå®çŸ©ãšããŒããéžæããŠèŠªãããã·ãèšå®ã§ããŸãã 芪ãããã·ã䜿çš:芪ãããã·ã®äœ¿çšãæå¹ã«ããã«ã¯ããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŸããã ããã·ã®ãã¹ãåãšããŒããå ¥åããŸãã ãããã·èªèšŒãå¿ èŠ:芪ãããã·ã§èªèšŒãå¿ èŠãªå Žåãããã§ãŠãŒã¶åãšãã¹ã¯ãŒããå ¥åã㟠ãã 芪ãããã·ãèšå®ãããŠããå Žåã¯ãSophos UTMã¯ãã¡ãŒã ãŠã§ã¢ãšãã¿ãŒã³ã® Up2Date ã®äž¡æ¹ ã芪ãããã·ãããã§ããããŸãã 4.5 ããã¯ã¢ãã/ãªã¹ã㢠ããã¯ã¢ãã/ãªã¹ãã¢æ©èœã䜿çšãããšãUTMã®èšå®ãããŒã«ã«ãã£ã¹ã¯äžã®ãã¡ã€ã«ã«ä¿åããã ãšãã§ããŸãããã®ããã¯ã¢ãããã¡ã€ã«ã䜿çšãããšãæ°ããã·ã¹ãã ãèšå®ã誀ã£ãŠããã·ã¹ã ã ã«ãé©åã§ãããšããã£ãŠããèšå®ãã€ã³ã¹ããŒã«ããããšãã§ããŸãã ã·ã¹ãã ã«å€æŽãå ãããã³ã«å¿ããã«ããã¯ã¢ããããšã£ãŠãã ãããããã«ãããåžžã«ææ°ã®èš å®ã䜿çšã§ããããã«ãªããŸããããã«ãããã¯ã¢ããã¯å®å šãªå Žæã«ä¿åããŠãã ããããã®çç± ã¯ã蚌ææžãæå·åéµãšãã£ãã»ãã¥ãªãã£é¢é£ã®ããŒã¿ãå«ãŸããŠããããã§ããããã¯ã¢ãã ã®çæåŸãèªã¿åãå¯èœã§ããããšãå¿ ããã§ãã¯ããŠãã ãããå€éšããã°ã©ã ã䜿çšããŠMD5 ãã§ãã¯ãµã ãçæãããšè¯ãã§ããããããã«ãããããã¯ã¢ããã®å®å šæ§ãåŸã§ãã§ãã¯ããããš ãã§ããŸãã 4.5.1 ããã¯ã¢ãã/ãªã¹ã㢠ããããžã¡ã³ã > ããã¯ã¢ãã/ãªã¹ã㢠> ããã¯ã¢ãã/ãªã¹ã㢠ãã¿ãã§ã¯ãããã¯ã¢ããã®äœæãã€ã³ ããŒãã«å ããæ¢åã®ããã¯ã¢ããã®ãªã¹ãã¢ãããŠã³ããŒããéä¿¡ãåé€ãã§ããŸãã 䜿çšå¯èœãªããã¯ã¢ãã ãã®ã»ã¯ã·ã§ã³ã¯ãèªåããã¯ã¢ããæ©èœãæåã«ãã以åã« 1ã€ä»¥äžã®ããã¯ã¢ãããäœæãã ãŠããå Žåã«ã®ã¿è¡šç€ºãããŸã (ãããã¯ã¢ããã®äœæ ãã®ã»ã¯ã·ã§ã³ãåç §ããŠãã ãã)ã ãã¹ãŠã®ããã¯ã¢ããããäœææ¥æãUTMããŒãžã§ã³çªå·ãäœæãŠãŒã¶ãã³ã¡ã³ããšå ±ã«ãªã¹ããã㟠ãã 70 UTM 9 管çã¬ã€ã 4 ãããžã¡ã³ã 4.5 ããã¯ã¢ãã/ãªã¹ã㢠ããã¯ã¢ããã«å¯ŸããŠãããŠã³ããŒãããªã¹ãã¢ãåé€ãéä¿¡ãå®è¡ã§ããŸãã l ããŠã³ããŒã:éãããã€ã¢ãã°ãŠã£ã³ããŠã§ãæå·åããããã¡ã€ã« (ãã¹ã¯ãŒããæå®) ãŸã ã¯æå·åãããŠããªããã¡ã€ã«ã®ããŠã³ããŒããéžæã§ããŸãããããã¯ã¢ããã®ããŠã³ã㌠ã ããã¯ãªãã¯ããŸããããŠã³ããŒãããããã¯ã¢ãããä¿åãããã¡ã€ã«ã·ã¹ãã å ã®å Žæã éžæããããæ±ããããŸãã o ããŠã³ããŒãåã«æå·å:ããã¯ã¢ããã®ããŠã³ããŒããŸãã¯éä¿¡ã®åã«ãããã¯ã¢ã ããæå·åããããšãã§ããŸããCBC ã¢ãŒãã§ã®æå·åã¯ãBlowfish æå·ã«ãã£ãŠè¡ ãããŸãããã¹ã¯ãŒããå ¥åããŸã (確èªã®ããã« 2åå ¥åããŸã)ãããã¯ã¢ããã®ã€ ã³ããŒãæã«ããã®ãã¹ã¯ãŒããæ±ããããŸããæå·åãããããã¯ã¢ããã®ãã¡ã€ã« æ¡åŒµå㯠ebfãæå·åãããŠããªãããã¯ã¢ããã®ãã¡ã€ã«æ¡åŒµå㯠abf ã§ãã 泚 â ããã¯ã¢ããã«ã¯ã管çè ãã¹ã¯ãŒããHA ãã¹ãã¬ãŒãº (èšå®ããŠããå Žå)ã ãã¹ãŠã® RSA éµããã³ X.509 蚌ææžãå«ãŸããŸããããã¯æ©å¯æ å ±ãªã®ã§ãæå· åãæå¹ã«ããã®ãè³¢æã§ãã l ãªã¹ãã¢:çŸåšã®ã·ã¹ãã èšå®ãããã¯ã¢ããã«ä¿åãããŠããèšå®ã«å€æŽããŸãããªã¹ã㢠åŸã«å床ãã°ã€ã³ããå¿ èŠããããŸããéžæããããã¯ã¢ããã«ãã¹ãŠã®ããŒã¿ãå«ãŸã㊠ããå Žåãããã«ãã°ã€ã³ã§ããŸããéžæããããã¯ã¢ããã«ãã¹ãŠã®ããŒã¿ãå«ãŸããŠã㪠ãå Žå (ãããã¯ã¢ããã®äœæ ãã®ã»ã¯ã·ã§ã³ãåç §)ããã°ã€ã³éçšã§å¿ èŠãªããŒã¿ãå ¥åã ãå¿ èŠããããŸããéžæããããã¯ã¢ããã§ãã¹ãããŒã¿ã®ã¿ãåé€ãããŠããå Žåã¯ãå¿ èŠã«å¿ããŠç®¡çè ã®ã¡ãŒã«ã¢ãã¬ã¹ãè¿œå ããããšãã§ããŸãããã®æ å ±ã¯åä¿¡è ãæå® ãããŠããªãå Žåã«äœ¿çšãããããè€æ°åä¿¡è ãæå®ã§ããå Žåã«è¿œå ã¢ãã¬ã¹ãšããŠäœ¿ çšãããŸãã o USB ãã©ãã·ã¥ãã©ã€ãããã®ããã¯ã¢ããã®ãªã¹ãã¢:USB ã¹ãã£ãã¯ãªã©ã® FAT ãã©ãŒãããããã USB ãã©ãã·ã¥ãã©ã€ããããæå·åãããŠããªãããã¯ã¢ãããã¡ ã€ã« (ãã¡ã€ã«æ¡åŒµå abf) ããªã¹ãã¢ããããšãã§ããŸããUSB ãã©ãã·ã¥ãã©ã€ããã ããã¯ã¢ããããªã¹ãã¢ããã«ã¯ãããã¯ã¢ãããã¡ã€ã«ã USB ãã©ãã·ã¥ãã©ã€ãã«ã³ ããŒããŠãããŒã (èµ·å) åã«ããã€ã¹ãSophos UTMã«ãã©ã°ã€ã³ããŸããããã€ã¹ã«è€ æ°ã®ããã¯ã¢ãããã¡ã€ã«ãä¿åãããŠããå ŽåãèŸæžçã«æåã®ãã¡ã€ã«ã䜿çšã ããŸã (æ°åã¯æåããåªå ããŸã)ãããšãã°ãããã¯ã¢ãããã¡ã€ã«ã§ãã gateway_backup_2012-04-17.abf ããã³ 2011-03-20_gateway_ backup.abf ã®äž¡ãã¡ã€ã«ã USB ãã©ãã·ã¥ãã©ã€ãã«ä¿åãããŠãããšããŸããã㌠ãæã«äœ¿çšãããã®ã¯ 2ã€ç®ã®ãã¡ã€ã«ã§ãããã®ãã¡ã€ã«ã¯ããäžæ¹ããæ¥æãå€ ãã®ã§ããããã¡ã€ã«åã®å é ãæ°åã§ããããã§ãã UTM 9 管çã¬ã€ã 71 4.5 ããã¯ã¢ãã/ãªã¹ã㢠4 ãããžã¡ã³ã ããã«ãããã¯ã¢ããã®ãªã«ããªãæåãããšããã¯ãã¡ã€ã«ãäœæãããUSB ãã©ã ã·ã¥ãã©ã€ããæ¥ç¶ãããŠããéã«åãããã¯ã¢ãããäœåºŠãç¹°ãè¿ãã€ã³ã¹ããŒã«ã ããããšãé²ããŸããåã®ããã¯ã¢ãããåã³ã€ã³ã¹ããŒã«ãããå Žåã«ã¯ãUSB ã ã©ãã·ã¥ãã©ã€ããæ¥ç¶ããŠããªãç¶æ ã§åèµ·åããå¿ èŠããããŸããããã«ãããã ã¹ãŠã®ããã¯ãã¡ã€ã«ãåé€ãããŸããåã³ USB ãã©ãã·ã¥ãã©ã€ããæ¥ç¶ããŠãã ããŒããããšãåãããã¯ã¢ãããã€ã³ã¹ããŒã«ããããšãã§ããŸãã l åé€:ãªã¹ãããããã¯ã¢ãããåé€ããŸãããªã¹ãã®äžéšã®åé€ã¢ã€ã³ã³ã䜿çšããŠãéžæã ãããã¯ã¢ããããã¹ãŠåé€ã§ããŸããããã¯ã¢ãããéžæããã«ã¯ãããã¯ã¢ããã®å·Šæšªã® ãã§ãã¯ããã¯ã¹ãã¯ãªãã¯ãããããªã¹ãäžéšã®ãã§ãã¯ããã¯ã¹ã䜿çšããŠãã¹ãŠã®ãã㯠ã¢ãããéžæãããããŸãã l éä¿¡:éãããã€ã¢ãã°ãŠã£ã³ããŠã§ãæå·åããããã¡ã€ã« (ãã¹ã¯ãŒããæå®) ãŸãã¯æå· åãããŠããªããã¡ã€ã«ã®éä¿¡ãéžæã§ããŸãããçŽã¡ã«éä¿¡ ããã¯ãªãã¯ããŠããã¯ã¢ããã éä¿¡ããŸããåä¿¡è ã¯æšæºåä¿¡è ãšãªããŸããã€ãŸãããèªåããã¯ã¢ãããã¿ãã«æå®ãã㢠ãã¬ã¹ã«ãããã¯ã¢ãããéä¿¡ãããŸãã o éä¿¡åã«æå·å:äžèšã® ããŠã³ããŒãåã«æå·å ãåç §ããŠãã ããã ããã¯ã¢ããã®äœæ ããã¯ã¢ããã¯ã(äºæããªã) å€æŽãŸãã¯æ éã®åŸã§ã·ã¹ãã ããªã¹ãã¢ããããã«äŸ¿å©ãªã ã㧠ã¯ãããŸãããé¡äŒŒã®èšå®ã«ããã·ã¹ãã ãã»ããã¢ããããéã®ãã³ãã¬ãŒããšããŠäœ¿çšããããã ã®ã·ã¹ãã ããããããããçšåºŠèšå®ããŠããããšã§ãæéãå€§å¹ ã«ç¯çŽã§ããŸãããã®ããã«ã¯ã ããã¯ã¢ãããäœæããåã«ããã¹ãåã蚌ææžãªã©ç¹å®ã®æ å ±ãåé€ããŠããããšãã§ããŸãã çŸåšã®ã·ã¹ãã ç¶æ ã®ããã¯ã¢ãããäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãããã¯ã¢ããã®äœæ ãã»ã¯ã·ã§ã³ã«ãã³ã¡ã³ããå ¥åããŸã (ãªãã·ã§ã³)ã ã³ã¡ã³ãã¯ãããã¯ã¢ãããªã¹ãã§ããã¯ã¢ãããšãšãã«è¡šç€ºãããŸãã 2. 次ã®èšå®ãè¡ããŸã (ãªãã·ã§ã³)ã äžæã®ãµã€ãããŒã¿(Unique site data)ã®åé€:ãã¹ãåºæã®ããŒã¿ãªãã§ããã¯ã¢ãããäœæ ããã«ã¯ããã®ãªãã·ã§ã³ãéžæããŸãããã®å¯Ÿè±¡ãšãªãã®ã¯ããã¹ãåãã·ã¹ãã IDãSNMP ããŒã¿ãHA ããŒã¿ãã©ã€ã»ã³ã¹ãã·ã§ã«ãŠãŒã¶ãã¹ã¯ãŒããå¿åãã¹ã¯ãŒãããªãã³ã«ã¡ãŒã« ãããã¯ã·ã§ã³ãWebãããã¯ã·ã§ã³ãã¯ã©ã€ã¢ã³ãèªèšŒãIPsecãSSL VPNãREDãWebAdminãWebã¢ããªã±ãŒã·ã§ã³ãã¡ã€ã¢ãŠã©ãŒã«ãããã³ãããã·çšã®ãã¹ãŠ ã®èšŒææžãå ¬ééµãšç§å¯éµãããã³æçŽãšã·ãŒã¯ã¬ãããªã©ã§ãã ãã®ãããªããã¯ã¢ããã¯ãé¡äŒŒã®ã·ã¹ãã ãè€æ°ã»ããã¢ããããããã«äŸ¿å©ã§ãããã ãã ããã€ãèæ ®ãã¹ãç¹ããããŸãã1) ãªã¹ãã¢åŸã¯ãåºæ¬ã·ã¹ãã ã»ããã¢ããã«ãªããŸãã2) æåã®ã€ã³ã¿ãã§ãŒã¹ã®ã¿ãèšå®ãããŠããŸãããã©ã€ã㪠IP ã¢ãã¬ã¹ã¯ãã€ã³ã¹ããŒã«äžã« 72 UTM 9 管çã¬ã€ã 4 ãããžã¡ã³ã 4.5 ããã¯ã¢ãã/ãªã¹ã㢠æ§æãããèšå®ã® 1ã€ã§ããä»ã®ãã¹ãŠã®ã€ã³ã¿ãã§ãŒã¹ã¯ç¡å¹ã«ãªããIP ã¢ãã¬ã¹ã 0.0.0.0 ã«èšå®ãããŸãã èŠå â ã»ãšãã©ã®ãã¹ãåºæããŒã¿ãåé€ãããŠãããã®ãããªããã¯ã¢ãããã³ãã¬ãŒãã« ã¯ãŠãŒã¶ãã¹ã¯ãŒããªã©ã®æ©å¯æ å ±ããŸã å«ãŸããŠããŸãããã®ãããæå·åããããšã ãå§ãããŸãã 管çè ã¡ãŒã«ã¢ãã¬ã¹ã®åé€:UTMã®æ§ã ãªéšå (ã¡ãŒã«ãããã¯ã·ã§ã³ã®ãã¹ããã¹ã¿ã¢ã ã¬ã¹ãéç¥ãªã©) ã§äœ¿çšããã管çè ã®ã¡ãŒã«ã¢ãã¬ã¹ãè¿œå ã§åé€ããã«ã¯ããã®ãªãã·ã§ ã³ãéžæããŸãããã®ãªãã·ã§ã³ã¯ã顧客ã®ãµã€ãã§Sophos UTMããã€ã¹ãã»ããã¢ãããã IT ããŒãããŒã«ãšã£ãŠç¹ã«äŸ¿å©ã§ãã 3. ãããã¯ã¢ãããçŽã¡ã«äœæ ããã¯ãªãã¯ããŸãã 䜿çšå¯èœãªããã¯ã¢ããã®ãªã¹ãã«ãããã¯ã¢ããã衚瀺ãããŸãã ãããã®ãªãã·ã§ã³ã®ãããããŸãã¯äž¡æ¹ãéžæããŠããã¯ã¢ãããäœæããå Žåã«ã¯ã ããã¯ã¢ãããšã³ããªã«ããããã®è¿œå ã³ã¡ã³ããå«ãŸããããã«ãªããŸãã ããã¯ã¢ããã®ã€ã³ ããŒã ããã¯ã¢ãããã€ã³ããŒãããã«ã¯ããã©ã«ãã¢ã€ã³ã³ãã¯ãªãã¯ããã¢ããããŒãããããã¯ã¢ãããã¡ ã€ã«ãéžæããŠããããã¢ããããŒãéå§ ããã¯ãªãã¯ããŠãã ãããæå·åãããããã¯ã¢ãããã¡ã€ã« ãã€ã³ããŒãããå Žåãããã¯ã¢ããã®ã€ã³ããŒãåã«ãæ£ãããã¹ãã¬ãŒãºãå ¥åããå¿ èŠããã ãŸããããã¯ã¢ããã¯ããã«ãªã¹ãã¢ãããã®ã§ã¯ãªããã䜿çšå¯èœãªããã¯ã¢ããããªã¹ãã«è¿œå ãã ãŸãã 4.5.2 èªåããã¯ã¢ãã ããããžã¡ã³ã > ããã¯ã¢ãã/ãªã¹ã㢠> èªåããã¯ã¢ãããã¿ãã§ã¯ãããã¯ã¢ããã®èªåçæã«é¢ ããè€æ°ã®ãªãã·ã§ã³ãèšå®ããããšãã§ããŸããããã¯ã¢ãããèªåçã«äœæããããã«ã¯ã次㮠æé ã«åŸããŸãã 1. ãèªåããã¯ã¢ãããã¿ãã§èªåããã¯ã¢ãããæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããç·è²ã«ãªããããªãã·ã§ã³ãããã³ãããã¯ã¢ãããã¡ãŒã«éä¿¡ ããšãªã¢ãç·šé å¯èœã«ãªããŸãã 2. ééãéžæããŸãã èªåããã¯ã¢ããã¯ãããŸããŸãªééã§äœæããããšãã§ããŸãã UTM 9 管çã¬ã€ã 73 4.6 ãŠãŒã¶ããŒã¿ã« 4 ãããžã¡ã³ã ãã€ãªãŒããŠã£ãŒã¯ãªãŒããã³ã¹ãªãŒããéžæã§ããŸãã 3. ä¿åããæ倧ããã¯ã¢ããæ°ãæå®ããŸãã ããã§æå®ããæ°ãŸã§ãããã¯ã¢ãããä¿åãããŸããæ倧å€ã«å°éãããšãäžçªå€ããã㯠ã¢ãããåé€ãããŸãã ãã®å¯Ÿè±¡ãšãªãã®ã¯ãèªåäœæãããããã¯ã¢ããã®ã¿ã§ããã·ã¹ãã æŽæ°ã®åã«æå㧠äœæãããããã¯ã¢ããã èªåçã«äœæãããããã¯ã¢ããã¯åé€ãããŸããã 4. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã UTMã®ããã¯ã¢ããäœæ¥ãç°¡çŽ åããããã«ãããã¯ã¢ããæ©èœã§ã¯ãå®çŸ©ããã¡ãŒã«ã¢ãã¬ã¹ã®ãª ã¹ãã«å¯ŸããŠãããã¯ã¢ãããã¡ã€ã«ãã¡ãŒã«ã§éä¿¡ããããšãã§ããŸãã åä¿¡è :èªåçã«çæãããããã¯ã¢ããã¯ããåä¿¡è ãããã¯ã¹ã«å«ãŸãããŠãŒã¶ã«éä¿¡ãã㟠ããè€æ°ã®ã¢ãã¬ã¹ãè¿œå ã§ããŸããããã©ã«ãã§ã¯ãæåã®ç®¡çè ã®ã¡ãŒã«ã¢ãã¬ã¹ã䜿çšãã ãŸãã ã¡ãŒã«ããã¯ã¢ããã®æå·å:ããã«ããªãã·ã§ã³ã§ããã¯ã¢ãããæå·åã§ããŸã (3DES æå·å)ã ãã¹ã¯ãŒã:ãæå·å ãã®ãªãã·ã§ã³ãéžæãããããã¹ã¯ãŒããå ¥åããŸã (確èªã®ããã« 2å)ã ããã¯ã¢ããã®ã€ã³ããŒãæã«ããã®ãã¹ã¯ãŒããæ±ããããŸãã èªåçã«äœæãããããã¯ã¢ããã¯ããäœæè ãã瀺ã System ãã©ã°ä»ãã§ãããã¯ã¢ãã/ãªã¹ã 㢠ãã¿ãã®ã䜿çšå¯èœãªããã¯ã¢ããããªã¹ãã«è¡šç€ºãããŸããããã§ãèªåã§äœæããããã¯ã¢ãããš åæ§ã«ããªã¹ãã¢ãããŠã³ããŒããåé€ãå®è¡ã§ããŸãã 4.6 ãŠãŒã¶ããŒã¿ã« Sophos UTMã®ãŠãŒã¶ããŒã¿ã«ã¯ãèš±å¯ãããŠãŒã¶ã«ããŒãœãã«ãªã¡ãŒã«ããã³ãªã¢ãŒãã¢ã¯ã»ã¹ ãµãŒãã¹ãæäŸããç¹å¥ãªãã©ãŠã¶ããŒã¹ã¢ããªã±ãŒã·ã§ã³ã§ãããŠãŒã¶ããŒã¿ã«ã«ã¢ã¯ã»ã¹ãã ã«ã¯ãSophos UTMã® URL (https://192.168.2.100 ãªã©) ã«ãã©ãŠãºããŸã (HTTPS ãããã³ã« ã䜿çšããŠããããšãšãWebAdmin ã€ã³ã¿ãã§ãŒã¹ã«ã¢ã¯ã»ã¹ããããã«éåžžå ¥åããããŒãçªå· 4444 ããªãããšã«æ³šæ)ã ãŠãŒã¶ããŒã¿ã«ã¯ãã¡ãŒã«éé¢ãå§ããšããæ©èœãåããŠããŸããã¡ãŒã«éé¢ã¯ãæªæãããœãã ãŠã§ã¢ã«ææããã¡ãã»ãŒãžãäžå¯©ãªæ·»ä»ç©ãå«ãã¡ãã»ãŒãžãã¹ãã ãšç¹å®ãããã¡ãã»ãŒãžã㟠ãã¯æ確ã«çŠæ¢ããè¡šçŸãå«ãã¡ãã»ãŒãžãä¿æããŸãã ãã°ã€ã³ããŒãžã§ããŠãŒã¶ã¯ãããããŒã®å³åŽã«ããããããããŠã³ãªã¹ãããèšèªãéžæã§ã㟠ãã 74 UTM 9 管çã¬ã€ã 4 ãããžã¡ã³ã 4.6 ãŠãŒã¶ããŒã¿ã« Figure 11 ãŠãŒã¶ããŒã¿ã«:Welcome ããŒãž ãŠãŒã¶ããŒã¿ã«ã§ããŠãŒã¶ã¯ä»¥äžã®ãµãŒãã¹ã«ã¢ã¯ã»ã¹ã§ããŸãã l SMTP éé¢:ãŠãŒã¶ã¯éé¢å Žæã«ä¿æãããŠããã¡ãã»ãŒãžã衚瀺ãããããªãªãŒã¹ã§ã㟠ããã©ã®ã¿ã€ãã®ã¡ãã»ãŒãžããŠãŒã¶ããªãªãŒã¹ã§ãããã¯ãEã¡ãŒã«ãããã¯ã·ã§ã³ > éé¢ã¬ ããŒã > 詳现 ãã¿ãã§æ±ºå®ã§ããŸãã(ãã®ã¿ãã¯ãPOP3 ãç¡å¹ãªå Žåã¯ãã¡ãŒã«éé¢ ããšãªã ãŸãã) l SMTP ãã°:ããã§ã¯ããŠãŒã¶ã¯ã¡ãŒã«ãã©ãã£ãã¯ã® SMTP ãã°ã衚瀺ã§ããŸãã(ãã®ã¿ã ã¯ãPOP3 ãç¡å¹ãªå Žåã¯ãã¡ãŒã«ãã°ããšãªããŸãã) l POP3 éé¢:ãŠãŒã¶ã¯éé¢å Žæã«ä¿æãããŠããã¡ãã»ãŒãžã衚瀺ããããªãªãŒã¹ã§ããŸãã ã©ã®ã¿ã€ãã®ã¡ãã»ãŒãžããŠãŒã¶ããªãªãŒã¹ã§ãããã¯ãEã¡ãŒã«ãããã¯ã·ã§ã³ > éé¢ã¬ã㌠ã > 詳现 ãã¿ãã§æ±ºå®ã§ããŸãã(ãã®ã¿ãã¯ãSMTP ãç¡å¹ãªå Žåã¯ãã¡ãŒã«éé¢ ããšãªã㟠ãã) l POP3 ã¢ã«ãŠã³ã:ãŠãŒã¶ã¯äœ¿çšãã POP3 ã¢ã«ãŠã³ãã®è³æ Œæ å ±ãå ¥åã§ããŸããPOP3 㢠ã«ãŠã³ãæ å ±ãå ¥åãããã¹ãã ã¡ãŒã«ã®ã¿ããŠãŒã¶ããŒã¿ã«ã«è¡šç€ºãããŸããPOP3 ã¢ã« ãŠã³ãã®ã¢ã«ãŠã³ãæ å ±ãä¿åãããŠãããŠãŒã¶ã¯ãåã¡ãŒã«ã¢ãã¬ã¹ã«ã€ããŠãå¥ã ã®é é¢ã¬ããŒããåãåããŸããèš±å¯ããã POP3ãµãŒãã¯ãEã¡ãŒã«ãããã¯ã·ã§ã³ > POP3 > 詳 现 ãã¿ãã§æå®ããå¿ èŠããããŸãã l éä¿¡è ãã¯ã€ããªã¹ã:ããã§éä¿¡è ããã¯ã€ããªã¹ãã«è¿œå ããããšã§ããããã®éä¿¡è ãã éä¿¡ãããã¡ãã»ãŒãžãã¹ãã ãšããŠåé¡ãããªãããã«ã§ããŸãããã ãããŠã€ã«ã¹ãå«ã ã¡ãŒã«ãã¹ãã£ã³äžå¯èœãªã¡ãŒã«ã¯éé¢ãããŸãããã¯ã€ããªã¹ãå ã®éä¿¡è ã¯ãæå¹ãª ã¡ãŒã«ã¢ãã¬ã¹ (äŸ: [email protected]) ãŸãã¯ã¢ã¹ã¿ãªã¹ã¯ãã¯ã€ã«ãã«ãŒããšããŠäœ¿çšã ãŠç¹å®ãã¡ã€ã³ã®å šã¡ãŒã«ã¢ãã¬ã¹ (äŸ: *@example.com) ãæå®ã§ããŸãã l éä¿¡è ãã©ãã¯ãªã¹ã:ããã§ãŠãŒã¶ã¯ã¡ãŒã«éä¿¡è (äŸ: [email protected]) ãã ã©ãã¯ãªã¹ãã«è¿œå ãããããã¡ã€ã³å šäœ (äŸ: *@hotmail.com) ããã©ãã¯ãªã¹ãã«è¿œå ããã UTM 9 管çã¬ã€ã 75 4.6 ãŠãŒã¶ããŒã¿ã« 4 ãããžã¡ã³ã ãšãã§ããŸãããã©ãã¯ãªã¹ãã¯ãã·ã¹ãã å 㧠SMTP ãš POP3 ã䜿çšãããŠããã°ãSMTP ãš POP3 ã®äž¡æ¹ã®ã¡ãŒã«ã«é©çšãããŸãããã©ãã¯ãªã¹ãã«éä¿¡è ãè¿œå ããã«ã¯ãã+ãã¢ã€ ã³ã³ãã¯ãªãã¯ããŠã¢ãã¬ã¹ãå ¥åãããã§ãã¯ã¢ã€ã³ã³ãã¯ãªãã¯ããŠä¿åããŸãã 76 l ãããã¹ããã:ããã§ãŠãŒã¶ã¯ããããã¹ãããã®ã¢ã¯ã»ã¹ããŒã¿ã確èªããŠç®¡çã§ããŸããã ã®ã¿ãã¯ãç¹å®ã®ãŠãŒã¶ã«å¯Ÿã㊠1ã€ä»¥äžã®ãããã¹ããããæå¹ã«ãããŠããå Žåã«ã®ã¿ 䜿çšã§ããŸããåœæ¥æå¹ãã¹ã¯ãŒãã¿ã€ãã®ãããã¹ãããã«ã¯ãçŸåšã®ãã¹ã¯ãŒãã®è¡šç€º ãšå€æŽãè¡ãããšãã§ããŸããããŠãã£ãŒã¿ã€ãã®ãããã¹ãããã«ã¯ãããŠãã£ãŒã®çæãå° å·ããšã¯ã¹ããŒããåé€ãè¡ãããšãã§ããŸããçæããŠãã£ãŒã®ãªã¹ãã«ã¯ã䜿çšç¶æ³ã®æ å ±ã衚瀺ãããŸãã詳现ã¯ããã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ > ãããã¹ãããããåç §ããŠãã ã ãã l ã¯ã©ã€ã¢ã³ãèªèšŒ:ããã§ãŠãŒã¶ã¯ãSophos Authentication Agent (SAA) ã®ã»ããã¢ãããã¡ã€ã« ãããŠã³ããŒãã§ããŸããSAA 㯠Web ãã£ã«ã¿ã®èªèšŒã¢ãŒããšããŠäœ¿çšã§ããŸãããã¯ã©ã€ã¢ã³ ãèªèšŒ ãã¿ãã¯ãã¯ã©ã€ã¢ã³ãèªèšŒãæå¹åãããŠããå Žåã«ã®ã¿äœ¿çšã§ããŸãã詳现ã¯ã ãå®çŸ©ãšãŠãŒã¶ > ã¯ã©ã€ã¢ã³ãèªèšŒ ããåç §ããŠãã ããã l ãªã¢ãŒãã¢ã¯ã»ã¹:ãŠãŒã¶ã¯ãªã¢ãŒãã¢ã¯ã»ã¹ã¯ã©ã€ã¢ã³ããœãããŠã§ã¢ããã³ãããã«ä»å±ãã èšå®ãã¡ã€ã«ãããŠã³ããŒãã§ããŸãããã ããããªã¢ãŒãã¢ã¯ã»ã¹ ãã¿ãã¯ããã®ç¹å®ãŠãŒã¶ã« 察ããŠæäœ 1ã€ã®ãªã¢ãŒãã¢ã¯ã»ã¹ã¢ãŒããæå¹ã«ãªã£ãŠããå Žåã®ã¿å©çšã§ããŸãã l HTML5 VPN ããŒã¿ã«:ããã§ãŠãŒã¶ã¯ãå®çŸ©æžã¿ã®ãµãŒãã¹ã䜿çšããŠå®çŸ©æžã¿ã®ãã¹ã ãžã® VPN æ¥ç¶ã確ç«ããããšãã§ããŸãããã®ã¿ãã¯ãç¹å®ã®ãŠãŒã¶ã«å¯Ÿã㊠1ã€ä»¥äžã® VPN æ¥ç¶ãæå¹ã«ãããŠããå Žåã«ã®ã¿äœ¿çšã§ããŸãã詳现ã¯ãããªã¢ãŒãã¢ã¯ã»ã¹ > HTML5 VPN ããŒã¿ã« ããåç §ããŠãã ããã l ãã¹ã¯ãŒãã®å€æŽ:ãŠãŒã¶ã¯ãŠãŒã¶ããŒã¿ã«ã«ã¢ã¯ã»ã«ããããã®ãã¹ã¯ãŒããå€æŽã§ã㟠ãã l HTTPS ãããã·:ãŠãŒã¶ã¯ HTTP/S ãããã· CA 蚌ææžãã€ã³ããŒãããã»ãã¥ã¢ Web ãµã€ã ãžã®èšªåæã«è¡šç€ºããããšã©ãŒã¡ãã»ãŒãžãåé¿ããããšãã§ããŸããããããã· CA 蚌ææž ãã€ã³ããŒãããã¯ãªãã¯ãããšããŠãŒã¶ã®ãã©ãŠã¶ã«ãä»ã®ç®çã«å¯Ÿã㊠CA ãä¿¡é Œããã確 èªããããã³ããã衚瀺ãããŸãã詳ããã¯ããWeb ãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ > HTTPS CAã ã®ç« ãåç §ããŠãã ããã l ãã°ã¢ãŠã:ãŠãŒã¶ããŒã¿ã«ãããã°ã¢ãŠãããã«ã¯ããããã¯ãªãã¯ããŸããããã¯ããã°ã€ã³ æã«ããã°ã€ã³ãèšæ¶ ããéžæããå Žåã« (ããã«ããã¯ãããŒãäœæãããŸã)ãæ瀺çã«ã ã°ã¢ãŠãããŠãã®ã¯ãããŒãåé€ããããšãã®ã¿å¿ èŠã§ããããã§ãªãå Žåã¯ããã® ãã°ã¢ãŠ ãã®ãªã³ã¯ã䜿çšããå¿ èŠã¯ãããŸããããã©ãŠã¶ã®ã¿ããŸãã¯ãŠã€ã³ããŠãéããã ãã§å åã§ãã UTM 9 管çã¬ã€ã 4 ãããžã¡ã³ã 4.6 ãŠãŒã¶ããŒã¿ã« 4.6.1 ã°ããŒãã« ããããžã¡ã³ã > ãŠãŒã¶ããŒã¿ã« > ã°ããŒãã« ãã¿ãã§ããŠãŒã¶ããŒã¿ã«ãæå¹åã§ããŸããããã«ã ãŠãŒã¶ããŒã¿ã«ãžã®ã¢ã¯ã»ã¹ãèš±å¯ãããããã¯ãŒã¯ãšãŠãŒã¶ãæå®ã§ããŸãã ãŠãŒã¶ããŒã¿ã«ãžã®ã¢ã¯ã»ã¹ãæå¹ã«ããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ãŠãŒã¶ããŒã¿ã«ãæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«ãªããããšã³ããŠãŒã¶ããŒã¿ã«ãªãã·ã§ã³ããšãªã¢ãç·šéå¯èœã« ãªããŸãã 2. èš±å¯ãããããã¯ãŒã¯ãéžæããŸãã ãŠãŒã¶ããŒã¿ã«ãžã®ã¢ã¯ã»ã¹ãèš±å¯ãããããã¯ãŒã¯ãéžæããŸãã 3. èš±å¯ãããŠãŒã¶ãéžæããŸãã ãŠãŒã¶ããŒã¿ã«ãžã®ã¢ã¯ã»ã¹ãèš±å¯ãããŠãŒã¶ãŸãã¯ãŠãŒã¶ã°ã«ãŒããéžæããŸãã ãã¹ãŠã®ãŠãŒã¶ã«ã¢ã¯ã»ã¹ãèš±å¯ããªãå Žåã¯ããå šãŠã®ãŠãŒã¶ãèš±å¯ ããã§ãã¯ããã¯ã¹ã® éžæãå€ãããŠãŒã¶ãšãŠãŒã¶ã°ã«ãŒããåå¥ã«éžæããŸãã 4. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã 4.6.2 詳现 ã詳现 ãã¿ãã§ããŠãŒã¶ããŒã¿ã«ã®ä»£æ¿ãã¹ãåãšããŒãçªå·ã«å ããèšèªãšã»ãã¥ãªãã£ãªãã·ã§ã³ ãèšå®ã§ããŸãã èšèª ãã°ã€ã³æã«ããŠãŒã¶ããŒã¿ã«ã¯ Web ãã©ãŠã¶ã®èšèªèšå®ãååŸããããããã®ãã±ãŒã«ãããŒã ããŠããã©ãŠã¶ã®ããã©ã«ããšåãèšèªã§ããŒã¿ã«ã衚瀺ããŸãããã©ãŠã¶ã®èšèªèšå®ããŠãŒã¶ ããŒã¿ã«ã§å©çšã§ããªãå Žåã¯ããã©ãŒã«ãã㯠(äºå) ã®èšèªãããã§éžæã§ããŸãããŠãŒã¶ã¯ã è¿œå ãªãã·ã§ã³ãšããŠããŠãŒã¶ããŒã¿ã«ã®ãã°ã€ã³ããŒãžã§èšèªãéžæã§ããŸãã ã»ãã¥ãªã㣠ãŠãŒã¶ããŒã¿ã«ã¯ Cookie ã䜿çšããŠã»ãã·ã§ã³ã远跡ããŸããæ°žç¶ç (åºå®) Cookieã«ãããã»ãã·ã§ ã³ãéããåŸã§å床ãã°ã€ã³ããªãã§æ»ãããšãå¯èœã«ãªããŸãããããã¯ãã€ã§ããŠãŒã¶åŽã§å é€ã§ããŸããããŠãŒã¶ããŒã¿ã«ã®ããã°ã¢ãŠãããã¿ã³ã䜿çšããããšãå¿ èŠã§ãã UTM 9 管çã¬ã€ã 77 4.7 éç¥ 4 ãããžã¡ã³ã ããŒã¿ã«ã¡ ãã¥ãŒã®ç¡å¹å ããã«ãªã¹ããããŠããããããã®æ©èœã WebAdmin ã§æå¹ã«ãããšããŠãŒã¶ããŒã¿ã«ã«ã¡ãã¥ãŒé ç®ã衚瀺ãããŸãããã ããããã§ã¯ããŠãŒã¶ããŒã¿ã«ã§è¡šç€º ããªãã¡ãã¥ãŒé ç®ãå®çŸ©ã§ããŸãã ãããå®çŸ©ããã«ã¯ãããããã®ãªãã·ã§ã³ãéžæããŠãé©çš ããã¯ãªãã¯ããŸãã ããã 㯠ãŒã¯èšå® ãã¹ãå:ããã©ã«ãã§ãããã¯ããããžã¡ã³ã > ã·ã¹ãã èšå® > ãã¹ãå ãã¿ãã®UTMã®ãã¹ãå㧠ãããã ããã€ã³ã¿ãŒããããä»ããŠã¢ã¯ã»ã¹ãããŠãŒã¶ã«ãŠãŒã¶ããŒã¿ã«ãžã®ã¢ã¯ã»ã¹ãä»äžãã å Žåã¯ããããªãã¯ã«è§£æ±ºã§ãã代æ¿ãã¹ãåãããã«å ¥åããå¿ èŠããããŸãã Listen ã¢ãã¬ã¹:ããã©ã«ãã¯ããã¹ãŠ ãã§ããWeb ã¢ããªã±ãŒã·ã§ã³ãã¡ã€ã¢ãŠã©ãŒã«ã䜿çšããå Ž åããµãŒãã¹ããŠãŒã¶ããŒã¿ã«æ¥ç¶ããªã¹ã³ããããã®ã€ã³ã¿ãã§ãŒã¹ã¢ãã¬ã¹ãæå®ããå¿ èŠã ãããŸãããŠãŒã¶ããŒã¿ã«æ¥ç¶ãã³ãã©ãš Web ã¢ããªã±ãŒã·ã§ã³ãã¡ã€ã¢ãŠã©ãŒã«ãåä¿¡ SSL æ¥ç¶ ãèå¥ã§ããããã«ããããã«ããã®èšå®ãå¿ èŠã§ãã ããŒã:ããã©ã«ãã§ã¯ãHTTPS ã®ããŒã 443 ãéžæãããŠããŸããããŒãã¯ã1024ïœ65535 ã®ç¯ å²å ã§ã©ã®å€ã«ã§ãå€æŽã§ããŸãã10443 ãŸã㯠WebAdmin TCP ããŒã ã¯éžæã§ããŸããããã 㯠ããããžã¡ã³ãã>ãWebAdmin èšå®ã>ã詳现ãã¿ãã§èšå®ãããŠããŸãããŠãŒã¶ããŒã¿ã«ã¯ãå®çŸ©ã ãããŒãããç¬ç«ããŠãããHTTPS ã®ã¿ãä»ããŠåžžã«ã¢ã¯ã»ã¹ããããšãã§ããŸãã ㊠ã§ã«ã«ã ã¡ ãã»ãŒãž ãŠãŒã¶ããŒã¿ã«ã®ãŠã§ã«ã«ã ã¡ãã»ãŒãžãã«ã¹ã¿ãã€ãºã§ããŸããã·ã³ãã«ãª HTML ããŒã¯ã¢ãããš ãã€ããŒãªã³ã¯ã䜿çšã§ããŸãã 泚 â ããŒã ãŠãŒã¶ã©ã€ã»ã³ã¹ã䜿çšããŠããå Žåã¯ããŠã§ã«ã«ã ã¡ãã»ãŒãžãå€æŽã§ããŸããã 4.7 éç¥ Sophos UTM ã«ã¯ãUTM ã§çºçããããããçš®é¡ã®ã»ãã¥ãªãã£é¢é£ã€ãã³ãã«ã€ããŠãã¡ãŒã«ãŸã 㯠SNMP ãã©ããã§å³æéç¥ããæ©èœãæèŒãããŠããŸãã管çè ãç¥ãã¹ããã¹ãŠã®ã€ãã³ã ããåçš®ãšã©ãŒãèŠåãæ å ±ã³ãŒãã«ãã£ãŠç€ºãããŸããã©ã®ãããªéç¥ãéä¿¡ãããã®ãã¯ããé ç¥ ãã¿ãã§èšå®ããéžæå 容ã«å¿ããŠæ±ºãŸããŸãã 78 UTM 9 管çã¬ã€ã 4 ãããžã¡ã³ã 4.7 éç¥ 4.7.1 ã°ããŒãã« ããããžã¡ã³ã > éç¥ > ã°ããŒãã« ãã¿ãã§ã¯ãUTMãéä¿¡ããéç¥ã¡ãŒã«ã«å©çšãããéä¿¡è ã¢ã ã¬ã¹ (éä¿¡å ã¢ãã¬ã¹) ãèšå®ã§ããŸããããã©ã«ãã§ã¯ [email protected] ãšãªã£ ãŠããŸãããã®ã¢ãã¬ã¹ãå€æŽããå Žåãã客æ§ã®ãã¡ã€ã³ã®ã¡ãŒã«ã¢ãã¬ã¹ãå ¥åããããšããå§ ãããŸãããã®çç±ã¯ãäžéšã®ã¡ãŒã«ãµãŒãã§ã¯ãæå®ãããéä¿¡è ã¢ãã¬ã¹ãæ¬åœã«ååšãã ããšã確èªããããã«èšå®ãããŠããããã§ãã ããã«ãUTMéç¥ã®åä¿¡è ãæå®ããããšãã§ããŸããããã©ã«ãã§ã¯ãåæã»ããã¢ããæã«å ¥å ããã管çè ã®ã¡ãŒã«ã¢ãã¬ã¹ã§ãã éç¥ãå¶é:äžéšã®ã»ãã¥ãªãã£é¢é£ã€ãã³ã (æ€åºãããäŸµå ¥è©Šè¡ãªã©) ã§ã¯ã倧éã®éç¥ãçºç ããéç¥åä¿¡è ã®åä¿¡ãã¬ã€ãçæéã§ãã£ã±ãã«ãªãå¯èœæ§ããããŸãããã®ãããSophos UTMã«ã¯ã1æéãããã«éä¿¡ãããéç¥æ°ãå¶éããããã®åŠ¥åœãªããã©ã«ãå€ãçšæãã㊠ããŸãããã®ãªãã·ã§ã³ãç¡å¹ã«ãããšãããããžã¡ã³ã > éç¥ > éç¥ ãã¿ãã§éç¥ãéä¿¡ããããã« èšå®ãããŠãããã¹ãŠã®ã»ãã¥ãªãã£é¢é£ã®ã€ãã³ãããéç¥ãçºçããŸãã æ©åšåºæã®ããã¹ã ããã§ã¯ãSophos UTMã®èª¬æ (å Žæãªã©) ãå ¥åã§ããŸãããã®æ å ±ã¯ãéä¿¡ãããéç¥ã«ç€ºãã ãŸãã 4.7.2 éç¥ éç¥ã¯æ¬¡ã®3ã€ã®ã«ããŽãªã«åé¡ãããŸãã l CRIT:UTM ãæäœäžèœã«ãªãå¯èœæ§ãããé倧ãªã€ãã³ããéç¥ããã¡ãã»ãŒãžã l WARN:ãããå€ã®è¶ éãªã©ããŠãŒã¶ã®æ³šæãå¿ èŠãšããæœåšçãªåé¡ã«ã€ããŠã®èŠåã l INFO:ã·ã¹ãã ã³ã³ããŒãã³ãã®åèµ·åãªã©ãæ å ±æäŸç®çã®ã¿ã®ã¡ãã»ãŒãžã éç¥ãã¡ãŒã«ãš SNMP ãã©ããã®ãããã§éä¿¡ããããéžæã§ããŸãã 4.7.3 詳现 UTMã§ã¡ãŒã«ãçŽæ¥éä¿¡ã§ããªãå Žåãã¡ãŒã«ãéä¿¡ããã¹ããŒããã¹ããèšå®ããããšãã§ã㟠ãã次ã®æé ã§å®è¡ããŸãã 1. ããããžã¡ã³ã > éç¥ > 詳现 ãã¿ãã§ãå€éš SMTP ããæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã UTM 9 管çã¬ã€ã 79 4.8 ã«ã¹ã¿ãã€ãº 4 ãããžã¡ã³ã 2. ã¹ããŒããã¹ããå ¥åããŸãã ãã©ãã°ïŒããããã䜿çšã§ããŸããããŒãã¯ãããã©ã«ãã® SMTP ããŒãã§ãã 25 ã«äºåèš å®ãããŠããŸãã l TLS ã䜿çš:éç¥ã®é信㧠TLS ã匷å¶ããã«ã¯ããã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ ããŸããã¹ããŒããã¹ã㧠TLS ããµããŒããããªãå Žåãéç¥ã¯éä¿¡ãããŸããã 3. èªèšŒèšå®ãæå®: ã¹ããŒããã¹ããèªèšŒãèŠæ±ããå Žåã¯ããèªèšŒ ããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŠãè©²åœ ãããŠãŒã¶åãšãã¹ã¯ãŒããå ¥åããŸãã 4. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã 4.8 ã«ã¹ã¿ãã€ãº ããããžã¡ã³ãã > ã«ã¹ã¿ãã€ãºãã®ã¿ãã䜿çšãããšãSophos UTMãçæããã¡ãŒã«éç¥ãšã¹ããŒã¿ ã¹ã¡ãã»ãŒãžãã«ã¹ã¿ãã€ãºããã³ããŒã«ã©ã€ãºããŠãäŒç€Ÿã®ããªã·ãŒãã³ãŒãã¬ãŒãã¢ã€ãã³ãã£ã㣠ã«åãããŠãããã®ã¡ãã»ãŒãžã調æŽããããšãã§ããŸãã ããã«ãã«ã¹ã¿ã Web ãã³ãã¬ãŒããç·šéããã³ã¢ããããŒãããŠããŠãŒã¶ããããã¯ã¡ãã»ãŒãžãã ã®ä»ã®éç¥ãåä¿¡ããæ¹æ³ãããã«å€æŽããããšãã§ããŸãã 泚 â ããŒã ãŠãŒã¶ã©ã€ã»ã³ã¹ã䜿çšããŠããå Žåã¯ãã«ã¹ã¿ãã€ãºã§ããŸããã 4.8.1 ã°ããŒãã« ããããžã¡ã³ã > ã«ã¹ã¿ãã€ãº > ã°ããŒãã« ãã¿ãã§ã¯ããŠãŒã¶ã«è¡šç€ºãããã·ã¹ãã ã¡ãã»ãŒãžã®ã° ããŒãã«è¡šç€ºãªãã·ã§ã³ãã«ã¹ã¿ãã€ãºããããšãã§ããŸããUTF-8/Unicode ããµããŒããããŠã㟠ãã ããã§ã¯ãã«ã¹ã¿ãã€ãºå¯èœãªã°ããŒãã«ãªãã·ã§ã³ (äŒç€Ÿã㎠ããã³ã«ã¹ã¿ã äŒç€Ÿããã¹ã) ã ãã ããžã¡ã³ãã>ãã«ã¹ã¿ãã€ãºã>ãWeb ã¡ãã»ãŒãžãããŒãžã§èšå®ãããã³ã³ãã³ãã®ãããã¯ãã¡ãã»ãŒãž ã®äŸã瀺ããŠããŸãã 80 UTM 9 管çã¬ã€ã 4 ãããžã¡ã³ã 4.8 ã«ã¹ã¿ãã€ãº Figure 12 ã«ã¹ã¿ãã€ãº:ãããã¯ãããããŒãžã®äŸãšã«ã¹ã¿ãã€ãºå¯èœãªéšå ã«ã³ ãããŒã ㎠ã«ã³ãããŒããŽ/ãããŒãã¢ããããŒãã (png 圢åŒã®ã¿)ã次ã®ç¶æ³ã§äœ¿çšããããšãã§ããŸãã l Web ã¡ãã»ãŒãž: l ããããã¯ãããPOP3 ã¡ãŒã«ãçšã¡ãã»ãŒãž l (ã¹ãã ã¡ãŒã«ãéé¢å ŽæãããªãªãŒã¹ãŸãã¯ãã¯ã€ããªã¹ãåãããåŸã§éé¢ã¬ããŒãã«è¡š 瀺ããã) éé¢ãªãªãŒã¹ã¹ããŒã¿ã¹ã¡ãã»ãŒãž l éé¢ã¬ããŒã ãŠãŒã¶ã«è¡šç€ºãããäžéšã®ã¡ãã»ãŒãžã¯ããã©ã«ãã®ããŽã«åãããŠæé©åãããŸã (195 x 73 ãã¯ã»ã«ãéæã®èæ¯)ãèŠæ ããè¯ãããã«ã¯ãåãå±æ§ã®ç»åã䜿çšããŸãã ããŽã®ã¢ããããŒã: 1. ããã¡ã€ã«ã®ã¢ããããŒã ããã€ã¢ãã°ããã¯ã¹ãéããŸãã ãæ°ããããŽã®ã¢ããããŒã ãããã¯ã¹ã®æšªã«ãããã©ã«ãã¢ã€ã³ã³ãã¯ãªãã¯ããŸãã ããã¡ã€ã«ã®ã¢ããããŒã ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. ããŽãéžæããŸãã ã¢ããããŒãããããŽãããå ŽæãŸã§ãã©ãŠãºããŸãã ããŽãéžæãããã¢ããããŒãéå§ ããã¯ãªãã¯ããŸãã 3. ãé©çš ããã¯ãªãã¯ããŸãã ããŽãã¢ããããŒãããããã§ã«ã€ã³ã¹ããŒã«ãããŠãããã¡ã€ã«ãšçœ®ãæããããŸãã UTM 9 管çã¬ã€ã 81 4.8 ã«ã¹ã¿ãã€ãº 4 ãããžã¡ã³ã ã«ã¹ã¿ã ã«ã³ ãããŒããã¹ã Sophos UTMã®ãŠã€ã«ã¹ã¹ãã£ããŸãã¯ã³ã³ãã³ããã£ã«ã¿ã«ãã£ãŠWeb ãµã€ãããããã¯ããããšã ã«ãã«ã³ãããŒããŽã®äžã«è¡šç€ºãããã¡ãã»ãŒãžãã«ã¹ã¿ãã€ãºããŸããããã«ã¯ã管çè ã®é£çµ¡å ããŒã¿ãªã©ãå ¥åããããšãã§ããŸãã 4.8.2 Web ã¡ãã»ãŒãž Sophos UTMã«ãã£ãŠè¡šç€ºããã Web ãã£ã«ã¿ã¡ãã»ãŒãžã®ããã¹ããã«ã¹ã¿ãã€ãºããŸããã¡ãã»ãŒãž ã®äžã«ã¯ã倧ãããããã¡ã€ã«ãç¹å®ã®çš®é¡ã®ãã¡ã€ã«ããŸããŠã€ã«ã¹ãå«ããã¡ã€ã«ããŠãŒã¶ã ããŠã³ããŒãããããšããŠçŠæ¢ãããéã«è¡šç€ºããããã®ããããŸãããŸãããã®ä»ã®ã¡ãã»ãŒãžã¯ã ãŠãŒã¶ããã¡ã€ã«ãããŠã³ããŒããããšããUTMã®èªèšŒãèŠæ±ãããå Žåã«ãçŠæ¢ããã Web ãµã€ ããã¢ããªã±ãŒã·ã§ã³ã«ã¢ã¯ã»ã¹ããããšããŠè¡šç€ºããããã®ããããŸãããããã®ã¡ãã»ãŒãžãä»ã® èšèªã«ç¿»èš³ãããã顧客ãµããŒãã®é£çµ¡å æ å ±ã衚瀺ãããããã«å€æŽãããã§ããŸãã 泚 â ãWeb ã¡ãã»ãŒãž ãã¿ãã®ãã£ãŒã«ãã«å ¥åããããã¹ãã¯ã«ã¹ã¿ã Web ãã³ãã¬ãŒãã§åç §ã§ã ãŸãã詳现ã¯ããWeb ãã³ãã¬ãŒãããåç §ããŠãã ããã 以äžã®ã¡ãã»ãŒãžãèšå®å¯èœã§ãã ã³ã³ãã³ãã®ããã㯠82 l ãµãŒããããã¯ã·ã§ã³:URL ããããã¯èšå®ãããŠããã«ããŽãªãŒã«äžèŽãããããŸãã¯ãµã€ã ã¬ãã¥ããŒã·ã§ã³ãäžå®ã®ãããå€ä»¥äžã§ãã Web ããŒãžã«ããŠãŒã¶ãã¢ã¯ã»ã¹ããããšãã éã«ããã®ã¡ãã»ãŒãžã¯è¡šç€ºãããŸãã詳现ã¯ããWebãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã°ãã® ç« ãåç §ããŠãã ããã l ãã©ãã¯ãªã¹ã:ãã®ã¡ãã»ãŒãžã¯ããã©ãã¯ãªã¹ãåããã URL ãšäžèŽãã Web ããŒãžããŠãŒ ã¶ãååŸããããšãããšè¡šç€ºãããŸããURL ããã©ãã¯ãªã¹ãåããæ¹æ³ã¯ããWeb ããã㯠ã·ã§ã³ > Webã ã£ã«ã¿ãªã³ã° > URL ãã£ã«ã¿ãªã³ã°ããåç §ããŠãã ããã l MIME ã¿ã€ã:ãã®ã¡ãã»ãŒãžã¯ããããã¯ããã MIME ã¿ã€ãã®ãã¡ã€ã«ããŠãŒã¶ãèŠæ±ãã㚠衚瀺ãããŸããMIME ã¿ã€ãã®è©³çŽ°ã¯ããWeb Protection > Web ãã£ã«ã¿ãªã³ã° > ãŠã€ã«ã¹/ã ã«ãŠã§ã¢å¯Ÿç ãã®ç« ãåç §ããŠãã ããã l ãã¡ã€ã«æ¡åŒµå:ãã®ã¡ãã»ãŒãžã¯ããããã¯ããããã¡ã€ã«æ¡åŒµåããŠãŒã¶ãèŠæ±ãããšè¡š 瀺ãããŸãããã¡ã€ã«æ¡åŒµåã®è©³çŽ°ã¯ããWebãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã° > ãŠã€ã«ã¹/ ãã«ãŠã§ã¢å¯Ÿç ãã®ç« ãåç §ããŠãã ããã UTM 9 管çã¬ã€ã 4 ãããžã¡ã³ã 4.8 ã«ã¹ã¿ãã€ãº l ãã¡ã€ã«ãµã€ãº:ãã®ã¡ãã»ãŒãžã¯ããã¡ã€ã«ãµã€ãºã®äžéãè¶ ãããã¡ã€ã«ããŠãŒã¶ãèŠæ± ãããšè¡šç€ºãããŸããããŠã³ããŒãã®ãµã€ãºå¶éãèšå®ããæ¹æ³ã¯ããWebãããã¯ã·ã§ã³ > Webãã£ã«ã¿ãªã³ã° > 詳现 ããåç §ããŠãã ããã l ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã«:ãã®ã¡ãã»ãŒãžã¯ãã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã«ã§ãããã¯ãã ããã«èšå®ãããŠããçš®é¡ã®ãããã¯ãŒã¯ãã©ãã£ãã¯ããŠãŒã¶ã䜿çšããããšããå Žåã«è¡š 瀺ãããŸããã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã«ã«é¢ãã詳现ã¯ããWebãããã¯ã·ã§ã³ > ã¢ããªã±ãŒ ã·ã§ã³ã³ã³ãããŒã« ããåç §ããŠãã ããã l ãŠã€ã«ã¹æ€ç¥:ãã®ã¡ãã»ãŒãžã¯ããŠã€ã«ã¹ææãåå ã§ãã¡ã€ã«ããããã¯ãããå Žåã«è¡š 瀺ãããŸãããŠã€ã«ã¹ä¿è·ã®èšå®ã«é¢ãã詳现ã¯ããWebãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã° > ãŠã€ã«ã¹/ãã«ãŠã§ã¢å¯Ÿç ãã®ç« ãåç §ããŠãã ããã ããŠã³ããŒã/æ€çŽ¢ l ããŠã³ããŒãäž:ãã®ã¹ããŒã¿ã¹ã¯ããã¡ã€ã«ã®ããŠã³ããŒãäžã«è¡šç€ºãããŸãããããŠã³ããŒã ãããŒãžã£ããåç §ããŠãã ããã l ãŠã€ã«ã¹ã¹ãã£ã³å®è¡äž:ãã®ã¡ãã»ãŒãžã¯UTMãæªæã®ããã³ã³ãã³ããæ€çŽ¢äžã«è¡šç€ºã ããŸãããããŠã³ããŒããããŒãžã£ããåç §ããŠãã ããã l ããŠã³ããŒãå®å:ãã®ã¡ãã»ãŒãžã¯ããã¡ã€ã«ã®ããŠã³ããŒããšæ€çŽ¢ãå®äºããå®å šã確èªã ããåŸã§è¡šç€ºãããŸãããããŠã³ããŒããããŒãžã£ããåç §ããŠãã ããã èªèšŒ l ééã¢ãŒãã®èªèšŒ:ãã®ãªãã·ã§ã³ã¯ãWeb ãã£ã«ã¿ãªã³ã°ãééã¢ãŒãã§äœ¿çšããããã©ãŠã¶ã èªèšŒã¢ãŒããéžæããŠããå Žåã®ã¿é©çšãããŸãã詳现ã¯ããWebãããã¯ã·ã§ã³ > Webã㣠ã«ã¿ãããã¡ã€ã« > ãããã·ãããã¡ã€ã« ããåç §ããŠãã ãããããã¹ãã¯èªèšŒããŒãžã«è¡šç€º ãããŸããåãŠãŒã¶ã¯ Web ãã£ã«ã¿ã䜿çšããåã«ãã®èªèšŒããŒãžã«ãã°ã€ã³ããå¿ èŠãã ããŸãããå©çšæ¡ä»¶ ããã£ãŒã«ãã«å ¥åãããšãèªèšŒããŒãžã«å 責äºé ã衚瀺ãããŸãããã® ãã£ãŒã«ãã (ããã©ã«ãã®èšå®ã®ãŸãŸ) 空æ¬ã«ãªã£ãŠãããšãå 責äºé ã¯è¡šç€ºãããŸããã l ã³ã³ãã³ããããã¯ã®ãã€ãã¹:ãã®ã¡ãã»ãŒãžã¯ãããŒãžã ãµãŒããããã¯ã·ã§ã³ ã«ãã£ãŠã ããã¯ããããããã¯ãã€ãã¹ãªãã·ã§ã³ãæå¹ã«ãªã£ãŠããå Žåã«è¡šç€ºãããŸã (ãWeb ãã ãã¯ã·ã§ã³ã>ãWeb ãã£ã«ã¿ãªã³ã°ã>ãURL ãã£ã«ã¿ãªã³ã°ãããåç §)ããå©çšæ¡ä»¶ ããã£ãŒã«ãã« å ¥åãããšãèªèšŒããŒãžã«å 責äºé ã衚瀺ãããŸãããã®ãã£ãŒã«ãã (ããã©ã«ãã®èšå® ã®ãŸãŸ) 空æ¬ã«ãªã£ãŠãããšãå 責äºé ã¯è¡šç€ºãããŸããã ãšã©ãŒ l ãµãŒããšã©ãŒ:ãã®ã¡ãã»ãŒãžã¯ããŠãŒã¶ã®èŠæ±ãåŠçäžã«ãšã©ãŒãçºçãããšãã«è¡šç€ºã ããŸãã 管çè æ å ±:ããã§ã¯ãWeb ãã£ã«ã¿ã管çãã管çè ã«é¢ããæ å ± (管çè ã®ã¡ãŒã«ã¢ãã¬ã¹ãªã©) ãå ¥åã§ããŸãã UTM 9 管çã¬ã€ã 83 4.8 ã«ã¹ã¿ãã€ãº 4 ãããžã¡ã³ã 4.8.2.1 Web ã¡ãã»ãŒãžã®ä¿®æ£ ã³ã³ãã³ãã®ãããã¯ãããŠã³ããŒã/æ€çŽ¢ãèªèšŒããŸãã¯ãšã©ãŒãªã©åçš®ã¡ãã»ãŒãžãä¿®æ£ããæé ã¯ä»¥äžã®ãšããã§ãã 1. ã¡ãã»ãŒãžãéžæããŸãã ãããŒãž ãããããããŠã³ãªã¹ãã§ãç·šéãããšã³ããŠãŒã¶ã¡ãã»ãŒãžãéžæããŸãã ãã®ã¡ãã»ãŒãžã®ã件å ãããã³ã説æ ãã衚瀺ãããŸãã 2. 件åããã³èª¬æãä¿®æ£ããŸãã å¿ èŠã«å¿ããŠããã©ã«ãã®ããã¹ããç·šéããŸãã 3. ãé©çš ããã¯ãªãã¯ããŸãã å€æŽããããã¹ãã¯ä¿åãããŸãã 4.8.2.2 ããŠã³ããŒããããŒãžã£ Web ãã£ã«ã¿ãæå¹ã§ããå Žåããµã€ãºã 1MB ãè¶ ããã³ã³ãã³ãã¿ã€ããããã¹ããŸãã¯ç»å以 å€ã§ããã³ã³ãã³ãã®ããŠã³ããŒãäžãWeb ãã©ãŠã¶ã«æ¬¡ã®ããŠã³ããŒãããŒãžã衚瀺ãããŸããèŠ æ±ãããŠããã®ãåç»ãŸãã¯é³å£°ã¹ããªãŒã ã§ããå Žåãã5ç§ä»¥å ã«ãã¡ã€ã«ã® 50% è¶ ã®ããŠã³ ããŒããå®äºããŠããå Žåã«ã¯ãããŠã³ããŒãããŒãžã¯è¡šç€ºãããŸããã ããŠã³ããŒãããŒãžã«è¡šç€ºãããæ å ±ã¯ãWeb ã¡ãã»ãŒãž ãã¿ãã§ã«ã¹ã¿ãã€ãºã§ããŸãã Figure 13 ã«ã¹ã¿ãã€ãº:HTTP ããŠã³ããŒãããŒãžãã¹ããã 1/3ãã¡ã€ã«ããŠã³ããŒãäž 84 UTM 9 管çã¬ã€ã 4 ãããžã¡ã³ã 4.8 ã«ã¹ã¿ãã€ãº Figure 14 ã«ã¹ã¿ãã€ãº:HTTP ããŠã³ããŒãããŒãžãã¹ããã 2/3ãŠã€ã«ã¹ã¹ãã£ã³äž Figure 15 ã«ã¹ã¿ãã€ãº:HTTP ããŠã³ããŒãããŒãžãã¹ããã 3/3ãã¡ã€ã«ã®ããŠã³ããŒãå®äº 4.8.3 Web ãã³ãã¬ãŒã ãŠãŒã¶ã«è¡šç€ºãããã¡ãã»ãŒãžã®å€èŠ³ããã³å 容ãã«ã¹ã¿ãã€ãºããã«ã¯ãHTML ãã¡ã€ã« ãSophos UTMã«ã¢ããããŒãããããšãã§ããŸããäŸãšããŠãSophosã§ã¯ããã€ãã®ãµã³ãã«ã®ãã³ ãã¬ãŒããæºåãããŠããŸãããããã®ãã³ãã¬ãŒãã§ã¯ãåãŠãŒã¶ã¡ãã»ãŒãžã®æ å ±ãåçã«æ¿å ¥ ã§ããå€æ°ã®äœ¿ãæ¹ã瀺ãããŠããŸããããšãã°ããããã¡ã€ã«ããŠã€ã«ã¹ãå«ãã§ããããã«ã ããã¯ãããå Žåããããã¯ããããŠã€ã«ã¹ã®ååãæ¿å ¥ããå€æ°ãå«ããããšãã§ããŸãã 4.8.3.1 Web ãã³ãã¬ãŒãã®ã«ã¹ã¿ãã€ãº èŠå âSophos UTMéç¥ã®ã«ã¹ã¿ãã€ãºã¯äžçŽè åãã®ãããã¯ã§ããããã§ã®ã¿ã¹ã¯ã¯ãHTML ã JavaScript ã®ç¥èãååããå Žåã®ã¿å®æœããŠãã ããã ãããã¯ã¡ãã»ãŒãžãã¹ããŒã¿ã¹ã¡ãã»ãŒãžããšã©ãŒã¡ãã»ãŒãžããŸãèªèšŒèŠæ±ãªã©ãã«ã¹ã¿ã ããŒãžã§ ã³ã®Sophos UTMéç¥ãã¢ããããŒãããããšãã§ããŸãã4ã€ã®ãµã³ãã«ãã³ãã¬ãŒãã«ã¯ãå€æ°ã® UTM 9 管çã¬ã€ã 85 4.8 ã«ã¹ã¿ãã€ãº 4 ãããžã¡ã³ã å®äŸããµã³ãã«ç»åãå«ãŸããŸããã«ã¹ã¿ã ã®ã¡ãã»ãŒãžãéç¥æã®ã²ãªåãšããŠãµã³ãã«ãã³ã ã¬ãŒãã䜿çšããããšããç¬èªã® HTML ãã¡ã€ã«ãã¢ããããŒãããããšãã§ããŸããæå¹ãªå€æ°ã«ã€ ããŠã¯ãSophos ãµããŒãããŒã¿ããŒã¹ã®UTM Web ãã³ãã¬ãŒãã§å€æ°ã䜿çšãããåç §ããŠãã ã ãã ãWeb ã¡ãã»ãŒãž ãã¿ãã§èšå®ããã¡ãã»ãŒãžã®ããã¹ãã䜿çšããå Žåã¯ãã«ã¹ã¿ã ãã³ãã¬ãŒãã§é© åãªå€æ°ãæ¿å ¥ã§ããŸãã詳现ã¯ããWeb ã¡ãã»ãŒãž ããåç §ããŠãã ããã ãµã³ãã«ã®ãã³ãã¬ãŒãããã³ç»åãããŠã³ããŒãããã«ã¯ã以äžã®ãªã³ã¯ãã¯ãªãã¯ã㊠.zip ãã¡ã€ ã«ãä¿åããŠãã ããã http://www.astaro.com/lists/Web_Templates.zip 4.8.3.2 ã«ã¹ã¿ã Web ãã³ãã¬ãŒããšç»åã®ã¢ããããŒã ã«ã¹ã¿ã ãã³ãã¬ãŒãã®ç·šéãšä¿åãã§ãããããããUTMã«ã¢ããããŒãã§ããŸãã Web ãã³ãã¬ãŒããç»åãã¢ããããŒãããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ããã¡ã€ã«ã®ã¢ããããŒã ããã€ã¢ãã°ããã¯ã¹ãéããŸãã ã¢ããããŒããããã³ãã¬ãŒãçš®é¡ã®ååã®æšªã«ãããã©ã«ãã¢ã€ã³ã³ãã¯ãªãã¯ããããç» åãã¢ããããŒãããå Žåã¯ãç»å ãã®æšªã«ãããã©ã«ãã¢ã€ã³ã³ãã¯ãªãã¯ããŸãã 泚 â 察å¿ããŠãããã¡ã€ã«ã®çš®é¡ã¯ .pngã.jpgã.jpegãããã³ .gif ã§ãã ããã¡ã€ã«ã®ã¢ããããŒã ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. ãã³ãã¬ãŒããŸãã¯ç»åãéžæããŸãã ã¢ããããŒããããã³ãã¬ãŒããŸãã¯ç»åãããå ŽæãŸã§ãã©ãŠãºããŸãã ãã³ãã¬ãŒããŸãã¯ç»åãéžæãããã¢ããããŒãéå§ ããã¯ãªãã¯ããŸãã ããã¡ã€ã«ã®ã¢ããããŒã ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 3. ãé©çš ããã¯ãªãã¯ããŸãã ãã³ãã¬ãŒããŸãã¯ç»åãã¢ããããŒããããŸãã 4.8.4 ã¡ãŒã«ã¡ãã»ãŒãž Sophos UTMã® SMTP/POP3 ãããã·ã«ãã£ãŠçæããããŠãŒã¶ã¡ãã»ãŒãžã«è¡šç€ºãããããã¹ãã ã«ã¹ã¿ãã€ãºããŸãããããã®ã¡ãã»ãŒãžãä»ã®èšèªã«ç¿»èš³ãããã顧客ãµããŒãã®é£çµ¡å æ å ±ã 衚瀺ãããããã«å€æŽãããã§ããŸãã次ã®ã¡ãã»ãŒãžãã«ã¹ã¿ãã€ãºã§ããŸãã 86 UTM 9 管çã¬ã€ã 4 ãããžã¡ã³ã 4.9 SNMP l éé¢ã¡ãã»ãŒãžã®ãªãªãŒã¹å®äº:ãã®ã¡ãã»ãŒãžã¯ãã¡ãŒã«ãéé¢ããæ£åžžã«ãªãªãŒã¹ããã ãšãã«è¡šç€ºãããŸãã l éé¢ã¡ãã»ãŒãžãªãªãŒã¹äžã®ãšã©ãŒ:ãã®ã¡ãã»ãŒãžã¯ãã¡ãã»ãŒãžãéé¢ãããªãªãŒã¹ããé ã«ãšã©ãŒãçºçãããšãã«è¡šç€ºãããŸãã l ãããã¯ããã POP3 ã¡ãŒã«:ãã®ã¡ãã»ãŒãžã¯ãPOP3 ã¡ãŒã«ããããã¯ããããšãã«åä¿¡è ã«éä¿¡ãããŸãã Figure 16 ã«ã¹ã¿ãã€ãº:POP3 ãããã·ã®ãããã¯ã¡ãã»ãŒãž 4.9 SNMP ç°¡æãããã¯ãŒã¯ç®¡çãããã³ã« (SNMP) ã¯ãã«ãŒã¿ããµãŒããã¹ã€ãããªã©ã®ãããã¯ãŒã¯ã«æ¥ç¶ã ããããã€ã¹ãç£èŠããããã«ãããã¯ãŒã¯ç®¡çã·ã¹ãã ã§äœ¿çšãããŸããSNMP ã«ãã£ãŠç®¡çè ã¯ãç£èŠããŠããåãããã¯ãŒã¯ããã€ã¹ã®ç¶æ ã«é¢ããã¯ãšãªãéããã«å®è¡ã§ããŸããSophos UTMã¯ã SNMP ã¯ãšãªã«è¿çããããSNMP ãã©ããã SNMP 管çããŒã«ã«éä¿¡ããããã«èšå®ã§ã ãŸããåè ã¯ã管çæ å ±ããŒã¹ (MIB)ãã«ãã£ãŠå®çŸããŸããMIB ã¯ãã©ã®ãããã¯ãŒã¯ããã€ã¹ã«å¯Ÿ ããŠã©ã®æ å ±ãã¯ãšãªå¯èœããæå®ããŸããSophos UTMã¯ãSNMP ããŒãžã§ã³ 2 ãš 3 ããã³ä»¥äžã® MIB ããµããŒãããŠããŸãã l DISMAN-EVENT-MIB:ã€ãã³ã管çæ å ±ããŒã¹ l HOST-RESOURCES-MIB:ãã¹ããªãœãŒã¹ç®¡çæ å ±ããŒã¹ l IF-MIB:ã€ã³ã¿ãã§ãŒã¹ã°ã«ãŒã管çæ å ±ããŒã¹ l IP-FORWARD-MIB:IPãã©ã¯ãŒãã£ã³ã°ããŒãã«ç®¡çæ å ±ããŒã¹ l IP-MIB:ã€ã³ã¿ãŒããããããã³ã« (IP) çšç®¡çæ å ±ããŒã¹ l NOTIFICATION-LOG-MIB:éç¥ãã°ç®¡çæ å ±ããŒã¹ l RFC1213-MIB:TCP/IP ããŒã¹ã®ã€ã³ã¿ãŒãããã®ãããã¯ãŒã¯ç®¡ççšç®¡çæ å ±ããŒã¹:MIB II UTM 9 管çã¬ã€ã 87 4.9 SNMP 4 ãããžã¡ã³ã l SNMPv2-MIB:ç°¡æãããã¯ãŒã¯ç®¡çãããã³ã« (SNMP) çšç®¡çæ å ±ããŒã¹ l TCP-MIB:äŒéå¶åŸ¡ãããã³ã« (TCP) çšç®¡çæ å ±ããŒã¹ l UDP-MIB:ãŠãŒã¶ããŒã¿ã°ã©ã ãããã³ã« (UDP) çšç®¡çæ å ±ããŒã¹ Sophos UTMã·ã¹ãã æ å ±ãååŸããã«ã¯ãæäœã§ã RFC1213-MIB (MIB II) ãã³ã³ãã€ã«ãã SNMP ãããŒãžã£ã䜿çšããå¿ èŠããããŸãã 4.9.1 ã¯ãšãª ããããžã¡ã³ã > SNMP > ã¯ãšãªãããŒãžã§ã¯ãSNMP ã¯ãšãªã®äœ¿çšãæå¹ã«ã§ããŸãã SNMP ã¯ãšãªãèšå®ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ãSNMP ã¯ãšãªããæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãSNMP ããŒãžã§ã³ãããã³ãSNMP ã¢ã¯ã»ã¹ã³ã³ãããŒã« ãã»ã¯ã·ã§ã³ãç·šéå¯èœã«ãªããŸãã 2. SNMP ããŒãžã§ã³ãéžæããŸãã ãSNMP ããŒãžã§ã³]ã»ã¯ã·ã§ã³ã§ãããããããŠã³ãªã¹ãããããŒãžã§ã³ãéžæããŸããSNMP ããŒãžã§ã³ 3 ã«ã¯èªèšŒãå¿ èŠã§ãã 3. èš±å¯ããããããã¯ãŒã¯ãéžæããŸãã ãèš±å¯ãããã¯ãŒã¯ ãããã¯ã¹ã«ãªã¹ããããŠãããããã¯ãŒã¯ã¯ãSophos UTMäžã§å®è¡ãã㊠ãã SNMP ãšãŒãžã§ã³ãã«ã¯ãšãªãè¡ãããšãã§ããŸããã¢ã¯ã»ã¹ã¯åžžã«èªã¿åãå°çšã§ãã l ã³ãã¥ããã£å:ããŒãžã§ã³ 2 ã䜿çšããå Žåãã³ãã¥ããã£åãå ¥åããŸããSNMP ã³ ãã¥ããã£åã¯ãã¹ã¯ãŒããšããŠæ©èœããSNMP ãšãŒãžã§ã³ããžã®ã¢ã¯ã»ã¹ãä¿è·ã㟠ããããã©ã«ãã§ã¯ãSNMP ã³ãã¥ããã£å㯠"public" ã«èšå®ãããŠããŸããããå®¢æ§ ã®ããŒãºã«å¿ããŠå€æŽã§ããŸãã 泚 â ã³ãã¥ããã£åã«äœ¿çšã§ããæå:(a-z)ã(A-Z)ã(0-9)ã(+)ã(_)ã(@)ã(.)ã(-)ã(空çœ) l ãŠãŒã¶å/ãã¹ã¯ãŒã:ããŒãžã§ã³ 3 ã䜿çšããå ŽåãèªèšŒãå¿ èŠã§ãããŠãŒã¶åãšã ã¹ã¯ãŒã (確èªã®ããã« 2å) ãå ¥åãããªã¢ãŒã管çè ãã¯ãšãªãéä¿¡ã§ããããã«ã ãŸãããã¹ã¯ãŒã㯠8æå以äžã«ããå¿ èŠããããŸããSNMP v3 ã§ã¯ãèªèšŒã« SHA ããæå·åã« AES ã䜿çšããŸãããŠãŒã¶åãšãã¹ã¯ãŒãã¯ãã®äž¡æ¹ã§äœ¿çšãã㟠ãã 4. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã ããã«ãUTMã«ã€ããŠã®è¿œå æ å ±ãå ¥åã§ããŸãã 88 UTM 9 管çã¬ã€ã 4 ãããžã¡ã³ã 4.9 SNMP ããã€ã¹æ å ± ãããã€ã¹æ å ± ãããã¹ãããã¯ã¹ã«ãååãå Žæã管çè ãªã©ãUTMã«é¢ããè¿œå æ å ±ãæå®ã§ã ãŸãããã®æ å ±ã¯ãSNMP 管çããŒã«ãèªã¿åã£ãŠãUTMã®èå¥ã«äœ¿çšããŸãã 泚 â UTMãšèš±å¯ãããã¯ãŒã¯ éã®ãã¹ãŠã® SNMP ãã©ãã£ã㯠(ãããã³ã«ããŒãžã§ã³ 2) ã¯æå·å ãããããããªãã¯ãããã¯ãŒã¯äžã§ã®è»¢éäžã«èªãããšãã§ããŸãã Sop hos U TM éç¥ MIB ãã®ã»ã¯ã·ã§ã³ã§ãSophos UTM notifier MIBãããŠã³ããŒãã§ããŸããããã«ã¯ãéç¥ãã©ããã®çŸåš ã®èšå®ã«åºã¥ããSophos UTM SNMP éç¥ã®å®çŸ©ãå«ãŸããŸãã 4.9.2 ãã©ãã ããã©ãããã¿ãã§ãUTMã§çºçããé¢é£ã€ãã³ãã®éç¥ã SNMP ãã©ãããšããŠéä¿¡ããå®å ã® SNMP ãã©ãããµãŒããå®çŸ©ã§ããŸãããããã®ãã©ããã衚瀺ããã«ã¯ãç¹å¥ãª SNMP ã¢ãã¿ãªã³ ã°ãœãããŠã§ã¢ãå¿ èŠã§ãã SNMP ãã©ãããšããŠéãããã¡ãã»ãŒãžã«ã¯ããªããžã§ã¯ãèå¥å (OID) ãå«ãŸããŸããããšã ã°ã.1.3.6.1.4.1.9789 ãæããããŸããããã¯ãIANA ãçºè¡ããç§äŒæ¥çªå·ã«å±ã㟠ãã.1.3.6.1.4.1 㯠iso.org.dod.internet.private.enterprise ãã¬ãã£ãã¯ã¹ ã§ã9789 㯠Astaro ã® ç§äŒæ¥çªå· ã§ããéç¥ã€ãã³ãã® OID 㯠1500 ã§ãããã«éç¥ã¿ã€ãã® OID ããã³å¯Ÿå¿ãããšã©ãŒã³ãŒã (000-999) ãè¿œå ãããŸãã以äžã®éç¥ã¿ã€ãã䜿çšã§ããŸãã l DEBUG = 0 l INFO = 1 l WARN = 2 l CRIT = 3 äŸ:éç¥ãINFO-302: æ°ãããã¡ãŒã ãŠã§ã¢ Up2Date ãã€ã³ã¹ããŒã«ãããŸãã (New firmware Up2Date installed)ãã§ã¯ãOID .1.3.6.1.4.1.9789.1500.1.302 ã䜿çšãã以äžã®æååãå² ãåœãŠãããŸãã [<HOST>][INFO][302] <HOST> ã¯ãã¬ãŒã¹ãã«ãã§ã·ã¹ãã ã®ãã¹ãåãè¡šããéç¥ã®ä»¶åãã£ãŒã«ãã®ã¿ã€ãããã³ãš ã©ãŒã³ãŒãã®ã¿ãäŒéãããŸãã SNMP ãã©ãããµãŒããéžæããã«ã¯ã以äžã®æé ã«åŸããŸãã UTM 9 管çã¬ã€ã 89 4.10 éäžç®¡ç(HA) 4 ãããžã¡ã³ã 1. ãæ°èŠ SNMP ãã©ããã·ã³ã¯ ããã¯ãªãã¯ããŸãã ãæ°èŠ SNMP ãã©ããã·ã³ã¯ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ãã¹ã:SNMP ãã©ãããµãŒãã®ãã¹ãå®çŸ©ã ã³ãã¥ããã£å:SNMP ã³ãã¥ããã£åã¯ãã¹ã¯ãŒããšããŠæ©èœããã¯ãšãªãè¡ã SNMP ã¡ãã»ãŒ ãžãžã®ã¢ã¯ã»ã¹ãä¿è·ããŸããããã©ã«ãã§ã¯ãSNMP ã³ãã¥ããã£å㯠"public" ã«èšå®ãã ãŠããŸããããããªã¢ãŒã SNMP ãã©ãããµãŒãã§èšå®ãããæååã«å€æŽããŸãã 泚 â ã³ãã¥ããã£åã«äœ¿çšã§ããæå:(a-z)ã(A-Z)ã(0-9)ã(+)ã(_)ã(@)ã(.)ã(-)ã(空çœ) ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ãã SNMP ãã©ãããµãŒããããã©ãããã¿ãã«è¡šç€ºãããŸãã 4.10 éäžç®¡ç(HA) ãéäžç®¡ç ãã¡ãã¥ãŒã®ããŒãžã䜿çšãããšãã²ãŒããŠã§ã€ã®ã¢ãã¿ãªã³ã°ããªã¢ãŒã管çã«äœ¿çšã§ã ã管çããŒã«ãžã®ã€ã³ã¿ãã§ãŒã¹ãèšå®ããããšãã§ããŸãã 4.10.1 Sophos UTM Manager Sophos UTM Manager (SUM) ã¯ãSophosã®äžå (éäž) 管ççšè£œåã§ããè€æ°ã® UTM ã¢ãã©ã€ã¢ã³ ã¹ã SUM ã«æ¥ç¶ããŠãäžå çã«ã¢ãã¿ãªã³ã°ãèšå®ãã¡ã³ããã³ã¹ãã§ããŸãã ãã®ã¿ãã§ã¯ãUTMã 1ã€ãŸã㯠2ã€ã® SUM ãžæ¥ç¶ããéã®èšå®ãã§ããŸãã 泚 â MSP ã©ã€ã»ã³ã¹ã䜿çšããŠããå ŽåãSUM ã®ç¡å¹åãSUM ãã¹ãã®å€æŽããŸã SUM 管çè ã®æš©éå€æŽã¯ãSophos UTM Manager (SUM) ã§ã®ã¿å®è¡ã§ããŸãã Sophos UTMã SUM ãµãŒãã®ã¢ãã¿ãªã³ã°å¯Ÿè±¡ãšãããããæºåããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ãSophos UTM Managerãã¿ãã§ãSUM ãæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«ãªãããSUM èšå® ããšãªã¢ãç·šéå¯èœã«ãªããŸãã 90 UTM 9 管çã¬ã€ã 4 ãããžã¡ã³ã 4.10 éäžç®¡ç(HA) 2. ãSUM ãã¹ãããæå®ããŸãã UTM ã®æ¥ç¶å ãšãã SUM ãµãŒããéžæãŸãã¯è¿œå ããŸãã l èªèšŒ (ä»»æ):SUM ãµãŒãã§èªèšŒãå¿ èŠãªå Žåããã®ãªãã·ã§ã³ãéžæããŠãSUM ãµãŒ ãã§èšå®ãããã®ãšåããã¹ã¯ãŒã (å ±æã·ãŒã¯ã¬ãã) ãå ¥åããŸãã l SUM ãµãŒãã Up2Date ãã£ãã·ã¥ãšããŠäœ¿çš(ä»»æ):Up2Date ããã±ãŒãžã¯ãSUM ãµãŒãã«ãããã£ãã·ã¥ããååŸããããšãã§ããŸããã²ãŒããŠã§ã€çšã«ãã®æ©èœã䜿 çšããã«ã¯ããSUM ãµãŒãã Up2Date ãã£ãã·ã¥ãšããŠäœ¿çš ããªãã·ã§ã³ãéžæã㟠ãã管çããŠãã SUM ãµãŒãã§ãUp2Date ãã£ãã·ã¥æ©èœãé©åã«æå¹ã«ããŠããã ãšã確èªããŠãã ãããUp2Date ãã£ãã·ã¥ã¯ãUpDates ã®èŠªãããã·èšå®ãšåæã«äœ¿ çšã§ããªãããšã«æ³šæããŠãã ããã 3. SUM ã®ç®¡çè ã®æš©éãå®çŸ©ããŸãã SUM ã§ç®¡çè ã¯ã管çãèš±ããã UTM ã®ç¹å®ã®ãšãªã¢ã®ã¿ç®¡çããããšãã§ããŸãããã ã§ãªã¹ããããŠããæš©éã¯ãSUM ã²ãŒããŠã§ã€ãããŒãžã£ã®ã¡ã€ã³ã¡ãã¥ãŒããã³æš©éãªã ã·ã§ã³ãšäžèŽããŸãã 管çè :éžæãããšã管çè ã¯ããã¡ã³ããã³ã¹ ããšã管ç ãã¡ãã¥ãŒã«ãããã¹ãŠãŠã®æ©èœãå© çšããããšãã§ããŸããããšãã°ããªã¹ãã®è¡šç€ºãããã¯ã¢ããã®äœæãšãªã¹ãã¢ããã¡ãŒã ãŠã§ ã¢ã¢ããããŒãã®ã¹ã±ãžã¥ãŒã«èšå®ãªã©ã§ãã ã¬ããŒã:éžæãããšã管çè ã¯ããã¬ããŒããã¡ãã¥ãŒã«ãããã¹ãŠã®æ©èœãå©çšããããšã㧠ããŸããããšãã°ãUTM ããã¬ããŒããèŠæ±ã§ããŸãã ç£èŠ:éžæãããšããç£èŠ ãããŒãžã« UTM ã衚瀺ããã管çè ã¯é¢é£ããæ©èœãã¹ãŠãå©çš ããããšãã§ããŸãã èšå®:éžæãããšã管çè ã¯ããèšå® ãã¡ãã¥ãŒã«ãããã¹ãŠã®æ©èœãå©çšããããšãã§ã㟠ããããšãã°ããããã¯ãŒã¯ããã¹ããVPN ãªã©ã®ãªããžã§ã¯ãã UTM ã«ãããã€ã§ããŸãã 泚 â 詳现ã¯ããSophos UTM Manager 管çã¬ã€ãããåç §ããŠäžããã 4. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã UTM 㯠Sophos UTM Manager ãšæ¥ç¶ã確ç«ããããšããŸããäž¡ã·ã¹ãã éã®æ¥ç¶ã確ç«ãã ããæ¥ç¶ã¹ããŒã¿ã¹ã¯ç·è²ã«å€ãããŸãã以åŸãããã§éžæãã SUM ãµãŒã㧠UTM ãã¢ã ã¿ãªã³ã°ããã³ç®¡çã§ããããã«ãªããŸãããSUM ã®ã¹ããŒã¿ã¹ ãã»ã¯ã·ã§ã³ã§ãçŸåšã®æ¥ç¶ã¹ ããŒã¿ã¹ãšå¥å šæ§ã確èªããããšãã§ããŸããããŒãžããªããŒããããšããã®ããŒã¿ãæŽæ°ãã ãŸããæ¥ç¶ã«é¢ããåé¡ãçºçããå Žåã¯ããã©ã€ããã°ãéãããã¿ã³ã䜿çšããæ²ç€ºæ¿ã® ã¡ãã»ãŒãžãåç §ããŠåé¡ã蚺æããŠãã ããã UTM 9 管çã¬ã€ã 91 4.10 éäžç®¡ç(HA) 4 ãããžã¡ã³ã 2 å°ç®ã® SU M ã®èšå® ãã®ã»ã¯ã·ã§ã³ã§ã¯ãïŒå°ç®ã® SUM ãä»»æã«è¿œå ããããšãã§ããŸããããã¯ãäŸãã°ãèªåã§èš å®ãè¡ã (1å°ç®ã® SUM ãµãŒã)ããã€ç¬¬äžè ãäŸãã° MSSP ã«ããã¢ãã¿ãå¿ èŠãšããå Žå (2å° ç®ã® SUM ãµãŒã) ãªã©ã«æå¹ã§ãããã®èšå®ã¯ 1å°ç®ã® SUM ãµãŒããšã»ãŒåæ§ã§ãããã ããèš å® ã®ãªãã·ã§ã³ã¯ 1å°ç®ã® SUM ãµãŒãã«éãããŠããããã2å°ç®ã§ã¯èšå®ã§ããŸããã 泚 â ã²ãŒããŠã§ã€ãš SUM ã®éã®éä¿¡ã¯ããŒã 4433 ã§è¡ãããŸãããSophos UTM Manager ã« ã¯ãHTTPS ãããã³ã«ã䜿çšããŠãã©ãŠã¶çµç±ã§ã¢ã¯ã»ã¹ããããšãã§ããŸããWebAdmin ã®å Žå ã¯ããŒã 4444ãã²ãŒããŠã§ã€ãããŒãžã£ã€ã³ã¿ãã§ãŒã¹ã®å Žåã¯ããŒã 4422 ã§ãã SU Mã®ã¹ããŒã¿ã¹ ãSUMã®ã¹ããŒã¿ã¹ ãã»ã¯ã·ã§ã³ã§ãçŸåšã®æ¥ç¶ã¹ããŒã¿ã¹ãšå¥å šæ§ã確èªããããšãã§ããŸããã㌠ãžããªããŒããããšããã®ããŒã¿ãæŽæ°ãããŸãã SU M ãªããžã§ã¯ã ãã®ãšãªã¢ã¯ãSUM çµç±ã§äœæããããªããžã§ã¯ããããããã® SUM ãSophos UTMããåæãã ãŠããå Žåãé€ããç¡å¹ã«ãªã£ãŠããŸã (ã°ã¬ãŒã¢ãŠã衚瀺ãããŠããŸã)ãSUM ã§äœæããããªã ãžã§ã¯ããšã¯ããããã¯ãŒã¯å®çŸ©ããªã¢ãŒããã¹ãå®çŸ©ãIPsec VPNãã³ãã«ãªã©ã§ãã ããªããžã§ã¯ãã®ã¯ãªãŒã³ã¢ããããã¿ã³ãæŒããšãããã€ã¹ã以åã«ç®¡çããŠãã SUM ã§äœæããã ãã¹ãŠã®ãªããžã§ã¯ãããªãªãŒã¹ããããšãã§ããŸãããããã®ãªããžã§ã¯ãã¯éåžžããã¯ãããããŒã« ã«ããã€ã¹ã®ã¿ã§è¡šç€ºã§ããŸãããã®ãã¿ã³ãæŒããšããªããžã§ã¯ãã¯å®å šã«ã¢ã¯ã»ã¹å¯èœã«ãªãã ããŒã«ã«ç®¡çè ãåå©çšãŸãã¯åé€ã§ããŸãã 泚 â 以åã« SUM ã§äœæããããªããžã§ã¯ããã¯ãªãŒã³ã¢ãããããšãåã SUM ã«åæ¥ç¶ãããšãã« ãããã®ãªããžã§ã¯ããåå€æã§ããªããªããŸããã€ãŸããªã¢ãŒãã® SUM ããåŸã§æ¥ç¶ãå確ç«ã ãããã€ã¹çšã«ãªããžã§ã¯ãå®çŸ©ããŸã ãã¹ãããŠããå ŽåãããŒã«ã«ã³ããŒããã§ã«ååšããŠãã ãããã®ãªããžã§ã¯ãã¯ããã€ã¹ã«åé åãããŸãã ã©ã€ãã ã° ã©ã€ããã°ã䜿çšããŠãSophos UTMãš SUM ã®éã®æ¥ç¶ãã¢ãã¿ãªã³ã°ããããšãã§ããŸããã¯ãªã㯠ã©ã€ããã° ã©ã€ããã°ãæ°ãããŠã€ã³ããŠã§éãããã®ãã¿ã³ã 92 UTM 9 管çã¬ã€ã 4 ãããžã¡ã³ã 4.11 åé·å(HA) 4.11 åé·å(HA) ã€ã³ã¿ãŒãããã»ãã¥ãªãã£ã·ã¹ãã ã®é害ã®äž»ãªåå ã¯ãããŒããŠã§ã¢ã®æ éã§ããã·ã¹ãã ã«é 害ãçºçããåŸããµãŒãã¹ãç¶ç¶ããŠæäŸããèœåããã§ã€ã«ãªãŒããšåŒã³ãŸããSophos UTM㯠HA ãã§ã€ã«ãªãŒããå®çŸãããããã客æ§ã¯ãã©ã€ããªã·ã¹ãã ã§é害ãçºçãããšãã®ããã« ãããã¹ã¿ã³ãã€ã·ã¹ãã ãã»ããã¢ããã§ããŸã (active-passive)ããããã¯ãSophos UTMã䜿çšã ãŠã¯ã©ã¹ã¿ãã»ããã¢ããããŠãå°çšã®ãããã¯ãŒã¯ãã©ãã£ãã¯ãäžçŸ€ã®ããŒãã«åæ£ãããŠéçšã (active-active)ããªãœãŒã¹å©çšçãæ倧éã«é«ããŠåŠçæéãåæžããããšãã§ããŸããããã¯åŸ æ¥ã®ããŒããã©ã³ã·ã³ã°ã¢ãããŒããšäŒŒãŠããŸãã Sophos UTMã«å°å ¥ããããåé·å ããšãã¯ã©ã¹ã¿ãã®æŠå¿µã¯ãç·å¯ã«é£æºããŠããŸããHA ã·ã¹ãã 㯠2ããŒãã¯ã©ã¹ã¿ãšèããããšãã§ããŸããããã¯åé·æ§ãå®çŸããæäœéã®èŠä»¶ã§ãã ã¯ã©ã¹ã¿å ã®åããŒãã¯æ¬¡ã®ããããã®åœ¹å²ãæããããšãã§ããŸãã l ãã¹ã¿:ãããã¹ã¿ã³ãã€/ã¯ã©ã¹ã¿ã»ããã¢ããäžã®ãã©ã€ããªã·ã¹ãã ãã¯ã©ã¹ã¿å ã§ããã¹ã¿ ã¯ããŒã¿ã®åæãšé ä¿¡ãè¡ã責任ãæ ããŸãã l ã¹ã¬ãŒã:ãããã¹ã¿ã³ãã€/ã¯ã©ã¹ã¿ã»ããã¢ããå ã®ã¹ã¿ã³ãã€ã·ã¹ãã ããã¹ã¿ã«é害ãçº çãããšããªãã¬ãŒã·ã§ã³ãåŒãç¶ããŸãã l ã¯ãŒã«ãŒ:ããŒã¿åŠçã®ã¿ãæ åœããã·ã³ãã«ãªã¯ã©ã¹ã¿ããŒãã ãã¹ãŠã®ããŒãã¯ãããããããŒãããŒãä¿¡å·ã䜿çšããŠèªããã¢ãã¿ãªã³ã°ããŸããããŒãããŒãä¿¡ å·ãšã¯ãä»ã®ããŒãã皌åããŠããããšã確èªããããã«å®æçã«éä¿¡ããããã«ããã£ã¹ã UDP ãã±ããã§ããæè¡çãšã©ãŒãåå ã§ãããããã®ããŒãããã®ãã±ããã®éä¿¡ã«å€±æãããšãã ã®ããŒã㯠ããã (Dead) ãšå®£èšãããŸãã倱æããããŒããæ ã£ãŠãã圹å²ã«å¿ããŠãã»ããã¢ãã ã®æ§æã次ã®ããã«å€æŽãããŸãã l ãã¹ã¿ããŒãã§é害ãçºçããå Žåãã¹ã¬ãŒãããã¹ã¿ã®åœ¹å²ãåŒãç¶ããIDãæãé«ã ã¯ãŒã«ããŒããã¹ã¬ãŒããšãªããŸãã l ã¹ã¬ãŒãããŒãã§é害ãçºçããå ŽåãIDãæãé«ãã¯ãŒã«ããŒããã¹ã¬ãŒããšãªããŸãã l ã¯ãŒã«ããŒãã§é害ãçºçããå ŽåãåŠçèœåã倱ãããããšã«ããããã©ãŒãã³ã¹äœäž ã¯èªèãããŸããããã§ã€ã«ãªãŒããŒæ©èœã¯æãªãããŸããã ã¬ããŒãã£ã³ã° ãã¹ãŠã®ã¬ããŒãã£ã³ã°ããŒã¿ã¯ãã¹ã¿ããŒãäžã§çµ±åããã5åééã§ä»ã®ã¯ã©ã¹ã¿ããŒããšåæã ããŸãããããã£ãŠãåŒãç¶ããçºçãããšãæ倧éå»5åéã®ã¬ããŒãã£ã³ã°ããŒã¿ã倱ãã㟠UTM 9 管çã¬ã€ã 93 4.11 åé·å(HA) 4 ãããžã¡ã³ã ãããã ããããŒã¿åéããã»ã¹ã«ã¯éãããããŸããããã°ãšã¬ããŒã > ããŒããŠã§ã¢ ãã¿ãã«è¡šç€ºã ããã°ã©ãã«ã¯ãçŸåšãã¹ã¿ãšãªã£ãŠããããŒãã®ããŒã¿ã®ã¿ã衚瀺ãããŸããäžæ¹ãããã°ãšã¬ã㌠ã > ãããã¯ãŒã¯äœ¿çšç¶æ³ ãããŒãžãªã©ã«è¡šç€ºãããã¢ã«ãŠã³ãã£ã³ã°æ å ±ã«ã¯ãé¢é£ãããã¹ãŠã® ããŒãããåéãããããŒã¿ã衚瀺ãããŸããããšãã°ãä»æ¥ã® CPU 䜿çšç¶æ³ã®ãã¹ãã°ã©ã ã« ã¯ããã¹ã¿ããŒãã®çŸåšã®ããã»ããµäœ¿çšç¶æ³ã衚瀺ãããŸããåãæ¿ãããçºçããå Žåããã ã«ã¯ã¹ã¬ãŒãããŒãã®ããŒã¿ã衚瀺ãããããã«ãªããŸããäžæ¹ãäžäœã¢ã«ãŠã³ãã£ã³ã°ãµãŒãã¹ã« é¢ããæ å ±ãªã©ã¯ããŠããããééãããã©ãã£ãã¯ã®åæ£åŠçã«é¢äžãããã¹ãŠã®ããŒãããåé ãããããŒã¿ã®éåäœãšãªããŸãã æ³šèš l ã¢ãã¬ã¹è§£æ±ºãããã³ã« (ARP) ã䜿çšããã®ã¯ãå®éã®ãã¹ã¿ã®ã¿ã§ããã€ãŸããã¹ã¬ãŒã ããŒããšã¯ãŒã«ããŒãã¯ARPèŠæ±ã®éä¿¡ãå¿çãè¡ããŸããã l ãã§ã€ã«ãªãŒããçºçãããšããªãã¬ãŒã·ã§ã³ãåŒãç¶ããŠãããã ARP ã¢ããŠã³ã¹ã¡ã³ã (å¥åãgratuitous ARP ã) ãå®è¡ããŸããããã¯éåžžãèŠæ±ãåä¿¡ããä»ã®ãã¹ãã® ARP ãã£ãã·ã¥ãæŽæ°ããããšãç®çãšããARPèŠæ±ã§ããGratuitous ARP ã¯ããã¹ã¿ã® IP ãã¹ ã¬ãŒãã«ç§»è¡ããããšãã¢ããŠã³ã¹ããããã«äœ¿çšãããŸãã l ãã¹ã¿ã§èšå®ãããã¹ãŠã®ã€ã³ã¿ãã§ãŒã¹ã«ã¯ç©çãªã³ã¯ãå¿ èŠã§ããã€ãŸããä»»æã®ããã ã¯ãŒã¯ããã€ã¹ã«ããŒããæ£ããæ¥ç¶ããªããã°ãªããŸããã 4.11.1 ããŒããŠã§ã¢ãšãœãããŠã§ã¢ã®èŠä»¶ HA ãã§ã€ã«ãªãŒããŸãã¯ã¯ã©ã¹ã¿æ©èœãæäŸããããã«ã¯ã次ã®ããŒããŠã§ã¢ããã³ãœãããŠã§ã¢ èŠä»¶ãæºããå¿ èŠããããŸãã 94 l åé·åãªãã·ã§ã³ã䜿çšå¯èœãªæå¹ãªã©ã€ã»ã³ã¹ (ã¹ã¿ã³ãã€ãŠãããã®å Žåãè¿œå ã®åºæ¬ ã©ã€ã»ã³ã¹ã®ã¿ãå¿ èŠã§ã)ã l ãœãããŠã§ã¢ããŒãžã§ã³ãšããŒããŠã§ã¢ãåãã§ãã2å°ã®UTMãŠãããããŸãã¯åãã¢ãã«ã® 2å°ã®UTMã¢ãã©ã€ã¢ã³ã¹ã l ããŒãããŒããå¯èœãªã€ãŒãµããããããã¯ãŒã¯ã«ãŒãããµããŒããããŠãããããã¯ãŒã¯ã«ãŒã ã確èªããã«ã¯ãHCL ããã§ãã¯ããŠãã ãããHCL ã¯Sophos ãµããŒãããŒã¿ããŒã¹ã§æäŸã ããŠããŸã (æ€çŽ¢çšèªã«ãHCLãã䜿çšããŸã)ã l ã€ãŒãµãããã¯ãã¹ãªãŒããŒã±ãŒãã« (ãããã¹ã¿ã³ãã€ã·ã¹ãã ã§ã®ãã¹ã¿ãšã¹ã¬ãŒãã®æ¥ç¶ çš)ãUTMå°çš HA ã€ã³ã¿ãã§ãŒã¹ãã®ã¬ãããèªå MDX ããã€ã¹ã§ããã¢ãã©ã€ã¢ã³ã¹ã®ã¢ ãã« 320ã425ã525 ã¯ãæšæºã® IEEE 802.3 ã€ãŒãµãããã±ãŒãã«ã§æ¥ç¶å¯èœã§ã (ã€ãŒãµãã UTM 9 管çã¬ã€ã 4 ãããžã¡ã³ã 4.11 åé·å(HA) ãããŒããéä¿¡/åä¿¡ãã¢ãèªåçã«äº€æãããã)ã l ãããã¯ãŒã¯ã¹ã€ãã (ã¯ã©ã¹ã¿ããŒãã®æ¥ç¶çš)ã 4.11.2 ã¹ããŒã¿ã¹ ããããžã¡ã³ã > åé·å > ã¹ããŒã¿ã¹ ãã¿ãã«ã¯ããããã¹ã¿ã³ãã€ã·ã¹ãã ãŸãã¯ã¯ã©ã¹ã¿ã«é¢äžãã ãã¹ãŠã®ããã€ã¹ããªã¹ãããã次ã®æ å ±ã衚瀺ãããŸãã l ID:ããã€ã¹ã®ããŒã IDããããã¹ã¿ã³ãã€ã·ã¹ãã ã§ã¯ãããŒã ID 㯠1 (ãã¹ã¿) ãŸã㯠2 (ã¹ ã¬ãŒã) ã§ãã ã¯ã©ã¹ã¿å ã®ããŒã ID 㯠1ïœ10 ã®ç¯å²ã«ãªããŸãããã®çç±ã¯ã1ã€ã®ã¯ã©ã¹ã¿ã«æ倧 10 ããŒããŸã§æãããããšãã§ããããã§ãã l 圹å²:ã¯ã©ã¹ã¿å ã®åããŒãã¯æ¬¡ã®ããããã®åœ¹å²ãæããããšãã§ããŸãã l MASTER:ãããã¹ã¿ã³ãã€/ã¯ã©ã¹ã¿ã»ããã¢ããäžã®ãã©ã€ããªã·ã¹ãã ãã¯ã©ã¹ã¿å 㧠ããŒã¿ã®åæãšé ä¿¡ãè¡ã責任ãæ ããŸãã l SLAVE:ãããã¹ã¿ã³ãã€/ã¯ã©ã¹ã¿ã»ããã¢ããå ã®ã¹ã¿ã³ãã€ã·ã¹ãã ããã¹ã¿ã«é害 ãçºçãããšããªãã¬ãŒã·ã§ã³ãåŒãç¶ããŸãã l WORKER:ããŒã¿åŠçã®ã¿ãæ åœããã·ã³ãã«ãªã¯ã©ã¹ã¿ããŒãã l ããã€ã¹å:ããã€ã¹ã®ååã§ãã l ã¹ããŒã¿ã¹:HA ã¹ããŒã¿ã¹ã«é¢ããããã€ã¹ã®ç¶æ ã次ã®ããããã«ãªããŸãã l ACTIVE:ããŒãã¯å®å šã«æ©èœããŠããŸãã l UNLINKED:1ã€ä»¥äžã®ã€ã³ã¿ãã§ãŒã¹ãªã³ã¯ãããŠã³ããŠããŸãã l UP2DATE:Up2Date ãé²è¡äžã§ãã l UP2DATE FAILED:Up2Date ã倱æããŸããã l DEAD:ããŒãã«å°éã§ããŸããã l SYNCING:ããŒã¿åæãé²è¡äžã§ãããã®ã¹ããŒã¿ã¹ã¯ãåŒãç¶ãããã»ã¹ã®é²è¡äž ã«è¡šç€ºãããŸããæåã®åæã«ã¯ 5å以äžæéãããããŸããããããåæé¢é£ã® ããã°ã©ã ã«ããããã®æéãé·æåããå ŽåããããŸããã¹ã¬ãŒããåæäžã§ãã ãåæäž ãã¹ããŒã¿ã¹ã®å Žåããã¹ã¿ããŒãã§ã®ãªã³ã¯é害ãªã©ãåå ã§æ£åžžãªåŒãç¶ ãã¯è¡ãããŸããã l ããŒãžã§ã³:ã·ã¹ãã ã«ã€ã³ã¹ããŒã«ãããSophos UTMãœãããŠã§ã¢ã®ããŒãžã§ã³çªå·ã l æåŸã®ã¹ããŒã¿ã¹å€å:ã¹ããŒã¿ã¹å€æŽãæåŸã«çºçããæéã UTM 9 管çã¬ã€ã 95 4.11 åé·å(HA) 4 ãããžã¡ã³ã ãªããŒã/ã·ã£ããããŠã³:ãããã®ãã¿ã³ã䜿çšããŠãããã€ã¹ãæåã§ãªããŒããŸãã¯ã·ã£ããããŠã³ ããããšãã§ããŸãã ããŒãåé€:ãã®ãã¿ã³ã䜿çšããŠãWebAdmin çµç±ã§ãããç¶æ ã®ã¯ã©ã¹ã¿ããŒããåé€ããŸããã¡ãŒ ã«éé¢ãã¹ããŒã«ãªã©ãããŒãåºæã®ãã¹ãŠã®ããŒã¿ããã¹ã¿ã«åŒãç¶ãããŸãã HA ã©ã€ããã°ãå¥ãŠã£ã³ããŠã§è¡šç€ºããã«ã¯ãå³äžé ã«ãããHA ã©ã€ããã°ãéãããã¿ã³ãã¯ãªã㯠ããŸãã 4.11.3 ã·ã¹ãã ã¹ããŒã¿ã¹ ããããžã¡ã³ã > åé·å > ã·ã¹ãã ã¹ããŒã¿ã¹ ãã¿ãã«ã¯ããããã¹ã¿ã³ãã€ã·ã¹ãã ãŸãã¯ã¯ã©ã¹ã¿ã« é¢äžãããã¹ãŠã®ããã€ã¹ããªã¹ããããåããã€ã¹ã®ãªãœãŒã¹äœ¿çšç¶æ³ã«é¢ãã次ã®æ å ±ãè¡š 瀺ãããŸãã l CPU 䜿çšç (%) l RAM 䜿çšç (%) l ã¹ã¯ãã䜿çšç (%) l ãã°ããŒãã£ã·ã§ã³ã§æ¶è²»ãããŠããããŒããã£ã¹ã¯ã®å®¹é (%) l ã«ãŒãããŒãã£ã·ã§ã³ã§æ¶è²»ãããŠããããŒããã£ã¹ã¯ã®å®¹é (%) l UPS (ç¡åé»é»æºè£ 眮) ã¢ãžã¥ãŒã«ãããå Žåã¯ãã®ç¶æ³ 4.11.4 èšå® Sophos UTMã®åé·åæ©èœã¯ã3ã€ã®åºæ¬èšå®ãã«ããŒããŸãã l èªåèšå® l ãããã¹ã¿ã³ã〠(active-passive) l ã¯ã©ã¹ã¿ (active-active) èªåèšå®:Sophos UTMSophos UTM ã«ã¯ãUTMã¢ãã©ã€ã¢ã³ã¹çšã®ãã©ã°ã¢ã³ããã¬ã€èšå®ãªãã·ã§ ã³ããããŸãããã®ãªãã·ã§ã³ã䜿çšãããšãã¯ã©ã¹ã¿ã«è¿œå ããããã€ã¹ãåèšå®ãããæåã§ã€ ã³ã¹ããŒã«ãããããå¿ èŠãªãããããã¹ã¿ã³ãã€ã·ã¹ãã /ã¯ã©ã¹ã¿ãã»ããã¢ããããããšãã§ã㟠ããUTMã¢ãã©ã€ã¢ã³ã¹ã®å°çš HA ã€ã³ã¿ãã§ãŒã¹ (eth3) ãçžäºã«æ¥ç¶ãããã¹ãŠã®ããã€ã¹ã§ãèª åèšå® ããéžæããã ãã§ãæºåã¯å®äºã§ãã 96 UTM 9 管çã¬ã€ã 4 ãããžã¡ã³ã 4.11 åé·å(HA) 泚 â èªåèšå® ãæ£åžžã«æ©èœããããã«ã¯ããã¹ãŠã®UTMã¢ãã©ã€ã¢ã³ã¹ã¯åãã¢ãã«ã§ãªãã ã°ãªããŸãããããšãã°ãHAã·ã¹ãã ã®ã»ããã¢ããã«ã¯ã2å°ã®UTM 320ã¢ãã©ã€ã¢ã³ã¹ã䜿çšã ãå¿ èŠããããUTM 220ãŠããããšUTM 320ãŠããããçµã¿åãããŠäœ¿çšããããšã¯ã§ããŸããã ãã®å°çšã€ã³ã¿ãã§ãŒã¹ãä»ã㊠2å°ã®UTMã¢ãã©ã€ã¢ã³ã¹ãæ¥ç¶ãããšããã¹ãŠã®ããã€ã¹ãçžäº ã«èªèããHA ã·ã¹ãã ãšããŠèªåçã«èªå·±èšå®ããŸããã¢ããã¿ã€ã ãé·ãæ¹ã®ããã€ã¹ããã¹ã¿ ãšãªããŸããå¯èœæ§ã¯äœããã®ã®ãã¢ããã¿ã€ã ãåãã§ãã£ãå Žåã«ã¯ãMAC ã¢ãã¬ã¹ã«åºã¥ã ãŠãã¹ã¿ãšãªãããã€ã¹ã決ãŸããŸãã UTMãœãããŠã§ã¢ã䜿çšãããšãå°çšã¹ã¬ãŒãã·ã¹ãã ã§ãèªåèšå® ããªãã·ã§ã³ã䜿çšããããã¹ã¿ ãŸãã¯ãã§ã«èšå®ãããŠãããããã¹ã¿ã³ãã€ã·ã¹ãã /ã¯ã©ã¹ã¿ã«èªåçã«è¿œå ãããŸãããã®ã ãããèªåèšå® ãã¯ãããèªäœãåé·åãªãã¬ãŒã·ã§ã³ã¢ãŒãã§ã¯ãªã移è¡ã¢ãŒããšèããããšãã§ã ãŸãããèªåèšå® ããéžæãããŠããããã€ã¹ããããã¹ã¿ã³ãã€ã·ã¹ãã ãŸãã¯ã¯ã©ã¹ã¿ã«è¿œå ã ãããšãåé·åãªãã¬ãŒã·ã§ã³ã¢ãŒãã¯ããããããããã¹ã¿ã³ãã€ããŸãã¯ãã¯ã©ã¹ã¿ããšãªããŸããã ã ãããã®æ©èœãæ£åžžã«æ©èœããããã«ã¯ããã¹ã¿ã·ã¹ãã ã§ãæ°èŠããã€ã¹ã®èªåèšå®ãèš±å¯ ã ãªãã·ã§ã³ãæå¹ã«ãªã£ãŠããããšãæ¡ä»¶ãšãªããŸãããã®æ©èœã«ãããåé·åãªãã¬ãŒã·ã§ã³ã¢ãŒ ãããèªåèšå® ãã«èšå®ãããŠããããã€ã¹ããããã¹ã¿ã³ãã€ã·ã¹ãã /ã¯ã©ã¹ã¿ã«èªåçã«è¿œå ãããŸãã ãããã¹ã¿ã³ã〠(active-passive):Sophos UTMSophos UTM ã§ã¯ã2ã€ã®ããŒãããæããããã¹ã¿ã³ã ã€åé·åã³ã³ã»ãããæ¡çšãããŠãããåé·æ§ãå®çŸããæäœèŠä»¶ãšãªããŸããSophos UTMãœãã ãŠã§ã¢9ã«å°å ¥ãããäž»ãªæ¹è¯ç¹ã®1ã€ã«ããã€ã¯ãªãŒã㌠(åŒãç¶ã) ã®ã¬ã€ãã³ã·ã 2ç§æªæºã«äœ æžã§ããç¹ããããŸããã²ãŒããŠã§ã€ã¯ããã¡ã€ã¢ãŠã©ãŒã«æ¥ç¶ã®åæåã«å ããIPsec ãã³ãã«ã® åæåã«ã察å¿ããŠãŸããã€ãŸããããŒããŠã©ãªã¢ããªã¢ãŒã VPN ã²ãŒããŠã§ã€ãããã€ã¯ãªãŒã㌠åŸã« IPsec ãã³ãã«ãå床確ç«ããå¿ èŠã¯ãããŸããããŸããéé¢ããããªããžã§ã¯ããåæåã ããããããã€ã¯ãªãŒããŒåŸã䜿çšå¯èœã§ãã ã¯ã©ã¹ã¿ (active-active):(ããŒã·ãã¯ã¬ãŒããµãã¹ã¯ãªãã·ã§ã³ã§ã¯ãå©çšã§ããŸããã)倧éã®ã€ã³ ã¿ãŒããããã©ãã£ãã¯ã®ãªã¢ã«ã¿ã€ã åŠçã«å¯ŸããéèŠãé«ãŸã£ãŠããŸããããã«å¯Ÿå¿ãããã ã«ãSophos UTMã«ã¯ãåŠçéçŽåã®ã¿ã¹ã¯ (ã³ã³ãã³ããã£ã«ã¿ããŠã€ã«ã¹ã¹ãã£ã³ãäŸµå ¥é²æ¢ã埩 å·åãªã©) ãè€æ°ã®ã¯ã©ã¹ã¿ããŒãã«åäžã«åæ£ããããã®ã¯ã©ã¹ã¿ãªã³ã°æ©èœãçšæãããŠã㟠ããå°çšã®ããŒããŠã§ã¢ããŒã¹ã®è² è·åæ£è£ 眮ã䜿çšããå¿ èŠãªããã²ãŒããŠã§ã€ã®å šäœçãªã ãã©ãŒãã³ã¹ãå€§å¹ ã«åäžã§ããŸãã 泚 â ã¯ã©ã¹ã¿ã®èšå®æã¯ããã¹ã¿ããŒããèšå®ããŠããæ®ãã®ãŠããããã¹ã€ããã«æ¥ç¶ããŠãã ã ãã ãã¹ã¿ãã¹ã¬ãŒãããŸãã¯ã¯ãŒã«ã®èšå®æé ã¯éåžžã«äŒŒãŠããŸãã次ã®æé ã§å®è¡ããŸãã UTM 9 管çã¬ã€ã 97 4.11 åé·å(HA) 4 ãããžã¡ã³ã 1. åé·åãªãã¬ãŒã·ã§ã³ã¢ãŒããéžæããŸãã ããã©ã«ãã§ã¯ãåé·åã¯ãªãã«ãªã£ãŠããŸãã次ã®ã¢ãŒãã䜿çšã§ããŸãã l èªåèšå® l ãããã¹ã¿ã³ã〠(active-passive) l ã¯ã©ã¹ã¿ (active-active) 泚 â åé·åãªãã¬ãŒã·ã§ã³ã¢ãŒããå€æŽããå Žåãã¢ãŒãããèªåèšå® ããããããã¹ã¿ã³ã ã€ãããŸãã¯ãã¯ã©ã¹ã¿ãã«å€æŽããããã«ã¯ãã¢ãŒããäžåºŠãOFFãã«æ»ãå¿ èŠããããŸãã éžæã«å¿ããŠã1ã€ä»¥äžã®ãªãã·ã§ã³ã衚瀺ãããŸãã 2. 次ã®èšå®ãè¡ããŸãã åæçš NIC:ãã¹ã¿ã·ã¹ãã ãšã¹ã¬ãŒãã·ã¹ãã ãšã®éä¿¡ã§çµç±ãããããã¯ãŒã¯ã€ã³ã¿ãã§ãŒ ã¹ã«ãŒããéžæããŸãããªã³ã¯ã¢ã°ãªã²ãŒã·ã§ã³ãã¢ã¯ãã£ãã§ããå Žåãããã§ãªã³ã¯ã¢ã°ãª ã²ãŒã·ã§ã³ã€ã³ã¿ãã§ãŒã¹ãéžæã§ããŸãã 泚 â ãŸã èšå®ããŠããªãã€ã³ã¿ãã§ãŒã¹ã®ã¿ã衚瀺ãããŸããå®è¡äžã®èšå®ã§åæå〠ã³ã¿ãã§ãŒã¹ãå€æŽããããšãã§ããŸãããã®åŸããã¹ãŠã®ããŒãã¯ãªããŒãããŸãã 次ã®ãªãã·ã§ã³ã¯ããªãã¬ãŒã·ã§ã³ã¢ãŒããšããŠããããã¹ã¿ã³ãã€ããŸãã¯ãã¯ã©ã¹ã¿ããéžæã ãå Žåã®ã¿èšå®ã§ããŸãã ããã€ã¹å:ãã®ããã€ã¹ã説æããååãå ¥åããŸãã ããã€ã¹ããŒã ID:ããã€ã¹ã®ããŒã ID ãéžæããŸãããã©ã€ããªã·ã¹ãã ã«é害ãçºçãã å ŽåãID ãæãé«ãããŒãããã¹ã¿ãšãªããŸãã æå·åããŒ:ãã¹ã¿ãšã¹ã¬ãŒãã®éä¿¡ãæå·åãããã¹ãã¬ãŒãº (確èªã®ããã«ãã¹ãã¬ãŒã ã 2åå ¥åããŸã)ãéµã®æ倧é·ã¯ 16æåã§ãã 3. ãé©çš ããã¯ãªãã¯ããŸãã ããã€ã¹ã§åé·åãã§ã€ã«ãªãŒããŒãã¢ã¯ãã£ãã«ãªããŸããã ãããã¹ã¿ã³ãã€ã¢ãŒãã®ã²ãŒããŠã§ã€ã¯ãããŒã¿è»¢éæ¥ç¶ã«å¯ŸããŠå®æçã«æŽæ°ãããŸããã¢ã¯ ãã£ããªãã©ã€ããªã·ã¹ãã ã§ãšã©ãŒãçºçããå Žåãéããã«ã»ã«ã³ããªã·ã¹ãã ãéåžžã¢ãŒãã« èªåçã«åãæ¿ããããã©ã€ããªã·ã¹ãã ã®æ©èœãåŒãç¶ããŸãã 泚 â ãããã¹ã¿ã³ãã€ã·ã¹ãã /ã¯ã©ã¹ã¿ãç¡å¹ã«ãããšãã¹ã¬ãŒãããŒããšã¯ãŒã«ããŒãã¯å·¥å Žåºè· æã®ç¶æ ã«æ»ããã·ã£ããããŠã³ããŸãã 98 UTM 9 管çã¬ã€ã 4 ãããžã¡ã³ã 4.11 åé·å(HA) 詳现æ å ± (ç¹ã«äœ¿çšäºäŸ) ã¯ãSophosãµããŒãããŒã¿ããŒã¹ã«ãããHA/ã¯ã©ã¹ã¿ã¬ã€ã ãã§ç¢ºèªã§ã ãŸãã 詳现 ãã®ã»ã¯ã·ã§ã³ã§ã¯ã詳现èšå®ãè¡ãããšãã§ããŸãã æ°èŠããã€ã¹ã®èªåèšå®ãèš±å¯:ãããã¹ã¿ã³ãã€ã·ã¹ãã /ã¯ã©ã¹ã¿ãæåã§èšå®ããå Žåããã® ãªãã·ã§ã³ã«ãããåé·åãªãã¬ãŒã·ã§ã³ã¢ãŒãããèªåèšå® ãã«èšå®ãããŠããããã€ã¹ããããã¹ ã¿ã³ãã€ã·ã¹ãã /ã¯ã©ã¹ã¿ã«èªåçã«è¿œå ãããŸãããã ãããã®ãªãã·ã§ã³ã¯ã¹ã¬ãŒãã·ã¹ãã ã« äžå圱é¿ãäžããªããããããã©ã«ãèšå®ã®ãŸãŸæå¹ã«ããŠããããšãã§ããŸãã Up2Date æã«ããŒãããã®ãŸãŸä¿æ:éžæããå Žåãæ°ããã·ã¹ãã ããŒãžã§ã³ãžã®æŽæ°æ ã«ãHA/ã¯ã©ã¹ã¿ããŒãã®åæ°ãçŸåšã®ã·ã¹ãã ããŒãžã§ã³ãä¿æããŸããæ°ããããŒãžã§ã³ãå®å® ãã段éã§ãããããžã¡ã³ã > åé·å > ã¹ããŒã¿ã¹ ãããŒãžã§æ®ãã®ããŒããæŽæ°ã§ããŸããæ°ãã ããŒãžã§ã³ã®ããã«æŽæ°ããããã¹ãŠã®ããŒãã§é害ãçºçããå Žåã¯ãæ®ãã®ããŒããå€ã ããŒãžã§ã³ã§æ°ãã HA/ã¯ã©ã¹ã¿ãæ§ç¯ããŸãããã®åŸãé害ã®ããããŒãã«å€ãããŒãžã§ã³ãã€ã³ ã¹ããŒã«ããããæ°ããæŽæ°ãåŸ ã€ããšãã§ããŸãã ãUp2Date æã«ããŒãããã®ãŸãŸä¿æ ããæå¹ã«ãããšãåæã¯åãã·ã¹ãã ããŒãžã§ã³ãæã€ããŒã ã«ããé©çšãããªããããããŒãžã§ã³ä¿æãéžæããããŒãã¯ã¢ããããŒãåŸåæãããªããªã㟠ãããã®ä»£ãããä¿æãéžæããããŒãã®ç¶æ ã¯ç¶æãããŸãããã®ãããäœããã®çç±ã§ãä¿æ ããããŒããåã¢ã¯ãã£ããŒã·ã§ã³ããå Žåãã¢ããããŒãéå§æããåã¢ã¯ãã£ããŒã·ã§ã³ãããŸã§ ã®éã«çºçããèšå®ã®å€æŽãã¬ããŒãããŒã¿ã¯å€±ãããŸãã åªå ãã¹ã¿:ããã§ã¯ãããããããŠã³ãªã¹ãã§ããŒããéžæããŠãæå®ã®ãã¹ã¿ããŒããå®çŸ©ã§ã㟠ãããã§ã€ã«ãªãŒããŒãçºçããå ŽåãéžæãããããŒãã¯ãªã³ã¯ã®å埩åŸã¯ã¹ã¬ãŒãã¢ãŒãã®ãŸ ãŸã§ã¯ãªãããã¹ã¿ã¢ãŒãã«ã¹ã€ããããã¯ããŸãã ããã¯ã¢ããã€ã³ã¿ãã§ãŒã¹:HA åæåã€ã³ã¿ãã§ãŒã¹ã®é害ããããã¯ãŒã¯ã±ãŒãã«ã®åæãªã©ã åå ã§ããã¹ã¿ãšã¹ã¬ãŒãã®äž¡æ¹ãåæã«ãã¹ã¿ã«ãªãããš (ãã¹ã¿/ãã¹ã¿ã®ç¶æ³) ãé²ãããã«ã ããã¯ã¢ããçšã®ããŒãããŒãã€ã³ã¿ãã§ãŒã¹ãéžæã§ããŸãããã®è¿œå ããŒãããŒãã€ã³ã¿ãã§ãŒã¹ ã«ã¯ãããããã®èšå®æžã¿ã¢ã¯ãã£ãã€ãŒãµãããã€ã³ã¿ãã§ãŒã¹ãéžæã§ããŸããããã¯ã¢ããã€ã³ ã¿ãã§ãŒã¹ãéžæãããšããã¹ã¿/ã¹ã¬ãŒãèšå®ãç¶æãããŠããããšã確èªããããã«ããã®ã€ã³ã¿ ãã§ãŒã¹çµç±ã§è¿œå ã®ããŒãããŒãä¿¡å·ãäžæ¹åãž (ãã¹ã¿ããã¹ã¬ãŒããž) éä¿¡ãããŸãããã¹ ã¿/ã¹ã¬ãŒãæ¥ç¶ãç¡å¹ã§ãããããã¯ã¢ããã€ã³ã¿ãã§ãŒã¹ãé¢äžãããšãããããã®ã¯ã©ã¹ã¿ã㌠ããåæ¢ããŠããããšãç¥ãããéç¥ã管çè ã«éä¿¡ãããŸãããã ãããã®ãªãã·ã§ã³ã¯ã¹ã¬ãŒã ã·ã¹ãã ã«äžå圱é¿ãäžããªããããæªèšå®ã®ãŸãŸã«ããŠããããšãã§ããŸãã UTM 9 管çã¬ã€ã 99 4.12 ã·ã£ããããŠã³ãšãªã¹ã¿ãŒã 4 ãããžã¡ã³ã 泚 â HA åæåã€ã³ã¿ãã§ãŒã¹ã«é害ãçºçããå Žåãèšå®ã¯ãã以äžåæãããªããªããŸãã ããã¯ã¢ããã€ã³ã¿ãã§ãŒã¹ã¯ããã¹ã¿/ãã¹ã¿ã®ç¶æ³ãåé¿ããã ãã§ãã 4.12 ã·ã£ããããŠã³ãšãªã¹ã¿ãŒã ãã®ã¿ãã§ã¯ãæåã§Sophos UTMãã·ã£ããããŠã³ãŸãã¯ãªã¹ã¿ãŒãã§ããŸãã ã·ã£ããããŠã³:ãã®æäœã«ãããã·ã¹ãã ãã·ã£ããããŠã³ããŠããã¹ãŠã®ãµãŒãã¹ãé©åã«åæ¢ã§ ããŸããã¢ãã¿ã LCD ãã£ã¹ãã¬ã€ãæ¥ç¶ãããŠããªãã·ã¹ãã ã®å Žåã¯ãã·ã£ããããŠã³ããã»ã¹ ã®æåŸã«ããŒãé³ã 1ç§ééã§é³Žãç¶ããŸãã Sophos UTMãã·ã£ããããŠã³ããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ãã·ã¹ãã ãã·ã£ããããŠã³ (åæ¢)ããã¯ãªãã¯ããŸãã 2. èŠåã¡ãã»ãŒãžã確èªããŸãã ãã·ã¹ãã ãã·ã£ããããŠã³ããŸããïŒããšããã¡ãã»ãŒãžã衚瀺ããããããOKããã¯ãªãã¯ã㟠ãã ã·ã¹ãã ã¯ã·ã£ããããŠã³ããŠåæ¢ããŸãã ã䜿ãã®ããŒããŠã§ã¢ããã³èšå®ã«ãããã·ã£ããããŠã³ãå®äºãããŸã§ã«æ°åãããå Žåããã ãŸããã·ã¹ãã ãå®å šã«ã·ã£ããããŠã³ããåŸã§ãé»æºãåããŸããã·ã¹ãã ãå®å šã«ã·ã£ããã㊠ã³ããåã«é»æºãåããšãã·ã¹ãã ã次åã®èµ·å (ããŒã) æã«ãã¡ã€ã«ã·ã¹ãã ã®äžè²«æ§ã ãã§ãã¯ãããããèµ·åããã»ã¹ã«éåžžããããªãé·ãæéããããããšã«ãªããŸããææªã®å Žå ã¯ãããŒã¿ã倱ãããå ŽåããããŸãã ã·ã¹ãã ã®èµ·åãæ£åžžã«è¡ããããšããŒãé³ãé£ç¶ã㊠5å鳎ããŸãã ãªã¹ã¿ãŒã:ãã®æäœã«ãããã·ã¹ãã ãå®å šã«ã·ã£ããããŠã³ããŠåèµ·åããŸããã䜿ãã®ããŒããŠã§ ã¢ããã³èšå®ã«ãããå®å šã«ãªã¹ã¿ãŒããããŸã§ã«æ°åãããå ŽåããããŸãã Sophos UTMããªã¹ã¿ãŒãããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãã·ã¹ãã ããªã¹ã¿ãŒã (ãªããŒã)ããã¯ãªãã¯ããŸãã 2. èŠåã¡ãã»ãŒãžã確èªããŸãã ãã·ã¹ãã ããªã¹ã¿ãŒãããŸããïŒããšããã¡ãã»ãŒãžã衚瀺ããããããOKããã¯ãªãã¯ããŸãã ã·ã¹ãã ã¯ã·ã£ããããŠã³ããåæ¢ããŠãããªããŒãããŸãã 100 UTM 9 管çã¬ã€ã 5 å®çŸ©ãšãŠãŒã¶ ãã®ç« ã§ã¯ãSophos UTMå šäœã§äœ¿çšããããããã¯ãŒã¯ããµãŒãã¹ãæéã®å®çŸ©ãèšå®ããæ¹æ³ ã«ã€ããŠèª¬æããŸããWebAdmin ã®ããªããžã§ã¯ãå®çŸ©ã®æŠèŠ ãããŒãžã¯ãã¿ã€ãã«åºã¥ããããã¯ãŒã¯ å®çŸ©ã®æ°ãšããããã³ã«ã¿ã€ãã«åºã¥ããµãŒãã¹å®çŸ©ã®æ°ã瀺ããŸãã ãå®çŸ©ãšãŠãŒã¶ ãã¡ãã¥ãŒã®ããŒãžã䜿çšãããšãä»ã®ãã¹ãŠã®èšå®ã¡ãã¥ãŒã§äœ¿çšããããšãå¯èœ ãªãããã¯ãŒã¯ãšãµãŒãã¹ãäžå çã«å®çŸ©ããããšãã§ããŸããããã«ãããIP ã¢ãã¬ã¹ãããŒãã ãããã¯ãŒã¯ãã¹ã¯ãªã©ã«æ©ãŸãããããšãªããååã䜿çšããŠäœæ¥ã§ããŸãããã®ä»ã®ã¡ãªãããšã ãŠã¯ãåã ã®ãããã¯ãŒã¯ããµãŒãã¹ãã°ã«ãŒãã«ãŸãšããŠãäžåºŠã«èšå®ã§ããããšããããã㟠ããåŸã§ãããã®ã°ã«ãŒãã«ç¹å®ã®èšå®ãå²ãåœãŠãããããšããããã®èšå®ã¯ã°ã«ãŒãã«å«ãŸã ããã¹ãŠã®ãããã¯ãŒã¯ãšãµãŒãã¹ã«é©çšãããŸãã ããã«ããã®ç« ã§ã¯ãSophos UTMã®ãŠãŒã¶ã¢ã«ãŠã³ãããŠãŒã¶ã°ã«ãŒããããã³å€éšèªèšŒãµãŒãã® èšå®æ¹æ³ããã¯ã©ã€ã¢ã³ã PC ã®èªèšŒã«ã€ããŠèª¬æããŸãã ãã®ç« ã§ã¯ã次ã®ãããã¯ã«ã€ããŠèª¬æããŸãã l ãããã¯ãŒã¯å®çŸ© l ãµãŒãã¹å®çŸ© l æé垯å®çŸ© l ãŠãŒã¶ãšã°ã«ãŒã l ã¯ã©ã€ã¢ã³ãèªèšŒ l èªèšŒãµãŒã 5.1 ãããã¯ãŒã¯å®çŸ© ãå®çŸ©ãšãŠãŒã¶ã>ããããã¯ãŒã¯å®çŸ©ãã¡ãã¥ãŒã§ã¯ããã¹ãããããã¯ãŒã¯ããããã¯ãŒã¯ã°ã«ãŒãã㟠ã MAC ã¢ãã¬ã¹ã®å®çŸ©ãäœæã§ããŸããããã§äœæããå®çŸ©ã¯ãä»ã®å€ãã® WebAdmin èšå®ã§ã 䜿çšã§ããŸãã 5.1.1 ãããã¯ãŒã¯å®çŸ© ãå®çŸ©ãšãŠãŒã¶ > ãããã¯ãŒã¯å®çŸ© > ãããã¯ãŒã¯å®çŸ© ãã¿ãã¯ãUTMã®ãã¹ãããããã¯ãŒã¯ãããã ã¯ãŒã¯ã°ã«ãŒããäžå çã«å®çŸ©ããå Žæã§ããããã§äœæããå®çŸ©ã¯ãä»ã®å€ãã® WebAdmin èšå® ã¡ãã¥ãŒã§ã䜿çšã§ããŸãã 5.1 ãããã¯ãŒã¯å®çŸ© 5 å®çŸ©ãšãŠãŒã¶ ããã©ã«ãã§ã¯ãã¿ããéããšãã¹ãŠã®ãããã¯ãŒã¯å®çŸ©ã衚瀺ãããŸãããªã¹ãã®äžéšã®ããããã ãŠã³ãªã¹ãã䜿çšããŠãç¹å®ã®ããããã£ãæã€ãããã¯ãŒã¯å®çŸ©ã衚瀺ããããã«éžæã§ããŸãã ãã³ã â ããããã¯ãŒã¯å®çŸ© ããªã¹ãã§ãããã¯ãŒã¯å®çŸ©ã®æ å ±ã¢ã€ã³ã³ãã¯ãªãã¯ãããšãããã ã¯ãŒã¯å®çŸ©ã䜿çšãããŠãããã¹ãŠã®èšå®é ç®ã衚瀺ã§ããŸãã ãããã¯ãŒã¯ããŒãã«ã«ã¯ãã·ã¹ãã ãèªåçã«äœæãããç·šéãåé€ãã§ããªãã¹ã¿ãã£ãã¯ããã ã¯ãŒã¯ãå«ãŸããŠããŸãã l ã€ã³ã¿ãã§ãŒã¹ã¢ãã¬ã¹:ãã®ã¿ã€ãã®å®çŸ©ã¯ãåãããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ã«è¿œå ãããŸãã ããã«ã¯ãã€ã³ã¿ãã§ãŒã¹ã®çŸåšã® IP ã¢ãã¬ã¹ãå«ãŸããŠããŸããååã§ã¯ãã€ã³ã¿ãã§ãŒã¹ åã®åŸã«ã(Address)ããšããèšèãä»ããŠããŸãã l I/F ãããŒããã£ã¹ãã¢ãã¬ã¹:ãã®ã¿ã€ãã®å®çŸ©ã¯ãåã€ãŒãµãããã¿ã€ããããã¯ãŒã¯ã€ã³ã¿ ãã§ãŒã¹ã«è¿œå ãããŸããããã«ã¯ãã€ã³ã¿ãã§ãŒã¹ã®çŸåšã® IPv4 ãããŒããã£ã¹ãã¢ãã¬ã¹ ãå«ãŸããŠããŸããååã§ã¯ãã€ã³ã¿ãã§ãŒã¹åã®åŸã«ã(Broadcast)ããšããèšèãä»ããŠã ãŸãã l I/F ãããã¯ãŒã¯ã¢ãã¬ã¹:ãã®ã¿ã€ãã®å®çŸ©ã¯ãåã€ãŒãµãããã¿ã€ããããã¯ãŒã¯ã€ã³ã¿ãã§ãŒ ã¹ã«è¿œå ãããŸããããã«ã¯ãã€ã³ã¿ãã§ãŒã¹ã®çŸåšã® IPv4 ãããã¯ãŒã¯ãå«ãŸããŠããŸãã ååã§ã¯ãã€ã³ã¿ãã§ãŒã¹åã®åŸã«ã(Network)ããšããèšèãä»ããŠããŸãã l ã€ã³ã¿ãŒããã (IPv4/IPv6):ã€ã³ã¿ãã§ãŒã¹ã«é¢é£ä»ãããããããã¯ãŒã¯å®çŸ© (ãããã IPv4ãããã³ IPv6 ãæå¹ãªå Žå㯠IPv6çš)ãããã©ã«ãã²ãŒããŠã§ã€ãšããŠæ©èœããŸããèšå® ã§ããã䜿çšãããšãèšå®ããã»ã¹ã容æã«ãªããŸããã¢ãããªã³ã¯ãã©ã³ã·ã³ã°ãæå¹ã«ã ããšãã€ã³ã¿ãŒãããå®çŸ©ã¯ ã¢ãããªã³ã¯ã€ã³ã¿ãã§ãŒã¹ ãšé¢é£ä»ããããŸãã 泚 â ã¯ã©ã€ã¢ã³ãèªèšŒã§èªèšŒããããŠãŒã¶ãããã¯ãŒã¯ãªããžã§ã¯ãã¯ãããã©ãŒãã³ã¹äžã®çç± ããåžžã«æªè§£æ±ºãšããŠè¡šç€ºãããŸãã ãããã¯ãŒã¯å®çŸ©ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ããããã¯ãŒã¯å®çŸ© ãã¿ãã§ããæ°èŠãããã¯ãŒã¯å®çŸ© ããã¯ãªãã¯ããŸãã ãæ°èŠãããã¯ãŒã¯å®çŸ©ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã (éžæããå®çŸ©ã¿ã€ãã«å¿ããŠããããã¯ãŒã¯å®çŸ©ã®ããã«è©³çŽ°ãªãã©ã¡ãŒã¿ã衚瀺ãã㟠ãã) åå:ãã®å®çŸ©ã説æããååãå ¥åããŸãã ã¿ã€ã:ãããã¯ãŒã¯å®çŸ©ã¿ã€ããéžæããŸãã次ã®ã¿ã€ãã䜿çšã§ããŸãã 102 UTM 9 管çã¬ã€ã 5 å®çŸ©ãšãŠãŒã¶ l 5.1 ãããã¯ãŒã¯å®çŸ© ãã¹ã:åäž IP ã¢ãã¬ã¹ã次ã®æ å ±ãæå®ããŸãã l IPv4 ã¢ãã¬ã¹/IPv6 ã¢ãã¬ã¹:ãã¹ãã® IP ã¢ãã¬ã¹ (èšå®ãããã€ã³ã¿ãã§ãŒã¹ã® IP ã¢ãã¬ã¹ãå ¥åããããšã¯ã§ããŸãã)ã l DHCP èšå® (ãªãã·ã§ã³):ãã®ã»ã¯ã·ã§ã³ã§ã¯ããã¹ããš IP ã¢ãã¬ã¹éã®ã¹ã¿ ãã£ãã¯ãããã³ã°ãäœæã§ããŸããããã«ã¯ãèšå®ããã DHCP ãµãŒããå¿ èŠã«ãªããŸã (ããããã¯ãŒã¯ãµãŒãã¹ > DHCP > ãµãŒã ãåç §)ã 泚 â DHCP ããŒã«ããéåžžéãã«å²ãåœãŠãããã¢ãã¬ã¹ãšã¹ã¿ãã£ãã¯ã« ãããã³ã°ãããã¢ãã¬ã¹ã®éã§IPã¢ãã¬ã¹ã®éè€ãçºçããããšãé²æ¢ã ãããã«ãã¹ã¿ãã£ãã¯ã«ãããã³ã°ããå Žåã¯DHCPããŒã«ã®ç¯å²å€ã®ã¢ã ã¬ã¹ãæå®ããŠãã ãããããšãã°ãDHCP ããŒã«ã 192.168.0.100ïœ192.168.0.210 ã§ããå Žåã«ã¹ã¿ãã£ãã¯ãããã³ã°ãš ã㊠192.168.0.200 ãæå®ãããšã2ã€ã®ã·ã¹ãã ãåã IP ã¢ãã¬ã¹ãæ ã€ããšã«ãªããŸãã IPv4 DHCP:ã¹ã¿ãã£ãã¯ãããã³ã°ã«äœ¿çšãã IPv4 DHCP ãµãŒããéžæã㟠ãã MAC ã¢ãã¬ã¹:ãã¹ãã®ãããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ã«ãŒãã® MAC ã¢ãã¬ã¹ãå ¥ åããŸãã MAC ã¢ãã¬ã¹ã¯éåžžã2æ¡ã® 16é²æ°ãã³ãã³ã§åºåã£ãŠ6çµãŸãšã ã圢åŒã§æå®ããŸã (00:04:76:16:EA:62ãªã©)ã IPv6 DHCP:ã¹ã¿ãã£ãã¯ãããã³ã°ã«äœ¿çšãã IPv6 DHCP ãµãŒããéžæã㟠ãã DHCP åå¥èå¥å:ãã¹ãã® DUID ãå ¥åããŸããWindows ãªã©ã® OS ã®å Žåã 次㮠Windows ã¬ãžã¹ããªã§ DUID ã確èªã§ããŸãã HKEY_LOCAL_ MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Paramete rs 2æ¡ã® 16é²æ°ãã³ãã³ã§åºåã£ãŠãŸãšãã圢åŒã§æå®ããŸã (00:01:00:01:13:30:65:56:00:50:56:b2:07:51 ãªã©)ã l DNS èšå® (ãªãã·ã§ã³):ç¬èªã® DNS ãµãŒããã»ããã¢ããããããããã¯ãŒã¯å ã®ããã€ãã®ãã¹ãã«å¯ŸããŠã¹ã¿ãã£ã㯠DNS ãããã³ã°ãå¿ èŠãªå Žåã¯ã該 åœãããã¹ãã®ãã®ã»ã¯ã·ã§ã³ã§ãããã®ãããã³ã°ãå ¥åããããšãã§ã㟠ããããã¯éãããæ°ã®ãã¹ãã«ãã察å¿ã§ããªãããããã«ãªãã¬ãŒã·ã§ã³ã è¡ã£ãŠãã DNS ãµãŒãã®ä»£ããã«äœ¿çšããããšã¯æ±ºããŠããªãã§ãã ããã UTM 9 管çã¬ã€ã 103 5.1 ãããã¯ãŒã¯å®çŸ© 5 å®çŸ©ãšãŠãŒã¶ ãã¹ãå:ãã¹ãã® FQDN (å®å šä¿®é£Ÿãã¡ã€ã³å) ãå ¥åããŸãã ãªããŒã¹ DNS:ãã¹ãã® IP ã¢ãã¬ã¹ãšååã®ãããã³ã°ãæå¹åããã«ã¯ã ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŸããåã IP ã¢ãã¬ã¹ã«è€æ°ã®ååãããã ã³ã°ããããšãå¯èœã§ããã1ã€ã® IP ã¢ãã¬ã¹ã«ã¯1ã€ã®ååã«ãããããã³ã° ã§ããŸããã è¿œå ãã¹ãå:ãã¹ãã«ãã¹ãåãè¿œå ããã«ã¯ããã©ã¹ã¢ã€ã³ã³ãã¯ãªãã¯ã㟠ãã l DNS ãã¹ã:DNS ãã¹ãåãã·ã¹ãã ã«ãã£ãŠãã€ãããã¯ã«è§£æ±ºãããIP ã¢ãã¬ã¹ãç æãããŸããDNS ãã¹ãã¯ããã€ããã㯠IP ãšã³ããã€ã³ãã®äœ¿çšæã«äŸ¿å©ã§ããã·ã¹ ãã ã¯ãTTL (çåæé) ã®å€ã«åŸã£ãŠå®æçã«ãããã®å®çŸ©ãå解決ããæ°ãã IP ã¢ãã¬ã¹ãããå Žåã¯å®çŸ©ãæŽæ°ããŸãã次ã®æ å ±ãæå®ããŸãã l ãã¹ãå:ãªãŸã«ãããããã¹ãåã l DNS ã°ã«ãŒã:DNS ãã¹ããšäŒŒãŠããŸããã1ã€ã®ãã¹ãåçšã® DNS å ã®è€æ°ã® RR (ãªãœãŒã¹ã¬ã³ãŒã) ãåŠçã§ããŸããééãããã·ã§ã®ãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ãšé€å€ ã®å®çŸ©ã«äŸ¿å©ã§ãã l ãããã¯ãŒã¯:æšæºç㪠IP ãããã¯ãŒã¯ããããã¯ãŒã¯ã¢ãã¬ã¹ãšããããã¹ã¯ããæ§æã ããŠããŸãã次ã®æ å ±ãæå®ããŸãã l IPv4 ã¢ãã¬ã¹/IPv6 ã¢ãã¬ã¹:ãããã¯ãŒã¯ã®ãããã¯ãŒã¯ã¢ãã¬ã¹ (èšå®ããã〠ã³ã¿ãã§ãŒã¹ã® IP ã¢ãã¬ã¹ãå ¥åããããšã¯ã§ããŸãã)ã l l ã¬ã³ãž:IPv4 ã¢ãã¬ã¹ã¬ã³ãžã®å šç¯å²ãå®çŸ©ããããã«éžæããŸãã次ã®æ å ±ãæå® ããŸãã l IPv4 å é :ã¬ã³ãžã®å é ã® IPv4 ã¢ãã¬ã¹ã l l IPv4 æ«å°Ÿ:ã¬ã³ãžã®æ«å°Ÿã® IPv4 ã¢ãã¬ã¹ã ãã«ããã£ã¹ãã°ã«ãŒã:å®çŸ©ããããã«ããã£ã¹ããããã¯ãŒã¯ç¯å²ããæ§æããã ãããã¯ãŒã¯ã l IPv4 ã¢ãã¬ã¹:ãã«ããã£ã¹ããããã¯ãŒã¯ã®ãããã¯ãŒã¯ã¢ã㬠ã¹ã224.0.0.0ïœ239.255.255.255 ã®ç¯å²ã§ããå¿ èŠããããŸãã l 104 ããããã¹ã¯:ãªã¯ãããå ã®ããã€ã®ãããã§ãµããããã¯ãŒã¯ãæå®ããããã ã€ã®ãããããã¹ãã¢ãã¬ã¹ã«äœ¿çšããããã瀺ãããã«äœ¿çšããããããã ã¹ã¯ã ããããã¹ã¯:ãªã¯ãããå ã®ããã€ã®ãããã§ãµããããã¯ãŒã¯ãæå®ããããã ã€ã®ãããããã¹ãã¢ãã¬ã¹ã«äœ¿çšããããã瀺ãããã«äœ¿çšããããããã ã¹ã¯ã UTM 9 管çã¬ã€ã 5 å®çŸ©ãšãŠãŒã¶ 5.1 ãããã¯ãŒã¯å®çŸ© l ãããã¯ãŒã¯ã°ã«ãŒã:ä»ã®ãããã¯ãŒã¯å®çŸ©ãªã¹ããå«ãã³ã³ããããããã䜿çšã㊠ãããã¯ãŒã¯ãšãã¹ãããŸãšãããšãèšå®ãããèªã¿ããããªããŸããããããã¯ãŒã¯ã° ã«ãŒãããéžæãããšããã¡ã³ããŒãããã¯ã¹ã衚瀺ãããã°ã«ãŒãã¡ã³ããŒãè¿œå ã§ã ãŸãã l ã¢ãã€ã©ããªãã£ã°ã«ãŒã:ãã¹ããŸã㯠DNS ãã¹ã (ãããã¯ãã®äž¡æ¹) ã®ã°ã«ãŒãã åªå é äœã«åºã¥ããŠãœãŒããããŠããŸãããã¹ãŠã®ãã¹ãã®çåã¹ããŒã¿ã¹ã ICMP ping ã«ãããããã©ã«ã㧠60ç§ééã§ãã§ãã¯ãããŸããåªå é äœãæãé«ããçåã¹ ããŒã¿ã¹ã§ãããã¹ããèšå®ã§äœ¿çšãããŸãããã¢ãã€ã©ããªãã£ã°ã«ãŒãããéžæãã ãšããã¡ã³ããŒãããã¯ã¹ã衚瀺ãããã°ã«ãŒãã¡ã³ããŒãè¿œå ã§ããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. 次ã®è©³çŽ°èšå®ãä»»æã§è¡ããŸãã 衚瀺ããããªãã·ã§ã³ã¯ãäžã§éžæãããŠãããã¿ã€ããã«äŸåããŸãã ã€ã³ã¿ãŒãã§ãŒã¹ (ä»»æ):ãããã¯ãŒã¯å®çŸ©ãç¹å®ã€ã³ã¿ãã§ãŒã¹ã«ãã€ã³ãããŠããã®å®çŸ©ãž ã®æ¥ç¶ããã®ã€ã³ã¿ãã§ãŒã¹çµç±ã§ã®ã¿ç¢ºç«ãããããã«ããããšãã§ããŸãã ã¢ãã¿ãªã³ã°ã¿ã€ã (ãã¢ãã€ã©ããªãã£ã°ã«ãŒããéžææã®ã¿):çåã¹ããŒã¿ã¹ãã§ãã¯ã®ãµãŒ ãã¹ãããã³ã«ãéžæããŸããã¢ãã¿ãªã³ã°çšã«ãTCP ã(TCP æ¥ç¶ã®ç¢ºç«)ããUDP ã(UDP æ¥ç¶ ã®ç¢ºç«)ããPingã(ICMP Ping)ããHTTP ãã¹ãã(HTTP èŠæ±)ããŸãã¯ãHTTPS ãã¹ãã(HTTPS èŠæ±) ã®ãããããéžæããŸãããUDP ãã䜿çšããå Žåãping èŠæ±ãæåã«éä¿¡ãããæ åããå Žåã¯ãç¶ããŠãã€ããŒã 0 ã® UDP ãã±ãããéä¿¡ãããŸããping ãæåããªãã£ã å ŽåããICMP ããŒãã«å°éã§ããªãå Žåããã®ãã¹ãã¯ããŠã³ããŠãããšã¿ãªãããŸãã ããŒã (ãTCP ããŸãã¯ãUDP ãã®ã¢ãã¿ãªã³ã°ã¿ã€ãéžææã®ã¿):èŠæ±ã®éä¿¡å ã®ã㌠ãçªå·ã URL (ãªãã·ã§ã³ããHTTP ãã¹ãããŸãã¯ãHTTPS ãã¹ããã®ã¢ãã¿ãªã³ã°ã¿ã€ãéžææ ã®ã¿):èŠæ±ãã URLãURL ã«ããŒãæ å ±ãè¿œå ããããšã§ãããã©ã«ãã®ããŒã 80 㟠ã㯠443 以å€ã®ããŒãã䜿çšã§ããŸã (äŸ: http://example.domain:8080/index.html)ãURL ãæå®ããªãå Žåã¯ãã«ãŒ ããã£ã¬ã¯ããªãèŠæ±ãããŸãã éé:ãã¹ãããã§ãã¯ããééãç§åäœã§å ¥åããŸãã ã¿ã€ã ã¢ãŠã:ãã¹ããå¿çãéä¿¡ããæ倧æéãç§åäœã§å ¥åããŸãããã¹ãããã® æéå ã«å¿çããªãå Žåãããã (dead) ãšã¿ãªãããŸãã åžžã«ãªãŸã«ã:ãã®ãªãã·ã§ã³ã¯ããã©ã«ãã§éžæãããŠããããããã¹ãŠã®ãã¹ãã 䜿çšäžå¯ã§ããå Žåãã°ã«ãŒãã¯æåŸã«äœ¿çšå¯èœã§ãã£ããã¹ãã§è§£æ±ºãããŸãã UTM 9 管çã¬ã€ã 105 5.1 ãããã¯ãŒã¯å®çŸ© 5 å®çŸ©ãšãŠãŒã¶ ãã§ãã¯ãå€ããšããã¹ãŠã®ãã¹ããããã (dead) ã®å Žåã¯ãã°ã«ãŒãã æªè§£æ±º ã«èš å®ãããŸãã 4. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããå®çŸ©ããããã¯ãŒã¯å®çŸ©ãªã¹ãã«è¡šç€ºãããŸãã ãããã¯ãŒã¯å®çŸ©ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 5.1.2 MAC ã¢ãã¬ã¹å®çŸ© ãå®çŸ©ãšãŠãŒã¶ã>ããããã¯ãŒã¯å®çŸ©ã>ãMAC ã¢ãã¬ã¹å®çŸ©ãã¿ãã¯ãMAC ã¢ãã¬ã¹ãªã¹ããªã©ã® MAC ã¢ãã¬ã¹ã®å®çŸ©ãäžå çã«èšå®ããå Žæã§ããMAC ã¢ãã¬ã¹ã®å®çŸ©ã«ãã£ãŠããã¹ãã IP ã¢ã㬠ã¹ã«åºã¥ããã«ãŒã«ãããã«å®çŸ©æžã¿ã® MAC ã¢ãã¬ã¹ãæã€ããã€ã¹ã«ããããããã®ã ãã«é å®ããããã«äœ¿çšã§ããŸãã ãã³ã âãMAC ã¢ãã¬ã¹å®çŸ©ãã®æ å ±ã¢ã€ã³ã³ãã¯ãªãã¯ãããšããã®å®çŸ©ã䜿çšãããŠãããã¹ãŠ ã®èšå®ãªãã·ã§ã³ã衚瀺ã§ããŸãã MAC ã¢ãã¬ã¹å®çŸ©ãäœæããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ãMAC ã¢ãã¬ã¹å®çŸ© ãã¿ãã§ããæ°èŠ MAC ã¢ãã¬ã¹ãªã¹ãããã¯ãªãã¯ããŸãã ãMAC ã¢ãã¬ã¹ãªã¹ããäœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã®å®çŸ©ã説æããååãå ¥åããŸãã MAC ã¢ãã¬ã¹:ãã©ã¹ã®ã¢ã€ã³ã³ãã¯ãªãã¯ããŠãå MAC ã¢ãã¬ã¹ãç¶ããŠå ¥åããããã¢ã¯ ã·ã§ã³ã¢ã€ã³ã³ã䜿çšããŠã³ããŒã¢ã³ãããŒã¹ãã«ãã MAC ã¢ãã¬ã¹ãªã¹ããã€ã³ããŒãããŸãã MAC ã¢ãã¬ã¹ã¯éåžžã2æ¡ã® 16é²æ°ãã³ãã³ã§åºåã£ãŠ6çµãŸãšãã圢åŒã§æå®ããŸã (00:04:76:16:EA:62ãªã©)ã ãã¹ã:MAC ã¢ãã¬ã¹å®çŸ©ã«è¿œå ãã MAC ã¢ãã¬ã¹ãæã€ãã¹ãã è¿œå ããŸãããã¹ãå®çŸ© ã®ãDHCP èšå® ãã»ã¯ã·ã§ã³ã§å®çŸ©ããã MAC ã¢ãã¬ã¹ã MAC ã¢ãã¬ã¹ãªã¹ãã«è¿œå ãã㟠ãã 泚 â MAC ã¢ãã¬ã¹ãŸãã¯ãã¹ãã®ã©ã¡ããäžæ¹ãŸãã¯äž¡æ¹å ¥åããããšãã§ããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããå®çŸ©ããMAC ã¢ãã¬ã¹å®çŸ© ããªã¹ãã«è¡šç€ºãããŸãã 106 UTM 9 管çã¬ã€ã 5 å®çŸ©ãšãŠãŒã¶ 5.2 ãµãŒãã¹å®çŸ© MAC ã¢ãã¬ã¹å®çŸ©ãç·šéãããã¯åé€ããã«ã¯ã該åœãããã¿ã³ãã¯ãªãã¯ããŸãã 5.2 ãµãŒãã¹å®çŸ© ãå®çŸ©ãšãŠãŒã¶ > ãµãŒãã¹å®çŸ© ãããŒãžã§ããµãŒãã¹ããã³ãµãŒãã¹ã°ã«ãŒããå®çŸ©ããŠäžå 管ç ã§ããŸãããµãŒãã¹ã¯ãç¹å®ã¿ã€ãã®ãããã¯ãŒã¯ãã©ãã£ãã¯ã®å®çŸ©ã§ãTCP ã UDP ãšãã£ãããã ã³ã«ã«é¢ããæ å ±ãšãããã³ã«é¢é£ãªãã·ã§ã³ (ããŒãçªå·ãªã©) ã«é¢ããæ å ±ãçµã¿åãããŠã㟠ãããµãŒãã¹ã䜿çšããŠãUTM ã§èš±å¯ãŸãã¯æåŠããããã©ãã£ãã¯ã®ã¿ã€ãã決å®ããããšãã§ã ãŸãã ãã³ã âããµãŒãã¹å®çŸ© ããªã¹ãã®ãµãŒãã¹å®çŸ©ã®æ å ±ã¢ã€ã³ã³ãã¯ãªãã¯ãããšããµãŒãã¹å®çŸ©ã 䜿çšãããŠãããã¹ãŠã®èšå®ãªãã·ã§ã³ã衚瀺ã§ããŸãã ãµãŒãã¹å®çŸ©ãäœæããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ããµãŒãã¹å®çŸ© ãããŒãžã§ãæ°èŠãµãŒãã¹å®çŸ© ããã¯ãªãã¯ããŸãã ãæ°èŠãµãŒãã¹å®çŸ©ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã (éžæããå®çŸ©ã¿ã€ãã«å¿ããŠããµãŒãã¹å®çŸ©ã®ããã«è©³çŽ°ãªãã©ã¡ãŒã¿ã衚瀺ãããŸãã) åå:ãã®å®çŸ©ã説æããååãå ¥åããŸãã å®çŸ©ã¿ã€ã:ãµãŒãã¹ã¿ã€ããéžæããŸãã次ã®ã¿ã€ãã䜿çšã§ããŸãã l TCP:TCP æ¥ç¶ã§ã¯ã0 ïœ 65535 ã®ããŒãçªå·ã䜿çšããŸãããã¹ããããã±ãã㯠TCP ãèªèããŠå床ãªã¯ãšã¹ãããŸããTCP æ¥ç¶ã§ã¯ãåä¿¡è ã¯éä¿¡è ã«å¯Ÿã㊠ããŒã¿ãã±ãããåä¿¡ãããšãã«éç¥ããŸã (æ¥ç¶é¢é£ã®ãããã³ã«)ãTCP ã»ãã·ã§ã³ 㯠3WAY ãã³ãã·ã§ãŒã¯ã§å§ãŸããã»ãã·ã§ã³ã®æåŸã«æ¥ç¶ãã¯ããŒãºããŸãã次ã®æ å ±ãæå®ããŸãã l å®å ããŒã:å®å ããŒããåäžã®ããŒãçªå· (äŸ: 80) ãããã¯ç¯å² (äŸ: 1024:64000) ãšããŠå ¥åããŸããç¯å²ãæå®ããå Žåã¯ãã³ãã³ãåºåãæå ãšããŠäœ¿çšããŸãã l éä¿¡å ããŒã:éä¿¡å ããŒããåäžã®ããŒãçªå· (äŸ: 80) ãããã¯ç¯å² (äŸ: 1024:64000) ãšããŠå ¥åããŸããç¯å²ãæå®ããå Žåã¯ãã³ãã³ãåºåãæå ãšããŠäœ¿çšããŸãã l UDP:UDP( User Datagram Protocol) ã¯ã0 ïœ 65535 ã®ããŒãçªå·ã䜿çšããã¹ããŒã ã¬ã¹ãããã³ã«ã§ããUDP ã¯ã¹ããŒããç¶æããªããããTCP ããé«éã§ããç¹ã«ãå° éã®ããŒã¿ã¯é«éã«éä¿¡ã§ããŸãããã ãããã®ã¹ããŒãã¬ã¹ã§ãããšããããš UTM 9 管çã¬ã€ã 107 5.2 ãµãŒãã¹å®çŸ© 5 å®çŸ©ãšãŠãŒã¶ ã¯ãUDP ã¯ãã±ããããã¹ããŸãã¯ããããããå Žåã«èªèã§ããªãããšãæå³ã㟠ããåä¿¡ã³ã³ãã¥ãŒã¿ã¯ãããŒã¿ãã±ãããåä¿¡ããŠãéä¿¡è ã«éç¥ããŸãããUDP ã éžæããå Žåã¯ãTCP ã®å Žåãšåãèšå®ãªãã·ã§ã³ãç·šéã§ããŸãã l TCP/UDP:TCP ãš UDP ã®çµã¿åããã§ãDNS ãªã©ã®äž¡æ¹ã®ãµããããã³ã«ã䜿çšã ãã¢ããªã±ãŒã·ã§ã³ãããã³ã«ã«é©åã§ããTCP/UDP ãéžæããå Žåã¯ãTCP ãŸã㯠UDP ã®å Žåãšåãèšå®ãªãã·ã§ã³ãç·šéã§ããŸãã l ICMP/ICMPv6:ICMP (Internet Control Message Protocol) ã¯äž»ã«ãšã©ãŒã¡ãã»ãŒãžã® éä¿¡ã«äœ¿çšãããŸããããšãã°ãèŠæ±ããããµãŒãã¹ãå©çšã§ããªãããããã¯ãã¹ ããã«ãŒã¿ã«å°éã§ããªãã£ãããªã©ã®ã¡ãã»ãŒãžãéä¿¡ããŸããICMP ãŸã㯠ICMPv6 ãéžæããå Žåã¯ãICMP ã³ãŒã/ã¿ã€ããéžæããŸããIPv4 ãã¡ã€ã¢ãŠã©ãŒã« ã«ãŒã«ã¯ ICMPv6 ã§ã¯æ©èœãããIPv6 ãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ã¯ ICMP ã§ã¯æ©èœã ãŸããã l IP:IP (Internet Protocol) ã¯ãã€ã³ã¿ãŒãããäžã§ã®ããŒã¿ã®ããåãã«äœ¿çšããããã ãã¯ãŒã¯ããã³äŒéãããã³ã«ã§ããIP ãéžæããããIPå ã§ã«ãã»ã«åããããããã³ ã«ã®çªå·ãæå®ããŸã (äŸ: 121ããã㯠SMP ãããã³ã«ãè¡šããŸã)ã l ESP:ESP (ã«ãã»ã«åã»ãã¥ãªãã£ãã€ããŒã) ã¯ãIPsec ãã³ããªã³ã°ãããã³ã«ã¹ã€ãŒã ã®äžéšã§ãVPN ãä»ããŠãã³ãã«ãããããŒã¿ã«æå·åãµãŒãã¹ãæäŸããŸããESP ãŸã㯠AH ãéžæããå Žåã¯ãSPI (ã»ãã¥ãªãã£ãã©ã¡ãŒã¿ã€ã³ããã¯ã¹) ãæå®ã㟠ããããã¯ãIP ã¢ãã¬ã¹ãšãšãã«ã»ãã¥ãªãã£ãã©ã¡ãŒã¿ãç¹å®ããŸããç¹ã«èªå IPsec éµäº€æã䜿çšããå Žåã¯ã256ïœ4,294,967,296 ã®å€ãå ¥åãããããŸã㯠256ïœ4,294,967,296 ã®ç¯å²ãšããŠæå®ãããããã©ã«ãèšå®ã䜿çšããŸã (ã³ãã³ãåº åãæåãšããŠäœ¿çšããŸã)ã1ïœ255 ã®çªå·ã¯ IANA (Internet Assigned Numbers Authority) ã«ãã£ãŠäºçŽãããŠããŸãã l AH:èªèšŒããã㌠(AH) 㯠IPsec ãã³ããªã³ã°ãããã³ã«ã¹ã€ãŒãã®äžéšã§ãIP ããããš ããŒã¿ã°ã©ã ãã€ããŒãéã«äœçœ®ããæ å ±ã® (æ©å¯æ§ã§ã¯ãªã) æŽåæ§ãç¶æããŸãã l ã°ã«ãŒã:ä»ã®ãµãŒãã¹å®çŸ©ãªã¹ããå«ãã³ã³ãããèšå®ãèªã¿ãããããããã«ãã ããã䜿çšããŠãµãŒãã¹å®çŸ©ããŸãšããããšãã§ããŸãããã°ã«ãŒãããéžæãããšããã¡ ã³ããŒãããã¯ã¹ãéãã®ã§ãããã§ã°ã«ãŒãã®ã¡ã³ã㌠(ãã®ä»ã®ãµãŒãã¹å®çŸ©ãªã©) ãè¿œå ããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããå®çŸ©ãããµãŒãã¹å®çŸ© ããªã¹ãã«è¡šç€ºãããŸãã å®çŸ©ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 108 UTM 9 管çã¬ã€ã 5 å®çŸ©ãšãŠãŒã¶ 5.3 æé垯å®çŸ© 泚 âå®çŸ©ã¿ã€ãã¯åŸã§å€æŽã§ããŸãããå®çŸ©ã¿ã€ããå€æŽããã«ã¯ããµãŒãã¹å®çŸ©ãåé€ããåž æã®èšå®ã§æ°ãããµãŒãã¹å®çŸ©ãäœæããŸãã 5.3 æé垯å®çŸ© ãå®çŸ©ãšãŠãŒã¶ > æé垯å®çŸ© ãããŒãžã§ãåç¬ãŸãã¯ç¹°ãè¿ãçºçããæé垯 (ã¿ã€ã ã¹ããã) ãå® çŸ©ã§ããŸããããã䜿çšããŠãããšãã°ãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ãã³ã³ãã³ããã£ã«ã¿ãããã¡ã€ã«ã® å²ãåœãŠãªã©ãç¹å®ã®æéç¯å²ã«å¶éã§ããŸãã ãã³ã âãæé垯å®çŸ© ããªã¹ãã®æé垯å®çŸ©ã®æ å ±ã¢ã€ã³ã³ãã¯ãªãã¯ãããšããã®æé垯å®çŸ©ã 䜿çšãããŠãããã¹ãŠã®èšå®ãªãã·ã§ã³ã衚瀺ã§ããŸãã æé垯å®çŸ©ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãæé垯å®çŸ© ãã¿ãã§ããæ°èŠæé垯å®çŸ© ããã¯ãªãã¯ããŸãã ãæ°èŠæé垯å®çŸ©ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã®æé垯å®çŸ©ã説æããååãå ¥åããŸãã ã¿ã€ã:æé垯å®çŸ©ã®ã¿ã€ããéžæããŸãã次ã®ã¿ã€ãã䜿çšã§ããŸãã l ç¹°ãè¿ãã€ãã³ã:ãããã®ã€ãã³ãã¯å®æçã«ç¹°ãè¿ãããŸããéå§æéãçµäºæ éãããã³æé垯å®çŸ©ãé©çšãããææ¥ãéžæã§ããŸããçµäºæéãç¿æ¥ã«ãªã å Žåã¯ãéå§æéã®ææ¥ãéžæããŸãããã®ã¿ã€ãã«ã¯éå§æ¥ãšçµäºæ¥ã¯éžæã§ã ãŸããã l åç¬ã€ãã³ã:ãããã®ã€ãã³ãã¯äžåºŠã ãå®æœãããŸããéå§æ¥æããã³çµäºæ¥æ ã®äž¡æ¹ãéžæã§ããŸãããããã®å®çŸ©ã¯ç¹°ãè¿ãããªãã®ã§ããææ¥ ããªãã·ã§ã³ã¯ã ã®ã¿ã€ãã«ã¯éžæã§ããŸããã l ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããæé垯å®çŸ©ããæé垯å®çŸ© ããªã¹ãã«è¡šç€ºãããŸãã æé垯å®çŸ©ãç·šéãããã¯åé€ããã«ã¯ã該åœãããã¿ã³ãã¯ãªãã¯ããŸãã UTM 9 管çã¬ã€ã 109 5.4 ãŠãŒã¶ãšã°ã«ãŒã 5 å®çŸ©ãšãŠãŒã¶ 5.4 ãŠãŒã¶ãšã°ã«ãŒã ãå®çŸ©ãšãŠãŒã¶ > ãŠãŒã¶ãšã°ã«ãŒããã¡ãã¥ãŒã䜿çšããŠãWebAdmin ã¢ã¯ã»ã¹ããªã¢ãŒãã¢ã¯ã»ã¹ã ãŠãŒã¶ããŒã¿ã«ã¢ã¯ã»ã¹ãã¡ãŒã«ã®äœ¿çšã®ããã®ãŠãŒã¶ãšã°ã«ãŒããäœæããããšãã§ããŸãã 5.4.1 ãŠãŒã¶ ãå®çŸ©ãšãŠãŒã¶ > ãŠãŒã¶ãšã°ã«ãŒã > ãŠãŒã¶ ãã¿ãã§ãUTMã«ãŠãŒã¶ã¢ã«ãŠã³ããè¿œå ããããšãã§ã ãŸããSophos UTMã«ã¯ãå·¥å Žåºè·æã®ããã©ã«ãèšå®ãšããŠãadmin ãšãã 1人ã®ç®¡çè ãæ§æã ããŠããŸãã ãã³ã âããŠãŒã¶ ããªã¹ãã®ãŠãŒã¶å®çŸ©ã®æ å ±ã¢ã€ã³ã³ãã¯ãªãã¯ãããšããŠãŒã¶å®çŸ©ã䜿çšãã㊠ãããã¹ãŠã®èšå®ãªãã·ã§ã³ã衚瀺ã§ããŸãã ãæ°èŠãŠãŒã¶ ããã€ã¢ãã°ããã¯ã¹ã§ã¡ãŒã«ã¢ãã¬ã¹ãæå®ãããšããã®ãŠãŒã¶ã® X.509 蚌ææžãç æãããã®ãšåæã«ãã¡ãŒã«ã¢ãã¬ã¹ã蚌ææžã® VPN ID ãšããŠäœ¿çšããŠãŠãŒã¶å®çŸ©ãäœæãã㟠ããã¡ãŒã«ã¢ãã¬ã¹ãæå®ãããŠããªãå Žåã¯ããŠãŒã¶ã® èå¥å (DN) ã VPN ID ãšããŠèšŒææžã äœæãããŸãããã®ããã«ããŠãŒã¶ã eDirectory ãªã©ã®ããã¯ãšã³ãã°ã«ãŒãã«ããèªèšŒãããŠãã å Žåã¯ã察å¿ããããã¯ãšã³ããŠãŒã¶ãªããžã§ã¯ãã§ã¡ãŒã«ã¢ãã¬ã¹ãèšå®ãããŠããªãå Žåã§ã 蚌ææžã¯äœæãããŸãã ãªããªããå蚌ææžã® VPN ID ã¯äžæã§ãããããåãŠãŒã¶å®çŸ©ã¯ç°ãªãäžæã®ã¡ãŒã«ã¢ãã¬ã¹ ã䜿çšããŠããããã§ããã·ã¹ãã ã«ãã§ã«ããã¡ãŒã«ã¢ãã¬ã¹ã䜿çšãããŠãŒã¶å®çŸ©ã®äœæã¯å€± æããŸãã蚌ææžã¯ãSophos UTMããµããŒãããåçš®ãªã¢ãŒãã¢ã¯ã»ã¹æ¹æ³ã§äœ¿çšå¯èœã§ãããã ããPSK ã䜿çšãã PPTPãL2TP over IPsecãããã³ RSA ãŸã㯠PSK ã䜿çšãããã€ãã£ã IPsec ã¯é€å€ãããŸãã ãŠãŒã¶ã¢ã«ãŠã³ããè¿œå ããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ããŠãŒã¶ ãã¿ãã§ããæ°èŠãŠãŒã¶ ããã¯ãªãã¯ããŸãã ãæ°èŠãŠãŒã¶ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã 110 UTM 9 管çã¬ã€ã 5 å®çŸ©ãšãŠãŒã¶ 5.4 ãŠãŒã¶ãšã°ã«ãŒã ãŠãŒã¶å:ãã®ãŠãŒã¶ã説æããååãå ¥åããŸã (äŸ: jdoe)ãPPTP ãŸã㯠L2TP over IPsec çµç±ã®ãªã¢ãŒãã¢ã¯ã»ã¹ã䜿çšããå ŽåããŠãŒã¶åã«ã¯å°å·å¯èœãª ASCII æåãã䜿çšã§ ããªãããšããããŸã 1ã å®éã®åå:ãŠãŒã¶ã®å®éã®ååãå ¥åããŸã (äŸ: John Doe)ã ã¡ãŒã«ã¢ãã¬ã¹:ãŠãŒã¶ã®ãã©ã€ããªã¡ãŒã«ã¢ãã¬ã¹ãå ¥åããŸãã ä»ã®ã¡ãŒã«ã¢ãã¬ã¹ (ãªãã·ã§ã³):ãã®ãŠãŒã¶ã®ä»ã®ã¡ãŒã«ã¢ãã¬ã¹ãå ¥åããŸãããããã® ã¡ãŒã«ã¢ãã¬ã¹ã«éä¿¡ãããã¹ãã ã¡ãŒã«ã¯åã¡ãŒã«ã¢ãã¬ã¹çšã®åã ã®éé¢ã¬ããŒãã«ãª ã¹ãããããã®ã¬ããŒãã¯åè¿°ã®ãã©ã€ããªã¡ãŒã«ã¢ãã¬ã¹ã«éä¿¡ãããŸãã èªèšŒ:èªèšŒæ¹åŒãéžæããŸãã以äžã®æ¹åŒã䜿çšã§ããŸãã l ããŒã«ã«:UTMã§ãŠãŒã¶ãããŒã«ã«èªèšŒããå Žåã«éžæããŸãã l ãªã¢ãŒã:Sophos UTMã§ãµããŒããããŠããå€éšèªèšŒæ¹åŒã®ããããã䜿çšããŠãŠãŒ ã¶ãèªèšŒããå Žåã«éžæããŸãã詳现ã¯ããå®çŸ©ãšãŠãŒã¶ > èªèšŒãµãŒã ããåç §ã㊠ãã ããã l ãªã:ãŠãŒã¶ãèªèšŒãããã®ãå®å šã«é²æ¢ããå Žåã«éžæããŸããããã¯ãããšãã°ã ãŠãŒã¶å®çŸ©ãåé€ããããšãªããŠãŒã¶ãäžæçã«ç¡å¹ã«ããå Žåã«åœ¹ã«ç«ã¡ãŸãã ãã¹ã¯ãŒã:ãŠãŒã¶ã®ãã¹ã¯ãŒããå ¥åããŸã (確èªã®ããã« 2åå ¥åããŸã)ãèªèšŒæ¹åŒãšã ãŠãããŒã«ã« ããéžæããå Žåã®ã¿å©çšã§ããŸããåºæ¬çãªãŠãŒã¶èªèšŒã§ã¯ãŠã ã©ãŠãã¯ãµ ããŒãããŠããŸãããPPTP ãŸã㯠L2TP over IPsec çµç±ã®ãªã¢ãŒãã¢ã¯ã»ã¹ã䜿çšããå Ž åããã¹ã¯ãŒãã«ã¯å°å·å¯èœãª ASCII æåãã䜿çšã§ããªãããšããããŸã 2ã ããã¯ãšã³ãåæ:å®éã®ååããŠãŒã¶ã®ã¡ãŒã«ã¢ãã¬ã¹ãªã©ã®ãŠãŒã¶å®çŸ©ã®åºæ¬èšå®ã® äžéšããããŒã¿ãå€éšããã¯ãšã³ãèªèšŒãµãŒããšåæããããšã§èªåçã«æŽæ°ã§ããŸã (èª èšŒæ¹åŒãšããŠããªã¢ãŒãããéžæãããšãã®ã¿å©çšã§ããŸã)ããŠãŒã¶ã«å¯ŸããŠããªãã§ãããæ å®ãããŠããå Žåããã®ãªãã·ã§ã³ã¯ããèªèšŒãµãŒã > 詳现 ãã¿ãã«ããããã°ã€ã³æã®ãã㯠ãšã³ãåæãæå¹å ããªãã·ã§ã³ã«åŸã£ãŠèªåçã«èšå®ãããããšã«æ³šæããŠãã ããã 泚 â çŸåšã¯ãActive Directory ããã³ eDirectory ãµãŒãã®ããŒã¿ã®ã¿åæã§ããŸãã X.509 蚌ææž:ãŠãŒã¶å®çŸ©ãäœæãããããŠãŒã¶å®çŸ©ãç·šéããéã«ãã®ãŠãŒã¶ã« X.509 蚌 ææžãå²ãåœãŠãããšãã§ããŸããããã©ã«ãã§ã¯ããã®èšŒææžã¯ãŠãŒã¶å®çŸ©ãäœæãããš 1http://en.wikipedia.org/wiki/ASCII#ASCII_printable_characters 2http://en.wikipedia.org/wiki/ASCII#ASCII_printable_characters UTM 9 管çã¬ã€ã 111 5.4 ãŠãŒã¶ãšã°ã«ãŒã 5 å®çŸ©ãšãŠãŒã¶ ãã«èªåçã«çæããããã®ã§ãããã ãããµãŒãããŒãã£ã®èšŒææžãå²ãåœãŠãããšãã§ã ãŸãã蚌ææžã¯ãããªã¢ãŒãã¢ã¯ã»ã¹ã>ã蚌ææžç®¡çã>ã蚌ææžãã¿ãã§ã¢ããããŒãã§ã㟠ãã../s2s/Certificate_Management-Certificates.htm ã¹ã¿ãã£ãã¯ãªã¢ãŒãã¢ã¯ã»ã¹ IP ãäœ¿çš (ãªãã·ã§ã³):ãªã¢ãŒãã¢ã¯ã»ã¹ãååŸãããŠãŒã¶ã«ãIP ã¢ãã¬ã¹ããŒã«ã®ãã€ããã㯠IP ã¢ãã¬ã¹ãå²ãåœãŠã代ããã«ã¹ã¿ãã£ã㯠IP ã¢ãã¬ã¹ãå² ãåœãŠãå Žåã«éžæããŸããNAT ã«ãŒã¿èåŸã® IPsec ãŠãŒã¶ã¯ãã¹ã¿ãã£ãã¯ãªã¢ãŒãã¢ã¯ã» ã¹ IP ã¢ãã¬ã¹ãå¿ ã䜿çšããå¿ èŠããããŸãã 泚 â ã¹ã¿ãã£ãã¯ãªã¢ãŒãã¢ã¯ã»ã¹ IP ã¯ãPPTPãL2TPãããã³ IPsec ãä»ãããªã¢ãŒãã¢ã¯ ã»ã¹ã®ã¿ã«äœ¿çšã§ããŸããããã¯ãSSL ãä»ãããªã¢ãŒãã¢ã¯ã»ã¹ã«ã¯äœ¿çšã§ããŸããã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. 次ã®è©³çŽ°èšå®ãä»»æã§è¡ããŸãã ãŠãŒã¶ã¯ç¬èªã®ã¡ãŒã«ãã¯ã€ããªã¹ããšãã©ãã¯ãªã¹ããäœæãã管çããããšãã§ããŸã (ããŠãŒã¶ããŒã¿ã«ãã®ç« ãåç §)ãããã§ãããã®ãªã¹ããåç §ããå¿ èŠã«å¿ããŠå€æŽããããš ãã§ããŸãã 4. ãä¿å ããã¯ãªãã¯ããŸãã æ°ãããŠãŒã¶ã¢ã«ãŠã³ããããŠãŒã¶ ããªã¹ãã«è¡šç€ºãããŸãã ãã®ãŠãŒã¶ã Web ããŒã¹ã®ç®¡çã€ã³ã¿ãã§ãŒã¹ WebAdmin ãžã®ã¢ã¯ã»ã¹ããã€æ£èŠã®ç®¡çè ã«ã ãå Žåã¯ããã®ãŠãŒã¶ã SuperAdmins ã°ã«ãŒãã«è¿œå ããŸããSuperAdmins ã¯ãWebAdmin ã®ãå® çŸ©ãšãŠãŒã¶ > ãŠãŒã¶ãšã°ã«ãŒã > ã°ã«ãŒããã¿ãã§èšå®ããŸãã 泚 â ãŠãŒã¶ãªããžã§ã¯ããåé€ããåŸã§åãååã§ãŠãŒã¶ãªããžã§ã¯ããäœæããå Žåã¯ããã® ãŠãŒã¶ã«é¢é£ãã蚌ææžã ããªã¢ãŒãã¢ã¯ã»ã¹ã>ã蚌ææžç®¡çã>ã蚌ææžãã¿ãã§åé€ããããšã確 èªããŠãã ãããåé€ããŠããªãå Žåãããã®ååã®ã¢ã€ãã ã¯ãã§ã«ååšããŸãããšããæšã®ãš ã©ãŒã¡ãã»ãŒãžã衚瀺ãããŸãã äœããã®ãªã¢ãŒãã¢ã¯ã»ã¹ãæå¹åããããŠãŒã¶ã®ãªã¢ãŒãã¢ã¯ã»ã¹èšŒææžãèšå®ãããŠã³ããŒã ããããšãã§ããŸãããã®ããã«ã¯ãåãŠãŒã¶ã®åã«ãããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ãããªã¹ã ãããã®ãã¢ã¯ã·ã§ã³ãããããããŠã³ãªã¹ãããç®çã®ãªãã·ã§ã³ãéžæããŸãããŠãŒã¶ããŒã¿ã«ã®äœ¿ çšãèš±å¯ãããŠããå Žåã¯ããªã¢ãŒãã¢ã¯ã»ã¹ãŠãŒã¶èªèº«ããããã®ãã¡ã€ã«ãããŠã³ããŒãã§ã㟠ãã 112 UTM 9 管çã¬ã€ã 5 å®çŸ©ãšãŠãŒã¶ 5.4 ãŠãŒã¶ãšã°ã«ãŒã 5.4.2 ã°ã«ãŒã ãå®çŸ©ãšãŠãŒã¶ > ãŠãŒã¶ãšã°ã«ãŒã > ã°ã«ãŒããããŒãžã§ãUTMã«ãŠãŒã¶ã°ã«ãŒããè¿œå ããããšã ã§ããŸããSophos UTMã«ã¯ãå·¥å Žåºè·æã®ããã©ã«ãèšå®ãšããŠãSuperAdmins ãšãããŠãŒã¶ã° ã«ãŒãããããŸãã管çç¹æš©ããŠãŒã¶ã«å²ãåœãŠãã (ã€ãŸã WebAdmin ãžã®ã¢ã¯ã»ã¹æš©ããŠãŒã¶ ã«ä»äžããã) å Žåã¯ãåœè©²ãŠãŒã¶ã SuperAdmins ã°ã«ãŒãã«è¿œå ããŸãããã®ã°ã«ãŒãã¯åé€ã ãªãã§ãã ããã ãã³ã â ãã°ã«ãŒãããªã¹ãã§ã°ã«ãŒãã®å®çŸ©ãã¯ãªãã¯ãããšããã®ã°ã«ãŒãå®çŸ©ã䜿çšãããŠã ããã¹ãŠã®èšå®ãªãã·ã§ã³ã衚瀺ãããŸãã ãŠãŒã¶ã°ã«ãŒããè¿œå ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ãã°ã«ãŒããã¿ãã§ããæ°èŠã°ã«ãŒãããã¯ãªãã¯ããŸãã ãæ°èŠã°ã«ãŒãã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ã°ã«ãŒãå:ãã®ã°ã«ãŒãã説æããååãå ¥åããŸãããã®ååã¯ãããã¯ãšã³ãã°ã«ãŒã ã®ååã«å¯Ÿå¿ããŠããå¿ èŠã¯ãããŸããã ã°ã«ãŒãã¿ã€ã:ã°ã«ãŒãã®ã¿ã€ããéžæããŸããã¹ã¿ãã£ãã¯ã¡ã³ãã®ã°ã«ãŒããããã€ã ããã¯ã¡ã³ãã·ãããå®çŸãã2çš®é¡ã®ã°ã«ãŒãã¿ã€ãããéžæã§ããŸãã l ã¹ã¿ãã£ãã¯ã¡ã³ããŒ:ãã®ã°ã«ãŒãã®ã¡ã³ããŒãšãªãããŒã«ã«ãŠãŒã¶ãéžæããŸãã l IPsec X509 DN ãã¹ã¯:ãŠãŒã¶ã¯ãIPsec æ¥ç¶ã«ãã£ãŠã²ãŒããŠã§ã€ãžã®ãã°ã€ã³ã«æå ããèå¥åã«å«ãŸããç¹å®ã®ãã©ã¡ãŒã¿ããDN ãã¹ã¯ ãããã¯ã¹ã§æå®ãããå€ãšäž èŽããå Žåã«ãIPsec X509 DN ã°ã«ãŒãå®çŸ©ã«åçã«è¿œå ãããŸãã l ããã¯ãšã³ãã¡ã³ããŒã·ãã:ãŠãŒã¶ã¯ããµããŒããããããããã®èªèšŒã¡ã«ããºã ã«ã ãèªèšŒãæåããå Žåã«ãã°ã«ãŒãå®çŸ©ã«åçã«è¿œå ãããŸããç¶è¡ããã«ã¯ã該 åœããããã¯ãšã³ãèªèšŒã¿ã€ããéžæããŸãã l Active Directory:UTMã® Active Directory ãŠãŒã¶ã°ã«ãŒãã¯ãWindows ããã ã¯ãŒã¯äžã§èšå®ãããŠãã Active Directory ãµãŒããŠãŒã¶ã°ã«ãŒãã®ã¡ã³ã㌠ã«å¯Ÿããã°ã«ãŒãã¡ã³ããŒã·ãããæäŸããŸãããã®ãŠãŒã¶ãã¡ã³ããšãªã£ãŠã ã Active Directory ãµãŒãã°ã«ãŒãã®ååãå ¥åããŠãã ããã詳现ã¯ããå®çŸ© ãšãŠãŒã¶ > èªèšŒãµãŒã > ãµãŒã ããåç §ããŠãã ããã l UTM 9 管çã¬ã€ã eDirectory:UTMã® eDirectory ãŠãŒã¶ã°ã«ãŒãã¯ãeDirectory ãããã¯ãŒã¯äžã§ èšå®ãããŠãã eDirectory ãŠãŒã¶ã°ã«ãŒãã®ã¡ã³ããŒã«å¯Ÿããã°ã«ãŒãã¡ã³ 113 5.4 ãŠãŒã¶ãšã°ã«ãŒã 5 å®çŸ©ãšãŠãŒã¶ ããŒã·ãããæäŸããŸãããã®ãŠãŒã¶ãã¡ã³ããšãªã£ãŠãã eDirectory ã°ã«ãŒ ãã®ååãå ¥åããŠãã ããã詳现ã¯ããå®çŸ©ãšãŠãŒã¶ > èªèšŒãµãŒã > ãµãŒã ã ãåç §ããŠãã ããã l RADIUS:ãŠãŒã¶ã¯ãRADIUS èªèšŒæ¹åŒã«ããèªèšŒãæåãããšãRADIUS ããã¯ãšã³ãã°ã«ãŒãã«èªåçã«è¿œå ãããŸãã l TACACS+:ãŠãŒã¶ã¯ãTACACS+ èªèšŒæ¹åŒã«ããèªèšŒãæåãã ãšãTACACS+ ããã¯ãšã³ãã°ã«ãŒãã«èªåçã«è¿œå ãããŸãã l LDAP:ãŠãŒã¶ã¯ãLDAP èªèšŒæ¹åŒã«ããèªèšŒãæåãããšãLDAP ããã¯ãšã³ ãã°ã«ãŒãã«èªåçã«è¿œå ãããŸãã ããã¯ãšã³ãã°ã«ãŒãã¡ã³ããŒã·ããã«å¶é (ãªãã·ã§ã³):éžæããããã¯ãšã³ããµãŒãã®ãã¹ ãŠã®ãŠãŒã¶ããã®ã°ã«ãŒãå®çŸ©ã«å«ããããšãæãŸãªãå Žåã¯ããã¹ãŠã® X.500 ããŒã¹ã® ãã£ã¬ã¯ããªãµãŒãã¹ã«å¯ŸããŠãããã¯ãšã³ããµãŒãäžã®ããã€ãã®ã°ã«ãŒãã«ã¡ã³ããŒã·ãã ãå¶éããããšãã§ããŸãããã®ãªãã·ã§ã³ãéžæããå Žåãããã§å ¥åããã°ã«ãŒãã¯ã ããã¯ãšã³ããµãŒãã«èšå®ãããŠããäžè¬å ãšäžèŽããŠããå¿ èŠããããŸããActive Directory ããã¯ãšã³ãã«å¯ŸããŠãã®ãªãã·ã§ã³ãéžæããå ŽåãCN= ãã¬ãã£ãã¯ã¹ã¯çç¥ã§ ããŸããeDirectory ããã¯ãšã³ãã«å¯ŸããŠãã®ãªãã·ã§ã³ãéžæãããšãeDirectory ãã©ãŠã¶ã 䜿çšããŠããã®ã°ã«ãŒãå®çŸ©ã«å«ãã eDirectory ã°ã«ãŒããç°¡åã«éžæããããšãã§ã㟠ãããã ããeDirectory ãã©ãŠã¶ã䜿çšããªãå Žåã¯ãeDirectory ã³ã³ããã®å ¥åæã« CN= ã ã¬ãã£ãã¯ã¹ãå¿ ãå«ããŠãã ããã LDAP å±æ§ã®ãã§ã㯠(ãªãã·ã§ã³):éžæããããã¯ãšã³ã LDAP ãµãŒãã®ãã¹ãŠã®ãŠãŒã¶ã ãã®ã°ã«ãŒãå®çŸ©ã«å«ãããã¯ãªãå Žåã¯ããã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŠã ããã¯ãšã³ããµãŒãäžã«ããç¹å®ã® LDAP å±æ§ã«äžèŽãããŠãŒã¶ã®ã¿ã«ã¡ã³ããŒã·ããã å¶éããããšãã§ããŸãããã®å±æ§ã¯ LDAP æ€çŽ¢ãã£ã«ã¿ãšããŠäœ¿çšãããŸããããšãã°ãå± æ§ãšã㊠groupMembership ãå ¥åãããã®å€ãšã㊠CN=Sales,O=Example ãå ¥åããã ãšã«ãããããã«ãããäŒç€Ÿã®å¶æ¥éšéã«å±ãããã¹ãŠã®ãŠãŒã¶ãã°ã«ãŒãå®çŸ©ã«å«ããã ãšãã§ããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ãããŠãŒã¶ã°ã«ãŒãããã°ã«ãŒãããªã¹ãã«è¡šç€ºãããŸãã ã°ã«ãŒããç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 114 UTM 9 管çã¬ã€ã 5 å®çŸ©ãšãŠãŒã¶ 5.5 ã¯ã©ã€ã¢ã³ãèªèšŒ Figure 17 ã°ã«ãŒãïŒ Sophos UTM 5.5 ã¯ã©ã€ã¢ã³ãèªèšŒ Sophos ã¯ãUTMã§çŽæ¥ãŠãŒã¶èªèšŒãè¡ãããã«ãWindows çšã®èªèšŒã¯ã©ã€ã¢ã³ããæäŸããŠã㟠ããããã«ããããŠãŒã¶ãããã¯ãŒã¯ãŸãã¯ã°ã«ãŒããããã¯ãŒã¯ã«åºã¥ããã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ã äœæãããããããšã§ãWeb ãµãŒãã£ã³ããããã¯ãŒã¯ãã©ãã£ãã¯ããŠãŒã¶ã«åºã¥ããŠã³ã³ãããŒã«ã ãããšãã§ããŸããããã«ãå¯èœã§ããã°ãIP ã¢ãã¬ã¹ããã¹ãåããã®ä»ã®æ å ±ããŠãŒã¶åã«çœ®ã æãããããããŒã¿ããªããžã§ã¯ãã®ã¬ããŒããããèªã¿ããããªããŸãã 泚 â WebAdmin ã§ã¯ãã¯ã©ã€ã¢ã³ãèªèšŒã§èªèšŒããããŠãŒã¶ãªããžã§ã¯ãã¯ãããã©ãŒãã³ã¹äžã® çç±ããåžžã«æªè§£æ±ºãšããŠè¡šç€ºãããŸãã ã¯ã©ã€ã¢ã³ãèªèšŒã䜿çšããã (ãããã¯äœ¿çšããå¿ èŠããã) ãŠãŒã¶ã¯ãã¯ã©ã€ã¢ã³ã PC ãŸã㯠Mac OS ã³ã³ãã¥ãŒã¿ã« Sophos Authentication Agent (SAA) ãã€ã³ã¹ããŒã«ããå¿ èŠããããŸããSAA ã¯ããã® WebAdmin ããŒãžãŸãã¯ãŠãŒã¶ããŒã¿ã«ããããŠã³ããŒãå¯èœã§ãããŠãŒã¶ããŒã¿ã«ã® ããŒãžã«ããŠã³ããŒããªã³ã¯ã衚瀺ãããã®ã¯ãã¯ã©ã€ã¢ã³ãèªèšŒèšå®ã®ãŠãŒã¶ã°ã«ãŒãã«åå ã ãŠãããŠãŒã¶ã®ã¿ã§ãã ã¯ã©ã€ã¢ã³ãèªèšŒãèšå®ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã UTM 9 管çã¬ã€ã 115 5.5 ã¯ã©ã€ã¢ã³ãèªèšŒ 5 å®çŸ©ãšãŠãŒã¶ 1. ãã¯ã©ã€ã¢ã³ãèªèšŒ ãã¿ãã§ãã¯ã©ã€ã¢ã³ãèªèšŒãæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããç·è²ã«ãªãããã¯ã©ã€ã¢ã³ãèªèšŒãªãã·ã§ã³ããšãªã¢ãç·šéå¯èœã«ãªããŸãã 2. èš±å¯ãããããã¯ãŒã¯ãéžæããŸãã ã¯ã©ã€ã¢ã³ãèªèšŒã䜿çšããå¿ èŠããããããã¯ãŒã¯ãéžæããŸããã¯ã©ã€ã¢ã³ãèªèšŒãæ©èœ ããããã«ã¯ããããã®ãããã¯ãŒã¯ãUTMã«çŽæ¥æ¥ç¶ãããŠããå¿ èŠããããŸãã 3. èš±å¯ãããŠãŒã¶ããã³ã°ã«ãŒããéžæããŸãã åäžã®ãŠãŒã¶ããã³ã°ã«ãŒãããèš±å¯ããããŠãŒã¶ããã³ã°ã«ãŒããããã¯ã¹ã§éžæãŸã㯠远å ããŸããããã¯ãæ¢åã®èªèšŒã°ã«ãŒã (Active Directory ãŠãŒã¶ã°ã«ãŒããªã©) ã«ããããš ãã§ããŸãã 4. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã éžæãããããã¯ãŒã¯ã§ã¯ã©ã€ã¢ã³ãèªèšŒãå©çšã§ããããã«ãªããŸããã ã¯ã©ã€ã¢ã³ ã èªèšŒãã ã° ã©ã ã¯ã©ã€ã¢ã³ãèªèšŒãæå¹ã«ãããšããã㧠Sophos Authentication Agent (SAA) ãããŠã³ããŒãã§ã㟠ããSAA ãæåã§é åžãããããŠãŒã¶ããŠãŒã¶ããŒã¿ã«ããããŠã³ããŒãã§ããããã«ããããšã㧠ããŸãã EXE ãã¡ã€ã«ã®ããŠã³ããŒã:ã¯ã©ã€ã¢ã³ã PC ã«çŽæ¥ã€ã³ã¹ããŒã«ããããã® CA 蚌ææžãå«ãã¯ã© ã€ã¢ã³ãèªèšŒããã°ã©ã ãããŠã³ããŒãããŸããããã¯ããŠãŒã¶ããŒã¿ã«ããããŠã³ããŒãã§ãããã® ãšåããã¡ã€ã«ã§ãã MSI ãã¡ã€ã«ã®ããŠã³ããŒã:ã¯ã©ã€ã¢ã³ãèªèšŒ MSI ããã±ãŒãžãããŠã³ããŒãããŸãããã®ããã±ãŒãž ã¯ãã¡ã€ã³ã³ã³ãããŒã© (DC) ãéããŠèªåã§ããã±ãŒãžãã€ã³ã¹ããŒã«ããããã®ãã®ã§ãããã«ã¯ CA 蚌ææžã¯å«ãŸããŸããã DMG ã®ããŠã³ããŒã:ã¯ã©ã€ã¢ã³ãèªèšŒ Mac OS X ãã£ã¹ã¯ã€ã¡ãŒãžãããŠã³ããŒãããŸãããã®ã€ã¡ãŒ ãžã¯ OS X ã皌åããŠããã¯ã©ã€ã¢ã³ã PC ã«ã€ã³ã¹ããŒã«ããå Žåã«äœ¿çšããŸãã CA ã®ããŠã³ããŒã:MSI ããã±ãŒãžã«è¿œå ã㊠CA 蚌ææžãã€ã³ã¹ããŒã«ããå¿ èŠãããå Žåã«ã ãŠã³ããŒãããŸãã SAA㯠Web ãã£ã«ã¿ã®èªèšŒã¢ãŒããšããŠäœ¿çšã§ããŸãã詳ããã¯ããWeb ãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ ãªã³ã° > ã°ããŒãã« ãã®ç« ãåç §ããŠãã ããã 116 UTM 9 管çã¬ã€ã 5 å®çŸ©ãšãŠãŒã¶ 5.6 èªèšŒãµãŒã 5.6 èªèšŒãµãŒã ãå®çŸ©ãšãŠãŒã¶ > èªèšŒãµãŒã ãããŒãžã§ã¯ãå€éšãŠãŒã¶èªèšŒãµãŒãã¹ã®ããŒã¿ããŒã¹ããã³ãã㯠ãšã³ããµãŒãã管çã§ããŸããå€éšãŠãŒã¶èªèšŒã䜿çšãããšããããã¯ãŒã¯å ã®ä»ã®ãµãŒãäžã«ã ãæ¢åã®ãŠãŒã¶ããŒã¿ããŒã¹ããã£ã¬ã¯ããªãµãŒãã¹ã«å¯ŸããŠããŠãŒã¶ã¢ã«ãŠã³ããæ€èšŒããããšã ã§ããŸããçŸåšãµããŒããããŠããèªèšŒãµãŒãã¹ã¯æ¬¡ã®ãšããã§ãã l Novell ã® eDirectory l ãã€ã¯ããœããã® Active Directory l RADIUS l TACACS+ l LDAP 5.6.1 ã°ããŒãã«èšå® ãå®çŸ©ãšãŠãŒã¶ > èªèšŒãµãŒã > ã°ããŒãã«èšå® ãã¿ãã䜿çšãããšãåºæ¬çãªèªèšŒãªãã·ã§ã³ãèš å®ã§ããŸãã次ã®ãªãã·ã§ã³ã䜿çšã§ããŸãã èªåçã«ãŠãŒã¶ãäœæ:ãã®ãªãã·ã§ã³ãéžæããå Žåãèšå®æžã¿ã®ããã¯ãšã³ãã°ã«ãŒãã®äžæ ãŠãŒã¶ããSophos UTM ã§ãµããŒããããŠããåçš®èªèšŒãµãŒãã¹ã®ããããã«å¯ŸããèªèšŒã«æå ãããšãSophos UTM ã¯åžžã«ãŠãŒã¶ãªããžã§ã¯ããèªåäœæããŸããäŸãã°ãRADIUS ããã¯ãšã³ãã° ã«ãŒããèšå®ããŠãããããããžã¡ã³ãã > ãWebAdmin èšå®ã > ãã¢ã¯ã»ã¹ã³ã³ãããŒã«ã ã¿ãã§å®çŸ©ãã ããããã®ããŒã«ã«ãã®ã°ã«ãŒããã¡ã³ããŒãšããŠè¿œå ããå ŽåãSophos UTM 㯠WebAdmin ãžã® ãã°ã€ã³ã«æåãã RADIUS ãŠãŒã¶ã«å¯ŸããŠãŠãŒã¶å®çŸ©ãèªåçã«äœæããŸãã l æ©èœå¥èªåãŠãŒã¶äœæ:èªåãŠãŒã¶äœæã¯ãç¹å®ã®ãµãŒãã¹ã«å¯ŸããŠæå¹ãŸãã¯ç¡å¹ã« ããããšãã§ããŸããæå¹ãªãµãŒãã¹ã«å¯ŸããŠã®ã¿ããŠãŒã¶ãäœæãããŸãããèªåçã« ãŠãŒã¶ãäœæ ããªãã·ã§ã³ãããã§ãã¯ãå€ããšããã®ãªãã·ã§ã³ã¯äœ¿çšã§ããããŠãŒã¶ã®èª åäœææ©èœã¯ãã¹ãŠã®æ©èœã«å¯ŸããŠç¡å¹ã«ãªããŸãã 泚 â ãã®æ©èœã¯ãActive Directory ã® ã·ã³ã°ã«ãµã€ã³ãªã³ (SSO) ã§ã¯æ©èœããŸããã ãããã®ãŠãŒã¶ãªããžã§ã¯ãã¯ãSophos UTMã®ãŠãŒã¶ããŒã¿ã« ãžã®ã¢ã¯ã»ã¹æš©ãä»äžããããã« ãå¿ èŠã«ãªããŸããããã«ãèªåäœæããããã¹ãŠã®ãŠãŒã¶ãªããžã§ã¯ãã®ããã«ã X.509 蚌ææžã çæãããŸãããã ããã¡ãŒã«ã¢ãã¬ã¹ããã§ã«ååšããã¢ãã¬ã¹ãšè¡çªããå Žåã¯ããã®ãŠãŒã¶ã® èªåäœæã¯å€±æããŸãããã®çç±ã¯ãèªåçã«äœæããããŠãŒã¶å®çŸ©ã«ãããŠãã·ã¹ãã ã«ã㧠UTM 9 管çã¬ã€ã 117 5.6 èªèšŒãµãŒã 5 å®çŸ©ãšãŠãŒã¶ ã«ååšããã¡ãŒã«ã¢ãã¬ã¹ãèšå®ãã¹ãã§ã¯ãªãããã§ããã¡ãŒã«ã¢ãã¬ã¹ã¯ X.509 蚌ææžã®èå¥ åãšããŠäœ¿çšãããããããã¹ãŠã®ã¡ãŒã«ã¢ãã¬ã¹ã¯ã·ã¹ãã å ã§äžæã§ãªããã°ãªããŸããã éèŠ â ãŠãŒã¶ãªããžã§ã¯ããèªåäœæããããŠãŒã¶ã«å¯ŸããèªèšŒ (ãŠãŒã¶ãäœè ã§ããããå€ æããããã®ã¢ã¯ã·ã§ã³) ãšæš©éä»äž (ãŠãŒã¶ãäœãèš±å¯ãããŠããããå€æããããã®ã¢ã¯ã·ã§ ã³) ã¯ãåžžã«ãªã¢ãŒãã®ããã¯ãšã³ããµãŒã/ãã£ã¬ã¯ããªãµãŒãã¹äžã§å®è¡ãããŸãããã®ããã察 å¿ããããã¯ãšã³ããµãŒãã䜿çšäžèœãªå Žåãããã®ãªã¢ãŒããµã€ãã§ãŠãŒã¶ãªããžã§ã¯ããå é€ãããŠããå Žåã«ã¯ãSophos UTMã§èªåçã«äœæããããŠãŒã¶ãªããžã§ã¯ãã¯æ©èœããŸããã ãŸããActive Directory ã® ã·ã³ã°ã«ãµã€ã³ãªã³ (SSO) ãé€ããSophos UTMã¯ãªã¢ãŒãèªèšŒãµãŒãã ãååŸãããŠãŒã¶èªèšŒããŒã¿ã 300ç§éãã£ãã·ã¥ããŸãããã®ããããªã¢ãŒããŠãŒã¶èšå®ãžã®å€æŽ ã¯ããã£ãã·ã¥ã®æéãåããåŸã§åããŠæå¹ã«ãªããŸãã èªèšŒãã£ãã·ã¥ Sophos UTMãäžæãŠãŒã¶ãã http ãªã©ã®ãŠãŒã¶èŠæ±ãåä¿¡ããèªèšŒãå¿ èŠã§ããå Žå ã¯ãSophosUser Authentication (SUA) ãå¿ ãèªèšŒãã£ãã·ã¥ã«ãšã³ããªãæžã蟌ã¿ãŸããé·æçã«ã ãŠãŒã¶ãé »ç¹ã«å€ãããããªç°å¢ã§ã¯ãé©å®ãã£ãã·ã¥ã空ã«ããããšãåççã§ãããŸãããã¹ ãŠã®ãŠãŒã¶ã«å¯ŸããŠãæ°ããªèªèšŒãä»ãã匷å¶ãããå Žåã«ã¯ããèªèšŒãã£ãã·ã¥ãã¯ãªã¢ ããã¿ã³ ã䜿çšããŠãèªèšŒãã£ãã·ã¥ã空ã«ããŠãã ããã èªèšŒã¯ 300ç§éæå¹ã§ãããã®éãåããŠãŒã¶ããä»ã®èªèšŒèŠæ±ããã£ããšãã«ã¯ãçŽæ¥ãã£ã ã·ã¥ãæ€çŽ¢ãããŸãããã®æ¹æ³ã«ãããeDirectory ãªã©ã®ããã¯ãšã³ãèªèšŒãµãŒãã¹ã«ãããè² è· ã軜æžã§ããŸãã 泚 â ãã£ãã·ã¥ã®ã¯ãªã¢ã¯ããªã¢ãŒããã°ã€ã³äžã®ãŠãŒã¶ã«ã¯åœ±é¿ããããŸããã ã©ã€ãã ã° ã©ã€ããã°ãéã:ãã®ãã¿ã³ãã¯ãªãã¯ãããšãæ°ãããŠã£ã³ããŠã« User Authentication (SUA) ã®ãã° ã衚瀺ãããŸãã 5.6.2 ãµãŒã ãå®çŸ©ãšãŠãŒã¶ > èªèšŒãµãŒã > ãµãŒã ãã¿ãã§ã1ã€ä»¥äžã®èªèšŒãµãŒã (eDirectoryãActive DirectoryãLDAPãRADIUSãTACACS+ãªã©) ãäœæã§ããŸãã 118 UTM 9 管çã¬ã€ã 5 å®çŸ©ãšãŠãŒã¶ 5.6 èªèšŒãµãŒã 5.6.2.1 eDirectory Novell eDirectory ã¯ããããããã¯ãŒã¯å ã®è€æ°ã®ãµãŒããšã³ã³ãã¥ãŒã¿äžã«ãããªãœãŒã¹ãžã®ã¢ã¯ ã»ã¹ãäžå 管çããããã® X.500 äºæãã£ã¬ã¯ããªãµãŒãã¹ã§ããeDirectory ã¯éå±€æ§é ã®ãªã ãžã§ã¯ãæåããŒã¿ããŒã¹ã§ãããçµç¹å ã®ãã¹ãŠã®è³ç£ãè«çããªãŒã§è¡šçŸããŸããè³ç£ã«ã¯ã 人ããµãŒããã¯ãŒã¯ã¹ããŒã·ã§ã³ãã¢ããªã±ãŒã·ã§ã³ãããªã³ã¿ããµãŒãã¹ãã°ã«ãŒããªã©ãå«ãŸã㟠ãã eDirectory èªèšŒãèšå®ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ããµãŒã ãã¿ãã§ããæ°èŠèªèšŒãµãŒã ããã¯ãªãã¯ããŸãã ãæ°èŠèªèšŒãµãŒã ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ããã¯ãšã³ã:ããã¯ãšã³ãã®ãã£ã¬ã¯ããªãµãŒãã¹ãšããŠãeDirectoryããéžæããŸãã äœçœ®:ããã¯ãšã³ããµãŒãã®äœçœ®ãéžæããŸããçªå·ãå°ããããã¯ãšã³ããµãŒãããé ã« åãåãããè¡ãããŸããããã©ãŒãã³ã¹ãåäžããããã«ã¯ãèŠæ±ãæãå€ãåãããšäº æ³ãããããã¯ãšã³ããµãŒãããªã¹ãã®äžçªäžã«é 眮ããŸãã ãµãŒã:eDirectory ãµãŒããéžæ (ãŸãã¯è¿œå ) ããŸãã SSL:SSL ããŒã¿è»¢éãæå¹ã«ããã«ã¯ããã®ãªãã·ã§ã³ãéžæããŸãããããšãããŒãã 389 (LDAP) ãã 636 (ldaps = LDAP over SSL) ã«å€ãããŸãã ããŒã:eDirectory ãµãŒãã®ããŒããå ¥åããŸããããã©ã«ãã§ãããŒã 389 ãéžæãããŠã㟠ãã Bind DN:ãµãŒãã«ãã€ã³ããããŠãŒã¶ã® èå¥å (DN) ãæå®ããŸããeDirectory ãµãŒããžã® å¿åã§ã®åãåãããèš±å¯ãããŠããªãå Žåããã®ãŠãŒã¶ãå¿ èŠã§ãããã€ã³ããŠãŒã¶ã« ã¯ãé¢é£ãããã¹ãŠã®ãŠãŒã¶ãªããžã§ã¯ãæ å ±ã eDirectory ãµãŒãããååŸããŠãŠãŒã¶ã® èªèšŒãè¡ãããã«å¿ èŠãªç¹æš©ãä»äžãããŠããå¿ èŠããããŸããeDirectory ãŠãŒã¶ãã° ã«ãŒããã³ã³ããã¯ãLDAP è¡šèšæ³ã§å®å šèå¥åãšããŠæå®ããŸããåºåãæåã«ã¯ã³ã³ã ã䜿çšããŸã (äŸ: CN=administrator,DC=intranet,DC=example,DC=com)ã ãã¹ã¯ãŒã:ãã€ã³ããŠãŒã¶ã®ãã¹ã¯ãŒããå ¥åããŸãã ãµãŒãèšå®ã®ãã¹ã:ããã¹ãããã¿ã³ãæŒããšãèšå®ããããµãŒããšã®ãã€ã³ããã¹ããå®è¡ã ããŸããããã«ããããã®ã¿ãã®èšå®ãæ£ããããšãããã³ãµãŒããèµ·åããŠãããæ¥ç¶ãå ãä»ããŠããããšã確èªãããŸãã UTM 9 管çã¬ã€ã 119 5.6 èªèšŒãµãŒã 5 å®çŸ©ãšãŠãŒã¶ Base DN:LDAP ããªãŒã®ã«ãŒãã«çžå¯Ÿçãªéå§äœçœ®ã§ãããã«èªèšŒããããŠãŒã¶ãå«ãŸã ãŠããŸããããŒã¹ DN ã¯ãLDAP è¡šèšã®å®å šèå¥å (FDN) ã§ãã³ã³ããåºåãæåãšããŠäœ¿ çšããŠæå®ããå¿ èŠããããŸã (äŸ: O=Example,OU=RnD)ãããŒã¹ DN ã¯ç©ºã«ããããšã㧠ããŸãããã®å Žåã¯ãããŒã¹ DN ã¯èªåçã«ãã£ã¬ã¯ããªããåãåºãããŸãã ãŠãŒã¶å:èªèšŒãå®è¡ãããã¹ããŠãŒã¶ã®ãŠãŒã¶åãå ¥åããŠãã ããã ãã¹ã¯ãŒã:ãã¹ããŠãŒã¶ã®ãã¹ã¯ãŒããå ¥åããŸãã ãã¹ããŠãŒã¶ã§èªèšŒãè¡ã:ããã¹ãããã¿ã³ãã¯ãªãã¯ããŠããã¹ããŠãŒã¶ã®èªèšŒãã¹ããéå§ã ãŸããããã«ããããã¹ãŠã®ãµãŒãèšå®ãæ£ããããšããµãŒãã皌åäžã§æ¥ç¶ãåãä»ã㊠ããããšãããã³ãŠãŒã¶ãæ£åžžã«èªèšŒã§ããããšã確èªã§ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã ãµãŒããããµãŒã ããªã¹ãã«è¡šç€ºãããŸãã 5.6.2.2 Active Directory Active Directory (AD) ãšã¯ããã€ã¯ããœãããå®è£ ãããã£ã¬ã¯ããªãµãŒãã¹ã§ãããWindows 2000/2003 Server ã®äžæ žãæãã³ã³ããŒãã³ãã§ããActive Directory ã«ã¯ããŠãŒã¶ãã°ã«ãŒããã³ã³ ãã¥ãŒã¿ãããªã³ã¿ãã¢ããªã±ãŒã·ã§ã³ããµãŒãã¹ãããããçš®é¡ã®ãŠãŒã¶å®çŸ©ãªããžã§ã¯ããªã©ããã ãã¯ãŒã¯å ã«ååšããããŸããŸãªãªãœãŒã¹ã«é¢ããæ å ±ãä¿åãããŸãããã®ãããActive Directory ã«ã¯ããããã®ãªãœãŒã¹ãžã®ã¢ã¯ã»ã¹ãäžå çã«äœç³»åãã管çããã³ã³ãããŒã«ãããã ã®æ©èœãçšæãããŠããŸãã Active Directory èªèšŒæ¹åŒã§ã¯ãSophos UTMãWindows ãã¡ã€ã³ã«ç»é²ãããã©ã€ããªã® ãã¡ã€ã³ã³ã³ ãããŒã© (DC) ã«Sophos UTMçšã®ãªããžã§ã¯ããäœæããŸããUTMããã«ãããUTM ã¯ããã®ãã¡ã€ã³ ã®ãŠãŒã¶ãšã°ã«ãŒãã«é¢ããæ å ±ãåãåãããããšãå¯èœã«ãªããŸãã 泚 â UTM 㯠Active Directory 2003 以éã«å¯Ÿå¿ããŠããŸãã Active Directory èªèšŒãèšå®ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ããµãŒã ãã¿ãã§ããæ°èŠèªèšŒãµãŒã ããã¯ãªãã¯ããŸãã ãæ°èŠèªèšŒãµãŒãã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ããã¯ãšã³ã:ããã¯ãšã³ãã®ãã£ã¬ã¯ããªãµãŒãã¹ãšããŠãActive DirectoryããéžæããŸãã 120 UTM 9 管çã¬ã€ã 5 å®çŸ©ãšãŠãŒã¶ 5.6 èªèšŒãµãŒã äœçœ®:ããã¯ãšã³ããµãŒãã®äœçœ®ãéžæããŸããçªå·ãå°ããããã¯ãšã³ããµãŒãããé ã« åãåãããè¡ãããŸããããã©ãŒãã³ã¹ãåäžããããã«ã¯ãèŠæ±ãæãå€ãåãããšäº æ³ãããããã¯ãšã³ããµãŒãããªã¹ãã®äžçªäžã«é 眮ããŸãã ãµãŒã:Active Directory ãµãŒã ãéžæ (ãŸãã¯è¿œå ) ããŸãã SSL:SSL ããŒã¿è»¢éãæå¹ã«ããã«ã¯ããã®ãªãã·ã§ã³ãéžæããŸãããããšãããŒãã 389 (LDAP) ãã 636 (ldaps = LDAP over SSL) ã«å€ãããŸãã ããŒã:Active Directory ãµãŒãã®ããŒããå ¥åããŸããããã©ã«ãã§ãããŒã 389 ãéžæãã ãŠããŸãã Bind DN:ãµãŒãã«ãã€ã³ããããŠãŒã¶ã®å®å šãª èå¥å (DN) ã LDAP è¡šèšæ³ã§æå®ã㟠ããeDirectory ãµãŒããžã®å¿åã§ã®åãåãããèš±å¯ãããŠããªãå Žåããã®ãŠãŒã¶ã å¿ èŠã§ãããã€ã³ããŠãŒã¶ã«ã¯ãé¢é£ãããã¹ãŠã®ãŠãŒã¶ãªããžã§ã¯ãæ å ±ã Active Directory ãµãŒãããååŸããŠãŠãŒã¶ã®èªèšŒãè¡ãããã«å¿ èŠãªç¹æš©ãä»äžããå¿ èŠãã ããŸããéåžžã¯ããã¡ã€ã³ã®ç®¡çè ããã®èŠä»¶ã«å¯Ÿå¿ããŸãã å DN ã¯ãActive Directory ãŠãŒã¶ãªããžã§ã¯ãã®ããã€ãã®å±æ§ããæã 1ã€ä»¥äžã® RDN (çžå¯Ÿèå¥å ) ã§æ§æãããŸãããŠãŒã¶åãåžžé§ããããŒãããµãŒãã®ãããã¬ãã« DN㪠㩠ããã³ã³ãåºåãã® LDAP è¡šèšæ³ã§èšè¿°ããŸãã l ãŠãŒã¶åã¯ããã£ã¬ã¯ããªã«ã¢ã¯ã»ã¹ã§ãããŠãŒã¶ã®ååã«ããå¿ èŠããããCN èå¥ å (CN=userãªã©) ã§æå®ããŸãããã¡ã€ã³æš©éãæã€ãadminããªã©ã®äžè¬çãªã¢ã«ãŠ ã³ãã䜿çšããããšãã§ããŸããããã¹ããã©ã¯ãã£ã¹ãšããŠã¯ãadmin æš©éãæããªã ãŠãŒã¶ãæå®ããããšãæšå¥šãããŸãããã®çç±ã¯ãæäžã®ããŒã¹ DN ãèµ·ç¹ãšãã ãµãããªãŒå ã®å šãªããžã§ã¯ãã«å¯Ÿããèªã¿åãæš©éããããã°ååã§ãããã㧠ãã l ãŠãŒã¶ãªããžã§ã¯ããä¿åãããŠããããŒãã®æ å ±ã«ã¯ãã«ãŒãããŒããããŠãŒã¶ãªã ãžã§ã¯ããŸã§ãã¹ãŠã®ãµãããŒããå«ãŸããŠããå¿ èŠããããéåžžã¯ããããçµç¹ãŠ ãããã³ã³ããŒãã³ãã äžè¬å ã³ã³ããŒãã³ãããæ§æãããŸããçµç¹ãŠããã (Microsoft Management Console ã§ã¯ããã©ã«ããšæ¬ãçµã¿åãããã¢ã€ã³ã³ã§ç€ºãã ã) ã¯ãèå¥å OU ã䜿çšããŠæå®ããŸããããŒãã¯ãæãäœãããŒãããé ã«äžŠã¹ã ããæ«å°Ÿã¯æãé«ãããŒãã«ãªããŸããã€ãŸããå é ã¯æã詳现ãªèŠçŽ ã«ãªããŸã (äŸ: OU=Management_US,OU=Management)ãäžæ¹ãäºåå®çŸ©ãããŠãã Users ã㌠ããªã©ã®ããã©ã«ã Active Directory ã³ã³ãã (ã·ã³ãã«ãªãã©ã«ãã¢ã€ã³ã³ã§ç€ºããã) ã¯ãèå¥å CN ã§æå®ããŸã (äŸ: CN=Users)ã l ãµãŒãã®ãããã¬ãã« DN ã¯ãããããèå¥å DC ã§æå®ãããŠããè€æ°ã®ãã¡ã€ã³ ã³ã³ããŒãã³ãããæ§æããããšãã§ããŸãããã¡ã€ã³ã³ã³ããŒãã³ãã¯ãã¡ã€ã³åãšåã UTM 9 管çã¬ã€ã 121 5.6 èªèšŒãµãŒã 5 å®çŸ©ãšãŠãŒã¶ é åºã§æå®ããŸã( ããšãã°ããã¡ã€ã³åãexample.comã§ããå ŽåãDNéšå ã¯DC=example,DC=comãšããŸã) ã ããšãã°ãååã administrator ã§ããããªããžã§ã¯ãã example.com ãã¡ã€ã³ã® Users ã³ã³ããã«ä¿åããããã€ã³ããŠãŒã¶ã®DNã¯æ¬¡ã®ããã«ãªã㟠ããCN=administrator,CN=Users,DC=example,DC=com Figure 18 èªèšŒ:Microsoft Management Console ããã§ãManagement ãšããååã®çµç¹ãŠããããäœæãããµãããŒãã Management_US ãšãã 管çè ãŠãŒã¶ãªããžã§ã¯ãããã®ãµãããŒãã«ç§»åãããšã管çè ã® DN ã¯æ¬¡ã®ããã«å€ã ããŸããCN=administrator,OU=Management_ US,OU=Management,âDC=example,âDC=com ãã¹ã¯ãŒã:ãã€ã³ããŠãŒã¶ã®ãã¹ã¯ãŒããå ¥åããŸãã ãµãŒãèšå®ã®ãã¹ã:ããã¹ãããã¿ã³ãæŒããšãèšå®ããããµãŒããšã®ãã€ã³ããã¹ããå®è¡ã ããŸããããã«ããããã®ã¿ãã®èšå®ãæ£ããããšãããã³ãµãŒããèµ·åããŠãããæ¥ç¶ãå ãä»ããŠããããšã確èªãããŸãã Base DN:LDAP ããªãŒã®ã«ãŒãã«çžå¯Ÿçãªéå§äœçœ®ã§ãããã«èªèšŒããããŠãŒã¶ãå«ãŸã ãŠããŸããããŒã¹ DN ã¯ãLDAP è¡šèšã®å®å šèå¥å (FDN) ã§ãã³ã³ããåºåãæåãšããŠäœ¿ çšããŠæå®ããå¿ èŠããããŸã (äŸ: O=Example,OU=RnD)ãããŒã¹ DN ã¯ç©ºã«ããããšã㧠ããŸãããã®å Žåã¯ãããŒã¹ DN ã¯èªåçã«ãã£ã¬ã¯ããªããåãåºãããŸãã ãŠãŒã¶å:èªèšŒãå®è¡ãããã¹ããŠãŒã¶ã®ãŠãŒã¶åãå ¥åããŠãã ããã ãã¹ã¯ãŒã:ãã¹ããŠãŒã¶ã®ãã¹ã¯ãŒããå ¥åããŸãã ãã¹ããŠãŒã¶ã§èªèšŒãè¡ã:ããã¹ãããã¿ã³ãã¯ãªãã¯ããŠããã¹ããŠãŒã¶ã®èªèšŒãã¹ããéå§ã ãŸããããã«ããããã¹ãŠã®ãµãŒãèšå®ãæ£ããããšããµãŒãã皌åäžã§æ¥ç¶ãåãä»ã㊠ããããšãããã³ãŠãŒã¶ãæ£åžžã«èªèšŒã§ããããšã確èªã§ããŸãã 122 UTM 9 管çã¬ã€ã 5 å®çŸ©ãšãŠãŒã¶ 5.6 èªèšŒãµãŒã 3. ãä¿å ããã¯ãªãã¯ããŸãã ãµãŒããããµãŒã ããªã¹ãã«è¡šç€ºãããŸãã 5.6.2.3 LDAP LDAP ãšã¯ããLightweight Directory Access Protocolãã®ç¥ã§ãããX.500 æšæºã«åºã¥ããŠãã£ã¬ã¯ã㪠ãµãŒãã¹ã®åãåãããšå€æŽãè¡ããããã¯ãŒãã³ã°ãããã³ã«ã§ããSophos UTMã§ã¯ãè€æ°ã® ãµãŒãã¹ãžã®ãŠãŒã¶èªèšŒã« LDAP ãããã³ã«ã䜿çšããŠãããLDAP ãµãŒãã«èšå®ãããå±æ§ã ã°ã«ãŒãã¡ã³ãã·ããã«åºã¥ããŠã¢ã¯ã»ã¹ãèš±å¯ãŸãã¯åŽäžããŸãã LDAP èªèšŒãèšå®ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ããµãŒã ãã¿ãã§ããæ°èŠèªèšŒãµãŒã ããã¯ãªãã¯ããŸãã ãæ°èŠèªèšŒãµãŒãã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ããã¯ãšã³ã:ããã¯ãšã³ãã®ãã£ã¬ã¯ããªãµãŒãã¹ãšããŠãLDAP ããéžæããŸãã äœçœ®:ããã¯ãšã³ããµãŒãã®äœçœ®ãéžæããŸããçªå·ãå°ããããã¯ãšã³ããµãŒãããé ã« åãåãããè¡ãããŸããããã©ãŒãã³ã¹ãåäžããããã«ã¯ãèŠæ±ãæãå€ãåãããšäº æ³ãããããã¯ãšã³ããµãŒãããªã¹ãã®äžçªäžã«é 眮ããŸãã ãµãŒã:LDAP ãµãŒããéžæ (ãŸãã¯è¿œå ) ããŸãã SSL:SSL ããŒã¿è»¢éãæå¹ã«ããã«ã¯ããã®ãªãã·ã§ã³ãéžæããŸãããããšãããŒãã 389 (LDAP) ãã 636 (ldaps = LDAP over SSL) ã«å€ãããŸãã ããŒã:LDAP ãµãŒãã®ããŒããå ¥åããŸããããã©ã«ãã§ãããŒã 389 ãéžæãããŠããŸãã Bind DN:ãµãŒãã«ãã€ã³ããããŠãŒã¶ã® èå¥å (DN) ãæå®ããŸãããã®ãŠãŒã¶ã¯å¿ é 㧠ããã»ãã¥ãªãã£äžã®çç±ãããLDAP ãµãŒããžã®å¿åã§ã®åãåããã¯ãµããŒããã㊠ããŸããããã€ã³ããŠãŒã¶ã«ã¯ãé¢é£ãããã¹ãŠã®ãŠãŒã¶ãªããžã§ã¯ãæ å ±ã LDAP ãµãŒã ããååŸããŠãŠãŒã¶ãèªèšŒããããã«å¿ èŠãªç¹æš©ãä»äžãããŠããå¿ èŠããã㟠ããLDAPãŠãŒã¶ãã°ã«ãŒããã³ã³ããã¯ãLDAP è¡šèšæ³ã§å®å šèå¥åãšããŠæå®ããŸããåº åãæåã«ã¯ã³ã³ãã䜿çšããŸãã(äŸ: CN=administrator,DC=intranet,DC=example,DC=com) ãã¹ã¯ãŒã:ãã€ã³ããŠãŒã¶ã®ãã¹ã¯ãŒããå ¥åããŸãã ãµãŒãèšå®ã®ãã¹ã:ããã¹ãããã¿ã³ãæŒããšãèšå®ããããµãŒããšã®ãã€ã³ããã¹ããå®è¡ã ããŸããããã«ããããã®ã¿ãã®èšå®ãæ£ããããšãããã³ãµãŒããèµ·åããŠãããæ¥ç¶ãå ãä»ããŠããããšã確èªãããŸãã UTM 9 管çã¬ã€ã 123 5.6 èªèšŒãµãŒã 5 å®çŸ©ãšãŠãŒã¶ ãŠãŒã¶å±æ§:LDAP ãã£ã¬ã¯ããªæ€çŽ¢çšã®ãã£ã«ã¿ãšããŠäœ¿çšããããŠãŒã¶å±æ§ãéžæããŸãã ãŠãŒã¶å±æ§ã«ã¯ããªã¢ãŒãã¢ã¯ã»ã¹ãµãŒãã¹ãªã©ãåãŠãŒã¶ã«å¯ŸããŠããã³ãã衚瀺ããå® éã®ãã°ã€ã³åãå«ãŸããŸãã次ã®ãŠãŒã¶å±æ§ãéžæã§ããŸãã l CN (äžè¬å) l SN (å§) l UID (ãŠãŒã¶ ID) LDAP ãã£ã¬ã¯ããªã®ãŠãŒã¶åããããã®ãã©ãŒã ã«ä¿åãããŠããªãå Žåããªã¹ã㧠ã«ã¹ã¿ ã (<<Custom>>)ãéžæããäžã®ãã«ã¹ã¿ã ããã£ãŒã«ãã«ã«ã¹ã¿ã å±æ§ãå ¥åããŸãããã®å±æ§ 㯠LDAP ãã£ã¬ã¯ããªã§èšå®ããå¿ èŠããããŸãã Base DN:LDAP ããªãŒã®ã«ãŒãã«çžå¯Ÿçãªéå§äœçœ®ã§ãããã«èªèšŒããããŠãŒã¶ãå«ãŸã ãŠããŸããããŒã¹ DN ã¯ãLDAP è¡šèšã®å®å šèå¥å (FDN) ã§ãã³ã³ããåºåãæåãšããŠäœ¿ çšããŠæå®ããå¿ èŠããããŸã (äŸ: O=Example,OU=RnD)ãããŒã¹ DN ã¯ç©ºã«ããããšã㧠ããŸãããã®å Žåã¯ãããŒã¹ DN ã¯èªåçã«ãã£ã¬ã¯ããªããåãåºãããŸãã ãŠãŒã¶å:èªèšŒãå®è¡ãããã¹ããŠãŒã¶ã®ãŠãŒã¶åãå ¥åããŠãã ããã ãã¹ã¯ãŒã:ãã¹ããŠãŒã¶ã®ãã¹ã¯ãŒããå ¥åããŸãã ãã¹ããŠãŒã¶ã§èªèšŒãè¡ã:ããã¹ãããã¿ã³ãã¯ãªãã¯ããŠããã¹ããŠãŒã¶ã®èªèšŒãã¹ããéå§ã ãŸããããã«ããããã¹ãŠã®ãµãŒãèšå®ãæ£ããããšããµãŒãã皌åäžã§æ¥ç¶ãåãä»ã㊠ããããšãããã³ãŠãŒã¶ãæ£åžžã«èªèšŒã§ããããšã確èªã§ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã ãµãŒããããµãŒã ããªã¹ãã«è¡šç€ºãããŸãã 5.6.2.4 RADIUS RADIUSãšã¯ããRemote Authentication Dial In User Serviceãã®ç¥ã§ãããã«ãŒã¿ãªã©ã®ãããã¯ãŒã¯ã ãã€ã¹ã§äžå€®ããŒã¿ããŒã¹ã«å¯ŸããŠãŠãŒã¶ãèªèšŒããããã«åºãçšããããŠãããããã³ã«ã§ ããRADIUS ã«ã¯ããŠãŒã¶ã®æ å ±ã«å ãããããã¯ãŒã¯ããã€ã¹ã§äœ¿çšãããæè¡æ å ± (ãµããŒãã ãããããã³ã«ãIP ã¢ãã¬ã¹ãã«ãŒãã£ã³ã°æ å ±ãªã©) ãä¿åã§ããŸãããã®æ å ±ã¯ãRADIUS ãµãŒã äžã®ãã¡ã€ã«ãŸãã¯ããŒã¿ããŒã¹ã«ä¿åããããŠãŒã¶ãããã¡ã€ã«ãæ§æããŸãã RADIUS ãããã³ã«ã¯éåžžã«æè»ã§ããããµãŒãã¯ã»ãšãã©ã®ãªãã¬ãŒãã£ã³ã°ã·ã¹ãã ã§å©çšå¯ èœã§ããUTMã« RADIUS ãå°å ¥ããããšã§ããããã·ãšãŠãŒã¶ã«åºã¥ããŠã¢ã¯ã»ã¹æš©éãèšå®ã§ã ãããã«ãªããŸããRADIUS èªèšŒã䜿çšããããã«ã¯ããããã¯ãŒã¯äžã§çšŒåããŠãã RADIUS ãµãŒ ããå¿ èŠã§ãããã¹ã¯ãŒãã¯å¹³æ (æå·åãªã) ã§éä¿¡ããããããUTMãšåããããã¯ãŒã¯å ã« RADIUS ãµãŒããé 眮ããŠãã ããããŸããUTMãšãµãŒãã¯åãã¹ã€ããã«æ¥ç¶ããŠãã ããã 124 UTM 9 管çã¬ã€ã 5 å®çŸ©ãšãŠãŒã¶ 5.6 èªèšŒãµãŒã RADIUS èªèšŒãèšå®ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ããµãŒã ãã¿ãã§ããæ°èŠèªèšŒãµãŒã ããã¯ãªãã¯ããŸãã ãæ°èŠèªèšŒãµãŒãã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ããã¯ãšã³ã:ããã¯ãšã³ãã®ãã£ã¬ã¯ããªãµãŒãã¹ãšããŠãRADIUSããéžæããŸãã äœçœ®:ããã¯ãšã³ããµãŒãã®äœçœ®ãéžæããŸããçªå·ãå°ããããã¯ãšã³ããµãŒãããé ã« åãåãããè¡ãããŸããããã©ãŒãã³ã¹ãåäžããããã«ã¯ãèŠæ±ãæãå€ãåãããšäº æ³ãããããã¯ãšã³ããµãŒãããªã¹ãã®äžçªäžã«é 眮ããŸãã ãµãŒã:RADIUS ãµãŒããéžæ (ãŸãã¯è¿œå ) ããŸãã ããŒã:RADIUS ãµãŒãã®ããŒããå ¥åããŸããããã©ã«ãã§ãããŒã 1812 ãéžæãããŠã㟠ãã å ±æã·ãŒã¯ã¬ãã:å ±æã·ãŒã¯ã¬ãããšã¯ãRADIUS ã¯ã©ã€ã¢ã³ããš RADIUS ãµãŒãã®éã§ãã¹ ã¯ãŒããšããŠã®åœ¹å²ãæããããã¹ãæååã§ããå ±æã·ãŒã¯ã¬ãããå ¥åããŸãã ãµãŒãèšå®ã®ãã¹ã:ããã¹ãããã¿ã³ãæŒããšãèšå®ããããµãŒããšã®ãã€ã³ããã¹ããå®è¡ã ããŸããããã«ããããã®ã¿ãã®èšå®ãæ£ããããšãããã³ãµãŒããèµ·åããŠãããæ¥ç¶ãå ãä»ããŠããããšã確èªãããŸãã ãŠãŒã¶å:èªèšŒãå®è¡ãããã¹ããŠãŒã¶ã®ãŠãŒã¶åãå ¥åããŠãã ããã ãã¹ã¯ãŒã:ãã¹ããŠãŒã¶ã®ãã¹ã¯ãŒããå ¥åããŸãã NAS èå¥å:é©å㪠NAS èå¥åããªã¹ãããéžæããŸãã詳现ã¯ã泚èšãšäžã®è¡šãåç §ã ãŠãã ããã ãã¹ããŠãŒã¶ã§èªèšŒãè¡ã:ããã¹ãããã¿ã³ãã¯ãªãã¯ããŠããã¹ããŠãŒã¶ã®èªèšŒãã¹ããéå§ã ãŸããããã«ããããã¹ãŠã®ãµãŒãèšå®ãæ£ããããšããµãŒãã皌åäžã§æ¥ç¶ãåãä»ã㊠ããããšãããã³ãŠãŒã¶ãæ£åžžã«èªèšŒã§ããããšã確èªã§ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã ãµãŒããããµãŒã ããªã¹ãã«è¡šç€ºãããŸãã 泚 â RADIUS ãµãŒãã«åãåãããè¡ããSophos UTM ã®åãŠãŒã¶èªèšŒãµãŒãã¹ (PPTP ã L2TP ãªã©) ã¯ãç°ãªãèå¥å (NAS èå¥å) ã RADIUS ãµãŒãã«éä¿¡ããŸããããšãã°ãPPTP ãµãŒãã¹ã¯ããã®ãŠãŒã¶ã®èªèšŒãè©Šã¿ããšãã«ãpptp ãšãã NAS èå¥åã RADIUS ãµãŒãã«é ä¿¡ããŸããããã«ãããRADIUS ãµãŒããããŸããŸãªãµãŒãã¹ãèå¥ããŠç¹å®ã®çš®é¡ã®ãµãŒãã¹ ããŠãŒã¶ã«ä»äžããããšãã§ãããããæš©éä»äžã®ç®çã§åœ¹ã«ç«ã¡ãŸãããŠãŒã¶èªèšŒãµãŒãã¹ãš ããã«å¯Ÿå¿ãã NAS èå¥åã®ãªã¹ãã¯ä»¥äžã®ãšããã§ãã UTM 9 管çã¬ã€ã 125 5.6 èªèšŒãµãŒã 5 å®çŸ©ãšãŠãŒã¶ ãŠãŒã¶èªèšŒãµãŒãã¹ NAS èå¥å SSL VPN ssl PPTP pptp IPsec ipsec L2TP over IPsec l2tp SMTPãããã· smtp ãŠãŒã¶ããŒã¿ã« portal WebAdmin webadmin SOCKS ãããã· socks Web ãã£ã«ã¿ http èªèšŒã¯ã©ã€ã¢ã³ã ãšãŒãžã§ã³ã ã¯ã€ã€ã¬ã¹ã¢ã¯ã»ã¹ãã€ã³ã NAS ID ã¯ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯åã§ãã Table 1: RADIUS NAS èå¥å 5.6.2.5 TACACS+ TACACS+ (ãTerminal Access Controller Access Control Systemãã®ç¥èª) ãšã¯ãCisco Systems, Inc. ç¬èªã®ãããã³ã«ã§ãããèªèšŒããã»ã¹ãšæš©éä»äžããã»ã¹ã«ã€ããŠè©³çŽ°ãªã¢ã«ãŠã³ãã£ã³ã°æ å ±ãš ç®¡ççãªã³ã³ãããŒã«ãæäŸããŸããRADIUS ã§ã¯èªèšŒãšæš©éä»äžããŠãŒã¶ãããã¡ã€ã«ã«ãŸãšã ãããŠããŸãããTACACS+ ã§ã¯ãããã®ãªãã¬ãŒã·ã§ã³ãåºå¥ããŠããŸããä»ã®çžéç¹ãšã㊠ã¯ãTACACS+ ã§ã¯ TCP ãããã³ã« (ããŒã 49) ã䜿çšããRADIUS ã§ã¯ UDP ãããã³ã«ã䜿çšã㟠ãã TACACS+ èªèšŒãèšå®ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ããµãŒã ãã¿ãã§ããæ°èŠèªèšŒãµãŒã ããã¯ãªãã¯ããŸãã ãæ°èŠèªèšŒãµãŒãã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ããã¯ãšã³ã:ããã¯ãšã³ãã®ãã£ã¬ã¯ããªãµãŒãã¹ãšããŠãTACACS+ããéžæããŸãã 126 UTM 9 管çã¬ã€ã 5 å®çŸ©ãšãŠãŒã¶ 5.6 èªèšŒãµãŒã äœçœ®:ããã¯ãšã³ããµãŒãã®äœçœ®ãéžæããŸããçªå·ãå°ããããã¯ãšã³ããµãŒãããé ã« åãåãããè¡ãããŸããããã©ãŒãã³ã¹ãåäžããããã«ã¯ãèŠæ±ãæãå€ãåãããšäº æ³ãããããã¯ãšã³ããµãŒãããªã¹ãã®äžçªäžã«é 眮ããŸãã ãµãŒã:TACACS+ ãµãŒããéžæ( ãŸãã¯è¿œå ) ããŸãã ããŒã:TACACS+ ãµãŒãã®ããŒããå ¥åããŸããããã©ã«ãã§ãããŒã 49 ãéžæãããŠã㟠ãã ããŒ:Sophos UTM ãš TACACS+ ãµãŒãã®éã®ãã¹ãŠã® TACACS+ éä¿¡ã«äœ¿çšããèªèšŒãã ã³æå·éµãå ¥åããŸããããã§å ¥åããéµã®å€ã¯ãTACACS+ ãµãŒãã§èšå®ããå€ãšäžèŽã ãŠããå¿ èŠããããŸããéµãå ¥åããŠãã ãã (確èªã®ããã« 2å)ã ãµãŒãèšå®ã®ãã¹ã:ããã¹ãããã¿ã³ãæŒããšãèšå®ããããµãŒããšã®ãã€ã³ããã¹ããå®è¡ã ããŸããããã«ããããã®ã¿ãã®èšå®ãæ£ããããšãããã³ãµãŒããèµ·åããŠãããæ¥ç¶ãå ãä»ããŠããããšã確èªãããŸãã ãŠãŒã¶å:èªèšŒãå®è¡ãããã¹ããŠãŒã¶ã®ãŠãŒã¶åãå ¥åããŠãã ããã ãã¹ã¯ãŒã:ãã¹ããŠãŒã¶ã®ãã¹ã¯ãŒããå ¥åããŸãã ãã¹ããŠãŒã¶ã§èªèšŒãè¡ã:ããã¹ãããã¿ã³ãã¯ãªãã¯ããŠããã¹ããŠãŒã¶ã®èªèšŒãã¹ããéå§ã ãŸããããã«ããããã¹ãŠã®ãµãŒãèšå®ãæ£ããããšããµãŒãã皌åäžã§æ¥ç¶ãåãä»ã㊠ããããšãããã³ãŠãŒã¶ãæ£åžžã«èªèšŒã§ããããšã確èªã§ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã ãµãŒããããµãŒã ããªã¹ãã«è¡šç€ºãããŸãã 5.6.3 ã·ã³ã°ã«ãµã€ã³ãªã³ ãå®çŸ©ãšãŠãŒã¶ > èªèšŒãµãŒã > ã·ã³ã°ã«ãµã€ã³ãªã³ãã¿ãã§ã¯ãActive Directory ãŸã㯠eDirectory (ãããã¯ãã®äž¡æ¹) ã®ã·ã³ã°ã«ãµã€ã³ãªã³æ©èœãèšå®ã§ããŸãã Active D ir ector y ã®ã·ã³ ã° ã«ãµã€ã³ ãªã³ ( SSO) Active Directoryã® SSO æ©èœã¯çŸåšã Web ãã£ã«ã¿ã®ã¿ã§äœ¿çšãããŠãããNTLMv2 ãŸã㯠Kerberos èªèšŒããµããŒããããã©ãŠã¶ã§ã·ã³ã°ã«ãµã€ã³ãªã³æ©èœã䜿çšã§ããŸãã ã·ã³ã°ã«ãµã€ã³ãªã³æ©èœãæå¹ã«ããã«ã¯ãUTMãActive Directory ãã¡ã€ã³ã«è¿œå ããå¿ èŠããã ãŸããè¿œå ãããã¡ã€ã³ãæ©èœããããã«ã¯ã次ã®åææ¡ä»¶ãæºãããŠããå¿ èŠããããŸãã l ã²ãŒããŠã§ã€ãšãã¡ã€ã³ã³ã³ãããŒã© (DC) ã®ã¿ã€ã ãŸãŒã³ãåãã§ããã l ã²ãŒããŠã§ã€ã®ã¯ããã¯ãš DC ã®ã¯ããã¯ã®éã«ã5åãè¶ ããæå»å·®ããªãã UTM 9 管çã¬ã€ã 127 5.6 èªèšŒãµãŒã 5 å®çŸ©ãšãŠãŒã¶ l UTMãã¹ãåã AD DNS ã·ã¹ãã ã«ååšããã l UTM ã AD DNS ããã©ã¯ãŒããšããŠäœ¿çšããŠããããAD ãã¡ã€ã³ã«å¯Ÿã㊠AD DNS ãµãŒãã ã¿ãŒã²ãããšãã DNS ãªã¯ãšã¹ãã«ãŒããå®çŸ©ãããŠããã Active Directory SSO ãèšå®ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. Active Directory ãµãŒããããµãŒã ãã¿ãã§äœæããŸãã 2. 次ã®èšå®ãè¡ããŸãã ãã¡ã€ã³:ãã¡ã€ã³ã®åå (intranet.mycompany.com ãªã©)ãUTM㯠DNS ã䜿çšããŠååŸ å¯èœãªãã¹ãŠã® DC ãæ€çŽ¢ããŸãã ã¢ããã³ãŠãŒã¶å:管çè æš©éãããããã¡ã€ã³ã«ã³ã³ãã¥ãŒã¿ãè¿œå ããããšãèš±å¯ãããŠã ããŠãŒã¶ (éåžžã¯ã管çè ã)ã ãã¹ã¯ãŒã:ã¢ããã³ãŠãŒã¶ã®ãã¹ã¯ãŒãã 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã Kerberos èªèšŒãµããŒãã«é¢ãã泚èš:SSO Kerberos ãµããŒããæ©èœããããã«ã¯ãã¯ã©ã€ã¢ã³ã㯠ãããã·èšå®ã§UTMã® FQDN ãã¹ãåã䜿çšããå¿ èŠããããŸããIP ã¢ãã¬ã¹ã䜿çšãããšæ©èœ ããŸãããNTLMv2 ã¢ãŒãã¯ããã®èŠä»¶ã®åœ±é¿ãåããŸããããã®èŠä»¶ãæºããããŠããªãå Žå ãããã©ãŠã¶ã Kerberos èªèšŒããµããŒãããªãå Žåã«ã¯ãNTLMv2 ã¢ãŒããèªåçã«äœ¿çšãã㟠ãã eD ir e ctor y ã®ã·ã³ ã° ã«ãµã€ã³ ãªã³ ( SSO) ããã§ã¯ãeDirectory çšã« SSO ãèšå®ã§ããŸãããWeb ãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã°ãã§èªèšŒ æ¹åŒãšã㊠eDirectory SSO ãèšå®ããå Žåãããã§éžæãã eDirectory ãµãŒãã䜿çšãããŸãã eDirectory SSO ãèšå®ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. eDirectory ãµãŒããããµãŒã ãã¿ãã«ç»é²ããŸãã 2. 次ã®èšå®ãè¡ããŸãã ãµãŒã: SSO ãæå¹ã«ãã eDirectory ãµãŒãã åæéé:UTM ãš eDirectory ãµãŒãéã§ã®åæã€ãã³ãã®éé (ç§æ°)ã 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã 128 UTM 9 管çã¬ã€ã 5 å®çŸ©ãšãŠãŒã¶ 5.6 èªèšŒãµãŒã 5.6.4 詳现 ãã¹ã¯ ãŒãæšæž¬ã®ãã ã㯠ãã®æ©èœã䜿çšããŠãã¹ã¯ãŒããæšæž¬ãããªãããã«ããŸããèšå®ããåæ°ã®ãã°ã€ã³ã«å€±æãã ãš (ããã©ã«ãã§ã¯ 3å)ãä»»æã®æ©èœãžã¢ã¯ã»ã¹ããããšããŠãã IP ã¢ãã¬ã¹ã¯èšå®ããæé (ã ãã©ã«ãã§ã¯ 600ç§é) ãããã¯ãããŸãã ãããã¯ããããã¹ãããã®ãã±ããããããã:ãã®ãªãã·ã§ã³ãæå¹ã«ãªã£ãŠãããšããããã¯ããã ãã¹ãããã®ãã¹ãŠã®ãã±ããã¯èšå®ããæéå ã¯ãããããããŸãããã®ãªãã·ã§ã³ã«ããã DoS æ»æãåé¿ã§ããŸãã æ©èœ:éžæããæ©èœã®ãã§ãã¯ãè¡ãããŸãã ãããã¯å¯Ÿè±¡å€ãããã¯ãŒã¯: ããã¯ã¹ã«ãªã¹ããããŠãããããã¯ãŒã¯ã¯ããã®ãã§ãã¯ããé€å€ãã ãŸãã ã ãŒã«ã«èªèšŒãã¹ã¯ ãŒã ãã®ãªãã·ã§ã³ã䜿çšãããšã管çè ã管çè æš©éãæã€ããŒã«ã«ç»é²ãŠãŒã¶ã«å¯ŸããŠããã¹ã¯ãŒ ãã®åŒ·åã匷å¶ããããšãã§ããŸãã次ã®ã»ãã¥ãªãã£èŠä»¶ãéµå®ãããã¹ã¯ãŒãã®è€éæ§ãèšå® ã§ããŸãã l æå°ãã¹ã¯ãŒãé·ãããã©ã«ã㯠8æå l å°æåã 1ã€ä»¥äžå¿ èŠ l 倧æåã 1ã€ä»¥äžå¿ èŠ l æ°åã 1ã€ä»¥äžå¿ èŠ l è±æ°å以å€ã®æåã 1ã€ä»¥äžå¿ èŠ éžæãããã¹ã¯ãŒãããããã£ãæå¹ã«ããããã«ã¯ããè€éãªãã¹ã¯ãŒããå¿ é ã«ããããã§ã㯠ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŠããé©çš ããã¯ãªãã¯ããŸãã ãã£ã¬ã¯ã ãªãŠãŒã¶ã®ããªãã§ãã eDirectory ãŸã㯠Active Directory ã®ãŠãŒã¶ãUTMãšåæããããšãã§ããŸããããã«ãããUTMã« ãŠãŒã¶ãªããžã§ã¯ããäºåã«äœæãããåœè©²ãŠãŒã¶ããã°ã€ã³ãããšãã«ã¯ããããã®ãŠãŒã¶ãªã ãžã§ã¯ãããã§ã«ååšããŠããŸããåæããã»ã¹ã¯é±æ¬¡ãŸãã¯æ¥æ¬¡ã§å®è¡ã§ããŸãã ããªãã§ãããæå¹ã«ããã«ã¯ã次ã®èšå®ãè¡ããŸãã UTM 9 管çã¬ã€ã 129 5.6 èªèšŒãµãŒã 5 å®çŸ©ãšãŠãŒã¶ ãµãŒã:ããããããŠã³ãªã¹ãã«ã¯ããµãŒã ã¿ãã§äœæããããµãŒããå«ãŸããŠããŸããããªãã§ãã ãæå¹ã«ãããµãŒããéžæããŸãã ããªãã§ããéé:ãŠãŒã¶ãããªãã§ããããééãéžæããŸããåæãé±æ¬¡ã§å®è¡ããå Žåãåæ ãéå§ããææ¥ãéžæããŸããåæãæ¥æ¬¡ã§å®è¡ããå Žåãããã€ãªãŒããéžæããŸãã ããªãã§ããæå»:ãŠãŒã¶ãããªãã§ããããæéãéžæããŸãã ã°ã«ãŒã:ã©ã®ã°ã«ãŒããäºåã«äœæãããæå®ããã«ã¯ãããã§ã°ã«ãŒããå ¥åããŸããçµ±å LDAP ãã©ãŠã¶ã䜿çšããŠããããã®ã°ã«ãŒããéžæã§ããŸãã ãã°ã€ã³æã®ããã¯ãšã³ãåæãæå¹å (ãªãã·ã§ã³):åããªãã§ããã€ãã³ãã«å¯ŸããŠãé¢é£ãããŠãŒ 㶠(ããŠãŒã¶ãšã°ã«ãŒã > ãŠãŒã¶ ãã¿ã) ã®ãããã¯ãšã³ãåæ ããªãã·ã§ã³ã¯ãããã§æå®ããå€ã«èšå® ãããŸãããã®ãªãã·ã§ã³ãæå¹ã«ãããšããŠãŒã¶ã®ãããã¯ãšã³ãåæ ããªãã·ã§ã³ã¯æå¹åããã ç¡å¹ã«ãããšããŠãŒã¶ã®ãããã¯ãšã³ãåæ ããªãã·ã§ã³ã¯ç¡å¹åãããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã çŽã¡ã«ããªãã§ãã:ããªãã§ãããä»ããéå§ããã«ã¯ããã®ãã¿ã³ãã¯ãªãã¯ããŸãã ããªãã§ããã©ã€ããã°ãéã:ããªãã§ããã®ã©ã€ããã°ãéãã«ã¯ããã®ãã¿ã³ãã¯ãªãã¯ããŸãã 130 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° ãã®ç« ã§ã¯ãSophos UTM ã§ã€ã³ã¿ãã§ãŒã¹ãšãããã¯ãŒã¯åºæã®èšå®ãæ§æããæ¹æ³ã«ã€ããŠèª¬æ ããŸããWebAdminã®ããããã¯ãŒã¯çµ±èš ãããŒãžã«ã¯ãä»æ¥ã®äžäœ 10件ã®ã¢ã«ãŠã³ãã£ã³ã°ãµãŒã ã¹ãäžäœéä¿¡å ãã¹ããããã³åææ¥ç¶ã®æŠèŠã衚瀺ãããŸããåã»ã¯ã·ã§ã³ã«ã¯ã詳现 ããªã³ã¯ã ãããŸãã ãªã³ã¯ãã¯ãªãã¯ãããš WebAdmin ã®è©²åœããã¬ããŒãã»ã¯ã·ã§ã³ã衚瀺ããã詳现ãªçµ±èš æ å ±ãåç §ã§ããŸãã ãã®ç« ã§ã¯ã次ã®ãããã¯ã«ã€ããŠèª¬æããŸãã l ã€ã³ã¿ãã§ãŒã¹ l ããªããž l QoS l ã¢ãããªã³ã¯ã¢ãã¿ãªã³ã° l IPv6 l ã¹ã¿ãã£ãã¯ã«ãŒãã£ã³ã° l OSPF l BGP l ãã«ããã£ã¹ãã«ãŒãã£ã³ã° (PIM-SM) 6.1 ã€ã³ã¿ãã§ãŒã¹ ã²ãŒããŠã§ã€ã«ã¯ãå éš LAN ãå€éšãããã¯ãŒã¯ (ã€ã³ã¿ãŒããããªã©) ã«ã»ãã¥ãªãã£ãç¶æããŠæ¥ç¶ ããããã«ãå°ãªããšã 2ã€ã®ãããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ã«ãŒããå¿ èŠã§ãã次ã®äŸã§ã¯ãããã ã¯ãŒã¯ã«ãŒã eth0 ã¯ãåžžã«ãå éšãããã¯ãŒã¯ã«æ¥ç¶ãããã€ã³ã¿ãã§ãŒã¹ã§ããäžæ¹ãããã ã¯ãŒã¯ã«ãŒã eth1 ã¯ãå€éšãããã¯ãŒã¯ (ã€ã³ã¿ãŒããããªã©) ã«æ¥ç¶ãããã€ã³ã¿ãã§ãŒã¹ã§ãããã ãã®ã€ã³ã¿ãã§ãŒã¹ã¯ãããããä¿¡é Œãããã€ã³ã¿ãã§ãŒã¹ãä¿¡é Œãããªãã€ã³ã¿ãã§ãŒã¹ãšãåŒã°ã ãŸãã ãããã¯ãŒã¯ã«ãŒãã¯ãã€ã³ã¹ããŒã«äžã«èªåèªèãããŸãããœãããŠã§ã¢ã¢ãã©ã€ã¢ã³ã¹ã§ã¯ãæ°ã ããããã¯ãŒã¯ã«ãŒããåŸã§è¿œå ãããšãæ°ããªã€ã³ã¹ããŒã«ãå¿ èŠã«ãªããŸããã·ã¹ãã ã®åã€ã³ ã¹ããŒã«ãè¡ãã«ã¯ãèšå®ã®ããã¯ã¢ãããäœæãããœãããŠã§ã¢ãã€ã³ã¹ããŒã«ããããã¯ã¢ããã埩 å ããã ãã§ãã 6.1 ã€ã³ã¿ãã§ãŒã¹ 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° å éšãããã¯ãŒã¯ãšå€éšãããã¯ãŒã¯ã®æ¥ç¹ã¯ãã²ãŒããŠã§ã€ã®ã¿ã§ããããã«ããŠãã ããããã¹ãŠ ã®ããŒã¿ã¯ UTM ãééããå¿ èŠããããŸããå éšã€ã³ã¿ãã§ãŒã¹ãšå€éšã€ã³ã¿ãã§ãŒã¹ã 1ã€ã®ãã ãŸãã¯ã¹ã€ããã«æ¥ç¶ããããšã¯æšå¥šããŸããããã ããã¹ã€ããããVLAN ã¹ã€ãããšããŠèšå®ãã ãŠããå Žåã¯é€ããŸãã誀ã£ã ARP (ã¢ãã¬ã¹è§£æ±ºãããã³ã«) 解決ãçºçããå¯èœæ§ãããããã ããARP ã¯ã©ãã·ã¥ããšåŒã³ãŸãããã®ç¶æ³ã¯ã(ãã€ã¯ããœãã補åãªã©) OS ã«ãã£ãŠã¯ç®¡çã§ã㪠ããã®ããããŸãããã®ãããåã²ãŒããŠã§ã€ãããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ã«å¯ŸããŠã1ã€ã®ç©çããã ã¯ãŒã¯ã»ã°ã¡ã³ãã䜿çšããå¿ èŠããããŸãã ãã€ã³ã¿ãã§ãŒã¹ ãã¡ãã¥ãŒã§ã¯ãUTM ã«ã€ã³ã¹ããŒã«ãããŠãããã¹ãŠã®ãããã¯ãŒã¯ã«ãŒããèšå®ã» 管çããããå€éšãããã¯ãŒã¯ (ã€ã³ã¿ãŒããã) ãžã®ãã¹ãŠã®ã€ã³ã¿ãã§ãŒã¹ãå éšãããã¯ãŒã¯ (LANãDMZ) ãžã®ã€ã³ã¿ãã§ãŒã¹ãèšå®ã»ç®¡çãããããããšãã§ããŸãã 泚 â ãããã¯ãŒã¯ããããžãèšç»ããUTM ãèšå®ããŠãããšãã¯ãã©ã®ã€ã³ã¿ãã§ãŒã¹ãã©ã®ããã ã¯ãŒã¯ã«æ¥ç¶ããŠãããã«æ³šæããŠãã ãããã»ãšãã©ã®èšå®ã§ãSysID ã eth1 ã®ãããã¯ãŒã¯ã€ ã³ã¿ãã§ãŒã¹ããå€éšãããã¯ãŒã¯ãžã®æ¥ç¶ãšããŠéžæãããŸããåé·å (HA) ãã§ã€ã«ãªãŒããŒã ã€ã³ã¹ããŒã«ããããã«ã¯ãåã SysID ã®ãããã¯ãŒã¯ã«ãŒããäž¡ã·ã¹ãã ã§éžæããå¿ èŠããã ãŸããHA ãã§ã€ã«ãªãŒããŒã®ã€ã³ã¹ããŒã«ã«ã€ããŠè©³çŽ°ã¯ã管ç > åé·å ã®ããŒãžãåç §ããŠã ã ããã 次ã®ã»ã¯ã·ã§ã³ã§ã¯ããã€ã³ã¿ãã§ãŒã¹ ãããè¿œå ã¢ãã¬ã¹ ããããªã³ã¯ã¢ã°ãªã²ãŒã·ã§ã³ãããã¢ãããªã³ã¯ã ã©ã³ã·ã³ã°ããããã«ããã¹ã«ãŒã« ãããããŒããŠã§ã¢ ãã®ã¿ãã§ãããŸããŸãªã€ã³ã¿ãã§ãŒã¹ã¿ã€ãã管 çã»èšå®ããæ¹æ³ã«ã€ããŠèª¬æããŸãã 6.1.1 ã€ã³ã¿ãã§ãŒã¹ ãã€ã³ã¿ãã§ãŒã¹ ãã¿ãã§ã¯ããããã¯ãŒã¯ã«ãŒããšä»®æ³ã€ã³ã¿ãã§ãŒã¹ãèšå®ã§ããŸãããªã¹ãã«ã¯ãã ã§ã«å®çŸ©ãããŠããã€ã³ã¿ãã§ãŒã¹ããã·ã³ãã«åãããŒããŠã§ã¢ããã€ã¹ãçŸåšã®ã¢ãã¬ã¹ãšãšã㫠衚瀺ãããŸããã€ã³ã¿ãã§ãŒã¹ã®ã¹ããŒã¿ã¹ã衚瀺ãããŸãããã°ã«ã¹ã€ãããã¯ãªãã¯ããŠãã€ã³ã¿ ãã§ãŒã¹ãæå¹ãŸãã¯ç¡å¹ã«åãæ¿ããããšãã§ããŸããã€ã³ã¿ãã§ãŒã¹ã°ã«ãŒãã«ã¯ãã°ã«ã¹ã€ã ãããªãããšã«æ³šæããŠãã ããã ãã³ã â ãã€ã³ã¿ãã§ãŒã¹ ããªã¹ãã«ããã€ã³ã¿ãã§ãŒã¹å®çŸ©ã®æ å ±ã¢ã€ã³ã³ãã¯ãªãã¯ãããšã該åœã ãã€ã³ã¿ãã§ãŒã¹å®çŸ©ã䜿çšããŠããèšå®ãªãã·ã§ã³ãã¹ãŠã衚瀺ã§ããŸãã æ°èŠè¿œå ããã€ã³ã¿ãã§ãŒã¹ã¯ããã®ã»ããã¢ããäžããç¡å¹ ããšè¡šç€ºãããå ŽåããããŸããåã€ã³ ã¿ãŒãã§ãŒã¹ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŠãç·šéãŸãã¯åé€ããããšãã§ããŸãã 132 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.1 ã€ã³ã¿ãã§ãŒã¹ 6.1.1.1 èªåã€ã³ã¿ãã§ãŒã¹ãããã¯ãŒã¯å®çŸ© UTM ã®åã€ã³ã¿ãã§ãŒã¹ã«ã¯ãã·ã³ãã«åãšããŒããŠã§ã¢ããã€ã¹ãå²ãåœãŠãããŠããŸããã·ã³ ãã«åã¯ãä»ã®æ§æèšå®ã§ã€ã³ã¿ãã§ãŒã¹ãåç §ãããšãã«äœ¿çšããŸããåã€ã³ã¿ãã§ãŒã¹ã«ã€ã ãŠã次ã®ãããªå¯Ÿå¿ãããããã¯ãŒã¯å®çŸ©ã®ã»ããã UTM ã«ãã£ãŠèªåçã«äœæãããŸãã l ã€ã³ã¿ãã§ãŒã¹ã®çŸåšã® IP ã¢ãã¬ã¹ãããã³ã€ã³ã¿ãã§ãŒã¹åãš (ã¢ãã¬ã¹) ãµãã£ãã¯ã¹ããæ ãååãå«ãŸããå®çŸ©ã l ã€ã³ã¿ãã§ãŒã¹ã«æ¥ç¶ããããããã¯ãŒã¯ãããã³ã€ã³ã¿ãã§ãŒã¹åãš (ãããã¯ãŒã¯) ãµãã£ã㯠ã¹ããæãååãå«ãŸããå®çŸ©ããã®å®çŸ©ã¯ãPPP ã¿ã€ãã®ã€ã³ã¿ãã§ãŒã¹ã«å¯ŸããŠã¯äœæ ãããŸããã l ã€ã³ã¿ãã§ãŒã¹ã®ãããŒããã£ã¹ãã¢ãã¬ã¹ãããã³ã€ã³ã¿ãã§ãŒã¹åãš (ãããŒããã£ã¹ã) ãµ ãã£ãã¯ã¹ããæãååãå«ãŸããå®çŸ©ããã®å®çŸ©ã¯ãPPP ã¿ã€ãã®ã€ã³ã¿ãã§ãŒã¹ã«å¯Ÿã㊠ã¯äœæãããŸããã ã€ã³ã¿ãã§ãŒã¹ã§åçã¢ãã¬ã¹å²ãåœãŠæ¹æ³ (DHCP ããªã¢ãŒãå²ãåœãŠãªã©) ã䜿çšãããŠããå Ž åããããã®å®çŸ©ã¯èªåçã«æŽæ°ãããŸãããã¡ã€ã¢ãŠã©ãŒã«ã NAT ã«ãŒã«ãªã©ããããã®å®çŸ© ãåç §ãããã¹ãŠã®èšå®ããå€æŽãããã¢ãã¬ã¹ã§èªåçã«æŽæ°ãããŸãã ãInternalã(å éš) ãšããã·ã³ãã«åã®ã€ã³ã¿ãã§ãŒã¹ 1ã€ãäºåã«å®çŸ©ãããŠããŸããããã¯ç®¡ççš ã€ã³ã¿ãŒãã§ãŒã¹ã§ãããéåžžããå éšã UTM ã€ã³ã¿ãã§ãŒã¹ãšããŠäœ¿çšãããŸãããã®ååãå€æŽã ãã«ã¯ãã€ã³ã¹ããŒã«çŽåŸã«è¡ãå¿ èŠããããŸãã 6.1.1.2 ã€ã³ã¿ãã§ãŒã¹ã¿ã€ã UTM ã«è¿œå å¯èœãªã€ã³ã¿ãã§ãŒã¹ã®çš®é¡ãšãããããµããŒãããããã«å¿ èŠãªããŒããŠã§ã¢ã®çš®é¡ ã¯æ¬¡ã®ãšããã§ãã ã°ã«ãŒã:ã€ã³ã¿ãã§ãŒã¹ãã°ã«ãŒãåããããšãã§ããŸããããã«ããã該åœããæ§æã§ã¯ãè€æ°ã® ã€ã³ã¿ãã§ãŒã¹ãåå¥ã«éžæãã代ããã«ã1ã€ã®ã€ã³ã¿ãã§ãŒã¹ã°ã«ãŒããéžæã§ããããã«ãªã㟠ãã 3G/UMTS:ããã¯ãUSB ã¢ãã ã¹ãã£ãã¯çšã®ã€ã³ã¿ãã§ãŒã¹ã§ããã€ã³ã¿ãã§ãŒã¹ãäœæããåã«ã ã¢ãã ã¹ãã£ãã¯ãå·®ã蟌ã¿ãUTM ãåèµ·åããå¿ èŠããããŸãã DSL (PPPoA/PPTP):PPP over ATMãDSL PPPoA ããã€ã¹ã§ã¯ãã²ãŒããŠã§ã€ã PPP-over-ATM äºæã® DSL åç·ã«æ¥ç¶ã§ããŸãããããã®ããã€ã¹ã¯ãPPTP ãããã³ã«ã䜿çšã㊠IP ãã±ããã ãã³ããªã³ã°ããŸãããããã®ããã€ã¹ã«ã¯å°çšã€ãŒãµãããæ¥ç¶ãå¿ èŠã§ã (åãããŒããŠã§ã¢äž ã§ä»ã®ã€ã³ã¿ãã§ãŒã¹ãšå ±åã§ããŸãã)ãDSL ã¢ãã ãã€ã³ã¿ãã§ãŒã¹ãããã¯ãŒã¯ã»ã°ã¡ã³ãã«æ¥ç¶ ããå¿ èŠããããŸãããããã®ããã€ã¹ã¿ã€ãã®ãããã¯ãŒã¯ãã©ã¡ãŒã¿ã¯ããªã¢ãŒãã¹ããŒã·ã§ã³ (䜿 UTM 9 管çã¬ã€ã 133 6.1 ã€ã³ã¿ãã§ãŒã¹ 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° çšããŠãã ISP ãªã©) ã§å²ãåœãŠãããšãã§ããŸããããã«ãISP ã¢ã«ãŠã³ãã®ãŠãŒã¶åããã³ãã¹ ã¯ãŒããå ¥åããå¿ èŠããããŸãããŸãã䜿çšããŠããã¢ãã ã® IP ã¢ãã¬ã¹ãå ¥åããå¿ èŠããã ãŸãããã®ã¢ãã¬ã¹ã¯éåžžã¢ãã ã«çµã¿èŸŒãŸããŠããããå€æŽã§ããŸãããã¢ãã ã§éä¿¡ããã« ã¯ãNIC IP ã¢ãã¬ã¹ãšããããã¹ã¯ãå ¥åããå¿ èŠããããŸããã¢ãã ã® IP ã¢ãã¬ã¹ã¯ããããã®ã ã©ã¡ãŒã¿ã§å®çŸ©ããããããã¯ãŒã¯ç¯å²å ã§ããå¿ èŠããããŸããPing å ã¢ãã¬ã¹ ã¯ãICMP ping èŠ æ±ã«å¿çãã PPTP ãªã³ã¯ã®å察åŽã®ãã¹ãã§ããå¿ èŠããããŸãã䜿çšããŠãã ISP ã® DNS ãµãŒããæå®ã§ããŸãããã®ã¢ãã¬ã¹ã§ ping ã§ããªãã£ãå Žåãæ¥ç¶ã«åé¡ããããšå€æãããå è©Šè¡ãããŸãã DSL (PPPoE):PPP over EthernetãDSL PPPoE ããã€ã¹ã§ã¯ãã²ãŒããŠã§ã€ã PPP-over-Ethernet äºæã® DSL åç·ã«æ¥ç¶ã§ããŸãããããã®ããã€ã¹ã«ã¯å°çšã€ãŒãµãããæ¥ç¶ãå¿ èŠã§ã (åã ããŒããŠã§ã¢ã§ä»ã®ã€ã³ã¿ãã§ãŒã¹ãšå ±åã§ããŸãã)ãDSL ã¢ãã ãã€ã³ã¿ãã§ãŒã¹ãããã¯ãŒã¯ã» ã°ã¡ã³ãã«æ¥ç¶ããå¿ èŠããããŸãããããã®ããã€ã¹ã¿ã€ãã®ãããã¯ãŒã¯ãã©ã¡ãŒã¿ã¯ããªã¢ãŒã ã¹ããŒã·ã§ã³ (䜿çšããŠãã ISP ãªã©) ã§å²ãåœãŠãããšãã§ããŸããããã«ãISP ã¢ã«ãŠã³ãã®ãŠãŒã¶ åããã³ãã¹ã¯ãŒããå ¥åããå¿ èŠããããŸãã ã€ãŒãµããã DHCP:ãã㯠DHCP ã䜿çšããæšæºã€ãŒãµãããã€ã³ã¿ãã§ãŒã¹ã§ãã ã€ãŒãµãããã¹ã¿ãã£ãã¯:ããã¯æšæºã®ã€ãŒãµãããã€ã³ã¿ãŒãã§ãŒã¹ã§ã10ã100ãããã¯1000Mbps ã®åž¯åå¹ ããããŸãã ã€ãŒãµããã VLAN:VLAN (ä»®æ³ LAN) ã¯ãåäžã®ããŒããŠã§ã¢ã€ã³ã¿ãã§ãŒã¹äžã«å¥åã®ã¬ã€ã€2 ãããã¯ãŒã¯ã»ã°ã¡ã³ããè€æ°æã€æ¹åŒã§ããåã»ã°ã¡ã³ãã¯æŽæ°ã®ãã¿ã°ãã§èå¥ãããŸããVLAN ã€ã³ã¿ãã§ãŒã¹ãè¿œå ããããšã§ãã€ã³ã¿ãã§ãŒã¹ (ãšã€ãªã¢ã¹) ã®è¿œå ã«äœ¿çšã§ãããããŒããŠã§ã¢ãã ãã€ã¹ãäœæãããŸããPPPoE ããã³ PPPoA ããã€ã¹ã¯ãVLAN ä»®æ³ããŒããŠã§ã¢äžã§ã¯å®è¡ ã§ããŸããã ã¢ãã (PPP):ãã®ã¿ã€ãã®ã€ã³ã¿ãã§ãŒã¹ã§ã¯ãPPP ã¢ãã ãä»ã㊠UTM ãã€ã³ã¿ãŒãããã«æ¥ç¶ã§ ããŸããèšå®ã«ã¯ãUTM ã«ã·ãªã¢ã«ã€ã³ã¿ãã§ãŒã¹ãšå€éšã¢ãã ãå¿ èŠã§ãããŸãããŠãŒã¶åãšã ã¹ã¯ãŒããå«ã DSL ã¢ã¯ã»ã¹ããŒã¿ãå¿ èŠã§ãããããã®ããŒã¿ã¯ã䜿çšããŠãã ISP ããå ¥æ㧠ããŸãã ãã¬ãã·ãã«ã¹ã ãã ã« ã€ã ㊠äžéšã® Sophos ããŒããŠã§ã¢ã¢ãã©ã€ã¢ã³ã¹ã«ããã¹ãããã䜿çšããŠã容æã«ããŒããŠã§ã¢ã€ã³ã¿ ãã§ãŒã¹ãå€æŽããããšãã§ããŸããã¹ãããã¢ãžã¥ãŒã«ãæ¿å ¥ããæè»ã«åãæ¿ããããšãã§ã㟠ãããã®ãããªããŒããŠã§ã¢ã䜿çšããŠããå ŽåãWebAdmin ã§ã¯ãåããŒããŠã§ã¢ã€ã³ã¿ãŒãã§ãŒã¹ ã«å¯ŸããŠãã¹ãããæ å ±ã衚瀺ãããŸããããšãã°ãeth1 [A6] Intel Corporation 82576 Gigabit Network Connection ãªã©ãšè¡šç€ºãããŸããããã§ãã¹ãããæ å ±ã¯è§æ¬åŒ§ã§å²ãŸããA6 ã¯ãã¹ããã A ã® 6çª ç®ã®ããŒããæããŸããçŸåšãæé« 3çš®é¡ã®ã¹ããã (AãBãC) ããããåã¹ãããã«å¯ŸããŠæé« 8çš® 134 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.1 ã€ã³ã¿ãã§ãŒã¹ é¡ã®ããŒãããããŸãããªã³ããŒãã¿ã€ãã®ã€ã³ã¿ãŒãã§ãŒã¹ã«ãŒãã¯ã [MGMT1] ããã³ [MGMT2] 㚠衚瀺ãããŸãã ã¹ãããæ å ±ã¯ãWebAdmin ã®æ¬¡ã®å Žæã§è¡šç€ºãããŸãã l ã€ã³ã¿ãŒãã§ãŒã¹ãšã«ãŒãã£ã³ã° > ã€ã³ã¿ãŒãã§ãŒã¹ > ã€ã³ã¿ãŒãã§ãŒã¹ l ã€ã³ã¿ãŒãã§ãŒã¹ãšã«ãŒãã£ã³ã° > ã€ã³ã¿ãŒãã§ãŒã¹ > ããŒããŠã§ã¢ l WebAdmin ã«ããããã¹ãŠã®ãããŒããŠã§ã¢ ãããããããŠã³ãªã¹ããããã³ããŒããŠã§ã¢ã€ã³ ã¿ãŒãã§ãŒã¹æ å ±ã衚瀺ãããŠãããªã¹ãã ãã¬ãã·ãã«ã¹ããããè£ åãããŠããã¢ãã©ã€ã¢ã³ã¹ã®çš®é¡ã®ææ°æ å ±ã¯ãSophos UTM Web ããŒãž ãåç §ããŠãã ããã 6.1.1.3 ã°ã«ãŒã 2ã€ä»¥äžã®ã€ã³ã¿ãã§ãŒã¹ãã°ã«ãŒãã«ãŸãšããããšãã§ããŸããã°ã«ãŒãåã«ãããèšå®ã¿ã¹ã¯ãç°¡ çŽ åããããšãã§ããŸãããã«ããã¹ã«ãŒã«ãäœæããå Žåã«ããã¹ãŠã®ã¢ãããªã³ã¯ã€ã³ã¿ãã§ãŒ ã¹ã§ã¯ãªããå®çŸ©ããã¢ãããªã³ã¯ã€ã³ã¿ãã§ãŒã¹ã°ã«ãŒãã§ã®ã¿ãã©ãã£ãã¯ã®åæ£ãè¡ãã«ã¯ãã° ã«ãŒããèšå®ããå¿ èŠããããŸãã ãã°ã«ãŒããã€ã³ã¿ãã§ãŒã¹ãèšå®ããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãã€ã³ã¿ãã§ãŒã¹ ãã¿ãã§ããæ°èŠã€ã³ã¿ãã§ãŒã¹ ããã¯ãªãã¯ããŸãã ãæ°èŠã€ã³ã¿ãã§ãŒã¹ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ã€ã³ã¿ãã§ãŒã¹ã説æããååãå ¥åããŠãã ããã ã¿ã€ã:ããããããŠã³ãªã¹ããããã°ã«ãŒãããéžæããŸãã ã€ã³ã¿ãã§ãŒã¹:ã°ã«ãŒãåããã€ã³ã¿ãã§ãŒã¹ãè¿œå ããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã ã°ã«ãŒããã€ã³ã¿ãã§ãŒã¹ãªã¹ãã«è¿œå ãããŸããã°ã«ãŒãã«ã¹ããŒã¿ã¹ã¯ãããŸããã ç¹å®ã¿ã€ãã®ã€ã³ã¿ãã§ãŒã¹ã®ã¿è¡šç€ºããå Žåã¯ãããããããŠã³ãªã¹ããã衚瀺ããã€ã³ã¿ãã§ãŒã¹ ã®ã¿ã€ããéžæããŸããã€ã³ã¿ãã§ãŒã¹ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ã㟠ãã UTM 9 管çã¬ã€ã 135 6.1 ã€ã³ã¿ãã§ãŒã¹ 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.1.1.4 3G/UMTS Sophos UTM ã¯ã3G/UMTS USB ã¢ãã ã¹ãã£ãã¯ã䜿çšãããããã¯ãŒã¯æ¥ç¶ããµããŒãããŠã㟠ãã 3G/UMTS ã€ã³ã¿ãã§ãŒã¹ãèšå®ããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãã€ã³ã¿ãã§ãŒã¹ ãã¿ãã§ããæ°èŠã€ã³ã¿ãã§ãŒã¹ ããã¯ãªãã¯ããŸãã ãæ°èŠã€ã³ã¿ãã§ãŒã¹ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ã€ã³ã¿ãã§ãŒã¹ã説æããååãå ¥åããŠãã ããã ã¿ã€ã:ããããããŠã³ãªã¹ãããã3G/UMTSããéžæããŸãã ããŒããŠã§ã¢:ããããããŠã³ãªã¹ããã USB ã¢ãã ã¹ãã£ãã¯ãéžæããŸããUSB ã¢ãã ã¹ ãã£ãã¯ãå·®ã蟌ãã åŸã§ãåèµ·åããå¿ èŠããããŸãã ãããã¯ãŒã¯:ã¢ãã€ã«ãããã¯ãŒã¯ã®çš®é¡ããGSM/W-CDMAãCDMAããŸã㯠LTE ããéžæ ããŸãã IPv4/IPv6 ããã©ã«ãG/W (ä»»æ):ãããã€ãã®ããã©ã«ãã²ãŒããŠã§ã€ã䜿çšããå Žåããã® ãªãã·ã§ã³ãéžæããŸãã PIN (ä»»æ):PIN ãèšå®ãããŠããå ŽåãSIM ã«ãŒãã® PIN ãå ¥åããŸãã APN èªåéžæ:(ä»»æ):ããã©ã«ãã§ã䜿çšãã APN (ã¢ã¯ã»ã¹ãã€ã³ãå) 㯠USB ã¢ãã ã¹ ãã£ãã¯ããååŸãããŸãããã§ãã¯ããã¯ã¹ã®éžæãå€ãå Žåã¯ããAPNããã£ãŒã«ãã« APN æ å ±ãå ¥åããŸãã ãŠãŒã¶å/ãã¹ã¯ãŒã (ä»»æ):å¿ èŠãªå Žåãã¢ãã€ã«ãããã¯ãŒã¯ã®ãŠãŒã¶åãšãã¹ã¯ãŒãã å ¥åããŸãã ãã€ã€ã«æåå (ä»»æ):ãããã€ããç°ãªããã€ã€ã«æååã䜿çšããŠããå Žåãããã«å ¥ åããŸããããã©ã«ã㯠*99# ã§ãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. 次ã®è©³çŽ°èšå®ãä»»æã§è¡ããŸãã åæåæåå:USB ã¢ãã ã¹ãã£ãã¯ãåæåããããã®æååãå ¥åããŸããUSB ã¢ãã ã¹ãã£ãã¯ã«å¿ããŠåæåæååã®å€æŽãå¿ èŠã«ãªãå¯èœæ§ããããŸãããã®å Žåãåæ åæååã¯åœè©² USB ã¢ãã ã¹ãã£ãã¯ã®ããã¥ã¢ã«ã§ç¢ºèªã§ããŸããå¿ èŠãªããã¥ã¢ã«ã ãªãå Žåãããã©ã«ãã® ATZ ãæå®ããŠãã ããã 136 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.1 ã€ã³ã¿ãã§ãŒã¹ ãªã»ããæåå:USB ã¢ãã ã¹ãã£ãã¯ã®ãªã»ããæååãå ¥åããŸããUSB ã¢ãã ã¹ãã£ã㯠ã«å¿ããŠãªã»ããæååã®å€æŽãå¿ èŠã«ãªãå¯èœæ§ããããŸãããã®å Žåããªã»ããæåå ã¯åœè©² USB ã¢ãã ã¹ãã£ãã¯ã®ããã¥ã¢ã«ã§ç¢ºèªã§ããŸããå¿ èŠãªããã¥ã¢ã«ããªãå Ž åãããã©ã«ãã® ATZ ãæå®ããŠãã ããã MTU:ã€ã³ã¿ãã§ãŒã¹ã®æ倧äŒéåäœããã€ãåäœã§å ¥åããŸãããã©ãã£ãã¯ç®¡çæ©èœã䜿 çšããã«ã¯ãã€ã³ã¿ãã§ãŒã¹ã¿ã€ãã«å¯Ÿå¿ããå€ãããã«å ¥åããå¿ èŠããããŸããã€ã³ã¿ ãã§ãŒã¹ã¿ã€ãã«å¯ŸããŠé©åãªå€ãããã©ã«ãã§å ¥åãããŠããŸãããã®èšå®ã®å€æŽã¯ãæ è¡çã«çç·ŽãããŠãŒã¶ã®ã¿ãè¡ã£ãŠãã ãããããã«äžæ£ãªå€ãå ¥åãããšãã€ã³ã¿ãã§ãŒã¹ ã䜿çšäžå¯èœã«ãªãå ŽåããããŸãã1500ãã€ããè¶ ãã MTU ãµã€ãºãæå®ããå Žåã¯ã éä¿¡äºæ¥è ããã³ãããã¯ãŒã¯ã«ãŒããããã«å¯Ÿå¿ããŠããå¿ èŠããããŸã (äŸ: ã®ã¬ããã ã€ã³ã¿ãã§ãŒã¹)ãããã©ã«ãã§ã3G/UMTS ã€ã³ã¿ãã§ãŒã¹ã¿ã€ãã«ã¯ã1500ãã€ãã® MTU ãèš å®ãããŠããŸãã é察称 (ä»»æ):æ¥ç¶ã®ã¢ãããªã³ã¯ãšããŠã³ãªã³ã¯ã®åž¯åå¹ ãåäžã§ãªãå Žåã«ãããã·ã¥ ããŒãã«ãããåæ ãããå Žåã¯ããã®ãªãã·ã§ã³ãéžæããŸããéžæãããšã2ã€ã®ããã¹ã ããã¯ã¹ã衚瀺ãããŸããããã«æ倧ã¢ãããªã³ã¯åž¯åå¹ ã Mbps ãŸã㯠Kbps åäœã§å ¥åã ãŸããããããããŠã³ãªã¹ãããé©åãªåäœãéžæããŸãã 衚瀺ããæ倧é床 (ä»»æ):ããã·ã¥ããŒãã«è¡šç€ºãããæ¥ç¶ã®æ倧ããŠã³ãªã³ã¯åž¯åå¹ ãå ¥ åããŸãã垯åå¹ ã¯ Mbps ãŸã㯠Kbps åäœã§å ¥åã§ããŸããããããããŠã³ãªã¹ãããé©å ãªåäœãéžæããŸãã 4. ãä¿å ããã¯ãªãã¯ããŸãã ã·ã¹ãã ãèšå®ã®æå¹æ§ã確èªããŸãããã§ãã¯ã«æåãããšãæ°ããã€ã³ã¿ãã§ãŒã¹ãã€ã³ ã¿ãã§ãŒã¹ãªã¹ãã«è¡šç€ºãããŸããã€ã³ã¿ãã§ãŒã¹ã¯ãŸã æå¹ã§ã¯ãããŸãã (ãã°ã«ã¹ã€ãã ã¯ã°ã¬ãŒè¡šç€º)ã 5. ã€ã³ã¿ãã§ãŒã¹ãæå¹ã«ããŸãã ã€ã³ã¿ãã§ãŒã¹ãæå¹ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ããã§ã€ã³ã¿ãã§ãŒã¹ãæå¹ã«ãªããŸã (ãã°ã«ã¹ã€ããã¯ç·è²)ãã€ã³ã¿ãã§ãŒã¹ããŸã ãç¡ å¹ ããšè¡šç€ºãããå ŽåããããŸããã·ã¹ãã ãæ§æãè¡ããèšå®ãããŒããããŸã§ããã°ãã æéãããããŸãããæå¹ ãã衚瀺ãããããã€ã³ã¿ãã§ãŒã¹ã¯å®å šã«åäœå¯èœã§ãã ç¹å®ã¿ã€ãã®ã€ã³ã¿ãã§ãŒã¹ã®ã¿è¡šç€ºããå Žåã¯ãããããããŠã³ãªã¹ããã衚瀺ããã€ã³ã¿ãã§ãŒã¹ ã®ã¿ã€ããéžæããŸããã€ã³ã¿ãã§ãŒã¹ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ã㟠ãã UTM 9 管çã¬ã€ã 137 6.1 ã€ã³ã¿ãã§ãŒã¹ 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.1.1.5 ã€ãŒãµãããã¹ã¿ãã£ã㯠å éšãŸãã¯å€éšãããã¯ãŒã¯ã«ãã¹ã¿ãã£ãã¯ã€ãŒãµãããæ¥ç¶ããããã®ãããã¯ãŒã¯ã«ãŒããèšå® ããã«ã¯ãIP ã¢ãã¬ã¹ãšããããã¹ã¯ãèšå®ããå¿ èŠããããŸãã ã¹ã¿ãã£ãã¯ã€ãŒãµãããã€ã³ã¿ãã§ãŒã¹ãèšå®ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ãã€ã³ã¿ãã§ãŒã¹ ãã¿ãã§ããæ°èŠã€ã³ã¿ãã§ãŒã¹ ããã¯ãªãã¯ããŸãã ãæ°èŠã€ã³ã¿ãã§ãŒã¹ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ã€ã³ã¿ãã§ãŒã¹ã説æããååãå ¥åããŠãã ããã ã¿ã€ã:ããããããŠã³ãªã¹ããããã€ãŒãµãããã¹ã¿ãã£ã㯠ããéžæããŸãã ããŒããŠã§ã¢:ããããããŠã³ãªã¹ãããã€ã³ã¿ãã§ãŒã¹ãéžæããŸãã ãã³ã â ã€ã³ã¿ãŒããããªã©ã®å€éšæ¥ç¶ã«ã¯ãSysID ã eth1 ã®ãããã¯ãŒãã«ãŒããéžæã㊠ãã ããã1æã®ãããã¯ãŒã¯ã«ãŒãããã€ãŒãµãããã¹ã¿ãã£ã㯠ã€ã³ã¿ãã§ãŒã¹ããã³ PPPoE DSL (PPP over Ethernet) æ¥ç¶ãŸã㯠PPPoA DSL (PPTP over Ethernet) æ¥ç¶ãšããŠåæ㫠䜿çšããããšã¯ã§ããŸããã IPv4/IPv6 ã¢ãã¬ã¹:ã€ã³ã¿ãŒãã§ãŒã¹ã® IP ã¢ãã¬ã¹ãå ¥åããŸãã ããããã¹ã¯:ãããã¯ãŒã¯ãã¹ã¯ (IPv4) ãéžæããããIPv6 ãããã¯ãŒã¯ãã¹ã¯ãå ¥åããŸãã IPv4/IPv6 ããã©ã«ãG/W (ä»»æ):ã¹ã¿ãã£ãã¯ã«å®çŸ©ãããããã©ã«ãã²ãŒããŠã§ã€ã䜿çšãã ã«ã¯ããã®ãªãã·ã§ã³ãéžæããŸãã ããã©ã«ãG/W IP (ä»»æ):ããã©ã«ãã²ãŒããŠã§ã€ ã® IP ã¢ãã¬ã¹ãå ¥åããŸãã 泚 â IPv4 ããã³ IPv6 ã¢ãã¬ã¹ãåæã«äœ¿çšãããããã€ã³ã¿ãã§ãŒã¹ãèšå®ããããšãã§ã ãŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. 次ã®è©³çŽ°èšå®ãä»»æã§è¡ããŸãã MTU:ã€ã³ã¿ãã§ãŒã¹ã®æ倧äŒéåäœããã€ãåäœã§å ¥åããŸãããã©ãã£ãã¯ç®¡çæ©èœã䜿 çšããã«ã¯ãã€ã³ã¿ãã§ãŒã¹ã¿ã€ãã«å¯Ÿå¿ããå€ãããã«å ¥åããå¿ èŠããããŸããã€ã³ã¿ ãã§ãŒã¹ã¿ã€ãã«å¯ŸããŠé©åãªå€ãããã©ã«ãã§å ¥åãããŠããŸãããã®èšå®ã®å€æŽã¯ãæ è¡çã«çç·ŽãããŠãŒã¶ã®ã¿ãè¡ã£ãŠãã ãããããã«äžæ£ãªå€ãå ¥åãããšãã€ã³ã¿ãã§ãŒã¹ 138 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.1 ã€ã³ã¿ãã§ãŒã¹ ã䜿çšäžå¯èœã«ãªãå ŽåããããŸãã1500ãã€ããè¶ ãã MTU ãµã€ãºãæå®ããå Žåã¯ã éä¿¡äºæ¥è ããã³ãããã¯ãŒã¯ã«ãŒããããã«å¯Ÿå¿ããŠããå¿ èŠããããŸã (äŸ: ã®ã¬ããã ã€ã³ã¿ãã§ãŒã¹)ãããã©ã«ãã§ããã€ãŒãµãããã¹ã¿ãã£ã㯠ãã€ã³ã¿ãã§ãŒã¹ã¿ã€ãã«ã¯ 1500ã〠ãã® MTU ãèšå®ãããŠããŸãã ãããã· ARP:ãã®æ©èœãæå¹ã«ããã«ã¯ããã§ãã¯ããã¯ã¹ãéžæããŸããããã©ã«ãã§ããã ããã· ARP ãæ©èœã¯ç¡å¹ã«ãªã£ãŠããŸãã ãã®ãªãã·ã§ã³ã¯ãããŒããã£ã¹ãã¿ã€ãã®ã€ã³ã¿ãã§ãŒã¹ã§äœ¿çšã§ããŸãããããéžæãã ãšãUTM ã¯ãã€ã³ã¿ãã§ãŒã¹äžã®ãã©ãã£ãã¯ãããã®ãèåŸã«ããããã¹ãã®ä»£ããã«ãåŒã〠ãããæž¡ããŸããçŽæ¥æ¥ç¶ãããã€ã³ã¿ãã§ãŒã¹ã«ãŒãããããã¹ãŠã®ãã¹ãã«å¯ŸããŠãã®åŠ çãè¡ãããŸããããã«ããããã¡ã€ã¢ãŠã©ãŒã«ãå®è¡ãããŸãŸããééçãªããããã¯ãŒã¯ã ãªããžãæ§ç¯ããããšãã§ããŸãããã®æ©èœã®ä»ã®å©çšæ¹æ³ãšããŠã¯ãISP ã®ã«ãŒã¿ããå ¬ åŒããããã¯ãŒã¯ã®ã¿ãã€ãŒãµãããã€ã³ã¿ãã§ãŒã¹ã«åãå ¥ããå ŽåããããŸã (ãã¹ãã«ãŒ ãã䜿çšããªã)ã é察称 (ä»»æ):æ¥ç¶ã®ã¢ãããªã³ã¯ãšããŠã³ãªã³ã¯ã®åž¯åå¹ ãåäžã§ãªãå Žåã«ãããã·ã¥ ããŒãã«ãããåæ ãããå Žåã¯ããã®ãªãã·ã§ã³ãéžæããŸããéžæãããšã2ã€ã®ããã¹ã ããã¯ã¹ã衚瀺ãããŸããããã«æ倧ã¢ãããªã³ã¯åž¯åå¹ ã Mbps ãŸã㯠Kbps åäœã§å ¥åã ãŸããããããããŠã³ãªã¹ãããé©åãªåäœãéžæããŸãã 衚瀺ããæ倧é床 (ä»»æ):ããã·ã¥ããŒãã«è¡šç€ºãããæ¥ç¶ã®æ倧ããŠã³ãªã³ã¯åž¯åå¹ ãå ¥ åããŸãã垯åå¹ ã¯ Mbps ãŸã㯠Kbps åäœã§å ¥åã§ããŸããããããããŠã³ãªã¹ãããé©å ãªåäœãéžæããŸãã 4. ãä¿å ããã¯ãªãã¯ããŸãã ã·ã¹ãã ãèšå®ã®æå¹æ§ã確èªããŸãããã§ãã¯ã«æåãããšãæ°ããã€ã³ã¿ãã§ãŒã¹ãã€ã³ ã¿ãã§ãŒã¹ãªã¹ãã«è¡šç€ºãããŸããã€ã³ã¿ãã§ãŒã¹ã¯ãŸã æå¹ã§ã¯ãããŸãã (ãã°ã«ã¹ã€ãã ã¯ã°ã¬ãŒè¡šç€º)ã 5. ã€ã³ã¿ãã§ãŒã¹ãæå¹ã«ããŸãã ã€ã³ã¿ãã§ãŒã¹ãæå¹ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ããã§ã€ã³ã¿ãã§ãŒã¹ãæå¹ã«ãªããŸã (ãã°ã«ã¹ã€ããã¯ç·è²)ãã€ã³ã¿ãã§ãŒã¹ããŸã ãç¡ å¹ ããšè¡šç€ºãããå ŽåããããŸããã·ã¹ãã ãæ§æãè¡ããèšå®ãããŒããããŸã§ããã°ãã æéãããããŸãããæå¹ ãã衚瀺ãããããã€ã³ã¿ãã§ãŒã¹ã¯å®å šã«åäœå¯èœã§ãã ç¹å®ã¿ã€ãã®ã€ã³ã¿ãã§ãŒã¹ã®ã¿è¡šç€ºããå Žåã¯ãããããããŠã³ãªã¹ããã衚瀺ããã€ã³ã¿ãã§ãŒã¹ ã®ã¿ã€ããéžæããŸããã€ã³ã¿ãã§ãŒã¹ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ã㟠ãã UTM 9 管çã¬ã€ã 139 6.1 ã€ã³ã¿ãã§ãŒã¹ 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.1.1.6 ã€ãŒãµããã VLAN UTM ãä»®æ³ LAN ã«æ¥ç¶ããããã«ã¯ãã¿ã°ä»ãå¯èœãªãã©ã€ãã®ãããããã¯ãŒã¯ã«ãŒããå¿ èŠ ã«ãªããŸãã ã¿ã°ãšã¯ãã€ãŒãµããããããã®äžéšãšããŠãã±ããã«ä»ãããã 4ãã€ãã®ããã㧠ããã¿ã°ã«ã¯ããã±ããã®éä¿¡å ãšãªã VLAN ã®çªå·ãæ ŒçŽãããŸããVLAN ã®çªå·ã¯ 12ãããæ° ã§ãæ倧 4095ã®ä»®æ³ LAN ãŸã§èš±å¯ããŸããWebAdmin ã§ã¯ããã®æ°ããVLAN ã¿ã°ããšåŒã³ãŸãã 泚 â Sophos ã¯ãã¿ã°ä»ãå¯èœãªãããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ã«ãŒãã®ãªã¹ãã管çããŠããŸããã㌠ããŠã§ã¢äºææ§ãªã¹ã (HCL) ã¯Sophos ãµããŒãããŒã¿ããŒã¹ããå©çšå¯èœã§ãããHCLããæ€çŽ¢çš èªãšããŠäœ¿çšããŠã該åœããããŒãžãæ¢ããŠãã ããã ã€ãŒãµããã VLAN ã€ã³ã¿ãã§ãŒã¹ãèšå®ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ãã€ã³ã¿ãã§ãŒã¹ ãã¿ãã§ããæ°èŠã€ã³ã¿ãã§ãŒã¹ ããã¯ãªãã¯ããŸãã ãæ°èŠã€ã³ã¿ãã§ãŒã¹ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ã€ã³ã¿ãã§ãŒã¹ã説æããååãå ¥åããŠãã ããã ã¿ã€ã:ããããããŠã³ãªã¹ããããã€ãŒãµããã VLANããéžæããŸãã ããŒããŠã§ã¢:ããããããŠã³ãªã¹ãããã€ã³ã¿ãã§ãŒã¹ãéžæããŸãã VLAN ã¿ã°:ãã®ã€ã³ã¿ãã§ãŒã¹ã«å¯ŸããŠäœ¿çšãã VLAN ã¿ã°ãå ¥åããŸãã IPv4/IPv6 ã¢ãã¬ã¹:ã€ã³ã¿ãŒãã§ãŒã¹ã® IP ã¢ãã¬ã¹ãå ¥åããŸãã ããããã¹ã¯:ãããã¯ãŒã¯ãã¹ã¯ (IPv4) ãéžæããããIPv6 ãããã¯ãŒã¯ãã¹ã¯ãå ¥åããŸãã IPv4/IPv6 ããã©ã«ãG/W (ä»»æ):ã¹ã¿ãã£ãã¯ã«å®çŸ©ãããããã©ã«ãã²ãŒããŠã§ã€ã䜿çšãã ã«ã¯ããã®ãªãã·ã§ã³ãéžæããŸãã ããã©ã«ãG/W IP (ä»»æ):ããã©ã«ãã²ãŒããŠã§ã€ ã® IP ã¢ãã¬ã¹ãå ¥åããŸãã 泚 â IPv4 ããã³ IPv6 ã¢ãã¬ã¹ãåæã«äœ¿çšãããããã€ã³ã¿ãã§ãŒã¹ãèšå®ããããšãã§ã ãŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 140 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.1 ã€ã³ã¿ãã§ãŒã¹ 3. 次ã®è©³çŽ°èšå®ãä»»æã§è¡ããŸãã MTU:ã€ã³ã¿ãã§ãŒã¹ã®æ倧äŒéåäœããã€ãåäœã§å ¥åããŸãããã©ãã£ãã¯ç®¡çæ©èœã䜿 çšããã«ã¯ãã€ã³ã¿ãã§ãŒã¹ã¿ã€ãã«å¯Ÿå¿ããå€ãããã«å ¥åããå¿ èŠããããŸããã€ã³ã¿ ãã§ãŒã¹ã¿ã€ãã«å¯ŸããŠé©åãªå€ãããã©ã«ãã§å ¥åãããŠããŸãããã®èšå®ã®å€æŽã¯ãæ è¡çã«çç·ŽãããŠãŒã¶ã®ã¿ãè¡ã£ãŠãã ãããããã«äžæ£ãªå€ãå ¥åãããšãã€ã³ã¿ãã§ãŒã¹ ã䜿çšäžå¯èœã«ãªãå ŽåããããŸãã1500ãã€ããè¶ ãã MTU ãµã€ãºãæå®ããå Žåã¯ã éä¿¡äºæ¥è ããã³ãããã¯ãŒã¯ã«ãŒããããã«å¯Ÿå¿ããŠããå¿ èŠããããŸã (äŸ: ã®ã¬ããã ã€ã³ã¿ãã§ãŒã¹)ã ããã©ã«ãã§ããã€ãŒãµããã VLANãã€ã³ã¿ãã§ãŒã¹ã¿ã€ãã«ã¯ 1500ãã€ãã® MTU ãèšå®ãããŠããŸãã ãããã· ARP:ãã®æ©èœãæå¹ã«ããã«ã¯ããã§ãã¯ããã¯ã¹ãéžæããŸããããã©ã«ãã§ããã ããã· ARP ãæ©èœã¯ç¡å¹ã«ãªã£ãŠããŸãã ãã®ãªãã·ã§ã³ã¯ãããŒããã£ã¹ãã¿ã€ãã®ã€ã³ã¿ãã§ãŒã¹ã§äœ¿çšã§ããŸãããããéžæãã ãšãUTM ã¯ãã€ã³ã¿ãã§ãŒã¹äžã®ãã©ãã£ãã¯ãããã®ãèåŸã«ããããã¹ãã®ä»£ããã«ãåŒã〠ãããæž¡ããŸããçŽæ¥æ¥ç¶ãããã€ã³ã¿ãã§ãŒã¹ã«ãŒãããããã¹ãŠã®ãã¹ãã«å¯ŸããŠãã®åŠ çãè¡ãããŸããããã«ããããã¡ã€ã¢ãŠã©ãŒã«ãå®è¡ãããŸãŸããééçãªããããã¯ãŒã¯ã ãªããžãæ§ç¯ããããšãã§ããŸãããã®æ©èœã®ä»ã®å©çšæ¹æ³ãšããŠã¯ãISP ã®ã«ãŒã¿ããå ¬ åŒããããã¯ãŒã¯ã®ã¿ãã€ãŒãµãããã€ã³ã¿ãã§ãŒã¹ã«åãå ¥ããå ŽåããããŸã (ãã¹ãã«ãŒ ãã䜿çšããªã)ã é察称 (ä»»æ):æ¥ç¶ã®ã¢ãããªã³ã¯ãšããŠã³ãªã³ã¯ã®åž¯åå¹ ãåäžã§ãªãå Žåã«ãããã·ã¥ ããŒãã«ãããåæ ãããå Žåã¯ããã®ãªãã·ã§ã³ãéžæããŸããéžæãããšã2ã€ã®ããã¹ã ããã¯ã¹ã衚瀺ãããŸããããã«æ倧ã¢ãããªã³ã¯åž¯åå¹ ã Mbps ãŸã㯠Kbps åäœã§å ¥åã ãŸããããããããŠã³ãªã¹ãããé©åãªåäœãéžæããŸãã 衚瀺ããæ倧é床 (ä»»æ):ããã·ã¥ããŒãã«è¡šç€ºãããæ¥ç¶ã®æ倧ããŠã³ãªã³ã¯åž¯åå¹ ãå ¥ åããŸãã垯åå¹ ã¯ Mbps ãŸã㯠Kbps åäœã§å ¥åã§ããŸããããããããŠã³ãªã¹ãããé©å ãªåäœãéžæããŸãã 4. ãä¿å ããã¯ãªãã¯ããŸãã ã·ã¹ãã ãèšå®ã®æå¹æ§ã確èªããŸãããã§ãã¯ã«æåãããšãæ°ããã€ã³ã¿ãã§ãŒã¹ãã€ã³ ã¿ãã§ãŒã¹ãªã¹ãã«è¡šç€ºãããŸããã€ã³ã¿ãã§ãŒã¹ã¯ãŸã æå¹ã§ã¯ãããŸãã (ãã°ã«ã¹ã€ãã ã¯ã°ã¬ãŒè¡šç€º)ã 5. ã€ã³ã¿ãã§ãŒã¹ãæå¹ã«ããŸãã ã€ã³ã¿ãã§ãŒã¹ãæå¹ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ããã§ã€ã³ã¿ãã§ãŒã¹ãæå¹ã«ãªããŸã (ãã°ã«ã¹ã€ããã¯ç·è²)ãã€ã³ã¿ãã§ãŒã¹ããŸã ãç¡ å¹ ããšè¡šç€ºãããå ŽåããããŸããã·ã¹ãã ãæ§æãè¡ããèšå®ãããŒããããŸã§ããã°ãã æéãããããŸãããæå¹ ãã衚瀺ãããããã€ã³ã¿ãã§ãŒã¹ã¯å®å šã«åäœå¯èœã§ãã UTM 9 管çã¬ã€ã 141 6.1 ã€ã³ã¿ãã§ãŒã¹ 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° ç¹å®ã¿ã€ãã®ã€ã³ã¿ãã§ãŒã¹ã®ã¿è¡šç€ºããå Žåã¯ãããããããŠã³ãªã¹ããã衚瀺ããã€ã³ã¿ãã§ãŒã¹ ã®ã¿ã€ããéžæããŸããã€ã³ã¿ãã§ãŒã¹ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ã㟠ãã 6.1.1.7 ã€ãŒãµããã DHCP ã€ãŒãµããã DHCP ã€ã³ã¿ãã§ãŒã¹ãèšå®ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ãã€ã³ã¿ãã§ãŒã¹ ãã¿ãã§ããæ°èŠã€ã³ã¿ãã§ãŒã¹ ããã¯ãªãã¯ããŸãã ãæ°èŠã€ã³ã¿ãã§ãŒã¹ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ã€ã³ã¿ãã§ãŒã¹ã説æããååãå ¥åããŠãã ããã ã¿ã€ã:ããããããŠã³ãªã¹ããããã€ãŒãµããã DHCP ããéžæããŸãã ããŒããŠã§ã¢:ããããããŠã³ãªã¹ãããã€ã³ã¿ãã§ãŒã¹ãéžæããŸãã ãã³ã â ã€ã³ã¿ãŒããããªã©ã®å€éšæ¥ç¶ã«ã¯ãSysID ã eth1 ã®ãããã¯ãŒãã«ãŒããéžæã ãŠãã ããã1æã®ãããã¯ãŒã¯ã«ãŒãããã€ãŒãµããã DHCP ããã³PPP over Ethernet (PPPoE-DSL) ãŸã㯠PPTP over Ethernet (PPPoA-DSL) æ¥ç¶ãšããŠåæã«äœ¿çšããããšã¯ ã§ããŸããã IPv4/IPv6 ããã©ã«ãG/W (ä»»æ):ãããã€ãã®ããã©ã«ãã²ãŒããŠã§ã€ã䜿çšããå Žåããã® ãªãã·ã§ã³ãéžæããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. 次ã®è©³çŽ°èšå®ãä»»æã§è¡ããŸãã ãã¹ãå:ISP ãã·ã¹ãã ã®ãã¹ãåã®åä¿¡ãèŠæ±ããå Žåãããã«å ¥åããŸãã MTU:ã€ã³ã¿ãã§ãŒã¹ã®æ倧äŒéåäœããã€ãåäœã§å ¥åããŸãããã©ãã£ãã¯ç®¡çæ©èœã䜿 çšããã«ã¯ãã€ã³ã¿ãã§ãŒã¹ã¿ã€ãã«å¯Ÿå¿ããå€ãããã«å ¥åããå¿ èŠããããŸããã€ã³ã¿ ãã§ãŒã¹ã¿ã€ãã«å¯ŸããŠé©åãªå€ãããã©ã«ãã§å ¥åãããŠããŸãããã®èšå®ã®å€æŽã¯ãæ è¡çã«çç·ŽãããŠãŒã¶ã®ã¿ãè¡ã£ãŠãã ãããããã«äžæ£ãªå€ãå ¥åãããšãã€ã³ã¿ãã§ãŒã¹ ã䜿çšäžå¯èœã«ãªãå ŽåããããŸãã1500ãã€ããè¶ ãã MTU ãµã€ãºãæå®ããå Žåã¯ã éä¿¡äºæ¥è ããã³ãããã¯ãŒã¯ã«ãŒããããã«å¯Ÿå¿ããŠããå¿ èŠããããŸã (äŸ: ã®ã¬ããã ã€ã³ã¿ãã§ãŒã¹)ãããã©ã«ãã§ããã€ãŒãµããã DHCP ãã€ã³ã¿ãã§ãŒã¹ã¿ã€ãã«ã¯ 1500ãã€ãã® MTU ãèšå®ãããŠããŸãã 142 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.1 ã€ã³ã¿ãã§ãŒã¹ ãããã· ARP:ãã®æ©èœãæå¹ã«ããã«ã¯ããã§ãã¯ããã¯ã¹ãéžæããŸããããã©ã«ãã§ããã ããã· ARP ãæ©èœã¯ç¡å¹ã«ãªã£ãŠããŸãã ãã®ãªãã·ã§ã³ã¯ãããŒããã£ã¹ãã¿ã€ãã®ã€ã³ã¿ãã§ãŒã¹ã§äœ¿çšã§ããŸãããããéžæãã ãšãUTM ã¯ãã€ã³ã¿ãã§ãŒã¹äžã®ãã©ãã£ãã¯ãããã®ãèåŸã«ããããã¹ãã®ä»£ããã«ãåŒã〠ãããæž¡ããŸããçŽæ¥æ¥ç¶ãããã€ã³ã¿ãã§ãŒã¹ã«ãŒãããããã¹ãŠã®ãã¹ãã«å¯ŸããŠãã®åŠ çãè¡ãããŸããããã«ããããã¡ã€ã¢ãŠã©ãŒã«ãå®è¡ãããŸãŸããééçãªããããã¯ãŒã¯ã ãªããžãæ§ç¯ããããšãã§ããŸãããã®æ©èœã®ä»ã®å©çšæ¹æ³ãšããŠã¯ãISP ã®ã«ãŒã¿ããå ¬ åŒããããã¯ãŒã¯ã®ã¿ãã€ãŒãµãããã€ã³ã¿ãã§ãŒã¹ã«åãå ¥ããå ŽåããããŸã (ãã¹ãã«ãŒ ãã䜿çšããªã)ã é察称 (ä»»æ):æ¥ç¶ã®ã¢ãããªã³ã¯ãšããŠã³ãªã³ã¯ã®åž¯åå¹ ãåäžã§ãªãå Žåã«ãããã·ã¥ ããŒãã«ãããåæ ãããå Žåã¯ããã®ãªãã·ã§ã³ãéžæããŸããéžæãããšã2ã€ã®ããã¹ã ããã¯ã¹ã衚瀺ãããŸããããã«æ倧ã¢ãããªã³ã¯åž¯åå¹ ã Mbps ãŸã㯠Kbps åäœã§å ¥åã ãŸããããããããŠã³ãªã¹ãããé©åãªåäœãéžæããŸãã 衚瀺ããæ倧é床 (ä»»æ):ããã·ã¥ããŒãã«è¡šç€ºãããæ¥ç¶ã®æ倧ããŠã³ãªã³ã¯åž¯åå¹ ãå ¥ åããŸãã垯åå¹ ã¯ Mbps ãŸã㯠Kbps åäœã§å ¥åã§ããŸããããããããŠã³ãªã¹ãããé©å ãªåäœãéžæããŸãã 4. ãä¿å ããã¯ãªãã¯ããŸãã ã·ã¹ãã ãèšå®ã®æå¹æ§ã確èªããŸãããã§ãã¯ã«æåãããšãæ°ããã€ã³ã¿ãã§ãŒã¹ãã€ã³ ã¿ãã§ãŒã¹ãªã¹ãã«è¡šç€ºãããŸããã€ã³ã¿ãã§ãŒã¹ã¯ãŸã æå¹ã§ã¯ãããŸãã (ãã°ã«ã¹ã€ãã ã¯ã°ã¬ãŒè¡šç€º)ã 5. ã€ã³ã¿ãã§ãŒã¹ãæå¹ã«ããŸãã ã€ã³ã¿ãã§ãŒã¹ãæå¹ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ããã§ã€ã³ã¿ãã§ãŒã¹ãæå¹ã«ãªããŸã (ãã°ã«ã¹ã€ããã¯ç·è²)ãã€ã³ã¿ãã§ãŒã¹ããŸã ãç¡ å¹ ããšè¡šç€ºãããå ŽåããããŸããã·ã¹ãã ãæ§æãè¡ããèšå®ãããŒããããŸã§ããã°ãã æéãããããŸãããæå¹ ãã衚瀺ãããããã€ã³ã¿ãã§ãŒã¹ã¯å®å šã«åäœå¯èœã§ãã ç¹å®ã¿ã€ãã®ã€ã³ã¿ãã§ãŒã¹ã®ã¿è¡šç€ºããå Žåã¯ãããããããŠã³ãªã¹ããã衚瀺ããã€ã³ã¿ãã§ãŒã¹ ã®ã¿ã€ããéžæããŸããã€ã³ã¿ãã§ãŒã¹ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ã㟠ãã 6.1.1.8 DSL (PPPoE) èšå®ã«ã¯ããå©çšã® ISP ãæäŸãããŠãŒã¶åãšãã¹ã¯ãŒããå«ã DSL æ¥ç¶æ å ±ãå¿ èŠã«ãªã㟠ããVDSL ããã®ã€ã³ã¿ãã§ãŒã¹ã¿ã€ãã§ãµããŒããããŠããŸãã UTM 9 管çã¬ã€ã 143 6.1 ã€ã³ã¿ãã§ãŒã¹ 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 泚 â DSL æ¥ç¶ãæå¹ã«ãããšãUTMã¯ãå©çšã® ISP ã« 1æ¥ 24æéæ¥ç¶ãããŸãããããã£ãŠãã å©çšã® ISP ã®è«æ±ãæ¥ç¶æéããŒã¹ã§ã¯ãªãå®é¡å¶ãŸãã¯åž¯åå¹ ããŒã¹ã®æéã·ã¹ãã ã§ã ãããšãã確èªãã ããã DSL (PPPoE) ã€ã³ã¿ãã§ãŒã¹ãèšå®ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ãã€ã³ã¿ãã§ãŒã¹ ãã¿ãã§ããæ°èŠã€ã³ã¿ãã§ãŒã¹ ããã¯ãªãã¯ããŸãã ãæ°èŠã€ã³ã¿ãã§ãŒã¹ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ã€ã³ã¿ãã§ãŒã¹ã説æããååãå ¥åããŠãã ããã ã¿ã€ã:ããããããŠã³ãªã¹ããããDSL (PPPoE)ããéžæããŸãã ããŒããŠã§ã¢:ããããããŠã³ãªã¹ãããã€ã³ã¿ãã§ãŒã¹ãéžæããŸãã VDSL:ãã®ãã§ãã¯ããã¯ã¹ã¯ã䜿çšäžã®æ¥ç¶ã VDSL æ¥ç¶ã§ããå Žåã®ã¿éžæã㟠ããMTU 㯠1476 ã«å€æŽãããŸãã ã¹ã¿ãã£ã㯠PPPoE IP (ä»»æ):ISP ã«å²ãåœãŠãããã¹ã¿ãã£ã㯠IP ã¢ãã¬ã¹ãããå Žåã ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ãã衚瀺ãããããã¹ãããã¯ã¹ã« IP ã¢ãã¬ã¹ãšè©²åœãããã ããã¹ã¯ãå ¥åããŸãã l IPv4/IPv6 ã¢ãã¬ã¹:ã€ã³ã¿ãŒãã§ãŒã¹ã® IP ã¢ãã¬ã¹ãå ¥åããŸãã l ããããã¹ã¯:ããããããŠã³ãªã¹ãããããããã¹ã¯ãéžæãããããŸã㯠IPv6 ãããã ã¹ã¯ãå ¥åããŸãã 泚 â ã€ã³ã¿ãã§ãŒã¹ãèšå®ããŠãIPv4 ããã³ IPv6 ã¢ãã¬ã¹ãåæã«äœ¿çšããããšãã§ã㟠ãã IPv4/IPv6 ããã©ã«ãG/W (ä»»æ):ãããã€ãã®ããã©ã«ãã²ãŒããŠã§ã€ã䜿çšããå Žåããã® ãªãã·ã§ã³ãéžæããŸãã ãŠãŒã¶å:ISP ããå ¥æãããŠãŒã¶åãå ¥åããŸãã ãã¹ã¯ãŒã:ISP ããå ¥æãããã¹ã¯ãŒããå ¥åããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 144 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.1 ã€ã³ã¿ãã§ãŒã¹ 3. 次ã®è©³çŽ°èšå®ãä»»æã§è¡ããŸãã MTU:ã€ã³ã¿ãã§ãŒã¹ã®æ倧äŒéåäœããã€ãåäœã§å ¥åããŸãããã©ãã£ãã¯ç®¡çæ©èœã䜿 çšããã«ã¯ãã€ã³ã¿ãã§ãŒã¹ã¿ã€ãã«å¯Ÿå¿ããå€ãããã«å ¥åããå¿ èŠããããŸããã€ã³ã¿ ãã§ãŒã¹ã¿ã€ãã«å¯ŸããŠé©åãªå€ãããã©ã«ãã§å ¥åãããŠããŸãããã®èšå®ã®å€æŽã¯ãæ è¡çã«çç·ŽãããŠãŒã¶ã®ã¿ãè¡ã£ãŠãã ãããããã«äžæ£ãªå€ãå ¥åãããšãã€ã³ã¿ãã§ãŒã¹ ã䜿çšäžå¯èœã«ãªãå ŽåããããŸãã1500ãã€ããè¶ ãã MTU ãµã€ãºãæå®ããå Žåã¯ã éä¿¡äºæ¥è ããã³ãããã¯ãŒã¯ã«ãŒããããã«å¯Ÿå¿ããŠããå¿ èŠããããŸã (äŸ: ã®ã¬ããã ã€ã³ã¿ãã§ãŒã¹)ã ããã©ã«ãã§ããDSL (PPPoE)ãã€ã³ã¿ãã§ãŒã¹ã¿ã€ãã«ã¯ 1492 ãã€ãã® MTU ãèšå®ãããŠããŸãã VLAN ã¿ã° (VDSL ãæå¹ãªå Žåã®ã¿):PPPoE ãã±ããã«è¿œå ãã VLAN ã¿ã°ãå ¥åããŸãã 該åœããã¿ã°ã®è©³çŽ°ã¯ãVDSL ãããã€ãã«ãåãåãããã ãããããã©ã«ã㯠7 ã§ãçŸåš Deutsche Telekom ã® PPPoE æ¥ç¶ã«äœ¿çšãããŠããŸãã æ¥æ¬¡åæ¥ç¶:æ¥ç¶ãçµäºããã³åéããæéãå®çŸ©ããŸããããªãããéžæããããå ·äœç㪠æéãæå®ããããšãã§ããŸãã åæ¥ç¶ãã£ã¬ã€:ããã§ãåæ¥ç¶ãã£ã¬ã€ãå€æŽã§ããŸããããã©ã«ãã§ã¯ãã5ç§ ãã«èšå®ãã ãŠããŸãããå©çšã® ISP ãããããé·ãé 延ãèŠæ±ããŠããå Žåã¯ãã1å ããã15å ãã«èšå® ã§ããŸãã é察称 (ä»»æ):æ¥ç¶ã®ã¢ãããªã³ã¯ãšããŠã³ãªã³ã¯ã®åž¯åå¹ ãåäžã§ãªãå Žåã«ãããã·ã¥ ããŒãã«ãããåæ ãããå Žåã¯ããã®ãªãã·ã§ã³ãéžæããŸããéžæãããšã2ã€ã®ããã¹ã ããã¯ã¹ã衚瀺ãããŸããããã«æ倧ã¢ãããªã³ã¯åž¯åå¹ ã Mbps ãŸã㯠Kbps åäœã§å ¥åã ãŸããããããããŠã³ãªã¹ãããé©åãªåäœãéžæããŸãã 衚瀺ããæ倧é床 (ä»»æ):ããã·ã¥ããŒãã«è¡šç€ºãããæ¥ç¶ã®æ倧ããŠã³ãªã³ã¯åž¯åå¹ ãå ¥ åããŸãã垯åå¹ ã¯ Mbps ãŸã㯠Kbps åäœã§å ¥åã§ããŸããããããããŠã³ãªã¹ãããé©å ãªåäœãéžæããŸãã ãã«ããªã³ã¯:æå¹ã«ãããšãè€æ°ã® PPP æ¥ç¶ã 1ã€ã«ãŸãšããããšãã§ããŸãããã«ããªã³ã¯ ã® PPP æ¥ç¶ã¯ã䜿çšããŠãã ISP ããã«ããªã³ã¯ PPP ã«å¯Ÿå¿ããŠããå Žåã®ã¿åäœã㟠ãã ãã«ããªã³ã¯ã¹ã¬ãŒã:å ã»ã©éžæããããŒããŠã§ã¢ãš 1ã€ã®ãã«ããªã³ã¯ã«ãŸãšããã€ã³ã¿ãŒ ãã§ãŒã¹ãéžæããŸãã 4. ãä¿å ããã¯ãªãã¯ããŸãã ã·ã¹ãã ãèšå®ã®æå¹æ§ã確èªããŸãããã§ãã¯ã«æåãããšãæ°ããã€ã³ã¿ãã§ãŒã¹ãã€ã³ ã¿ãã§ãŒã¹ãªã¹ãã«è¡šç€ºãããŸããã€ã³ã¿ãã§ãŒã¹ã¯ãŸã æå¹ã§ã¯ãããŸãã (ãã°ã«ã¹ã€ãã ã¯ã°ã¬ãŒè¡šç€º)ã UTM 9 管çã¬ã€ã 145 6.1 ã€ã³ã¿ãã§ãŒã¹ 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 5. ã€ã³ã¿ãã§ãŒã¹ãæå¹ã«ããŸãã ã€ã³ã¿ãã§ãŒã¹ãæå¹ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ããã§ã€ã³ã¿ãã§ãŒã¹ãæå¹ã«ãªããŸã (ãã°ã«ã¹ã€ããã¯ç·è²)ãã€ã³ã¿ãã§ãŒã¹ããŸã ãç¡ å¹ ããšè¡šç€ºãããå ŽåããããŸããã·ã¹ãã ãæ§æãè¡ããèšå®ãããŒããããŸã§ããã°ãã æéãããããŸãããæå¹ ãã衚瀺ãããããã€ã³ã¿ãã§ãŒã¹ã¯å®å šã«åäœå¯èœã§ãã ç¹å®ã¿ã€ãã®ã€ã³ã¿ãã§ãŒã¹ã®ã¿è¡šç€ºããå Žåã¯ãããããããŠã³ãªã¹ããã衚瀺ããã€ã³ã¿ãã§ãŒã¹ ã®ã¿ã€ããéžæããŸããã€ã³ã¿ãã§ãŒã¹ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ã㟠ãã 6.1.1.9 DSL (PPPoA/PPTP) PPPoA (PPP over ATM Protocolãããã³ã« ) ããæ¥ç¶ãèšå®ããã«ã¯ãUTMäžã®æªäœ¿çšã®ã€ãŒãµ ãããã€ã³ã¿ãã§ãŒã¹ãšãã€ãŒãµãããããŒãä»ãã®å€éš ADSL ã¢ãã ãå¿ èŠã§ããã€ã³ã¿ãŒããããž ã®æ¥ç¶ã¯2ã€ã®åå¥ã®æ¥ç¶ã§è¡ãªããŸããUTMãšADSLã¢ãã éã§ã¯ãPPTP over Ethernet ããã ã³ã« ã䜿çšããŠæ¥ç¶ã確ç«ããŸããADSL ã¢ãã ã¯ãPPP over ATM Dialing ãããã³ã« ã䜿çšã㊠ISP ã«æ¥ç¶ããŸãã èšå®ã«ã¯ããå©çšã®ã€ã³ã¿ãŒããããµãŒãã¹ãããã€ã (ISP) ãæäŸãããŠãŒã¶åãšãã¹ã¯ãŒããå« ã DSL æ¥ç¶æ å ±ãå¿ èŠã«ãªããŸãã 泚 â DSL æ¥ç¶ãæå¹ã«ãããšãUTMã¯ãå©çšã® ISP ã« 1æ¥ 24æéæ¥ç¶ãããŸãããããã£ãŠãã å©çšã® ISP ã®è«æ±ãæ¥ç¶æéããŒã¹ã§ã¯ãªãå®é¡å¶ãŸãã¯åž¯åå¹ ããŒã¹ã®æéã·ã¹ãã ã§ã ãããšãã確èªãã ããã DSL (PPPoA/PPTP) ã€ã³ã¿ãã§ãŒã¹ãèšå®ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ãã€ã³ã¿ãã§ãŒã¹ ãã¿ãã§ããæ°èŠã€ã³ã¿ãã§ãŒã¹ ããã¯ãªãã¯ããŸãã ãæ°èŠã€ã³ã¿ãã§ãŒã¹ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ã€ã³ã¿ãã§ãŒã¹ã説æããååãå ¥åããŠãã ããã ã¿ã€ã:ããããããŠã³ãªã¹ããããDSL (PPPoA/PPTP)ããéžæããŸãã ããŒããŠã§ã¢:ããããããŠã³ãªã¹ãããã€ã³ã¿ãã§ãŒã¹ãéžæããŸãã IPv4 ããã©ã«ãG/W (ä»»æ):ãããã€ãã®ããã©ã«ãã²ãŒããŠã§ã€ã䜿çšããå Žåããã®ãªã ã·ã§ã³ãéžæããŸãã ãŠãŒã¶å:ISP ããå ¥æãããŠãŒã¶åãå ¥åããŸãã 146 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.1 ã€ã³ã¿ãã§ãŒã¹ ãã¹ã¯ãŒã:ISP ããå ¥æãããã¹ã¯ãŒããå ¥åããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. 次ã®è©³çŽ°èšå®ãä»»æã§è¡ããŸãã ã¢ãã IP:䜿çšããŠãã ADSL ã¢ãã ã® IP ã¢ãã¬ã¹ãããã«å ¥åããŸãããã®ã¢ãã¬ã¹ã¯é åžžãISP ããããããã¯ã¢ãã ããŒããŠã§ã¢ãšãšãã«æäŸãããã®ã§ãå€æŽã§ããŸããã äŸ:10.0.0.138 (AonSpeed)ã NIC ã¢ãã¬ã¹:ã¢ãã ã«æ¥ç¶ãããŠãã UTM äžã®ãããã¯ãŒã¯ã«ãŒãã® IP ã¢ãã¬ã¹ãããã«å ¥ åããŸãããã®ã¢ãã¬ã¹ã¯ã¢ãã ãšåããµããããå ã«ããå¿ èŠããããŸããäŸ:10.0.0.140 (AonSpeed)ã NIC ããããã¹ã¯:䜿çšãããããã¯ãŒã¯ãã¹ã¯ãããã«å ¥åããŸãã äŸ:255.255.255.0 (AonSpeed)ã Ping å ã¢ãã¬ã¹ (ä»»æ):ICMP ping èŠæ±ã«å¿çããã€ã³ã¿ãŒãããäžã®ãã¹ãã® IP ã¢ãã¬ã¹ã å ¥åããŸããUTM ãšå€éšãããã¯ãŒã¯éã®æ¥ç¶ããã¹ãããã«ã¯ãPPTP ãªã³ã¯ã®å察åŽã ã¹ãã® IP ã¢ãã¬ã¹ãå ¥åããå¿ èŠããããŸãã䜿çšããŠãã ISP ã® DNS ãµãŒããæå®ã§ã ãŸããUTMããã®ãã¹ãã« ping èŠæ±ãéä¿¡ããŸããå¿çããªãå Žåã¯ãæ¥ç¶äžè¯ã§ãã MTU:ã€ã³ã¿ãã§ãŒã¹ã®æ倧äŒéåäœããã€ãåäœã§å ¥åããŸãããã©ãã£ãã¯ç®¡çæ©èœã䜿 çšããã«ã¯ãã€ã³ã¿ãã§ãŒã¹ã¿ã€ãã«å¯Ÿå¿ããå€ãããã«å ¥åããå¿ èŠããããŸããã€ã³ã¿ ãã§ãŒã¹ã¿ã€ãã«å¯ŸããŠé©åãªå€ãããã©ã«ãã§å ¥åãããŠããŸãããã®èšå®ã®å€æŽã¯ãæ è¡çã«çç·ŽãããŠãŒã¶ã®ã¿ãè¡ã£ãŠãã ãããããã«äžæ£ãªå€ãå ¥åãããšãã€ã³ã¿ãã§ãŒã¹ ã䜿çšäžå¯èœã«ãªãå ŽåããããŸãã1500ãã€ããè¶ ãã MTU ãµã€ãºãæå®ããå Žåã¯ã éä¿¡äºæ¥è ããã³ãããã¯ãŒã¯ã«ãŒããããã«å¯Ÿå¿ããŠããå¿ èŠããããŸã (äŸ: ã®ã¬ããã ã€ã³ã¿ãã§ãŒã¹)ã ããã©ã«ãã§ããDSL (PPPoA)ãã€ã³ã¿ãã§ãŒã¹ã¿ã€ãã«ã¯ 1492 ãã€ãã® MTU ãèšå®ãããŠããŸãã æ¥æ¬¡åæ¥ç¶:æ¥ç¶ãçµäºããã³åéããæéãå®çŸ©ããŸããããªãããéžæããããå ·äœç㪠æéãæå®ããããšãã§ããŸãã åæ¥ç¶ãã£ã¬ã€:ããã§ãåæ¥ç¶ãã£ã¬ã€ãå€æŽã§ããŸããããã©ã«ãã§ã¯ãã5ç§ ãã«èšå®ãã ãŠããŸãããå©çšã® ISP ãããããé·ãé 延ãèŠæ±ããŠããå Žåã¯ãã1å ããã15å ãã«èšå® ã§ããŸãã é察称 (ä»»æ):æ¥ç¶ã®ã¢ãããªã³ã¯ãšããŠã³ãªã³ã¯ã®åž¯åå¹ ãåäžã§ãªãå Žåã«ãããã·ã¥ ããŒãã«ãããåæ ãããå Žåã¯ããã®ãªãã·ã§ã³ãéžæããŸããéžæãããšã2ã€ã®ããã¹ã ããã¯ã¹ã衚瀺ãããŸããããã«æ倧ã¢ãããªã³ã¯åž¯åå¹ ã Mbps ãŸã㯠Kbps åäœã§å ¥åã ãŸããããããããŠã³ãªã¹ãããé©åãªåäœãéžæããŸãã UTM 9 管çã¬ã€ã 147 6.1 ã€ã³ã¿ãã§ãŒã¹ 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 衚瀺ããæ倧é床 (ä»»æ):ããã·ã¥ããŒãã«è¡šç€ºãããæ¥ç¶ã®æ倧ããŠã³ãªã³ã¯åž¯åå¹ ãå ¥ åããŸãã垯åå¹ ã¯ Mbps ãŸã㯠Kbps åäœã§å ¥åã§ããŸããããããããŠã³ãªã¹ãããé©å ãªåäœãéžæããŸãã 4. ãä¿å ããã¯ãªãã¯ããŸãã ã·ã¹ãã ãèšå®ã®æå¹æ§ã確èªããŸãããã§ãã¯ã«æåãããšãæ°ããã€ã³ã¿ãã§ãŒã¹ãã€ã³ ã¿ãã§ãŒã¹ãªã¹ãã«è¡šç€ºãããŸããã€ã³ã¿ãã§ãŒã¹ã¯ãŸã æå¹ã§ã¯ãããŸãã (ãã°ã«ã¹ã€ãã ã¯ã°ã¬ãŒè¡šç€º)ã 5. ã€ã³ã¿ãã§ãŒã¹ãæå¹ã«ããŸãã ã€ã³ã¿ãã§ãŒã¹ãæå¹ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ããã§ã€ã³ã¿ãã§ãŒã¹ãæå¹ã«ãªããŸã (ãã°ã«ã¹ã€ããã¯ç·è²)ãã€ã³ã¿ãã§ãŒã¹ããŸã ãç¡ å¹ ããšè¡šç€ºãããå ŽåããããŸããã·ã¹ãã ãæ§æãè¡ããèšå®ãããŒããããŸã§ããã°ãã æéãããããŸãããæå¹ ãã衚瀺ãããããã€ã³ã¿ãã§ãŒã¹ã¯å®å šã«åäœå¯èœã§ãã ç¹å®ã¿ã€ãã®ã€ã³ã¿ãã§ãŒã¹ã®ã¿è¡šç€ºããå Žåã¯ãããããããŠã³ãªã¹ããã衚瀺ããã€ã³ã¿ãã§ãŒã¹ ã®ã¿ã€ããéžæããŸããã€ã³ã¿ãã§ãŒã¹ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ã㟠ãã 6.1.1.10 ã¢ãã (PPP) èšå®ã«ã¯ãUTMã«ã·ãªã¢ã«ã€ã³ã¿ãã§ãŒã¹ãšå€éš PPP ã¢ãã ãå¿ èŠã«ãªããŸãããŸãããŠãŒã¶åãš ãã¹ã¯ãŒããå«ã DSL ã¢ã¯ã»ã¹ããŒã¿ãå¿ èŠã§ãããããã®ããŒã¿ã¯ãã€ã³ã¿ãŒããããµãŒãã¹ãã ãã€ã (ISP) ããå ¥æã§ããŸãã ã¢ãã (PPP) ã€ã³ã¿ãã§ãŒã¹ãèšå®ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ãã€ã³ã¿ãã§ãŒã¹ ãã¿ãã§ããæ°èŠã€ã³ã¿ãã§ãŒã¹ ããã¯ãªãã¯ããŸãã ãæ°èŠã€ã³ã¿ãã§ãŒã¹ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ã€ã³ã¿ãã§ãŒã¹ã説æããååãå ¥åããŠãã ããã ã¿ã€ã:ããããããŠã³ãªã¹ããããã¢ãã (PPP)ããéžæããŸãã ããŒããŠã§ã¢:ããããããŠã³ãªã¹ãããã€ã³ã¿ãã§ãŒã¹ãéžæããŸãã IPv4 ããã©ã«ãã²ãŒããŠã§ã€ (ä»»æ):ãããã€ãã®ããã©ã«ãã²ãŒããŠã§ã€ã䜿çšããå Žåãã ã®ãªãã·ã§ã³ãéžæããŸãã ãŠãŒã¶å:ISP ããå ¥æãããŠãŒã¶åãå ¥åããŸãã ãã¹ã¯ãŒã:ISP ããå ¥æãããã¹ã¯ãŒããå ¥åããŸãã 148 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.1 ã€ã³ã¿ãã§ãŒã¹ ãã€ã€ã«æåå:é»è©±çªå·ãå ¥åããŸããäŸ:5551230 ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. 次ã®è©³çŽ°èšå®ãä»»æã§è¡ããŸãã åç·é床:UTM ãšã¢ãã ã®éã®æ¥ç¶ã«å¯ŸããŠãé床ã bps åäœã§èšå®ããŸããäžè¬çãªå€ 㯠57,600 bps ãš 115,200 bps ã§ãã ãããŒã³ã³ãããŒã«:ããŒã¿ãããŒãã³ã³ãããŒã«ããæ¹æ³ãéžæããŸãã ããŒã¿ãã·ãªã¢ã«æ¥ç¶çµç±ã§è»¢éãããå Žåãã·ã¹ãã ã§åä¿¡ããŒã¿ãååã«éãåŠç㧠ããªãå¯èœæ§ããããŸããããŒã¿ã®æ倱ãçºçããªãããã«ããããã«ã¯ãããŒã¿ãããŒã® ã³ã³ãããŒã«æ¹æ³ãå¿ èŠã«ãªããŸããã·ãªã¢ã«æ¥ç¶ã§ã¯ã次㮠2ã€ã®æ¹æ³ã䜿çšã§ããŸãã l ããŒããŠã§ã¢ ä¿¡å· l ãœãããŠã§ã¢ ä¿¡å· PPP æ¥ç¶ã§ã¯ããã¹ãŠã® 8ããããããŒã¿è»¢éåç·ã«äœ¿çšããã転éãããããŒã¿ã«ã¯ã³ã ã³ããµã€ã³ Control S ãš Control Q ã®ãã€ããå«ãŸãããããããã©ã«ãèšå®ã®ãããŒããŠã§ã¢ ã ãç¶æããã·ãªã¢ã«æ¥ç¶ã±ãŒãã«ã䜿çšããããšããå§ãããŸãã åæåæåå:ã¢ãã ãåæåããããã®æååãå ¥åããŸããã¢ãã ã«å¿ããŠåæåæ ååã®èª¿æŽãå¿ èŠã«ãªãå¯èœæ§ããããŸãããã®å Žåãåæåæååã¯è©²åœã¢ãã ã®ã ãã¥ã¢ã«ã§ç¢ºèªã§ããŸããå¿ èŠãªããã¥ã¢ã«ããªãå Žåãããã©ã«ãã® ATZ ãæå®ããŠãã ããã ãªã»ããæåå:ã¢ãã ã®ãªã»ããæååãå ¥åããŸããã¢ãã ã«å¿ããŠãªã»ããæååã®èª¿ æŽãå¿ èŠã«ãªãå¯èœæ§ããããŸãããã®å Žåããªã»ããæååã¯è©²åœã¢ãã ã®ããã¥ã¢ã« ã§ç¢ºèªã§ããŸããå¿ èŠãªããã¥ã¢ã«ããªãå Žåãããã©ã«ãã® ATZ ãæå®ããŠãã ããã MTU:ã€ã³ã¿ãã§ãŒã¹ã®æ倧äŒéåäœããã€ãåäœã§å ¥åããŸãããã©ãã£ãã¯ç®¡çæ©èœã䜿 çšããã«ã¯ãã€ã³ã¿ãã§ãŒã¹ã¿ã€ãã«å¯Ÿå¿ããå€ãããã«å ¥åããå¿ èŠããããŸããã€ã³ã¿ ãã§ãŒã¹ã¿ã€ãã«å¯ŸããŠé©åãªå€ãããã©ã«ãã§å ¥åãããŠããŸãããã®èšå®ã®å€æŽã¯ãæ è¡çã«çç·ŽãããŠãŒã¶ã®ã¿ãè¡ã£ãŠãã ãããããã«äžæ£ãªå€ãå ¥åãããšãã€ã³ã¿ãã§ãŒã¹ ã䜿çšäžå¯èœã«ãªãå ŽåããããŸãã1500ãã€ããè¶ ãã MTU ãµã€ãºãæå®ããå Žåã¯ã éä¿¡äºæ¥è ããã³ãããã¯ãŒã¯ã«ãŒããããã«å¯Ÿå¿ããŠããå¿ èŠããããŸã (äŸ: ã®ã¬ããã ã€ã³ã¿ãã§ãŒã¹)ãããã©ã«ãã§ãã¢ãã (PPP) ã€ã³ã¿ãã§ãŒã¹ã¿ã€ãã«ã¯ 1492ãã€ãã® MTU ã èšå®ãããŠããŸãã é察称 (ä»»æ):æ¥ç¶ã®ã¢ãããªã³ã¯ãšããŠã³ãªã³ã¯ã®åž¯åå¹ ãåäžã§ãªãå Žåã«ãããã·ã¥ ããŒãã«ãããåæ ãããå Žåã¯ããã®ãªãã·ã§ã³ãéžæããŸããéžæãããšã2ã€ã®ããã¹ã UTM 9 管çã¬ã€ã 149 6.1 ã€ã³ã¿ãã§ãŒã¹ 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° ããã¯ã¹ã衚瀺ãããŸããããã«æ倧ã¢ãããªã³ã¯åž¯åå¹ ã Mbps ãŸã㯠Kbps åäœã§å ¥åã ãŸããããããããŠã³ãªã¹ãããé©åãªåäœãéžæããŸãã 衚瀺ããæ倧é床 (ä»»æ):ããã·ã¥ããŒãã«è¡šç€ºãããæ¥ç¶ã®æ倧ããŠã³ãªã³ã¯åž¯åå¹ ãå ¥ åããŸãã垯åå¹ ã¯ Mbps ãŸã㯠Kbps åäœã§å ¥åã§ããŸããããããããŠã³ãªã¹ãããé©å ãªåäœãéžæããŸãã 4. ãä¿å ããã¯ãªãã¯ããŸãã ã·ã¹ãã ãèšå®ã®æå¹æ§ã確èªããŸãããã§ãã¯ã«æåãããšãæ°ããã€ã³ã¿ãã§ãŒã¹ãã€ã³ ã¿ãã§ãŒã¹ãªã¹ãã«è¡šç€ºãããŸããã€ã³ã¿ãã§ãŒã¹ã¯ãŸã æå¹ã§ã¯ãããŸãã (ãã°ã«ã¹ã€ãã ã¯ã°ã¬ãŒè¡šç€º)ã 5. ã€ã³ã¿ãã§ãŒã¹ãæå¹ã«ããŸãã ã€ã³ã¿ãã§ãŒã¹ãæå¹ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ããã§ã€ã³ã¿ãã§ãŒã¹ãæå¹ã«ãªããŸã (ãã°ã«ã¹ã€ããã¯ç·è²)ãã€ã³ã¿ãã§ãŒã¹ããŸã ãç¡ å¹ ããšè¡šç€ºãããå ŽåããããŸããã·ã¹ãã ãæ§æãè¡ããèšå®ãããŒããããŸã§ããã°ãã æéãããããŸãããæå¹ ãã衚瀺ãããããã€ã³ã¿ãã§ãŒã¹ã¯å®å šã«åäœå¯èœã§ãã ç¹å®ã¿ã€ãã®ã€ã³ã¿ãã§ãŒã¹ã®ã¿è¡šç€ºããå Žåã¯ãããããããŠã³ãªã¹ããã衚瀺ããã€ã³ã¿ãã§ãŒã¹ ã®ã¿ã€ããéžæããŸããã€ã³ã¿ãã§ãŒã¹ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ã㟠ãã 6.1.2 è¿œå ã¢ãã¬ã¹ 1ã€ã®ãããã¯ãŒã¯ã«ãŒãã§è¿œå IP ã¢ãã¬ã¹ (å¥åããšã€ãªã¢ã¹ ã) ãèšå®ã§ããŸãããã®æ©èœã䜿çšã ããšã1ã€ã®ç©çãããã¯ãŒã¯ã«ãŒãäžã§è€æ°ã®è«çãããã¯ãŒã¯ã管çããããšãã§ããŸãããŸãã ããã䜿çšããŠãUTMNAT (ãããã¯ãŒã¯ã¢ãã¬ã¹å€æ) ãå®è¡ããŠãã ã«ãããªãã¢ãã¬ã¹ãå²ãåœ ãŠãããšãã§ããŸãã æšæºã€ãŒãµãããã€ã³ã¿ãã§ãŒã¹ã§è¿œå ã¢ãã¬ã¹ãèšå®ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ãè¿œå ã¢ãã¬ã¹ ãã¿ãã§ããæ°èŠè¿œå ã¢ãã¬ã¹ ããã¯ãªãã¯ããŸãã ãæ°èŠè¿œå ã¢ãã¬ã¹ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:æ°ããè¿œå ã¢ãã¬ã¹ã説æããååãå ¥åããŠãã ããã ã€ã³ã¿ãã§ãŒã¹:ã¢ãã¬ã¹ãå²ãåœãŠãã€ã³ã¿ãã§ãŒã¹ãããããããŠã³ãªã¹ãããéžæããŸãã IPv4/IPv6 ã¢ãã¬ã¹:ã€ã³ã¿ãŒãã§ãŒã¹ã®è¿œå IP ã¢ãã¬ã¹ãå ¥åããŸãã 150 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.1 ã€ã³ã¿ãã§ãŒã¹ ããããã¹ã¯:ããããããŠã³ãªã¹ãããããããã¹ã¯ãéžæãããããŸã㯠IPv6 ããããã¹ã¯ã å ¥åããŸãã 泚 â IPv4 ããã³ IPv6 ã¢ãã¬ã¹ãåæã«äœ¿çšãããããã€ã³ã¿ãã§ãŒã¹ãèšå®ããããšãã§ã ãŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã ã·ã¹ãã ãèšå®ã®æå¹æ§ã確èªããŸãããã§ãã¯ã«æåãããšãæ°ããã€ã³ã¿ãã§ãŒã¹ãã€ã³ ã¿ãã§ãŒã¹ãªã¹ãã«è¡šç€ºãããŸããã€ã³ã¿ãã§ãŒã¹ã¯ãŸã æå¹ã§ã¯ãããŸãã (ãã°ã«ã¹ã€ãã ã¯ã°ã¬ãŒè¡šç€º)ã 4. è¿œå ã¢ãã¬ã¹ãæå¹ã«ããŸãã è¿œå ã¢ãã¬ã¹ãæå¹ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ããã§è¿œå ã¢ãã¬ã¹ãæå¹ã«ãªããŸã (ãã°ã«ã¹ã€ããã¯ç·) ãè¿œå ã¢ãã¬ã¹ã¯ãŸã ãããŠã³ (Down)ããšè¡šç€ºãããŠããå ŽåããããŸããã·ã¹ãã ãæ§æãè¡ããèšå®ãããŒããããŸã§ã ãã°ããæéãããããŸãããã¢ãã (Up)ããšããã¡ãã»ãŒãžã衚瀺ããããšãè¿œå ã¢ãã¬ã¹ã¯ å®å šã«æ©èœããããã«ãªã£ãŠããŸãã è¿œå ã¢ãã¬ã¹ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 6.1.3 ãªã³ã¯ã¢ã°ãªã²ãŒã·ã§ã³ ãªã³ã¯ã¢ã°ãªã²ãŒã·ã§ã³ã¯ããããŒããã©ã³ãã³ã°ããŸãã¯ãNIC ãã³ãã£ã³ã°ããšãåŒã°ããããã«ãã£ãŠ è€æ°ã®ã€ãŒãµããããããã¯ãŒã¯ããŒãã1ã€ã®ä»®æ³ã€ã³ã¿ãã§ãŒã¹ã«éçŽããããšãã§ããŸããéçŽ ãããããŒãã¯ã·ã¹ãã äžã§1ã€ã® IP ã¢ãã¬ã¹ãšããŠè¡šç€ºãããŸãããªã³ã¯ã¢ã°ãªã²ãŒã·ã§ã³ã¯ãã©ã® åäœ NIC ããã ãªã³ã¯é床ãåäžãããããããããã®ããŒããŸãã¯ã¹ã€ããã§é害ãçºçããå Ž åã«åé·æ§ãç¶æããŠåºæ¬ãã§ã€ã«ãªãŒããŒããã³ãã©ãŒã«ããã¬ã©ã³ã¹æ©èœãæäŸãããããã ãã«åœ¹ã«ç«ã¡ãŸããé害ãçºçããããŒããã¹ã€ããã«ã«ãŒãã£ã³ã°ãããŠãããã¹ãŠã®ãã© ãã£ãã¯ã¯èªåçã«ãªã«ãŒããããæ®ãã®ããŒããŸãã¯ã¹ã€ããã®ããããã䜿çšããããã«ãªã㟠ãããã®ãã§ã€ã«ãªãŒããŒã¯ãæ¥ç¶ã䜿çšããŠããã·ã¹ãã ã«å¯ŸããŠå®å šã«ééçã§ãã 泚 â HA ç°å¢ã§ã¯ãã€ãŒãµãããæ¥ç¶ãå¥ã® HA ãŠãããäžã«ããããšãã§ããŸãã ãªã³ã¯ã¢ã°ãªã²ãŒã·ã§ã³ã°ã«ãŒãã¯æ倧 4ã€ãŸã§å®çŸ©ããããšãã§ããŸããã°ã«ãŒã㯠1ã€ã®ã€ã³ã¿ ãã§ãŒã¹ãŸãã¯è€æ°ã®ã€ã³ã¿ãŒãã§ãŒã¹ã§æ§æã§ããŸãã ãªã³ã¯ã¢ã°ãªã²ãŒã·ã§ã³ã°ã«ãŒã (LAG) ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã UTM 9 管çã¬ã€ã 151 6.1 ã€ã³ã¿ãã§ãŒã¹ 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 1. å LAG ã«å¯ŸããŠãè¿œå ããã€ã³ã¿ãã§ãŒã¹ãéžæããŸãã ã°ã«ãŒãã¯ãèšå®ãããŠããã€ã³ã¿ãã§ãŒã¹ãŸã㯠1ã€ä»¥äžã®èšå®ãããŠããªãã€ã³ã¿ãã§ãŒ ã¹ (ãããã¯ãã®äž¡æ¹) ã§æ§æããããšãã§ããŸãã èšå®ãããŠããã€ã³ã¿ãã§ãŒã¹ã䜿çšããã«ã¯ããå€æã€ã³ã¿ãã§ãŒã¹ ãããããããŠã³ãªã¹ãã ãã€ã³ã¿ãã§ãŒã¹ãéžæããŸããèšå®ãããŠããªãã€ã³ã¿ãã§ãŒã¹ã䜿çšããã«ã¯ããããã ã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŸãã 2. LAGãæå¹ã«ããŸãã ããã®ã°ã«ãŒããæå¹å ããã¿ã³ãã¯ãªãã¯ããŠãã°ã«ãŒããæå¹ã«ããŸãã ãªã³ã¯ã¢ã°ãªã²ãŒã·ã§ã³ã°ã«ãŒããèšå®ãããšããã€ã³ã¿ãã§ãŒã¹ ãã¿ãã§ã€ã³ã¿ãã§ãŒã¹å®çŸ©ã äœæãããšãã«ãæ°ãã LAG ã€ã³ã¿ãã§ãŒã¹ (lag0 ãªã©) ãéžæã§ããããã«ãªããŸãããã³ ãã£ã³ã°ã€ã³ã¿ãã§ãŒã¹ã®äžéšã§ã次ã®ãããããäœæã§ããŸãã l ã€ãŒãµãããã¹ã¿ãã£ã㯠l ã€ãŒãµããã VLAN l ã€ãŒãµããã DHCP l ãšã€ãªã¢ã¹ã€ã³ã¿ãã§ãŒã¹ LAG ãç¡å¹ã«ããã«ã¯ãLAG ãæ§æããã€ã³ã¿ãã§ãŒã¹ã®ãã§ãã¯ããã¯ã¹ã®ãã§ãã¯ãå€ããŠããã ã®ã°ã«ãŒããæŽæ° ããã¯ãªãã¯ããèŠåã¡ãã»ãŒãžã確èªããŸããLAG ã€ã³ã¿ãã§ãŒã¹ã®ã¹ããŒã¿ã¹ ããããµããŒã > 詳现 > ã€ã³ã¿ãã§ãŒã¹ããŒãã« ãã¿ãã«è¡šç€ºãããŸãã 6.1.4 ã¢ãããªã³ã¯ãã©ã³ã·ã³ã° ã¢ãããªã³ã¯ãã©ã³ã·ã³ã°æ©èœã䜿çšãããšãè€æ°ã®ã€ã³ã¿ãŒãããã¢ãããªã³ã¯ãçµã¿åãããŠã ããã¯ã¢ããçšã¢ãããªã³ã¯ã䜿çšå¯èœã«ããããè€æ°ã®ã¢ãããªã³ã¯ã«è² è·ãåæ£ããããšãã§ã ãŸããçµã¿åãããããšãã§ããã¢ãããªã³ã¯ã¯æ倧32ã§ããããŒã·ãã¯ã¬ãŒã ãµãã¹ã¯ãªãã·ã§ã³ã§ ã¯ãçµã¿åãããããšã®ã§ããã¢ãããªã³ã¯ã¯ 2ã€ã®ã¿ã§ããããšã«æ³šæããŠãã ããã ããã©ã«ãã²ãŒããŠã§ã€ãåããæ¢åã€ã³ã¿ãã§ãŒã¹ã«å ããŠãããã©ã«ãã²ãŒããŠã§ã€ãã€ã³ã¿ãã§ãŒ ã¹ã«å²ãåœãŠããšãã¢ãããªã³ã¯ãã©ã³ã·ã³ã°ãèªåçã«æå¹ã«ãªããŸããããã©ã«ãã²ãŒããŠã§ã€ã è£ åãããã¹ãŠã®ã€ã³ã¿ãã§ãŒã¹ã¯ããã¢ã¯ãã£ãã€ã³ã¿ãã§ãŒã¹ ãããã¯ã¹ã«è¿œå ããã以éã¯ã¢ãã ãªã³ã¯ãã©ã³ã·ã³ã°ã«ããããããã®ã€ã³ã¿ãã§ãŒã¹ã®éã§èªåçã«ãã©ã³ã·ã³ã°ãè¡ãããŸããã ãã©ã«ãã²ãŒããŠã§ã€ãè£ åããä»ã®ã€ã³ã¿ãã§ãŒã¹ããã¹ãŠèªåçã«è¿œå ãããŸãã ããã«ããã¹ã«ãŒã« ãã¿ãã§ã¯ããã©ãã£ãã¯ã®ãã©ã³ã·ã³ã°ãè¡ãããã®ç¹å®ã«ãŒã«ãå®çŸ©ã§ã㟠ãã ã¢ãããªã³ã¯ãã©ã³ã·ã³ã°ãæåã§ã»ããã¢ããããã«ã¯ã次ã®æé ã«åŸããŸãã 152 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.1 ã€ã³ã¿ãã§ãŒã¹ 1. ã¢ãããªã³ã¯ãã©ã³ã·ã³ã°ãæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«ãªãããã¢ãããªã³ã¯ãã©ã³ã¹ ããšãªã¢ãç·šéå¯èœã«ãªããŸãã 2. ã¢ã¯ãã£ãã€ã³ã¿ãã§ãŒã¹ãéžæããŸãã ãã©ã«ãã¢ã€ã³ã³ãã¯ãªãã¯ããŠã€ã³ã¿ãã§ãŒã¹ã1ã€ä»¥äžè¿œå ãããªããžã§ã¯ããªã¹ãããã€ã³ã¿ ãã§ãŒã¹ããã©ãã°ããŸããã€ã³ã¿ãŒãã§ãŒã¹ãè€æ°ããå Žåãã¯ã©ã€ã¢ã³ãããéä¿¡ãããã ã©ãã£ãã¯ã®ãã©ã³ã·ã³ã°ã¯ãéä¿¡å ã«åºã¥ããŠè¡ãããŸããã€ãŸãã1ã€ã®éä¿¡å ããéã ãããã©ãã£ãã¯ã¯ãã¹ãŠåãã€ã³ã¿ãã§ãŒã¹ã䜿çšããäžæ¹ã§ãå¥ã®éä¿¡å ããã®ãã© ãã£ãã¯ã¯å¥ã®ã€ã³ã¿ãã§ãŒã¹ã«éä¿¡ã§ããŸããããããã®ã€ã³ã¿ãã§ãŒã¹ã䜿çšã§ããªãå Ž åããã©ãã£ãã¯ã¯æ®ãã®ã€ã³ã¿ãã§ãŒã¹ã«ãã£ãŠãã€ã¯ãªãŒããŒãããŸãã 泚 â æåã«ã¢ãããªã³ã¯ãã©ã³ã·ã³ã°ãèªåçã«æå¹åããã段éã§ããã¢ã¯ãã£ãã€ã³ã¿ ãã§ãŒã¹ ããªã¹ãã«ã¯æ¢ã«ããã©ã«ãã²ãŒããŠã§ã€ãè£ åãããã¹ãŠã®ã€ã³ã¿ãã§ãŒã¹ã衚瀺 ãããŸãããªã¹ãããã€ã³ã¿ãã§ãŒã¹ãåé€ãããšãã€ã³ã¿ãã§ãŒã¹ã®ãããã©ã«ãã²ãŒããŠã§ ã€ããã§ãã¯ããã¯ã¹ããèªåçã«ãã§ãã¯ãå€ããŸãããããã£ãŠãããã©ã«ãã²ãŒããŠã§ã€ ãè£ åãããã¹ãŠã®ã€ã³ã¿ãã§ãŒã¹ã¯ããã®ãªã¹ãã«ç€ºããããããã®äžã®ãã¹ã¿ã³ãã€ã€ã³ ã¿ãã§ãŒã¹ ãããã¯ã¹ã«ç€ºããããã®ããããã«ãªããŸããããããããã©ã«ãã²ãŒããŠã§ã€ã è£ åããªãã€ã³ã¿ãã§ãŒã¹ãè¿œå ããŠãåŸã«ããã©ã«ãã²ãŒããŠã§ã€ã®ã¢ãã¬ã¹ãå ¥åããã ãšãã§ããŸãã 泚 â ã€ã³ã¿ãã§ãŒã¹ã®é åºã¯éèŠãªæå³ãæã¡ãŸãã1ã€ã®ã€ã³ã¿ãŒãã§ãŒã¹ã®ã¿äœ¿çšã§ã ãèšå®ã§ãUTM èªèº«ããéä¿¡ããããã±ããã®å Žåã1ã€ç®ã®ã¢ã¯ãã£ããªã€ã³ã¿ãŒãã§ãŒ ã¹ãããã©ã«ãã§äœ¿çšãããŸããã€ã³ã¿ãã§ãŒã¹ã®é åºã¯ãããã¯ã¹å ã®äžŠã³æ¿ãã¢ã€ã³ã³ ãã¯ãªãã¯ããŠå€æŽããŸãã ããã¯ã¹ã®ãããã®ãã¹ã±ãžã¥ãŒã©ã®ç·šéããã¿ã³ã䜿çšãããšãåã ã®ãã©ã³ã·ã³ã°åäœã ãã³ã¢ã¯ãã£ãã€ã³ã¿ãã§ãŒã¹ã®ã€ã³ã¿ãã§ãŒã¹ããŒã·ã¹ã¿ã³ã¹ãèšå®ããããšãã§ããŸãã å é:å éãšã¯ãããã€ã³ã¿ãã§ãŒã¹ãåŠçãããã©ãã£ãã¯éãä»ã®ã€ã³ã¿ãã§ãŒã¹ã«å¯Ÿã㊠çžå¯Ÿçã«ç€ºããã®ã§ã0ïœ100 ã®éã§èšå®ã§ããŸããå éã©ãŠã³ãããã³ã¢ã«ãŽãªãºã ã䜿 çšãããå€ã倧ããã»ã©ã該åœã€ã³ã¿ãã§ãŒã¹ã«ã«ãŒãã£ã³ã°ããããã©ãã£ãã¯ãå€ããªã㟠ããçžå¯Ÿçãªå€ã§ãããããåèšã㊠100 ã«ããå¿ èŠã¯ãããŸãããããšãã°ãã€ã³ã¿ãã§ãŒ ã¹ 1 ã®å€ã 100 ã«ãã€ã³ã¿ãã§ãŒã¹ 2 ã®å€ã 50 ã«ãã€ã³ã¿ãã§ãŒã¹ 3 ã®å€ã 0 ã«èšå®ããããš ãªã©ãã§ããŸãããã®å Žåãã€ã³ã¿ãã§ãŒã¹ 2 ã®ãã©ãã£ãã¯éã¯ã€ã³ã¿ãã§ãŒã¹ 1 ã®ååãšãª ããã€ã³ã¿ãã§ãŒã¹ 3 ã¯ä»ã®ã€ã³ã¿ãã§ãŒã¹ã䜿çšå¯èœã§ãªãå Žåã«ã®ã¿äœ¿çšãããŸãã0 ã® UTM 9 管çã¬ã€ã 153 6.1 ã€ã³ã¿ãã§ãŒã¹ 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° å€ã¯ãããå€ã倧ããä»ã®ã€ã³ã¿ãã§ãŒã¹ãåžžã«äœ¿çšãããããšã瀺ããŸã (ä»ã®ã€ã³ã¿ ãã§ãŒã¹ã䜿çšå¯èœã§ããã°)ã ããŒã·ã¹ã¿ã³ã¹:ã€ã³ã¿ãã§ãŒã¹ããŒã·ã¹ã¿ã³ã¹ãšã¯ãç¹å®ã®å±æ§ãæã€ãã©ãã£ãã¯ãåžžã«å ãã¢ãããªã³ã¯ã€ã³ã¿ãã§ãŒã¹çµç±ã§ã«ãŒãã£ã³ã°ãããããã«ããæè¡ã§ããããŒã·ã¹ã¿ã³ã¹ ã®ããã©ã«ãã®ã¿ã€ã ã¢ãŠãæéã¯1æéã§ãã 3. ã¹ã¿ã³ãã€ã€ã³ã¿ãã§ãŒã¹ã®éžæ (Select standby interfaces) (ãªãã·ã§ã³) ããã§ã¯ããã¹ãŠã®ã¢ã¯ãã£ãã€ã³ã¿ãã§ãŒã¹ã䜿çšäžèœã«ãªã£ãå Žåã«ã®ã¿äœ¿çšãããã㧠ã€ã«ãªãŒããŒã€ã³ã¿ãã§ãŒã¹ããªãã·ã§ã³ã§è¿œå ããããšãã§ããŸãããã®å Žåã衚瀺ãã㊠ããé çªã®æåã®ã¹ã¿ã³ãã€ã³ã¿ãŒãã§ãŒã¹ã䜿çšãããŸããã€ã³ã¿ãã§ãŒã¹ã®é åºã¯ã ããã¯ã¹å ã®äžŠã³æ¿ãã¢ã€ã³ã³ãã¯ãªãã¯ããŠå€æŽããŸãã 4. ã¢ãã¿ãªã³ã°èšå®ã®å€æŽ (ä»»æ)ã ããã©ã«ãã§ã¯ãã€ã³ã¿ãã§ãŒã¹é害ã®å¯èœæ§ãæ€åºããããã«ãèªåã¢ãã¿ãªã³ã°ããæå¹ ã«ãªã£ãŠããŸããã€ãŸãããã¹ãŠã®ã¢ãããªã³ã¯ ãã©ã³ã·ã³ã° ã€ã³ã¿ãã§ãŒã¹ããã€ã³ã¿ãŒãã ãäžã®ç¹å®ã®ãã¹ãã« 15ç§ééã§æ¥ç¶ããããšã«ããããããã®ã€ã³ã¿ãã§ãŒã¹ã®ç¶æ (å¥ å šæ§) ãã¢ãã¿ãªã³ã°ãããŸããããã©ã«ãã§ã¯ããã¹ãã®ã¢ãã¿ãªã³ã°ã¯ã1ã€ã®ã«ãŒã DNS ãµãŒããŸã§ã®ã«ãŒãäžã«ãããping ãèš±å¯ãã 3çªç®ã®ãããã§ãããªãããŠãŒã¶ã¯ãµãŒã ããŒã«ãã¢ãã¿ãªã³ã°ããããã®ãã¹ããèªåã§å®çŸ©ããããšãã§ããŸãããããã®ãã¹ãã« ã¯ãping 以å€ã®å¥ã®ãµãŒãã¹ãéžæããã¢ãã¿ãªã³ã°ééãšã¿ã€ã ã¢ãŠããå€æŽã§ããŸãã ã¢ãã¿ãªã³ã°ãã¹ããå¿çãéä¿¡ããªããªã£ãå Žåããã®ã€ã³ã¿ãã§ãŒã¹ã¯æ©èœããŠããªããš èŠãªãããããããã以éé ä¿¡ã«äœ¿çšãããŸãããããã·ã¥ããŒãã§ã¯ãã€ã³ã¿ãã§ãŒã¹ã® ããªã³ã¯ ãåã«ããšã©ãŒããšè¡šç€ºãããŸãã 泚 â åãã¢ãã¿ãªã³ã°èšå®ããã¢ãããªã³ã¯ã¢ãã¿ãªã³ã° (ã¢ãããªã³ã¯ã¢ãã¿ãªã³ã° > 詳现 ) ãš ã¢ãããªã³ã¯ãã©ã³ã·ã³ã° (ã€ã³ã¿ãŒãã§ãŒã¹ > ã¢ãããªã³ã¯ãã©ã³ã·ã³ã°) ã«å¯ŸããŠäœ¿çšãã ãŸãã ãµãŒãããŒã«ãã¢ãã¿ãªã³ã°ãããã¹ããæåã§å®çŸ©ããã«ã¯ã次ã®æäœãè¡ã£ãŠãã ããã 1. ãèªåã¢ãã¿ãªã³ã°ããã§ãã¯ããã¯ã¹ã®ãã§ãã¯ãå€ããŸãã ãã¢ãã¿ãªã³ã°ãã¹ããããã¯ã¹ãç·šéå¯èœã«ãªããŸãã 2. ã¢ãã¿ãªã³ã°ãã¹ããè¿œå ããŸãã ä»»æã®ãã¹ãã䜿çšãã代ããã«ãã¢ãã¿ãªã³ã°ã«äœ¿çšãããã¹ãã 1ã€ä»¥äžè¿œå ã㟠ããè€æ°ã®ãã¹ãã§ã€ã³ã¿ãã§ãŒã¹ãã¢ãã¿ãªã³ã°ããå Žåãå®çŸ©ãããæéå ã«ãã¹ ãŠã®ã¢ãã¿ãªã³ã°ãã¹ããå¿çããªãå Žåã«ã®ã¿ãã€ã³ã¿ãã§ãŒã¹ãããã (dead) ãšã¿ ãªãããŸãã 154 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.1 ã€ã³ã¿ãã§ãŒã¹ 泚 â éžæãããã¹ããã€ã³ã¿ãã§ãŒã¹ã«é¢é£ä»ããããŠããå Žåã¯ããã®ã€ã³ã¿ ãã§ãŒã¹ã®ã¢ãã¿ãªã³ã°ã®ã¿ã«äœ¿çšãããŸãããã¹ããã€ã³ã¿ãã§ãŒã¹ã«é¢é£ä»ãã ããŠããªãå Žåã¯ããã¹ãŠã®ã€ã³ã¿ãã§ãŒã¹ã®ã¢ãã¿ãªã³ã°ã«äœ¿çšãããŸããéžæã ããã¹ãã«ããã«ããŒãããŠããªãã€ã³ã¿ãã§ãŒã¹ã¯ãèªåã¢ãã¿ãªã³ã°ã«ããã¢ãã¿ ãªã³ã°ãããŸãã ããã¯ã¹ã®ãããã«ãããã¢ãã¿ãªã³ã°èšå®ãã¢ã€ã³ã³ãã¯ãªãã¯ãããšãã¢ãã¿ãªã³ã°ã® 詳现ãèšå®ã§ããŸãã ã¢ãã¿ãªã³ã°ã¿ã€ã:ã¢ãã¿ãªã³ã°çšã®ãµãŒãã¹ãããã³ã«ãéžæããŸããã¢ãã¿ãªã³ã°çš ã«ãTCP ã(TCP æ¥ç¶ã®ç¢ºç«)ããUDP ã(UDP æ¥ç¶ã®ç¢ºç«)ããPingã(ICMP Ping)ããHTTP ãã¹ãã(HTTP èŠæ±)ããŸãã¯ãHTTPS ãã¹ãã(HTTPS èŠæ±) ã®ãããããéžæã㟠ãããUDP ãã䜿çšããå Žåãping èŠæ±ãæåã«éä¿¡ãããæåããå Žåã¯ãç¶ã㊠ãã€ããŒã 0 ã® UDP ãã±ãããéä¿¡ãããŸããping ãæåããªãã£ãå ŽåããICMP ããŒãã«å°éã§ããªãå Žåããã®æ¥ç¶ã¯ããŠã³ããŠãããšã¿ãªãããŸãã ããŒã (ãTCP ãããã³ã¯ãUDP ãã®ã¢ãã¿ãªã³ã°ã¿ã€ãéžææã®ã¿):èŠæ±ã®éä¿¡å ã® ããŒãçªå·ã URL (ä»»æããHTTP/S ãã¹ããã®ã¢ãã¿ãªã³ã°ã¿ã€ãéžææã®ã¿):èŠæ±ãã URLãURL ã«ããŒãæ å ±ãè¿œå ããããšã§ãããã©ã«ãã®ããŒã 80 ãŸã㯠443 以å€ã®ããŒãã䜿 çšã§ããŸã (äŸ: http://example.domain:8080/index.html)ãURL ãæå®ã㪠ãå Žåã¯ãã«ãŒããã£ã¬ã¯ããªãèŠæ±ãããŸãã éé:ãã¹ãããã§ãã¯ããééãç§åäœã§å ¥åããŸãã ã¿ã€ã ã¢ãŠã:ã¢ãã¿ãªã³ã°ãã¹ããå¿çãéä¿¡ããæ倧æéãç§åäœã§å ¥åããŸãã ã€ã³ã¿ãã§ãŒã¹ã®ãã¹ãŠã®ã¢ãã¿ãªã³ã°ãã¹ãããã®æéå ã«å¿çããªãå Žåãã€ã³ã¿ ãã§ãŒã¹ãããã (dead) ãšã¿ãªãããŸãã 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã ãã¢ãããªã³ã¯ã€ã³ã¿ãã§ãŒã¹ (Uplink Interfaces)ããšããååã®æ°ããä»®æ³ãããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ ãèªåçã«äœæãããSophos UTMã®ä»ã®æ©èœ (IPsec ã«ãŒã«ãªã©) ã§äœ¿çšã§ããããã«ãªã£ãŠã㟠ããä»®æ³ãããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ãã¢ãããªã³ã¯ã€ã³ã¿ãã§ãŒã¹ (Uplink Interfaces)ãã¯ãã€ã³ã¿ãã§ãŒ ã¹ãªã¹ãã«è¿œå ããããã¹ãŠã®ã¢ãããªã³ã¯ã€ã³ã¿ãã§ãŒã¹ããæ§æãããŠããŸãã ããã«ããã¢ãããªã³ã¯ãã©ã€ããªã¢ãã¬ã¹ (Uplink Primary Addresses)ããšããååã®æ°ããããã ã¯ãŒã¯ã°ã«ãŒããèªåçã«äœæãããSophos UTMã®ä»ã®æ©èœ (ãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ãªã©) ã§äœ¿ UTM 9 管çã¬ã€ã 155 6.1 ã€ã³ã¿ãã§ãŒã¹ 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° çšã§ããããã«ãªã£ãŠããŸããããã¯ããã¹ãŠã® ã¢ãããªã³ã¯ã€ã³ã¿ãã§ãŒã¹ ã®ãã©ã€ããªã¢ãã¬ã¹ã åç §ããŸãã DynDNS ã䜿çšãããŠããå Žåãããªã¢ãŒããµãŒãããã¹ãŠã®ã¢ãããªã³ã¯ã€ã³ã¿ãã§ãŒã¹ã® IP 㢠ãã¬ã¹ãåãä»ããããšãã§ããå Žåã¯ãã€ã³ã¿ãã§ãŒã¹ã§é害ãçºçãããšãã«ã次ã«äœ¿çšå¯èœãª ã€ã³ã¿ãã§ãŒã¹ãä»ããŠãªãŒãã³ãª VPN ãã³ãã«ãèªåçã«å確ç«ããããšãã§ããŸããåææ¡ä»¶ ãšããŠã¯ãIPsec ã«ãŒã«ããããŒã«ã«ã€ã³ã¿ãã§ãŒã¹ ããšããŠãã¢ãããªã³ã¯ã€ã³ã¿ãã§ãŒã¹ ãã䜿çšãã å¿ èŠããããŸãã 6.1.5 ãã«ããã¹ã«ãŒã« ãã€ã³ã¿ãã§ãŒã¹ïŒã«ãŒãã£ã³ã° > ã€ã³ã¿ãã§ãŒã¹ > ãã«ããã¹ã«ãŒã« ãã¿ãã§ã¯ãã¢ãããªã³ã¯ãã©ã³ ã·ã³ã°çšã®ã«ãŒã«ãèšå®ã§ããŸããã«ãŒã«ã¯ããã©ãã£ãã¯ã®ãã©ã³ã·ã³ã° (åæ£) ãè¡ãã¹ãè€æ° ã®ã€ã³ã¿ãã§ãŒã¹ãããå Žåããã¢ãããªã³ã¯ãã©ã³ã·ã³ã°ãã¿ãã®ã¢ã¯ãã£ãã€ã³ã¿ãã§ãŒã¹ã«é©çšã ããŸãããã«ããã¹ã«ãŒã«ããªãå ŽåããµãŒãã¹ã¯ãã¹ãŠéä¿¡å ã«åºã¥ããŠåæ£ãããŸããã€ãŸ ãã1ã€ã®éä¿¡å ããéããããã©ãã£ãã¯ã¯ãã¹ãŠåãã€ã³ã¿ãã§ãŒã¹ã䜿çšããäžæ¹ã§ãå¥ã®é ä¿¡å ããã®ãã©ãã£ãã¯ã¯å¥ã®ã€ã³ã¿ãã§ãŒã¹ã«éä¿¡ã§ããŸãããã«ããã¹ã«ãŒã«ã䜿çšãããšãã ã®ããã©ã«ãèšå®ã®ã€ã³ã¿ãã§ãŒã¹ããŒã·ã¹ã¿ã³ã¹ãå€æŽããããšãã§ããŸãã 泚 â ãã«ããã¹ã«ãŒã«ã¯ãTCPãUDPããŸã㯠IP ã¿ã€ãã®ãµãŒãã¹ã«å¯ŸããŠèšå®ã§ããŸãã ãã«ããã¹ã«ãŒã«ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ããã«ããã¹ã«ãŒã« ãã¿ãã§ããæ°èŠãã«ããã¹ã«ãŒã« ããã¯ãªãã¯ããŸãã ãæ°èŠãã«ããã¹ã«ãŒã«ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã«ããã¹ã«ãŒã«ã説æããååãå ¥åããŠãã ããã äœçœ®:äœçœ®çªå·ãããã«ãã£ãŠã«ãŒã«ã®åªå é äœãå®çŸ©ãããŸããçªå·ãå°ããã»ã©åªå é äœãé«ããªããŸããã«ãŒã«ã¯æé ã«ç §åãããŸããããã«ãŒã«ãäžèŽãããšããã以éã ãããã倧ããçªå·ã®ã«ãŒã«ã¯è©äŸ¡ãããŸãããããå ·äœçãªåž¯åå¹ ã«ãŒã«ããªã¹ãã®äž éšã«é 眮ããŠãææ§ãªåž¯åå¹ ã«ãŒã«ãæåŸã«ç §åãããããã«ããŸãã éä¿¡å :ç §åããéä¿¡å IP ã¢ãã¬ã¹ãŸãã¯ãããã¯ãŒã¯ãéžæãŸãã¯è¿œå ããŸãã ãµãŒãã¹:ç §åãããããã¯ãŒã¯ãµãŒãã¹ãéžæãŸãã¯è¿œå ããŸãã å®å :ç §åããå®å IP ã¢ãã¬ã¹ãŸãã¯ãããã¯ãŒã¯ãéžæãŸãã¯è¿œå ããŸãã 156 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.1 ã€ã³ã¿ãã§ãŒã¹ I/F ããŒã·ã¹ã¿ã³ã¹:ã€ã³ã¿ãã§ãŒã¹ããŒã·ã¹ã¿ã³ã¹ ãšã¯ãç¹å®ã®å±æ§ãæã€ãã©ãã£ãã¯ãåžž ã«åãã¢ãããªã³ã¯ã€ã³ã¿ãã§ãŒã¹çµç±ã§ã«ãŒãã£ã³ã°ãããããã«ããæè¡ã§ããããŒã·ã¹ã¿ ã³ã¹ã®ããã©ã«ãã®ã¿ã€ã ã¢ãŠãæéã¯1æéã§ããããã®ã¿ã€ã ã¢ãŠãã¯ãã¢ãããªã³ã¯ãã© ã³ã·ã³ã°ãã¿ãã§å€æŽã§ããŸããäœãåºæºã«ããŒã·ã¹ã¿ã³ã¹ãå®ããããå®çŸ©ããããšãã§ã ãŸãã l ã³ãã¯ã·ã§ã³å¥:(ããã©ã«ã) ãã©ã³ã·ã³ã°ã¯ã³ãã¯ã·ã§ã³ã«åºã¥ããŠè¡ãããŸããã€ãŸ ããç¹å®ã®ã³ãã¯ã·ã§ã³ã«å±ãããã¹ãŠã®ãã©ãã£ãã¯ãåãã€ã³ã¿ãã§ãŒã¹ã䜿çšãã äžæ¹ã§ãå¥ã®ã³ãã¯ã·ã§ã³ã®ãã©ãã£ãã¯ã¯å¥ã®ã€ã³ã¿ãã§ãŒã¹ã«éä¿¡ã§ããŸãã l éä¿¡å å¥:ãã©ã³ã·ã³ã°ã¯éä¿¡å IPã¢ãã¬ã¹ã«åºã¥ããŠè¡ãããŸããã€ãŸãã1ã€ã®é ä¿¡å ããéããããã¹ãŠã®ãã©ãã£ãã¯ãåãã€ã³ã¿ãã§ãŒã¹ã䜿çšããäžæ¹ã§ãå¥ã® éä¿¡å ããã®ãã©ãã£ãã¯ã¯å¥ã®ã€ã³ã¿ãã§ãŒã¹ã«éä¿¡ã§ããŸãã 泚 â ãããã·ã䜿çšããŠããå Žåãéä¿¡å ã«åºã¥ãããŒã·ã¹ã¿ã³ã¹ã¯å®è¡ã§ããŸã ããããã¯ããªãªãžãã«ã®éä¿¡å æ å ±ãç¶æãããªãããšã«ãããŸãããªããHTTP ãããã·ã¯äŸå€ã§ããHTTP ãããã·ã«ãããã©ãã£ãã¯ã¯ããªãªãžãã«ã®ã¯ã©ã€ã¢ã³ ãéä¿¡å IP ã¢ãã¬ã¹ã«äžèŽãããããã€ã³ã¿ãŒãã§ãŒã¹ ããŒã·ã¹ã¿ã³ã¹ ã«ãŒã«ãé ä¿¡å å¥ ãã«æºæ ããŸãã l å®å å¥:ãã©ã³ã·ã³ã°ã¯å®å IP ã¢ãã¬ã¹ã«åºã¥ããŠè¡ãããŸããã€ãŸãã1ã€ã®å®å ã«éããããã¹ãŠã®ãã©ãã£ãã¯ãåãã€ã³ã¿ãã§ãŒã¹ã䜿çšããäžæ¹ã§ãå¥ã®å®å ãž ã®ãã©ãã£ãã¯ã¯å¥ã®ã€ã³ã¿ãã§ãŒã¹ã«éä¿¡ã§ããŸãã l éä¿¡å /å®å å¥:ãã©ã³ã·ã³ã°ã¯éä¿¡å /å®å IPã¢ãã¬ã¹ã®çµã¿åããã«åºã¥ããŠè¡ ãããŸããã€ãŸããéä¿¡å Aããå®å Bã«éããããã¹ãŠã®ãã©ãã£ãã¯ãåãã€ã³ã¿ ãã§ãŒã¹ã䜿çšããŸããå¥ã®çµã¿åããã®ãã©ãã£ãã¯ã¯å¥ã®ã€ã³ã¿ãã§ãŒã¹ã«é信㧠ããŸããäžèšã®ã泚ããåç §ããŠãã ããã l ã€ã³ã¿ãã§ãŒã¹å¥:ããã€ã³ãã€ã³ã¿ãã§ãŒã¹ ãããããããŠã³ãªã¹ãããã€ã³ã¿ãã§ãŒã¹ãéž æããŸããã«ãŒã«ã«è©²åœãããã¹ãŠã®ãã©ãã£ãã¯ã¯ããã®ã€ã³ã¿ãã§ãŒã¹çµç±ã§ã«ãŒ ãã£ã³ã°ãããŸããã€ã³ã¿ãã§ãŒã¹ã§é害ãçºçããåŸç¶ã®ã«ãŒã«ãäžèŽããªãå Ž åãæ¥ç¶ã¯ããã©ã«ãã®åäœã«ãã©ãŒã«ããã¯ããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. 次ã®è©³çŽ°èšå®ãä»»æã§è¡ããŸãã åæ£å (ã€ã³ã¿ãã§ãŒã¹ã«ããããŒã·ã¹ã¿ã³ã¹ä»¥å€):ãã£ãŒã«ãã«ã€ã³ã¿ãã§ãŒã¹ã°ã«ãŒããè¿œ å ããŸããã«ãŒã«ã«è©²åœãããã¹ãŠã®ãã©ãã£ãã¯ã¯ããã®ã°ã«ãŒãã®ã€ã³ã¿ãã§ãŒã¹ã§ãã© UTM 9 管çã¬ã€ã 157 6.1 ã€ã³ã¿ãã§ãŒã¹ 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° ã³ã·ã³ã°ãããŸããããã©ã«ãã§ã¯ããã¢ãããªã³ã¯ã€ã³ã¿ãã§ãŒã¹ ãéžæãããããããã¹ãŠ ã®ã¢ãããªã³ã¯ã€ã³ã¿ãã§ãŒã¹ã§æ¥ç¶ããã©ã³ã·ã³ã°ãããŸãã ã€ã³ã¿ãã§ãŒã¹ãšã©ãŒã«é¢ããã«ãŒã«ãã¹ããã:ãããéžæãããšãã€ã³ã¿ãŒãã§ãŒã¹ã§é害 ãçºçããå Žåã§ãããã©ãã£ãã¯ã«å¯ŸããŠã次ã«äžèŽãããã«ããã¹ã«ãŒã«ã䜿çšãã㟠ããéžæããªãå Žåãã€ã³ã¿ãŒãã§ãŒã¹ã§é害ãçºçããå Žåã§ãããã©ãã£ãã¯ã«å¯ŸããŠä» ã®ãã«ããã¹ã«ãŒã«ã䜿çšãããŸãããããã¯ãç¹å®ã®ã¹ã¿ãã£ã㯠IP ã¢ãã¬ã¹ã®ã¿ãã SMTP ãã©ãã£ãã¯ãéä¿¡ããããšã§ãç¡å¹ãªéä¿¡è IP ã¢ãã¬ã¹ãšããåå ã§ãéä¿¡ããã¡ãŒ ã«ãåä¿¡è ã«ãã£ãŠã¹ãã ãšããŠåé¡ãããããšãé²ãå Žåãªã©ã«äŸ¿å©ã§ãã 4. ãä¿å ããã¯ãªãã¯ããŸãã æ°ãããã«ããã¹ã«ãŒã«ãããã«ããã¹ã«ãŒã« ããªã¹ãã«è¿œå ãããŸãã 5. ãã«ããã¹ã«ãŒã«ãæå¹ã«ããŸãã æ°ããã«ãŒã«ã¯ããã©ã«ãã§ç¡å¹ã«ãªã£ãŠããŸã (ãã°ã«ã¹ã€ããã¯ã°ã¬ãŒè¡šç€º)ãã«ãŒã«ã æå¹ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ããã§ã«ãŒã«ãæå¹ã«ãªããŸã (ãã°ã«ã¹ã€ããã¯ç·è²)ã ã«ãŒã«ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 6.1.6 ããŒããŠã§ã¢ ãã€ã³ã¿ãã§ãŒã¹ïŒã«ãŒãã£ã³ã° > ã€ã³ã¿ãã§ãŒã¹ > ããŒããŠã§ã¢ ãã¿ãã«ã¯ãèšå®ãããŠãããã¹ãŠã® ã€ã³ã¿ãã§ãŒã¹ããã€ãŒãµããããªãã¬ãŒã·ã§ã³ã¢ãŒããMAC ã¢ãã¬ã¹ãªã©ã®æ å ±ãšå ±ã«è¡šç€ºãã㟠ããå UTM ããŒããŠã§ã¢ããã€ã¹ã®åã€ã³ã¿ãã§ãŒã¹ã«å¯ŸãããªãŒãããŽã·ãšãŒã·ã§ã³ãæå¹ãŸã㯠ç¡å¹ã«ããããšãã§ããŸãã ãªãŒãããŽã·ãšãŒã·ã§ã³:éåžžã2ã€ã®ãããã¯ãŒã¯ããã€ã¹éã®ã€ãŒãµãããæäœã¢ãŒã (1000BASET å šäºéã100BASE-T å šäºéã100BASE-T åäºéã10BASE-T å šäºéã10BASE-T åäºéãªã©) ãèªåçã«ããŽã·ãšãŒããããäž¡æ¹ã®ããã€ã¹ã§ãµããŒããããæé©ãªæäœã¢ãŒããéžæãã㟠ãããã®ãšããé床ã¯é«é (1000Mbps ãªã©) ãäœé (100Mbps ãªã©) ããåªå ãããåãé床ã§ã¯å š äºéã®æ¹ãåäºéããåªå ãããŸãã èŠå â 1000 Mbps ã®ãªãã¬ãŒã·ã§ã³ãé©åã«æ©èœãããããã«ã¯ãIEEE æšæº 802.3ab ã«ãã矩å ä»ããããŠããããã«ãåžžã«ãªãŒãããŽã·ãšãŒã·ã§ã³ãå¿ èŠã«ãªããŸãããã®ããããªã³ã¯ã¢ãŒã 1000BASE-T ã®ã€ã³ã¿ãã§ãŒã¹ã®ããªãŒãããŽã·ãšãŒã·ã§ã³ãã決ããŠãªãã«ããªãããã«ããŠãã ã ãããããã¯ãŒã¯ãªã³ã¯ã«ã¿ã€ãã³ã°é害ãçºçããŠããµãŒãã¹ãäœäžããããé害ãçºçããå¯ èœæ§ããããŸãã100 Mbps ããã³ 10 Mbps ãªãã¬ãŒã·ã§ã³ã§ã¯ããªãŒãããŽã·ãšãŒã·ã§ã³ããªã ã·ã§ã³ã§ãããã§ããéã䜿çšããããšãæšå¥šããŸãã 158 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.1 ã€ã³ã¿ãã§ãŒã¹ ãªãŒãããŽã·ãšãŒã·ã§ã³ã¯ããã©ã«ãã§æå¹åãããŠããŸãããŸããªã±ãŒã¹ã§ãªãŒãããŽã·ãšãŒã·ã§ ã³ããªãã«ããå¿ èŠãããå Žåã察å¿ããã€ã³ã¿ãã§ãŒã¹ã«ãŒãã®ãç·šé ããã¿ã³ãã¯ãªãã¯ããŠã衚瀺 ããããNIC ãã©ã¡ãŒã¿ã®ç·šé ããã€ã¢ãã°ãŠã£ã³ã㊠ã®ããªã³ã¯ã¢ãŒã ãããããããŠã³ãªã¹ãã§èšå®ã å€æŽããŸããããããããŠã³ãªã¹ãã¯ãUTM ããŒããŠã§ã¢ããã€ã¹ã®ã¿ã§äœ¿çšã§ããŸãããä¿å ãã㯠ãªãã¯ããŠå€æŽãä¿åããŸãã èŠå â ãªãŒãããŽã·ãšãŒã·ã§ã³ãç¡å¹ã«ãããšãã¯æ³šæããŠãã ãããããã«ãããäžäžèŽãçãã ããã©ãŒãã³ã¹ãå€§å¹ ã«äœäžããããæ¥ç¶ãåæãããããå¯èœæ§ããããŸãã該åœããããã ã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ã«ãŒãã WebAdmin ãžã®ã€ã³ã¿ãã§ãŒã¹ã§ããå ŽåãWebAdmin ãžã®ã¢ã¯ã»ã¹ ãåæãããŠããŸããŸãã ãªãŒãããŽã·ãšãŒã·ã§ã³ãé床ã®å€æŽã®çµæãã€ã³ã¿ãã§ãŒã¹ã®ãããã¯ãŒã¯ãªã³ã¯ã倱ãããå Ž åãèšå®ãå ã«æ»ãã ãã§ã¯ãéåžžãã€ã³ã¿ãã§ãŒã¹ãéåžžã®åäœã«æ»ãããšã¯ã§ããŸãããåæ ãããŠããã€ã³ã¿ãã§ãŒã¹ã§ã¯ããªãŒãããŽã·ãšãŒã·ã§ã³ãé床ã確å®ã«å€æŽããããšã¯ã§ããŸã ãããããã£ãŠãæåã«ãªãŒãããŽã·ãšãŒã·ã§ã³ãæå¹ã«ããŠãã UTM ãåèµ·åããŠéåžžã®åäœã« æ»ããŸãã HA ãªã³ã¯ã¢ãã¿ãªã³ã°:åé·åãæå¹ã§ããå Žåãèšå®ããããã¹ãŠã®ã€ã³ã¿ãã§ãŒã¹ã§ãªã³ã¯ã¹ ããŒã¿ã¹ãã¢ãã¿ãªã³ã°ãããŸãããªã³ã¯ã«é害ãçºçããå Žåããã€ã¯ãªãŒã㌠(åŒãç¶ã) ãè¡ ãããŸããèšå®ãããã€ã³ã¿ãã§ãŒã¹ãåžžã«æ¥ç¶ãããŠããèš³ã§ã¯ãªãå Žå (管çã€ã³ã¿ãã§ãŒã¹ ãªã©)ããã®ã€ã³ã¿ãã§ãŒã¹ã® HA ãªã³ã¯ã¢ãã¿ãªã³ã°ã¯ç¡å¹ã«ããŠãã ãããç¡å¹ã«ããªããšããã¹ãŠ ã® HA ãªã³ã¯ã®ã¹ããŒã¿ã¹ããæªæ¥ç¶ (UNLINKED)ãã®ãŸãŸã«ãªããŸããHA ãªã³ã¯ã¢ãã¿ãªã³ã°ãç¡å¹ ã«ããã«ã¯ãåã€ã³ã¿ãã§ãŒã¹ã«ãŒãã®ãç·šé ããã¿ã³ãã¯ãªãã¯ããŠã衚瀺ããããNIC ãã©ã¡ãŒã¿ã®ç·š é ããã€ã¢ãã°ãŠã£ã³ããŠã§èšå®ãå€æŽããŸãããä¿å ããã¯ãªãã¯ããŠå€æŽãä¿åããŸãã ä»®æ³ MAC ãèšå®:ããã€ã¹ã® MAC ã¢ãã¬ã¹ãå€æŽã§ãããšäŸ¿å©ãªå ŽåããããŸããããšãã°ãISP ã«ãã£ãŠã¯ãã¢ãã ã«æ¥ç¶ãããŠããããã€ã¹ã«å€æŽããã£ãå Žåã«ãã®ã¢ãã ããªã»ãããããã ã€ã¹ã® MAC ã¢ãã¬ã¹ããªã»ããããå¿ èŠããããŸããMAC ã¢ãã¬ã¹ãåã®ããã€ã¹ã®å€ã«èšå®ãã ããšã§ãã¢ãã ã®ãªã»ãããåé¿ããããšãã§ããŸãã UTMã¯ãããã€ã¹ã®ãªãªãžãã«ã® MAC ã¢ãã¬ã¹ãäžæžãããã®ã§ã¯ãªããä»®æ³ MAC ã¢ãã¬ã¹ãèš å®ããŸãããããè¡ãã«ã¯ã該åœããã€ã³ã¿ãã§ãŒã¹ã«ãŒãã®ãç·šé ããã¿ã³ãã¯ãªãã¯ããŸãã衚瀺ã ãããNIC ãã©ã¡ãŒã¿ã®ç·šé ããã€ã¢ãã°ãŠã£ã³ããŠã§ããä»®æ³ MAC ã®èšå® ããã§ãã¯ããã¯ã¹ã« ãã§ãã¯ãå ¥ããæå¹ãª MAC ã¢ãã¬ã¹ãå ¥åããŸãããä¿å ããã¯ãªãã¯ããŠå€æŽãä¿åããŸãã ãªãªãžãã«ã® MAC ã¢ãã¬ã¹ã«åŸ©å ããã«ã¯ã該åœããã€ã³ã¿ãã§ãŒã¹ã«ãŒãã®ãç·šé ããã¿ã³ã㯠ãªãã¯ããŸãã衚瀺ããããNIC ãã©ã¡ãŒã¿ã®ç·šé ããã€ã¢ãã°ãŠã£ã³ããŠã§ããä»®æ³ MAC ã®èšå® ã ãã§ãã¯ããã¯ã¹ã®ãã§ãã¯ãå€ããŸãããä¿å ããã¯ãªãã¯ããŠå€æŽãä¿åããŸãã UTM 9 管çã¬ã€ã 159 6.2 ããªããž 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.2 ããªããž ããªããžã³ã°ãšã¯ãäž»ã«ã€ãŒãµããããããã¯ãŒã¯ã§äœ¿çšããããã±ãã転éæè¡ã§ããã«ãŒãã£ã³ã° ãšéããããªããžã³ã°ã§ã¯ç¹å®ã®ã¢ãã¬ã¹ããããã¯ãŒã¯å ã®ã©ãã«ããã®ãæšå®ããã®ã§ã¯ãªãã ãããŒããã£ã¹ãã£ã³ã°ã䜿çšããŠäžæã®ããã€ã¹ãæ¢ããŸãã ããªããžã³ã°ã«ãããè€æ°ã®ã€ãŒãµããããããã¯ãŒã¯ãŸãã¯ã»ã°ã¡ã³ããçžäºæ¥ç¶ã§ããããã«ãªã ãŸããããŒã¿ãã±ããã¯ããªããžã³ã°ããŒãã«ãä»ããŠè»¢éãããŸããããªããžã³ã°ããŒãã«ã¯ãããªã ãžããŒãã« MAC ã¢ãã¬ã¹ãå²ãåœãŠãŸããäœæãããããªããžã¯ãããªããžã€ã³ã¿ãã§ãŒã¹ãä»ããŠã ã©ãã£ãã¯ãééçã«åãæž¡ããŸãã 泚 â ãã®ãããªãã©ãã£ãã¯ã¯ãé©åãªãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ã«ãã£ãŠæ瀺çã«èš±å¯ããå¿ èŠã ãããŸãã 泚 â ã»ãšãã©ã®ä»®æ³ãã¹ãã®ããã©ã«ãèšå®ã§ã¯ãä»®æ³ã€ã³ã¿ãã§ãŒã¹ã§ã® MAC ã¢ãã¬ã¹ã®å€æŽ ãç¡å·®å¥ã¢ãŒããèš±å¯ããŠããŸãããä»®æ³ãã¹ãã§ããªããžãæ©èœãããã«ã¯ãä»®æ³ãã¹ãã® MAC ã¢ãã¬ã¹æ€èšŒãç¡å¹ã«ããŠããããšãšãç¡å·®å¥ã¢ãŒããèš±å¯ããŠããããšã確èªããŠãã ããã 6.2.1 ã¹ããŒã¿ã¹ ããªããžãèšå®ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ãã¹ããŒã¿ã¹ ãã¿ãã§ããªããžãæå¹ã«ããŸãã ãã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° > ããªããž > ã¹ããŒã¿ã¹ ãã¿ãã§ããã°ã«ã¹ã€ãããã¯ãªãã¯ã㟠ãã ãã°ã«ã¹ã€ããã³ãã¢ã³ããŒè²ã«ãªãããããªããžèšå® ããšãªã¢ãç·šéå¯èœã«ãªããŸãã 2. ããªããžã³ã°ã¢ãŒããéžæããŸãã 2çš®é¡ã®ã¢ãŒãããéžæå¯èœã§ãã 160 l å š NIC ãããªããž:ãã®ãªãã·ã§ã³ãéžæãããšã䜿çšå¯èœãªãã¹ãŠã®ã€ãŒãµããã NIC (ãããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ã«ãŒã) ãããªããžã«å ãããŸãããã®ã¢ãŒãã§ã¯ãã³ã³ã㌠ãããã€ã³ã¿ãã§ãŒã¹ ãã®æå®ãå¿ é ãšãªããŸããã³ã³ããŒãããã€ã³ã¿ãã§ãŒã¹ãé€ãã ã¹ãŠã®ã€ã³ã¿ãã§ãŒã¹ãåé€ãããŸãã l äžéšã® NIC ãããªããž:ããªããžã圢æããåã ã® NIC ãéžæã§ããŸãããã®ããã« ã¯ã䜿çšãããŠããªããããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ã«ãŒããçšæããå¿ èŠããããŸãã UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.2 ããªã㞠䜿çšãããŠããªããããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ã«ãŒãã 1ã€ä»¥äžéžæããŠããªããžã圢 æããŸãããŸããæ°ããããªããžã«ã³ããŒãããã³ã³ããŒãããã€ã³ã¿ãã§ãŒã¹ ãæå®ã ãããšãã§ããŸãã 3. ããªããžã«ã³ã³ããŒãããã€ã³ã¿ãã§ãŒã¹ãéžæããŸãã èšå®æžã¿ã®ã€ã³ã¿ãã§ãŒã¹ã®ã¿ãéžæã§ããŸããããªããžã¯ããã®ã€ã³ã¿ãã§ãŒã¹ã®ã¢ãã¬ã¹ èšå®ãšãè¿œå ã¢ãã¬ã¹ããã³ VLAN ã®èšå®ãç¶æ¿ããŸãã 4. ãããªããžã®äœæ ããã¯ãªãã¯ããŸãã ãããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ãçµã¿åããããããªããžãã¢ã¯ãã£ãã«ãªããŸã (ãã°ã«ã¹ã€ãã ãç·è²ã«ãªããŸã)ã èšå®ããã£ã³ã»ã«ããã«ã¯ãã¢ã³ããŒè²ã®ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ããªããžã®èšå®ãå®äºãããšããã€ã³ã¿ãã§ãŒã¹ïŒã«ãŒãã£ã³ã° > ã€ã³ã¿ãã§ãŒã¹ ãã¿ãã«ãã³ã³ããŒãã ããã€ã³ã¿ãã§ãŒã¹ã SysID br0 ã®ããªããžããã€ã¹ãšããŠè¡šç€ºãããŸããããªããžã®ã¡ã³ãã§ããã ã¹ãŠã®ã€ã³ã¿ãã§ãŒã¹ããããªããžèšå® ããšãªã¢ã«è¡šç€ºãããŸããããªããžããã€ã³ã¿ãã§ãŒã¹ãé€å€ã ãã«ã¯ããã§ãã¯ããã¯ã¹ãããã§ãã¯ãå€ããŠããããªããžã®æŽæ° ããã¯ãªãã¯ããŸãã ããªããžãåé€ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ãã¹ããŒã¿ã¹ ãã¿ãã§ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«å€ãããŸãã 2. ãããªããžã®åé€ãç¢ºèª ããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã°ã¬ãŒã«å€ãããŸããããªããžã¯æ£åžžã«åé€ãããŸããã 6.2.2 詳现 ãã€ã³ã¿ãã§ãŒã¹ïŒã«ãŒãã£ã³ã° > ããªããž > 詳现 ãã¿ãã§ã¯ã次ã®ããªããžãªãã·ã§ã³ãèšå®ã§ã㟠ãã ARP ãããŒããã£ã¹ããèš±å¯:ãã®æ©èœã䜿çšãããšãã°ããŒãã« ARP ãããŒããã£ã¹ããããªããžã§ 転éãããã©ãããèšå®ããããšãã§ããŸããæå¹ã«ãããšãããªããžã¯ MAC å®å ã¢ãã¬ã¹ FF:FF:FF:FF:FF:FF ãžã®ãããŒããã£ã¹ããèš±å¯ããŸãããã ããããã¯çãããæ»æè ã«æªçš ãããåãããã¯ãŒã¯ã»ã°ã¡ã³ãå ã«å°å ¥ãããŠãããããã¯ãŒã¯ã«ãŒãããå Žåã«ãã£ãŠã¯ã»ãã¥ãª ãã£è£œåèªäœã«ã€ããŠãããŸããŸãªæ å ±ãåéããããã«å©çšãããŠããŸãå±éºæ§ããããŸããã ã®ãããããã©ã«ãèšå®ã¯ãã®ãããªãããŒããã£ã¹ããããªããžãééã§ããªãããã«ãªã£ãŠã㟠ãã ã¹ããã³ã°ããªãŒãããã³ã«:ãã®ãªãã·ã§ã³ãæå¹ã«ãããšãã¹ããã³ã°ããªãŒãããã³ã« (STP) ãæ å¹ã«ãªããŸãããã®ãããã¯ãŒã¯ãããã³ã«ã¯ãããªããžã®ã«ãŒããæ€åºããŠåé¿ããŸãã UTM 9 管çã¬ã€ã 161 6.3 QoS 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° èŠå â ã¹ããã³ã°ããªãŒãããã³ã«ã«ã¯ã»ãã¥ãªãã£æ©èœããªãããšãç¥ãããŠããŸããã§ãã® ã§ãæ»æè ã¯ããªããžã®æ§æãå€ããããšãã§ãããããããŸããã ãšãŒãžã³ã°ã¿ã€ã ã¢ãŠã:ãã®æé (ç§åäœ) ãçµéãããšãç¡å¹ãª MAC ã¢ãã¬ã¹ã¯åé€ãããŸãã ããã©ã«ãæé㯠300ç§ã§ãã IPv6 ãã¹ã¹ã«ãŒãèš±å¯:ãã®ãªãã·ã§ã³ãæå¹ã«ãããšãIPv6 ãã©ãã£ãã¯ãæ€æ»ãåããã«ããªããž ãééã§ããããã«ãªããŸãã ä»®æ³ MAC ã¢ãã¬ã¹:ããã«ã¯ãããªããžã®éç MAC ã¢ãã¬ã¹ãå ¥åã§ããŸããããã©ã«ãã§ã¯ (ãã ã³ãšã³ããªã 00:00:00:00:00:00 ã®å Žå)ãããªããžããã®ã¡ã³ãã®ã€ã³ã¿ãã§ãŒã¹ã®äžã§æãå°ãã MAC ã¢ãã¬ã¹ã䜿çšããŸãã 転é EtherType:ããã©ã«ãã§ã¯ãã§èšå®ãããããªããžã¯ IP ãã±ããã®ã¿ã転éããŸããè¿œå ããã ã³ã«ã転éããã«ã¯ããã®ããã¯ã¹ã«ããããã® EtherType ãè¿œå ããå¿ èŠããããŸãããã®ã¿ã€ã ã¯ã4æ¡ã® 16é²æ°ãå ¥åããŸããäžè¬çãªäŸãšããŠãAppleTalk (ã¿ã€ã 809B)ãNovell (ã¿ã€ã 8138)ãPPPoE (ã¿ã€ã 8863 ãš 8864) ãæããããŸããäžè¬çãªçšéãšããŠã¯ãæ¥ç¶ãããŠããããã ã¯ãŒã¯ã§è¿œå ãããã³ã«ã転éããããã«ãRED ã€ã³ã¿ãã§ãŒã¹éã®ããªããžãšããããšãèããã ãŸãã 6.3 QoS äžè¬çã«ããµãŒãã¹å質 (QoS) ãšã¯ãéžæããããããã¯ãŒã¯ãã©ãã£ãã¯ã«ããè¯ããµãŒãã¹ãæ äŸããå¶åŸ¡ã¡ã«ããºã ã瀺ããç¹ã«ãä¿èšŒããã垯åå¹ ãšããç¹ã§åªå ããããšãæå³ã㟠ããSophos UTMã§ã¯ãåªå ãã©ãã£ãã¯ã¯ããQoSãã¿ãã§èšå®ããŸãããã®èšå®ã§ã¯ããããã¯ãŒã¯ã® 2ç¹éãééããç¹å®ã¿ã€ãã®éä¿¡ãããã¯ãŒã¯ãã©ãã£ãã¯ã«å¯Ÿããä¿èšŒããã垯åå¹ ã確ä¿ã§ã ãŸãããäžæ¹ã§ãåä¿¡ãã©ãã£ãã¯ã®ã·ã§ãŒãã³ã°ã¯ SFQ (確ççäžåãã¥ãŒã€ã³ã°) ããã㯠RED (ã©ã³ãã åææ€ç¥ ) ãªã©ã®ããŸããŸãªãã¯ããã¯ã«ãã£ãŠå éšçã«æé©åãããŸãã 6.3.1 ã¹ããŒã¿ã¹ ãQoS > ã¹ããŒã¿ã¹ ãã¿ãã«ã¯ãQoS ãèšå®ã§ããã€ã³ã¿ãã§ãŒã¹ããªã¹ããããŸããããã©ã«ã㧠ã¯ãQoS ã¯åã€ã³ã¿ãã§ãŒã¹ã«å¯ŸããŠç¡å¹ã«ãªã£ãŠããŸãã ã€ã³ã¿ãŒãã§ãŒã¹ã® QoS ãèšå®ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. 該åœããã€ã³ã¿ãŒãã§ãŒã¹ã®ãç·šé ããã¿ã³ãã¯ãªãã¯ããŸãã ãã€ã³ã¿ãŒãã§ãŒã¹ã®ç·šé ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 162 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.3 QoS 2. 次ã®èšå®ãè¡ããŸãã ããŠã³ãªã³ã¯ (ããããã/ç§)ãã¢ãããªã³ã¯ (ããããã/ç§):ISP ã«ãã£ãŠæäŸãããã¢ãã㪠ã³ã¯ããã³ããŠã³ãªã³ã¯åž¯åå¹ (Kbps) ãèšå®ããŸããããšãã°ãã¢ãããªã³ã¯ãšããŠã³ãªã³ã¯ã® äž¡æ¹ã« 5Mããã/ç§ (Mbps) ã®ã€ã³ã¿ãŒãããæ¥ç¶ãèšå®ããã«ã¯ãã5120ããšå ¥åããŸãã 垯åå¹ ãå€åããå Žåã¯ãISP ãä¿èšŒããæäœã®å€ãå ¥åããŸããããšãã°ãã¢ãããªã³ã¯ ãšããŠã³ãªã³ã¯ã®äž¡æ¹ã« 0.8Mããã/ç§ (Mbps) ã®å€åã®ãã 5Mããã/ç§ (Mbps) ã®ã€ã³ã¿ãŒ ãããæ¥ç¶ã䜿çšããå Žåã¯ã4300Kããã/ç§ (Kbps) ãšå ¥åããŸããå©çšã§ãã垯åå¹ ãäž æçã«èšå®ããæäœä¿èšŒå€ããé«ããªããšãã²ãŒããŠã§ã€ã¯æ°ãã垯åå¹ ãèæ ®ããŠäºæ³ã ãŠãåªå ãã©ãã£ãã¯ã®åž¯åå¹ ã®ããŒã»ã³ããŒãžãåæ§ã«é«ããªãããã«ããŸãããããã¯æ® 念ãªããããã®å察ã«ã¯äœçšããŸããã ã¢ãããªã³ã¯ãå¶é:ãã®ãªãã·ã§ã³ãéžæãããšãQoS æ©èœã¯ãèšå®ãããããŠã³ãªã³ã¯ãšã¢ã ããªã³ã¯ã®åž¯åå¹ ãããã®ã€ã³ã¿ãã§ãŒã¹ãééãããã©ãã£ãã¯ãåªå é äœä»ãããããã® èšç®ããŒã¹ãšããŠäœ¿çšããŸããããã©ã«ãã§ã¯ãã¢ãããªã³ã¯ãå¶é ããªãã·ã§ã³ã¯éžæãã㊠ããã以äžã®ã€ã³ã¿ãã§ãŒã¹ã¿ã€ãã«äœ¿çšãããŸãã l ã€ãŒãµãããã¹ã¿ãã£ãã¯ã€ã³ã¿ãã§ãŒã¹ (ã²ãŒããŠã§ã€ãšã€ã³ã¿ãŒãããéã«ã«ãŒã¿ãé åãããã«ãŒã¿ãæäŸãã垯åå¹ ãããã£ãŠãããã®) l æšæº VLAN ã€ã³ã¿ãã§ãŒã¹ (ã²ãŒããŠã§ã€ãšã€ã³ã¿ãŒãããéã«ã«ãŒã¿ãé åãããã«ãŒ ã¿ãæäŸãã垯åå¹ ãããã£ãŠãããã®) l DSL (PPPoE) l DSL (PPPoA) l ã¢ãã (PPP) ãã©ãã£ãã¯ã·ã§ãŒãã³ã°ã®èšç®ããŒã¹ãã€ã³ã¿ãã§ãŒã¹ã®æ倧é床ã§æ±ºå®ãããã€ã³ã¿ ãã§ãŒã¹ã®ãã¢ãããªã³ã¯ãå¶é ããã§ãã¯ããã¯ã¹ãããã§ãã¯ãå€ããŸãããã ããããã¯ä»¥ äžã®ã€ã³ã¿ãã§ãŒã¹ã¿ã€ãã«ã®ã¿é©çšãããŸãã l ã€ãŒãµãããã¹ã¿ãã£ãã¯ã€ã³ã¿ãã§ãŒã¹ (ã€ã³ã¿ãŒãããã«çŽæ¥æ¥ç¶) l ã€ãŒãµãããVLANã€ã³ã¿ãã§ãŒã¹ (ã€ã³ã¿ãŒãããã«çŽæ¥æ¥ç¶) l ã€ãŒãµããã DHCP ç¹å®ã®ã¢ãããªã³ã¯å¶éãæå®ãããŠããªãã€ã³ã¿ãã§ãŒã¹ã§ã¯ãQoS æ©èœãå šãã©ãã£ã㯠ãåçã«ã·ã§ãŒãã³ã°ããŸããããšãã°ãã€ãŒãµããã DHCP ã€ã³ã¿ãã§ãŒã¹äžã® VoIP ãã© ãã£ãã¯ã« 512Kããã/ç§ (Kbps) ãèšå®ããå Žåã«ãå©çšã§ãã垯åå¹ ãååã«ãªã£ããšã ã¯ã256Kããã/ç§ããã®ãã©ãã£ãã¯ã«äœ¿çšãããŸã (æ¯äŸã·ã§ãŒãã³ã°ã¯ãåºå®æ倧å¶éã« äŸåããã€ã³ã¿ãã§ãŒã¹ãšå¯Ÿç §çã«ãåæ¹åã«æ©èœããããšã«æ³šæããŠãã ãã)ã UTM 9 管çã¬ã€ã 163 6.3 QoS 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° ããŠã³ããŒãã€ã³ã©ã€ã¶:æå¹ã«ãããšã確ççäžåãã¥ãŒã€ã³ã° (SFQ) ããã³ã©ã³ãã åæ æ€ç¥ (RED) ãã¥ãŒã¢ã«ãŽãªãºã ããããã¯ãŒã¯ã®èŒ»èŒ³ãåé¿ããŸããèšå®ããããŠã³ãªã³ã¯ é床ã«éãããšãã¹ããªãŒã ã䜿çšããã»ãšãã©ã®ããŠã³ãªã³ã¯ã®ãã±ããã¯ããããããŸãã ã¢ããããŒããªããã£ãã€ã¶:æå¹ã«ãããšãéä¿¡ TCP æ¥ç¶ã®ç¢ºç« (SYN ãã©ã°ãèšå®ãã ãTCPãã±ãã)ãTCP æ¥ç¶ã® ACK (確èªå¿ç) ãã±ãã (ACK ãã©ã°ãèšå®ããããã±ããé· ã 40ïœ60ãã€ãã® TCP ãã±ãã)ãããã³ DNS ã«ãã¯ã¢ãã (ããŒã 53äžã® UDP ãã±ãã) ã èªåçã«åªå ãããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã 4. QoS ã€ã³ã¿ãã§ãŒã¹ãæå¹ã«ããŸãã ã€ã³ã¿ãã§ãŒã¹ã®ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããç·è²ã«å€ãããŸãã 6.3.2 ãã©ãã£ãã¯ã»ã¬ã¯ã¿ ãã©ãã£ãã¯ã»ã¬ã¯ã¿ã¯ãQoS ãæ±ãç¹å®ã¿ã€ãã®ãããã¯ãŒã¯ãã©ãã£ãã¯ãèšè¿°ãã QoS ã®å®çŸ©ãš èŠãªãããšãã§ããŸãããããã®å®çŸ©ã¯ãåŸã§åž¯åå¹ ããŒã«å®çŸ©ã®äžã§äœ¿çšãããŸãã垯åå¹ ããŒã«å®çŸ©ã§ã¯ã垯åå¹ å šäœã®å¶éãç¹å®éã®æäœåž¯åå¹ ã®ä¿èšŒãªã©ãQoS ã«ãããã®ãã© ãã£ãã¯ã®åãæ±ãæ¹æ³ã«ã€ããŠå®çŸ©ã§ããŸãã ãã©ãã£ãã¯ã»ã¬ã¯ã¿ãäœæããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ããã©ãã£ãã¯ã»ã¬ã¯ã¿ãã¿ãã§ããæ°èŠãã©ãã£ãã¯ã»ã¬ã¯ã¿ããã¯ãªãã¯ããŸãã ãæ°èŠãã©ãã£ãã¯ã»ã¬ã¯ã¿ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã®ãã©ãã£ãã¯ã»ã¬ã¯ã¿ã説æããååãå ¥åããŸãã ã»ã¬ã¯ã¿ã¿ã€ã:以äžã®ã¿ã€ããå®çŸ©ã§ããŸãã 164 l ãã©ãã£ãã¯ã»ã¬ã¯ã¿:ãã©ãã£ãã¯ã»ã¬ã¯ã¿ã䜿çšãããšããã©ãã£ãã¯ã¯ 1ã€ã®ãµãŒãã¹ãŸ ãã¯ãµãŒãã¹ã°ã«ãŒãã«åºã¥ããŠã·ã§ãŒãã³ã°ãããŸãã l ã¢ããªã±ãŒã·ã§ã³ã»ã¬ã¯ã¿:ã¢ããªã±ãŒã·ã§ã³ã»ã¬ã¯ã¿ã䜿çšãããšããã©ãã£ãã¯ã¯ã¢ã㪠ã±ãŒã·ã§ã³ã«åºã¥ããŠã·ã§ãŒãã³ã°ãããŸããã€ãŸãã䜿çšããããŒãããµãŒãã¹ã«ã ããããããã©ãã£ãã¯ãããããã©ã®ã¢ããªã±ãŒã·ã§ã³ã«å±ããŠãããã«äŸåã㟠ãã l ã°ã«ãŒã:è€æ°ã®ãµãŒãã¹ããã³ã¢ããªã±ãŒã·ã§ã³ã»ã¬ã¯ã¿ã 1ã€ã®ãã©ãã£ãã¯ã»ã¬ã¯ã¿ ã«ãŒã«ã«ãŸãšããããšãã§ããŸããã°ã«ãŒããå®çŸ©ããã«ã¯ãåäœã®ã»ã¬ã¯ã¿ããã〠ãå®çŸ©ããŠããå¿ èŠããããŸãã UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.3 QoS éä¿¡å :QoS ãæå¹ã«ããéä¿¡å ãããã¯ãŒã¯ãéžæããŸãã ãµãŒãã¹:ãã©ãã£ãã¯ã»ã¬ã¯ã¿ã®ã¿ã§äœ¿çšã§ããŸããQoS ãæå¹ã«ãããããã¯ãŒã¯ãµãŒãã¹ ãéžæããŸããäºåã«å®çŸ©ããããŸããŸãªãµãŒãã¹ããµãŒãã¹ã°ã«ãŒãããéžæã§ããŸãã ããšãã°ãåºå®åž¯åå¹ ãVoIPæ¥ç¶ã«äºçŽããå Žåã¯ãVoIP ãããã³ã« (SIP ããã³ H.323) ã éžæããŸãã å®å :QoS ãæå¹ã«ããå®å ãããã¯ãŒã¯ãéžæããŸãã å¶åŸ¡åºæº:ã¢ããªã±ãŒã·ã§ã³ã»ã¬ã¯ã¿ã®ã¿ã§äœ¿çšã§ããŸããã¢ããªã±ãŒã·ã§ã³ã¿ã€ãã«åºã¥ã㊠ãã©ãã£ãã¯ãã·ã§ãŒãã³ã°ããããã«ããŽãªã«åºã¥ããã€ãããã¯ãã£ã«ã¿ã«ãã£ãŠã³ã³ãããŒã« ããããéžæããŸãã l ã¢ããªã±ãŒã·ã§ã³:ãã©ãã£ãã¯ã¯ãã¢ããªã±ãŒã·ã§ã³ã«åºã¥ããŠã·ã§ãŒãã³ã°ãããŸãã ã管ç察象ã¢ããªã±ãŒã·ã§ã³ãããã¯ã¹ã§ã¢ããªã±ãŒã·ã§ã³ã 1ã€ä»¥äžéžæããŸãã l ãã€ãããã¯ãã£ã«ã¿:ãã©ãã£ãã¯ã¯ãã«ããŽãªã«åºã¥ããŠã·ã§ãŒãã³ã°ãããŸãããå¶åŸ¡ ããã«ããŽãªãããã¯ã¹ã§ã«ããŽãªã 1ã€ä»¥äžéžæããŸãã 管ç察象ã¢ããªã±ãŒã·ã§ã³/ã«ããŽãª:ã¢ããªã±ãŒã·ã§ã³ã»ã¬ã¯ã¿ã®ã¿ã§äœ¿çšã§ããŸããããã©ã« ããã¢ã€ã³ã³ãã¯ãªãã¯ããŠãã¢ããªã±ãŒã·ã§ã³/ã«ããŽãªãéžæããŸãããã€ã¢ãã°ãŠã£ã³ããŠã éããŸããããã«ã€ããŠã¯ã次ã®ã»ã¯ã·ã§ã³ã§è©³ãã説æããŸãã çç£æ§:ãã€ãããã¯ãã£ã«ã¿ã®ã¿ã§äœ¿çšããŸããéžæããçç£æ§ã¹ã³ã¢ãåæ ãã㟠ãã ãªã¹ã¯:ãã€ãããã¯ãã£ã«ã¿ã®ã¿ã§äœ¿çšããŸããéžæãããªã¹ã¯ã¹ã³ã¢ãåæ ãã㟠ãã 泚 â äžéšã®ã¢ããªã±ãŒã·ã§ã³ã¯ã·ã§ãŒãã³ã°ã§ããŸãããããã¯ãSophos UTMã®é©åãªãª ãã¬ãŒã·ã§ã³ã®ããã«å¿ èŠã§ãããã®ãããªã¢ããªã±ãŒã·ã§ã³ã¯ããã¢ããªã±ãŒã·ã§ã³éžæ ãã ã€ã¢ãã°ãŠã£ã³ããŠã®ã¢ããªã±ãŒã·ã§ã³ããŒãã«ã§ãã§ãã¯ããã¯ã¹ããªãã«ãªã£ãŠããŸãã ããšãã°ãWebAdminãTeredoãSixXs (IPv6 ãã©ãã£ãã¯çš)ãPortal (ãŠãŒã¶ããŒã¿ã«ã®ãã© ãã£ãã¯çš) ãªã©ã該åœããŸãããã€ãããã¯ãã£ã«ã¿ã䜿çšãããšããããã®ã¢ããªã±ãŒã·ã§ ã³ã®ã·ã§ãŒãã³ã°ãèªåçã«å¶éãããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. 次ã®è©³çŽ°èšå®ãä»»æã§è¡ããŸãã UTM 9 管çã¬ã€ã 165 6.3 QoS 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° TOS/DSCP (ãTraffic Selectorãã®ã¿ã§è¡šç€ºãããŸã):ç¹æ®ãªã±ãŒã¹ã§ã¯ãéä¿¡å ãå®å ãã ãã³ãµãŒãã¹ã ãã§ãªããIP ãããã® TOS ãŸã㯠DSCP ãã©ã°ã«ãã£ãŠãQoS ãåŠçããã ã©ãã£ãã¯ãåºå¥ããããšãæçã«ãªããŸãã l OFFãã®ããã©ã«ããªãã·ã§ã³ã§ã¯ãäžã§éžæããéä¿¡å ããµãŒãã¹ãããã³å®å ãšäž èŽãããã¹ãŠã®ãã©ãã£ãã¯ã QoS ã«ããåŠçãããŸãã l TOS ããã:QoS ãåŠçãããã©ãã£ãã¯ãç¹å®ã® TOS (ãµãŒãã¹ã¿ã€ã) ãããèšå®ã® IP ãã±ããã«å¶éããå Žåã¯ããã®ãªãã·ã§ã³ãéžæããŸããTOS ãããã®å Žåãä»¥äž ã®èšå®ããéžæã§ããŸãã l éåžžãµãŒãã¹ l l éé¡çã³ã¹ãã®æå°å l ä¿¡é Œæ§ãæ倧å l ã¹ã«ãŒãããã®æ倧å l é 延ã®æå°å DSCP ããã:QoS ãåŠçãããã©ãã£ãã¯ãç¹å®ã® DSCP (å·®å¥åãµãŒãã¹ã³ãŒãã〠ã³ã) ãããèšå®ã® IP ãã±ããã«å¶éããå Žåã¯ããã®ãªãã·ã§ã³ãéžæããŸããåäž ã®ãDSCP å€ ã(0ïœ63 ã®æŽæ°) ãæå®ãããããŸãã¯ãDSCP ã¯ã©ã¹ (DSCP Class)ããªã¹ ãããäºåã«å®çŸ©ããå€ãéžæã§ããŸã (BE default dscp (000000)ãªã©)ã éåä¿¡ããŒã¿é:æ¥ç¶ã«ãã£ãŠãããŸã§ã«éä¿¡ããããã€ãéã«åºã¥ããŠãã©ãã£ãã¯ã»ã¬ã¯ ã¿ãäžèŽãããå Žåã¯ããã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŸãããã®æ©èœã䜿çšãããšã éåžžã® HTTP ãã©ãã£ãã¯ãå¶éããããšãªãã倧èŠæš¡ãª HTTP ã¢ããããŒãã®åž¯åå¹ ãå¶é ããããšãªã©ãã§ããŸãã l éåä¿¡:ç¹å®ã®ãã©ãã£ãã¯éãè¶ éããæ¥ç¶ã®ã¿ã®ãã©ãã£ãã¯ã»ã¬ã¯ã¿ãå®çŸ©ãã å Žåã¯ãããããããŠã³ãªã¹ããããäžé ããéžæããŸããç¹å®ã®éãäžåãæ¥ç¶ã®ã ã©ãã£ãã¯ã»ã¬ã¯ã¿ãå®çŸ©ããå Žåã¯ããäžé ããéžæããŸãã l ãããã€ã:ãã©ãã£ãã¯éã®ãããå€ãå ¥åããŸãã ãã«ããŒ:ããŒã¿éä¿¡ã«åçããŒãç¯å²ã䜿çšãããµãŒãã¹ããããŸããåæ¥ç¶ã«å¯ŸããŠã 䜿çšããããŒãããšã³ããã€ã³ãéã§ãã³ã³ãããŒã«ãã£ãã«çµç±ã§ããŽã·ãšãŒãããŸããUTM ã§ã¯ãã³ãã¯ã·ã§ã³ãã©ããã³ã°ãã«ãã䜿çšããŠãã³ã³ãããŒã«ãã£ãã«ãã¢ãã¿ãªã³ã°ããã© ã®åçããŒãã䜿çšãããŠããããå€æããŸããåçããŒãçµç±ã§éä¿¡ããããã©ãã£ãã¯ã ãã©ãã£ãã¯ã»ã¬ã¯ã¿ã«å«ããå Žåã¯ãäžéšã®ããµãŒãã¹ ãããã¯ã¹ã§ãä»»æ ããéžæããããã« ããŒãããããããŠã³ãªã¹ãããé©åãªãµãŒãã¹ãéžæããŸãã 4. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããã»ã¬ã¯ã¿ãããã©ãã£ãã¯ã»ã¬ã¯ã¿ããªã¹ãã«è¡šç€ºãããŸãã 166 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.3 QoS å€ãã®ãã©ãã£ãã¯ã»ã¬ã¯ã¿ãå®çŸ©ããå Žåã¯ã1ã€ã®ãã©ãã£ãã¯ã»ã¬ã¯ã¿ã°ã«ãŒãã«è€æ°ã®ã»ã¬ã¯ã¿ ããŸãšããããšã§ããã䟿å©ã«äœ¿çšããããšãå¯èœã«ãªããŸãã ãã®ãã©ãã£ãã¯ã»ã¬ã¯ã¿ãŸãã¯ãã©ãã£ãã¯ã»ã¬ã¯ã¿ã°ã«ãŒãã¯ãããããã®åž¯åå¹ ããŒã«ã§äœ¿çšã§ ããŸãããããã®ããŒã«ã¯ã垯åå¹ ããŒã« ãã¿ãã§å®çŸ©ã§ããŸãã ã ã¢ããªã±ãŒã·ã§ã³ ãŸãã¯ã«ããŽãªã®éžæã ãã€ã¢ã 㰠㊠ã£ã³ ã㊠ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã«ã«ãŒã«ãäœæããéã¯ãã管çããã¢ããªã±ãŒã·ã§ã³ (ã«ããŽãª) ã 1〠以äžéžæããŠãã ããããšãããã€ã¢ãã°ãŠã£ã³ããŠããã¢ããªã±ãŒã·ã§ã³ãŸãã¯ã¢ããªã±ãŒã·ã§ã³ã«ã ãŽãªãéžæããå¿ èŠããããŸãã ãã€ã¢ãã°ãŠã£ã³ããŠã®äžéšã«è¡šç€ºãããããŒãã«ã«ã¯ãéžæå¯èœãªã¢ããªã±ãŒã·ã§ã³ãŸãã¯å®çŸ© ããã«ããŽãªã«å±ããã¢ããªã±ãŒã·ã§ã³ã衚瀺ãããŸããããã©ã«ãã§ã¯ããã¹ãŠã®ã¢ããªã±ãŒã·ã§ã³ ã衚瀺ãããŸãã ãã€ã¢ãã°ãŠã£ã³ããŠã®äžéšã«ã¯ãããŒãã«ã«è¡šç€ºãããã¢ããªã±ãŒã·ã§ã³æ°ãå¶éããããã® 3〠ã®èšå®ãªãã·ã§ã³ããããŸãã l ã«ããŽãª:ã¢ããªã±ãŒã·ã§ã³ã¯ã«ããŽãªå¥ã«ã°ã«ãŒãåãããŠããŸãããã®ãªã¹ãã«ã¯ãå©çšå¯ èœãªãã¹ãŠã®ã«ããŽãªã衚瀺ãããŸããããã©ã«ãã§ã¯ããã¹ãŠã®ã«ããŽãªãéžæãããŠã ãŸããã€ãŸããäžéšã«è¡šç€ºãããããŒãã«ã«ã¯ãå©çšå¯èœãªãã¹ãŠã®ã¢ããªã±ãŒã·ã§ã³ãè¡š 瀺ãããŸãã衚瀺ãããã¢ããªã±ãŒã·ã§ã³ãç¹å®ã®ã«ããŽãªã«çµã蟌ãã«ã¯ãã¯ãªãã¯ããŠã«ã ãŽãªãªã¹ããéãã1ã€ä»¥äžã®ã«ããŽãªãéžæããŸãã l çç£æ§:ã¢ããªã±ãŒã·ã§ã³ã¯ãçç£æ§ãžã®åœ±é¿( ã€ãŸãçç£æ§ã«ãã®ã¢ããªã±ãŒã·ã§ã³ãäžã ã圱é¿ã®åºŠåã) ã«ãã£ãŠãåé¡ãããŠããŸããäŸ:äžè¬çãªããžãã¹ãœãããŠã§ã¢ã® Salesforce ã®ã¹ã³ã¢ã¯ 5ã§ããã€ãŸããããã䜿çšããããšã§çç£æ§ãåäžããŸããäžæ¹ã㪠ã³ã©ã€ã³ã²ãŒã ã® Farmville ã®ã¹ã³ã¢ã¯ 1 ã§ãããã䜿çšãããšçç£æ§ãäœäžããŸããããã ã¯ãŒã¯ãµãŒãã¹ DNS ã®ã¹ã³ã¢ã¯ 3 ã§ãçç£æ§ãžã®åœ±é¿ã¯äžç«çã§ãã l ãªã¹ã¯:ã¢ããªã±ãŒã·ã§ã³ã¯ã䜿çšæã®ãªã¹ã¯ (ãã«ãŠã§ã¢ããŠã€ã«ã¹ææãæ»æ) ã«ãã£ãŠãå é¡ãããŠããŸããæ°å€ãé«ãã»ã©ããªã¹ã¯ãé«ããªããŸãã ãã³ã â ããããã®ã¢ããªã±ãŒã·ã§ã³ã«ã¯æ å ±ã¢ã€ã³ã³ããããã¯ãªãã¯ãããšåã¢ããªã±ãŒã·ã§ã³ ã®èª¬æã衚瀺ãããŸããããŒãã«ãããã®ãã£ã«ã¿ãã£ãŒã«ãã䜿çšããŠãããŒãã«å ãæ€çŽ¢ãã ããšãã§ããŸãã 次ã«ããæ°èŠãã©ãã£ãã¯ã»ã¬ã¯ã¿ã®äœæ ããã€ã¢ãã°ããã¯ã¹ã§éžæããã³ã³ãããŒã«ã®ã¿ã€ãã«å¿ã ãŠã以äžãè¡ããŸãã l ãã€ãããã¯ãã£ã«ã¿ã§ç®¡çããå Žå:ãé©çš ããã¯ãªãã¯ããŠãéžæããã¢ããªã±ãŒã·ã§ã³ãã«ãŒ ã«ã«é©çšããŸãã UTM 9 管çã¬ã€ã 167 6.3 QoS l 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° ã¢ããªã±ãŒã·ã§ã³ã§ç®¡çããå Žå:ããŒãã«ã§ãã¢ããªã±ãŒã·ã§ã³ã®åã«ãããã§ãã¯ããã¯ã¹ ãã¯ãªãã¯ãã管ç察象ã®ã¢ããªã±ãŒã·ã§ã³ãéžæããŸãããé©çš ããã¯ãªãã¯ããŠãéžæãã㢠ããªã±ãŒã·ã§ã³ãã«ãŒã«ã«é©çšããŸãã ãé©çš ããã¯ãªãã¯ãããšãã€ã¢ãã°ãŠã£ã³ããŠãéãããã©ãã£ãã¯ã»ã¬ã¯ã¿ã«ãŒã«ã®èšå®ã®ç·šéãç¶ ããããšãã§ããŸãã 6.3.3 垯åå¹ ããŒã« ãQoS > 垯åå¹ ããŒã« ãã¿ãã§ã垯åå¹ ã管çããããã®åž¯åå¹ ããŒã«ãå®çŸ©ããŠç®¡çã§ããŸãã 垯åå¹ ããŒã«ã§ã¯ãç¹å®ã®éä¿¡ã¿ã€ãã«å¯ŸããŠä¿é垯åå¹ ãäºçŽããŸããä»»æã§ãæ倧垯åå¹ ã æå®ããŠãããå¶éããããšãã§ããŸãã 垯åå¹ ããŒã«ãäœæããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ã垯åå¹ ããŒã« ãã¿ãã§ãã€ã³ã¿ãã§ãŒã¹ãéžæããŸãã ããããããŠã³ãªã¹ãããã垯åå¹ ããŒã«ãäœæããã€ã³ã¿ãã§ãŒã¹ãéžæããŸãã 2. ãæ°èŠåž¯åå¹ ããŒã« ããã¯ãªãã¯ããŸãã ãæ°èŠåž¯åå¹ ããŒã«ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 3. 次ã®èšå®ãè¡ããŸãã åå:ãã®åž¯åå¹ ããŒã«ã説æããååãå ¥åããŸãã äœçœ®:äœçœ®çªå·ãããã«ãã£ãŠåž¯åå¹ ããŒã«ã®åªå é äœãå®çŸ©ãããŸããçªå·ãå°ããã» ã©åªå é äœãé«ããªããŸãã垯åå¹ ããŒã«ã¯æé ã«ç §åãããŸãããã垯åå¹ ããŒã«ãäž èŽãããšããã以éããããã倧ããçªå·ã®åž¯åå¹ ããŒã«ã¯è©äŸ¡ãããŸãããããå ·äœç ãªåž¯åå¹ ããŒã«ããªã¹ãã®äžéšã«é 眮ããŠãææ§ãªåž¯åå¹ ããŒã«ãæåŸã«ç §åããããã ã«ããŸããããšãã°ãäžè¬ç㪠Web ãã©ãã£ã㯠(HTTP) ãšç¹å®ãã¹ããžã® Web ãã©ãã£ãã¯ã«ã ã©ãã£ãã¯ã»ã¬ã¯ã¿ãèšå®ããå Žåã¯ã垯åå¹ ããŒã«ãªã¹ãã®æäžéšã«åŸè ã®ãã©ãã£ãã¯ã» ã¬ã¯ã¿ã䜿çšãã垯åå¹ ããŒã«ãé 眮ããŸã (ã€ãŸããäœçœ® 1 ãããã«éžæããŸã)ã 垯åå¹ :ãã®åž¯åå¹ ããŒã«çšã«äºçŽããã¢ãããªã³ã¯åž¯åå¹ ããããããåäœã§å ¥åããŸãã ããšãã°ãç¹å®ã¿ã€ãã®ãã©ãã£ãã¯ã« 1M ããã/ç§ (Mbps) ãäºçŽããå Žåã¯ã1024 ãšå ¥åã ãŸãã 泚 â 垯åå¹ ããŒã«ã«å²ãåœãŠãããã®ã¯ãå©çšå¯èœãªå šåž¯åå¹ ã® 90 % ãŸã§ã§ããã²ãŒã ãŠã§ã€ã¯åžžã«åž¯åå¹ ã® 10 % ãããããã·ã§ãŒãã³ã°ãããŠããªããã©ãã£ãã¯çšã«äºçŽã㟠ããäžèšã®äŸã§èšãã°ãã¢ãããªã³ã¯ã®ã€ã³ã¿ãŒãããæ¥ç¶ã 5M ããã/ç§ (Mbps) ã§ãVoIP 168 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.3 QoS ãã©ãã£ãã¯ã«ã§ããã ãå€ãã®åž¯åå¹ ãå²ãåœãŠããå Žåã¯ãæ倧 4608K ããã/ç§ (Kbps) ãå ¥åã§ããŸãã 垯åå¹ ã®äžéãæå®ãã:äžèšã®ã垯åå¹ ããã£ãŒã«ãã«å ¥åããå€ã¯ãç¹å®ã®çš®é¡ã®ãã© ãã£ãã¯çšã«äºçŽãããä¿èšŒããã垯åå¹ ã瀺ããŸãããããã垯åå¹ ããŒã«ã¯éåžžãå¯èœ ã§ããã°ããã®ãã©ãã£ãã¯çšã«ããå€ãã®åž¯åå¹ ãå²ãåœãŠãŸããç¹å®ã®ãã©ãã£ãã¯ãäž å®é以äžã®åž¯åå¹ ã䜿çšããªãããã«ãããå Žåã¯ããã®ãªãã·ã§ã³ãéžæããŠããã®åž¯å å¹ ããŒã«ã«ãã£ãŠäœ¿çšããã垯åå¹ ã®å²ãåœãŠãäžéå€ã«å¶éããŸãã ãã©ãã£ãã¯ã»ã¬ã¯ã¿:ãã®åž¯åå¹ ããŒã«ã«äœ¿çšãããã©ãã£ãã¯ã»ã¬ã¯ã¿ãéžæããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 4. ãä¿å ããã¯ãªãã¯ããŸãã æ°ãã垯åå¹ ããŒã«ãã垯åå¹ ããŒã« ããªã¹ãã«è¡šç€ºãããŸãã 5. ã«ãŒã«ãæå¹ã«ããŸãã æ°ããã«ãŒã«ã¯ããã©ã«ãã§ç¡å¹ã«ãªã£ãŠããŸã (ãã°ã«ã¹ã€ããã¯ã°ã¬ãŒè¡šç€º)ãã«ãŒã«ã æå¹ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ããã§ã«ãŒã«ãæå¹ã«ãªããŸã (ãã°ã«ã¹ã€ããã¯ç·è²)ã 垯åå¹ ããŒã«ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 6.3.4 ããŠã³ããŒã垯åå¹ èª¿æŽ ãQoS > ããŠã³ããŒã垯åå¹ èª¿æŽ ãã¿ãã§ãåä¿¡ãã©ãã£ãã¯ã®åž¯åå¹ ã調æŽããããã®ã«ãŒã«ãèš å®ã»ç®¡çã§ããŸããèšå®ãããããå€ããéãé床ã§ãã±ãããéãããŠããå Žåãéå°ãªãã±ãã ã¯ããã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ã®ãã°ãã¡ã€ã«ã«èšé²ãããããšãªããçŽã¡ã«ç Žæ£ãããŸããTCP 茻茳 å¶åŸ¡é¿æ¹æ³ã«ãããç Žæ£ããããã±ãããéä¿¡ããéä¿¡è ã¯ãéä¿¡ããé »åºŠãæžããå¿ èŠããã ãŸãã ããŠã³ããŒã垯åå¹ èª¿æŽã«ãŒã«ãäœæããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ãããŠã³ããŒã垯åå¹ èª¿æŽ ãã¿ãã§ãã€ã³ã¿ãã§ãŒã¹ãéžæããŸãã ããããããŠã³ãªã¹ããããããŠã³ããŒã垯åå¹ èª¿æŽãäœæããã€ã³ã¿ãã§ãŒã¹ãéžæããŸãã 2. ãæ°èŠããŠã³ããŒã垯åå¹ èª¿æŽã«ãŒã« ããã¯ãªãã¯ããŸãã ãæ°èŠããŠã³ããŒã垯åå¹ èª¿æŽã«ãŒã« ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 3. 次ã®èšå®ãè¡ããŸãã åå:ãã®ããŠã³ããŒã垯åå¹ èª¿æŽã«ãŒã«ã説æããååãå ¥åããŠãã ããã UTM 9 管çã¬ã€ã 169 6.3 QoS 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° åªå é äœ:åªå é äœçªå·ãããã«ãã£ãŠã«ãŒã«ã®åªå é äœãå®çŸ©ãããŸããçªå·ãå°ãã ã»ã©åªå é äœãé«ããªããŸããã«ãŒã«ã¯æé ã«ç §åãããŸããããã«ãŒã«ãäžèŽãããšãã ã以éããããã倧ããçªå·ã®ã«ãŒã«ã¯è©äŸ¡ãããŸããã ããå ·äœçãªåž¯åå¹ ã«ãŒã«ã㪠ã¹ãã®äžéšã«é 眮ããŠãææ§ãªåž¯åå¹ ã«ãŒã«ãæåŸã«ç §åãããããã«ããŸãã å¶éå€ (ããããã/ç§):æå®ãããã©ãã£ãã¯ã®äžé (åäœ: ããããã)ãããšãã°ãç¹å®ã¿ã€ã ã®ãã©ãã£ãã¯ã®åž¯åå¹ ã 1Mããã/ç§ (Mbps) ã«å¶éããå Žåã¯ã1024 ãšå ¥åããŸãã å¶é:äžã§æå®ããå¶éãé©çšãããã©ãã£ãã¯ã®éä¿¡å ãå®å : l å ±æ:æ¢åã®æ¥ç¶ãã¹ãŠã«ãäžéãåçã«åæ£ããŸããã€ãŸãããã®ã«ãŒã«ã§æå®ã ãããã©ãã£ãã¯å šäœã®ããŠã³ããŒã垯åå¹ ã¯ãæå®ããå€ã«å¶éãããŸãã l åéä¿¡å ã¢ãã¬ã¹:éä¿¡å ã¢ãã¬ã¹ããšã«ããã®äžéå€ãé©çšãããŸãã l åå®å ã¢ãã¬ã¹:å®å ã¢ãã¬ã¹ããšã«ããã®äžéå€ãé©çšãããŸãã l åéä¿¡å /å®å :åæ¹åã¢ãã¬ã¹ãã¢ããšã«ããã®äžéå€ãé©çšãããŸãã ãã©ãã£ãã¯ã»ã¬ã¯ã¿:ããŠã³ããŒã垯åå¹ ã調æŽãããã©ãã£ãã¯ã»ã¬ã¯ã¿ãéžæããŸããéžæã ããã©ãã£ãã¯ã»ã¬ã¯ã¿éã§ãäžéå€ãåæ£ãããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 4. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããããŠã³ããŒã垯åå¹ èª¿æŽã«ãŒã«ãããããŠã³ããŒã垯åå¹ èª¿æŽ ããªã¹ãã«è¡šç€ºãã㟠ãã 5. ã«ãŒã«ãæå¹ã«ããŸãã æ°ããã«ãŒã«ã¯ããã©ã«ãã§ç¡å¹ã«ãªã£ãŠããŸã (ãã°ã«ã¹ã€ããã¯ã°ã¬ãŒè¡šç€º)ãã«ãŒã«ã æå¹ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ããã§ã«ãŒã«ãæå¹ã«ãªããŸã (ãã°ã«ã¹ã€ããã¯ç·è²)ã ã«ãŒã«ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 6.3.5 詳现 ã«ãã»ã«åã®åŸãåé¡ãç¶æãã ã«ãã»ã«ååŸã«ãã±ãããä»ã®ãã©ãã£ãã¯ã»ã¬ã¯ã¿ãäžèŽããªãå Žåã«ãå ã®ãµãŒãã¹ã®ãã© ãã£ãã¯ã»ã¬ã¯ã¿ãšåŒãç¶ãäžèŽããããšã確èªããå Žåã¯ããã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ã ãŸãã ãã©ãã£ãã¯ã»ã¬ã¯ã¿ãžã®ã«ãã»ã«åãããIPãã±ããã®å²ãåœãŠã¯ã次ã®ããã«æ©èœããŸãã 170 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.4 ã¢ãããªã³ã¯ã¢ãã¿ãªã³ã° 1. å ã® IP ãã±ãããäžããããé åºã§æ¢åã®ãã©ãã£ãã¯ã»ã¬ã¯ã¿ãšæ¯èŒããŸãããã±ãããæ åã«äžèŽãããã©ãã£ãã¯ã»ã¬ã¯ã¿ã«å²ãåœãŠãããŸã (å éš -> HTTP -> ä»»æãªã©)ã 2. IP ãã±ãããã«ãã»ã«åããããµãŒãã¹ãå€æŽãããŸã (IPsec ãªã©ãž)ã 3. ã«ãã»ã«åãããã±ãããäžããããé åºã§æ¢åã®ãã©ãã£ãã¯ã»ã¬ã¯ã¿ãšæ¯èŒããŸãããã±ã ããæåã«äžèŽãããã©ãã£ãã¯ã»ã¬ã¯ã¿ã«å²ãåœãŠãããŸã (å éš -> IPsec -> ä»»æãªã©)ã 4. äžèŽãããã©ãã£ãã¯ã»ã¬ã¯ã¿ããªãå Žåã®å²ãåœãŠã¯ããã«ãã»ã«ååŸãã¯ã©ã·ãã£ã±ãŒã·ã§ ã³ãä¿æ ããªãã·ã§ã³ã«äŸåããŸãã l ãã®ãªãã·ã§ã³ãéžæãããŠããå Žåãã«ãã»ã«åãããã±ãããæé 1ã§æ€åºããã ã©ãã£ãã¯ã»ã¬ã¯ã¿ã«å²ãåœãŠãããŸãã l ãã®ãªãã·ã§ã³ãéžæãããŠããªãå Žåãã«ãã»ã«åãããã±ããã¯ãã©ãã£ãã¯ã»ã¬ã¯ ã¿ã«å²ãåœãŠãããªãããã垯åå¹ ããŒã«ã®äžéšã«ããããšãã§ããŸããã E xp lic it Conge stion N otific ation ( E CN ) ãµããŒã ECN (æ瀺çãªèŒ»èŒ³éç¥) ãšã¯ã€ã³ã¿ãŒããããããã³ã«ã®æ¡åŒµã§ããããããã¯ãŒã¯èŒ»èŒ³ã®ãšã³ã ããŒãšã³ããªéç¥ããã±ããã®ãããããªãã§èš±å¯ããŸããECN ã¯ãæ¥ç¶ã®äž¡ãšã³ããã€ã³ãã®é㧠䜿çšã®ããŽã·ãšãŒããæåããŠããå Žåã«ã®ã¿æ©èœããŸãããã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ã ããšãUTMã¯ãECN 䜿çšã®æåãäŒããæ å ±ãéä¿¡ããŸããä»ã®ãšã³ããã€ã³ããåæãããšããšã³ ããã€ã³ãã ECN æ å ±ã亀æããŸããäžäœã®ãããã¯ãŒã¯ãšé¢äžããã«ãŒã¿ã ECN ããµããŒãã㊠ããå¿ èŠããããŸãã 6.4 ã¢ãããªã³ã¯ã¢ãã¿ãªã³ã° ãã€ã³ã¿ãã§ãŒã¹ïŒã«ãŒãã£ã³ã° > ã¢ãããªã³ã¯ã¢ãã¿ãªã³ã°ãã¡ãã¥ãŒã§ã¯ãã¢ãããªã³ã¯æ¥ç¶ãã¢ãã¿ ãªã³ã° (ç£èŠ) ããæ¥ç¶ã¹ããŒã¿ã¹ãå€åãããšãã«èªåçã«é©çšããã¢ã¯ã·ã§ã³ãå®çŸ©ããããšã㧠ããŸãã ããšãã°ãå¥ã®ãªã³ã¯ã䜿çšããŠããã¯ã¢ãã VPN ãã³ãã«ãèªåçã«ãªã³ã«ãããããšã€ãªã¢ã¹ IP ã¢ãã¬ã¹ãç¡å¹ã«ããŠã¢ãã¿ãªã³ã°ãµãŒãã¹ãããªã¬ããããšãã§ããŸãã 6.4.1 ã°ããŒãã« ãã¢ãããªã³ã¯ã¢ãã¿ãªã³ã° > ã°ããŒãã« ãã¿ãã§ãã¢ãããªã³ã¯ã®ã¢ãã¿ãªã³ã°ãæå¹ãŸãã¯ç¡å¹ã«ã§ ããŸãã ã¢ãããªã³ã¯ã¢ãã¿ãªã³ã°ãæå¹ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããç·è²ã«å€ãããŸãã UTM 9 管çã¬ã€ã 171 6.4 ã¢ãããªã³ã¯ã¢ãã¿ãªã³ã° 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° ã¢ãããªã³ã¯ã¢ãã¿ãªã³ã°ãæå¹ã®å Žåããã¢ãããªã³ã¯ã¹ããŒã¿ã¹ ãã»ã¯ã·ã§ã³ã«ãçŸåšã®ã¢ãã㪠ã³ã¯ã€ã³ã¿ãŒãã§ãŒã¹ããã³ãã®ã¹ããŒã¿ã¹ã衚瀺ãããŸãã l ONLINE:ã¢ãããªã³ã¯æ¥ç¶ã確ç«ããæ©èœããŠããŸãã l OFFLINE:ã¢ãã¿ãªã³ã°ã®çµæãã¢ãããªã³ã¯æ¥ç¶ã¯ããŠã³ããŠããŸãã l DOWN:ã¢ãããªã³ã¯ã€ã³ã¿ãŒãã§ãŒã¹ã管ççãªçç±ã§ç¡å¹åãããŠããããŸãã¯ãåç〠ã³ã¿ãŒãã§ãŒã¹ã®å Žåããªã¢ãŒã PPP ãŸãã¯DHCP ãµãŒãã«æ¥ç¶ã§ããŸããã l STANDBY:ãã€ã³ã¿ãŒãã§ãŒã¹ > ã¢ãããªã³ã¯ãã©ã³ã¹ ãã¿ãã§ãã¹ã¿ã³ãã€ã€ã³ã¿ãã§ãŒã¹ããšã㊠æå®ãããŠããã€ã³ã¿ãŒãã§ãŒã¹ã§ãçŸåšäœ¿çšãããŠããŸããã 泚 â ã¢ãããªã³ã¯ãã©ã³ã¹ãæå¹ã«ãªã£ãŠããå Žåãã¢ãããªã³ã¯ã¢ãã¿ãªã³ã°ãç¡å¹ã«ãªã£ãŠã ãŠããã¢ãããªã³ã¯ã¯åžžã«ç£èŠãããŸãããããã£ãŠãã¢ãããªã³ã¯ã¢ãã¿ãªã³ã°ãç¡å¹ã«ãªã£ãŠã ãŠããã¢ãããªã³ã¯ãã©ã³ã¹ãæå¹ã«ãªã£ãŠããéãããã®ããŒãžã«ã¢ãããªã³ã¯ã€ã³ã¿ãŒãã§ãŒã¹ ã衚瀺ãããŸãããã®å Žåãã¢ãã¿ãªã³ã°èšå®ã¯ããã€ã³ã¿ãŒãã§ãŒã¹ > ã¢ãããªã³ã¯ãã©ã³ã¹ ãã¿ã ã§å€æŽã§ããŸãã 6.4.2 ã¢ã¯ã·ã§ã³ ãã€ã³ã¿ãã§ãŒã¹ïŒã«ãŒãã£ã³ã° (Interfaces & Routing) > ã¢ãããªã³ã¯ã¢ãã¿ãªã³ã° > ã¢ã¯ã·ã§ã³ãã¿ã ã§ãã¢ãããªã³ã¯ã®æ¥ç¶ã¹ããŒã¿ã¹ãå€æŽã«ãªã£ãå Žåã«èªåçã«é©çšããã¢ã¯ã·ã§ã³ãå®çŸ©ã§ã ãŸããããšãã°ãã¢ãããªã³ã¯æ¥ç¶ãããŠã³ããå Žåã¯è¿œå ã¢ãã¬ã¹ãç¡å¹ã«ããããšãã§ããŸãã æ°ããã¢ã¯ã·ã§ã³ãäœæããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ãã¢ã¯ã·ã§ã³ãã¿ãã§ããæ°èŠã¢ã¯ã·ã§ã³ããã¯ãªãã¯ããŸãã ãã¢ãããªã³ã¯ãªãã©ã€ã³æã®æ°èŠã¢ã¯ã·ã§ã³ã®äœæ ããã€ã¢ãã°ãŠã£ã³ããŠãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ã¢ã¯ã·ã§ã³ã説æããååãå ¥åããŸãã ã¿ã€ã:ã¢ã¯ã·ã§ã³ãå®çŸ©ããæ¥ç¶ã¿ã€ããéžæããŸãã 172 l IPsec ãã³ãã«:IPsec ãã³ãã«ã«å¯Ÿããã¢ã¯ã·ã§ã³ãå®çŸ©ããå Žåã¯ãããããããŠã³ãª ã¹ããããã®ãªãã·ã§ã³ãéžæããŸãã l è¿œå ã¢ãã¬ã¹:è¿œå ã¢ãã¬ã¹ã«å¯Ÿããã¢ã¯ã·ã§ã³ãå®çŸ©ããå Žåã¯ãããããããŠã³ãªã¹ ããããã®ãªãã·ã§ã³ãéžæããŸãã UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.4 ã¢ãããªã³ã¯ã¢ãã¿ãªã³ã° IPsec ãã³ãã«:(ãIPsec ãã³ãã« ãã¿ã€ãã®ã¿ã«å©çšå¯ã)IPsec ãã³ãã«ãå®çŸ©ããŠããå Žå ã¯ãããã§ãããã®ãããããéžæã§ããŸããIPsec ãã³ãã«ã«é¢ãã詳现ã¯ãããªã¢ãŒãã¢ã¯ ã»ã¹ > IPsecãã®ç« ãåç §ããŠãã ããã è¿œå ã¢ãã¬ã¹:(ãè¿œå ã¢ãã¬ã¹ ãã¿ã€ãã®ã¿ã«å©çšå¯ã)è¿œå ã¢ãã¬ã¹ãå®çŸ©ããŠããå Žåã¯ã ããã§ãããã®ãããããéžæã§ããŸããè¿œå ã¢ãã¬ã¹ã«é¢ãã詳现ã¯ããã€ã³ã¿ãã§ãŒã¹ïŒ ã«ãŒãã£ã³ã° > ã€ã³ã¿ãã§ãŒã¹ > è¿œå ã¢ãã¬ã¹ ãã®ç« ãåç §ããŠãã ããã ã¢ã¯ã·ã§ã³:ããã§ãæå¹ ããŸãã¯ãç¡å¹ ãã®ãããããéžæã§ããŸããã€ãŸããã¢ãããªã³ã¯ãäž æããå Žåã¯ãäžèšã§éžæãã IPsec ãã³ãã«ãè¿œå ã¢ãã¬ã¹ãæå¹ãŸãã¯ç¡å¹ã«ãªãã ãã«èšå®ããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã ã¢ã¯ã·ã§ã³ã¯ä¿åãããã¢ãããªã³ã¯ã®æ¥ç¶ãäžæãããšé©çšãããŸãã ã¢ã¯ã·ã§ã³ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 6.4.3 詳现 ãã¢ãããªã³ã¯ã¢ãã¿ãªã³ã° > 詳现 ãã¿ãã§ãã¢ãããªã³ã¯æ¥ç¶ã®èªåã¢ãã¿ãªã³ã°ãç¡å¹ã«ãããã㢠ãã¿ãªã³ã° (ç£èŠ) ã«äœ¿çšãã 1ã€ä»¥äžã®ãã¹ããå®çŸ©ã§ããŸãã ããã©ã«ãã§ã¯ãã€ã³ã¿ãã§ãŒã¹é害ã®å¯èœæ§ãæ€åºããããã«ãèªåã¢ãã¿ãªã³ã°ããæå¹ã«ãªã£ ãŠããŸããã€ãŸãããã¹ãŠã®ã¢ãããªã³ã¯ ãã©ã³ã·ã³ã° ã€ã³ã¿ãã§ãŒã¹ããã€ã³ã¿ãŒãããäžã®ç¹å®ã® ãã¹ãã« 15ç§ééã§æ¥ç¶ããããšã«ããããããã®ã€ã³ã¿ãã§ãŒã¹ã®ç¶æ (å¥å šæ§) ãã¢ãã¿ãªã³ã°ã ããŸããããã©ã«ãã§ã¯ããã¹ãã®ã¢ãã¿ãªã³ã°ã¯ã1ã€ã®ã«ãŒã DNS ãµãŒããŸã§ã®ã«ãŒãäžã«ã ããping ãèš±å¯ãã 3çªç®ã®ãããã§ãããªãããŠãŒã¶ã¯ãµãŒãããŒã«ãã¢ãã¿ãªã³ã°ããããã®ã ã¹ããèªåã§å®çŸ©ããããšãã§ããŸãããããã®ãã¹ãã«ã¯ãping 以å€ã®å¥ã®ãµãŒãã¹ãéžæãã㢠ãã¿ãªã³ã°ééãšã¿ã€ã ã¢ãŠããå€æŽã§ããŸãã åã¢ãã¿ãªã³ã°ãã¹ãã«ã¯ãäžå®æéæ¥ç¶ãè©Šã¿ããããã«ãå°éã§ããªãå Žåã¯ãã¢ãããªã³ã¯ æ¥ç¶ã¯ããŠã³ããŠãããšå€æãããŸãããã®åŸããã¢ã¯ã·ã§ã³ãã¿ãã§å®çŸ©ããã¢ã¯ã·ã§ã³ãå®è¡ãã ãŸãã 泚 â åãã¢ãã¿ãªã³ã°èšå®ããã¢ãããªã³ã¯ã¢ãã¿ãªã³ã° (ã¢ãããªã³ã¯ã¢ãã¿ãªã³ã° > 詳现 ) ãšã¢ãã ãªã³ã¯ãã©ã³ã·ã³ã° (ã€ã³ã¿ãŒãã§ãŒã¹ > ã¢ãããªã³ã¯ãã©ã³ã·ã³ã°) ã«å¯ŸããŠäœ¿çšãããŸãã ã¢ãã¿ãªã³ã°ã«ã客æ§ã®ãã¹ãã䜿çšããã«ã¯ã以äžã®æé ã«åŸããŸãã UTM 9 管çã¬ã€ã 173 6.4 ã¢ãããªã³ã¯ã¢ãã¿ãªã³ã° 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 1. ãèªåã¢ãã¿ãªã³ã°ããã§ãã¯ããã¯ã¹ã®ãã§ãã¯ãå€ããŸãã ãã¢ãã¿ãªã³ã°ãã¹ããããã¯ã¹ãç·šéå¯èœã«ãªããŸãã 2. ã¢ãã¿ãªã³ã°ãã¹ããè¿œå ããŸãã ä»»æã®ãã¹ãã䜿çšãã代ããã«ãã¢ãã¿ãªã³ã°ã«äœ¿çšãããã¹ãã 1ã€ä»¥äžè¿œå ããŸããè€ æ°ã®ãã¹ãã§ã€ã³ã¿ãã§ãŒã¹ãã¢ãã¿ãªã³ã°ããå Žåãå®çŸ©ãããæéå ã«ãã¹ãŠã®ã¢ãã¿ãª ã³ã°ãã¹ããå¿çããªãå Žåã«ã®ã¿ãã€ã³ã¿ãã§ãŒã¹ãããã (dead) ãšã¿ãªãããŸãã 泚 â éžæãããã¹ããã€ã³ã¿ãã§ãŒã¹ã«é¢é£ä»ããããŠããå Žåã¯ããã®ã€ã³ã¿ãã§ãŒã¹ã® ã¢ãã¿ãªã³ã°ã®ã¿ã«äœ¿çšãããŸãããã¹ããã€ã³ã¿ãã§ãŒã¹ã«é¢é£ä»ããããŠããªãå Žå ã¯ããã¹ãŠã®ã€ã³ã¿ãã§ãŒã¹ã®ã¢ãã¿ãªã³ã°ã«äœ¿çšãããŸããéžæãããã¹ãã«ããã«ããŒã ããŠããªãã€ã³ã¿ãã§ãŒã¹ã¯ãèªåã¢ãã¿ãªã³ã°ã«ããã¢ãã¿ãªã³ã°ãããŸãã ããã¯ã¹ã®ãããã«ãããã¢ãã¿ãªã³ã°èšå®ãã¢ã€ã³ã³ãã¯ãªãã¯ãããšãã¢ãã¿ãªã³ã°ã®è©³çŽ°ã èšå®ã§ããŸãã ã¢ãã¿ãªã³ã°ã¿ã€ã:ã¢ãã¿ãªã³ã°çšã®ãµãŒãã¹ãããã³ã«ãéžæããŸããã¢ãã¿ãªã³ã°çšã« ãTCP ã(TCP æ¥ç¶ã®ç¢ºç«)ããUDP ã(UDP æ¥ç¶ã®ç¢ºç«)ããPingã(ICMP Ping)ããHTTP ãã¹ãã (HTTP èŠæ±)ããŸãã¯ãHTTPS ãã¹ãã(HTTPS èŠæ±) ã®ãããããéžæããŸãããUDP ãã䜿 çšããå Žåãping èŠæ±ãæåã«éä¿¡ãããæåããå Žåã¯ãç¶ããŠãã€ããŒã 0 ã® UDP ã ã±ãããéä¿¡ãããŸããping ãæåããªãã£ãå ŽåããICMP ããŒãã«å°éã§ããªãå Žåãã ã®æ¥ç¶ã¯ããŠã³ããŠãããšã¿ãªãããŸãã ããŒã (ãTCP ãããã³ã¯ãUDP ãã®ã¢ãã¿ãªã³ã°ã¿ã€ãéžææã®ã¿):èŠæ±ã®éä¿¡å ã®ããŒãçª å·ã URL (ä»»æããHTTP/S ãã¹ããã®ã¢ãã¿ãªã³ã°ã¿ã€ãéžææã®ã¿):èŠæ±ãã URLãURL ã«ã㌠ãæ å ±ãè¿œå ããããšã§ãããã©ã«ãã®ããŒã 80 ãŸã㯠443 以å€ã®ããŒãã䜿çšã§ããŸã (äŸ: http://example.domain:8080/index.html)ãURL ãæå®ããªãå Žåã¯ãã«ãŒãã㣠ã¬ã¯ããªãèŠæ±ãããŸãã éé:ãã¹ãããã§ãã¯ããééãç§åäœã§å ¥åããŸãã ã¿ã€ã ã¢ãŠã:ã¢ãã¿ãªã³ã°ãã¹ããå¿çãéä¿¡ããæ倧æéãç§åäœã§å ¥åããŸããã€ã³ã¿ ãã§ãŒã¹ã®ãã¹ãŠã®ã¢ãã¿ãªã³ã°ãã¹ãããã®æéå ã«å¿çããªãå Žåãã€ã³ã¿ãã§ãŒã¹ã ããã (dead) ãšã¿ãªãããŸãã 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã 174 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.5 IPv6 6.5 IPv6 Sophos UTMã§ã¯ãããŒãžã§ã³ 8 ãããIPv4 ã®åŸç¶ã§ãã IPv6 ããµããŒãããŠããŸãã UTMã®ä»¥äžã®æ©èœã§ã¯ãIPv6 ãå®å šã«ãŸãã¯éšåçã«ãµããŒããããŸãã l WebAdmin ããã³ãŠãŒã¶ããŒã¿ã«ãžã®ã¢ã¯ã»ã¹ l SSH l NTP l SNMP l SLAAC (ã¹ããŒãã¬ã¹ã¢ãã¬ã¹èªåèšå®) ããã³ DHCPv6 ã¯ã©ã€ã¢ã³ãã¯ãã¹ãŠã®åçã€ã³ã¿ ãã§ãŒã¹ã¿ã€ãããµããŒãããŠããŸãã l DNS l DHCP ãµãŒã l BGP l OSPF l IPS l ãã¡ã€ã¢ãŠã©ãŒã« l NAT l ICMP l ãµãŒãããŒããã©ã³ã·ã³ã° l Web ãã£ã«ã¿ l Web ã¢ããªã±ãŒã·ã§ã³ ãã¡ã€ã¢ãŠã©ãŒã« l SMTP l IPsec (ãµã€ãéã®ã¿) l Syslog ãµãŒã UTM 9 管çã¬ã€ã 175 6.5 IPv6 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.5.1 ã°ããŒãã« ãIPv6 > ã°ããŒãã« ãã¿ãã§ã¯ãSophos UTMã® IPv6 ãµããŒããæå¹ã«ããããšãã§ããŸããããã«ãã ããæå¹ã«ãããšãIPv6 ã®æ å ± (ã¹ããŒã¿ã¹æ å ±ããã¬ãã£ãã¯ã¹å§èšãªã©) ãããã«è¡šç€ºãããŸãã IPv6 ãµããŒãã¯ããã©ã«ãã§ã¯ç¡å¹ã«ãªã£ãŠããŸããIPv6 ãæå¹ã«ããã«ã¯ã次ã®æé ã«åŸã㟠ãã 1. ãã°ããŒãã« ãã¿ãã§ãIPv6 ãæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããç·è²ã«å€ãããŸãã 以åã« IPv6 ãæå¹åãŸãã¯èšå®ããããšããªãå Žå ã¯ããæ¥ç¶ ããšãªã¢ã«ããªãããšè¡šç€ºãããŸãã IPv6 ãæå¹ã«ãããšãè€æ°ã®ãããã¯ãŒã¯ããWebAdmin 㧠IPv6 ãæ瀺çã«åç §ããŠãããã®ä»ã® ãªããžã§ã¯ãå®çŸ©ã衚瀺ãããŸãããããã¯ãIPv4 ãªããžã§ã¯ããšåæ§ã«äœ¿çšããããšãã§ããŸãã 泚 â IPv6 ãæå¹ã«ãããšããããã¯ãŒã¯ãªããžã§ã¯ããªã©ã®ã¢ã€ã³ã³ã«ã該åœãªããžã§ã¯ãã IPv6 㪠ããžã§ã¯ãã IPv4 ãªããžã§ã¯ãã (ãããã¯ãã®äž¡æ¹ã) ã瀺ãããŒã¯ãè¿œå ã§è¡šç€ºãããŸãã 6.5.2 ãã¬ãã£ãã¯ã¹åºå ãIPv6 > ãã¬ãã£ãã¯ã¹éç¥ ãã¿ãã§ã¯ãSophos UTMãèšå®ããŠãã¯ã©ã€ã¢ã³ãã« IPv6 ã¢ãã¬ã¹ã㬠ãã£ãã¯ã¹ãå²ãåœãŠãŠãã¯ã©ã€ã¢ã³ããèªå㧠IPv6 ã¢ãã¬ã¹ãéžæã§ããããã«èšå®ããããšã㧠ããŸãããã¬ãã£ãã¯ã¹éç¥ (ãŸãã¯ã«ãŒã¿éç¥) ãšã¯ãIPv6 ã®æ©èœã® 1ã€ã§ãããã«ãŒã¿ (ãã®å Ž åUTM) ã IPv4 ã«ããã DHCP ãµãŒããšåãããã«æ©èœããŸãããã ããã«ãŒã¿ã¯ã¯ã©ã€ã¢ã³ãã«IP ãçŽæ¥å²ãåœãŠãŸããã代ããã«ãIPv6 ãããã¯ãŒã¯å ã®ã¯ã©ã€ã¢ã³ãã¯ãã«ãŒã¿ãšã®ãã©ã€ããªé ä¿¡ã®ããã«ãããããªã³ã¯ããŒã«ã«ã¢ãã¬ã¹ãèªãã«å²ãåœãŠãŸããç¶ããŠãã«ãŒã¿ãã¯ã©ã€ã¢ã³ã ã«ãããã¯ãŒã¯ã»ã°ã¡ã³ãã®ãã¬ãã£ãã¯ã¹ãäŒããŸãããã®åŸãã¯ã©ã€ã¢ã³ãã¯ãã¬ãã£ãã¯ã¹ãšèªã ã® MAC ã¢ãã¬ã¹ããæã IP ã¢ãã¬ã¹ãçæããŸãã æ°ãããã¬ãã£ãã¯ã¹ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ããã¬ãã£ãã¯ã¹éç¥ ãã¿ãã§ããæ°èŠãã¬ãã£ãã¯ã¹ ããã¯ãªãã¯ããŸãã ãæ°èŠãã¬ãã£ãã¯ã¹ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ã€ã³ã¿ãã§ãŒã¹:64ãããã®ããããã¹ã¯ãèšå®ããã IPv6 ã¢ãã¬ã¹ãæã€ã€ã³ã¿ãã§ãŒã¹ãéž æããŸãã 176 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.5 IPv6 DNS ãµãŒã 1/2 (ä»»æ):DNS ãµãŒãã® IPv6 ã¢ãã¬ã¹ã ãã¡ã€ã³ (ä»»æ):ã¯ã©ã€ã¢ã³ãã«éä¿¡ããããã¡ã€ã³åãå ¥åããŸã (äŸ: intranet.example.com)ã æå¹æé:ãã¬ãã£ãã¯ã¹ãæå¹ãªæéãããã©ã«ã㯠30æ¥éã§ãã æšå¥šæé:ãã®æéãè¶ éãããšãæšå¥šãããã©ã€ãã¿ã€ã ããŸã æºäºããŠããªãä»ã®ã㬠ãã£ãã¯ã¹ãã¯ã©ã€ã¢ã³ãã«éžæãããŸããããã©ã«ã㯠7æ¥éã§ãã ä»ã®èšå® (ä»»æ):ãã®ãªãã·ã§ã³ã¯ããã©ã«ãã§éžæãããŠããŸããããã«ãããæäžã®ã㬠ãã£ãã¯ã¹ã«å¯ŸããŠæäžã® DNS ãµãŒããšãã¡ã€ã³åã DHCPv6 çµç±ã§è¿œå ã§ã¢ããŠã³ã¹ã ããŸããçŸæç¹ã§ã¯ããã¬ãã£ãã¯ã¹éç¥ãã DNS æ å ±ããã§ããã§ããã¯ã©ã€ã¢ã³ãã¯å°ãª ãããããã®æ©èœã圹ã«ç«ã€ãŸã (RFC 5006/ RFC 6106)ããã® DHCPv6 èšå®ã¯é衚瀺ã§ã ããDHCP èšå®ã¡ãã¥ãŒã§ã®è¡šç€ºãç·šéã¯ã§ããŸããã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ãããã¬ãã£ãã¯ã¹èšå®ãããã¬ãã£ãã¯ã¹éç¥ ããªã¹ãã«è¡šç€ºãããŸãã 6.5.3 åå²ãåœãŠ ãIPv6 > åå²ãåœãŠ ãã¿ãã§ããã¬ãã£ãã¯ã¹ãå€æŽãããå Žåã«ãUTM ã§ç®¡çããã IPv6 ã¢ãã¬ã¹ ãèªåçã«åå²ãåœãŠãããããèšå®ããããšãã§ããŸãããŸããæå㧠IPv6 ãåå²ãåœãŠããã ãšãã§ããŸãã å€æŽããã IPv6 ã¢ãã¬ã¹ã¯æ¬¡ã®ãšããã§ãã l ãã¹ãããããã¯ãŒã¯ãããã³ç¯å²ã®å®çŸ© l ãã©ã€ããªããã³ã»ã«ã³ã㪠ã€ã³ã¿ãŒãã§ãŒã¹ ã¢ãã¬ã¹ l DHCPv6 ãµãŒãç¯å²ãšãããã³ã° l DNS ãããã³ã° ãã³ãã«ãããŒã«ã§æäŸããã IPv6 ãã¬ãã£ãã¯ã¹ã¯ãåå²ãåœãŠãããŸããã èªå IPv6 åå²ãåœãŠ ããã©ã«ãã§ãUTM ã§ç®¡çããŠãã IPv6 ã¢ãã¬ã¹ã¯ãIPv6 ãã¬ãã£ãã¯ã¹ãå€æŽããéãèªåçã« åå²ãåœãŠãããŸãããã¬ãã£ãã¯ã¹ã®å€æŽã¯ãDHCPv6 ãã¬ãã£ãã¯ã¹å§èšçµç±ã§ ISP ã«ãã£ãŠå® è¡ãããŸãã åå²ãåœãŠãç¡å¹ã«ããã«ã¯ããã®ãã§ãã¯ããã¯ã¹ãéžæããå€ããŠããé©çš ãã㯠ãªãã¯ããŸãã UTM 9 管çã¬ã€ã 177 6.5 IPv6 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° æå IPv6 åå²ãåœãŠ UTM ã§ç®¡çãããç¹å®ã® IPv6 ã¢ãã¬ã¹ãæåã§åå²ãåœãŠããããšãã§ããŸãããã㯠ISP ãå€ æŽããæ°ãããããã€ãããIPv6 ãã¬ãã£ãã¯ã¹ã DHCPv6 çµç±ã§èªåçã«å²ãåœãŠãã®ã§ãªããé çã«å²ãåœãŠãå Žåãªã©ã«äŸ¿å©ã§ãã 1. åå²ãåœãŠãã IPv6 ã¢ãã¬ã¹ã®ãã¬ãã£ãã¯ã¹ãæå®ããŸãã ãã¬ãã£ãã¯ã¹ããå€ããã¬ãã£ãã¯ã¹ ããã£ãŒã«ãã«å ¥åããŸãã 2. æ°ãããã¬ãã£ãã¯ã¹ãæå®ããŸãã ãã¬ãã£ãã¯ã¹ããæ°èŠãã¬ãã£ãã¯ã¹ ããã£ãŒã«ãã«å ¥åããŸãã 3. ãé©çš ããã¯ãªãã¯ããŸãã æå®ãããã¬ãã£ãã¯ã¹ã®ãã IPv6 ã¢ãã¬ã¹ã¯ãã¹ãŠãæ°ãããã¬ãã£ãã¯ã¹ã䜿çšããŠåå² ãåœãŠãããŸãã 6.5.4 6to4 ãIPv6 > 6to4ãã¿ãã§ã¯ãæ¢åã® IPv4 ãããã¯ãŒã¯äžã§ IPv6 ã¢ãã¬ã¹ãèªåçã«ãã³ããªã³ã°ãããã ã«Sophos UTMãèšå®ããããšãã§ããŸãã6to4 ã䜿çšãããšãå IPv4 ã¢ãã¬ã¹ã«ããããã³ã°å ã® IPv6 ãããã¯ãŒã¯ãã /48 ãã¬ãã£ãã¯ã¹ãä»å ãããŸããçæããã IPv6 ã¢ãã¬ã¹ã¯ããã¬ãã£ã㯠㹠2002 ãš 16é²è¡šèšã® IPv4 ã¢ãã¬ã¹ããæ§æãããŸãã 泚 â ã6to4ããæå¹ã«ãããããã³ãã«ãããŒã«ãã䜿çšãããã®ãããããéžæã§ããŸãã ç¹å®ã®ã€ã³ã¿ãã§ãŒã¹ã®IPã¢ãã¬ã¹ãã³ããªã³ã°ãæå¹ã«ããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ã6to4ãã¿ã㧠6to4 ãæå¹åããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«ãªããã6to4ããšãªã¢ãšã詳现 ããšãªã¢ãç·šéå¯èœã«ãªããŸãã 2. ã€ã³ã¿ãã§ãŒã¹ãéžæããŸãã ãã€ã³ã¿ãã§ãŒã¹ ãããããããŠã³ãªã¹ãããããããªã㯠IPv6 ã¢ãã¬ã¹ãèšå®ãããŠããã€ã³ã¿ ãã§ãŒã¹ãéžæããŸãã 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã ã€ã³ã¿ãã§ãŒã¹ã®ã¹ããŒã¿ã¹ããã°ããŒãã« ãã¿ãã«è¡šç€ºãããŸãã 詳现 ããµãŒãã¢ãã¬ã¹ ããå€æŽããŠãå¥ã® 6to4 ãªã¬ãŒãµãŒãã䜿çšããããšãã§ããŸãã 178 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.5 IPv6 èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã 6.5.5 ãã³ãã«ãããŒã«ãŒ ãIPv6 > ãã³ãã«ãããŒã«ãŒãã¿ãã§ã¯ããã³ãã«ãããŒã«ãŒã®äœ¿çšãæå¹ã«ããããšãã§ããŸãããã³ ãã«ãããŒã«ãŒã¯äžéšã® ISP ãæäŸãããµãŒãã¹ã§ããããããå©çšãããš IPv6 ã¢ãã¬ã¹ã䜿çšã ãŠã€ã³ã¿ãŒãããã«ã¢ã¯ã»ã¹ã§ããŸãã 泚 â ã6to4ããæå¹ã«ãããããã³ãã«ãããŒã«ãŒãã䜿çšãããã®ãããããéžæã§ããŸãã Sophos UTM ã¯ã次ã®ãã³ãã«ãããŒã«ãŒããµããŒãããŸãã l Teredo (å¿åã®ã¿) l Freenet6 (GoGo6) (å¿åãŸãã¯ãŠãŒã¶ã¢ã«ãŠã³ã䜿çš) l SixXS (ãŠãŒã¶ã¢ã«ãŠã³ããå¿ èŠ) ãã³ãã«ãããŒã«ãŒã䜿çšããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ããã³ãã«ãããŒã«ãŒãã¿ãã§ããã³ãã«ãããŒã«ãŒã®äœ¿çšãæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããç·è²ã«ãªããããã³ãã«ãããŒã«ãŒããšãªã¢ãšã詳现 ããšãªã¢ãç·šéå¯èœã«ãªã ãŸããTeredo ã®å¿åèªèšŒã䜿çšãããšããã³ãã«ãããŒã«ãŒã¯ããã«æå¹ã«ãªããŸããæ¥ç¶ ã¹ããŒã¿ã¹ããã°ããŒãã« ãã¿ãã«è¡šç€ºãããŸãã ã ã³ ãã«ãã ãŒã«ãŒ ããã©ã«ãã®ãã³ãã«ãããŒã«ãŒèšå®ãå€æŽã§ããŸãã èªèšŒ:ããããããŠã³ãªã¹ãããèªèšŒæ¹æ³ãéžæããŸãã l å¿å:ãã®æ¹æ³ã䜿çšãããšãåãããŒã«ãŒã«ãŠãŒã¶ã¢ã«ãŠã³ããæå®ããå¿ èŠã¯ãããŸã ããå²ãåœãŠããã IP ã¢ãã¬ã¹ã¯äžæçãªãã®ã§ãã l ãŠãŒã¶:åãããŒã«ãŒã«ç»é²ããŠããŠãŒã¶ã¢ã«ãŠã³ããååŸããå¿ èŠããããŸãã ãããŒã«ãŒ:ããããããŠã³ãªã¹ãããä»ã®ãããŒã«ãŒãéžæã§ããŸãã ãŠãŒã¶å (ãŠãŒã¶ ã®ã¿ã§äœ¿çšå¯):åãããŒã«ã«ãŠãŒã¶åãæå®ããŸãã ãã¹ã¯ãŒã (ãŠãŒã¶ ã®ã¿ã§äœ¿çšå¯):ãŠãŒã¶åã®ãã¹ã¯ãŒããå ¥åããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã UTM 9 管çã¬ã€ã 179 6.6 ã¹ã¿ãã£ãã¯ã«ãŒãã£ã³ã° 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 詳现 ããã§ã¯ãéžæãããã³ãã«ãããŒã«ãŒã«å¯ŸããŠä»ã®ãµãŒãã¢ãã¬ã¹ãæå®ã§ããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã 6.6 ã¹ã¿ãã£ãã¯ã«ãŒãã£ã³ã° ãããã¯ãŒã¯ã«æ¥ç¶ããããã¹ãŠã®ã³ã³ãã¥ãŒã¿ã¯ãã«ãŒãã£ã³ã°ããŒãã«ã䜿çšããŠãçºä¿¡ãã ããŒã¿ãã±ãããå®å ã«å±ãããã«éä¿¡ããããã®ãã¹ã決å®ããŸããããšãã°ãã«ãŒãã£ã³ã°ããŒã ã«ã«ã¯ãå®å ã¢ãã¬ã¹ãããŒã«ã«ãããã¯ãŒã¯äžã«ãããããŸãã¯ããŒã¿ãã±ãããã«ãŒã¿ã«è»¢éã ãã¹ããã©ããããšãã£ãæ å ±ãå«ãŸããŠããŸããã«ãŒã¿ã䜿çšããå Žåã¯ãããŒãã«ã«ã¯ãã©ã® ã«ãŒã¿ãã©ã®ãããã¯ãŒã¯ã«äœ¿çšããããšããæ å ±ãå«ãŸããŸãã Sophos UTMã®ã«ãŒãã£ã³ã°ããŒãã«ã«ã¯ãæšæºã¹ã¿ãã£ãã¯ã«ãŒããšããªã·ãŒã«ãŒããšãã2çš®é¡ã® ã«ãŒããè¿œå ã§ããŸããã¹ã¿ãã£ãã¯ã«ãŒãã§ã¯ãã«ãŒãã£ã³ã°ã¿ãŒã²ããã¯ãã±ããã®å®å ã¢ãã¬ã¹ã ãã§æ±ºå®ãããŸããããªã·ãŒã«ãŒãã§ã¯ãéä¿¡å ã€ã³ã¿ãã§ãŒã¹ãéä¿¡å ã¢ãã¬ã¹ããµãŒãã¹ãããã ã¯å®å ã¢ãã¬ã¹ã«åºã¥ããŠã«ãŒãã£ã³ã°ã決å®ã§ããŸãã 泚 â UTM ã®ã€ã³ã¿ãã§ãŒã¹ã«æ¥ç¶ããããããã¯ãŒã¯ã«å¯ŸããŠãè¿œå ã«ãŒããèšå®ããå¿ èŠã¯ãã ãŸããããŸããããã©ã«ãã«ãŒããèšå®ããå¿ èŠã¯ãããŸããããããã®ã«ãŒãã¯ã·ã¹ãã ãèªå çã«è¿œå ããŸãã 6.6.1 æšæºã¹ã¿ãã£ãã¯ã«ãŒã ã·ã¹ãã ã«çŽæ¥æ¥ç¶ããããããã¯ãŒã¯ã«ã€ããŠã¯ãã·ã¹ãã ãã«ãŒãã£ã³ã°ãšã³ããªãã«ãŒãã£ã³ ã°ããŒãã«ã«èªåçã«æ¿å ¥ããŸããç¹å®ãããã¯ãŒã¯çµç±ã§ã¢ã¯ã»ã¹ããè¿œå ã«ãŒã¿ã䜿çšããå Ž åã¯ããšã³ããªãæåã§å ¥åããå¿ èŠããããŸããçŽæ¥æ¥ç¶ãããŠããªããããã¯ãŒã¯ãžã®ã«ãŒã ã§ãã³ãã³ããŸãã¯èšå®ãã¡ã€ã«ã䜿ã£ãŠã«ãŒãã£ã³ã°ããŒãã«ã«æ¿å ¥ããããã®ãã¹ã¿ãã£ãã¯ã«ãŒ ããšåŒãã§ããŸãã æšæºã¹ã¿ãã£ãã¯ã«ãŒããè¿œå ããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ãæšæºã¹ã¿ãã£ãã¯ã«ãŒããã¿ãã§ããæ°èŠã¹ã¿ãã£ãã¯ã«ãŒãããã¯ãªãã¯ããŸãã ãæ°èŠã¹ã¿ãã£ãã¯ã«ãŒããäœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ã«ãŒãã¿ã€ã:次ã®ã«ãŒãã¿ã€ãã䜿çšã§ããŸãã 180 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.6 ã¹ã¿ãã£ãã¯ã«ãŒãã£ã³ã° l ã€ã³ã¿ãã§ãŒã¹ã«ãŒã:ãã±ããã¯ç¹å®ã®ã€ã³ã¿ãã§ãŒã¹äžã§éä¿¡ãããŸãããã㯠2〠ã®ç¶æ³ã§åœ¹ç«ã¡ãŸãã1ã€ç®ã¯ãã²ãŒããŠã§ã€ã® IP ã¢ãã¬ã¹ãäžæã«ãªããã€ããã㯠(åç) ã€ã³ã¿ãã§ãŒã¹ (PPP) äžã§ã«ãŒãã£ã³ã°ããå Žåã§ãã2çªç®ã¯ãçŽæ¥æ¥ç¶ãã ããããã¯ãŒã¯ã®å€åŽã«ã²ãŒããŠã§ã€ãããããã©ã«ãã«ãŒããå®çŸ©ããå Žåã§ãã l ã²ãŒããŠã§ã€ã«ãŒã:ãã±ããã¯ç¹å®ã®ãã¹ã (ã²ãŒããŠã§ã€) ãžéä¿¡ãããŸãã l ãã©ãã¯ããŒã«ã«ãŒã:ãã±ããã¯ç¢ºèªãªãã§å»æ£ãããŸãããã㯠OSPF ãŸãã¯ä»ã® ãã€ãããã¯ã¢ãããã£ã (åçé©å¿åã®) ã«ãŒãã£ã³ã°ãããã³ã«ã§ã«ãŒãã£ã³ã°ã«ãŒ ããã«ãŒããã©ããã³ã°ãªã©ãåé¿ããå Žåã«åœ¹ã«ç«ã¡ãŸãã ãããã¯ãŒã¯:UTM ãã€ã³ã¿ãŒã»ããããããŒã¿ãã±ããã®å®å ãããã¯ãŒã¯ãéžæããŸãã ã€ã³ã¿ãã§ãŒã¹:ããŒã¿ãã±ããã UTM ãé¢ããã€ã³ã¿ãã§ãŒã¹ãéžæããŸã (ã«ãŒãã¿ã€ããšã ãŠãã€ã³ã¿ãã§ãŒã¹ã«ãŒãããéžæããå Žåã®ã¿äœ¿çšå¯)ã ã²ãŒããŠã§ã€:UTM ãããŒã¿ãã±ããã転éããã²ãŒããŠã§ã€/ã«ãŒã¿ãéžæããŸã (ã«ãŒãã¿ã€ ãã«ãã²ãŒããŠã§ã€ã«ãŒãããéžæããå Žåã®ã¿äœ¿çšå¯) ã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãªãã·ã§ã³ã§ã次ã®è©³çŽ°èšå®ãè¡ããŸãã ã¡ããªãã¯:0ïœ4294967295 ã®æŽæ°ã§ã¡ããªãã¯å€ãæå®ããŸããããã©ã«ã㯠5ã§ããã¡ããªã㯠å€ã¯åãå®å ãžã®ã«ãŒããåºå¥ããŠåªå ããããã«äœ¿çšãããŸããäœãã¡ããªãã¯å€ã®æ¹ ããé«ãã¡ããªãã¯å€ãããåªå ãããŸããIPsec ã«ãŒãã®ã¡ããªãã¯ã¯èªåçã« 0 ã«èšå®ãã ãŸãã 4. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããã«ãŒãããæšæºã¹ã¿ãã£ãã¯ã«ãŒãããªã¹ãã«è¡šç€ºãããŸãã 5. ã«ãŒããæå¹ã«ããŸãã ã«ãŒããæå¹ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ã«ãŒããç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 6.6.2 ããªã·ãŒã«ãŒã ã«ãŒã¿ãããŒã¿ãã±ãããåä¿¡ãããšãéåžžã¯ãã±ããã®å®å ã¢ãã¬ã¹ã«åºã¥ããŠè»¢éå ã決å®ãã ãã®å®å ã¢ãã¬ã¹ã䜿çšããŠã«ãŒãã£ã³ã°ããŒãã«ã®ãšã³ããªãæ€çŽ¢ãããŸãããã ããä»ã®åºæºã« åºã¥ããŠãã±ããã転éããããšãå¿ èŠãªå ŽåããããŸããããªã·ãŒããŒã¹ã®ã«ãŒãã£ã³ã°ã§ã¯ãã 客æ§ã®ããªã·ãŒã«åŸã£ãŠããŒã¿ãã±ããããã©ã¯ãŒãã£ã³ã° (転é) ãŸãã¯ã«ãŒãã£ã³ã°ã§ããŸãã ããªã·ãŒã«ãŒããè¿œå ããã«ã¯ã以äžã®æé ã«åŸããŸãã UTM 9 管çã¬ã€ã 181 6.6 ã¹ã¿ãã£ãã¯ã«ãŒãã£ã³ã° 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 1. ãããªã·ãŒã«ãŒããã¿ãã§ããæ°èŠ IPsec ããªã·ãŒããã¯ãªãã¯ããŸãã ãæ°èŠããªã·ãŒã«ãŒããäœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã äœçœ®:äœçœ®çªå·ãããã«ãã£ãŠããªã·ãŒã«ãŒãã®åªå é äœãå®çŸ©ãããŸããçªå·ãå°ããã» ã©åªå é äœãé«ããªããŸããã«ãŒãã¯æé ã«ç §åãããŸããããã«ãŒããäžèŽãããšããã 以éããããã倧ããçªå·ã®ã«ãŒãã¯è©äŸ¡ãããŸããã ã«ãŒãã¿ã€ã:次ã®ã«ãŒãã¿ã€ãã䜿çšã§ããŸãã l ã€ã³ã¿ãã§ãŒã¹ã«ãŒã:ãã±ããã¯ç¹å®ã®ã€ã³ã¿ãã§ãŒã¹äžã§éä¿¡ãããŸãããã㯠2〠ã®ç¶æ³ã§åœ¹ç«ã¡ãŸãã1ã€ç®ã¯ãã²ãŒããŠã§ã€ã® IP ã¢ãã¬ã¹ãäžæã«ãªããã€ããã㯠(åç) ã€ã³ã¿ãã§ãŒã¹ (PPP) äžã§ã«ãŒãã£ã³ã°ããå Žåã§ãã2çªç®ã¯ãçŽæ¥æ¥ç¶ãã ããããã¯ãŒã¯ã®å€åŽã«ã²ãŒããŠã§ã€ãããããã©ã«ãã«ãŒããå®çŸ©ããå Žåã§ãã l ã²ãŒããŠã§ã€ã«ãŒã:ãã±ããã¯ç¹å®ã®ãã¹ã (ã²ãŒããŠã§ã€) ãžéä¿¡ãããŸãã éä¿¡å ã€ã³ã¿ãã§ãŒã¹:ã«ãŒãã£ã³ã°ãããããŒã¿ãã±ãããå°çããã€ã³ã¿ãã§ãŒã¹ãããã¹ãŠ ã ãèšå®ãããšããã¹ãŠã®ã€ã³ã¿ãã§ãŒã¹ã該åœããããšã«ãªããŸãã éä¿¡å ãããã¯ãŒã¯:ã«ãŒãã£ã³ã°ãããããŒã¿ãã±ããã®éä¿¡å ãããã¯ãŒã¯ãããã¹ãŠ ããèš å®ãããšããã¹ãŠã®ãããã¯ãŒã¯ã該åœããããšã«ãªããŸãã ãµãŒãã¹:ã«ãŒãã£ã³ã°ãããããŒã¿ãã±ããã«äžèŽãããµãŒãã¹å®çŸ©ãããããããŠã³ãªã¹ãã« ã¯ãå®çŸ©æžã¿ã®ãµãŒãã¹ãšã客æ§ãå®çŸ©ããããµãŒãã¹ããã¹ãŠå«ãŸããŸãããããã® ãµãŒãã¹ã«ãããã©ã®ãããªãã©ãã£ãã¯ãåŠçãããã粟å¯ã«æå®ã§ããŸããããã¹ãŠ ããèš å®ãããšããããã³ã«ãéä¿¡å ãããã³å®å ããŒãã®ããããçµã¿åããã«äžèŽããŸãã å®å ãããã¯ãŒã¯:ã«ãŒãã£ã³ã°ãããããŒã¿ãã±ããã®å®å ãããã¯ãŒã¯ãããã¹ãŠ ããèšå®ã ããšããã¹ãŠã®ãããã¯ãŒã¯ã該åœããããšã«ãªããŸãã ã¿ãŒã²ããã€ã³ã¿ãã§ãŒã¹:ããŒã¿ãã±ããã®éä¿¡å ã€ã³ã¿ãã§ãŒã¹ (ã«ãŒãã¿ã€ããšããŠãã€ã³ã¿ ãã§ãŒã¹ã«ãŒãããéžæãããšãã®ã¿äœ¿çšå¯)ã ã²ãŒããŠã§ã€:ã²ãŒããŠã§ã€ãããŒã¿ãã±ããã転éããã²ãŒããŠã§ã€/ã«ãŒã¿ãéžæããŸã (ã«ãŒ ãã¿ã€ãã«ãã²ãŒããŠã§ã€ã«ãŒãããéžæããå Žåã®ã¿äœ¿çšå¯)ã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããããªã·ãŒããããªã·ãŒã«ãŒãããªã¹ãã«è¡šç€ºãããŸãã 4. ã«ãŒããæå¹ã«ããŸãã ã«ãŒããæå¹ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ã«ãŒããç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 182 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.7 OSPF 6.7 OSPF OSPF (Open Shortest Path First) ãããã³ã«ã¯ããªã³ã¯ã¹ããŒãåã®éå±€ã«ãŒãã£ã³ã°ãããã³ã«ã§ã ãã倧èŠæš¡ãªèªåŸã·ã¹ãã (AS) ãããã¯ãŒã¯å ã§äž»ã«äœ¿çšãããŸããSophos UTM㯠OSPF ã㌠ãžã§ã³ 2 ããµããŒãããŠããŸããä»ã®ã«ãŒãã£ã³ã°ãããã³ã«ãšæ¯ã¹ãOSPF ã¯ã«ãŒãã£ã³ã°ã¡ããªã㯠ãšããŠã³ã¹ãã䜿çšããŠããŸããOSPF 察å¿ã€ã³ã¿ãã§ãŒã¹ã®ã³ã¹ãã¯ãç¹å®ã®ã€ã³ã¿ãã§ãŒã¹çµç±ã§ ãã±ãããéä¿¡ãããšãã«å¿ èŠãªãªãŒããŒãããã瀺ããŸããã€ã³ã¿ãã§ãŒã¹ã®ã³ã¹ãã¯ããã®ã€ã³ã¿ ãã§ãŒã¹ã®åž¯åå¹ ã«åæ¯äŸããŸãããã®ããã垯åå¹ ã倧ãããšãã³ã¹ããå°ãããªããŸããããšã ã°ã10 Mbps ã®ã€ãŒãµãããåç·ãã 56 Kbps ã®ã·ãªã¢ã«åç·ã®æ¹ããªãŒããŒããããå¢ã (ã³ã¹ã ãé«ããªã)ãé 延æéãé·ããªããŸãã æ¥ç¶ããããããã¯ãŒã¯ã®ã³ã¹ãã®èšç®æ¹æ³ã¯ãOSPF ä»æ§ã«ã¯æå®ãããŠãããããã³ããŒã«ä»» ãããŠããŸãããã®ãããç¬èªã®èšç®åŒãå®çŸ©ããããšãã§ããŸãããã ããã³ã¹ãããã§ã«å®çŸ©ã ããŠããä»ã®ãããã¯ãŒã¯ãš OSPF ãããã¯ãŒã¯ãé£æ¥ããŠããå Žåãåãèšç®ããŒã¹ãé©çšããã ãšããå§ãããŸãã ããã©ã«ãã§ã¯ãã€ã³ã¿ãã§ãŒã¹ã®ã³ã¹ãã¯åž¯åå¹ ã«åºã¥ããŠèšç®ãããŸããããšãã°ãCisco ã®å Ž åã108 ãã€ã³ã¿ãã§ãŒã¹ã®åž¯åå¹ (bps) ã§å²ã£ãŠã³ã¹ããèšç®ããŠããŸãããã®èšç®åŒã䜿çšãã ãšã10 Mbps ã®ã€ãŒãµãããåç·ãçµç±ããå Žåã®ã³ã¹ã㯠108/10000000 = 10 ãšãªããŸããäž æ¹ã1.544 Mbps ã®åç· (T1) ã§ã¯ã108/1544000 = 64 ãšãªããŸã (ã³ã¹ãã®èšç®ã§ã¯ãå°æ°ç¹ä»¥äžãå ãæšãŠãŸã)ã 6.7.1 ã°ããŒãã« ãã€ã³ã¿ãã§ãŒã¹ïŒã«ãŒãã£ã³ã° > ãã€ãããã¯ã«ãŒãã£ã³ã° (OSPF) > ã°ããŒãã« ãã¿ãã§ã¯ãOSPF ã® åºæ¬èšå®ãè¡ãããšãã§ããŸããOSPF æ©èœãæå¹ã«ããåã«ãOSPF ãšãªã¢ã1ã€ä»¥äžèšå®ããŠã ãå¿ èŠããããŸã (ãšãªã¢ ãã¿ã)ã èŠå â Sophos UTMã® OSPF æ©èœãèšå®ããããã«ã¯ãOSPF ãããã³ã«ãçç¥ããŠããæè¡ç ã«çç·Žããçµéšè±å¯ãªç®¡çè ãå¿ èŠã§ããããã§ã®èšå®ãªãã·ã§ã³ã«ã€ããŠã®è§£èª¬ã¯ãOSPF ã ããã³ã«ã«ã€ããŠå®å šã«ç解ããããã«ååã§ãããšã¯èšããŸããããã®ããããã®æ©èœã¯æ é ã«äœ¿çšããããšããå§ãããŸããèšå®ã誀ããšããããã¯ãŒã¯ãåäœäžå¯èœã«ãªãå Žåããã㟠ãã OSPF ãèšå®ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã UTM 9 管çã¬ã€ã 183 6.7 OSPF 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 1. ããšãªã¢ ãã¿ãã§ãOSPF ãšãªã¢ã 1ã€ä»¥äžäœæããŸãã 2. ãã°ããŒãã« ãã¿ãã§ãOSPF ãæå¹åããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«ãªãããã«ãŒã¿ããšãªã¢ãç·šéå¯èœã«ãªããŸãã 3. ã«ãŒã¿ ID ãå ¥åããŸãã Sophos UTMããã€ã¹ãä»ã® OSPF ã«ãŒã¿ããèå¥ããããã®ç¬èªã®ã«ãŒã¿ ID ãå ¥åã㟠ãã 4. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã OSPF ãç¡å¹ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã 6.7.2 ãšãªã¢ OSPF ãããã¯ãŒã¯ã¯ãè€æ°ã®ãšãªã¢ã«åå²ãããŸãããšãªã¢ãšã¯ããããã¯ãŒã¯ã®æ®ãã®éšåã®ã ãã«æ å ±ãã²ãšãŸãšãã«ã§ããã«ãŒã¿ã®è«çã°ã«ãŒãã§ãããšãªã¢ã®èå¥åã¯ã10é²ãããè¡šèšã® 32ããã ID ã§ãããIP ã¢ãã¬ã¹ã®è¡šèšæ³ãšäŒŒãŠããŸãã OSPF ãšãªã¢ã¯å šéšã§ 6çš®é¡ãããŸãã l ããã¯ããŒã³:ID ã 0 (ãŸã㯠0.0.0.0) ã®ãšãªã¢ã¯ OSPF ãããã¯ãŒã¯ããã¯ããŒã³ã«äºçŽã ããŠãããOSPF ãããã¯ãŒã¯ã®äžæ žãšãªããŸããä»ã®ãã¹ãŠã®ãšãªã¢ããã®ãšãªã¢ã«æ¥ç¶ã ããŸãã l æšæº:æšæºãšãªã¢ã¯ã1 (ãŸã㯠0.0.0.1) ïœ 4,294,967,295 (ãŸã㯠255.255.255.255) ãšã ãäžæã® ID ç¯å²ãæã¡ãŸããããŒãã«ãšãªã¢ã¯ãABR (ãšãªã¢å¢çã«ãŒã¿) ãä»ããŠå€éš ã«ãŒããåæ¹åçã«ãã©ããã£ã³ã°ããŠåŠçããŸããå€éšã«ãŒããšã¯ãä»ã®ã«ãŒãã£ã³ã°ããã ã³ã«ãã OSPF å ã«é åžãããã«ãŒããšããŠå®çŸ©ãããŸãã l ã¹ã¿ã:éåžžãã¹ã¿ããšãªã¢ã¯å€éšãããã¯ãŒã¯ãšçŽæ¥æ¥ç¶ãããŸãããå€éšãããã¯ãŒã¯ãžã® ãã¹ãŠã®ãã©ãã£ãã¯ã¯ ABR (ãšãªã¢å¢çã«ãŒã¿) ãä»ããŠã«ãŒãã£ã³ã°ããå¿ èŠãããã ããStub ãšãªã¢ã«å€éšã«ãŒããã€ã³ãžã§ã¯ãããå¿ èŠã¯ãããŸããããã®ãããã¹ã¿ããšãªã¢ ã¯å€éšãããã¯ãŒã¯ã«ãã©ãã£ãã¯ãéä¿¡ããå€éšã«ãŒãã«ãšã£ãŠããã©ã«ãã«ãŒãã®ä»£ãããš ãªããŸãã l ã¹ã¿ããµããªãªã:ãã¹ã¿ããµããªãªãããšãªã¢ããå®å šãªã¹ã¿ããšãªã¢ ãã¯ãã¹ã¿ããšãªã¢ãšäŒŒãŠã ãŸããããããããµããªã«ãŒãã¯èš±å¯ãããŠããŸãããã€ãŸããã¿ã€ã 3 ã®ãµã㪠ãªã³ã¯ã¹ ããŒãã¢ããã¿ã€ãºã¡ã³ã (LSA) ããšãªã¢ã«å ¥ã£ãŠããªãããã«ããŸãã 184 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.7 OSPF l NSSA:NSSA (not-so-stubby area) ã¯ãã¹ã¿ããšãªã¢ãšã¯ç°ãªããå€éšæ¥ç¶ããµããŒãã§ã㟠ããNSSA ã¯ããŒãã£ã«ãªã³ã¯ã«å¯Ÿå¿ããŠããŸããã l NSSA ãµããªãªã:ãNSSA ãµããªãªãã㯠NSSA ãšäŒŒãŠããŸããããã®ãšãªã¢ã§ã¯ãããããµ ããªã«ãŒãã¯èš±å¯ãããŠããŸãããã€ãŸããã¿ã€ã 3 ã®ãµã㪠ãªã³ã¯ã¹ããŒãã¢ããã¿ã€ãºã¡ã³ ã (LSA) ããšãªã¢ã«å ¥ã£ãŠããªãããã«ããŸãã OSPF ãšãªã¢ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ããšãªã¢ ãã¿ãã§ãæ°èŠ OSPFãšãªã¢ ããã¯ãªãã¯ããŸãã ãæ°èŠ OSPF ãšãªã¢ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãšãªã¢ã説æããååãå ¥åããŠãã ããã ãšãªã¢ ID:ãšãªã¢ã® ID ã 10é²ãããè¡šèšã§å ¥åããŸã (ããšãã°éåžžãšãªã¢ã¯ 0.0.0.1ã ããã¯ããŒã³ãšãªã¢ã¯ 0.0.0.0 ãªã©)ã ãšãªã¢ã¿ã€ã:åè¿°ã®ãšãªã¢ã¿ã€ããéžæãã該åœãããšãªã¢ã«å²ãåœãŠããããããã¯ãŒã¯ã® ç¹åŸŽãæå®ããŸãã èªèšŒã¿ã€ã:ãšãªã¢å ã®ã€ã³ã¿ãã§ãŒã¹ãä»ããŠéåä¿¡ããããã¹ãŠã® OSPF ãã±ããã«å¯Ÿã ãŠäœ¿çšããèªèšŒã¿ã€ããéžæããŸãã次ã®èªèšŒã¿ã€ãã䜿çšã§ããŸãã l MD5:éžæãããšãMD5 èªèšŒãæå¹ã«ãªããŸããMD5 (Message-Digest algorithm 5) ãš ã¯ã128ãããã®ããã·ã¥å€ã䜿çšããäžè¬çãªæå·ããã·ã¥é¢æ°ã§ãã l å¹³æ:éžæãããšãå¹³æèªèšŒãæå¹ã«ãªããŸãããã¹ã¯ãŒãã¯ãããã¯ãŒã¯äžãå¹³æ ã®åœ¢ã§äŒéãããŸãã l OFF:éžæãããšãèªèšŒãç¡å¹ã«ãªããŸãã æ¥ç¶çµç±ã€ã³ã¿ãã§ãŒã¹:OSPF 察å¿ã€ã³ã¿ãã§ãŒã¹ãéžæããŸãããã㧠OSPF 察å¿ã€ã³ã¿ ãã§ãŒã¹ãæå®ããããã«ã¯ãäºåã«ãã€ã³ã¿ãã§ãŒã¹ ãã¿ãã§ãã®ã€ã³ã¿ãã§ãŒã¹ãäœæããŠã ãå¿ èŠããããŸãã ããŒãã£ã«ãªã³ã¯ã䜿çš:OSPF èªåŸã·ã¹ãã (AS) å ã®ãã¹ãŠã®ãšãªã¢ã¯ãããã¯ããŒã³ãšãª 㢠(ãšãªã¢ 0) ã«ç©ççã«æ¥ç¶ãããŠããå¿ èŠããããŸããç©ççãªæ¥ç¶ãäžå¯èœãªå Žåã« ã¯ãããŒãã£ã«ãªã³ã¯ã䜿çšããŠãéããã¯ããŒã³ãšãªã¢ãä»ããŠããã¯ããŒã³ã«æ¥ç¶ã§ã㟠ãããä»®æ³ãªã³ã¯ã®æ¥ç¶ ãããã¯ã¹ã«ãããŒãã£ã«ãªã³ã¯ã®ãã€ããŒã«é¢é£ä»ããããã«ãŒã¿ ID ã 10é²ãããè¡šèšã§å ¥åããŸã (10.0.0.8 ãªã©)ã ã³ã¹ã:ãã®ãšãªã¢ã§ããŒã¿ãã±ãããéåä¿¡ããã³ã¹ããæå¹ãªå€ã¯ 1ïœ65535 ã®ç¯å²å 㧠ãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã UTM 9 管çã¬ã€ã 185 6.7 OSPF 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ãããšãªã¢å®çŸ©ãããšãªã¢ ãã¿ãã«è¡šç€ºãããŸãã OSPF ãšãªã¢ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã ã©ã€ããã°ãéã:OSPF ã©ã€ããã°ã«ã¯ãOSPF ã€ã³ã¿ãã§ãŒã¹ã§ã®ãã¹ãŠã®ã¢ã¯ãã£ããã£ãèšé²ã ããŸãããã¿ã³ãã¯ãªãã¯ããŠãæ°ãããŠã£ã³ããŠã§ã©ã€ããã°ãéããŸãã 6.7.3 ã€ã³ã¿ãã§ãŒã¹ ãã€ã³ã¿ãã§ãŒã¹ïŒã«ãŒãã£ã³ã° > ãã€ãããã¯ã«ãŒãã£ã³ã° (OSPF) > ã€ã³ã¿ãã§ãŒã¹ ãã¿ãã§ã¯ãOSPF ãšãªã¢å ã§äœ¿çšããã€ã³ã¿ãã§ãŒã¹ã®å®çŸ©ãäœæã§ããŸããããããã®å®çŸ©ã«ã¯ãOSPF 察å¿ã€ã³ ã¿ãã§ãŒã¹ã«åºæã®è€æ°ã®ãã©ã¡ãŒã¿ããããŸãã OSPF ã€ã³ã¿ãã§ãŒã¹å®çŸ©ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãã€ã³ã¿ãã§ãŒã¹ ãã¿ãã§ãæ°èŠ OSPF ã€ã³ã¿ãã§ãŒã¹ ããã¯ãªãã¯ããŸãã ãæ°èŠ OSPF ã€ã³ã¿ãã§ãŒã¹ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã®ã€ã³ã¿ãŒãã§ãŒã¹ã説æããååãå ¥åããŠãã ããã ã€ã³ã¿ãã§ãŒã¹:ãã® OSPF ã€ã³ã¿ãã§ãŒã¹å®çŸ©ãšé¢é£ä»ããã€ã³ã¿ãã§ãŒã¹ãéžæããŸãã èªèšŒã¿ã€ã:ãã®ã€ã³ã¿ãã§ãŒã¹ãä»ããŠéåä¿¡ããããã¹ãŠã® OSPF ãã±ããã«å¯ŸããŠäœ¿çš ããèªèšŒã¿ã€ããéžæããŸãã次ã®èªèšŒã¿ã€ãã䜿çšã§ããŸãã l MD5:éžæãããšãMD5 èªèšŒãæå¹ã«ãªããŸããMD5 (Message-Digest algorithm 5) ãš ã¯ã128ãããã®ããã·ã¥å€ã䜿çšããäžè¬çãªæå·ããã·ã¥é¢æ°ã§ãã l å¹³æ:éžæãããšãå¹³æèªèšŒãæå¹ã«ãªããŸãããã¹ã¯ãŒãã¯ãããã¯ãŒã¯äžãå¹³æ ã®åœ¢ã§äŒéãããŸãã l OFF:éžæãããšãèªèšŒãç¡å¹ã«ãªããŸãã ã¡ãã»ãŒãžãã€ãžã§ã¹ã:ãã® OSPF ã€ã³ã¿ãã§ãŒã¹ã«å¯Ÿã㊠MD5 èªèšŒã䜿çšãããããšã瀺ã ã¡ãã»ãŒãžãã€ãžã§ã¹ã (MD) ãéžæããŸããããã§ã¡ãã»ãŒãžãã€ãžã§ã¹ããéžæããããã« ã¯ãäºåã«ãã¡ãã»ãŒãžãã€ãžã§ã¹ããã¿ãã§ãã®ã¡ãã»ãŒãžãã€ãžã§ã¹ããäœæããŠããå¿ èŠã ãããŸãã ã³ã¹ã:ãã®ã€ã³ã¿ãã§ãŒã¹ã§ããŒã¿ãã±ãããéä¿¡ããã³ã¹ããæå¹ãªå€ã¯ 1ïœ65535 ã®ç¯å² å ã§ãã 186 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.7 OSPF 詳现ãªãã·ã§ã³ (ä»»æ):ã詳现ãªãã·ã§ã³ããã§ãã¯ããã¯ã¹ãéžæãããšãè¿œå ã®èšå®ãªãã·ã§ ã³ã衚瀺ãããŸãã l ãããŒéé:Sophos UTM ããã®ã€ã³ã¿ãã§ãŒã¹ãä»ã㊠Hello ãã±ãããéä¿¡ããé »åºŠ (ç§) ãæå®ããŸããããã©ã«ãå€ã¯ 10ç§ã§ãã l åééé:LSA (ãªã³ã¯ã¹ããŒãã¢ããã¿ã€ãºã¡ã³ã) ãåãåã£ããšãã確èªå¿çãã€ã³ ã¿ãã§ãŒã¹ã«å±ããªãã£ããšãã«ãã€ã³ã¿ãã§ãŒã¹ã LSA ãåéããé »åºŠ (ç§) ãæå® ããŸããããã©ã«ãå€ã¯ 5ç§ã§ãã l ãããéé:Sophos UTM ããã®ã€ã³ã¿ãã§ãŒã¹ãä»ã㊠Hello ãã±ããã®åä¿¡ãåŸ æ©ã ãé »åºŠ (ç§) ãæå®ããŸããããã©ã«ãå€ã¯ 40ç§ã§ããååçã«ãDead éé ã®å€ã¯ Hello éé ã®å€ã® 4åã®é·ãã«ããŸãã l ãã©ã€ãªãªãã£:ã«ãŒã¿ã®åªå é äœã 1ïœ255 ã®ç¯å²ã® 8ãããå€ã§æå®ããŸãããã®å€ ã¯ãç¹å®ã®ãããã¯ãŒã¯ã®æåã«ãŒã¿ (DR) ã決å®ããããã«äž»ã«äœ¿çšãããŸããã ãã©ã«ãå€ã¯ 1 ã§ãã l ãã©ã³ã¹ããããã£ã¬ã€:ã€ã³ã¿ãã§ãŒã¹ã§ LSU (ãªã³ã¯ ã¹ããŒã ã¢ããããŒã) ãã±ããéä¿¡ ã«äºæ³ãããé »åºŠ (ç§) ãæå®ããŸããç¯å²ã¯1ïœ65535 ç§ã§ãããã©ã«ãå€ã¯ 1 ã§ãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã OSPF ã€ã³ã¿ãã§ãŒã¹å®çŸ©ããã€ã³ã¿ãã§ãŒã¹ ãã¿ãã«è¡šç€ºãããŸãã OSPF ã€ã³ã¿ãã§ãŒã¹ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã ã©ã€ããã°ãéã:OSPF ã©ã€ããã°ã«ã¯ãOSPF ã€ã³ã¿ãã§ãŒã¹ã§ã®ãã¹ãŠã®ã¢ã¯ãã£ããã£ãèšé²ã ããŸãããã¿ã³ãã¯ãªãã¯ããŠãæ°ãããŠã£ã³ããŠã§ã©ã€ããã°ãéããŸãã 6.7.4 ã¡ãã»ãŒãžãã€ãžã§ã¹ã ãã€ã³ã¿ãã§ãŒã¹ïŒã«ãŒãã£ã³ã° > ãã€ãããã¯ã«ãŒãã£ã³ã° (OSPF) > ã¡ãã»ãŒãžãã€ãžã§ã¹ããã¿ã㧠ã¯ãããããã¡ãã»ãŒãžãã€ãžã§ã¹ãããŒãçæããããšãã§ããŸããã¡ãã»ãŒãžãã€ãžã§ã¹ãã㌠ã¯ãOSPF 㧠MD5 èªèšŒãæå¹ã«ããããã«å¿ èŠã§ããMD5 èªèšŒã§ã¯ããã¹ã¯ãŒãã䜿çšããŠã¡ã ã»ãŒãžãã€ãžã§ã¹ããçæããŸããããã¯ããŒã¿ãã±ãããšãã¹ã¯ãŒãã® 128ãããã®ãã§ãã¯ãµã 㧠ããã¡ãã»ãŒãžãã€ãžã§ã¹ãã¯ããã¹ã¯ãŒããšé¢é£ä»ããããã㌠ID ãšãšãã«ããŒã¿ãã±ããã§éä¿¡ã ããŸãã 泚 â åä¿¡åŽã«ãŒã¿ã¯ãåãã¡ãã»ãŒãžãã€ãžã§ã¹ãããŒã§èšå®ãããŠããªããã°ãªããŸããã ã¡ãã»ãŒãžãã€ãžã§ã¹ãããŒãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã UTM 9 管çã¬ã€ã 187 6.7 OSPF 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 1. ãã¡ãã»ãŒãžãã€ãžã§ã¹ããã¿ãã§ãæ°èŠã¡ãã»ãŒãžãã€ãžã§ã¹ãããŒããã¯ãªãã¯ããŸãã ãã¡ãã»ãŒãžãã€ãžã§ã¹ãããŒã®æ°èŠäœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ID:ãã®ã¡ãã»ãŒãžãã€ãžã§ã¹ãããŒã®ã㌠ID ãå ¥åããŸããç¯å²ã¯ 1ïœ255 ã§ãã MD5 ããŒ:é¢é£ãããã¹ã¯ãŒããå ¥åããŸããæ倧 16æåã®è±æ°åããæãæååã«ãã å¿ èŠããããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããããŒããã¡ãã»ãŒãžãã€ãžã§ã¹ãããªã¹ãã«è¡šç€ºãããŸãã ãã€ãžã§ã¹ãããŒãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 6.7.5 ãããã° ãã€ã³ã¿ãã§ãŒã¹ïŒã«ãŒãã£ã³ã° > ãã€ãããã¯ã«ãŒãã£ã³ã° (OSPF) > ãããã°ãã¿ãã§ã¯ãé¢é£ OSPF ãã©ã¡ãŒã¿ã«ã€ããŠã®è©³çŽ°æ å ±ãå¥ã®ãã©ãŠã¶ãŠã£ã³ããŠã§è¡šç€ºãããŸãã次ã®æ å ±ãå«ãŸã㊠ããŸãã l OSPF ãã€ããŒã®è¡šç€º:OSPF ãã€ããŒæ å ±ãã€ã³ã¿ãã§ãŒã¹ããšã«è¡šç€ºããããã«äœ¿çšã㟠ãã l OSPF ã«ãŒãã®è¡šç€º:ã«ãŒãã£ã³ã°ããŒãã«ã®çŸåšã®ç¶æ ã衚瀺ããããã«äœ¿çšããŸãã l OSPF ã€ã³ã¿ãã§ãŒã¹ã®è¡šç€º:OSPF é¢é£ã®ã€ã³ã¿ãã§ãŒã¹æ å ±ã衚瀺ããããã«äœ¿çšã㟠ãã l OSPF ããŒã¿ããŒã¹ã®è¡šç€º:ç¹å®ã«ãŒã¿ã® OSPF ããŒã¿ããŒã¹ã«é¢é£ããæ å ±ãäžèŠ§è¡šç€º ããããã«äœ¿çšããŸãã l OSPF å¢çã«ãŒã¿ã®è¡šç€º:ABR (ãšãªã¢å¢çã«ãŒã¿) ãš ASBR (èªåŸã·ã¹ãã å¢çã«ãŒã¿) ãžã® å éš OSPF ã«ãŒãã£ã³ã°ããŒãã«ã®ãšã³ããªã衚瀺ããããã«äœ¿çšããŸãã 6.7.6 詳现 ãã€ã³ã¿ãã§ãŒã¹&ã«ãŒãã£ã³ã° > ãã€ãããã¯ã«ãŒãã£ã³ã° (OSPF)ãã¿ãã«ã¯ãOSPF ã«é¢é£ããè¿œå ã®èšå®ãªãã·ã§ã³ããããŸãããããã¯ãOSPF 以å€ã®ãã¡ã€ã³ãã OSPF ãã¡ã€ã³ãžã®ã«ãŒãã£ã³ ã°æ å ±ã®åé åžã«é¢é£ãããã®ã§ãã 泚 â ããªã·ãŒã«ãŒããååé ããããšã¯ã§ããŸããã 188 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.8 BGP çŽæ¥æ¥ç¶ããããããã¯ãŒã¯ãåé åž:çŽæ¥æ¥ç¶ãããŠãããããã¯ãŒã¯ã®ã«ãŒããåé åžããå Ž åã¯ããããéžæããŸããããã©ã«ãã®ã¡ããªã㯠(ã³ã¹ã) å€ã¯ 10ã§ãã ã¹ã¿ãã£ãã¯ã«ãŒããåé åž:ã¹ã¿ãã£ãã¯ã«ãŒãããã³ IPsec ã«ãŒããååé ããå Žåã¯ããããéž æããŸããããã©ã«ãã®ã¡ããªã㯠(ã³ã¹ã) å€ã¯ 10ã§ãã 泚 â IPsec ãã³ãã«ãåé åããããã«ã¯ã¹ããªã¯ãã«ãŒãã£ã³ã°ãç¡å¹åããå¿ èŠããããŸã (ãæ¥ç¶ãã®ç« ãåç §)ã BGP ã®åé åž:BPG ã«ãŒããååé ããå Žåã¯ããããéžæããŸããããã©ã«ãã®ã¡ããªã㯠(ã³ã¹ã) å€ã¯ 10ã§ãã ããã©ã«ãã«ãŒããé åž:ããã©ã«ãã«ãŒãã OSPF ãã¡ã€ã³ã«åé åžããå Žåã¯ããããéžæã㟠ãã 泚 â ããã©ã«ãã«ãŒãã¯ã0.0.0.0/0 ãžã®ã«ãŒãã®æç¡ãåãã OSPF ãã¡ã€ã³ã«ã¢ããã¿ã€ãº ãããŸãã ã€ã³ã¿ãã§ãŒã¹ãªã³ã¯æ€ç¥:ã€ã³ã¿ãã§ãŒã¹ãªã³ã¯ãæ€åºãããå Žåã®ã¿ã«ã€ã³ã¿ãã§ãŒã¹ã®ã«ãŒãã ã¢ããŠã³ã¹ããå Žåã¯ããããéžæããŸãã 6.8 BGP Border Gateway Protocol (BGP) ãšã¯ãäž»ã«ã€ã³ã¿ãŒããããµãŒãã¹ãããã€ã (ISP) ã«ãããè€æ°ã® èªåŸã·ã¹ãã (AS) é (ã€ãŸã ISP é) ã®éä¿¡ãå¯èœã«ããããã«äœ¿çšãããã«ãŒãã£ã³ã°ãããã³ã« ã§ãã€ã³ã¿ãŒãããã®ããã¯ããŒã³ã«ãªã£ãŠããŸããèªåŸã·ã¹ãã ã¯ã1ã€ä»¥äžã® ISP ã«ããå¶åŸ¡ã ããå éšã«ãŒãã£ã³ã°ãããã³ã« (IGPãªã©) ã«ããæ¥ç¶ããã IP ãããã¯ãŒã¯ã®éåã§ããBGP ã¯ã ã¹ãã¯ãã«åãããã³ã«ãšåœ¢å®¹ãããŠãããIGP ãšç°ãªãããã¹ããããã¯ãŒã¯ããªã·ãã«ãŒã«ã»ããã« åºã¥ããŠã«ãŒãã£ã³ã°ã決å®ããŸãããã®ããã«ãã«ãŒãã£ã³ã°ãããã³ã«ã§ã¯ãªããå¯å°éæ§ããã ã³ã«ãšã¿ãªãããšãã§ããŸãã åISP (ãŸãã¯ä»ã®ãããã¯ãŒã¯ãããã€ã) ã¯ããããã¯ãŒã¯äžã§ããããã® ISP ãèå¥ããããã« æ£åŒã«ç»é²ãããèªåŸã·ã¹ãã çªå· (ASN) ãæã€å¿ èŠããããŸããISP ã¯å éšçã«è€æ°ã®èªåŸ ã·ã¹ãã ããµããŒãããããšãã§ããŸãããã€ã³ã¿ãŒãããã«ãšã£ãŠã¯ã«ãŒãã£ã³ã°ãããã³ã«ã®ã¿ã éèŠã«ãªããŸãã64512ïœ65534 ã®ç¯å²ã®çªå·ã® ASN ã¯ãã©ã€ããŒãã§ãå éšã§ã®ã¿äœ¿çšããããš ãã§ããŸãã BGP ã¯äŒéãããã³ã«ãšã㊠TCP ãããŒã 179 ã§äœ¿çšããŸãã UTM 9 管çã¬ã€ã 189 6.8 BGP 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 1ã€ã® AS ã®ã«ãŒã¿é㧠BGP ã䜿çšããå Žåã¯ãå éš BGP (iBGP) ãšåŒã°ããç°ãªã AS ã®ã«ãŒã¿ é㧠BGP ã䜿çšããå Žåã¯å€éš BGP (eBGP) ãšåŒã°ããŸãã eBGP ã®å©ç¹ã¯ãã«ãŒãã£ã³ã°ã«ãŒããé²æ¢ããããšã§ãIP ãã±ããã AS ã 2床ééããããšããã ãŸãããããã¯æ¬¡ã®æ¹æ³ã§å®çŸããŸããç¹å®ã®ãããã¯ãŒã¯ã»ã°ã¡ã³ãã«å°éããããã« IP ãã±ã ããééããå¿ èŠã®ãããã¹ãŠã® AS ã®å šãªã¹ãããeBGP ã«ãŒã¿ãç¶æããŸããã«ãŒã¿ã¯éä¿¡æ ã«ãè¿é£ã® eBGP ã«ãŒã¿ãšãã®æ å ±ãå ±æããè¿é£ã® eBGP ã«ãŒã¿ãå¿ èŠã«å¿ããŠããããã® ã«ãŒãã£ã³ã°ãªã¹ããæŽæ°ããŸããeBGP ã«ãŒã¿ãæ¢ã«ãã®ãããªæŽæ°ãªã¹ãã«ååšããããšãæ€åºã ããå Žåã«ã¯ãå床ãªã¹ãã«è¿œå ãããããšã¯ãããŸããã 6.8.1 ã°ããŒãã« ãBorder Gateway Protocol > ã°ããŒãã« ãããŒãžã§ã¯ãUTMã«å¯Ÿã㊠BGP ãæå¹ãŸãã¯ç¡å¹ã«ãã ããšãã§ããŸãã 1. BGP ãæå¹ã«ããã«ã¯ãããã€ããŒãããŒãžã§ 1ã€ä»¥äžã®ãã€ããŒãç»é²ããŠããå¿ èŠããã ãŸãã 2. ãã°ããŒãã« ãããŒãžã§ãBGP ãæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«ãªãããBGP ã·ã¹ãã ãã»ã¯ ã·ã§ã³ãç·šéå¯èœã«ãªããŸãã 3. 次ã®èšå®ãè¡ããŸãã AS çªå·:ã·ã¹ãã ã®èªåŸã·ã¹ãã çªå· (ASN) ãå ¥åããŸãã ã«ãŒã¿ ID:ã«ãŒã¿ ID ãšã㊠IPv4 ã¢ãã¬ã¹ãå ¥åããŸããããã¯ã»ãã·ã§ã³ã®åæåäžã«ã〠ããŒã«éä¿¡ãããŸãã ãããã¯ãŒã¯:ã·ã¹ãã ãããã€ããŒã«ã¢ããŠã³ã¹ãããããã¯ãŒã¯ãè¿œå ãŸãã¯éžæããŸãã 4. ãé©çš ããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããç·è²ã«ãªããBGP ãæå¹ã«ãªããŸãããã°ãããããšããæŠèŠ³ ãã»ã¯ã·ã§ã³ã« ã¹ããŒã¿ã¹æ å ±ã衚瀺ãããŸãã 6.8.2 ã·ã¹ãã ãBorder Gateway Protocol > ã·ã¹ãã ãããŒãžã§ã¯ãè€æ°ã®èªåŸã·ã¹ãã ã®ç°å¢ãäœæã§ããŸãã 泚 â ãã®ããŒãžã¯ãã詳现 ãããŒãžã§è€æ°ã® AS ã®äœ¿çšãæå¹ã«ããŠããå Žåã«ã®ã¿ã¢ã¯ã»ã¹ã§ ããŸãã 190 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.8 BGP æ°ãã BGP ã·ã¹ãã ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãã·ã¹ãã ãããŒãžã§ãæ°èŠ BGP ã·ã¹ãã ããã¯ãªãã¯ããŸãã ãBGP ã·ã¹ãã ãæ°èŠäœæ ããã€ã¢ãã°ãŠã£ã³ããŠãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ã·ã¹ãã ã説æããååãå ¥åããŠãã ããã ASN:ã·ã¹ãã ã®èªåŸã·ã¹ãã çªå· (ASN) ãå ¥åããŸãã ã«ãŒã¿ ID:ã«ãŒã¿ ID ãšã㊠IPv4 ã¢ãã¬ã¹ãå ¥åããŸããããã¯ã»ãã·ã§ã³ã®åæåäžã«ã〠ããŒã«éä¿¡ãããŸãã ãã€ããŒ:ãã®ã·ã¹ãã ã® AS ã«å±ãããã€ããŒã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŸããæ åã«ããã€ããŒãããŒãžã§ãã€ããŒãç»é²ããå¿ èŠãããããšã«æ³šæããŠãã ããã ãããã¯ãŒã¯:ã·ã¹ãã ããã¢ããŠã³ã¹ãããããã¯ãŒã¯ãè¿œå ãŸãã¯éžæããŸãã ã€ã³ã¹ããŒã«ã«ãŒã:ãã®ãªãã·ã§ã³ã¯ããã©ã«ãã§æå¹ã«ãªã£ãŠããŸããBGP ã«ãŒã¿ã«ã«ãŒã ãææ¡ãããäžæ¹ã§ãBGP ã«ãŒãã£ã³ã°ããã»ã¹ã«ã¯ããŸãé¢äžãããããªãå Žåã®ã¿ã«ç¡ å¹ã«ããŠãã ãããè€æ°ã® AS ã·ã¹ãã ã§ãã®ãªãã·ã§ã³ãéžæãããŠããå Žåããã£ã«ã¿ãªã¹ ããäœæããŠéè€ãããã¯ãŒã¯ãååšããããšããªãããã«ããŠãã ãããããããªããšãåäž ãããã¯ãŒã¯ã®ã«ãŒãã£ã³ã°åäœãå®çŸ©ãããªããªããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã ã·ã¹ãã ããã·ã¹ãã ããªã¹ãã«è¡šç€ºãããŸãã 6.8.3 ãã€ã㌠ãBorder Gateway Protocol > ãã€ããŒãããŒãžã§ã¯ã1ã€ä»¥äžã® BGP ãã€ããŒã«ãŒã¿ãç»é²ã§ã㟠ãããã€ããŒã«ãŒã¿ (ãã¢ã«ãŒã¿) ã¯ãè€æ°ã®èªåŸã·ã¹ãã (AS) éã 1ã€ã® AS å ã§æ¥ç¶ãæ§ç¯ã㟠ãã2ã€ã®ãã€ããŒéã§ã®æåã®éä¿¡æã«ãããããã® BGP ã«ãŒãã£ã³ã°ããŒãã«ã亀æãã㟠ãããã®åŸã¯ãã«ãŒãã£ã³ã°ããŒãã«ã®å€æŽã«å¯ŸããæŽæ°æ å ±ãçžäºã«éä¿¡ããæ¥ç¶ã確ç«ã㊠ããããšã確èªããããã«ããŒãã¢ã©ã€ããã±ãããéä¿¡ããŸãããšã©ãŒãçºçããå Žåã«ã¯ãéç¥ ãã±ãããéä¿¡ãããŸãã BGP ã®ããªã·ãŒã«ãŒãã£ã³ã°ã§ã¯ãåä¿¡ããªã·ãŒãšéä¿¡ããªã·ãŒãç°ãªããŸãããã®ãããåä¿¡ãã© ãã£ãã¯ãšéä¿¡ãã©ãã£ãã¯ã«å¥ã ã®ã«ãŒãããããšãã£ã«ã¿ãªã¹ããå®çŸ©ããŠé©çšããããšãã§ã㟠ãã ãã°ããŒãã« ãããŒãžã§ BGP ãæå¹åã§ããããã«ããã«ã¯ã1ã€ä»¥äžã®ãã€ããŒã«ãŒã¿ãç»é²ãã å¿ èŠããããŸãã æ°ãã BGP ãã€ããŒãç»é²ããã«ã¯ã次ã®æé ã«åŸããŸãã UTM 9 管çã¬ã€ã 191 6.8 BGP 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 1. ããã€ããŒãããŒãžã§ãæ°èŠ BGP ãã€ããŒããã¯ãªãã¯ããŸãã ãBGP ãã€ããŒãæ°èŠäœæ ããã€ã¢ãã°ãŠã£ã³ããŠãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:BGP ãã€ããŒã«ãŒã¿ã®ååãå ¥åããŸãã ãã¹ã:ãã€ããŒã®ãã¹ãå®çŸ©ãè¿œå ãŸãã¯éžæããŸããå®çŸ©ããã IP ã¢ãã¬ã¹ããUTMã ãå°éã§ããå¿ èŠããããŸãã ãªã¢ãŒã ASN:ãã€ããŒã®èªåŸã·ã¹ãã çªå· (ASN) ãå ¥åããŸãã èªèšŒ:ãã€ããŒã§èªèšŒãå¿ èŠãšããå ŽåãããããããŠã³ãªã¹ããããTCP MD5 ã·ã°ãã㣠ãã éžæãããã€ããŒã«èšå®ãããŠãããã¹ã¯ãŒããå ¥åããŸãã 3. å¿ èŠã«å¿ããŠæ¬¡ã®è©³çŽ°èšå®ãè¡ããŸãã åä¿¡ã«ãŒã/éä¿¡ã«ãŒã:ã«ãŒãããããå®çŸ©ããŠããå Žåãããã§éžæã§ããŸãããåä¿¡ã«ãŒ ãããŸãã¯ãéä¿¡ã«ãŒããã䜿çšããŠã«ãŒãããããåä¿¡ã¢ããŠã³ã¹ã¡ã³ããŸãã¯éä¿¡ã¢ããŠã³ ã¹ã¡ã³ãã«é©çšãããã©ãããå®çŸ©ããŸãã åä¿¡ãã£ã«ã¿:/éä¿¡ãã£ã«ã¿:ãã£ã«ã¿ãªã¹ããå®çŸ©ããŠããå Žåãããã§éžæã§ããŸãããåä¿¡ ãã£ã«ã¿ããŸãã¯ãéä¿¡ãã£ã«ã¿ãã䜿çšããŠãã£ã«ã¿ãåä¿¡ã¢ããŠã³ã¹ã¡ã³ããŸãã¯éä¿¡ã¢ã ãŠã³ã¹ã¡ã³ãã«é©çšãããã©ãããå®çŸ©ããŸãã Next-Hop-Self:iBGP ãããã¯ãŒã¯ã§ã¯ãã«ãŒã¿ãå€éš eBGP ãããã¯ãŒã¯ãå éšçã«ã¢ã㊠ã³ã¹ããå ŽåãçŽæ¥çãªå€éšæ¥ç¶ãæããªã iBGP ã«ãŒã¿ã¯ãã®ãããã¯ãŒã¯ãžã®ãã±ãã ã®ã«ãŒãã£ã³ã°æ¹æ³ãææ¡ããŠããŸããããã®ãªãã·ã§ã³ãéžæãããšãeBGP ã«ãŒã¿ã¯å€éš ãããã¯ãŒã¯ã«å°éããããã®æ¬¡ã®ããããšããŠèªããã¢ããŠã³ã¹ããŸãã ãã«ãããã:Cisco ã«ãŒã¿ã¯ã2ã€ã®å€éšãã¢ãçŽæ¥æ¥ç¶ããããšãèš±å¯ããªããµãŒãã㌠ãã£è£œã«ãŒã¿ã䜿ã£ãŠãeBPG ãå®è¡ã§ããå ŽåããããŸãããã®æ¥ç¶ãå®çŸããã« ã¯ãeBGP ãã«ããããã䜿çšããŸããeBGP ãã«ããããã¯ãçŽæ¥æ¥ç¶ã§ããªããïŒã€ã®å€ éšãã¢éã®ãã€ããŒæ¥ç¶ãå¯èœã«ããŸãããã«ããããã¯ãeBGP ã®ã¿ã§æ©èœããiBGP 㧠ã¯æ©èœããŸããã Soft-Reconfiguration:ããã©ã«ãã§æå¹åãããŠããŸãããã®ãªãã·ã§ã³ã«ããããã€ããŒãã éä¿¡ãããæŽæ°ãä¿åããããšãã§ããŸãã ããã©ã«ãã«ãŒãçæ:ãã€ããŒã«ããã©ã«ãã«ãŒã 0.0.0.0 ã§éä¿¡ããŸãããã€ããŒã¯ãã«ãŒ ãã£ã³ã°ããŒãã«ã«ååšããªããããã¯ãŒã¯ã«å°éããããã«å¿ èŠãªå Žåã«ã®ã¿ããã®ã«ãŒ ãã䜿çšããŸãã ãŠã§ã€ã:Cisco å°çšã®ãªãã·ã§ã³ã§ãããã®ãã€ããŒããåŠç¿ãããã¹ãŠã®ã«ãŒãã®æ±çšãŠã§ ã€ããèšå®ããŸããèšå®ã§ããå€ã¯ 0ïœ65535 ã§ãããŠã§ã€ããæãé«ãã«ãŒãããç¹å®ããã 192 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.8 BGP ã¯ãŒã¯ã«å°éããããã«åªå ãããŸããããã§æå®ããããŠã§ã€ãã¯ãã«ãŒããããã®ãŠã§ã€ã ãäžæžãããŸãã 4. ãä¿å ããã¯ãªãã¯ããŸãã ãã€ããŒãããã€ããŒããªã¹ãã«è¡šç€ºãããŸãã 6.8.4 ã«ãŒãããã BGP ã§ã¯ãã«ãŒãããããšã¯ãã«ãŒãã®åé åžæ¡ä»¶ãèšå®ããããªã·ãŒã«ãŒãã£ã³ã°ãæå¹åããã ãã®ã³ãã³ããæããŸãããBorder Gateway Protocol > ã«ãŒãããããããŒãžã§ã¯ãç¹å®ãããã¯ãŒã¯ ã®ã«ãŒãããããäœæããã¡ããªãã¯ããŠã§ã€ããããªãã¡ã¬ã³ã¹å€ãèšå®ããããšãã§ããŸãã ã©ã®ã«ãŒããåããã決å®ãããã¹ããã¹ã¢ã«ãŽãªãºã ã¯æ¬¡ã®ããã«æ©èœããŸãã 1. ãŠã§ã€ãããã§ãã¯ããŸãã* 2. ããŒã«ã«ããªãã¡ã¬ã³ã¹ããã§ãã¯ããŸãã* 3. ããŒã«ã«ã«ãŒãããã§ãã¯ããŸãã 4. AS ãã¹é·ããã§ãã¯ããŸãã 5. éä¿¡å ããã§ãã¯ããŸãã 6. ã¡ããªãã¯ããã§ãã¯ããŸãã* ããã¯ãããŸã§ãç°¡çŽ åãã説æã§ãããã¹ããã¹ã®èšç®ã¯éåžžã«è€éã§ããããã詳ããã¯ã€ã³ ã¿ãŒãããäžã®é¢é£è³æãªã©ãåç §ããŠãã ããã ã¢ã¹ã¿ãªã¹ã¯ (*) ãä»ããé ç®ã¯çŽæ¥èšå®ããããšãã§ããŸãã BGP ã«ãŒãããããäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãã«ãŒãããããããŒãžã§ãæ°èŠ BGP ã«ãŒããããããã¯ãªãã¯ããŸãã ãBGP ã«ãŒãããããæ°èŠäœæ ããã€ã¢ãã°ãŠã£ã³ããŠãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ã«ãŒããããã説æããååãå ¥åããŸãã ãããåºæº:ã«ãŒããããã®äžèŽå¯Ÿè±¡ãç¹å®ã«ãŒã¿ã®IPã¢ãã¬ã¹ã«ããããAS å šäœã® IP ã¢ã ã¬ã¹ã«ããããéžæããŸãã l IPã¢ãã¬ã¹;ããããã¯ãŒã¯ ãããã¯ã¹ã«ããã£ã«ã¿ãé©çšãããã¹ããŸãã¯ãããã¯ãŒã¯ã è¿œå ãŸãã¯éžæããŸãã UTM 9 管çã¬ã€ã 193 6.8 BGP 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° l AS çªå·:ãAS æ£èŠè¡šçŸ ãããã¯ã¹ã«ããã£ã«ã¿ãé©çšãã AS çªå·ãå®çŸ©ããããã® BGP æ£èŠè¡šçŸãæå®ããŸããäŸ:ã_100_ããæå®ãããšãAS100 ãééãããã¹ãŠã® ã«ãŒããäžèŽããŸãã ãããã¯ãŒã¯:ã«ãŒãããããé©å¿ãããããã¯ãŒã¯/ãã¹ããè¿œå ãŸãã¯éžæããŸãã ã¡ããªãã¯:æ¢å®ã§ã¯ãã«ãŒã¿ãã«ãŒãã¡ããªãã¯ãåçã«åŠç¿ããŸãããããã0ïœ4294967295 ã®æŽæ°ã䜿çšããŠç¬èªã®ã¡ããªãã¯å€ãèšå®ã§ããŸããäœãã¡ããªãã¯å€ã®æ¹ããé«ãã¡ã ãªãã¯å€ãããåªå ãããŸãã å é:ãã¹ããã¹ã®éžæã«äœ¿çšãããŸããããã¯ç¹å®ã«ãŒã¿ã«å¯ŸããŠæå®ãããã®ã§ãäŒé ãããŸãããåãå®å ã«è€æ°ã®ã«ãŒããååšããå Žåãé«ããŠã§ã€ãå€ã®ã«ãŒããåªå ãã ãŸãããŠã§ã€ãã¯æåã«äžèŽããASãã¹ã«åºã¥ãã0ïœ4294967295 ã®æŽæ°ã§èšå®ã§ããŸãã äž â ãã€ããŒã«ãŠã§ã€ããèšå®ãããŠããå Žåãæå®ããããããã¯ãŒã¯ãžã®ã«ãŒããäž èŽãããšããã®ãŠã§ã€ãã«ãã£ãŠã«ãŒããããã®ãŠã§ã€ããäžæžããããŸãã ããªãã¡ã¬ã³ã¹:ããŒã«ã« AS ã®ãã¹ãŠã®ã«ãŒã¿ã®ã¿ã«éä¿¡ããã AS ãã¹ã®ããªãã¡ã¬ã³ã¹å€ ãèšå®ããããšãã§ããŸããããªãã¡ã¬ã³ã¹ (ããŒã«ã«ããªãã¡ã¬ã³ã¹) ã¯ãAS å€ã®ç¹å®ããã ã¯ãŒã¯ã«å°éãããšãã«åªå ãããã¹ã AS å ã®ã«ãŒã¿ã«æ瀺ãããã®ã§ ãã0ïœ4294967295 ã®æŽæ°ã§èšå®ã§ããããã©ã«ã㯠100 ã§ãã AS ããªãã³ã:AS ãã¹ã®ããªãã³ãã¯ãç¹å®ã«ãŒããåé¿ããäžã§ããªãã¡ã¬ã³ã¹èšå®ãäœã ãã®çç±ã«ããå åã§ãªãå Žåã«äœ¿çšãããŸã (ã¡ã€ã³ã«ãŒãã䜿çšã§ããªãå Žåã®ã¿ã« åãã¹ãããã¯ã¢ããã«ãŒããªã©)ãããã«ãããèªãã® AS çªå·ãç¹°ãè¿ãããšã§ (65002 65002 65002ãªã©) ãAS ãã¹å±æ§ãæ¡åŒµããããšãã§ããŸããBGP ã«ãŒãéžæã§ã¯ãæã çã AS ãã¹ãåªå ãããããããã®éžæã«åœ±é¿ãåã³ãŸããAS ããªãã³ããèšå®ããã ã«ãŒãããããæå³ãããšããã«æ©èœãããã«ã¯ããã€ããŒã®ãéä¿¡ã«ãŒãããã£ãŒã«ãã§ã«ãŒ ãããããéžæããå¿ èŠãããããšã«æ³šæããŠãã ããã 3. ãä¿å ããã¯ãªãã¯ããŸãã ã«ãŒããããããã«ãŒããããããªã¹ãã«è¡šç€ºãããŸãã ããã§ããã€ããŒå®çŸ©ã«ã«ãŒããããã䜿çšããããšãã§ããŸãã 6.8.5 ãã£ã«ã¿ãªã¹ã ãBorder Gateway Protocol > ãã£ã«ã¿ãªã¹ããããŒãžã§ã¯ãIP ã¢ãã¬ã¹ãŸã㯠AS çªå·ã«åºã¥ããŠãã ãã¯ãŒã¯éã®ãã©ãã£ãã¯ãå¶åŸ¡ããããã«äœ¿çšãããã£ã«ã¿ãªã¹ããäœæã§ããŸãã ãã£ã«ã¿ãªã¹ããäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 194 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.8 BGP 1. ããã£ã«ã¿ãªã¹ããããŒãžã§ãæ°èŠ BGP ãã£ã«ã¿ãªã¹ãããã¯ãªãã¯ããŸãã ãBGP ãã£ã«ã¿ãªã¹ããæ°èŠäœæ ããã€ã¢ãã°ãŠã£ã³ããŠãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã£ã«ã¿ãªã¹ãã説æããååãå ¥åããŸãã ãã£ã«ã¿æ¡ä»¶:ãã£ã«ã¿ã®äžèŽå¯Ÿè±¡ãç¹å®ã«ãŒã¿ã® IP ã¢ãã¬ã¹ã«ããããAS å šäœã® IP ã¢ã㬠ã¹ã«ããããéžæããŸãã l IPã¢ãã¬ã¹:ããããã¯ãŒã¯ ãããã¯ã¹ã«ããã£ã«ã¿ãé©çšãããã¹ããŸãã¯ãããã¯ãŒã¯ã è¿œå ãŸãã¯éžæããŸãã l AS çªå·:ãAS æ£èŠè¡šçŸ ãããã¯ã¹ã«ããã£ã«ã¿ãé©çšãã AS çªå·ãå®çŸ©ããããã® BGP æ£èŠè¡šçŸãæå®ããŸããäŸ:ã_100_ããæå®ãããšãAS100 ãééãããã¹ãŠã® ã«ãŒããäžèŽããŸãã ãããã¯ãŒã¯:ç¹å®ã®ãããã¯ãŒã¯ã«é¢ããæ å ±ãæåŠãŸãã¯èš±å¯ãããããã¯ãŒã¯/ãã¹ãã è¿œå ãŸãã¯éžæããŸãã ã¢ã¯ã·ã§ã³:ããããããŠã³ãªã¹ãããããã£ã«ã¿ãäžèŽããå Žåã«åãã¢ã¯ã·ã§ã³ãéžæã㟠ãããã©ãã£ãã¯ãæåŠãããèš±å¯ããããšãã§ããŸãã l æåŠ:ããã€ããŒãããŒãžã®ãåä¿¡ãã£ã«ã¿ããã£ãŒã«ãã§ç¹å®ãã€ããŒã®ãããã¯ãŒã¯ã æåŠããå ŽåãUTM ã§ã¯ãã®ãããã¯ãŒã¯ã®ã¢ããŠã³ã¹ã¡ã³ããç¡èŠããŸãããéä¿¡ ãã£ã«ã¿ããã£ãŒã«ãã§ç¹å®ãã€ããŒã®ãããã¯ãŒã¯ãæåŠããå ŽåãUTMã§ã¯ãã® ãããã¯ãŒã¯ã®ãã®ãã€ããŒã«ã¢ããŠã³ã¹ã¡ã³ããéä¿¡ããŸããã l èš±å¯:ããã€ããŒãããŒãžã®ãåä¿¡ãã£ã«ã¿ããã£ãŒã«ãã§ç¹å®ãã€ããŒã®ãããã¯ãŒã¯ã èš±å¯ããå ŽåãUTM ã§ã¯ãã®ãããã¯ãŒã¯ã®ã¢ããŠã³ã¹ã¡ã³ãã®ã¿ãåä¿¡ããŸãããé ä¿¡ãã£ã«ã¿ããã£ãŒã«ãã§ç¹å®ãã€ããŒã®ãããã¯ãŒã¯ãèš±å¯ããå ŽåãUTMã§ã¯ãã® ãããã¯ãŒã¯ã®ãã®ãã€ããŒã®ã¿ã«ã¢ããŠã³ã¹ã¡ã³ããéä¿¡ãããã°ããŒãã« ããŸã㯠ãã·ã¹ãã ãããŒãžã§å®çŸ©ããä»ã®ãããã¯ãŒã¯ã«ã¯éä¿¡ããŸããã 3. ãä¿å ããã¯ãªãã¯ããŸãã ãã£ã«ã¿ãªã¹ããããã£ã«ã¿ãªã¹ãããªã¹ãã«è¡šç€ºãããŸãã ããã§ããã€ããŒå®çŸ©ã«ãã£ã«ã¿ãªã¹ãã䜿çšããããšãã§ããŸãã 6.8.6 詳现 ãBGP > 詳现 ãããŒãžã§ã¯ãBGP ã®è¿œå èšå®ãè¡ã£ãããBGP ãããã°æ å ±ãŠã£ã³ããŠã«ã¢ã¯ã»ã¹ ããããšãã§ããŸãã UTM 9 管çã¬ã€ã 195 6.9 ãã«ããã£ã¹ãã«ãŒãã£ã³ã° (PIM-SM) 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° è€æ°ã®èªåŸã·ã¹ãã ã®èš±å¯ è€æ° AS ãèš±å¯;è€æ° AS ãèšå®ããã«ã¯ããã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŸããããã«ã㣠ãŠããã·ã¹ãã ãããŒãžãæå¹ã«ãªããããè€æ°ã® AS ãè¿œå ããããšãã§ããŸããåæã«ããã°ã㌠ãã« ãããŒãžã®ãBGP ã·ã¹ãã ãã»ã¯ã·ã§ã³ã¯ç¡å¹ã«ãªãããã°ããŒãã« ãããŒãžã«ã¯ããã¹ãŠã® AS ã«é¢ããæ å ±ã衚瀺ãããŸãã å³å¯ IP ã¢ãã¬ã¹ããã å³å¯ IP ã¢ãã¬ã¹ããã:IP ã¢ãã¬ã¹ã®å®å šãªäžèŽãè¡ãã«ã¯ããã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ ããŸããäŸ:10.0.0.0/8 㯠10.0.0.0/8 ãšäžèŽããŸããã10.0.1.0/24 ã«ã¯äžèŽããŸããã ãã«ããã¹ã«ãŒãã£ã³ ã° éåžžãã³ã¹ããçããè€æ°ã®ã«ãŒããååšããå Žåã§ãã䜿çšã§ããã«ãŒããã¹ã¯ 1ã€ã®ã¿ã§ãã ãããéžæãããšã8ã€ãŸã§ã®ç䟡ã«ãŒããåæã«äœ¿çšã§ããããã«ãªããŸããããã«ããè€æ°ã®ã€ ã³ã¿ãã§ãŒã¹éã§ã®ããŒããã©ã³ã·ã³ã°ãå¯èœã«ãªããŸãã B GP ãããã° ãã®ã»ã¯ã·ã§ã³ã«ã¯ã3ã€ã®ãããã°æ å ±ãŠã£ã³ããŠããããŸãããã¿ã³ãã¯ãªãã¯ããŠãŠã£ã³ããŠãé ããŸããåãã¿ã³ã®ååã¯ãéåžžã³ãã³ãã©ã€ã³ã§åŒã³åºã BGP ã³ãã³ãã«å¯Ÿå¿ããŠããŸãããã¿ã³ ãã¯ãªãã¯ãããšããŠã£ã³ããŠã«ãã®ã³ãã³ãã®çµæãã³ãã³ãã©ã€ã³åºå圢åŒã§è¡šç€ºãããŸãã IP BGP ãã€ããŒã®è¡šç€º:UTM ã®ãã€ããŒæ å ±ã衚瀺ããŸããåãã€ããŒã®ãªã³ã¯ç¶æ ããç¢ºç« ããš ãªã£ãŠããããšã確èªããŸãã IP BGP ãŠããã£ã¹ãã®è¡šç€º:åªå ãã¹ã瀺ãçŸåšã® BGP ã«ãŒãã£ã³ã°ããŒãã«ã衚瀺ãããŸãã ããã¯ãã¡ããªãã¯ããŠã§ã€ããããªãã¡ã¬ã³ã¹ã®èšå®ãšãã®åœ±é¿ã®æŠèŠã確èªããäžã§ç¹ã«æç㧠ãã IP BGP ãµããªã®è¡šç€º: ãã¹ãŠã® BGP æ¥ç¶ã®ã¹ããŒã¿ã¹ã衚瀺ãããŸãããã®æ å ±ã¯ããã°ããŒã ã« ãããŒãžã®ãBGP ãµããªãã»ã¯ã·ã§ã³ã«ã衚瀺ãããŸãã 6.9 ãã«ããã£ã¹ãã«ãŒãã£ã³ã° (PIM-SM) ãã€ã³ã¿ãã§ãŒã¹ïŒã«ãŒãã£ã³ã° > ãã«ããã£ã¹ãã«ãŒãã£ã³ã° (PIM-SM)ãã¡ãã¥ãŒã䜿çšãããšããã ãã¯ãŒã¯äžã§äœ¿çšãã PIM-SM (Protocol Independent Multicast Sparse Mode) ãèšå®ããããšãã§ã ãŸããPIM ãšã¯ãè€æ°ãããã¯ãŒã¯å ã§ãã«ããã£ã¹ããã±ãããåç (ãã€ãããã¯) ã«ã«ãŒãã£ã³ã° ããããã®ãããã³ã«ã§ãããã«ããã£ã¹ããšã¯ãè€æ°ã®ã¯ã©ã€ã¢ã³ããåä¿¡ãããã±ãããã§ããã ãå°ãããã©ãã£ãã¯ã䜿çšããŠå¹ççã«é ä¿¡ããããã®æè¡ã§ããéåžžãè€æ°ã®ã¯ã©ã€ã¢ã³ãå®ãŠ 196 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.9 ãã«ããã£ã¹ãã«ãŒãã£ã³ã° (PIM-SM) ã®ãã±ããã¯ãã³ããŒãããŠåã¯ã©ã€ã¢ã³ãã«åå¥ã«éä¿¡ããããããæ¶è²»ããã垯åå¹ ã¯ãŠãŒã¶ æ°ã«å¿ããŠå¢å€§ããŸãããã®ãããåããã±ãããåæã«èŠæ±ããå€æ°ã®ã¯ã©ã€ã¢ã³ããæ±ãããµãŒ ã (ã³ã³ãã³ãã®ã¹ããªãŒãã³ã°çšãµãŒããªã©) ã®å Žåã倧éã®åž¯åå¹ ãå¿ èŠãšãªããŸãã ããã«å¯Ÿããã«ããã£ã¹ãã¯ããããã¯ãŒã¯ã®åãªã³ã¯çµç±ã§ãã±ãããäžåºŠã ãéä¿¡ããããšã«ãã 垯åå¹ ãç¯çŽããŸãããããå®çŸããããã«ããã«ããã£ã¹ãã§ã¯ããµãŒã (éä¿¡è ) ããã¯ã©ã€ã¢ ã³ã (åä¿¡è ) ãžã®çµè·¯äžã§ãã€ã³ããŒãäœæãããã決å®ããããã«ãé©åã«èšå®ãããã«ãŒã¿ ã䜿çšããŸãããããã®ã«ãŒã¿ã¯ãPIM-SM ã䜿çšããŠã¢ã¯ãã£ããªãã«ããã£ã¹ãåä¿¡è ã远跡 ããã«ãŒãã£ã³ã°ã®èšå®ã«ãã®æ å ±ã䜿çšããŸãã PIM-SM éä¿¡ã®ç°¡åãªèª¬æã¯æ¬¡ã®ãšããã§ããéä¿¡è ããã«ããã£ã¹ãããŒã¿ã®éä¿¡ãéå§ã㟠ããéä¿¡è çšã®ãã«ããã£ã¹ãã«ãŒã¿ã PIM-SM çµç±ã§ RP ã«ãŒã¿ã«ç»é²ããRP ã«ãŒã¿ã¯éä¿¡è ã®ã«ãŒã¿ã« Join ã¡ãã»ãŒãžãéä¿¡ããŸãããã«ããã£ã¹ããã±ãããéä¿¡è ãã RP ã«ãŒã¿ã«æµã ãããã«ãªããŸããåä¿¡è ãããã®ãã«ããã£ã¹ãã°ã«ãŒãã® IGMP ãããŒããã£ã¹ãçµç±ã§ããŒã« ã« PIM-SM ã«ãŒã¿ã«èªå·±ç»é²ããŸãããã®ã«ãŒã¿ã¯åä¿¡å çšã® Join èŠæ±ã RP ã«ãŒã¿ã«åããŠé ä¿¡ããRP ã«ãŒã¿ã¯ãã«ããã£ã¹ããã©ãã£ãã¯ãåä¿¡è ã«è»¢éããŸãã ãã«ããã£ã¹ãã¯ãç¬èªã® IP ã¢ãã¬ã¹ç¯å² (224.0.0.0/4) ãæã¡ãŸãã 6.9.1 ã°ããŒãã« ããã«ããã£ã¹ãã«ãŒãã£ã³ã° (PIM-SM) > ã°ããŒãã« ãã¿ãã§ã¯ãPIM ãæå¹ãŸãã¯ç¡å¹ã«ã§ã㟠ãããã«ãŒãã£ã³ã°ããŒã¢ã³ã®èšå® ããšãªã¢ã«ã¯ãé¢äžããã€ã³ã¿ãã§ãŒã¹ãšã«ãŒã¿ã®ã¹ããŒã¿ã¹ãè¡š 瀺ãããŸãã PIM ãæå¹ã«ããåã«ããã€ã³ã¿ãã§ãŒã¹ ãã¿ã㧠PIM ã€ã³ã¿ãã§ãŒã¹ãšããŠæ©èœããã€ã³ã¿ãã§ãŒã¹ã 2ã€ä»¥äžå®çŸ©ããŠããRP ã«ãŒã¿ãã¿ãã§ã«ãŒã¿ã 1å°å®çŸ©ããå¿ èŠããããŸãã PIM-SM ãæå¹ã«ããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãã°ããŒãã« ãã¿ã㧠PIM-SM ãæå¹åããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«ãªãããã«ãŒãã£ã³ã°ããŒã¢ã³èšå® ããšãªã¢ãç·šéå¯èœã«ãªã ãŸãã 2. 次ã®èšå®ãè¡ããŸãã ã¢ã¯ãã£ã㪠PIM-SM ã€ã³ã¿ãã§ãŒã¹:PIM-SM ã«äœ¿çšããã€ã³ã¿ãã§ãŒã¹ã 2ã€ä»¥äžéžæã㟠ããã€ã³ã¿ãã§ãŒã¹ã®èšå®ã¯ãã€ã³ã¿ãã§ãŒã¹ ãã¿ãã§è¡ããŸãã ã¢ã¯ãã£ã㪠PIM-SM RP ã«ãŒã¿:PIM-SM ã«äœ¿çšãã RP ã«ãŒã¿ã 1ã€ä»¥äžéžæããŸããRP ã«ãŒã¿ã®å®çŸ©ã¯ãRP ã«ãŒã¿ãã¿ãã§è¡ããŸãã UTM 9 管çã¬ã€ã 197 6.9 ãã«ããã£ã¹ãã«ãŒãã£ã³ã° (PIM-SM) 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã ãããã¯ãŒã¯ã§ PIM-SM éä¿¡ãæå¹ã«ãªããŸããã èšå®ããã£ã³ã»ã«ããã«ã¯ãã¢ã³ããŒè²ã®ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã PIM-SM ãç¡å¹ã«ãã ã«ã¯ãç·è²ã®ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ã©ã€ãã ã° ãã©ã€ããã°ãéãããã¿ã³ãã¯ãªãã¯ãããšãæ°ãããŠã£ã³ããŠã§ PIM ã©ã€ããã°ãéããŸãã 6.9.2 ã€ã³ã¿ãã§ãŒã¹ ããã«ããã£ã¹ãã«ãŒãã£ã³ã° (PIM-SM) > ã€ã³ã¿ãã§ãŒã¹ (Interfaces)ãã¿ãã§ã¯ãã©ã®Sophos UTM〠ã³ã¿ãã§ãŒã¹äžã§ãã«ããã£ã¹ãéä¿¡ãè¡ãããå®çŸ©ããããšãã§ããŸãã æ°ãã PIM-SM ã€ã³ã¿ãã§ãŒã¹ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãã€ã³ã¿ãã§ãŒã¹ ãã¿ãã§ãæ°èŠ PIM-SM ã€ã³ã¿ãã§ãŒã¹ ããã¯ãªãã¯ããŸãã ãæ°èŠ PIM-SM ã€ã³ã¿ãã§ãŒã¹ã®äœæ ããã€ã¢ãã°ãŠã£ã³ããŠãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:PIM-SM ã€ã³ã¿ãã§ãŒã¹ã説æããååãå ¥åããŸãã ã€ã³ã¿ãã§ãŒã¹:PIM ããã³ IGMP ãããã¯ãŒã¯ãã©ãã£ãã¯ãèš±å¯ããã€ã³ã¿ãã§ãŒã¹ãéžæã㟠ãã DR åªå 床 (ä»»æ):ã€ã³ã¿ãã§ãŒã¹ã®æå®ã«ãŒã¿ (DR) ã®åªå é äœãå®çŸ©ããçªå·ãå ¥åã㟠ããåããããã¯ãŒã¯ã»ã°ã¡ã³ãå ã«è€æ°ã® PIM-SM ã«ãŒã¿ãååšããå Žåãåªå é äœãæ ãé«ãã«ãŒã¿ã IGMP èŠæ±ãåãä»ããŸãã0ïœ232 ã®æ°åã䜿çšã§ããŸããåªå é äœãæ å®ããªããšãããã©ã«ã㧠0 ã䜿çšãããŸãã IGMP:ãµããŒããã IGMP (Internet Group Management Protocol) ã®ããŒãžã§ã³ãéžæã㟠ããIGMP ã¯ãåä¿¡è ããã«ããã£ã¹ãã°ã«ãŒãã®ã¡ã³ãã·ããã確ç«ããããã«äœ¿çšã㟠ãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ãã PIM-SM ã€ã³ã¿ãã§ãŒã¹ãã€ã³ã¿ãã§ãŒã¹ãªã¹ãã«è¿œå ãããŸãã PIM-SM ã€ã³ã¿ãã§ãŒã¹ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 198 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.9 ãã«ããã£ã¹ãã«ãŒãã£ã³ã° (PIM-SM) 6.9.3 RPã«ãŒã¿ ãããã¯ãŒã¯äžã§ãã«ããã£ã¹ãã䜿çšã§ããããã«ããããã«ã¯ã1ã€ä»¥äžã®ã©ã³ãããŒãã€ã³ã ã«ãŒã¿ (RP ã«ãŒã¿) ãèšå®ããå¿ èŠããããŸããRP ã«ãŒã¿ã¯ããã«ããã£ã¹ãåä¿¡è ãšéä¿¡è ã®äž¡ æ¹ããç»é²ãåãä»ããŸããRP ã«ãŒã¿ãšã¯ãç¹å®ã®ãã«ããã£ã¹ãã°ã«ãŒãã® RP ã«ãŒã¿ãšããŠéž ã°ããéåžžã® PIM-SM ã«ãŒã¿ã§ããããŸããã©ã®ã«ãŒã¿ã RP ã«ãŒã¿ãšãªããã«ã€ããŠããã¹ãŠã® PIM-SM ã«ãŒã¿ãåæããå¿ èŠããããŸãã RP ã«ãŒã¿ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãRP ã«ãŒã¿ãã¿ãã§ãæ°èŠã©ã³ãããŒãã€ã³ãã«ãŒã¿ããã¯ãªãã¯ããŸãã ãæ°èŠ RP ã«ãŒã¿ã®äœæ ããã€ã¢ãã°ãŠã£ã³ããŠãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:RP ã«ãŒã¿ã説æããååãå ¥åããŸãã ãã¹ã:RP ã«ãŒã¿ãšããŠæ©èœãããã¹ããäœæ (ãŸãã¯éžæ) ããŸãã åªå 床:RP ã«ãŒã¿ã®åªå é äœãå®çŸ©ããæ°åãå ¥åããŸããåªå é äœãäžçªäœã RP ã«ãŒã¿ã«ãJoin ã¡ãã»ãŒãžãéä¿¡ãããŸãã0ïœ255 ã®æ°åã䜿çšã§ããŸããåªå é äœãæ å®ããªããšãããã©ã«ã㧠0 ã䜿çšãããŸãã ãã«ããã£ã¹ãã°ã«ãŒããã¬ãã£ãã¯ã¹:RP ã«ãŒã¿ãæ åœãããã«ããã£ã¹ãã°ã«ãŒããå ¥å ããŸããRP ã«ãŒã¿ãè€æ°ã®ãã«ããã£ã¹ãã°ã«ãŒããæ åœããå Žåã¯ãã°ã«ãŒãã®ã㬠ãã£ãã¯ã¹ã 224.1.1.0/24 ã®ããã«å®çŸ©ã§ããŸãããã«ããã£ã¹ãã°ã«ãŒã (ãã¬ãã£ã㯠ã¹) ã¯ããã«ããã£ã¹ãã¢ãã¬ã¹ã®ç¯å²å (224.0.0.0/4) ã«ããå¿ èŠããããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ãã RP ã«ãŒã¿ãã«ãŒã¿ã®ãªã¹ãã«è¿œå ãããŸãã RP ã«ãŒã¿ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 6.9.4 ã«ãŒã åä¿¡è ãšéä¿¡è ã®éã«ãç¶ç¶çãªéä¿¡ã«ãŒããã»ããã¢ããããå¿ èŠããããŸããåä¿¡è ãéä¿¡ è ãRP ã«ãŒã¿ãåããããã¯ãŒã¯ã»ã°ã¡ã³ãå ã«ãªãå Žåããããã®éã®éä¿¡ãå¯èœã«ããã«ãŒã ãäœæããå¿ èŠããããŸãã PIM-SM ã«ãŒããäœæããã«ã¯ã次ã®æé ã«åŸããŸãã UTM 9 管çã¬ã€ã 199 6.9 ãã«ããã£ã¹ãã«ãŒãã£ã³ã° (PIM-SM) 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 1. ãã«ãŒããã¿ãã§ããæ°èŠ PIM-SM ã«ãŒãããã¯ãªãã¯ããŸãã ãæ°èŠ PIM-SM ã«ãŒãã®äœæ ããã€ã¢ãã°ãŠã£ã³ããŠãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ã«ãŒãã¿ã€ã:次ã®ã«ãŒãã¿ã€ãã䜿çšã§ããŸãã l ã€ã³ã¿ãã§ãŒã¹ã«ãŒã:ãã±ããã¯ç¹å®ã®ã€ã³ã¿ãã§ãŒã¹äžã§éä¿¡ãããŸãããã㯠2〠ã®ç¶æ³ã§åœ¹ç«ã¡ãŸãã1ã€ç®ã¯ãã²ãŒããŠã§ã€ã® IP ã¢ãã¬ã¹ãäžæã«ãªããã€ããã㯠(åç) ã€ã³ã¿ãã§ãŒã¹ (PPP) äžã§ã«ãŒãã£ã³ã°ããå Žåã§ãã2çªç®ã¯ãçŽæ¥æ¥ç¶ãã ããããã¯ãŒã¯ã®å€åŽã«ã²ãŒããŠã§ã€ãããããã©ã«ãã«ãŒããå®çŸ©ããå Žåã§ãã l ã²ãŒããŠã§ã€ã«ãŒã:ãã±ããã¯ç¹å®ã®ãã¹ã (ã²ãŒããŠã§ã€) ãžéä¿¡ãããŸãã ãããã¯ãŒã¯:PIM ãã©ãã£ãã¯ãã«ãŒãã£ã³ã°ããå®å ã¢ãã¬ã¹ç¯å²ãéžæããŸãã ã²ãŒããŠã§ã€:ã²ãŒããŠã§ã€ãããŒã¿ãã±ããã転éããã²ãŒããŠã§ã€/ã«ãŒã¿ãéžæããŸã (ã«ãŒ ãã¿ã€ãã«ãã²ãŒããŠã§ã€ã«ãŒãããéžæããå Žåã®ã¿äœ¿çšå¯)ã ã€ã³ã¿ãã§ãŒã¹:ã²ãŒããŠã§ã€ãããŒã¿ãã±ããã転éããã€ã³ã¿ãã§ãŒã¹ãéžæããŸã (ã«ãŒãã¿ ã€ãã«ãã€ã³ã¿ãã§ãŒã¹ã«ãŒãããéžæããå Žåã®ã¿äœ¿çšå¯èœ)ã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ãã PIM-SM ã«ãŒããã«ãŒãã®ãªã¹ãã«è¿œå ãããŸãã PIM-SM ã«ãŒããç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 6.9.5 詳现 ãã€ã³ã¿ãã§ãŒã¹ïŒã«ãŒãã£ã³ã° > ãã«ããã£ã¹ãã«ãŒãã£ã³ã° (PIM-SM) > 詳现 ãã¿ãã§ã¯ãPIM ã®è©³ 现èšå®ãæ§æããããšãã§ããŸãã Shor te st Path Tr ee (æçãã¹ã ãªãŒ)èšå® äžéšã®ãããã¯ãŒã¯ã§ã¯ãéä¿¡è ãRPãåä¿¡è ã®éã®PIMéä¿¡ã«ãŒãã¯å¯èœãªéãæçã®ããã ã¯ãŒã¯ãã¹ãšã¯ãªããŸããããSPTãžã®åãæ¿ããæå¹ã«ããããªãã·ã§ã³ã䜿çšãããšãç¹å®ã®ãã© ãã£ãã¯ãããå€ã«éãããšãã«éä¿¡è ãšåä¿¡è ã®éã®æ¢åã®éä¿¡ãæçãã¹ã«åãæ¿ããŠãã¢ã ã¬ãŒã¿ã® RPãçãããšãã§ããŸãã èªåãã¡ã€ã¢ãŠ ã©ãŒã«èšå® ãã®ãªãã·ã§ã³ãæå¹ã«ãããšãæå®ããããã«ããã£ã¹ãã°ã«ãŒãã«ãã«ããã£ã¹ããã©ãã£ãã¯ã 転éããããã«å¿ èŠãšãªããã¹ãŠã®ãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ãã·ã¹ãã ã«ãã£ãŠèªåçã«äœæã ããŸãã 200 UTM 9 管çã¬ã€ã 6 ã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° 6.9 ãã«ããã£ã¹ãã«ãŒãã£ã³ã° (PIM-SM) ãããã° èšå® PIM-SM ã«ãŒãã£ã³ã°ããŒã¢ã³ãã°ã«è¿œå ã®ãããã°æ å ±ã衚瀺ããã«ã¯ãããããã°ã¢ãŒããæå¹ å ããªãã·ã§ã³ãéžæããŸãã UTM 9 管çã¬ã€ã 201 7 ãããã¯ãŒã¯ãµãŒãã¹ ãã®ç« ã§ã¯ããå©çšã®ãããã¯ãŒã¯çšã«Sophos UTMã®è€æ°ã®ãããã¯ãŒã¯ãµãŒãã¹ãèšå®ããæ¹ æ³ã説æããŸãã ãã®ç« ã§ã¯ã次ã®ãããã¯ã«ã€ããŠèª¬æããŸãã l DNS l DHCP l NTP 7.1 DNS ããããã¯ãŒã¯ãµãŒãã¹ > DNSãã¡ãã¥ãŒã«ããã¿ãã«ã¯ãããŸããŸãªèšå®ãªãã·ã§ã³ãããããã¹ãŠ ã ã¡ã€ã³ããŒã ã·ã¹ãã (DNS) ã«é¢é£ããŠããŸããDNS ãšã¯ããã¡ã€ã³å (ã³ã³ãã¥ãŒã¿ã®ãã¹ãå) ã IP ã¢ãã¬ã¹ã«å€æããããã«äž»ã«äœ¿çšãããã·ã¹ãã ã§ãã 7.1.1 ã°ããŒãã« ããããã¯ãŒã¯ãµãŒãã¹ > DNS > ã°ããŒãã« ãã¿ãã§ã¯ãUTMãååž°ç㪠DNS ãªãŸã«ããšããŠäœ¿çšã ãããšãèš±å¯ãããããã¯ãŒã¯ãæå®ã§ããŸããããã§ã¯éåžžãå éšãããã¯ãŒã¯ãéžæããŸãã 泚 â å éš DNS ãµãŒãã Active Directory ã®äžéšãªã©ãšããŠãã§ã«èµ·åããŠããå Žåããã®ãã㯠ã¹ã¯ç©ºã®ãŸãŸæ®ããŸãã D N SSE C Domain Name System Security Extensions (DNSSEC) ã¯ãã»ãã¥ãªãã£ã匷åãã DNS ã®æ¡åŒµæ©èœ ã§ããå ¬ééµæå·æ¹åŒã䜿çšã㊠DNS åç §ã¬ã³ãŒããããžã¿ã«çœ²åããããšã§æ©èœããŸãããã®æ© èœãéžæããªããšãUTMã¯ãã¹ãŠã® DNS ã¬ã³ãŒããåãå ¥ããŸãããã®æ©èœãéžæãããšãUTM ã¯ãéä¿¡ããã DNS èŠæ±ã® DNSSEC 眲åãæ€èšŒããŸããæ£ãã眲åãããã¬ã³ãŒãã®ã¿ã眲åæž ã¿ãŸãŒã³ããèš±å¯ãããŸãã 泚 â ãã®æ©èœãéžæãããšãDNS ã¬ã³ãŒãã¯ãæåã§ã€ã³ã¹ããŒã«ãããããŸã㯠ISP ã«ãã£ãŠå² ãåœãŠããã DNSSEC æªå¯Ÿå¿ã®ãã©ã¯ãŒãã«æåŠãããå ŽåããããŸãããã®å Žåã¯ãããã© 7.1 DNS 7 ãããã¯ãŒã¯ãµãŒãã¹ ã¯ãŒããã¿ãã§ãããã¯ã¹ãã DNS ãã©ã¯ãŒããåé€ãããISP ãå²ãåœãŠããã©ã¯ãŒããäœ¿çš ã ãã§ãã¯ããã¯ã¹ãç¡å¹ã«ããŸãã ãªãŸã«ããã£ãã·ã¥ãã¯ãªã¢ DNS ãããã·ã§ã¯ãã¬ã³ãŒãã«å¯ŸããŠãã£ãã·ã¥ã䜿çšããŸããåã¬ã³ãŒãã«ã¯æå¹æé (TTLãçå æé) ãããããã®æéã«ã¬ã³ãŒãã¯åé€ãããŸããé垞㯠1æ¥ã«èšå®ãããŠããŸãããã ãã ãã£ãã·ã¥ã¯æåã§ç©ºã«ããããšãã§ããŸã (TTL ã倱å¹ããåã« DNS ã¬ã³ãŒãã®ææ°ã®å€æŽãä» ããæå¹ã«ãããå Žåãªã©)ããã£ãã·ã¥ã空ã«ããã«ã¯ããä»ãããªãŸã«ããã£ãã·ã¥ãã¯ãªã¢ ãã㯠ãªãã¯ããŸãã 7.1.2 ãã©ã¯ãŒã ããããã¯ãŒã¯ãµãŒãã¹ > DNS > ãã©ã¯ãŒããã¿ãã§ã¯ããããã DNS ãã©ã¯ãŒããæå®ã§ã㟠ããDNSã ã©ã¯ãŒããšã¯ããããã¯ãŒã¯äžã«ãã DNS (ãã¡ã€ã³ããŒã ã·ã¹ãã ) ãµãŒãã§ãããå€éš DNS åã«é¢ãã DNS ã¯ãšãªãåœè©²ãããã¯ãŒã¯å€ã® DNS ãµãŒãã«è»¢é (ãã©ã¯ãŒãã£ã³ã°) ããã ãã«äœ¿çšããŸããå¯èœãªéããèšå®ã« DNS ãã©ã¯ãŒããè¿œå ããŠãã ãããDNS ãã©ã¯ãŒãã¯ãã客 æ§ã®ãµã€ãã®ãè¿ããã«ããã(å¯èœã§ããã°) åãã€ã³ã¿ãŒããããããã€ããæäŸããŠãããã¹ãã« ããå¿ èŠããããŸããããã¯ã芪ããã£ãã·ã¥ãšããŠäœ¿çšãããŸããããã«ãããDNS èŠæ±ã®é床ã é£èºçã«åäžããŸãã転éãè¡ãããŒã ãµãŒããæå®ããªããšããŸãŒã³æ å ±ã«ã€ããŠã®ã¯ãšãª (å ãåãã) ã¯æåã«ã«ãŒã DNS ãµãŒãã«å¯ŸããŠè¡ããããããèŠæ±ãå®äºãããŸã§æéããã ããŸãã DNS ãã©ã¯ãŒããéžæããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. DNS ãã©ã¯ãŒããéžæããŸãã DNS ãã©ã¯ãŒããéžæãŸãã¯è¿œå ããŸãã ISP ãå²ãåœãŠããã©ã¯ãŒããäœ¿çš (ãªãã·ã§ã³):DNS ã¯ãšãªã ISP ã® DNS ãµãŒã㫠転éããå Žåã¯ãISP ãå²ãåœãŠããã©ã¯ãŒããäœ¿çš ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ ããŸãããã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ãããšãISP ã«ãã£ãŠèªåçã«å²ãåœãŠã ãããã¹ãŠã®ãã©ã¯ãŒããããã¯ã¹ã®äžã«äžèŠ§è¡šç€ºãããŸãã 2. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã 204 UTM 9 管çã¬ã€ã 7 ãããã¯ãŒã¯ãµãŒãã¹ 7.1 DNS 7.1.3 ãªã¯ãšã¹ãã«ãŒãã£ã³ã° å éš DNS ãµãŒãã皌åããŠãããDNS ãã©ã¯ãŒãã«è§£æ±ºãããããªããã¡ã€ã³ãããå Žåããã®ã ã¡ã€ã³ãžã®ã¯ãšãªããã©ã¯ãŒãã§ã¯ãªãå éšãµãŒãã«åŠçãããããšãã§ããŸããããããã¯ãŒã¯ãµãŒ ãã¹ > DNS > ãªã¯ãšã¹ãã«ãŒãã£ã³ã°ãã¿ãã§ãç¬èªã® DNS ãµãŒããžã®ã«ãŒããå®çŸ©ããããšãã§ã ãŸãã DNS ãªã¯ãšã¹ãã«ãŒããäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ããªã¯ãšã¹ãã«ãŒãã£ã³ã°ãã¿ãã§ãæ°èŠ DNS ãªã¯ãšã¹ãã«ãŒãããã¯ãªãã¯ããŸãã ãæ°èŠ DNS ãªã¯ãšã¹ãã«ãŒãã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ãã¡ã€ã³:ä»£æ¿ DNS ãµãŒãã䜿çšããããã¡ã€ã³ãå ¥åããŸãã ã¿ãŒã²ãããµãŒã:äžèšã¹ãããã§å ¥åãããã¡ã€ã³ã解決ããããã«äœ¿çšãã DNS ãµãŒãã 1ã€ä»¥äžéžæããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããã«ãŒãããDNS ãªã¯ãšã¹ãã«ãŒãããªã¹ãã«è¡šç€ºããããã ã¡ã«æå¹ã«ãªããŸãã DNS ãªã¯ãšã¹ãã«ãŒããç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 7.1.4 ã¹ã¿ãã£ãã¯ãšã³ã㪠ç¬èªã® DNS ãµãŒããã»ããã¢ããããããããã¯ãŒã¯å ã®ããã€ãã®ãã¹ãã«å¯ŸããŠã¹ã¿ãã£ã㯠DNS ãããã³ã°ãå¿ èŠãªå Žåã¯ãããã§ãããã®ãããã³ã°ãå ¥åããããšãã§ããŸãã UTM ããŒãžã§ã³ 9.1 ããããã®æ©èœã¯ãå®çŸ©ãšãŠãŒã¶ > ãããã¯ãŒã¯å®çŸ© ãã¿ãã«ç§»åããŸãããDNS ãããã³ã°ã¯è©²åœãããã¹ããšãšãã«å®çŸ©ãããããã«ãªããŸããã ãã¹ã¿ãã£ãã¯ãšã³ããªããã¿ã³ãã¯ãªãã¯ãããšããå®çŸ©ãšãŠãŒã¶ã>ããããã¯ãŒã¯å®çŸ©ãã¿ããéããŸãã èªåçã«ãéçãšã³ããªã®ãããã¹ãã®ã¿ã衚瀺ãããŸãããªã¹ãã®äžéšã®ããããããŠã³ãªã¹ãã 䜿çšãããšããã£ã«ã¿èšå®ãå€æŽã§ããŸãã 7.1.5 DynDNS ãã€ããã㯠DNS (ç¥ã㊠DynDNS) ã¯ãå¯å€ IP ã¢ãã¬ã¹ãæã€ã³ã³ãã¥ãŒã¿ã«éçã€ã³ã¿ãŒããããã¡ ã€ã³åãå²ãåœãŠãããšãå¯èœã«ãããã¡ã€ã³ããŒã ãµãŒãã¹ã§ããããããã® DynDNS ãµãŒãã¹ã ããã€ãã® Web ãµã€ã㧠DynDNS ãµãŒãã¹ã«ãµã€ã³ã¢ããããDNS ãšã€ãªã¢ã¹ãååŸãããšãã¢ãã UTM 9 管çã¬ã€ã 205 7.1 DNS 7 ãããã¯ãŒã¯ãµãŒãã¹ ãªã³ã¯ IP ã¢ãã¬ã¹ã®å€åã«å¿ããŠãã®ãšã€ãªã¢ã¹ãèªåçã«æŽæ°ãããŸãããã®ãµãŒãã¹ã«ç»é²ã ããšãèšå®ã«å¿ èŠãªãã¹ãåããŠãŒã¶åããã¹ã¯ãŒããæäŸãããŸãã DynDNS ãèšå®ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ãDynDNSãã¿ãã§ããæ°èŠ DynDNSããã¯ãªãã¯ããŸãã ãæ°èŠ DynDNS ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ã¿ã€ã:次㮠DynDNS ãµãŒãã¹ã䜿çšã§ããŸãã l DNS Park:å ¬åŒãŠã§ããµã€ã:www.dnspark.com l DtDNS:å ¬åŒãŠã§ããµã€ã:www.dtdns.com l DynDNS:ãµãŒãã¹ãããã€ããDynamic Network Services Inc (Dyn) ã®æšæº DNS ãµãŒã ã¹ãå ¬åŒãŠã§ããµã€ã:www.dyndns.com l DynDNS-custom:ãµãŒãã¹ãããã€ããDynamic Network Services Inc (Dyn) ã®ã«ã¹ã¿ã DNS ãµãŒãã¹ (www.dyndns.com)ãã«ã¹ã¿ã DNSã¯ãäž»ã«ãŠãŒã¶èªèº«ãææãŸãã¯ç» é²ããŠãããã¡ã€ã³ã䜿çšããããã«èšèšãããŠããŸãã l easyDNS:å ¬åŒãŠã§ããµã€ã:www.easydns.com l FreeDNS:å ¬åŒãŠã§ããµã€ã:freedns.afraid.org l Namecheap:å ¬åŒãŠã§ããµã€ã:www.namecheap.com l zoneedit:å ¬åŒãŠã§ããµã€ã:www.zoneedit.com 泚 âããµãŒã ããã£ãŒã«ãã«ã¯ãUTMã IP ã®å€æŽãéä¿¡ãã URL ã衚瀺ãããŸãã å²ãåœãŠ (ãFreeDNSãã¿ã€ãã«ã¯ç¡å¹):DynDNS åãé¢é£ä»ãã IP ã¢ãã¬ã¹ãå®çŸ©ããŸãã ããŒã«ã«ã€ã³ã¿ãã§ãŒã¹ããããªã㯠IP ã¢ãã¬ã¹ãæã€å Žåã¯ããã® ããŒã«ã«ã€ã³ã¿ãã§ãŒã¹ ã® IP ãéžæãããšäŸ¿å©ã§ããéåžžã¯ãDSL ã¢ãããªã³ã¯ã«å¯ŸããŠãã®ãªãã·ã§ã³ã䜿çšã㟠ãããããã©ã«ãã«ãŒãã®æåã®ãããªã㯠IP ããéžæããå Žåãã€ã³ã¿ãã§ãŒã¹ã®æå®ã¯äž èŠã§ãã代ããã«ãUTMããããªã㯠DynDNS ãµãŒãã« WWW èŠæ±ãéä¿¡ãããããªã㯠DynDNS ãµãŒãã¯çŸåšäœ¿çšäžã®ãããªãã¯IPãè¿ããŸããããã¯ããã©ã€ããŒããããã¯ãŒã¯ å éšã«ããUTMããããªã㯠IP ã¢ãã¬ã¹ãæã£ãŠãããããã¹ã«ã¬ãŒãã£ã³ã°ã«ãŒã¿çµç±ã§ã€ ã³ã¿ãŒãããã«æ¥ç¶ããŠããå Žåã«æçšã§ãã 泚 â FreeDNS ã¯ãåžžã«ããã©ã«ãã«ãŒãã®æåã®ãããªã㯠IP ã¢ãã¬ã¹ã䜿çšããŸãã 206 UTM 9 管çã¬ã€ã 7 ãããã¯ãŒã¯ãµãŒãã¹ 7.1 DNS ã€ã³ã¿ãã§ãŒã¹ (ãFreeDNSãã¿ã€ãã§ã¯ç¡å¹ããããŒã«ã«ã€ã³ã¿ãã§ãŒã¹ã® IP ãã®ã¿):DynDNS ãµãŒãã¹ã䜿çšããã€ã³ã¿ãã§ãŒã¹ãéžæããŸããæãå¯èœæ§ãé«ãã®ã¯ãã€ã³ã¿ãŒãããã« æ¥ç¶ãããå€éšã€ã³ã¿ãã§ãŒã¹ã§ãã ãã¹ãå:DynDNS ãµãŒãã¹ãããã€ãããåãåã£ããã¡ã€ã³åãå ¥åããŸã (example.dyndns.org ãªã©)ãããã§ã¯ãç¹å®ã®æ§æãéµå®ããŠãã¹ãåãå ¥åããå¿ èŠ ã¯ãããŸãããããã§å ¥åãå¿ èŠãªå 容ã¯ãå DynDNS ãµãŒãã¹ãããã€ãã®èŠä»¶ã«å¿ã ãŠç°ãªããŸããDynDNS ãã¹ãåãã²ãŒããŠã§ã€ã®ã¡ã€ã³ãã¹ãåãšããŠäœ¿çšããããšãã§ã㟠ãããå¿ é ã§ã¯ãããŸããã ãšã€ãªã¢ã¹ (ãªãã·ã§ã³):ãã®ãã€ã¢ãã°ããã¯ã¹ã¯ãåè¿°ã®ã¡ã€ã³ãã¹ãåãšåã IP ã¢ãã¬ã¹ã ãã€ã³ãããè¿œå ãã¹ãåãå ¥åããããã«äœ¿çšããŸã (mail.example.comãexample.com ãªã©)ã MX (ãªãã·ã§ã³ããDNS ParkãããDynDNSãããeasyDNSãã¿ã€ãã®ã¿):MX (mail exchanger) ã¯ãã ã¹ãåã§æå®ããããµãŒã以å€ã®ç¹å®ãµãŒãã«ã¡ãŒã«ãéä¿¡ããããã«äœ¿çšããŸããMX ã¬ã³ãŒãã¯ãç¹å®ãã¡ã€ã³ãžã®ã¡ãŒã«ã®éä¿¡å ãšãªããã¹ã (ãµãŒã) ãæå®ãããšããç®ç ã®ããã«äœ¿çšããŸããããšãã°ãMX ãšã㊠mail.example.com ãæå®ãã ãšã[email protected] å®ãŠã®ã¡ãŒã«ã¯ãã¹ãã§ãã mail.example.com ã«é ä¿¡ãã㟠ãã MX åªå é äœ (ãªãã·ã§ã³ããDNS Parkãã¿ã€ãã®ã¿):ãã¡ã€ã³ãžã®ã¡ãŒã«ã®é ä¿¡ã«æå®ãã ã¡ãŒã«ãµãŒããåªå ãããã©ããã瀺ãæ£ã®æŽæ°å€ãå ¥åããŸããæ°å€ãäœããµãŒãã æ°å€ã®é«ããµãŒããããåªå ãããŸããDNS Park ã§ã¯ãããã©ã«ãå€ãšã㊠5 ã䜿çšããã ãããã»ãšãã©ã®ç®çã«é©ã£ãŠããããããã®ãã£ãŒã«ãã空çœã®ãŸãŸã«ããããšãã§ã㟠ããMX ã®åªå é äœã®è©³çŽ°ãªæè¡æ å ±ã«ã€ããŠã¯ãRFC 5321 ãåç §ããŠãã ããã ããã¯ã¢ãã MX (ãªãã·ã§ã³ããDynDNSããŸãã¯ãeasyDNSãã¿ã€ãã®ã¿):ããã¹ãå ãããã¹ã ããã¯ã¹ã§æå®ãããã¹ãåãã¡ã€ã³ MX ãšãªãå Žåã®ã¿ããã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ã å ¥ããŸãããããšããMXãããã¹ãããã¯ã¹ã®ãã¹ãåã¯ããã¯ã¢ãã MX ãšããŠã®ã¿ã¢ããã¿ã€ ãºãããŸãã ã¯ã€ã«ãã«ãŒã (ãªãã·ã§ã³ããDynDNSããŸãã¯ãeasyDNSãã¿ã€ãã®ã¿):ãã®ãªãã·ã§ã³ã¯ãç»é² ãããã¡ã€ã³ãšåã IP ã¢ãã¬ã¹ããµããã¡ã€ã³ã®ãã€ã³ãå ãšããå Žåã«éžæããŸãããã®ãªã ã·ã§ã³ã䜿çšãããšããã¡ã€ã³ã«ã¯ã€ã«ãã«ãŒããšããŠã¢ã¹ã¿ãªã¹ã¯ (*) ãè¿œå ãããŸã (*.example.dyndns.orgãªã©)ãããã«ãããwww.example.dyndns.org ãªã©ã example.dyndns.org ãšåãã¢ãã¬ã¹ããã€ã³ãããããã«ãªããŸãã ãŠãŒã¶å:DynDNS ãµãŒãã¹ãããã€ãããåãåã£ããŠãŒã¶åãå ¥åããŸãã ãã¹ã¯ãŒã:DynDNS ãµãŒãã¹ãããã€ãããåãåã£ããã¹ã¯ãŒããå ¥åããŸãã UTM 9 管çã¬ã€ã 207 7.2 DHCP 7 ãããã¯ãŒã¯ãµãŒãã¹ ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ãã DynDNS ããDynDNSããªã¹ãã«è¡šç€ºãããŸãããµãŒãã¹ã¯ç¡å¹ã«ãªã£ãŠããŸã (ãã°ã« ã¹ã€ããã¯ç°è²)ã 4. DynDNS ãæå¹ã«ããŸãã DynDNS ãµãŒãã¹ãæå¹ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ããã§ãµãŒãã¹ãæå¹ã«ãªããŸã (ãã°ã«ã¹ã€ããã¯ç·è²)ã DynDNS ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã è€æ°ã® DynDNS ãªããžã§ã¯ããåæã«äœ¿çšããããšãã§ããŸãã2ã€ã®ãã¹ãåã®ãã¹ãŠã®èšå®ã åãã§ããã°ãå¥ãªããžã§ã¯ãã 2ã€äœæããã®ã§ã¯ãªããããšã€ãªã¢ã¹ ããªãã·ã§ã³ã䜿çšããããšã æšå¥šããŸãã 7.2 DHCP DHCP (Dynamic Host Configuration Protocol) ã¯ãå®çŸ©ããã IP ã¢ãã¬ã¹ããŒã«ããã¯ã©ã€ã¢ã³ãã³ã³ ãã¥ãŒã¿ã«ã¢ãã¬ã¹ãèªåçã«å²ãåœãŠãŸãã倧èŠæš¡ãããã¯ãŒã¯ã«ããããããã¯ãŒã¯èšå®ãç°¡çŽ åããã¢ãã¬ã¹ã®è¡çªãé²æ¢ããããã«èšèšãããŠããŸããDHCP ã¯ã¯ã©ã€ã¢ã³ãã«ãIP ã¢ãã¬ã¹ã ããã©ã«ãã®ã²ãŒããŠã§ã€æ å ±ãDNS èšå®æ å ±ãå²ãåœãŠãŸãã ã¯ã©ã€ã¢ã³ãã³ã³ãã¥ãŒã¿ã®èšå®ãç°¡çŽ åããã¢ãã€ã«ã³ã³ãã¥ãŒã¿ãè€æ°ã®ãããã¯ãŒã¯ãåé¡ãªã è¡ãæ¥ã§ããããã«ããããšã«å ããDHCP 㯠IP ã¢ãã¬ã¹ã«é¢é£ããåé¡ã®åå ç¹å®ãšãã©ãã« ã·ã¥ãŒãã£ã³ã°ããµããŒãããŸããããã¯ãDHCP ãµãŒãèªäœã®èšå®ã«åé¡ãããããšãå€ããã ã§ãããŸããã¢ãã¬ã¹ãå¿ èŠã«å¿ããŠå²ãåœãŠãŠãäžèŠãªå Žåã¯åå©çšããããšãã§ããããããã¹ ãŠã®ã³ã³ãã¥ãŒã¿ãåæã«ã¢ã¯ãã£ãã«ãªã£ãŠããªãå Žåãªã©ã«ãã¢ãã¬ã¹ã¹ããŒã¹ã®äœ¿çšãããå¹ çåããããšãã§ããŸãã 7.2.1 ãµãŒã ããããã¯ãŒã¯ãµãŒãã¹ > DHCP > ãµãŒã ãã¿ãã䜿çšãããšãDHCP ãµãŒããèšå®ããããšãã§ã㟠ããSophos UTMã¯ãæ¥ç¶ããããããã¯ãŒã¯ã ãã§ãªããä»ã®ãããã¯ãŒã¯ã«å¯Ÿã㊠DHCP ãµãŒãã¹ ãæäŸããŸããDHPC ãµãŒãã䜿çšããŠãã¯ã©ã€ã¢ã³ãã«åºæ¬ãããã¯ãŒã¯ãã©ã¡ãŒã¿ãå²ãåœãŠãã ãšãã§ããŸããç¬èªã®æ§æãæã€ããããç¬èªã®ã€ã³ã¿ãã§ãŒã¹ãšãããã¯ãŒã¯ãååŸããŠãè€æ° ã®ã€ã³ã¿ãã§ãŒã¹äžã§ DHCP ãµãŒãã¹ãå®è¡ã§ããŸãã 208 UTM 9 管çã¬ã€ã 7 ãããã¯ãŒã¯ãµãŒãã¹ 7.2 DHCP 泚 âããªãã·ã§ã³ãã¿ãã§ã¯ãã¯ã©ã€ã¢ã³ãã«éä¿¡ããè¿œå DHCP ãªãã·ã§ã³ãŸãã¯ç°ãªã DHCP 㪠ãã·ã§ã³ãå®çŸ©ã§ããŸããããªãã·ã§ã³ãã¿ãã«å®çŸ©ããã DHCP ãªãã·ã§ã³ã¯ããã®ã¹ã³ãŒããã° ããŒãã«ã«èšå®ãããŠããªãå ŽåãããµãŒã ãã¿ãã®èšå®ãäžæžãããŸããããšãã°ãéžæããã ã¹ãã®ã¿ã« DHCP ãªãã·ã§ã³ãå®çŸ©ãããšãã«ãDHCP ãµãŒãã«å®çŸ©ããããã®ãšã¯ç°ãªã DNS ãµãŒããŸãã¯ãªãŒã¹æéãå²ãåœãŠãããšãã§ããŸãã DHCP ãµãŒããèšå®ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ããµãŒã ãã¿ãã§ããæ°èŠ DHCP ãµãŒã ããã¯ãªãã¯ããŸãã ãæ°èŠ DHCP ãµãŒããäœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ã€ã³ã¿ãã§ãŒã¹:IP ã¢ãã¬ã¹ãã¯ã©ã€ã¢ã³ãã«å²ãåœãŠãã€ã³ã¿ãã§ãŒã¹ããã§ã«èšå®ãããŠãã ã€ã³ã¿ãã§ãŒã¹ã®ã¿ãéžæã§ããŸãã ã¢ãã¬ã¹ã¿ã€ã:ãã®ãªãã·ã§ã³ã¯ IPv6 ãã°ããŒãã«ã«æå¹ã«ããŠããå Žåã«ã®ã¿äœ¿çšã§ã㟠ããDHCP ãµãŒãã® IP ããŒãžã§ã³ãéžæããŸãã ã¬ã³ãžã®å é /æ«å°Ÿ:ãã®ã€ã³ã¿ãã§ãŒã¹ã®ã¢ãã¬ã¹ããŒã«ãšããŠäœ¿çšãã IP ã¬ã³ãžãããã©ã« ãã§ããããã¯ãŒã¯ã«ãŒãã«èšå®ãããã¢ãã¬ã¹ãšãªã¢ãããã¹ãããã¯ã¹ã«è¡šç€ºãããŸãã㯠ã©ã€ã¢ã³ããåããããã¯ãŒã¯å ã«ããå Žåãã¬ã³ãžã¯ã€ã³ã¿ãã§ãŒã¹ãæ¥ç¶ãããããã ã¯ãŒã¯å ã«ããå¿ èŠããããŸããã¯ã©ã€ã¢ã³ããå¥ã®ãããã¯ãŒã¯ã«ããå Žåãã¬ã³ãžã¯ãª ã¬ãŒãããDHCPèŠæ±ã®éä¿¡å ãããã¯ãŒã¯å ã«ããå¿ èŠããããŸãã 泚 â å®çŸ©ãã DHCP IP ç¯å²ã倧ãããã°å€§ããã»ã©ãUTM ã«ãã£ãŠãããå€ãã®ã¡ã¢ãªã äºçŽãããŸããDHCP ç¯å²ãé©åãªå€ã«åæžããããã«ããŠãã ãããèš±å¯ãããæå€§ç¯ å²ã¯ã/9 ãããã¯ãŒã¯ã§ãã DNS ãµãŒã 1/2:DNS ãµãŒãã® IP ã¢ãã¬ã¹ã ããã©ã«ãã²ãŒããŠã§ã€ (IPv4 ã®ã¿):ããã©ã«ãã²ãŒããŠã§ã€ ã® IP ã¢ãã¬ã¹ã 泚 â ã¯ã€ã€ã¬ã¹ã¢ã¯ã»ã¹ãã€ã³ããš RED ã¢ãã©ã€ã¢ã³ã¹ã®äž¡æ¹ã§ãããã©ã«ãã²ãŒããŠã§ã€ ãæ¥ç¶å ã€ã³ã¿ãã§ãŒã¹ãšåããµããããå ã«ããå¿ èŠããããŸãã ãã¡ã€ã³ (ä»»æ):ã¯ã©ã€ã¢ã³ãã«éä¿¡ããããã¡ã€ã³åãå ¥åããŸã (äŸ: intranet.example.com)ã UTM 9 管çã¬ã€ã 209 7.2 DHCP 7 ãããã¯ãŒã¯ãµãŒãã¹ ãªãŒã¹æé (IPv4 ã®ã¿):DHCP ã¯ã©ã€ã¢ã³ãããªãŒã¹ã®æŽæ°ãèªåçã«è©Šè¡ããŸãããã®ãªãŒ ã¹æéäžã«ãªãŒã¹ãæŽæ°ãããªãå ŽåãIP ã¢ãã¬ã¹ãªãŒã¹ã®æéãåããŸããããã§ã¯ãã ã®ééãç§æ°ã§å®çŸ©ã§ããŸããããã©ã«ã㯠86,400ç§ (1æ¥) ã§ããæå°å€ã¯ 600ç§ (10å) ã§ãæ倧å€ã¯ 2,592,000ç§ (1ãæ) ã§ãã æå¹æé (IPv6 ã®ã¿):DHCP ã¯ã©ã€ã¢ã³ãããªãŒã¹ã®æŽæ°ãèªåçã«è©Šè¡ããŸãããã®æå¹ æéäžã«ãªãŒã¹ãæŽæ°ãããªãå ŽåãIP ã¢ãã¬ã¹ãªãŒã¹ã¹ããŒã¿ã¹ãç¡å¹ã«ãªããã¢ãã¬ã¹ ãã€ã³ã¿ãã§ãŒã¹ããåé€ãããä»ã«å²ãåœãŠãããããã«ãªããŸããéé㯠5åããç¡éã® éã§éžæã§ããŸãããæå¹æéã¯æšå¥šæé以äžã«ããå¿ èŠããããŸãã æšå¥šæé (IPv6 ã®ã¿):DHCP ã¯ã©ã€ã¢ã³ãããªãŒã¹ã®æŽæ°ãèªåçã«è©Šè¡ããŸãããã®æšå¥š æéäžã«ãªãŒã¹ãæŽæ°ãããªãå ŽåãIP ã¢ãã¬ã¹ãªãŒã¹ã¹ããŒã¿ã¹ããããªã±ãŒããã€ãŸãåŒ ãç¶ãæå¹ã§ã¯ãããã®ã®ãæ°ããæ¥ç¶ã«ã¯äœ¿çšãããªãããã«ãªããŸããééã¯ã5åã ãç¡éã®éã§éžæã§ããŸãã 3. 次ã®è©³çŽ°èšå®ãä»»æã§è¡ããŸãã WINS ããŒãã¿ã€ã (IPv4 ã®ã¿):Windows Internet Naming Service WINS ãšã¯ããã€ã¯ããœããã Windows ã«å®è£ ãã NetBIOS Name Server (NBNS) ã§ãããNetBIOS ã³ã³ãã¥ãŒã¿åçšã® ããŒã ãµãŒãããã³ãµãŒãã¹ã§ããWINS ãµãŒãã¯ãã³ã³ãã¥ãŒã¿åã IP ã¢ãã¬ã¹ãšäžèŽãã ãããŒã¿ããŒã¹ãšããŠæ©èœãããããNetBIOS ã䜿çšããŠããã³ã³ãã¥ãŒã¿ã TCP/IP ããã ã¯ãŒã¯ã®ã¡ãªãããå©çšã§ããããã«ãªããŸãã次㮠WINS ããŒãã¿ã€ãã䜿çšã§ããŸãã l èšå®ããªã:WINS ããŒãã¿ã€ãã¯èšå®ããã®ã§ã¯ãªãã¯ã©ã€ã¢ã³ãã«éžæãããŸãã l BããŒã (WINS ãªã):BããŒãã·ã¹ãã ã¯ãããŒããã£ã¹ãã®ã¿ã䜿çšããŸãã l PããŒã (WINS ã®ã¿):PããŒãã·ã¹ãã 㯠WINS (Windows name server) ãžã®ãã€ã³ãã㌠ãã€ã³ãã®åååãåããã®ã¿ã䜿çšããŸãã l MããŒã (ãããŒããã£ã¹ãåŸ WINS):MããŒãã·ã¹ãã ã¯ããŸããããŒããã£ã¹ãããŠã ããããŒã ãµãŒãã«åãåãããè¡ãªããŸãã l HããŒã (WINS åŸãããŒããã£ã¹ã):HããŒãã·ã¹ãã ã¯ããŸãããŒã ãµãŒãã«åãåã ããŠããããããŒããã£ã¹ãããŸãã WINS ãµãŒã:éžæãã WINS ããŒãã¿ã€ãã«å¿ããŠããã®ããã¹ãããã¯ã¹ã衚瀺ãã㟠ããWINS ãµãŒãã® IP ã¢ãã¬ã¹ãå ¥åããŸãã ã¹ã¿ãã£ãã¯ãããã³ã°ãããã¯ã©ã€ã¢ã³ãã®ã¿ (ãªãã·ã§ã³):ã¹ã¿ãã£ã㯠DHCP ãããã³ã°ãæ ã€ã¯ã©ã€ã¢ã³ãã®ã¿ã« DHCP ãµãŒãã IP ã¢ãã¬ã¹ãå²ãåœãŠãããã«ããã«ã¯ããã®ãªãã·ã§ ã³ãéžæããŸã (ãå®çŸ©ãšãŠãŒã¶ã>ããããã¯ãŒã¯å®çŸ©ã>ããããã¯ãŒã¯å®çŸ©ãåç §)ã 210 UTM 9 管çã¬ã€ã 7 ãããã¯ãŒã¯ãµãŒãã¹ 7.2 DHCP HTTP ãããã·èªåèšå®ã®æå¹å:ãã©ãŠã¶ã®èªåãããã·èšå®çšã« PAC ãã¡ã€ã«ãæäŸ ããã«ã¯ããã®ãªãã·ã§ã³ãéžæããŸãã詳ããã¯ããWeb ãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã° > 詳现 ãã®ç« ã§ãããããã·ã®èªåèšå® ãã»ã¯ã·ã§ã³ãåç §ããŠãã ããã 泚 â Microsoft Windows ã§ã¯çŸåšãIPv6 㧠HTTP ãããã·ã®èªåèšå®ããµããŒãããŠã㟠ããã DHCP ãªã¬ãŒçµç±ã®ã¯ã©ã€ã¢ã³ã:ãããéžæãããšãDHCP ãµãŒãã¯æ¥ç¶ãããã€ã³ã¿ãã§ãŒ ã¹ã®ãããã¯ãŒã¯å ã«ååšããªãã¯ã©ã€ã¢ã³ãã« IP ã¢ãã¬ã¹ãå²ãåœãŠãŸãããã®å Žåãäžã« å®çŸ©ãããã¢ãã¬ã¹ã¬ã³ãžã¯ãæ¥ç¶ãããã€ã³ã¿ãã§ãŒã¹ã®ãããã¯ãŒã¯å ã§ã¯ãªãããªã¬ãŒã ãã DHCP èŠæ±ã®è»¢éå ãããã¯ãŒã¯å ã«ããå¿ èŠããããŸãã ããããã¹ã¯:ãªã¬ãŒããã DHCP èŠæ±ã®è»¢éå ãããã¯ãŒã¯ã®ããããã¹ã¯ãéžæã㟠ãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 4. ãä¿å ããã¯ãªãã¯ããŸãã æ°ãã DHCP ãµãŒãå®çŸ©ã DHCP ãµãŒãã®ãªã¹ãã«è¡šç€ºããããã ã¡ã«ã¢ã¯ãã£ãã«ãªã£ãŠ ããŸãã DHCP ãµãŒãå®çŸ©ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 7.2.2 ãªã¬ãŒ ããããã¯ãŒã¯ãµãŒãã¹ > DHCP > ãªã¬ãŒãã¿ãã§ã¯ãDHCP ãªã¬ãŒãèšå®ããããšãã§ããŸããDHCP ãµãŒãã¹ã¯å¥ã® DHCP ãµãŒãã«ãã£ãŠæäŸãããUTMã¯ãªã¬ãŒãšããŠæ©èœããŸããDHCP ãªã¬ãŒã 䜿çšãããšããããã¯ãŒã¯ã»ã°ã¡ã³ãããŸãã㧠DHCP èŠæ±ããã³å¿çã転éããããšãã§ã㟠ããDHCP ãµãŒããšãDHCP ãã©ãã£ãã¯ã転éãããã€ã³ã¿ãã§ãŒã¹ã®ãªã¹ããæå®ããå¿ èŠããã ãŸãã DHCP ãªã¬ãŒãèšå®ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ããªã¬ãŒãã¿ãã§ããDHCP ãªã¬ãŒããæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«ãªãããDHCP ãªã¬ãŒã®èšå® ããšãªã¢ãç·šéå¯èœã«ãªããŸãã 2. DHCP ãµãŒããéžæããŸãã UTM 9 管çã¬ã€ã 211 7.2 DHCP 7 ãããã¯ãŒã¯ãµãŒãã¹ 3. 該åœããã€ã³ã¿ãã§ãŒã¹ãè¿œå ããŸãã ã€ã³ã¿ãã§ãŒã¹ã DHCP ãµãŒãã«è¿œå ãããšãšãã«ããã¹ãŠã®ã€ã³ã¿ãã§ãŒã¹ã DHCP ã®èŠæ± ãšå¿çã転éãããã¯ã©ã€ã¢ã³ãã®ãããã¯ãŒã¯ã«è¿œå ããŸãã 4. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã èšå®ããã£ã³ã»ã«ããã«ã¯ãã¢ã³ããŒè²ã®ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã 7.2.3 ã¹ã¿ãã£ãã¯ãããã³ã° äžéšãŸãã¯å šéšã®ã¯ã©ã€ã¢ã³ãã® IP ã¢ãã¬ã¹ãšã¯ã©ã€ã¢ã³ãéã®éçãããã³ã°ãäœæã§ã㟠ããUTM ããŒãžã§ã³ 9.1 ããããã®æ©èœã¯ãå®çŸ©ãšãŠãŒã¶ > ãããã¯ãŒã¯å®çŸ© ãã¿ãã«ç§»åããŸã ããDHCP ãããã³ã°ã¯è©²åœãããã¹ããšãšãã«å®çŸ©ãããããã«ãªããŸããã ãã¹ã¿ãã£ãã¯ãããã³ã°ããã¿ã³ãã¯ãªãã¯ãããšããå®çŸ©ãšãŠãŒã¶ > ãããã¯ãŒã¯å®çŸ© ãã¿ããéã㟠ããèªåçã«ãéçãããã³ã°ã®ãããã¹ãã®ã¿ã衚瀺ãããŸãããªã¹ãã®äžéšã®ããããããŠã³ãª ã¹ãã䜿çšãããšããã£ã«ã¿èšå®ãå€æŽã§ããŸãã 7.2.4 IPv4 ãªãŒã¹ããŒãã« DHCP ã䜿çšãããšãã¯ã©ã€ã¢ã³ã㯠IP㢠ãã¬ã¹ãæã€ã®ã§ã¯ãªããDHCP ãµãŒããã IP ã¢ãã¬ã¹ã åãã (ãªãŒã¹ãã) ããšã«ãªããŸããããã«ãããã¢ãã¬ã¹ãäžå®æéã«ããã£ãŠäœ¿çšããèš±å¯ã㯠ã©ã€ã¢ã³ãã«äžããŸãã ããããã¯ãŒã¯ãµãŒãã¹ > DHCP > IPv4 ãªãŒã¹ããŒãã« ãã¿ãã«ãããªãŒã¹ããŒãã«ã«ã¯ãDHCP ãµãŒ ããçŸåšçºè¡ããŠãããªãŒã¹ããéå§æ¥ä»ããªãŒã¹ã®æå¹æéæ¥ãªã©ã®æ å ±ãšãšãã«è¡šç€ºãã㟠ãã ã¹ã¿ãã£ãã¯ããã ã³ ã° ãè¿œå ããŠæ°èŠã®ãã¹ã ãå®çŸ© æ¢åã®ãªãŒã¹ãã¹ã¿ãã£ã㯠MAC/IP ãããã³ã°ã®ãã³ãã¬ãŒããšããŠäœ¿çšãããã¹ãã®å®çŸ©ã«äœ¿çšã§ ããŸãã以äžã®æé ã«åŸã£ãŠãã ããã 1. æãŸãããªãŒã¹ã®ãéçå ãåã®ãéçå ããã¿ã³ãã¯ãªãã¯ããŸãã ãéçå ããã€ã¢ãã°ãŠã€ã³ããŠãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ã¢ã¯ã·ã§ã³:ãæ°èŠãã¹ãã®äœæ ããéžæããŸãã åå:æ°èŠãã¹ãã説æããååãå ¥åããŸãã 212 UTM 9 管çã¬ã€ã 7 ãããã¯ãŒã¯ãµãŒãã¹ 7.2 DHCP DHCP ãµãŒã:éçãããã³ã°ã«äœ¿çšãã DHCP ãµãŒããéžæããŸãã該åœãã DHCP ã®ç¯ å²ãããããããŠã³ãªã¹ãã®äžã«è¡šç€ºãããŸãã IPv4 ã¢ãã¬ã¹:DHCP ããŒã«ç¯å²å€ã®ã¢ãã¬ã¹ã« IP ã¢ãã¬ã¹ãå€æŽããŸãã 泚 â ãªãŒã¹ãã¹ã¿ãã£ãã¯ãããã³ã°ã«å€æããå ŽåãDHCP ããŒã«ã®ç¯å²å€ã® IP ã¢ã㬠ã¹ã«å€æŽããå¿ èŠããããŸãããã ããIP ã¢ãã¬ã¹ãå€æŽããŠããã¯ã©ã€ã¢ã³ãã®äœ¿çšãã ã¢ãã¬ã¹ã¯ããã«ã¯å€æŽãããã次ã«ãªãŒã¹æŽæ°ãè¡ããŸã§å€æŽãããŸããã DNS ãã¹ãå:DNS ãã¹ãåãæå®ãããšããã¹ãã®éç DNS ãšã³ããªãšããŠäœ¿çšãããŸãã ãªããŒã¹ DNS:ãã¹ãã® IP ã¢ãã¬ã¹ãšååã®ãããã³ã°ãæå¹åããã«ã¯ããã§ãã¯ããã¯ã¹ ã«ãã§ãã¯ãå ¥ããŸããåã IP ã¢ãã¬ã¹ã«è€æ°ã®ååããããã³ã°ããããšãå¯èœã§ããã1 ã€ã®ååã«å¯ŸããŠã¯ 1ã€ã® IPã¢ãã¬ã¹ãããããã³ã°ã§ããŸããã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã éçãããã³ã°ã«ããæ°ãããã¹ãã¯ãå®çŸ©ãšãŠãŒã¶ > ãããã¯ãŒã¯å®çŸ© ãã¿ãã«è¡šç€ºãããŸãã ã¹ã¿ãã£ãã¯ããã ã³ ã° ãæ¢åã®ãã¹ã ã« è¿œå ãã æ¢åã®ãªãŒã¹ãæ°ããã¹ã¿ãã£ã㯠MAC/IP ãããã³ã°ã®ãã³ãã¬ãŒããšããŠäœ¿çšãããã¹ãã®å®çŸ©ã« 䜿çšã§ããŸãã以äžã®æé ã«åŸã£ãŠãã ããã 1. æãŸãããªãŒã¹ã®ãéçå ãåã®ãéçå ããã¿ã³ãã¯ãªãã¯ããŸãã ãéçå ããã€ã¢ãã°ãŠã€ã³ããŠãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ã¢ã¯ã·ã§ã³:ãæ¢åã®ãã¹ããäœ¿çš ããéžæããŸãã ãã¹ã:ããã©ã«ããã¢ã€ã³ã³ãã¯ãªãã¯ããŠããã¹ããè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã éçãããã³ã°ã«ãããã¹ãã¯ããå®çŸ©ãšãŠãŒã¶ > ãããã¯ãŒã¯å®çŸ© ãã¿ãã«è¡šç€ºãããŸãã 7.2.5 IPv6 ãªãŒã¹ããŒãã« DHCP ã䜿çšãããšãã¯ã©ã€ã¢ã³ã㯠IP ã¢ãã¬ã¹ãæã€ã®ã§ã¯ãªããDHCP ãµãŒããã IP ã¢ãã¬ã¹ã åãã (ãªãŒã¹ãã) ããšã«ãªããŸããããã«ãããã¢ãã¬ã¹ãäžå®æéã«ããã£ãŠäœ¿çšããèš±å¯ã㯠UTM 9 管çã¬ã€ã 213 7.2 DHCP 7 ãããã¯ãŒã¯ãµãŒãã¹ ã©ã€ã¢ã³ãã«äžããŸãã ããããã¯ãŒã¯ãµãŒãã¹ > DHCP > IPv6 ãªãŒã¹ããŒãã« ãã¿ãã«ãããªãŒã¹ããŒãã«ã«ã¯ãDHCP ãµãŒ ããçŸåšçºè¡ããŠãããªãŒã¹ããéå§æ¥ä»ããªãŒã¹ã®æå¹æéæ¥ãªã©ã®æ å ±ãšãšãã«è¡šç€ºãã㟠ãã 泚 â ãã¬ãã£ãã¯ã¹åºåçµç±ã§ä»äžããããªãŒã¹ã¯ããŒãã«ã«è¡šç€ºãããŸããã ã¹ã¿ãã£ãã¯ããã ã³ ã° ãè¿œå ããŠæ°èŠã®ãã¹ã ãå®çŸ© æ¢åã®ãªãŒã¹ãã¹ã¿ãã£ã㯠MAC/IP ãããã³ã°ã®ãã³ãã¬ãŒããšããŠäœ¿çšãããã¹ãã®å®çŸ©ã«äœ¿çšã§ ããŸãã以äžã®æé ã«åŸã£ãŠãã ããã 1. æãŸãããªãŒã¹ã®ãéçå ããã¿ã³ãã¯ãªãã¯ããŸãã ãéçå ããã€ã¢ãã°ãŠã€ã³ããŠãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ã¢ã¯ã·ã§ã³:ãæ°èŠãã¹ãã®äœæ ããéžæããŸãã åå:æ°èŠãã¹ãã説æããååãå ¥åããŸãã DHCP ãµãŒã:éçãããã³ã°ã«äœ¿çšãã DHCP ãµãŒããéžæããŸãã該åœãã DHCP ã®ç¯ å²ãããããããŠã³ãªã¹ãã®äžã«è¡šç€ºãããŸãã IPv6 ã¢ãã¬ã¹:DHCP ããŒã«ç¯å²å€ã®ã¢ãã¬ã¹ã« IP ã¢ãã¬ã¹ãå€æŽããŸãã 泚 â ãªãŒã¹ãã¹ã¿ãã£ãã¯ãããã³ã°ã«å€æããå ŽåãDHCP ããŒã«ã®ç¯å²å€ã® IP ã¢ã㬠ã¹ã«å€æŽããå¿ èŠããããŸãããã ããIP ã¢ãã¬ã¹ãå€æŽããŠããã¯ã©ã€ã¢ã³ãã®äœ¿çšãã ã¢ãã¬ã¹ã¯ããã«ã¯å€æŽãããã次ã«ãªãŒã¹æŽæ°ãè¡ããŸã§å€æŽãããŸããã DNS ãã¹ãå:DNS ãã¹ãåãæå®ãããšããã¹ãã®éç DNS ãšã³ããªãšããŠäœ¿çšãããŸãã ãªããŒã¹ DNS:ãã¹ãã® IP ã¢ãã¬ã¹ãšååã®ãããã³ã°ãæå¹åããã«ã¯ããã§ãã¯ããã¯ã¹ ã«ãã§ãã¯ãå ¥ããŸããåã IP ã¢ãã¬ã¹ã«è€æ°ã®ååããããã³ã°ããããšãå¯èœã§ããã1 ã€ã® IP ã¢ãã¬ã¹ã«ã¯1ã€ã®ååã«ãããããã³ã°ã§ããŸããã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã 214 UTM 9 管çã¬ã€ã 7 ãããã¯ãŒã¯ãµãŒãã¹ 7.2 DHCP ã¹ã¿ãã£ãã¯ããã ã³ ã° ãæ¢åã®ãã¹ã ã« è¿œå ãã æ¢åã®ãªãŒã¹ãæ°ããã¹ã¿ãã£ã㯠MAC/IP ãããã³ã°ã®ãã³ãã¬ãŒããšããŠäœ¿çšãããã¹ãã®å®çŸ©ã« 䜿çšã§ããŸãã以äžã®æé ã«åŸã£ãŠãã ããã 1. æãŸãããªãŒã¹ã®ãéçå ãåã®ãéçå ããã¿ã³ãã¯ãªãã¯ããŸãã ãéçå ããã€ã¢ãã°ãŠã€ã³ããŠãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ã¢ã¯ã·ã§ã³:ãæ¢åã®ãã¹ããäœ¿çš ããéžæããŸãã ãã¹ã:ããã©ã«ããã¢ã€ã³ã³ãã¯ãªãã¯ããŠããã¹ããè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã éçãããã³ã°ã«ãããã¹ãã¯ããå®çŸ©ãšãŠãŒã¶ > ãããã¯ãŒã¯å®çŸ© ãã¿ãã«è¡šç€ºãããŸãã 7.2.6 ãªãã·ã§ã³ ããããã¯ãŒã¯ãµãŒãã¹ > DHCP > ãªãã·ã§ã³ãã¿ãã䜿çšãããšãDHCP ãªãã·ã§ã³ãèšå®ããããšã ã§ããŸããDHCP ãªãã·ã§ã³ã¯ãDHCP ãµãŒãã«ããDHCP ã¯ã©ã€ã¢ã³ãã«æäŸãããè¿œå èšå®ãã© ã¡ãŒã¿ã§ãã äŸ:äžéšã® VoIP é»è©±ã®å ŽåãDHCP ãµãŒãããå¿ èŠãªæ å ±ãæäŸããããã«ããã®ããŒãžã§ 3〠ã®è¿œå DHCP ãªãã·ã§ã³ãäœæããŠæå¹ã«ããå¿ èŠããããŸãã l ãã¡ã€ã«å :ããŒããã¡ã€ã«ã®ååã l 次ã®ãµãŒã :ããŒããã¡ã€ã«ãæäŸãã TFTP ãµãŒãã®ååã l 4 (ã¿ã€ã ãµãŒã):ã¿ã€ã ãµãŒãã® IP ã¢ãã¬ã¹ã DHCPãªãã·ã§ã³ã«ç°ãªãã¹ã³ãŒããèš±å¯:éžæãããã¹ãã®ã¿ã«æäŸããããéžæãããµãŒããã ã®ã¿ãšããããã°ããŒãã«ã«ããããšãã§ããŸãããã®ãããåããã¹ãã«ç°ãªããã©ã¡ãŒã¿ãå®çŸ©ã ãããšãã§ããŸããäžéšã® DHCP ãªãã·ã§ã³ã¯ãDNS ãµãŒã (ãªãã·ã§ã³6) ãªã©ããDHCP > ãµãŒã ãã¿ ãã«æ¢ã«å®çŸ©ãããŠããŸãããã©ã¡ãŒã¿å€ãäžèŽããªãå Žåã次ã®åªå é äœã§ãã©ã¡ãŒã¿ãã¯ã©ã€ ã¢ã³ãã«æäŸãããŸãã 1. ã¹ã³ãŒããããã¹ããã® DHCP ãªãã·ã§ã³ 2. ã¹ã³ãŒãããMAC ãã¬ãã£ãã¯ã¹ ãã® DHCP ãªãã·ã§ã³ 3. ã¹ã³ãŒããããã³ã IDãã® DHCP ãªãã·ã§ã³ 4. ã¹ã³ãŒããããµãŒã ãã® DHCP ãªãã·ã§ã³ UTM 9 管çã¬ã€ã 215 7.2 DHCP 7 ãããã¯ãŒã¯ãµãŒãã¹ 5. DHCP ãµãŒããã©ã¡ãŒã¿ (DHCP > ãµãŒã ãã¿ã) 6. ã¹ã³ãŒãããã°ããŒãã« ãã® DHCP ãªãã·ã§ã³ 泚 â DHCP èŠæ±ã§ã¯ãDHCP ã¯ã©ã€ã¢ã³ããåŠçã§ãã DHCP ãªãã·ã§ã³ã«é¢ããæ å ±ãéä¿¡ã ãŸãããã®çµæãDHCP ãµãŒãã¯ãããã«å®çŸ©ããããªãã·ã§ã³ã«é¢ä¿ãªããã¯ã©ã€ã¢ã³ããç解㧠ãã DHCP ãªãã·ã§ã³ã®ã¿ãæäŸããŸãã DHCP ãªãã·ã§ã³ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãæ°èŠ DHCP ãªãã·ã§ã³ããã¯ãªãã¯ããŸãã ãæ°èŠ DHCP ãªãã·ã§ã³ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ã¢ãã¬ã¹ã¿ã€ã (IPv6 ãæå¹ãªå Žåã®ã¿):DHCP ãªãã·ã§ã³ãäœæãã IP ããŒãžã§ã³ãéžæã ãŸãã ã³ãŒã:äœæãã DHCP ãªãã·ã§ã³ã®ã³ãŒããéžæããŸãã 泚 âããã¡ã€ã«å ããšã³ããªã§ã¯ãããã§å®è¡ãã DHCP ã¯ã©ã€ã¢ã³ãã«ããŒããããã¡ã€ã«ã æå®ã§ããŸããã次ã®ãµãŒã ãã§ã¯ãããŒããµãŒããå®çŸ©ã§ããŸããçªå·ã® DHCP ãªãã·ã§ ã³ã³ãŒãã¯ãRFC 2132 ãªã©ã§å®çŸ©ãããŠããŸãã åå:ãã®ãªãã·ã§ã³ã説æããååãå ¥åããŸãã ã¿ã€ã:ã³ã¡ã³ããã(äžæ)ãã®ã³ãŒããéžæããå Žåã«ã®ã¿äœ¿çšã§ããŸãããªãã·ã§ã³ã®ããŒã¿ ã¿ã€ããéžæããŸããããŒã¿ã¿ã€ãã«ã¯ããIP ã¢ãã¬ã¹ ãããããã¹ãããã16 é² ãã䜿çšã§ããŸãã éžæããããŒã¿ã¿ã€ãã«å¿ããŠã察å¿ããäžã®ãã£ãŒã«ãã«é©åãªããŒã¿ãå ¥åããŸãã ã¢ãã¬ã¹:ãã® DHCP ãªãã·ã§ã³ã§ DHCP ã¯ã©ã€ã¢ã³ãã«éä¿¡ãããã¹ããŸãã¯ããã ã¯ãŒã¯ã°ã«ãŒãã® IP ã¢ãã¬ã¹ãéžæããŸãã ããã¹ã:ãã® DHCP ãªãã·ã§ã³ã§ DHCP ã¯ã©ã€ã¢ã³ãã«éä¿¡ããããã¹ããå ¥åã㟠ããããã¡ã€ã«å ãã³ãŒãã§ã¯ãããã«ãã¡ã€ã«åãå ¥åã§ããŸãã 16é²:ãã® DHCP ãªãã·ã§ã³ã§ DHCP ã¯ã©ã€ã¢ã³ãã«éä¿¡ãã 16 é²å€ãå ¥åããŸãã16 é²æ°ãã³ãã³ã§ 2æ¡ã®åºåã£ãŠãŸãšãã圢åŒã§æå®ããŸã (00:04:76:16:EA:62 㪠ã©)ã ã¹ã³ãŒã:DHCP ãªãã·ã§ã³ãéä¿¡ããæ¡ä»¶ãå®çŸ©ããŸãã 216 UTM 9 管çã¬ã€ã 7 ãããã¯ãŒã¯ãµãŒãã¹ 7.3 NTP l ã°ããŒãã«:DHCP ãªãã·ã§ã³ãå®çŸ©ãããŠãããã¹ãŠã® DHCP ãµãŒãã«ãããã¹ãŠ ã® DHCP ã¯ã©ã€ã¢ã³ãã«éä¿¡ãããŸãã l ãµãŒã:ããµãŒã ãããã¯ã¹ã«ã¯ãDHCP ãªãã·ã§ã³ãéä¿¡ãã DHCP ãµãŒããéžæã ãŸããããã¯ã¹ã«ã¯ããDHCP ãµãŒã ãã¿ãã«å®çŸ©ãããŠãããã¹ãŠã® DHCP ãµãŒãã 衚瀺ãããŸãã l ãã¹ã:ããã¹ããããã¯ã¹ã«ã¯ãDHCP ãªãã·ã§ã³ãæäŸããããã¹ããè¿œå ãŸãã¯éžæ ããŸãã l MAC ãã¬ãã£ãã¯ã¹:MAC ãã¬ãã£ãã¯ã¹ãå ¥åããŸããMAC ã¢ãã¬ã¹ãäžèŽãããã¹ ãŠã® DHCP ã¯ã©ã€ã¢ã³ãã« DHCP ãªãã·ã§ã³ãæäŸãããŸãã l ãã³ã㌠ID:ãã³ã㌠ID ãŸãã¯ãã³ã㌠ID ã®ãã¬ãã£ãã¯ã¹ãå ¥åããŸãããã®æå åã«äžèŽãããã¹ãŠã® DHCP ã¯ã©ã€ã¢ã³ãã« DHCP ãªãã·ã§ã³ãæäŸãããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã ãDHCP ãªãã·ã§ã³ããªã¹ãã«æ°ãã DHCP ãªãã·ã§ã³ã衚瀺ãããçŽã¡ã«ã¢ã¯ãã£ãã«ãªã㟠ãã DHCP ãªãã·ã§ã³ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 7.3 NTP ããããã¯ãŒã¯ãµãŒãã¹ > NTP ãã¡ãã¥ãŒã䜿çšãããšãæ¥ç¶ããããããã¯ãŒã¯çšã® NTP ãµãŒããèš å®ããããšãã§ããŸããNTP (Network Time Protocol) ãšã¯ãIP ãããã¯ãŒã¯çµç±ã§ã³ã³ãã¥ãŒã¿ã·ã¹ã ã ã®ã¯ããã¯ã®åæããšãããã«äœ¿çšãããããã³ã«ã§ããSophos UTMã®æå»ã®åæ (ããããžã¡ã³ ã > ã·ã¹ãã èšå® > æ¥ä»ãšæå» ãã¿ãã§èšå®) ã ãã§ã¯ãªããç¹å®ã®ãããã¯ãŒã¯ããã®ãµãŒãã¹ã䜿 çšã§ããããã«æ瀺çã«èš±å¯ããããšãã§ããŸãã ç¹å®ã®ãããã¯ãŒã¯ã«å¯Ÿã㊠NTP ã«ããæå»åæãæå¹ã«ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. NTP ãµãŒããæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã 2. ãèš±å¯ãããã¯ãŒã¯ ããéžæããŸãã NTP ãµãŒããžã®ã¢ã¯ã»ã¹ãèš±å¯ãããããã¯ãŒã¯ãéžæããŸãã 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã UTM 9 管çã¬ã€ã 217 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ ãã®ç« ã§ã¯ãSophos UTMã®åºæ¬çãªãããã¯ãŒã¯ãããã¯ã·ã§ã³æ©èœãèšå®ããæ¹æ³ã説æã㟠ããWebAdmin ã® ããããã¯ãŒã¯ãããã¯ã·ã§ã³çµ±èšãããŒãžã«ã¯ãéä¿¡å ãã¹ããšå®å ãã¹ãã®äž¡æ¹ ã«å¯ŸããäŸµå ¥é²åŸ¡ã€ãã³ãããã³ç Žæ£ãããããŒã¿ãã±ããã®æŠèŠã衚瀺ãããŸããåã»ã¯ã·ã§ã³ ã«ã¯ã詳现 ããªã³ã¯ããããŸãã ãªã³ã¯ãã¯ãªãã¯ãããš WebAdmin ã®è©²åœããã¬ããŒãã»ã¯ã·ã§ã³ãè¡š 瀺ããã詳现ãªçµ±èšæ å ±ãåç §ã§ããŸãã ãã®ç« ã§ã¯ã次ã®ãããã¯ã«ã€ããŠèª¬æããŸãã l ãã¡ã€ã¢ãŠã©ãŒã« l ãããã¯ãŒã¯ã¢ãã¬ã¹å€æ (NAT) l äŸµå ¥é²åŸ¡(IPS) l ãµãŒãããŒããã©ã³ã·ã³ã° l ãã€ã¹ãªãŒã㌠IP (VoIP) l 詳现èšå® 8.1 ãã¡ã€ã¢ãŠã©ãŒã« ããããã¯ãŒã¯ãããã¯ã·ã§ã³ > ãã¡ã€ã¢ãŠã©ãŒã« ãã¡ãã¥ãŒã䜿çšãããšãã²ãŒããŠã§ã€ã®ãã¡ã€ã¢ ãŠã©ãŒã«ã«ãŒã«ãå®çŸ©ãã管çããããšãã§ããŸããäžè¬çã«ããã¡ã€ã¢ãŠã©ãŒã«ã¯ã²ãŒããŠã§ã€ã® äžæ žéšåã§ããããã¯ãŒã¯ç°å¢ã«ãããŠã»ãã¥ãªãã£ããªã·ãŒã§çŠæ¢ãããŠããéä¿¡ã劚ããŸããã ãã©ã«ãã® Sophos UTM ã® ã»ãã¥ãªãã£ããªã·ãŒã§ã¯ãã²ãŒããŠã§ã€ã®ä»ã®ãœãããŠã§ã¢ã³ã³ããŒãã³ ããæ©èœããããã«å¿ èŠãªãèªåçã«çæãããã«ãŒã«ã»ãããé€ããã¹ãŠã®ãããã¯ãŒã¯ãã© ãã£ãã¯ããããã¯ããŠãã°ããŸãããã ããèªåçã«çæãããã«ãŒã«ã»ããã¯ããã¡ã€ã¢ãŠã©ãŒã« > ã«ãŒã« ãã¿ãã«ã¯è¡šç€ºãããŸããããã®ããªã·ãŒã§ã¯ãã©ã®ããŒã¿ãã©ãã£ãã¯ã«ã²ãŒããŠã§ã€ã®éé ãèš±å¯ããããæ確ã«å®çŸ©ããå¿ èŠããããŸãã 8.1.1 ã«ãŒã« ããããã¯ãŒã¯ãããã¯ã·ã§ã³ > ãã¡ã€ã¢ãŠã©ãŒã« > ã«ãŒã« ãã¿ãã§ã¯ããã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ã»ãã ã管çã§ããŸããããã©ã«ãã§ã¯ãã¿ããéããšããŠãŒã¶ãäœæãããã¡ã€ã¢ãŠã©ãŒã«ã®ã«ãŒã«ã®ã¿ ã衚瀺ãããŸãããªã¹ãã®äžéšã®ããããããŠã³ãªã¹ãã䜿çšããŠãèªåãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ã® ã¿ããŸãã¯äž¡æ¹ã®ã¿ã€ãã®ã«ãŒã«ã衚瀺ããããšãéžæã§ããŸããèªåãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã« 8.1 ãã¡ã€ã¢ãŠã©ãŒã« 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ ã¯ãåºå¥ããããããã«èæ¯è²ãšãšãã«è¡šç€ºãããŸããèªåãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ã¯ãIPsec ã SSL æ¥ç¶ãäœæããå Žåãªã©ãããããã®èšå®ã®ãèªåãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã« ããã§ãã¯ããã¯ã¹ ã§éžæããèªåãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ã«åºã¥ã㊠UTM ã«ãã£ãŠçæãããŸãã æ°èŠã«å®çŸ©ãããã¹ãŠã®ãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ã¯ãã«ãŒã«ããŒãã«ã«è¿œå ããããšãããã©ã«ã ã§ç¡å¹ã«ãªããŸããèªåãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ãããã³æå¹åããããŠãŒã¶äœæã®ãã¡ã€ã¢ ãŠã©ãŒã«ã«ãŒã«ã¯ãæåã®ã«ãŒã«ãäžèŽãããŸã§ãæå®ã®é åºã§é©çšãããŸããèªåãã¡ã€ã¢ ãŠã©ãŒã«ã«ãŒã«ã¯ãåžžã«ãªã¹ãã®æäžéšã«è¡šç€ºãããŸãããŠãŒã¶äœæã®ãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã« ã®åŠçé åºã¯äœçœ®çªå·ã«ãã£ãŠæ±ºãŸããããäœçœ®çªå·ã«ãã£ãŠã«ãŒã«ã®é åºãå€æŽãããšãåŠ çé åºãå€ãããŸãã èŠå â ãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ãäžèŽãããšãä»ã®ãã¹ãŠã®ã«ãŒã«ã¯ç¡èŠãããŸãããã®ããã ã«ãŒã«ã®é çªã¯éåžžã«éèŠã§ããããã¹ãŠ (éä¿¡å )ã â ããã¹ãŠ (ãµãŒãã¹)ã â ããã¹ãŠ (å®å )ã â ãèš±å¯ ãã®ãããªã«ãŒã«ã¯ãã«ãŒã«ããŒãã«ã®äžéšã«ã¯é 眮ããªãã§ãã ããããã®ãããªã«ãŒã« ãã«ãŒã«ããŒãã«ã®äžéšã«é 眮ãããšãåãã±ãããã²ãŒããŠã§ã€ãåæ¹åã«ééã§ããããã«ãª ãã以éã®ä»ã®ã«ãŒã«ã¯ãã¹ãŠç¡èŠãããŸãã ãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãã«ãŒã« ãã¿ãã§ããæ°èŠã«ãŒã« ããã¯ãªãã¯ããŸãã ãæ°èŠã«ãŒã«äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ã°ã«ãŒã:ãã°ã«ãŒãããªãã·ã§ã³ã¯ãè€æ°ã®ã«ãŒã«ãè«ççã«ã°ã«ãŒãåããã®ã«äŸ¿å©ã§ ãããªã¹ãã®äžéšã®ããããããŠã³ãªã¹ãã䜿çšããŠãã°ã«ãŒãããšã«ã«ãŒã«ããã£ã«ã¿ãªã³ã° 衚瀺ã§ããŸããã°ã«ãŒãåã¯è¡šç€ºçšã®ã¿ã§ãã«ãŒã«ã®äžèŽã«ã¯é¢ä¿ãããŸãããæ°ããã° ã«ãŒããäœæããã«ã¯ãã<< æ°èŠã°ã«ãŒã >>ããšã³ããªãéžæããã°ã«ãŒãã説æããååã ãåå ãã«å ¥åããŸãã åªå é äœ:åªå é äœçªå·ãããã«ãã£ãŠã«ãŒã«ã®åªå é äœãå®çŸ©ãããŸããçªå·ãå°ãã ã»ã©åªå é äœãé«ããªããŸããã«ãŒã«ã¯æé ã«ç §åãããŸããããã«ãŒã«ãäžèŽãããšãã ã以éããããã倧ããçªå·ã®ã«ãŒã«ã¯è©äŸ¡ãããŸããã éä¿¡å :ãã±ããã®éä¿¡å ã®ãã¹ããŸãã¯ãããã¯ãŒã¯ã説æããéä¿¡å ãããã¯ãŒã¯ã®å®çŸ© ãè¿œå ããŸãã ãµãŒãã¹:ãããã³ã«ã説æãããµãŒãã¹å®çŸ©ãè¿œå ããŸããTCP ãŸã㯠UDP ã®å Žåã¯ãã ã±ããã®éä¿¡å ããã³å®å ããŒãã«ãªããŸãã å®å :ãã±ããã®ã¿ãŒã²ãããã¹ããŸãã¯ãããã¯ãŒã¯ã説æããå®å ãããã¯ãŒã¯ã®å®çŸ©ãè¿œ å ããŸãã 220 UTM 9 管çã¬ã€ã 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ 8.1 ãã¡ã€ã¢ãŠã©ãŒã« 泚 â ïŒã€ä»¥äžã®éä¿¡å ããµãŒãã¹ãšããããã¯éä¿¡å ãéžæããå Žåããã®ã«ãŒã«ã¯å šãŠ ã®é©åå¯èœãªéä¿¡å -ãµãŒãã¹âéä¿¡å ã®çµã¿åããã«å¯ŸããŠé©çšãããŸããäŸãã° ã«ãŒã«ã ïŒã€ã®éä¿¡å ãïŒã€ã®ãµãŒãã¹ãïŒã€ã®éä¿¡å ãšé©åããå ŽåãïŒã€ã®ã«ãŒã«ãš åäžãšãªãããšããããŸããããã¯ããããã®éä¿¡å ãšéä¿¡å ãäž¡æ¹ã®ãµãŒãã¹ãå©çšã ãŠããå Žåã§ãã ã¢ã¯ã·ã§ã³:ã¢ã¯ã·ã§ã³ã¯ãã«ãŒã«ã«äžèŽãããã©ãã£ãã¯ã«å¯ŸããåŠçã説æããŸãã次㮠ã¢ã¯ã·ã§ã³ãéžæã§ããŸãã l èš±å¯:æ¥ç¶ãèš±å¯ãããã©ãã£ãã¯ãéããŸãã l ç Žæ£:ãã®ã¢ã¯ã·ã§ã³ãæå®ãããã«ãŒã«ãšäžèŽãããã±ããã¯ãèŠåãªãã§ããããã ããŸãã l æåŠ:ãã®ã¢ã¯ã·ã§ã³ãæå®ãããã«ãŒã«ãšäžèŽããæ¥ç¶èŠæ±ã¯ã¢ã¯ãã£ãã«æåŠã ããŸããéä¿¡è ã«ã¯ ICMP ã¡ãã»ãŒãžã§éç¥ãããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. 次ã®è©³çŽ°èšå®ãä»»æã§è¡ããŸãã æé垯:ããã©ã«ãã§ã¯ãæé垯ã¯éžæãããŠããŸãããã€ãŸããã«ãŒã«ã¯åžžã«æå¹ã§ãã æéå®çŸ©ãéžæãããšãæéå®çŸ©ã§æå®ãããæéã ãã«ãŒã«ãæå¹ã«ãªããŸãã詳现 ã¯ãæé垯å®çŸ© ãåç §ããŠãã ããã ãã©ãã£ãã¯ããã°:ãã®ãªãã·ã§ã³ãéžæãããšããã°ãæå¹ã«ãªããã«ãŒã«ã«äžèŽãããã±ã ãããã¡ã€ã¢ãŠã©ãŒã«ãã°ã«ãã°ãããŸãã éä¿¡å MAC ã¢ãã¬ã¹:ãã±ããã®éä¿¡å ã説æãã MAC ã¢ãã¬ã¹å®çŸ©ãéžæããŸããéžæ ãããšãããã§éä¿¡å MAC ã¢ãã¬ã¹ãå®çŸ©ãããŠããå Žåã®ã¿ããã±ããã¯ã«ãŒã«ã«äžèŽã ãŸããMAC ã¢ãã¬ã¹ãªã¹ããšéä¿¡å ãããã¯ãŒã¯ãä»»æ ãã¯ãåæã«æå®ã§ããªãããšã«æ³šæã ãŠãã ãããMAC ã¢ãã¬ã¹ãªã¹ãã®å®çŸ©ã¯ããå®çŸ©ãšãŠãŒã¶ > ãããã¯ãŒã¯å®çŸ© > MAC ã¢ã㬠ã¹å®çŸ© ãã¿ãã§å®çŸ©ããŸãã 4. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããã«ãŒã«ããã«ãŒã« ããªã¹ãã«è¡šç€ºãããŸãã 5. ãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ãæå¹ã«ããŸãã æ°ããã«ãŒã«ã¯ããã©ã«ãã§ç¡å¹ã«ãªã£ãŠããŸã (ãã°ã«ã¹ã€ããã¯ã°ã¬ãŒè¡šç€º)ãã«ãŒã«ã æå¹ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ããã§ã«ãŒã«ãæå¹ã«ãªããŸã (ãã°ã«ã¹ã€ããã¯ç·è²)ã ã«ãŒã«ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã UTM 9 管çã¬ã€ã 221 8.1 ãã¡ã€ã¢ãŠã©ãŒã« 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ ã©ã€ããã°ãéã:ãã£ã«ã¿ããããã±ããã®ãªã¢ã«ã¿ã€ã ãã°ãå«ããããã¢ãããŠã£ã³ããŠãéã㟠ãã衚瀺ã¯å®æçã«æŽæ°ãããŠãææ°ã®ãããã¯ãŒã¯ã¢ã¯ãã£ããã£ã瀺ãããŸããé©çšãããã¢ã¯ ã·ã§ã³ã«ãã£ãŠãèæ¯è²ã次ã®ããã«å€åããŸãã l èµ€è²:ãã±ããã¯ç Žæ£ãããŸããã l é»è²:ãã±ããã¯æåŠãããŸããã l ç·è²:ãã±ããã¯èš±å¯ãããŸããã l ã°ã¬ãŒ:ã¢ã¯ã·ã§ã³ã決å®ã§ããŸããã§ããã ã©ã€ããã°ã«ã¯ããã±ãããæåŠãããåå ãšãªã£ããã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ã«é¢ããæ å ±ãå«ãŸ ããŸããããããæ å ±ã¯ã«ãŒã«ã®ãããã°ã«äžå¯æ¬ ã§ãã æ€çŽ¢æ©èœã䜿çšããŠãç¹å®ãšã³ããªã«ã€ããŠãã¡ã€ã¢ãŠã©ãŒã«ãã°ããã£ã«ã¿ã§ããŸããæ€çŽ¢æ©èœã§ ã¯ãè¡šçŸã®åã«ããã·ã¥ ( - ) ãä»ããããšã§ããã®è¡šçŸãç¡å¹ã«ã§ããŸããããšãã°ã-WebAdmin ãšæå®ãããšããã®è¡šçŸãå«ããã¹ãŠã®è¡ãé£ç¶ããŠé衚瀺ã«ã§ããŸãã ãèªåã¹ã¯ããŒã« ããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ãããšããŠã£ã³ããŠã®ã¹ã¯ããŒã«ããŒãèªåçã« ã¹ã¯ããŒã«ããŠã³ããŠãåžžã«ææ°ã®çµæã衚瀺ãããŸãã 以äžã«ããã¡ã€ã¢ãŠã©ãŒã«ã®èšå®ã«é¢ããåºæ¬çãªãã³ããããã€ã瀺ããŸãã l ç Žæ£ãããããŒããã£ã¹ã:ããã©ã«ãã§ã¯ããã¹ãŠã®ãããŒããã£ã¹ãã¯ç Žæ£ããããã°ããã ãŸãã (詳现ã¯è©³çŽ°ãåç §)ããã®æ©èœã¯ NetBIOS (ããšãã°ãMicrosoft Windows ãªãã¬ãŒ ãã£ã³ã°ã·ã¹ãã ) ã䜿çšããå€æ°ã®ã³ã³ãã¥ãŒã¿ããæããããã¯ãŒã¯ã§åœ¹ç«ã¡ãŸãããã®ç ç±ã¯ããã¡ã€ã¢ãŠã©ãŒã«ã®ãã°ãã¡ã€ã«ã¯ããããŒããã£ã¹ãã«ãã£ãŠããã«ãã£ã±ãã«ãªã ããã§ãããããŒããã£ã¹ãã®ããããã«ãŒã«ãæåã§å®çŸ©ããã«ã¯ãæ¥ç¶ããããã¹ãŠã® ãããã¯ãŒã¯ã®ãããŒããã£ã¹ãã¢ãã¬ã¹ã®å®çŸ©ãã°ã«ãŒãå ãã255.255.255.255/255.255.255.255 ã® "global_broadcast" å®çŸ©ãè¿œå ãã次ã«ãã¡ ã€ã¢ãŠã©ãŒã«èšå®äžéšã§ãããã®ã¢ãã¬ã¹ã«å¯Ÿãããã¹ãŠã®ãã©ãã£ãã¯ãããããããã«ãŒ ã«ãè¿œå ããŸãããããŒããã£ã¹ããå€çšãããããã¯ãŒã¯ã§ã¯ãããã«ãã£ãŠã·ã¹ãã ã®ã ãã©ãŒãã³ã¹ãåäžããŸãã l IDENT ãã©ãã£ãã¯ã®ãªãžã§ã¯ã:IDENT ãªããŒã¹ãããã·ã䜿çšããªãå Žåã¯ãå éšããã ã¯ãŒã¯ã®ããŒã113 (IDENT) ãžã®ãã©ãã£ãã¯ãã¢ã¯ãã£ãã«æåŠã§ããŸããããã«ã ããFTPãIRCãããã³ SMTP ãªã©ã® IDENT ã䜿çšãããµãŒãã¹ã®é·ãã¿ã€ã ã¢ãŠããé²æ¢ã§ ããŸãã Note â ãã¹ã«ã¬ãŒãã£ã³ã°ã䜿çšããŠããå Žåã¯ããã¹ã«ã¬ãŒããããŠãããããã¯ãŒã¯ã« 察ãã IDENT èŠæ±ãããã¹ã«ã¬ãŒãããã€ã³ã¿ãã§ãŒã¹ã«å±ããŸãã 222 UTM 9 管çã¬ã€ã 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ l 8.1 ãã¡ã€ã¢ãŠã©ãŒã« NAT ã¯ãããã¯ãŒã¯ãã±ããã®ã¢ãã¬ã¹ãå€æŽããããããã¡ã€ã¢ãŠã©ãŒã«ã®æ©èœã«åœ±é¿ã äžããŸãã l DNAT 㯠ãã¡ã€ã¢ãŠã©ãŒã«ã® åã«é©çšããŸããããã¯ããã¡ã€ã¢ãŠã©ãŒã«ãããã§ã«å€ æããããã±ããããèŠããããšãæå³ããŸããDNAT é¢é£ã®ãµãŒãã¹ã«ã«ãŒã«ãè¿œå ããéã¯ããããèæ ®ããããšãå¿ èŠã§ãã l SNAT ããã³ãã¹ã«ã¬ãŒãã£ã³ã°ã¯ ãã¡ã€ã¢ãŠã©ãŒã«ã® åŸã«é©çšãããŸããããã¯ã ãã¡ã€ã¢ãŠã©ãŒã«ã¯ããªãªãžãã«ã®éä¿¡å ã¢ãã¬ã¹ãæã€å€æãããŠããªããã±ãã ããŸã ãèŠããããšãæå³ããŸãã ããŒãã«ãããã®ã³ã³ãããŒã«ããã«ã䜿çšããŠãç¹å®ã®åºæºã§ãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ããã£ã«ã¿ ããŠãèªã¿ãããããã«ã«ãŒã«ãåæ§æã§ããŸããã°ã«ãŒããå®çŸ©ããŠããå Žåã¯ãããããããŠã³ ã¡ãã¥ãŒããã°ã«ãŒããéžæãããã®ã°ã«ãŒãã«å±ãããã¹ãŠã®ã«ãŒã«ãèŠãããšãã§ããŸããæ€ çŽ¢ãã£ãŒã«ãã䜿çšããŠãããŒã¯ãŒããããã¯åã«æååãæ¢ããŠãããã«é¢é£ããã«ãŒã«ã衚瀺 ã§ããŸããæ€çŽ¢ã¯ãã«ãŒã«ã®éä¿¡å ãå®å ããµãŒãã¹ãã°ã«ãŒãåãããã³ã³ã¡ã³ãã§æ§æãã㟠ãã 8.1.2 éåä¿¡åœå¥ããã㯠ããããã¯ãŒã¯ãããã¯ã·ã§ã³ > ãã¡ã€ã¢ãŠã©ãŒã« > éåä¿¡åœå¥ããã㯠ãã¿ãã§ãç¹å®ã®åœãå°åãž ã®éåä¿¡ãã©ãã£ãã¯ããããã¯ã§ããŸãã1ã€ã®åœãå°åãããã¯å€§éžå šäœããããã¯ã§ããŸããã ã®ãããã¯ã¯ããã¹ãã® IP ã¢ãã¬ã¹ã® GeoIP æ å ±ã«åºã¥ããŠããŸãã éåä¿¡åœå¥ãããã¯ãæå¹ã«ããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. éåä¿¡åœå¥ãããã¯ãæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«ãªãããåœ ãã»ã¯ã·ã§ã³ãç·šéå¯èœã«ãªããŸãã 2. ãããã¯ããå ŽæãéžæããŸãã å°ååã®åã«ããããããããŠã³ãªã¹ãã§ã該åœããå°åã®ãããã¯ã¹ããŒã¿ã¹ãæå®ã㟠ãã l ãã¹ãŠ:ãã®å°åãžã®éåä¿¡ãã©ãã£ãã¯ãã¹ãŠããããã¯ããŸãã l éä¿¡å :ãã®å°åããã®åä¿¡ãã©ãã£ãã¯ãã¹ãŠããããã¯ããŸãã l å®å :ãã®å°åãžã®éä¿¡ãã©ãã£ãã¯ãã¹ãŠããããã¯ããŸãã l OFF:ãã®å°åãšã®éåä¿¡ãã©ãã£ãã¯ãèš±å¯ããŸãã UTM 9 管çã¬ã€ã 223 8.1 ãã¡ã€ã¢ãŠã©ãŒã« 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ ãã³ã â ç¹å®ã®å€§éžã«ãããã¹ãŠã®å°åã«å¯ŸããŠãåããããã¯ã¹ããŒã¿ã¹ã容æã«æå® ã§ããŸããããã«ã¯ã倧éžåã®åã«ããããããããŠã³ãªã¹ãã§ãå¿ èŠãªãããã¯ã¹ããŒã¿ã¹ ãéžæããŸãã 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã ããã§ãéžæããå°åãšã®éåä¿¡ãã©ãã£ãã¯ã«ãæå®ãããããã㯠ã¹ããŒã¿ã¹ãé©çšãããŸãããããã¯ããé€å€ããå°åã¯ããåœãããã¯ã®äŸå€ ãã¿ãã§æå® ã§ããŸãã ãã³ã â ãã®ããŒãžã®åã»ã¯ã·ã§ã³ã¯ãã»ã¯ã·ã§ã³ãããã®å³ã«ããã¢ã€ã³ã³ãã¯ãªãã¯ããŠãæãã ãã¿/å±éã§ããŸãã 8.1.3 éåä¿¡åœé€å€ ãNetwork Protection > ãã¡ã€ã¢ãŠã©ãŒã« > åœãããã¯ã®äŸå€ ãã¿ãã§ããéåä¿¡åœå¥ããã㯠ãã¿ãã§ã ããã¯ããåœã«å¯ŸããäŸå€ãæå®ã§ããŸããéåä¿¡æ¹åããã©ãã£ãã¯ã®ãµãŒãã¹ã«å¿ããŠãã ããã¯ããåœ/å°åãšç¹å®ã®ãã¹ã/ãããã¯ãŒã¯éã®ãã©ãã£ãã¯ã«å¯ŸããŠãäŸå€ãæå®ã§ããŸãã åœãããã¯ã®äŸå€ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãæ°èŠé€å€ãªã¹ãããã¯ãªãã¯ããŸãã ãé€å€ãªã¹ããäœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:é€å€ã説æããååãå ¥åããŠãã ããã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã ãããã¯ããªã: l å°å:ããããããŠã³ãªã¹ãã䜿çšããŠããåœ ãããã¯ã¹ã«è¡šç€ºãããåœãçµã蟌ãããšã ã§ããŸãã l åœ:äŸå€ãæå®ããåœãå°åã®åã«ãããã§ãã¯ããã¯ã¹ãéžæããŸãããã¹ãŠã®åœ ãäžåºŠã«éžæããã«ã¯ãããã¹ãŠéžæ ããã§ãã¯ããã¯ã¹ãéžæããŸãã ãã¹ãŠã®ãªã¯ãšã¹ã:åœãããã¯ããé€å€ããå Žåã®æ¡ä»¶ãéžæããŸããéä¿¡ãã©ãã£ãã¯ã åä¿¡ãã©ãã£ãã¯ããšã«ã察象ã«ãããã¹ã/ãããã¯ãŒã¯ãäžéšã®ããã¯ã¹ã§æå®ã§ããŸãã l 224 ãã¹ã/ãããã¯ãŒã¯:éžæããããããããŠã³ãªã¹ãã®ãšã³ããªã«å¿ããŠãæå®ããåœãšã® éä¿¡ãåä¿¡ãèš±å¯ãããã©ãã£ãã¯ã®ãã¹ã/ãããã¯ãŒã¯ãè¿œå ãŸãã¯éžæããŸãã UTM 9 管çã¬ã€ã 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ 8.1 ãã¡ã€ã¢ãŠã©ãŒã« 䜿çšãããµãŒãã¹:éžæãããã¹ã/ãããã¯ãŒã¯ãšãåœ/å°åã®éã§èš±å¯ãããµãŒãã¹ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã åœãããã¯ã®äŸå€ã®ææ°æ å ±ãããåœãããã¯ã®äŸå€ ããªã¹ãã«è¡šç€ºãããŸãã é€å€ã«ãŒã«ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 8.1.4 ICMP ããããã¯ãŒã¯ãããã¯ã·ã§ã³ > ãã¡ã€ã¢ãŠã©ãŒã« > ICMP ãã¿ãã§ãã€ã³ã¿ãŒãããå¶åŸ¡ã¡ãã»ãŒãžããã ã³ã« (ICMP) ã®èšå®ãæ§æã§ããŸããICMP ã䜿çšããŠããã¹ãéã§æ¥ç¶é¢é£ã®ã¹ããŒã¿ã¹æ å ±ã ããåãããŸããICMP ã¯ãããã¯ãŒã¯æ¥ç¶ã®ãã¹ãããããã¯ãŒã¯ã®åé¡ã®ãã©ãã«ã·ã¥ãŒãã£ã³ã° ã«éèŠã§ãã ãã®ã¿ãã§ä»»æã® ICMP ãã©ãã£ãã¯ãèš±å¯ãããšããã¡ã€ã¢ãŠã©ãŒã«ã® ICMP èšå®ãäžæžããã㟠ããç¹å®ã®ãã¹ãããããã¯ãŒã¯ã ãã« ICMP ãèš±å¯ããå Žåã¯ãããã¡ã€ã¢ãŠã©ãŒã« > ã«ãŒã« ãã¿ã ã䜿çšããŸãã ã° ã ãŒãã« ICMP èšå® 以äžã®ã°ããŒãã« ICMP ãªãã·ã§ã³ãå©çšã§ããŸãã l ã²ãŒããŠã§ã€äžã§ã®ICMPãèš±å¯:ãã®ãªãã·ã§ã³ã§ãã©ã®çš®é¡ã® ICMP ãã±ããã«ãã²ãŒããŠã§ ã€ã察å¿ã§ããããã«ããŸãã l ICMPã®ã²ãŒããŠã§ã€ééãèš±å¯:ãã®ãªãã·ã§ã³ã䜿çšãããšããã±ãããå éšãããã¯ãŒã¯ã ã€ãŸãããã©ã«ãã²ãŒããŠã§ã€ã䜿çšããªããããã¯ãŒã¯ããéä¿¡ãããå Žåããã¹ãŠã® ICMP ãã±ãããã²ãŒããŠã§ã€ãéããŠè»¢éå¯èœã«ãªããŸãã l ICMPãªãã€ã¬ã¯ãããã°:ICMP ãªãã€ã¬ã¯ãã¯ããã±ããã®å®å ãžã®ããè¯ãã«ãŒããæ¢ãã ãã«ã1å°ã®ã«ãŒã¿ããå¥ã®ã«ãŒã¿ã«éä¿¡ãããŸããã«ãŒã¿ã¯ã«ãŒãã£ã³ã°ããŒãã«ãå€æŽã ãŠãããé©åãšæ³å®ãããã«ãŒããçµç±ããŠåãå®å ã«ãã±ãããéããŸãããã®ãªãã·ã§ã³ã éžæãããšãã²ãŒããŠã§ã€ãåä¿¡ãããã¹ãŠã® ICMP ãªãã€ã¬ã¯ãããã¡ã€ã¢ãŠã©ãŒã«ãã°ã« ãã°ãããŸãã p in g èšå® ping ããã°ã©ã ã¯ãIP ãããã¯ãŒã¯ã暪æããŠç¹å®ãã¹ãã«å°éã§ãããã©ããããã¹ãããããã® ã³ã³ãã¥ãŒã¿ãããã¯ãŒã¯ããŒã«ã§ããping ã¯ãICMP ãšã³ãŒèŠæ± ãã±ãããã¿ãŒã²ãããã¹ãã«éä¿¡ ããICMP ãšã³ãŒå¿ç ã«ããè¿ä¿¡ãåŸ æ©ããããšã§æ©èœããŸããping ã¯ãééã®ã¿ã€ãã³ã°ãšå¿ççã 䜿çšããŠããã¹ãéã®åŸåŸ©æéãšãã±ããçŽå€±çãè©äŸ¡ããŸãã 以äžã® ping ãªãã·ã§ã³ãå©çšã§ããŸãã UTM 9 管çã¬ã€ã 225 8.1 ãã¡ã€ã¢ãŠã©ãŒã« 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ l ã²ãŒããŠã§ã€ã¯ ping ã§å¯èŠ:ã²ãŒããŠã§ã€ã¯ ICMP ãšã³ãŒèŠæ± ãã±ããã«å¿çããŸãããã®æ©èœ ã¯ããã©ã«ãã§æå¹ã«ãªã£ãŠããŸãã l ã²ãŒããŠã§ã€ããã® ping:ã²ãŒããŠã§ã€ã§ ping ã³ãã³ãã䜿çšã§ããŸãããã®æ©èœã¯ããã©ã«ã ã§æå¹ã«ãªã£ãŠããŸãã l ã²ãŒããŠã§ã€ã¯ ping ã転é:ã²ãŒããŠã§ã€ã¯ãå éšãããã¯ãŒã¯ãã€ãŸãããã©ã«ãã²ãŒããŠã§ã€ ã䜿çšããªããããã¯ãŒã¯ããéä¿¡ããã ICMP ãšã³ãŒèŠæ± ããã³ãšã³ãŒå¿ç ãã±ããã転é ããŸãã Tr ace r ou te èšå® traceroute (ãã¬ãŒã¹ã«ãŒã) ããã°ã©ã ã¯ãIP ãããã¯ãŒã¯äžã§ãã±ããã䜿çšããã«ãŒãã®æ±ºå®ã« 䜿çšãããã³ã³ãã¥ãŒã¿ãããã¯ãŒã¯ããŒã«ã§ããtraceroute ã¯ããã±ããã®äŒéã«é¢äžããã«ãŒã¿ ã® IP ã¢ãã¬ã¹ãäžèŠ§è¡šç€ºããŸããäžå®ã®æéå ã«ãã±ããã®ã«ãŒããå€æã§ããªãå Žåã¯ãIP 㢠ãã¬ã¹ã®ä»£ããã«ã¢ã¹ã¿ãªã¹ã¯ (*) ã§å ±åããŸããäžå®ã®åæ°ã ã倱æãããšã確èªäœæ¥ã¯çµäºã ãŸãã確èªã®äžæã«ã¯å€ãã®çç±ãèããããŸãããã»ãšãã©ã®å Žåã¯ããããã¯ãŒã¯ãã¹ã®ãã¡ ã€ã¢ãŠã©ãŒã«ã traceroute ãã±ããããããã¯ããããšãåå ãšãªããŸãã 以äžã® traceroute ãªãã·ã§ã³ãå©çšã§ããŸãã l ã²ãŒããŠã§ã€ã¯ traceroute ã§å¯èŠ:ã²ãŒããŠã§ã€ã¯ traceroute ãã±ããã«å¿çããŸãã l ã²ãŒããŠã§ã€ã¯ traceroute ã転é:ã²ãŒããŠã§ã€ã¯ å éšãããã¯ãŒã¯ãã€ãŸãããã©ã«ãã²ãŒã ãŠã§ã€ã䜿çšããªããããã¯ãŒã¯ããéä¿¡ããã traceroute ã転éããŸãã 泚 â ããã«ãUNIX traceroute ã¢ããªã±ãŒã·ã§ã³çšã® UDP ããŒããéããŸãã 8.1.5 詳现 ããããã¯ãŒã¯ãããã¯ã·ã§ã³ > ãã¡ã€ã¢ãŠã©ãŒã« > 詳现 ãã¿ãã«ã¯ããã¡ã€ã¢ãŠã©ãŒã«ããã³ NAT ã«ãŒ ã«ã®è©³çŽ°èšå®ãå«ãŸããŠããŸãã ã³ ãã¯ã·ã§ã³ ã ã©ããã³ ã° ã ã«ã ã³ãã¯ã·ã§ã³ãã©ããã³ã°ãã«ãã䜿çšããããšã«ãããè€æ°ã®ãããã¯ãŒã¯ã³ãã¯ã·ã§ã³ã䜿çšããã ããã³ã«ã§ãã¡ã€ã¢ãŠã©ãŒã«ãããã¯NATã«ãŒã«ã䜿çšã§ããŸãããã¡ã€ã¢ãŠã©ãŒã«ãåãæ±ããã¹ ãŠã®æ¥ç¶ã¯ãconntrack ã«ãŒãã«ã¢ãžã¥ãŒã« (ã³ãã¯ã·ã§ã³ãã©ããã³ã°ããã»ã¹ãšãåŒã°ããŸã) 㧠远跡ããŸããFTP ã IRC ãªã©ã®ãããã³ã«ã«ã¯ããã€ãã®ããŒããéãããšãå¿ èŠã§ããããã®æ£åžž ãªæ©èœããµããŒãããç¹å¥ãªã³ãã¯ã·ã§ã³ãã©ããã³ã°ãã«ããå¿ èŠã«ãªããŸãããããã®ãã«ã㯠ç¹å¥ãªã«ãŒãã«ã¢ãžã¥ãŒã«ã§ãè¿œå ã®æ¥ç¶ãããããæåã®æ¥ç¶ã«é¢é£ä»ããããšã«ãã£ãŠ (é åžžã¯ããŒã¿ã¹ããªãŒã ããé¢é£ããã¢ãã¬ã¹ãèªã¿åãããšã§) ç¹å®ããŸãã 226 UTM 9 管çã¬ã€ã 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ 8.1 ãã¡ã€ã¢ãŠã©ãŒã« ããšãã°ãFTP ã®æ¥ç¶ãæ£åžžã«æ©èœããã«ã¯ãFTP conntrack ãã«ããéžæããå¿ èŠããããŸãã ãã㯠FTP ãããã³ã«ã®ç¹ç°æ§ã«ãããã®ã§ãããã«ãã£ãŠ FTP ã³ã³ãããŒã«ã³ãã¯ã·ã§ã³ãšåŒã°ã ãåäžã®æ¥ç¶ã確ç«ããŸãããã®æ¥ç¶ã§ã³ãã³ããçºè¡ããããšãä»ã®ããŒããéããŠãã®ç¹å®ã³ ãã³ãã«é¢é£ããããŒã¿ã®æ®ããå®è¡ããŸã (äŸ: ããŠã³ããŒããããã¯ã¢ããããŒã)ãåé¡ã¯ããã ãã¯åçã«ããŽã·ãšãŒãããããããã²ãŒããŠã§ã€ããããã®ç¹å¥ãªããŒããç¥ããªãããšããããšã§ ãããããã£ãŠãã²ãŒããŠã§ã€ã¯ããããã®ç¹å®ã®ããŒãã§ãµãŒããã¯ã©ã€ã¢ã³ãã«æ¥ç¶ãããªãã ã°ãªããªãã (ã¢ã¯ãã£ã㪠FTP æ¥ç¶)ããŸãã¯ã€ã³ã¿ãŒãããäžã§ã¯ã©ã€ã¢ã³ãã FTP ãµãŒãã«æ¥ç¶ ãããªããã°ãªããªãã (ããã·ã㪠FTP æ¥ç¶) ãç¥ãããšãã§ããŸããã ããã FTP conntrack ãã«ãã圹ã«ç«ã€çç±ã§ãããã®ç¹å¥ãªãã«ãã¯ç¹å¥ãªã³ãã¯ã·ã§ã³ãã©ã ãã³ã°ã¢ãžã¥ãŒã«ã«è¿œå ãããç¹å¥ãªæ å ±ã®å¶åŸ¡æ¥ç¶ (éåžžã¯ããŒã21) ãã¹ãã£ã³ããŸãããã« ããæ£ããæ å ±ã«åºäŒããšããã®æ å ±ãã³ã³ãããŒã«ã³ãã¯ã·ã§ã³ã®é¢é£æ å ±ãšããŠæ³å®ãããæ¥ ç¶ã®ãªã¹ãã«è¿œå ããŸããããã«ãããã²ãŒããŠã§ã€ã§æåã® FTP ã³ãã¯ã·ã§ã³ãšé¢é£ããå šã³ã㯠ã·ã§ã³ã®äž¡æ¹ã远跡ããããšãå¯èœã«ãªããŸãã ã³ãã¯ã·ã§ã³ãã©ããã³ã°ãã«ãã¯ä»¥äžã®ãããã³ã«ã§äœ¿çšã§ããŸãã l FTP l IRC (DCCçš) l PPTP l TFTP 泚 â ãã¡ã€ã¢ãŠã©ãŒã«ã§ PPTP VPN ãµãŒãã¹ãæäŸãããå Žåã¯ãPPTP ãã«ãã¢ãžã¥ãŒã«ã ããŒãããå¿ èŠããããŸããããŒãããªããšãPPTPã»ãã·ã§ã³ã¯ç¢ºç«ã§ããŸããããã®çç± ã¯ãPPTP ã¯ãå¥åã® IP ãããã³ã«ã® Generic Routing Encapsulation (GRE) éä¿¡ã«åãæããå ã«ãTCP ããŒã 1723 æ¥ç¶ã確ç«ããããã§ããPPTP ãã«ãã¢ãžã¥ãŒã«ãããŒãããªããšããã¹ãŠ ã® GRE ãã±ããã¯ã²ãŒããŠã§ã€ã«ãããã¯ãããŸããPPTP ãã«ãã¢ãžã¥ãŒã«ã䜿çšããªãå Žå ã¯ã代ããã«ãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ãæåã§è¿œå ããåä¿¡ããã³éä¿¡ãã©ãã£ãã¯ã§ GRE ãã±ã ããèš±å¯ããŸãã ãã ã ã³ ã«åŠç TCP ãŠã£ã³ããŠã¹ã±ãŒãªã³ã°ã®æå¹å:TCP ã®åä¿¡ãŠã€ã³ã㊠(RWin) ãµã€ãºã¯ãæ¥ç¶æã«ãããã¡ ã§ããåä¿¡ããŒã¿é (ãã€ãåäœ) ã§ããéä¿¡åŽãã¹ãã¯ãåä¿¡åŽãã¹ãããã®å信確èªãšãŠã£ã³ã ãŠã®æŽæ°ãåŸ ã€éããã®éã®ããŒã¿ã®ã¿ãéä¿¡ã§ããŸããé«åž¯åå¹ ãããã¯ãŒã¯ãããã«å¹çç㫠䜿çšããããã«ã倧ã㪠TCP ãŠã€ã³ããŠãµã€ãºã䜿çšã§ããŸãããã ããTCP ãŠã€ã³ããŠãµã€ãºã® ãã£ãŒã«ãã¯ããŒã¿ã®æµããå¶åŸ¡ãã2ãã€ãããã㯠65535ãã€ãã®ãŠã€ã³ããŠãµã€ãºã«å¶éãã㊠ããŸãããµã€ãºãã£ãŒã«ãã¯æ¡åŒµã§ããªããããã¹ã±ãŒãªã³ã°ãã¡ã¯ã¿ã䜿çšããŸããTCP ãŠã€ã³ã㊠ã®ã¹ã±ãŒãªã³ã°ã¯ TCP/IP ã¹ã¿ãã¯ã®ã«ãŒãã«ãªãã·ã§ã³ã§ãæ倧ãŠã€ã³ããŠãµã€ãºã 65535ãã€ãã UTM 9 管çã¬ã€ã 227 8.1 ãã¡ã€ã¢ãŠã©ãŒã« 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ ã 1ã®ã¬ãã€ãã«æ¡å€§ããããã«äœ¿çšã§ããŸããããã©ã«ãã§ã¯ãŠã€ã³ããŠã¹ã±ãŒãªã³ã°ãæå¹ã« ãªã£ãŠããŸããããããã«ãŒã¿ãããŒããã©ã³ãµãã²ãŒããŠã§ã€ãªã©ã®äžéšã®ãããã¯ãŒã¯ããã€ã¹ã¯ ãŠã€ã³ããŠã®ã¹ã±ãŒãªã³ã°ããŸã å®å šã«ã¯ãµããŒãããŠããªããããç°å¢ã«ãã£ãŠã¯ã¹ã±ãŒãªã³ã°ã ãªãã«ããããšãå¿ èŠãªå ŽåããããŸãã å³å¯ãª TCP ã»ãã·ã§ã³åŠçã䜿çš:ããã©ã«ãã§ã¯ãã·ã¹ãã ã¯ãããã¯ãŒã¯æ©èœã®ãªã»ããã«ããã ã³ãã¯ã·ã§ã³ãã©ããã³ã°ããŒãã«ã§çŸåšæ±ãããŠããªãæ¢åã® TCP æ¥ç¶ãæœåºã§ããŸãããã㯠SSH ããã³ Telnet ãªã©ã®å¯Ÿè©±åã»ãã·ã§ã³ãããããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ãäžæçã«å©çšã§ããªã å Žåã«åæ¢ããªãããšãæå³ããŸãããã®ãªãã·ã§ã³ãæå¹ã«ãããšããã®ãããªã»ãã·ã§ã³ãå床確 ç«ããã«ã¯æ°ãã 3WAY ãã³ãã·ã§ãŒã¯ãåžžã«å¿ èŠã«ãªããŸããäžè¬çã«ã¯ãã®ãªãã·ã§ã³ã¯ãªã ã®ãŸãŸã«ããŠããããšããå§ãããŠããŸãã ãã±ããé·ã®æå¹æ§ã確èª:æå¹ã«ãããšããã¡ã€ã¢ãŠã©ãŒã«ã¯ãICMPãTCPããŸã㯠UDP ãããã³ ã«ã®äœ¿çšæã«ãããŒã¿ãã±ãããæå°é·ãæºãããŠããããã§ãã¯ããŸããããŒã¿ãã±ãããæå°å€ ããå°ããå Žåããããã¯ãããã¯ããããã®èšé²ããã¡ã€ã¢ãŠã©ãŒã«ãã°ã«æžã蟌ãŸããŸãã Spoof (ãªãããŸã) é²åŸ¡:ããã©ã«ãã§ããªãããŸãä¿è·ã¯ç¡å¹ã«ãªã£ãŠããŸãã以äžã®èšå®ããéž æã§ããŸãã l éåžž:ã²ãŒããŠã§ã€ã¯ãã€ã³ã¿ãã§ãŒã¹èªäœãšåãéä¿¡å IP ã¢ãã¬ã¹ãæã€ãã±ããããŸãã¯ã ã®ã€ã³ã¿ãã§ãŒã¹ã«å¥ã«å²ãåœãŠããããããã¯ãŒã¯ã®éä¿¡å IPãæã€ã€ã³ã¿ãã§ãŒã¹ã«å°ç ãããã±ããããããããããŠãã°ããŸãã l å³å¯:ã²ãŒããŠã§ã€ã¯ãå®å IP ã«ã€ã³ã¿ãã§ãŒã¹ãæå®ãããå²ãåœãŠããã以å€ã®ã€ã³ã¿ ãã§ãŒã¹ã«å°çãã (ã€ãŸããå®å ãšããŠæå®ãããŠããªãã€ã³ã¿ãã§ãŒã¹ã«å°çãã) ãã¹ãŠ ã®ãã±ãããããããããŠãã°ããŸããããšãã°ãå éšãããã¯ãŒã¯ã®ã¿ãããã±ãããåãä» ãããšæ³å®ãããå éšã€ã³ã¿ãã§ãŒã¹ã® IP ã¢ãã¬ã¹ã«å€éšãããã¯ãŒã¯ããéä¿¡ãããã ã±ããã¯ãããããããŸãã ã ã° ãªãã·ã§ã³ FTPããŒã¿ã³ãã¯ã·ã§ã³ã®ãã°:UTM ã¯ããã¡ã€ã«ããã³ãã£ã¬ã¯ããªäžèŠ§ã® FTP ããŒã¿æ¥ç¶ããã°ã ãŸãããã°ã¬ã³ãŒãã«ã¯ãFTP data (FTP ããŒã¿)ããšããæååã«ãã£ãŠããŒã¯ãä»ããããŸãã ãŠããŒã¯ãª DNS ãªã¯ãšã¹ãã®ãã°:UTM ã¯ãDNS ãµãŒããžã®ãã¹ãŠã®èŠæ±ããã³ãããã®çµæã ãã°ããŸãããã°ã¬ã³ãŒãã«ã¯ãDNS requestããšããæååã«ãã£ãŠããŒã¯ãä»ããããŸãã ç Žæ£ãããããŒããã£ã¹ãã®ãã°: ããã©ã«ãã§ã¯ããã¡ã€ã¢ãŠã©ãŒã«ã¯ãã¹ãŠã®ãããŒããã£ã¹ãã ç Žæ£ãããã°ãè¡ããŸãããããããããšãã°ç£æ»ã®ããã«ãããŒããã£ã¹ãããã¡ã€ã¢ãŠã©ãŒã«ãã° ã«èšé²ããå¿ èŠãããå Žåã¯ããã®ãªãã·ã§ã³ãéžæããŸãã 228 UTM 9 管çã¬ã€ã 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ 8.2 NAT 8.2 NAT ããããã¯ãŒã¯ãããã¯ã·ã§ã³ > NATãã¡ãã¥ãŒã䜿çšãããšãã²ãŒããŠã§ã€ã® NAT ã«ãŒã«ãå®çŸ©ãã管 çããããšãã§ããŸãããããã¯ãŒã¯ã¢ãã¬ã¹å€æ (NAT) ãšã¯ãã«ãŒã¿ãã²ãŒããŠã§ã€ãééãã IP ãã±ããã®éä¿¡å ã¢ãã¬ã¹ãŸãã¯å®å ã¢ãã¬ã¹ ãããã¯äž¡æ¹) ãæžãæããããã»ã¹ã§ããNAT ã 䜿çšããã»ãšãã©ã®ã·ã¹ãã ã¯ããã©ã€ããŒããããã¯ãŒã¯äžã®è€æ°ã®ãã¹ãã 1ã€ã®ãããªã㯠IP ã¢ãã¬ã¹ã䜿çšããŠã€ã³ã¿ãŒãããã«ã¢ã¯ã»ã¹ã§ããããã«ããããã« NAT ã䜿çšããŠããŸãããã㯠ã©ã€ã¢ã³ãã IP ãã±ãããã«ãŒã¿ã«éä¿¡ãããšãNAT ã¯éä¿¡ã¢ãã¬ã¹ãå¥ã®ãããªã㯠IP ã¢ãã¬ã¹ã« å€æããŠããã€ã³ã¿ãŒãããã«ãã±ããã転éããŸããå¿çãã±ãããåä¿¡ãããšãNAT ã¯ãããªã㯠ã¢ãã¬ã¹ãå ã®ã¢ãã¬ã¹ã«å€æããã¯ã©ã€ã¢ã³ãã«ãã±ããã転éããŸããã·ã¹ãã ãªãœãŒã¹ã«å¿ã ãŠãNAT ã¯èªå·±è£éã§å€§èŠæš¡å éšãããã¯ãŒã¯ã«å¯Ÿå¿ã§ããŸãã 8.2.1 ãã¹ã«ã¬ãŒã ãã¹ã«ã¬ãŒããšã¯ãéä¿¡å ãããã¯ãŒã¯ã¢ãã¬ã¹å€æ (SNAT) ã®ç¹æ®ã±ãŒã¹ã§ããããããã¯ãŒã¯ã€ã³ ã¿ãã§ãŒã¹ (éåžžã¯ãã€ã³ã¿ãŒãããã«æ¥ç¶ãããå€éšã€ã³ã¿ãã§ãŒã¹) äžã® 1ã€ã®å ¬åŒ IP ã¢ãã¬ã¹ã® èåŸã«å éšãããã¯ãŒã¯ (éåžžã¯ãã©ã€ããŒãã¢ãã¬ã¹ã¹ããŒã¹ãæ〠LAN) ããã¹ã«ã¬ãŒãããããš ãã§ããŸããSNAT ã®å Žåãè€æ°ã®éä¿¡å ã¢ãã¬ã¹ãè€æ°ã®å®å ã¢ãã¬ã¹ã«ãããã³ã°ããããšã ã§ãããããããæ±çšçã§ãã 泚 â éä¿¡å ã¢ãã¬ã¹ã¯ãæå®ãããã€ã³ã¿ãã§ãŒã¹çµç±ã§ãã±ãããã²ãŒããŠã§ã€ã·ã¹ãã ããé ä¿¡ãããå Žåã«ã®ã¿å€æãããŸããæ°ããéä¿¡å ã¢ãã¬ã¹ã¯åžžã«ãåœè©²ã€ã³ã¿ãã§ãŒã¹ã®ææ°IP ã¢ãã¬ã¹ãšãªããŸã (ã€ãŸãããã®ã¢ãã¬ã¹ã¯åçã§ã)ã ãã¹ã«ã¬ãŒãã«ãŒã«ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ããã¹ã«ã¬ãŒã ãã¿ãã§ãæ°èŠãã¹ã«ã¬ãŒãã«ãŒã« ããã¯ãªãã¯ããŸãã ãæ°èŠãã¹ã«ã¬ãŒãã«ãŒã«ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ãããã¯ãŒã¯:ãã¹ã«ã¬ãŒããã (å éš) ãããã¯ãŒã¯ãéžæããŸãã I/F(ã€ã³ã¿ãã§ãŒã¹):ã€ã³ã¿ãŒãããã«æ¥ç¶ãã (å€éš) ã€ã³ã¿ãã§ãŒã¹ãéžæããŸãã 䜿çšããã¢ãã¬ã¹:éžæããã€ã³ã¿ãã§ãŒã¹ã«è€æ°ã® IP ã¢ãã¬ã¹ãå²ãåœãŠãããŠããå Žå (ãã€ã³ã¿ãã§ãŒã¹ãšã«ãŒãã£ã³ã° > ã€ã³ã¿ãã§ãŒã¹ > è¿œå ã¢ãã¬ã¹ ããåç §) ããã¹ã«ã¬ãŒãã«äœ¿ çšãã IP ã¢ãã¬ã¹ãããã§å®çŸ©ã§ããŸãã UTM 9 管çã¬ã€ã 229 8.2 NAT 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ãããã¹ã«ã¬ãŒãã«ãŒã«ã ãã¹ã«ã¬ãŒã ã«ãŒã«ã®ãªã¹ãã«è¡šç€ºãããŸãã 4. ãã¹ã«ã¬ãŒãã«ãŒã«ãæå¹ã«ããŸãã ãã¹ã«ã¬ãŒãã«ãŒã«ãæå¹ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ã«ãŒã«ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 泚 â ã¯ã©ã€ã¢ã³ããå€éšãµãŒãã«ã¢ã¯ã»ã¹ã§ããããã«ããã«ã¯ããã¡ã€ã¢ãŠã©ãŒã«ã§å éšããã ã¯ãŒã¯ããã€ã³ã¿ãŒããããžã®ãã©ãã£ãã¯ãèš±å¯ããå¿ èŠããããŸãã IPsec ãã±ããã¯ãã¹ã«ã¬ãŒãã«ãŒã«ã®åœ±é¿ãåããŸãããIPsec ãã±ããã®éä¿¡å ã¢ãã¬ã¹ãå€æ ããã«ã¯ãSNAT ãŸãã¯ãã« NAT ã«ãŒã«ãäœæããŸãã 8.2.2 NAT DNAT (Destination Network Address Translation) ãš SNAT (Source Network Address Translation) ã¯ã ãããã NAT ã®ç¹æ®ã±ãŒã¹ã§ããSNAT ã§ã¯ãæ¥ç¶ãéå§ããã³ã³ãã¥ãŒã¿ã® IP ã¢ãã¬ã¹ãæžãæ ããããŸããäžæ¹ãDNAT ã§ã¯ãããŒã¿ãã±ããã®å®å ã¢ãã¬ã¹ãæžãæããããŸããDNAT ã¯ãå éšãããã¯ãŒã¯ã§ãã©ã€ããŒã IP ã¢ãã¬ã¹ã䜿çšããŠããã管çè ãäžéšã®ãµãŒãã¹ãå€éšããã 䜿çšå¯èœã«ãããå Žåã«ç¹ã«äŸ¿å©ã§ãã ããã¯ãäŸã䜿ã£ãŠèª¬æãããšããããããã§ããããå éšãããã¯ãŒã¯ã§ã¢ãã¬ã¹ã¹ããŒã¹ 192.168.0.0/255.255.255.0 ã䜿çšããŠãããWeb ãµãŒãã IP ã¢ãã¬ã¹ 192.168.0.20 ã§æ© èœããŠãããšããŸãããã®å Žåãã€ã³ã¿ãŒãããçµç±ã®ã¯ã©ã€ã¢ã³ãã«å¯ŸããŠããŒã 80 ã䜿çšå¯èœã« ããå¿ èŠããããŸãã192.168.ã¢ãã¬ã¹ã¹ããŒã¹ã¯ãã©ã€ããŒãã§ãããããã€ã³ã¿ãŒãããçµç± ã®ã¯ã©ã€ã¢ã³ãã¯Web ãµãŒãã«ãã±ãããçŽæ¥éä¿¡ã§ããŸããããã ããUTMã®å€éš (å ¬é) ã¢ã㬠ã¹ãšéä¿¡ããããšã¯ã§ããŸãããã®å ŽåãDNAT ã¯ãã·ã¹ãã ã¢ãã¬ã¹ã®ããŒã80 åãã®ãã±ããã ææããå éš Web ãµãŒãã«è»¢éã§ããŸãã 泚 â PPTP VPN ã¢ã¯ã»ã¹ 㯠DNAT ã«å¯Ÿå¿ããŠããŸããã åžžã«ãã©ã€ããªãããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ã¢ãã¬ã¹ã«ãããã³ã°ãããã¹ã«ã¬ãŒããšç°ãªããSNAT 㯠éä¿¡å ã¢ãã¬ã¹ã SNAT ã«ãŒã«ã«æå®ãããã¢ãã¬ã¹ã«ãããã³ã°ããŸãã 1:1 NAT 㯠DNAT ãŸã㯠SNAT ã®ç¹æ®ãªã±ãŒã¹ã§ãããã®å Žåããããã¯ãŒã¯å šäœã®ãã¹ãŠã®ã¢ã ã¬ã¹ãåãããããã¹ã¯ãæã€å¥ã®ãããã¯ãŒã¯ã®ã¢ãã¬ã¹ã« 1 察 1 ã§å€æãããŸãããããã£ãŠã å ã®ãããã¯ãŒã¯ã®æåã®ã¢ãã¬ã¹ãä»ã®ãããã¯ãŒã¯ã®æåã®ã¢ãã¬ã¹ã«å€æãããå ã®ããã 230 UTM 9 管çã¬ã€ã 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ 8.2 NAT ã¯ãŒã¯ã® 2çªç®ã®ã¢ãã¬ã¹ãä»ã®ãããã¯ãŒã¯ã® 2çªç®ã®ã¢ãã¬ã¹ã«å€æããããšããæ§ã«ãªã㟠ãã1:1 ã® NAT ã«ãŒã«ã¯ãéä¿¡å ã¢ãã¬ã¹ãŸãã¯å®å ã¢ãã¬ã¹ã«é©çšããããšãã§ããŸãã 泚 â ããã©ã«ãã§ãããŒã443 (HTTPS) ã¯ãŠãŒã¶ããŒã¿ã«ã«äœ¿çšãããŸããããŒã443 ãå éš ãµãŒãã«è»¢éããäºå®ãããå Žåãããããžã¡ã³ã > ãŠãŒã¶ããŒã¿ã« > 詳现 ãã¿ãã§ãŠãŒã¶ããŒã¿ ã«ã® TCP ããŒããä»ã®å€ (1443 ãªã©) ã«å€æŽããå¿ èŠããããŸãã DNAT ã¯ãã¡ã€ã¢ãŠã©ãŒã«ã®åã«è¡ããããããé©åãªãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ãå®çŸ©ããŠããå¿ èŠããããŸãã詳ããã¯ãããããã¯ãŒã¯ãããã¯ã·ã§ã³ > ãã¡ã€ã¢ãŠã©ãŒã« > ã«ãŒã« ããåç §ããŠãã ã ãã NAT ã«ãŒã«ãå®çŸ©ããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãNATãã¿ãã§ããæ°èŠ NAT ã«ãŒã« ããã¯ãªãã¯ããŸãã ãæ°èŠ NAT ã«ãŒã«ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ã°ã«ãŒã:ãã°ã«ãŒãããªãã·ã§ã³ã¯ãè€æ°ã®ã«ãŒã«ãè«ççã«ã°ã«ãŒãåããã®ã«äŸ¿å©ã§ ãããªã¹ãã®äžéšã®ããããããŠã³ãªã¹ãã䜿çšããŠãã°ã«ãŒãããšã«ã«ãŒã«ããã£ã«ã¿ãªã³ã° 衚瀺ã§ããŸããã°ã«ãŒãåã¯è¡šç€ºçšã®ã¿ã§ãã«ãŒã«ã®äžèŽã«ã¯é¢ä¿ãããŸãããæ°ããã° ã«ãŒããäœæããã«ã¯ãã<< æ°èŠã°ã«ãŒã >>ããšã³ããªãéžæããã°ã«ãŒãã説æããååã ãåå ãã«å ¥åããŸãã åªå é äœ:åªå é äœçªå·ãããã«ãã£ãŠã«ãŒã«ã®åªå é äœãå®çŸ©ãããŸããçªå·ãå°ãã ã»ã©åªå é äœãé«ããªããŸããã«ãŒã«ã¯æé ã«ç §åãããŸããããã«ãŒã«ãäžèŽãããšãã ã以éããããã倧ããçªå·ã®ã«ãŒã«ã¯è©äŸ¡ãããŸããã ã«ãŒã«ã¿ã€ã:ãããã¯ãŒã¯ã¢ãã¬ã¹å€æã¢ãŒããéžæããŸããéžæã«å¿ããŠãããŸããŸãªãªã ã·ã§ã³ã衚瀺ãããŸãã次ã®ã¢ãŒãã䜿çšã§ããŸãã l SNAT (éä¿¡å ):å®çŸ©ããã IP ãã±ããã®éä¿¡å ã¢ãã¬ã¹ã 1ã€ã®æ°ããéä¿¡å ã¢ã㬠ã¹ã«ãããã³ã°ããŸãããµãŒãã¹ãå€æŽããããšãã§ããŸãã l DNAT (å®å ):å®çŸ©ããã IP ãã±ããã®å®å ã¢ãã¬ã¹ã 1ã€ã®æ°ããå®å ã¢ãã¬ã¹ã« ãããã³ã°ããŸãããµãŒãã¹ãå€æŽããããšãã§ããŸãã l 1:1 NAT (ãããã¯ãŒã¯å šäœ):ãããã¯ãŒã¯ã® IP ã¢ãã¬ã¹ãå¥ã®ãããã¯ãŒã¯ã«1察1㧠ãããã³ã°ããŸãããã®ã«ãŒã«ã¯ãå®çŸ©ããã IP ãã±ããã®éä¿¡å ã¢ãã¬ã¹ãå®å 㢠ãã¬ã¹ã«é©çšãããŸãã UTM 9 管çã¬ã€ã 231 8.2 NAT 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ l ãã« NAT (éä¿¡å + å®å ):å®çŸ©ããã IP ãã±ããã®éä¿¡å ã¢ãã¬ã¹ãšå®å ã¢ãã¬ã¹ã® äž¡æ¹ã 1ã€ã®æ°ããéä¿¡å ã¢ãã¬ã¹ãš 1ã€ã®æ°ããå®å ã¢ãã¬ã¹ã«ãããã³ã°ããŸãã éä¿¡å ãµãŒãã¹ãšã¿ãŒã²ãããµãŒãã¹ãå€æŽããããšãã§ããŸãã l NATé€å€:ãã®ãªãã·ã§ã³ã¯äŸå€ã«ãŒã«ã®äžçš®ãšèããããšãã§ããŸããããšãã°ãå® çŸ©ãããããã¯ãŒã¯ã« NAT ã«ãŒã«ãããå Žåããã®ãããã¯ãŒã¯å ã®ç¹å®ã®ãã¹ã㫠察ããŠãNATé€å€ ãã«ãŒã«ãäœæããããšãã§ããŸããããã«ããããããã®ãã¹ã㯠NAT ã®å¯Ÿè±¡å€ãšãªããŸãã ãããã³ã°æ¡ä»¶:éä¿¡å ããã³å®å ãããã¯ãŒã¯/ãã¹ããšã¢ãã¬ã¹ãå€æãããµãŒãã¹ãéžæ ããŸãã l ãã©ãã£ãã¯éä¿¡å :ãã±ããã®å ã®éä¿¡å ã¢ãã¬ã¹ã1ã€ã®ãã¹ãã«ããããšããããã ã¯ãŒã¯å šäœã«ããããšãã§ããŸãã l ãµãŒãã¹:ãã±ããã®ãªãªãžãã«ã®ãµãŒãã¹ã¿ã€ã (éä¿¡å ããŒããšå®å ããŒããããã³ ãããã³ã«ã¿ã€ãããæ§æãããŠããŸã)ã 泚 â ãã©ãã£ãã¯ãµãŒãã¹ã¯ã察å¿ããã¢ãã¬ã¹ãå€æãããå Žåã®ã¿å€æã§ã㟠ããããã«ã2ã€ã®ãµãŒãã¹ãåããããã³ã«ã䜿çšããå Žåã®ã¿ããµãŒãã¹ãå¥ã® ãµãŒãã¹ã«å€æã§ããŸãã l ãã©ãã£ãã¯å®å :ãã±ããã®å ã®å®å ã¢ãã¬ã¹ã1ã€ã®ãã¹ãã«ããããšãããããã¯ãŒã¯ å šäœã«ããããšãã§ããŸãã ã¢ã¯ã·ã§ã³:éä¿¡å /å®å ãå ã® IP ãã±ããããŒã¿ãå€æãããµãŒãã¹ã¿ã€ããéžæããŸããè¡š 瀺ããããã©ã¡ãŒã¿ã¯éžæãããŠãããã«ãŒã«ã¿ã€ããã«äŸåããŸãã l å€æŽåŸã®éä¿¡å (ãSNATããŸãã¯ããã« NATãã¢ãŒãã®ã¿):éä¿¡å ãã¹ããã€ãŸãã ã±ããã®æ°ããéä¿¡å ã¢ãã¬ã¹ãéžæããŸãã l å€æåŸã®éä¿¡å (ãDNATããŸãã¯ããã« NATãã¢ãŒãã®ã¿):å®å ãã¹ããã€ãŸããã±ãã ã®æ°ããå®å ã¢ãã¬ã¹ãéžæããŸãã l å€æŽåŸã®ãµãŒãã¹ (ãDNATãããSNATãããŸãã¯ããã« NATãã¢ãŒãã®ã¿):ãã±ããã®æ° ãããµãŒãã¹ãéžæããŸããéžæãããŠãããã«ãŒã«ã¿ã€ããã«ãã£ãŠã¯ãéä¿¡å /å®å ãµãŒãã¹ãšããããšãã§ããŸãã l 1:1 NATã¢ãŒã (ã1:1 NATãã¢ãŒãã®ã¿):次ã®ã¢ãŒãã®ãããããéžæããŸãã l ãããå®å :å®å ã¢ãã¬ã¹ãå€æŽããŸãã l 232 ãããéä¿¡å :éä¿¡å ã¢ãã¬ã¹ãå€æŽããŸãã UTM 9 管çã¬ã€ã 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ 8.3 äŸµå ¥é²åŸ¡(IPS) 泚 â éä¿¡å ããããã³ã°ããå Žåã¯ãããã©ãã£ãã¯éä¿¡å ããã£ãŒã«ãã«ãããã¯ãŒã¯ å šäœãè¿œå ããå®å ããããã³ã°ããå Žåã¯ããã©ãã£ãã¯å®å ããã£ãŒã«ãã«ããã ã¯ãŒã¯å šäœãè¿œå ããå¿ èŠããããŸãã l ãããå (ã1:1 NATãã¢ãŒãã®ã¿):å ã® IP ã¢ãã¬ã¹ã®å€æå ãšãªããããã¯ãŒã¯ãéžæ ããŸããå ã®ãããã¯ãŒã¯ãšå€æå ã®ãããã¯ãŒã¯ãåãããããã¹ã¯ã§ããå¿ èŠãã ããŸãã èªåãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã« (ä»»æ):該åœãããã©ãã£ãã¯ããã¡ã€ã¢ãŠã©ãŒã«ãééããããš ãèš±å¯ãããã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ãèªåçã«çæããå Žåã«ããã®ãªãã·ã§ã³ãéžæã㟠ãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. 次ã®è©³çŽ°èšå®ãä»»æã§è¡ããŸãã IPsec ãã±ããã«ã«ãŒã«ãé©çš (ãSNATããŸãã¯ããã« NATãã¢ãŒãã®ã¿):IPsec ã§åŠçããã ã©ãã£ãã¯ã«ã«ãŒã«ãé©çšããå Žåã«ãã®ãªãã·ã§ã³ãéžæããŸããããã©ã«ãã§ã¯ãã®ãªã ã·ã§ã³ãéžæãããŠããªããããIPsec ãã©ãã£ãã¯ã SNAT ããé€å€ãããããšã«ãªããŸãã åæãã±ããã®ãã° (ä»»æ):ãã®ãªãã·ã§ã³ã¯ãéä¿¡ã®åæåãã±ããããã¡ã€ã¢ãŠã©ãŒã«ãã° ã«æžã蟌ãå Žåã«éžæããŸããããã«ãããNAT ã«ãŒã«ã䜿çšããå Žåã¯ãã€ã§ãããã¡ã€ ã¢ãŠã©ãŒã«ãã°ã«ãNAT ã䜿çšããæ¥ç¶ (Connection using NAT)ããšããã¡ãã»ãŒãžãèšè¿°ã ããŸãããã®ãªãã·ã§ã³ã¯ãã¹ããŒããã«ãããã³ã«ã§ãã¹ããŒãã¬ã¹ãããã³ã«ã§ãæ©èœã㟠ãã 4. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããã«ãŒã«ããNATããªã¹ãã«è¡šç€ºãããŸãã 5. NAT ã«ãŒã«ãæå¹ã«ããŸãã æ°ããã«ãŒã«ã¯ããã©ã«ãã§ç¡å¹ã«ãªã£ãŠããŸã (ãã°ã«ã¹ã€ããã¯ã°ã¬ãŒè¡šç€º)ãã«ãŒã«ã æå¹ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ã«ãŒã«ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 8.3 äŸµå ¥é²åŸ¡(IPS) ããããã¯ãŒã¯ãããã¯ã·ã§ã³ > äŸµå ¥é²åŸ¡ ãã¡ãã¥ãŒã§ãã²ãŒããŠã§ã€ã® IPS ã«ãŒã«ãå®çŸ©ãã管çãã ããšãã§ããŸããäŸµå ¥é²åŸ¡ã·ã¹ãã (IPS) ã¯ãã·ã°ããã£ã«åºã¥ã IPS ã«ãŒã«ã»ãããå©çšããŠæ»æ ãèªèããŸããã·ã¹ãã ã¯ããã©ãã£ãã¯ãå®å šã«åæãããããã¯ãŒã¯ã«å°éããåã«æ»æãèªå çã«ãããã¯ããŸããæ¢åã®ã«ãŒã«ã»ãããšæ»æãã¿ãŒã³ã¯ããã¿ãŒã³æŽæ°ã«ãã£ãŠææ°ç¶æ ã«æŽ UTM 9 管çã¬ã€ã 233 8.3 äŸµå ¥é²åŸ¡(IPS) 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ æ°ãããŸããæ°ãã IPS æ»æãã¿ãŒã³ã®ã·ã°ããã£ã¯ãIPS ã«ãŒã«ãšããŠã«ãŒã«ã»ããã«èªåçã« ã€ã³ããŒããããŸãã 8.3.1 ã°ããŒãã« ããããã¯ãŒã¯ãããã¯ã·ã§ã³ > äŸµå ¥é²åŸ¡ > ã°ããŒãã« ãã¿ãã§ã¯ãSophos UTMã® äŸµå ¥é²åŸ¡ã·ã¹ãã (IPS) ãæå¹ã«ããããšãã§ããŸãã IPS ãæå¹ã«ããã«ã¯ã次ã®æé ã«åŸããŸãã 1. äŸµå ¥é²åŸ¡ã·ã¹ãã ãæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«ãªãããã°ããŒãã« IPSèšå® ããšãªã¢ãç·šéå¯èœã«ãªããŸãã 2. 次ã®èšå®ãè¡ããŸãã ããŒã«ã«ãããã¯ãŒã¯:äŸµå ¥é²åŸ¡ã·ã¹ãã ã§é²åŸ¡ãããããã¯ãŒã¯ãéžæããŸããããŒã«ã«ãã ãã¯ãŒã¯ãéžæããªããšãäŸµå ¥é²åŸ¡ã¯èªåçã«ç¡å¹ã«ãªãããã©ãã£ãã¯ã¯ã¢ãã¿ãªã³ã°ãã ãŸããã ããªã·ãŒ:ããããã³ã°ã«ãŒã«ã IPS æ»æã·ã°ããã£ãæ€åºãããšãã«äŸµå ¥é²åŸ¡ã·ã¹ãã ã 䜿çšããã»ãã¥ãªãã£ããªã·ãŒãéžæããŸãã l ç Žæ£:ããŒã¿ãã±ããã¯ãä»ã®ã¢ã¯ã·ã§ã³ãªãã§ç Žæ£ãããŸãã l æ¥ç¶ãçµäº:çµäºããŒã¿ãã±ãã (TCP ã®å Žå㯠RSTãUDP æ¥ç¶ã®å Žå㯠ICMP Port Unreachable) ãäž¡æ¹ã®éä¿¡ããŒãããŒã«éä¿¡ãããæ¥ç¶ãçµäºããŸãã 泚 â ããã©ã«ãã§ã¯ãç Žæ£ ããéžæãããŠããŸããéåžžã¯ãã®èšå®ãå€æŽããå¿ èŠã¯ãã ãŸãããããã¯ç¹ã«ãçãããäŸµå ¥è ã«äžæ¢ããŒã¿ãã±ãããæªçšãããã²ãŒããŠã§ã€ã«ã€ ããŠã®æ å ±ãåŒãåºãããŠããŸãå¯èœæ§ãããããã§ãã 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã ã©ã€ãã ã° äŸµå ¥é²åŸ¡ã©ã€ããã°ã¯ãéžæãã IPS ã«ãŒã«ã®ã¢ãã¿ãªã³ã°ã«äœ¿çšã§ããŸãããã¿ã³ãã¯ãªãã¯ã ãŠãæ°ãããŠã£ã³ããŠã§ã©ã€ããã°ãéããŸãã 234 UTM 9 管çã¬ã€ã 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ 8.3 äŸµå ¥é²åŸ¡(IPS) 8.3.2 æ»æãã¿ãŒã³ ããããã¯ãŒã¯ãããã¯ã·ã§ã³ > äŸµå ¥é²åŸ¡ > æ»æãã¿ãŒã³ãã¿ãã«ã¯ãå ±éã®æ»æãã¿ãŒã³ã«åŸã£ãŠã° ã«ãŒãåãããã IPS ã«ãŒã«ã衚瀺ãããŸããæ»æãã¿ãŒã³ã¯æ¬¡ã®ããã«ãŸãšããããŠããŸãã l OS åºæã®æ»æ:OS é¢é£ã®è匱æ§ãæªçšããããšããæ»æã l ãµãŒãã«å¯Ÿããæ»æ:Web ãµãŒããã¡ãŒã«ãµãŒããªã©ããããçš®é¡ã®ãµãŒãã察象ãšããæ» æã l ã¯ã©ã€ã¢ã³ããœãããŠã§ã¢ã«å¯Ÿããæ»æ:Web ãã©ãŠã¶ããã«ãã¡ãã£ã¢ãã¬ãŒã€ãªã©ã®ã¯ã©ã€ã¢ ã³ããœãããŠã§ã¢ã察象ãšããæ»æã l ãããã³ã«ã¢ãããªãŒ:ãããã¯ãŒã¯ã®ç°åžžãæ¢ãæ»æãã¿ãŒã³ã l ãã«ãŠã§ã¢:ææè ã®èš±å¯ãªãã§ãã³ã³ãã¥ãŒã¿ã·ã¹ãã ãžã®äŸµå ¥ãç Žå£ãè¡ãããã«èšèšã ãããœãããŠã§ã¢ (ããã€ã®æšéŠ¬ãDoS éä¿¡ããŒã«ãªã©)ã ããã©ãŒãã³ã¹åäžã®ããã«ãäŒç€Ÿã®ããŒã«ã«ãããã¯ãŒã¯ã«å°å ¥ãããŠãããµãŒãã¹ãŸãã¯ãœã ããŠã§ã¢ã«è©²åœããªããã§ãã¯ããã¯ã¹ã¯ãã§ãã¯ãå€ããŠãã ãããããšãã°ãããŒã«ã«ãããã¯ãŒã¯ å 㧠Web ãµãŒããéçšããŠããªãå Žåã¯ããHTTP ãµãŒã ãçšã®éžæãåãæ¶ãããšãã§ããŸãã åã°ã«ãŒãã«å¯ŸããŠã次ã®èšå®ã䜿çšã§ããŸãã ã¢ã¯ã·ã§ã³:ããã©ã«ãã§ãã°ã«ãŒãå ã®åã«ãŒã«ã«ã¯ã¢ã¯ã·ã§ã³ãé¢é£ä»ããããŠããŸãã次㮠ã¢ã¯ã·ã§ã³ãéžæã§ããŸãã l ç Žæ£:ããã©ã«ãèšå®ãæ»æã®çããããè©Šè¡ãèŠã€ãããšããã®åå ã§ããããŒã¿ãã±ãã ã¯ãããããããŸãã l èŠå:ãç Žæ£ ãèšå®ãšç°ãªããé倧ãªããŒã¿ãã±ããã¯ã²ãŒããŠã§ã€ãééã§ããŸãããIPS ãã° ã«èŠåã¡ãã»ãŒãžãäœæãããŸãã 泚 â åã ã® IPS ã«ãŒã«ã®èšå®ãå€æŽããã«ã¯ããäŸµå ¥é²åŸ¡ > 詳现 ãã¿ãã®ãå€æŽãããã«ãŒã« ã ããã¯ã¹ã䜿çšããŸããSophos UTM 9 ã§äœ¿çšãããŠãã IPS ã«ãŒã«ã®è©³çŽ°ãªãªã¹ãã¯ãUTM Web ãµã€ããåç §ããŠãã ããã è¿œå ã®èŠåã«ãŒã«ãæå¹å:ãã®ãªãã·ã§ã³ãéžæãããšãåã°ã«ãŒãã«ã«ãŒã«ãè¿œå ãããIPS æ€åºçãåäžããŸãããããã®ã«ãŒã«ã¯ãæ瀺çãªæ»æãã¿ãŒã³ãããäžè¬çã§ææ§ãªã®ã§ã㢠ã©ãŒãã®æ°ãå¢ããå¯èœæ§ããããŸãããã®ããããããã®ã«ãŒã«ã®ããã©ã«ãã¢ã¯ã·ã§ã³ã¯ãèŠ å ãã§ãããèšå®ã¯ã§ããŸããã UTM 9 管çã¬ã€ã 235 8.3 äŸµå ¥é²åŸ¡(IPS) 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ éç¥:ãã®ãªãã·ã§ã³ãéžæãããšããã®ã°ã«ãŒããšäžèŽãã IPS ã€ãã³ããçºçãããã³ã«ç®¡çè ã«éç¥ãéä¿¡ãããŸãããã®ãªãã·ã§ã³ãæå¹ã«ãªãã®ã¯ãããããžã¡ã³ã > éç¥ > éç¥ ãã¿ãã§äŸµ å ¥é²åŸ¡ã·ã¹ãã ã®éç¥æ©èœãæå¹ã«ããå Žåã®ã¿ã§ããããã«ãéä¿¡ãããéç¥ã®ã¿ã€ã (ã€ãŸ ããã¡ãŒã«ãŸã㯠SNMP ãã©ãã) ã¯ãããã§ã®èšå®ã«ãã£ãŠæ±ºãŸããŸãããŸããéç¥èšå®ã®å€æŽã æå¹ã«ãªããŸã§ã¯æ倧 5åãããå ŽåããããŸãã 8.3.3 DoS/ãã©ããé²åŸ¡ ãDoS/ãã©ããé²åŸ¡ ãã¿ãã§ã¯ãDoS (ãµãŒãã¹æåŠ) æ»æãš DDoS (åæ£åãµãŒãã¹æåŠ) æ»æãã é²åŸ¡ããããã®ãªãã·ã§ã³ãèšå®ã§ããŸãã äžè¬ã« DoS æ»æãš DDoS æ»æã¯ãæ£åœãªèŠæ±ãã³ã³ãã¥ãŒã¿ãªãœãŒã¹ã䜿çšã§ããªãããã«ã㟠ããã·ã³ãã«ãªäŸã§ã¯ãæ»æè ã¯ãµãŒãã«ç¡æå³ãªãã±ãããéä¿¡ããŠéè² è·ããããããã©ãŒã ã³ã¹ã«è² æ ããããŸãããã®ãããªæ»æã«ã¯å€§èŠæš¡ãªåž¯åå¹ ãå¿ èŠãšãªãããããããã SYN ã ã©ããæ»æ ã䜿çšããæ»æè ãå¢ãç¶ããŠããŸãããã®æ»æã¯ã垯åå¹ ã®éè² è·ã§ã¯ãªããã·ã¹ ãã ãªãœãŒã¹ã®ãããã¯ãç®çãšããŠããŸãããã®ç®çã®ããã«ãæ»æè ã¯å€ãã®å Žåãåœé ããã éä¿¡å ã¢ãã¬ã¹ã䜿çšããŠãµãŒãã¹ã® TCP ããŒãã« SYN ãã±ãããéä¿¡ããŸããããã«å¯ŸãããµãŒ ã㯠TCP/SYN-ACK ãéãè¿ããŠãããã«å¿çããéä¿¡å ã¢ãã¬ã¹ããã® TCP/ACK ãã±ãããåŸ ã¡ç¶ãããããæ¥ç¶ã half-open ç¶æ ã«ãªããŸãããšããããéä¿¡å ã¢ãã¬ã¹ã¯åœé ãããŠããã ããå¿çã¯è¿ã£ãŠããŸããããããã® half-open ç¶æ ã®æ¥ç¶ã«ããããµãŒãã察å¿ã§ããæ¥ç¶æ°ã 飜åç¶æ ã«ãªããæ£åœãªèŠæ±ã«å¯Ÿå¿ã§ããªããªããŸãã ãã®ãããªæ»æã¯ãç¹å®æéå ã«ãããã¯ãŒã¯ã«å¯ŸããŠéä¿¡ããã SYN (TCP)ãUDPãICMP ãã±ã ãã®æ°ãå¶éããããšã§åé¿ã§ããŸãã TCP SYN ãã©ããé²åŸ¡ SYN (TCP) ãã©ããé²åŸ¡ãæå¹ã«ããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãDoS/ãã©ããé²åŸ¡ ãã¿ãã§ããTCP SYN ãã©ããé²åŸ¡ã®äœ¿çš ããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ ããŸãã 2. 次ã®èšå®ãè¡ããŸãã ã¢ãŒã:次ã®ã¢ãŒãã䜿çšã§ããŸãã l 236 éä¿¡å åã³å®å ã¢ãã¬ã¹:éä¿¡å IP ã¢ãã¬ã¹ãšå®å IP ã¢ãã¬ã¹ã®äž¡æ¹ãšäžèŽãã SYN ãã±ãããç Žæ£ããå Žåããã®ãªãã·ã§ã³ãéžæããŸãããŸããéä¿¡å IP ã¢ãã¬ã¹ ã«äžèŽãã SYN ãã±ããã¯ã以äžã§æå®ããéä¿¡å ãã±ããã¬ãŒãã®å€ã§å¶éãã ãŸãã次ã«ãèŠæ±ããŸã å€ãããå Žåã«ã¯ãå®å IP ã¢ãã¬ã¹ã«åºã¥ããŠè¿œå ã§ã㣠ã«ã¿ãªã³ã°ããããŸãã以äžã§æå®ããå®å ãã±ããã¬ãŒãã®å€ã§å¶éãããŸãããã® ã¢ãŒãã¯ããã©ã«ãã§èšå®ãããŠããŸãã UTM 9 管çã¬ã€ã 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ 8.3 äŸµå ¥é²åŸ¡(IPS) l å®å ã¢ãã¬ã¹ã®ã¿:å®å IP ã¢ãã¬ã¹ã®ã¿ã«åŸã£ãŠ SYN ãã±ãããç Žæ£ããå Žåããã® ãªãã·ã§ã³ãéžæããŸãã l éä¿¡å ã¢ãã¬ã¹ã®ã¿:éä¿¡å IP ã¢ãã¬ã¹ã®ã¿ã«åŸã£ãŠ SYN ãã±ãããç Žæ£ããå Žåã ãã®ãªãã·ã§ã³ãéžæããŸãã ãã°:ãã®ãªãã·ã§ã³ã䜿çšãããšããã°ã¬ãã«ãéžæã§ããŸãã以äžã®ã¬ãã«ãèšå®ã§ã㟠ãã l OFF:ãã°ãå®å šã«ãªãã«ããå Žåããã®ãã°ã¬ãã«ãéžæããŸãã l å¶é:ãã°ã 1ç§ããã 5ãã±ããã«å¶éããå Žåããã®ãã°ã¬ãã«ãéžæããŸããã ãã©ã«ãã§ã¯ãã®ã¬ãã«ãèšå®ãããŠããŸãã l ãã¹ãŠ:ãã¹ãŠã® SYN (TCP) æ¥ç¶è©Šè¡ã詳现ã«ãã°ããå Žåããã®ãã°ã¬ãã«ãéžæ ããŸããSYN (TCP) ãã©ããæ»æã«ããããã°ãèšå€§ã«ãªãå¯èœæ§ããããŸãã éä¿¡å ãã±ããã¬ãŒã:ããã«ãéä¿¡å IP ã¢ãã¬ã¹ã«å¯ŸããŠèš±å¯ããã 1ç§ãããã®ãã±ãã ã¬ãŒããæå®ã§ããŸãã å®å ãã±ããã¬ãŒã:ããã«ãå®å IP ã¢ãã¬ã¹ã«å¯ŸããŠèš±å¯ããã 1ç§ãããã®ãã±ããã¬ãŒã ãæå®ã§ããŸãã 泚 â ããã§åççãªå€ãå ¥åããããšã¯éèŠã§ããã¬ãŒããé«ãèšå®ãéãããšãWeb ãµãŒ ãããã®ããã«å€§é㪠SYN (TCP) ãã±ããã«å¯ŸåŠãããããé害ãçºçããå¯èœæ§ãªã© ããããŸããäžæ¹ãã¬ãŒããäœãèšå®ãéãããšãã²ãŒããŠã§ã€ãéåžžã® SYN (TCP) èŠæ±ã ãããã¯ããŠãäºæããªãæåãããå¯èœæ§ããããŸããåã·ã¹ãã ã®åççãªèšå®ã¯ã ããŒããŠã§ã¢ã«å€§ããäŸåããŸããåŸã£ãŠãã·ã¹ãã ã«é©ããå€ã«ããã©ã«ãå€ã眮ãæã ãŠãã ããã 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã U D P ãã©ããé²åŸ¡: UDP ãã©ããé²åŸ¡ æ©èœã¯ãUDP ãã±ãããã©ãããæ€åºãããããã¯ããŸãã ãUDP ãã©ããé²åŸ¡ ãã®èšå®ã¯ããTCP SYN ãã©ããé²åŸ¡ ãã®èšå®ãšåãã§ãã ICMP ãã©ããé²åŸ¡: ICMP ãã©ããé²åŸ¡ æ©èœã¯ãICMP ãã±ãããã©ãããæ€åºãããããã¯ããŸãã ãICMP ãã©ããé²åŸ¡ ãã®èšå®ã¯ããTCP SYN ãã©ããé²åŸ¡ ãã®èšå®ãšåãã§ãã UTM 9 管çã¬ã€ã 237 8.3 äŸµå ¥é²åŸ¡(IPS) 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ 8.3.4 ããŒãã¹ãã£ã³é²åŸ¡ ããããã¯ãŒã¯ãããã¯ã·ã§ã³ > äŸµå ¥é²åŸ¡ > ããŒãã¹ãã£ã³é²åŸ¡ ãã¿ãã§ã¯ãäžè¬çãªããŒãã¹ãã£ã³ æ€ç¥ãªãã·ã§ã³ãèšå®ããããšãã§ããŸãã ããŒãã¹ãã£ã³ãšã¯ãã»ãã¥ã¢ãªã·ã¹ãã ã§äœ¿çšå¯èœãªãµãŒãã¹ãæ¢ãããã«ããã«ãŒãçšããæ 段ã§ããã·ã¹ãã ã«äŸµå ¥ããããDoS æ»æãéå§ãããããããã«ãæ»æè ã¯ãããã¯ãŒã¯ãµãŒãã¹ ã«é¢ããæ å ±ãå¿ èŠã§ãããã®ãããªæ å ±ãå ¥æãããšãæ»æè ã¯ãããã®ãµãŒãã¹ã«ããã»ã㥠ãªãã£äžã®æ¬ é¥ãæªçšããããšããŸããã€ã³ã¿ãŒããããããã³ã« TCP ããã³ UDP ã䜿çšããŠãããã ãã¯ãŒã¯ãµãŒãã¹ã¯ãç¹å¥ãªããŒãããã¢ã¯ã»ã¹å¯èœã§ããããã®ããŒãå²ãåœãŠã¯äžè¬ã«ããç¥ã ããŠããŸããããšãã°ãSMTP ãµãŒãã¹ã¯ TCP ããŒã 25 ã«å²ãåœãŠãããŠããŸãããµãŒãã¹ã§äœ¿ çšãããããŒãã¯ããªãŒãã³ã§ãããšèŠãªãããŸããããã¯ããã®ãããªããŒããžã®æ¥ç¶ã確ç«ããã ãšãã§ããããã§ããäžæ¹ã䜿çšãããŠããªãããŒãã¯ã¯ããŒãºãšèŠãªããããããã®ããŒããžã®æ¥ ç¶ãè©Šã¿ããšå€±æããŸããæ»æè ã¯ãããŒãã¹ãã£ããšããç¹å¥ãªãœãããŠã§ã¢ããŒã«ãå©çšã㊠ãªãŒãã³ããŒããæ¢ããŸãããã®ããã°ã©ã ã¯ãæ»æ察象ã®ã³ã³ãã¥ãŒã¿äžã«ããè€æ°ã®ããŒãã«å¯Ÿ ããŠæ¥ç¶ãè©Šã¿ãŸããæ¥ç¶ãæåããããŒãã¯ãªãŒãã³ã§ãããšããŒã«ã«è¡šç€ºãããŸããããããŠæ» æè ã¯ãæ»æ察象ã®ã³ã³ãã¥ãŒã¿ã«ãããŠã©ã®ãããã¯ãŒã¯ãµãŒãã¹ã䜿çšå¯èœã§ãããã瀺ãå¿ èŠãªæ å ±ãå ¥æããŸãã ã€ã³ã¿ãŒããããããã³ã« TCP ãš UDP ã§ã¯ã䜿çšå¯èœãªããŒããå šéšã§ 65535åãããããããŒã㯠éåžžã«çãééã§ã¹ãã£ã³ãããŸãããµãŒãã¹ãžæ¥ç¶ããããšããè©Šè¡ãç°åžžã«å€§éã«çºçã㊠ããããšãã²ãŒããŠã§ã€ãæ€åºããå Žå (ç¹ã«ããããã®è©Šè¡ãåãéä¿¡å ã¢ãã¬ã¹ããéä¿¡ãã㊠ããå Žå)ãã²ãŒããŠã§ã€ãããŒãã¹ãã£ã³ãåããŠããå¯èœæ§ãé«ããªããŸããæ»æè ã®çãã®ã ã人ããããã¯ãŒã¯äžã®ãã¹ããŸãã¯ãµãŒãã¹ã®ã¹ãã£ã³ãè¡ããšãããŒãã¹ãã£ã³æ€åºæ©èœããã ãèªèããŸãããªãã·ã§ã³ã§ãåãéä¿¡å ã¢ãã¬ã¹ããç¹°ãè¿ãããããŒãã¹ãã£ã³ãèªåçã«ã ããã¯ããããšãã§ããŸããããŒãã¹ãã£ã³æ€ç¥ã¯ãã€ã³ã¿ãŒãããã€ã³ã¿ãã§ãŒã¹ãã€ãŸãããã©ã«ã ã²ãŒããŠã§ã€ãè£ åããã€ã³ã¿ãã§ãŒã¹ã«å¶éãããŠããŸãã æè¡çã«èšããšãããŒãã¹ãã£ã³ãæ€åºãããã®ã¯ã1ã€ã®éä¿¡å IP ã¢ãã¬ã¹ã®æ€åºã¹ã³ã¢ã 300ã ãªç§ã®æéæ å 㧠21ç¹ãè¶ ãããšãã§ããæ€åºã¹ã³ã¢ã¯æ¬¡ã®ããã«èšç®ãããŸãã l 1024 æªæºã® TCP å®å ããŒãã«å¯Ÿããã¹ãã£ã³ = 3ç¹ l 1024 以äžã® TCP å®å ããŒãã«å¯Ÿããã¹ãã£ã³ = 1ç¹ ããŒãã¹ãã£ã³æ€åºãæå¹ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ãããŒãã¹ãã£ã³é²åŸ¡ ãã¿ãã§ããããŒãã¹ãã£ã³æ€ç¥ ããæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããç·è²ã«ãªãããã°ããŒãã«èšå® ããšãªã¢ãç·šéå¯èœã«ãªããŸãã 238 UTM 9 管çã¬ã€ã 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ 8.3 äŸµå ¥é²åŸ¡(IPS) 2. 次ã®èšå®ãè¡ããŸãã ã¢ã¯ã·ã§ã³:次ã®äœæ¥ãå®è¡ã§ããŸãã l ãã°ã€ãã³ãã®ã¿:ããŒãã¹ãã£ã³ã«å¯Ÿãã察çã¯è¡ãããŸãããã€ãã³ãã®ãã°ãèš é²ãããã ãã§ãã l ãã©ãã£ãã¯ãç Žæ£:ãããªãããŒãã¹ãã£ã³ãã±ããã¯ããŠãŒã¶ã«éç¥ããããšãªãç Žæ£ ãããŸããããŒãã¹ãã£ãã¯ããããã®ããŒãããã£ã«ã¿ãããããšãå ±åããŸãã l ãã©ãã£ãã¯ãæåŠ:ãããªãããŒãã¹ãã£ã³ãã±ããã¯ç Žæ£ãããICMPãdestination unreachable/port unreachable (å®å å°éäžå¯/ããŒãå°éäžå¯)ãå¿çãéä¿¡è ã«éã ããŸããããŒãã¹ãã£ãã¯ããããã®ããŒããã¯ããŒãºãããããšãå ±åããŸãã ãã°ãå¶é:ãã°ã¡ãã»ãŒãžã®æ°ãæãããå Žåã«ããã®ãªãã·ã§ã³ãæå¹ã«ããŸããããŒãã¹ ãã£ã³æ€åºæ©èœã¯ãããŒãã¹ãã£ã³ãå®è¡ãããŠãããšãã«å€§éã®ãã°ãçæããŸããããš ãã°ãããŒãã¹ãã£ã³ã«äœ¿çšãããŠãããšèŠãªãããããããã® SYN ãã±ããã«å¯ŸããŠããã¡ ã€ã¢ãŠã©ãŒã«ãã°ã«ãšã³ããªã 1ã€çæãããŸãããã®ãªãã·ã§ã³ãéžæãããšããã°ã 1ç§ã ãã 5è¡ãŸã§ã«å¶éãããŸãã 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã 8.3.5 é€å€ ããããã¯ãŒã¯ãããã¯ã·ã§ã³ > äŸµå ¥é²åŸ¡ > é€å€ ãã¿ãã§ã¯ãäŸµå ¥é²åŸ¡ããé€å€ããéä¿¡å ããã ã¯ãŒã¯ãšå®å ãããã¯ãŒã¯ãå®çŸ©ããããšãã§ããŸãã é€å€ã«ãŒã«ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãé€å€ ãã¿ãã§ããæ°èŠé€å€ãªã¹ãããã¯ãªãã¯ããŸãã ãé€å€ãªã¹ããäœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã®é€å€ã«ãŒã«ã説æããååãå ¥åããŠãã ããã ã¹ããããããã§ãã¯:ã¹ãããããã»ãã¥ãªãã£ãã§ãã¯ãéžæããŸãã l äŸµå ¥é²åŸ¡(IPS):ãã®ãªãã·ã§ã³ãéžæãããšãSophos UTM ã® IPS ãç¡å¹ã«ãªããŸãã l ããŒãã¹ãã£ã³é²åŸ¡:ãã®ãªãã·ã§ã³ãéžæãããšããããã¯ãŒã¯ãã¹ãã§ãªãŒãã³ããŒã ãæ¢ãããšãç®çãšããæ»æããã®é²åŸ¡ãç¡å¹ã«ãªããŸãã l TCP SYN ãã©ããé²åŸ¡:éžæãããšãTCPSYN ãã©ããæ»æããã®é²åŸ¡ãç¡å¹ã«ãªã㟠ãã UTM 9 管çã¬ã€ã 239 8.3 äŸµå ¥é²åŸ¡(IPS) 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ l UDP ãã©ããé²åŸ¡:éžæãããšãUDP ãã©ããæ»æããã®é²åŸ¡ãç¡å¹ã«ãªããŸãã l ICMP ãã©ããé²åŸ¡:éžæãããšãICMP ãã©ããæ»æããã®é²åŸ¡ãç¡å¹ã«ãªããŸãã 察象:ã»ãã¥ãªãã£ãã§ãã¯ãã¹ãããããæ¡ä»¶ãå°ãªããšã 1ã€éžæããŸããæ¡ä»¶ã®åã«ããã ãããããŠã³ãªã¹ãã§ãAndããŸãã¯ãOrããéžæããŠãè€æ°ã®æ¡ä»¶ãè«ççã«çµã¿åãããã ãšãã§ããŸãã次ã®æ¡ä»¶ãèšå®ã§ããŸãã l éä¿¡å ãããã¯ãŒã¯:éžæããŠããã®äŸå€ã«ãŒã«ã®ã»ãã¥ãªãã£ãã§ãã¯ããé€å€ãã éä¿¡å ãã¹ã/ãããã¯ãŒã¯ãè¿œå ããŸããæ¡ä»¶ãéžæåŸã衚瀺ãããããããã¯ãŒã¯ ã ããã¯ã¹ã«åãã¹ãããããã¯ãŒã¯ãå ¥åããŸãã l 䜿çšãããµãŒãã¹:éžæããŠããã®äŸå€ã«ãŒã«ã®ã»ãã¥ãªãã£ãã§ãã¯ããé€å€ããé ä¿¡å ãã¹ã/ãããã¯ãŒã¯ãè¿œå ããŸããæ¡ä»¶ãéžæåŸã衚瀺ãããããµãŒãã¹ ããã㯠ã¹ã«åãµãŒãã¹ãè¿œå ããŸãã l å®å :éžæããŠããã®äŸå€ã«ãŒã«ã®ã»ãã¥ãªãã£ãã§ãã¯ããé€å€ãããã¹ã/ããã ã¯ãŒã¯ãè¿œå ããŸããæ¡ä»¶ãéžæåŸã衚瀺ããããå®å ãããã¯ã¹ã«åãã¹ããããã ã¯ãŒã¯ãå ¥åããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããé€å€ããé€å€ ããªã¹ãã«è¡šç€ºãããŸãã 4. é€å€ãªã¹ããæå¹ã«ããŸãã æ°ããé€å€ã¯ããã©ã«ãã§ç¡å¹ã«ãªã£ãŠããŸã (ãã°ã«ã¹ã€ããã¯ã°ã¬ãŒè¡šç€º)ãäŸå€ãæå¹ ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ããã§é€å€ãªã¹ããæå¹ã«ãªããŸã (ãã°ã«ã¹ã€ããã¯ç·è²)ã é€å€ã«ãŒã«ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 泚 â ã²ãŒããŠã§ã€ã®å®å ã¢ãã¬ã¹ãæã€ãã±ããã«å¯ŸããäŸµå ¥é²åŸ¡ãé€å€ãããå Žåããå®å ã ããã¯ã¹ã§ãããã¹ãŠ ããéžæãããšæåããŸãããã²ãŒããŠã§ã€ã®å éšã¢ãã¬ã¹ã«å¯ŸããäŸµå ¥é²åŸ¡ ãé€å€ãããå Žåã«ã¯ã代ããã«ããå éš (ã¢ãã¬ã¹)ããªã©ãã²ãŒããŠã§ã€ã® IP ã¢ãã¬ã¹ãå«ãŸãã ã²ãŒããŠã§ã€ã®ã€ã³ã¿ãã§ãŒã¹å®çŸ©ãéžæããå¿ èŠããããŸãããŸãããããã·äœ¿çšæã«ç¹å®ã®å® å ã«å¯Ÿãããã©ãã£ãã¯ãé€å€ãããå Žå( HTTPãããã·äœ¿çšæã®ç¹å®ã®WebãµãŒãå®ãŠãªã©) ã éä¿¡å ã«ãããã·ã䜿çšããã²ãŒããŠã§ã€ã®ã€ã³ã¿ãã§ãŒã¹ã¢ãã¬ã¹å®çŸ©ãæå®ããå¿ èŠããã ãŸãã 240 UTM 9 管çã¬ã€ã 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ 8.3 äŸµå ¥é²åŸ¡(IPS) 8.3.6 詳现 ããããã¯ãŒã¯ãããã¯ã·ã§ã³ > äŸµå ¥é²åŸ¡ > 詳现 ãã¿ãã§ã¯ãå IPS ã«ãŒã«ãæåã§å€æŽããæ»æã ã¿ãŒã³ã°ã«ãŒãããååŸãããããã©ã«ãããªã·ãŒãäžæžãã§ããŸããçç·ŽãŠãŒã¶ã®ã¿ãèšå®ã㊠ãã ããã å€æŽããã«ãŒã«ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãå€æŽãããã«ãŒã« ãããã¯ã¹ã§ãã+ãã¢ã€ã³ã³ãã¯ãªãã¯ããŸãã ãã«ãŒã«ã®å€æŽ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ã«ãŒã«ID:å€æŽããã«ãŒã«ã® ID ãå ¥åããŸããã«ãŒã« ID ãæ€çŽ¢ããã«ã¯ãSophos Web ãµã€ ãã® IPS ã«ãŒã«ã®ãªã¹ããåç §ããŠãã ããã(ãã©ã«ãã§ãååã« IPS-rules ã®ãããã¡ã€ã« ãåç §ããŠãã ãããHTML 圢åŒãš XML 圢åŒã®äž¡æ¹ãçšæãããŠãããUTM ã®åããŒãžã§ã³ ãåãã¿ãŒã³ããŒãžã§ã³çšã®ãã¡ã€ã«ããããŸãã)ããã«ãIPS ãã°ãŸã㯠IPS ã¬ããŒãã§ã 決å®ã§ããŸãã ãã®ã«ãŒã«ãç¡å¹å:ãã®ãªãã·ã§ã³ãéžæãããšã該åœãã ID ã®ã«ãŒã«ãç¡å¹ã«ãªã㟠ãã éžæ ããªãå Žåã次㮠2ã€ã®ãªãã·ã§ã³ã䜿çšã§ããŸãã l éç¥ã®ç¡å¹å:ãã®ãªãã·ã§ã³ãéžæãããšãåœè©²ã«ãŒã«ãé©çšãããå Žåã«éç¥ã éä¿¡ãããŸããã l ã¢ã¯ã·ã§ã³:åã«ãŒã«ãé¢é£ä»ããããã¢ã¯ã·ã§ã³ã次ã®ã¢ã¯ã·ã§ã³ãéžæã§ããŸãã l ç Žæ£:æ»æã®çããããè©Šè¡ãèŠã€ãããšããã®åå ã§ããããŒã¿ãã±ãã㯠ãããããããŸãã l èŠå:ãç Žæ£ ãèšå®ãšç°ãªããé倧ãªããŒã¿ãã±ããã¯ã²ãŒããŠã§ã€ãééã§ã㟠ãããIPS ãã°ã«èŠåã¡ãã»ãŒãžãäœæãããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã ãå€æŽãããã«ãŒã« ãããã¯ã¹ã«ã«ãŒã«ã衚瀺ãããŸããå€æŽã確å®ããããã«ã¯ãããŒãž ã®äžçªäžã«ãããé©çš ããã¯ãªãã¯ããå¿ èŠããããŸãã 泚âãå€æŽãããã«ãŒã« ãããã¯ã¹ã«ã«ãŒã« ID ãè¿œå ããã¢ã¯ã·ã§ã³ããèŠå ãã«èšå®ããå Žåãã ã®å€æŽãæå¹ã«ãªãã®ã¯ãã«ãŒã«ãå±ããã°ã«ãŒãããæ»æãã¿ãŒã³ãã¿ãã§æå¹ã«ãªã£ãŠãã å Žåã®ã¿ã§ãã該åœããæ»æãã¿ãŒã³ã°ã«ãŒããç¡å¹ã«ãªã£ãŠããå Žåãå IPS ã«ãŒã«ãžã®å€ æŽã¯å¹æããããŸããã UTM 9 管çã¬ã€ã 241 8.4 ãµãŒãããŒããã©ã³ã·ã³ã° 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ ããã©ãŒãã³ ã¹ãã¥ãŒãã³ ã° ããã«ãäŸµå ¥é²åŸ¡ã·ã¹ãã ã®ããã©ãŒãã³ã¹ãåäžãã誀æ€åºã«ããèŠåãæäœéã«æãããã ã«ãIPS ã«ãŒã«ã®ç¯å²ãå éšãµãŒãã®äžéšã«å¶éããããšãã§ããŸããããšãã°ããæ»æãã¿ãŒã³ã ã¿ãã§ãHTTP ãµãŒã ããæå¹ã«ããç¹å®ã® HTTP ãµãŒããããã§éžæãããšããŸãããã®å ŽåãäŸµå ¥ é²åŸ¡ã·ã¹ãã ã HTTP ãµãŒããžã®æ»æãèªèããŠããé¢é£ä»ããããã¢ã¯ã·ã§ã³ (ãããããããŸã ã¯ãã¢ã©ãŒãã) ã¯ã圱é¿ãåãããµãŒãã® IP ã¢ãã¬ã¹ãšããã§éžæããã HTTP ãµãŒãã® IP ã¢ã㬠ã¹ãäžèŽããå Žåã«éããé©çšãããŸãã 次ã®ãµãŒãã¿ã€ãã«å¯ŸããŠãIPS ã«ãŒã«ã®ç¯å²ãå¶éã§ããŸãã l HTTP:HTTP ãµãŒã ã«å«ãŸããŠãããã¹ãŠã®æ»æãã¿ãŒã³ã°ã«ãŒã l DNS:æ»æãã¿ãŒã³ã°ã«ãŒã DNS l SMTP:æ»æãã¿ãŒã³ã°ã«ãŒã Exchange ããã³ Sendmail l SQL:ããŒã¿ããŒã¹ãµãŒã ã«å«ãŸããŠãããã¹ãŠã®æ»æãã¿ãŒã³ã°ã«ãŒã 8.4 ãµãŒãããŒããã©ã³ã·ã³ã° ãµãŒãããŒããã©ã³ã·ã³ã°æ©èœã«ãããåä¿¡æ¥ç¶ (äŸ: SMTP ãŸã㯠HTTP ãã©ãã£ãã¯) ãã²ãŒããŠã§ ã€ã®èåŸã®è€æ°ãµãŒãã«åæ£ã§ããŸããè² è·åæ£ã¯ãéä¿¡å IP ã¢ãã¬ã¹ã«åºã¥ããŠã1æéæç¶ ããŠè¡ãããŸããåãéä¿¡å IP ã¢ãã¬ã¹ããéä¿¡ããã 2ã€ã®èŠæ±ã®ééããã®æç¶æéãäž åããšããã©ã³ã·ã³ã°ã¯å決å®ãããŸãããã©ãã£ãã¯ã®åæ£ã¯åçŽãªã©ãŠã³ãããã³ã¢ã«ãŽãªãºã ã«åºã¥ããŠããŸãã ãµãŒãããŒã«ã®ãã¹ãŠã®ãµãŒã㯠ICMP pingãTCP æ¥ç¶ã®ç¢ºç«ããŸã㯠HTTP/S èŠæ±ã«ããç£èŠ ãããŸããé害ãçºçãããšã圱é¿ãåãããµãŒãã¯è² è·åæ£ã«äœ¿çšãããªããªããåé¡ãšèãã ããéä¿¡å IP ã®æç¶æ§ã¯åŽäžãããŸãã 泚 â HTTP/S èŠæ±ã®ãªã¿ãŒã³ã³ãŒã㯠1xx Informationalã2xx Successã3xx RedirectionããŸã㯠4xx Client Error ã®ããããã§ããããšãå¿ èŠã§ãããã®ä»ã®ãã¹ ã®ãªã¿ãŒã³ã³ãŒãã¯é害ã®çºçãæå³ããŸãã 8.4.1 åæ£ã«ãŒã« ããããã¯ãŒã¯ãããã¯ã·ã§ã³ > ãµãŒãããŒããã©ã³ã·ã³ã° > è² è·åæ£ã«ãŒã« ãã¿ãã§ãSophos UTM㜠ãããŠã§ã¢ã®è² è·åæ£ã«ãŒã«ãäœæã§ããŸããã«ãŒã«ã®äœæåŸããµãŒãéã§ã®éã¿åæ£ãè¿œå ã§å®çŸ©ããã€ã³ã¿ãã§ãŒã¹ããŒã·ã¹ã¿ã³ã¹ãèšå®ããããšãã§ããŸãã 242 UTM 9 管çã¬ã€ã 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ 8.4 ãµãŒãããŒããã©ã³ã·ã³ã° è² è·åæ£ã®ã«ãŒã«ãäœæããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ãè² è·åæ£ã«ãŒã« ãã¿ãã§ããæ°èŠè² è·åæ£ã«ãŒã« ããã¯ãªãã¯ããŸãã ãæ°èŠè² è·åæ£ã«ãŒã«ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ãµãŒãã¹:è² è·åæ£ãããããã¯ãŒã¯ãµãŒãã¹ãéžæããŸãã ä»®æ³ãµãŒã:åä¿¡ãã©ãã£ãã¯ã®å ã®ã¿ãŒã²ãããã¹ãããã®ã¢ãã¬ã¹ã¯éåžžãã²ãŒããŠã§ã€ã® å€éšã¢ãã¬ã¹ãšåãã«ãªããŸãã ããã¯ãšã³ããµãŒã:代ããã«ãµãŒãã¹ã®ãã©ãã£ãã¯ãåãä»ãããã¹ãã ãã§ãã¯å¯Ÿè±¡:ãµãŒãã¹ã®ã¢ãã¿ãªã³ã°çšã«ãTCP ã(TCP æ¥ç¶ã®ç¢ºç«)ããUDP ã(UDP æ¥ç¶ã®ç¢º ç«)ããPingã(ICMP Ping)ããHTTP ãã¹ãã(HTTP èŠæ±)ããŸãã¯ãHTTPS ãã¹ãã(HTTPS èŠæ±) ã®ãããããéžæããŸãããUDP ãã䜿çšããå Žåãping èŠæ±ãæåã«éä¿¡ãããæåãã å Žåã¯ãç¶ããŠãã€ããŒã 0 ã® UDP ãã±ãããéä¿¡ãããŸããping ãæåããªãã£ãå Žå ããICMP ããŒãã«å°éã§ããªãå Žåããã®ãµãŒãã¯ããŠã³ããŠãããšã¿ãªãããŸããHTTP ããã³ HTTPS èŠæ±ã®å Žåã¯ããURLããå ¥åã§ããŸãããã¹ãåã¯æå®ããŠãããªããŠãæ§ã ãŸãã (äŸ: index.html ããã㯠http://www.example.com/index.html)ã éé:ãã§ãã¯ééãç§åäœã§å ¥åããŸããããã©ã«ã㯠15ç§ã§ããã€ãŸã 15ç§ããšã«ããã¹ ãŠã®æ¬ãµãŒãã®å¥å šæ§ç¶æ ããã§ãã¯ãããŸãã ã¿ã€ã ã¢ãŠã:æ¬ãµãŒããå¿çãéä¿¡ããæ倧æéãç§åäœã§å ¥åããŸããæ¬ãµãŒãããã® æéå ã«å¿çããªãå Žåãããã (dead) ãšã¿ãªãããŸãã èªåãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã« (ä»»æ):ãã®ãã§ãã¯ããã¯ã¹ã¯ãã²ãŒããŠã§ã€ã«ãŒã«ãèªåç æããå Žåã«éžæããŸãããããã®ã«ãŒã«ã«ããããã©ãã£ãã¯ããã¹ãããå®éã®ãµãŒãã« éãããšãã§ããŸãã ä»®æ³ãµãŒãã¢ãã¬ã¹ã®ã·ã£ããããŠã³ (ä»»æ):ãã®ãã§ãã¯ããã¯ã¹ã¯ãè¿œå ã®ã¢ãã¬ã¹ãè² è· åæ£çšã®ä»®æ³ãµãŒããšããŠäœ¿çšããå Žå (ãã€ã³ã¿ãŒãã§ãŒã¹ > è¿œå ã¢ãã¬ã¹ ãã®ç« ãåç §) ã®ã¿ã«äœ¿çšã§ããŸãããã¹ãŠã®ãªã¢ã«ãµãŒããå©çšäžå¯ã«ãªã£ãå Žåãè¿œå ã¢ãã¬ã¹ã€ã³ ã¿ãã§ãŒã¹ã¯èªåçã«ã·ã£ããããŠã³ãããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããã«ãŒã«ããè² è·åæ£ ããªã¹ãã«è¡šç€ºãããŸãã 4. è² è·åæ£ã«ãŒã«ãæå¹ã«ããŸãã æ°ããã«ãŒã«ã¯ããã©ã«ãã§ç¡å¹ã«ãªã£ãŠããŸã (ãã°ã«ã¹ã€ããã¯ã°ã¬ãŒè¡šç€º)ãã«ãŒã«ã æå¹ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã UTM 9 管çã¬ã€ã 243 8.4 ãµãŒãããŒããã©ã³ã·ã³ã° 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ ããã§ã«ãŒã«ãæå¹ã«ãªããŸã (ãã°ã«ã¹ã€ããã¯ç·è²)ã ã«ãŒã«ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã äŸ:IP ã¢ãã¬ã¹ãããããã 192.168.66.10ã192.168.66.20 ã® 2å°ã® HTTP ãµãŒãã DMZ ã« ããå Žåãæ³å®ããŸããã²ãŒããŠã§ã€ã®å€éšã€ã³ã¿ãã§ãŒã¹ã§åä¿¡ãã HTTP ãã©ãã£ãã¯ãäž¡æ¹ã® ãµãŒãã«åçã«åæ£ããããšä»®å®ããŸããè² è·åæ£ã«ãŒã«ãã»ããã¢ããããã«ã¯ãåãµãŒãã®ã ã¹ãå®çŸ©ãéžæãããã¯äœæããŸãããããã http_server_1 ããã³ http_server_2 ãšããŸãã次ã«ã ãæ°èŠè² è·åæ£ã«ãŒã«ã®äœæ ããã€ã¢ãã°ããã¯ã¹ã§ãããµãŒãã¹ ããšããŠãHTTP ããéžæããŸãããã ã«ããä»®æ³ãµãŒã ããšããŠã²ãŒããŠã§ã€ã®å€éšã¢ãã¬ã¹ãéžæããŸããæåŸã«ãããªã¢ã«ãµãŒã ããã㯠ã¹ã«ãã¹ãå®çŸ©ãå ¥åããŸãã éã¿åæ£ããã³ã€ã³ã¿ãã§ãŒã¹ããŒã·ã¹ã¿ã³ã¹ è² è·åæ£ãµãŒãéã§éã¿ãåæ£ãããããã®éã«ã€ã³ã¿ãã§ãŒã¹ããŒã·ã¹ã¿ã³ã¹èšå®ããã«ã¯ã以 äžã®æé ã«åŸã£ãŠãã ããã 1. è² è·åæ£ã«ãŒã«ã®ãç·šé ããã¿ã³ãã¯ãªãã¯ããŸãã ãè² è·åæ£ã«ãŒã«ã®ç·šé ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. ãããã¯ãšã³ããµãŒã ãããã¯ã¹ã®ãããã§ãã¹ã±ãžã¥ãŒã©ããã¿ã³ãã¯ãªãã¯ããŸãã ãã¹ã±ãžã¥ãŒã©ãç·šé ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 3. 次ã®èšå®ãè¡ããŸãã å é:å éãšã¯ããããµãŒããåŠçãããã©ãã£ãã¯éãä»ã®ãµãŒãã«å¯ŸããŠçžå¯Ÿçã«ç€ºã ãã®ã§ã0ïœ100 ã®éã§èšå®ã§ããŸããå éã©ãŠã³ãããã³ã¢ã«ãŽãªãºã ã䜿çšãããå€ã倧 ããã»ã©ã該åœãµãŒãã«ã«ãŒãã£ã³ã°ããããã©ãã£ãã¯ãå€ããªããŸããçžå¯Ÿçãªå€ã§ãã ãããåèšã㊠100ã«ããå¿ èŠã¯ãããŸãããããšãã°ããµãŒã 1 ã®å€ã 100 ã«ããµãŒã 2 ã® å€ã 50 ã«ããµãŒã 3 ã®å€ã 0 ã«èšå®ããããšãªã©ãã§ããŸãããã®å ŽåããµãŒã 2 ã®ãã© ãã£ãã¯éã¯ãµãŒã 1 ã®ååãšãªãããµãŒã 3 ã¯ä»ã®ãµãŒãã䜿çšå¯èœã§ãªãå Žåã«ã®ã¿ 䜿çšãããŸãã0 ã®å€ã¯ãããå€ã倧ããä»ã®ãµãŒããåžžã«äœ¿çšãããããšã瀺ããŸã (ä» ã®ã€ã³ã¿ãã§ãŒã¹ã䜿çšå¯èœã§ããã°)ã ããŒã·ã¹ã¿ã³ã¹:ã€ã³ã¿ãã§ãŒã¹ããŒã·ã¹ã¿ã³ã¹ãšã¯ãã¯ã©ã€ã¢ã³ãããã®åŸç¶ã®æ¥ç¶ãåžžã« åãã¢ãããªã³ã¯ã€ã³ã¿ãã§ãŒã¹çµç±ã§ã«ãŒãã£ã³ã°ãããããã«ããæè¡ã§ããããŒã·ã¹ã¿ã³ ã¹ã®ããã©ã«ãã®ã¿ã€ã ã¢ãŠãæé㯠1æéã§ãããã®è² è·åæ£ã«ãŒã«ã®ã€ã³ã¿ãã§ãŒã¹ ããŒã·ã¹ã¿ã³ã¹ãç¡å¹åããããšãã§ããŸãã 4. ãä¿å ããã¯ãªãã¯ããŸãã ãã¹ã±ãžã¥ãŒã©ã®ç·šé ããã€ã¢ãã°ããã¯ã¹ãçµäºããèšå®ãä¿åãããŸãã 5. ãä¿å ããã¯ãªãã¯ããŸãã ãè² è·åæ£ã«ãŒã«ã®ç·šé ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 244 UTM 9 管çã¬ã€ã 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ 8.5 VoIP 8.5 VoIP VoIP (Voice over Internet Protocol) ã¯ãã€ã³ã¿ãŒããããŸãã¯ä»ã® IP ããŒã¹ã®ãããã¯ãŒã¯ãéãã é³å£°äŒè©±ã®ã«ãŒãã£ã³ã°ã§ããSophos UTMã¯ãIP ãããã¯ãŒã¯äžã§é³å£°ä¿¡å·ãäŒéããããã«æ ããã䜿çšããã次ã®ãããã³ã«ã®ãµããŒããæäŸããŠããŸãã l SIP l H.323 8.5.1 SIP Session Initiation Protocol (SIP) 㯠2ã€ä»¥äžã®éä¿¡ããŒãããŒéã®ã»ãã·ã§ã³ã®èšå®ãå€æŽãããã³ çµäºã®ããã®ä¿¡å·ãéããããã³ã«ã§ããSIP ã¯äž»ã«é³å£°ãŸãã¯ãããªé話ã®ç¢ºç«ãšçµäºåŠç㫠䜿çšããŸããSIP ã䜿çšããã«ã¯ããŸãã䜿çšããŠãã IP ã¢ãã¬ã¹ãš URL ããISP ã§ç»é²ããå¿ èŠ ããããŸãã SIP ã¯ãããŒã 5060 㧠UDP ã TCP ã䜿çšããŠãã¡ãã£ã¢ããŒã¿ (ãããªãé³å£°) ããšã³ ããã€ã³ãéã§äº€æããéã«äœ¿çšãã IP ã¢ãã¬ã¹ãšããŒãçªå·ã瀺ããŸãããã¹ãŠã®ã¢ãã¬ã¹ã«å¯Ÿã ãŠãã¹ãŠã®ããŒããéããšã»ãã¥ãªãã£ã«é倧ãªåé¡ãçãããããSIP ãã©ãã£ãã¯ã¯ãé«åºŠãªæ¹æ³ ã§ã²ãŒããŠã§ã€ã§åŠçãããŸããããã¯ãç¹å¥ãªã³ãã¯ã·ã§ã³ãã©ããã³ã°ãã«ãã«ãã£ãŠå®çŸã㟠ãããã®ãã«ãã¯å¶åŸ¡ãã£ãã«ãã¢ãã¿ãªã³ã°ããã©ã®åçããŒããçŸåšäœ¿çšãããŠããããå€æ ããŠãå¶åŸ¡ãã£ãã«ãããžãŒã§ãããšãã¯ãããã®ããŒãã®ã¿ããã©ãã£ãã¯ãééããããã«ã㟠ãããããè¡ãããã«ãSIP ãããã³ã«ãä»ããéä¿¡ãå¯èœã«ããé©åãªãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ã äœæããããã«ãSIP ãµãŒããããã¯ãŒã¯ãš SIP ã¯ã©ã€ã¢ã³ããããã¯ãŒã¯å®çŸ©ã®äž¡æ¹ãæå®ããå¿ èŠããããŸãã SIPãããã³ã«ã®ãµããŒããæå¹ã«ããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ãSIP ãã¿ãã§ãSIP ãããã³ã«ã®ãµããŒããæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«ãªãããã°ããŒãã« SIP èšå® ããšãªã¢ãç·šéå¯èœã«ãªããŸãã 2. 次ã®èšå®ãè¡ããŸãã SIP ãµãŒããããã¯ãŒã¯:ããã§ãSIP ã¯ã©ã€ã¢ã³ãã®æ¥ç¶å ãšããŠèš±å¯ããã SIP ãµãŒã (ISP ãæäŸ) ãéžæããŸããã»ãã¥ãªãã£äžã®çç±ããããä»»æ ãã¯éžæããªãã§ãã ããã SIP ã¯ã©ã€ã¢ã³ããããã¯ãŒã¯:SIP éä¿¡ã®éå§ãå¿çãèš±å¯ããã SIP ã¯ã©ã€ã¢ã³ãã®ãã¹ã/ ãããã¯ãŒã¯ãéžæããŸããSIP ã¯ã©ã€ã¢ã³ããšã¯ LAN å ã®ãšã³ããã€ã³ãã§ãããä»ã® SIP 㯠ã©ã€ã¢ã³ããšã®ãªã¢ã«ã¿ã€ã ãªåæ¹åéä¿¡ã«é¢äžããŸãã UTM 9 管çã¬ã€ã 245 8.5 VoIP 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ åŸ æ©ã¢ãŒã:éä¿¡ã»ãã·ã§ã³ã®ãã§ãã¯ã¬ãã«ãæå®ããŸãã l å³å¯:ISP ã®ã¬ãžã¹ãã© (ãREGISTER SIPãã¡ãã»ãŒãžã®éä¿¡å IP ã¢ãã¬ã¹) ããã®çä¿¡ é話ã®ã¿èš±å¯ããŸããããã«ãUTM ã¯ãéä¿¡ãããšã³ããã€ã³ã (SIP ã¡ãã»ãŒãžã亀æ ããããã€ã¹) ããã®ã¡ãã£ã¢ (é³å£°ããããª) ããŒã¿ã»ãã·ã§ã³ã®ã¿ãèš±å¯ããŸããSIP ã¡ãã»ãŒãžãšã¯ç°ãªã IP ã¢ãã¬ã¹ããã¡ãã£ã¢ããŒã¿ã éä¿¡ãããããã€ãããããŸã ããããã¯ãUTM ã«ãã£ãŠæåŠãããŸãã l ã¯ã©ã€ã¢ã³ã/ãµãŒããããã¯ãŒã¯:å®çŸ©æžã¿ã®ãã¹ãŠã® SIP ãµãŒããããã¯ãŒã¯ãã¯ã© ã€ã¢ã³ããããã¯ãŒã¯ããã®çä¿¡é話ãèš±å¯ããŸããIP ã¢ãã¬ã¹ããå®çŸ©æžã¿ã® SIP ãµãŒããããã¯ãŒã¯ãã¯ã©ã€ã¢ã³ããããã¯ãŒã¯ã«æå±ããå ŽåãSIP ã¡ãã»ãŒãžãé ä¿¡ãã IP ã¢ãã¬ã¹ãšã¯ç°ãªã IP ã¢ãã¬ã¹ããã®ã¡ãã£ã¢ããŒã¿ãèš±å¯ããŸãã l ä»»æ:ããããã¢ãã¬ã¹ããã®çä¿¡é話ããã³ã¡ãã£ã¢ããŒã¿ãèš±å¯ããŸãã 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã èšå®ããã£ã³ã»ã«ããã«ã¯ãã¢ã³ããŒè²ã®ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã 8.5.2 H.323 H.323 ãšã¯ãITU-T (åœéé»æ°éä¿¡é£å) ãå ¬éããåœéãã«ãã¡ãã£ã¢éä¿¡ãããã³ã«æšæºã§ã ãããããããã±ãã亀æ網äžã§é³å£°ã»æ åéä¿¡ã»ãã·ã§ã³ãæäŸãããããã³ã«ãèŠå®ããŠã㟠ããH.323 ã¯ãVoIP (ãã€ã¹ãªãŒã㌠IP) ã IP ããŒã¹ã®ãã¬ãäŒè°ã§äžè¬çã«äœ¿çšãããŸãã H.323 ã§ã¯ãããŒã1720 㧠TCP ã䜿çšããŠããšã³ããã€ã³ãéã§äœ¿çšããåçããŒãç¯å²ãã³ãŒã« ã®ã»ããã¢ããæã«ããŽã·ãšãŒãããŸããåçç¯å²å ã§ãã¹ãŠã®ããŒããéããšãã»ãã¥ãªãã£äžã§é 倧ãªåé¡ãçºçãããããã²ãŒããŠã§ã€ã¯ã€ã³ããªãžã§ã³ãããŒã¹ã§ H.323 é¢é£ã®ãã©ãã£ãã¯ãèš±å¯ ããããšãã§ããŸããããã¯ãç¹å¥ãªã³ãã¯ã·ã§ã³ãã©ããã³ã°ãã«ãã«ãã£ãŠå®çŸããŸãããã®ãã« ãã¯å¶åŸ¡ãã£ãã«ãã¢ãã¿ãªã³ã°ããã©ã®åçããŒããçŸåšäœ¿çšãããŠããããå€æããŠãå¶åŸ¡ ãã£ãã«ãããžãŒã§ãããšãã¯ãããã®ããŒãã®ã¿ããã©ãã£ãã¯ãééããããã«ããŸãããã®ç®ç ãéæããããã«ã¯ãH.323 ãããã³ã«ã§ã®éä¿¡ãå¯èœã«ããé©åãªãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ãäœ æããããã«ãH.323 ã²ãŒãããŒããšã¯ã©ã€ã¢ã³ããããã¯ãŒã¯å®çŸ©ã®äž¡æ¹ãæå®ããå¿ èŠããã㟠ãã H.323 ãããã³ã«ã®ãµããŒããæå¹ã«ããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ãH.323ãã¿ãã§ãH.323 ãããã³ã«ã®ãµããŒããæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«ãªãããã°ããŒãã« H.323 èšå® ããšãªã¢ãç·šéå¯èœã«ãªã㟠ãã 246 UTM 9 管çã¬ã€ã 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ 8.6 詳现 2. 次ã®èšå®ãè¡ããŸãã H.323 ã²ãŒãããŒã:H.323 ã²ãŒãããŒããéžæããŸããH.323 ã²ãŒãããŒãã¯ããŸãŒã³å ã®ã ã¹ãŠã® H.323 ã¯ã©ã€ã¢ã³ã (ãã€ã¯ããœããã® NetMeeting ãªã©ã®ãšã³ããã€ã³ã) ãã³ã³ãããŒã« ããŸããããå ·äœçã«ã¯ãã²ãŒãããŒã㯠LAN äžã®ãŸãŒã³å ã®ãã¹ãŠã® H.323 ã³ãŒã«ã«å¯Ÿã ãã¢ãã¿ãšããŠæ©èœããŸããã²ãŒãããŒãã®æéèŠã¿ã¹ã¯ã¯ãã·ã³ãã«ãšã€ãªã¢ã¹ã¢ãã¬ã¹ãš IP ã¢ãã¬ã¹ãšã®å€æã§ãã H.323 ã¯ã©ã€ã¢ã³ã:ããã§ãH.323 æ¥ç¶ãéå§ããå ã®ãã¹ã/ãããã¯ãŒã¯ãšå®å ã®ãã¹ã/ ãããã¯ãŒã¯ãéžæã§ããŸããH.323 ã¯ã©ã€ã¢ã³ããšã¯ LAN å ã®ãšã³ããã€ã³ãã§ãããä»ã® H.323 ã¯ã©ã€ã¢ã³ããšã®ãªã¢ã«ã¿ã€ã ãªåæ¹åéä¿¡ã«é¢äžããŸãã å³å¯ã¢ãŒããæå¹å (ä»»æ):ã»ãã¥ãªãã£ã匷åããã«ã¯ããã®ãªãã·ã§ã³ãéžæããŸãããã ããISP ãšã®æ¥ç¶ã§åé¡ãçºçããå Žåã¯ãå³æ Œã¢ãŒããç¡å¹ã«ããŠãã ããã 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã èšå®ããã£ã³ã»ã«ããã«ã¯ãã¢ã³ããŒè²ã®ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã 8.6 詳现 ããããã¯ãŒã¯ãããã¯ã·ã§ã³ > 詳现 ãã¡ãã¥ãŒã®ã¿ãã䜿çšãããšããžã§ããªãã¯ãããã·ãSOCKS ãã ãã·ãIDENT ãªããŒã¹ãããã·ãªã©è¿œå ã®ãããã¯ãŒã¯ãããã¯ã·ã§ã³æ©èœãèšå®ããããšãã§ã㟠ãã 8.6.1 ãžã§ããªãã¯ãããã· ãžã§ããªãã¯ãããã· (å¥åãããŒããã©ã¯ãŒãã) ã¯ãDNAT ãšãã¹ã«ã¬ãŒãã£ã³ã°ã®äž¡æ©èœãçµã¿å ãããŠãããç¹å®ã®ãµãŒãã¹ãžã®ãã¹ãŠã®åä¿¡ãã©ãã£ãã¯ãä»»æã®ãµãŒãã«è»¢é (ãã©ã¯ãŒã㣠ã³ã°) ããŸããæšæº DNAT ãšã®éãã¯ããžã§ããªãã¯ãããã·ã§ã¯å€éšãžã®æ¥ç¶æã«ããªã¯ãšã¹ãã® éä¿¡å IP ã¢ãã¬ã¹ãã€ã³ã¿ãã§ãŒã¹ã® IP ã¢ãã¬ã¹ã«æžãæããç¹ã§ããããã«ãå®å (ã¿ãŒã²ãã) ããŒãçªå·ãå€æŽããããšãã§ããŸãã ãžã§ããªãã¯ãããã·ã«ãŒã«ãè¿œå ããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ããžã§ããªãã¯ãããã· ãã¿ãã§ããæ°èŠãžã§ããªãã¯ãããã·ã«ãŒã« ããã¯ãªãã¯ããŸãã ãæ°èŠãžã§ããªãã¯ãããã·ã«ãŒã«ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ã€ã³ã¿ãã§ãŒã¹:åä¿¡æ¥ç¶ã®ã€ã³ã¿ãã§ãŒã¹ãéžæããŸãã UTM 9 管çã¬ã€ã 247 8.6 詳现 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ ãµãŒãã¹:ãããã·ã䜿çšãããã©ãã£ãã¯ã®ãµãŒãã¹å®çŸ©ãéžæããŸãã ãã¹ã:ãã©ãã£ãã¯ã®è»¢éå ãšããã¿ãŒã²ãããã¹ããéžæããŸãã ãµãŒãã¹:ãããã·ã䜿çšãããã©ãã£ãã¯ã®ã¿ãŒã²ãããµãŒãã¹ãéžæããŸãã èš±å¯ãããã¯ãŒã¯:ããŒã転éãé©çšãããããã¯ãŒã¯ãéžæããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããã«ãŒã«ãããžã§ããªãã¯ãããã· ãã«ãŒã«ãªã¹ãã«è¡šç€ºãããŸãã 4. ãžã§ããªãã¯ãããã·ã«ãŒã«ãæå¹ã«ããŸãã æ°ããã«ãŒã«ã¯ããã©ã«ãã§ç¡å¹ã«ãªã£ãŠããŸã (ãã°ã«ã¹ã€ããã¯ã°ã¬ãŒè¡šç€º)ãã«ãŒã«ã æå¹ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ããã§ã«ãŒã«ãæå¹ã«ãªããŸã (ãã°ã«ã¹ã€ããã¯ç·è²)ã ã«ãŒã«ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 8.6.2 SOCKS ãããã· SOCKS ãšã¯ãã¯ã©ã€ã¢ã³ããµãŒãåã¢ããªã±ãŒã·ã§ã³ããããã¯ãŒã¯ãã¡ã€ã¢ãŠã©ãŒã«ã®ãµãŒãã¹ã ééçã«äœ¿çšã§ããããã«ããã€ã³ã¿ãŒããããããã³ã«ã§ãããã¡ã€ã¢ãŠã©ãŒã«å ã«ããå€ãã®ã¯ã© ã€ã¢ã³ãã¢ããªã±ãŒã·ã§ã³ããã€ã³ã¿ãŒãããäžã®ãã¹ããšéä¿¡ããããã«äœ¿çšããŸããäŸãšã㊠ã¯ãIRC/ã€ã³ã¹ã¿ã³ãã¡ãã»ãŒãžã³ã°ã¯ã©ã€ã¢ã³ããFTP ã¯ã©ã€ã¢ã³ãããWindows SSH/Telnet ã¯ã©ã€ã¢ ã³ãã§ãããã¡ã€ã¢ãŠã©ãŒã«ã®å åŽã«ãããããã®ã¯ã©ã€ã¢ã³ãã¯ãå€åŽã«ãããµãŒãã«ã¢ã¯ã»ã¹ã ããå Žåããã®ä»£ããã« SOCKS ãããã·ãµãŒãã«æ¥ç¶ããŸãããã®ãããã·ãµãŒãã¯ãã¯ã©ã€ã¢ã³ ããå€éšãµãŒãã«ã¢ã¯ã»ã¹ããé©æ Œæ§ãã³ã³ãããŒã«ããèŠæ±ããµãŒãã«åãæž¡ããŸããã¯ã©ã€ã¢ã³ ãã¢ããªã±ãŒã·ã§ã³ã¯ãSOCKS 4 ãŸã㯠SOCKS 5 ãšãããããã³ã«ããŒãžã§ã³ãæ瀺çã«ãµããŒãã ãŠããå¿ èŠããããŸãã SOCKS ã®ããã©ã«ãããŒã㯠1080 ã§ããã»ãŒãã¹ãŠã®ã¯ã©ã€ã¢ã³ãã«ãã®ããã©ã«ãããŒãèšå®ã å°å ¥ãããŠãããããéåžžã¯èšå®äžèŠã§ããSOCKS ãš NAT ã®éãã¯ãSOCKS ãããã€ã³ããèŠæ± (ã¯ã©ã€ã¢ã³ãã®ä»£ããã«ããŒãã§ãªã¹ã³ããæ©èœãããããªã¯ã©ã€ã¢ã³ãã ããããããµããŒãã㊠ããŸã) ããµããŒãããŠãããSOCKS 5 ã§ã¯ãŠãŒã¶èªèšŒãå¯èœã§ããç¹ã§ãã SOCKS ãããã·ãæå¹ã«ããå Žåããããã·ãžã®ã¢ã¯ã»ã¹æš©ããã 1ã€ä»¥äžã®ãããã¯ãŒã¯ãå®çŸ© ããªããã°ãªããŸããããŠãŒã¶èªèšŒãå¿ èŠã§ããå ŽåãSOCKS ãããã·ã®äœ¿çšãèš±å¯ãããŠãŒã¶ ãŸãã¯ã°ã«ãŒããéžæããå¿ èŠããããŸãã 248 UTM 9 管çã¬ã€ã 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ 8.6 詳现 泚 â ãŠãŒã¶èªèšŒã䜿çšããªãå ŽåãSOCKS ãããã·ã¯ SOCKS 4 ãããã³ã«ãš SOCKS 5 ãããã³ã« ã®äž¡æ¹ã§äœ¿çšã§ããŸãããŠãŒã¶èªèšŒãéžæããå ŽåãSOCKS 5 ã®ã¿ãæ©èœããŸãããããã·ã« SOCKS 5 ã¢ãŒãã§ãã¹ãåã解決ãããå ŽåãDNS ãããã·ãæå¹ã«ããå¿ èŠããããŸããæå¹ ã«ããªããšãDNS 解決ã¯å€±æããŸãã SOCKS ãããã·ãèšå®ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ãSOCKS ãããã· ãã¿ãã§ãSOCKS ãããã·ãæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«ãªãããSOCKS ãããã·ãªãã·ã§ã³ããšãªã¢ãç·šéå¯èœã«ãªã ãŸãã 2. 次ã®èšå®ãè¡ããŸãã èš±å¯ãããã¯ãŒã¯:SOCKS ãããã·ã®äœ¿çšãèš±å¯ãããããã¯ãŒã¯ãéžæããŸãã ãŠãŒã¶èªèšŒã®æå¹å:ãã®ãªãã·ã§ã³ãéžæãããšããŠãŒã¶ã¯ SOCKS ãããã·ãžã®ãã°ã€ã³ æã«ãŠãŒã¶åãšãã¹ã¯ãŒããå ¥åããªããã°ãªããªããªããŸãããŠãŒã¶èªèšŒããµããŒãã㊠ããã®ã SOCKS 5 ã®ã¿ã§ãããããSOCKS 4 ã¯èªåçã«ç¡å¹ã«ãªããŸãã èš±å¯ãŠãŒã¶:SOCKS ãããã·ã®äœ¿çšãèš±å¯ãããŠãŒã¶ãŸãã¯ã°ã«ãŒããéžæããŸãã 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã 8.6.3 IDENTãªããŒã¹ãããã· IDENT ãããã³ã«ã¯ããªã¢ãŒããµãŒããã¢ã¯ã»ã¹å ã¯ã©ã€ã¢ã³ãã®èº«å ãç°¡åã«ç¢ºèªããããã«äœ¿ çšããŸããIDENT ãããã³ã«ã¯æå·åããããã¹ããŒãã£ã³ã°ãç°¡åã§ãããå€ãã®ãµãŒãã¹ã§ã¯ã ãŸã ã«ãã®ãããã³ã«ã䜿çšããŠãããå Žåã«ãã£ãŠã¯å¿ é ã§ãã IDENT ãªã¬ãŒãèšå®ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ãIDENT ãªããŒã¹ãããã· ãã¿ãã§ãIDENT ãªã¬ãŒãæå¹åããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããç·è²ã«ãªãããã°ããŒãã«èšå® ããšãªã¢ãç·šéå¯èœã«ãªããŸãã 2. 次ã®èšå®ãè¡ããŸãã å éšãã¹ããžã®è»¢é (ä»»æ):IDENT ã¯ãšãªã¯ã²ãŒããŠã§ã€ã®æ¥ç¶è¿œè·¡ã®å¯Ÿè±¡ã«ãªããªãã ãããã¹ã«ã¬ãŒãã£ã³ã°ã䜿çšãããŠããå Žåã¯é害ãçºçããŸããã²ãŒããŠã§ã€ã®å åŽã« ãããã¹ã«ã¬ãŒãã£ã³ã°ããããã¹ãã« IDENT ã¯ãšãªãåãæž¡ãããã«ã¯ããå éšãã¹ããžã® UTM 9 管çã¬ã€ã 249 8.6 詳现 8 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ 転é ããªãã·ã§ã³ãéžæããŸããå®éã® IP æ¥ç¶ã¯è»¢éãããŸããã代ããã«ãã²ãŒããŠã§ã€ ãå éšã¯ã©ã€ã¢ã³ãã« IDENT å¿çãèŠæ±ãããã®æååãèŠæ±å ãµãŒãã«è»¢éããŸããã ã®æ¹æ³ã¯ãäž»èŠ IRC ã¯ã©ã€ã¢ã³ããš FTP ã¯ã©ã€ã¢ã³ãã«çµã¿èŸŒãŸãã倧éšåã®ããã IDENTã ãµãŒãã§æ©èœããŸãã ããã©ã«ãå¿ç:IDENT ãªã¬ãŒãæå¹ã«ãããšãã²ãŒããŠã§ã€ã¯ IDENT èŠæ±ãžã®å¿çããµã㌠ãããŸããã·ã¹ãã ã¯ãæ¥ç¶ãéå§ããããŒã«ã«ãµãŒãã¹ãåããåžžã«ããããã©ã«ãå¿ç ã ããã¯ã¹ã«å ¥åããæååã§å¿çããŸãã 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã 250 UTM 9 管çã¬ã€ã 9 Web ãããã¯ã·ã§ã³ ãã®ç« ã§ã¯ãSophos UTMã®åºæ¬ç㪠Web ãããã¯ã·ã§ã³æ©èœãèšå®ããæ¹æ³ã説æããŸãã ãã®ç« ã§ã¯ã次ã®ãããã¯ã«ã€ããŠèª¬æããŸãã l Web ãã£ã«ã¿ãªã³ã° l Web ãã£ã«ã¿ãªã³ã°ãããã¡ã€ã« l ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã« l FTP ãããã· Webadmin ã®ãWeb ãããã¯ã·ã§ã³çµ±èš ãããŒãžã«ã¯ãæéããã©ãã£ãã¯ããªãã³ã«äžäœãŠãŒã¶ã®ã¢ã¯ ã»ã¹ç¶æ³ã«åºã¥ããæã䜿çšé »åºŠã®é«ãã¢ããªã±ãŒã·ã§ã³ããã³ã¢ããªã±ãŒã·ã§ã³ã«ããŽãªããŸãã æãã¢ã¯ã»ã¹ã®å€ããã¡ã€ã³ã®æŠèŠã衚瀺ãããŸããããã«ããããã¯ãããäžäœWeb ãµã€ãã«ã㎠ãªã衚瀺ãããŸããåã»ã¯ã·ã§ã³ã«ã¯ã詳现 ããªã³ã¯ããããŸãã ãªã³ã¯ãã¯ãªãã¯ãããš WebAdmin 㮠該åœããã¬ããŒãã»ã¯ã·ã§ã³ã衚瀺ããã詳现ãªçµ±èšæ å ±ãåç §ã§ããŸãã ãäžäœã¢ããªã±ãŒã·ã§ã³ãã»ã¯ã·ã§ã³ã§ã¯ãã¢ããªã±ãŒã·ã§ã³åã®äžã«ã«ãŒãœã«ãåããããšãè¿œå æ© èœã 1ã€ãŸã㯠2ã€è¡šç€ºãããŸãã l Block ã¢ã€ã³ã³ãã¯ãªãã¯ãããšãçŸæç¹ãã該åœã¢ããªã±ãŒã·ã§ã³ããããã¯ãããŸãã ãã ã«ããããã¢ããªã±ãŒã·ã§ã³ ã³ã³ãããŒã« ãããŒãžã«ã«ãŒã«ãäœæãããŸãããã®ãªãã·ã§ã³ ã¯ãSophos UTMã®æ£åžžãªãªãã¬ãŒã·ã§ã³ã«å¿ èŠãªã¢ããªã±ãŒã·ã§ã³ã«å¯ŸããŠã¯å©çšã§ããŸã ããããšãã°ãWebAdmin ãã©ãã£ãã¯ã¯ãããã¯ã§ããŸãããããããããã¯ãããšããŠãŒã¶èª 身ã WebAdmin ããã·ã£ããã¢ãŠããããŠããŸããŸããæªåé¡ã®ãã©ãã£ãã¯ããããã¯ã§ã㟠ããã l Shape ã¢ã€ã³ã³ãã¯ãªãã¯ãããšãåœè©²ã¢ããªã±ãŒã·ã§ã³ã®ãã©ãã£ãã¯ã·ã§ãŒãã³ã°ãæå¹ã«ãª ããŸãã ãã€ã¢ãã°ãŠã£ã³ããŠãéããã«ãŒã«èšå®ãå®çŸ©ããããèŠæ±ãããŸããå®äºããã ãä¿å ããã¯ãªãã¯ããŸããããã«ãããããã©ãã£ãã¯ã»ã¬ã¯ã¿ãããã³ã垯åå¹ ããŒã« ãããŒãžã« ã«ãŒã«ãäœæãããŸãã ã·ã§ãŒãã³ã°ã¯ã€ã³ã¿ãã§ãŒã¹åäœã§æ©èœãããããããã¹ãŠã®ã€ã³ã¿ãã§ãŒã¹ ããããŒã¢ãã¿ ãé²èŠ§ããŠããéã¯ãã©ãã£ãã¯ã·ã§ãŒãã³ã°ãå©çšã§ããŸããã 泚 â åéããã Web ãµãŒãã£ã³ããŒã¿ã¯ã»ãã·ã§ã³ããŒã¹ã§ããè¿äŒŒå€ãåŸãããã«ãäžäœãã¡ã€ ã³ããã³ãŠãŒã¶ã®ãã¹ãŠã®ããŒã¿ã以äžã®ããã«åéãããŸããå Web èŠæ±ã¯ããã©ãã£ãã¯é ããã³èŠæ±ééãèæ ®ã«å ¥ããŠãã°ãããŸãã5åéã¢ã¯ãã£ããã£ããªãããŠãŒã¶ãããã¯ãã¡ã€ ã³ã«å¯ŸããèŠæ±ãèšé²ãããªããšããã®ã»ãã·ã§ã³ã¯çµäºãããã®ãšã¿ãªãããŸãã5åéã¢ã¯ 9.1 Web ãã£ã«ã¿ãªã³ã° 9 Web ãããã¯ã·ã§ã³ ãã£ããã£ããªãå Žåã§ããŠãŒã¶ããŸã Web ããŒãžã衚瀺ããŠããå¯èœæ§ãèããŠããçµéæé ã ã®å€ã«ã¯åžžã« 1åäœèšã«è¿œå ãããŸããã¬ããŒãã£ã³ã°ããŒã¿ã¯ 15åããšã«æŽæ°ãããŸãã ã¯ã©ã€ã¢ã³ããç¡å¹ãª URL ãèŠæ±ããå ŽåãWeb ãã£ã«ã¿ã¯ãã®èŠæ±ããã°ããŸããããã®èŠæ± ã«å¿ããããšã¯ã§ããŸããããããã®ãªã³ã¯ã¯ãWeb ãããã¯ã·ã§ã³çµ±èš ãããŒãžã§ãšã©ãŒãšããŠèš äžãããŸãããããã¯ã¬ããŒãã£ã³ã°ã Web ãã£ã«ã¿ã®ãšã©ãŒã§ã¯ãªããã»ãšãã©ã®å ŽåãããŒãž äœæè ã Web ã³ã³ãã³ãã«ç¡å¹ãŸãã¯äžæ£ãªãªã³ã¯ãé 眮ããããã«çºçããŸãã 9.1 Web ãã£ã«ã¿ãªã³ã° ãWeb ãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã°ãã¡ãã¥ãŒã®ã¿ãã䜿çšãããšãSophos UTMãœãããŠã§ã¢ã HTTP/S ãã£ãã·ã³ã°ãããã·ãšããŠèšå®ããããšãã§ããŸããSophos UTMã® HTTP/S ãããã·ã¯ã ã·ã³ãã«ãªãã£ãã·ã³ã°ã«å ããHTTP/S ã®äœ¿çšãèš±å¯ãããŠãããããã¯ãŒã¯ã«å¯ŸããŠè±å¯ãª Web ãã£ã«ã¿æè¡ãæäŸããŠããŸããããã«ã¯ãã·ã°ããã£ããŒã¿ããŒã¹ãšã¹ãã€ãŠã§ã¢ãã£ã«ã¿ãªã³ ã°æè¡ãå®æçã«æŽæ°ããã2ã€ã®ç°ãªããŠã€ã«ã¹ã¹ãã£ã³ãšã³ãžã³ã䜿çšãããŠã€ã«ã¹ããã³ã¹ ãã€ãŠã§ã¢ææã®é²åŸ¡æ©èœããããåä¿¡ãã©ãã£ãã¯ãšéä¿¡ãã©ãã£ãã¯ã®äž¡æ¹ãä¿è·ããŸãããã ã«Sophos UTMã§ã¯ãé«åºŠãª Web ãµã€ãåé¡ãæ¡çšããŠãããäžçæ倧ã®ãªã¢ã«ã¿ã€ã URL ããŒã¿ ããŒã¹ã䜿çšããŠããŸããŸãª Web ããŒãžãžã®ã¢ã¯ã»ã¹ãã³ã³ãããŒã«ã§ããŸããSophos ã®ãšã³ãã〠ã³ããœãããŠã§ã¢ãšåãããŠäœ¿çšããããšã§ãSophos UTM ã¯å€éšãããã¯ãŒã¯ã«ãããšã³ããã€ã³ãã ã·ã³ã§ãåã Web ããªã·ãŒãé©çšããç£èŠããããšãã§ããŸãããšã³ããã€ã³ã Web ã³ã³ãããŒã« ãæ å¹ã«ããã«ã¯ãããšã³ããã€ã³ããããã¯ã·ã§ã³ > Web ã³ã³ãããŒã« ããåç §ããŠãã ããã 9.1.1 ã°ããŒãã« ãWeb ãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã° > ã°ããŒãã« ãã¿ãã§ã¯ãWeb ãã£ã«ã¿ã®ã°ããŒãã«èšå®ã å®è¡ã§ããŸãã Web ãã£ã«ã¿ãèšå®ããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãã°ããŒãã« ãã¿ãã§ãWeb ãã£ã«ã¿ãæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããç·è²ã«ãªãããã°ããŒãã« Web ãã£ã«ã¿ãªã³ã°èšå® ããšãªã¢ãç·šéå¯èœã«ãª ããŸãã 2. èš±å¯ãããããã¯ãŒã¯ãéžæããŸãã 252 UTM 9 管çã¬ã€ã 9 Web ãããã¯ã·ã§ã³ 9.1 Web ãã£ã«ã¿ãªã³ã° Web ãã£ã«ã¿ã®äœ¿çšãèš±å¯ãããããã¯ãŒã¯ãéžæããŸããããã©ã«ãã§ãWeb ãã£ã«ã¿ã¯ã¯ã© ã€ã¢ã³ãèŠæ±ã TCP ããŒã 8080 ã§ãªã¹ã³ãããèš±å¯ãããã¯ãŒã¯ ãããã¯ã¹ã«ãªã¹ãããããã ãã¯ãŒã¯å ã®ãã¹ãŠã®ã¯ã©ã€ã¢ã³ãã«å¯ŸããŠæ¥ç¶ãèš±å¯ããŸãã 3. HTTPS (SSL) ãã©ãã£ãã¯ã®ã¹ãã£ã³: HTTP ãã©ãã£ãã¯ã«å ã HTTPS ãã©ãã£ãã¯ãã¹ãã£ã³ããå Žåã¯ããã®ãã§ãã¯ããã¯ã¹ã« ãã§ãã¯ãå ¥ããŸãã 4. ãªãã¬ãŒã·ã§ã³ã®ã¢ãŒããéžæããŸãã ãŠãŒã¶èªèšŒãå¿ èŠãªãªãã¬ãŒã·ã§ã³ã¢ãŒããéžæããå Žåã«ã¯ãWeb ãã£ã«ã¿ã®äœ¿çšãèš±å¯ ãããŠãŒã¶ãšã°ã«ãŒããéžæããå¿ èŠããããŸãã次ã®ãªãã¬ãŒã·ã§ã³ã¢ãŒãã䜿çšã§ã㟠ãã l æšæºã¢ãŒã:æšæºã¢ãŒãã§ã¯ãWeb ãã£ã«ã¿ã¯ããã©ã«ãã§ã¯ã©ã€ã¢ã³ãèŠæ±ãããŒã 8080 ã§åŸ æ©ãããèš±å¯ãããã¯ãŒã¯ ãããã¯ã¹ã«ãªã¹ãããããããã¯ãŒã¯å ã®ãã¹ãŠ ã®ã¯ã©ã€ã¢ã³ãã«å¯ŸããŠæ¥ç¶ãèš±å¯ããŸãããã®ã¢ãŒãã§äœ¿çšããå Žåãã¯ã©ã€ã¢ã³ã ã¯ãã©ãŠã¶ã®èšå®ã§ Web ãã£ã«ã¿ã« HTTP ãããã·ãæå®ããŠããããšãå¿ èŠã§ãã èªèšŒã¢ãŒããéžæããŸãã l ãªã:èªèšŒãè¡ããªãå Žåã«éžæããŸãã l Active Directory SSO:ãå®çŸ©ãšãŠãŒã¶ > èªèšŒãµãŒã > ãµãŒã ãã¿ãã§ããActive Directory ã·ã³ã°ã«ãµã€ã³ãªã³ã(SSO) ãèšå®ããå ŽåããããéžæããŸãããã ã«ããã NTLM ãŠãŒã¶èªèšŒãèªèšŒã¯ã©ã€ã¢ã³ãã§äœ¿çšãããŸããåäœãä¿èšŒã ããã®ã¯ Internet Explorer ã®ã¿ã§ãã ãã®ã¢ãŒãã§äœ¿çšããå Žåãã¯ã©ã€ã¢ã³ ãã¯ãã©ãŠã¶ã®èšå®ã§ Web ãã£ã«ã¿ã« HTTP ãããã·ãæå®ããŠããããšãå¿ èŠã§ãã 泚 â Active Directory ãŠãŒã¶ã°ã«ãŒããå®çŸ©ããéãLDAP æååã§ãª ããActive Directory ã°ã«ãŒãããŠãŒã¶åãæåã§å ¥åããããšã§ããActive Directory ã°ã«ãŒããããã¯ã¹ã«å¿ èŠãªãšã³ããªãè¿œå ããããšã匷ãæšå¥šã㟠ããäŸ:LDAP æååãCN=ads_group1,CN=Users,DC=example,DC=com ã®ä»£ããã« ads_group1 ãšããååãå ¥åããŠãã ããã 泚 â Kerberos ã䜿çšããŠããå ŽåããActive Directory ã°ã«ãŒããããã¯ã¹ã« ã¯ãã°ã«ãŒãã®ã¿ãè¿œå ããŠãã ããã ãšã³ããªããŠãŒã¶ã®å ŽåãWeb ãã£ã« ã¿ã«ãã£ãŠèš±å¯ãããŠããŸããã UTM 9 管çã¬ã€ã 253 9.1 Web ãã£ã«ã¿ãªã³ã° 9 Web ãããã¯ã·ã§ã³ l ãšãŒãžã§ã³ã:Sophos Authentication Agent (SAA) ã䜿çšããå Žåã«éžæã㟠ããWebãã£ã«ã¿ã䜿çšããããã«ã¯ããšãŒãžã§ã³ããšèªèšŒãéå§ããå¿ èŠãã ããŸãã l Apple OpenDirectory SSO:ãå®çŸ©ãšãŠãŒã¶ > èªèšŒãµãŒã > ãµãŒã ãã¿ã㧠ãLDAP ããèšå®ããŠãããApple OpenDirectory ã䜿çšããŠããå Žåããããéž æããŸããããã«ããããã·ãæ£ããæ©èœããããã«ããããã«ã¯ããWeb ãã ãã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã° > 詳现 ãã¿ãã§ãMAC OS X ã·ã³ã°ã«ãµã€ã³ãªã³ Kerberos éµãã¡ã€ã«ãã¢ããããŒãããå¿ èŠããããŸãã ãã®ã¢ãŒãã§äœ¿çšã ãå Žåãã¯ã©ã€ã¢ã³ãã¯ãã©ãŠã¶ã®èšå®ã§ Web ãã£ã«ã¿ã« HTTP ãããã·ãæ å®ããŠããããšãå¿ èŠã§ãã Safari ãã©ãŠã¶ã¯ SSO ããµããŒãããŠããŸããã l åºæ¬ãŠãŒã¶èªèšŒ:ãã®ã¢ãŒãã§ã¯ãåã¯ã©ã€ã¢ã³ãã¯ããããã·ã䜿çšããåã« ãã®ãããã·ã«å¯ŸããŠèªå·±èªèšŒããå¿ èŠããããŸãããµããŒããããèªèšŒæ¹åŒ ã«ã€ããŠè©³ããã¯ããå®çŸ©ãšãŠãŒã¶ > èªèšŒãµãŒã ããåç §ããŠãã ããã ãã®ã¢ãŒ ãã§äœ¿çšããå Žåãã¯ã©ã€ã¢ã³ãã¯ãã©ãŠã¶ã®èšå®ã§ Web ãã£ã«ã¿ã« HTTP ã ããã·ãæå®ããŠããããšãå¿ èŠã§ãã l eDirectory SSO:ãå®çŸ©ãšãŠãŒã¶ > èªèšŒãµãŒã > ãµãŒã ãã¿ãã§ãeDirectoryããèš å®ããå ŽåããããéžæããŸãã ãã®ã¢ãŒãã§äœ¿çšããå Žåãã¯ã©ã€ã¢ã³ãã¯ã ã©ãŠã¶ã®èšå®ã§ Web ãã£ã«ã¿ã« HTTP ãããã·ãæå®ããŠããããšãå¿ èŠã§ ãã 泚 â eDirectory ããã³ Active Directory ã®ã·ã³ã°ã«ãµã€ã³ãªã³ (SSO) ã¢ãŒã ã®å ŽåãWeb ãã£ã«ã¿ã¯ã¢ã¯ã»ã¹å ã® IP ã¢ãã¬ã¹ãšè³æ Œæ å ±ãæ倧 15åé ãã£ãã·ã¥ããŸããApple OpenDirectory SSO ã®å Žåããã£ãã·ã¥ã§ããã®ã¯ ã°ã«ãŒãæ å ±ã®ã¿ã§ããããã¯ãèªèšŒãµãŒããžã®è² è·ã軜æžããããã«è¡ ãããŸããéã«èšããšããŠãŒã¶ãã°ã«ãŒãããŸãã¯ã¢ã¯ã»ã¹ããŠãããŠãŒã¶ã® ãã°ã€ã³ã¹ããŒã¿ã¹ã®å€æŽã Web ãã£ã«ã¿ã«ãã£ãŠåæ ããããŸã§ãæ倧 15 åããããŸãã èš±å¯ãŠãŒã¶/ã°ã«ãŒã:ãŠãŒã¶èªèšŒãå¿ èŠãªèªèšŒã¢ãŒããéžæããå Žåã¯ãWeb ã㣠ã«ã¿ã®äœ¿çšãèš±å¯ãããŠãŒã¶ãšã°ã«ãŒããéžæããå¿ èŠããããŸãã l ééã¢ãŒã:ééã¢ãŒãã§ã¯ãããŒã 80 (SSL ã䜿çšããŠããå Žåã¯ããŒã 443) ã§ã¯ã© ã€ã¢ã³ããã©ãŠã¶ã¢ããªã±ãŒã·ã§ã³ã è¡ããã¹ãŠã®æ¥ç¶ã¯ã€ã³ã¿ãŒã»ãããããã¯ã©ã€ ã¢ã³ãåŽã®èšå®ãªãã§ãããã·ã«ãªãã€ã¬ã¯ããããŸããã¯ã©ã€ã¢ã³ãã Web ãã£ã«ã¿ ãµãŒããæèããããšã¯å šããããŸããããã®ã¢ãŒãã®å©ç¹ã¯ãè¿œå ã®ç®¡çãã¯ã©ã€ ã¢ã³ãåŽã§ã®èšå®ãäžèŠã§ããããšã§ãçæã¯ãåŠçã§ããã®ã HTTP (ããŒã80) èŠ æ±ã®ã¿ã§ããããšã§ãããã®ãããééã¢ãŒããéžæãããšãã¯ã©ã€ã¢ã³ãã®ãããã· 254 UTM 9 管çã¬ã€ã 9 Web ãããã¯ã·ã§ã³ 9.1 Web ãã£ã«ã¿ãªã³ã° èšå®ã¯ç¡å¹ã«ãªããŸãã 泚 â ééã¢ãŒãã§ã¯ãWeb ãã£ã«ã¿ã¯ HTTP èŠæ±ãã NTLM èªèšŒããããåé€ã㟠ããããã«ãWeb ãã£ã«ã¿ã¯ãã®ã¢ãŒãã§ã¯ FTP èŠæ±ãåŠçã§ããŸãããã¯ã©ã€ã¢ã³ ãããã®ãããªãµãŒãã¹ã«ã¢ã¯ã»ã¹ããå¿ èŠãããå Žåã¯ããã¡ã€ã¢ãŠã©ãŒã«ã§ã㌠ã (21) ãéãå¿ èŠããããŸããäžéšã® Web ãµãŒãã¯ãããŒã80 以å€ã®ããŒãçµç±ã§ ã¹ããªãŒãã³ã°åç»ãé³å£°ãªã©ã®ããŒã¿ãéä¿¡ããŸãããããã®èŠæ±ã¯ãWeb ãã£ã« ã¿ãééã¢ãŒãã§æ©èœããŠãããšãã¯æ€ç¥ãããŸããããã®ãããªãã©ãã£ãã¯ã«ã察 å¿ãããå Žåã«ã¯ãä»ã®ã¢ãŒãã䜿çšããããããããèš±å¯ããæ確ãªãã¡ã€ã¢ ãŠã©ãŒã«ã«ãŒã«ãå ¥åããå¿ èŠããããŸãã ãã«ééã¢ãŒã (ãªãã·ã§ã³): ã¯ã©ã€ã¢ã³ãã®éä¿¡å IP ãã²ãŒããŠã§ã€ã® IP ã§çœ®ãæã ãããã®ãŸãŸç¶æããå Žåã¯ããããéžæããŸããããã¯ãã¯ã©ã€ã¢ã³ãããããªã㯠IP ã¢ãã¬ã¹ã䜿çšããŠãããWeb ãã£ã«ã¿ã«ãã£ãŠé ãã¹ãã§ã¯ãªãå Žåã«äŸ¿å©ã§ ãããã®ãªãã·ã§ã³ã¯ããªããžã¢ãŒãã®ã¿ã§æå³ããããããããªããžã¢ãŒãã§ããå© çšã§ããŸããã èªèšŒã¢ãŒããéžæããŸãã l ãªã:èªèšŒãè¡ããªãå Žåã«éžæããŸãã l ãšãŒãžã§ã³ã:Sophos Authentication Agent (SAA) ã䜿çšããå Žåã«éžæã㟠ããWeb ãã£ã«ã¿ã䜿çšããããã«ã¯ããšãŒãžã§ã³ããšèªèšŒãéå§ããå¿ èŠãã ããŸãã ãèš±å¯ãŠãŒã¶/ã°ã«ãŒããããã¹ãããã¯ã¹ã§ãWeb ãã£ã«ã¿ã®äœ¿çšãèš± å¯ãããŠãŒã¶ãã°ã«ãŒããéžæãŸãã¯è¿œå ã§ããŸãã l ãã©ãŠã¶:éžæãããšãWeb ãã£ã«ã¿ãžã®èªå·±èªèšŒã®ããã®ãã°ã€ã³ãã€ã¢ãã° ããŠãŒã¶ã®ãã©ãŠã¶ã«è¡šç€ºãããŸãããã®ã¢ãŒãã§ã¯ãã¯ã©ã€ã¢ã³ãåŽã®ãã©ãŠ ã¶èšå®ãªãã§ããŠãŒã¶åã«åºã¥ã远跡ãå ±åãããã³ãµãŒãã£ã³ãå¯èœã«ãªã ãŸããããã«ããã®ãã€ã¢ãã°ãŠã£ã³ããŠã«è¿œå ã§å 責æ¡é ã衚瀺ããããšã㧠ããŸãããã®å ŽåããŠãŒã¶ãå ã«é²ãããã«ã¯ãå 責æ¡é ã«åæããå¿ èŠã ãããŸããå 責æ¡é ã«ã€ããŠè©³ããã¯ãã管ç > ã«ã¹ã¿ãã€ãº >Web ã¡ãã»ãŒãž ã ã®ç« ãåç §ããŠãã ããã 5. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã éèŠ â SSL ã¹ãã£ãã³ã°ãééã¢ãŒããšçµã¿åãããŠæå¹ã«ãããšãäžéšã® SSL æ¥ç¶ (SSL VPN ãã³ãã«ãªã©) ã倱æããŸããSSL VPN æ¥ç¶ãæå¹ã«ããã«ã¯ã察å¿ããã¿ãŒã²ãããã¹ãã ãééã¢ãŒãã¹ããããªã¹ããã«è¿œå ããŸã (ãWeb ãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã° > 詳现 ããå UTM 9 管çã¬ã€ã 255 9.1 Web ãã£ã«ã¿ãªã³ã° 9 Web ãããã¯ã·ã§ã³ ç §)ã ããã«ãèªå·±çœ²å蚌ææžã§ãã¹ãã«ã¢ã¯ã»ã¹ããã«ã¯ãã蚌ææžä¿¡é Œæ§ãã§ã㯠ããªãã·ã§ã³ãéž æããŠããããã®ãã¹ãã®é€å€ãäœæããå¿ èŠããããŸããããã«ããããããã·ã§èšŒææžã® ãã§ãã¯ãè¡ãããŸããã ã©ã€ãã ã° Web ãã£ã«ã¿ãªã³ã°ã©ã€ããã°ã¯ãWeb èŠæ±ã«é¢ããæ å ±ãæäŸããŸãããã©ã€ããã°ãéãããã¿ã³ ãã¯ãªãã¯ãããšãæ°ãããŠã£ã³ããŠã§ Web ãã£ã«ã¿ãªã³ã°ã©ã€ããã°ãéããŸãã 9.1.2 ãŠã€ã«ã¹/ãã«ãŠã§ã¢å¯Ÿç ãWeb ãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã° > ãŠã€ã«ã¹/ãã«ãŠã§ã¢å¯Ÿç ãã¿ãã§ã¯ããŠã€ã«ã¹ãã¯ãŒã ã ãã®ä»ã®ãã«ãŠã§ã¢ãšãã£ãæ害ã§å±éºãªã³ã³ãã³ããäŒéãã Web ãã©ãã£ãã¯ãããããã¯ãŒã¯ ãä¿è·ããããšãç®çãšãããªãã·ã§ã³ãèšå®ããããšãã§ããŸãã ã¢ã³ ã㊠ã€ã«ã¹ã¹ãã£ã³ éä¿¡ããã³åä¿¡ Web ãã©ãã£ãã¯ãã¹ãã£ã³ããããã«ã¯ããã¢ã³ããŠã€ã«ã¹ã¹ãã£ã³ãäœ¿çš ããªã ã·ã§ã³ãéžæããŸããSophos UTMã¯ãæé«ã®ã»ãã¥ãªãã£ãå®çŸããããŸããŸãªã¢ã³ããŠã€ã«ã¹ãšã³ ãžã³ãåããŠããŸãã l ã·ã³ã°ã«ã¹ãã£ã³:ããã©ã«ãèšå®ããã¹ãã£ã³èšå® ãã¿ãã«å®çŸ©ããããšã³ãžã³ã䜿çšããŠæ é«ã¬ãã«ã®ããã©ãŒãã³ã¹ãå®çŸããŸãã l ãã¥ã¢ã«ã¹ãã£ã³:åãã©ãã£ãã¯ã«å¯Ÿããç°ãªããŠã€ã«ã¹ã¹ãã£ãã䜿çšããŠã¹ãã£ã³ã 2å è¡ãããšã«ãããæ€åºçãæ倧éã«é«ããŸããããŒã·ãã¯ã¬ãŒããµãã¹ã¯ãªãã·ã§ã³ã§ã¯ã㥠ã¢ã«ã¹ãã£ã³ã¯å©çšã§ããŸããã æ倧ã¹ãã£ã³ãµã€ãº:ã¢ã³ããŠã€ã«ã¹ãšã³ãžã³ã§ã¹ãã£ã³ããæ倧ãã¡ã€ã«ãµã€ãºãæå®ããŸããã ã®ãµã€ãºãè¶ ãããã¡ã€ã«ã¯ã¹ãã£ã³å¯Ÿè±¡å€ãšãªããŸãã 泚 â æ倧ãµã€ãºãè¶ ãããã¡ã€ã«ã®ããŠã³ããŒããçŠæ¢ããå Žåã¯ãã詳现 ãããŒãžã®ãèš±å¯ãã ããŠã³ããŒãã®æ倧ãµã€ãºãã®å€ãå¿ èŠã«å¿ããŠèšå®ããŠãã ããã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã ãã¡ã€ã«æ¡åŒµåãã£ã«ã¿ ãã®æ©èœã§ã¯ããã¡ã€ã«ã®æ¡åŒµå (å®è¡å¯èœãã€ããªãªã©) ã«åºã¥ããŠãããããã¯ãããã¡ã€ã«æ¡åŒµ å ãããã¯ã¹ã«ãã¡ã€ã«æ¡åŒµåããªã¹ããããŠããç¹å®ã®ã¿ã€ãã®ãã¡ã€ã«ã Web ãã©ãã£ãã¯ãã 256 UTM 9 管çã¬ã€ã 9 Web ãããã¯ã·ã§ã³ 9.1 Web ãã£ã«ã¿ãªã³ã° ãã£ã«ã¿ããŸãããã¡ã€ã«æ¡åŒµåãè¿œå ãããããããã¯å¯Ÿè±¡ããå€ããã¡ã€ã«æ¡åŒµåãåé€ããã ããããšãã§ããŸãããã¡ã€ã«æ¡åŒµåãè¿œå ããã«ã¯ãããããã¯ãããã¡ã€ã«æ¡åŒµå ãããã¯ã¹ã®ã ã©ã¹ã¢ã€ã³ã³ãã¯ãªãã¯ãããããã¯ããæ¡åŒµå (exe ãªã©) ãå ¥åããŸããåºåãèšå·ã®ãããã¯äžèŠ ã§ãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã 泚 â ZIP ãã¡ã€ã«ãªã©ãã¢ãŒã«ã€ãããããã¡ã€ã«ãæªæããã³ã³ãã³ãã«ã€ããŠã¹ãã£ã³ããããš ã¯ã§ããããŠã€ã«ã¹ã¹ãã£ããééããŸããã¢ãŒã«ã€ãããããã¡ã€ã«ã«å«ãŸãããã«ãŠã§ã¢ãã ãããã¯ãŒã¯ãä¿è·ããã«ã¯ã該åœãããã¡ã€ã«æ¡åŒµåããããã¯ããããšãèæ ®ããŠãã ããã MIME ã¿ã€ããã£ã«ã¿ ãããã¯ãã MIME ã¿ã€ããè¿œå ããã«ã¯ãããããã¯ãã MIME ã¿ã€ããããã¯ã¹ã®ã+ãã¢ã€ã³ã³ã㯠ãªãã¯ããMIME ã¿ã€ããå ¥åããŸã (image/gifãªã©)ãããã§ã¯ã¯ã€ã«ãã«ãŒã (*) ã䜿çšã§ããŸã (audio/* ãªã©)ã ã¢ã¯ãã£ãã³ ã³ ãã³ ã é€å» ãã¢ã¯ãã£ãã³ã³ãã³ãåé€ ããšãªã¢ã§ã¯ãWeb ããŒãžã«åã蟌ãŸãããªããžã§ã¯ã (äŸ: ãã«ãã¡ãã£ã¢ ãã¡ã€ã«) ãªã©ç¹å®ã® Web ã³ã³ãã³ããèªåçã«åé€ãããããã«èšå®ããããšãã§ããŸãã次ã®èš å®ãå¯èœã§ãã l åã蟌ã¿ãªããžã§ã¯ãã®åé€:éžæãããšããã®æ©èœã¯ãã¹ãŠã® <OBJECT> ã¿ã°ã HTML ããŒãžããåé€ããActiveXãFlashãJava ãªã©ã®åçã³ã³ãã³ããåä¿¡ HTTP ãã©ãã£ãã¯ãã é€å»ããŸãã l Javascript ã®ç¡å¹å:éžæãããšããã®æ©èœã¯ HTML ããŒãžå ã®ãã¹ãŠã® <SCRIPT> ã¿ã°ã ç¡å¹ã«ãããããHTML ããŒãžã«åã蟌ãŸããæ©èœãã€ã³ã¯ã«ãŒããããæ©èœãç¡å¹ã«ãª ããŸãã 9.1.3 URL ãã£ã«ã¿ãªã³ã° ãWeb ãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã° > URL ãã£ã«ã¿ãªã³ã°ãã¿ãã§ã¯ãç¹å®ã®çš®é¡ã® Web ãµã€ã ã«å¯Ÿããã¢ã¯ã»ã¹ãã³ã³ãããŒã«ããããã©ã«ãèšå®ãæ§æã§ããŸãã 泚 â åžžã«ããã¯ã€ããªã¹ãã«å¯Ÿããç §äŒãå ã«è¡ãããŸããã€ãŸããå Web ãµã€ããªã¯ãšã¹ããã ã¯ã€ããªã¹ããšæ¯èŒããŠãäžèŽãèŠã€ãããªãã£ãå Žåããã©ãã¯ãªã¹ããšæ¯èŒããŸãããã©ãã¯ãªã¹ ããšã®äžèŽãèŠã€ãããšãWeb ãµã€ãã¯ãããã¯ãããŸãã 次ã®èšå®ãå¯èœã§ãã UTM 9 管çã¬ã€ã 257 9.1 Web ãã£ã«ã¿ãªã³ã° 9 Web ãããã¯ã·ã§ã³ U RL ãã£ã«ã¿ éžæã® èš±å¯/ããã㯠:éžæãã Web ãµã€ãã«ããŽãªãèš±å¯ããããããã¯ãããã決å®ããŸãã次㮠ãªãã·ã§ã³ã䜿çšã§ããŸãã l 以äžã§ãã§ãã¯ããã«ããŽãªããããã¯:ãã®ãªãã·ã§ã³ãéžæãããšãéžæãã Web ã«ããŽãªã¯ ãããã¯ãããŸãããä»ã®ãã¹ãŠã® Web ã«ããŽãªã¯èš±å¯ãããŸãã l 以äžã§ãã§ãã¯ããã«ããŽãªãèš±å¯:ãã®ãªãã·ã§ã³ãéžæãããšãéžæãã Web ã«ããŽãªãé€ã ãã¹ãŠã® Web ã«ããŽãªããããã¯ãããŸãã ããã©ã«ããªãã·ã§ã³ã¯ãèš±å¯ ãã§ãããããã㯠ãã«åãæ¿ãããšãããã«åŸã£ãŠäžã®ãªãã·ã§ã³ã®æ å³ã¯ãéã«ããªãã衚瀺ãããããã¹ãã§ãããã㯠ãããèš±å¯ ãã« (ãããã¯ãã®éã«) 眮ãæããã㟠ãã 泚 â åé¡ããŒã¿ããŒã¹ã«ã¢ã¯ã»ã¹ããããã«ã¯ãã¢ããã¹ããªãŒã ã®ãã¡ã€ã¢ãŠã©ãŒã«ã§ TCP ããŒã6000 ãŸã㯠TCP ããŒã80 ãéæŸããå¿ èŠããããŸãã芪ãããã·ãèšå®ããŠããå Žåã ããŒã¿ããŒã¹ãžã®ãã¹ãŠã®èŠæ±ã¯èŠªãããã·çµç±ã§éä¿¡ãããŸãã ã¹ãã€ãŠã§ã¢ã®äŒæåã³éä¿¡ããããã¯:ã¹ãã€ãŠã§ã¢ãšã¯ããŠãŒã¶ã«èªèãããããšãªãã·ã¹ãã ã 粟æ»ããŠããŠãŒã¶ã®è¡åãåºåäž»ã«å ±åããæªæã®ãããœãããŠã§ã¢ã§ãããã®ãªãã·ã§ã³ãéžæ ãããšããµãŒãããã¯ã©ã€ã¢ã³ããžã®ãã©ãã£ãã¯ã§ã¹ãã€ãŠã§ã¢ãæ€åºãããããã¯ããŸããããã«ã ãããããã¯ãŒã¯å ã®ã³ã³ãã¥ãŒã¿ãæ°ããã¹ãã€ãŠã§ã¢ã«ææããã®ãé²ãããšãã§ããŸãããã ã«ããã®æ©èœãæå¹ã«ãããšããã§ã«ã€ã³ã¹ããŒã«ãããŠããã¹ãã€ãŠã§ã¢ã¢ããªã±ãŒã·ã§ã³ã«ã€ã㊠ãæ€åºãããã©ãã£ãã¯ããããã¯ã§ããŸãããã®çµæãã¹ãã€ãŠã§ã¢ãåéãããŠãŒã¶æ å ±ãã€ã³ ã¿ãŒãããã«éä¿¡ãããªããªããŸãããã®ãªãã·ã§ã³ã¯ãããŒãžã®æåã®ãªãã·ã§ã³ããèš±å¯ ãã«èšå®ã ãå Žåã«éã䜿çšã§ããŸãã 泚 â ã¹ãã€ãŠã§ã¢ã«ããŽãªã¯ã䜿çšå¯èœãª 18ã°ã«ãŒãã®ãããã«ãå²ãåœãŠãããšãã§ããŸã ãããããã£ãŠããã¹ãã€ãŠã§ã¢ã®äŒæåã³éä¿¡ãããã㯠ããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããã ãšã«ãã£ãŠã®ã¿ãã¹ãã€ãŠã§ã¢æäŸè ããé²åŸ¡ããããšãã§ããŸãã ã¬ãã¥ããŒã·ã§ã³ã«åºã¥ã URL ããããã¯:Web ãµã€ãã¯ãä¿¡é Œããããããäžç« ãããçãããããŸã㯠ãæªæã®ãããã«åé¡ã§ããŸããããæªæã®ãããã¯ãªã¹ããããŠããŸãã (ããã¯ããæªæã®ãããã ãªã¹ãã«å«ãŸããŠãããšã該åœãããã¹ãŠã®ãµã€ãã«å¯ŸããŠãããå€ãªãã·ã§ã³ããŸã£ãã䜿çšããªã ããšãèš±å¯ãããŠããŸãããã§ã)ãæªåé¡ã® Web ãµã€ãããæªç¢ºèª (Unverified)ããšåŒã³ãŸããããã ã¯ãŒã¯ããã¢ã¯ã»ã¹ã§ãã Web ãµã€ããã©ã®ãããªè©å€ãæã€ã¹ããã決å®ããããšãã§ããŸãã éžæãããããå€ãäžåã Web ãµã€ãã¯ãããã¯ãããŸãããã®ãªãã·ã§ã³ã¯ãããŒãžã®æåã®ãªã 258 UTM 9 管çã¬ã€ã 9 Web ãããã¯ã·ã§ã³ 9.1 Web ãã£ã«ã¿ãªã³ã° ã·ã§ã³ããèš±å¯ ãã«èšå®ããå Žåã«éã䜿çšã§ããŸããWeb ãµã€ãã®è©å€ã«ã€ããŠè©³ãã ã¯ãhttp://www.trustedsource.org ãåç §ããŠãã ããã ãããã¯ãã Web ãµã€ãã«ããŽãª:ãããã¯ãã Web ãµã€ãã«ããŽãªãéžæããŸããããã§éžæãã Web ãµã€ãã«ããŽãªãšãã®äžäœã®ãµãã«ããŽãªã®ãããã³ã°ã¯ããWeb ãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã° > URL ãã£ã«ã¿ãªã³ã°ã«ããŽãªãã¿ãã§å€æŽã§ããŸããããŒãžã®æåã®ãªãã·ã§ã³ããããã㯠ãã«èšå® ããå Žåããã®ãªãã·ã§ã³ã¯ãèš±å¯ããWebãµã€ãã«ããŽãªãã«å€ãããŸãã 泚 â Web ãµã€ããæ£ããåé¡ãããŠããªããšæãããå Žåã¯ã次㮠URL ã¬ããŒããã©ãŒã ãäœ¿çš ããŠæ°ããã«ããŽãªããææ¡ããã ããŸãã ã«ããŽãªãŒæªåé¡ãµã€ããžã®ã¢ã¯ã»ã¹ããããã¯:ãã®ãªãã·ã§ã³ãéžæãããšãæªç¥ã®ã³ã³ãã³ãã® ãã Web ãµã€ãããã©ãŠã¶ã§éãããšãã§ããªããªããŸãããã®æ©èœã¯ã奜ãŸãããªããšæããã Web ãµã€ããçžå¿ã®åé¡ããããŠããªãå Žåã®ãã©ãŒã«ããã¯ã»ãã¥ãªãã£ã¡ã«ããºã ãšèããããšã㧠ããŸãã ãã®æ©èœã®ã¡ãªããã® 1ã€ã«ããããããã£ãã·ã³ã°æ»æãããŠãŒã¶ãä¿è·ã§ããããšããããã㟠ããäžè¬ã«ãã£ãã·ã³ã°ã¡ãŒã«ã«ã¯ãåœé Web ãµã€ããžã®çããããªã³ã¯ãèšèŒãããŠããŸãããã® ç®çã¯ããŠãŒã¶ãã ãŸããŠå人æ å ±ãæ©å¯æ å ±ãæäŸãããããšã§ãããŸã æ害ãšåé¡ãããŠã ãªãå Žåããããã®ãªã³ã¯ã¯ãæªåé¡ (Uncategorized)ããŸãã¯ãçããã (Suspicious)ãã«ããŽãªãšãªã ãŸãããã®ãªãã·ã§ã³ãéžæãããšããããã®ã«ããŽãªã¯ãããã¯ãããŸããããã«ããããã£ãã·ã³ã° ã¡ãã»ãŒãžãéä¿¡ãããŠãããŠãŒã¶ã¯åœé URL ãéãããšãã§ããŸããã ããŒãžã®æåã®ãªãã·ã§ã³ããããã㯠ãã«èšå®ããå Žåããã®ãªãã·ã§ã³ã¯ãæªåé¡ Web ãµã€ããžã® ã¢ã¯ã»ã¹ãèš±å¯ ãã«å€ãããŸãã ãããã¯ããURL/ãµã€ã:ç¹å®ã® URL ã Web ãµã€ãããŸãã¯ç¹å®ã®ãã¡ã€ã³ã«ããè€æ°ã® Web ã㌠ãžãããã®ã«ããŽãªã«é¢ããããããã¯ããã«ã¯ãããã«å ¥åããŸãããã®çµæãããã§å®çŸ©ãã Web ãµã€ãããèš±å¯ããã«ããŽãªã«å±ããŠããå Žåã§ãããããã¯ããããšãã§ããŸãã 1. ã+ã(ãã©ã¹) ã¢ã€ã³ã³ãã¯ãªãã¯ããŠããæ£èŠè¡šçŸãªããžã§ã¯ããè¿œå ããã€ã¢ãã°ãŠã£ã³ããŠãé ããŸãã 2. 次ã®èšå®ãè¡ããŸãã l åå:æ£èŠè¡šçŸã説æããååãå ¥åããŠãã ããã l ãã¡ã€ã³:ãã¹ãŠããŸãã¯ç¹å®ã® Web ããŒãžããããã¯ãããã¡ã€ã³ãå ¥åã㟠ãããã¡ã€ã³åå šäœãå ¥åããå¿ èŠãããããšã«æ³šæããŠãã ãããããšãã°ã wwwãå«ããå¿ èŠããããŸãã以äžã§æå®ããæ£èŠè¡šçŸã®ãããã 1ã€ãã ã® URL ã«äžèŽããå Žåãæå®ãããã¡ã€ã³ã® Web ããŒãžã¯ãããã¯ãããŸãã æ£èŠè¡šçŸãæå®ããªãã£ãå Žåã¯ããã¡ã€ã³å šäœããããã¯ãããŸãã UTM 9 管çã¬ã€ã 259 9.1 Web ãã£ã«ã¿ãªã³ã° l 9 Web ãããã¯ã·ã§ã³ æ£èŠè¡šçŸ:äžã§æå®ãããã¡ã€ã³ã®ç¹å®ã® Web ããŒãžããããã¯ããã«ã¯ãæ£ èŠè¡šçŸãå ¥åããŸããäžã§ãã¡ã€ã³ãæå®ããªãã£ãå Žåã¯ããã®æ£èŠè¡šçŸã ãã¹ãŠã®ãã¡ã€ã³ã«é©çšãããŸããæ£èŠè¡šçŸã«ãã£ãŠã¯ã察象㮠URL ã ã㧠ã¯ãªããæ€çŽ¢çµæãé¡äŒŒ URL ã®äžéšã«ãäžèŽããŠããŸããããæå³ããªãã ããã¯ã«ã€ãªããå¯èœæ§ããããŸãã åç § â Web ãã£ã«ã¿ãªã³ã°ã§æ£èŠè¡šçŸã䜿çšããæ¹æ³ã®è©³çŽ°ã¯ãSophos ãµ ããŒãããŒã¿ããŒã¹ãåç §ããŠãã ããã 泚 â Web ããŒãžã¯ã§ããã ã詳现ã«æå®ããŠãã ããããã¡ã€ã³ãæå®ããã« æ£èŠè¡šçŸã®ã¿ãæå®ãããšãæå³ããªããããã¯ã«ã€ãªããå¯èœæ§ããã㟠ãã l ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã 4. ãé©çš ããã¯ãªãã¯ããŸãã ããŒãžã®æåã®ãªãã·ã§ã³ããããã㯠ãã«èšå®ããå Žåããã®ãªãã·ã§ã³ã¯ãèš±å¯ããè¿œå URL/ãµ ã€ããã«å€ãããŸãã åžžã«èš±å¯ãã URL/ãµã€ã:ç¹å®ã® URL ã Webãµã€ãããŸãã¯ç¹å®ã®ãã¡ã€ã³ã«ããè€æ°ã® Web ããŒãžãããã®ã«ããŽãªããããã¯ãªã¹ãã«ååšãããã©ããã«é¢ãããæ瀺çã«èš±å¯ããã«ã¯ãã ãã«å ¥åããŸãã ã+ã(ãã©ã¹) ã¢ã€ã³ã³ãã¯ãªãã¯ããŠããæ£èŠè¡šçŸãªããžã§ã¯ããè¿œå ããã€ã¢ãã°ãŠã£ã³ããŠãéã㟠ããäžèšã®ãªãã·ã§ã³ã®èª¬æã«åŸã£ãŠãé©åãªããŒã¿ãå ¥åããŸãã説æã¯ããã®ãªãã·ã§ã³ã«ãå ± éããŠããŸãã ããŒãžã®æåã®ãªãã·ã§ã³ããããã㯠ãã«èšå®ããå Žåããã®ãªãã·ã§ã³ã¯ãåžžã«ãããã¯ãã URL/ ãµã€ããã«å€ãããŸãã ã»ãŒããµãŒã ã»ãŒããµãŒã:GoogleãBingãYahoo ã®åæ€çŽ¢ãšã³ãžã³ã«å¯Ÿã㊠SafeSearch ã®äœ¿çšã匷å¶ããããšã ã§ããŸããã»ãŒããµãŒããã£ã«ã¿ã¯ãåäŸã«ãµãããããªãã³ã³ãã³ã (ç¯çœªãäžæ£) ãæ€çŽ¢çµæãã åé€ããŸããæå¹ã«ãããšãWeb ãã£ã«ã¿çµç±ã§ Web ãµãŒãã£ã³ããããŠãŒã¶ã¯ãã£ã«ã¿ããªãã«ã§ ããŸããã YouTube for Schools:ãããæå¹ã«ãããšããŠãŒã¶ãåçã§ãã YouTube åç»ã¯ãYouTube EDU ãµã ã»ã¯ã·ã§ã³ã® YouTube åç»ããŠãŒã¶ã®åŠæ ¡ã®ã¢ã«ãŠã³ãã§ã¢ããããŒããããŠãã YouTube åç»ã« 260 UTM 9 管çã¬ã€ã 9 Web ãããã¯ã·ã§ã³ 9.1 Web ãã£ã«ã¿ãªã³ã° å¶éãããŸãããããæ©èœããããã«ã¯ãYouTube for Schools ããã°ã©ã ã«ç»é²ããŠãã¹ã¯ãŒã« ID ãååŸããããã以äžã«å ¥åããå¿ èŠããããŸãã 泚 â Sophos UTMã§ã¯ããããã¬ãã«ãã¡ã€ã³ã® youtube.com ãš ytimg.com ã«å ããäžè¬çãªå ç»ããããã¯ãããªãããšã確èªããå¿ èŠããããŸãã l YouTube School ID:ãYouTube for Schoolsããæå¹ã«ããå Žåãã¹ã¯ãŒã« ID ãŸã㯠YouTube ã ãæäŸãããã³ãŒããå ¥åããå¿ èŠããããŸãã ãã ãã¯ã®ãã€ãã¹ ãããã¯ã®ãã€ãã¹ãèš±å¯ãããŠãŒã¶/ã°ã«ãŒã:ç¹å®ã®ãŠãŒã¶ãŸãã¯ã°ã«ãŒãã«å¯Ÿããããã©ã«ã ã§ãããã¯ãããããŒãžãžã®ã¢ã¯ã»ã¹ãèš±å¯ããå Žåã«ã¯ããããã®ãŠãŒã¶/ã°ã«ãŒãããã®ãã©ã ã°ã¢ã³ãããããããã¯ã¹ã«è¿œå ããŸããããã«ããããããã¯ãããããŒãžã«ãURL ããããã¯è§£é€ ã ãã¿ã³ã衚瀺ãããããã«ãªããŸãããã®ãã¿ã³ãã¯ãªãã¯ãããšæ°ããããŒãžãéãããŠãŒã¶ã¯è³æ Œ æ å ±ããã³ãããã¯ããŒãžãžã®ã¢ã¯ã»ã¹ãåžæããçç±ãå ¥åã§ããŸãããã®ãŠãŒã¶ããçŽæ¥ãŸã ã¯ã°ã«ãŒãçµç±ã§ãã€ãã¹ãããã¯ããã¯ã¹ã«å«ãŸããŠããã°ããããã¯ããŒãžã«ã¢ã¯ã»ã¹ã§ããã ãã«ãªããŸãããã€ãã¹ã¯ãã°ã«èšé²ãããã¬ããŒãã®äžéšãšãªããŸã (ããã°ãšã¬ããŒã > Web ãã ãã¯ã·ã§ã³ > Web 䜿çšç¶æ³ã¬ããŒãããåç §)ãã詳现 ãã¿ãã®ããã®ä»ã®èšå® ãã»ã¯ã·ã§ã³ã§å®çŸ©ãã èªèšŒã¿ã€ã ã¢ãŠãã¯ããã€ãã¹ã«ãé©çšãããŸãã 9.1.4 URL ãã£ã«ã¿ãªã³ã°ã«ããŽãª ãWeb ãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã° > URL ãã£ã«ã¿ãªã³ã°ã«ããŽãªãã¿ãã§ã¯ãWeb ãµã€ãã«ã㎠ãªã®ã«ããŽãªã°ã«ãŒããžã®ãããã³ã°ãã«ã¹ã¿ãã€ãºã§ããŸããããã¯ãURL ãã£ã«ã¿ãªã³ã°ãã¿ãã§éž æã§ããŸããSophos UTMã¯ã60çš®é¡ã® Web ãµã€ãã«ããŽãªãèå¥ããã¢ã¯ã»ã¹ããããã¯ããããšã ã§ããŸããé«åºŠãª URL åé¡æ¹æ³ã«ãããçããã Web ãµã€ãã®èå¥ã«ããã粟床ãšå®å šæ§ãä¿èšŒ ãããŸããããŒã¿ããŒã¹ã«å«ãŸããŠããªã Web ããŒãžããŠãŒã¶ãèŠæ±ãããšãURL ã Web ã¯ããŒã© ã«éä¿¡ãããèªåçã«åé¡ãããŸãã 泚 â Web ãµã€ããæ£ããåé¡ãããŠããªããšæãããå Žåã¯ã次㮠URL ã¬ããŒããã©ãŒã ãäœ¿çš ããŠæ°ããã«ããŽãªããææ¡ããã ããŸãã Web ãµã€ãã«ããŽãªãã«ããŽãªã°ã«ãŒãã«å²ãåœãŠãã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ç·šéããã«ããŽãªã°ã«ãŒãã§ãç·šé ããã¯ãªãã¯ããŸãã ããã£ã«ã¿ã«ããŽãªã®ç·šé ããã€ã¢ãã°ããã¯ã¹ãéããŸãã UTM 9 管çã¬ã€ã 261 9.1 Web ãã£ã«ã¿ãªã³ã° 9 Web ãããã¯ã·ã§ã³ 2. ãµãã«ããŽãªãéžæããŸãã ã°ã«ãŒãã«è¿œå (ãŸãã¯ã°ã«ãŒãããåé€) ãããµãã«ããŽãªã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ã å ¥ããŸã (ãŸãã¯ãã§ãã¯ãå€ããŸã)ã 3. ãä¿å ããã¯ãªãã¯ããŸãã æå®ããèšå®ã§ã°ã«ãŒããæŽæ°ãããŸãã ãããã¯ãæ°ãããã£ã«ã¿ã«ããŽãªãäœæããããšãã§ããŸãã次ã®æé ã§å®è¡ããŸãã 1. ããŒãžäžéšã«ãããæ°èŠãã£ã«ã¿ã«ããŽãªããã¿ã³ãã¯ãªãã¯ããŸãã ããã£ã«ã¿ã«ããŽãªã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. ååãå ¥åããŸãã æ°ãããã£ã«ã¿ã«ããŽãªã説æããååãå ¥åããŠãã ããã 3. ãµãã«ããŽãªãéžæããŸãã ã°ã«ãŒãã«è¿œå ãããµãã«ããŽãªã®ãã§ãã¯ããã¯ã¹ãéžæããŸãã 4. ãä¿å ããã¯ãªãã¯ããŸãã æå®ããèšå®ã§ã°ã«ãŒããæŽæ°ãããŸãã ã«ããŽãªãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 9.1.5 é€å€ ãWeb ãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã° > é€å€ ãã¿ãã§ã¯ãã¯ã©ã€ã¢ã³ããããã¯ãŒã¯ããŠãŒã¶/ã° ã«ãŒãããã¡ã€ã³ã®ãã¯ã€ããªã¹ããå®çŸ©ã§ããŸãããããã®ãªã¹ãã«å«ãŸãããã¹ãŠã®ãšã³ããªããç¹ å®ã® Web ãããã¯ã·ã§ã³ãµãŒãã¹ã®å¯Ÿè±¡å€ã«ããããšãã§ããŸãã é€å€ã«ãŒã«ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãé€å€ ãã¿ãã§ããæ°èŠé€å€ãªã¹ãããã¯ãªãã¯ããŸãã ãé€å€ãªã¹ããäœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã®é€å€ã«ãŒã«ã説æããååãå ¥åããŠãã ããã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã ã¹ããããããã§ãã¯:ã¹ãããããã»ãã¥ãªãã£ãã§ãã¯ãéžæããŸãã l 262 èªèšŒ:Web ãã£ã«ã¿ãèªèšŒ ã¢ãŒãã§å®è¡ããŠããå Žåãéä¿¡å ãã¹ã/ãããã¯ãŒã¯ãŸã ã¯ã¿ãŒã²ãããã¡ã€ã³ã®èªèšŒãã¹ãããã§ããŸãã UTM 9 管çã¬ã€ã 9 Web ãããã¯ã·ã§ã³ 9.1 Web ãã£ã«ã¿ãªã³ã° l ãã£ãã·ã³ã°:éžæãããšãç¹å®ã®ãã¡ã€ã³ãŸãã¯éä¿¡å ãã¹ã/ãããã¯ãŒã¯ã®ãã£ã ã·ã³ã°ãç¡å¹ã«ãªããŸãã l ããŠã³ããŒããµã€ãºã§ãããã¯:éžæãããšãã³ã³ãã³ãã®ãµã€ãºã«å¿ããŠããŠã³ããŒãã ãããã¯ã§ããŸãã l ãŠã€ã«ã¹å¯Ÿç:éžæãããšããŠã€ã«ã¹ãããã€ã®æšéŠ¬ãªã©ã®å¥œãŸãããªãã³ã³ãã³ãã ã¡ãã»ãŒãžã«å«ãŸããŠããªãããã§ãã¯ãããŠã€ã«ã¹ã¹ãã£ã³ãç¡å¹ã«ãªããŸãã l æ¡åŒµåãããã¯:éžæãããšããã¡ã€ã«æ¡åŒµåãã£ã«ã¿ãç¡å¹ã«ãªããŸãããã®ãã£ã«ã¿ ã¯ãæ¡åŒµåã«åºã¥ããŠç¹å®ã¿ã€ãã®ãã¡ã€ã«ãå«ãŸããã³ã³ãã³ãããããã¯ãããã ã«äœ¿çšããŸãã l MIME ã¿ã€ããããã¯:éžæãããšã MIME ã¿ã€ããã£ã«ã¿ãç¡å¹ã«ãªããŸãããã®ãã£ã«ã¿ ã¯ãç¹å®ã® MIME ã¿ã€ãã®ã³ã³ãã³ãããããã¯ããããã«äœ¿çšããŸãã l URL ãã£ã«ã¿:éžæãããšã URL ãã£ã«ã¿ãç¡å¹ã«ãªããŸãããã®ãã£ã«ã¿ã¯ãç¹å®ã®çš® é¡ã® Web ãµã€ããžã®ã¢ã¯ã»ã¹ãã³ã³ãããŒã«ããŸãã l ã³ã³ãã³ãåé€:éžæãããšã(ãã«ãã¡ãã£ã¢ãã¡ã€ã«ãªã©ã®) åã蟌ã¿ãªããžã§ã¯ãã JavaScript ãšãã£ã Web ããŒãžå ã®ç¹æ®ã³ã³ãã³ãã®åé€ãã¹ããããããŸãã l SSL ã¹ãã£ã³:éžæãããšãèŠæ±ããã Web ããŒãžã«å¯Ÿãã SSL ã¹ãã£ã³ãã¹ãããã ããŸããããã¯ããªã³ã©ã€ã³ãã³ãã³ã°ã® Web ãµã€ãããSSL ã€ã³ã¿ãŒã»ãã·ã§ã³ãã㟠ãæ©èœããªã Web ãµã€ããªã©ã§æçšã§ããæè¡çãªçç±ããããã®ãªãã·ã§ã³ã¯éé Web ãã£ã«ã¿ã¢ãŒãã§ã¯æ©èœããŸããã ééã¢ãŒãã§ã¯ã代ããã«ãééã¹ããããªã¹ ããã䜿çšããŠãã ãã (詳现 ãã»ã¯ã·ã§ã³ãåç §) ã æšæºã¢ãŒãã§ã¯ãã¯ã©ã€ã¢ã³ããäœ ãéä¿¡ããã®ãã«å¿ããŠãå®å ãã¹ããŸã㯠IP ã¢ãã¬ã¹ã®ã¿ã«åºã¥ããŠé€å€ãè¡ã ããšãã§ããŸããURL å šäœã§ã¯ãªãã«ããŽãªã«åºã¥ãé€å€ã§ã¯ããã¹ãåã®ã¿ãåé¡ã ããŸãã l 蚌ææžä¿¡é Œæ§ãã§ãã¯:éžæãããšã HTTPS ãµãŒã蚌ææžã®ä¿¡é Œæ§ãã§ãã¯ãã¹ãã ããããŸããWeb ãã£ã«ã¿ãèªèšŒããã®ééã¢ãŒãã§æ©èœããŠããå ŽåããŠãŒã¶/ã° ã«ãŒãã®ç §åã«åºã¥ã蚌ææžã®ä¿¡é Œæ§ãã§ãã¯ãã¹ãããããããšã¯æè¡çã«äžå¯ èœã§ã (ããŠãŒã¶/ã°ã«ãŒãããã®å šãªã¯ãšã¹ãã«é©çš ã)ã l 蚌ææžæ¥ä»ãã§ãã¯:éžæãããšãHTTPS 蚌ææžã®æ¥ä»ãæå¹ã§ãããã©ããã® ãã§ãã¯ãã¹ããããããŸãã åŽååè°äŒã®äŒå¡ãªã©ã掻åå 容ãèšé²ããããšãçŠæ¢ãããŠãããŠãŒã¶ãããå Žåã« ã¯ã次㮠2ã€ã®ãªãã·ã§ã³ã䟿å©ã§ãã l ã¢ã¯ã»ã¹ããããŒãž:éžæãããšãã¢ã¯ã»ã¹ããããŒãžãèšé²ãããªããªããŸããããã ã®ããŒãžèŠæ±ã¯ãã¬ããŒããããé€å€ãããŸãã UTM 9 管çã¬ã€ã 263 9.1 Web ãã£ã«ã¿ãªã³ã° l 9 Web ãããã¯ã·ã§ã³ ãããã¯ããããŒãž:éžæãããšããããã¯ãããããŒãžãèšé²ãããªããªããŸããããã ã®ããŒãžèŠæ±ã¯ãã¬ããŒããããé€å€ãããŸãã 察象:ã»ãã¥ãªãã£ãã§ãã¯ãã¹ãããããæ¡ä»¶ãå°ãªããšã 1ã€éžæããŸããæ¡ä»¶ã®åã«ããã ãããããŠã³ãªã¹ãã§ãAndããŸãã¯ãOrããéžæããŠãè€æ°ã®æ¡ä»¶ãè«ççã«çµã¿åãããã ãšãã§ããŸãã次ã®æ¡ä»¶ãèšå®ã§ããŸãã l éä¿¡å ãããã¯ãŒã¯:éžæããŠããã®äŸå€ã«ãŒã«ã®ã»ãã¥ãªãã£ãã§ãã¯ããé€å€ãã éä¿¡å ãã¹ã/ãããã¯ãŒã¯ãè¿œå ããŸããæ¡ä»¶ãéžæãããšãããã¹ã/ãããã¯ãŒã¯ ã ããã¯ã¹ãéãã®ã§ãåãã¹ããŸãã¯ãããã¯ãŒã¯ãå ¥åããŸãã l å®å URL:éžæããŠããã®é€å€ã«ãŒã«ã®ã»ãã¥ãªãã£ãã§ãã¯ããé€å€ãã察象ãã¡ã€ ã³ãè¿œå ããŸããæ¡ä»¶ãéžæãããšãã¿ãŒã²ãããã¡ã€ã³ãããã¯ã¹ãéãã®ã§ãåãã¡ã€ ã³ãè¿œå ããŸããããã§ã¯ãæ£èŠè¡šçŸã䜿çšããããšãã§ããŸããäŸ:^https?:// [^.]*\.domain.com ã¯ããã¡ã€ã³ã®ãã¹ãŠã®ãµããã¡ã€ã³ãžã®HTTP (S) æ¥ç¶ãšäž èŽããŸãã åç § â Web ãã£ã«ã¿ãªã³ã°ã§æ£èŠè¡šçŸã䜿çšããæ¹æ³ã®è©³çŽ°ã¯ãSophos ãµããŒã ããŒã¿ããŒã¹ãåç §ããŠãã ããã 泚 â SSLã¹ãã£ãã³ã°ãæå¹ã«ã㊠éé ã¢ãŒãã䜿çšããŠããå Žåãã¿ãŒã²ãããã¡ ã€ã³ãIPã¢ãã¬ã¹ã§å ¥åããå¿ èŠããããŸããIP ã¢ãã¬ã¹ãå ¥åããªããšãé€å€ã¯æ è¡çãªçç±ã§å€±æããŸãã l éä¿¡å ãŠãŒã¶/ã°ã«ãŒã:éžæããŠããã®äŸå€ã«ãŒã«ã®ã»ãã¥ãªãã£ãã§ãã¯ããé€å€ ãããŠãŒã¶ããŠãŒã¶ã°ã«ãŒããè¿œå ããŸããæ¡ä»¶ãéžæãããšããŠãŒã¶/ã°ã«ãŒãã ããã¯ã¹ãéãã®ã§ãåãŠãŒã¶ãŸãã¯ã°ã«ãŒããå ¥åããŸãããŸããæšæºã¢ãŒãã§ã¯ èªèšŒãååšããªããããç¹å®ã®ãŠãŒã¶/ã°ã«ãŒãã®ç §åã¯æ©èœããŸããã l å®å Web ãµã€ãã«ããŽãª:éžæãããšãç¹å®ã®ã«ããŽãªã«å¯Ÿããã»ãã¥ãªãã£ãã§ãã¯ã ã¹ããããããŸããæ¡ä»¶ãéžæãããšãªã¹ããéãã®ã§ãã«ããŽãªãéžæããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããé€å€ããé€å€ ããªã¹ãã«è¡šç€ºãããŸãã é€å€ã«ãŒã«ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 9.1.6 詳现 ãWeb ãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã° > 詳现 ãã¿ãã«ã¯ããã£ãã·ã³ã°ãããŒãã®èšå®ãªã©ãWeb ãã£ã«ã¿ã®åçš®èšå®ãªãã·ã§ã³ãçšæãããŠããŸãã 264 UTM 9 管çã¬ã€ã 9 Web ãããã¯ã·ã§ã³ 9.1 Web ãã£ã«ã¿ãªã³ã° ãã®ä»ã®èšå® Webãã£ã«ã¿ãªã³ã°ããŒã:ããã§ãWeb ãã£ã«ã¿ãã¯ã©ã€ã¢ã³ãã®ãªã¯ãšã¹ãã«å¯ŸããŠäœ¿çšããããŒãçª å·ãå®çŸ©ã§ããŸããããã©ã«ã㯠8080 ã§ãã 泚 â ãããé©çšãããã®ã¯ããããã·ãééã¢ãŒãã§æäœããŠããªãå Žåã®ã¿ã§ãã ã¢ã¯ã»ã¹ããããŒãžã®ãã°:éžæãããšããªã¯ãšã¹ãã®ãŠãŒã¶åãšã¯ã©ã€ã¢ã³ã IP ãšãšãã«ãã¢ã¯ã»ã¹ã ã URL ã®ãã°ãèšé²ãããŸãã ãããã¯ããããŒãžã®ãã°:éžæãããšããªã¯ãšã¹ãã®ãŠãŒã¶åãšã¯ã©ã€ã¢ã³ã IP ãšãšãã«ããããã¯ãã URL ã®ãã°ãèšé²ãããŸãã 泚 â ãã°ãªãã·ã§ã³ã¯ãé€å€ (ãWeb ãã£ã«ã¿ãªã³ã° > é€å€ ãã®ç« ãåç §) ãŸãã¯ãããã¡ã€ã«ã®ã㣠ã«ã¿ã¢ã¯ã·ã§ã³ (ãWeb ãã£ã«ã¿ãªã³ã°ãããã¡ã€ã« > ãã£ã«ã¿ã¢ã¯ã·ã§ã³ãã®ç« ãåç §) ãå©çšããŠå å¥ã«èšå®ããããšãã§ããŸãã ã¹ãã£ã³ã§ããªããã¡ã€ã«ãæå·åããããã¡ã€ã«ã®ãããã¯:ãã®ãªãã·ã§ã³ãéžæããŠãã¹ãã£ã³ã§ ããªãã£ããã¡ã€ã«ããããã¯ããŸããã¹ãã£ã³ã§ããªãçç±ã¯ããã€ããããŸããããã¡ã€ã«ãæå· åãããŠããããç ŽæããŠããå¯èœæ§ããããŸãã MIME ãããã¯ã«ãã HTTP ããã£ã®æ€æ»:HTTP ãããã®ã¿ãªãããHTTP ããã£ãããããã¯å¯Ÿè±¡ MIME ã¿ã€ãã«å¯ŸããŠãã§ãã¯ãããŸãããã®æ©èœããªã³ã«ãããšãããã©ãŒãã³ã¹ãäœäžããå¯èœ æ§ããããŸãã èš±å¯ããããŠã³ããŒãã®æ倧ãµã€ãº:æå®ãããµã€ãº (MB) ãè¶ ãããã¡ã€ã«ã®ããŠã³ããŒããçŠæ¢ ããå Žåã«ãã®ãªãã·ã§ã³ãéžæããŸãã 泚 â ãã¹ããªãŒãã³ã°èšå® ãã»ã¯ã·ã§ã³ã§ãã¹ããªãŒãã³ã°ã³ã³ãã³ãã«å¯Ÿããã¹ãã£ã³ããã€ãã¹ ã ãã§ãã¯ããã¯ã¹ãéžæãããŠããªãå ŽåããŠãŒã¶ã®ã¹ããªãŒãã³ã°ã³ã³ãã³ãã¯ããã§æå®ãããµ ã€ãºã§å¶éãããŸãã èš±å¯ããã¿ãŒã²ãããµãŒãã¹:ãèš±å¯ãããã¿ãŒã²ãããµãŒãã¹ ãããã¯ã¹ã§ã¯ãWeb ãã£ã«ã¿ã®ã¢ã¯ã» ã¹ãèš±å¯ãããã¿ãŒã²ãããµãŒãã¹ãéžæã§ããŸããããã©ã«ãèšå®ã¯ãHTTP (ããŒã 80)ãHTTPS (ããŒã 443)ãFTP (ããŒã 21)ãLDAP (ããŒã 389)ãLDAP-SSL (ããŒã 636)ãWeb ãã£ã«ã¿ (ããŒã 8080)ãSpam Release (ããŒã 3840ïœ 4840)ãããã³ UTMWebAdmin (ããŒã 4444) ãªã©ã®ã¿ãŒã²ãã ãµãŒãã¹ (ããŒã) ã§æ§æãããŠããŸãããããã¯ãéåžžã¯å®å šã«æ¥ç¶ã§ãããã©ãŠã¶ã§äžè¬ã«äœ¿çš ãããŠããŸãã UTM 9 管çã¬ã€ã 265 9.1 Web ãã£ã«ã¿ãªã³ã° 9 Web ãããã¯ã·ã§ã³ ããã©ã«ãã®æåã³ãŒã:ãã®ãªãã·ã§ã³ã¯ããããŠã³ããŒããããŒãžã£ ããŠã£ã³ããŠã§ãããã·ããã¡ã€ ã«åãã©ã®ããã«è¡šç€ºãããã«åœ±é¿ãäžããŸããå€åœèªã®æåã»ããã§ãšã³ã³ãŒããããŠãã URL (ããã³ URL ã§åç §ããããã¡ã€ã«å) ã¯ããµãŒããå¥ã®æåã»ãããéä¿¡ããå Žåãé€ãããã㧠æå®ãããŠããæåã»ãããã UTF-8 ã«å€æãããŸããããã«ãã€ãæåã»ããã䜿çšããåœãŸã ã¯å°åã§ã¯ããã®ãªãã·ã§ã³ãåœè©²åœãŸãã¯å°åã®ããã€ãã£ããæåã»ããã«èšå®ããå¿ èŠããã ãŸãã æ€çŽ¢ãã¡ã€ã³:ããã§ãæåã® DNS ã«ãã¯ã¢ããã§çµæãè¿ãããªãã£ã ("NXDOMAIN") å Žåã«æ€ 玢ãããè¿œå ã®ãã¡ã€ã³ãè¿œå ããããšãã§ããŸããæåã® DNS ã«ãã¯ã¢ããã®æ¬¡ã«ã2çªç®ã® DNS èŠæ±ãéå§ãããããã§æå®ãããã¡ã€ã³ããªãªãžãã«ã®ãã¹ãåã«è¿œå ããŸããäŸ:ãŠãŒã¶ã ã¢ãã¬ã¹ wiki.intranet.example.com ãšããŠãhttp://wikiããšå ¥åããŸãããã ããURL ã¯ãããã¡ã€ã³ æ€çŽ¢ ããã£ãŒã«ãã«ãintranet.example.comããšå ¥åããŠããªããã°è§£æ±ºã§ããŸããã èªèšŒã¿ã€ã ã¢ãŠã:ãã®ãªãã·ã§ã³ã䜿çšãããšãééçãªãŠãŒã¶èªèšŒæ©èœãŸãã¯ãããã¯ã®åé¿æ© èœã䜿çšããŠãããšãã«ãŠãŒã¶ã«èªèšŒãæ±ããééãç§åäœã§èšå®ã§ããŸãã èªèšŒã¬ã«ã :èªèšŒã¬ã«ã ãšã¯ããããã·ã åºæ¬ãŠãŒã¶èªèšŒ ã¢ãŒãã§æ©èœããŠãããšãã«ããã©ãŠã¶ã èªèšŒèŠæ±ãšãšãã«è¡šç€ºããéä¿¡å ã®ååã§ããèªèšŒã¬ã«ã ã¯ãRFC 2617 ã«åºã¥ããŠä¿è·ã¹ã㌠ã¹ãå®çŸ©ããŸããããã§ã¯ä»»æã®æååãæå®ã§ããŸãã ééã¢ãŒãã¹ããããªã¹ã ãã®ãªãã·ã§ã³ã¯ãWeb ãã£ã«ã¿ãééã¢ãŒãã§å®è¡ããŠããå Žåã®ã¿æçšã§ãããééã¢ãŒãæã« ã¹ããããããã¹ã/ããããããã¯ã¹ã«ãªã¹ãããããã¹ããšãããã¯ãŒã¯ã¯ãHTTP ãã©ãã£ãã¯ã®éé çãªã€ã³ã¿ãŒã»ãã·ã§ã³ã®å¯Ÿè±¡å€ãšãªããŸããããã¯ã¹ã¯ãéä¿¡å ãã¹ã/ãããã¯ãŒã¯çšã« 1ã€ãå® å ãã¹ã/ãããã¯ãŒã¯çšã« 1ã€ãããŸãããããã®ãã¹ããšãããã¯ãŒã¯ã«å¯ŸããŠãHTTP ãã©ãã£ã㯠ã (ãããã·ãªãã§) èš±å¯ããã«ã¯ãããªã¹ãå ã®ãã¹ã/ãããã¯ãŒã¯ã® HTTP/S ãã©ãã£ãã¯ãèš±å¯ ã ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŸãããã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããªãå Žåã¯ãããã§ãª ã¹ããããŠãããã¹ããšãããã¯ãŒã¯ã«ç¹å®ã®ãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ãå®çŸ©ããå¿ èŠããããŸãã Pr oxy Au to Configu r ation (ãã ãã·ã®èªåèšå®) ãããã·ã®èªåèšå®ãšã¯ããã©ãŠã¶ã«ãã§ããããããããã·èªåèšå®ãã¡ã€ã« (PAC ãã¡ã€ã«) ã äžå çã«æäŸããããã®æ©èœã§ãããã©ãŠã¶ã¯ãããåããŠãPAC ãã¡ã€ã«ã«èšè¿°ããã詳现㫠åŸã£ãŠãããã·èšå®ãæ§æããŸãã PAC ãã¡ã€ã«ã®åå㯠wpad.datãMIME ã¿ã€ã㯠application/x-ns-proxy-autoconfig ã§ãUTM ããæäŸããããã®ã§ãããã®ãã¡ã€ã«ã«ã¯ãããšãã°æ¬¡ã®ããã«ãããã¹ãããã¯ã¹ã«å ¥ åããæ å ±ãå«ãŸããŠããŸãã function FindProxyForURL(url, host) { return "PROXY proxy.example.com:8080; DIRECT"; } 266 UTM 9 管çã¬ã€ã 9 Web ãããã¯ã·ã§ã³ 9.1 Web ãã£ã«ã¿ãªã³ã° äžã®é¢æ°ã¯ããã¹ãŠã®ããŒãžèŠæ±ãããŒã8080 äžã® proxy.example.com ãšãããµãŒãã®ãã ãã·ã«ãªãã€ã¬ã¯ããããããã©ãŠã¶ã«æ瀺ããŠããŸãããããã·ã«å°éã§ããªããã°ãã€ã³ã¿ãŒãã ããžã®çŽæ¥æ¥ç¶ã確ç«ãããŸãã ãã¹ãåã¯ã${asg_hostname} ãšããå€æ°ãšããŠãæå®ã§ããŸããããã¯ãSophos UTM Manager ã䜿çšããŠãåã PAC ãã¡ã€ã«ãè€æ°ã® Sophos UTM ã¢ãã©ã€ã¢ã³ã¹ã«ã€ã³ã¹ããŒã«ããå Žåãªã© ã«äŸ¿å©ã§ããå€æ°ã«ã¯ã該åœãã UTM ã®ãã¹ãåãæ¿å ¥ãããŸããäžèšã®äŸã«ããå€æ°ãäœ¿çš ãããšã次ã®ããã«ãªããŸãã function FindProxyForURL(url, host) { return "PROXY ${asg_hostname}:8080; DIRECT"; } ãããã¯ãŒã¯ã§ PAC ãã¡ã€ã«ãæäŸããã«ã¯ã次ã®æ¹æ³ããããŸãã l ãã©ãŠã¶èšå®çµç±ã§æäŸãã:ããããã·èªåèšå®ã®æå¹å ããªãã·ã§ã³ãéžæãããšãUTM Web ãã£ã«ã¿çµç±ã§ PAC ãã¡ã€ã«ã䜿çšã§ããããã«ãªããŸãããã®ãšãã次ã®ãã㪠URL ã 䜿çšããŸããhttp://IP-of-UTM:8080/wpad.datãã®ãã¡ã€ã«ã䜿çšããã«ã¯ãããã ã·ã䜿çšãããã©ãŠã¶ã®èªåãããã·æ§æèšå®ã«ãã®URLãå ¥åããŸãã l DHCPçµç±ã§æäŸãã:DHCP ãµãŒããã¯ã©ã€ã¢ã³ãã® IP ã¢ãã¬ã¹ãšäœµã㊠PAC ãã¡ã€ã«ã® URL ãåãæž¡ãããã«ããããšãã§ããŸããããã«ã¯ãDHCP ãµãŒãã®èšå®ã§ãHTTP ããã ã·èªåèšå®ã®æå¹å ããªãã·ã§ã³ãéžæããŸã (ããããã¯ãŒã¯ãµãŒãã¹ > DHCP ãã®ç« ãåç § ããŠãã ãã)ãããã«ããããã©ãŠã¶ã PAC ãã¡ã€ã«ãèªåçã«ååŸããããã«åŸã£ãŠèšå®ã æ§æããŸãã 泚 â DHCP çµç±ã§ã®æäŸã¯ããã€ã¯ããœããã® Internet Explore ã®ã¿ã§æ©èœããŸãããã® ä»ãã¹ãŠã®ãã©ãŠã¶ã§ã¯ãPAC ãã¡ã€ã«ãæåã§æäŸããå¿ èŠããããŸãã H TTP/ S 芪ãã ãã·ã«ãŒãã£ã³ 㰠芪ãããã·ã¯ãå€ãã®å Žåãæ¿åºæ¿èªã®ãããã·ãµãŒããéããŠã€ã³ã¿ãŒãããã¢ã¯ã»ã¹ãã«ãŒã㣠ã³ã°ããå¿ èŠã®ããåœãªã©ã§å¿ èŠãšãããŸãã1ã€ä»¥äžã®èŠªãããã·ã®äœ¿çšãã»ãã¥ãªãã£ããªã·ãŒ ã§æ±ããããŠããå Žåãããã§èŠªãããã·ãè¿œå ãŸãã¯éžæã§ããŸãã ããã¯ã¹ã空ã®å ŽåããŸãã芪ãããã·ã®å®çŸ©ãäœæããŠãã ããã以äžã®æé ã«åŸã£ãŠãã ããã 1. ããã¯ã¹ãããã®ã+ãã¢ã€ã³ã³ãã¯ãªãã¯ããŸãã ã芪ãããã·ã®è¿œå ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã®èŠªãããã·ã説æããååãå ¥åããŠãã ããã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã UTM 9 管çã¬ã€ã 267 9.1 Web ãã£ã«ã¿ãªã³ã° 9 Web ãããã¯ã·ã§ã³ ãããã·ã䜿çšãããã¹ã:芪ãããã·ã䜿çšãããã¹ãããã®ããã¯ã¹ã«è¿œå ããŸã (äŸ: *.wikipedia.org)ãããã§ã¯ãã¿ãŒã³ãããã䜿çšã§ããŸãããã ããæ£èŠè¡šçŸã¯äœ¿çšã§ ããŸãããããã¯ã¹ã空ã«ãããšããä¿å ããã¯ãªãã¯ãããšã¢ã¹ã¿ãªã¹ã¯ (*) ãèªåçã«è¿œå ã ãããã¹ãŠã®ãã¹ãã«è©²åœããŸããåŸã£ãŠããã®ãããªãããã·å®çŸ©ã¯ãäžèŽãããããã·ã ååšããªãå Žåã®ãã©ãŒã«ããã¯ãããã·ãšã¿ãªãããŸãã 芪ãããã·:芪ãããã·ã®ãããã¯ãŒã¯å®çŸ©ãéžæãŸãã¯è¿œå ããŸãã ããŒã:芪ãããã·æ¥ç¶ã®ããã©ã«ãããŒã㯠8080 ã§ãã芪ãããã·ã§å¥ã®ããŒãã䜿çšãã å Žåãããã§å€æŽã§ããŸãã ãããã·èªèšŒãå¿ èŠ:芪ãããã·ãèªèšŒãå¿ èŠãšããå Žåã¯ããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ã å ¥ãã衚瀺ãããããã¹ãããã¯ã¹ã«ãŠãŒã¶åãšãã¹ã¯ãŒããå ¥åããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ãã芪ãããã·ãã芪ãããã· ãããã¯ã¹ã«è¡šç€ºãããŸãã ããã§ããã®ãããã·ããã£ã«ã¿ã¢ã¯ã·ã§ã³ã§äœ¿çšããããšããã°ããŒãã«ã«äœ¿çšããããšãã§ããŸãã 芪ãããã·å®çŸ©ãç·šéãŸãã¯åé€ããã«ã¯ããWeb ãã£ã«ã¿ãªã³ã°ãããã¡ã€ã« > 芪ãããã· ãã¿ãã« ã¢ã¯ã»ã¹ããŸãã åãããã·ã®åã«ãããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŠã芪ãããã·ã®äœ¿çšãæå¹åããŸããè€ æ°ã®ãããã·ãéžæããå Žåãã䞊ã³æ¿ããã¢ã€ã³ã³ã䜿çšããŠãããã·ã䞊ã¹æ¿ããããšãã§ã㟠ããéžæãã芪ãããã·ã¯ãæåã®ãããã·ãäžèŽãããŸã§ãæå®ã®é åºã§é©çšãããŸããåŠç é åºã¯äœçœ®çªå·ã«ãã£ãŠæ±ºãŸããããäœçœ®çªå·ã«ãã£ãŠãããã·ã®é åºãå€æŽãããšãåŠçé åº ãå€ãããŸãã 芪ãããã·ã®äœ¿çšã¯ããããã¡ã€ã«ããŒã¹ã«ããããšãã§ããŸã (詳ããã¯ããWeb ãã£ã«ã¿ãããã¡ã€ ã« > ãã£ã«ã¿ã¢ã¯ã·ã§ã³ãã®ç« ãåç §ããŠãã ãã)ã 芪ãããã·ããã³ Web ãµã€ãã«ããŽãª 芪ãããã·çµç±ã§ããŒã¿ããŒã¹æŽæ°ã®ååŸãã«ããŽãªã®ã«ãã¯ã¢ãããè¡ãããå Žåã¯ããã®èŠªã ããã·ã«å¯ŸããŠä»¥äžã®ãã¹ããæå®ããå¿ èŠããããŸãã l list.smartfilter.com (ããŒã«ã«ã«ããŽãªããŒã¿ããŒã¹ã®å Žå) l cffs*.astaro.com (TCP ã§ã®ã«ããŽãªååŸã®å Žå) 1ã€ã®èŠªãããã·ããã¹ãŠã®ãã¹ãã«äžèŽããããã«èšå®ããå Žå (*)ããããã®ãã¹ããæå®ãã å¿ èŠã¯ãããŸãããç¹å®ã®ãã¹ãã«å¯ŸããŠç°ãªã芪ãããã·ãå®çŸ©ããæåŸã®èŠªãããã·ããã¹ãŠ ã®ãã¹ãã«äžèŽããããã« (*) èšå®ããããšãã§ããŸãããã®å Žåããã®ãã©ãã£ãã¯ã®ã¿ãæåŸã®èŠª ãããã·çµç±ã§ã«ãŒãã£ã³ã°ãããä»ã®ãã¹ãŠã®èŠªãããã·ã¯äžèŽããŸããã 268 UTM 9 管çã¬ã€ã 9 Web ãããã¯ã·ã§ã³ 9.1 Web ãã£ã«ã¿ãªã³ã° We b ãã£ãã·ã³ ã° ãã£ãã·ã³ã°ã®æå¹å:ãã®ãªãã·ã§ã³ãæå¹ã«ãªã£ãŠããå ŽåãWeb ãã£ã«ã¿ã¯ãªã³ãã£ã¹ã¯ãªã ãžã§ã¯ããã£ãã·ã¥ãä¿æããŠãã¢ã¯ã»ã¹é »åºŠãé«ã Web ããŒãžãžã®èŠæ±ãé«éåããŸãã l SSL ã³ã³ãã³ãã®ãã£ãã·ã¥:ãã®ãªãã·ã§ã³ãæå¹ã«ãããšãSSL æå·åãããããŒã¿ã¯ãæ å·åãããŠããªãç¶æ ã§ãã£ã¹ã¯ã«ä¿åãããŸãã l cookie ãå«ãã³ã³ãã³ãããã£ãã·ã¥:Cookie ã¯ãäžè¬ã«èªèšŒç®çã§äœ¿çšãããŸãããã®ãªã ã·ã§ã³ãæå¹ã«ãããšãCookie ãå«ãŸãã HTTP å¿çããã£ãã·ã¥ãããŸããè€æ°ã®ãŠãŒã¶ ãåãããŒãžãèŠæ±ããŠããå ŽåããããŠãŒã¶ã® Cookie ãå«ãŸãããã£ãã·ã¥ããŒãžãä» ã®ãŠãŒã¶ã«æäŸãããå¯èœæ§ãããããããã®èšå®ã¯é倧ã§ãã éèŠ â SSL ãŸã㯠Cookie ã³ã³ãã³ã (ãããã¯ãã®äž¡æ¹) ããã£ãã·ã¥ãããšãSuperAdmin æš©éãæã€ãã¹ãŠã®ãŠãŒã¶ãã³ã³ãã³ããé²èŠ§ã§ãããããã»ãã¥ãªãã£äžã®éèŠãªåé¡ ã§ãã l Sophosãšã³ããã€ã³ãçšã¢ããããŒãã®åŒ·å¶ãã£ãã·ã¥:æå¹ã«ãããšããšã³ããã€ã³ãããã® Sophos Auto Update (SAU) ãªã¯ãšã¹ãã«é¢ããç¹å®ã®ããŒã¿ããã£ãã·ã¥ãããŸãããšã³ãã ã€ã³ããããã¯ã·ã§ã³ã䜿çšããéã¯ããã®æ©èœãæå¹ã«ããããšãæšå¥šããŸããç¡å¹ã«ãã ãšããã®çš®ã®ããŒã¿ã¯ãã£ãã·ã¥ãããŸããããã®å Žåãã€ã³ã¿ãŒãããçµç±ã§ãåæã«å€æ° ã®ãšã³ããã€ã³ãããã¢ããããŒããµãŒãããããŒã¿ãããŠã³ããŒãããããšããã¢ãããªã³ã¯ã® 飜åãçºçããæãããããŸãã ãã£ãã·ã¥ãã¯ãªã¢:ããã£ãã·ã¥ãã¯ãªã¢ ããã¯ãªãã¯ãããšããã£ãã·ã¥ããããã¹ãŠã®ããŒãžãåé€ ã§ããŸãã ã¹ã ãªãŒãã³ ã° èšå® ã¹ããªãŒãã³ã°ã³ã³ãã³ãã«å¯Ÿããã³ã³ãã³ãã¹ãã£ã³ã®ãã€ãã¹:ãã®ãªãã·ã§ã³ãéžæãããšãäžè¬ çãªé³å£°ã»åç»ã¹ããªãŒãã³ã°ã³ã³ãã³ããã³ã³ãã³ãã¹ãã£ã³ã®å¯Ÿè±¡å€ãšãªããŸãããã®ãªãã·ã§ã³ã ç¡å¹ã«ãããšã倧éšåã®ã¡ãã£ã¢ã¹ããªãŒã ã¯äºå®äžç¡å¹ã«ãªããŸããããã¯ããã®ãããªã¹ããªãŒ ã ãåççãªæéå ã§ã¹ãã£ã³ããããšãã§ããªãããã§ãããã®ããããã®ãªãã·ã§ã³ã¯éžæã ãããšãæšå¥šããŸãã Ap p le Op enD ir ec tor y ã·ã³ ã° ã«ãµã€ã³ ãªã³ èªèšŒæ¹åŒãšã㊠Apple OpenDirectory SSO ã䜿çšããŠããå ŽåãèªèšŒãé©åã«æ©èœããããã« ã¯ãMAC OS X ã·ã³ã°ã«ãµã€ã³ãªã³ Kerberos éµãã¡ã€ã«ãã¢ããããŒãããå¿ èŠããããŸããéµãã¡ ã€ã«ãçæãããã©ã«ãã¢ã€ã³ã³ãã¯ãªãã¯ããŠã¢ããããŒãããŸããéµãã¡ã€ã«ã®çææ¹æ³ã«ã€ã㊠詳ããã¯ãKerberos ã®ããã¥ã¢ã«ãåç §ããŠãã ããã UTM 9 管çã¬ã€ã 269 9.1 Web ãã£ã«ã¿ãªã³ã° 9 Web ãããã¯ã·ã§ã³ 9.1.7 HTTPS CA ãWeb ãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã° > HTTPS CAãã¿ãã§ã¯ãHTTPS æ¥ç¶ã®çœ²åããã³æ€èšŒ CA (èªèšŒå±) ã管çã§ããŸãã 眲å CA ãã®ãšãªã¢ã§ã¯ã眲å CA 蚌ææžã®ã¢ããããŒãã眲å CA 蚌ææžã®åçæããŸãã¯æ¢åã®çœ²å CA 蚌ææžã®ããŠã³ããŒããå¯èœã§ããããã©ã«ãã§çœ²å CA 蚌ææžã¯ãã»ããã¢ããäžã«æäŸãã ãæ å ±ã«åºã¥ããŠäœæãããŸããã€ãŸããã»ããã¢ããåŸã«äœããã®å€æŽãè¡ãããå Žåãé€ãã ããããžã¡ã³ã > ã·ã¹ãã èšå® > çµç¹ ãã¿ãã®æ å ±ãšæŽåæ§ããããŸãã æ°ãã眲å CA 蚌ææžãã¢ããããŒãããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ãã¢ããããŒã ããã¿ã³ãã¯ãªãã¯ããŸãã ãPKCS#12 蚌ææžãã¡ã€ã«ã®ã¢ããããŒã ããã€ã¢ãã°ãŠã£ã³ããŠãéããŸãã 2. ã¢ããããŒããã蚌ææžãŸã§ãã©ãŠãºããŸãã ããã¡ã€ã« ãããã¯ã¹ã®æšªã«ãããã©ã«ãã¢ã€ã³ã³ãã¯ãªãã¯ããããã¡ã€ã«ã®ã¢ããããŒã ãã〠ã¢ãã°ããã¯ã¹ãéããããåç § ããã¯ãªãã¯ããŠã¢ããããŒããã蚌ææžãéžæãããã¢ãã ããŒãéå§ ããã¯ãªãã¯ããŸãã ãã¹ã¯ãŒãã§ä¿è·ãããŠãã PKCS#12 圢åŒã®èšŒææžã®ã¿ãã¢ããããŒãã§ããŸãã 3. ãã¹ã¯ãŒããå ¥åããŸãã 該åœãã£ãŒã«ãã«ãã¹ã¯ãŒããããäžåºŠå ¥åãããä¿å ããã¯ãªãã¯ããŸãã æ°ãã眲å CA 蚌ææžãã€ã³ã¹ããŒã«ãããŸãã 眲å CA 蚌ææžãåçæããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ãåçæ ããã¿ã³ãã¯ãªãã¯ããŸãã ãæ°èŠçœ²å CA ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. æ å ±ãå€æŽããŸãã å¿ èŠã«å¿ããŠæå®ã®æ å ±ãå€æŽãããä¿å ããã¯ãªãã¯ããŸãã æ°ãã眲å CA 蚌ææžãçæãããŸããããã«åºã¥ããã眲å CAããšãªã¢å ã®çœ²åCAæ å ± ãå€åããŸãã 眲å CA 蚌ææžãããŠã³ããŒãããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ãããŠã³ããŒã ããã¿ã³ãã¯ãªãã¯ããŸãã ã蚌ææžãã¡ã€ã«ã®ããŠã³ããŒã ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 270 UTM 9 管çã¬ã€ã 9 Web ãããã¯ã·ã§ã³ 9.1 Web ãã£ã«ã¿ãªã³ã° 2. ããŠã³ããŒããããã¡ã€ã«åœ¢åŒãéžæããŸãã 2çš®é¡ã®åœ¢åŒããéžæã§ããŸãã l PKCS#12:ãã®åœ¢åŒã¯æå·åãããããããšã¯ã¹ããŒããã¹ã¯ãŒããå ¥åããŠãã ããã l PEM:æå·åãããªã圢åŒã§ãã 3. ãããŠã³ããŒã ããã¯ãªãã¯ããŸãã ãã¡ã€ã«ãããŠã³ããŒããããŸãã ã«ã¹ã¿ã CA ã§çœ²åããã蚌ææžãå éš Web ãµãŒãã«å¯ŸããŠäœ¿çšããå Žåãä¿¡é ŒãããèªèšŒå±ãš ããŠãã® CA 蚌ææžã WebAdmin ã«ã¢ããããŒãããããšããå§ãããŸãããããè¡ããªããšãWeb ãã£ã«ã¿ããä¿¡é Œã§ããªããµãŒã蚌ææžãæ€ç¥ããããšãããšã©ãŒã¡ãã»ãŒãžããŠãŒã¶ã«è¡šç€ºã㟠ãã ã¯ã©ã€ã¢ã³ã PC ãžã®ãããã· CA 蚌ææžã®æäŸãåæ»åããããã«ããŠãŒã¶ã¯èªå㧠http://passthrough.fw-notify.net/cacert.pem ãã蚌ææžãããŠã³ããŒããããã©ãŠã¶ã«ã€ã³ã¹ããŒã« ããããšãã§ããŸããWeb ãµã€ãèŠæ±ã¯ãããã·ã§çŽæ¥åä¿¡ãããåŠçãããŸãããã®ããããŸã ãWeb ã»ãã¥ãªã㣠> ã°ããŒãã« ãã¿ã㧠Web ãã£ã«ã¿ãæå¹ã«ããå¿ èŠããããŸãã 泚 â ãããã·ã®ãªãã¬ãŒã·ã§ã³ã¢ãŒãã ééã¢ãŒã ã§ã¯ãªãå ŽåããŠãŒã¶ã®ãã©ãŠã¶ã§ãããã· ãæå¹ã«ããå¿ èŠããããŸããæå¹ã«ããªããšã蚌ææžããŠã³ããŒãçšã®ãªã³ã¯ãã¢ã¯ã»ã¹äžå¯ ã«ãªããŸãã ãããã¯ããŠãŒã¶ããŒã¿ã«ãæå¹ã§ããã°ããŠãŒã¶ã¯ãããã· CA 蚌ææžããŠãŒã¶ããŒã¿ã«ã® ãHTTPS ãããã· ãã¿ãããããŠã³ããŒãã§ããŸãã HTTPS ã§ã®åé¡ãåé¿ãã HTTPS ã®äœ¿çšäžãWindows Update ã Windows Defender ãªã©ã® Windows ã·ã¹ãã ããã°ã©ã ã¯æ¥ ç¶ã確ç«ã§ããŸãããããã¯ããããã®ããã°ã©ã ãã·ã¹ãã ãŠãŒã¶æš©éã§å®è¡ãããããã§ããã ã®ãŠãŒã¶ã¯ããã©ã«ãã§ããããã· CA ãä¿¡é Œããªãããšã«ãªã£ãŠããŸãããã®ãããã·ã¹ãã ãŠãŒ ã¶çšã« HTTPS ãããã· CA 蚌ææžãã€ã³ããŒãããå¿ èŠããããŸãã以äžã®æé ã«åŸã£ãŠãã ã ãã 1. Windowsã§ãMicrosoft 管çã³ã³ãœãŒã« (mmc) ãéããŸãã 2. ããã¡ã€ã« ãã¡ãã¥ãŒãã¯ãªãã¯ãããã¹ãããã€ã³ã®è¿œå ãšåé€ ããã¯ãªãã¯ããŸãã ãã¹ãããã€ã³ã®è¿œå ãšåé€ ããã€ã¢ãã°ãŠã£ã³ããŠãéããŸãã 3. ãŠã£ã³ããŠã®äžçªäžã«ãããè¿œå ããã¯ãªãã¯ããŸãã ãã¹ã¿ã³ãã¢ãã³ ã¹ãããã€ã³ã®è¿œå ããã€ã¢ãã°ãŠã£ã³ããŠãéããŸãã UTM 9 管çã¬ã€ã 271 9.1 Web ãã£ã«ã¿ãªã³ã° 9 Web ãããã¯ã·ã§ã³ 4. ãªã¹ãããã蚌ææž ããéžæãããè¿œå ããã¯ãªãã¯ããŸãã ãŠã£ã¶ãŒãã衚瀺ãããŸãã 5. ãã³ã³ãã¥ãŒã¿ ã¢ã«ãŠã³ãããéžæããã次㞠ããã¯ãªãã¯ããŸãã 6. ãããŒã«ã« ã³ã³ãã¥ãŒã¿ããéžæãããŠããããšã確èªãããå®äº ã>ãéããããã¯ãªãã¯ããŸãã æåã®ãã€ã¢ãã°ãŠã£ã³ããŠã«ã蚌ææž ããè¿œå ãããŠããŸãã 7. ãOKããã¯ãªãã¯ããŸãã ãã€ã¢ãã°ãŠã£ã³ããŠãéããŠãã³ã³ãœãŒã«ã«ãŒãã«ã蚌ææž ããè¿œå ãããŠããŸãã 8. å·ŠåŽã®ãã³ã³ãœãŒã« ã«ãŒãããŠã£ã³ããŠã§ã蚌ææž > ä¿¡é Œãããã«ãŒã蚌ææ©é¢ ããéããã蚌 ææž ããå³ã¯ãªãã¯ããŠãã³ã³ããã¹ãã¡ãã¥ãŒã®ããã¹ãŠã®ã¿ã¹ã¯ > ã€ã³ããŒãããéžæããŸãã ã€ã³ããŒããã€ã¢ãã°ãŠã£ã¶ãŒããéããŸãã 9. ã次㞠ããã¯ãªãã¯ããŸãã 次ã®ãŠã£ã¶ãŒãã¹ãããã衚瀺ãããŸãã 10. 以åã«ããŠã³ããŒãããHTTPSãããã·CA蚌ææžãŸã§ãã©ãŠãºãããéãã>ã次㞠ããã¯ãªã㯠ããŸãã 次ã®ãŠã£ã¶ãŒãã¹ãããã衚瀺ãããŸãã 11. ã蚌ææžããã¹ãŠæ¬¡ã®ã¹ãã¢ã«é 眮ããããéžæãããŠããããšã確èªããã次㞠ã>ãéããã ãã¯ãªãã¯ããŸãã ã€ã³ããŒãã®æåããŠã£ã¶ãŒãããå ±åãããŸãã 12. ãŠã£ã¶ãŒãã®ã¡ãã»ãŒãžã確èªããŸãã ä¿¡é Œããã蚌ææžã®äžã«ããããã·CA蚌ææžã衚瀺ãããããã«ãªããŸããã 13. å€æŽãä¿åããŸãã ããã¡ã€ã« ãã¡ãã¥ãŒãã¯ãªãã¯ãããä¿å ããã¯ãªãã¯ããŠãã³ã³ãœãŒã«ã«ãŒãã§ã®å€æŽãä¿åã ãŸãã ã€ã³ããŒãåŸãCA ã¯ã·ã¹ãã å šäœã§åãå ¥ããããããã«ãªããHTTPS ãããã·ã«èµ·å ããæ¥ç¶ åé¡ã¯çºçããªããªããŸãã æ€èšŒ CA ãã®ãšãªã¢ã§ã¯æ€èšŒ CA ã管çã§ããŸããæ€èšŒ CA ãšã¯ãæåã«ä¿¡é ŒããèªèšŒå±ã§ããã€ãŸãããã ãã® CA ã«ãã£ãŠçœ²åãããæå¹ãªèšŒææžãæ瀺ãã Web ãµã€ãã¯ãHTTPS ãããã·ã«ãã£ãŠä¿¡ é Œã§ãããšèŠãªãããŸãã ããŒã«ã«æ€èšŒ CA:äžã® CA ãªã¹ãã«è¿œå ããŠæ€èšŒ CA ãã¢ããããŒãã§ããŸãã次ã®æé ã§å®è¡ã㟠ãã 272 UTM 9 管çã¬ã€ã 9 Web ãããã¯ã·ã§ã³ 9.2 Web ãã£ã«ã¿ãªã³ã°ãããã¡ã€ã« 1. ãããŒã«ã« CA ã®ã¢ããããŒã ããã£ãŒã«ãã®æšªã®ãã©ã«ãã¢ã€ã³ã³ãã¯ãªãã¯ããŸãã ããã¡ã€ã«ã®ã¢ããããŒã ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. ã¢ããããŒããã蚌ææžãéžæããŸãã ãåç § ããã¯ãªãã¯ããŠãã¢ããããŒããã CA 蚌ææžãéžæããŸãã次ã®èšŒææžã®æ¡åŒµåã ãµããŒããããŠããŸãã l cerãcrtããŸã㯠der:ãããã®èšŒææžã¿ã€ãã¯ãã€ããªã§ãåºæ¬çã«ã¯åãã§ãã l pem:Base64 ã§æå·åããã DER 蚌ææžã 3. 蚌ææžãã¢ããããŒãããŸãã ãã¢ããããŒãéå§ ããã¯ãªãã¯ããŠãéžæãã CA 蚌ææžãã¢ããããŒãããŸãã 蚌ææžã¯ã€ã³ã¹ããŒã«ããããããŒã«ã«æ€èšŒ CAããšãªã¢ã«è¡šç€ºãããŸãã ã°ããŒãã«æ€èšŒ CA:ããã«è¡šç€ºãããæ€èšŒ CA ã®ãªã¹ãã¯ãMozilla Firefox ã«ãããããã€ã³ã¹ããŒã« ãããæ€èšŒ CA ãšåãã§ãããã ãããªã¹ãã«å«ãŸãããããã (ãããã¯å šéš) ã®æ€èšŒ CA ããä¿¡é Œ ã§ããªããå Žåã¯ãããããç¡å¹ã«ããããšãã§ããŸããCA ã®èšŒææžãç¡å¹ã«ããã«ã¯ã該åœã®ã ã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãããã°ã«ã¹ã€ãããç°è²ã«ãªããHTTPS ãããã·ã¯ãã® CA ã«çœ²åã ãã Web ãµã€ããåãå ¥ããªããªããŸãã ãã³ã â CA ã®ãã£ã³ã¬ãŒããªã³ãã衚瀺ããã«ã¯ãéè²ã®æ å ±ã¢ã€ã³ã³ãã¯ãªãã¯ããŠãã ããã CA ãäžæãŸãã¯ç¡å¹ã§ããå ŽåãHTTPS ãããã·ã¯ã¯ã©ã€ã¢ã³ãã«å¯ŸããŠããããã¯ãããã³ã³ã ã³ããã®ãšã©ãŒããŒãžã衚瀺ããŸãããã ãããã®ãããªããŒãžã«å¯ŸããŠé€å€ãäœæããããšãã§ã㟠ããããã«ã¯ãWeb ãã£ã«ã¿ã®ãšã©ãŒããŒãžã§ãé€å€ã®äœæ ããªã³ã¯ã䜿çšãããããWeb ãããã¯ã·ã§ ã³ > Web ãã£ã«ã¿ãªã³ã° > é€å€ ãã¿ãã䜿çšããŸãã 泚 â Webãã£ã«ã¿ã®ãšã©ãŒããŒãžã§ãé€å€ã®äœæ ããªã³ã¯ãã¯ãªãã¯ãããšããã°ã€ã³ãã€ã¢ãã°ãŠã£ ã³ããŠã衚瀺ãããŸããadmin æš©éã®ãããŠãŒã¶ã®ã¿ãé€å€ãäœæã§ããŸãã 9.2 Web ãã£ã«ã¿ãªã³ã°ãããã¡ã€ã« Sophos UTM ã«ã¯ãã©ã®ãããã¯ãŒã¯ã«å¯ŸããŠäœã® Web ã³ã³ãã³ããå©çšå¯èœã«ããããã³ã³ãã㌠ã«ããããã«èšèšãæé©åããã Web ãã£ã«ã¿ãçšæãããŠããŸããããã«ããã奜ãŸãããªããšè ããã³ã³ãã³ããå©çšè ãé²èŠ§ããããšãäºé²ã§ããŸããWeb ãã£ã«ã¿ãèšå®ããéžæããããã ã¯ãŒã¯ã«å¯ŸããŠã°ããŒãã«ã«é©çšããããšãã§ããŸãããããã¯ããããã¯ãŒã¯ã®ã»ã°ã¡ã³ãå¥ã«å çš®ã»ãã¥ãªãã£ããªã·ãŒãé©çšããããã«åã ã® Web ãã£ã«ã¿ãããã¡ã€ã«ãäœæããããšãã§ã㟠UTM 9 管çã¬ã€ã 273 9.2 Web ãã£ã«ã¿ãªã³ã°ãããã¡ã€ã« 9 Web ãããã¯ã·ã§ã³ ããããã«ããããŠãŒã¶èªèšŒæ¹åŒãç°ãªãå Žåã§ããçµç¹å ã®åéšéã«é©ããå¥ã ã®ã³ã³ãã³ã ãã£ã«ã¿ãªã³ã°ããªã·ãŒãå®çŸ©ããããšãã§ããŸãã ãã®ç« ã§ã¯ãSophos UTMã§ã®ãã£ã«ã¿ã¢ã¯ã·ã§ã³ã®è¿œå æ¹æ³ãšãWeb ãã£ã«ã¿ãããã¡ã€ã«ãã¬ãŒã ã¯ãŒã¯ã§ãã£ã«ã¿ã¢ã¯ã·ã§ã³ã䜿çšããæ¹æ³ã«ã€ããŠèª¬æããŸãããWeb ãã£ã«ã¿ãªã³ã°ãããã¡ã€ã« ã ã¿ãã®èšå®ã¯ãåŸæ¹ããåæ¹ã«åãã£ãŠé²ããããšããå§ãããŸããã€ãŸãããã£ã«ã¿ã¢ã¯ã·ã§ã³ã® æå®ããéå§ããŸãããããã¯ããã£ã«ã¿å²ãåœãŠã§ç¹å®ã®ãŠãŒã¶ãŸãã¯ãŠãŒã¶ã°ã«ãŒãã«å²ãåœ ãŠãŸãã次ã«ãå®éã® Web ãã£ã«ã¿ãªã³ã°ãããã¡ã€ã«ã®èšå®ã«ç¶ããŸãã 9.2.1 æŠèŠ 泚 â Web ãã£ã«ã¿ãªã³ã°ãããã¡ã€ã«ãèšå®ããããã«ã¯ãWeb ãã£ã«ã¿ãªã³ã°ãæå¹ã«ããå¿ èŠ ããããŸãã ãã®ãããŒãã£ãŒãã¯ããã£ã«ã¿ã¢ã¯ã·ã§ã³ããã£ã«ã¿å²ãåœãŠãWeb ãã£ã«ã¿ãããã¡ã€ã«ã®éã§ã©ã® ãããªããåããããã®ãã瀺ããŸããHTTP ãªã¯ãšã¹ããåãåããšãWeb ãã£ã«ã¿ã¯ãŸããã©ã® Web ãã£ã«ã¿ãããã¡ã€ã«ãé©çšãã¹ããå€æããŸããããã¯ããªã¯ãšã¹ãã®éä¿¡å IP ã¢ãã¬ã¹ã«å® å šã«äŸåããŸãããªã¯ãšã¹ãã®éä¿¡å IP ãšäžèŽããæåã®ãããã¡ã€ã«ã䜿çšãããŸããä»ã®ã ã¹ãŠã® Web ãã£ã«ã¿ãããã¡ã€ã«ã¯ç¡èŠãããŸãã å éšã§ã¯ããã¹ãŠã®ãããã¡ã€ã«ã1ã€ã®ãã¡ã€ã«ã«ä¿åãããããã©ã«ããããã¡ã€ã«ã¯ãªã¹ãã®äž çªäžã«é 眮ãããŸããä»ã® HTTP ãããã¡ã€ã«ãèšå®ãããŠããªãåæ段éã«ã¯ãããã©ã«ããã ãã¡ã€ã«ãå¯äžã®ãšã³ããªãšãªããŸããåã ã® Web ãã£ã«ã¿ãããã¡ã€ã«ãè¿œå ããŠããäœçœ® ããããã ããŠã³ãªã¹ãã§ãããã¡ã€ã«ããœãŒãããããã«ãªããšãããã©ã«ããããã¡ã€ã«ã¯ãªã¹ãã®äžçªäžã«ç ãŸããåžžã«äžçªæåŸã«é©çšãããããã«ãªããŸãã ãã ããããã©ã«ããããã¡ã€ã«ã¯ããWeb ãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ããªã³ã°ããã¡ã€ã« ãã¿ãã§æ 瀺çã«èšå®ãããããã¡ã€ã«ã§ã¯ ãããŸããããWeb ãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã°ãã¿ã㧠Web ãã£ã«ã¿ãã°ããŒãã«ã«èšå®ãããšèªåçã«äœæãããŸãããèš±å¯ãããã¯ãŒã¯ ãã¯ãWeb ãã£ã«ã¿ãª ã³ã°ãããã¡ã€ã«ã® éä¿¡å ãããã¯ãŒã¯ ã«å¯Ÿå¿ãããWeb ãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã° > ã° ããŒãã« ãã¿ãã§èšå®ããŸããããŠãŒã¶/ã°ã«ãŒããããã¯ã¹ã®èšå® (ãªãã¬ãŒã·ã§ã³ã¢ãŒããåºæ¬ãŠãŒ ã¶èªèšŒ ããéžæãããšãWeb ãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã° > ã°ããŒãã« ãã¿ãã«è¡šç€ºããã) ã¯ãããã©ã«ãã®ãã£ã«ã¿å²ãåœãŠãšãªããŸãããŸãããWeb ãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã° > URL ãã£ã«ã¿ãªã³ã°ãã¿ãã®èšå®ã¯ããã£ã«ã¿ã¢ã¯ã·ã§ã³ã«å¯Ÿå¿ããŸããæåŸã«ãããã©ã«ããããã¡ã€ã«ã§ ãäžèŽããªãã£ãå ŽåãHTTP èŠæ±ã¯ãããã¯ãããŸãã ç¶ããŠããã® Web ãã£ã«ã¿ãããã¡ã€ã«ã«ã©ã®ãã£ã«ã¿å²ãåœãŠãé¢é£ä»ããããŠããã®ãã ãã§ãã¯ããŸãããã£ã«ã¿å²ãåœãŠãäžèŽããªãå Žåããã©ãŒã«ããã¯ã¢ã¯ã·ã§ã³ãèŠæ±ã«é©çšãã ãŸãããã©ãŒã«ããã¯ã¢ã¯ã·ã§ã³ãšã¯ã埡瀟ã®ã»ãã¥ãªãã£ããªã·ãŒãåæ ãããããã®ç¹å¥ãªãã£ã« 274 UTM 9 管çã¬ã€ã 9 Web ãããã¯ã·ã§ã³ 9.2 Web ãã£ã«ã¿ãªã³ã°ãããã¡ã€ã« ã¿ã¢ã¯ã·ã§ã³ã§ããå³æ Œãªã»ãã¥ãªãã£ããªã·ãŒãéµå®ããå¿ èŠãããå ŽåãäŸå€ãªããã¹ãŠã® Web ãã©ãã£ãã¯ããããã¯ãããã£ã«ã¿ã¢ã¯ã·ã§ã³ãäœæããããšãã§ããŸãã åããããã¯ãŒã¯ã»ã°ã¡ã³ãå ã®è€æ°ã®ãŠãŒã¶ã«å¯ŸããŠãç°ãªãã¬ãã«ã®é²åŸ¡ãæäŸããã«ã¯ãç° ãªããã£ã«ã¿å²ãåœãŠãé¢é£ä»ã㊠1ã€ã® Web ãã£ã«ã¿ãããã¡ã€ã«ãèšå®ããã ãã§ããç¹å®ã® ãŠãŒã¶ã«äœãèš±å¯ãããã®ãã¯ãéžæãããã£ã«ã¿å²ãåœãŠã®é çªã«å¿ããŠæ±ºãŸããŸãããã®ã ããéä¿¡å ãããã¯ãŒã¯ããŸã£ããåãã§ãã 2ã€ã®ãããã¡ã€ã«ãèšå®ããŠãã2ã€ç®ã®ãããã¡ã€ã« ã¯ãŸã£ãã䜿çšãããªããããæå³ããããŸããã 9.2.2 ãããã·ãããã¡ã€ã« ãããã·ãããã¡ã€ã«ã䜿çšãããšãè€æ°ã®ã³ã³ãã³ããã£ã«ã¿ãªã³ã°ããªã·ãŒãäœæãããããã¯ãŒã¯ å ã®ããŸããŸãªã¢ãã¬ã¹ã«å¥ã ã®ããªã·ãŒãé©çšããããšãã§ããŸããããã«ãããçµç¹å ã®ããŸã ãŸãªéšéã«å¯ŸããŠå¥ã ã®ããªã·ãŒãå®çŸ©ã§ããŸããããã«ãåãããã·ãããã¡ã€ã«ã«ã¯ç¬èªã® ãŠãŒã¶èªèšŒæ¹åŒãèšå®ã§ããŸãã ãããã·ãããã¡ã€ã«ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãæ°èŠãããã·ãããã¡ã€ã« ããã¯ãªãã¯ããŸãã ããããã·ãããã¡ã€ã«ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã®ãããã¡ã€ã«ã説æããååãå ¥åããŠãã ããã äœçœ®:ãããã·ãããã¡ã€ã«ã®åªå é äœãå®çŸ©ããäœçœ®çªå·ãçªå·ãå°ããã»ã©åªå é äœ ãé«ããªããŸãããããã·ãããã¡ã€ã«ã¯æé ã«ç §åãããŸãããããããã·ãããã¡ã€ã«ã äžèŽãããšããã以éããããã倧ããçªå·ã®ãããã·ãããã¡ã€ã«ã¯è©äŸ¡ãããŸããããã 詳现ãªãããã¡ã€ã«ããªã¹ãã®äžéšã«é 眮ããããšã§ãæãéå®çã§ãªããããã¡ã€ã«ãæ åŸã«ç §åãããããã«ãªããŸãã éä¿¡å ãããã¯ãŒã¯:ãã®ãããã·ãããã¡ã€ã«ã䜿çšãããããã¯ãŒã¯ãéžæããŸã (ããã¯ å¿ é ãã£ãŒã«ãã§ã)ã éä¿¡å ãšã³ããã€ã³ãã°ã«ãŒã:ãã®ãããã·ãããã¡ã€ã«ã䜿çšãããšã³ããã€ã³ãã°ã«ãŒã ãéžæããŸãããšã³ããã€ã³ãã°ã«ãŒãã¯ããšã³ããã€ã³ããããã¯ã·ã§ã³ > ã³ã³ãã¥ãŒã¿ç®¡ç > ã°ã«ãŒã管ç ãã¿ãã§äœæããã°ã«ãŒãã§ããã°ã«ãŒãã§ãWeb ã³ã³ãããŒã« ããæå¹ã«ãªã£ãŠ ããå Žåãåç §ãããšã³ããã€ã³ããã·ã³ã«ãããã·ãããã¡ã€ã« ãé©çšã§ããŸãã èŠå â ããã§ã¯ãä»ã®ãããã·ãããã¡ã€ã«ã§äœ¿çšãããŠããéä¿¡å ãããã¯ãŒã¯ããã³ãš ã³ããã€ã³ãã°ã«ãŒããéžæããªãã§ãã ãããéžæãããšãã³ã³ãã³ããã£ã«ã¿ã®ã¢ã¯ã·ã§ã³ UTM 9 管çã¬ã€ã 275 9.2 Web ãã£ã«ã¿ãªã³ã°ãããã¡ã€ã« 9 Web ãããã¯ã·ã§ã³ ãšãŠãŒã¶/ã°ã«ãŒãã®ãããã³ã°ã«äžæŽåãçããç¹å®ã®ãããã¯ãŒã¯ã»ã°ã¡ã³ãã«å±ãã ãŠãŒã¶ããæ¬æ¥ã¢ã¯ã»ã¹ãã¹ãã§ã¯ãªã Web ãµã€ããé²èŠ§ã§ããããã«ãªãå¯èœæ§ããã ãŸãã ãã£ã«ã¿å²åœãŠ:ãã£ã«ã¿å²åœãŠãéžæããŸãããã£ã«ã¿å²åœãŠãšã¯ 1ã»ããã® Web ãããã¯ã·ã§ ã³æ§æèšå®ã§ãããããã䜿çšãããšãããŸããŸãªãŠãŒã¶/ã°ã«ãŒãã«ããŸããŸãªã¬ãã«ã®ä¿ è·ãããŸããŸãªã¿ã€ãã³ã°ã§å²åœãŠãããšãã§ããŸã (詳ããã¯ããWeb ãããã¯ã·ã§ã³ > Web ã㣠ã«ã¿ãªã³ã°ãããã¡ã€ã« > ãã£ã«ã¿å²ãåœãŠ ããåç §ããŠãã ãã)ãè€æ°ã®ãã£ã«ã¿å²åœãŠãéž æããããšãã§ããŸããããã«ãã©ã®ãã£ã«ã¿å²åœãŠãæåã«é©çšããã®ããæå®ããããšã ã§ããŸããããã¯ãåããŠãŒã¶ãŸãã¯ãŠãŒã¶ã°ã«ãŒãã«å¯ŸããŠãããŸããŸãªãã£ã«ã¿å²åœãŠã ããŸããŸãªã¿ã€ãã³ã°ã§é©çšãããå Žåã«äŸ¿å©ã§ããäžè¬ã«ããã詳现ãªå²åœãŠããªã¹ãã®äž éšã«é 眮ããããšã§ãæãéå®çã§ãªãå²ãåœãŠãæåŸã«ç §åãããããã«ãªããŸãããã ã«ã¯ã2ã€ä»¥äžã®ãã£ã«ã¿ãéžæãããšè¡šç€ºãããç¢å°ã¢ã€ã³ã³ã䜿çšããŸãã 泚 â Web ãã£ã«ã¿ããåºæ¬ãŠãŒã¶èªèšŒ ãããActive Directory SSO ãããŸãã¯ãeDirectory SSO ã ã¢ãŒãã§å®è¡ãããŠããå Žåã¯ããããã©ã«ããã£ã«ã¿å²åœãŠ ããéžæããããšãã§ããŸããã ã®å²åœãŠã§ã¯ããWeb ãã£ã«ã¿ãªã³ã° > ã°ããŒãã« ãã¿ãã§èšå®ãããŠãŒã¶/ã°ã«ãŒãã«ãã ãã©ã«ããã£ã«ã¿ã¢ã¯ã·ã§ã³ããå²åœãŠãããŠããŸãããªãã¬ãŒã·ã§ã³ã¢ãŒãããæšæº ããŸã㯠ãéé ãã«èšå®ããå Žåã§ãããŠãŒã¶ãã°ã«ãŒããéžæããããã£ã«ã¿å²åœãŠã䜿çšããã ãšãã§ããŸããããã®å Žåããã®ãããã·ãããã¡ã€ã«ã®äœ¿çšæã«ãåœè©²ã®ãŠãŒã¶ãã° ã«ãŒãã¯ç¡èŠããããã£ã«ã¿å²ãåœãŠã«æå®ãããæéå®çŸ©ã®ã¿ãèæ ®ãããŸãã ãã©ãŒã«ããã¯ã¢ã¯ã·ã§ã³:ãã©ãŒã«ããã¯ã¢ã¯ã·ã§ã³ãšã¯ãäŒç€Ÿã®ã»ãã¥ãªãã£ããªã·ãŒãåæ ããããã®ç¹å¥ãªãã£ã«ã¿ã¢ã¯ã·ã§ã³ã§ãããéžæããããã£ã«ã¿å²åœãŠãããããäžèŽã㪠ãå Žåã«ãèŠæ±ã«é©çšãããŸããããšãã°ãå³æ Œãªã»ãã¥ãªãã£ããªã·ãŒãéµå®ããå¿ èŠã ããå ŽåãäŸå€ãªããã¹ãŠã® Web ãã©ãã£ãã¯ããããã¯ããç¹å¥ãªãã£ã«ã¿ã¢ã¯ã·ã§ã³ã ãã©ãŒã«ããã¯ãšããŠäœæããããšãã§ããŸãããŸããããã§éžæã§ãããããã©ã«ããã£ã«ã¿ ã¢ã¯ã·ã§ã³ãã¯ããWebãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã° > URL ãã£ã«ã¿ãªã³ã°ãã¿ãã§ã®èšå® ã«å¯Ÿå¿ããŠããŸãã ãªãã¬ãŒã·ã§ã³ã¢ãŒã:åãããã·ãããã¡ã€ã«ã«å¯Ÿããè€æ°ã®ãŠãŒã¶èªèšŒæ¹åŒããéžæãã ããšãã§ããŸããç°ãªããããã·ãããã¡ã€ã«ã«ç°ãªãèªèšŒæ¹åŒãæãããããšãã§ããŸã ãã1ã€ã®ãããã·ãããã¡ã€ã«ã«ã¯1ã€ã®èªèšŒæ¹åŒãã䜿çšã§ããŸããããWeb ãã£ã«ã¿ãªã³ ã° > ã°ããŒãã« ãã¿ãã§èšå®ãããªãã¬ãŒã·ã§ã³ã¢ãŒã以å€ã®ãªãã¬ãŒã·ã§ã³ã¢ãŒããéžæã ãããšãã§ããŸãããã ãããã®èªèšŒãæåŸ ã©ããã«æ©èœããã®ã¯ãããã§éžæããèªèšŒã¢ãŒ 276 UTM 9 管çã¬ã€ã 9 Web ãããã¯ã·ã§ã³ 9.2 Web ãã£ã«ã¿ãªã³ã°ãããã¡ã€ã« ãããã¹ãŠã®ãã£ã«ã¿å²åœãŠã§äœ¿çšããããã¹ãŠã®ãŠãŒã¶ããã³ã°ã«ãŒããªããžã§ã¯ãã®èª 蚌ã¢ãŒããšäžèŽããŠããå Žåã«éãããŸãã次ã®ãªãã¬ãŒã·ã§ã³ã¢ãŒãã䜿çšã§ããŸãã l æšæº:æšæºã¢ãŒãã§ã¯ãWeb ãã£ã«ã¿ã¯ããã©ã«ãã§ã¯ã©ã€ã¢ã³ãèŠæ±ãããŒã 8080 ã§ åŸ æ©ãããèš±å¯ãããã¯ãŒã¯ ãããã¯ã¹ã«ãªã¹ãããããããã¯ãŒã¯å ã®ãã¹ãŠã®ã¯ã©ã€ ã¢ã³ãã«å¯ŸããŠæ¥ç¶ãèš±å¯ããŸãããã®ã¢ãŒãã§äœ¿çšããå Žåãã¯ã©ã€ã¢ã³ãã¯ãã©ãŠ ã¶ã®èšå®ã§ Web ãã£ã«ã¿ã« HTTP ãããã·ãæå®ããŠããããšãå¿ èŠã§ãã èªèšŒã¿ã€ã: l ãªã:èªèšŒãè¡ããªãå Žåã«éžæããŸãã l Active Directory SSO:ãå®çŸ©ãšãŠãŒã¶ > èªèšŒãµãŒã > ãµãŒã ãã¿ãã§ããActive Directory ã·ã³ã°ã«ãµã€ã³ãªã³ã(SSO) ãèšå®ããå ŽåããããéžæããŸãããã ã«ããã NTLM ãŠãŒã¶èªèšŒãèªèšŒã¯ã©ã€ã¢ã³ãã§äœ¿çšãããŸããåäœãä¿èšŒã ããã®ã¯ Internet Explorer ã®ã¿ã§ãã ãã®ã¢ãŒãã§äœ¿çšããå Žåãã¯ã©ã€ã¢ã³ ãã¯ãã©ãŠã¶ã®èšå®ã§ Web ãã£ã«ã¿ã« HTTP ãããã·ãæå®ããŠããããšãå¿ èŠã§ãã 泚 â Active Directory ãŠãŒã¶ã°ã«ãŒããå®çŸ©ããéãLDAP æååã§ãª ããActive Directory ã°ã«ãŒãããŠãŒã¶åãæåã§å ¥åããããšã§ããActive Directory ã°ã«ãŒããããã¯ã¹ã«å¿ èŠãªãšã³ããªãè¿œå ããããšã匷ãæšå¥šã㟠ããäŸ:LDAP æååãCN=ads_group1,CN=Users,DC=example,DC=com ã®ä»£ããã« ads_group1 ãšããååãå ¥åããŠãã ããã 泚 â Kerberos ã䜿çšããŠããå ŽåããActive Directory ã°ã«ãŒããããã¯ã¹ã« ã¯ãã°ã«ãŒãã®ã¿ãè¿œå ããŠãã ããã ãšã³ããªããŠãŒã¶ã®å ŽåãWeb ãã£ã« ã¿ã«ãã£ãŠèš±å¯ãããŠããŸããã l ãšãŒãžã§ã³ã:Sophos Authentication Agent (SAA) ã䜿çšããå Žåã«éžæã㟠ããWebãã£ã«ã¿ã䜿çšããããã«ã¯ããšãŒãžã§ã³ããšèªèšŒãéå§ããå¿ èŠãã ããŸãã l Apple OpenDirectory SSO:ãå®çŸ©ãšãŠãŒã¶ > èªèšŒãµãŒã > ãµãŒã ãã¿ã㧠ãLDAP ããèšå®ããŠãããApple OpenDirectory ã䜿çšããŠããå Žåããããéž æããŸããããã«ããããã·ãæ£ããæ©èœããããã«ããããã«ã¯ããWeb ãã ãã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã° > 詳现 ãã¿ãã§ãMAC OS X ã·ã³ã°ã«ãµã€ã³ãªã³ Kerberos éµãã¡ã€ã«ãã¢ããããŒãããå¿ èŠããããŸãã ãã®ã¢ãŒãã§äœ¿çšã ãå Žåãã¯ã©ã€ã¢ã³ãã¯ãã©ãŠã¶ã®èšå®ã§ Web ãã£ã«ã¿ã« HTTP ãããã·ãæ å®ããŠããããšãå¿ èŠã§ãã Safari ãã©ãŠã¶ã¯ SSO ããµããŒãããŠããŸããã UTM 9 管çã¬ã€ã 277 9.2 Web ãã£ã«ã¿ãªã³ã°ãããã¡ã€ã« 9 Web ãããã¯ã·ã§ã³ l åºæ¬ãŠãŒã¶èªèšŒ:ãã®ã¢ãŒãã§ã¯ãåã¯ã©ã€ã¢ã³ãã¯ããããã·ã䜿çšããåã« ãã®ãããã·ã«å¯ŸããŠèªå·±èªèšŒããå¿ èŠããããŸãããµããŒããããèªèšŒæ¹åŒ ã«ã€ããŠè©³ããã¯ããå®çŸ©ãšãŠãŒã¶ > èªèšŒãµãŒã ããåç §ããŠãã ããã ãã®ã¢ãŒ ãã§äœ¿çšããå Žåãã¯ã©ã€ã¢ã³ãã¯ãã©ãŠã¶ã®èšå®ã§ Web ãã£ã«ã¿ã« HTTP ã ããã·ãæå®ããŠããããšãå¿ èŠã§ãã l eDirectory SSO:ãå®çŸ©ãšãŠãŒã¶ > èªèšŒãµãŒã > ãµãŒã ãã¿ãã§ãeDirectoryããèš å®ããå ŽåããããéžæããŸãã ãã®ã¢ãŒãã§äœ¿çšããå Žåãã¯ã©ã€ã¢ã³ãã¯ã ã©ãŠã¶ã®èšå®ã§ Web ãã£ã«ã¿ã« HTTP ãããã·ãæå®ããŠããããšãå¿ èŠã§ ãã 泚 â eDirectory ããã³ Active Directory ã®ã·ã³ã°ã«ãµã€ã³ãªã³ (SSO) ã¢ãŒã ã®å ŽåãWeb ãã£ã«ã¿ã¯ã¢ã¯ã»ã¹å ã® IP ã¢ãã¬ã¹ãšè³æ Œæ å ±ãæ倧 15åé ãã£ãã·ã¥ããŸããApple OpenDirectory SSO ã®å Žåããã£ãã·ã¥ã§ããã®ã¯ ã°ã«ãŒãæ å ±ã®ã¿ã§ããããã¯ãèªèšŒãµãŒããžã®è² è·ã軜æžããããã«è¡ ãããŸããéã«èšããšããŠãŒã¶ãã°ã«ãŒãããŸãã¯ã¢ã¯ã»ã¹ããŠãããŠãŒã¶ã® ãã°ã€ã³ã¹ããŒã¿ã¹ã®å€æŽã Web ãã£ã«ã¿ã«ãã£ãŠåæ ããããŸã§ãæ倧 15 åããããŸãã l ééã¢ãŒã:ééã¢ãŒãã§ã¯ãããŒã 80 (SSL ã䜿çšããŠããå Žåã¯ããŒã 443) ã§ã¯ã© ã€ã¢ã³ããã©ãŠã¶ã¢ããªã±ãŒã·ã§ã³ã è¡ããã¹ãŠã®æ¥ç¶ã¯ã€ã³ã¿ãŒã»ãããããã¯ã©ã€ ã¢ã³ãåŽã®èšå®ãªãã§ãããã·ã«ãªãã€ã¬ã¯ããããŸããã¯ã©ã€ã¢ã³ãã Web ãã£ã«ã¿ ãµãŒããæèããããšã¯å šããããŸããããã®ã¢ãŒãã®å©ç¹ã¯ãè¿œå ã®ç®¡çãã¯ã©ã€ ã¢ã³ãåŽã§ã®èšå®ãäžèŠã§ããããšã§ãçæã¯ãåŠçã§ããã®ã HTTP (ããŒã80) èŠ æ±ã®ã¿ã§ããããšã§ãããã®ãããééã¢ãŒããéžæãããšãã¯ã©ã€ã¢ã³ãã®ãããã· èšå®ã¯ç¡å¹ã«ãªããŸãã 泚 â ééã¢ãŒãã§ã¯ãWeb ãã£ã«ã¿ã¯ HTTP èŠæ±ãã NTLM èªèšŒããããåé€ã㟠ããããã«ãWeb ãã£ã«ã¿ã¯ãã®ã¢ãŒãã§ã¯ FTP èŠæ±ãåŠçã§ããŸãããã¯ã©ã€ã¢ã³ ãããã®ãããªãµãŒãã¹ã«ã¢ã¯ã»ã¹ããå¿ èŠãããå Žåã¯ããã¡ã€ã¢ãŠã©ãŒã«ã§ã㌠ã (21) ãéãå¿ èŠããããŸããäžéšã® Web ãµãŒãã¯ãããŒã80 以å€ã®ããŒãçµç±ã§ ã¹ããªãŒãã³ã°åç»ãé³å£°ãªã©ã®ããŒã¿ãéä¿¡ããŸãããããã®èŠæ±ã¯ãWeb ãã£ã« ã¿ãééã¢ãŒãã§æ©èœããŠãããšãã¯æ€ç¥ãããŸããããã®ãããªãã©ãã£ãã¯ã«ã察 å¿ãããå Žåã«ã¯ãä»ã®ã¢ãŒãã䜿çšããããããããèš±å¯ããæ確ãªãã¡ã€ã¢ ãŠã©ãŒã«ã«ãŒã«ãå ¥åããå¿ èŠããããŸãã èªèšŒã¿ã€ã: 278 UTM 9 管çã¬ã€ã 9 Web ãããã¯ã·ã§ã³ 9.2 Web ãã£ã«ã¿ãªã³ã°ãããã¡ã€ã« l ãªã:èªèšŒãè¡ããªãå Žåã«éžæããŸãã l ãšãŒãžã§ã³ã:Sophos Authentication Agent (SAA) ã䜿çšããå Žåã«éžæã㟠ããWeb ãã£ã«ã¿ã䜿çšããããã«ã¯ããšãŒãžã§ã³ããšèªèšŒãéå§ããå¿ èŠãã ããŸãã l ãã©ãŠã¶:éžæãããšãWeb ãã£ã«ã¿ãžã®èªå·±èªèšŒã®ããã®ãã°ã€ã³ãã€ã¢ãã° ããŠãŒã¶ã®ãã©ãŠã¶ã«è¡šç€ºãããŸãããã®ã¢ãŒãã§ã¯ãã¯ã©ã€ã¢ã³ãåŽã®ãã©ãŠ ã¶èšå®ãªãã§ããŠãŒã¶åã«åºã¥ã远跡ãå ±åãããã³ãµãŒãã£ã³ãå¯èœã«ãªã ãŸããããã«ããã®ãã€ã¢ãã°ãŠã£ã³ããŠã«è¿œå ã§å 責æ¡é ã衚瀺ããããšã㧠ããŸãããã®å ŽåããŠãŒã¶ãå ã«é²ãããã«ã¯ãå 責æ¡é ã«åæããå¿ èŠã ãããŸããå 責æ¡é ã«ã€ããŠè©³ããã¯ãã管ç > ã«ã¹ã¿ãã€ãº >Web ã¡ãã»ãŒãž ã ã®ç« ãåç §ããŠãã ããã ãã«ééã¢ãŒã (ãªãã·ã§ã³): ã¯ã©ã€ã¢ã³ãã®éä¿¡å IP ãã²ãŒããŠã§ã€ã® IP ã§çœ®ãæã ãããã®ãŸãŸç¶æããå Žåã¯ããããéžæããŸããããã¯ãã¯ã©ã€ã¢ã³ãããããªã㯠IP ã¢ãã¬ã¹ã䜿çšããŠãããWeb ãã£ã«ã¿ã«ãã£ãŠé ãã¹ãã§ã¯ãªãå Žåã«äŸ¿å©ã§ ãããã®ãªãã·ã§ã³ã¯ããªããžã¢ãŒãã®ã¿ã§æå³ããããããããªããžã¢ãŒãã§ããå© çšã§ããŸããã HTTPS (SSL) ãã©ãã£ãã¯ã®ã¹ãã£ã³:HTTP ãã©ãã£ãã¯ã«å ã HTTPS ãã©ãã£ãã¯ãã¹ãã£ã³ ããå Žåã¯ããã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ãããããã¡ã€ã«ãããããã·ãããã¡ã€ã« ããªã¹ãã«è¡šç€ºãããŸãã éèŠ â SSL ã¹ãã£ãã³ã°ãééã¢ãŒããšçµã¿åãããŠæå¹ã«ãããšãäžéšã® SSL æ¥ç¶ (SSL VPN ãã³ãã«ãªã©) ã倱æããŸããSSL VPN æ¥ç¶ãæå¹ã«ããã«ã¯ã察å¿ããã¿ãŒã²ãããã¹ãã ãééã¢ãŒãã¹ããããªã¹ããã«è¿œå ããŸã (ãWeb ãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã° > 詳现 ããå ç §)ã ããã«ãèªå·±çœ²å蚌ææžã§ãã¹ãã«ã¢ã¯ã»ã¹ããã«ã¯ãã蚌ææžä¿¡é Œæ§ãã§ã㯠ããªãã·ã§ã³ãéž æããŠããããã®ãã¹ãã®é€å€ãäœæããå¿ èŠããããŸããããã«ããããããã·ã§èšŒææžã® ãã§ãã¯ãè¡ãããŸããã ãããã·ãããã¡ã€ã«ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã UTM 9 管çã¬ã€ã 279 9.2 Web ãã£ã«ã¿ãªã³ã°ãããã¡ã€ã« 9 Web ãããã¯ã·ã§ã³ 9.2.3 ãã£ã«ã¿å²åœãŠ ãWeb ãã£ã«ã¿ãªã³ã°ãããã¡ã€ã« > ãã£ã«ã¿å²åœãŠ ãã¿ãã§ã¯ãç¹å®ã®ãŠãŒã¶ããã³ãŠãŒã¶ã°ã«ãŒã ã«ãã£ã«ã¿ã¢ã¯ã·ã§ã³ãå²ãåœãŠãããšãã§ããŸãããã£ã«ã¿ã¢ã¯ã·ã§ã³ã§ã¯ããããã¯ãã¹ã Web ãµã€ ãã Web ãµã€ãã«ããŽãªãå®çŸ©ããããšã«ãã£ãŠãäœããã«çŠç¹ãããŠãŸããããã£ã«ã¿å²ãåœãŠã§ ã¯ããããã®ã¢ã¯ã·ã§ã³ãç¹å®ã®ã¿ã€ãã³ã°ã§ãŠãŒã¶ãšãŠãŒã¶ã°ã«ãŒãã«å²ãåœãŠãããšã«ãã£ãŠ ã誰ããšããã€ãã«çŠç¹ãããŠãŸãã 泚 âãWeb ãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã° > ãŠã€ã«ã¹å¯Ÿç/ãã«ãŠã§ã¢å¯Ÿç ãã¿ãã§è¡ã£ãåçš® èšå® (ã¢ã³ããŠã€ã«ã¹ã¹ãã£ã³ããã¡ã€ã«æ¡åŒµåãã£ã«ã¿ãMIME ã¿ã€ããã£ã«ã¿ãã³ã³ãã³ãåé€) ãš ãURL ãã£ã«ã¿ãªã³ã°ãã¿ãã§è¡ã£ãåçš®èšå® (ã«ããŽãªããããã¯ãã URL) ã¯ãäžã®ããã£ã«ã¿ã¢ã¯ ã·ã§ã³ãããããããŠã³ãªã¹ãã§éžæã§ãããããã©ã«ããã£ã«ã¿ã¢ã¯ã·ã§ã³ããšããŠä¿åãããŸãã ãã£ã«ã¿å²ãåœãŠãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãæ°èŠãã£ã«ã¿å²ãåœãŠ ããã¯ãªãã¯ããŸãã ãæ°èŠãã£ã«ã¿å²ãåœãŠã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã®å²åœãŠã説æããååãå ¥åããŠãã ããã èš±å¯ãŠãŒã¶/ã°ã«ãŒã:ç¹å®ã®ãã£ã«ã¿ã¢ã¯ã·ã§ã³ã䜿çšã§ãããŠãŒã¶ãšã°ã«ãŒããéžæã㟠ããæ°ãããã£ã«ã¿å²ãåœãŠã¯ãããã§éžæãããŠãŒã¶ããã³ã°ã«ãŒããšåãèªèšŒã¢ãŒãã䜿 çšãã Web ãã£ã«ã¿ãããã¡ã€ã«ã®ã¿ã«è¿œå ããå¿ èŠããããŸãã ã¿ã€ã ã€ãã³ã:ãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ããã£ã«ã¿ãããã¡ã€ã«ãç¹å®ã®æéç¯å²ã«å¶éã ãããã«äœ¿çšã§ããåäžã® (ãŸãã¯ç¹°ãè¿ããã) æé垯ã§ãã詳现ã¯ããå®çŸ©ãšãŠãŒã¶ > æ é垯å®çŸ© ããåç §ããŠãã ããã ãã£ã«ã¿ã¢ã¯ã·ã§ã³:äžã§å®çŸ©ãããŠãŒã¶ãšãŠãŒã¶ã°ã«ãŒãã«å²ãåœãŠããã£ã«ã¿ã¢ã¯ã·ã§ã³ã éžæããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããå²ãåœãŠãããã£ã«ã¿å²ãåœãŠ ããªã¹ãã«è¡šç€ºãããŸãã ãã£ã«ã¿å²ãåœãŠãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã Web ãã£ã«ã¿ãããã¡ã€ã«ã®äœææã«ãåãã£ã«ã¿å²ãåœãŠãéžæã§ããŸãã 280 UTM 9 管çã¬ã€ã 9 Web ãããã¯ã·ã§ã³ 9.2 Web ãã£ã«ã¿ãªã³ã°ãããã¡ã€ã« 9.2.4 ãã£ã«ã¿ã¢ã¯ã·ã§ã³ ãWeb ãã£ã«ã¿ãªã³ã°ãããã¡ã€ã« > ãã£ã«ã¿ã¢ã¯ã·ã§ã³ãã¿ãã§ã¯ãäžé£ã® Web ãããã¯ã·ã§ã³æ§æèš å®ãäœæããã³ç·šéã§ããŸãããã®èšå®ã䜿çšããŠãããŸããŸãªã¿ã€ããã¬ãã«ã®ä¿è·ãã«ã¹ã¿ã〠ãºããããšãå¯èœã§ãããã£ã«ã¿ã¢ã¯ã·ã§ã³ã¯ãããŸããŸãªãŠãŒã¶ããŠãŒã¶ã°ã«ãŒãã«å²ãåœãŠãããš ãã§ããWeb ã¢ã¯ã»ã¹ãã³ã³ãããŒã«ããããã®æè»ãªææ³ãšãªããŸãã ãã£ã«ã¿ã¢ã¯ã·ã§ã³ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãæ°èŠãã£ã«ã¿ã¢ã¯ã·ã§ã³ããã¯ãªãã¯ããŸãã ãæ°èŠãã£ã«ã¿ã¢ã¯ã·ã§ã³ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã®ã¢ã¯ã·ã§ã³ã説æããååãå ¥åããŠãã ããã ã¢ãŒã:éžæãã Web ãµã€ãããããã¯ãããèš±å¯ããããéžæããŸãã次ã®ãªãã·ã§ã³ã䜿 çšã§ããŸãã l ããã©ã«ãã§èš±å¯:ãã®ãªãã·ã§ã³ãéžæãããšãéžæãã Web ãµã€ãã¯ãããã¯ãã㟠ãããä»ã®ãã¹ãŠã® Web ãµã€ãã¯èš±å¯ãããŸãã l ããã©ã«ãã§ãããã¯:ãã®ãªãã·ã§ã³ãéžæãããšãéžæãã Web ãµã€ããé€ããã¹ãŠ ã® Web ãµã€ãããããã¯ãããŸãã ã¬ãã¥ããŒã·ã§ã³:Web ãµã€ãã¯ãä¿¡é Œããããããäžç« ãããçããããã®ããããã«åé¡ã§ã㟠ããæªåé¡ã® Web ãµã€ãããæªç¢ºèª ããšåŒã³ãŸãããããã¯ãŒã¯ããã¢ã¯ã»ã¹ã§ãã Web ãµã€ã ãã©ã®ãããªè©å€ãæã€ã¹ããã決å®ããããšãã§ããŸããéžæããã¬ãã¥ããŒã·ã§ã³ãäžå ã Web ãµã€ãã¯ãããã¯ãããŸãã ã¹ãã€ãŠã§ã¢éä¿¡ããããã¯:ãã®ãªãã·ã§ã³ãéžæãããšããµãŒãããã¯ã©ã€ã¢ã³ããžã®ãã© ãã£ãã¯ã§ã¹ãã€ãŠã§ã¢ãæ€åºãããããã¯ããŸããããã«ããããããã¯ãŒã¯å ã®ã³ã³ãã¥ãŒã¿ ãæ°ããã¹ãã€ãŠã§ã¢ã«ææããã®ãé²ãããšãã§ããŸããããã«ããã®æ©èœãæå¹ã«ãã ãšããã§ã«ã€ã³ã¹ããŒã«ãããŠããã¹ãã€ãŠã§ã¢ã¢ããªã±ãŒã·ã§ã³ã«ã€ããŠãæ€åºãããã© ãã£ãã¯ããããã¯ã§ããŸãããã®çµæãã¹ãã€ãŠã§ã¢ãåéãããŠãŒã¶æ å ±ãã€ã³ã¿ãŒããã ã«éä¿¡ãããªããªããŸãããã®ãªãã·ã§ã³ã¯ãã¢ãŒãããããã©ã«ãã§ããã㯠ãã«å€æŽãããšäœ¿ çšã§ããŸããã ãããã¯ãã Web ãµã€ãã«ããŽãª:ãããã¯ãã Web ãµã€ãã«ããŽãªãéžæããŸããããã§éžæã ã Web ãµã€ãã«ããŽãªãšãã®äžäœã®ãµãã«ããŽãªã®ãããã³ã°ã¯ããWeb ãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã° > URL ãã£ã«ã¿ãªã³ã°ã«ããŽãªãã¿ãã§å€æŽã§ããŸããåè¿°ã®ãã¢ãŒã ãããããã© UTM 9 管çã¬ã€ã 281 9.2 Web ãã£ã«ã¿ãªã³ã°ãããã¡ã€ã« 9 Web ãããã¯ã·ã§ã³ ã«ãã§ããã㯠ãã«èšå®ããå Žåããã®ãªãã·ã§ã³ã¯ããããã® Web ãµã€ãã«ããŽãªãèš±å¯ ãã«å€ ãããŸãã æªåé¡ãµã€ãããããã¯:ãã®ãªãã·ã§ã³ãéžæãããšãæªç¥ã®ã³ã³ãã³ãã®ãã Web ãµã€ãã ãã©ãŠã¶ã§éãããšãã§ããªããªããŸãããã®æ©èœã¯ã奜ãŸãããªããšæããã Web ãµã€ããçž å¿ã®åé¡ããããŠããªãå Žåã®ãã©ãŒã«ããã¯ã»ãã¥ãªãã£ã¡ã«ããºã ãšèããããšãã§ã㟠ããåè¿°ã®ãã¢ãŒã ãããããã©ã«ãã§ããã㯠ãã«èšå®ããå Žåããã®ãªãã·ã§ã³ã¯ãæªåé¡ã® ãµã€ããèš±å¯ ãã«å€ãããŸãã èš±å¯ããURL/ãµã€ã:ç¹å®ã® URL ã Web ãµã€ãããŸãã¯ç¹å®ã®ãã¡ã€ã³ã«ããè€æ°ã® Web ããŒãžãããã®ã«ããŽãªã«é¢ããããããã¯ããã«ã¯ãããã«å ¥åããŸãããã®çµæãããã§å® 矩ãã Web ãµã€ãããèš±å¯ããã«ããŽãªã«å±ããŠããå Žåã§ãããããã¯ããããšãã§ã㟠ããURL å®çŸ©ãè¿œå ããã«ã¯ããã©ã¹ã¢ã€ã³ã³ãã¯ãªãã¯ããŠãæ£èŠè¡šçŸãªããžã§ã¯ããè¿œå ã ãã€ã¢ãã°ãŠã£ã³ããŠãéãã以äžã®ããŒã¿ãå ¥åããŸãã l åå:æ£èŠè¡šçŸã説æããååãå ¥åããŠãã ããã l ãã¡ã€ã³:ãã¹ãŠããŸãã¯ç¹å®ã® Web ããŒãžããããã¯ãããã¡ã€ã³ãå ¥åããŸãããã¡ã€ ã³åå šäœãå ¥åããå¿ èŠãããããšã«æ³šæããŠãã ãããããšãã°ã wwwãå«ããå¿ èŠããããŸãã以äžã§æå®ããæ£èŠè¡šçŸã®ãããã 1ã€ããã® URL ã«äžèŽããå Ž åãæå®ãããã¡ã€ã³ã® Web ããŒãžã¯ãããã¯ãããŸããæ£èŠè¡šçŸãæå®ããªãã£ã å Žåã¯ããã¡ã€ã³å šäœããããã¯ãããŸãã l æ£èŠè¡šçŸ:äžã§æå®ãããã¡ã€ã³ã®ç¹å®ã® Web ããŒãžããããã¯ããã«ã¯ãæ£èŠè¡šçŸ ãå ¥åããŸããäžã§ãã¡ã€ã³ãæå®ããªãã£ãå Žåã¯ããã®æ£èŠè¡šçŸããã¹ãŠã®ãã¡ ã€ã³ã«é©çšãããŸããæ£èŠè¡šçŸã«ãã£ãŠã¯ã察象㮠URL ã ãã§ã¯ãªããæ€çŽ¢çµæã é¡äŒŒ URL ã®äžéšã«ãäžèŽããŠããŸããããæå³ããªããããã¯ã«ã€ãªããå¯èœæ§ã ãããŸãã åç § â Web ãã£ã«ã¿ãªã³ã°ã§æ£èŠè¡šçŸã䜿çšããæ¹æ³ã®è©³çŽ°ã¯ãSophos ãµããŒã ããŒã¿ããŒã¹ãåç §ããŠãã ããã 泚 â Web ããŒãžã¯ã§ããã ã詳现ã«æå®ããŠãã ããããã¡ã€ã³ãæå®ããã«æ£èŠ è¡šçŸã®ã¿ãæå®ãããšãæå³ããªããããã¯ã«ã€ãªããå¯èœæ§ããããŸãã l ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã åè¿°ã®ãã¢ãŒã ãããããã©ã«ãã§ããã㯠ãã«èšå®ããå Žåããã®ãªãã·ã§ã³ã¯ããèš±å¯ãã URL/ãµã€ããã«å€ãããŸãã 282 UTM 9 管çã¬ã€ã 9 Web ãããã¯ã·ã§ã³ 9.2 Web ãã£ã«ã¿ãªã³ã°ãããã¡ã€ã« åžžã«èš±å¯ãã URL/ãµã€ã:ç¹å®ã® URL ã Webãµã€ãããŸãã¯ç¹å®ã®ãã¡ã€ã³ã«ããè€æ°ã® Web ããŒãžãããã®ã«ããŽãªããããã¯ãªã¹ãã«ååšãããã©ããã«é¢ãããæ瀺çã«èš±å¯ ããã«ã¯ãããã«å ¥åããŸãã ã+ã(ãã©ã¹) ã¢ã€ã³ã³ãã¯ãªãã¯ããŠããæ£èŠè¡šçŸãªããžã§ã¯ããè¿œå ããã€ã¢ãã°ãŠã£ã³ããŠãé ããŸããäžèšã®ãªãã·ã§ã³ã®èª¬æã«åŸã£ãŠãé©åãªããŒã¿ãå ¥åããŸãã説æã¯ããã®ãªã ã·ã§ã³ã«ãå ±éããŠããŸãã åè¿°ã®ãã¢ãŒã ãããããã©ã«ãã§ããã㯠ãã«èšå®ããå Žåããã®ãªãã·ã§ã³ã¯ããåžžã«ããã㯠ãã URL/ãµã€ããã«å€ãããŸãã åç § â Web ãã£ã«ã¿ãªã³ã°ã§æ£èŠè¡šçŸã䜿çšããæ¹æ³ã®è©³çŽ°ã¯ãSophos ãµããŒãããŒã¿ ããŒã¹ãåç §ããŠãã ããã ã»ãŒããµãŒã:GoogleãBingãYahoo ã®åæ€çŽ¢ãšã³ãžã³ã«å¯Ÿã㊠SafeSearch ã®äœ¿çšã匷å¶ã ãããšãã§ããŸããã»ãŒããµãŒããã£ã«ã¿ã¯ãåäŸã«ãµãããããªãã³ã³ãã³ã (ç¯çœªãäžæ£) ãæ€çŽ¢çµæããåé€ããŸããæå¹ã«ãããšãWeb ãã£ã«ã¿çµç±ã§ Web ãµãŒãã£ã³ããããŠãŒ ã¶ã¯ãã£ã«ã¿ããªãã«ã§ããŸããã YouTube for Schools:ãããæå¹ã«ãããšããŠãŒã¶ãåçã§ãã YouTube åç»ã¯ãYouTube EDU ãµãã»ã¯ã·ã§ã³ã® YouTube åç»ããŠãŒã¶ã®åŠæ ¡ã®ã¢ã«ãŠã³ãã§ã¢ããããŒããããŠãã YouTube åç»ã«å¶éãããŸãããããæ©èœããããã«ã¯ãYouTube for Schools ããã°ã©ã ã« ç»é²ããŠãã¹ã¯ãŒã« ID ãååŸããããã以äžã«å ¥åããå¿ èŠããããŸãã 泚 â Sophos UTMã§ã¯ããããã¬ãã«ãã¡ã€ã³ã® youtube.com ãš ytimg.com ã«å ããäžè¬ çãªåç»ããããã¯ãããªãããšã確èªããå¿ èŠããããŸãã l YouTube School ID:ãYouTube for Schoolsããæå¹ã«ããå Žåãã¹ã¯ãŒã« ID ãŸã㯠YouTube ããæäŸãããã³ãŒããå ¥åããå¿ èŠããããŸãã ãããã¯å¯Ÿè±¡ãã¡ã€ã«æ¡åŒµå:ãã¡ã€ã«æ¡åŒµåãæå®ãããšãæ¡åŒµåã«åºã¥ããŠç¹å®ã¿ã€ãã® ãã¡ã€ã«ããããã¯ããããšãã§ããŸã (å®è¡å¯èœåœ¢åŒã®ãã€ããªãªã©)ããã¡ã€ã«æ¡åŒµåãè¿œ å ããã«ã¯ãããããã¯ãããã¡ã€ã«æ¡åŒµå ãããã¯ã¹ã®ãã©ã¹ã¢ã€ã³ã³ãã¯ãªãã¯ãããããã¯ã ããæ¡åŒµå (exe ãªã©) ãå ¥åããŸããåºåãèšå·ã®ãããã¯äžèŠã§ãã ãããã¯å¯Ÿè±¡ MIME ã¿ã€ã:ãããã¯ãã MIME ã¿ã€ããè¿œå ããã«ã¯ãããããã¯å¯Ÿè±¡ MIME ã¿ ã€ããããã¯ã¹ã®ã+ãã¢ã€ã³ã³ãã¯ãªãã¯ããMIME ã¿ã€ããå ¥åããŸã (äŸ: image/gif ãªã©)ã UTM 9 管çã¬ã€ã 283 9.2 Web ãã£ã«ã¿ãªã³ã°ãããã¡ã€ã« 9 Web ãããã¯ã·ã§ã³ ã³ã³ãã³ãåé€:ãããéžæãããšããJavaScript ãåé€ ããªãã·ã§ã³ãšãåã蟌ã¿ãåé€ ããªã ã·ã§ã³ã衚瀺ãããŸãããããã®ãªãã·ã§ã³ã䜿çšããŠã<SCRIPT> ã¿ã°ãš <OBJECT> ã¿ã°ã HTML ããŒãžããåé€ãããåŠããèšå®ã§ããŸãããJavaScript ãåé€ããªãã·ã§ã³ã䜿çšã ããšãHTML ããŒãžã«åã蟌ãŸãã (ãŸã㯠HTML ããŒãžããã€ã³ã¯ã«ãŒãããã) JavaScript ãç¡å¹ã«ãªãããåã蟌ã¿ãåé€ãã䜿çšãããšãåä¿¡åŽ HTTP/S ãã©ãã£ãã¯ã ã ActiveXãFlashãJava ã¢ãã¬ãããªã©ã®åçã³ã³ãã³ããé€å€ãããŸããåçã³ã³ãã³ãã åã蟌ãæ¹æ³ã¯ä»ã«ãããã®ã§ãç¹å®ã®ã³ã³ãã³ãã確å®ã«é€å€ããã«ã¯ãããããã¯å¯Ÿè±¡ MIME ã¿ã€ããããã¯ã¹ã§æå®ããŠãã ããã ã¢ã³ããŠã€ã«ã¹ã¹ãã£ã³ã䜿çš:ãã®ãªãã·ã§ã³ãéžæãããšãåä¿¡åŽ Web ãã©ãã£ãã¯ã«æªè³ª ãªã³ã³ãã³ããå«ãŸããŠããªããã¹ãã£ã³ãè¡ãããŸããSophos UTMã¯ãæé«ã®ã»ãã¥ãª ãã£ãå®çŸããããŸããŸãªã¢ã³ããŠã€ã«ã¹ãšã³ãžã³ãåããŠããŸãã æ倧ã¹ãã£ã³ãµã€ãº:ã¢ã³ããŠã€ã«ã¹ãšã³ãžã³ã§ã¹ãã£ã³ããæ倧ãã¡ã€ã«ãµã€ãºãæå®ã㟠ãããã®ãµã€ãºãè¶ ãããã¡ã€ã«ã¯ã¹ãã£ã³å¯Ÿè±¡å€ãšãªããŸãã èš±å¯ããããŠã³ããŒãã®æ倧ãµã€ãº:æå®ãããµã€ãº (MB) ãè¶ ãããã¡ã€ã«ã®ããŠã³ããŒã ãçŠæ¢ããå Žåã«ãã®ãªãã·ã§ã³ãæå®ããŸãã åŽååè°äŒã®äŒå¡ãªã©ã掻åå 容ãèšé²ããããšãçŠæ¢ãããŠãããŠãŒã¶ãããå Žåã« ã¯ã次㮠2ã€ã®ãªãã·ã§ã³ã䟿å©ã§ãã l ã¢ã¯ã»ã¹ããããŒãžããã°ã«èšé²ãã:ãã§ãã¯ãå€ããšãã¢ã¯ã»ã¹ããããŒãžããã°ã ã¬ããŒãããé€å€ãããŸãã l ãããã¯ãããããŒãžããã°ã«èšé²ãã:ãã§ãã¯ãå€ããšããããã¯ããããŒãžããã° ãã¬ããŒãããé€å€ãããŸãã 芪ãããã·:1ã€ä»¥äžã®èŠªãããã·ã®äœ¿çšãèšå®ã§ããŸããããã¯ã¹ã空ã®å ŽåããŸããã芪 ãããã· ãã¿ãã«èŠªãããã·ã®å®çŸ©ãäœæããŠãã ããã åãããã·ã®åã«ãããã§ãã¯ãã㯠ã¹ã«ãã§ãã¯ãå ¥ããŠã芪ãããã·ã®äœ¿çšãæå¹åããŸããè€æ°ã®ãããã·ãéžæããå Ž åãã䞊ã³æ¿ããã¢ã€ã³ã³ã䜿çšããŠãããã·ã䞊ã¹æ¿ããããšãã§ããŸããéžæãã芪ããã ã·ã¯ãæåã®ãããã·ãäžèŽãããŸã§ãæå®ã®é åºã§é©çšãããŸããåŠçé åºã¯äœçœ®çª å·ã«ãã£ãŠæ±ºãŸããããäœçœ®çªå·ã«ãã£ãŠãããã·ã®é åºãå€æŽãããšãåŠçé åºãå€ãã ãŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ãããã£ã«ã¿ã¢ã¯ã·ã§ã³ãããã£ã«ã¿ã¢ã¯ã·ã§ã³ããªã¹ãã«è¡šç€ºãããŸãã ãã£ã«ã¿ã¢ã¯ã·ã§ã³ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã ãã£ã«ã¿å²ãåœãŠãŸã㯠Web ãã£ã«ã¿ãããã¡ã€ã«ã®äœææã«ãåãã£ã«ã¿ã¢ã¯ã·ã§ã³ãéžæã§ã㟠ãã 284 UTM 9 管çã¬ã€ã 9 Web ãããã¯ã·ã§ã³ 9.2 Web ãã£ã«ã¿ãªã³ã°ãããã¡ã€ã« 泚 â ããã§ã¯ããããã©ã«ãã®ã³ã³ãã³ããã£ã«ã¿ãããã¯ã¢ã¯ã·ã§ã³ããåç §ã§ããŸããããã©ã«ã㧠ã¯ããWeb ãã£ã«ã¿ãªã³ã°ãã¡ãã¥ãŒã®ä»ã®ãã¹ãŠã®ãã£ã«ã¿ã¢ã¯ã·ã§ã³ãèšå®ãšäžèŽããªã HTTP/S ãªã¯ãšã¹ãããã¹ãŠãããã¯ãããŸãã 9.2.5 芪ããã㷠芪ãããã·ã¯ãå€ãã®å Žåãæ¿åºæ¿èªã®ãããã·ãµãŒããéããŠã€ã³ã¿ãŒãããã¢ã¯ã»ã¹ãã«ãŒã㣠ã³ã°ããå¿ èŠã®ããåœãªã©ã§å¿ èŠãšãããŸãããWeb ãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã°ãããã¡ã€ ã« > 芪ãããã· ãããŒãžã§ã¯ã芪ãããã·ã®äœ¿çšãããããã¡ã€ã«ã«åºã¥ããŠèšå®ãããã°ããŒã ã«ã«èšå®ã§ããŸãã芪ãããã·ããããã¡ã€ã«ã§äœ¿çšããããã«ã¯ãåžžã«ããã®ããŒãžã§ (ããã㯠ãWeb ãã£ã«ã¿ãªã³ã° > 詳现 ãããŒãžã§) æåã«èšå®ããå¿ èŠããããŸãã 泚 â æè¡çãªçç±ããã芪ãããã·ãæå¹åããå Žåã¯ãSSL ã¹ãã£ãã³ã°ãæå¹ã«ããç¶æ ã§ã®ééã¢ãŒãã§ã® HTTPS èŠæ±ã¯è¡ããŸããã 芪ãããã·ãèšå®ããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãæ°èŠèŠªãããã· ããã¯ãªãã¯ããŸãã ãæ°èŠèŠªãããã·äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã®èŠªãããã·ã説æããååãå ¥åããŠãã ããã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã ãããã·ã䜿çšãããã¹ã:芪ãããã·ã䜿çšãããã¹ãããã®ããã¯ã¹ã«è¿œå ããŸã (äŸ: *.wikipedia.org)ãããã§ã¯ãã¿ãŒã³ãããã䜿çšã§ããŸãããã ããæ£èŠè¡šçŸã¯äœ¿çšã§ ããŸãããããã¯ã¹ã空ã«ãããšããä¿å ããã¯ãªãã¯ãããšã¢ã¹ã¿ãªã¹ã¯ (*) ãèªåçã«è¿œå ã ãããã¹ãŠã®ãã¹ãã«è©²åœããŸããåŸã£ãŠããã®ãããªãããã·å®çŸ©ã¯ãäžèŽãããããã·ã ååšããªãå Žåã®ãã©ãŒã«ããã¯ãããã·ãšã¿ãªãããŸãã 芪ãããã·:芪ãããã·ã®ãããã¯ãŒã¯å®çŸ©ãéžæãŸãã¯è¿œå ããŸãã ããŒã:芪ãããã·æ¥ç¶ã®ããã©ã«ãããŒã㯠8080 ã§ãã芪ãããã·ã§å¥ã®ããŒãã䜿çšãã å Žåãããã§å€æŽã§ããŸãã ãããã·èªèšŒãå¿ èŠ:芪ãããã·ãèªèšŒãå¿ èŠãšããå Žåã¯ããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ã å ¥ãã衚瀺ãããããã¹ãããã¯ã¹ã«ãŠãŒã¶åãšãã¹ã¯ãŒããå ¥åããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ãã芪ãããã·ãã芪ãããã· ããªã¹ãã«è¡šç€ºãããŸãã UTM 9 管çã¬ã€ã 285 9.3 ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã« 9 Web ãããã¯ã·ã§ã³ ããã§ããã®ãããã·ããã£ã«ã¿ã¢ã¯ã·ã§ã³ã§äœ¿çšããããšããã°ããŒãã«ã«äœ¿çšããããšãã§ããŸãã 芪ãããã·ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 9.3 ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã« UTMã®ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã«æ©èœã䜿çšãããšããã©ãã£ãã¯ã®çš®é¡ã«åºã¥ããŠãããã¯ãŒã¯ ãã©ãã£ãã¯ãã·ã§ãŒãã³ã°ããã³ãããã¯ããããšãã§ããŸããUTMã® Web ãã£ã«ã¿ãªã³ã°æ©èœ (ãWeb ãã£ã«ã¿ãªã³ã°ãã®ç« ãåç §) ãšéããã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã«åé¡ãšã³ãžã³ã䜿çšãããšãããã ã¯ãŒã¯ãã©ãã£ãã¯ãããããã³ã«ã URL åäœã§ã¯ãªãããããã现ããåºæºã§èå¥ããããšãã§ã㟠ããããã¯ãWeb ãã©ãã£ãã¯ã«é¢ããŠç¹ã«äŸ¿å©ã§ããWeb ãµã€ããžã®ãã©ãã£ãã¯ã¯ãéåžžããŒã80 㧠HTTP ãããã³ã«ã䜿çšããããããŒã443 㧠HTTPS ãããã³ã«ã䜿çšããŠããŸããç¹å®ã® Web ãµ ã€ã (facebook.com ãªã©) ãžã®ãã©ãã£ãã¯ããããã¯ãããå ŽåãWeb ãµã€ãã® URL (Web ãã£ã«ã¿ãªã³ ã°) ã«åºã¥ããŠãããã¯ããããšãã§ããŸãããããã¯ããããã¯ãŒã¯ãã©ãã£ãã¯åé¡ãå©çšããŠãã ãããURLããç¬ç«ã㊠facebook ãã©ãã£ãã¯ããããã¯ããããšãã§ããŸãã UTMã®åé¡ãšã³ãžã³ã¯ããããã¯ãŒã¯ãã©ãã£ãã¯ã®åé¡ã«ã¬ã€ã€ 7 ãã±ããæ€æ»ã䜿çšããŸãã ã¢ããªã±ãŒã·ã§å¶åŸ¡ã¯ 2ã€ã®æ¹æ³ã§äœ¿çšã§ããŸããæåã®ã¹ãããã§ã¯ãããããã¯ãŒã¯å¯èŠå ã ããŒãžã§ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã«å šè¬ãæå¹ã«ããå¿ èŠããããŸããããã«ãããã¢ããªã±ãŒ ã·ã§ã³ãäžå®ã®ç¯å²ã§ãå¯èŠåããããŸããããããã®ãŸãŸ (ãŸãã¯ãç¹å®ã®æéã ã) æ®ãããŠãŒã¶ ã«äœ¿çšãããŠããã¢ããªã±ãŒã·ã§ã³ (ãããŒã¢ãã¿ããã®ã³ã°ãã¬ããŒãã£ã³ã°ãªã©) ã確èªããããšã ã§ããŸãã2 çªç®ã®ã¹ãããã§ã¯ãç¹å®ã®ã¢ããªã±ãŒã·ã§ã³ããããã¯ããä»ã®ã¢ããªã±ãŒã·ã§ã³ã¯èš± å¯ããããšãã§ããŸããããã«ã¯ããã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã«ã«ãŒã« ãããŒãžã§äœæããã«ãŒã« ã䜿çšããŸããããã«ããã©ãã£ãã¯ã·ã§ãŒãã³ã°ã䜿çšããŠãå®çŸ©ããã¢ããªã±ãŒã·ã§ã³ã®ãã©ãã£ã㯠ã«ç¹æš©ãäžããããšãã§ããŸãããã®èšå®ã¯ãSophosã® QoS æ©èœã§è¡ããŸãã 9.3.1 ãããã¯ãŒã¯å¯èŠå ãWeb ãããã¯ã·ã§ã³ > ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã« > ãããã¯ãŒã¯å¯èŠå ãããŒãžã§ã¯ãã¢ããªã±ãŒ ã·ã§ã³ã³ã³ãããŒã«ãæå¹ãŸãã¯ç¡å¹ã«ããããšãã§ããŸãã ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã«ãæå¹ã«ãããšããã¹ãŠã®ãããã¯ãŒã¯ãã©ãã£ãã¯ãããã®åé¡ã«å¿ã ãŠåé¡ã»ãã°ãããŸããçŸåšã®ãããã¯ãŒã¯ãã©ãã£ãã¯ã¯ããããŒã¢ãã¿ã«ãã¿ã€ãã«é¢ãã詳现ãªæ å ±ãšå ±ã«è¡šç€ºãããŸã (ããããŒã¢ãã¿ãã®ç« ãåç §)ãããšãã°ãHTTPãã©ãã£ãã¯ã«é¢ããæ å ±ã¯ã ããããšã®ã¢ããªã±ãŒã·ã§ã³ (ãtwitterãããfacebookããªã©) ãŸã§ããªã«ããŠã³ãããŸãããããŒã¢ãã¿ã éãã«ã¯ãããããŒã¢ãã¿ãã»ã¯ã·ã§ã³ã§è©²åœã®ã€ã³ã¿ãã§ãŒã¹ãéžæããããããŒã¢ãã¿ãéãããã¿ã³ ãã¯ãªãã¯ããŸãã 286 UTM 9 管çã¬ã€ã 9 Web ãããã¯ã·ã§ã³ 9.3 ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã« ãã°ãšã¬ããŒãã§ã¯ããããã¯ãŒã¯ãã©ãã£ãã¯ãšãã®åé¡ã«é¢ããå¹ åºãæ å ±ãšããããã®ã¢ã㪠ã±ãŒã·ã§ã³ã䜿çšããã¯ã©ã€ã¢ã³ããšãµãŒãã®æ å ±ã衚瀺ãããŸãããã°ãšã¬ããŒãã«ã€ããŠè©³ãã ã¯ãããã°ãšã¬ããŒããã®ç« ã§ãããã°ãã¡ã€ã«ã®é²èŠ§ ãã»ã¯ã·ã§ã³ãåç §ããã (ãã°)ãããããã¯ãŒã¯ 䜿çšç > 垯å䜿çšç¶æ³ ãã»ã¯ã·ã§ã³ããã³ãWeb ãããã¯ã·ã§ã³ > ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã« ãã»ã¯ ã·ã§ã³ãåç §ããŠãã ãã (ã¬ããŒã)ã 9.3.2 ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã«ã«ãŒã« ãWeb ãããã¯ã·ã§ã³ > ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã« > ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã«ã«ãŒã« ãããŒãžã§ ã¯ããããã¯ãŒã¯ã«å¯ŸããŠãã©ãã£ãã¯ããããã¯ãããããŸãã¯æ瀺çã«èš±å¯ããã¢ããªã±ãŒã·ã§ã³ã å®çŸ©ãããããã¯ãŒã¯ãã©ãã£ãã¯åé¡ã«åºã¥ããŠãã«ãŒã«ãäœæããããšãã§ããŸãã ããã©ã«ãã§ã¯ãã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã«ãæå¹ã«ãããšãã¹ãŠã®ãããã¯ãŒã¯ãã©ãã£ãã¯ãèš± å¯ãããŸãã ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã«ã«ãŒã«ã®äœæã¯ããã®ããŒãžã§ããããŒã¢ãã¿ã§ãå¯èœã§ãããã㌠ã¢ãã¿ã®æ¹ã䜿ããããã§ãããã«ãŒã«ãäœæã§ããã®ã¯ããããã¯ãŒã¯ã§çŸåšã¢ãã¿ãªã³ã°ãã ãŠãããã©ãã£ãã¯ã«å¯ŸããŠã®ã¿ã§ãã ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã«ã«ãŒã«ãäœæããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ãã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã«ã«ãŒã« ãã¿ãã§ããæ°èŠã«ãŒã« ããã¯ãªãã¯ããŸãã ãæ°èŠã«ãŒã«äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå (ãªãã·ã§ã³):ã«ãŒã«ã®ååãå ¥åããŸãããã£ãŒã«ãã空ã®ãŸãŸã«ãããšãã·ã¹ãã ã ã«ãŒã«ã®ååãçæããŸãã ã°ã«ãŒã:ãã°ã«ãŒãããªãã·ã§ã³ã¯ãè€æ°ã®ã«ãŒã«ãè«ççã«ã°ã«ãŒãåããã®ã«äŸ¿å©ã§ ãããªã¹ãã®äžéšã®ããããããŠã³ãªã¹ãã䜿çšããŠãã°ã«ãŒãããšã«ã«ãŒã«ããã£ã«ã¿ãªã³ã° 衚瀺ã§ããŸããã°ã«ãŒãåã¯è¡šç€ºçšã®ã¿ã§ãã«ãŒã«ã®äžèŽã«ã¯é¢ä¿ãããŸãããæ°ããã° ã«ãŒããäœæããã«ã¯ãã<< æ°èŠã°ã«ãŒã >>ããšã³ããªãéžæããã°ã«ãŒãã説æããååã ãåå ãã«å ¥åããŸãã åªå é äœ:åªå é äœçªå·ãããã«ãã£ãŠã«ãŒã«ã®åªå é äœãå®çŸ©ãããŸããçªå·ãå°ãã ã»ã©åªå é äœãé«ããªããŸããã«ãŒã«ã¯æé ã«ç §åãããŸããããã«ãŒã«ãäžèŽãããšãã ã以éããããã倧ããçªå·ã®ã«ãŒã«ã¯è©äŸ¡ãããŸããã ã¢ã¯ã·ã§ã³:ãã©ãã£ãã¯ããããã¯ãããèš±å¯ããããéžæããŸãã å¶åŸ¡åºæº:ã¢ããªã±ãŒã·ã§ã³ã¿ã€ãã«åºã¥ããŠãã©ãã£ãã¯ãã³ã³ãããŒã«ããããã«ããŽãªã«åº ã¥ããã€ãããã¯ãã£ã«ã¿ã«ãã£ãŠã³ã³ãããŒã«ããããéžæããŸãã UTM 9 管çã¬ã€ã 287 9.3 ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã« 9 Web ãããã¯ã·ã§ã³ l ã¢ããªã±ãŒã·ã§ã³:ãã©ãã£ãã¯ã¯ãã¢ããªã±ãŒã·ã§ã³ã«åºã¥ããŠã³ã³ãããŒã«ãããŸãã ãå¶åŸ¡ããã¢ããªã±ãŒã·ã§ã³ãããã¯ã¹ã§ã¢ããªã±ãŒã·ã§ã³ã1ã€ä»¥äžéžæããŸãã l ãã€ãããã¯ãã£ã«ã¿:ãã©ãã£ãã¯ã¯ãã«ããŽãªã«åºã¥ããŠã³ã³ãããŒã«ãããŸãããå¶åŸ¡ ããã«ããŽãªãããã¯ã¹ã§åé¡ã1ã€ä»¥äžéžæããŸãã 管ç察象ã¢ããªã±ãŒã·ã§ã³/ã«ããŽãª:ããã©ã«ããã¢ã€ã³ã³ãã¯ãªãã¯ããŠãã¢ããªã±ãŒã·ã§ã³/ã« ããŽãªãéžæããŸãããã€ã¢ãã°ãŠã£ã³ããŠãéããŸããããã«ã€ããŠã¯ã次ã®ã»ã¯ã·ã§ã³ã§è©³ ãã説æããŸãã 泚 â äžéšã®ã¢ããªã±ãŒã·ã§ã³ã¯ãããã¯ããããšãã§ããŸãããããã¯ãSophos UTMã®é©å ãªãªãã¬ãŒã·ã§ã³ã®ããã«å¿ èŠã§ãããã®ãããªã¢ããªã±ãŒã·ã§ã³ã¯ããã¢ããªã±ãŒã·ã§ã³éž æ ããã€ã¢ãã°ãŠã£ã³ããŠã®ã¢ããªã±ãŒã·ã§ã³ããŒãã«ã§ãã§ãã¯ããã¯ã¹ããªãã«ãªã£ãŠã ãŸããããšãã°ãWebAdminãTeredoãSixXs (IPv6 ãã©ãã£ãã¯çš)ãPortal (ãŠãŒã¶ããŒã¿ã«ã® ãã©ãã£ãã¯çš) ãªã©ã該åœããŸãããã€ãããã¯ãã£ã«ã¿ã䜿çšãããšããããã®ã¢ããªã±ãŒ ã·ã§ã³ã®ãããã¯ãèªåçã«å¶éãããŸãã çç£æ§ (ãã€ãããã¯ãã£ã«ã¿ã®ã¿):éžæããçç£æ§ã¹ã³ã¢ãåæ ãããŸãã ãªã¹ã¯ (ãã€ãããã¯ãã£ã«ã¿ã®ã¿):éžæãããªã¹ã¯ã¹ã³ã¢ãåæ ãããŸãã 察象ãããã¯ãŒã¯:ãã®ã«ãŒã«ã«ãã£ãŠãããã¯ãŒã¯ãã©ãã£ãã¯ãå¶åŸ¡ãããããã¯ãŒã¯ãŸã㯠ãã¹ããéžæãããããã®ããã¯ã¹ã«è¿œå ããŸããããã¯ãéä¿¡å ãã¹ã/ãããã¯ãŒã¯ã«ã®ã¿ é©çšãããŸãã ãã°:ãã®ãªãã·ã§ã³ã¯ããã©ã«ãã§ãªã³ã«ãªã£ãŠãããã«ãŒã«ãšäžèŽãããã©ãã£ãã¯ã®ãã®ã³ ã°ãæå¹ã«ãªããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããã«ãŒã«ããã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã«ã«ãŒã« ããªã¹ãã«è¡šç€ºãããŸãã ãã¢ããªã±ãŒã·ã§ã³ ãŸãã¯ã«ããŽãªã®éžæã ãã€ã¢ã 㰠㊠ã£ã³ ã㊠ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã«ã«ãŒã«ãäœæããéã¯ãã管çããã¢ããªã±ãŒã·ã§ã³ (ã«ããŽãª) ã 1〠以äžéžæããŠãã ããããšãããã€ã¢ãã°ãŠã£ã³ããŠããã¢ããªã±ãŒã·ã§ã³ãŸãã¯ã¢ããªã±ãŒã·ã§ã³ã«ã ãŽãªãéžæããå¿ èŠããããŸãã ãã€ã¢ãã°ãŠã£ã³ããŠã®äžéšã«è¡šç€ºãããããŒãã«ã«ã¯ãéžæå¯èœãªã¢ããªã±ãŒã·ã§ã³ãŸãã¯å®çŸ© ããã«ããŽãªã«å±ããã¢ããªã±ãŒã·ã§ã³ã衚瀺ãããŸããããã©ã«ãã§ã¯ããã¹ãŠã®ã¢ããªã±ãŒã·ã§ã³ ã衚瀺ãããŸãã 288 UTM 9 管çã¬ã€ã 9 Web ãããã¯ã·ã§ã³ 9.3 ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã« ãã€ã¢ãã°ãŠã£ã³ããŠã®äžéšã«ã¯ãããŒãã«ã«è¡šç€ºãããã¢ããªã±ãŒã·ã§ã³æ°ãå¶éããããã® 3〠ã®èšå®ãªãã·ã§ã³ããããŸãã l ã«ããŽãª:ã¢ããªã±ãŒã·ã§ã³ã¯ã«ããŽãªå¥ã«ã°ã«ãŒãåãããŠããŸãããã®ãªã¹ãã«ã¯ãå©çšå¯ èœãªãã¹ãŠã®ã«ããŽãªã衚瀺ãããŸããããã©ã«ãã§ã¯ããã¹ãŠã®ã«ããŽãªãéžæãããŠã ãŸããã€ãŸããäžéšã«è¡šç€ºãããããŒãã«ã«ã¯ãå©çšå¯èœãªãã¹ãŠã®ã¢ããªã±ãŒã·ã§ã³ãè¡š 瀺ãããŸãã衚瀺ãããã¢ããªã±ãŒã·ã§ã³ãç¹å®ã®ã«ããŽãªã«çµã蟌ãã«ã¯ãã¯ãªãã¯ããŠã«ã ãŽãªãªã¹ããéãã1ã€ä»¥äžã®ã«ããŽãªãéžæããŸãã l çç£æ§:ã¢ããªã±ãŒã·ã§ã³ã¯ãçç£æ§ãžã®åœ±é¿( ã€ãŸãçç£æ§ã«ãã®ã¢ããªã±ãŒã·ã§ã³ãäžã ã圱é¿ã®åºŠåã) ã«ãã£ãŠãåé¡ãããŠããŸããäŸ:äžè¬çãªããžãã¹ãœãããŠã§ã¢ã® Salesforce ã®ã¹ã³ã¢ã¯ 5ã§ããã€ãŸããããã䜿çšããããšã§çç£æ§ãåäžããŸããäžæ¹ã㪠ã³ã©ã€ã³ã²ãŒã ã® Farmville ã®ã¹ã³ã¢ã¯ 1 ã§ãããã䜿çšãããšçç£æ§ãäœäžããŸããããã ã¯ãŒã¯ãµãŒãã¹ DNS ã®ã¹ã³ã¢ã¯ 3 ã§ãçç£æ§ãžã®åœ±é¿ã¯äžç«çã§ãã l ãªã¹ã¯:ã¢ããªã±ãŒã·ã§ã³ã¯ã䜿çšæã®ãªã¹ã¯ (ãã«ãŠã§ã¢ããŠã€ã«ã¹ææãæ»æ) ã«ãã£ãŠãå é¡ãããŠããŸããæ°å€ãé«ãã»ã©ããªã¹ã¯ãé«ããªããŸãã ãã³ã â ããããã®ã¢ããªã±ãŒã·ã§ã³ã«ã¯æ å ±ã¢ã€ã³ã³ããããã¯ãªãã¯ãããšåã¢ããªã±ãŒã·ã§ã³ ã®èª¬æã衚瀺ãããŸããããŒãã«ãããã®ãã£ã«ã¿ãã£ãŒã«ãã䜿çšããŠãããŒãã«å ãæ€çŽ¢ãã ããšãã§ããŸãã 次ã«ããæ°èŠã«ãŒã«äœæ ããã€ã¢ãã°ããã¯ã¹ã§éžæããã³ã³ãããŒã«ã®ã¿ã€ãã«å¿ããŠã以äžãè¡ã ãŸãã l ãã€ãããã¯ãã£ã«ã¿ã§ç®¡çããå Žå:ãé©çš ããã¯ãªãã¯ããŠãéžæããã¢ããªã±ãŒã·ã§ã³ãã«ãŒ ã«ã«é©çšããŸãã l ã¢ããªã±ãŒã·ã§ã³ã§ç®¡çããå Žå:ããŒãã«ã§ãã¢ããªã±ãŒã·ã§ã³ã®åã«ãããã§ãã¯ããã¯ã¹ ãã¯ãªãã¯ãã管ç察象ã®ã¢ããªã±ãŒã·ã§ã³ãéžæããŸãããé©çš ããã¯ãªãã¯ããŠãéžæãã㢠ããªã±ãŒã·ã§ã³ãã«ãŒã«ã«é©çšããŸãã ãé©çš ããã¯ãªãã¯ãããšãã€ã¢ãã°ãŠã£ã³ããŠãéããã¢ããªã±ãŒã·ã§ã³ã«ãŒã«ã®èšå®ã®ç·šéãç¶ã ãããšãã§ããŸãã 9.3.3 詳现 ãWeb ãããã¯ã·ã§ã³ > ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã« > 詳现 ãããŒãžã§ã¯ãã¢ããªã±ãŒã·ã§ã³ã³ã³ãã㌠ã«ã®è©³çŽ°ãªãã·ã§ã³ãèšå®ã§ããŸãã UTM 9 管çã¬ã€ã 289 9.4 FTP 9 Web ãããã¯ã·ã§ã³ Sop h os U TM Ap p Ac cu r ac y ãã ã° ã©ã Sophos UTM AppAccuracy ããã°ã©ã ã«åå ãããšããããã¯ãŒã¯ã®å¯èŠæ§ãšã¢ããªã±ãŒã·ã§ã³ã³ã³ã ããŒã«ã®èªèãšåé¡ã®åäžã«è²¢ç®ããã ããŸãããã®ã·ã¹ãã ã¯ãå¿åã®ã¢ããªã±ãŒã·ã§ã³ãã£ã³ ã¬ãŒããªã³ããšãã圢ã§ããŒã¿ãåéããSophosã®ãªãµãŒãããŒã ãžéä¿¡ããŸããããã§ã¯ãæçŽã 䜿çšããŠãæªåé¡ã®ã¢ããªã±ãŒã·ã§ã³ãèå¥ãããããã¯ãŒã¯å¯èŠåããã³ã¢ããªã±ãŒã·ã§ã³ã³ã³ã ããŒã«ã©ã€ãã©ãªãæ¹è¯ããã³æ¡åŒµããŸãã ã¢ããªã±ãŒã·ã§ã³ ã³ ã³ ã ã ãŒã«ã¹ããããªã¹ã ãã®ããã¯ã¹ã«ãªã¹ããããŠãããã¹ããšãããã¯ãŒã¯ã¯ãã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã«ã®ç£èŠå¯Ÿè±¡ãš ã¯ãªããªããããã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã«ã§ç®¡çããããšãããµãŒãã¹å質ã®ã¢ããªã±ãŒã·ã§ã³ ã»ã¬ã¯ã¿ã§ç®¡çããããšãã§ããŸãããããã¯ãéä¿¡å ããã³å®å ãã¹ã/ãããã¯ãŒã¯ã®äž¡æ¹ã«é© çšãããŸãã 9.4 FTP ãWeb ãããã¯ã·ã§ã³ > FTP ãã¿ãã§ã¯ãFTP ãããã·ãèšå®ã§ããŸããFTP (File Transfer Protocol) ã¯ãã€ã³ã¿ãŒãããäžã§ã®ãã¡ã€ã«ã®ããåãã«å¹ åºã䜿çšãããŠãããããã³ã«ã§ããSophos UTM ã¯ããããã¯ãŒã¯ãééãããã¹ãŠã® FTP ãã©ãã£ãã¯ã®ä»²ä»åœ¹ãšãªããããã·ãµãŒãã¹ãæäŸã㟠ããFTP ãããã·ã«ã¯ãFTP ãã©ãã£ãã¯ã®ãŠã€ã«ã¹ã¹ãã£ã³ããFTP ãããã³ã«çµç±ã§è»¢éããã ç¹å®ã®ãã¡ã€ã«ã¿ã€ãã®ãããã¯ãšãã£ã䟿å©ãªæ©èœãçšæãããŠããŸãã FTP ãããã·ã¯ééçã«æ©èœã§ããŸããã€ãŸãããããã¯ãŒã¯å ã®ãã¹ãŠã® FTP ã¯ã©ã€ã¢ã³ãã¯ã æçµå®å ã§ã¯ãªããããã·ãžã®æ¥ç¶ã確ç«ããŸããç¶ããŠãã¯ã©ã€ã¢ã³ãããèŠããªãç¶æ ã§ãã ãã·ãèŠæ±ã«ä»£ãã£ãŠæ°ãããããã¯ãŒã¯æ¥ç¶ãéå§ããŸãããã®ã¢ãŒãã®ã¡ãªããã¯ããã®ä»ã®ç®¡ çãã¯ã©ã€ã¢ã³ãåŽã®èšå®ãå¿ èŠãªããšããããšã§ãã 9.4.1 ã°ããŒãã« ãWeb ãããã¯ã·ã§ã³ > FTP > ã°ããŒãã« ãã¿ãã§ã¯ãFTP ãããã·ã®åºæ¬èšå®ãæ§æã§ããŸãã FTP ãããã·ãèšå®ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ãã°ããŒãã« ãã¿ãã§ãFTP ãããã·ãæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«ãªãããFTP èšå® ããšãªã¢ãç·šéå¯èœã«ãªããŸãã 290 UTM 9 管çã¬ã€ã 9 Web ãããã¯ã·ã§ã³ 9.4 FTP 2. èš±å¯ãããããã¯ãŒã¯ãéžæããŸãã FTP ãããã·ã®äœ¿çšãèš±å¯ãããããã¯ãŒã¯ãéžæããŸãã 3. ãªãã¬ãŒã·ã§ã³ã¢ãŒããéžæããŸãã FTP ãããã·ã®ãªãã¬ãŒã·ã§ã³ã¢ãŒããéžæããŸãã次ã®ã¢ãŒãã䜿çšã§ããŸãã l éé:ãããã·ã¯ãã¯ã©ã€ã¢ã³ãã®èŠæ±ãã¿ãŒã²ãããµãŒãã«è»¢éããã³ã³ãã³ããã¹ ãã£ã³ããŸããã¯ã©ã€ã¢ã³ãåŽã§ã®èšå®ã¯äžèŠã§ãã l ééé:ãã®ã¢ãŒãã䜿çšããå ŽåãFTP ã¯ã©ã€ã¢ã³ããèšå®ããå¿ èŠããããŸãã ã²ãŒããŠã§ã€ã® IP ã¢ãã¬ã¹ãšããŒã 2121 ã䜿çšããŸãã l äž¡æ¹:ãã®ã¢ãŒãã䜿çšãããšãäžéšã®ã¯ã©ã€ã¢ã³ãã«ã¯ééã¢ãŒãããä»ã®ã¯ã©ã€ã¢ã³ ãã«ã¯éééã¢ãŒãã䜿çšããããšãã§ããŸããéééã¢ãŒãã§æ©èœãããFTPã¯ã© ã€ã¢ã³ãããã²ãŒããŠã§ã€ã® IP ã¢ãã¬ã¹ãšããŒã 2121 ã§ãããã·ã䜿çšããããã«èšå® ããŸãã 4. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã 泚 â FTP ãããã·ã¯ãActive Directory èªèšŒã䜿çšãã FTP ãµãŒããšã¯éä¿¡ã§ããŸãããFTP 㯠ã©ã€ã¢ã³ãããã®ãã㪠FTP ãµãŒãã«æ¥ç¶ã§ããããã«ããã«ã¯ããã®ãµãŒããFTP ãããã·ã®ã¹ ããããªã¹ãã«è¿œå ããŸããã¹ããããªã¹ãã®èšå®ã¯ã ã詳现 ã ã¿ãã§è¡ããŸãã 9.4.2 ãŠã€ã«ã¹å¯Ÿç ãWeb ãããã¯ã·ã§ã³ > FTP > ãŠã€ã«ã¹å¯Ÿç ãã¿ãã«ã¯ããŠã€ã«ã¹ãã¯ãŒã ããã®ä»ã®ãã«ãŠã§ã¢ãªã© ã®æ害ã§å±éºãªã³ã³ãã³ããäŒéãã FTP ãã©ãã£ãã¯ã«å¯ŸããŠè¬ããããšãã§ãããããã察çã å«ãŸããŠããŸãã ã¢ã³ããŠã€ã«ã¹ã¹ãã£ã³ã䜿çš:ãã®ãªãã·ã§ã³ãéžæãããšãFTP åä¿¡ãã©ãã£ãã¯å šäœãã¹ãã£ã³ ãããŸããSophos UTMã¯ãæé«ã®ã»ãã¥ãªãã£ãå®çŸããããŸããŸãªã¢ã³ããŠã€ã«ã¹ãšã³ãžã³ãåã ãŠããŸãã l ã·ã³ã°ã«ã¹ãã£ã³:ããã©ã«ãèšå®ããã¹ãã£ã³èšå® ãã¿ãã«å®çŸ©ããããšã³ãžã³ã䜿çšããŠæ é«ã¬ãã«ã®ããã©ãŒãã³ã¹ãå®çŸããŸãã l ãã¥ã¢ã«ã¹ãã£ã³:åãã©ãã£ãã¯ã«å¯Ÿããç°ãªããŠã€ã«ã¹ã¹ãã£ãã䜿çšããŠã¹ãã£ã³ã 2å è¡ãããšã«ãããæ€åºçãæ倧éã«é«ããŸããããŒã·ãã¯ã¬ãŒããµãã¹ã¯ãªãã·ã§ã³ã§ã¯ã㥠ã¢ã«ã¹ãã£ã³ã¯å©çšã§ããŸããã æ倧ã¹ãã£ã³ãµã€ãº:ã¢ã³ããŠã€ã«ã¹ãšã³ãžã³ã§ã¹ãã£ã³ããæ倧ãã¡ã€ã«ãµã€ãºãæå®ããŸããã ã®ãµã€ãºãè¶ ãããã¡ã€ã«ã¯ã¹ãã£ã³å¯Ÿè±¡å€ãšãªããŸãã UTM 9 管çã¬ã€ã 291 9.4 FTP 9 Web ãããã¯ã·ã§ã³ èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã 泚 â ZIP ãã¡ã€ã«ãªã©ãã¢ãŒã«ã€ãããããã¡ã€ã«ãæªæããã³ã³ãã³ãã«ã€ããŠã¹ãã£ã³ããããš ã¯ã§ããããŠã€ã«ã¹ã¹ãã£ããééããŸããã¢ãŒã«ã€ãããããã¡ã€ã«ã«å«ãŸãããã«ãŠã§ã¢ãã ãããã¯ãŒã¯ãä¿è·ããã«ã¯ã該åœãããã¡ã€ã«æ¡åŒµåããããã¯ããããšãèæ ®ããŠãã ããã ãã¡ã€ã«æ¡åŒµåãã£ã«ã¿ ãã®æ©èœã§ã¯ããã¡ã€ã«ã®æ¡åŒµå (å®è¡å¯èœãã€ããªãªã©) ã«åºã¥ããŠãããããã¯å¯Ÿè±¡ãã¡ã€ã«æ¡ 匵å ãããã¯ã¹ã«ãã¡ã€ã«æ¡åŒµåããªã¹ããããŠããã¿ã€ãã®ãã¡ã€ã«ãäŒéãã FTP 転éã Web ã ã©ãã£ãã¯ãããã£ã«ã¿ããŸãããã¡ã€ã«æ¡åŒµåãè¿œå ãããããããã¯å¯Ÿè±¡ããå€ããã¡ã€ã«æ¡åŒµå ãåé€ãããããããšãã§ããŸãããã¡ã€ã«æ¡åŒµåãè¿œå ããã«ã¯ãããããã¯å¯Ÿè±¡ãã¡ã€ã«æ¡åŒµå ã ããã¯ã¹ã®ãã©ã¹ã¢ã€ã³ã³ãã¯ãªãã¯ãããããã¯ããæ¡åŒµå (exe ãªã©) ãå ¥åããŸããåºåãèšå·ã® ãããã¯äžèŠã§ããèšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã 9.4.3 é€å€ ãFTP > é€å€ ãã¿ãã§ã¯ãFTP ãããã·ã®æäŸããéžæå¯èœãªã»ãã¥ãªãã£ãªãã·ã§ã³ããé€å€ãã ãã¯ã€ããªã¹ãã®ãã¹ã/ãããã¯ãŒã¯ãå®çŸ©ããããšãã§ããŸãã é€å€ã«ãŒã«ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãé€å€ ãã¿ãã§ããæ°èŠé€å€ãªã¹ãããã¯ãªãã¯ããŸãã ãé€å€ãªã¹ããäœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã®é€å€ã«ãŒã«ã説æããååãå ¥åããŠãã ããã å®è¡ããªããã§ãã¯:ã¹ãããããã»ãã¥ãªãã£ãã§ãã¯ãéžæããŸãã 292 l ã¢ã³ããŠã€ã«ã¹:éžæãããšããŠã€ã«ã¹ãããã€ã®æšéŠ¬ãªã©ã®å¥œãŸãããªãã³ã³ãã³ãã ãã©ãã£ãã¯ã«å«ãŸããŠããªãããã§ãã¯ãããŠã€ã«ã¹ã¹ãã£ã³ãç¡å¹ã«ãªããŸãã l æ¡åŒµåãããã¯:éžæãããšããã¡ã€ã«æ¡åŒµåãã£ã«ã¿ãç¡å¹ã«ãªããŸãããã®ãã£ã«ã¿ ã¯ããã¡ã€ã«æ¡åŒµåã«åºã¥ããŠãã¡ã€ã«è»¢éããããã¯ããããã«äœ¿çšããŸãã l èš±å¯ãµãŒã:éžæãããšãã詳现 ãã¿ãã§èšå®ããèš±å¯ãµãŒãã®ãã§ãã¯ãç¡å¹ã«ãªã ãŸãããã®ãªãã·ã§ã³ãéžæãããšãæå®ããã¯ã©ã€ã¢ã³ããã¹ã/ãããã¯ãŒã¯ã¯ãã¹ãŠ ã® FTP ãµãŒãã«ã¢ã¯ã»ã¹ã§ããããã«ãªããŸãããŸããæå®ãããµãŒããã¹ã/ããã ã¯ãŒã¯ã¯ãã¹ãŠã®ã¯ã©ã€ã¢ã³ãã«ã¢ã¯ã»ã¹ã§ããããã«ãªããŸãã UTM 9 管çã¬ã€ã 9 Web ãããã¯ã·ã§ã³ 9.4 FTP ã¯ã©ã€ã¢ã³ããã¹ã/ãããã¯ãŒã¯ã§é€å€:ãã®ãªãã·ã§ã³ãéžæãããšããã¯ã©ã€ã¢ã³ããã¹ã/ ãããã¯ãŒã¯ ãããã¯ã¹ãéããŸãããã®é€å€ã«ãŒã«ã®ã»ãã¥ãªãã£ãã§ãã¯ããé€å€ããã¯ã© ã€ã¢ã³ããã¹ã/ãããã¯ãŒã¯ãéžæããŸãã ãµãŒããã¹ã/ãããã¯ãŒã¯ã§é€å€:ãã®ãªãã·ã§ã³ãéžæãããšãããµãŒããã¹ã/ããã ã¯ãŒã¯ ãããã¯ã¹ãéããŸãããã®é€å€ã«ãŒã«ã®ã»ãã¥ãªãã£ãã§ãã¯ããé€å€ãããµãŒãã ã¹ã/ãããã¯ãŒã¯ãéžæããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããé€å€ããé€å€ ããªã¹ãã«è¡šç€ºãããŸãã é€å€ã«ãŒã«ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 9.4.4 詳现 ãFTP > 詳现 ãã¿ãã§ã¯ãFTP ãããã·ã®ééã¢ãŒããã¹ãããã§ãããã¹ããšãããã¯ãŒã¯ãæå®ã§ã ãŸããããã«ãã¢ã¯ã»ã¹ãèš±å¯ãã FTP ãµãŒããå®çŸ©ã§ããŸãã FTP ãã ãã·ã¹ããããªã¹ã ããã«ãªã¹ãããããã¹ããšãããã¯ãŒã¯ (FTP ã¯ã©ã€ã¢ã³ãããã³ FTP ãµãŒã) ã¯ãFTP ãã©ãã£ãã¯ã® ééçãªã€ã³ã¿ãŒã»ãã·ã§ã³ããé€å€ãããŸãããã ãããããã®ãã¹ãããã³ãããã¯ãŒã¯ã§ FTP ã ã©ãã£ãã¯ãèš±å¯ããã«ã¯ãããªã¹ãå ã®ãã¹ã/ãããã¯ãŒã¯ã® FTP ãã©ãã£ãã¯ãèš±å¯ ããã§ã㯠ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŸãããã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããªãå Žåã¯ãããã§ãªã¹ããã ãŠãããã¹ããšãããã¯ãŒã¯ã«ç¹å®ã®ãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ãå®çŸ©ããå¿ èŠããããŸãã 泚 â FTP ãããã·ã¯ãActive Directory èªèšŒã䜿çšãã FTP ãµãŒããšã¯éä¿¡ã§ããŸãããFTP 㯠ã©ã€ã¢ã³ãããã®ãã㪠FTP ãµãŒãã«æ¥ç¶ã§ããããã«ããã«ã¯ããã®ãµãŒãã FTP ãããã·ã® ã¹ããããªã¹ãã«è¿œå ããŸãã FTP ãµãŒã ãã¹ã/ãããã¯ãŒã¯ããã®ã¢ã¯ã»ã¹ãèš±å¯ãã FTP ãµãŒããŸãã¯ãããã¯ãŒã¯ãéžæãŸãã¯è¿œå ã ãŸããäžéšã® FTP ã¯ã©ã€ã¢ã³ãã FTP ãµãŒãããã®ãªã¹ãããã€ãã¹ããããã«ããé€å€ ãã¿ãã§é€ å€ã«ãŒã«ãäœæã§ããŸãã UTM 9 管çã¬ã€ã 293 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ ãã®ç« ã§ã¯ãSophos UTMã®åºæ¬çãªã¡ãŒã«ãããã¯ã·ã§ã³æ©èœãèšå®ããæ¹æ³ã説æã㟠ããWebAdmin ã®ãEã¡ãŒã«ãããã¯ã·ã§ã³çµ±èš ãããŒãžã«ã¯ãã¡ãŒã«éä¿¡è ãã¡ãŒã«åä¿¡è ãã¹ãã éä¿¡å (åœå¥)ãæ€ç¥æ°ã«ãããã«ãŠã§ã¢ã®ãã®æ¥ã®äžäœ 10件ãŸã§ã«å ããåææ¥ç¶ã®æŠèŠãè¡š 瀺ãããŸããåã»ã¯ã·ã§ã³ã«ã¯ã詳现 ããªã³ã¯ããããŸãã ãªã³ã¯ãã¯ãªãã¯ãããš WebAdmin ã®è©²åœã ãã¬ããŒãã»ã¯ã·ã§ã³ã衚瀺ããã詳现ãªçµ±èšæ å ±ãåç §ã§ããŸãã ãã®ç« ã§ã¯ã次ã®ãããã¯ã«ã€ããŠèª¬æããŸãã l SMTP l SMTP ãããã¡ã€ã« l POP3 l æå·å l éé¢ã¬ããŒã l ã¡ãŒã«ãããŒãžã£ 10.1 SMTP ãEã¡ãŒã«ãããã¯ã·ã§ã³ > SMTP ãã¡ãã¥ãŒã§ SMTP ãããã·ãèšå®ã§ããŸããSMTP 㯠簡æã¡ãŒã«è»¢ éãããã³ã« (Simple Mail Transfer Protocol) ã®ç¥ã§ãã¡ãŒã«ãã¡ãŒã«ãµãŒãã«è»¢éããããã«äœ¿çš ããããããã³ã«ã§ããSophos UTM㯠SMTP ã®ããã®ã¢ããªã±ãŒã·ã§ã³ã¬ãã«ã®ã²ãŒããŠã§ã€ãè£ å ããŠãããããã䜿çšããŠå éšã¡ãŒã«ãµãŒãããªã¢ãŒãã®æ»æããå®ããããã«åŒ·åãªãŠã€ã«ã¹ã¹ ãã£ã³ããã³ã¡ãŒã«ãã£ã«ã¿ãµãŒãã¹ãæäŸã§ããŸãã 泚 â SMTP ãããã·ãæ£ãã䜿çšããã«ã¯ãæå¹ãªããŒã ãµãŒã (DNS) ãèšå®ããå¿ èŠããã㟠ãã 10.1.1 ã°ããŒãã« ãEã¡ãŒã«ãããã¯ã·ã§ã³ > SMTP > ã°ããŒãã« ãã¿ãã§ãSMTP èšå®ã«å¯ŸããŠãã·ã³ãã«ã¢ãŒã ããäœ¿çš ãããããããã¡ã€ã«ã¢ãŒã ãã䜿çšãããã決å®ã§ããŸãã 1. SMTPãæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã 10.1 SMTP 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ ãã°ã«ã¹ã€ãããç·è²ã«ãªãããèšå®ã¢ãŒã ããšãªã¢ãç·šéå¯èœã«ãªããŸãã 2. èšå®ã¢ãŒããéžæããŸãã ã·ã³ãã«ã¢ãŒã:ãã¹ãŠã®ãã¡ã€ã³ãåãèšå®ãå ±æããŠããå Žåã¯ãã®ã¢ãŒãã䜿çšã㟠ãããã ãããã¡ã€ã³åãã¡ãŒã«ã¢ãã¬ã¹ãããã³ãã¹ãã«åºã¥ããŠé€å€ã«ãŒã«ãå®çŸ©ããããš ãã§ããŸããããã¯ããããã¡ã€ã«ã¢ãŒã ããšç°ãªãæ©èœçãªå¶éã¯ãããŸããã ãããã¡ã€ã«ã¢ãŒã:(ããŒã·ãã¯ã¬ãŒããµãã¹ã¯ãªãã·ã§ã³ã§ã¯ãå©çšã§ããŸããã)ãã®ã¢ãŒã ã§ã¯ãåã ã®ãã¡ã€ã³ãããã¯ãã¡ã€ã³ã°ã«ãŒãã®ã¢ã³ãã¹ãã ãã¢ã³ããŠã€ã«ã¹ãªã©ã®ã° ããŒãã«èšå®ãããSMTPãããã¡ã€ã« ãã¡ãã¥ãŒã§ãããã®ãããã¡ã€ã«ãäœæããããšã§ãäž æžããŸãã¯æ¡åŒµã§ããŸãããSMTP ãã¡ãã¥ãŒã§è¡ã£ãèšå®ã¯ãäŸç¶ãšããŠæå®ã®ãã¡ã€ã³ã« é©çšããããããã¡ã€ã«ã®ããã©ã«ããšãªããŸããããããã¡ã€ã«ã¢ãŒã ãã«ã¯ãUTMã®ãããã¡ ã€ã«ã¢ãŒããåäœã®æšå¥šèšå®ã«ã€ããŠãããã€ãã®æ³šæäºé ããããŸãã 3. ãé©çš ããã¯ãªãã¯ããŸãã éžæããã¢ãŒããæå¹ã«ãªããŸãã 10.1.2 ã«ãŒãã£ã³ã° ãã«ãŒãã£ã³ã°ãã¿ãã§ãSMTP ãããã·ã®ãã¡ã€ã³ãšã«ãŒãã£ã³ã°ã¿ãŒã²ãããèšå®ããåä¿¡è ã®æ€èšŒ æ¹æ³ãå®çŸ©ããŸãã SMTP ãããã·ã®ã«ãŒãã£ã³ã°ãèšå®ããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. å éšãã¡ã€ã³ãå ¥åããŸãã ã¡ãŒã«ã®ãã¡ã€ã³ãå ¥åããã«ã¯ãããã¡ã€ã³ãããã¯ã¹ã®ã+ãã¢ã€ã³ã³ãã¯ãªãã¯ããŸãã 衚瀺ãããããã¹ãããã¯ã¹ã«ãexample.com ã®åœ¢åŒã§ãã¡ã€ã³ãå ¥åãããé©çš ããã¯ãªã㯠ããŸãããã¹ãŠã®ãã¡ã€ã³ããªã¹ãããããŸã§ãã®ã¹ããããç¹°ãè¿ããŸãã ãããã¡ã€ã«ã¢ãŒã :ã°ããŒãã«èšå®ã䜿çšãããã¡ã€ã³ã®ã¿ãå ¥åããŸããä»ã®ãã¹ãŠã®ã ã¡ã€ã³ã¯ãããããã®ãããã¡ã€ã«ã«ãªã¹ãããŸãã 2. å éšãµãŒããæå®ããŸãã ãã«ãŒãæ¯ ãããããããŠã³ãªã¹ãã§ãäžèšã§ãªã¹ããããã¡ã€ã³å®ãŠã®ã¡ãŒã«ã®è»¢éå ãã¹ãã éžæããŸããäžè¬çãªã¿ãŒã²ãããã¹ããšããŠã¯ãããŒã«ã«ãããã¯ãŒã¯äžã® Microsoft Exchange Server ãæããããŸããããŸããŸãªãµãŒãã¿ã€ãããéžæã§ããŸãã l 296 ã¹ã¿ãã£ãã¯ãã¹ããªã¹ã:ããã¹ããªã¹ããããã¯ã¹ã§ãã¿ãŒã²ããã«ãŒãã®ãã¹ãå®çŸ©ãéž æããŸããåºæ¬çãªãã§ã€ã«ãªãŒããŒçšã«è€æ°ã®ãã¹ãå®çŸ©ãéžæã§ããŸããæå ã®ãã¹ããžã®é ä¿¡ã«å€±æãããšãã¡ãŒã«ã¯æ¬¡ã®ãã¹ãã«ã«ãŒãã£ã³ã°ãããŸãããã ãããã¹ãã®ã¹ã¿ãã£ã㯠(éç) ãªé åºã¯ãçŸåšã®ããŒãžã§ã³ã®Sophos UTMã§ã¯æ±ºå® UTM 9 管çã¬ã€ã 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 10.1 SMTP ã§ãããããå¶çºçã«æ±ºå®ãããŸããåºæ¬çãªè² è·åæ£æ©èœãããã«å¹çããéæ ã§ããããã«ãã¹ãã°ã«ãŒããžã®é ä¿¡ãã©ã³ãã åããã«ã¯ããDNS ãã¹ãå ãã«ãŒãã¿ ã€ãã䜿çšããè€æ°ã® A ã¬ã³ãŒããæã€ãã¹ãåãæå®ããŸã (A ã¬ã³ãŒã ãŸã㯠ã¢ã㬠ã¹ã¬ã³ãŒã ã¯ããã¹ãåã IP ã¢ãã¬ã¹ã«ãããããŸã)ã l DNS ãã¹ãå:ã¿ãŒã²ããã«ãŒãã® å®å šä¿®é£Ÿãã¡ã€ã³å (FQDN) ãæå®ããŸã (äŸ: exchange.example.com)ãè€æ°ã® A ã¬ã³ãŒããæ〠DNS åãéžæãããšãåãµãŒ ããžã®ã¡ãŒã«ã¯ã©ã³ãã ã«é ä¿¡ãããŸããããã«ãïŒå°ã®ãµãŒãã«é害ãçºçãã ãšããã®ãµãŒãå®ãŠã®ãã¹ãŠã®ã¡ãŒã«ã¯æ®ãã®ãµãŒãã«èªåçã«ã«ãŒãã£ã³ã°ãã ãŸãã l MX ã¬ã³ãŒã:MX ã¬ã³ãŒãã䜿çšããŠãã䜿ãã®ãã¡ã€ã³ã«ã¡ãŒã«ãã«ãŒãã£ã³ã°ããããš ãã§ããŸãããã®ã«ãŒãã¿ã€ããéžæãããšãSophos UTMã®ã¡ãŒã«è»¢éãšãŒãžã§ã³ã ã¯ãåä¿¡è ã®ãã¡ã€ã³å (ã¡ãŒã«ã¢ãã¬ã¹ã® "@" æåã«ç¶ãéšå) ã® MX ã¬ã³ãŒããèŠ æ±ãã DNS ã¯ãšãªãè¡ããŸããã²ãŒããŠã§ã€ãäžèšã§æå®ãããã¡ã€ã³ã®ãã©ã€ã㪠MX ã§ã¯ãªãããšã確èªããå¿ èŠããããŸãããªããªããèªãã«ã¯ã¡ãŒã«ãé ä¿¡ããªã ããã§ãã 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã åä¿¡è ã®ç¢ºèª åä¿¡è æ€èšŒ:ããã§ã¡ãŒã«åä¿¡è ã確èªãããã©ãããšç¢ºèªæ¹æ³ãæå®ã§ããŸãã l ã³ãŒã«ã¢ãŠã䜿çš:åä¿¡è æ€èšŒã®èŠæ±ããµãŒãã«éä¿¡ãããŸãã l Active Directory 䜿çš:åä¿¡è æ€èšŒã®èŠæ±ã Active Directory ãµãŒãã«éä¿¡ãã㟠ããActive Directory ã䜿çšããã«ã¯ããå®çŸ©ãšãŠãŒã¶ > èªèšŒãµãŒã > ãµãŒããã§æå®ããã Active Directory ãµãŒããåããŠããããšãå¿ èŠã§ããããŒã¹ DNãã代æ¿ããŒã¹ DNããã£ãŒ ã«ãã«å ¥åããŸãã 泚 â Active Directory åä¿¡è æ€èšŒã䜿çšãããšããµãŒããå¿çããªãå Žåã«ã¡ãã»ãŒãžã ããŠã³ã¹ãããå ŽåããããŸãã l ãªã:åä¿¡è æ€èšŒã¯å®å šã«ãªãã«ã§ããŸãããæšå¥šãããŸããããªããªãããªãã«ãããšãã¹ ãã ãã©ãã£ãã¯ãå¢å€§ããŠãèŸæžæ»æã®å±éºæ§ãé«ãŸãããã§ãããã®çµæãéé¢å Žæã è¿·æã¡ãŒã«ã§æº¢ããŠããŸãããšã«ãªããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã UTM 9 管çã¬ã€ã 297 10.1 SMTP 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 10.1.3 ãŠã€ã«ã¹å¯Ÿç ããŠã€ã«ã¹å¯Ÿç ãã¿ãã«ã¯ããŠã€ã«ã¹ãã¯ãŒã ããã®ä»ã®ãã«ãŠã§ã¢ãªã©ã®æ害ã§å±éºãªã³ã³ãã³ã ãå«ãã¡ãŒã«ã«å¯ŸããããŸããŸãªå¯Ÿçãå«ãŸããŠããŸãã 泚 â éä¿¡ã¡ãŒã«ã¯ãããªã¬ãŒãã¿ãã®ããªã¬ãŒ (éä¿¡) ã¡ãã»ãŒãžã®ã¹ãã£ã³ããéžæãããŠããå Žå ã«ã¹ãã£ã³ãããŸãã SMTP ã ã©ã³ ã¶ã¯ã·ã§ã³ æã« ã¹ãã£ã³ ãSMTP ãã©ã³ã¶ã¯ã·ã§ã³æã«ãã«ãŠã§ã¢ããªãžã§ã¯ãããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããããš ã§ãSMTP ãã©ã³ã¶ã¯ã·ã§ã³äžã«ã¹ãã£ã³ãè¡ãããã«ãŠã§ã¢ãå«ãŸããŠããå Žåã¯æåŠããããšã ã§ããŸãã ãããã¡ã€ã«ã¢ãŒã :ãã®èšå®ã¯ãããã¡ã€ã«ããšã«ã¯å€æŽã§ããŸããã1人以äžã®åä¿¡è ãããã¡ã ã»ãŒãžã§ãåä¿¡è ã® 1人ã®ãããã¡ã€ã«ã§ãã¢ã³ããŠã€ã«ã¹ã¹ãã£ã³ãããªãã«ãªã£ãŠããå Žåã¯ãã ã®æ©èœã¯ã¹ããããããŸãããããã£ãŠã以äžã®éåžžã®ã¢ã³ããŠã€ã«ã¹èšå®ãããã©ãã¯ããŒã« ãã ããã¯ãéé¢ ãã®ããããã®èšå®ã«ããŠããããšããå§ãããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã ã¢ã³ ã㊠ã€ã«ã¹ã¹ãã£ã³ ãã®ãªãã·ã§ã³ã§ã¯ããŠã€ã«ã¹ãããã€ã®æšéŠ¬ãçããããã¡ã€ã«ã¿ã€ããªã©ã®äžèŠãªã³ã³ãã³ãã㪠ããã©ãããã¡ãŒã«ãã¹ãã£ã³ããŸããæªæã®ããã³ã³ãã³ããå«ãã¡ãã»ãŒãžã¯ãããã¯ãããŠã ã¡ãŒã«ã®éé¢å Žæã«ä¿åãããŸãããŠãŒã¶ã¯ãSophosãŠãŒã¶ããŒã¿ã« ãŸãã¯ãã€ãªãŒã®éé¢ã¬ ããŒãã§ãéé¢ãããã¡ãã»ãŒãžã確èªããŠãªãªãŒã¹ã§ããŸãããã ããæªæã®ããã³ã³ãã³ããå«ã ã¡ãã»ãŒãžã¯ãã¡ãŒã«ãããŒãžã£ã§ç®¡çè ã®ã¿ãéé¢ãããªãªãŒã¹ã§ããŸãã ã¢ã³ããŠã€ã«ã¹:æªæããã³ã³ãã³ããå«ãã¡ãã»ãŒãžã®åŠçæ¹æ³ãèšå®ã§ããŸãã次ã®äœæ¥ãå® è¡ã§ããŸãã l ãªã:ã¢ã³ããŠã€ã«ã¹ã¹ãã£ã³ãå®è¡ããŸããã l ãã©ãã¯ããŒã«:ã¡ãã»ãŒãžã¯åä¿¡åŸããã ã¡ã«åé€ãããŸããéä¿¡ã¡ãã»ãŒãžã¯ãæå³ããªã ã¡ãŒã«ã®çŽå€±ãåé¿ããããã«ããã©ãã¯ããŒã«åãããããšããããŸããã代ããã«ãéé¢ ãããŸãã l éé¢:ã¡ãã»ãŒãžã¯ãããã¯ãããã¡ãŒã«ã®éé¢å Žæã«ä¿åãããŸããéé¢ãããã¡ãã»ãŒãž ã¯ããŠãŒã¶ããŒã¿ã«ãŸãã¯ãã€ãªãŒã®éé¢ã¬ããŒãã§ç¢ºèªã§ããŸããæªæã®ããã³ã³ãã³ãã å«ãã¡ãã»ãŒãžãéé¢å ŽæãããªãªãŒã¹ã§ããã®ã¯ã管çè ã ãã§ãã 298 UTM 9 管çã¬ã€ã 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 10.1 SMTP Sophos UTM ã¯ãæé«ã®ã»ãã¥ãªãã£ãå®çŸããããŸããŸãªã¢ã³ããŠã€ã«ã¹ãšã³ãžã³ãåããŠã㟠ãã l ã·ã³ã°ã«ã¹ãã£ã³:ããã©ã«ãèšå®ããã¹ãã£ã³èšå® ãã¿ãã«å®çŸ©ããããšã³ãžã³ã䜿çšããŠæ é«ã¬ãã«ã®ããã©ãŒãã³ã¹ãå®çŸããŸãã l ãã¥ã¢ã«ã¹ãã£ã³:åãã©ãã£ãã¯ã«å¯Ÿããç°ãªããŠã€ã«ã¹ã¹ãã£ãã䜿çšããŠã¹ãã£ã³ã 2å è¡ãããšã«ãããæ€åºçãæ倧éã«é«ããŸããããŒã·ãã¯ã¬ãŒããµãã¹ã¯ãªãã·ã§ã³ã§ã¯ã㥠ã¢ã«ã¹ãã£ã³ã¯å©çšã§ããŸããã ã¹ãã£ã³ã§ããªãã³ã³ãã³ããæå·åãããã³ã³ãã³ãã®éé¢:ãã®ãªãã·ã§ã³ãéžæããŠãã³ã³ãã³ã ãã¹ãã£ã³ã§ããªãã£ãã¡ãŒã«ãéé¢ããŸããã¹ãã£ã³ã§ããªãã³ã³ãã³ãã¯ãæå·åããããã®ã ç Žæããã¢ãŒã«ã€ãããŸãã¯ãµã€ãºã倧ããããã³ã³ãã³ãã®ä»ãã¹ãã£ãã®äžå ·åãªã©ã®æè¡ç ãªåé¡ã«ããå ŽåããããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã MIME ã¿ã€ããã£ã«ã¿ MIME ã¿ã€ãã®ãã£ã«ã¿ã¯ MIME ã¿ã€ãã®ã¡ãŒã«ã³ã³ãã³ããèªã¿ãŸããããŸããŸãª MIME ã¿ã€ããã©ã åãæ±ãããå®çŸ©ã§ããŸãã l é³å£°ã³ã³ãã³ããéé¢:ãã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ãããšãmp3 ããã㯠wav ãã¡ã€ ã«ãªã©ã®é³å£°ã³ã³ãã³ããéé¢ãããŸãã l åç»ã³ã³ãã³ããéé¢:ãã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ãããšãmpg ããã㯠mov ãã¡ã€ ã«ãªã©ã®åç»ã³ã³ãã³ããéé¢ãããŸãã l å®è¡å¯èœãã¡ã€ã«ã³ã³ãã³ããéé¢:ãã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ãããšãexe ãã¡ã€ã« ãªã©ã®å®è¡å¯èœãã¡ã€ã«ã³ã³ãã³ããéé¢ãããŸãã éé¢ããä»ã®ã¿ã€ã:äžèšä»¥å€ã® MIME ã¿ã€ããéé¢ããã«ã¯ããéé¢ããä»ã®ã¿ã€ããããã¯ã¹ã® ã+ãã¢ã€ã³ã³ãã¯ãªãã¯ããMIME ã¿ã€ã (äŸ: image/gif) ãå ¥åããŸããã¹ã©ãã·ã¥å³åŽã«ã¯ã€ã«ã ã«ãŒã (*) ã䜿çšã§ããŸã (äŸ: application/*)ã ãã¯ã€ããªã¹ãåããã¿ã€ã:ãã®ããã¯ã¹ã䜿çšããŠäžè¬çã«ä¿¡é Œã§ãã MIME ã¿ã€ããèš±å¯ã㟠ããMIME ã¿ã€ããè¿œå ããã«ã¯ããã¯ã€ããªã¹ãåããã¿ã€ããããã¯ã¹ã®ã+ãã¢ã€ã³ã³ãã¯ãªã㯠ããMIME ã¿ã€ããå ¥åããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã UTM 9 管çã¬ã€ã MIME ã¿ã€ã MIME ã¿ã€ãã®ã¯ã©ã¹ audio/* é³å£°ãã¡ã€ã« video/* åç»ãã¡ã€ã« 299 10.1 SMTP 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ MIME ã¿ã€ã MIME ã¿ã€ãã®ã¯ã©ã¹ application/x-dosexec application/x-msdownload application/exe application/x-exe application/dos-exe ã¢ããªã±ãŒã·ã§ã³ vms/exe application/x-winexe application/msdos-windows application/x-msdos-program Table 2: MIMEã¿ã€ããã£ã«ã¿ã§èªèãããMIMEã¿ã€ã ãã¡ã€ã«æ¡åŒµåãã£ã«ã¿ ãã®æ©èœã¯ããã¡ã€ã«æ¡åŒµåã«åºã¥ããŠç¹å®ã¿ã€ãã®ãã¡ã€ã« (å®è¡å¯èœãã¡ã€ã«ãªã©) ãå«ãã¡ãŒ ã«ã (èŠåä»ãã§) ãã£ã«ã¿ãªã³ã°ããéé¢ããŸãããã¡ã€ã«æ¡åŒµåãè¿œå ããã«ã¯ãããããã¯å¯Ÿè±¡ ãã¡ã€ã«æ¡åŒµå ãããã¯ã¹ã®ã+ãã¢ã€ã³ã³ãã¯ãªãã¯ããçŠæ¢ãããã¡ã€ã«æ¡åŒµå (äŸ: exe ãŸã㯠jar (åºåãæåã®ããããªã)) ãå ¥åããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã ãã³ã â çŠæ¢ããããã¡ã€ã«æ¡åŒµåã«å¯ŸããŠã¢ãŒã«ã€ããæ€çŽ¢ããããšã¯ã§ããŸãããã¢ãŒã«ã€ã ã«å«ãŸãããã«ãŠã§ã¢ãããããã¯ãŒã¯ãä¿è·ããã«ã¯ã該åœããã¢ãŒã«ã€ãã®ãã¡ã€ã«æ¡åŒµåã ãããã¯ããããšãèæ ®ããŠãã ããã ã¢ã³ ã㊠ã€ã«ã¹ãã§ãã¯ããã¿ åéä¿¡ã¡ãŒã«ã§ãæªæããã³ã³ãã³ãã«ã€ããŠã¡ãŒã«ãã¹ãã£ã³æžã¿ã§ããããšããŠãŒã¶ã«ç¥ããã ç¹å¥ãªããã¿ãè¿œå ããŠã«ã¹ã¿ãã€ãºã§ããŸãããã ããããªã¬ãŒãã¿ãã®ããªã¬ãŒ (éä¿¡) ã¡ãã»ãŒãžã® ã¹ãã£ã³ããã§ãã¯ããã¯ã¹ãéžæãããŠããå Žåã«ã®ã¿ããã¿ãè¿œå ãããŸããããã«ããŠã€ã«ã¹ 察çãã§ãã¯ããã¿ã¯ãè¿ä¿¡ã¡ãŒã«ã®å Žå (In-Reply-To ããããæã€ãã®)ããŸãã¯ã¡ãŒã«ã®ã³ã³ãã³ ãã¿ã€ããå€å®ã§ããªãå Žåã¯ãã¡ãŒã«ã«è¿œå ãããŸããã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªã㯠ããŸãã 300 UTM 9 管çã¬ã€ã 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 10.1 SMTP 泚 âã¡ãŒã«ã¯ã©ã€ã¢ã³ã (äŸ: Microsoft Outlook ãŸã㯠Mozilla Thunderbird) ã眲åæžã¿ãŸãã¯æå· åæžã¿ã®ã¡ãã»ãŒãžã«ããã¿ãè¿œå ãããšã眲åãç Žå£ãããŠç¡å¹ã«ãªããŸããããžã¿ã«çœ²åã㯠ã©ã€ã¢ã³ãåŽã§äœæããå Žåã¯ãã¢ã³ããŠã€ã«ã¹ãã§ãã¯ããã¿ãªãã·ã§ã³ãç¡å¹ã«ããŠãã ãããã ã ããã¡ãŒã«éä¿¡ã®ãã©ã€ãã·ãŒãèªèšŒãä¿ã¡ãªãããäžè¬çãªãŠã€ã«ã¹å¯Ÿçãã§ãã¯ããã¿ã䜿 çšããå Žåã¯ãSophos UTM ã®çµã¿èŸŒã¿ã¡ãŒã«æå·åæ©èœã®äœ¿çšãèæ ®ããŠãã ãããã²ãŒã ãŠã§ã€äžã§ã®ã¡ãŒã«æå·åã§ã¯ãããžã¿ã«çœ²åãäœæããåã«ããã¿ãã¡ãã»ãŒãžã«ä»å ããã ããã眲åãæãªãããããšã¯ãããŸããã 10.1.4 ã¹ãã 察ç Sophos UTM Sophos UTM ãèšå®ããŠãæªæ¿è«Ÿã®ã¹ãã ã¡ãŒã«ãæ€åºããããæ¢ç¥ã® (ãŸãã¯çãã ã) ã¹ãã çºä¿¡è ããã®ã¹ãã éä¿¡ãèå¥ããããšãã§ããŸãããã¹ãã 察ç ãã¿ãã«ããèšå®ãªã ã·ã§ã³ã䜿çšããŠãSMTP ã®ã»ãã¥ãªãã£æ©èœãèšå®ããæªæ¿è«Ÿã®å®£äŒçšã¡ãŒã«ãªã©ããããã ã¯ãŒã¯ãä¿è·ããŸãã 泚 â éä¿¡ã¡ãŒã«ã¯ãããªã¬ãŒãã¿ãã®ããªã¬ãŒ (éä¿¡) ã¡ãã»ãŒãžã®ã¹ãã£ã³ããéžæãããŠããå Žå ã«ã¹ãã£ã³ãããŸãã 泚 â ãã®ã¿ãã®äžéšã®æ©èœã¯ãããŒã·ãã¯ã¬ãŒã ãµãã¹ã¯ãªãã·ã§ã³ã§ã¯å©çšã§ããŸããã SMTP ã ã©ã³ ã¶ã¯ã·ã§ã³ äžã®ã¹ãã æ€åº SMTP ãã©ã³ã¶ã¯ã·ã§ã³äžã«ã¹ãã ãæåŠããããšãã§ããŸãããSMTP äžã§ãªãžã§ã¯ãããªãã·ã§ã³ ã«ã次ã®ããããã®èšå®ãéžæããŸãã l ãªã:ã¹ãã æ€åºã¯ç¡å¹ãšãªããã¹ãã ãåå ã§ã¡ãŒã«ãæåŠãããããšã¯äžåãããŸã ãã l Confirmed Spam:確èªãããã¹ãã ã®ã¿æåŠãããŸãã l Spam:ã·ã¹ãã ãã¹ãã ãšã¿ãªãå šãŠã®ã¡ãŒã«ãæåŠãããŸãããã¥ãŒã¹ã¬ã¿ãŒãªã©ã®ã¡ãŒ ã«ããã¹ãã ã®çãããããšã¿ãªããŠåŽäžããå Žåãããããã誀æ€åºçãé«ããªãå¯èœ æ§ããããŸãã SMTP ãã©ã³ã¶ã¯ã·ã§ã³äžã«æåŠãããªãã¡ãŒã«ã¯ã以äžã®ãã¹ãã ãã£ã«ã¿ãã»ã¯ã·ã§ã³ã®èšå®ã«å¿ ããŠåŠçãããŸãã ãããã¡ã€ã«ã¢ãŒã :ãã®èšå®ã¯ãããã¡ã€ã«ããšã«ã¯å€æŽã§ããŸãããã¡ãã»ãŒãžãè€æ°ã®åä¿¡è å®ãŠã§ãããããããã®åä¿¡è ã®ãããã¡ã€ã«ã§ã¹ãã ã®ã¹ãã£ã³ãå®å šã«ãªãã«ãªã£ãŠããå Ž UTM 9 管çã¬ã€ã 301 10.1 SMTP 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ åããã®æ©èœã¯çç¥ãããŸããã€ãŸããéåžžã®ã¹ãã ã¹ãã£ã³èšå®ããSpamããŸãã¯ãConfirmed Spamãã®ããããã«ããŠããããšããå§ãããŸãã RB L (ãªã¢ã«ã¿ã€ã ãã©ãã¯ããŒã«ãªã¹ã ) ãªã¢ã«ã¿ã€ã ãã©ãã¯ããŒã«ãªã¹ã (RBL) ãšã¯ãã¹ãã è¡çºã«é¢é£ããŠãã IP ã¢ãã¬ã¹ã®ãªã¹ãã〠ã³ã¿ãŒããããµã€ããå ¬éããæ¹åŒã§ãã æšå¥šRBLã䜿çš:ãã®ãªãã·ã§ã³ãéžæãããšãã¡ãŒã«è»¢éãšãŒãžã§ã³ãã¯å€éšã®ããŒã¿ããŒã¹ã«å¯Ÿ ããŠæ¢ç¥ã®ã¹ãã éä¿¡è (ãããããªã¢ã«ã¿ã€ã ãã©ãã¯ããŒã«ãªã¹ã) ãåãåãããŸãããããµ ã€ããããããã®ãªã¹ãã® 1ã€ä»¥äžã«å«ãŸããŠããã°ããã®ãµã€ãããã®éä¿¡ã¡ãã»ãŒãžã容æã«æ åŠããããšãã§ããŸãããã®ãããªãµãŒãã¹ã®äžéšã¯ã€ã³ã¿ãŒãããã§å©çšã§ããŸãããã®æ©èœã䜿 çšããããšã«ãããã¹ãã ãå€§å¹ ã«æžããããšãã§ããŸãã ããã©ã«ãã§ã以äžã® RBL ã«å¯ŸããŠåãåãããŸãã l Commtouch IP Reputation (ctipd.org) l cbl.abuseat.org 泚 â Sophos UTMãåãåããã RBL ãªã¹ãã¯ãäºåãªãã«å€æŽãããå ŽåããããŸããSophos ã¯ããããã®ããŒã¿ããŒã¹ã®å 容ãä¿èšŒããŸããã Sophos UTMã®ã¢ã³ãã¹ãã æ©èœã匷åããããã«ããããªã RBL ãµã€ããè¿œå ããŠãã¢ã³ãã¹ãã æ©èœã匷åã§ããŸããè¿œå ããã«ã¯ããRBLãŸãŒã³ã®è¿œå ãããã¯ã¹ã§ãã©ã¹ã¢ã€ã³ã³ãã¯ãªãã¯ã㟠ãã衚瀺ãããããã¹ãããã¯ã¹ã« RBL ãŸãŒã³ãå ¥åããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã ã¹ãã ãã£ã«ã¿ Sophos UTM Sophos UTM ã«ã¯ãã¹ãã ã®ç¹åŸŽãããã¡ãŒã«ããã¥ãŒãªã¹ãã£ãã¯ã«ãã§ãã¯ããæ©èœ ããããŸãããã®æ©èœã¯ãSMTP ãšã³ãããŒãæ å ±ãšãçºèŠçãã¹ãããã³ç¹æ§ã«é¢ããå éšããŒã¿ ããŒã¹ã䜿çšããŸãããã®ã¹ãã ãã£ã«ã¿ãªãã·ã§ã³ã§ã¯ãã¡ãã»ãŒãžã®å 容㚠SMTP ãšã³ãããŒã æ å ±ã«åºã¥ããŠã¡ãã»ãŒãžã«ã¹ã³ã¢ãä»ããŸããã¹ã³ã¢ãé«ãã»ã©ãã¹ãã ã®å¯èœæ§ãé«ãããšã æå³ããŸãã 次㮠2ã€ã®ãªãã·ã§ã³ã䜿çšããŠãããäžå®ã®ã¹ãã ã¹ã³ã¢ãä»ããã¡ãã»ãŒãžãžã®å¯Ÿå¿æ¹æ³ãæ å®ããããšãã§ããŸããããã«ãããã²ãŒããŠã§ã€ã¯ã¹ãã ã®å¯èœæ§ãããã¡ãŒã«ãå¥åã«æ±ãããš ãã§ããããã«ãªããŸãã l 302 Spam ã¢ã¯ã·ã§ã³:ããã§ã¯ãã¹ãã ã®å¯èœæ§ããããšããŠåé¡ãããã¡ãã»ãŒãžã«å¯Ÿãã察ç ãå®çŸ©ã§ããŸããããã§ã¯ã誀æ€åºãã€ãŸãããã¥ãŒã¹ã¬ã¿ãŒãªã©ãééã£ãŠã¹ãã ã«åé¡ã UTM 9 管çã¬ã€ã 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 10.1 SMTP ãããã©ãã¯ããŒã«åã«ãã£ãŠã¡ãŒã«ãçŽå€±ããå¯èœæ§ãããããšã«æ³šæããŠãã ããã l Confirmed Spam ã¢ã¯ã·ã§ã³:ããã§ã¯ãConfirmed Spam (確å®æ§ã®é«ãã¹ãã ) ãšç¢ºèªããã ã¡ãã»ãŒãžã«å¯Ÿããã¢ã¯ã·ã§ã³ãå®çŸ©ã§ããŸãã ããã 2çš®é¡ã®ã¹ãã ã«å¯ŸããåŠçããããŸããŸãªå¯Ÿçããéžæã§ããŸãã l ãªã:ã¡ãã»ãŒãžã¯ã¹ãã ãšããŠããŒã¯ããããããã£ã«ã¿ãããŸããã l èŠå:ã¡ãã»ãŒãžã¯ãã£ã«ã¿ãããŸãããåä¿¡ã¡ãã»ãŒãžã®å Žåã¯ããã®ä»£ããã«ãã¹ãã ã ã©ã°ãã¡ãã»ãŒãžãããã«è¿œå ãããã¹ãã ããŒã«ãã¡ãã»ãŒãžã®ä»¶åã«è¿œå ãããŸããé ä¿¡ã¡ãã»ãŒãžã¯ãã¢ã¯ã·ã§ã³ãªãã§éä¿¡ãããŸãã l éé¢:ã¡ãã»ãŒãžã¯ãããã¯ãããã¡ãŒã«ã®éé¢å Žæã«ä¿åãããŸããéé¢ãããã¡ãã»ãŒãž ã¯ããŠãŒã¶ããŒã¿ã«ãŸãã¯ãã€ãªãŒã®éé¢ã¬ããŒãã§ç¢ºèªã§ããŸãã l ãã©ãã¯ããŒã«:ã¡ãã»ãŒãžã¯åä¿¡åŸããã ã¡ã«åé€ãããŸããéä¿¡ã¡ãã»ãŒãžã¯ãæå³ããªã ã¡ãŒã«ã®çŽå€±ãåé¿ããããã«ããã©ãã¯ããŒã«åãããããšããããŸããã代ããã«ãéé¢ ãããŸãã ã¹ãã ããŒã«:ãã®ãªãã·ã§ã³ã§ãã¹ãã ããŒã«ãæå®ã§ããŸããã¹ãã ããŒã«ãšã¯ãã¹ãã ã¡ãã»ãŒ ãžããã°ããç°¡åã«èå¥ã§ããããã«ãã¡ãã»ãŒãžã®ä»¶åè¡ã«è¿œå ãããæååã§ããããã©ã«ã ã§ã¯ãã¹ãã ã¡ãã»ãŒãžã瀺ãããã« *SPAM* ãšããæååã䜿çšãããŸãã éä¿¡è ãã©ãã¯ãªã¹ã åä¿¡ SMTP ã»ãã·ã§ã³ã®ãšã³ãããŒãéä¿¡è ã¯ããã®ãã©ãã¯ãªã¹ãå ã®ã¢ãã¬ã¹ãšç §åãããŸãã ãšã³ãããŒãéä¿¡è ããã©ãã¯ãªã¹ãã«å«ãŸããŠããå Žåãã¡ãã»ãŒãžã¯ãã©ãã¯ããŒã«åãã㟠ãã ãã©ãã¯ãªã¹ãã«æ°ããã¢ãã¬ã¹ãã¿ãŒã³ãè¿œå ããã«ã¯ãããã©ãã¯ãªã¹ãã¢ãã¬ã¹ãã¿ãŒã³ãããã¯ã¹ ã§ãã©ã¹ã¢ã€ã³ã³ãã¯ãªãã¯ããã¢ãã¬ã¹ (ã®äžéš) ãå ¥åããŠããããé©çš ããã¯ãªãã¯ããŸããã¯ã€ã«ã ã«ãŒããšããŠã¢ã¹ã¿ãªã¹ã¯ (*) ã䜿çšã§ããŸã (äŸ: *@abbeybnknational.com)ã ãã³ã â ãšã³ããŠãŒã¶ã¯ããŠãŒã¶ããŒã¿ã«ã§ç¬èªã®ãã©ãã¯ãªã¹ãããã³ãã¯ã€ããªã¹ããäœæã§ã ãŸãã è¡šçŸãã£ã«ã¿ è¡šçŸãã£ã«ã¿ã¯ãSMTP ãããã·ãééããã¡ãã»ãŒãžã«ç¹å®ã®è¡šçŸãå«ãŸããŠããªãããã³ã³ã ã³ããã¹ãã£ã³ããçãã®ããã¡ãŒã«ããããã¯ããŸããè¡šçŸã¯ Perl äºæã®æ£èŠè¡šçŸ ã§æå®ã§ã㟠ããããšãã°ããonline datingããªã©ã®ç°¡åãªæååã¯ã倧æåãšå°æåãåºå¥ããªãã§è§£éãã㟠ãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã UTM 9 管çã¬ã€ã 303 10.1 SMTP 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ åç § â è¡šçŸãã£ã«ã¿ã§æ£èŠè¡šçŸã䜿çšããæ¹æ³ã®è©³çŽ°ã¯ãSophos ãµããŒãããŒã¿ããŒã¹ãåç § ããŠãã ããã é«åºŠãªã¢ã³ ã㊠ã€ã«ã¹æ©èœ ãã®ãšãªã¢ã«ã¯ãSophos UTMã®ã¢ã³ãã¹ãã æ©èœã匷åãããã®ä»ã®ããŸããŸãªè©³çŽ°ãªãã·ã§ã³ ããŸãšããããŠããŸãã ç¡å¹ãª HELO/RDNS äžå¯ã®ãªãžã§ã¯ã:ç¡å¹ãªHELOãšã³ããªãéä¿¡ãããã¹ããRDNSãšã³ããªã㪠ããã¹ããæåŠããã«ã¯ããã®ãªãã·ã§ã³ãéžæããŸãããã®ãã§ãã¯ãããã¹ããé€å€ããã«ã¯ã ãé€å€ ãã¿ãã䜿çšããŠãã ããã å³å¯ãªRDNSãã§ãã¯:ç¡å¹ãª RDNS ã¬ã³ãŒãã®ãã¹ãããã®ã¡ãŒã«ãè¿œå æåŠããã«ã¯ãã ã®ãªãã·ã§ã³ãéžæããŸããRDNS ã¬ã³ãŒãã¯ãæ€åºããããã¹ãåãå ã® IP ã¢ãã¬ã¹ã«è§£ 決ãããªãå Žåã«ç¡å¹ã«ãªããŸãã ã°ã¬ã€ãªã¹ãã£ã³ã°ã䜿çš:ã°ã¬ãŒãªã¹ãåãšã¯ãåºæ¬çã«ãç¹å®ã®æéã«ããã£ãŠã¡ãŒã«ãäžæç ã«æåŠããããšã§ããäžè¬ã«ãã°ã¬ãŒãªã¹ãåã䜿çšããŠããã¡ãŒã«ãµãŒãã¯ããã¹ãŠã®åä¿¡ã¡ãŒã« ãã3çš®é¡ã®æ å ±ãèšé²ããŸãã l éä¿¡è ã®ã¢ãã¬ã¹ l ã¡ãã»ãŒãžéä¿¡å ã®ãã¹ãã® IP ã¢ãã¬ã¹ l åä¿¡è ã®ã¢ãã¬ã¹ l ã¡ãã»ãŒãžä»¶å ãã®ããŒã¿ã»ããã¯ãSMTP ãããã·ã®å éšããŒã¿ããŒã¹ãšç §åããŠãã§ãã¯ãããŸããæ°ããããŒã¿ ã»ãããèŠã€ãã£ãå Žåã«ã¯ããããèšè¿°ããç¹å¥ãªã¿ã€ã ã¹ã¿ã³ããšãšãã«ããŒã¿ããŒã¹ã«èšé² ãäœæãããŸãããã®ããŒã¿ã»ããã«ãããåœè©²ã¡ãŒã«ã 5åéã«ããã£ãŠæåŠãããŸãã5åçµã€ ãšãããã·ãããŒã¿ã»ãããèªèããŸããåœè©²ã¡ãã»ãŒãžãåéä¿¡ããããšããã®ã¡ãã»ãŒãžã¯èš±å¯ã ããŸããããŒã¿ã»ããã¯ã1é±é以å ã«æŽæ°ãããªããã°ã1é±éåŸã«å€±å¹ããŸãã ã°ã¬ã€ãªã¹ãã£ã³ã°ã§ã¯ãã»ãšãã©ã®ã¹ãã ã¡ãã»ãŒãžéä¿¡è ããfire-and-forgetãæ¹åŒã䜿çšããŠã ãç¹ãå©çšããŠããŸããããã¯ãã¡ãŒã«ãéãã€ããŠãããŸããããªããã°å¿ããããšããæ¹åŒã§ãã ã€ãŸããRFC æºæ ã®ã¡ãŒã«ãµãŒããšéããã¹ãã ã¡ãŒã«éä¿¡è ã¯ãäžæçãªå€±æãçºçããã¡ãŒ ã«ãåéä¿¡ããŸããããã®æ©èœã§ã¯ã次ã®ããšãåæãšãªã£ãŠããŸããã€ãŸããäžæçãªå€±æ㯠ã¡ãŒã«é ä¿¡ã«é¢ãã RFC ä»æ§ã«èµ·å ãããããæ£åœãªãµãŒãã¯åŸã§ã¡ãŒã«ãåéä¿¡ããŸãããã® æç¹ã§å®å ã«ã¡ãŒã«ãåãå ¥ããããŸãã BATVã䜿çš:BATV ãšã¯ãã¡ãŒã«ã¢ãã¬ã¹ã®æ£åœãªäœ¿çšãšäžæ£ãªäœ¿çšãåºå¥ããããšãç®æã IETF ã®ãã©ããã§ããBATV ã¯ãç°¡åãªå ±æéµãè¿œå ããŠã¢ãã¬ã¹ãæå€æ å ±ãããã³ä»»æã®ã©ã³ãã 304 UTM 9 管çã¬ã€ã 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 10.1 SMTP ããŒã¿ã®ããã·ã¥ã笊å·åããããšã«ãããéä¿¡ã¡ãŒã«ã®ãšã³ãããŒãéä¿¡è ã«çœ²åãæœããŠãã¡ãŒ ã«ãæ¬åœã«éä¿¡è ããã®ãã®ã§ãããšèšŒæããæ¹æ³ãæäŸããŸããããã¯äž»ã«ãéä¿¡è èªèº«ã éä¿¡ãããã®ã§ã¯ãªãããŠã³ã¹ã¡ãŒã«ãæåŠããããã«äœ¿çšãããŸããBATV ã䜿çšããããšã«ã ããåä¿¡ããããŠã³ã¹ãæ¬åœã«èªåãéä¿¡ããã¡ãŒã«ã«ç±æ¥ããŠãããã¹ãã éä¿¡è ãåœé ãã ã¢ãã¬ã¹ããã®ã¡ãŒã«ã§ã¯ãªãããšã確èªã§ããããã«ãªããŸããæ»ã£ãŠããããŠã³ã¹ã¡ãŒã«ã®ã¡ãŒ ã«ã¢ãã¬ã¹ã BATV ã«åŸã£ãŠçœ²åãããŠããªãå ŽåãSMTP ãããã·ã¯ãã®ã¡ãã»ãŒãžãåãä»ã ãŸãããBATV ã«ãã眲å㯠7æ¥åŸã«å€±å¹ããŸããã¡ãŒã«ã®ãšã³ãããŒãã® MAIL FROM ã¢ãã¬ã¹ã® ããã·ã¥ã笊å·åããããã«äœ¿çšãããéµ (ããã㯠BATV ã·ãŒã¯ã¬ãã) ãå€æŽããã«ã¯ããEã¡ãŒ ã«ãããã¯ã·ã§ã³ > SMTP > 詳现 ãã¿ãã§å®æœããŸãã 泚 â ã¡ãŒã«è»¢éãšãŒãžã§ã³ãã«ãã£ãŠã¯ãBATV ã«ãã£ãŠãšã³ãããŒãéä¿¡è ã¢ãã¬ã¹ãå€æŽãã ãã¡ãã»ãŒãžãæåŠããå ŽåããããŸãããã®å Žåã圱é¿ãåããéä¿¡è ãåä¿¡è ããã¡ã€ã³ã«å¯Ÿ ããŠé€å€ã«ãŒã«ãäœæããå¿ èŠããããŸãã SPF ãã§ãã¯ã®å®æœ:SPF (éä¿¡è ããªã·ãŒãã¬ãŒã ã¯ãŒã¯ ) ãšã¯ããã¡ã€ã³ã®ææè ãéä¿¡ã¡ãŒã« ãµãŒãã«é¢ããæ å ±ãå ¬éããããã®ãã¬ãŒã ã¯ãŒã¯ã§ãããã¡ã€ã³ã¯å ¬éã¬ã³ãŒãã䜿çšããŠãã ãŸããŸãªãµãŒãã¹ (Webãã¡ãŒã«ãªã©) ããããã®ãµãŒãã¹ãå®è¡ãããã·ã³ã«éä¿¡ããŸãããã¹ãŠã® ãã¡ã€ã³ã¯ããã®ãã¡ã€ã³ãžã®ã¡ãŒã«ãã©ã®ãã·ã³ãåä¿¡ããã®ããç¥ããã MX ã¬ã³ãŒããã¡ãŒã« é¢é£ã®ãµãŒãã¹çšã«å ¬éããŠããŸããSPF ã§ã¯ããã¡ã€ã³ããããçš®ã®ããªããŒã¹ MX ã¬ã³ãŒãããå ¬ éããããšã«ããããã®ãã¡ã€ã³ããã®ã¡ãŒã«ãéä¿¡ããŠãããã·ã³ãåºãäžè¬ã«äŒããŸããç¹å®ã® ãã¡ã€ã³ããã¡ãã»ãŒãžãåä¿¡ãããšãåä¿¡è ã¯ãããã®ã¬ã³ãŒãã確èªããŠãæ£åœãªéä¿¡è ããã® ã¡ãŒã«ã§ããããšã確èªããŸãã åç § â 詳现ã¯ãéä¿¡è ããªã·ãŒãã¬ãŒã ã¯ãŒã¯ ã® Web ãµã€ããåç §ããŠãã ããã è¿œå ã®ã¢ã³ãã¹ãã æ©èœãšããŠãSMTP ãããã·ã¯ãä»»æã®ã¢ãã¬ã¹ãžã®ã¡ãŒã«ãåä¿¡ãããšãã«ã ããã¯ãšã³ãã®ã¡ãŒã«ãµãŒãã«å¯ŸããŠåä¿¡è ã¢ãã¬ã¹ãæé»ã§ãã§ãã¯ããŠãããã®ã¡ãŒã«ãåã ä»ããŸããç¡å¹ãªåä¿¡è ã¢ãã¬ã¹ãžã®ã¡ãŒã«ã¯èš±å¯ãããŸããããã®æ©èœãåäœããããã«ã¯ã 䜿çšããŠããããã¯ãšã³ãã¡ãŒã«ãµãŒãããSMTP ã¹ããŒãžã§äžæåä¿¡è ãžã®ã¡ãŒã«ãæåŠã§ã㪠ããã°ãªããŸãããååçã«ãããã¯ãšã³ããµãŒããã¡ãã»ãŒãžãæåŠããã°ãSMTP ãããã·ãã ã®ã¡ãã»ãŒãžãæåŠããŸãã ãã ããåä¿¡è ã®ç¢ºèªã¯ä¿¡é Œããã (èš±å¯ããã) ãã¹ãããªã¬ãŒãã¹ãã«å¯ŸããŠã¯ è¡ãããŸããã ãã®çç±ã¯ããŠãŒã¶ãšãŒãžã§ã³ãã«ãã£ãŠã¯ãSMTP ãã©ã³ã¶ã¯ã·ã§ã³ã§åä¿¡è ãæåŠããããšåé¡ ãçºçããå Žåãããããã§ããäžè¬çãªã·ããªãª (ããã¯ãšã³ãã¡ãŒã«ãµãŒãã SMTP ãã©ã³ ã¶ã¯ã·ã§ã³ã§äžæãªåä¿¡è ãæåŠãã) ã§ã¯ãSophos UTMããŠã³ã¹ãçæãããã®ã¯æ¬¡ã®å Žåã« éãããŸãã UTM 9 管çã¬ã€ã 305 10.1 SMTP 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ l ä¿¡é Œãããéä¿¡å ããªã¬ãŒå ããé ä¿¡äžèœãªåä¿¡è ã«ã¡ãã»ãŒãžãéä¿¡ããå Žåã l ããã¯ãšã³ãã¡ãŒã«ãµãŒããåæ¢ããŠãããSophos UTMãåä¿¡è ã確èªã§ããªãã£ãå Ž åã ãã ããSophos UTMã¯ãããã¯ãšã³ãã¡ãŒã«ãµãŒãããã®é ä¿¡äžèœã¬ããŒã (NDR) ãããŠã³ã¹ã®é ä¿¡ãé²æ¢ããããšã¯ã§ããŸãããããã«Sophos UTMã¯ãã¡ãŒã«ãµãŒãããã®ã¹ãã ã®å¯èœæ§ã®ã ãã³ãŒã«ã¢ãŠãå¿ç㯠24æéãã£ãã·ã¥ããå¯èœæ§ã®ãªããã®ã¯2æéãã£ãã·ã¥ããŸãã 10.1.5 é€å€ ãSMTP > é€å€ ãã¿ãã§ãã¢ã³ãã¹ãã ãã¢ã³ããŠã€ã«ã¹ããŸãã¯ãã®ä»ã®ã»ãã¥ãªãã£ãã§ãã¯ããé€ å€ãããã¯ã€ããªã¹ãã®ãã¹ãããããã¯ãŒã¯ãéä¿¡è ãããã³åä¿¡è ãå®çŸ©ã§ããŸãã 泚 â ã¡ãŒã«ã¯å€æ°ã®åä¿¡è ã«éä¿¡ãããå ŽåããããŸãããSophos UTM㯠SMTP ãããã³ã«ã® ã€ã³ã©ã€ã³ã¹ãã£ãã³ã°ãå®è£ ããŠãããããã¡ãŒã«åä¿¡è ã®ãã¡ 1人ã§ããåä¿¡è ãããã¯ã¹ã«ãª ã¹ããããŠãããšãã¡ãŒã«ã®ã¹ãã£ã³ã¯ãã¹ãŠã®åä¿¡è ã«å¯ŸããŠã¹ããããããŸãã é€å€ã«ãŒã«ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãé€å€ ãã¿ãã§ããæ°èŠé€å€ãªã¹ãããã¯ãªãã¯ããŸãã ãé€å€ãªã¹ããäœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã®é€å€ã«ãŒã«ã説æããååãå ¥åããŠãã ããã å®è¡ããªããã§ãã¯:ã¹ãããããã»ãã¥ãªãã£ãã§ãã¯ãéžæããŸãã詳现ã¯ããEã¡ãŒã«ãã ãã¯ã·ã§ã³ > SMTP > ã¢ã³ããŠã€ã«ã¹ ãããã³ãã¹ãã 察çããåç §ããŠãã ããã éä¿¡å ãã¹ã/ãããã¯ãŒã¯ã§é€å€:ãã®é€å€ã«ãŒã«ã§å®çŸ©ãããã»ãã¥ãªãã£ãã§ãã¯ãã¹ ãããããéä¿¡å ãã¹ã/ãããã¯ãŒã¯ (ã¡ãã»ãŒãžãçºä¿¡ããããã¹ããŸãã¯ãããã¯ãŒã¯) ã éžæããŸãã 泚 â ããŒã«ã«ã¡ãã»ãŒãžã¯ããã©ã«ãã§ã¹ãã£ã³ãããªãã®ã§ãããŒã«ã«ãã¹ãã«ã¯é€å€ã äœæããå¿ èŠã¯ãããŸããã ãã®ãªãã·ã§ã³ãéžæãããšãããã¹ã/ãããã¯ãŒã¯ ãããã¯ã¹ãéããŸããã+ãã¢ã€ã³ã³ãŸã㯠ãã©ã«ãã¢ã€ã³ã³ãã¯ãªãã¯ããŠããã¹ããããã¯ãããã¯ãŒã¯ãè¿œå ã§ããŸãã éä¿¡è ã¢ãã¬ã¹ã§é€å€:å®çŸ©ããã»ãã¥ãªãã£ãã§ãã¯ãã¹ãããããéä¿¡è ã®ã¡ãŒã«ã¢ãã¬ã¹ ãéžæããŸãã 306 UTM 9 管çã¬ã€ã 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 10.1 SMTP ãã®ãªãã·ã§ã³ãéžæãããšããéä¿¡è ãããã¯ã¹ãéããŸããå®å šã§æå¹ãªã¡ãŒã«ã¢ãã¬ã¹ã å ¥åããã (äŸ: [email protected])ããŸãã¯ã¢ã¹ã¿ãªã¹ã¯ãã¯ã€ã«ãã«ãŒããšããŠäœ¿çšã㊠ç¹å®ãã¡ã€ã³ã®ãã¹ãŠã®ã¡ãŒã«ã¢ãã¬ã¹ãæå®ã§ããŸã (äŸ: *@example.com)ã 泚 â éä¿¡è ã¢ãã¬ã¹ã¯å®¹æã«åœé ã§ããããããéä¿¡è ããªãã·ã§ã³ã䜿çšããéã¯æ³šæ ãå¿ èŠã§ãã åä¿¡è ã¢ãã¬ã¹ã§é€å€:å®çŸ©ããã»ãã¥ãªãã£ãã§ãã¯ãã¹ãããããåä¿¡è ã®ã¡ãŒã«ã¢ãã¬ã¹ ãéžæããŸãã ãã®ãªãã·ã§ã³ãéžæãããšããåä¿¡è ãããã¯ã¹ãéããŸããå®å šã§æå¹ãªã¡ãŒã«ã¢ãã¬ã¹ã å ¥åããã (äŸ: [email protected])ããŸãã¯ã¢ã¹ã¿ãªã¹ã¯ãã¯ã€ã«ãã«ãŒããšããŠäœ¿çšã㊠ç¹å®ãã¡ã€ã³ã®ãã¹ãŠã®ã¡ãŒã«ã¢ãã¬ã¹ãæå®ã§ããŸã (äŸ: *@example.com)ã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããé€å€ããé€å€ ããªã¹ãã«è¡šç€ºãããŸãã é€å€ã«ãŒã«ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 10.1.6 ãªã¬ãŒ SMTP ãããã·ã¯ã¡ãŒã«ãªã¬ãŒãšããŠäœ¿çšã§ããŸããã¡ãŒã«ãªã¬ãŒã¯ãç¹å®ã®ãŠãŒã¶ããŠãŒã¶ã°ã«ãŒ ãããããã¯ãã¹ãããããä»ããŠããŒã«ã«ä»¥å€ã®ãã¡ã€ã³ã«ã¡ãŒã«ããªã¬ãŒ (éä¿¡) ã§ããããã«èš å®ãããSMTP ãµãŒãã§ãã 泚 â ãã®ã¿ãã®äžéšã®æ©èœã¯ãããŒã·ãã¯ã¬ãŒã ãµãã¹ã¯ãªãã·ã§ã³ã§ã¯å©çšã§ããŸããã ã¢ããã¹ã ãªãŒã ãã¹ã ãªã¹ã ã¢ããã¹ããªãŒã ã®ãã¹ãã¯ãã¡ãŒã«ãã客æ§ã® ISP ãããã¯å€éš MX ã«è»¢éãããã¹ãã§ããã¹ã¿ ãã£ãã¯ãªã¢ããã¹ããªãŒã ã®ãã¹ãããã¡ãŒã«ãåä¿¡ããå Žåã¯ãããã«ãã¹ããå ¥åããå¿ èŠãã ããŸãããã¹ããå ¥åããªããšãã¹ãã ä¿è·ãæ£åžžã«æ©èœããªããªããŸãã ã¢ããã¹ããªãŒã ãã¹ããè¿œå ããã«ã¯ãã+ãã¢ã€ã³ã³ãŸãã¯ãã©ã«ãã¢ã€ã³ã³ãã¯ãªãã¯ããŠããããã ã¯ãŒã¯ ããªããžã§ã¯ããªã¹ããããã©ãã°ïŒããããããŸããã¢ããã¹ããªãŒã ãã¹ãã®ã¿ãèš±å¯ããå Ž åã¯ããã¢ããã¹ããªãŒã /ãªã¬ãŒãã¹ãã®ã¿èš±å¯ ããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŸããããã«ã ããSMTP ã¢ã¯ã»ã¹ã¯ãå®çŸ©ãããã¢ããã¹ããªãŒã ãã¹ãã«å¶éãããŸããã¢ããã¹ããªãŒã ãã¹ã ã¯ããªã¬ãŒç¹æš©ã®ååŸãèªèšŒã§ããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã UTM 9 管çã¬ã€ã 307 10.1 SMTP 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ èªèšŒãªã¬ãŒ SMTP ã¯ã©ã€ã¢ã³ãã¯ããªã¬ãŒç¹æš©ã®ååŸãèªèšŒã§ããŸãããèªèšŒã«ãããªã¬ãŒã®èš±å¯ ããã§ã㯠ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŠããã®æ©èœã䜿çšã§ããããã«ãããŠãŒã¶ããã³ãŠãŒã¶ã°ã«ãŒããæå® ããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã 泚 âãã¢ããã¹ããªãŒã /ãªã¬ãŒãã¹ãã®ã¿èš±å¯ ããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ã£ãŠããå Žåãèª èšŒãªã¬ãŒã¯éä¿¡ãã¹ããã¢ããã¹ããªãŒã /ãªã¬ãŒãã¹ããšããŠèšå®ãããŠããå Žåã«ã®ã¿æ©èœã㟠ãã ãã¹ã ã ãŒã¹ãªã¬ãŒ ã¡ãŒã«ãªã¬ãŒãããã¹ãããŒã¹ã«å¯Ÿå¿ã§ããŸããã䜿ãã®ããŒã«ã«ã¡ãŒã«ãµãŒããããã¯ã¡ãŒã«ã¯ã© ã€ã¢ã³ãã SMTP ãããã·ãã¡ãŒã«ãªã¬ãŒãšããŠäœ¿çšããå¿ èŠãããå Žåã¯ããªã¬ãŒãä»ããŠã¡ãŒã« ãéä¿¡ã§ããããã«ãããããã¯ãŒã¯ããã¹ãããèš±å¯ãã¹ã/ãããã¯ãŒã¯ ãããã¯ã¹ã«è¿œå ããå¿ èŠ ããããŸãããªã¹ãããããããã¯ãŒã¯ããã¹ãã¯ãã©ã®ã¢ãã¬ã¹ã«ãã¡ãã»ãŒãžãéä¿¡ã§ããŸãã èŠå âãèš±å¯ãã¹ã/ãããã¯ãŒã¯ ãããã¯ã¹ã§ã¯ã絶察ã«ããã¹ãŠ ããéžæããªãã§ãã ãããããã éžæãããšããªãŒãã³ãªã¬ãŒã«ãªããã€ã³ã¿ãŒãããäžã®èª°ãã SMTP ãããã·çµç±ã§ã¡ãã»ãŒãžã éä¿¡ã§ããããã«ãªããŸããã¹ããã¯ãããããã«èŠã€ãã倧éã®ã¡ãŒã«ãã©ãã£ãã¯ãéä¿¡ã㟠ããææªã®å Žåã¯ãã客æ§ããµãŒãããŒãã£ã®ã¹ãããã©ãã¯ãªã¹ãã«èŒãããšã«ãªã£ãŠããŸã㟠ããã»ãšãã©ã®èšå®ã§ã¯ãã客æ§ã®ãããã¯ãŒã¯ã®ã¡ãŒã«ãµãŒãã ãããã¡ãŒã«ã®ãªã¬ãŒãèš±å¯ã ããå¯äžã®ãã¹ããšãã¹ãã§ãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã ãã¹ã / ããã 㯠ãŒã¯ã®ãã©ãã¯ãªã¹ã ããã§ãSMTP ãããã·ã§ãããã¯ãããã¹ãããã³ãããã¯ãŒã¯ãå®çŸ©ã§ããŸãã èšå®ãä¿åããã« ã¯ãé©çš ããã¯ãªãã¯ããŸãã ãªã¬ãŒ(éä¿¡)ã¡ ãã»ãŒãžã®ã³ ã³ ãã³ ã ãã¹ãã£ã³ ãã®ãªãã·ã§ã³ãæå¹ã«ãããšãèªèšŒããããªã¬ãŒãããã¯ãã¹ãããŒã¹ã®ãªã¬ãŒã§éä¿¡ãããã¡ã ã»ãŒãžã«ã€ããŠãæªæããã³ã³ãã³ãã®æç¡ãã¹ãã£ã³ãããŸããéä¿¡ã¡ãŒã«ã倧éã«ããå Žåã ãã®ãªãã·ã§ã³ããªãã«ãããšãããã©ãŒãã³ã¹ãåäžããŸãã èšå®ãä¿åããã«ã¯ãé©çš ãã㯠ãªãã¯ããŸãã 308 UTM 9 管çã¬ã€ã 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 10.1 SMTP éä¿¡ã¡ãã»ãŒãžã«ã¯ãã°ããŒãã«ãªã¢ã³ããŠã€ã«ã¹ããã³ã¢ã³ãã¹ãã èšå®ãé©çšãããŸãããã ãããããã®èšå®ãåãããææã¡ãã»ãŒãžãã¹ãã ã¡ãã»ãŒãžã¯ãã©ãã¯ããŒã«åã§ã¯ãªãåžžã«é é¢ãããŸããããã«ãããæå³ããªãã¡ãŒã«ã®çŽå€±ãåé¿ãããŸãã 10.1.7 詳现 ãSMTP > 詳现 ãã¿ãã§ã¯ãã¹ããŒããã¹ãã®èšå®ãééã¢ãŒãã¹ããããªã¹ããªã©ã® SMTP ãããã· ã®è¿œå ã»ãã¥ãªãã£ãªãã·ã§ã³ãèšå®ã§ããŸãã 芪ãã ã㷠芪ãããã·ã¯ãå€ãã®å Žåãæ¿åºæ¿èªã®ãããã·ãµãŒããéããŠã€ã³ã¿ãŒãããã¢ã¯ã»ã¹ãã«ãŒã㣠ã³ã°ããå¿ èŠã®ããåœãªã©ã§å¿ èŠãšãããŸãã芪ãããã·ã®äœ¿çšãã»ãã¥ãªãã£ããªã·ãŒã§æ±ãã ããŠããå Žåãããã§ãã¹ãå®çŸ©ãšããŒããéžæããŠèŠªãããã·ãèšå®ã§ããŸãã 芪ãããã·ã䜿çš:芪ãããã·ã®äœ¿çšãæå¹ã«ããã«ã¯ããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŸããã ããã·ã®ãã¹ãåãšããŒããå ¥åããŸãã ãããã·èªèšŒãå¿ èŠ:芪ãããã·ã§èªèšŒãå¿ èŠãªå Žåãããã§ãŠãŒã¶åãšãã¹ã¯ãŒããå ¥åã㟠ãã ééã¢ãŒã SMTP ã®ééã¢ãŒããæå¹ã«ããã«ã¯ããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ãããé©çš ããã¯ãªãã¯ã㟠ãã ãééã¢ãŒãæã«ã¹ããããããã¹ã/ããããããã¯ã¹ã«ãªã¹ããããŠãããã¹ããšãããã¯ãŒã¯ ã¯ãSMTP ãã©ãã£ãã¯ã®ééçã€ã³ã¿ãŒã»ãã·ã§ã³ã®å¯Ÿè±¡ãšã¯ãªããŸããããã ãããããã®ãã¹ã ããã³ãããã¯ãŒã¯ã§ SMTP ãã©ãã£ãã¯ãèš±å¯ããã«ã¯ãããªã¹ãå ã®ãã¹ã/ãããã¯ãŒã¯ã® SMTP ã ã©ãã£ãã¯ãèš±å¯ããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŸãããã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ã㪠ãå Žåã¯ãããã§ãªã¹ããããŠãããã¹ããšãããã¯ãŒã¯ã«ç¹å®ã®ãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ãå®çŸ©ã ãå¿ èŠããããŸãã TLSèšå® TLS 蚌ææžããããããŠã³ãªã¹ããã蚌ææžãéžæããŸãããã®èšŒææžã¯ãTLS æå·åã«ã€ããŠã ãããµããŒãããŠãããã¹ãŠã®ãªã¢ãŒããã¹ããšããŽã·ãšãŒãããããã«äœ¿çšãããŸãã 蚌ææžã¯ã ããµã€ãé VPN > 蚌ææžç®¡ç > 蚌ææž ãã¿ãã§äœæãŸãã¯ã¢ããããŒãã§ããŸãã TLS ããŽã·ãšãŒã·ã§ã³å¿ é ã®ãã¹ã/ããã:ããã«ãã¡ãŒã«éä¿¡ã® TLS æå·åãåžžã«å¿ èŠãªãã¹ã ãŸãã¯ããããè¿œå ããŸããããã«ãããUTMã¯ããããã®ãã¹ã/ãããã§äœããã®çç±ã§ TLS æå· åã䜿çšã§ããªãå Žåã«ãã¡ãŒã«ãæå¶ããŸããã€ãŸããTLS ã䜿çšå¯èœã«ãªããŸã§ãã¡ãã»ãŒãžã¯ UTM 9 管çã¬ã€ã 309 10.1 SMTP 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ ã¡ãŒã«ãã¥ãŒã«ä¿çãããŸããäžå®ã®æéã«ããã£ãŠ TLS ã䜿çšã§ããªãå Žåã¯ãéä¿¡ã®è©Šè¡ ãåæ¢ãããã¡ãŒã«ãéä¿¡ã§ããªãã£ããšããéç¥ããŠãŒã¶ã«éä¿¡ãããŸãã TLS ããŽã·ãšãŒã·ã§ã³å¿ é ã®éä¿¡ãã¡ã€ã³:ç¹å®ã®ãã¡ã€ã³ã«å¯ŸããŠåä¿¡ã¡ãŒã«ã® TLS æå·åã匷 å¶ããã«ã¯ãããã«ãã¡ã€ã³ãå ¥åããŸãããããã®ãã¡ã€ã³ãã TLS ãªãã§éä¿¡ãããã¡ãŒã«ã¯ãå³ æã«æåŠãããŸãã TLS ããŽã·ãšãŒã·ã§ã³ãã¹ããããããã¹ã/ããã:ç¹å®ã®ãã¹ãããããã¯ãŒã¯ã§ TLS æå·åã«é¢ ããåé¡ãçºçããå Žåã¯ããããããã¯ã¹ã«å ¥åããé©å㪠TLS 蚌ææžãããããããŠã³ã¡ ãã¥ãŒããéžæããŸããããã«ãã£ãŠãUTMã¯ããã®ãã¹ããŸãã¯ãããã¯ãŒã¯ã«å¯ŸããTLSããŽã· ãšãŒã·ã§ã³ãã¹ãããããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã D omainKeys Id entified Mail (D KIM) DKIM ã¯çºä¿¡ã¡ãã»ãŒãžã«æå·ã«ãã£ãŠçœ²åããæ¹æ³ã§ããDKIM 眲åã䜿çšããã«ã¯ãRSA éµãš 察å¿ããéµã»ã¬ã¯ã¿ãåãã£ãŒã«ãã«å ¥åããã¡ãŒã«ã«çœ²åãããã¡ã€ã³ããDKIM ãã¡ã€ã³ãããã¯ã¹ ã«è¿œå ããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã æ©å¯æ§è¡šæããã¿ åéä¿¡ã¡ãŒã«ã«ã€ããŠãã¡ãŒã«ã«æ©å¯æ å ±ãéšå€ç§ã®æ å ±ãå«ãŸããŠããããšãªã©ããŠãŒã¶ã«ç¥ ããããæ©å¯ããã¿ãè¿œå ããŠã«ã¹ã¿ãã€ãºã§ããŸãããªããæ©å¯ããã¿ã¯ãè¿ä¿¡ã¡ãŒã«ã®å Žå (In- Reply-Toããããæã€ãã®) ããŸãã¯ã¡ãŒã«ã®ã³ã³ãã³ãã¿ã€ããå€å®ã§ããªãå Žåã¯ãã¡ãŒã«ã«è¿œ å ãããŸããã 泚 âã¡ãŒã«ã¯ã©ã€ã¢ã³ã (äŸ: Microsoft Outlook ãŸã㯠Mozilla Thunderbird) ã眲åæžã¿ãŸãã¯æå· åæžã¿ã®ã¡ãã»ãŒãžã«ããã¿ãè¿œå ãããšã眲åãç Žå£ãããŠç¡å¹ã«ãªããŸããããžã¿ã«çœ²åã㯠ã©ã€ã¢ã³ãåŽã§äœæããå Žåã¯ãã¢ã³ããŠã€ã«ã¹ãã§ãã¯ããã¿ãªãã·ã§ã³ãç¡å¹ã«ããŠãã ãããã ã ããã¡ãŒã«éä¿¡ã®ãã©ã€ãã·ãŒãèªèšŒãä¿ã¡ãªãããäžè¬çãªãŠã€ã«ã¹å¯Ÿçãã§ãã¯ããã¿ã䜿 çšããå Žåã¯ãSophos UTM ã®çµã¿èŸŒã¿ã¡ãŒã«æå·åæ©èœã®äœ¿çšãèæ ®ããŠãã ãããã²ãŒã ãŠã§ã€äžã§ã®ã¡ãŒã«æå·åã§ã¯ãããžã¿ã«çœ²åãäœæããåã«ããã¿ãã¡ãã»ãŒãžã«ä»å ããã ããã眲åãæãªãããããšã¯ãããŸããã 詳现èšå® ããã§ãSMTP ãã¹ãåããã¹ããã¹ã¿ã¢ãã¬ã¹ãªã©ãèšå®ã§ããŸãã SMTP ãã¹ãå:SMTP ãã¹ãåãèšå®ãããšããããã·ã¯ãHELO ããã³ SMTP ãããŒã¡ãã»ãŒãžã§ æå®ãããååã䜿çšããŸããããã©ã«ãã§ã¯ãéåžžã·ã¹ãã ã®ãã¹ãåãéžæãããŠããŸãã 310 UTM 9 管çã¬ã€ã 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 10.1 SMTP Postmasterã¢ãã¬ã¹:éä¿¡ãããã¡ãã»ãŒãžã®è»¢éå ãšãªãUTMã®ãã¹ããã¹ã¿ã®ã¡ãŒã«ã¢ãã¬ã¹ ãpostmaster@[192.168.16.8] ã®åœ¢ã§æå®ããŸãããã®å ŽåãIP ãªãã©ã«ã¢ãã¬ã¹ããUTMã® IP ã¢ãã¬ã¹ã®1ã€ã«ãªããŸãããã®ãããªã¡ãã»ãŒãžãåãå ¥ããããšã RFC èŠä»¶ãšãªã£ãŠããŸãã BATV ã·ãŒã¯ã¬ãã:ããã§ãSMTP ãããã·ã䜿çšãããèªåçã«çæããã BATV ã·ãŒã¯ã¬ããã å€æŽã§ããŸããBATV ã·ãŒã¯ã¬ããã¯ã¡ãŒã«ã®ãšã³ãããŒãã® MailFrom ã¢ãã¬ã¹ãžã®çœ²åã«äœ¿çš ãããå ±æéµã§ãç¡å¹ãªããŠã³ã¹ã¢ãã¬ã¹ã®æ€åºãå¯èœã«ããŸããè€æ°ã® MX ããã¡ã€ã³ã«äœ¿çšã ãŠããå Žåã¯ãBATV ã·ãŒã¯ã¬ããããã¹ãŠã®ã·ã¹ãã ã§åããã®ã«å€æŽã§ããŸãã æ倧ã¡ãã»ãŒãžãµã€ãº:ãããã·ãåãä»ããæ倧ã¡ãã»ãŒãžãµã€ãºããã®èšå®ã¯éåä¿¡äž¡æ¹ã® ã¡ãŒã«ã«é©çšãããŸããããã¯ãšã³ããµãŒãã«ã¡ãã»ãŒãžãµã€ãºã®å¶éãããå Žåã¯ãããã§ã¯ã ã®å¶éå€ä»¥äžã«èšå®ããå¿ èŠããããŸãã æ倧ã³ãã¯ã·ã§ã³æ°:ãããã·ãèš±å¯ããæ倧åææ¥ç¶æ°ãããã©ã«ã㯠20 ã§ãã æ倧ã³ãã¯ã·ã§ã³æ°/ãã¹ã:ãããã·ãèš±å¯ãããã¹ãåœããã®æ倧æ¥ç¶æ°ãããã©ã«ã㯠10 ãã æ倧ã¡ãŒã«æ°/ã³ãã¯ã·ã§ã³:ãããã·ãèš±å¯ããã³ãã¯ã·ã§ã³åœããã®æ倧ã¡ãŒã«æ°ãããã©ã«ã㯠1000 ã§ãã æ倧åä¿¡è æ°/ã¡ãŒã«:ãããã·ãèš±å¯ããã¡ãŒã«åœããã®æ倧åä¿¡è æ°ãããã©ã«ã㯠500 ã§ãã ããã¿ã¢ãŒã:ããã§ã¡ãŒã«ãžã®ããã¿ã®è¿œå æ¹æ³ãå®çŸ©ã§ããŸãããMIME ããŒãããæå®ãããšãè¿œ å ã® MIME ããŒããšããŠããã¿ãè¿œå ããŸããæ¢åã®ããŒããšã³ã³ãŒãã£ã³ã°ã¯å€æŽãããªãã®ã§ã åœèªã®æåãä¿æãããŸããå¥ã®æ¹åŒã§ãããã€ã³ã©ã€ã³ãã§ã¯ãããã¿ãã¡ãŒã«æ¬äœããåºåãèš å· -- ã§åé¢ãããŸãããã®ã¢ãŒãã§ã¯ãããã¿ã§ Unicode (UTF-8) å€æã䜿çšãããã©ãããéžæ ã§ããŸããUnicode å€æãè¡ããšãããã¿ã§åœèªã®æåãä¿æããããã«ã¡ãã»ãŒãžãã¢ããã°ã¬ãŒã ãããŸãã ã¹ããŒã ãã¹ã ã®èšå® ã¹ããŒããã¹ãã¯ã¡ãŒã«ãªã¬ãŒãµãŒãã®äžçš®ã§ãSMTP ãµãŒããåä¿¡è ã®ãµãŒãã«çŽæ¥ã¡ãŒã«ã ã«ãŒãã£ã³ã°ããã®ã§ã¯ãªããã¢ããã¹ããªãŒã ã®ã¡ãŒã«ãµãŒãã«ã«ãŒãã£ã³ã°ã§ããããã«ããŸãã å€ãã®å Žåãã®ã¹ããŒããã¹ãã¯ãéä¿¡è ãã¹ããŒããã¹ããéããŠã¡ãŒã«ãéä¿¡ããæš©éãæã€ã ãšã確èªããããã«ãéä¿¡è ã®èªèšŒãå¿ èŠãšããŸãã ã¹ããŒããã¹ãã䜿çš:ã¡ãŒã«ã®éä¿¡ã«ã¹ããŒããã¹ãã䜿çšããå Žåã¯ããã®ãã§ãã¯ããã¯ã¹ã« ãã§ãã¯ãå ¥ããŸãããã®ãªãã·ã§ã³ãéžæãããšããããã·èªäœãã¡ãŒã«ãé ä¿¡ããããšã¯ãªã㪠ãããã¹ãŠãã¹ããŒããã¹ãã«éä¿¡ããããã«ãªããŸãã l ã¹ããŒããã¹ã:ã¹ããŒããã¹ããªããžã§ã¯ããéžæãŸãã¯è¿œå ããŸãã l ã¹ããŒããã¹ãããŒã:ã¹ããŒããã¹ãæ¥ç¶ã®ããã©ã«ãããŒãã¯25ã§ããå¿ èŠã«å¿ããŠãããŒã ãå€æŽã§ããŸãã UTM 9 管çã¬ã€ã 311 10.2 SMTP ãããã¡ã€ã« l 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ ã¹ããŒããã¹ãèªèšŒãå¿ èŠ:ã¹ããŒããã¹ããèªèšŒãå¿ èŠãšããå Žåã¯ããã§ãã¯ããã¯ã¹ã« ãã§ãã¯ãå ¥ããŸããããã¬ãŒã³ããšããã°ã€ã³ãèªèšŒã¿ã€ãã®äž¡æ¹ããµããŒããããŠããŸããã ãããã®ãã£ãŒã«ãã«ãŠãŒã¶åãšãã¹ã¯ãŒããå ¥åããŸãã 10.2 SMTP ãããã¡ã€ã« Sophos UTMã® SMTP ãããã·ã§ãå¥ã® SMTP ãããã¡ã€ã«ãäœæãããããç°ãªããã¡ã€ã³ã«é¢é£ ä»ããããšãã§ããŸãããã®ããã«ããŠããEã¡ãŒã«ãããã¯ã·ã§ã³ > SMTP ãã§èšå®ãããããã©ã«ãã® ãããã¡ã€ã«ä»¥å€ã®ãããã¡ã€ã«ã䜿çšããç¹å®ã®ãã¡ã€ã³ãæå®ã§ããŸããæ©èœã®é åºã¯ã¿ãã« ãã£ãŠæ§é åãããSMTP ãã©ã³ã¶ã¯ã·ã§ã³æã«åã¹ããããäºãã«ã©ã®ããã«åŠçãããããæ±ºå® ããŸãã SMTP ãããã¡ã€ã«ãäœæããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. SMTP ãããã¡ã€ã«ã¢ãŒããæå¹ã«ããŸãã ãEã¡ãŒã«ãããã¯ã·ã§ã³ > SMTP > ã°ããŒãã« ãã¿ãã§ãããããã¡ã€ã«ã¢ãŒã ããéžæããŠãé© çš ããã¯ãªãã¯ããŸãã ãEã¡ãŒã«ãããã¯ã·ã§ã³ > SMTP ãããã¡ã€ã« (SMTP Profiles)ãã¡ãã¥ãŒã® SMTP ãããã¡ã€ã« äœæãæå¹ã«ãªããŸãã 2. ãSMTP ãããã¡ã€ã« ãã¿ãã§ããæ°èŠãããã¡ã€ã« ããã¯ãªãã¯ããŸãã ãã€ã¢ãã°ããã¯ã¹ãéããŸãã 3. ãããã¡ã€ã«ã説æããååãå ¥åããŠãã ããã 4. 1ã€ä»¥äžã®ãã¡ã€ã³ãè¿œå ããŸãã 1ã€ä»¥äžã®ãã¡ã€ã³ãããã¡ã€ã³ãããã¯ã¹ã«è¿œå ããŸãã ãã®ãããã¡ã€ã«ã®èšå®ãããããã®ãã¡ã€ã³ã«é©çšãããŸãã 5. 次ã®èšå®ãè¡ããŸãã 䜿çšããæ©èœã«ã®ã¿èšå®ããŸãã以äžã®åæ©èœã«å¯ŸããŠãããã§å®çŸ©ããåã ã®èšå®ã䜿 çšãããããŸãã¯ãEã¡ãŒã«ãããã¯ã·ã§ã³ > SMTP ãã§å®çŸ©ããã°ããŒãã«èšå®ã䜿çšããã ã決å®ã§ããŸããããã©ã«ãã§ã¯ãã°ããŒãã«èšå®ãªãã·ã§ã³ãéžæãããŠããŸããåæ©èœ ã®åã ã®èšå®ã«ã€ããŠä»¥äžã«èª¬æããŸãã 泚 â ããã§èšå®ããããã¡ã€ã³åãéä¿¡è ã¢ãã¬ã¹ã«å«ãŸããæå·åãããã¡ãŒã« ã¯ãSophos UTMã®ã¡ãŒã«æå·å/埩å·åãšã³ãžã³ã䜿çšããŠã埩å·åã§ããŸããããã ãã£ãŠãå€éšã¡ãŒã«ãã¡ã€ã³ã®ãããã¡ã€ã«ã¯å«ããªãããã«ããŠãã ããã 312 UTM 9 管çã¬ã€ã 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 10.2 SMTP ãããã¡ã€ã« ããã§å®çŸ©ã§ãããã¹ãŠã®èšå®ã¯ããEã¡ãŒã«ãããã¯ã·ã§ã³ > SMTP ãã§ãã°ããŒãã«ã«èšå® ã§ããŸãããããã£ãŠãããã§ã¯ãèšå®ã®äžèŠ§ãšã°ããŒãã«èšå®ãšã®çžéç¹ã®ã¿ãã察å¿ã ãã°ããŒãã«èšå®ãžã®ã¯ãã¹ãªãã¡ã¬ã³ã¹ãšãšãã«ç€ºããŸããèšå®ã®è©³çŽ°ã¯ãã°ããŒãã«èš å®ã§ã芧ãã ããã 以äžã®èšå®ãè¡ãããšãã§ããŸãã l ã«ãŒãã£ã³ã°:ãã«ãŒãã£ã³ã°ãã¿ãã§ãSMTP ãããã·ã®ãã¡ã€ã³ãšã«ãŒãã£ã³ã°ã¿ãŒã²ãã ãèšå®ããåä¿¡è ã®ç¢ºèªæ¹æ³ãå®çŸ©ããŸãã l ã¹ã¿ãã£ãã¯ãã¹ããªã¹ã (Static Host List) l DNS ãã¹ãå (DNS Hostname) l MX ã¬ã³ãŒã (MX Records) 詳现ã¯ããEã¡ãŒã«ãããã¯ã·ã§ã³ > SMTP > ã«ãŒãã£ã³ã°ããåç §ããŠãã ããã l åä¿¡è æ€èšŒ åä¿¡è æ€èšŒ:ããã§ã¡ãŒã«åä¿¡è ã確èªãããã©ãããšç¢ºèªæ¹æ³ãæå®ã§ããŸãã l ã³ãŒã«ã¢ãŠã䜿çš:åä¿¡è æ€èšŒã®èŠæ±ããµãŒãã«éä¿¡ãããŸãã l Active Directory䜿çš:åä¿¡è æ€èšŒã®èŠæ±ã Active Directory ãµãŒãã«éä¿¡ã ããŸããActive Directory ã䜿çšããã«ã¯ããå®çŸ©ãšãŠãŒã¶ > èªèšŒãµãŒã > ãµãŒ ã ãã§æå®ããã Active Directory ãµãŒããåããŠããããšãå¿ èŠã§ããã㌠㹠DN ãã代æ¿ããŒã¹ DNããã£ãŒã«ãã«å ¥åããŸãã 泚 â Active Directory åä¿¡è æ€èšŒã䜿çšãããšããµãŒããå¿çããªãå Žåã« ã¡ãã»ãŒãžãããŠã³ã¹ãããå ŽåããããŸãã l ãªã:åä¿¡è æ€èšŒã¯å®å šã«ãªãã«ã§ããŸãããæšå¥šãããŸããããªããªãã㪠ãã«ãããšãã¹ãã ãã©ãã£ãã¯ãå¢å€§ããŠãèŸæžæ»æã®å±éºæ§ãé«ãŸããã ã§ãããã®çµæãéé¢å Žæãè¿·æã¡ãŒã«ã§æº¢ããŠããŸãããšã«ãªããŸãã 詳现ã¯ããEã¡ãŒã«ãããã¯ã·ã§ã³ > SMTP > ã«ãŒãã£ã³ã°ããåç §ããŠãã ããã l Sophos UTM RBL:ããã§ã¹ãã ã«ãªã³ã¯ãã IP ã¢ãã¬ã¹ããããã¯ã§ããŸãã l æšå¥šããã RBL ãäœ¿çš (Use Recommended RBLs) l ãã€ã€ã«ã¢ãã/ã¬ãžãã³ã·ã£ã«ãã¹ãã®ããã㯠詳现ã¯ããEã¡ãŒã«ãããã¯ã·ã§ã³ > SMTP > ã¹ãã 察ç ããåç §ããŠãã ããã l è¿œå RBL:Sophos UTMã®ã¢ã³ãã¹ãã æ©èœã匷åããããã«ããããªã RBL ãµã€ãã è¿œå ã§ããŸãã詳现ã¯ããã¡ãŒã«ãããã¯ã·ã§ã³ > SMTP > ã¹ãã 察ç ããåç §ããŠãã UTM 9 管çã¬ã€ã 313 10.2 SMTP ãããã¡ã€ã« 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ ããã3çªç®ã®ãªãã·ã§ã³ãšããŠãããã§åå¥ã®èšå®ã«ã°ããŒãã«èšå®ãè¿œå ã§ã㟠ãã l BATV/RDNS/HELO/SPF/Greylisting:ãã®ãšãªã¢ã«ã¯ãSophos UTMã®ã¢ã³ãã¹ãã æ©èœã匷åãããã®ä»ã®ããŸããŸãªè©³çŽ°ãªãã·ã§ã³ããŸãšããããŠããŸãã l ç¡å¹ãª HELO/RDNS ãªãã®ãªãžã§ã¯ã l ã°ã¬ã€ãªã¹ãã£ã³ã°ãäœ¿çš l BATV ãäœ¿çš l SPF ãã§ãã¯ãå®æœ 詳现ã¯ããEã¡ãŒã«ãããã¯ã·ã§ã³ > SMTP > ã¹ãã 察ç ããåç §ããŠãã ããã l ã¢ã³ããŠã€ã«ã¹ã¹ãã£ã³:æªæããã³ã³ãã³ããå«ãã¡ãã»ãŒãžã®åŠçæ¹æ³ãèšå®ã§ã ãŸãã次ã®äœæ¥ãå®è¡ã§ããŸãã l ãªã l éé¢ l ãã©ãã¯ããŒã« 以äžã®ã¢ã³ããŠã€ã«ã¹ã¹ãã£ã³ãªãã·ã§ã³ããéžæã§ããŸãã l ã·ã³ã°ã«ã¹ãã£ã³:ããã©ã«ãèšå®ããã¹ãã£ã³èšå® ãã¿ãã«å®çŸ©ããããšã³ãžã³ ã䜿çšããŠæé«ã¬ãã«ã®ããã©ãŒãã³ã¹ãå®çŸããŸãã l ãã¥ã¢ã«ã¹ãã£ã³:åãã©ãã£ãã¯ã«å¯Ÿããç°ãªããŠã€ã«ã¹ã¹ãã£ãã䜿çšããŠã¹ ãã£ã³ã 2åè¡ãããšã«ãããæ€åºçãæ倧éã«é«ããŸããããŒã·ãã¯ã¬ãŒããµ ãã¹ã¯ãªãã·ã§ã³ã§ã¯ãã¥ã¢ã«ã¹ãã£ã³ã¯å©çšã§ããŸããã ã¹ãã£ã³ã§ããªãã³ã³ãã³ããæå·åãããã³ã³ãã³ãã®éé¢:ãã®ãªãã·ã§ã³ãéžæã ãŠãã³ã³ãã³ããã¹ãã£ã³ã§ããªãã£ãã¡ãŒã«ãéé¢ããŸããã¹ãã£ã³ã§ããªãã³ã³ãã³ ãã¯ãæå·åããããã®ãç Žæããã¢ãŒã«ã€ãããŸãã¯ãµã€ãºã倧ããããã³ã³ãã³ã ã®ä»ãã¹ãã£ãã®äžå ·åãªã©ã®æè¡çãªåé¡ã«ããå ŽåããããŸãã 詳现ã¯ããEã¡ãŒã«ãããã¯ã·ã§ã³ > SMTP > ã¢ã³ããŠã€ã«ã¹ ããåç §ããŠãã ããã l 314 ã¢ã³ãã¹ãã ã¹ãã£ã³:ããã§è¿·æãªå®£äŒã¡ãŒã«ã®åãæ±ãã決ããŸããã¹ãã ããã³ ã¹ãã ãšç¢ºèªãããã¡ãŒã«ã«å¯ŸããŠä»¥äžã®å¯Ÿçãéžæã§ããŸãã l ãªã l èŠå l éé¢ l ãã©ãã¯ããŒã« UTM 9 管çã¬ã€ã 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 10.2 SMTP ãããã¡ã€ã« 詳现ã¯ããEã¡ãŒã«ãããã¯ã·ã§ã³ > SMTP >ã¹ãã 察ç ããåç §ããŠãã ããã l éä¿¡è ãã©ãã¯ãªã¹ã:åä¿¡ SMTP ã»ãã·ã§ã³ã®ãšã³ãããŒãéä¿¡è ã¯ããã®ãã©ãã¯ãª ã¹ãå ã®ã¢ãã¬ã¹ãšç §åãããŸãããšã³ãããŒãéä¿¡è ããã©ãã¯ãªã¹ãã«å«ãŸããŠã ãå Žåãã¡ãã»ãŒãžã¯ãã©ãã¯ããŒã«åãããŸãã詳现ã¯ããEã¡ãŒã«ãããã¯ã·ã§ã³ > SMTP > ã¹ãã 察ç ããåç §ããŠãã ããã3çªç®ã®ãªãã·ã§ã³ãšããŠãããã§åå¥ã®èš å®ã«ã°ããŒãã«èšå®ãè¿œå ã§ããŸãã l MIME ãªãŒãã£ãª/ãããª/å®è¡åœ¢åŒãããã¯:MIME ã¿ã€ãã®ãã£ã«ã¿ã¯ MIME ã¿ã€ãã® ã¡ãŒã«ã³ã³ãã³ããèªã¿ãŸããã©ã®ã¿ã€ãã®ã³ã³ãã³ããéé¢ããããéžæã§ããŸãã l é³å£°ã³ã³ãã³ã l åç»ã³ã³ãã³ã l å®è¡å¯èœãã¡ã€ã«ã³ã³ãã³ã 詳现ã¯ããEã¡ãŒã«ãããã¯ã·ã§ã³ > SMTP > ã¢ã³ããŠã€ã«ã¹ ããåç §ããŠãã ããã l MIMEã¿ã€ããã©ãã¯ãªã¹ã:ããã§ããã®ä»ã® MIME ã¿ã€ããéé¢å Žæ (æ€ç«) ã«è¿œå 㧠ããŸãã詳现ã¯ããEã¡ãŒã«ãããã¯ã·ã§ã³ > SMTP > ã¢ã³ããŠã€ã«ã¹ ããåç §ããŠãã ã ãã3çªç®ã®ãªãã·ã§ã³ãšããŠãããã§åå¥ã®èšå®ã«ã°ããŒãã«èšå®ãè¿œå ã§ããŸãã l MIMEã¿ã€ããã¯ã€ããªã¹ã:ããã§ãéé¢ããªã MIME ã¿ã€ããè¿œå ã§ããŸãã詳现ã¯ã ãEã¡ãŒã«ãããã¯ã·ã§ã³ > SMTP > ã¢ã³ããŠã€ã«ã¹ ããåç §ããŠãã ããã3çªç®ã®ãªã ã·ã§ã³ãšããŠãããã§åå¥ã®èšå®ã«ã°ããŒãã«èšå®ãè¿œå ã§ããŸãã l ãããã¯å¯Ÿè±¡ãã¡ã€ã«æ¡åŒµå:ãã¡ã€ã«æ¡åŒµåãã£ã«ã¿ã䜿çšããŠããã¡ã€ã«æ¡åŒµåã« åºã¥ããŠãç¹å®ã®ãã¡ã€ã«ã¿ã€ã (äŸ: å®è¡å¯èœãã¡ã€ã«) ãå«ãã¡ãŒã«ã (èŠåä»ãã§) éé¢ã§ããŸãã詳现ã¯ããEã¡ãŒã«ãããã¯ã·ã§ã³ > SMTP > ã¢ã³ããŠã€ã«ã¹ ããåç §ã㊠ãã ããã3çªç®ã®ãªãã·ã§ã³ãšããŠãããã§åå¥ã®èšå®ã«ã°ããŒãã«èšå®ãè¿œå ã§ã ãŸãã l ãããã¯å¯Ÿè±¡è¡šçŸ:è¡šçŸãã£ã«ã¿ã¯ãSMTP ãããã·ãééããã¡ãã»ãŒãžã«ç¹å®ã®è¡š çŸãå«ãŸããŠããªãããã³ã³ãã³ããã¹ãã£ã³ããçãã®ããã¡ãŒã«ããããã¯ããŸãã 詳现ã¯ããEã¡ãŒã«ãããã¯ã·ã§ã³ > SMTP > ã¹ãã 察ç ããåç §ããŠãã ããã3çªç®ã® ãªãã·ã§ã³ãšããŠãããã§åå¥ã®èšå®ã«ã°ããŒãã«èšå®ãè¿œå ã§ããŸãã l æ©å¯æ§è¡šæããã¿:åéä¿¡ã¡ãŒã«ã«ã€ããŠãã¡ãŒã«ã«æ©å¯æ å ±ãéšå€ç§ã®æ å ±ãå« ãŸããŠããããšãªã©ããŠãŒã¶ã«ç¥ããããæ©å¯ããã¿ãè¿œå ããŠã«ã¹ã¿ãã€ãºã§ã㟠ãããªããæ©å¯ããã¿ã¯ãè¿ä¿¡ã¡ãŒã«ã®å Žå (In-Reply-Toããããæã€ãã®) ããŸã㯠ã¡ãŒã«ã®ã³ã³ãã³ãã¿ã€ããå€å®ã§ããªãå Žåã¯ãã¡ãŒã«ã«è¿œå ãããŸãããéä¿¡è ãã¡ã€ã³ã«å¿ããŠãããã¿ãè¿œå ãããŸããããã¿ã䜿çšããã«ã¯ããã§ãã¯ããã¯ã¹ã« ãã§ãã¯ãå ¥ããããã¿ã®ããã¹ããå ¥åããŠãé©çš ããã¯ãªãã¯ããŸãã UTM 9 管çã¬ã€ã 315 10.3 POP3 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 6. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸããæ°ãããããã¡ã€ã«ããSMTP ãããã¡ã€ã« ããªã¹ãã«è¡šç€ºãããŸãã 泚 â ãããã¯ã«ãã°ããŒãã«èšå®ã®äœ¿çš ããéžæããŠããé©çš ããã¯ãªãã¯ãããšãæ©èœã®ã¢ã€ã³ã³ã ã°ããŒãã«èšå®ã®ã¢ã€ã³ã³ã«å€ãããŸããããã«ãããã©ã®æ©èœã«å¯ŸããŠã°ããŒãã«èšå®ãŸã㯠åã ã®èšå®ãé©çšãããŠããããç°¡åã«ããããŸãã ãããã¡ã€ã«ã®ç¡å¹åãååå€æŽããŸãã¯åé€ãè¡ãå Žåã¯ããããã¡ã€ã«ããããããŠã³ãªã¹ãäž ã«ããäžæ®µã®è©²åœãããã¿ã³ãã¯ãªãã¯ããŸãã 10.3 POP3 ãEã¡ãŒã«ãããã¯ã·ã§ã³ > POP3ãã¡ãã¥ãŒã§ã¯ãåä¿¡ã¡ãŒã«ã® POP3 ãããã·ãèšå®ã§ããŸããPost Office Protocol 3 (POP3) ã¯ã¢ããªã±ãŒã·ã§ã³å±€ã€ã³ã¿ãŒãããæšæºãããã³ã«ã§ããªã¢ãŒãã¡ãŒã«ãµãŒ ãããã®ã¡ãŒã«ã®åãåºããå¯èœã«ããŸããPOP3 ãããã·ã¯ééçã«æ©èœããŸããã€ãŸãããŒã 110 ãŸã㯠995 (TLS ã«ããæå·å) ã§å éšãããã¯ãŒã¯ããåä¿¡ãããã¹ãŠã® POP3 èŠæ±ã¯ã㯠ã©ã€ã¢ã³ãã«ã¯èªèãããã«ãããã·ãéããŠååããããªãã€ã¬ã¯ããããŸãããã®ã¢ãŒãã®ã¡ãªãã ã¯ããã®ä»ã®ç®¡çãã¯ã©ã€ã¢ã³ãåŽã®èšå®ãå¿ èŠãªããšããããšã§ãã 泚 â å Žåã«ãã£ãŠã¯ãã¡ãŒã«ã¯ã©ã€ã¢ã³ãã®èšå®ã§ãµãŒãã¿ã€ã ã¢ãŠãèšå®ãé·ãããããšãå¿ èŠ ã§ããéåžžã®ããã©ã«ãã§ããçŽ 1å以å ã®èšå®ã§ã¯ãç¹ã«å€§ããªã¡ãŒã«ããã§ãããããšãã«ã¯ çãããŸãã POP3 ãããã³ã«ã«ã¯ãã©ã®ã¡ãŒã«ããã§ã«åãåºããããããµãŒãåŽã§è¿œè·¡ããæ©èœã¯ãããŸã ããäžè¬çã«ã¯ãã¡ãŒã«ã¯ã©ã€ã¢ã³ããã¡ãŒã«ãåãåºããåŸããµãŒãäžã§ãããåé€ããŸãããã ããã¯ã©ã€ã¢ã³ããã¡ãŒã«ãåé€ããªãããã«èšå®ãããŠããå ŽåããµãŒãåŽã®åé€ã¯è¡ãããã ã©ã®ã¡ãŒã«ããã§ã«ãã§ãããããããã¯ã©ã€ã¢ã³ãã远跡ããŸãã 10.3.1 ã°ããŒãã« ãEã¡ãŒã«ãããã¯ã·ã§ã³ > POP3 > ã°ããŒãã« ãã¿ãã§ã¯ãPOP3 ãããã·ã®åºæ¬èšå®ãæ§æã§ã㟠ãã POP3 ãããã·ãèšå®ããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. POP3 ãããã·ãæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã 316 UTM 9 管çã¬ã€ã 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 10.3 POP3 ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«ãªãããPOP3 èšå® ããšãªã¢ãç·šéå¯èœã«ãªããŸãã 2. èš±å¯ãããããã¯ãŒã¯ãéžæããŸãã ãããã· POP3 ãã©ãã£ãã¯ã«èš±å¯ãããããã¯ãŒã¯ãéžæããŸããéåžžãããã¯å éšããã ã¯ãŒã¯ã§ãã 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã èšå®ããã£ã³ã»ã«ããã«ã¯ãã¢ã³ããŒè²ã®ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ã©ã€ãã ã° ãPOP 3 ã©ã€ããã°ãã¯ãPOP3 ãããã·ã®ã¢ã¯ãã£ããã£ããã°ã«èšé²ãããã¹ãŠã®åä¿¡ã¡ãŒã«ãè¡š 瀺ããŸãããã¿ã³ãã¯ãªãã¯ããŠãæ°ãããŠã£ã³ããŠã§ã©ã€ããã°ãéããŸãã 10.3.2 ãŠã€ã«ã¹å¯Ÿç ãã¢ã³ããŠã€ã«ã¹ ãã¿ãã«ã¯ããŠã€ã«ã¹ãã¯ãŒã ããã®ä»ã®ãã«ãŠã§ã¢ãªã©ã®æ害ã§å±éºãªã³ã³ãã³ã ãå«ãã¡ãŒã«ã«å¯ŸããããŸããŸãªå¯Ÿçãå«ãŸããŠããŸãã ã¢ã³ ã㊠ã€ã«ã¹ã¹ãã£ã³ ãã®ãªãã·ã§ã³ã§ã¯ããŠã€ã«ã¹ãããã€ã®æšéŠ¬ãçããããã¡ã€ã«ã¿ã€ããªã©ã®äžèŠãªã³ã³ãã³ãã㪠ããã©ãããã¡ãŒã«ãã¹ãã£ã³ããŸããæªæã®ããã³ã³ãã³ããå«ãã¡ãã»ãŒãžã¯ãããã¯ãããŠã ã¡ãŒã«ã®éé¢å Žæã«ä¿åãããŸãããŠãŒã¶ã¯ãSophosãŠãŒã¶ããŒã¿ã« ãŸãã¯ãã€ãªãŒã®éé¢ã¬ ããŒãã§ãéé¢ãããã¡ãã»ãŒãžã確èªããŠãªãªãŒã¹ã§ããŸãããã ããæªæã®ããã³ã³ãã³ããå«ã ã¡ãã»ãŒãžã¯ãã¡ãŒã«ãããŒãžã£ã§ç®¡çè ã®ã¿ãéé¢ãããªãªãŒã¹ã§ããŸãã Sophos UTM ã¯ãæé«ã®ã»ãã¥ãªãã£ãå®çŸããããŸããŸãªã¢ã³ããŠã€ã«ã¹ãšã³ãžã³ãåããŠã㟠ãã l ã·ã³ã°ã«ã¹ãã£ã³:ããã©ã«ãèšå®ããã¹ãã£ã³èšå® ãã¿ãã«å®çŸ©ããããšã³ãžã³ã䜿çšããŠæ é«ã¬ãã«ã®ããã©ãŒãã³ã¹ãå®çŸããŸãã l ãã¥ã¢ã«ã¹ãã£ã³:åãã©ãã£ãã¯ã«å¯Ÿããç°ãªããŠã€ã«ã¹ã¹ãã£ãã䜿çšããŠã¹ãã£ã³ã 2å è¡ãããšã«ãããæ€åºçãæ倧éã«é«ããŸããããŒã·ãã¯ã¬ãŒããµãã¹ã¯ãªãã·ã§ã³ã§ã¯ã㥠ã¢ã«ã¹ãã£ã³ã¯å©çšã§ããŸããã ã¹ãã£ã³ã§ããªãã³ã³ãã³ããæå·åãããã³ã³ãã³ãã®éé¢:ãã®ãªãã·ã§ã³ãéžæããŠãã³ã³ãã³ã ãã¹ãã£ã³ã§ããªãã£ãã¡ãŒã«ãéé¢ããŸããã¹ãã£ã³ã§ããªãã³ã³ãã³ãã¯ãæå·åããããã®ã ç Žæããã¢ãŒã«ã€ãããŸãã¯ãµã€ãºã倧ããããã³ã³ãã³ãã®ä»ãã¹ãã£ãã®äžå ·åãªã©ã®æè¡ç ãªåé¡ã«ããå ŽåããããŸãã UTM 9 管çã¬ã€ã 317 10.3 POP3 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ æ倧ã¹ãã£ã³ãµã€ãº:ã¢ã³ããŠã€ã«ã¹ãšã³ãžã³ã§ã¹ãã£ã³ããæ倧ãã¡ã€ã«ãµã€ãºãæå®ããŸããã ã®ãµã€ãºãè¶ ãããã¡ã€ã«ã¯ã¹ãã£ã³å¯Ÿè±¡å€ãšãªããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã ãã¡ã€ã«æ¡åŒµåãã£ã«ã¿ ãã®æ©èœã¯ããã¡ã€ã«æ¡åŒµåã«åºã¥ããŠç¹å®ã¿ã€ãã®ãã¡ã€ã« (å®è¡å¯èœãã¡ã€ã«ãªã©) ãå«ãã¡ãŒ ã«ã (èŠåä»ãã§) ãã£ã«ã¿ãªã³ã°ããéé¢ããŸãããã¡ã€ã«æ¡åŒµåãè¿œå ããã«ã¯ãããããã¯å¯Ÿè±¡ ãã¡ã€ã«æ¡åŒµå ãããã¯ã¹ã®ã+ãã¢ã€ã³ã³ãã¯ãªãã¯ããã¹ãã£ã³ãããã¡ã€ã«æ¡åŒµå (äŸ: exe ãŸã㯠jar (åºåãæåã®ããããªã)) ãå ¥åããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã ãã³ã â çŠæ¢ããããã¡ã€ã«æ¡åŒµåã«å¯ŸããŠã¢ãŒã«ã€ããæ€çŽ¢ããããšã¯ã§ããŸãããã¢ãŒã«ã€ã ã«å«ãŸãããã«ãŠã§ã¢ãããããã¯ãŒã¯ãä¿è·ããã«ã¯ã該åœããã¢ãŒã«ã€ãã®ãã¡ã€ã«æ¡åŒµåã ãããã¯ããããšãèæ ®ããŠãã ããã 10.3.3 ã¹ãã 察ç Sophos UTM Sophos UTM ãèšå®ããŠãæªæ¿è«Ÿã®ã¹ãã ã¡ãŒã«ãæ€åºããããæ¢ç¥ã® (ãŸãã¯çãã ã) ã¹ãã çºä¿¡è ããã®ã¹ãã éä¿¡ãèå¥ããããšãã§ããŸãããã¹ãã 察ç ãã¿ãã«ããèšå®ãªã ã·ã§ã³ã䜿çšããŠãPOP3 ã®ã»ãã¥ãªãã£æ©èœãèšå®ããæªæ¿è«Ÿã®å®£äŒçšã¡ãŒã«ãªã©ããããã ã¯ãŒã¯ãä¿è·ããŸãã ã¹ãã ãã£ã«ã¿ Sophos UTM Sophos UTM ã«ã¯ãã¹ãã ã®ç¹åŸŽãããåä¿¡ã¡ãŒã«ããã¥ãŒãªã¹ãã£ãã¯ã«ãã§ãã¯ãã æ©èœããããŸãããã®æ©èœã¯ãSMTP ãšã³ãããŒãæ å ±ãšãçºèŠçãã¹ãããã³ç¹æ§ã«é¢ããå éš ããŒã¿ããŒã¹ã䜿çšããŸãããã®ã¹ãã ãã£ã«ã¿ãªãã·ã§ã³ã§ã¯ãã¡ãã»ãŒãžã®å 容㚠SMTP ãšã³ã ããŒãæ å ±ã«åºã¥ããŠã¡ãã»ãŒãžã«ã¹ã³ã¢ãä»ããŸããã¹ã³ã¢ãé«ãã»ã©ãã¹ãã ã®å¯èœæ§ãé«ã ããšãæå³ããŸãã 次㮠2ã€ã®ãªãã·ã§ã³ã䜿çšããŠãããäžå®ã®ã¹ãã ã¹ã³ã¢ãä»ããã¡ãã»ãŒãžãžã®å¯Ÿå¿æ¹æ³ãæ å®ããããšãã§ããŸããããã«ãããã²ãŒããŠã§ã€ã¯ã¹ãã ã®å¯èœæ§ãããã¡ãŒã«ãå¥åã«æ±ãããš ãã§ããããã«ãªããŸãã l Spamã¢ã¯ã·ã§ã³:ããã§ã¯ãã¹ãã ã®å¯èœæ§ããããšããŠåé¡ãããã¡ãã»ãŒãžã«å¯Ÿãã察ç ãå®çŸ©ã§ããŸãã l Confirmed Spamã¢ã¯ã·ã§ã³:ããã§ã¯ãConfirmed Spam (確å®æ§ã®é«ãã¹ãã ) ãšç¢ºèªããã ã¡ãã»ãŒãžã«å¯Ÿããã¢ã¯ã·ã§ã³ãå®çŸ©ã§ããŸãã ããã 2çš®é¡ã®ã¹ãã ã«å¯ŸããåŠçããããŸããŸãªå¯Ÿçããéžæã§ããŸãã 318 UTM 9 管çã¬ã€ã 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 10.3 POP3 l ãªã:ã¡ãã»ãŒãžã¯ã¹ãã ãšããŠããŒã¯ããããããã£ã«ã¿ãããŸããã l èŠå:ã¡ãã»ãŒãžã¯ãã£ã«ã¿ãããŸããããã®ä»£ããã«ãã¹ãã ãã©ã°ãã¡ãã»ãŒãžãããã«è¿œ å ãããã¹ãã ããŒã«ãã¡ãã»ãŒãžã®ä»¶åã«è¿œå ãããŸãã l éé¢:ã¡ãã»ãŒãžã¯ãããã¯ãããã¡ãŒã«ã®éé¢å Žæã«ä¿åãããŸããéé¢ãããã¡ãã»ãŒãž ã¯ããŠãŒã¶ããŒã¿ã«ãŸãã¯ãã€ãªãŒã®éé¢ã¬ããŒãã§ç¢ºèªã§ããŸãã ã¹ãã ããŒã«:ãã®ãªãã·ã§ã³ã§ãã¹ãã ããŒã«ãæå®ã§ããŸããã¹ãã ããŒã«ãšã¯ãã¹ãã ã¡ãã»ãŒ ãžããã°ããç°¡åã«èå¥ã§ããããã«ãã¡ãã»ãŒãžã®ä»¶åè¡ã«è¿œå ãããæååã§ããããã©ã«ã ã§ã¯ãã¹ãã ã¡ãã»ãŒãžã瀺ãããã« *SPAM* ãšããæååã䜿çšãããŸãã è¡šçŸãã£ã«ã¿ è¡šçŸãã£ã«ã¿ã¯ãç¹å®ã®è¡šçŸãæ¢ããŠã¡ãã»ãŒãžã®ä»¶åãæ¬æãã¹ãã£ã³ããŸããããã«ãªã¹ããã ãè¡šçŸãå«ãã¡ãŒã«ã¯ãããã¯ãããŸãããã ãããEã¡ãŒã«ãããã¯ã·ã§ã³ã>ãPOP3ã>ã詳现ãã¿ã㧠ããªãã§ãããªãã·ã§ã³ãæå¹ã«ãªã£ãŠããå Žåã¯ãã¡ãŒã«ã¯éé¢å Žæã«éãããŸããè¡šçŸã¯ Perl äºæã®æ£èŠè¡šçŸ ã§æå®ã§ããŸããããšãã°ããonline datingããªã©ã®ç°¡åãªæååã¯ã倧æåãšå° æåãåºå¥ããªãã§è§£éãããŸãã åç § â è¡šçŸãã£ã«ã¿ã§æ£èŠè¡šçŸã䜿çšããæ¹æ³ã®è©³çŽ°ã¯ãSophos ãµããŒãããŒã¿ããŒã¹ãåç § ããŠãã ããã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã éä¿¡è ãã©ãã¯ãªã¹ã åä¿¡ãã POP3 ã»ãã·ã§ã³ã®ãšã³ãããŒãã®éä¿¡è ãããã®ãã©ãã¯ãªã¹ãã®ã¢ãã¬ã¹ãšç §åãã㟠ãããšã³ãããŒãã®éä¿¡è ããã©ãã¯ãªã¹ãã«ããå Žåãã¡ãã»ãŒãžã¯éé¢ããã件åè¡ã« Other ãš ããŒã¯ãããŸãã ãã©ãã¯ãªã¹ãã«æ°ããã¢ãã¬ã¹ãã¿ãŒã³ãè¿œå ããã«ã¯ãããã©ãã¯ãªã¹ãã¢ãã¬ã¹ãã¿ãŒã³ãããã¯ã¹ ã§ãã©ã¹ã¢ã€ã³ã³ãã¯ãªãã¯ããã¢ãã¬ã¹ (ã®äžéš) ãå ¥åããŠããããé©çš ããã¯ãªãã¯ããŸããã¯ã€ã«ã ã«ãŒããšããŠã¢ã¹ã¿ãªã¹ã¯(*)ã䜿çšã§ããŸã (äŸ: *@abbeybnknational.com)ã ãã³ã â ãšã³ããŠãŒã¶ã¯ããŠãŒã¶ããŒã¿ã«ã§ç¬èªã®ãã©ãã¯ãªã¹ãããã³ãã¯ã€ããªã¹ããäœæã§ã ãŸãã 10.3.4 é€å€ ãPOP3 > é€å€ ãã¿ãã§ãããŸããŸãªã»ãã¥ãªãã£æ©èœããé€å€ããã¯ã©ã€ã¢ã³ããã¹ã/ãããã¯ãŒã¯ã éä¿¡è ã¢ãã¬ã¹ãå®çŸ©ã§ããŸãã UTM 9 管çã¬ã€ã 319 10.3 POP3 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ é€å€ã«ãŒã«ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãé€å€ ãã¿ãã§ããæ°èŠé€å€ãªã¹ãããã¯ãªãã¯ããŸãã ãé€å€ãªã¹ããäœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã®é€å€ã«ãŒã«ã説æããååãå ¥åããŠãã ããã ã¹ããããããã§ãã¯:ã¹ãããããã»ãã¥ãªãã£ãã§ãã¯ãéžæããŸãã詳现ã¯ããEã¡ãŒã«ãã ãã¯ã·ã§ã³ã>ãSMTPã>ãã¢ã³ããŠã€ã«ã¹ãããã³ãã¹ãã 察çããåç §ããŠãã ããã ã¯ã©ã€ã¢ã³ããã¹ã/ãããã¯ãŒã¯ã§é€å€:ã»ãã¥ãªãã£ãã§ãã¯ãã¹ãããããéä¿¡å ãã¹ã/ ãããã¯ãŒã¯ (ã¡ãã»ãŒãžãçºä¿¡ãããã¹ããŸãã¯ãããã¯ãŒã¯) ãéžæããŸãã 泚 â ããŒã«ã«ã¡ãã»ãŒãžã¯ããã©ã«ãã§ã¹ãã£ã³ãããªãã®ã§ãããŒã«ã«ãã¹ãã«ã¯é€å€ã äœæããå¿ èŠã¯ãããŸããã ãã®ãªãã·ã§ã³ãéžæãããšããã¯ã©ã€ã¢ã³ããã¹ã/ãããã¯ãŒã¯ ããã€ã¢ãã°ããã¯ã¹ãéã㟠ããã+ãèšå·ãŸãã¯ãã©ã«ãèšå·ãã¯ãªãã¯ããŠããã¹ããããã¯ãããã¯ãŒã¯ãè¿œå ã§ã㟠ãã éä¿¡è ã¢ãã¬ã¹ã§é€å€:å®çŸ©ããã»ãã¥ãªãã£ãã§ãã¯ãã¹ãããããéä¿¡è ã®ã¡ãŒã«ã¢ãã¬ã¹ ãéžæããŸãã ãã®ãªãã·ã§ã³ãéžæãããšããéä¿¡è ãããã¯ã¹ãéããŸããå®å šã§æå¹ãªã¡ãŒã«ã¢ãã¬ã¹ã å ¥åããã (äŸ: [email protected])ããŸãã¯ã¢ã¹ã¿ãªã¹ã¯ãã¯ã€ã«ãã«ãŒããšããŠäœ¿çšã㊠ç¹å®ãã¡ã€ã³ã®ãã¹ãŠã®ã¡ãŒã«ã¢ãã¬ã¹ãæå®ã§ããŸã (äŸ: *@example.com)ã 泚 â éä¿¡è ã¢ãã¬ã¹ã¯å®¹æã«åœé ã§ããããããéä¿¡è ããªãã·ã§ã³ã䜿çšããéã¯æ³šæ ãå¿ èŠã§ãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããé€å€ããé€å€ ããªã¹ãã«è¡šç€ºãããŸãã é€å€ã«ãŒã«ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 10.3.5 詳现 ãPOP3 > 詳现 ãã¿ãã§ãPOP3 ãããã·ã®ééã¢ãŒããã¹ãããã§ãããã¹ããšãããã¯ãŒã¯ãæå®ã§ ããŸããããã«ããã®ã¿ãã«ã¯ãPOP3 ãããã·ã®ããªãã§ãããªãã·ã§ã³ãå«ãŸããŠããŸããã㪠320 UTM 9 管çã¬ã€ã 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 10.3 POP3 ãã§ãããªãã·ã§ã³ã«ãããPOP3 ãµãŒãããã¡ãã»ãŒãžãããªãã§ãã (äºåååŸ) ããŠããŒã¿ããŒã¹ ã«ä¿åã§ããŸãã ééã¢ãŒãã¹ããããªã¹ã ãééã¢ãŒãæã«ã¹ããããããã¹ã/ããããããã¯ã¹ã«ãªã¹ããããŠãããã¹ããšãããã¯ãŒã¯ ã¯ãPOP3 ãã©ãã£ãã¯ã®ééçã€ã³ã¿ãŒã»ãã·ã§ã³ã®å¯Ÿè±¡ãšã¯ãªããŸããããã ãããããã®ãã¹ã ããã³ãããã¯ãŒã¯ã§ POP3 ãã©ãã£ãã¯ãèš±å¯ããã«ã¯ãããªã¹ãå ã®ãã¹ã/ãããã¯ãŒã¯ã® POP3 ã ã©ãã£ãã¯ãèš±å¯ ããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŸãããã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ã㪠ãå Žåã¯ãããã§ãªã¹ããããŠãããã¹ããšãããã¯ãŒã¯ã«ç¹å®ã®ãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ãå®çŸ©ã ãå¿ èŠããããŸãã POP3 ãµãŒããšããªãã§ããèšå® ãããã¯ãŒã¯ãŸãã¯ãšã³ããŠãŒã¶ã䜿çšãã POP3 ãµãŒããããã« 1ã€ä»¥äžå ¥åããŠããããã·ã èªèããããã«ããŸããããã«ãããªãã§ããããªã³ã«ã§ããŸãã POP3 ãµãŒããå®çŸ©ããã«ã¯ã次ã®æé ã«åŸããŸãã 1. POP3 ãµãŒãã® DNS åãè¿œå ããŸãã ãPOP3 ãµãŒã ãããã¯ã¹ã§ãã+ãã¢ã€ã³ã³ãã¯ãªãã¯ããŸããããµãŒãã®è¿œå ããã€ã¢ãã°ãŠã£ã³ ããŠã§ãDNS åãå ¥åãããä¿å ããã¯ãªãã¯ããŸãã å ¥åãã DNS åã«ãµãã£ãã¯ã¹ãServersããè¿œå ãããæ°ãããšã³ããªãããã¯ã¹ã«è¡šç€ºãã ãŸããUTM ã¯æå®ãã DNS åã® DNS ã°ã«ãŒããèªåçã«äœæããæ°ãã POP3 ãµãŒãã® ãšã³ããªã«é¢é£ä»ããŸãã 2. POP3 ãµãŒãã®å±æ§ãæå®ããŸãã ãPOP3 ãµãŒã ãããã¯ã¹ã§ãPOP3 ãµãŒãã®ç·šéã¢ã€ã³ã³ãã¯ãªãã¯ããŸããããµãŒããç·šé ã ãã€ã¢ãã°ããã¯ã¹ãéããŸãã次ã®èšå®ãè¡ããŸãã åå:å¿ èŠã«å¿ã㊠POP3 ãµãŒãåãå€æŽããŸãã ãã¹ã:ããã¯ã¹ã«ã¯ãäžèšã§æå®ãã DNS åã® DNS ã°ã«ãŒããèªåçã«å ¥ããŸããè¿œå ã®ãã¹ããŸã㯠DNS ã°ã«ãŒããè¿œå ãŸãã¯éžæããŸããåã POP3 ã¢ã«ãŠã³ããæã€ãã¹ã ãŸã㯠DNS ã°ã«ãŒãã®ã¿ãè¿œå ããŸãã TLS 蚌ææž:ããããããŠã³ãªã¹ããã蚌ææžãéžæããŸãããã®èšŒææžã¯ãTLS æå·åã«ã€ ããŠããããµããŒãããŠãããã¹ãŠã®ãªã¢ãŒããã¹ããšããŽã·ãšãŒãããããã«äœ¿çšãã㟠ãã 蚌ææžã¯ãããµã€ãé VPN > 蚌ææžç®¡ç > 蚌ææž ãã¿ãã§äœæãŸãã¯ã¢ããããŒãã§ã ãŸãã UTM 9 管çã¬ã€ã 321 10.3 POP3 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 泚 â ããã§å®çŸ©ããªã POP3 ãµãŒãããŸã㯠TLS 蚌ææžãæããªã POP3 ãµãŒãã«ã€ã ãŠã¯ãããã©ã«ãã® TLS 蚌ææžããTLS èšå® ãã»ã¯ã·ã§ã³ã§éžæã§ããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã POP3 ãµãŒããå®çŸ©ãããŸãã POP3 ãµãŒããæå®ããªãå Žåã«ãããã·ãã¡ãŒã«ã確èªãããšããããã·ã¯åãæ¥ç¶ã§ãã®ã¡ãŒ ã«ã®ä»£ããã«ãã¡ãŒã«ãéé¢ããããšãåä¿¡è ã«éç¥ããã¡ãã»ãŒãžããã ã¡ã«éããŸããéé¢ãã ãã¡ãŒã«ã¯ãã¡ãŒã«ãããŒãžã£ ãã§è¡šç€ºã§ããŸããããµãŒããã¢ã«ãŠã³ãã«é¢é£ä»ããããŠããªãã ããåŸããæ¥ç¶ããŠãªãªãŒã¹ãã (åãåºããŠåé ä¿¡ãã) ããšã¯ã§ããŸãããäžè¬çã«ã¯ãéé¢ã ããã¡ãŒã«ã®ãªãªãŒã¹ã¯ãããªãã§ãããããã¡ãã»ãŒãžã®ã¿ã§æå¹ã§ãã 以äžã® 2ã€ã®ã·ããªãªããããŸãã l POP3 ãµãŒããæå®ããŠããªãã§ãããç¡å¹ã«ããå Žåããããã·ã¯ãéé¢ãããã¡ãŒã«ãã© ã®ãµãŒã/ã¢ã«ãŠã³ãã«å±ãããã远跡ããŸãããããã£ãŠãéé¢ãããã¡ãŒã«ã¯ãã¯ã©ã€ã¢ ã³ããã¡ãŒã«ããã¯ã¹ã次åããŒãªã³ã°ãããšãã«ãªãªãŒã¹ã§ããŸãããããæ©èœããã«ã¯ãã ããã·ã¯ãã©ã® IP ã¢ãã¬ã¹ãã©ã®ãµãŒãã«å±ãããã (ã客æ§ãã¡ãŒã«ã¯ã©ã€ã¢ã³ãã§å ¥å ãã FQDN ã«ãã£ãŠ) 確å®ã«ç¹å®ããå¿ èŠããããŸãã l POP3 ãµãŒããæå®ããŠããªãã§ãããæå¹ã«ããå ŽåãPOP3 ãããã·ã¯æ°ããã¡ãã»ãŒãž ããªããã©ãã POP3 ãµãŒããå®æçã«ç¢ºèªããŸããæ°ããã¡ãã»ãŒãžãå±ããŠããå Žåã ãã㯠POP3 ãããã·ã«ã³ããŒãããã¹ãã£ã³ãããŠãUTMã®ããŒã¿ããŒã¹ã«ä¿åãããŸãã ã¡ãã»ãŒãžã¯ POP3 ãµãŒãã«çãŸããŸããã¯ã©ã€ã¢ã³ãã¯æ°ããã¡ãã»ãŒãžããã§ãããã (å ãåºã) ãšããPOP3 ãããã·ãšéä¿¡ããŠããã®ããŒã¿ããŒã¹ããã¡ãã»ãŒãžãåãåºããŸãã ããªãã§ããããµããŒãããŠãã POP3 ãããã·ã«ã¯ã以äžã®ãããªããŸããŸãªã¡ãªããããããŸãã l ã¯ã©ã€ã¢ã³ããšãããã· (ãŸãã¯ãã®é) ã®ã¿ã€ã ã¢ãŠãã®åé¡ã¯ãããŸããã l ã¡ãŒã«ãäºåã«ã¹ãã£ã³ãããããã¡ãã»ãŒãžã¯ã¯ããã«è¿ éã«é ä¿¡ãããŸãã l ãããã¯ãããã¡ãã»ãŒãžã¯ãŠãŒã¶ããŒã¿ã«ãããªãªãŒã¹ã§ãã次ã®ãã§ããã«å«ãŸããŸãã ã¡ãã»ãŒãžãæªæã®ã³ã³ãã³ããå«ãã§ããããã«ãããã¯ãããå ŽåããŸãã¯ã¹ãã ãšç¹å®ããã ããã«ãããã¯ãããå Žåã¯ãã¯ã©ã€ã¢ã³ãã«ã¯é ä¿¡ãããŸããããããã®ã¡ãã»ãŒãžã¯éé¢ãã㟠ããéé¢ãããã¡ãã»ãŒãžã¯ãŠãŒã¶ããŒã¿ã«ã®ãã¡ãŒã«ãããŒãžã£ ãã»ã¯ã·ã§ã³ã«ä¿åãããããã§å é€ãŸãã¯ãªãªãŒã¹ãããŸãã ããªãã§ããã¢ãŒãã䜿çš:ããªãã§ããã¢ãŒããæå¹ã«ããã«ã¯ããã®ãã§ãã¯ããã¯ã¹ãéžæããŠã1 ã€ä»¥äžã® POP3 ãµãŒãããPOP3 ãµãŒã ãããã¯ã¹ã«è¿œå ããŸãã 322 UTM 9 管çã¬ã€ã 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 10.3 POP3 ããªãã§ããéé:POP3 ãããã·ã POP3 ãµãŒãã«æ¥è§ŠããŠã¡ãã»ãŒãžãããªãã§ããããæ éééãéžæããŸãã 泚 â ã¡ãŒã«ã¯ã©ã€ã¢ã³ãã POP3 ãµãŒããžã®æ¥ç¶ãèš±å¯ãããééã¯ããµãŒãããšã«ç° ãªããŸãããããã£ãŠãããªãã§ããééã¯ãPOP3 ãµãŒãã§èš±å¯ãããŠããééããçãèš å®ããªãããã«ããŠãã ããããã®çç±ã¯ãPOP3 ãµãŒããžã®ã¢ã¯ã»ã¹ããããã¯ããã ãšãPOP3 ã¡ãã»ãŒãžã®ããŠã³ããŒãã¯å€±æã«çµããããã§ãã ãŸããè€æ°ã®ã¡ãŒã«ã¯ã©ã€ã¢ã³ããåã POP3 ã¢ã«ãŠã³ããã¯ãšãªããå Žåãããããšã«ã 泚æããŠãã ãããPOP3 ãµãŒãããã¡ãã»ãŒãžããã§ããããããšã次åãµãŒãã«ã¢ã¯ã»ã¹ ã§ããããã«ãªããŸã§ã¿ã€ããŒãåå§åããŸãããã®ããã« POP3 ãããã·ã POP3 ãµãŒ ãã«4åé£ç¶ããŠã¢ã¯ã»ã¹ã§ããªããš (ããã©ã«ãã§ã¯ 15åããšã«ã¢ã¯ã»ã¹ãè©Šè¡ããŸã)ã ã¢ã«ãŠã³ãã®ãã¹ã¯ãŒãããããã·ã®ã¡ãŒã«ããŒã¿ããŒã¹ããåé€ãããã¡ãŒã«ã¯ã©ã€ã¢ã³ ãã POP3 ãµãŒãã«ãã¹ã¯ãŒããå床éã£ãŠãã°ã€ã³ããªãéããã¡ãŒã«ã¯ãã§ãããã㪠ããªããŸãã éé¢ã¡ãŒã«ããµãŒãããåé€:ãã®ãªãã·ã§ã³ãéžæãããšãéé¢ãããã¡ãã»ãŒãžã¯ POP3 ãµãŒãããå³åº§ã«åé€ãããŸããããã¯ããŠãŒã¶ãUTMçµç±ã§ã¯ãªããããšãã°ãPOP3 ãµãŒãã® Web ããŒã¿ã«çµç±ã§ POP3 ãµãŒãã«æ¥ç¶ããå Žåã«ãã¹ãã ããŠã€ã«ã¹ã¡ãã»ãŒ ãžã®åä¿¡ãé²ãã®ã«åœ¹ç«ã¡ãŸãã ã¡ãã»ãŒãžãåãåºããåŸã«ãµãŒãããã¡ãã»ãŒãžãåé€ããããã«ã¡ãŒã«ã¯ã©ã€ã¢ã³ããèšå®ãã ãŠããå Žåããã®æ å ±ã¯ããŒã¿ããŒã¹ã«ãä¿åãããŸãããããã·ã¯ã次åãã® POP3 ã¢ã«ãŠã³ã ã®ã¡ãã»ãŒãžãããªãã§ãããããšãã«ããµãŒããããããã®ã¡ãã»ãŒãžãåé€ããŸããããã¯ãã¯ã© ã€ã¢ã³ããSophos UTMããã¡ãã»ãŒãžããã§ããããããã€ãåé€ã³ãã³ããèšå®ãããŠããªãé ããã¡ãã»ãŒãžã¯ POP3 ãµãŒãããåé€ãããªãããšãæå³ããŸãããããã£ãŠããããã¯ãŸã ãã ãšãã°ã¡ãŒã«ãããã€ããŒã® Web ããŒã¿ã«ã§èªãããšãã§ããŸãã 以äžã®å Žåãéé¢ãããã¡ãã»ãŒãžã¯ POP3 ãµãŒãããåé€ãããŸãã l ã¡ãã»ãŒãžãã¡ãŒã«ãããŒãžã£ã§æåã§åé€ããå Žåã l ãŠãŒã¶ããŠãŒã¶ããŒã¿ã«ã§ã¡ãã»ãŒãžãæåã§åé€ããå Žåã l ã¡ãã»ãŒãžã (éé¢ã¬ããŒããŸãã¯ãŠãŒã¶ããŒã¿ã«ã®ãããããä»ããŠ) ãªãªãŒã¹ãããé ä¿¡ æã«ã¡ãã»ãŒãžãåé€ããããã«ãŠãŒã¶ã®ã¡ãŒã«ã¯ã©ã€ã¢ã³ããèšå®ãããŠããå Žåã l éç¥ã¡ãã»ãŒãžãåé€ãããå Žåã l ä¿åæéãéããå Žå (ã¡ãŒã«ãããŒãžã£ ã®ç« ã®ãèšå®ãã®ã»ã¯ã·ã§ã³ãåç §ããŠãã ãã)ã ãã ããããªãã§ããã¢ãŒãã§ã¯ãéé¢ãããã¹ãã ã¡ãã»ãŒãžã¯ãã¯ã©ã€ã¢ã³ãã³ãã³ãã§ã¯ POP3 ãµãŒãããçŽæ¥åé€ã§ããŸããã UTM 9 管çã¬ã€ã 323 10.3 POP3 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 泚 â ããªãã§ããæ©èœãæ£åžžã«æ©èœããããã«ã¯ãã¡ãŒã«ã¯ã©ã€ã¢ã³ãã¯å°ãªããšã 1å㯠POP3 ãµãŒãã«æ¥ç¶ããå¿ èŠããããŸããããã¯ããã®ãŠãŒã¶ã®ããã« POP3 ã¡ãã»ãŒãžããã§ãããã ã«ã¯ãSophos UTMã¯ãPOP3 ãµãŒãåããŠãŒã¶åãããã³ãŠãŒã¶ã®ãã¹ã¯ãŒããããŒã¿ããŒã¹ã« ä¿åããå¿ èŠãããããã§ãããã ããããã¯ãSophos ãŠãŒã¶ããŒã¿ã«ã§ POP3 ã¢ã«ãŠã³ãã®è³ æ Œæ å ±ãèšå®ããŠããæ©èœ ããŸãããããªãã§ãããããã¡ãã»ãŒãžããã®ãŠãŒã¶ã®ããŒã¿ã«ãšæ¯ æ¥ã®éé¢ã¬ããŒãã«è¡šç€ºããã«ã¯ããŠãŒã¶ããŒã¿ã«ã§ POP3 ã¢ã«ãŠã³ãè³æ Œæ å ±ãå¿ èŠã§ãã fetchmail ãŠãŒã¶ãžã®æ³šèš:ã»ãã¥ãªãã£äžã®çç±ãããã¡ãŒã«ãµãŒãããã®ã¡ãŒã«ã®ããŠã³ããŒã ã« TOP ã¡ãœããã¯ãµããŒããããŠããŸããããããã£ãŠãTOP ã«ãã£ãŠåä¿¡ããã¡ãã»ãŒãžã¯ã¹ã㣠ã³ã§ããŸããããã ããfetchall ãªãã·ã§ã³ (ã³ãã³ãã©ã€ã³ã® -a) ãæå®ãããšã¹ãã£ã³ã§ããŸãã 詳现ã¯ãfetchmail ã®ããã¥ã¢ã«ã®ãRETR ãŸã㯠TOPããåç §ããŠãã ããã åªå æåã³ ãŒã ãã®ã»ã¯ã·ã§ã³ã§ã¯ãã¡ãŒã«ãããã¯ãäœããã®çç±ã§UTMã«ãã£ãŠå€æŽããã (äŸ: BATV) ã¡ãŒã« ãããã§ä»åŸäœ¿çšãã UTF-8 以å€ã®æåã³ãŒããéžæã§ããŸãããã®æ©èœã¯ãUTF-8 ãç解ã㪠ãã¡ãŒã«ã¯ã©ã€ã¢ã³ãããŠãŒã¶ã䜿çšããŠããå Žåã«äŸ¿å©ã§ããäžè¬ã«ãã¡ãŒã«ãããã®ããã©ã«ã ã®æåã»ããã¯ãã¹ãŠã®å°åã§åé¡ãªãæ©èœããŸãããããã£ãŠããã®èšå®ãå€æŽããã®ã¯ããã ã絶察ã«å¿ èŠã§ãããšç¢ºä¿¡ããŠããå Žåã®ã¿ã«ããŠãã ãããäžæãªå Žåã¯ãããã©ã«ãã® UTF-8 ã«ããŠãããŠãã ããã TLS èšå® TLS 蚌ææžããããããŠã³ãªã¹ããã蚌ææžãéžæããŸãããã®èšŒææžã¯ãTLS ã«å¯Ÿå¿ããŠãããäž èšã®ãPOP3 ãµãŒã ãããã¯ã¹ã«è¡šç€ºãããŠããªã POP3 ãµãŒãããäžèŽãã TLS 蚌ææžã®ãªã POP3 ãµãŒãã«ã¢ã¯ã»ã¹ãè©Šã¿ããã¹ãŠã® POP3 ã¯ã©ã€ã¢ã³ãã§ãTLS æå·åã®ããã«äœ¿çšãã㟠ããéžæãã蚌ææžã¯ POP3 ã¯ã©ã€ã¢ã³ãã«æäŸãããŸããéåžžãPOP3 ã¯ã©ã€ã¢ã³ãã¯ãPOP3 ãµãŒãããæäŸããã TLS 蚌ææžããèšå®æžã¿ POP3 ãµãŒãã®ååã«äžèŽããŠããã確èªã㟠ãããã®ãããå€ãã®å Žå POP3 ã¯ã©ã€ã¢ã³ãã¯ã蚌ææžã®ãã¹ãåãèšå®æžã¿ POP3 ãµãŒãåã« äžèŽããªããšããŠãèŠåã衚瀺ããŸãããã ãããŠãŒã¶ã¯ãã®èŠåãç¡èŠããŠæ¥ç¶ããããšãã§ã㟠ãããã®èŠåãåé¿ããã«ã¯ã䜿çšãããã¹ãŠã® POP3 ãµãŒããäžèšã®ãPOP3 ãµãŒã ãããã¯ã¹ ã«è¿œå ããåãµãŒãã«äžèŽãã TLS 蚌ææžãæå®ããŠãã ããã ããã§èšŒææžãäžã€ãèšå®ããªããšãPOP3 ã¯ã©ã€ã¢ã³ãã TLS ãä»ããŠãPOP3 ãµãŒã ãããã¯ã¹ã® ãªã¹ãã«ãªãããŸãã¯ãäžèŽãã TLS 蚌ææžãæããªã POP3 ãµãŒãã«ã¢ã¯ã»ã¹ããããšããå Žåã æ¥ç¶ã¯ç¢ºç«ãããŸããã 324 UTM 9 管çã¬ã€ã 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 10.4 æå·å ãã³ã â蚌ææžã¯ãããµã€ãé VPN > 蚌ææžç®¡ç > 蚌ææž ãã¿ãã§äœæãŸãã¯ã¢ããããŒãã§ã㟠ãã 10.4 æå·å ã¡ãŒã«ãå人çãªç®çãããžãã¹ç®çã§äœ¿çšããäž»ãªé»åéä¿¡æ段ãšãªã£ãŠä»¥æ¥ããã©ã€ã ã·ãŒãèªèšŒã«é¢ããæžå¿µãé«ãŸã£ãŠããŸããã¡ãŒã«ã¯å¹³æ圢åŒã§äŒéãããŸããããããäžè¬ç ã«èšããšããã¬ããšåãããã«ãã¹ãŠã®äººãèªãããšããããšã§ããããã«ã身å ãåœãã®ã容æ㧠ãããããéä¿¡è ãæ¬åœã«æ¬äººã§ãããã©ãããåä¿¡è ãèŠåããããããšã¯éèŠã§ãã éåžžããããã®åé¡ã¯ã¡ãŒã«ã®æå·åãšããžã¿ã«çœ²åã§è§£æ±ºã§ããŸããããã«ãããã¡ãŒã«ã¡ã ã»ãŒãžã¯é»åçã«çœ²åãããæå·ã«ãã£ãŠç¬Šå·åãããŸãããã®çµæãã¡ãŒã«ãéããŠã³ã³ãã³ã ãé²èŠ§ã§ããã®ã¯ã¡ãã»ãŒãžåä¿¡è ã®ã¿ãšãªã (ãã©ã€ãã·ãŒ)ãéä¿¡è ã®èº«å ã確èªãããããã« ãªããŸã (èªèšŒ)ãã€ãŸãããã®ããã»ã¹ã§ã¯ããã¬ãã®é»åçããéä»ãããšããèããåŠå®ããã æžçéµäŸ¿ãé é蚌æéµäŸ¿ã«è¿ãããã»ã¹ãšãªããŸãã æå 端ã®æå·æè¡ã§ã¯ã察称ãšé察称ãšãã 2çš®é¡ã®ã¡ãŒã«æå·åæ¹åŒããããŸããããããæš æºçãªæ¹åŒãšãªã£ãŠãããããŸããŸãªã¢ããªã±ãŒã·ã§ã³ã§å©çšãããŠããŸãã察称éµæå·ãšã¯ãéä¿¡ è ãšåä¿¡è ãåãéµãå ±æããæå·åæ¹åŒã§ãã äžæ¹ãé察称éµæå· (ãããã¯å ¬ééµæå·) ãšã¯ãåãŠãŒã¶ã 2ã€ã®æéµ (ããŒã¿ãæå·åããå ¬ ééµãšåŸ©å·åã®ããã®ç§å¯éµ (ãã©ã€ããŒãéµ)) ãæã€æå·æ¹åŒã§ããå ¬ééµã¯èªç±ã«å ¬éãã ãŸãããç§å¯éµã¯ãŠãŒã¶ãå³éã«ä¿ç®¡ããŸãã 察称æå·æ¹åŒã®æ¬ ç¹ãšããŠãéä¿¡è ãšåä¿¡è ãå®å šã«éä¿¡ããããã«ã¯ãäž¡è ããããããéµ ã決ãããããäºãã ãã®ç§å¯ãšããŠç¶æããå¿ èŠããããŸããäž¡è ãé¢ããå Žæã«ããå Žåã éä¿¡äžã«ç§å¯éµãé瀺ãããªãããã«ããªããã°ãªããŸããããã®ããã察称æå·æ¹åŒã§ã¯ãéµ ã®åãæž¡ãã«é¢ããåé¡ãåžžã«ååšããŸããã€ãŸãããä»è ã«ååãããããšãªãåä¿¡è ã«éµãäŒ ããã«ã¯ã©ãããã°ãããããšããåé¡ã§ããå ¬ééµæå·æ¹åŒã¯ããã®åé¡ã«å¯ŸåŠããããã«é çºãããŸãããå ¬ééµæå·æ¹åŒã§ã¯ããŠãŒã¶ã¯å®å šã§ã¯ãªããã£ãã«äžã§ãå®å šã«éä¿¡ããããš ãã§ãããããããå ±æéµã決ããå¿ èŠã¯ãããŸããã ã¡ãŒã«æå·åã®å¿ èŠæ§ãããå€çš®å€æ§ãªå ¬ééµæå·åæšæºãçãŸããŸãããæãæåãªã®ã¯ S/MIME ãš Open PGP ã§ãããSophos UTMã¯ãã®äž¡æ¹ã«å¯Ÿå¿ããŠããŸããS/MIME (Secure Multipurpose Internet Mail Extensions) ãšã¯é察称æå·æ¹åŒã®æšæºã§ãããã¡ãŒã«çœ²åã MIME ã«ã« ãã»ã«åããŸããéåžžãS/MIME ã¯å ¬ééµåºç€ (PKI) å ã§äœ¿çšãããããžã¿ã«èšŒæã®éå±€æ§é ã« åºã¥ããŠãããä¿¡é Œã§ããã€ã³ã¹ã¿ã³ã¹ãšããŠèªèšŒå± (CA) ãå¿ èŠãšããŸããCA ã¯ãé»åéµã®ãã¢ã 身å æ å ±ãšãã€ã³ãããŠé»å蚌ææžãçºè¡ããŸããé»å蚌ææžã¯ããã¹ããŒããªã©åŸæ¥ãããã UTM 9 管çã¬ã€ã 325 10.4 æå·å 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 身å蚌ææžã®é»åçãšèããããšãã§ããŸããæè¡çã«èšããšãCA ã¯ç¹å®ã® X.500 èå¥å (DN) ãŸãã¯ã¡ãŒã«ã¢ãã¬ã¹ãªã©ã® å¥å ã«å ¬ééµããã€ã³ãããŠèšŒææžãçºè¡ããŸãã ããžã¿ã«èšŒææžã«ãããä»»æã®éµã䜿çšããæš©å©ã䞻匵ãã人ã«ãã®æš©å©ããããã©ãããç¢ºèª ããããšãã§ããŸããããã¯ããã人ã CA ãä¿¡é ŒããŠãããå ¬ééµããã® CA ã«ãã£ãŠçœ²åãã㊠ããããšã確èªã§ããã®ã§ããã°ããã®äººã¯ãã®å ¬ééµãæ¬åœã«ææè ãšäž»åŒµãã人ã®ãã®ã§ã ããšå®å¿ã§ããããšããèãæ¹ã§ãã äžæ¹ãOpenPGP (Pretty Good Privacy) ã¯ãäžè¬ã« WOT (web of trust) ã§æ¡çšãããŠããé察称æ å·æ¹åŒã䜿çšããŸããã€ãŸããå ¬ééµã¯ä»ã®ãŠãŒã¶ã«ãã£ãŠããžã¿ã«çœ²åããã眲åãããŠãŒã¶ ã¯çœ²åãšããè¡çºã«ãã£ãŠãå ¬ééµãšãã®äººã®é¢é£æ§ãä¿èšŒããŸãã 泚 â S/MIME ãš OpenPGP ã¯é¡äŒŒã®ãµãŒãã¹ãæäŸããŸããã圢åŒã¯å€§ããç°ãªããŸãããã®ã ããäžæ¹ã®ãããã³ã«ã®ãŠãŒã¶ã¯ãä»æ¹ã®ãããã³ã«ã®ãŠãŒã¶ãšéä¿¡ã§ããŸãããããã«ãèªèšŒèšŒ ææžãå ±æããããšãã§ããŸããã ã¡ãŒã«æå·åã¯ããŠãŒã¶ã«å¯ŸããŠå®å šã«ééçã§ããã€ãŸããã¯ã©ã€ã¢ã³ãåŽã§è¿œå ã®æå·åãœã ããŠã§ã¢ãçšæããå¿ èŠã¯ãããŸãããäžè¬ã«æå·åã§ã¯ãéä¿¡å ã®èšŒææžãŸãã¯å ¬ééµãæ å ã«ããå¿ èŠããããŸããåä¿¡ã¡ãã»ãŒãžãšéä¿¡ã¡ãã»ãŒãžã«å¯Ÿããã¡ãŒã«æå·åæ©èœã¯æ¬¡ã®ãã ã«æ©èœããŸãã l ããã©ã«ãã§ãå éšãŠãŒã¶ãéä¿¡ããã¡ãã»ãŒãžã¯ã¹ãã£ã³ãããèªåçã«çœ²åãããåä¿¡ è ã®èšŒææž (S/MIME) ãŸãã¯å ¬ééµ (OpenPGP) ã§æå·åãããŸã (åä¿¡è ã® S/MIME 蚌 ææžãŸã㯠OpenPGP å ¬ééµãUTMäžã«ããå Žå)ã l UTMã S/MIME 蚌ææžãŸã㯠OpenPGP å ¬ééµãèªèããŠããå€éšãŠãŒã¶ããéãããŠã ãæå·åæžã¿åä¿¡ã¡ãã»ãŒãžã¯ãèªåçã«åŸ©å·åãããæªè³ªãªã³ã³ãã³ããå«ãŸããªãã ã¹ãã£ã³ãããŸããã¡ãã»ãŒãžã®åŸ©å·åã®ããã«ã¯ãå éšãŠãŒã¶ã® S/MIME éµãŸã㯠OpenPGP ç§å¯éµãUTMã«ååšããŠããå¿ èŠããããŸãã l UTMãèªèã§ããªãå€éšãŠãŒã¶ããéãããŠããããã»ãã¥ãªãã£ã·ã¹ãã ãèªèã§ããªã å éšãŠãŒã¶åãã®æå·åæžã¿åä¿¡ã¡ãã»ãŒãžã¯ãé éããããã®ã®åŸ©å·åã¯ã§ããŸããã åŸã£ãŠããŠã€ã«ã¹ãã¹ãã ã®ã¹ãã£ã³ã¯è¡ãããŸãããå人çšãã¡ã€ã¢ãŠã©ãŒã«ãªã©ã§ã ã®ã¡ãŒã«ã«ãã«ãŠã§ã¢ãå«ãŸããŠããªãããšã確èªããã®ã¯ãåä¿¡è (å éšãŠãŒã¶) ã®è²¬ä»» ãšãªããŸãã l ã¯ã©ã€ã¢ã³ãåŽã§ãã§ã«æå·åãããŠããéä¿¡ã¡ãã»ãŒãžã¯ãåä¿¡è ã® S/MIME 蚌ææžãŸã 㯠OpenPGP å ¬ééµãäžæãªå Žåãåä¿¡è ã«çŽæ¥éä¿¡ãããŸããäžæ¹ãåä¿¡è ã® S/MIME 蚌ææžãŸã㯠OpenPGP å ¬ééµããããå Žåãã¡ãã»ãŒãžã¯ 2åæå·åãããŸãããããã ãæå·åãããã¡ãã»ãŒãžã«æªè³ªãªã³ã³ãã³ããå«ãŸããªããã¹ãã£ã³ããããšã¯ã§ããŸã ãã 326 UTM 9 管çã¬ã€ã 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ l 10.4 æå·å 埩å·åãå¯èœãªã®ã¯åä¿¡ã¡ãŒã«ã®ã¿ã§ããããã§ãåä¿¡ããšèŠãªãããããã«ã¯ãéä¿¡è ã® ã¡ãŒã«ã¢ãã¬ã¹ã®ãã¡ã€ã³åã SMTP ãããã¡ã€ã«ã®äžéšã§ã¯ãªãããšãæ¡ä»¶ã§ããããšã ã°ã[email protected] ããéä¿¡ãããã¡ãã»ãŒãžã埩å·åããããã«ã¯ãexample.com ãšãããã¡ã€ã³ãã«ãŒãã£ã³ã°èšå®ãŸãã¯SMTP ãããã¡ã€ã«ã®ãããã«ãèšå®ãã㊠ããªã ããšãæ±ããããŸãã l 眲å/æå·åçµæã®æŠèŠã¯ãåã¡ãŒã«ã®ä»¶åè¡ã«èšè¿°ãããŸããããšãã°ãããã¡ãŒã«ã æ£ãã眲åãããS/MIME ã§æå·åããããšããS/MIME: 眲åæžã¿ãæå·åæžã¿ (Signed and encrypted)ããšããããã¹ãã件åã®è¡ã«ä»å ãããŸãã 泚 âã¡ãŒã«ã¯ã©ã€ã¢ã³ã (äŸ: Microsoft Outlook ãŸã㯠Mozilla Thunderbird) ã眲åæžã¿ãŸãã¯æå· åæžã¿ã®ã¡ãã»ãŒãžã«ããã¿ãè¿œå ãããšã眲åãç Žå£ãããŠç¡å¹ã«ãªããŸããããžã¿ã«çœ²åã㯠ã©ã€ã¢ã³ãåŽã§äœæããå Žåã¯ãã¢ã³ããŠã€ã«ã¹ãã§ãã¯ããã¿ãªãã·ã§ã³ãç¡å¹ã«ããŠãã ãããã ã ããã¡ãŒã«éä¿¡ã®ãã©ã€ãã·ãŒãèªèšŒãä¿ã¡ãªãããäžè¬çãªãŠã€ã«ã¹å¯Ÿçãã§ãã¯ããã¿ã䜿 çšããå Žåã¯ãSophos UTM ã®çµã¿èŸŒã¿ã¡ãŒã«æå·åæ©èœã®äœ¿çšãèæ ®ããŠãã ãããã²ãŒã ãŠã§ã€äžã§ã®ã¡ãŒã«æå·åã§ã¯ãããžã¿ã«çœ²åãäœæããåã«ããã¿ãã¡ãã»ãŒãžã«ä»å ããã ããã眲åãæãªãããããšã¯ãããŸããã 10.4.1 ã°ããŒãã« ãEã¡ãŒã«ãããã¯ã·ã§ã³ã>ãæå·åã>ãã°ããŒãã«ãã¿ãã§ã¯ãã¡ãŒã«æå·åæ©èœã®åºæ¬èšå®ãå®çŸ© ããããšãã§ããŸãã 泚 â æå·å㯠SMTP ã®ã¿ã§æ©èœããPOP3 ã§ã¯æ©èœããŸããã ã¡ãŒã«æå·åã䜿çšããããã«ã¯ãCA 蚌ææžãš CA éµããæãèªèšŒå± (CA) ãäœæããŠããå¿ èŠ ããããŸããCA 蚌ææžã¯ããŠã³ããŒãããŠããŒã«ã«ã«ä¿åããããšãã§ããŸããããã«ãå³ã§ç€ºãã ãã«ãä»ã®ãŠãããã«å€éš CA (S/MIME èªèšŒå±) ãšããŠã€ã³ã¹ããŒã«ãã2ã€ã®Sophos UTMãŠãããé ã§ééçãªã¡ãŒã«æå·åãå®çŸããããšãã§ããŸãã Figure 19 ã¡ãŒã«æå·å:2ã€ã®Sophos UTMãŠãããã®äœ¿çš UTM 9 管çã¬ã€ã 327 10.4 æå·å 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ ã¡ãŒã«æå·åãèšå®ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ãã°ããŒãã« ãã¿ãã§ãã¡ãŒã«æå·åãæå¹åããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«ãªãããã¡ãŒã«æå·åèªèšŒå± (CA)ããšãªã¢ãç·šéå¯èœã«ãªã ãŸãã 2. èªèšŒå± (CA) ãäœæããŸãã ãã¡ãŒã«æå·åèªèšŒå± (CA)ããšãªã¢ã®ãã©ãŒã ã«èšå ¥ããŸããããã©ã«ãã§ããã®ãã©ãŒã ã« ã¯ããããžã¡ã³ã > ã·ã¹ãã èšå® > çµç¹ ãã¿ãã®å€ãå ¥åãããŠããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããç·è²ã«ãªãã次ã®èšŒææžãšéµãäœæãããŸãã l S/MIME CA 蚌ææž l OpenPGP ãã¹ããã¹ã¿éµ ãããå®äºãããŸã§æ°åãããå¯èœæ§ããããŸããS/MIME CA 蚌ææžãŸã㯠OpenPGP ãã¹ããã¹ã¿éµã®ãã£ã³ã¬ãŒããªã³ãã衚瀺ãããªãå ŽåãWebAdmin ã®å³äžé ã«ããããªã㌠ã ããã¿ã³ãã¯ãªãã¯ããŠãã ããã蚌ææžãšéµã¯ãããŠã³ããŒãããŠããŒã«ã«ã«ä¿åã§ããŸãã ãæå·å ãã¡ãã¥ãŒã®ãã¹ãŠã®èšå®ãå·¥å Žåºè·æã®ããã©ã«ãèšå®ã«ãªã»ããããã«ã¯ããã¡ãŒã«æ å·åã·ã¹ãã ãä»ãããªã»ããããã¿ã³ã䜿çšããŸãã 10.4.2 ãªãã·ã§ã³ ãæå·å > ãªãã·ã§ã³ãã¿ãã§ã¯ãSophos UTMã®å ¬ééµæå·ãã¬ãŒã ã¯ãŒã¯å ã§äœ¿çšãããããã© ã«ãããªã·ãŒãå®çŸ©ã§ããŸãã ããã©ã«ãããªã·ãŒ:ã¡ãŒã«ã®æå·åã«é¢ããããã©ã«ãããªã·ãŒãæå®ããŸãããããã®èšå®ã¯ãã« ã¹ã¿ãã€ãºãããèšå®ã§äžæžãã§ããŸãã 次ã®äœæ¥ãå®è¡ã§ããŸãã l éä¿¡ã¡ãŒã«ã«çœ²å l å€éšå®éä¿¡ã¡ãŒã«ã®æå·å l å éšå®åä¿¡ã¡ãŒã«ã®æ€èšŒ l åä¿¡ã¡ãŒã«ã®è€åå èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã 328 UTM 9 管çã¬ã€ã 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 10.4 æå·å 泚 â æå·åãæ©èœããããã«ã¯ãéä¿¡è ããå éšãŠãŒã¶ ããªã¹ãã«å«ãŸããŠããå¿ èŠããã㟠ããS/MIME 蚌ææžãŸã㯠OpenPGP å ¬ééµãã²ãŒããŠã§ã€ã«ååšããåä¿¡è ã«åããéä¿¡ã¡ãŒ ã«ã¯ãããã©ã«ãã§æå·åãããŸãããããã®åä¿¡è ã«å¯Ÿããæå·åãç¡å¹ã«ããã«ã¯ãåœè©²å ä¿¡è ã® S/MIME 蚌ææžãŸã㯠OpenPGP å ¬ééµãåé€ããŠãã ããã蚌ææžãŸãã¯å ¬ééµ ãUTMã«äžæã®å Žåãã¡ãŒã«ã¯æå·åãããã«éä¿¡ãããŸãã S/MIME 蚌ææžã®èªåæœåº ãã®ãªãã·ã§ã³ãéžæãããšãS/MIME 蚌ææžã¯åä¿¡ã¡ãŒã«ããèªåçã«æœåºãããŸãããã®ãšãã ãã®ã¡ãŒã«ã«æ·»ä»ããã蚌ææžããä¿¡é ŒãããèªèšŒå±ã«çœ²åãããŠããããšãæ¡ä»¶ãšãªããŸããä¿¡ é ŒãããèªèšŒå±ãšã¯ããEã¡ãŒã«ãããã¯ã·ã§ã³ã>ãæå·åã>ãS/MIME èªèšŒå±ãã¿ãã«è¡šç€ºãããã㊠ãããã«ãã CA ã§ããããã«ã蚌ææžã®èªåæœåºãæ©èœããããã«ã¯ãSophos UTMã®æéãšæ¥ä» ãã蚌ææžã®æå¹æéå ã§ããå¿ èŠããããŸãã蚌ææžã®æœåºãæåãããšã蚌ææžã¯ãEã¡ãŒ ã«ãããã¯ã·ã§ã³ > æå·å > S/MIME 蚌ææž ãã¿ãã«è¿œå ãããŸãããããå®äºãããŸã§ 5ïœ10åã ããå¯èœæ§ããããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã Op en PGP éµãµãŒã OpenPGP éµãµãŒãã¯å ¬é PGP éµããã¹ãããŸããããã§ãOpenPGP éµãµãŒããè¿œå ããããšã㧠ããŸãã眲åãããåä¿¡ã¡ãŒã«ãæå·åããéä¿¡ã¡ãŒã«ã§ã該åœããå ¬ééµãUTMã«äžæã®å Ž åãUTMã¯æäžã®ãµãŒãããå ¬ééµãååŸããããšããŸãã 10.4.3 å éšãŠãŒã¶ ã¡ãã»ãŒãžã®çœ²åãšåŸ©å·åãè¡ãããã«ã¯ãS/MIME éµãŸãã¯OpenPGP ç§å¯éµãUTMã«ååšã㊠ããå¿ èŠããããŸãããæå·å > å éšãŠãŒã¶ ãã¿ãã§ã¯ãã¡ãŒã«æå·åãæå¹ã«ãããŠãŒã¶ã«å¯Ÿã ãŠãåå¥ã® S/MIME éµ/蚌ææžãŸã㯠OpenPGP éµã㢠(ãããã¯ãã®äž¡æ¹) ãäœæã§ããŸãã å éšã¡ãŒã«ãŠãŒã¶ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãå éšãŠãŒã¶ ãã¿ãã§ãæ°èŠã¡ãŒã«æå·åãŠãŒã¶ ããã¯ãªãã¯ããŸãã ãæ°èŠãŠãŒã¶ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ã¡ãŒã«ã¢ãã¬ã¹:ãŠãŒã¶ã®ã¡ãŒã«ã¢ãã¬ã¹ãå ¥åããŸãã ãã«ããŒã :ãŠãŒã¶ã®ååãå ¥åããŸãã 眲å:以äžã®çœ²åãªãã·ã§ã³ãå©çšã§ããŸãã UTM 9 管çã¬ã€ã 329 10.4 æå·å 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ l ããã©ã«ãããªã·ãŒã䜿çš:ããªãã·ã§ã³ãã¿ãã®ããªã·ãŒã䜿çšãããŸãã l ãªã³:ã¡ãŒã«ã¯ããŠãŒã¶ã®èšŒææžã䜿çšããŠçœ²åãããŸãã l ãªã:ã¡ãŒã«ã¯çœ²åãããŸããã æå·å:以äžã®æå·åãªãã·ã§ã³ãå©çšã§ããŸãã l ããã©ã«ãããªã·ãŒã䜿çš:ããªãã·ã§ã³ãã¿ãã®ããªã·ãŒã䜿çšãããŸãã l ãªã³:ã¡ãŒã«ã¯ãåä¿¡è ã®å ¬ééµã䜿çšããŠæå·åãããŸãã l ãªã:ã¡ãŒã«ã¯æå·åãããŸããã 確èªäž:以äžã®æ€èšŒãªãã·ã§ã³ãå©çšã§ããŸãã l ããã©ã«ãããªã·ãŒã䜿çš:ããªãã·ã§ã³ãã¿ãã®ããªã·ãŒã䜿çšãããŸãã l ãªã³:ã¡ãŒã«ã¯ãéä¿¡è ã®å ¬ééµã䜿çšããŠæ€èšŒãããŸãã l ãªã:ã¡ãŒã«ã¯æ€èšŒãããŸããã 埩å·å:以äžã®åŸ©å·åãªãã·ã§ã³ãå©çšã§ããŸãã l ããã©ã«ãããªã·ãŒã䜿çš:ããªãã·ã§ã³ãã¿ãã®ããªã·ãŒã䜿çšãããŸãã l ãªã³:ã¡ãŒã«ã¯ããŠãŒã¶ã®èšŒææžã䜿çšããŠåŸ©å·åãããŸãã l ãªã:ã¡ãŒã«ã¯åŸ©å·åãããŸããã S/MIME:S/MIME 蚌ææžãšéµãã·ã¹ãã ã«èªåçæããããã蚌ææžã PKCS#12 圢åŒã§ ã¢ããããŒãããããéžæããŸãã蚌ææžãã¢ããããŒãããå ŽåãPKCS#12 ãã¡ã€ã«ã®ä¿è· ã«äœ¿çšããããã¹ãã¬ãŒãºãç¥ã£ãŠããå¿ èŠããããŸããPKCS#12 ãã¡ã€ã«ã«ã¯ãS/MIME éµãšèšŒææžã®äž¡æ¹ãå«ãŸããŠããªããã°ãªããŸããããã® PKCS#12 ãã¡ã€ã«ã«å«ãŸã㊠ãããã¹ãŠã® CA 蚌ææžã¯ç¡èŠãããŸãã OpenPGP:ç§å¯éµãšå ¬ééµããæã OpenPGP éµãã¢ãã·ã¹ãã ã«èªåçæãããããéµã ã¢ã ASCII 圢åŒã§ã¢ããããŒãããããéžæããŸããç§å¯éµãšå ¬ééµã®äž¡æ¹ã 1ã€ã®ãã¡ã€ ã«ã«æ ŒçŽãããŠããããã¡ã€ã«ã«ãã¹ãã¬ãŒãºãå«ãŸããŠããªãããšãå¿ èŠã§ãã 泚 â ãããŠãŒã¶ã«å¯Ÿã㊠S/MIME ãš OpenPGP ã®äž¡æ¹ãèšå®ãããŠããå Žåããã®ãŠãŒã¶ ããéä¿¡ãããã¡ãŒã«ã®çœ²åãšæå·å㯠S/MIME ã䜿çšããŠè¡ãããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ãããŠãŒã¶ããå éšãŠãŒã¶ ããªã¹ãã«è¡šç€ºãããŸãã 330 UTM 9 管çã¬ã€ã 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 10.4 æå·å ãã°ã«ã¹ã€ããã䜿çšããŠãããããã®éµ (ãŸãã¯äž¡æ¹) ã®äœ¿çšããªãã«ããŸããéµãåé€ããå¿ èŠ ã¯ãããŸããã 泚 â ã»ãã¥ãªãã£äžã®çç±ãããããŠã³ããŒãçšã«æäŸãããããããã®ãã¡ã€ã«ã«ã¯ S/MIME 蚌ææžãš OpenPGP å ¬ééµã®ããããã®ã¿ãå«ãŸããŠããŸããS/MIME éµãš OpenPGP ç§å¯éµ ã¯ã·ã¹ãã ããããŠã³ããŒãã§ããŸããã 10.4.4 S/MIME èªèšŒå± ãæå·å > S/MIME èªèšŒå± ãã¿ãã§ã¯ãã¡ãŒã«æå·åçšã®èªèšŒå± (CA) ã管çã§ããŸããäºåã«ã€ã³ ã¹ããŒã«æžã¿ã® CA 以å€ã«ããå€éšèšŒææ©é¢ã®èšŒææžãã¢ããããŒãããããšãã§ããŸãããã®ãªã¹ ãå ã® CA ã®ããããã«çœ²åãããæå¹åããã蚌ææžãå«ããã¹ãŠã®åä¿¡ã¡ãŒã«ã¯ãèªåçã« ä¿¡é ŒãããŸãã 泚 â ãEã¡ãŒã«ãããã¯ã·ã§ã³ã>ãæå·åã>ããªãã·ã§ã³ãã¿ãã§ãèªå S/MIME 蚌ææžæœåºã®æå¹ å ããªãã·ã§ã³ãéžæããå Žåã¯ãããã«ãªã¹ãããã CA ã«ãã£ãŠçœ²åãããæå¹åããã蚌ææž ã¯ãèªåçã«æœåºããããEã¡ãŒã«ãããã¯ã·ã§ã³ã>ãæå·åã>ãS/MIME 蚌ææžãã¿ãã«é 眮ãã㟠ãã ã ãŒã«ã« S/MIME èªèšŒå± ä¿¡é Œããå€éšèªèšŒå±ã®èšŒææž (ã€ãŸãå ¬ééµ) ãã€ã³ããŒãããŸããããã«ããããã® CA ã蚌ææž ã«çœ²åãããã¹ãŠã®åä¿¡ã¡ãŒã«ã«ã€ããŠãä¿¡é Œããããšã«ãªããŸããããšãã°ãä»ã®Sophos UTM㊠ãããã® CA ãã€ã³ã¹ããŒã«ãããšã2ã€ã®Sophos UTMãŠãããéã§ã¡ãŒã«ãééçã«æå·åããããš ãã§ããŸãã å€éš S/MIME èªèšŒå±ã®èšŒææžãã€ã³ããŒãããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãããŒã«ã« CA ãã¢ããããŒã ããã£ãŒã«ãã®æšªã®ãã©ã«ãã¢ã€ã³ã³ãã¯ãªãã¯ããŸãã ããã¡ã€ã«ã®ã¢ããããŒã ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. ã¢ããããŒããã蚌ææžãéžæããŸãã ãåç § ããã¯ãªãã¯ããŠãã¢ããããŒããã CA 蚌ææžãéžæããŸãã次ã®èšŒææžã®æ¡åŒµåã ãµããŒããããŠããŸãã l cerãcrtããŸã㯠der:ãããã®èšŒææžã¿ã€ãã¯ãã€ããªã§ãåºæ¬çã«ã¯åãã§ãã l pem:Base64 ã§æå·åããã DER 蚌ææžã 3. 蚌ææžãã¢ããããŒãããŸãã ãã¢ããããŒãéå§ ããã¯ãªãã¯ããŠãéžæãã CA 蚌ææžãã¢ããããŒãããŸãã UTM 9 管çã¬ã€ã 331 10.4 æå·å 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 蚌ææžã¯ã€ã³ã¹ããŒã«ããããããŒã«ã« S/MIME èªèšŒå± ããšãªã¢ã«è¡šç€ºãããŸãã CA ãä¿¡é Œã§ããªãå Žåã¯ãS/MIME èªèšŒå±ã®èšŒææžãåé€ãŸãã¯ç¡å¹åã§ããŸããS/MIME èª èšŒå±ã®èšŒææžãç¡å¹ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãããã°ã«ã¹ã€ãããç°è²ã«ãª ããSMTP ãããã·ã¯ãã® S/MIME èªèšŒå±ã«çœ²åãããã¡ãŒã«ãåãå ¥ããªããªããŸãã蚌ææžã åé€ããã«ã¯ã空ã«ããã¢ã€ã³ã³ãã¯ãªãã¯ããŸãã ãã³ã â CA ã®ãã£ã³ã¬ãŒããªã³ãã衚瀺ããã«ã¯ãéè²ã®æ å ±ã¢ã€ã³ã³ãã¯ãªãã¯ããŠãã ããã ã° ã ãŒãã« S/MIME èªèšŒå± ããã«è¡šç€ºããã S/MIME CA ã®ãªã¹ãã¯ãMozilla Firefox ã«ãããããã€ã³ã¹ããŒã«ããã S/MIME CAãšåãã§ããããã«ããããããã® CA ã«åºã¥ã㊠PKI ã管çããŠããã³ãã¥ãã±ãŒã·ã§ã³ããŒã ããŒãšã客æ§ã®éã§ãã¡ãŒã«ã®æå·åãä¿é²ãããŸããCA ãä¿¡é Œã§ããªãå Žåã¯ãS/MIME èªèšŒ å±ã®èšŒææžãç¡å¹åã§ããŸããS/MIME èªèšŒå±ã®èšŒææžãç¡å¹ã«ããã«ã¯ããã°ã«ã¹ã€ããã㯠ãªãã¯ããŸãããã°ã«ã¹ã€ãããç°è²ã«ãªããSMTP ãããã·ã¯ãã® S/MIME èªèšŒå±ã«çœ²åããã ã¡ãŒã«ãåãå ¥ããªããªããŸãã 次ã®ãªã³ã¯ã¯ãæåãªã«ãŒã蚌ææžã® URL ã§ãã l Trustcenter l S-TRUST l Thawte l VeriSign l GeoTrust 10.4.5 S/MIME 蚌ææž ãæå·å > S/MIME 蚌ææž ãã¿ãã§ã¯ãå€éš S/MIME 蚌ææžãã€ã³ããŒãããããšãã§ããŸãã蚌æ æžãããã«ãªã¹ããããŠããåä¿¡è ãžã®ã¡ãŒã«ã¯èªåçã«æå·åãããŸããç¹å®ã®åä¿¡è ã«å¯Ÿã ãæå·åãç¡å¹ã«ããã«ã¯ããªã¹ããã蚌ææžãåé€ããŠãã ããã 泚 â åä¿¡è ã«å¯ŸããS/MIME 蚌ææžã«å ã㊠OpenPGP å ¬ééµãã€ã³ããŒããããå Žåãã¡ãŒã« 㯠OpenPGP ã§æå·åãããŸãã 泚 â S/MIME 蚌ææžãæåã§ã¢ããããŒããããšã蚌ææžã«èšèŒããã人ãèå¥ã§ãã CA 蚌æ æžããªããŠãã蚌ææžã«é¢é£ä»ããããã¡ãŒã«ã¢ãã¬ã¹ããã®ã¡ãã»ãŒãžãåžžã«ä¿¡é Œããããã 332 UTM 9 管çã¬ã€ã 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 10.4 æå·å ã«ãªããŸããã€ãŸããS/MIME 蚌ææžãæåã¢ããããŒããããšããããšã¯ãéä¿¡å ã«ãä¿¡é Œã§ããã ãšããã©ãã«ã貌ãä»ãããšããããšã«ãªããŸãã å€éš S/MIME 蚌ææžãã€ã³ããŒãããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãS/MIME 蚌ææž ãã¿ãã§ãæ°èŠå€éš S/MIME 蚌ææž ããã¯ãªãã¯ããŸãã ãS/MIME 蚌ææžã®è¿œå ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ãã©ãŒããã:蚌ææžã®åœ¢åŒãéžæããŸãã次ã®åœ¢åŒãéžæã§ããŸãã l der (ãã€ããª) l pem (ASCII) 泚 â Microsoft Windows ãªãã¬ãŒãã£ã³ã°ã·ã¹ãã ã§ã¯ãder 圢åŒãš pem 圢åŒã®äž¡æ¹ã«å¯Ÿ ããŠãã¡ã€ã«æ¡åŒµå cer ã䜿çšããŸãããã®ãããã¢ããããŒããã蚌ææžããã€ããªåœ¢åŒ ã«ããã ASCII 圢åŒã«ãããããããããã決å®ããŠããå¿ èŠããããŸãã次ã«ãããã« åŸã£ãŠããããããŠã³ãªã¹ãã§åœ¢åŒãéžæããŸãã 蚌ææž:ãã©ã«ãã¢ã€ã³ã³ãã¯ãªãã¯ããŠãããã¡ã€ã«ã®ã¢ããããŒã ããã€ã¢ãã°ãŠã£ã³ããŠãé ããŸãããã¡ã€ã«ãéžæãããã¢ããããŒãéå§ ããã¯ãªãã¯ããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ãã S/MIME 蚌ææžããS/MIME 蚌ææž ããªã¹ãã«è¡šç€ºãããŸãã 10.4.6 OpenPGP å ¬ééµ ãæå·å > OpenPGP å ¬ééµ ãã¿ãã§ã¯ãOpenPGP å ¬ééµãã€ã³ã¹ããŒã«ããããšãã§ããŸãã.asc 圢åŒã®ãã¡ã€ã«ãæäŸããå¿ èŠããããŸããéµæå šäœã®ã¢ããããŒãããµããŒããããŠããŸãã 泚 â ãã¹ãã¬ãŒãºã§ä¿è·ãããŠããéµæãã¡ã€ã«ã¯ã¢ããããŒãããªãã§ãã ããã ãã®éµæãã¡ã€ã«ã«å«ãŸãããã¹ãŠã®å ¬ééµãã€ã³ããŒããããã¡ãã»ãŒãžã®æå·åã«äœ¿çšã§ãã ããã«ãªããŸããå ¬ééµãããã«ãªã¹ããããŠããåä¿¡è ãžã®ã¡ãŒã«ã¯èªåçã«æå·åãããŸãã ç¹å®ã®åä¿¡è ã«å¯Ÿããæå·åãç¡å¹ã«ããã«ã¯ããªã¹ãããå ¬ééµãåé€ããŠãã ããã UTM 9 管çã¬ã€ã 333 10.5 éé¢ã¬ããŒã 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 泚 â éµããšã« 1ã€ã®ã¡ãŒã«ã¢ãã¬ã¹ã ãããµããŒããããŸãã1ã€ã®éµã«è€æ°ã®ã¢ãã¬ã¹ãé¢é£ä» ããããŠããå Žåããæåã®ãã¢ãã¬ã¹ã®ã¿ã䜿çšãããŸã (ãã®é åºã¯ãOpenPGP ã®ã¢ãã¬ã¹ ã®ãœãŒãæ¹æ³ã«å¿ããŠããŸã)ã€ã³ããŒããããéµã«è€æ°ã®ã¢ãã¬ã¹ãé¢é£ä»ããããŠããå Žåã ãã®éµãSophos UTMã«ã€ã³ããŒãããåã«ãOpenPGP ãŸãã¯ãã®ä»ã®ããŒã«ã§äžèŠãªã¢ãã¬ã¹ ãåé€ããå¿ èŠããããŸãã OpenPGP å ¬ééµãã€ã³ããŒãããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãOpenPGP å ¬ééµ ãã¿ãã§ããOpenPGPéµæãã¡ã€ã«ã®ã€ã³ããŒãããã¯ãªãã¯ããŸãã ãOpenPGP éµæãã¡ã€ã«ãã€ã³ããŒãããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. OpenPGP éµãã¢ããããŒãããŸãã ãã©ã«ãã¢ã€ã³ã³ãã¯ãªãã¯ããŠãããã¡ã€ã«ã®ã¢ããããŒã ããã€ã¢ãã°ãŠã£ã³ããŠãéããŸãã ãã¡ã€ã«ãéžæãããã¢ããããŒãéå§ ããã¯ãªãã¯ããŸãã éµãŸãã¯éµã®ãªã¹ã (ãã¡ã€ã«ã«è€æ°ã®éµãå«ãŸããŠããå Žå) ã衚瀺ãããŸãã 3. éµã 1ã€ä»¥äžéžæãããéžæããéµãã€ã³ããŒãããã¯ãªãã¯ããŸãã éµããOpenPGP å ¬ééµ ããªã¹ãã«è¡šç€ºãããŸãã 泚 â éµã«ã¯ã¡ãŒã«ã¢ãã¬ã¹ã 1ã€é¢é£ä»ããããŠããªããã°ãªãããé¢é£ä»ããããŠããªãå Ž åãã€ã³ã¹ããŒã«ã¯å€±æããŸãã 10.5 éé¢ã¬ããŒã Sophos UTM Sophos UTM ã¯ãããŸããŸãªçç±ãããããã¯ãããŠéé¢å Žæã«ãªãã€ã¬ã¯ããããã ã¹ãŠã®ã¡ãã»ãŒãž (SMTP ããã³ POP3) ãå«ãã¡ãŒã«ã®éé¢å ŽæãçšæããŠããŸããããã«ã¯ãé ä¿¡åŸ ã¡ã®ã¡ãã»ãŒãžãæªæãããœãããŠã§ã¢ã«ææããã¡ãã»ãŒãžãçãããæ·»ä»ãã¡ã€ã«ãå«ãã¡ã ã»ãŒãžãã¹ãã ãšç¹å®ããããã®ããŸãã¯åã«äžèŠãªè¡šçŸãå«ãã¡ãã»ãŒãžãå«ãŸããŸãã ã¡ãã»ãŒãžãééã£ãŠéé¢ãããŠä¿çããããªã¹ã¯ (ãããã誀æ€åº ) ãæå°éã«æãããã ã«ãSophos UTMã¯ãéé¢ãããã¡ãã»ãŒãžã«ã€ããŠå ±åããéé¢ã¬ããŒãããŠãŒã¶ã«æ¯æ¥éä¿¡ã㟠ãããŠãŒã¶ã«è€æ°ã®ã¡ãŒã«ã¢ãã¬ã¹ãèšå®ãããŠããå Žåã¯ãããããã®ã¡ãŒã«ã¢ãã¬ã¹ã«åã ã®éé¢ã¬ããŒããéä¿¡ãããŸãããŠãŒã¶ããŒã¿ã«ã§è¿œå ã® POP3 ã¢ã«ãŠã³ããèšå®ãããŠã ããSophos UTM ã® POP3 ãããã·ã ããªãã§ããã¢ãŒã (POP3 ãµãŒãããã¡ãã»ãŒãžãããªãã§ãã ããããŒã«ã«ããŒã¿ããŒã¹ã«ä¿åããããšãå¯èœ) ã§ããå Žåã«ããããã¯é©çšãããŸããéé¢ã¬ ããŒãã§ã¯ããŠãŒã¶ã¯ã¹ãã ãšã³ããªãã¯ãªãã¯ããŠã¡ãã»ãŒãžãéé¢å ŽæãããªãªãŒã¹ããããä»åŸ ã®ããã«éä¿¡è ããã¯ã€ããªã¹ãã«è¿œå ã§ããŸãã 334 UTM 9 管çã¬ã€ã 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 10.5 éé¢ã¬ããŒã éé¢ã¬ããŒãã®è©³çŽ°ã«ã€ããŠã以äžã«å°ã説æããŸãã l éé¢ã¬ããŒãã¯ãã¡ãŒã«ã¢ãã¬ã¹ã SMTP ãããã¡ã€ã«ã«å«ãŸããŠãããã¡ã€ã³ã®äžéšã§ãã ãŠãŒã¶ã«å¯ŸããŠã®ã¿éä¿¡ãããŸããéé¢ã¬ããŒãã«ã¯ããSMTP > ã«ãŒãã£ã³ã°( Routing) ãã¿ã ã®ããã¡ã€ã³ãããã¯ã¹ã§æå®ãããã®ããSMTPãããã¡ã€ã«ã®ããã¡ã€ã³ãããã¯ã¹ã§æå®ãã ãã®ãå«ãŸããŸãã l POP3 ããªãã§ãããªãã·ã§ã³ãç¡å¹ã®å Žåããã®ã¢ã«ãŠã³ãã«éä¿¡ãããéé¢ãããã¡ã ã»ãŒãžã¯éé¢ã¬ããŒãã«ã¯è¡šç€ºãããŸããã代ããã«ãåãŠãŒã¶ã®åä¿¡ãã¬ã€ã«ãäžè¬ç㪠Sophos POP3 ã®ãããã¯ã¡ãã»ãŒãžã衚瀺ãããŸãããããã£ãŠãéé¢ã¬ããŒããŸãã¯ãŠãŒã¶ ããŒã¿ã«ã䜿çšããŠã¡ãã»ãŒãžããªãªãŒã¹ããããšã¯ã§ããŸããããã®ãããªã¡ãŒã«ã¯ã管çè ã zip 圢åŒã§ã¡ãŒã«ãããŒãžã£ããããŠã³ããŒãããããšã§ã®ã¿é ä¿¡ã§ããŸãã l ã詳现 ãã¿ãã§ã管çè ã¯ããŠãŒã¶ããªãªãŒã¹ã§ããéé¢ã¡ãŒã«ã®ã¿ã€ããå®çŸ©ããŸããããã© ã«ãã§ã¯ãéé¢å ŽæãããªãªãŒã¹ã§ããã®ã¯ãã¹ãã ã¡ãŒã«ã ãã§ããä»ã®çç±ã§éé¢ãã ãã¡ãã»ãŒãž (ãŠã€ã«ã¹ãçãããæ·»ä»ãã¡ã€ã«ãå«ãã¡ãã»ãŒãžãªã©) ã¯ãSophos UTMã® ã¡ãŒã«ãããŒãžã£ã§ç®¡çè ã«ãã£ãŠã®ã¿éé¢å ŽæãããªãªãŒã¹ã§ããŸããããã«ããŠãŒã¶ ã¯ãçŸåšéé¢ãããŠãããã¹ãŠã®ã¡ãã»ãŒãžãSophosãŠãŒã¶ããŒã¿ã«ã§ç¢ºèªããããšãã§ã ãŸãã l ã¹ãã ã¡ãŒã«ã«è€æ°ã®åä¿¡è ãããå Žåã¯ãã¡ãŒãªã³ã°ãªã¹ãã®å Žåãšåæ§ã«ãåä¿¡è 㮠誰ãããã®ã¡ãŒã«ããªãªãŒã¹ãããšãã¡ãŒãªã³ã°ãªã¹ãã®ã¡ãŒã«ã¢ãã¬ã¹ãã·ã¹ãã ã§èšå®ã ããŠããå Žåã¯ããã®ã¡ãŒã«ã¯ãã®åä¿¡è ã®ã¿ã«ãªãªãŒã¹ãããŸããããã§ãªãå Žåã¯ãã ã®ã¡ãŒã«ã¯ãã¹ãŠã®åä¿¡è ã«åæã«é ä¿¡ãããŸãã詳现ã¯ããEã¡ãŒã«ãããã¯ã·ã§ã³ > é é¢ã¬ããŒã > é€å€ ãã¿ãã®ãå éšã¡ãŒãªã³ã°ãªã¹ãã®å®çŸ© ããªãã·ã§ã³ãåç §ããŠãã ããã l 管çè ã¯ãSophos UTMã§ãŠãŒã¶ãèšå®ãããŠããªã SMTP ã¡ãŒã«ã¢ãã¬ã¹ã«éä¿¡ããã ã¡ãŒã«ããéé¢ã¬ããŒããŸãã¯ã¡ãŒã«ãããŒãžã£ãããªãªãŒã¹ã§ããŸã (ãã¯ã€ããªã¹ããžã®è¿œ å ã¯ããªã)ããã ãããã®ãŠãŒã¶ãèšå®ãããŠããªãããããŠãŒã¶ããŒã¿ã«ãžã®ã¢ã¯ã»ã¹ã¯ ã§ããŸããã l ã¡ãŒãªã³ã°ãªã¹ãã«éä¿¡ãããã¹ãã ã¡ãŒã«ã¯ãã¯ã€ããªã¹ãã«è¿œå ã§ããŸããã l ã¡ãŒã«ã¯ã©ã€ã¢ã³ãã§ã¡ãŒã«ã®ããããæ£ãããšã³ã³ãŒãããªããšãã€ãªãŒã®éé¢ã¬ããŒãã® ã¡ãŒã«ãæ£ãã衚瀺ãããªãå ŽåããããŸãã 10.5.1 ã°ããŒãã« ãéé¢ã¬ããŒã > ã°ããŒãã« ãã¿ãã§ããã€ãªãŒã®éé¢ã¬ããŒãã®éä¿¡æå»ãå®çŸ©ããŠãéé¢ã¬ããŒã ã«è¡šç€ºãããã¡ãã»ãŒãžããã¹ããèšè¿°ã§ããŸãã éé¢ã¬ããŒãã®èšå®ãç·šéããã«ã¯ãéé¢ã¬ããŒããæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ã㟠ãã ãã°ã«ã¹ã€ãããç·è²ã«å€ãããŸãã UTM 9 管çã¬ã€ã 335 10.5 éé¢ã¬ããŒã 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ ã¬ããŒã éä¿¡æå» ããã§ãã€ãªãŒã®éé¢ã¬ããŒãã®éä¿¡æå»ãå®çŸ©ã§ããŸããããããããŠã³ãªã¹ãã§æå»ãéžæãã ãé©çš ããã¯ãªãã¯ããŸãã è¿œå ã®ã¬ããŒããéä¿¡ããããšãã§ããŸãããããè¡ãã«ã¯ããè¿œå ã®ã¬ããŒããéä¿¡ ããã§ãã¯ãã㯠ã¹ã«ãã§ãã¯ãå ¥ããæå»ãèšå®ããŠããé©çš ããã¯ãªãã¯ããŸãã ã«ã¹ã¿ãã€ãºå¯èœãªã¡ ãã»ãŒãžããã¹ã ããã§ãéé¢ã¬ããŒãã®åºæãšãªãããã¹ããã«ã¹ã¿ãã€ãºã§ããŸããå¿ èŠã«å¿ããŠã¡ãã»ãŒãžããã¹ ããå€æŽããŠããé©çš ããã¯ãªãã¯ããŸãã 泚 â ã«ã¹ã¿ãã€ãºå¯èœãªã¡ãã»ãŒãžããã¹ãããã¯ã¹ã§ã¯ HTML ã¿ã°ã¯äœ¿çšã§ããŸããã 泚 â ããŒã ãŠãŒã¶ã©ã€ã»ã³ã¹ã䜿çšããŠããå Žåã¯ãã«ã¹ã¿ãã€ãºã§ããŸããã 10.5.2 é€å€ ãéé¢ã¬ããŒã > é€å€ ãã¿ãã§ããã€ãªãŒã®éé¢ã¬ããŒãã®åä¿¡ããé€å€ããã¡ãŒã«ã¢ãã¬ã¹ã®ã¹ãã ããªã¹ããå®çŸ©ã§ããŸãã éé¢ã¬ããŒã ã®ã¹ããã ããã§éé¢éç¥ãéä¿¡ããªãå éšã¡ãŒã«ã¢ãã¬ã¹ãèšå®ã§ããŸããããã«ã¡ãŒã«ã¢ãã¬ã¹ããªã¹ãã ããŠãããŠãŒã¶ã¯ããã€ãªãŒã®éé¢ã¬ããŒããåä¿¡ããŸãããå®å šãªã¡ãŒã«ã¢ãã¬ã¹ãå ¥åãããã ãŸã㯠*@example.com ã®ããã«ã¢ã¹ã¿ãªã¹ã¯ (*) ãã¯ã€ã«ãã«ãŒãã©ããŠäœ¿çšã§ããŸãã 泚 â ã¹ããããªã¹ã㯠SMTP éé¢ã¬ããŒãã«ã®ã¿é©çšãããŸããããããã®ãŠãŒã¶ã«æå®ããã POP3 ã¢ã«ãŠã³ããããå Žåã¯ãPOP3 éé¢ã¬ããŒãã¯ããã«ããããããéä¿¡ãããŸãã å éšã¡ ãŒãªã³ ã° ãªã¹ã ã®å®çŸ© ã¡ãŒãªã³ã°ãªã¹ãã®ã¡ãŒã«ã¢ãã¬ã¹ããã¡ãŒãªã³ã°ãªã¹ãã¢ãã¬ã¹ãã¿ãŒã³ãããã¯ã¹ã§èšå®ãããŠãã å Žåã« (äŸ: [email protected])ããã®ã¡ãŒãªã³ã°ãªã¹ãã«éä¿¡ãããã¹ãã ã¡ãã»ãŒãžã æ€ç¥ãããŠã¡ãŒã«ã®éé¢å Žæã«ãªãã€ã¬ã¯ãããããšãã¯ããã®ã¡ãŒãªã³ã°ãªã¹ãã«å«ãŸãããã¹ãŠ ã®åä¿¡è ã®éé¢ã¬ããŒãããã®ã¹ãã ã¡ãã»ãŒãžãžã®ãªã³ã¯ãå«ã¿ãŸãããããã£ãŠãååä¿¡è ã¯ãåä¿¡è ãéé¢ã¬ããŒãã®ããªãªãŒã¹ ããªã³ã¯ãã¯ãªãã¯ãããšè¡šç€ºããããŠãŒã¶ããã³ããã«èªèº« ã®ã¡ãŒã«ã¢ãã¬ã¹ãå ¥åããããšã§ããã®ã¹ãã ã¡ãã»ãŒãžãåã ã«ãªãªãŒã¹ã§ããŸãã 泚 â ã¡ãŒãªã³ã°ãªã¹ãã¯éé¢ã¬ããŒããŸãã¯ãŠãŒã¶ããŒã¿ã«ã§ãã¯ã€ããªã¹ãåã§ããŸããã 336 UTM 9 管çã¬ã€ã 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 10.5 éé¢ã¬ããŒã 代ããã«ãç¹å®ã¡ãŒãªã³ã°ãªã¹ãã®ã¡ãŒã«ã¢ãã¬ã¹ããè¿œå ã¡ãŒã«ã¢ãã¬ã¹ãšããŠããŒã«ã«ãŠãŒã¶ã®ã ããã¡ã€ã«ã«å ¥åããããšã§ããã®ãŠãŒã¶ãäžçš®ã®ã¡ãŒã«ãããŒãžã£ã«èšå®ã§ããŸãããããšããã® ãŠãŒã¶ã®éé¢ã¬ããŒãã®ã¿ãã¡ãŒãªã³ã°ãªã¹ãã«éä¿¡ãããã¹ãã ã¡ãã»ãŒãžãžã®ãªã³ã¯ãå«ããã ã«ãªããŸããããªãªãŒã¹ ããªã³ã¯ãã¯ãªãã¯ãããšããã®ã¡ãŒãªã³ã°ãªã¹ãã®ãã¹ãŠã®åä¿¡è ã«äžåºŠã«ã¹ ãã ã¡ãã»ãŒãžãéä¿¡ãããŸãã 泚 - ã¡ãŒãªã³ã°ãªã¹ãã®ã¡ãŒã«ã¢ãã¬ã¹ããŠãŒã¶ã®ãããã¡ã€ã«ã®è¿œå ã¡ãŒã«ã¢ãã¬ã¹ãšããŠèšå®ã ããŠããå Žåã¯ããã®ã¡ãŒãªã³ã°ãªã¹ãã«éä¿¡ãããã¹ãã ã¡ãã»ãŒãžãžã®ãªã³ã¯ã¯ããã®ã¡ãŒãª ã³ã°ãªã¹ãã®åä¿¡è ã«ã¯è¡šç€ºãããŸããã ãã ããã¡ãŒãªã³ã°ãªã¹ãã®ã¡ãŒã«ã¢ãã¬ã¹ããŠãŒã¶ã®ãããã¡ã€ã«ããã³ãã¡ãŒãªã³ã°ãªã¹ãã¢ãã¬ã¹ ãã¿ãŒã³ãããã¯ã¹ã®äž¡æ¹ã§è¿œå ã¡ãŒã«ã¢ãã¬ã¹ãšããŠèšå®ãããŠããå Žåã¯ããã®ãŠãŒã¶ã®éé¢ ã¬ããŒãã®ããªãªãŒã¹ ããªã³ã¯ãããŠãŒã¶ããã³ãããéããŸããããã§ã¹ãã ã¡ãã»ãŒãžã®è»¢éå ã® ããããã®ã¡ãŒã«ã¢ãã¬ã¹ãæåã§å ¥åããŠãã¹ãã ã¡ãŒã«ã®åä¿¡è ã決å®ã§ããŸãã æåŸã«ãã¡ãŒãªã³ã°ãªã¹ãã®ã¡ãŒã«ã¢ãã¬ã¹ããŠãŒã¶ãããã¡ã€ã«ãšã¡ãŒãªã³ã°ãªã¹ãã¢ãã¬ã¹ãã¿ãŒã³ ã®ã©ã¡ãã§ãè¿œå ã¡ãŒã«ã¢ãã¬ã¹ãšããŠèšå®ãããŠããªãå Žåã¯ãã¡ãŒãªã³ã°ãªã¹ãã«éä¿¡ãããã¹ ãã ã¡ãã»ãŒãžã¯éåžžã®ã¡ãŒã«ã®ããã«æ±ãããŸããã€ãŸããåä¿¡è ã®èª°ããã¹ãã ã¡ãŒã«ã㪠ãªãŒã¹ãããšãããã¯ã¡ãŒãªã³ã°ãªã¹ãã®ãã¹ãŠã®åä¿¡è ã«éä¿¡ãããŸãã èŠçŽãããšãã¡ãŒãªã³ã°ãªã¹ãã®ã¡ãŒã«ã¢ãã¬ã¹ãã¡ãŒãªã³ã°ãªã¹ãã¢ãã¬ã¹ãã¿ãŒã³ãšããŠèšå®ãã ãšãéé¢ã¬ããŒãã«ã¹ãã ã¡ãã»ãŒãžãžã®ãªã³ã¯ãæã€åãŠãŒã¶ã¯ãã¹ãã ã¡ãã»ãŒãžã®ãªãªãŒã¹å ã®ã¡ãŒã«ã¢ãã¬ã¹ãå ¥åããããã«èŠæ±ãããããšã«ãªããŸãã 10.5.3 詳现 ãéé¢ã¬ããŒã > 詳现 ãã¿ãã§ããã€ãªãŒã®éé¢ã¬ããŒãã«å«ãŸããããªãªãŒã¹ ããªã³ã¯ã«ä»£æ¿ãã¹ãå ãšããŒãçªå·ãèšå®ã§ããŸãããŸããã¹ãã ã¡ãŒã«ã®ãªãªãŒã¹ãªãã·ã§ã³ãå€æŽããããšãã§ããŸãã éé¢ã¬ããŒã 詳现ãªãã·ã§ã³ ãã¹ãå:ããã©ã«ãã§ã¯ãããããžã¡ã³ãã>ãã·ã¹ãã èšå®ã>ããã¹ãåãã¿ãã®ã²ãŒããŠã§ã€ã®ãã¹ãå ã§ããã²ãŒããŠã§ã€ãéä¿¡ããéé¢ã¬ããŒãã«ã¯ããã€ããŒãªã³ã¯ãªã©ãå«ãŸããŠããããŠãŒã¶ã¯ã ããã¯ãªãã¯ããŠã¡ãŒã«éé¢å Žæããã¡ãã»ãŒãžããªãªãŒã¹ã§ããŸããããã©ã«ãã§ã¯ããããã®ãª ã³ã¯ã¯ããã§æå®ãããã¹ãåããã€ã³ãããŠããŸãããŠãŒã¶ãã€ã³ã¿ãŒãããäžã§ã¡ãŒã«ããªãªãŒã¹ ã§ããããã«ãããå Žåã¯ããããªãã¯ã«è§£æ±ºã§ãã代æ¿ãã¹ãåãããã«å ¥åããå¿ èŠããã㟠ãã ããŒã:ããã©ã«ãã§ã¯ãããŒã 3840 ãèšå®ãããŠããŸããããŒãã¯ã1024ïœ65535 ã®ç¯å²å ã§ã© ã®å€ã«ã§ãå€æŽã§ããŸãã UTM 9 管çã¬ã€ã 337 10.6 ã¡ãŒã«ãããŒãžã£ 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ èš±å¯ãããã¯ãŒã¯:ã¡ãŒã«ãªãªãŒã¹ãµãŒãã¹ãžã®æ¥ç¶ãèš±å¯ãããããã¯ãŒã¯ãæå®ã§ããŸããããã© ã«ãã§ã¯ãå éšãããã¯ãŒã¯ã®ã¿ãéžæãããŠããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã ãªãªãŒã¹ãªãã·ã§ã³ ããã§ããŠãŒã¶ããªãªãŒã¹å¯èœãªéé¢ã¡ãã»ãŒãžã®ã¿ã€ããéžæã§ããŸãã以äžã®ãªãã·ã§ã³ããéž æã§ããŸãã l ãã«ãŠã§ã¢ l ã¹ãã l è¡šçŸãã£ã«ã¿ l ãã¡ã€ã«æ¡åŒµå l ã¹ãã£ã³äžå¯ l MIME ã¿ã€ã l ãã®ä» èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã 10.6 ã¡ãŒã«ãããŒãžã£ ã¡ãŒã«ãããŒãžã£ãšã¯ãæ©åšã«çŸåšä¿åãããŠãããã¹ãŠã®ã¡ãŒã«ã¡ãã»ãŒãžã管çããã³æŽçã ãããã®ç®¡çããŒã«ã§ããé ä¿¡åŸ ã¡ã®ã¡ãã»ãŒãžããæªæãããœãããŠã§ã¢ã«ææããŠããéé¢ã¡ã ã»ãŒãžãçãããæ·»ä»ãã¡ã€ã«ãæ·»ä»ãããŠããéé¢ã¡ãã»ãŒãžãã¹ãã ãšããŠèå¥ãããéé¢ã¡ã ã»ãŒãžããŸãã¯å¥œãŸãããªãè¡šçŸãå«ãŸããŠããéé¢ã¡ãã»ãŒãžãªã©ã衚瀺ãããŸããã¡ãã»ãŒãžã ããŠã³ããŒãããªãªãŒã¹ãåé€ããåã«ãã¡ãŒã«ãããŒãžã£ã䜿çšããŠãã¹ãŠã®ã¡ãã»ãŒãžãã¬ãã¥ãŒ ããããšãã§ããŸããã¡ãŒã«ãããŒãžã£ã¯ UTF-8 ã«å®å šã«å¯Ÿå¿ããŠããŸãã 338 UTM 9 管çã¬ã€ã 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 10.6 ã¡ãŒã«ãããŒãžã£ 10.6.1 ã¡ãŒã«ãããŒãžã£ãŠã£ã³ã㊠Figure 20 ã¡ãŒã«ãããŒãžã£ â Sophos UTM ãã¡ãŒã«ãããŒãžã£ããŠã£ã³ããŠãéãã«ã¯ããEã¡ãŒã«ãããã¯ã·ã§ã³ > ã¡ãŒã«ãããŒãžã£ > ã°ããŒã ã« ãã¿ãã®ãæ°ãããŠã£ã³ããŠã§ã¡ãŒã«ãããŒãžã£ãéãããã¿ã³ãã¯ãªãã¯ããŸããã¡ãŒã«ãããŒãžã£ ã¯ã次ã®5ã€ã®ã¿ãã«åå²ãããŠããŸãã l SMTP Quarantine:çŸåšéé¢ãããŠãããã¹ãŠã®ã¡ãã»ãŒãžã衚瀺ããŸãã l SMTP Spool:çŸåš /var/spool ã«ãããã¹ãŠã®ã¡ãã»ãŒãžã衚瀺ããŸãããããã®ã¡ãã»ãŒãž ã¯ãé ä¿¡åŸ ã¡ã§ãããããšã©ãŒãçºçããããã«ã¹ããŒã«ã«å«ãŸããŠããå¯èœæ§ããã㟠ãã l SMTP Log:SMTP çµç±ã§åŠçããããã¹ãŠã®ã¡ãã»ãŒãžã®é ä¿¡ãã°ã衚瀺ããŸãã l POP3 Quarantine:POP3 çµç±ã§ååŸãããçŸåšéé¢ãããŠãããã¹ãŠã®ã¡ãã»ãŒãžã衚瀺ã ãŸãã l éãã:ãããã¯ãªãã¯ãããšãã¡ãŒã«ãããŒãžã£ãŠã£ã³ããŠãéããŸãã 10.6.1.1 SMTP/POP3 éé¢ SMTP ããã³ POP3 éé¢å ã®ã¡ãã»ãŒãžã¯ãããããã®éé¢çç±å¥ã«è¡šç€ºããããšãã§ããŸãã UTM 9 管çã¬ã€ã 339 10.6 ã¡ãŒã«ãããŒãžã£ l ãã«ãŠã§ã¢ l ã¹ãã l è¡šçŸããã㯠l ãã¡ã€ã«æ¡åŒµå l MIME ã¿ã€ã (SMTP ã®ã¿) l ã¹ãã£ã³äžå¯ l ãã®ä» 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ ãã§ãã¯ããã¯ã¹ã䜿çšããŠãéé¢çç±ãéžæ/éžæ解é€ããŸããéé¢çç±ã®ãã§ãã¯ããã¯ã¹ãã ãã«ã¯ãªãã¯ãããšããã®çç±ã ããéžæãããŸãã ãã³ã â ã¡ãã»ãŒãžã衚瀺ããã«ã¯ãã¡ãã»ãŒãžãããã«ã¯ãªãã¯ããŸãã Profile/Domain( ãããã¡ã€ã«/ãã¡ã€ã³) :ãããã¡ã€ã«/ãã¡ã€ã³ãéžæãããšããã®ãããã¡ã€ã«/ãã¡ã€ ã³ã®ã¡ãã»ãŒãžã®ã¿ã衚瀺ãããŸãã Sender/Rcpt/Subject substring( éä¿¡è /åä¿¡è /件åãµãã¹ããªã³ã°) :ããã§ã¯ãã¡ãã»ãŒãžå ã§æ€ 玢ããéä¿¡è ãåä¿¡è ããŸãã¯ä»¶åãå ¥åããŸãã Received date( åä¿¡æ¥) :ç¹å®ã®æéå ã«åŠçãããã¡ãã»ãŒãžã®ã¿ã衚瀺ããã«ã¯ãæ¥ä»ãå ¥å ããããã«ã¬ã³ããŒã¢ã€ã³ã³ã§æ¥ä»ãéžæããŸãã Sort by( ãœãŒãé ) :ããã©ã«ãã§ã¯ãåä¿¡æå»ã«ãããªã¹ãããœãŒããããŠããŸããããã§ã¯ãå¥ã®ãœãŒ ãåºæºãéžæã§ããŸãã and show( 衚瀺) :ãã§ãã¯ããã¯ã¹ãéžæããããšã§ã1ããŒãžããã 20件ã50件ã100件ã250件ã500 件ã1000件ããŸãã¯ãã¹ãŠã®ã¡ãã»ãŒãžã衚瀺ããããšãã§ããŸãããã¹ãŠã®ã¡ãã»ãŒãžã®è¡šç€ºã« ã¯æéããããå ŽåããããŸãã åã¡ãã»ãŒãžã®åã«ãããã§ãã¯ããã¯ã¹ã䜿çšããããã¡ãã»ãŒãžãã¯ãªãã¯ããŠãéžæããã¡ãã»ãŒ ãžã«ã¢ã¯ã·ã§ã³ãé©çšããŸãã次ã®äœæ¥ãå®è¡ã§ããŸãã l Download( ããŠã³ããŒã) :éžæãããã¡ãã»ãŒãžãããŠã³ããŒãããŸãã l Delete( åé€) :éžæãããã¡ãã»ãŒãžãåé€ããŸãããããåãæ¶ãããšã¯ã§ããŸããã l Release( ãªãªãŒã¹) :éžæãããã¡ãã»ãŒãžãéé¢ãããªãªãŒã¹ããŸãã l Release and report as false positive( ãªãªãŒã¹ãã誀æ€åºãšããŠå ±å) :éžæããã¡ãã»ãŒãžãé é¢ãããªãªãŒã¹ããã¹ãã ã¹ãã£ã³ãšã³ãžã³ã«èª€æ€åºãšããŠå ±åããŸãã 340 UTM 9 管çã¬ã€ã 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 10.6 ã¡ãŒã«ãããŒãžã£ éé¢ã«ä¿çãããŠããã¡ãã»ãŒãžããã¹ãŠ ãªãªãŒã¹ã§ããã®ã¯ç®¡çè ã ãã§ããSophosãŠãŒã¶ã㌠ã¿ã«ã§ã¡ãã»ãŒãžã確èªãããŠãŒã¶ã¯ãæ瀺çã«èš±å¯ãããŠããã¡ãã»ãŒãžã®ã¿ããªãªãŒã¹ããããš ãã§ããŸãããã®æš©éä»äžèšå®ã¯ããEã¡ãŒã«ãããã¯ã·ã§ã³ã>ãéé¢ã¬ããŒãã>ã詳现ãã¿ãã§ç¢ºèªã§ ããŸãã Select action to apply on message(s)( ã°ããŒãã«ã¯ãªãŒã³ã¢ããã¢ã¯ã·ã§ã³ã®éžæ) :ããã«ã¯ãã¡ãã»ãŒ ãžã«å¯ŸããŠã°ããŒãã«ã«é©çšãããããŸããŸãªåé€ãªãã·ã§ã³ããããŸããã€ãŸããéžæãããŠã㪠ãã¡ãã»ãŒãžã衚瀺ãããŠããªãã¡ãã»ãŒãžã«ããªãã·ã§ã³ãé©çšãããŸãã èŠå â ã¡ãã»ãŒãžã®åé€ãåãæ¶ãããšã¯ã§ããŸããã 10.6.1.2 SMTP Spool ããã«ã¯ãé ä¿¡åŸ ã¡ã¡ãã»ãŒãžãŸãã¯ãšã©ãŒãçºçããã¡ãã»ãŒãžã衚瀺ãããŸããé ä¿¡ãã°ã¯ã ã¡ãã»ãŒãžãããã®äžéšã§ããããŸãã次ã®ãã§ãã¯ããã¯ã¹ã䜿çšããŠã衚瀺ããã¡ãã»ãŒãžã®ã¿ã€ ãã1ã€ã ãéžæããŠãã ããã l Waiting:é ä¿¡åŸ ã¡ã®ã¡ãã»ãŒãžã l Error:ãšã©ãŒãçºçããã¡ãã»ãŒãžãããã¡ãã»ãŒãžã§ãšã©ãŒãè€æ°åçºçããå Žå ã¯ãSophosããŒãããŒãŸãã¯SophosãµããŒãããŒã ã«å ±åããŠãã ããã ãã³ã â ã¡ãã»ãŒãžã衚瀺ããã«ã¯ãã¡ãã»ãŒãžãããã«ã¯ãªãã¯ããŸãã Profile/Domain( ãããã¡ã€ã«/ãã¡ã€ã³) :ãããã¡ã€ã«/ãã¡ã€ã³ãéžæãããšããã®ãããã¡ã€ã«/ãã¡ã€ ã³ã®ã¡ãã»ãŒãžã®ã¿ã衚瀺ãããŸãã Sender/Rcpt/Subject substring( éä¿¡è /åä¿¡è /件åãµãã¹ããªã³ã°) :ããã§ã¯ãã¡ãã»ãŒãžå ã§æ€ 玢ããéä¿¡è ãåä¿¡è ããŸãã¯ä»¶åãå ¥åããŸãã Received date( åä¿¡æ¥) :ç¹å®ã®æéå ã«åŠçãããã¡ãã»ãŒãžã®ã¿ã衚瀺ããã«ã¯ãæ¥ä»ãå ¥å ããããã«ã¬ã³ããŒã¢ã€ã³ã³ã§æ¥ä»ãéžæããŸãã Sort by( ãœãŒãé ) :ããã©ã«ãã§ã¯ãåä¿¡æå»ã«ãããªã¹ãããœãŒããããŠããŸããããã§ã¯ãå¥ã®ãœãŒ ãåºæºãéžæã§ããŸãã and show( 衚瀺) :ãã§ãã¯ããã¯ã¹ãéžæããããšã§ã1ããŒãžããã 20件ã50件ã100件ã250件ã500 件ã1000件ããŸãã¯ãã¹ãŠã®ã¡ãã»ãŒãžã衚瀺ããããšãã§ããŸãããã¹ãŠã®ã¡ãã»ãŒãžã®è¡šç€ºã« ã¯æéããããå ŽåããããŸãã åã¡ãã»ãŒãžã®åã«ãããã§ãã¯ããã¯ã¹ã䜿çšããããã¡ãã»ãŒãžãã¯ãªãã¯ããŠãéžæããã¡ãã»ãŒ ãžã«ã¢ã¯ã·ã§ã³ãé©çšããŸãã次ã®äœæ¥ãå®è¡ã§ããŸãã UTM 9 管çã¬ã€ã 341 10.6 ã¡ãŒã«ãããŒãžã£ 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ l Download( ããŠã³ããŒã) :éžæãããã¡ãã»ãŒãžãããŠã³ããŒãããŸãã l Retry( åè©Šè¡) :éžæãããã¡ãã»ãŒãžã®é ä¿¡ãå³æã«åè©Šè¡ããŸãã l Delete( åé€) :éžæãããã¡ãã»ãŒãžãåé€ããŸãããããåãæ¶ãããšã¯ã§ããŸããã l Bounce( ããŠã³ã¹) :éžæãããã¡ãã»ãŒãžãããŠã³ã¹ããŸããéä¿¡è ã«ã¯ãã¡ãã»ãŒãžã®é ä¿¡ ããã£ã³ã»ã«ãããããšãäŒããã¡ãã»ãŒãžãéä¿¡ãããŸãã ã°ããŒãã«ã¯ãªãŒã³ã¢ããã¢ã¯ã·ã§ã³ã®éžæ:ããã«ã¯ãã¡ãã»ãŒãžã«å¯ŸããŠã°ããŒãã«ã«é©çšããã ãªãã©ã€ãªãã·ã§ã³ãããã€ãã®åé€ãªãã·ã§ã³ããããŸããã€ãŸããéžæãããŠããªãã¡ãã»ãŒãžã 衚瀺ãããŠããªãã¡ãã»ãŒãžã«ããªãã·ã§ã³ãé©çšãããŸãã èŠå â ã¡ãã»ãŒãžã®åé€ãåãæ¶ãããšã¯ã§ããŸããã 10.6.1.3 SMTP ãã° ãSMTP Logãã«ã¯ãSMTP çµç±ã§åŠçããããã¹ãŠã®ã¡ãã»ãŒãžã®ãã°ã¡ãã»ãŒãžã衚瀺ãããŸãã Result Filter( çµæãã£ã«ã¿) :衚瀺ãããã¡ãã»ãŒãžã®ã¿ã€ããéžæããã«ã¯ã該åœãããã§ãã¯ãã㯠ã¹ã«ãã§ãã¯ãå ¥ããŸãã l Delivered( é ä¿¡æžã¿) :é ä¿¡ãæåããã¡ãã»ãŒãžã l Rejected( ãªãžã§ã¯ã) :UTMã«æåŠãããã¡ãã»ãŒãžã l Quarantined( éé¢) :éé¢ãããã¡ãã»ãŒãžã l Blackholed( ãã©ãã¯ããŒã«; åé€æžã¿) :éç¥ãªãã§åé€ãããã¡ãã»ãŒãžã l Canceled( ãã£ã³ã»ã«) :SMTP ã¹ããŒã« ã«æåã§ããŠã³ã¹ãããã¡ãã»ãŒãžã l Bounced( ããŠã³ã¹) :ã«ãŒãã£ã³ã°èšå®ãæ£ãããªããªã©ã®çç±ã«ãããé ä¿¡ã§ããªãã¡ãã»ãŒ ãžã l Deleted( åé€æžã¿) :æåã§åé€ãããã¡ãã»ãŒãžã l Unknown( äžæ) :ã¹ããŒã¿ã¹ãäžæãªã¡ãã»ãŒãžã ãçµæãã£ã«ã¿ãã¢ã€ãã ã®éžæ/éžæ解é€ãåãæ¿ããã«ã¯ããã§ãã¯ããã¯ã¹ã䜿çšããŸããã¢ã€ ãã ãããã«ã¯ãªãã¯ãããšããã®ã¢ã€ãã ã ããéžæãããŸãã Reason Filter( çç±ãã£ã«ã¿) :ã¡ãã»ãŒãžãã°ã®è¡šç€ºãããã«ãã£ã«ã¿ããã«ã¯ããã§ãã¯ããã¯ã¹ã䜿 çšããŸãã 342 UTM 9 管çã¬ã€ã 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 10.6 ã¡ãŒã«ãããŒãžã£ ãã³ã â ã¡ãã»ãŒãžãã°ã衚瀺ããã«ã¯ãã¡ãã»ãŒãžãã°ãããã«ã¯ãªãã¯ããŸããIP ã¢ãã¬ã¹ã解決 ããã«ã¯ãã¡ãã»ãŒãžã®ãµãŒãã¢ã€ã³ã³ãã¯ãªãã¯ããŸããã¢ã¹ã¿ãªã¹ã¯ (*) ã¯ããªããŒã¹ DNS ã«ã㯠ã¢ãããæåããããšã瀺ããŸãã Profile/Domain( ãããã¡ã€ã«/ãã¡ã€ã³) :ãããã¡ã€ã«/ãã¡ã€ã³ãéžæãããšããã®ãããã¡ã€ã«/ãã¡ã€ ã³ã®ã¡ãã»ãŒãžã®ã¿ã衚瀺ãããŸãã IP/Net/Address/Subj. substring( IP/ããã/ã¢ãã¬ã¹/件å ãµãã¹ããªã³ã°) :ããã§ã¯ãSMTP ãã°ã¡ã ã»ãŒãžå ã§æ€çŽ¢ãã IP ã¢ãã¬ã¹ããããã¯ãŒã¯ã¢ãã¬ã¹ããŸãã¯ä»¶åãå ¥åããŸãã Received date( åä¿¡æ¥) :ç¹å®ã®æéå ã«åŠçãããã¡ãã»ãŒãžã®ã¿ã衚瀺ããã«ã¯ãæ¥ä»ãå ¥å ããããã«ã¬ã³ããŒã¢ã€ã³ã³ã§æ¥ä»ãéžæããŸãã Sort by( ãœãŒãåºæº) :ã¡ãã»ãŒãžã¯ãã€ãã³ãæéãéä¿¡è ã¢ãã¬ã¹ãã¡ãã»ãŒãžãµã€ãºãåºæºã«ãœãŒ ãã§ããŸãã and show( 衚瀺æ°) :衚瀺ãããšã³ããªæ°ãšããŠã1ããŒãžããã 20ãšã³ããªã50ãšã³ããªã100ãšã³ã ãªã250ãšã³ããªã500ãšã³ããªã1000ãšã³ããªããŸãã¯ãã¹ãŠã®ã¡ãã»ãŒãžãéžæããããšãã§ããŸãã ãã¹ãŠã®ã¡ãã»ãŒãžã®è¡šç€ºã«ã¯æéããããå ŽåããããŸãã 10.6.2 ã°ããŒãã« ãã¡ãŒã«ãããŒãžã£ > ã°ããŒãã« ãã¿ãã®äžéšã§ã¯ããæ°ãããŠã£ã³ããŠã§ã¡ãŒã«ãããŒãžã£ãéããã ã¿ã³ãã¯ãªãã¯ããŠã¡ãŒã«ãããŒãžã£ãéãããšãã§ããŸãã äžéšã«ãããçµ±èšæŠèŠ³ ããšãªã¢ã«ã¯ããŠãããã«çŸåšä¿åãããŠãããã¹ãŠã®ã¡ãã»ãŒãžã®æŠèŠã 衚瀺ãããŸããããŒã¿ã¯ SMTP ãããã³ã«çµç±ã POP3 ãããã³ã«çµç±ãã«ãã£ãŠåé¡ãããŠã㟠ããäž¡æ¹ã®ã¿ã€ãã«å¯ŸããŠã次ã®æ å ±ã衚瀺ãããŸãã l é ä¿¡åŸ ã¡ (ã¹ããŒã«äž) (SMTP ã®ã¿):ã¹ãã£ã³äžãªã®ã§ãŸã é ä¿¡ã§ããªããªã©ã®çç±ã«ã ããçŸåšã¹ããŒã«ã«ããã¡ãŒã«ã l ã¯ãªãŒã³ã¡ãŒã«ç·æ° (POP3 ã®ã¿):ãŠããããããªãã§ããããã¯ã©ã€ã¢ã³ã/ãŠãŒã¶ããŸã åå ããŠããªãã¡ãŒã«ã l éé¢ãã«ãŠã§ã¢:ãŠã€ã«ã¹ããã®ä»ã®å±éºãªã³ã³ãã³ããªã©ã®ãã«ãŠã§ã¢ãå«ãã¡ãã»ãŒãž ã®ç·æ°ã l éé¢ã¹ãã :ã¹ãã ãšç¹å®ãããã¡ãã»ãŒãžã®ç·æ°ã l è¡šçŸãããã¯ã«ããéé¢:èš±å¯ãããªãè¡šçŸãå«ãŸããããã«éé¢ã«ç§»ãããã¡ãã»ãŒãžã® ç·æ°ã UTM 9 管çã¬ã€ã 343 10.6 ã¡ãŒã«ãããŒãžã£ 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ l ãã¡ã€ã«æ¡åŒµåã«ããéé¢:çãããæ·»ä»ãã¡ã€ã«ãå«ãŸããããã«éé¢ãããã¡ãã»ãŒãž ã®ç·æ° (ãã¡ã€ã«æ¡åŒµåã§èå¥)ã l ã¹ãã£ã³äžå¯ã®ããéé¢:ã¹ãã£ã³ã§ããªãããéé¢ãããã¡ãã»ãŒãžã®ç·æ°ã l MIMEã¿ã€ãã«ããéé¢ (SMTP ã®ã¿):SMTP èšå®ã«åŸã£ãŠãã£ã«ã¿ãã¹ã MIME ã¿ã€ããå«ãŸ ããããéé¢ãããã¡ãã»ãŒãžã®ç·æ°ã l ç·éé¢æ°:éé¢ãããã¡ãã»ãŒãžã®ç·æ°ã 泚 â ãé ä¿¡åŸ ã¡ãã®æ°ã¯ãSMTP ã¡ãã»ãŒãžã®å Žåã¯ãªã¢ã«ã¿ã€ã ã®ã¹ãããã·ã§ãããè¡šããŸãã ãã ã POP3 ã¡ãã»ãŒãžã®å Žåã¯ã衚瀺ãããæ°ã¯ãååããªãã§ãããæå¹ã«ããããšããã㮠环ç©æ°ã§ãã äžã«ãéå» 24æé以å ã® SMTP éé¢ããã³æåŠ (ãªãžã§ã¯ã) ã®ç°¡åãªçµ±èšã衚瀺ãããŸãã l ãã«ãŠã§ã¢éé¢/ãªãžã§ã¯ã:æ害ãªã³ã³ãã³ããå«ãŸããããéé¢/æåŠãããã¡ãã»ãŒãžã® æ°ã l ã¹ãã éé¢/ãªãžã§ã¯ã:ã¹ãã èªå®ãããããéé¢/æåŠãããã¡ãã»ãŒãžã®æ°ã l ãã©ãã¯ãªã¹ããªãžã§ã¯ã:éä¿¡è ããã©ãã¯ãªã¹ãã«å«ãŸããŠããããæåŠãããã¡ãã»ãŒãžã® æ°ã l ã¢ãã¬ã¹æ€èšŒãªãžã§ã¯ã:éä¿¡è ã¢ãã¬ã¹ãæ€èšŒã§ããªãã£ãããæåŠãããã¡ãã»ãŒãžã® æ°ã l SPF ãªãžã§ã¯ã:éä¿¡ãã¹ããèš±å¯ãããªãããæåŠãããã¡ãã»ãŒãžã®æ°ã l RBL ãªãžã§ã¯ã:éä¿¡è ããªã¢ã«ã¿ã€ã ãã©ãã¯ããŒã«ãªã¹ãã«å«ãŸããŠããããæåŠããã ã¡ãã»ãŒãžã®æ°ã l BATV ãªãžã§ã¯ã:BATV ã¿ã°ãæ€èšŒã§ããªãã£ãããã«æåŠãããã¡ãã»ãŒãžã®æ°ã l RDNS/HELO ãªãžã§ã¯ã:HELO ãç¡å¹ã§ããã RDNS ãšã³ããªãäžè¶³ããŠããããã«æåŠã ããã¡ãã»ãŒãžã®æ°ã æåŠããããã©ããã¯ãEã¡ãŒã«ãããã¯ã·ã§ã³ > SMTP ãã§ã®èšå®ã«äŸåããŸãã 10.6.3 èšå® ãã¡ãŒã«ãããŒãžã£ > èšå® ãã¿ãã§ã¯ãããŒã¿ããŒã¹ãã°ãã©ããããã®æéä¿åããã®ãããããŠé é¢ã¡ãã»ãŒãžãäœæ¥åŸã«éé¢å Žæããåé€ããã®ããèšå®ããããšãã§ããŸããæå¹æéèšå®ã® æ¥æ°ãè¶ ãããã°ãšã¡ãã»ãŒãžã¯èªåçã«åé€ãããŸãã ããã©ã«ãèšå®ã¯æ¬¡ã®ãšããã§ãã 344 UTM 9 管çã¬ã€ã 10 Eã¡ãŒã«ãããã¯ã·ã§ã³ 10.6 ã¡ãŒã«ãããŒãžã£ l ããŒã¿ããŒã¹ãã°ã¯ 3æ¥çµéåŸã«åé€ãããŸããèš±å¯ãããæ倧æ¥æ°:30æ¥ã l éé¢ã¡ãã»ãŒãžã¯ 14æ¥çµéåŸã«åé€ãããŸããèš±å¯ãããæ倧æ¥æ°:999æ¥ã ããŒã¿ããŒã¹ãã°ãšéé¢ã®äž¡æ¹ã«å¯ŸããŠèš±å¯ãããæäœæ¥æ°ã¯ 1æ¥ã§ãã ããŒã¿ã ãŒã¹ã ã° ã®ã¯ãªã¢ ãã®ãªãã·ã§ã³ã¯ãããŒã¿ããŒã¹ãã°ã«å€§éã®ããŒã¿ãèç©ãããå Žåã«ãã°ãå³ææ¶å»ãããšã ã«äŸ¿å©ã§ããããã䜿çšããã°ãéåžžã®ã¯ãªãŒã³ã¢ããã¢ã¯ã·ã§ã³ãå®è¡ããããŸã§åŸ ã€å¿ èŠã¯ã ããŸããã UTM 9 管çã¬ã€ã 345 11 ãšã³ããã€ã³ããããã¯ã·ã§ã³ ãEndpoint Protectionã(ãšã³ããã€ã³ããããã¯ã·ã§ã³) ã¡ãã¥ãŒã§ã¯ããã¹ã¯ãããã³ã³ãã¥ãŒã¿ããµãŒ ããã¢ãã€ã« PC ãªã©ããããã¯ãŒã¯äžã®ãšã³ããã€ã³ãããã€ã¹ã®ä¿è·ã管çã§ããŸããUTMãã㧠ã¯ããšã³ããã€ã³ããœãããŠã§ã¢ã®å°å ¥ãä¿è·å¯Ÿè±¡ã®ãšã³ããã€ã³ãã®æŠèŠç¢ºèªããšã³ããã€ã³ãã®ã° ã«ãŒãåãã¢ã³ããŠã€ã«ã¹ããã³ããã€ã¹ã³ã³ãããŒã«ããªã·ãŒã®èšå®ãå®çŸ©ããããªã·ãŒã®ãšã³ã ãã€ã³ãã°ã«ãŒããžã®å²ãåœãŠãè¡ããŸãã ãšã³ããã€ã³ããããã¯ã·ã§ã³ã§ã¯ãSophos LiveConnect ãšåŒã°ããã»ã³ã¿ãŒãµãŒãã¹ã䜿çšããŠã㟠ãããã®ã¯ã©ãŠãããŒã¹ã®ãµãŒãã¹ã¯ããšã³ããã€ã³ããããã¯ã·ã§ã³æ©èœãæå¹ã«ãã段éã§ãUTM ã«äœ¿çšã§ããããã«èªåçã«ã»ããã¢ãããããŸããLiveConnect ã䜿çšãããšãããŒã«ã«ããã ã¯ãŒã¯ã«ååšãããã©ããã«é¢ä¿ãªãããªã¢ãŒããµã€ããå€åºã®å€ããŠãŒã¶ã®ãšã³ããã€ã³ããå« ããåžžã«ãã¹ãŠã®ãšã³ããã€ã³ãã管çã§ããŸããLiveConnect ãµãŒãã¹ã¯ä»¥äžãæäŸããŸãã l ãšã³ããã€ã³ããšãŒãžã§ã³ãçšã®èšå®æžã¿ã€ã³ã¹ããŒã«ããã±ãŒãž l ãšã³ããã€ã³ãã«å¯Ÿããããªã·ãŒã®å°å ¥ããã³æŽæ° l ãšã³ããã€ã³ãã®ã»ãã¥ãªãã£æŽæ°ããã³å®çŸ© l WebAdmin ã«ãããšã³ããã€ã³ããéäžç®¡çã§ã¢ãã¿ãªã³ã°ããããã®äžå€®ã§ã®ãã°èšé²ãš ããŒã¿ã¬ããŒã LiveConnect ã¯ã¯ã©ãŠãããŒã¹ã®ãµãŒãã¹ã§ããããããµãŒãã¹ãæ©èœãããããã«ã¯ãã¢ã¯ãã£ã ãªã€ã³ã¿ãŒãããæ¥ç¶ãå¿ èŠã«ãªããŸãã管ç察象ã®ãšã³ããã€ã³ãã«ããããªã·ãŒããã³ã»ãã¥ãª ãã£æŽæ°ãåä¿¡ããããã®ã€ã³ã¿ãŒãããæ¥ç¶ãå¿ èŠã«ãªããŸãã 次ã®å³ã¯ãLiveConnect ãµãŒãã¹ã䜿çšããSophos UTMãšã³ããã€ã³ããããã¯ã·ã§ã³ã®å°å ¥äŸã瀺 ããŸãã 11 ãšã³ããã€ã³ããããã¯ã·ã§ã³ Figure 21 ãšã³ããã€ã³ããããã¯ã·ã§ã³:æŠèŠ ãã®ç« ã§ã¯ã次ã®ãããã¯ã«ã€ããŠèª¬æããŸãã l ã³ã³ãã¥ãŒã¿ç®¡ç l ã¢ã³ããŠã€ã«ã¹ l ããã€ã¹ã³ã³ãããŒã« ãšã³ããã€ã³ããããã¯ã·ã§ã³ãæå¹ã«ãããšãç»é²ãããŠããã³ã³ãã¥ãŒã¿ã®å šè¬çãªæ å ±ãšã¹ã㌠ã¿ã¹ãæŠèŠããŒãžã§ç¢ºèªã§ããŸãããªã¹ãã®ãœãŒããšæ€çŽ¢ãã§ããŸãããšã³ããã€ã³ãã®ã¹ããŒã¿ã¹ã ã§ãªãå Žå Okãã¹ããŒã¿ã¹ãã¯ãªãã¯ããããšã§ãŠã€ã³ããŠãéãè¿œå ã®æ å ±ãåŸãããšãã§ã㟠ããã¹ããŒã¿ã¹ã é©åããªãå Žå㯠ã ãã®ããã€ã¹ã®èšå®ãèšå®ãããã®ãšç°ãªã£ãŠããããšã瀺 ããŸãUTMããã®åé¡ã解決ããããã«ããŠã£ã³ããŠäžã®ãªã³ã¯ããçŸåšã®èšå®ããšã³ããã€ã³ããž éãããšãã§ããŸãããã®ä»ã®ã¹ããŒã¿ã¹å¯ŸããŠããã©ã®ãããªã¢ã¯ã·ã§ã³ãå¿ èŠããšãã£ãæ å ±ã åŸãããšãã§ããŸãã ãšã³ ããã€ã³ ã ãã ãã¯ã·ã§ã³ ã©ã€ãã ã° ãéã ãšã³ããã€ã³ããããã¯ã·ã§ã³ã©ã€ããã°ã¯ãšã³ããã€ã³ããš LiveConnect ãšã®æ¥ç¶ã«é¢ããæ å ±ã瀺 ããŸããããã« UTMããšã³ããã€ã³ãã®ã»ãã¥ãªãã£ã«é¢ããæ å ±ã瀺ããŸããããšã³ããã€ã³ãããã㯠348 UTM 9 管çã¬ã€ã 11 ãšã³ããã€ã³ããããã¯ã·ã§ã³ 11.1 ã³ã³ãã¥ãŒã¿ç®¡ç ã·ã§ã³ã©ã€ããã°ãéãããã¿ã³ãã¯ãªãã¯ãããšãæ°ãããŠã£ã³ããŠã§ãšã³ããã€ã³ããããã¯ã·ã§ã³ã©ã€ ããã°ãéããŸãã 11.1 ã³ã³ãã¥ãŒã¿ç®¡ç ããšã³ããã€ã³ããããã¯ã·ã§ã³ > ã³ã³ãã¥ãŒã¿ç®¡ç ãããŒãžã§ã¯ãSophos UTMã«æ¥ç¶ãããåã ã®ã³ ã³ãã¥ãŒã¿ã®ä¿è·ã管çããããšãã§ããŸãã ããã§ã¯ããšã³ããã€ã³ãã®ã€ã³ã¹ããŒã«ãã¡ã€ã«ãæ€çŽ¢ããŠå°å ¥ãããããšã³ããã€ã³ããããã¯ã·ã§ã³ ãœãããŠã§ã¢ãã€ã³ã¹ããŒã«ãããŠãããã¹ãŠã®ã³ã³ãã¥ãŒã¿ã®æŠèŠã確èªããããšãã§ããŸãããã ã«ãã³ã³ãã¥ãŒã¿ã°ã«ãŒãããšã«ãç°ãªãä¿è·ãèšå®ã§ããŸãã 11.1.1 ã°ããŒãã« ããšã³ããã€ã³ããããã¯ã·ã§ã³ > ã³ã³ãã¥ãŒã¿ç®¡ç > ã°ããŒãã« ãã¿ãã§ã¯ããšã³ããã€ã³ããããã¯ã·ã§ ã³ãæå¹ãŸãã¯ç¡å¹ã«ã§ããŸãã ãšã³ããã€ã³ããããã¯ã·ã§ã³ãæå¹ã«ããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãã°ããŒãã« ãã¿ãã§ããšã³ããã€ã³ããããã¯ã·ã§ã³ãæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«ãªããçµç¹ã®è©³çŽ°ã«é¢ãããã£ãŒã«ãã衚瀺ãããŸãã 2. çµç¹ã®è©³çŽ°ãå ¥åããŸãã ããã©ã«ãã§ãããããžã¡ã³ã > ã·ã¹ãã èšå® > çµç¹ ãã¿ãã®èšå®ã䜿çšãããŸãã 3. ããšã³ããã€ã³ããããã¯ã·ã§ã³ã®ã¢ã¯ãã£ããŒãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããç·è²ã«ãªãããšã³ããã€ã³ããããã¯ã·ã§ã³ãæå¹ã«ãªããŸãã èšå®ããã£ã³ã»ã«ããã«ã¯ãã¢ã³ããŒè²ã®ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã 次ã«ãããšãŒãžã§ã³ãã®å°å ¥ ãããŒãžã§ã ç£èŠããã³ã³ãã¥ãŒã¿ã«ããšã³ããã€ã³ããããã¯ã·ã§ã³ã®ã€ã³ ã¹ããŒã«ããã±ãŒãžãã€ã³ã¹ããŒã«ããŠç¶è¡ããŸãã 泚 â ãšã³ããã€ã³ããããã¯ã·ã§ã³ã䜿çšããéããWebãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã° > 詳现 ã ã¿ãã®ãWeb ãã£ãã·ã³ã°ãã«ããããœãã©ã¹ãšã³ããã€ã³ãã®ãã£ãã·ã¥ãæœè¡ ãæ©èœãæå¹åãã ããšãæšå¥šããŸããããã«ãã£ãŠããšã³ããã€ã³ããã€ã³ã¿ãŒãããçµç±ã§ã¢ããããŒããµãŒããã ããŒã¿ãããŠã³ããŒãããéãã¢ãããªã³ã¯ã飜åããããšãé»æ¢ã§ããŸãã UTM 9 管çã¬ã€ã 349 11.1 ã³ã³ãã¥ãŒã¿ç®¡ç 11 ãšã³ããã€ã³ããããã¯ã·ã§ã³ 泚 â Web ãã£ã«ã¿ãæå¹ã§ãééã¢ãŒãã§çšŒåããŠããå Žåã ãšã³ããã€ã³ãããšã³ããã€ã³ããã ãã¯ã·ã§ã³ãæ£åžžã«å©çšã§ããããã«ããã«ã¯ãè¿œå ã®èšå®ãå¿ èŠã«ãªããŸãããšã³ããã€ã³ãã ããã¯ã·ã§ã³ãæå¹ã«ãããšãUTM ã«ãã£ãŠã Sophos LiveConnect ãšããå称㮠DNS ã°ã«ãŒãã èªåçã«äœæãããŸãããã® DNS ã°ã«ãŒããããWeb ãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã° > 詳现 ã ã¿ãã«ããééã¢ãŒãã¹ããããªã¹ãã®ãã¹ãããããå®å ãã¹ã/ããããããã¯ã¹ã«è¿œå ããŸãã ãšã³ããã€ã³ããããã¯ã·ã§ã³ãç¡å¹ã«ããã«ã¯ã次ã®æé ã«åŸããŸãïŒ 1. ãã°ããŒãã« ã ã¿ãã§ããšã³ããã€ã³ããããã¯ã·ã§ã³ãç¡å¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«ãªããïŒã€ã®ãªãã·ã§ã³ãå©çšå¯èœãšãªããŸãã 2. ãšã³ããã€ã³ãã®ããŒã¿ãåé€ãããåŠããéžæããŸãã å šããŒã¿ãä¿æ: äžæçã«ãšã³ããã€ã³ããããã¯ã·ã§ã³ãç¡å¹ã«ããã«ã¯ããã®ãªãã·ã§ã³ã éžæããŸãããšã³ããã€ã³ãã®èšå®ã¯ä¿åãããŸãããã®æ©èœãå床æå¹åããéãåå〠ã³ã¹ããŒã«ããããšã³ããã€ã³ãã¯èªåçã«æ¥ç¶ãããå®çŸ©ãããŠããããªã·ãŒãå©çšãã ãŸãã å šããŒã¿ãåé€:ãã¹ãŠã®ãšã³ããã€ã³ãã®èšå®ãåæç¶æ ã«ãªã»ããããã«ã¯ããã®ãªãã·ã§ ã³ãéžæããŸãããšã³ããã€ã³ãã®å šãŠã®ã³ãã¯ã·ã§ã³ãšããªã·ãŒèšå®ãåé€ãããŸãããã® æ©èœãå床æå¹åããéããšã³ããã€ã³ããæ°ããç»é²ããŒã¿ãååŸãããããã€ã³ã¹ãã¬ãŒ ã·ã§ã³ããã±ãŒãžããšã³ããã€ã³ããžå±éãããŸã ããã³ã³ãã¥ãŒã¿ã®ç®¡ç > 詳现 ããåç §äžã ãã 3. ããšã³ããã€ã³ããããã¯ã·ã§ã³ã®ç¡å¹å ããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããç°è²ã«ãªãããšã³ããã€ã³ããããã¯ã·ã§ã³ãç¡å¹ã«ãªããŸãã 11.1.2 ãšãŒãžã§ã³ãã®å°å ¥ ããšã³ããã€ã³ããããã¯ã·ã§ã³ > ã³ã³ãã¥ãŒã¿ç®¡ç > ãšãŒãžã§ã³ãã®å°å ¥ ãã¿ãã§ã¯ããšã³ããã€ã³ãã ããã¯ã·ã§ã³ã«ããã¢ãã¿ãªã³ã°ããåã ã®ã³ã³ãã¥ãŒã¿çšã®ã€ã³ã¹ããŒã«ãã¡ã€ã«ãå°å ¥ã§ããŸãã ã€ã³ã¹ããŒã«ããã±ãŒãžã«ã¯ 2çš®é¡ãããŸãããæäŸããããœãããŠã§ã¢ã¯åãã§ããåããã±ãŒãž ãšããå°å ¥ãã€ã³ã¹ããŒã«ã«é¢ããŠãããããç°ãªã£ãå©ç¹ããããŸãã l 350 ã¹ãªã ã€ã³ã¹ããŒã«ããã±ãŒãž:ãµã€ãºã®å°ããããã±ãŒãž (12MB) ã§ã容æã«ã¡ãŒã«ã§æäŸ ã§ããŸãããã®ããã±ãŒãžã«å«ãŸããŠããªãããŒã¿ã¯ãã€ã³ã¹ããŒã«æã«ããŠã³ããŒããã㟠ãã UTM 9 管çã¬ã€ã 11 ãšã³ããã€ã³ããããã¯ã·ã§ã³ l 11.1 ã³ã³ãã¥ãŒã¿ç®¡ç ãã«ã€ã³ã¹ããŒã«ããã±ãŒãž:å®å šãªã€ã³ã¹ããŒã«ããŒã¿ãå«ãããã±ãŒãž (çŽ 90MB) ã§ãã€ã³ ã¹ããŒã«æã«ããŠã³ããŒããå¿ èŠãªããŒã¿ã¯æå°éã«æããããŠããŸãã ãããã®ããã±ãŒãžã䜿çšããå Žåã§ãããšã³ããã€ã³ããä¿è·ãããœãããŠã§ã¢ããšã³ããã€ã³ãã« å°å ¥ããæ¹æ³ã«ã¯ã次㮠2ãšãããããŸãã l ãã¹ãªã ã€ã³ã¹ããŒã©ã®ããŠã³ããŒã ããã¿ã³ãããã«ã€ã³ã¹ããŒã©ã®ããŠã³ããŒã ããã¿ã³ã㯠ãªãã¯ããŠãã€ã³ã¹ããŒã«ããã±ãŒãžãããŠã³ããŒãããŠä¿åããŸãããã®åŸããšã³ããã€ã³ã ãŠãŒã¶ã«ãããã±ãŒãžãžã®ã¢ã¯ã»ã¹ãæäŸããŸãã l ç°è²ã®ããã¯ã¹ã«è¡šç€ºãããŠãã URL ãã³ããŒããŠããšã³ããã€ã³ããŠãŒã¶ã«éä¿¡ããŸãããš ã³ããã€ã³ããŠãŒã¶ã¯ãã® URL ã䜿çšããŠãåèªã€ã³ã¹ããŒã«ããã±ãŒãžãããŠã³ããŒããã ã€ã³ã¹ããŒã«ããŸãã 泚 â ã€ã³ã¹ããŒã«ããã±ãŒãžã®ååã¯å€æŽããªãã§ãã ãããã€ã³ã¹ããŒã«æã« LiveConnect ã¯ã ãã®ããã±ãŒãžåãš UTM ã®çŸåšç»é²ãããŠããããŒã¿ãæ¯èŒããŸããæ å ±ãäžèŽããªãå Žåã〠ã³ã¹ããŒã«ã¯äžæ¢ãããŸãã ãšã³ããã€ã³ããžã®ã€ã³ã¹ããŒã«åŸãåã³ã³ãã¥ãŒã¿ã¯ããã³ã³ãã¥ãŒã¿ã®ç®¡ç ãã¿ãã«è¡šç€ºãããŸãã ããã«ãã詳现 ãã¿ãã§æå®ããã³ã³ãã¥ãŒã¿ã°ã«ãŒãã«èªåçã«å²ãåœãŠãããŸãã 泚 âã詳现 ãã¿ãã®ãç»é²ããŒã¯ã³ã®ãªã»ããããã¿ã³ã䜿çšããŠã€ã³ã¹ããŒã«ããã±ãŒãžãç¡å¹ã«ã ãããšãã§ããŸãã 11.1.3 ã³ã³ãã¥ãŒã¿ã®ç®¡ç ããšã³ããã€ã³ããããã¯ã·ã§ã³ > ã³ã³ãã¥ãŒã¿ç®¡ç > ã³ã³ãã¥ãŒã¿ç®¡ç ãã¿ãã§ã¯ãUTMã®ãšã³ããã€ã³ ããããã¯ã·ã§ã³ãã€ã³ã¹ããŒã«ãããŠããã³ã³ãã¥ãŒã¿ã®æŠèŠã衚瀺ããããšãã§ããŸããã³ã³ãã¥ãŒ ã¿ã¯ãªã¹ãã«èªåçã«è¿œå ãããŸããã³ã³ãã¥ãŒã¿ãŒãã°ã«ãŒãã«è¿œå ããããšãè¿œå ã®æ å ±ãå ã ãããšãã¿ã³ããŒãããã¯ã·ã§ã³èšå®ãä¿®æ£ããããšãã³ã³ãã¥ãŒã¿ãŒããªã¹ãããåé€ããããšãã§ã ãŸãã ãªã¹ããããŠããã³ã³ãã¥ãŒã¿ã®ããŒã¿ãç·šéããã«ã¯ã次ã®æé ã«åŸããŸãã 1. åãšã³ããªã®ãç·šé ããã¿ã³ãã¯ãªãã¯ããŸãã ãã³ã³ãã¥ãŒã¿ã®ç·šé ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ã³ã³ãã¥ãŒã¿ã°ã«ãŒã:ã³ã³ãã¥ãŒã¿ãå²ãåœãŠãã³ã³ãã¥ãŒã¿ã°ã«ãŒããéžæããŸããã³ã³ ãã¥ãŒã¿ãŒã¯ã¢ãµã€ã³ãããã°ã«ãŒãã®ãããã¯ã·ã§ã³èšå®ãåãåããŸãã UTM 9 管çã¬ã€ã 351 11.1 ã³ã³ãã¥ãŒã¿ç®¡ç 11 ãšã³ããã€ã³ããããã¯ã·ã§ã³ ã¿ã€ã:ã³ã³ãã¥ãŒã¿ã¿ã€ã (ãã¹ã¯ããããã¢ãã€ã« PCããµãŒããªã©) ãéžæããŸããã¿ã€ãã«ã ããªã¹ãããã£ã«ã¿ããããšãã§ããŸãã ã¿ã³ããŒãããã¯ã·ã§ã³:æå¹åãããšãã³ã³ãã¥ãŒã¿ã®ä¿è·èšå®ãããŒã«ã«å€æŽããã«ã¯ãã¹ ã¯ãŒããå¿ èŠãšãªããŸãããã®ãã¹ã¯ãŒãã¯ãã詳现 ãã¿ãã§å®çŸ©ããŸããç¡å¹ã«ãããšããšã³ ããã€ã³ããŠãŒã¶ã¯ãã¹ã¯ãŒãããªããŠããããã¯ã·ã§ã³èšå®ãå€æŽã§ããŸããåæç¶æ 㧠ã¯ããã®èšå®ã¯ã³ã³ãã¥ãŒã¿ãŒãæå±ããŠããã°ã«ãŒããšåäžãšãªããŸãã ã€ã³ãã³ã㪠# (ä»»æ):ã³ã³ãã¥ãŒã¿ã®ã€ã³ãã³ããªçªå·ãå ¥åããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã ã³ã³ãã¥ãŒã¿ãäžèŠ§ããåé€ããã«ã¯ããåé€ããã¿ã³ãã¯ãªãã¯ããŸãã 泚 â ã³ã³ãã¥ãŒã¿ããªã¹ãããåé€ãããšãUTMãšã³ããã€ã³ããããã¯ã·ã§ã³ã«ããã³ã³ãã¥ãŒã¿ã ä¿è·ãããªããªããŸããããããªãããã€ã³ã¹ããŒã«ããããšã³ããã€ã³ããœãããŠãšã¢ã¯èªåçã« ã¢ã³ã€ã³ã¹ããŒã«ãããŸããããçŽè¿ã®ããªã·ãŒã¯æå¹ãªãŸãŸãšãªããŸãã 11.1.4 ã°ã«ãŒã管ç ããšã³ããã€ã³ããããã¯ã·ã§ã³ > ã³ã³ãã¥ãŒã¿ç®¡ç > ã°ã«ãŒã管ç ãã¿ãã§ã¯ãä¿è·ãããã³ã³ãã¥ãŒã¿ ãã°ã«ãŒãåãããã®ã°ã«ãŒãã«å¯ŸããŠãšã³ããã€ã³ããããã¯ã·ã§ã³èšå®ãå®çŸ©ããããšãã§ã㟠ããã°ã«ãŒãã«å±ãããã¹ãŠã®ã³ã³ãã¥ãŒã¿ã«ã¯ãåãã¢ã³ããŠã€ã«ã¹ããªã·ãŒãšããã€ã¹ããªã·ãŒ ãé©çšãããŸãã 泚 â ãã¹ãŠã®ã³ã³ãã¥ãŒã¿ã¯äžã€ã®ã°ã«ãŒãã«æå±ããŸããæåã¯ããã¹ãŠã®ã³ã³ãã¥ãŒã¿ãã ãã©ã«ãã°ã«ãŒãã«å±ããŸããã°ã«ãŒãã®è¿œå åŸãã詳现 ãã¿ãã§ããã©ã«ããšãªãã°ã«ãŒããã€ãŸã æ°ããã€ã³ã¹ããŒã«ããã³ã³ãã¥ãŒã¿ãèªåçã«å²ãåœãŠãã°ã«ãŒããå®çŸ©ã§ããŸãã ã³ã³ãã¥ãŒã¿ã°ã«ãŒããäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãã³ã³ãã¥ãŒã¿ã°ã«ãŒãã®è¿œå ããã¯ãªãã¯ããŸãã ãã³ã³ãã¥ãŒã¿ã°ã«ãŒãã®è¿œå ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã®ã°ã«ãŒãã説æããååãå ¥åããŸãã 352 UTM 9 管çã¬ã€ã 11 ãšã³ããã€ã³ããããã¯ã·ã§ã³ 11.1 ã³ã³ãã¥ãŒã¿ç®¡ç ãŠã€ã«ã¹å¯Ÿçããªã·ãŒ:ã°ã«ãŒãã«é©çšãããŠã€ã«ã¹å¯Ÿçããªã·ãŒãéžæããŸããããªã·ãŒ ã¯ããã¢ã³ããŠã€ã«ã¹ > ããªã·ãŒãã¿ãã§å®çŸ©ããŸãããã¢ã³ããŠã€ã«ã¹ > é€å€ ãã¿ãã§ãã®ã㪠ã·ãŒããã®é€å€ãã°ã«ãŒãããšã«å®çŸ©ã§ããŸãã ããã€ã¹ããªã·ãŒ:ã°ã«ãŒãã«é©çšããããã€ã¹ããªã·ãŒãéžæããŸããããªã·ãŒã¯ãããã〠ã¹ã³ã³ãããŒã« > ããªã·ãŒãã¿ãã§å®çŸ©ããŸãããããã€ã¹ã³ã³ãããŒã« > é€å€ ãã¿ãã§ããªã·ãŒ ããã®é€å€ãã°ã«ãŒãããšã«å®çŸ©ã§ããŸãã ã¿ã³ããŒãããã¯ã·ã§ã³:æå¹åãããšãåãšã³ããã€ã³ãã®ä¿è·èšå®ãããŒã«ã«å€æŽããã«ã¯ ãã¹ã¯ãŒããå¿ èŠãšãªããŸãããã®ãã¹ã¯ãŒãã¯ãã詳现 ãã¿ãã§å®çŸ©ããŸããç¡å¹ã«ãããšã ãšã³ããã€ã³ããŠãŒã¶ã¯ãã¹ã¯ãŒãããªããŠããããã¯ã·ã§ã³èšå®ãå€æŽã§ããŸãããã³ã³ ãã¥ãŒã¿ç®¡ç ãã¿ãã§ã¯ãåã ã®ã³ã³ãã¥ãŒã¿ã«ç°ãªãèšå®ãé©çšã§ããŸãã Web ã³ã³ãããŒã«:æå¹åãããšããã®ã°ã«ãŒãã«å±ãããšã³ããã€ã³ãã Sophos UTM ããã ã¯ãŒã¯ã«æ¥ç¶ããŠããªãå Žåã§ããWeb ãã£ã«ã¿ãªã³ã°ããªã·ãŒãé©çšããŠãã¬ããŒããéä¿¡ ããããã«ã§ããŸãããšã³ããã€ã³ã Web ã³ã³ãããŒã«ãæå¹ã«ããã«ã¯ãããšã³ããã€ã³ããã ãã¯ã·ã§ã³ > Web ã³ã³ãããŒã« ãã¿ããåç §ããŠãã ããã AutoUpdate ã§ãããã·ã䜿çšãã:æå¹åãããšããã®ãªãã·ã§ã³ã®äžã«ãããã£ãŒã«ãã§æ å®ãããããã·ã®å±æ§ãããã®ã°ã«ãŒãã«å±ãããšã³ããã€ã³ãã«éä¿¡ãããŸãããšã³ãã〠ã³ãã¯ããã®ãããã·ããŒã¿ã䜿çšããŠã€ã³ã¿ãŒãããã«æ¥ç¶ããŸãã 泚 â ããŒã¿ã¯èª€ãã®ãªãããã«å ¥åããŠãã ããããšã³ããã€ã³ãã¯ã誀ã£ããããã·ããŒã¿ ãåä¿¡ãããšãã€ã³ã¿ãŒãããã UTM ã«æ¥ç¶ã§ããªããªããŸãããã®å Žåã圱é¿ãåããå ãšã³ããã€ã³ãã§ãèšå®ãæåå€æŽããå¿ èŠããããŸãã ã¢ãã¬ã¹:ãããã·ã® IP ã¢ãã¬ã¹ãå ¥åããŸãã ããŒã:ãããã·ã®ããŒãçªå·ãå ¥åããŸãã ãŠãŒã¶:å¿ èŠã«å¿ããŠããããã·ã®ãŠãŒã¶åãå ¥åããŸãã ãã¹ã¯ãŒã:å¿ èŠã«å¿ããŠããããã·ã®ãã¹ã¯ãŒããå ¥åããŸãã ã³ã³ãã¥ãŒã¿:ã°ã«ãŒãã«å«ããã³ã³ãã¥ãŒã¿ãè¿œå ããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã ã°ã«ãŒããäœæããããã°ã«ãŒãã®ç®¡ç ããªã¹ãã«è¡šç€ºãããŸããèšå®ã®å€æŽåŸã«ãã¹ãŠã® ã³ã³ãã¥ãŒã¿ãèšå®ããããŸã§ã15åã»ã©ãããå Žåãããããšã«æ³šæããŠãã ããã ã°ã«ãŒããç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã UTM 9 管çã¬ã€ã 353 11.2 ãŠã€ã«ã¹å¯Ÿç 11 ãšã³ããã€ã³ããããã¯ã·ã§ã³ 11.1.5 詳现 ããšã³ããã€ã³ããããã¯ã·ã§ã³ > ã³ã³ãã¥ãŒã¿ç®¡ç > 詳现 ãã¿ãã§ã¯ã次ã®ãªãã·ã§ã³ãèšå®ã§ããŸãã ã¿ã³ããŒãããã¯ã·ã§ã³:ã¿ã³ããŒãããã¯ã·ã§ã³ãæå¹åãããšããšã³ããã€ã³ãã®ä¿è·èšå®ãå€æŽã ãã«ã¯ããã®ãã¹ã¯ãŒããå¿ èŠã«ãªããŸãã ããã©ã«ãã³ã³ãã¥ãŒã¿ã°ã«ãŒã:ãšã³ããã€ã³ããããã¯ã·ã§ã³ã®ã€ã³ã¹ããŒã«åŸéããªããã³ã³ãã¥ãŒ ã¿ãèªåçã«å²ãåœãŠãã³ã³ãã¥ãŒã¿ã°ã«ãŒããéžæããŸãã Sophos LiveConnect â ç»é²:ãã®ã»ã¯ã·ã§ã³ã«ã¯ããšã³ããã€ã³ããããã¯ã·ã§ã³ã®ç»é²æ å ±ã衚瀺ã ããŸãããã®ããŒã¿ã¯ãã€ã³ã¹ããŒã«ããã±ãŒãžãèå¥ããããã«äœ¿çšãããããã«ãµããŒãç®ç㧠ã䜿çšãããŸãã l ç»é²ããŒã¯ã³ã®ãªã»ãã:以åã«å°å ¥ãããã€ã³ã¹ããŒã«ããã±ãŒãžã䜿ã£ãŠã€ã³ã¹ããŒã«ãè¡ ãããããšãé²æ¢ããã«ã¯ããã®ãã¿ã³ãã¯ãªãã¯ããŸããããã¯ãéåžžãã€ã³ã¹ããŒã«ãå®äº ããéã«å®è¡ããŸããæ°ãããšã³ããã€ã³ãã«ã€ã³ã¹ããŒã«ããå Žåã¯ãããšãŒãžã§ã³ãã®å° å ¥ ãã¿ãã§ãæ°ããã€ã³ã¹ããŒã«ããã±ãŒãžãäœæããŠãã ããã 11.2 ãŠã€ã«ã¹å¯Ÿç ããšã³ããã€ã³ããããã¯ã·ã§ã³ > ãŠã€ã«ã¹å¯Ÿç ãããŒãžã§ã¯ããšã³ããã€ã³ããããã¯ã·ã§ã³æ©èœã®ãŠ ã€ã«ã¹å¯Ÿçèšå®ãå®çŸ©ã§ããŸãããŠã€ã«ã¹å¯Ÿçããªã·ãŒ (ã€ãŸããäžé£ã®ãŠã€ã«ã¹å¯Ÿçèšå®) ãäœ æããåŸã§ããããã³ã³ãã¥ãŒã¿ã°ã«ãŒãã«é©çšãããšã³ããã€ã³ããããã¯ã·ã§ã³ã§ã¢ãã¿ãªã³ã°ããã ãšãã§ããŸããããã«ãç¹å®ã®ã³ã³ãã¥ãŒã¿ã°ã«ãŒãã«é©çšãããŠã€ã«ã¹å¯Ÿçæ©èœã®äŸå€ãå®çŸ©ã ãããšãã§ããŸãã 11.2.1 ããªã·ãŒ ããšã³ããã€ã³ããããã¯ã·ã§ã³ > ã¢ã³ããŠã€ã«ã¹ > ããªã·ãŒãã¿ãã§ã¯ãäžé£ã®ã¢ã³ããŠã€ã«ã¹èšå®ã 管çã§ããŸãããã®åŸããªã·ãŒãã³ã³ãã¥ãŒã¿ã°ã«ãŒãã«é©çšããŠãšã³ããã€ã³ããããã¯ã·ã§ã³ã§ã¢ ãã¿ãªã³ã°ããããšãã§ããŸãã ããã©ã«ãã§ã¯ãåºæ¬ãããã¯ã·ã§ã³ã¢ã³ããŠã€ã«ã¹ããªã·ãŒã䜿çšã§ããŸããããã䜿çšãããšã è åšã«å¯Ÿããã³ã³ãã¥ãŒã¿ã®é²è·ãšå šè¬çãªã·ã¹ãã ããã©ãŒãã³ã¹ã®éã§æãè¯å¥œãªãã©ã³ã¹ ãåŸãããŸãããã®ããªã·ãŒã¯å€æŽã§ããŸããã ã¢ã³ããŠã€ã«ã¹ããªã·ãŒãè¿œå ããã«ã¯ã次ã®æé ã«åŸããŸãã 354 UTM 9 管çã¬ã€ã 11 ãšã³ããã€ã³ããããã¯ã·ã§ã³ 11.2 ãŠã€ã«ã¹å¯Ÿç 1. ãããªã·ãŒã®è¿œå ããã¿ã³ãã¯ãªãã¯ããŸãã ãããªã·ãŒã®è¿œå ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã®ããªã·ãŒã説æããååãå ¥åããŸãã ãªã³ã¢ã¯ã»ã¹ã¹ãã£ã³:ãããæå¹ã«ãããšããã¡ã€ã«ãã³ããŒãŸãã¯ç§»åããããéããã³ã«ã ãã¡ã€ã«ãã¹ãã£ã³ãããã³ã³ãã¥ãŒã¿ã«è åšãåãŒããªãå ŽåããŸãã¯äœ¿çšãèš±å¯ãã㊠ããå Žåã®ã¿ã«ã¢ã¯ã»ã¹ãèš±å¯ãããŸãã l PUA ãã¹ãã£ã³:ãããæå¹ã«ãããšããªã³ã¢ã¯ã»ã¹ã¹ãã£ã³ã®äžç°ã§ PUA (äžèŠãšæ ãããã¢ããªã±ãŒã·ã§ã³) ããªãããã§ãã¯ãããŸãã èªåã¯ãªãŒã³ã¢ãã:ãããæå¹ã«ãããšããŠã€ã«ã¹ãŸãã¯ã¹ãã€ãŠã§ã¢ãå«ãã¢ã€ãã ã¯ã¯ ãªãŒã³ã¢ããããããã«ãŠã§ã¢ãã®ãã®ã¯åé€ãããææããã¢ã€ãã ã¯é§é€ãããŸãããŠã€ ã«ã¹ã¹ãã£ãã¯ä»¥åã«å«ãŸããŠãããã¡ã€ã«ã®å 容ãç ŽæããŠãããã©ãããææ¡ã§ã㪠ãããããŠã€ã«ã¹é§é€ãè¡ã£ããããã®ãã¡ã€ã«ã¯ãæ°žä¹ çã«ç ŽæããŠãããã®ãšã¿ãªãå¿ èŠããããŸãã Sophos Live Protection:ãšã³ããã€ã³ãã³ã³ãã¥ãŒã¿ã®ãŠã€ã«ã¹å¯Ÿçã¹ãã£ã³ã§ãã¡ã€ã«ãçã ãããšå€æãããŠããã³ã³ãã¥ãŒã¿ã«ä¿åãããŠãã Sophos è åš ID (IDE) ãã¡ã€ã«ãåºã«ã ãŠããããã¯ãªãŒã³ãªãã¡ã€ã«ãæªæã®ãããã¡ã€ã«ããç¹å®ã§ããªãå Žåã詳现ãªåæã è¡ãããã«ãç¹å®ã®ãã¡ã€ã«ããŒã¿ (ãã§ãã¯ãµã ããã®ä»ã®å±æ§ãªã©) ã Sophos ã«éä¿¡ã ããŸãã ã¯ã©ãŠãå ãã§ãã¯ã¯ãSophosLabs ããŒã¿ããŒã¹ã§çããããã¡ã€ã«ã®å³æã«ãã¯ã¢ãããå® æœããŸãããã¡ã€ã«ãã¯ãªãŒã³ãªãã¡ã€ã«ãŸãã¯æªæã®ãããã¡ã€ã«ãšç¹å®ããå Žåã¯ãã³ã³ ãã¥ãŒã¿ã«ãã®å€å®ãéãè¿ããããã¡ã€ã«ã®ã¹ããŒã¿ã¹ãèªåçã«æŽæ°ãããŸãã l ãµã³ãã«ãã¡ã€ã«ã®éä¿¡:ãã¡ã€ã«ãçããããšã¿ãªãããŠãããã¡ã€ã«ã®ããŒã¿ã ã ã§ã¯ã確信ãæã£ãŠæªæã®ãããã¡ã€ã«ãšç¹å®ã§ããªãå Žåããµã³ãã«ãã¡ã€ã«ã® ãªã¯ãšã¹ãã Sophos ã«èš±å¯ããããšãã§ããŸãããã®ãªãã·ã§ã³ãæå¹ã«ãããšãæ¢ã« ãã®ãã¡ã€ã«ã®ãµã³ãã«ã Sophos ã«ãªãå Žåããã¡ã€ã«ãèªåçã«éä¿¡ãããŸãã ãµã³ãã«ãã¡ã€ã«ãéä¿¡ããããšã§ãSophosã§ã¯èª€æ€åºãè¡ãããšãªãããã«ãŠã§ã¢æ€ åºãç¶ç¶çã«æ¹åããããšãã§ããŸãã çãããåäœæ€åº (HIPS):ãããæå¹ã«ãããšãã¬ãžã¹ããªãžã®çãããæžã蟌ã¿ããã¡ã€ã« ã®ã³ããŒã¢ã¯ã·ã§ã³ããããã¡ãªãŒããŒãããŒæè¡ãªã©ã®ã¢ã¯ãã£ããªãã«ãŠã§ã¢ã®å åã㪠ããããã¹ãŠã®ã·ã¹ãã ããã»ã¹ãã¢ãã¿ãªã³ã°ãããŸããçãããããã»ã¹ã¯ãããã¯ãã ãŸãã UTM 9 管çã¬ã€ã 355 11.2 ãŠã€ã«ã¹å¯Ÿç 11 ãšã³ããã€ã³ããããã¯ã·ã§ã³ Web ãããã¯ã·ã§ã³:ãããæå¹ã«ãããšãææ Web ãµã€ãã® Sophos ãªã³ã©ã€ã³ããŒã¿ããŒã¹ ã§ãå Web ãµã€ãã® URL ãåç §ãããŸãã l æªæã®ãããµã€ããããã¯:ãããæå¹ã«ãããšãæªæã®ããã³ã³ãã³ãã®ãµã€ãã¯ã ããã¯ãããŸãã l ããŠã³ããŒãã¹ãã£ã³:ãããæå¹ã«ãããšããŠã€ã«ã¹å¯Ÿçã¹ãã£ã³ã«ããããŠã³ããŒã äžã®ããŒã¿ãã¹ãã£ã³ãããæªæã®ããã³ã³ãã³ããå«ãŸããå Žåã¯ãããã¯ãã㟠ãã ã¹ã±ãžã¥ãŒã«ã¹ãã£ã³:ãããæå¹ã«ãããšãæå®ããæ¥æã«ã¹ãã£ã³ãå®è¡ãããŸãã l ã«ãŒããããã¹ãã£ã³:ãããæå¹ã«ãããšãã¹ã±ãžã¥ãŒã«ã¹ãã£ã³ãå®è¡ãããã³ã«ã ã³ã³ãã¥ãŒã¿ã®ã«ãŒããããæ€çŽ¢ãå®è¡ãããŸãã l äœãåªå 床ã§ã®æ€çŽ¢:ãããæå¹ã«ãããšããªã³ããã³ãæ€çŽ¢ã¯ãäœãåªå 床ã§å®è¡ ãããŸãããªãããã㯠Windows Vista SP 2 以éã®ã¿ã§æå®ã§ããŸãã l æé垯:ãšã³ããã€ã³ãã®ã¿ã€ã ãŸãŒã³ãèæ ®ããŠãã¹ãã£ã³ãå®æœããæé垯ãéžæ ããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããããªã·ãŒãã¢ã³ããŠã€ã«ã¹ããªã·ãŒãªã¹ãã«è¡šç€ºãããŸããèšå®ã®å€æŽåŸã«ãã¹ãŠã® ã³ã³ãã¥ãŒã¿ãèšå®ããããŸã§ã15åã»ã©ãããå Žåãããããšã«æ³šæããŠãã ããã ããªã·ãŒãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 11.2.2 é€å€ ããšã³ããã€ã³ããããã¯ã·ã§ã³ > ãŠã€ã«ã¹å¯Ÿç > é€å€ ãã¿ãã§ããšã³ããã€ã³ããããã¯ã·ã§ã³ã®ãŠã€ã« ã¹å¯Ÿçèšå®ããã®é€å€ãã³ã³ãã¥ãŒã¿ã°ã«ãŒãããšã«å®çŸ©ã§ããŸããé€å€ãèšå®ãããšãã¢ã³ã㊠ã€ã«ã¹ããªã·ãŒèšå®ã®ããã«è¡ãããã¹ãã£ã³ããã¢ã€ãã ãé€å€ãããŸãã é€å€ãè¿œå ããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãé€å€ ãã¿ãã§ããæ°èŠé€å€ãªã¹ãããã¯ãªãã¯ããŸãã ãé€å€ãªã¹ããäœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ã¿ã€ã:ãªã³ã¢ã¯ã»ã¹ã¹ãã£ã³ããã³ãªã³ããã³ãã¹ãã£ã³ããé€å€ããã¢ã€ãã ã®ã¿ã€ããéž æããŸãã 356 UTM 9 管çã¬ã€ã 11 ãšã³ããã€ã³ããããã¯ã·ã§ã³ 11.2 ãŠã€ã«ã¹å¯Ÿç l ã¢ããŠã§ã¢ãš PUA:ãããéžæãããšãã¹ãã£ã³ãšãããã¯ããç¹å®ã®ãœãããŠã§ã¢ãŸã 㯠PUA (äžèŠãšæãããã¢ããªã±ãŒã·ã§ã³) ãé€å€ã§ããŸããã¢ããŠã§ã¢ã¯ããŠãŒã¶ã® çç£æ§ãã·ã¹ãã å¹çã«åœ±é¿ãäžããå¯èœæ§ã®ããåºå (ãããã¢ããã¡ãã»ãŒãžãª ã©) ã衚瀺ããŸããPUA ã¯æªæãããœãããŠã§ã¢ã§ã¯ãªããã®ã®ãäžè¬çã«ããžãã¹ ãããã¯ãŒã¯ã«äžé©åãšã¿ãªãããŠããŸããããã¡ã€ã«å ããã£ãŒã«ã ã«ãexample.stuffãªã©ãã¢ããŠã§ã¢ã PUA ã®ååãè¿œå ããŸãã l ã¹ãã£ã³é€å€:ãããéžæãããšããã¡ã€ã«ããã©ã«ãããŸãã¯ãããã¯ãŒã¯ãã©ã€ãã㊠ã€ã«ã¹å¯Ÿçã¹ãã£ã³ããé€å€ã§ããŸããããã¡ã€ã«/ãã¹ ããã£ãŒã«ã ã«ãC:\Documents\ ã \\Server\Users\Documents\CV.doc ãªã©ããã¡ã€ã«ã ãã©ã«ãããŸãã¯ãããã¯ãŒã¯ãã©ã€ããå ¥åããŸãã l ã¹ãã£ã³å¯Ÿè±¡æ¡åŒµå:ãããéžæãããšããŠã€ã«ã¹å¯Ÿçã¹ãã£ã³ããç¹å®ã®æ¡åŒµåã® ãã¡ã€ã«ãé€å€ã§ããŸãããæ¡åŒµå ããã£ãŒã«ãã«ãhtmlãªã©ãæ¡åŒµåãå ¥åããŸãã l ãããã¡ãªãŒããŒãããŒ:ãããéžæãããšããããã¡ãªãŒããŒãããŒæè¡ã䜿çšãã㢠ããªã±ãŒã·ã§ã³ãåäœã¢ãã¿ãªã³ã°ã§ãããã¯ãããã®ãé²æ¢ããããšãã§ããŸããå¿ èŠã«å¿ããŠãããã¡ã€ã«å ããã£ãŒã«ãã«ã¢ããªã±ãŒã·ã§ã³ãã¡ã€ã«åãå ¥åãããã¢ãã ããŒã ããã£ãŒã«ãã§ãã®ãã¡ã€ã«ãã¢ããããŒãããŠãã ããã l çããããã¡ã€ã«:ãããéžæãããšãçããããã¡ã€ã«ããŠã€ã«ã¹å¯Ÿçã¹ãã£ã³ã§ã ããã¯ãããã®ãé²æ¢ããããšãã§ããŸãããã¢ããããŒã ããã£ãŒã«ãã§ãã¡ã€ã«ãã¢ã ãããŒãããŸããUTMã¯ããã¡ã€ã«ã® MD5 ãã§ãã¯ãµã ãçæããŸããã¢ããããŒããã ãã¡ã€ã«ã®ååã¯ãèªåçã«ããã¡ã€ã«å ããã£ãŒã«ãã§äœ¿çšãããŸãããã®ãã¡ã€ã« åã¯å€æŽããããšãã§ããŸããããã§æå®ãããã¡ã€ã«åãšä¿åããã MD5 ãã§ãã¯ãµ ã ã®ãããã¡ã€ã«ãã¯ã©ã€ã¢ã³ãã§æ€åºãããå Žåãããã¯ãŠã€ã«ã¹å¯Ÿçã¹ãã£ã³ã« ãã£ãŠãããã¯ãããŸããã l çãããåäœ:ãããéžæãããšããã¡ã€ã«ãçãããåäœæ€ç¥ã§ãããã¯ãããã®ã é²ãããšãã§ããŸããå¿ èŠã«å¿ããŠãããã¡ã€ã«å ããã£ãŒã«ãã«ãã¡ã€ã«åãå ¥åãã ãã¢ããããŒã ããã£ãŒã«ãã§ãã®ãã¡ã€ã«ãã¢ããããŒãããŠãã ããã l Web ãµã€ã:ãããéžæãããšã[ Web ãã©ãŒãããããã£ãŒã«ãã§æå®ããããããã£ã® Web ãµã€ãã¯ããŠã€ã«ã¹å¯Ÿçã¹ãã£ã³ãããŸããã Web ãã©ãŒããã:é²èŠ§ãèš±å¯ãã Web ãµã€ãã®ãµãŒããæå®ããŸãã l ãã¡ã€ã³å:èš±å¯ãããã¡ã€ã³ã®ååããWeb ãµã€ãããã£ãŒã«ãã«å ¥åããŸãã l IP ã¢ãã¬ã¹ãšãµãããããã¹ã¯:èš±å¯ããã³ã³ãã¥ãŒã¿ã® IPv4 ã¢ãã¬ã¹ãšãããã ã¹ã¯ãå ¥åããŸãã l IP ã¢ãã¬ã¹:èš±å¯ããã³ã³ãã¥ãŒã¿ã® IPv4 ã¢ãã¬ã¹ãå ¥åããŸãã UTM 9 管çã¬ã€ã 357 11.3 ããã€ã¹ã³ã³ãããŒã« 11 ãšã³ããã€ã³ããããã¯ã·ã§ã³ ã¢ããããŒã (ãããã¡ãªãŒããŒãããŒãçããããã¡ã€ã«ãããã³çãããåäœ ã¿ã€ãã®ã¿): ãŠã€ã«ã¹å¯Ÿçã¹ãã£ã³ããé€å€ãããã¡ã€ã«ãã¢ããããŒãããŸãã ã³ã³ãã¥ãŒã¿ã°ã«ãŒã:é€å€å¯Ÿè±¡ã®ã³ã³ãã¥ãŒã¿ã°ã«ãŒããè¿œå ãŸãã¯éžæããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããé€å€ããé€å€ ããªã¹ãã«è¡šç€ºãããŸãã é€å€ã«ãŒã«ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 11.3 ããã€ã¹ã³ã³ãããŒã« ããšã³ããã€ã³ããããã¯ã·ã§ã³ > ããã€ã¹ã³ã³ãããŒã« ãããŒãžã§ã¯ããšã³ããã€ã³ããããã¯ã·ã§ã³ã 䜿ã£ãŠã¢ãã¿ãªã³ã°ããŠããã³ã³ãã¥ãŒã¿ã«æ¥ç¶ãããããã€ã¹ã管çã§ããŸããããã€ã¹ããªã·ãŒ ã§ãããªã·ãŒãé©çšãããã³ã³ãã¥ãŒã¿ã°ã«ãŒãã«å¯ŸããŠãèš±å¯ãŸãã¯ãããã¯ããããã€ã¹ã®ã¿ã€ ããå®çŸ©ããŸããããã€ã¹ãæ€åºãããšããšã³ããã€ã³ããããã¯ã·ã§ã³ã¯åã³ã³ãã¥ãŒã¿ã®ã³ã³ãã¥ãŒ ã¿ã°ã«ãŒãã«é©çšãããŠããããã€ã¹ããªã·ãŒã«åŸã£ãŠãããã€ã¹ãèš±å¯ãããŠãããã©ããã ãã§ãã¯ããŸããããã€ã¹ããªã·ãŒã§ãããã¯ãŸãã¯å¶éãæå®ãããŠããå Žåã¯ãããã€ã¹ããé€ å€ ãã¿ãã«è¡šç€ºãããããã§ããã€ã¹ã®é€å€ãè¿œå ããããšãã§ããŸãã 11.3.1 ããªã·ãŒ ããšã³ããã€ã³ããããã¯ã·ã§ã³ > ããã€ã¹ã³ã³ãããŒã« > ããªã·ãŒãã¿ãã§ã¯ãäžé£ã®ããã€ã¹ã³ã³ã ããŒã«èšå®ã管çã§ããŸãããã®åŸãããã³ã³ãã¥ãŒã¿ã°ã«ãŒãã«é©çšããŠãšã³ããã€ã³ãããã㯠ã·ã§ã³ã§ã¢ãã¿ãªã³ã°ããããšãã§ããŸãããããã®èšå®ã¯ãããã€ã¹ããªã·ãŒãšåŒã°ããŠããŸãã ããã©ã«ãã§ã2çš®é¡ã®ããã€ã¹ããªã·ãŒããããŸãããBlocked Allã(ãã¹ãŠããããã¯) ã¯ããããã¿ ã€ãã®ããã€ã¹ã®äœ¿çšãçŠæ¢ãããFull Accessã(ãã«ã¢ã¯ã»ã¹) ã¯ããã¹ãŠã®ããã€ã¹ã«å¯ŸããŠãã¹ ãŠã®æš©éãèš±å¯ããŸãããããã®ããªã·ãŒã¯å€æŽã§ããŸããã æ°ããããªã·ãŒãè¿œå ããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ãããªã·ãŒã®è¿œå ããã¿ã³ãã¯ãªãã¯ããŸãã ãããªã·ãŒã®è¿œå ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã®ããªã·ãŒã説æããååãå ¥åããŸãã 358 UTM 9 管çã¬ã€ã 11 ãšã³ããã€ã³ããããã¯ã·ã§ã³ 11.3 ããã€ã¹ã³ã³ãããŒã« ã¹ãã¬ãŒãžæ©åš:åçš®ã¹ãã¬ãŒãžããã€ã¹ã«å¯ŸããŠããèš±å¯ ããŸãã¯ãããã㯠ããæå®ã§ã㟠ãã該åœããå Žåã¯ããèªåå°çš ããšã³ããªãéžæã§ããŸãã ãããã¯ãŒã¯æ©åš:ã¢ãã ããã³ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã«å¯ŸããŠã¯ããèš±å¯ ãããããªããžãã ãã㯠ãããããã㯠ãã®ãããããæå®ã§ããŸãã è¿è·é¢éä¿¡æ©åš:Bluetooth ãèµ€å€ç·ããã€ã¹ã«å¯ŸããŠã¯ããèš±å¯ ããŸãã¯ãããã㯠ããæå® ã§ããŸãã 3. ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 4. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããããªã·ãŒãããã€ã¹ã³ã³ãããŒã«ãªã¹ãã«è¡šç€ºãããŸãããããã³ã³ãã¥ãŒã¿ã°ã«ãŒãã« é©çšããããšãã§ããŸããèšå®ã®å€æŽåŸã«ãã¹ãŠã®ã³ã³ãã¥ãŒã¿ãèšå®ããããŸã§ã15åã» ã©ãããå Žåãããããšã«æ³šæããŠãã ããã ããªã·ãŒãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 11.3.2 é€å€ ããšã³ããã€ã³ããããã¯ã·ã§ã³ > ããã€ã¹ã³ã³ãããŒã« > é€å€ ãã¿ãã§ã¯ãããã€ã¹ã«å¯Ÿããä¿è·ã®äŸ å€ãæå®ã§ããŸããæ©åšãæå®ããããšã§ãã³ã³ãã¥ãŒã¿ã°ã«ãŒãã«é©çšãããããã€ã¹ããªã·ãŒã§ çŠæ¢ãããŠããèšå®ãèš±å¯ãããŸããäŸå€ã¯ã³ã³ãã¥ãŒã¿ã°ã«ãŒãã«å¯ŸããŠæå®ããããããéžæ ããã°ã«ãŒãå ã®ã³ã³ãã¥ãŒã¿ãã¹ãŠã«é©çšãããŸãã ãæ©åš ããªã¹ãã«ã¯ãããã€ã¹ã³ã³ãããŒã« ããªã·ãŒã«ãããããã¯ãŸãã¯ã¢ã¯ã»ã¹å¶éãè¡ãããŠã ãããã€ã¹ãèªåçã«è¡šç€ºãããŸããè€æ°ã®ãããããŒãã©ã€ããæ¥ç¶ããŠããå Žåãåãã©ã€ãã åºå¥ã§ããªããã 1ã€ã®ã¿ã衚瀺ãããããããã¹ãŠã®ãããããŒãã©ã€ãã®ãã¬ãŒã¹ãã«ããšã㊠æ©èœããŸãã ããã€ã¹ã«å¯Ÿããæ©åšãè¿œå ããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ããã€ã¹ã®ãç·šé ããã¿ã³ãã¯ãªãã¯ããŸãã ãããã€ã¹ã®ç·šé ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã èš±å¯:ãã®ããã€ã¹ãèš±å¯ããã³ã³ãã¥ãŒã¿ã°ã«ãŒããè¿œå ããŸãã èªèŸŒå°çš/ããªããž:èªã¿åãå°çšã¢ãŒã (ã¹ãã¬ãŒãžããã€ã¹ã«é©çš) ãŸãã¯ããªããžã¢ãŒã (ãããã¯ãŒã¯ããã€ã¹ã«é©çš) ã§ãã®ããã€ã¹ãèš±å¯ããã³ã³ãã¥ãŒã¿ã°ã«ãŒããè¿œå ã㟠ãã UTM 9 管çã¬ã€ã 359 11.3 ããã€ã¹ã³ã³ãããŒã« 11 ãšã³ããã€ã³ããããã¯ã·ã§ã³ ãã¹ãŠã«é©çš:ãããéžæãããšãããã€ã¹ ID ãåãããã€ã¹ãã¹ãŠã«çŸåšã®èšå®ãé©çš ãããŸããããã¯ãåãã¿ã€ãã®è€æ°ã® USB ã¡ã¢ãªã«ãäžè¬çãªäŸå€ãé©çšããå Žåãªã©ã« 䟿å©ã§ãã ã¢ãŒã:ãã®ãªãã·ã§ã³ã¯ãããã¹ãŠã«é©çš ããã§ãã¯ããã¯ã¹ãéžæããå€ããå Žåã®ã¿ã«äœ¿ çšã§ããŸãããã®å Žåãäžè¬çãªæ©åšãæå®ãããŠããä»ã®ããã€ã¹ã«å¯ŸããåŠçãæå® ããå¿ èŠããããŸãã該åœããããã€ã¹ã§ãäžè¬çãªäŸå€ãåŒãç¶ãæå®ããã«ã¯ããä»ã® ããã€ã¹ã§ã¯ä¿æ ããéžæããŸããäžè¬çãªäŸå€ãåé€ããã«ã¯ããä»ã®ããã€ã¹ã§ã¯å é€ ããã¯ãªãã¯ããŸãã ãã³ã â äžè¬çãªæ©åšã«é¢ãã詳现ããã³äŸã¯ã以äžã®ãããã€ã¹ã®äžè¬çãªæ©åšã«ã€ ããŠããåç §ããŠãã ããã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã ç·šéããããã€ã¹ã«å¯ŸããŠãã³ã³ãã¥ãŒã¿ã°ã«ãŒãããã³æå®ãããŠããäŸå€ã衚瀺ãã㟠ãã ãã³ã â ãæ©åš ããªã¹ãã«è¡šç€ºãããããã€ã¹ã¯ããåé€ ããã¿ã³ã䜿çšããŠåé€ããªãéãã衚瀺ã ãããŸãŸã«ãªããŸããéåžžã察å¿ããããŒããŠã§ã¢ããã€ã¹ãåé€ããã (äŸ: å åŠããã€ã¹ãå åšããªããªã£ã)ããŸãã¯ããã€ã¹ããªã·ãŒãå€æŽãã (äŸ: ã¯ã€ã€ã¬ã¹ ãããã¯ãŒã¯ ã¢ããã¿ãäžè¬ ã«èš±å¯ãããããã«ãªã£ã) å Žåãªã©ã«ãããã€ã¹ã®ãšã³ããªãåé€ããŸãã䜿çšäžã®ããã€ã¹ã® ãšã³ããªãåé€ãããšã確èªã¡ãã»ãŒãžã衚瀺ãããã®ã§ããOKããã¯ãªãã¯ããŠãã ããããã®åŸã ããã€ã¹ã¯ããªã¹ãããåé€ãããŸãããã®ããã€ã¹ã«å¯ŸããŠæ©åšãæå®ãããŠããå ŽåãäŸå€ ã¯èªåçã«ç¡å¹ã«ãªããçŸåšã®ããã€ã¹ããªã·ãŒãããã€ã¹ã«é©çšãããããã«ãªããŸãã ããã€ã¹ã®äžè¬çãªæ©åšã«ã€ã㊠ããã€ã¹ã®äžè¬çãªæ©åšã¯ãããã€ã¹ ID ãåãããã€ã¹ãã¹ãŠã«èªåçã«é©çšãããäŸå€ã§ ãã äžè¬çãªæ©åšãäœæãã 1. äžè¬çãªæ©åšãæå®ãããŠããªã (ã€ãŸããããã¹ãŠã«é©çš ããã§ãã¯ããã¯ã¹ãéžæããå€ ãããŠãã) ããã€ã¹ã®ãç·šé ããã¿ã³ãã¯ãªãã¯ããŸãã 2. æ©åšãèšå®ããŠãããã¹ãŠã«é©çš ããã§ãã¯ããã¯ã¹ãéžæããŸãã 360 UTM 9 管çã¬ã€ã 11 ãšã³ããã€ã³ããããã¯ã·ã§ã³ 11.4 Webã³ã³ãããŒã« 3. æ©åšãä¿åããŸãã ãã®äŸå€ã¯ãããã€ã¹ ID ãåãããã€ã¹ãã¹ãŠã«é©çšãããŸãã äžè¬çãªæ©åšããããã€ã¹ãé€å€ãã 1. æ¢åã®äžè¬çãªäŸå€ããé€å€ããããã€ã¹ã®ãç·šé ããã¿ã³ãã¯ãªãã¯ããŸãã 2. åå¥ã®äŸå€ãèšå®ããŠãããã¹ãŠã«é©çš ããã§ãã¯ããã¯ã¹ãéžæããå€ããŸãã 3. ãã¢ãŒã ãããããããŠã³ãªã¹ãã§ããä»ã®ããã€ã¹ã§ã¯ä¿æ ããéžæããŸãã 4. äŸå€ãä¿åããŸãã ç·šéããããã€ã¹ã«ã¯åå¥ã®æ©åšãæå®ãããããã«ãªããŸããããä»ã®ããã€ã¹ã§ã¯äž è¬çãªæ©åšãä¿æãããŠããŸãã äžè¬çãªæ©åšã®ã ã ããã€ã¹ãã¹ãŠã®èšå®ãå€æŽãã 1. äžè¬çãªæ©åšãæå®ãããŠããããããã®ããã€ã¹ã®ãç·šé ããã¿ã³ãã¯ãªãã¯ããŸãã 2. æ©åšãèšå®ããããã¹ãŠã«é©çš ããã§ãã¯ããã¯ã¹ã¯éžæãããŸãŸã«ããŸãã 3. æ©åšãä¿åããŸãã ããã¹ãŠã«é©çš ããã§ãã¯ããã¯ã¹ãéžæãããŠããããã€ã¹ãã¹ãŠã«å¯Ÿããèšå®ãå€æŽã ããŸãã äžè¬çãªæ©åšãåé€ãã 1. äžè¬çãªäŸå€ãæå®ãããŠããããããã®ããã€ã¹ã®ãç·šé ããã¿ã³ãã¯ãªãã¯ããŸãã 2. ããã¹ãŠã«é©çš ããã§ãã¯ããã¯ã¹ãéžæããå€ããŸãã 3. ãã¢ãŒã ãããããããŠã³ãªã¹ãã§ããä»ã®ããã€ã¹ã§ã¯åé€ ããéžæããŸãã 4. æ©åšãä¿åããŸãã ããã¹ãŠã«é©çš ããã§ãã¯ããã¯ã¹ãéžæãããŠããããã€ã¹ãã¹ãŠã«å¯ŸããäŸå€ãåé€ã ããŸããæ©åš (åå¥ã®æ©åš) ãæå®ãããŠããã®ã¯ãç·šéããããã€ã¹ã®ã¿ã«ãªããŸããã 11.4 Webã³ã³ãããŒã« äŒæ¥ãããã¯ãŒã¯å ããã€ã³ã¿ãŒãããã«ã¢ã¯ã»ã¹ããå ŽåãSophos UTM ã«ãã£ãŠã·ã¹ãã ã®ã»ã㥠ãªãã£ãšçç£æ§ã®ä¿è·ãæäŸãããŸããããšã³ããã€ã³ã Web ã³ã³ãããŒã«æ©èœã¯ãããããŠãŒã¶ã® ãã·ã³ã«æ¡åŒµããŸããããã«ãã£ãŠãäŒæ¥ãããã¯ãŒã¯å€ã®ãšã³ããã€ã³ãã³ã³ãã¥ãŒã¿ãã移åå 㧠䜿çšããã¢ãã€ã« PC ã«ãä¿è·ã»ã³ã³ãããŒã«ã»ã¬ããŒãæ©èœãæäŸããããšãã§ããŸããæå¹åãã ããšããWebãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã°ãããã³ãWebãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã°ãã ãã¡ã€ã« > ãããã·ãããã¡ã€ã« ãã§å®çŸ©ããããªã·ãŒã¯ãã³ã³ãã¥ãŒã¿ã UTM ãããã¯ãŒã¯äžã«ãªã UTM 9 管çã¬ã€ã 361 11.4 Webã³ã³ãããŒã« 11 ãšã³ããã€ã³ããããã¯ã·ã§ã³ å Žåã§ãããšã³ããã€ã³ã Web ã³ã³ãããŒã«æ©èœã«ãã£ãŠæœè¡ãããŸããSophos UTMããã³ Sophos ãšã³ããã€ã³ãã¯ãLiveConnect ãéãã§éä¿¡ããSophos UTM ãšç§»åå ã® Sophos ãšã³ããã€ã³ãã㯠ã©ãŠãçµç±ã§ã·ãŒã ã¬ã¹ã«æ¥ç¶ããããšã§ãããªã·ãŒãã¬ããŒãã®æŽæ°ããªã¢ã«ã¿ã€ã ã§å®çŸã㟠ããããšãã°ãèªå® ããããã«ãã§ã§äœ¿çšããã¢ãã€ã« PC ã«ã Web ã³ã³ãããŒã« ããªã·ãŒãæœè¡ã ãããšãå¯èœã§ãSophos UTM ã¯ã移åå ã®ã¢ãã€ã« PC ãããã°æ å ±ãåä¿¡ããŸãã 11.4.1 ã°ããŒãã« ããšã³ããã€ã³ããããã¯ã·ã§ã³ > Web ã³ã³ãããŒã« > ã°ããŒãã« ãã¿ãã§ããšã³ããã€ã³ã Web ã³ã³ãã㌠ã«ãæå¹ãŸãã¯ç¡å¹ã«ã§ããŸãããšã³ããã€ã³ã Web ã³ã³ãããŒã«ã®ãã£ã«ã¿ãªã³ã°ããªã·ãŒãèšå® ããã«ã¯ã該åœããã°ã«ãŒãã® Web ã³ã³ãããŒã«ããããšã³ããã€ã³ããããã¯ã·ã§ã³ > ã³ã³ãã¥ãŒã¿ç®¡ ç ãããŒãžã§æå¹åãããWebãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã° > ãããã·ãããã¡ã€ã« ãã¿ãã®ãã ãã·ãããã¡ã€ã«ã§ããã®ã°ã«ãŒããåç §ããå¿ èŠããããŸãã 11.4.2 詳现 ããšã³ããã€ã³ããããã¯ã·ã§ã³ > Web ã³ã³ãããŒã« > 詳现 ãã¿ãã§ããã²ãŒããŠã§ã€ãšãšã³ããã€ã³ãã®äž¡ æ¹ã§ãã©ãã£ãã¯ãã¹ãã£ã³ããããéžæã§ããŸããããã©ã«ã㧠Sophos UTM ã¯ãWeb ã³ã³ãããŒã«ã æå¹åãããŠãããšã³ããã€ã³ãã® Web ãã©ãã£ãã¯ãã¹ãã£ã³ããŸããããã®ãªãã·ã§ã³ãæå¹åã ããšããšã³ããã€ã³ããš Sophos UTM ã®äž¡æ¹ã«ãã£ãŠ Web ãã©ãã£ãã¯ããã£ã«ã¿ãªã³ã°ãããŸããæ°ã ãªã¬ã€ã€ãŒã®ã»ãã¥ãªãã£ãæäŸããããã«ã¯ããWebãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã° > ãŠã€ã«ã¹ 察ç/ãã«ãŠã§ã¢å¯Ÿç ãã§ããã¥ã¢ã«ã¹ãã£ã³ (ã»ãã¥ãªãã£æé©å)ããæå®ããŠãã ããããŸãã¯ã ã管ç > ã·ã¹ãã èšå® > ã¹ãã£ã³èšå® ãã¿ãã§ãå¥ã®æ€çŽ¢ãšã³ãžã³ãéžæããŠãã ããããããã®å Ž åã§ãããšã³ããã€ã³ãã§äœ¿çšããŠããæ€çŽ¢ãšã³ãžã³ãšã¯å¥ã®æ€çŽ¢ãšã³ãžã³ã Sophos UTM ã§äœ¿çšã ããã®ã§ãã»ãã¥ãªãã£ãåäžããŸãã 11.4.3 察å¿ããŠããªãæ©èœ Web ã³ã³ãããŒã«æ©èœããšã³ããã€ã³ãã«æ¡åŒµããã¡ãªããã¯å€æ°ãããŸãããSophos UTM ããã ã¯ãŒã¯ã®ã¿ã§äœ¿çšã§ããæ©èœããããŸããSophos UTM ã§ã¯å¯Ÿå¿ããŠãããããšã³ããã€ã³ã Web ã³ ã³ãããŒã«ã§ã¯å¯Ÿå¿ããŠããªãæ©èœã¯æ¬¡ã®ãšããã§ãã l 362 HTTPS (SSL)ãã©ãã£ãã¯ãã¹ãã£ã³:HTTPS ãã©ãã£ãã¯ããšã³ããã€ã³ãã§ã¹ãã£ã³ããããšã¯ ã§ããŸããããšã³ããã€ã³ãããããã·çµç±ã§ UTM ã䜿çšããŠããå Žåããã®æ©èœãæå¹å ãããŠãããšããã©ãã£ãã¯ã¯ UTM ã«ãã£ãŠã¹ãã£ã³ãããŸãã UTM 9 管çã¬ã€ã 11 ãšã³ããã€ã³ããããã¯ã·ã§ã³ 11.4 Webã³ã³ãããŒã« l èªèšŒã¢ãŒã:ãšã³ããã€ã³ãã¯ãçŸåšãã°ã€ã³ããŠãããŠãŒã¶ (SSO) ãåžžã«äœ¿çšããŸãããšã³ã ãã€ã³ãã¯èªèšŒãå®è¡ã§ããŸããããšã³ããã€ã³ãã移åå ã§äœ¿çšããŠããå ŽåãUTM ã«æ¥ ç¶ããŠèªèšŒããããšã¯ã§ããŸããã l ãŠã€ã«ã¹å¯Ÿç/ãã«ãŠã§ã¢å¯Ÿç:Sophosãšã³ããã€ã³ãã®ãŠã€ã«ã¹å¯Ÿçã¯ãããšã³ããã€ã³ãã ããã¯ã·ã§ã³ > ãŠã€ã«ã¹å¯Ÿç ãããŒãžã§èšå®ããŸããWeb Protection (ããŠã³ããŒãã¹ãã£ã³) ã æå¹ã«ããŠããå Žåããã¹ãŠã® Web ã³ã³ãã³ãã«å¯ŸããŠãåžžã«ãŠã€ã«ã¹ã®ã·ã³ã°ã¹ãã£ã³ã å®è¡ããŸãããã¥ã¢ã«ã¹ãã£ã³ããã³æ倧ã¹ãã£ã³ãµã€ãºã«ã¯å¯Ÿå¿ããŠããŸããã l ã¢ã¯ãã£ãã³ã³ãã³ãé€å» l YouTube for Schools l ã¹ããªãŒãã³ã°èšå®:Sophos ãšã³ããã€ã³ãã¯ãã¹ããªãŒãã³ã°ã³ã³ãã³ãã«å¯ŸãããŠã€ã«ã¹æ€çŽ¢ ãåžžã«å®è¡ããŸãã l ã¹ãã£ã³ã§ããªããã¡ã€ã«ãæå·åããããã¡ã€ã«ã®ããã㯠l ããŠã³ããŒããµã€ãºã§ããã㯠l èš±å¯ããã¿ãŒã²ãããµãŒãã¹:ãã®æ©èœã¯ãSophos UTM ã®ã¿ã§äœ¿çšã§ããŸãã l Web ãã£ãã·ã³ã°:ãã®æ©èœã¯ãSophos UTM ã®ã¿ã§äœ¿çšã§ããŸãã UTM 9 管çã¬ã€ã 363 12 ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ ãã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ãã¡ãã¥ãŒã䜿çšããŠãSophos UTMã®ã¯ã€ã€ã¬ã¹ã¢ã¯ã»ã¹ãã€ã³ããå¯Ÿå¿ ããã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ãã¯ã€ã€ã¬ã¹ã¢ã¯ã»ã¹ãå©çšããã¯ã©ã€ã¢ã³ããèšå®ããã³ç®¡çããããš ãã§ããŸããã¢ã¯ã»ã¹ãã€ã³ãã¯UTMäžã§èªåçã«èšå®ããããããåå¥ã«èšå®ããå¿ èŠã¯ãã㟠ãããã¢ã¯ã»ã¹ãã€ã³ãã®èšå®ããã³ã¹ããŒã¿ã¹æ å ±ã亀æããããã«äœ¿çšããããUTMãšã¢ã¯ã»ã¹ ãã€ã³ãã®éã®éä¿¡ã¯ãAES ã䜿çšããŠæå·åãããŸãã éèŠ â ã¢ã¯ã»ã¹ãã€ã³ããæ¿ããç¹æ» ããŠããå Žåã¯ãé»æºãåæããªãã§ãã ãããæ¿ããç¹æ» ã¯ããã¡ãŒã ãŠã§ã¢ãã©ãã·ã¥ãçŸåšè¡ãããŠããããšãæå³ããŸãããã¡ãŒã ãŠã§ã¢ãã©ãã·ã¥ ã¯ãã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³æŽæ°ã«äŒŽãUTMã·ã¹ãã æŽæ°ã®åŸãªã©ã«å®è¡ãããŸãã ãã®ç« ã§ã¯ã次ã®ãããã¯ã«ã€ããŠèª¬æããŸãã l ã°ããŒãã«èšå® l ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ l ã¡ãã·ã¥ãããã¯ãŒã¯ l ã¢ã¯ã»ã¹ãã€ã³ã l ã¯ã€ã€ã¬ã¹ã¯ã©ã€ã¢ã³ã l ãããã¹ããã ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ã®æŠèŠããŒãžã¯ãæ¥ç¶ãããã¢ã¯ã»ã¹ãã€ã³ãããã®ã¹ããŒã¿ã¹ãæ¥ç¶ã ããã¯ã©ã€ã¢ã³ããã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ãã¡ãã·ã¥ãããã¯ãŒã¯ãããã³ã¡ãã·ã¥ã®ãã¢ãªã³ã¯ã«é¢ã ãåºæ¬æ å ±ã瀺ããŸãã ãæ¥ç¶äž ãã»ã¯ã·ã§ã³ã§ã¯ããšã³ããªã SSID ãŸãã¯ã¢ã¯ã»ã¹ãã€ã³ãå¥ã«äžŠã¹æ¿ããããšãã§ããŸãã åãšã³ããªã¯ãå·Šã«ããã¢ã€ã³ã³ãã¯ãªãã¯ããŠå±éãããæãããã¿è¡šç€ºã«ãããã§ããŸãã ã©ã€ãã ã° ãã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ã©ã€ããã°ãéãããã¿ã³ãã¯ãªãã¯ãããšãã¢ã¯ã»ã¹ãã€ã³ãããã³æ¥ç¶ã è©Šè¡ããã¯ã©ã€ã¢ã³ãã«é¢ãã詳现ãªæ¥ç¶ããã³ãããã°æ å ±ã衚瀺ãããŸãã 12.1 ã°ããŒãã«èšå® 12 ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ 12.1 ã°ããŒãã«èšå® ãã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ > ã°ããŒãã«èšå® ã ããŒãžã§ã¯ãã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ã®æå¹åã㯠ã€ã€ã¬ã¹ãããã¯ã·ã§ã³çšã®ãããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ã®èšå®ãããã³ WPA/WPA2 ãšã³ã¿ãŒãã©ã€ ãºèªèšŒã®èšå®ãå¯èœã§ãã 12.1.1 ã°ããŒãã«èšå® ãã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ > ã°ããŒãã«èšå® > ã°ããŒãã«èšå® ãã¿ãã§ãã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ã æå¹ãŸãã¯ç¡å¹ã«ã§ããŸãã ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ãæå¹ã«ããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãã°ããŒãã«èšå® ãã¿ãã§ãã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ãæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«ãªãããã¢ã¯ã»ã¹ã³ã³ãããŒã« ããšãªã¢ãç·šéå¯èœã«ãªããŸãã ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ãåããŠæå¹ã«ããéã¯ããåæã»ããã¢ãããã»ã¯ã·ã§ã³ã衚瀺ã ããŸããããã«ã¯äœæãããèšå®ã衚瀺ãããŸããWPA2 å人æå·åã DHCP çšã¯ã€ã€ã¬ ã¹ ã¯ã©ã€ã¢ã³ãã§äœ¿çšããåå¥ã®ã¯ã€ã€ã¬ã¹ãã²ã¹ãããããã¯ãŒã¯ããã®ã¯ã©ã€ã¢ã³ãã¯ãUTM ããã³ Web ãµãŒãã£ã³ãµãŒãã¹ã§ DNS ã䜿çšããããšãèš±å¯ãããŸããäºåå ±æéµã¯èªå çæããããã®ã»ã¯ã·ã§ã³ã®ã¿ã«è¡šç€ºãããŸããåæèšå®ã¯ãã³ãã¬ãŒããšããŠæ©èœããŸãã ãã€ã§ããã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ > ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ ãããŒãžã§èšå®ãç·šéããããš ãã§ããŸãã èªåèšå®ã®ã¹ããã:ãŸãããã®ãªãã·ã§ã³ãéžæããŠãåæã»ããã¢ãããã¹ãããããããšã ã§ããŸãããã®å Žåãã¯ã€ã€ã¬ã¹èšå®ãæåã§è¡ãå¿ èŠããããŸãã 2. ã¢ã¯ã»ã¹ãã€ã³ãçšã®ãããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ãéžæããŸãã ã¢ã¯ã»ã¹ãã€ã³ãããã©ã°ã€ã³ããèšå®æžã¿ã€ã³ã¿ãã§ãŒã¹ãéžæããã«ã¯ããèš±å¯ãããã€ã³ ã¿ãã§ãŒã¹ ãã»ã¯ã·ã§ã³ã®ãã©ã«ãã¢ã€ã³ã³ãã¯ãªãã¯ããŸããDHCP ãµãŒãããã®ã€ã³ã¿ãã§ãŒ ã¹ã«é¢é£ä»ããããŠããããšã確èªããŠãã ããã 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã ãã°ã«ã¹ã€ãããç·è²ã«ãªããã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ãæå¹ã«ãªã ãŸãã 366 UTM 9 管çã¬ã€ã 12 ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ 12.2 ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ èšå®ããããããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ã«ã¢ã¯ã»ã¹ãã€ã³ãããã©ã°ã€ã³ããŠãç¶è¡ããããšã ã§ããŸããèªåèšå®ã®ã¹ããããéžæããå Žåã¯ããã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ ãããŒãžã§èšå® ãç¶ããŸãã èšå®ããã£ã³ã»ã«ããã«ã¯ãã¢ã³ããŒè²ã®ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ã¢ã¯ã»ã¹ãã€ã³ãããã©ã°ã€ã³ãããšããã«ãã¢ã¯ã»ã¹ãã€ã³ãã¯ã·ã¹ãã ã«èªåçã«æ¥ç¶ããŸããæ° ãã«æ¥ç¶ãããæªèšå®ã®ã¢ã¯ã»ã¹ãã€ã³ãã¯ããã¢ã¯ã»ã¹ãã€ã³ã > æŠèŠ ãããŒãžã«ãä¿çäžã®ã¢ã¯ ã»ã¹ãã€ã³ãããšããŠãªã¹ããããŸãã 12.1.2 詳现 ãã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ > ã°ããŒãã«èšå® > 詳现 ãã¿ãã§ã¯ãWPA/WPA2 ãšã³ã¿ãŒãã©ã€ãºèªèšŒ ã䜿çšããããã«ã¢ã¯ã»ã¹ãã€ã³ããèšå®ããããšãã§ããŸãã ãšã³ã¿ãŒãã©ã€ãºèªèšŒã«ã¯ãRADIUS ãµãŒãã®ããã€ãã®æ å ±ãå ¥åããå¿ èŠããããŸããAP 㯠èªèšŒã®ããã« RADIUS ãµãŒããšéä¿¡ãããUTMãšã ãéä¿¡ããŸããUTM ãš AP ã®éã® RADIUS é ä¿¡ã«ã¯ããŒã 414 ã䜿çšãããŸãã WPA/WPA2 ãšã³ã¿ãŒãã©ã€ãºèªèšŒã䜿çšã«ããã«ã¯ã次ã®èšå®ãè¡ããŸãã RADIUS ãµãŒã:ã¯ã©ã€ã¢ã³ããèªå·±èªèšŒãè¡ããµãŒããéžæãŸãã¯äœæããŸã (Active Directory ãµãŒããªã©)ã RADIUS ããŒã (ãªãã·ã§ã³):ããã©ã«ãã§ã¯ãRADIUS ããŒã 1812 ãéžæãããŠããŸããå¿ èŠã§ãã ã°ã ããŒããå€æŽã§ããŸãã RADIUS ã·ãŒã¯ã¬ãã:ã¢ã¯ã»ã¹ãã€ã³ãã RADIUS ãµãŒããšéä¿¡ããããã«å¿ èŠãª RADIUS ãã¹ã ã¬ãŒãºãå ¥åããŸãã ã·ãŒã¯ã¬ããã®ç¢ºèª:ã»ãã¥ãªãã£äžã®çç±ã§ããã㧠RADIUS ãã¹ãã¬ãŒãºãããäžåºŠå ¥åããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã 12.2 ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ ãã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ > ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ ãããŒãžã§ã¯ãã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ãå®çŸ©ã§ ããŸã (SSID ã æå·åæ¹åŒãªã©)ãããã«ãã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã«åå¥ã® IP ã¢ãã¬ã¹ç¯å²ãå¿ èŠããã¢ã¯ã»ã¹ãã€ã³ãã® LAN ã«å¯Ÿããããªããžã³ã°ãå¿ èŠããå®çŸ©ããããšãã§ããŸãã æ°ããã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã UTM 9 管çã¬ã€ã 367 12.2 ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ 12 ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ 1. ãã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ ãããŒãžã§ãã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã®è¿œå ããã¯ãªãã¯ããŸãã ãã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã®è¿œå ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ãããã¯ãŒã¯å:ãããã¯ãŒã¯ã説æããååãå ¥åããŠãã ããã ãããã¯ãŒã¯ SSID:ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã®èå¥ã®ããã«ã¯ã©ã€ã¢ã³ãã«è¡šç€ºããããããã ã¯ãŒã¯ã®ãµãŒãã¹ã»ããèå¥å (SSID) ãå ¥åããŸããSSID ã¯ã1ïœ32 æåã® ASCII å°åå¯ èœæå (1) ã§æ§æããŸããã³ã³ãã¯äœ¿çšã§ãããå é ãŸãã¯æ«å°Ÿãã¹ããŒã¹ã«ããããšã¯ã§ ããŸããã æå·åã¢ãŒã:ããããããŠã³ãªã¹ãããæå·åã¢ãŒããéžæããŸããããã©ã«ã㯠WPA 2 ããŒãœãã« ã§ããã§ããéããWPA ããã WPA2 ã䜿çšããããšããå§ãããŸããã»ãã¥ãª ãã£äžã®çç±ãããã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã䜿çšããŠããã¯ã©ã€ã¢ã³ãã®äžã«ãWEP 以å€ã® æ¹æ³ããµããŒãããªãã¯ã©ã€ã¢ã³ããããªããã°ãWEP ã䜿çšããªãããšãæšå¥šããŸãããšã³ ã¿ãŒãã©ã€ãºèªèšŒæ¹åŒã䜿çšããå Žåããã°ããŒãã«èšå® > 詳现 ãã¿ã㧠RADIUS ãµãŒãã èšå®ããå¿ èŠããããŸããRADIUS ãµãŒã ã® NAS ID ãšããŠãã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯åãå ¥ åããŸãã ãã¹ãã¬ãŒãº/PSK:WPA/WPA2 ããŒãœãã« æå·åã¢ãŒãã®ã¿ã§äœ¿çšã§ããŸããèš±å¯ãã㪠ãã¢ã¯ã»ã¹ããã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ãä¿è·ãããã¹ãã¬ãŒãºãå ¥åãã次ã®ãã£ãŒã«ãã« åå ¥åããŠãã ããããã¹ãã¬ãŒãºã«ã¯ã8ïœ63æåã® ASCII å°åå¯èœæåã䜿çšããŸãã 128 ããã WEP ããŒ:WEP æå·åã¢ãŒãã®ã¿ã§äœ¿çšã§ããŸããããã§ã26æåã¡ããã©ã® 16é² æåããæã WEP ããŒãå ¥åããŸãã ã¯ã©ã€ã¢ã³ããã©ãã£ãã¯:ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ãããŒã«ã«ãããã¯ãŒã¯ã«çµ±åããæ¹æ³ãéž æããŸãã l å¥ãŸãŒã³ (ããã©ã«ã):ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã¯ãç¬èªã® IP ã¢ãã¬ã¹ç¯å²ãæã€ç¬ç« ãããããã¯ãŒã¯ãšããŠåŠçãããŸãããã®ãªãã·ã§ã³ã䜿çšããå Žåãã¯ã€ã€ã¬ã¹ãã ãã¯ãŒã¯ãè¿œå ããåŸã«ã次ã®ã»ã¯ã·ã§ã³ (åé¢ãŸãŒã³ãããã¯ãŒã¯ã®æ¬¡ã®ã¹ããã) ã® æé ã«åŸã£ãŠã»ããã¢ãããç¶ç¶ããå¿ èŠããããŸãã 泚 â æ¢åã® å¥ãŸãŒã³ãããã¯ãŒã¯ããAP LAN ãžã®ããªããž ããŸãã¯ãVLAN ãžã®ã ãªããž ãã«åãæ¿ãããšãUTMäžã®èšå®æžã¿ WLAN ã€ã³ã¿ãã§ãŒã¹ã¯ æªå²ãåœãŠ 1http://en.wikipedia.org/wiki/ASCII#ASCII_printable_characters 368 UTM 9 管çã¬ã€ã 12 ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ 12.2 ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ (unassigned) ã«ãªããŸãããã ããç·šéããŠåæå¹åããããšã«ãããæ°ããããŒã ãŠã§ã¢ã€ã³ã¿ãã§ãŒã¹ãã€ã³ã¿ãã§ãŒã¹ãªããžã§ã¯ãã«å²ãåœãŠãããšãã§ããŸãã l APã®LANã«ããªããž:ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ãã¢ã¯ã»ã¹ãã€ã³ãã®ãããã¯ãŒã¯ã«ããªã ãžã³ã°ããããšãã§ããŸããã€ãŸããã¯ã€ã€ã¬ã¹ã¯ã©ã€ã¢ã³ãã¯åã IP ã¢ãã¬ã¹ç¯å²ã å ±æããŸãã 泚 â VLAN ãæå¹ãªå Žåãã¯ã€ã€ã¬ã¹ã¯ã©ã€ã¢ã³ãã¯ã¢ã¯ã»ã¹ãã€ã³ãã® VLAN ãã ãã¯ãŒã¯ã«ããªããžã³ã°ãããŸãã l VLAN ã«ããªããž:ãã®ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã®ãã©ãã£ãã¯ãä»»æã® VLAN ã«ããªããž ã³ã°ãããããšãã§ããŸããããã¯ãã¯ã€ã€ã¬ã¹ã¯ã©ã€ã¢ã³ãããç¬ç«ããå ±éããã ã¯ãŒã¯å ã«ã¢ã¯ã»ã¹ãã€ã³ããå«ãããå Žåã«äŸ¿å©ã§ãã VLAN ID ã«ããªããž:ã¯ã€ã€ã¬ã¹ã¯ã©ã€ã¢ã³ããå«ãŸãããããã¯ãŒã¯ã® VLAN ID ãå ¥ åããŸãã ã¯ã©ã€ã¢ã³ã VLAN ID (ãšã³ã¿ãŒãã©ã€ãºæå·åã¢ãŒãã®ã¿ã§äœ¿çšå¯èœ):VLAN ID ãå® çŸ©ããæ¹æ³ãéžæããŸãã l ã¹ã¿ãã£ãã¯:ãVLAN ID ã«ããªããž ããã£ãŒã«ãã«å®çŸ©ããã VLAN ID ã䜿çšã㟠ãã l RADIUS ãšã¹ã¿ãã£ãã¯:RADIUS ãµãŒããæäŸãã VLAN ID ã䜿çšããŸãã ãŠãŒã¶ãããããã®ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã«æ¥ç¶ããRADIUS ãµãŒãã§èªèšŒ ãè¡ããšãRADIUS ãµãŒãã¯ãã®ãŠãŒã¶ã«å¯ŸããŠäœ¿çšãã¹ã VLAN ID ãã¢ã¯ã» ã¹ãã€ã³ãã«ç¥ãããŸãããããã£ãŠãè€æ°ã®ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã䜿çšã ãéã«ãã©ã®ãŠãŒã¶ãã©ã®å éšãããã¯ãŒã¯ã«ã¢ã¯ã»ã¹ã§ããã®ãããŠãŒã¶ã ãšã«å®çŸ©ããããšãã§ããŸãããŠãŒã¶ã« VLAN ID å±æ§ãå²ãåœãŠãããŠã㪠ãå ŽåããVLAN ID ãžã®ããªããž ããã£ãŒã«ãã§å®çŸ©ããã VLAN ID ã䜿çšãã ãŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. 次ã®è©³çŽ°èšå®ãä»»æã§è¡ããŸãã ã¢ã«ãŽãªãºã (WPA/WPA2 æå·åã¢ãŒãã§ã®ã¿äœ¿çšå¯èœ):æå·åã¢ã«ãŽãªãºã ã AES ãŸã 㯠TKIP & AES ããéžæããŸããã»ãã¥ãªãã£äžã®çç±ãããAES ã䜿çšããããšããå§ãã ãŸãã UTM 9 管çã¬ã€ã 369 12.2 ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ 12 ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ åšæ³¢æ°åž¯:ãã®ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã«å²ãåœãŠãããã¢ã¯ã»ã¹ãã€ã³ãã¯éžæããåšæ³¢æ° 垯ã§éä¿¡ãè¡ããŸãã5 GHz垯ã¯ãéåžžããã©ãŒãã³ã¹ãé«ãäžæ¹ã§ãã¬ã€ãã³ã·ãäœããäž è¬çã«å¹²æžãå°ãªããªã£ãŠããŸãããããã£ãŠãVoIP éä¿¡ãªã©ã«åªå 䜿çšããããã«ããŠã ã ãããAP 50 ã®ã¿ã§ 5 GHz垯ã§ã®éä¿¡ãå¯èœã§ãã ã¿ã€ã ããŒã¹ã¢ã¯ã»ã¹:ã¿ã€ã ã¹ã±ãžã¥ãŒã«ã«å¿ããŠã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ãèªåçã«æå¹/ ç¡å¹ã«ããã«ã¯ããã®ãªãã·ã§ã³ãéžæããŸãã æå¹ãªæé垯ã®éžæ:ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ãæå¹ã«ããæéãå®çŸ©ããæéåž¯å® çŸ©ãéžæããŸããã+ãã¢ã€ã³ã³ãã¯ãªãã¯ããŠæ°ããæé垯å®çŸ©ãè¿œå ã§ããŸãã ã¯ã©ã€ã¢ã³ãã¢ã€ãœã¬ãŒã·ã§ã³:ãããã¯ãŒã¯å ã®ã¯ã©ã€ã¢ã³ãã¯éåžžãäºãã«éä¿¡ã§ããŸããã² ã¹ããããã¯ãŒã¯å ãªã©ã§ãããçŠæ¢ãããå ŽåãããããããŠã³ãªã¹ãã§ãæå¹ ããéžæã㟠ãã SSID é衚瀺:SSID ãé衚瀺ã«ããå Žåã«éžæããŸãããã®å ŽåãããããããŠã³ãªã¹ããã ãã¯ãããéžæããŸããããã¯ã»ãã¥ãªãã£æ©èœã§ã¯ãããŸããã MAC ãã£ã«ã¿ãªã³ã°ã¿ã€ã:ãã®ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ãžã®æ¥ç¶ãèš±å¯ããã MAC ã¢ãã¬ã¹ ãå¶éããã«ã¯ãããã©ãã¯ãªã¹ãããŸãã¯ããã¯ã€ããªã¹ãããéžæããŸãã ãã©ãã¯ãªã¹ãã䜿 çšããå Žåã以äžã® MAC ã¢ãã¬ã¹ãªã¹ãã§æå®ãããã®ãé€ãããã¹ãŠã® MAC ã¢ãã¬ã¹ã èš±å¯ãããŸãããã¯ã€ããªã¹ãã䜿çšããå Žåã以äžã® MAC ã¢ãã¬ã¹ãªã¹ãã§æå®ãããã®ã é€ãããã¹ãŠã® MAC ã¢ãã¬ã¹ããããã¯ãããŸãã MAC ã¢ãã¬ã¹:ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ãžã®ã¢ã¯ã»ã¹ãå¶éããããã«äœ¿çšãã MAC ã¢ãã¬ã¹ã®ãªã¹ããMAC ã¢ãã¬ã¹ã®ãªã¹ãã¯ããå®çŸ©ãšãŠãŒã¶ > ãããã¯ãŒã¯å®çŸ© > MAC ã¢ãã¬ã¹å®çŸ© ãã¿ãã§äœæã§ããŸãã 4. ãä¿å ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ããã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ ããªã¹ãã«è¡šç€ºãã ãŸãã å¥ãŸãŒã³ãããã¯ãŒã¯ã®æ¬¡ã®ã¹ããã ãå¥ãŸãŒã³ããªãã·ã§ã³ãæå®ããŠã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ãäœæããå Žåãwlan0 ã®ããã«ã察å¿ãã æ°ããä»®æ³ããŒããŠã§ã¢ã€ã³ã¿ãã§ãŒã¹ãèªåçã«äœæãããŸãããã®ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã䜿 çšããããã«ã¯ãæŽãªãæåèšå®ãå¿ èŠã«ãªããŸãã次ã®æé ã§å®è¡ããŸãã 1. æ°ãããããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ãèšå®ããŸãã ãã€ã³ã¿ãã§ãŒã¹ïŒã«ãŒãã£ã³ã° > ã€ã³ã¿ãã§ãŒã¹ > ã€ã³ã¿ãã§ãŒã¹ ã ã¿ãã§æ°ããã€ã³ã¿ãã§ãŒã¹ ãäœæããããŒããŠã§ã¢ãšã㊠wlan ã€ã³ã¿ãã§ãŒã¹ (wlan0 ãªã©) ãéžæããŸããã¿ã€ãããã€ãŒãµ 370 UTM 9 管çã¬ã€ã 12 ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ 12.3 ã¢ã¯ã»ã¹ãã€ã³ã ããããã§ããããšã確èªããã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã® IP ã¢ãã¬ã¹ãšããããã¹ã¯ãæå®ã㟠ãã 2. ã¯ã€ã€ã¬ã¹ã¯ã©ã€ã¢ã³ãã® DHCP ãæå¹ã«ããŸãã ã¯ã©ã€ã¢ã³ããUTMã«æ¥ç¶ã§ããããã«ããããã«ã¯ãã¯ã©ã€ã¢ã³ãã« IP ã¢ãã¬ã¹ãšããã©ã«ã ã²ãŒããŠã§ã€ãå²ãåœãŠãå¿ èŠããããŸãããã®ãããããããã¯ãŒã¯ãµãŒãã¹ > DHCP > ãµãŒ ã ãã¿ãã§ããã®ã€ã³ã¿ãã§ãŒã¹ã« DHCP ãµãŒããã»ããã¢ããããŸãã 3. ã¯ã€ã€ã¬ã¹ã¯ã©ã€ã¢ã³ãã® DNS ãæå¹ã«ããŸãã ã¯ã©ã€ã¢ã³ãã DNS åã解決ã§ããããã«ããããã«ã¯ãã¯ã©ã€ã¢ã³ãã DNS ãµãŒãã«ã¢ã¯ ã»ã¹ã§ããããã«ããå¿ èŠããããŸããããããã¯ãŒã¯ãµãŒãã¹ > DNS > ã°ããŒãã« ãã¿ãã§ã èš±å¯ãããã¯ãŒã¯ãªã¹ãã«ã€ã³ã¿ãã§ãŒã¹ãè¿œå ããŸãã 4. ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ããã¹ã¯ãã NAT ã«ãŒã«ãäœæããŸãã ãã®ä»ã®ãããã¯ãŒã¯ãšåæ§ã«ãã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã®ã¢ãã¬ã¹ãã¢ãããªã³ã¯ã€ã³ã¿ ãã§ãŒã¹ã®ã¢ãã¬ã¹ã«å€æããå¿ èŠããããŸããããããã¯ãŒã¯ãããã¯ã·ã§ã³ > NAT > ãã¹ã« ã¬ãŒã ãã¿ã㧠NAT ã«ãŒã«ãäœæããŸãã 5. 1ã€ä»¥äžã®ãã±ãããã£ã«ã¿ã«ãŒã«ãäœæããŠãã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ãšã®ãã©ãã£ãã¯ã®é åä¿¡ãèš±å¯ããŸãã ãã®ä»ã®ãããã¯ãŒã¯ãšåæ§ã«ã1ã€ä»¥äžã®ãã±ãããã£ã«ã¿ã«ãŒã«ãäœæããŠãWeb ãµãŒã㣠ã³ãã©ãã£ãã¯ãªã©ã®ãã©ãã£ãã¯ãUTMãééã§ããããã«ããŸããããããã¯ãŒã¯ãããã¯ã·ã§ ã³ > ãã¡ã€ã¢ãŠã©ãŒã« > ã«ãŒã« ãã¿ãã§ãã±ãããã£ã«ã¿ã«ãŒã«ãäœæããŸãã 12.3 ã¢ã¯ã»ã¹ãã€ã³ã ãã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ > ã¢ã¯ã»ã¹ãã€ã³ããããŒãžã¯ãã·ã¹ãã ã§èªèãããŠããã¢ã¯ã»ã¹ãã€ã³ ã (AP) ã®æŠèŠã瀺ããŸããããã§ã¯ãAP ã®å±æ§ã®ç·šéãAP ã®åé€ãŸãã¯ã°ã«ãŒãåãAP ãŸã㯠AP ã°ã«ãŒããžã®ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã®å²ãåœãŠãè¡ãããšãã§ããŸãã 泚 â ããŒã·ãã¯ã¬ãŒããµãã¹ã¯ãªãã·ã§ã³ã§ã¯ã1ã€ã®ã¢ã¯ã»ã¹ãã€ã³ãã®ã¿ UTM ã«ã¢ã¯ã»ã¹ãå¯ èœã§ãã ã¢ã¯ã»ã¹ãã€ã³ãã®ã¿ã€ã çŸåšãSophosã§ã¯ã4çš®é¡ã®ã¢ã¯ã»ã¹ãã€ã³ããçšæããŠããŸãã l AP 5: 802.11b/g/n èŠæ Œã2.4 GHz 垯 USB ã³ãã¯ã¿ãŒã§ RED rev2 ãŸã㯠rev3 ã®ã¿ã«æ¥ç¶ãå¯èœã§ãããŸããWLAN ã¿ã€ãããAP UTM 9 管çã¬ã€ã 371 12.3 ã¢ã¯ã»ã¹ãã€ã³ã 12 ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ LAN ã«ããªããž ãã® 1ã€ã® SSID ããµããŒãããæ倧 7å°ã®ã¯ã€ã€ã¬ã¹ã¯ã©ã€ã¢ã³ãã«å¯Ÿå¿ã㟠ãã l AP 10ïŒ802.11b/g/nèŠæ Œã2.4 GHz垯 l AP 30ïŒ802.11b/g/nèŠæ Œã2.4 GHz垯 l AP 50ïŒ802.11a/b/g/nèŠæ Œã2.4/5 GHzãã¥ã¢ã«ãã³ã/ãã¥ã¢ã«ã©ãžãª AP 50 ã«ã¯ã䜿çšã§ãããã£ãã«ãç°ãªã 2ã€ã®ã¢ãã«ããããŸãã l FCC èŠå¶æºæ ãã¡ã€ã³ (äž»ã«ç±³åœ): ãã£ãã« 1ïœ11ã36ã40ã44ã48 l ETSI èŠå¶æºæ ãã¡ã€ã³ (äž»ã«æ¬§å·): ãã£ãã« 1ïœ13ã36ã40ã44ã48 AP ã®åœèšå®ã«ãã£ãŠãåå°ã®æ³åŸã«æºæ ããããã«äœ¿çšã§ãããã£ãã«ã決ãŸããŸãã® ã§ãã泚æãã ããã åç § â ã¢ã¯ã»ã¹ãã€ã³ãã«ã€ããŠã®è©³çŽ°ã¯ãSophos UTMãªãœãŒã¹ã»ã³ã¿ãŒã«ãããåæ±èª¬ææž ãã åç §ããŠãã ããã 12.3.1 æŠèŠ ãã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ > ã¢ã¯ã»ã¹ãã€ã³ã > æŠèŠ ãããŒãžã¯ãã·ã¹ãã ã§èªèãããŠããã¢ã¯ã» ã¹ãã€ã³ã (AP) ã®æŠèŠã瀺ããŸããSophos UTMã¯ãã¢ã¯ãã£ããã€ã³ã¢ã¯ãã£ããä¿çäžã® AP ãè å¥ããŸããæ£èŠã® AP ã®ã¿ããããã¯ãŒã¯ã«æ¥ç¶ããããã«ããããã«ãæåã« AP ãæ¿èªããå¿ èŠããããŸãã 泚 â AP 5 ã䜿çšããå Žåã¯ãæåã« RED ãããžã¡ã³ããæå¹ã«ããŠãRED ãã»ããã¢ããããŸãã ãã®åŸãRED ã€ã³ã¿ãã§ãŒã¹ããã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ > ã°ããŒãã«èšå® ãããŒãžã®èš±å¯ã€ã³ã¿ ãã§ãŒã¹ã«è¿œå ãããŠããããšã確èªããŸããAP 5ã RED ã«æ¥ç¶ããåŸã¯ãAP 5 ããä¿çäžã® ã¢ã¯ã»ã¹ãã€ã³ããã»ã¯ã·ã§ã³ã«è¡šç€ºãããã¯ãã§ãã ã¢ã¯ã»ã¹ãã€ã³ãã¯ãã°ã«ãŒãå ãã¿ãã§äžæçã«ç¡å¹åã§ããŸããAPããããã¯ãŒã¯ããç©ççã« åé€ããå Žåãããã§ãåé€ ããã¿ã³ãã¯ãªãã¯ããŠåé€ããŸããAP ããããã¯ãŒã¯ã«æ¥ç¶ãããŠãã éããåé€åŸããä¿çäž ãç¶æ ã§èªåçã«å衚瀺ãããŸãã ãã³ã â ãã®ããŒãžã®åã»ã¯ã·ã§ã³ã¯ãã»ã¯ã·ã§ã³ãããã®å³ã«ããã¢ã€ã³ã³ãã¯ãªãã¯ããŠãæãã ãã¿/å±éã§ããŸãã 372 UTM 9 管çã¬ã€ã 12 ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ 12.3 ã¢ã¯ã»ã¹ãã€ã³ã ã¢ã¯ãã£ããªã¢ã¯ã»ã¹ãã€ã³ ã ããã«ã¯ãæ¥ç¶ãããŠããèšå®æžã¿ã§å®è¡äžã® AP ããªã¹ããããŸããAP ãç·šéããã«ã¯ããç·šé ã ãã¿ã³ãã¯ãªãã¯ããŸã (ãã¢ã¯ã»ã¹ãã€ã³ãã®ç·šé ããåç §)ã ã€ã³ ã¢ã¯ãã£ããªã¢ã¯ã»ã¹ãã€ã³ ã ããã«ã¯ãéå»ã«èšå®æžã¿ã§çŸåšã¯UTMã«æ¥ç¶ãããŠããªã AP ããªã¹ããããŸããAP ããã®ç¶ æ 㧠5åéçµéããå ŽåãAP ã®ãããã¯ãŒã¯æ¥ç¶ãšã·ã¹ãã ã®èšå®ã確èªããŠãã ãããã¯ã€ã€ã¬ ã¹ãããã¯ã·ã§ã³ãµãŒãã¹ãåèµ·åãããšããæåŸã®ã¢ã¯ã»ã¹ (Last seen)ãã¿ã€ã ã¹ã¿ã³ããæ¶å»ãã ãŸããAP ãç·šéããã«ã¯ããç·šé ããã¿ã³ãã¯ãªãã¯ããŸã (ãã¢ã¯ã»ã¹ãã€ã³ãã®ç·šé ããåç §)ã ä¿çäžã®ã¢ã¯ã»ã¹ãã€ã³ ã ããã«ã¯ãã·ã¹ãã ã«æ¥ç¶ãããŠãããæªæ¿èªã® AP ããªã¹ããããŸããAP ãæ¿èªããã«ã¯ããå æ ããã¿ã³ãã¯ãªãã¯ããŸã (ãã¢ã¯ã»ã¹ãã€ã³ãã®ç·šé ãåç §)ã èšå®ã®åä¿¡åŸãä»æ¿èªãããã¢ã¯ã»ã¹ãã€ã³ãããçŸåšã¢ã¯ãã£ãã§ãããåŠãã«å¿ããŠãäžã®ã ãããã®ã»ã¯ã·ã§ã³ã«å³æã«è¡šç€ºãããããã«ãªããŸãã ã¢ã¯ã»ã¹ãã€ã³ãã®ç·šé 1. åã¢ã¯ã»ã¹ãã€ã³ãã®ãç·šé ããŸãã¯ãæ¿è«Ÿ ããã¿ã³ãã¯ãªãã¯ããŸãã ãã¢ã¯ã»ã¹ãã€ã³ãã®ç·šé ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ã©ãã« (ãªãã·ã§ã³):ãããã¯ãŒã¯ã® AP ãç°¡åã«ç¹å®ããããã«ã©ãã«ãå ¥åããŸãã åœ:AP ãèšçœ®ãããåœãéžæããŸãã éèŠ â åœã³ãŒãã«ãããéä¿¡ã«äœ¿çšã§ãããã£ãã«ã決ãŸããŸããåå°ã®æ³åŸã«æºæ ãã ããã«ãæ£ããåœãéžæããŠãã ãã (ãã¢ã¯ã»ã¹ãã€ã³ããã®ç« ãåç §ããŠãã ãã)ã ã°ã«ãŒã (ãªãã·ã§ã³):AP ãã°ã«ãŒãåããããšãã§ããŸãã以åã«ã°ã«ãŒããäœæããŠãã å Žåã¯ãããããããŠã³ãªã¹ãããéžæã§ããŸãããã以å€ã®å Žåã¯ããæ°èŠã°ã«ãŒãããéž æãããåå ãããã¹ãããã¯ã¹ã«ã°ã«ãŒãåãå ¥åããŸããã°ã«ãŒãåã®èšå®ã¯ãã°ã«ãŒã å ãã¿ãã§è¡ããŸãã 3. ãã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ ãã»ã¯ã·ã§ã³ã§ã 次ã®èšå®ãè¡ããŸãã ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã®éžæ (ã°ã«ãŒãã 1ã€ãéžæãããŠãªããæ°èŠã°ã«ãŒããéžæã ããŠããå Žå):ã¢ã¯ã»ã¹ãã€ã³ãããããŒããã£ã¹ãããã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ãéžæã㟠UTM 9 管çã¬ã€ã 373 12.3 ã¢ã¯ã»ã¹ãã€ã³ã 12 ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ ããããã¯ããªãã£ã¹ã«ã®ã¿ãããŒããã£ã¹ããã¹ãäŒç€Ÿã®ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ããå»ºç© å ã®å ¬å ±éšåã®ã¿ã§ãããŒããã£ã¹ããã¹ãã²ã¹ãã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ãªã©ã§äŸ¿å©ã§ãã ãªã¹ããããã®ãã£ã«ã¿ãã£ãŒã«ãã䜿çšããŠãã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ãæ€çŽ¢ããããšãã§ã㟠ãã 泚 â ã¢ã¯ã»ã¹ãã€ã³ããã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã«ãããŒããã£ã¹ãããã«ã¯ãããã€ãæ¡ä»¶ ãæºããå¿ èŠããããŸãã詳现ã¯ããAP ãžã®ãããã¯ãŒã¯å²ãåœãŠã«ãŒã«ãã»ã¯ã·ã§ã³ãå ç §ããŠãã ããã 4. å¿ èŠã«å¿ããŠããã¡ãã·ã¥ãããã¯ãŒã¯ ãã»ã¯ã·ã§ã³ã§ã次ã®èšå®ãè¡ããŸã (AP 50 ã®ã¿ããŸã ã¡ãã·ã¥ãããã¯ãŒã¯ããã¡ãã·ã¥ãããã¯ãŒã¯ ãã¿ãã§å®çŸ©ãããŠããå Žåã®ã¿)ã ã¡ãã·ã¥ããŒã«:ãã©ã¹ã¢ã€ã³ã³ãã¯ãªãã¯ããŠãã¢ã¯ã»ã¹ãã€ã³ãããããŒããã£ã¹ãããã¡ã ã·ã¥ãããã¯ãŒã¯ãéžæããŸãããã€ã¢ãã°ããã¯ã¹ãéããŸãã l ã¡ãã·ã¥:ã¡ãã·ã¥ãããã¯ãŒã¯ãéžæããŸãã l ããŒã«:éžæããã¡ãã·ã¥ãããã¯ãŒã¯ã«å¯Ÿããã¢ã¯ã»ã¹ãã€ã³ãã®ããŒã«ãå®çŸ©ã㟠ããã«ãŒã ã¢ã¯ã»ã¹ãã€ã³ãã¯ãUTM ã«çŽæ¥æ¥ç¶ããŠããŸããåæèšå®ãåä¿¡ãã ã¡ãã·ã¥ ã¢ã¯ã»ã¹ãã€ã³ãã¯ãUTM ããåæãããããã¡ãã·ã¥ãããã¯ãŒã¯çµç±ã§ ã«ãŒã ã¢ã¯ã»ã¹ãã€ã³ãã«æ¥ç¶ããŸããåã¢ã¯ã»ã¹ãã€ã³ãã¯ã1ã€ã®ã¡ãã·ã¥ããã ã¯ãŒã¯ã«å¯ŸããŠã®ã¿ã¡ãã·ã¥ ã¢ã¯ã»ã¹ãã€ã³ããšããŠæ©èœã§ããããšã«æ³šæããŠãã ã ãã ä¿åãããšããã¡ãã·ã¥ããŒã« ããªã¹ãã®ã¢ã¯ã»ã¹ãã€ã³ãã®ã¢ã€ã³ã³ãã¢ã¯ã»ã¹ãã€ã³ãã®ã㌠ã«ã瀺ããŸããæ©èœã¢ã€ã³ã³ã䜿çšããŠã¡ãã·ã¥ããŒã«ãç·šéããããªã¹ãããåé€ãããã§ã ãŸãã éèŠ â ãã¡ãã·ã¥ããŒã« ããªã¹ãããã¡ãã·ã¥ããŒã«ãåé€ããå Žåãã¢ã¯ã»ã¹ãã€ã³ããå床 ã€ãŒãµãããã«æ¥ç¶ããåæèšå®ãååŸããå¿ èŠããããŸããã¢ã¯ã»ã¹ãã€ã³ããå床ã€ãŒ ãµãããã«æ¥ç¶ãçŽããã«ã¡ãã·ã¥ããŒã«ãå€æŽããã«ã¯ãã¡ãã·ã¥ããŒã«ãåé€ããªãã§ã ã ããããã®ä»£ãããã¡ãã·ã¥ããŒã«ã®ç·šéã¢ã€ã³ã³ãã¯ãªãã¯ããæ£ããã¡ãã·ã¥ããã ã¯ãŒã¯ãéžæããŠãã ããã 5. 次ã®è©³çŽ°èšå®ãä»»æã§è¡ããŸãã ãã£ãã« 2.4 GHz:ããã©ã«ãèšå®ã®ãèªå ãã®ãŸãŸã«ãããšã䜿çšç¶æ³ã®äžçªäœãéä¿¡ã㣠ãã«ãèªåçã«éžæãããŸããåºå®ãã£ãã«ãéžæããããšãã§ããŸãã 374 UTM 9 管çã¬ã€ã 12 ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ 12.3 ã¢ã¯ã»ã¹ãã€ã³ã 5 GHz ãã£ãã« (AP 50 ã®ã¿ã§äœ¿çšå¯èœ):ããã©ã«ãèšå®ã®ãèªå ãã®ãŸãŸã«ãããšã䜿çšç¶ æ³ã®äžçªäœãéä¿¡ãã£ãã«ãèªåçã«éžæãããŸããåºå®ãã£ãã«ãéžæããããšãã§ã ãŸãã éä¿¡åºå 2.4 GHz:ã¢ã¯ã»ã¹ãã€ã³ãã§æ倧åºåã§éä¿¡ããããã«ã¯ãããã©ã«ãèšå®ã®ã100 %ãã®ãŸãŸã«ããŸããå¹²æžãäœæžãããããªã©ãäœåè·é¢ãççž®ããããã«ã¯åºåãäœæžã ãããšãã§ããŸãã éä¿¡åºå 5 GHz (AP 50 ã®ã¿ã§äœ¿çšå¯èœ):AP 50 ã§ã¯ã5 GHz 垯ã®éä¿¡åºåãåå¥ã«äœæž ããããšãã§ããŸãã STP:Spanning Tree Protocol (ã¹ããã³ã°ããªãŒãããã³ã«) ãæå¹åããã«ã¯ãããããããŠã³ ãªã¹ããããæå¹ ããéžæããŸãããã®ãããã¯ãŒã¯ãããã³ã«ã¯ãããªããžã®ã«ãŒããæ€åºã㊠åé¿ããŸããã¢ã¯ã»ã¹ãã€ã³ããã¡ãã·ã¥ãããã¯ãŒã¯ã«ãããŒããã£ã¹ãããå Žå㯠STP ã¯ å¿ ãæå¹ã«ããå¿ èŠããããŸãã VLAN ã¿ã®ã³ã°:VLAN ãæå¹åããã«ã¯ãããããããŠã³ãªã¹ããããæå¹ ããéžæã㟠ããVLAN ã¿ã®ã³ã°ã¯ããã©ã«ãã§ã¯ç¡å¹ã«ãªã£ãŠããŸããAP ãæ¢åã® VLAN ã€ãŒãµããã ã€ã³ã¿ãã§ãŒã¹ã«æ¥ç¶ããã«ã¯ãVLAN ã¿ã®ã³ã°ãæå¹ã«ããå¿ èŠããããŸããVLAN ã€ãŒãµ ãããã€ã³ã¿ãã§ãŒã¹ãããã°ããŒãã«èšå® > ã°ããŒãã«èšå® ãããŒãžã®ãèš±å¯ãããã¯ãŒã¯ ã ããã¯ã¹ã«è¿œå ãããŠããããšã確èªããŸãã 泚 â ãããã¯ãŒã¯å ã®ã¢ã¯ã»ã¹ãã€ã³ãã«å¯Ÿã㊠VLAN ã®äœ¿çšãå°å ¥ããã«ã¯ã以äžã®æ é ã«åŸããŸããæšæº LAN ã䜿çšããŠãAP ã UTM ã« 1å以äžæ¥ç¶ããŸããããã¯ãAP ã èšå®ãååŸããããã«å¿ èŠã§ããæåãã VLAN çµç±ã§æ¥ç¶ãããšãAP 㯠VLAN å ã« ããããšãèªèããªããããèšå®ãååŸããããã«UTMã«æ¥ç¶ããããšãã§ããŸãããAP ã衚瀺ãããããVLAN ãæå¹ã«ã㊠VLAN ID ãå ¥åããŸãããã®åŸãAP ãç®çã® VLAN (ã¹ã€ãããªã©) ã«æ¥ç¶ããŸãã 泚 â AP 5 ã§ã¯ãVLAN ã¿ã®ã³ã°ãã§ããŸããã AP VLAN ID:ãVLAN ã¿ã®ã³ã°ããæå¹ãªå Žåãã¢ã¯ã»ã¹ãã€ã³ããUTMã«æ¥ç¶ããããã«äœ¿ çšãã VLAN ã® VLAN ã¿ã°ãå ¥åããŸããVLAN ã¿ã° 0 ããã³ 1 ã¯äœ¿çšããªãã§ãã ãããäž è¬ã«ããããã®ã¿ã°ã¯ãããã¯ãŒã¯ããŒããŠã§ã¢ (ã¹ã€ãããªã©) äžã§ç¹å¥ãªæå³ãæã¡ãŸãã éåžžã4095 ã¯ç®¡ççšãšããŠäºçŽãããŠããŸãã UTM 9 管çã¬ã€ã 375 12.3 ã¢ã¯ã»ã¹ãã€ã³ã 12 ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ 泚 âVLAN ã¿ã®ã³ã°ãèšå®ãããŠããå ŽåãAP ã¯èšå®ããã VLAN ã«å¯Ÿã㊠DHCP ã 60 ç§éè©Šè¡ããŸãããã®æéå ã« IP ã¢ãã¬ã¹ãåä¿¡ã§ããªãã£ãå ŽåãAP ã¯ãã©ãŒã« ããã¯ãšããŠæšæºã® LAN ã« DHCP ãè©Šã¿ãŸãã 6. ãä¿å ããã¯ãªãã¯ããŸãã ã¢ã¯ã»ã¹ãã€ã³ãã¯ãããããèšå®ãŸãã¯èšå®ã®æŽæ°ãåä¿¡ããŸãã 泚 â èšå®ã®å€æŽåŸããã¹ãŠã®ã€ã³ã¿ãã§ãŒã¹ãåèšå®ããããŸã§çŽ15ç§å¿ èŠã§ãã VLAN ã¿ã®ã³ã°ãèšå®ãããŠãããAP ã VLAN çµç±ã§UTMã«ã³ã³ã¿ã¯ãã§ããªãå ŽåãAP ã¯èªåçã«ãªããŒãããèšå®ã®åä¿¡åŸã«åè©Šè¡ããŸãã AP ãžã®ãããã¯ãŒã¯å²ãåœãŠã«ãŒã« ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã®ãã¯ã©ã€ã¢ã³ããã©ãã£ã㯠ããªãã·ã§ã³ãšã¢ã¯ã»ã¹ãã€ã³ãã®ãVLAN ã¿ã®ã³ ã°ããªãã·ã§ã³ãé©åããå Žåã«ã®ã¿ãã¢ã¯ã»ã¹ãã€ã³ããã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã«å²ãåœãŠãããš ãã§ããŸãããã®éã次ã®ã«ãŒã«ãé©çšãããŸãã l ã¯ã©ã€ã¢ã³ããã©ãã£ãã¯ããå¥ãŸãŒã³ãã®ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯:ã¢ã¯ã»ã¹ãã€ã³ãã® VLAN ã¿ ã®ã³ã°ãæå¹ãŸãã¯ç¡å¹ã«ããããšãã§ããŸãã l ã¯ã©ã€ã¢ã³ããã©ãã£ãã¯ããAPã®LAN ã«ããªããž ãã®ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯:ã¢ã¯ã»ã¹ãã€ã³ã ã® VLAN ã¿ã®ã³ã°ãç¡å¹ã«ããå¿ èŠããããŸãã l ã¯ã©ã€ã¢ã³ããã©ãã£ãã¯ããVLAN ã«ããªããž ãã®ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯:ã¢ã¯ã»ã¹ãã€ã³ãã® VLAN ã¿ã®ã³ã°ãæå¹ã«ããå¿ èŠããããŸããããããã®ã¯ã€ã€ã¬ã¹ã¯ã©ã€ã¢ã³ãã¯ãã¯ã€ã€ ã¬ã¹ãããã¯ãŒã¯ã«æå®ããããVLAN ID ã«ããªããž ãã䜿çšããããRADIUS ãµãŒã㧠VLAN ID ãæå®ãããŠããå Žåã¯ãRADIUS ãµãŒããããåä¿¡ããŸãã 泚â AP 5 ã¯ããã¯ã©ã€ã¢ã³ããã©ãã£ã㯠ããªãã·ã§ã³ããAP LAN ã«ããªããž ãã® 1ã€ã®ã¯ã€ã€ã¬ã¹ãã ãã¯ãŒã¯ã«ã®ã¿å²ãåœãŠãããšãã§ããŸãã 12.3.2 ã°ã«ãŒãå ãã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ > ã¢ã¯ã»ã¹ãã€ã³ã > ã°ã«ãŒãå ãã¿ãã§ãã¢ã¯ã»ã¹ãã€ã³ããã°ã«ãŒãå ã§ããŸãããã¹ãŠã®ã¢ã¯ã»ã¹ãã€ã³ã ã°ã«ãŒãããŸãã°ã«ãŒãåãããŠããªãã¢ã¯ã»ã¹ãã€ã³ãã®æŠ èŠãäžèŠ§ã§è¡šç€ºãããŸããã¢ã¯ã»ã¹ãã€ã³ããšã°ã«ãŒãã¯åã¢ã€ã³ã³ã«ãã£ãŠåºå¥ãããŸãã ã¢ã¯ã»ã¹ãã€ã³ã ã°ã«ãŒããäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 376 UTM 9 管çã¬ã€ã 12 ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ 12.4 ã¡ãã·ã¥ãããã¯ãŒã¯ 1. ãã°ã«ãŒããããŒãžã§ããæ°èŠã°ã«ãŒãããã¯ãªãã¯ããŸãã ãæ°èŠã¢ã¯ã»ã¹ãã€ã³ã ã°ã«ãŒãããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ã¢ã¯ã»ã¹ãã€ã³ã ã°ã«ãŒãã説æããååãå ¥åããŠãã ããã VLAN ã¿ã®ã³ã°:VLAN ã¿ã®ã³ã°ã¯ããã©ã«ãã§ã¯ç¡å¹ã«ãªã£ãŠããŸããAP ãæ¢åã® VLAN ã€ãŒãµãããã€ã³ã¿ãã§ãŒã¹ã«æ¥ç¶ããã«ã¯ããã§ãã¯ããã¯ã¹ãéžæã㊠VLAN ã¿ã®ã³ã°ãæ å¹ã«ããå¿ èŠããããŸããVLAN ã€ãŒãµãããã€ã³ã¿ãã§ãŒã¹ãããã°ããŒãã«èšå® > ã°ã㌠ãã«èšå® ãããŒãžã®ãèš±å¯ãããã¯ãŒã¯ ãããã¯ã¹ã«è¿œå ãããŠããããšã確èªããŸãã l AP VLAN ID:ãã® AP ã°ã«ãŒãã UTM ã«æ¥ç¶ããããã«äœ¿çšãã VLAN ã¿ã°ãå ¥å ããŸããVLAN ã¿ã° 0 ããã³ 1 ã¯äœ¿çšããªãã§ãã ãããäžè¬ã«ããããã®ã¿ã°ã¯ããã ã¯ãŒã¯ããŒããŠã§ã¢ (ã¹ã€ãããªã©) äžã§ç¹å¥ãªæå³ãæã¡ãŸããéåžžã4095 ã¯ç®¡ç çšãšããŠäºçŽãããŠããŸãã ã¢ã¯ã»ã¹ãã€ã³ãéžæ:ãã®ã°ã«ãŒãã®ã¡ã³ããŒãšãªãã¢ã¯ã»ã¹ãã€ã³ããéžæããŸããä»ã®ã© ã®ã°ã«ãŒãã«ãå²ãåœãŠãããŠããªãã¢ã¯ã»ã¹ãã€ã³ãã®ã¿ã衚瀺ãããŸãã ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã®éžæ:ãã®ã°ã«ãŒãã®ã¢ã¯ã»ã¹ãã€ã³ãããããŒããã£ã¹ãããã¯ã€ ã€ã¬ã¹ãããã¯ãŒã¯ãéžæããŸãã 泚 â ã¢ã¯ã»ã¹ãã€ã³ããã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã«ãããŒããã£ã¹ãããã«ã¯ãããã€ãæ¡ä»¶ ãæºããå¿ èŠããããŸãã詳现ã¯ããã¢ã¯ã»ã¹ãã€ã³ã > æŠèŠ ãã®ãAP ãžã®ãããã¯ãŒã¯å²ã åœãŠãã»ã¯ã·ã§ã³ãåç §ããŠãã ããã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããã¢ã¯ã»ã¹ãã€ã³ãã°ã«ãŒãããã°ã«ãŒãå ããªã¹ãã«è¡šç€ºãããŸãã ã°ã«ãŒããç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã«ãŒãã®ãã¿ã³ãã¯ãªãã¯ããŸãã ã¢ã¯ã»ã¹ãã€ã³ããç·šéãŸãã¯åé€ããã«ã¯ã察å¿ããã¢ã¯ã»ã¹ãã€ã³ãã®ãã¿ã³ãã¯ãªãã¯ããŸãã ã¢ã¯ã»ã¹ãã€ã³ãã®ç·šéãšåé€ã«é¢ãã詳现ã¯ããã¢ã¯ã»ã¹ãã€ã³ã > æŠèŠ ããåç §ããŠãã ããã 12.4 ã¡ãã·ã¥ãããã¯ãŒã¯ ãã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ > ã¡ãã·ã¥ãããã¯ãŒã¯ ãããŒãžã§ã¯ãã¡ãã·ã¥ãããã¯ãŒã¯ãå®çŸ©ãããã® ã¡ãã·ã¥ãããã¯ãŒã¯ããããŒããã£ã¹ãããã¢ã¯ã»ã¹ãã€ã³ãã«é¢é£ä»ããããšãã§ããŸããäžè¬ç ã«ãã¡ãã·ã¥ãããã¯ãŒã¯ã§ã¯è€æ°ã®ã¢ã¯ã»ã¹ãã€ã³ããçžäºã«éä¿¡ãè¡ããå ±éã®ã¯ã€ã€ã¬ã¹ãã ãã¯ãŒã¯ããããŒããã£ã¹ãããŸãã1ã€ã®ã¡ãã·ã¥ãããã¯ãŒã¯ãä»ããŠæ¥ç¶ãããè€æ°ã®ã¢ã¯ã»ã¹ã UTM 9 管çã¬ã€ã 377 12.4 ã¡ãã·ã¥ãããã¯ãŒã¯ 12 ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ ã€ã³ãã¯ãåãã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ãã¯ã©ã€ã¢ã³ãã«ãããŒããã£ã¹ãã§ããããã1ã€ã®ã¢ã¯ã»ã¹ã ã€ã³ããšããŠæ©èœããªããåºãç¯å²ãã«ããŒã§ããŸãããŸããã¡ãã·ã¥ãããã¯ãŒã¯ã¯ãã±ãŒãã«ãæ· èšããã«ã€ãŒãµããããããã¯ãŒã¯éãããªããžããããã«äœ¿çšããããšãã§ããŸãã 1ã€ã®ã¡ãã·ã¥ãããã¯ãŒã¯ã«é¢é£ä»ããããã¢ã¯ã»ã¹ãã€ã³ãã¯ãã«ãŒãã¢ã¯ã»ã¹ãã€ã³ããŸã㯠ã¡ãã·ã¥ã¢ã¯ã»ã¹ãã€ã³ãã®ããããã®åœ¹å²ãæãããŸããã©ã¡ãã®å Žåããã®ã¡ãã·ã¥ããã ã¯ãŒã¯ããããŒããã£ã¹ãããããããããŒããã£ã¹ãã§ããä»ã®ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã®æ°ã¯ 1〠æžããŸãã l ã«ãŒã ã¢ã¯ã»ã¹ ãã€ã³ã:æç·ã§ UTM ã«æ¥ç¶ãããã¡ãã·ã¥ãããã¯ãŒã¯ãæäŸããŸãã1ã€ã® ã¢ã¯ã»ã¹ãã€ã³ããè€æ°ã®ã¡ãã·ã¥ãããã¯ãŒã¯ã«å¯Ÿããã«ãŒãã¢ã¯ã»ã¹ãã€ã³ããšããããšã ã§ããŸãã l ã¡ãã·ã¥ ã¢ã¯ã»ã¹ ãã€ã³ã:ã«ãŒãã¢ã¯ã»ã¹ãã€ã³ããçµç±ããŠãUTM ã«æ¥ç¶ããããã® 1ã€ã® ã¡ãã·ã¥ãããã¯ãŒã¯ãå¿ èŠã§ãã1ã€ã®ã¢ã¯ã»ã¹ãã€ã³ãã¯ãäžåºŠã« 1ã€ã®ã¡ãã·ã¥ããã ã¯ãŒã¯ã«å¯Ÿããã¡ãã·ã¥ã¢ã¯ã»ã¹ãã€ã³ããšããŠæ©èœããŸãã ã¡ãã·ã¥ãããã¯ãŒã¯ã¯ã䞻㫠2ã€ã®çšé (ã¯ã€ã€ã¬ã¹ããªããžãŸãã¯ã¯ã€ã€ã¬ã¹ãªããŒã¿ãŒ) ã«äœ¿çšã§ ããŸãã l ã¯ã€ã€ã¬ã¹ããªããž:2ã€ã®ã¢ã¯ã»ã¹ãã€ã³ãã䜿çšããŠã2ã€ã®ã€ãŒãµãããã»ã°ã¡ã³ãéã®ã¯ã€ ã€ã¬ã¹éä¿¡ã確ç«ã§ããŸããã¯ã€ã€ã¬ã¹ããªããžã¯ãã€ãŒãµãããã»ã°ã¡ã³ãéãã±ãŒãã«ã§ æ¥ç¶ã§ããªãå Žåã«äŸ¿å©ã§ãã1ã€ç®ã® UTM ã«æ¥ç¶ãããã€ãŒãµãããã»ã°ã¡ã³ããã«ãŒã ã¢ã¯ã»ã¹ ãã€ã³ãã®ã€ãŒãµãããã€ã³ã¿ãã§ãŒã¹ã«æ¥ç¶ãã2ã€ç®ã®ã€ãŒãµãããã»ã°ã¡ã³ãã ã¡ãã·ã¥ ã¢ã¯ã»ã¹ ãã€ã³ãã®ã€ãŒãµãããã€ã³ã¿ãã§ãŒã¹ã«æ¥ç¶ããå¿ èŠããããŸããè€æ°ã® ã¡ãã·ã¥ ã¢ã¯ã»ã¹ ãã€ã³ãã䜿çšããããšã§ãããã«å€ãã®ã€ãŒãµãããã»ã°ã¡ã³ããšæ¥ç¶ã§ã ãŸãã Figure 22 ã¡ãã·ã¥ãããã¯ãŒã¯ã®äœ¿çšäŸ - ã¯ã€ã€ã¬ã¹ããªããž l 378 ã¯ã€ã€ã¬ã¹ãªããŒã¿ãŒ:UTM ã«æ¥ç¶ãããã€ãŒãµããããã«ãŒã ã¢ã¯ã»ã¹ ãã€ã³ãã®ã€ãŒãµãã ãã€ã³ã¿ãã§ãŒã¹ã«æ¥ç¶ããŸããã«ãŒãã¢ã¯ã»ã¹ãã€ã³ãã¯ãã¡ãã·ã¥ãããã¯ãŒã¯ãä»ããŠã¡ã ã·ã¥ ã¢ã¯ã»ã¹ ãã€ã³ãã«ã¯ã€ã€ã¬ã¹æ¥ç¶ããã¡ãã·ã¥ã¢ã¯ã»ã¹ãã€ã³ãã¯ã¯ã€ã€ã¬ã¹ã¯ã©ã€ã¢ã³ ãã«ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ããããŒããã£ã¹ãããŸãã UTM 9 管çã¬ã€ã 12 ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ 12.4 ã¡ãã·ã¥ãããã¯ãŒã¯ Figure 23 ã¡ãã·ã¥ãããã¯ãŒã¯ã®äœ¿çšäŸ - ã¯ã€ã€ã¬ã¹ãªããŒã¿ãŒ æ°ããã¡ãã·ã¥ãããã¯ãŒã¯ãå®çŸ©ããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãã¡ãã·ã¥ãããã¯ãŒã¯ ãããŒãžã§ãã¡ãã·ã¥ãããã¯ãŒã¯ã®è¿œå ããã¯ãªãã¯ããŸãã ãã¡ãã·ã¥ãããã¯ãŒã¯ã®è¿œå ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ã¡ãã·ã¥ ID:ã¡ãã·ã¥ãããã¯ãŒã¯ã«å¯Ÿããäžæã® ID ãå ¥åããŠãã ããã åšæ³¢æ°åž¯:ãã®ãããã¯ãŒã¯ã«å²ãåœãŠãããã¢ã¯ã»ã¹ãã€ã³ãã¯ãéžæããåšæ³¢æ°åž¯ã§ã¡ã ã·ã¥ãããã¯ãŒã¯ãäŒéããŸããéåžžã¯ããããŒããã£ã¹ããããã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ãšã¯ ç°ãªãåšæ³¢æ°åž¯ãã¡ãã·ã¥ãããã¯ãŒã¯ã§äœ¿çšããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã ã¢ã¯ã»ã¹ãã€ã³ã:ãã©ã¹ã¢ã€ã³ã³ãã¯ãªãã¯ããŠãã¡ãã·ã¥ãããã¯ãŒã¯ããããŒããã£ã¹ããã ã¢ã¯ã»ã¹ãã€ã³ããéžæããŸãããã¡ãã·ã¥ããŒã«ã®è¿œå ããã€ã¢ãã°ãŠã£ã³ããŠãéããŸãã l AP:ã¢ã¯ã»ã¹ãã€ã³ããéžæããŸããçŸåšã¡ãã·ã¥ãããã¯ãŒã¯ã®ãããŒããã£ã¹ãã«äœ¿ çšã§ããã¢ã¯ã»ã¹ãã€ã³ã㯠AP 50 ã®ã¿ã§ãã l ããŒã«:éžæããã¡ãã·ã¥ãããã¯ãŒã¯ã«å¯Ÿããã¢ã¯ã»ã¹ãã€ã³ãã®ããŒã«ãå®çŸ©ã㟠ããã«ãŒã ã¢ã¯ã»ã¹ãã€ã³ãã¯ãUTM ã«çŽæ¥æ¥ç¶ããŠããŸããåæèšå®ãåä¿¡ãã ã¡ãã·ã¥ ã¢ã¯ã»ã¹ãã€ã³ãã¯ãUTM ããåæãããããã¡ãã·ã¥ãããã¯ãŒã¯çµç±ã§ ã«ãŒã ã¢ã¯ã»ã¹ãã€ã³ãã«æ¥ç¶ããŸããåã¢ã¯ã»ã¹ãã€ã³ãã¯ã1ã€ã®ã¡ãã·ã¥ããã ã¯ãŒã¯ã«å¯ŸããŠã®ã¿ã¡ãã·ã¥ ã¢ã¯ã»ã¹ãã€ã³ããšããŠæ©èœã§ããããšã«æ³šæããŠãã ã ãã 泚 â åæèšå®ã§ãä»ã®ã¢ã¯ã»ã¹ãã€ã³ããšåæ§ããã°ããŒãã«èšå® ãã¿ãã®ã èš±å¯ã€ã³ã¿ ãã§ãŒã¹ ãããã¯ã¹ã§éžæããã€ãŒãµãããã»ã°ã¡ã³ãã®ããããã«ã¡ãã·ã¥ã¢ã¯ã»ã¹ãã€ã³ã ãå¿ ãæ¥ç¶ããŠãã ããã UTM 9 管çã¬ã€ã 379 12.5 ã¯ã€ã€ã¬ã¹ã¯ã©ã€ã¢ã³ã 12 ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ ãªã¹ãããã¢ã¯ã»ã¹ãã€ã³ããåé€ããã«ã¯ããã¢ã¯ã»ã¹ãã€ã³ãããªã¹ãã®åé€ã¢ã€ã³ã³ãäœ¿çš ããŠãã ããã éèŠ â ãã¢ã¯ã»ã¹ãã€ã³ãããªã¹ãããã¡ãã·ã¥ ã¢ã¯ã»ã¹ ãã€ã³ããåé€ããå Žåãã¢ã¯ã»ã¹ ãã€ã³ããå床ã€ãŒãµãããã«æ¥ç¶ããåæèšå®ãååŸããå¿ èŠããããŸããã¢ã¯ã»ã¹ã〠ã³ããå床ã€ãŒãµãããã«æ¥ç¶ãçŽããã«ã¡ãã·ã¥ãããã¯ãŒã¯ãå€æŽããã«ã¯ãã¢ã¯ã»ã¹ã ã€ã³ããåé€ããªãã§ããã¢ã¯ã»ã¹ãã€ã³ã > æŠèŠ ãã¿ãã§ãã¢ã¯ã»ã¹ãã€ã³ãã®ãç·šé ããã¿ã³ ãã¯ãªãã¯ãããã¡ãã·ã¥ãããã¯ãŒã¯ ãã»ã¯ã·ã§ã³ã®ç·šéã¢ã€ã³ã³ãã¯ãªãã¯ããæ£ããã¡ãã·ã¥ ãããã¯ãŒã¯ãéžæããŠãã ããã ã¢ã¯ã»ã¹ãã€ã³ãã®ã¢ã€ã³ã³ãã¢ã¯ã»ã¹ãã€ã³ãã®ããŒã«ã瀺ããŸãããªã¹ããããã®ãã£ã«ã¿ ãã£ãŒã«ãã䜿çšããŠãã¢ã¯ã»ã¹ãã€ã³ãã®ãªã¹ãå ãæ€çŽ¢ããããšãã§ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã ã¡ãã·ã¥ãããã¯ãŒã¯ããã¡ãã·ã¥ãããã¯ãŒã¯ ããªã¹ãã«è¡šç€ºãããŸãã 12.5 ã¯ã€ã€ã¬ã¹ã¯ã©ã€ã¢ã³ã ãã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ > ã¯ã€ã€ã¬ã¹ã¯ã©ã€ã¢ã³ããããŒãžã¯ãçŸåšã¢ã¯ã»ã¹ãã€ã³ãã«æ¥ç¶ãã㊠ãã (ãŸãã¯éå»ã«æ¥ç¶ãããŠãã) ã¯ã©ã€ã¢ã³ãã®æŠèŠã瀺ããŸãã ãã¹ãŠã®ã¯ã©ã€ã¢ã³ããååãéä¿¡ããèš³ã§ã¯ãªããããããã§ååãå²ãåœãŠãŠãæŠèŠã§æ¢ç¥ ã®ã¯ã©ã€ã¢ã³ããèå¥ããããã§ããŸããã¯ã©ã€ã¢ã³ãã DHCP èŠæ±äžã« NetBIOS åãéä¿¡ããå Ž åããã®ååãããŒãã«ã«è¡šç€ºãããŸããéä¿¡ããªãå Žåãã¯ã©ã€ã¢ã³ãã¯ãªã¹ãã« [unknown] (äž æ) ãšè¡šç€ºãããŸãããããã®äžæã¯ã©ã€ã¢ã³ãã®ååã¯ãååã®åã«ããéµã¢ã€ã³ã³ãã¯ãªãã¯ã㊠å€æŽããããšãã§ããŸãã次ã«ãååãå ¥åããŠãä¿å ããã¯ãªãã¯ããŸããå€æŽãæå¹ã«ãªããŸã§æ° ç§ããããŸããWebAdmin ã®å³äžé ã«ããããªããŒãããã¿ã³ãããã¯ã©ã€ã¢ã³ãã®ååãåç §ã§ã㟠ãã ãŸããæåã®åã«ããã空ã«ãããã¢ã€ã³ã³ãã¯ãªãã¯ããŠãã¯ã©ã€ã¢ã³ããããŒãã«ããåé€ããããš ãã§ããŸãã ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ãµãŒãã¹ãåèµ·åãããšããæåŸã®è¡šç€º (Last seen)ãã¿ã€ã ã¹ã¿ã³ããæ¶å» ãããŸãã 泚 â ã¯ã©ã€ã¢ã³ãã«å²ãåœãŠããã IP ã¢ãã¬ã¹ã¯ãUTMã該åœã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã®DHCP ãµãŒããšããŠæ©èœããå Žåã«ã®ã¿è¡šç€ºå¯èœã§ããããã«ãã¹ã¿ãã£ã㯠DHCP ãããã³ã°ã®ãã ã«ãçŸæç¹ã§ã¯ IP ã¢ãã¬ã¹ 0.0.0.0 ã衚瀺ãããŸãã 380 UTM 9 管çã¬ã€ã 12 ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ 12.6 ãããã¹ããã 12.6 ãããã¹ããã ãã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ > ãããã¹ããããããŒãžã§ã¯ããã£ããã£ãããŒã¿ã«ã·ã¹ãã ã«ããã¢ã¯ã» ã¹ã管çã§ããŸãããããã¹ãããæ©èœã«ãããã«ãã§ãããã«ãäŒæ¥ãªã©ã§ã¯ã²ã¹ãã«æéå¶éãã ã©ãã£ãã¯å¶éã課ããã€ã³ã¿ãŒãããã¢ã¯ã»ã¹ãæäŸã§ããŸãããã®æ©èœã¯ãã¯ã€ã€ã¬ã¹ãµãã¹ã¯ãª ãã·ã§ã³å ã§äœ¿çšã§ããŸãããæç·ãããã¯ãŒã¯ã§ãæ©èœããŸãã 泚 â æè¡çã«ã¯ããããã¹ãããæ©èœã«ãããåºæ¬çã«ãã¡ã€ã¢ãŠã©ãŒã«ã§èš±å¯ãããŠãããã© ãã£ãã¯ãå¶éãããããšã«ãªããŸãããããã£ãŠããããã¹ããããä»ããŠãã©ãã£ãã¯ã管çã§ãã ããã«ããããã®ãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ãèšå®ããŠããããšã確èªããå¿ èŠããããŸããããã ã¹ããããæå¹ã«ããåã«ããããã¹ãããæ©èœãç¡å¹ã«ããç¶æ ã§ãã©ãã£ãã¯ããã¹ãããããšã ãå§ãããŸãã ãããã¹ãããã®çæ æåã«ç®¡çè ã¯ç¹å®ã¿ã€ãã®ã¢ã¯ã»ã¹ãåãããããã¹ããããäœæããŠæå¹ã«ããå¿ èŠããã㟠ãã次ã®ã¿ã€ãã䜿çšã§ããŸãã l å©çšèŠçŽã®èš±è«Ÿ:ã²ã¹ãã«æ瀺ããå©çšèŠçŽãäœæã§ããŸããã²ã¹ãããããã¹ãããã«ã¢ã¯ ã»ã¹ããããã«ã¯ãå©çšèŠçŽã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããå¿ èŠããããŸãã l åœæ¥æå¹ãã¹ã¯ãŒã:ã²ã¹ãããããã¹ãããã«ã¢ã¯ã»ã¹ããããã«ã¯ããã¹ã¯ãŒããå ¥åãã å¿ èŠããããŸãããã¹ã¯ãŒãã¯æ¯æ¥å€æŽãããŸãã l ããŠãã£ãŒ:ã²ã¹ãããããã¹ãããã«ã¢ã¯ã»ã¹ããããã«ã¯ãããŠãã£ãŒãååŸããŠã㊠ãã£ãŒã³ãŒããå ¥åããå¿ èŠããããŸããããŠãã£ãŒã¯ãããã€ã¹ã®æ°ãæéããã©ãã£ãã¯ã§ å¶éããããšãã§ããŸãã ã²ã¹ããžã®ã¢ã¯ã»ã¹æ å ±ã®é ä¿¡ ãåœæ¥æå¹ãã¹ã¯ãŒã ãããã³ãããŠãã£ãŒãã¿ã€ãã§ã¯ãã¢ã¯ã»ã¹æ å ±ãã²ã¹ãã«æäŸããå¿ èŠãã ããŸãããããã£ãŠãã¢ã¯ã»ã¹æ å ±ã管çããŠé ä¿¡ã§ãããŠãŒã¶ãå®çŸ©ããããšãã§ããŸããããã ã®ãŠãŒã¶ã¯ããŠãŒã¶ããŒã¿ã«ã®ããããã¹ããããã¿ãã§ã¢ã¯ã»ã¹æ å ±ãåä¿¡ããŠé ä¿¡ããŸãã l åœæ¥æå¹ãã¹ã¯ãŒã:çŸåšã®ãã¹ã¯ãŒãã¯ã¡ãŒã«ã§éä¿¡ãããããŠãŒã¶ããŠãŒã¶ããŒã¿ã«ã§ ãã¹ã¯ãŒãã確èªããããšãã§ããŸãããŠãŒã¶ã¯ã²ã¹ãã«ãã¹ã¯ãŒãã転éããŸãããŠãŒã¶ã¯ æ°ãããã¹ã¯ãŒããçæããããå ¥åããããšãã§ããŸããæ°ãããã¹ã¯ãŒããèšå®ãããšã UTM 9 管çã¬ã€ã 381 12.6 ãããã¹ããã 12 ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ å€ããã¹ã¯ãŒããèªåçã«ç¡å¹ã«ãªããã¢ã¯ãã£ããªã»ãã·ã§ã³ãçµäºããŸããä»ã®ãŠãŒã¶ ã«ã¯ãããããã®èšå®ã«å¿ããŠãã¡ãŒã«ãŸãã¯ãŠãŒã¶ããŒã¿ã«ã§æ°ãããã¹ã¯ãŒããé£çµ¡ã ãŸãã l ããŠãã£ãŒ:ãŠãŒã¶ããŒã¿ã«ã§ã¯ããŠãŒã¶ã¯ããããäžæã®ã³ãŒãã®ããŠãã£ãŒãäœæã§ã ãŸãã管çè ã«ãã£ãŠæå®ãããŠããå Žåã¯ãç°ãªãã¿ã€ãã®ããŠãã£ãŒã䜿çšã§ããŸãã ããŠãã£ãŒã¯å°å·ããããšã¯ã¹ããŒãããŠãã²ã¹ãã«æäŸããããšãã§ããŸããäœæããã㊠ãã£ãŒã®ãªã¹ãã«ãããããŠãã£ãŒã®äœ¿çšç¶æ³ãææ¡ããã³ç®¡çã§ããŸãã æ³çæ å ± å€ãã®åœã§ã¯ãå ¬å ±ã¯ã€ã€ã¬ã¹ LAN ã®éçšã«ã¯ãåœã®ç¹å®ã®æ³åŸãé©çšãããæ³çã«çåã®ã ãã³ã³ãã³ãã® Web ãµã€ã (ãã¡ã€ã«å ±æãµã€ããéæ¿æŽŸã® Web ãµã€ããªã©) ãžã®ã¢ã¯ã»ã¹ãå¶éã ããŠããŸãããã®èŠä»¶ã«æºæ ããããã«ã¯ããããã¹ãããã«Sophos UTMã® Web ãããã¯ã·ã§ã³æ© èœãçµã¿åãããŠããŠã§ããµã€ãã®ã«ããŽãªã¿ã€ãå šäœãã 1ã€ã® URL ãŸã§ããããã¯ããããèš±å¯ ãããããããšã§ãWeb ã¢ã¯ã»ã¹ãå¶åŸ¡ã§ããŸããUTMã䜿çšãããšãã¢ã¯ã»ã¹ã®å¯èœãªãµã€ããã³ã³ ãã³ãããŠãŒã¶ãã¢ã¯ã»ã¹æéãå®å šã«å¶åŸ¡ããããšãã§ããŸããããã«ãããåœãäŒæ¥ã®ããªã·ãŒ ã«ãã£ãŠçŸ©åä»ããããŠããå Žåã«ããããã¹ãããã«å³æ Œãªå¶éã課ãããšãã§ããŸãã ããã«ãSophos UTMã®çµã¿èŸŒã¿ HTTP ãããã·ã䜿çšããŠããé«åºŠãªãã°ãšã¬ããŒãæ©èœãåŸãã ãŸããã¬ããŒãã«ã¯ã誰ãã©ã®ãµã€ãããã€ãäœåé²èŠ§ãããã衚瀺ããããããã¢ã¯ã»ã¹å¶éãè¡ ããã«ãããã¹ããããéçšãããå Žåã§ããäžé©åãªäœ¿çšãç¹å®ããããšãã§ããŸãã ããã«åœã«ãã£ãŠã¯ãåœã®èŠå¶æ©é¢ã«ãããã¹ããããç»é²ããããšã矩åä»ããããŠããå Žåã ãããŸãã 12.6.1 ã°ããŒãã« ãã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ > ãããã¹ããã > ã°ããŒãã« ãã¿ãã§ã¯ããããã¹ãããæ©èœãæå¹ã«ãã ãããã¹ãããã¢ã¯ã»ã¹æ å ±ã®è¡šç€ºãšé ä¿¡ãèš±å¯ãããŠãŒã¶ãå®çŸ©ã§ããŸãã ãããã¹ããããèšå®ããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãã°ããŒãã« ãã¿ãã§ããããã¹ããããæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããç·è²ã«ãªãããã°ããŒãã«ãããã¹ãããèšå® ããšãªã¢ãç·šéå¯èœã«ãªã㟠ãã 382 UTM 9 管çã¬ã€ã 12 ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ 12.6 ãããã¹ããã 2. èš±å¯ãããŠãŒã¶ãéžæããŸãã ãŠãŒã¶ããŒãã¢ã«ãä»ããŠãããã¹ãããã¢ã¯ã»ã¹æ å ±ãæäŸã§ãããŠãŒã¶ãéžæããŸããã ãã§éžæãããŠãŒã¶ã¯ãåœæ¥æå¹ãã¹ã¯ãŒããå€æŽãããããããã¹ãããããŠãã£ãŒãäœæ ã§ããŸãã 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã ã©ã€ãã ã° ãããã¹ãããã®ã©ã€ããã°ã«ã¯ããããã¹ãããã®äœ¿çšç¶æ³ã«é¢ããç¶æ³ã衚瀺ãããŸãããã©ã€ã ãã°ãéãããã¿ã³ãã¯ãªãã¯ãããšãæ°ãããŠã£ã³ããŠã§ãããã¹ãããã®ã©ã€ããã°ãéããŸãã 12.6.2 ãããã¹ããã ãã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ > ãããã¹ããã > ãããã¹ããããã¿ãã§ã¯ãåçš®ã®ãããã¹ãããã管ç㧠ããŸãã 泚 â ãããã¹ãããã¯ãWLAN ã€ã³ã¿ãã§ãŒã¹ãªã©ã®æ¢åã®ã€ã³ã¿ãã§ãŒã¹ã«å²ãåœãŠãå¿ èŠããã ãŸãããã®ã€ã³ã¿ãã§ãŒã¹ã䜿çšãããã¹ãŠã®ãã¹ãã¯ããããã¹ãããã«ããèªåçã«å¶éãã㟠ãããããã£ãŠãéåžžãããã¹ããããäœæããåã« ã¯ã©ã€ã¢ã³ããã©ãã£ãã¯ããå¥ãŸãŒã³ãã®ã¯ã€ã€ ã¬ã¹ãããã¯ãŒã¯ãäœæããŠãããå WLAN ã€ã³ã¿ãã§ãŒã¹ããŒããŠã§ã¢ã®ã€ã³ã¿ãã§ãŒã¹ãäœæã ãŸãã詳ããã¯ããã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ > ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ ããåç §ããŠãã ããã ãããã¹ããããäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ããããã¹ãããã®è¿œå ããã¯ãªãã¯ããŸãã ããããã¹ãããã®è¿œå ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã®ãããã¹ãããã説æããååãå ¥åããŠãã ããã ã€ã³ã¿ãã§ãŒã¹:ãããã¹ãããã«ããå¶éããã€ã³ã¿ãã§ãŒã¹ãè¿œå ããŸããéžæããã€ã³ã¿ ãã§ãŒã¹ã«å¯ŸããŠãå¿ èŠãªãã©ãã£ãã¯ãèš±å¯ãããã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ãèšå®ãããŠãã ããšã確èªããŠãã ãããã€ã³ã¿ãã§ãŒã¹ã¯ã1ã€ã®ãããã¹ãããã§ã®ã¿äœ¿çšã§ããŸãã èŠå â ããã§ã¯ã¢ãããªã³ã¯ã€ã³ã¿ãã§ãŒã¹ãéžæããªãã§ãã ãããã€ã³ã¿ãŒããããžã®ãã© ãã£ãã¯ãåŸã«å®å šã«ãããã¯ãããŠããŸããŸãããŸããèªèšŒãªã©ã®éèŠãªãµãŒãã¹ãæäŸ UTM 9 管çã¬ã€ã 383 12.6 ãããã¹ããã 12 ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ ãããµãŒãã䜿çšããã€ã³ã¿ãã§ãŒã¹ã¯äœ¿çšããªãããšã匷ãæšå¥šããŸããWebAdmin ãã ããã¯ã¢ãŠãããã解é€ã§ããªããªãæãããããŸãã ãããã¹ãããã¿ã€ã:éžæããã€ã³ã¿ãã§ãŒã¹ã®ãããã¹ãããã¿ã€ããéžæããŸãã l åœæ¥æå¹ãã¹ã¯ãŒã:æ°ãããã¹ã¯ãŒãã 1æ¥ã« 1åèªåçã«äœæãããŸãããã®ã ã¹ã¯ãŒãã¯ããŠãŒã¶ããŒã¿ã«ã®ããããã¹ããããã¿ãã«è¡šç€ºãããŸããããã¯ããã°ã㌠ãã« ãã¿ãã«æå®ãããŠãããã¹ãŠã®ãŠãŒã¶ã«æäŸãããŸããããã«ãæå®ããã¡ãŒã« ã¢ãã¬ã¹ã«ãéä¿¡ãããŸãã l ããŠãã£ãŒ:(ããŒã·ãã¯ã¬ãŒã ãµãã¹ã¯ãªãã·ã§ã³ã§ã¯ãå©çšã§ããŸããã)ãã®ãããã¹ ãããã¿ã€ãã§ã¯ãããŸããŸãªå¶éãšããããã£ãæã€ãŠãŒã¶ããŒã¿ã«ã®ããŒã¯ã³ãäœ æãå°å·ããŠãŠãŒã¶ã«æäŸããããšãã§ããŸãããŠãŒã¶ãã³ãŒããå ¥åãããšãã€ã³ ã¿ãŒãããã«çŽæ¥ã¢ã¯ã»ã¹ã§ããŸãã l å©çšèŠçŽã®èš±è«Ÿ:ãŠãŒã¶ã¯å©çšèŠçŽã蚱諟ããåŸã«ã€ã³ã¿ãŒãããã«ã¢ã¯ã»ã¹ã§ã㟠ãã ãã¹ã¯ãŒãäœææå» (ãåœæ¥æå¹ãã¹ã¯ãŒã ãã®ãããã¹ãããã¿ã€ãã®ã¿):æ°ãããã¹ã¯ãŒã ãäœæãããæå»ãæå®ããã®æå»ã«ãªããšãå€ããã¹ã¯ãŒããå³æã«ç¡å¹ã«ãªããçŸåš ã®ã»ãã·ã§ã³ãåæãããŸãã ãã¹ã¯ãŒãã®ã¡ãŒã«éä¿¡å (ãåœæ¥æå¹ãã¹ã¯ãŒã ãã®ãããã¹ãããã¿ã€ãã®ã¿):ãã¹ã¯ãŒã ã®éä¿¡å ã®ã¡ãŒã«ã¢ãã¬ã¹ãè¿œå ããŸãã ããŠãã£ãŒå®çŸ© (ãããŠãã£ãŒãã®ãããã¹ãããã¿ã€ãã®ã¿):ãã®ãªã¹ãã«ã¯ãæå®ãããŠãã ããŠãã£ãŒå®çŸ©ã衚瀺ãããŸãããããã¹ãããã«äœ¿çšããå®çŸ©ãéžæããŸãã ããŠãã£ãŒåœããã®ããã€ã¹ (ãããŠãã£ãŒãã®ãããã¹ãããã¿ã€ãã®ã¿):ããŠãã£ãŒã®æå¹ æéäžã« 1ã€ã®ããŠãã£ãŒã§ãã°ã€ã³ãèš±å¯ããããã€ã¹æ°ãå ¥åããŸãããããç¡å¶é (unlimited) ã«ããããšã¯æšå¥šãããŸããã ã»ãã·ã§ã³æé (ãåœæ¥æå¹ãã¹ã¯ãŒã ãã®ãããã¹ãããã¿ã€ãã®ã¿):ã¢ã¯ã»ã¹ã®æå¹æéã å ¥åããŸãããã®æéãéãããšããŠãŒã¶ã¯å©çšèŠçŽãå床åè«ŸããŠãã°ã€ã³ããå¿ èŠã ãããŸãã ãŠãŒã¶ã«å©çšèŠçŽã®èš±è«Ÿãæ±ãã (ãåœæ¥æå¹ãã¹ã¯ãŒã ããŸãã¯ãããŠãã£ãŒãã®ãããã¹ ãããã¿ã€ãã®ã¿):ãããã¹ããããŠãŒã¶ãã€ã³ã¿ãŒãããã«ã¢ã¯ã»ã¹ããåã«ããŠãŒã¶ã«å©çš èŠçŽã蚱諟ããŠãããå Žåã¯ããã®ãªãã·ã§ã³ãéžæããŸãã l 384 å©çšèŠçŽ:å©çšèŠçŽãšããŠè¡šç€ºããããã¹ããè¿œå ããŸããã·ã³ãã«ãª HTML ããŒã¯ ã¢ãããšãã€ããŒãªã³ã¯ã䜿çšã§ããŸãã UTM 9 管çã¬ã€ã 12 ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ 12.6 ãããã¹ããã ãã°ã€ã³åŸ URL ã«è»¢é:éžæãããšããã¹ã¯ãŒããŸãã¯ããŠãã£ãŒããŒã¿ã®å ¥ååŸããŠãŒã¶ ã¯ãããã«ã® Web ãµã€ããŸãã¯ããŒã¿ã«ã®ã·ã¹ãã ããªã·ãŒãèšèŒããã Web ããŒãžãªã©ã æå®ã® URL ã«èªåçã«è»¢éãããŸãã l URL:ãŠãŒã¶ã転éããã転éå URLã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. 次ã®è©³çŽ°èšå®ãä»»æã§è¡ããŸãã ããŽãåé€:ãã°ã€ã³ããŒãžããããŽãåé€ããŸãã æ°èŠããŽã®ã¢ããããŒã:ãã°ã€ã³ããŒãžã«ã¿ã€ãã«ãè¿œå ããŸãã ã¿ã€ãã«:ãã°ã€ã³ããŒãžã«ã¿ã€ãã«ãè¿œå ããŸããã·ã³ãã«ãª HTML ããŒã¯ã¢ãããšãã€ããŒãª ã³ã¯ã䜿çšã§ããŸãã ã«ã¹ã¿ã ããã¹ã:ãã°ã€ã³ããŒãžã«ããã¹ããè¿œå ããŸãã䜿çšããã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã® SSID ãªã©ãå ¥åã§ããŸããã·ã³ãã«ãª HTML ããŒã¯ã¢ãããšãã€ããŒãªã³ã¯ã䜿çšã§ããŸãã 泚 âãã¿ã€ãã« ãããã³ãã«ã¹ã¿ã ããã¹ããã¯ãã詳现 ãã¿ãã§ããããã®ãã§ãã¯ããã¯ã¹ã ãã§ãã¯ãããŠããå Žåã«ããŠãã£ãŒã«å°å·ãããŸãã 4. ãä¿å ããã¯ãªãã¯ããŸãã ãããã¹ããããäœæããããããã¹ããããªã¹ãã«è¡šç€ºãããŸãã ãã³ã â ãããã¹ããããä¿åããåŸããã°ã€ã³ããŒãžã®ãã¬ãã¥ãŒãéãããšãã§ããŸãããããã¹ ããããªã¹ãã§åãããã¹ãããã®ããã°ã€ã³ããŒãžããã¬ãã¥ãŒããã¿ã³ãã¯ãªãã¯ããŸãã ãããã¹ããããç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 12.6.3 ããŠãã£ãŒå®çŸ© ãã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ > ãããã¹ããã > ããŠãã£ãŒå®çŸ© ãã¿ãã§ã¯ãããŠãã£ãŒã¿ã€ãã®ãããã¹ ãããã®åçš®ããŠãã£ãŒå®çŸ©ã管çã§ããŸãã ããŠãã£ãŒå®çŸ©ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãããŠãã£ãŒå®çŸ©ã®è¿œå ããã¯ãªãã¯ããŸãã ãããŠãã£ãŒå®çŸ©ã®è¿œå ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã®ããŠãã£ãŒå®çŸ©ã説æããååãå ¥åããŸãã UTM 9 管çã¬ã€ã 385 12.6 ãããã¹ããã 12 ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ æå¹æé:ãã®å®çŸ©ã®ããŠãã£ãŒã®æå¹æéãæå®ããŸãããã®ã«ãŠã³ãã¯ååãã°ã€ã³æ ããå§ãŸããŸããå¿ ããã®æéãèšå®ããããšããå§ãããŸãã æéå²åœ:ããã§ã¯ãèš±å¯ãããªã³ã©ã€ã³æéãå¶éã§ããŸãããã®å®çŸ©ã®ããŠãã£ãŒã®æ éãåãããŸã§ã®æ倧ãªã³ã©ã€ã³æéãæå®ããŸãããã®ã«ãŠã³ãã¯ãã°ã€ã³æããå§ãŸ ãããã°ã¢ãŠãæã«åæ¢ããŸããããã«ã5åéã«ããã£ãŠã¢ã¯ãã£ããã£ããªãå Žåã«ã«ãŠã³ã ãåæ¢ããŸãã ããŒã¿ããªã¥ãŒã :ããã§ã¯ãèš±å¯ããããŒã¿ããªã¥ãŒã ãå¶éã§ããŸãããã®ããŠãã£ãŒå®çŸ© ã§éä¿¡ã§ããæ倧ããŒã¿éãå ¥åããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã ããŠãã£ãŒå®çŸ©ãäœæãããŸããããŠãã£ãŒã¿ã€ãã®ãããã¹ãããã®äœææã«ã¯ããã®ã ãŠãã£ãŒå®çŸ©ãéžæã§ããããã«ãªããŸãã ããŠãã£ãŒå®çŸ©ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 12.6.4 詳现 ã㊠ãã£ãŒå°å·ãªãã·ã§ã³ ããŒãžãµã€ãº:ãŠãŒã¶ããŒã¿ã«ã§å°å·ããããŠãã£ãŒã®ãµã€ãºãéžæããŸãã ããŒãžåœããã®ããŠãã£ãŒæ°:1ããŒãžã«å°å·ããããŠãã£ãŒã®æ°ãæå®ããŸãã å°å·ã¿ã€ãã«/ã«ã¹ã¿ã ããã¹ãã®å°å·:ããŠãã£ãŒã«ã¿ã€ãã«ãŸãã¯ã«ã¹ã¿ã ããã¹ããå°å·ããå Ž åã«éžæããŸããã¿ã€ãã«ããã³ããã¹ãã¯ãããã°ã€ã³ããŒãžã«ã¹ã¿ãã€ãºãã»ã¯ã·ã§ã³ã®ããããã¹ ããããã¿ãã§åãããã¹ãããã«å¯ŸããŠå®çŸ©ããŸãã ã㊠ãã£ãŒäžè¬ãªãã·ã§ã³ ããã«ã¯ãæéåãã«ãªã£ãããŠãã£ãŒãããŒã¿ããŒã¹ããåé€ãããã©ãããåé€ããå Žåã¯äœ æ¥åŸã«åé€ããããæå®ã§ããŸãããããã¹ãããã®ãã°ã«ã¯ãåŒãç¶ãåé€ãããããŠãã£ãŒã® æ å ±ã衚瀺ãããŸãã Walle d Gar d e n ãã¹ã¯ãŒããããŠãã£ãŒã³ãŒããå ¥åããªããŠãããã¹ãŠã®ãŠãŒã¶ãåžžã«ã¢ã¯ã»ã¹ã§ããç¹å®ã®ã ã¹ããŸãã¯ãããã¯ãŒã¯ãè¿œå ããŸãã 386 UTM 9 管çã¬ã€ã 13 Web ãµãŒããããã¯ã·ã§ã³ ãã®ç« ã§ã¯ãWeb ãµãŒããæ»æãæªæããè¡çºããä¿è·ããSophos UTMã® Web ã¢ããªã±ãŒã·ã§ã³ ãã¡ã€ã¢ãŠã©ãŒã«ãèšå®ããæ¹æ³ã説æããŸãã ãã®ç« ã§ã¯ã次ã®ãããã¯ã«ã€ããŠèª¬æããŸãã l WAF l 蚌ææžç®¡ç 13.1 WAF Sophos UTM㧠Web ã¢ããªã±ãŒã·ã§ã³ãã¡ã€ã¢ãŠã©ãŒã« (WAFããããã¯ãªããŒã¹ãããã·) ã䜿çšã ããšãWeb ãµãŒããã¯ãã¹ãµã€ãã¹ã¯ãªããã£ã³ã° (XSS)ãSQL ã€ã³ãžã§ã¯ã·ã§ã³ããã£ã¬ã¯ããªãã©ã㌠ãµã«ãªã©ã®æ»æãæªæããè¡çºããããã¯ãã®ä»ã®æœåšçãªæ»æããé²åŸ¡ããããšãã§ã㟠ããDNAT ã«ãŒã«ã䜿çšããŠæ¬åœã®ãã·ã³ã«å€æãããå€éšã¢ãã¬ã¹ (ä»®æ³ãµãŒã) ãå®çŸ©ããã ãšãã§ããŸããããã§ãæ§ã ãªãã¿ãŒã³ãšæ€åºæ¹æ³ã䜿çšããŠããµãŒããä¿è·ããããšãã§ããŸãã ç°¡åã«èšããšãUTMã®ãã®ãšãªã¢ã§ã¯ãWeb ãµãŒãããéåä¿¡ããããªã¯ãšã¹ãã«ãå©çšæ¡ä»¶ãé© çšããããšãã§ããŸãããŸããè€æ°ã®ã¿ãŒã²ããã®éã§ã®ããŒããã©ã³ã·ã³ã°ãå¯èœã«ãªããŸãã 13.1.1 ã°ããŒãã« ãWAF > ã°ããŒãã« ãã¿ãã§ã¯ãWeb ã¢ããªã±ãŒã·ã§ã³ãã¡ã€ã¢ãŠã©ãŒã« (WAF) ãæå¹ãŸãã¯ç¡å¹ã« ã§ããŸãã 泚 â WAF ãæå¹ã«ããåã«ããä»®æ³ Web ãµãŒã ãã¿ãã§ä»®æ³ Web ãµãŒãã 1ã€ä»¥äžäœæããå¿ èŠããããŸãã WAF ãæå¹ã«ããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ããã¯ãšã³ãWebãµãŒããŸãã¯ä»®æ³ Web ãµãŒãã 1ã€ä»¥äžäœæããŸãã 詳ããã¯ããããã¯ãšã³ãWebãµãŒãããšãä»®æ³ Web ãµãŒããã®ã»ã¯ã·ã§ã³ãåç §ããŠãã ããã 2. Web ã¢ããªã±ãŒã·ã§ã³ãã¡ã€ã¢ãŠã©ãŒã«ãæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããç·è²ã«ãªããWeb ã¢ããªã±ãŒã·ã§ã³ãã¡ã€ã¢ãŠã©ãŒã«ãæå¹ã«ãªããŸãã 13.1 WAF 13 Web ãµãŒããããã¯ã·ã§ã³ ã©ã€ãã ã° WAF ã©ã€ããã°ã¯ãWAF ã€ãã³ãã«é¢ãããããã°æ å ±ãæäŸããŸãããã©ã€ããã°ãéãããã¿ã³ ãã¯ãªãã¯ãããšãæ°ãããŠã£ã³ããŠã§ WAF ã©ã€ããã°ãéããŸãã 13.1.2 ä»®æ³ Web ãµãŒã ãWAF > ä»®æ³ Web ãµãŒã ãã¿ãã§ã¯ãä»®æ³ Web ãµãŒããäœæã§ããŸãããããã® Web ãµãŒã ã¯ãUTMã®äžéšãšããŠãã€ã³ã¿ãŒããããš Web ãµãŒãã®éã®ãã¡ã€ã¢ãŠã©ãŒã«ãæ§ç¯ããŸãããã®ã ãããã®ãããªä»å ¥ããªããŒã¹ãããã·ãšãåŒã³ãŸããUTMã¯ãWeb ãµãŒããžã®ãªã¯ãšã¹ãããã㯠ã¢ããããããã¯ãšã³ãWebãµãŒããæ§ã ãªæ»æããä¿è·ããŸããããããã®ä»®æ³ãµãŒãã¯ãã㯠ãšã³ãWebãµãŒãã«ãããã³ã°ãããŠãããã©ã®ãããªä¿è·ã¬ãã«ãé©çšãããã決å®ããŸãã㟠ããè€æ°ã®ããã¯ãšã³ãWebãµãŒãã 1ã€ã®ä»®æ³ Web ãµãŒãå®çŸ©ã§äœ¿çšããããšãã§ããŸãããã ã«ãããããã¯ãšã³ãWebãµãŒãã®ããŒããã©ã³ã·ã³ã°ãå®è¡ã§ããŸãã ä»®æ³ãµãŒããè¿œå ããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãæ°èŠä»®æ³ Web ãµãŒã ããã¿ã³ãã¯ãªãã¯ããŸãã ãæ°èŠä»®æ³ Web ãµãŒããäœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ä»®æ³ Web ãµãŒãã説æããååãå ¥åããŠãã ããã ã€ã³ã¿ãã§ãŒã¹:Web ãµãŒãã«å°éããããã«äœ¿çšããã€ã³ã¿ãã§ãŒã¹ãããããããŠã³ãªã¹ã ããéžæããŸãã ã¿ã€ã:ã¯ã©ã€ã¢ã³ããšä»®æ³ Web ãµãŒãã®éã®éä¿¡ãæå·åããã (HTTPS) ããªãã (HTTP) ã決å®ããŸãã ããŒã:ä»®æ³ Web ãµãŒãã«å€éšããå°éå¯èœãªããŒãçªå·ãå ¥åããŸããããã©ã«ãã¯ã㌠ã80 (HTTP ) ãšããŒã443 (HTTPS) ã§ãã 蚌ææž (HTTPSã®ã¿):ããããããŠã³ãªã¹ããã Web ãµãŒãã®èšŒææžãéžæããŸãã蚌ææž ã¯äºåã« Web ãµãŒãäžã«äœæããã蚌ææžç®¡ç > 蚌ææž ãã¿ãã§ã¢ããããŒãããŠããå¿ èŠ ããããŸãã ãã¡ã€ã³:ãã®ãã£ãŒã«ãã«ã¯ã蚌ææžã®äœæããããã¹ãåã衚瀺ãããŸãã ãã¡ã€ã³ (SAN 蚌ææžã®ã¿):WAFã¯ãSAN (Subject Alternative Name) 蚌ææžããµã㌠ãããŸãã蚌ææžã§ã«ããŒããããã¹ãŠã®ãã¹ãåããã®ããã¯ã¹ã«ãªã¹ããããŸãã ç¶ããŠããã¹ãåã®åã«ãããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŠãè€æ°ã®ãã¹ãåã éžæããããšãã§ããŸãã 388 UTM 9 管çã¬ã€ã 13 Web ãµãŒããããã¯ã·ã§ã³ 13.1 WAF ãã¡ã€ã³ (HTTP ã®ã¿):Web ãµãŒãã責任ãæã€ãã¡ã€ã³ã FQDN ãšããŠå ¥åããŸã (äŸ: shop.example.com)ã ããã¯ãšã³ãWebãµãŒã:ãã¡ã€ã¢ãŠã©ãŒã«ãããã¡ã€ã«ãé©çšãã Web ãµãŒãã®åã«ãã ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŸãããã©ãŒãªã³ã° Web ãµãŒããããå Žåãè€æ°ã® Web ãµãŒããéžæããããšãã§ããŸããããã©ã«ãã§ã¯ãéžæãã Web ãµãŒãéã§ãã©ãã£ãã¯ã® ããŒããã©ã³ã·ã³ã°ãè¡ãããŸãããªã¯ãšã¹ãã®ã«ãŠã³ãã¢ã«ãŽãªãºã ã«ãããåæ°èŠãªã¯ãš ã¹ãããçŸåšæå¹ãªãªã¯ãšã¹ãæ°ãäžçªå°ãªã Web ãµãŒãã«èªåã§å²ãåœãŠãããŸããããµ ã€ããã¹ã«ãŒãã£ã³ã°ãã¿ãã§ã¯ã詳现ãªè² è·åæ£ã«ãŒã«ãæå®ã§ããŸãã ãã¡ã€ã¢ãŠã©ãŒã«ãããã¡ã€ã«:ããããããŠã³ãªã¹ããããã¡ã€ã¢ãŠã©ãŒã«ãããã¡ã€ã«ãéžæ ããŸãããã®ãããã¡ã€ã«ã¯ãéžæãã Web ãµãŒããä¿è·ããããã«é©çšãããŸãããŸãã ãã¡ã€ã¢ãŠã©ãŒã«ãããã¡ã€ã«ãäžå䜿çšããªãå Žåã¯ããããã¡ã€ã«ãªãããéžæã§ããŸãã HTML ãªã©ã€ãã£ã³ã°ãæå¹å (ãªãã·ã§ã³):ãã®ãªãã·ã§ã³ãéžæãããšãè¿ããã Web ããŒãž ã®ãªã³ã¯ããæžãæããããããªã³ã¯ãæå¹ã«ä¿ãããŸããäŸ:ããã¯ãšã³ãWebãµãŒãã®ã€ ã³ã¹ã¿ã³ã¹ã® 1ã€ããyourcompany.localãšãããã¹ãåã§ããããUTMã§ã®ä»®æ³ãµãŒã ã®ãã¹ãåãyourcompany.comã§ããããããã£ãŠã<a href="http://yourcompany.local/"> ã®ãããªçµ¶å¯Ÿãªã³ã¯ã¯ãã¯ã©ã€ã¢ã³ããžã®é ä¿¡ åã«ãªã³ã¯ã <a href="http://yourcompany.com/"> ã«æžãæããªããã°ç ŽæããŠã ãŸããŸãããã ããWeb ãµãŒã㧠yourcompany.com ãèšå®ãããŠããããWeb ããŒãžã® å éšãªã³ã¯ãåžžã«çžå¯Ÿãªã³ã¯ãšããŠè¡šçŸãããŠããå Žåã«ã¯ããã®ãªãã·ã§ã³ãæå¹ã«ãã å¿ èŠã¯ãããŸãããMicrosoft ã® Outlook Web Access ã Sharepoint Portal Server ã§ã¯ããã® ãªãã·ã§ã³ã䜿çšããããšãæšå¥šããŸãã 泚 â äžéšã®ãªã³ã¯ãæ£ããæžãæãããããç¡å¹ãšãªãå ŽåããããŸãããªã³ã¯ãäžè²«ã㊠ãã©ãŒããããããããWeb ãµã€ãã®äœè ã«äŸé ŒããŠãã ããã URL ãªã©ã€ãã£ã³ã°ãšã¯å¥ã«ãHTML ãªã©ã€ãã£ã³ã°æ©èœã§ããæ£ãããã©ãŒããããããŠããªã HTML ã次ã®ããã«ä¿®æ£ããããšãã§ããŸãã o DOM ããªãŒã§ã<title> ã¿ã°ããããŒã html > title ããæ£ãã html > head > title ã«ç§»åãã o HTML å±æ§å€ãå²ãåŒçšç¬Šãä¿®æ£ãã (äŸ: name="value"" ã name="value" ã« ãªã) UTM 9 管çã¬ã€ã 389 13.1 WAF 13 Web ãµãŒããããã¯ã·ã§ã³ 泚 â HTML ãªã©ã€ãã£ã³ã°ã¯ãHTTP ã³ã³ãã³ãã¿ã€ãã text/* ãŸã㯠*xml* (* ã¯ã¯ã€ã« ãã«ãŒã) ã®ãã¹ãŠã®ãã¡ã€ã«ã«åœ±é¿ããŸãããã€ããªãã¡ã€ã«ãªã©ã®ä»ã®ãã¡ã€ã«ã¿ã€ãã® HTTP ã³ã³ãã³ãã¿ã€ããæ£ããããšã確èªããŠãã ãããã³ã³ãã³ãã¿ã€ããééã£ãŠãã ãšãHTML ãªã©ã€ãã£ã³ã°æ©èœã«ããç Žæããå¯èœæ§ããããŸãã ã¯ãã¹ãªãã¡ã¬ã³ã¹ â 詳ããã¯ãlibxmlã ãã¥ã¡ã³ããåç §ããŠãã ãã (http://xmlsoft.org/html/libxml-HTMLparser.html)ã ãã¹ããããããã¹ (ãªãã·ã§ã³):ãã®ãªãã·ã§ã³ãéžæãããšãã¯ã©ã€ã¢ã³ãã«èŠæ±ããããã¹ ãããããä¿æãããWeb ãªã¯ãšã¹ããšãšãã« Web ãµãŒããžè»¢éãããŸããç°å¢å ã§ããã¹ã ãããã®åãæž¡ããå¿ èŠãã©ããã¯ãWeb ãµãŒãã®èšå®ã«å¿ããŠæ±ºãŸããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã ãµãŒãããä»®æ³ Web ãµãŒã ããªã¹ãã«è¿œå ãããŸãã ä»®æ³ãµãŒãã«è€æ°ã® Web ãµãŒããèšå®ãããŠããå Žåããä»®æ³ Web ãµãŒã ããªã¹ãã«ã¯ãå Web ãµãŒãã®ã¹ããŒã¿ã¹ã¢ã€ã³ã³ã衚瀺ãããŸããWeb ãµãŒãã®ã¹ããŒã¿ã¹ã¢ã€ã³ã³ã¯ããµãŒããæå¹ ã§ãªãå Žåã¯èµ€ããªããŸããWeb ãµãŒããããŠã³ããŠãããå©çšã§ããªãå Žåã¯èµ€è²ããã¹ãŠæ£ åžžã«æ©èœããŠããå Žåã¯ç·è²ã§ãã 13.1.3 ããã¯ãšã³ãWebãµãŒã ãWAF > ããã¯ãšã³ãWebãµãŒã ãã¿ãã§ãWAF ã«ãã£ãŠä¿è·ãã Web ãµãŒããè¿œå ã§ããŸãã Web ãµãŒããè¿œå ããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãæ°èŠããã¯ãšã³ãWebãµãŒã ããã¿ã³ãã¯ãªãã¯ããŸãã ãæ°èŠããã¯ãšã³ãWebãµãŒããäœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:Web ãµãŒãã説æããååãå ¥åããŠãã ããã ãã¹ã:ãã¹ããè¿œå ãŸãã¯éžæããŸãããã¹ãã¯ãã¿ã€ããããã¹ãããŸãã¯ãDNS ãã¹ãã㧠ããããã§ã¯ãDNS ãã¹ãåã®äœ¿çšã匷ãæšå¥šããŸããããã¯ãIP ã¢ãã¬ã¹ã§ãªã¹ãããããã¹ ãã¯ç©ºã®ãã¹ãããããéä¿¡ãããããäžéšã®ãã©ãŠã¶ã§åé¡ãçºçããããã§ãã ã¿ã€ã:UTM ãšWeb ãµãŒãã®éã®éä¿¡ãæå·åããã (HTTPS) ããªãã (HTTP) ã決å®ã㟠ãã 390 UTM 9 管çã¬ã€ã 13 Web ãµãŒããããã¯ã·ã§ã³ 13.1 WAF ããŒã:UTM ãšWeb ãµãŒãã®éã®éä¿¡ã«äœ¿çšããããŒãçªå·ãå ¥åããŸããããã©ã«ã㯠ããŒã80 (HTTP ) ãšããŒã443 (HTTPS) ã§ãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. 次ã®è©³çŽ°èšå®ãä»»æã§è¡ããŸãã HTTP ããŒãã¢ã©ã€ãã®äœ¿çš:ããã©ã«ãã§ã¯ãWAF 㯠HTTP ããŒãã¢ã©ã€ãã䜿çšããŸãã ã€ãŸããHTTP ã®æç¶çæ¥ç¶ãããããšã§ãCPU ãã¡ã¢ãªã®äœ¿çšçã®åæžã«ã€ãªãããŸãã ãŸãã«ããã¯ãšã³ãWebãµãŒã㧠HTTP ããŒãã¢ã©ã€ãããæ£ããæ©èœããªãããšããããèª ã¿èŸŒã¿ãšã©ãŒãã¿ã€ã ã¢ãŠããèµ·ããããšããããŸãããã®å Žåã¯ã該åœã® Web ãµãŒãã§ã ã®æ©èœãç¡å¹ã«ããå¿ èŠããããŸããä»®æ³ Web ãµãŒãã«å¯ŸããŠãHTTP ããŒãã¢ã©ã€ãæ© èœãç¡å¹ã«ãªã£ãŠããããã¯ãšã³ãWebãµãŒããå°ãªããšã 1å°å²ãåœãŠãããŠããå Žåãã ã®ä»®æ³ Web ãµãŒãã«å²ãåœãŠãããŠãããã¹ãŠã®ããã¯ãšã³ãWebãµãŒãã§ãã®æ©èœã¯èª åçã«ç¡å¹ã«ãªããŸãã 4. ãä¿å ããã¯ãªãã¯ããŸãã ãµãŒãããããã¯ãšã³ãWebãµãŒã ããªã¹ãã«è¿œå ãããŸãã ããã§ãä»®æ³ Web ãµãŒã ãã¿ãã§ååšãã Web ãµãŒãããã¡ã€ã¢ãŠã©ãŒã«ãããã¡ã€ã«ã«å²ãåœãŠã ããããã«ãªããŸãã 13.1.4 ãã¡ã€ã¢ãŠã©ãŒã«ãããã¡ã€ã« ãWAF > ãã¡ã€ã¢ãŠã©ãŒã«ãããã¡ã€ã« ãã¿ãã§ã¯ãWeb ãµãŒãã®ä¿è·ã¢ãŒããšã¬ãã«ãå®çŸ©ãã WAF ãããã¡ã€ã«ãäœæã§ããŸãã WAF ãããã¡ã€ã«ãäœæããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ãæ°èŠãã¡ã€ã¢ãŠã©ãŒã«ãããã¡ã€ã« ããã¿ã³ãã¯ãªãã¯ããŸãã ããã¡ã€ã¢ãŠã©ãŒã«ãããã¡ã€ã«ã®äœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãããã¡ã€ã«ã説æããååãå ¥åããŠãã ããã Outlook Anywhere ããã¹:å€éšã® Microsoft Outlook ã¯ã©ã€ã¢ã³ãã«å¯ŸããWAF çµç±ã§ Microsoft Exchange Server ãžã®ã¢ã¯ã»ã¹ãèš±å¯ããŸããMicrosoft Outlook ã®ãã©ãã£ãã¯ã¯ WAF ã«ãããã§ãã¯ãä¿è·ãåããŸããã ã¢ãŒã:ããããããŠã³ãªã¹ãããã¢ãŒããéžæããŸãã l ã¢ãã¿:HTTP ãªã¯ãšã¹ããã¢ãã¿ãªã³ã°ãããã°ã«èšé²ããŸãã l ãªãžã§ã¯ã:HTTP ãªã¯ãšã¹ãã¯æåŠãããŸãã UTM 9 管çã¬ã€ã 391 13.1 WAF 13 Web ãµãŒããããã¯ã·ã§ã³ l ç Žæ£:HTTP ãªã¯ãšã¹ãã¯ç Žæ£ãããŸãã éžæããã¢ãŒãã¯ãHTTP ãªã¯ãšã¹ããäžã§éžæããããããã®æ¡ä»¶ãšåèŽããŠããå Žåã« é©çšãããŸãã ã¯ãã¹ãµã€ãã¹ã¯ãªããã£ã³ã° (XSS) ãã£ã«ã¿:Web ãµãŒããã¯ãã¹ãµã€ãã¹ã¯ãªããã£ã³ã°ãã ä¿è·ããŸãããã®ããã«ãHTML ãã©ãŒã ããã®ä»ã®å ¥åãã£ãŒã«ãããããŒãµã«ã㣠ãŠãHTML ããã³ CSS ã³ãã³ãã䜿çšããŠãã§ãã¯ãããŸãã SQL ã€ã³ãžã§ã¯ã·ã§ã³ãã£ã«ã¿:Web ãµãŒãã SQL ã€ã³ãžã§ã¯ã·ã§ã³ããä¿è·ããŸãããã®ãã ã«ãHTML ãã©ãŒã ããã®ä»ã®å ¥åãã£ãŒã«ãããããŒãµã«ãã£ãŠãSQL ã³ãã³ãã䜿çšã㊠ãã§ãã¯ãããŸãã Cookie 眲å:Web ãµãŒãã Cookie ã®æªçšããä¿è·ããŸããWeb ãµãŒãã Cookie ãã»ãããã ãšãæåã® Cookie ã«å¯Ÿã㊠2ã€ç®ã® Cookie ãè¿œå ãããŸãããã® Cookie ã«ã¯ãæåã® Cookie ã®ååãå€ãã·ãŒã¯ã¬ããããæ§æãããããã·ã¥ãå«ãŸããŠãããã·ãŒã¯ã¬ãã㯠WAF ã«ãã£ãŠã®ã¿èªèãããŸãããããã£ãŠããªã¯ãšã¹ãã«ãã£ãŠæ£ãã Cookie ãã¢ãæäŸ ãããªãå Žåã¯ãããçš®ã®æªçšãè¡ãããå¯èœæ§ããããCookie ã¯ç Žæ£ãããŸãã URL ããŒããã³ã°:URL æžãæãããä¿è·ããŸãããã®ããã«ãã¯ã©ã€ã¢ã³ãã Web ãµã€ãã èŠæ±ãããšããã® Web ãµã€ãã®ãã¹ãŠã® URL ã«å¯ŸããŠçœ²åãè¡ãããŸãããã®çœ²åæé ã¯ãCookie 眲åãšäŒŒãŠããŸããããã«ã次ã«ã©ã®ãªã³ã¯ãæå¹ã«èŠæ±ã§ããã®ãã«ã€ã ãŠãWeb ãµãŒãããã®å¿çã解æãããŸããããŒããã³ã°ããã URL ãããã¯ããŒã¯ããåŸ ã§ã¢ã¯ã»ã¹ããããšãã§ããŸãããšã³ã㪠URL ãå®çŸ©ããæ¹æ³ãã以äžã®ããããããéžæ ããŸãã l ãšã³ã㪠URL ãæåã§æå®:Web ãµã€ãã®ãšã³ã㪠URL ãšããŠæ©èœãã URL ãå ¥åã ãŸããããã«ããã眲åãäžèŠã«ãªããŸãããããã® URL ã¯ã http://shop.example.com/products/ ãhttps://shop.example.com/products/ããŸãã¯/products/ãšããæ§æã«æº æ ããŠããå¿ èŠããããŸãã 392 l ã¢ããããŒããã Google ãµã€ãããããã¡ã€ã«ããã®ãšã³ã㪠URL:ããã§ãWeb ãµã€ãã® æ§é ã«é¢ããæ å ±ãå«ãŸãããµã€ãããããã¡ã€ã«ãã¢ããããŒãããŸãããµã€ããã ããã¡ã€ã«ã¯ãXML 圢åŒã§ããã¬ãŒã³ããã¹ã圢åŒã§ãã¢ããããŒãã§ããŸããåŸè ã® ãã¡ã€ã«ã¯ URL ã®ãªã¹ãã®ã¿ãå«ãŸããŸãããããã¡ã€ã«ãä¿åãããšããµã€ãããã ãã¡ã€ã«ã¯ WAF ã«ãã£ãŠæ§æ解æãããŸãã l Googleãµã€ããããURLããã®ãšã³ããªURL:UTM ã«ãWeb ãµã€ãã®æ§é ã«é¢ããæ å ± ãå«ãŸãããµã€ãããããã¡ã€ã«ããå®çŸ©ããã URL ããããŠã³ããŒããããããšã㧠ããŸãããã®ãã¡ã€ã«ã«ã¢ããããŒãããªããå®æçã«ãã§ãã¯ããããšãã§ããŸããã UTM 9 管çã¬ã€ã 13 Web ãµãŒããããã¯ã·ã§ã³ 13.1 WAF ããã¡ã€ã«ãä¿åãããšããµã€ãããããã¡ã€ã«ã¯ããŠã³ããŒããããWAF ã«ãã£ãŠæ§æ 解æãããŸãã URL:ãµã€ãããããžã®ãã¹ã絶察 URL ãšããŠå ¥åããŸãã æŽæ°:ããããããŠã³ãªã¹ãããæŽæ°ééãéžæããŸãããæå ããéžæãããšããµã€ã ãããã¯ãã®ãããã¡ã€ã«ã®æŽæ°ãä¿åããå Žåã«ã®ã¿æŽæ°ãããŸãã 泚 â URL ããŒããã³ã°ã¯ãHTTP ã³ã³ãã³ãã¿ã€ãã text/* ãŸã㯠*xml* (* ã¯ã¯ã€ã«ã ã«ãŒã) ã®ãã¹ãŠã®ãã¡ã€ã«ã«åœ±é¿ããŸãããã€ããªãã¡ã€ã«ãªã©ã®ä»ã®ãã¡ã€ã«ã¿ã€ãã® HTTP ã³ã³ãã³ãã¿ã€ããæ£ããããšã確èªããŠãã ãããã³ã³ãã³ãã¿ã€ããééã£ãŠãã ãšãURL ããŒããã³ã°æ©èœã«ããç Žæããå¯èœæ§ããããŸãã ãã©ãŒã ããŒããã³ã°:Web ãã©ãŒã ã®æžãæãããä¿è·ããŸãããã©ãŒã ããŒããã³ã° ã¯ãWeb ãã©ãŒã ã®ãªãªãžãã«æ§é ãä¿æãã眲åããŸãããã®ããããã©ãŒã ã®éä¿¡æã« ãã©ãŒã ã®æ§é ãå€æŽããããšããµãŒãã¯èŠæ±ãæåŠããŸãã 泚 â ãã©ãŒã ããŒããã³ã°ã¯ãHTTP ã³ã³ãã³ãã¿ã€ãã text/* ãŸã㯠*xml* (* ã¯ã¯ã€ã« ãã«ãŒã) ã®ãã¹ãŠã®ãã¡ã€ã«ã«åœ±é¿ããŸãããã€ããªãã¡ã€ã«ãªã©ã®ä»ã®ãã¡ã€ã«ã¿ã€ãã® HTTP ã³ã³ãã³ãã¿ã€ããæ£ããããšã確èªããŠãã ãããã³ã³ãã³ãã¿ã€ããééã£ãŠãããšã ãã©ãŒã ããŒããã³ã°æ©èœã«ããç Žæããå¯èœæ§ããããŸãã ã¢ã³ããŠã€ã«ã¹ã¹ãã£ã³:ãã®ãªãã·ã§ã³ãéžæããŠãWeb ãµãŒãããŠã€ã«ã¹ããé²åŸ¡ããŸãã AV ãšã³ãžã³:Sophos UTMSophos UTM ã¯ãæé«ã®ã»ãã¥ãªãã£ãå®çŸããããŸããŸãªã¢ ã³ããŠã€ã«ã¹ãšã³ãžã³ãåããŠããŸãã l ã·ã³ã°ã«ã¹ãã£ã³:ããã©ã«ãèšå®ããã¹ãã£ã³èšå® ãã¿ãã«å®çŸ©ããããšã³ãžã³ ã䜿çšããŠæé«ã¬ãã«ã®ããã©ãŒãã³ã¹ãå®çŸããŸãã l ãã¥ã¢ã«ã¹ãã£ã³:åãã©ãã£ãã¯ã«å¯Ÿããç°ãªããŠã€ã«ã¹ã¹ãã£ãã䜿çšããŠã¹ ãã£ã³ã 2åè¡ãããšã«ãããæ€åºçãæ倧éã«é«ããŸããããŒã·ãã¯ã¬ãŒããµ ãã¹ã¯ãªãã·ã§ã³ã§ã¯ãã¥ã¢ã«ã¹ãã£ã³ã¯å©çšã§ããŸããã ã¹ãã£ã³:ããããããŠã³ãªã¹ããããã¢ããããŒããŸãã¯ããŠã³ããŒãã®ãããããã¹ ãã£ã³ãããããã®äž¡æ¹ãã¹ãã£ã³ããããéžæããŸãã ã¹ãã£ã³äžå¯ã³ã³ãã³ãã®ãããã¯:ãã®ãªãã·ã§ã³ãéžæããŠãã¹ãã£ã³ã§ããªããã¡ã€ ã«ããããã¯ããŸããã¹ãã£ã³ã§ããªãçç±ã¯ããã€ããããŸããããã¡ã€ã«ãæå·å ãããŠããããç ŽæããŠããå¯èœæ§ããããŸãã UTM 9 管çã¬ã€ã 393 13.1 WAF 13 Web ãµãŒããããã¯ã·ã§ã³ äœã¬ãã¥ããŒã·ã§ã³ã®ã¯ã©ã€ã¢ã³ãããããã¯:GeoIP ããã³ RBL æ å ±ã«åºã¥ããŠãè©å€ã®æª ãã¯ã©ã€ã¢ã³ããåé¡ã«åŸã£ãŠãããã¯ããããšãã§ããŸããSophosã§ã¯æ¬¡ã®åé¡ãããã€ã ãå©çšããŸãã RBL ãœãŒã¹ïŒ l Commtouch IP Reputation( ctipd.org) l dnsbl.proxybl.org l http.dnsbl.sorbs.net GeoIP ãœãŒã¹ã¯ Maxmind ã§ããWAF ã¯ã次ã®ããããã® Maxmind ã«ããŽãªã«å±ã ãã¯ã©ã€ã¢ã³ãããããã¯ããŸãã l A1:ã¯ã©ã€ã¢ã³ãã«ãã£ãŠãIP ã¢ãã¬ã¹ãæ¬æ¥ã®æåšå°ãé ãããã«äœ¿çšãããå¿ åãããã·ãŸã㯠VPN ãµãŒãã¹ã l A2:è¡æãããã€ããšã¯ãè¡æãå©çšããŠäžçäžã® (å€ãã®å Žåãé«ãªã¹ã¯ãªåœã®) ãŠãŒã¶ã«ã€ã³ã¿ãŒãããã¢ã¯ã»ã¹ãæäŸããŠãã ISP ã§ãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. 次ã®è©³çŽ°èšå®ãä»»æã§è¡ããŸãã WAF ã«ãŒã«ã®ã¹ããã:ãã®ããã¯ã¹ã«ã誀æ€åºãªã©ãçç±ã§çŸåšã®ãããã¡ã€ã«ã§ã¹ããã ããã WAF ã«ãŒã«çªå·ãè¿œå ããŸãããããã® WAF ã«ãŒã«çªå·ã¯ãããã°ãšã¬ããŒã > WAF > 詳现 ãããŒãžã§ããäžäœã«ãŒã« ããã£ã«ã¿ã䜿çšããŠååŸã§ããŸãã äœã¬ãã¥ããŒã·ã§ã³ã®ã¯ã©ã€ã¢ã³ãã«å¯Ÿãããªã¢ãŒãã«ãã¯ã¢ãããã¹ããã:è©å€ã«ãã¯ã¢ãã ã«ã¯ãªã¢ãŒãåé¡ãããã€ããžã®èŠæ±ã®éä¿¡ãå«ãŸãããããè©å€ã«åºã¥ããããã¯æ©èœã 䜿çšãããšãã·ã¹ãã ã®ããã©ãŒãã³ã¹ãäœäžããå¯èœæ§ããããŸãããã®ãã§ãã¯ããã¯ã¹ ã¯ãGeoIP ã«åºã¥ãåé¡ã䜿çšããå Žåã«ã®ã¿ããã§ãã¯ãå ¥ããŠãã ããããã®å Žåã ãã£ãã·ã¥ãããæ å ±ã䜿çšãããããããã©ãŒãã³ã¹ã¯å€§å¹ ã«åäžããŸãã 4. ãä¿å ããã¯ãªãã¯ããŸãã æ°ãã WAF ãããã¡ã€ã«ãããã¡ã€ã¢ãŠã©ãŒã«ãããã¡ã€ã« ããªã¹ãã«è¿œå ãããŸãã URL ããŒããã³ã°ãšãã©ãŒã ããŒããã³ã°ã«é¢ããè¿œå æ å ± URL ããŒããã³ã°ãšãã©ãŒã ããŒããã³ã°ã®äž¡æ¹ãæå¹åããããšãæšå¥šããŸããããã 2ã€ã®æ©èœ ã¯çžè£çãªã®ã§ãããããäžæ¹ã ãæå¹åããå Žåã«èµ·ããåŸãåé¡ã解決ããããšãã§ã㟠ãã l 394 ãã©ãŒã ããŒããã³ã°ã ãæå¹åããå Ž å:http://example.com/?view=article&id=1 ãªã©ã®ããã«ãWeb ããŒãžã«è¿œå ã¯ãš UTM 9 管çã¬ã€ã 13 Web ãµãŒããããã¯ã·ã§ã³ 13.1 WAF ãªã®ä»ãããã€ããŒãªã³ã¯ãå«ãŸããŠããå Žå (ç¹å®ã® CMS ãªã©)ããã®ãããªããŒãžèŠæ± ã¯ããã©ãŒã ããŒããã³ã°ã眲åãæ¢ããŠããŸãããã®çœ²åãèŠã€ãããªãããã«ãããã¯ã ããŸãã l URLããŒããã³ã°ã ãæå¹åããå Žå:Web ãã©ãŠã¶ããã©ãŒã ããŒã¿ã Web ãã©ãŒã ã® form ã¿ã°ã®ã¢ã¯ã·ã§ã³ URL ã«è¿œå ããå Žå (GET èŠæ±ãªã©)ããã©ãŒã ããŒã¿ã¯ Web ãµãŒ ãã«éä¿¡ãããèŠæ± URL ã®äžéšãšãªããURL 眲åãç¡å¹ã«ãªããŸãã äž¡æ¹ã®æ©èœãæå¹åããããšã§åé¡ã解決ããã®ã¯ããã©ãŒã ããŒããã³ã°ãš URL ããŒããã³ã° ã®ãããããèŠæ±ãæå¹ã ãšã¿ãªããšããµãŒããèŠæ±ãåãä»ããããã§ãã Outlook Web Access Outlook Web Access (OWA) çšã® WAF ã®æ§æã¯ãããªã¹ã¯ã䌎ããŸããããã¯ãOWA ããããªã㯠IP ããã®èŠæ±ããå éš LAN IP ããã® OWA Web ãµã€ããžã®èŠæ±ãšã¯å¥ã®æ¹æ³ã§åŠçãããã㧠ããOWA ã® URL ã«ã¯ãªãã€ã¬ã¯ããè¿œå ãããŸããå€éšã¢ã¯ã»ã¹ã®ããã«ã¯å€éš FQDN ã䜿çšã ããŸãããå éšèŠæ±ã«ã¯å éšãµãŒãã® IP ã¢ãã¬ã¹ã䜿çšãããŸãã 解決çã¯ãOWA Web ãµãŒãã® WAF ãããã¡ã€ã«ã§ãOWA ãã£ã¬ã¯ããªããšã³ã㪠URL ãšããŠèšå®ã ãããšã§ã (äŸ: http://webserver/exchange/)ãããã«ããã¹ /exchange/* ã® URL ããŒãã ã³ã°ãã¹ãããããé€å€ãäœæããCookie 眲åãä»®æ³ãµãŒãã«å¯ŸããŠå®å šã«ç¡å¹åããå¿ èŠãã ããŸãã 13.1.5 é€å€ ãWAF > é€å€ ãã¿ãã§ã¯ãç¹å®ã®ãã§ãã¯ããé€å€ããã Web ãªã¯ãšã¹ããéä¿¡å ãããã¯ãŒã¯ãå® çŸ©ã§ããŸãã 1. ãé€å€ ãã¿ãã§ããæ°èŠé€å€ãªã¹ãããã¯ãªãã¯ããŸãã ãé€å€ãªã¹ããäœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:é€å€ã説æããååãå ¥åããŠãã ããã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã å®è¡ããªããã§ãã¯:ã¹ãããããã»ãã¥ãªãã£ãã§ãã¯ãéžæããŸãã å¯Ÿè±¡ä»®æ³ Web ãµãŒã:ããããããŠã³ãªã¹ããããéžæããããã§ãã¯ããé€å€ããä»®æ³ Web ãµãŒããéžæããŸãã 察象ãªã¯ãšã¹ã:ããããããŠã³ãªã¹ãããèŠæ±ã®å®çŸ©ãéžæããŸããAND ãŸã㯠OR ãäœ¿çš ããŠã2ã€ã®èŠæ±ã®å®çŸ©ãè«ççã«çµã¿åãããããšãã§ããŸãã UTM 9 管çã¬ã€ã 395 13.1 WAF 13 Web ãµãŒããããã¯ã·ã§ã³ ãããã¯ãŒã¯:ã¯ã©ã€ã¢ã³ãèŠæ±ã®çºä¿¡å ã§ãããéžæããããã§ãã¯ããé€å€ããé ä¿¡å ãããã¯ãŒã¯ãè¿œå ãŸãã¯éžæããŸãã ãã¹:éžæããããã§ãã¯ããé€å€ãããã¹ãã/products/images/* ã®ãããªåœ¢åŒ ã§è¿œå ããŸãã 3. 次ã®è©³çŽ°èšå®ãä»»æã§è¡ããŸãã URL/ãã©ãŒã ããŒããã³ã°å®è¡æã« HTML ãå€æŽããªã:éžæãããšãå®çŸ©ããé€å€èšå®ãš äžèŽããããŒã¿ãWAFãšã³ãžã³ã«ããå€æŽãããŸããããã®ãªãã·ã§ã³ã䜿çšãããšãæ¬ Web ãµãŒãã«ããæ£ãããªãããã¹ã/HTML ã³ã³ãã³ããæäŸããããã€ããªããŒã¿ãç Žæããã ãšããããŸããããã®äžæ¹ã§ãæå¹åããã URL ããŒããã³ã°ãHTML ãªã©ã€ãã£ã³ã°ããŸã ã¯ãã©ãŒã ããŒããã³ã°ã«ãã£ãŠ Web ãªã¯ãšã¹ãããããã¯ãããããšããããŸãããããã® 3 ã€ã®æ©èœã¯ HTML ããŒãµãŒã䜿çšãããããããçšåºŠ Web ããŒãžã³ã³ãã³ãã®å€æŽã«äŸå ããŸããæãŸãããªããããã¯ãåé¿ããã«ã¯ããããã¯ã®åœ±é¿ãåããèŠæ±ã«å¯Ÿã㊠URL ããŒããã³ã°/ãã©ãŒã ããŒããã³ã°ãã¹ãããããŸãããã®èšå®ã¯ãWeb ãµãŒãã Web ã㌠ãžã®äŸåé¢ä¿ã«å¿ããŠãå¥ã®é€å€ãæ°ããé€å€ã§è¡ãããšãå¿ èŠãªå ŽåããããŸãã 4. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããé€å€ããé€å€ ããªã¹ãã«è¡šç€ºãããŸãã 5. é€å€ãªã¹ããæå¹ã«ããŸãã æ°ããé€å€ã¯ããã©ã«ãã§ç¡å¹ã«ãªã£ãŠããŸã (ãã°ã«ã¹ã€ããã¯ã°ã¬ãŒè¡šç€º)ãäŸå€ãæå¹ ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ããã§é€å€ãªã¹ããæå¹ã«ãªããŸã (ãã°ã«ã¹ã€ããã¯ç·è²)ã é€å€ã«ãŒã«ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 13.1.6 ãµã€ããã¹ã«ãŒãã£ã³ã° ãWAF > ãµã€ããã¹ã«ãŒãã£ã³ã°ãã¿ãã§ã¯ãå€éšããåä¿¡ãããªã¯ãšã¹ãã転éããããã¯ãšã³ãWeb ãµãŒããå®çŸ©ã§ããŸããããšãã°ã/products ãªã©ã®ç¹å®ãã¹ã®ãã¹ãŠã® URL ãç¹å® Web ãµãŒ ãã«éä¿¡ããããšãå®çŸ©ã§ããŸãããŸããç¹å®ã®ãªã¯ãšã¹ãã«è€æ°ã® Web ãµãŒããèš±å¯ããäžæ¹ ã§ããããã®ãµãŒãéã§ãªã¯ãšã¹ããåæ£ããããã®ã«ãŒã«ãè¿œå ããããšãã§ããŸããããšãã°ã ã»ãã·ã§ã³ã®æå¹æéãéããŠåã»ãã·ã§ã³ã 1ã€ã® Web ãµãŒãã«é¢é£ä»ããããš (ã¹ãã£ãããŒã»ã ã·ã§ã³) ãå®çŸ©ã§ããŸããããã¯ããªã³ã©ã€ã³ã·ã§ããããã¹ãããŠããå Žåã«ããŠãŒã¶ãã·ã§ããã³ã° ã»ãã·ã§ã³äžã«äœ¿çšãããµãŒãã 1å°ã«åºå®ãããããªã©ã«å¿ èŠã«ãªããŸããããã«ããã¹ãŠã®ãªã¯ ãšã¹ãã 1å°ã® Web ãµãŒãã«éä¿¡ããŠãä»ã®ãµãŒããããã¯ã¢ãããšããŠã®ã¿äœ¿çšããããã«èšå® ããããšãã§ããŸãã 396 UTM 9 管çã¬ã€ã 13 Web ãµãŒããããã¯ã·ã§ã³ 13.1 WAF åä»®æ³ Web ãµãŒãã«ã¯ã1ã€ã®ããã©ã«ããµã€ããã¹ã«ãŒã (/ ã®ãã¹) ãèªåçã«äœæãã㟠ããUTMã§ã¯ãæã劥åœãªæ¹æ³ã§ãµã€ããã¹ã«ãŒããèªåçã«é©çšããæãå³æ Œãªãã¹ãã€ãŸãæ é·ã®ãã¹ããå§ããŠãä»ã®ç¹å®ãµã€ããã¹ã«ãŒããå€éšããåä¿¡ãããªã¯ãšã¹ããšäžèŽããªãå Žå ã«ã®ã¿äœ¿çšãããããã©ã«ããã¹ã«ãŒããŸã§é ã«é©çšããŸãããµã€ããã¹ã«ãŒããªã¹ãã®é åºã¯é èŠã§ã¯ãããŸãããããã©ã«ãã«ãŒããåé€ãããå Žåãªã©ãåä¿¡ãããªã¯ãšã¹ãã«äžèŽããã«ãŒã ããªãå Žåã¯ããªã¯ãšã¹ããæåŠãããŸãã 泚 âããµã€ããã¹ã«ãŒãã£ã³ã°ãã¿ãã¯ã1ã€ä»¥äžã®ãªã¢ããã¯ãšã³ãWebãµãŒããš 1ã€ä»¥äžã®ä»®æ³ ãµãŒããäœæãããŠããå Žåã«ã®ã¿ã¢ã¯ã»ã¹ã§ããŸãã ãµã€ããã¹ã«ãŒããäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãæ°èŠãµã€ããã¹ã«ãŒãããã¿ã³ãã¯ãªãã¯ããŸãã ãæ°èŠãµã€ããã¹ã«ãŒããäœæ ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã å¯Ÿè±¡ä»®æ³ Web ãµãŒã:åä¿¡ãã©ãã£ãã¯ã®å ã®ã¿ãŒã²ãããã¹ããéžæããŸãã ãã®ãã¹çšã«å šãªã¯ãšã¹ããéä¿¡:/productsãªã©ããµã€ããã¹ã«ãŒããäœæãããã¹ãå ¥å ããŸãã ããã¯ãšã³ãWebãµãŒã:æå®ãããã¹ã«äœ¿çšããããã¯ãšã³ãWebãµãŒãã®åã«ãã ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŸããéžæãããŠãããµãŒãã®é åºã¯ãããããã¹ã¿ã³ã〠ã¢ãŒãã§ããã¯ãšã³ããåŠç ããªãã·ã§ã³ã§ã®ã¿æå³ããããŸãããœãŒãã¢ã€ã³ã³ã䜿çšãã ãšãé åºãå€æŽã§ããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. 次ã®è©³çŽ°èšå®ãä»»æã§è¡ããŸãã ã¹ãã£ãããŒã»ãã·ã§ã³ cookie ã«ããããã¯ãšã³ããéžæ:åã»ãã·ã§ã³ã 1ã€ã®ããã¯ãšã³ ãWebãµãŒãã«é¢é£ä»ããå Žåã«ããã®ãªãã·ã§ã³ãéžæããŸãããããæå¹ã«ãããš cookie ããŠãŒã¶ã®ãã©ãŠã¶ã«æž¡ãããããã«ãããã®ãã©ãŠã¶ããã®ãã¹ãŠã®èŠæ±ãåãããã¯ãš ã³ãWebãµãŒãã«ã«ãŒãã£ã³ã°ããããUTMã«æ瀺ãåºãããŸãããµãŒãã䜿çšã§ããªãå Ž åã«ã¯ãcookie ãæŽæ°ããããã»ãã·ã§ã³ãå¥ã® Web ãµãŒãã«åãæ¿ãããŸãã ãããã¹ã¿ã³ãã€ã¢ãŒãã§ããã¯ãšã³ããåŠç:ãã¹ãŠã®ãªã¯ãšã¹ããæåã«éžæããããã¯ãš ã³ãWebãµãŒãã«éä¿¡ããä»ã® Web ãµãŒããããã¯ã¢ãããšããŠã®ã¿äœ¿çšããå Žåã¯ããã® ãªãã·ã§ã³ãéžæããŸããããã¯ã¢ãããµãŒãã¯ãã¡ã€ã³ãµãŒãã«é害ãçºçããå Žåã«ã® ã¿äœ¿çšãããŸãããã¹ãã£ãããŒã»ãã·ã§ã³ cookie ã«ããããã¯ãšã³ããéžæ ããªãã·ã§ã³ãéžæ ããŠããªãéããã¡ã€ã³ãµãŒãã埩æ§ãããšããã«ã»ãã·ã§ã³ãã¡ã€ã³ãµãŒãã«æ»ããŸãã UTM 9 管çã¬ã€ã 397 13.2 蚌ææžç®¡ç 13 Web ãµãŒããããã¯ã·ã§ã³ 4. ãä¿å ããã¯ãªãã¯ããŸãã ãµã€ããã¹ã«ãŒããããµã€ããã¹ã«ãŒãããªã¹ãã«è¿œå ãããŸãã ãµã€ããã¹ã«ãŒããç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 13.1.7 詳现 ãWAF > 詳现 ãã¿ãã§ã¯ãcookie ã®çœ²åãš URL ããŒããã³ã°ã«äœ¿çšããããŒãå®çŸ©ã§ããŸãã Cookie 眲åã㌠ããã§ã¯ãCookie 眲åçšã®çœ²åããŒãšããŠäœ¿çšã§ããã«ã¹ã¿ã ã®ã·ãŒã¯ã¬ãããå ¥åã§ããŸãã U RL ããŒãã㳠㰠眲åã㌠ããã§ã¯ãURL ããŒããã³ã°çšã®çœ²åããŒãšããŠäœ¿çšãããã«ã¹ã¿ã ã®ã·ãŒã¯ã¬ãããå ¥åã§ã㟠ãã ãã©ãŒã ããŒããã³ ã° èšå® ããã§ã¯ããã©ãŒã ããŒããã³ã°ããŒã¯ã³ã®æå·ããŒãšããŠäœ¿çšãããã«ã¹ã¿ã ã®ã·ãŒã¯ã¬ãããå ¥å ã§ããŸããã·ãŒã¯ã¬ãã㯠8æå以äžã«ããå¿ èŠããããŸãã 13.2 蚌ææžç®¡ç ããµã€ãé VPN > 蚌ææžç®¡ç ãã¡ãã¥ãŒãšãWeb ãµãŒããããã¯ã·ã§ã³ > 蚌ææžç®¡ç ã ã¡ãã¥ãŒã«ã¯ã åãèšå®ãªãã·ã§ã³ãå«ãŸããŠããŸãããããã®èšå®ãªãã·ã§ã³ã䜿çšãããšãSophos UTMã®ãã¹ ãŠã®èšŒææžé¢é£ãªãã·ã§ã³ã管çããããšãã§ããŸããããšãã°ã X.509 蚌ææžã®äœæãŸãã¯ã€ã³ ããŒãããCRL (蚌ææžå€±å¹ãªã¹ã) ã®ã¢ããããŒããªã©ãè¡ãããšãã§ããŸãã 13.2.1 蚌ææž ããµã€ãé VPN > 蚌ææžç®¡ç > 蚌ææž ããåç §ããŠãã ããã 13.2.2 èªèšŒå± (CA) ããµã€ãé VPN > 蚌ææžç®¡ç > CAããåç §ããŠãã ããã 398 UTM 9 管çã¬ã€ã 13 Web ãµãŒããããã¯ã·ã§ã³ 13.2 蚌ææžç®¡ç 13.2.3 蚌ææžå€±å¹ãªã¹ã(CRL) ããµã€ãé VPN > 蚌ææžç®¡ç > 蚌ææžå€±å¹ãªã¹ã (CRL)ããåç §ããŠãã ããã 13.2.4 詳现 ããµã€ãé VPN > 蚌ææžç®¡ç > 詳现 ããåç §ããŠãã ããã UTM 9 管çã¬ã€ã 399 14 RED ãããžã¡ã³ã ãã®ç« ã§ã¯ãSophos RED ã®èšå®æ¹æ³ã«ã€ããŠèª¬æããŸããRED 㯠ãªã¢ãŒãã€ãŒãµãããããã€ã¹ (Remote Ethernet Device) ã®ç¥ã§ããªã¢ãŒããªãã£ã¹ (é éå°ã®æ¯åº) ãªã©ããããããããŒã«ã«ããã ã¯ãŒã¯ã®äžéšã§ãããã®ããã«ã¡ã€ã³ãªãã£ã¹ (æ¬ç€Ÿ) ã«æ¥ç¶ããæ段ã§ãã ã»ããã¢ããã¯ãã¡ã€ã³ãªãã£ã¹ã®Sophos UTMãšãªã¢ãŒããªãã£ã¹ã®ãªã¢ãŒãã€ãŒãµãããããã€ã¹ (RED) ã§æ§æãããŸããRED ã¢ãã©ã€ã¢ã³ã¹èªäœã¯èšå®ããå¿ èŠããªãããã2æ ç¹éã®æ¥ç¶ã¯ éåžžã«ç°¡åã«ç¢ºç«ã§ããŸããRED ã¢ãã©ã€ã¢ã³ã¹ã¯ãUTMã«æ¥ç¶ãããšãã ã¡ã«ãUTMäžã®ä»ã® ã€ãŒãµãããããã€ã¹ãšåãããã«åäœããŸãããã©ã³ããªãã£ã¹ã®ãã¹ãŠã®ãã©ãã£ãã¯ã¯ãä»ã㊠å®å šã«UTMã«ãŒãã£ã³ã°ããããããæ¯ç€Ÿã»æ¯åºã¯ããŒã«ã«ãããã¯ãŒã¯ãšåãããã«å®å šã«ãªã㟠ãã çŸåš 2çš®é¡ã® RED ã¢ãã©ã€ã¢ã³ã¹ãå©çšã§ããŸãã l RED 10:å°èŠæš¡ãªãã£ã¹åã RED ãœãªã¥ãŒã·ã§ã³ l RED 50:æ¯åºãå«ãèŠæš¡ã®å€§ãããªãã£ã¹åã RED ãœãªã¥ãŒã·ã§ã³ (2ã€ã®ã¢ãããªã³ã¯ã€ã³ã¿ ãã§ãŒã¹ãèšçœ®) ãã®ç« ã§ã¯ã次ã®ãããã¯ã«ã€ããŠèª¬æããŸãã l æŠèŠ l ã°ããŒãã«èšå® l ã¯ã©ã€ã¢ã³ããããžã¡ã³ã l å°å ¥ãã«ã l ãã³ãã«ãããžã¡ã³ã Figure 24 RED:ã»ããã¢ããã®ç¥å³ RED ç°å¢ã®ã»ããã¢ããã¯ã以äžã®æé ã§è¡ããŸãã 14.1 æŠèŠ 14 RED ãããžã¡ã³ã 1. RED ãµããŒããã¢ã¯ãã£ãã«ããŸãã 2. UTMäžã§ RED ã¢ãã©ã€ã¢ã³ã¹ãèšå®ããŸãã 3. RED ã¢ãã©ã€ã¢ã³ã¹ããªã¢ãŒããµã€ãäžã®ã€ã³ã¿ãŒãããã«æ¥ç¶ããŸãã 泚 â RED ã¢ãã©ã€ã¢ã³ã¹ãèšå®ãããŠããªããšãRED ã®æŠèŠããŒãžã«ã¯ãRED ã¢ãŒããã¯ãã£ã® äžè¬çãªæ å ±ã衚瀺ãããŸããRED ã¢ãã©ã€ã¢ã³ã¹ãèšå®ãããšããã®ããŒãžã«ã¯ RED ã®ã¹ ããŒã¿ã¹ã«é¢ããæ å ±ã衚瀺ãããŸãã 14.1 æŠèŠ ãæŠèŠ ãããŒãžã¯ãRED ã®æŠèŠããã®æ©èœãããã³äžè¬ç㪠RED ã®ã»ããã¢ããã«ã€ããŠåºæ¬æ å ± ã瀺ããŸãã åç § â RED ããã€ã¹ã®è©³çŽ°ã«ã€ããŠã¯ããSophos UTMãªãœãŒã¹ã»ã³ã¿ãŒãã®ãã¯ã€ãã¯ã¹ã¿ãŒãã¬ã€ ã ãããã³ãåæ±èª¬ææž ããåç §ããŠãã ãããRED 10 ã¢ãã©ã€ã¢ã³ã¹ã® LED ããªã³ã¯ã³ãŒã ã¯ãSophosãµããŒãããŒã¿ããŒã¹ãåç §ããŠãã ããã RE D ã©ã€ãã ã° ãéã ã©ã€ããã°ã䜿çšããŠãSophos UTMãš RED ã¢ãã©ã€ã¢ã³ã¹ã®éã®æ¥ç¶ãã¢ãã¿ãªã³ã°ããããšãã§ã ãŸãããRED ã©ã€ããã°ãéãããã¿ã³ãã¯ãªãã¯ãããšãæ°ãããŠã£ã³ããŠã§ã©ã€ããã°ãéããŸãã 14.2 ã°ããŒãã«èšå® ãã°ããŒãã«èšå® ãã¿ãã§ã¯ãRED ã®ãµããŒããæå¹ãŸãã¯ç¡å¹ã«ããããšãã§ããŸããRED ã®ãµ ããŒããæå¹ã«ãããšãUTMãRED ãããšããŠæ©èœããŸããRED ãµããŒãã¯ãRED ã¢ãã©ã€ã¢ã³ã¹ ãUTMã«æ¥ç¶ããåã«æå¹ã«ããŠããå¿ èŠããããŸãã RE D èšå® RED ãµããŒããæå¹ã«ããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãã°ããŒãã«èšå® ãã¿ãã§ãRED ãµããŒããæå¹åããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«ãªããã RED ããèšå® ããšãªã¢ãç·šéå¯èœã«ãªããŸãã 402 UTM 9 管çã¬ã€ã 14 RED ãããžã¡ã³ã 14.3 [ãµãŒã] ã¯ã©ã€ã¢ã³ããããžã¡ã³ã 2. çµç¹ã®è©³çŽ°ãå ¥åããŸãã ããã©ã«ãã§ãããããžã¡ã³ã > ã·ã¹ãã èšå® > çµç¹ ãã¿ãã®èšå®ã䜿çšãããŸãã 3. ãRED ã®æå¹å ããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããç·è²ã«ãªããRED ãµããŒããæå¹ã«ãªããŸãããã㧠UTM ãSophosã®RED ããããžã§ãã³ã°ãµãŒãã¹ (RPS) ã«ç»é²ãããRED ãããšããŠæ©èœããããã«ãªããŸãã ãã¯ã©ã€ã¢ã³ããããžã¡ã³ãããŒãžã§ 1ã€ä»¥äžã® RED ã¢ãã©ã€ã¢ã³ã¹ãè¿œå ããŠç¶è¡ãããã å°å ¥ãã«ã ã®ãŠã£ã¶ãŒãã䜿çšããããšãã§ããŸãã èšå®ããã£ã³ã»ã«ããã«ã¯ãã¢ã³ããŒè²ã®ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ããã€ã¹ã®èªåèªèšŒè§£é€ RED ãµããŒããæå¹ã«ãªã£ãŠããå Žåãäžå®æéçµéåŸãåæããã RED ã¢ãã©ã€ã¢ã³ã¹ãèªå çã«èªèšŒè§£é€ãããããã«èšå®ããããšãã§ããŸãããã®æ©èœã«ãããçé£ã«éã£ã RED ã¢ãã©ã€ ã¢ã³ã¹ã UTM ã«æ¥ç¶ã§ããªãããã«ããŸãã 1. èªåèªèšŒè§£é€ãæå¹ã«ããŸãã ãããã€ã¹ã®èªåèªèšŒè§£é€ ããã§ãã¯ããã¯ã¹ãéžæããŸãã 2. RED ã¢ãã©ã€ã¢ã³ã¹ãèªèšŒè§£é€ãããŸã§ã®æéãæå®ããŸãã æå®ã®æéããèªèšŒè§£é€ãããŸã§ã®æé ãããã¹ãããã¯ã¹ã«å ¥åããŸããæå°èšå®æé㯠5åã§ãã 3. ãé©çš ããã¯ãªãã¯ããŸãã ããã§ããã€ã¹ã®èªåèªèšŒè§£é€ãæå¹ã«ãªããŸãã RED ã¢ãã©ã€ã¢ã³ã¹ãæå®ããæéãè¶ ããŠæ¥ç¶ãåæãããåŸåæ¥ç¶ãããšãèªåçã«ç¡å¹ åãããŸããããã¯ãã¯ã©ã€ã¢ã³ããããžã¡ã³ããããŒãžã®ãã°ã«ã¹ã€ããã§ã瀺ãããŸãããŸãããæŠ èŠ ãããŒãžã«ã該åœããèŠåã衚瀺ãããŸããèªèšŒè§£é€ããã RED ã¢ãã©ã€ã¢ã³ã¹ã«å床æ¥ç¶ã èš±å¯ããã«ã¯ããã¯ã©ã€ã¢ã³ããããžã¡ã³ããããŒãžã§ RED ã¢ãã©ã€ã¢ã³ã¹ãæå¹åããŸãã 14.3 [ãµãŒã] ã¯ã©ã€ã¢ã³ããããžã¡ã³ã ãRED ãããžã¡ã³ã > ã¯ã©ã€ã¢ã³ããããžã¡ã³ããããŒãžã§ã¯ãRED ãã³ãã«ã䜿çšããŠUTMã«æ¥ç¶ã ãããã«ããªã¢ãŒãUTMãæå¹åããããšãã§ããŸããããã«ããUTM㯠RED ã¢ãã©ã€ã¢ã³ã¹ã®ãã ã«æ©èœããããã«ãªããŸããããã«ããã§ã¯ãå°å ¥ãã«ãã䜿çšãã代ããã«ãRED ã¢ãã©ã€ã¢ã³ã¹ ãæåã§èšå®ããããšãã§ããŸã (ãšãã¹ããŒãã¢ãŒã)ãå°å ¥ãã«ãã¯ãRED ã¢ãã©ã€ã¢ã³ã¹ã®èš å®ã«äœ¿çšã§ãããã䟿å©ãªæ©èœã§ã次㮠WebAdmin ããŒãžã«æäŸãããŠããŸãã UTM 9 管çã¬ã€ã 403 14.3 [ãµãŒã] ã¯ã©ã€ã¢ã³ããããžã¡ã³ã 14 RED ãããžã¡ã³ã ããã§èšå®ããå RED ã¢ãã©ã€ã¢ã³ã¹ãŸãã¯åUTMã¯ãUTMãšã®æ¥ç¶ã確ç«ã§ããããã«ãªã㟠ãã ããŒãžåã®åã«[ãµãŒã] ã¿ã°ãä»ããŠããå Žåã¯ãUTMããµãŒã (RED ãã) ãšããŠæ©èœãããå Ž åã«ã®ã¿ããã®ããŒãžã®èšå®ãå¿ èŠã«ãªãããšãè¡šããŠããŸãã 泚 â RED ã¢ãã©ã€ã¢ã³ã¹ã®æ¥ç¶ãå¯èœã«ããããã«ã¯ããŸããã°ããŒãã«èšå® ãããŒãžã§ RED ãµ ããŒããæå¹ã«ããå¿ èŠããããŸãã 2å°ã®UTMéã§ã® RED ãã³ãã«ã®ã»ããã¢ãã RED ãã³ãã«ã䜿çšããŠããŒã«ã«UTMã«æ¥ç¶ããããã«å¥ã®UTMãæå¹ã«ããã«ã¯ã次ã®æé ã« åŸããŸãã 1. ãã¯ã©ã€ã¢ã³ããããžã¡ã³ããã¿ãã§ããRED ã®è¿œå ããã¯ãªãã¯ããŸãã ãRED ã®è¿œå ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ãã©ã³ãå:ã¯ã©ã€ã¢ã³ã UTM ãé 眮ããããã©ã³ãåãå ¥åããŸã (äŸ:ããã¥ã³ãã³ãªã㣠ã¹ã)ã ã¯ã©ã€ã¢ã³ãã¿ã€ã:ããããããŠã³ãªã¹ããããUTMããéžæããŸãã ãã³ãã« ID:ããã©ã«ãã§ã¯ãèªå ããéžæãããŠããŸãããã³ãã«ã«ã¯é çªã«çªå·ãä»ãã ããŸããäž¡æ¹ã®UTMã®ãã³ãã« ID ãäžæã§ããããšã確èªããå¿ èŠããããŸããéè€ãã å Žåã¯ãããããããŠã³ãªã¹ãããå¥ã® ID ãéžæãå¿ èŠããããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã UTMãªããžã§ã¯ããçæãããŸãã 4. ããããžã§ãã³ã°ãã¡ã€ã«ãããŠã³ããŒãããŸãã ãªã¢ãŒã (ã¯ã©ã€ã¢ã³ã)UTM ã«èšå®ããŒã¿ãéãã«ã¯ããããŠã³ããŒã ããã¿ã³ã䜿çšããŠããã ãžã§ãã³ã°ãã¡ã€ã«ãããŠã³ããŒãããå®å šãªæ段ã§ãªã¢ãŒãUTMã«ãã¡ã€ã«ãéä¿¡ããŸãã RED ã¢ãã©ã€ã¢ã³ã¹ã®èšå® ããŒã«ã«UTMã«æ¥ç¶ããããã« RED ã¢ãã©ã€ã¢ã³ã¹ãæå¹ã«ããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãã¯ã©ã€ã¢ã³ããããžã¡ã³ããã¿ãã§ããRED ã®è¿œå ããã¯ãªãã¯ããŸãã ãRED ã®è¿œå ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 404 UTM 9 管çã¬ã€ã 14 RED ãããžã¡ã³ã 14.3 [ãµãŒã] ã¯ã©ã€ã¢ã³ããããžã¡ã³ã 2. 次ã®èšå®ãè¡ããŸãã ãã©ã³ãå:RED ã¢ãã©ã€ã¢ã³ã¹ãé 眮ããããã©ã³ãåãå ¥åããŸã (äŸ:ããã¥ã³ãã³ãªã㣠ã¹ã)ã ã¯ã©ã€ã¢ã³ãçš®å¥:æ¥ç¶ãã RED ã¢ãã©ã€ã¢ã³ã¹ã®çš®å¥ã«å¿ããŠãããããããŠã³ãªã¹ããã RED 10 ã RED 50 ãéžæããŸãã RED ID:èšå®ããŠãã RED ã¢ãã©ã€ã¢ã³ã¹ã® ID ãå ¥åããŸãããã® ID ã¯ãRED ã¢ãã©ã€ã¢ã³ ã¹ã®èé¢ãšããã±ãŒãžã«èšèŒãããŠããŸãã ãã³ãã« ID:ããã©ã«ãã§ã¯ãèªå ããéžæãããŠããŸãããã³ãã«ã«ã¯é çªã«çªå·ãä»ãã ããŸããID ãéè€ããå Žåã¯ãããããããŠã³ãªã¹ãããå¥ã® ID ãéžæããŸãã ããã¯è§£é€ã³ãŒã (ãªãã·ã§ã³):ã¯ãã㊠RED ã¢ãã©ã€ã¢ã³ã¹ãå°å ¥ããå Žåã¯ããã®ããã¯ã¹ ã¯ç©ºæ¬ã®ãŸãŸã«ããŠãããŸããèšå®äžã® RED ã¢ãã©ã€ã¢ã³ã¹ã以åã«å°å ¥ããããšããã å Žåã¯ãããã¯è§£é€ã³ãŒããæå®ããå¿ èŠããããŸããããã¯è§£é€ã³ãŒãã¯ãRED ã¢ãã©ã€ã¢ ã³ã¹ã®å°å ¥æã«çæããããã°ããŒãã«èšå® ãã¿ãã§èšå®ããã¢ãã¬ã¹å®ãŠã«ããã«ã¡ãŒã«é ä¿¡ãããŸããããã¯ã»ãã¥ãªãã£æ©èœã§ãããRED ã¢ãã©ã€ã¢ã³ã¹ãç°¡åã«åæããŠã©ãã«ã§ ãã€ã³ã¹ããŒã«ã§ããªããªããŸãã 泚 â USB ã¡ã¢ãªã§ã®æåã€ã³ã¹ããŒã«ããã³ RED ããããžã§ãã³ã°ãµãŒãã¹ (以äžåç §) ã« ããèªåã€ã³ã¹ããŒã«ã«ã€ããŠã¯ã2ã€ã®ããã¯è§£é€ã³ãŒããçæãããŸããRED ããã€ã¹ ã®ã€ã³ã¹ããŒã«æ¹æ³ãå¥ã®æ¹æ³ã«å€æŽããå Žåã¯ãå¿ ã察å¿ããããã¯è§£é€ã³ãŒããäœ¿çš ããŠãã ãããæåã€ã³ã¹ããŒã«ã®å Žåãååã®æåã€ã³ã¹ããŒã«æã®ããã¯è§£é€ã³ãŒãã æå®ããŸããèªåã€ã³ã¹ããŒã«ã®å Žåãååã®èªåã€ã³ã¹ããŒã«æã®ããã¯è§£é€ã³ãŒãã æå®ããŸãã (ããã¯è§£é€ã³ãŒããçŽå€±ããå ŽåãRED ã¢ãã©ã€ã¢ã³ã¹ãããã¯è§£é€ããããã«ã¯ãSophos ãµããŒãã«é£çµ¡ããŠãã ããã)ãã ãããµããŒãã察å¿ã§ããã®ã¯ Sophos RED ããããžã§ãã³ ã°ãµãŒãã¹ã«ãã£ãŠèšå®ãèªåã§ã€ã³ã¹ããŒã«ããå Žåã«éããŸãã ãã³ã â ããã¯ã¢ãããã¡ã€ã«ã«ãã¹ãåºæã®ããŒã¿ãå«ãŸããå Žåã¯ãããã¯è§£é€ã³ãŒã ã¯ãRED ãæ¥ç¶ãããŠãã UTM ã®ããã¯ã¢ãããã¡ã€ã«ã®äžã«ãä¿åãããŠããŸãã UTM ãã¹ãå:UTMãã¢ã¯ã»ã¹ã§ãããããªã㯠IP ã¢ãã¬ã¹ãŸãã¯ãã¹ãåãå ¥åããå¿ èŠ ããããŸãã UTM 9 管çã¬ã€ã 405 14.3 [ãµãŒã] ã¯ã©ã€ã¢ã³ããããžã¡ã³ã 14 RED ãããžã¡ã³ã 2å°ç®ã® UTM ãã¹ãå:RED 50 ã¢ãã©ã€ã¢ã³ã¹çšã«åãUTMã®å¥ã®ãããªã㯠IP ã¢ãã¬ã¹ãŸ ãã¯ãã¹ãåãå ¥åããããšãã§ããŸãã泚ãŒç°ãªã IP ã¢ãã¬ã¹ãããã¯ãã¹ãåãå ¥åãã ããšã¯ã§ããŸãã UTMã 第 2 ãã¹ãåã®çšé: (RED 50 ã®ã¿ãäžå³åç §):第 2 ãã¹ãåã®äœ¿çšç®çãèšå®ã§ããŸãã l ãã§ã€ã«ãªãŒã:1å°ç®ã®ãã¹ãåã«é害ãçºçããå Žåã«ã®ã¿ç¬¬ 2 ãã¹ãåãäœ¿çš ããå Žåã«éžæããŸãã l åæ£:2ã€ã®ãã¹ãåéã®è² è·åæ£ãæå¹ã«ããå Žåã«éžæããŸãã1å°ç®ã®ãã¹ã åãš2å°ç®ã®ãã¹ãåã«é¢é£ä»ããããã¢ãããªã³ã¯ãäž¡æ¹ãšãåçšåºŠã®åŸ ã¡æéãš ã¹ã«ãŒãããã§ããå Žåã«å¹æããããŸãã ã¢ãããªã³ã¯ã¢ãŒã/2ã€ç®ã®ã¢ãããªã³ã¯ã¢ãŒã:DHCP çµç±ãçŽæ¥ã¹ã¿ãã£ã㯠IP ãèšå®ãã ã®ããRED ã¢ãã©ã€ã¢ã³ã¹ã® IP ã¢ãã¬ã¹ååŸæ¹æ³ãå®çŸ©ã§ããŸããRED 50 ã¢ãã©ã€ã¢ã³ã¹ ã§ã¯ããããã®ã€ãŒãµãããããŒãã«å¯Ÿãã¢ãããªã³ã¯ã¢ãŒããå®çŸ©ããããšãã§ããŸãã l DHCP ã¯ã©ã€ã¢ã³ã:RED 㯠DHCP ãµãŒããã IP ã¢ãã¬ã¹ãååŸããŸãã l ã¹ã¿ãã£ãã¯ã¢ãã¬ã¹:IPv4 ã¢ãã¬ã¹ãé¢é£ããããããã¹ã¯ãããã©ã«ãã²ãŒããŠã§ ã€ãDNS ãµãŒããå ¥åããŸãã 泚 â ãã¹ãåãš RED ã®ã¢ãããªã³ã¯ã€ãŒãµãããããŒãã®UTM ïŒå¯ŸïŒã®é¢é£æ§ã¯ãããŸã ããããããã® RED ã®ããŒãã¯ããããã«å®çŸ©ãããã«å¯Ÿãæ¥ç¶ãè©Šã¿ãŸããUTM ãã ㊠第 2 ã¢ãããªã³ã¯ã®é€å€: (RED 50 ã®ã¿ãäžå³åç §):第 2 ã¢ãããªã³ã¯ã®äœ¿çšç®çãèšå®ã§ã ãŸãã l ãã§ã€ã«ãªãŒã:1å°ç®ã®ã¢ãããªã³ã¯ã«é害ãçºçããå Žåã«ã®ã¿ç¬¬ 2 ã¢ãããªã³ã¯ ã䜿çšããå Žåã«éžæããŸãã l åæ£:2ã€ã®ã¢ãããªã³ã¯éã®è² è·åæ£ãæå¹ã«ããå Žåã«éžæããŸããRED 50 ã¢ã ã©ã€ã¢ã³ã¹ã® 2ã€ã®ã¢ãããªã³ã¯ã®åŸ ã¡æéãšã¹ã«ãŒããããåçšåºŠã§ããå Žåã«å¹ æããããŸãã ãªãã¬ãŒã·ã§ã³ã¢ãŒã:ãªã¢ãŒããããã¯ãŒã¯ã®ããŒã«ã«ãããã¯ãŒã¯ãžã®çµ±åæ¹æ³ãå®çŸ©ã§ã ãŸãã l 406 æšæº/çµ±å:UTMããªã¢ãŒããããã¯ãŒã¯ã®ãããã¯ãŒã¯ãã©ãã£ãã¯ãå®å šã«ã³ã³ãã㌠ã«ããŸããããã«ãDHCP ãµãŒãããã³ããã©ã«ãã²ãŒããŠã§ã€ãšããŠæ©èœããŸããå šãŠ ã®ãªã¢ãŒããããã¯ãŒã¯ã¯ãçµç±ããŸã UTM. UTM 9 管çã¬ã€ã 14 RED ãããžã¡ã³ã l 14.3 [ãµãŒã] ã¯ã©ã€ã¢ã³ããããžã¡ã³ã æšæº/åå²:UTMããªã¢ãŒããããã¯ãŒã¯ã®ãããã¯ãŒã¯ãã©ãã£ãã¯ãå®å šã«ã³ã³ãã㌠ã«ããŸããããã«ãDHCP ãµãŒãããã³ããã©ã«ãã²ãŒããŠã§ã€ãšããŠæ©èœããŸãããã ã«ã1ã€ä»¥äžã®UTMåå²ãã¡ã€ã³ãã¢ã¯ã»ã¹å¯èœãšããŠå®çŸ©ããããšãã§ããŸããäžã® ãåå²ãããã¯ãŒã¯ ãããã¯ã¹ã«ããªã¢ãŒãã¯ã©ã€ã¢ã³ãããã¢ã¯ã»ã¹å¯èœãªããŒã«ã«ãã ãã¯ãŒã¯ãå®çŸ©ããŸãã 泚 â VLAN ã¿ã°ã®ä»ãããã¬ãŒã ã¯ããã®æäœã¢ãŒãã§ã¯åŠçã§ããŸãããRED 㢠ãã©ã€ã¢ã³ã¹ã®èåŸã§ VLAN ã䜿çšããŠããå Žååã¯ã代ããã«ãæšæº ãã¢ãŒãã䜿 çšããŠãã ããã l éé/åå²:UTM㯠ãªã¢ãŒããããã¯ãŒã¯ã®ãããã¯ãŒã¯ãã©ãã£ãã¯ãã³ã³ãããŒã«ã ããDHCP ãµãŒããšããŠãããã©ã«ãã²ãŒããŠã§ã€ãšããŠãæ©èœããŸããã代ããã«ã㪠ã¢ãŒããããã¯ãŒã¯ã® DHCPãµãŒããã IP ã¢ãã¬ã¹ãååŸããŠããããã¯ãŒã¯ã®äžéšãš ããŸãããã ãããªã¢ãŒãã¯ã©ã€ã¢ã³ãããããŒã«ã«ãããã¯ãŒã¯ãžã®ã¢ã¯ã»ã¹ã¯æå¹å ããããšãã§ããŸãããã®ããã«ããªã¢ãŒããããã¯ãŒã¯ã«ããã¢ã¯ã»ã¹ãèš±å¯ããåå² ãããã¯ãŒã¯ ãå®çŸ©ããå¿ èŠããããŸããããã«ã1ã€ä»¥äžã® åå²ãã¡ã€ã³ãã¢ã¯ã»ã¹ å¯èœãšããŠå®çŸ©ããããšãã§ããŸããããŒã«ã«ãã¡ã€ã³ããããªãã¯ã«è§£æ±ºå¯èœã§ã¯ãª ãå Žåããªã¢ãŒãã¯ã©ã€ã¢ã³ãããã¯ãšãª (åãåãã) å¯èœãª åå² DNS ãµãŒã ãå® çŸ©ããå¿ èŠããããŸãã 泚 â VLAN ã¿ã°ã®ä»ãããã¬ãŒã ã¯ããã®æäœã¢ãŒãã§ã¯åŠçã§ããŸãããRED 㢠ãã©ã€ã¢ã³ã¹ã®èåŸã§ VLAN ã䜿çšããŠããå Žååã¯ã代ããã«ãæšæº ãã¢ãŒãã䜿 çšããŠãã ããã ãã¹ãŠã®ãªãã¬ãŒã·ã§ã³ã¢ãŒãã®äŸã¯ããå°å ¥ããããã¿ãã§åç §ã§ããŸãã 3. 次ã®è©³çŽ°èšå®ãä»»æã§è¡ããŸãã MAC ãã£ã«ã¿ãªã³ã°ã¿ã€ã:ãã® RED ã¢ãã©ã€ã¢ã³ã¹ãžã®æ¥ç¶ãèš±å¯ããã MAC ã¢ãã¬ã¹ã å¶éããã«ã¯ãããã©ãã¯ãªã¹ãããŸãã¯ããã¯ã€ããªã¹ãããéžæããŸãã ãã©ãã¯ãªã¹ããäœ¿çš ããå Žåã以äžã® MAC ã¢ãã¬ã¹ãªã¹ãã§æå®ãããã®ãé€ãããã¹ãŠã® MAC ã¢ãã¬ã¹ãèš± å¯ãããŸãããã¯ã€ããªã¹ãã䜿çšããå Žåã以äžã® MAC ã¢ãã¬ã¹ãªã¹ãã§æå®ãããã®ãé€ ãããã¹ãŠã® MAC ã¢ãã¬ã¹ããããã¯ãããŸãã MAC ã¢ãã¬ã¹:RED ã¢ãã©ã€ã¢ã³ã¹ãžã®ã¢ã¯ã»ã¹ãå¶éããããã«äœ¿çšãã MAC ã¢ã ã¬ã¹ã®ãªã¹ããMAC ã¢ãã¬ã¹ã®ãªã¹ãã¯ããå®çŸ©ãšãŠãŒã¶ > ãããã¯ãŒã¯å®çŸ© > MAC 㢠ãã¬ã¹å®çŸ© ãã¿ãã§äœæã§ããŸãã UTM 9 管çã¬ã€ã 407 14.3 [ãµãŒã] ã¯ã©ã€ã¢ã³ããããžã¡ã³ã 14 RED ãããžã¡ã³ã ããã€ã¹ã®å°å ¥:RED ã®èšå®ã«å¿ èŠãªæ§æãå°å ¥ããæ¹æ³ãéžæããŸããããã©ã«ã ã§ãUTM 㯠RED ã®èšå®ããŒã¿ã Sophos ã® RED ããããžã§ãã³ã°ãµãŒãã¹ã«ãã£ãŠèªå㧠èšå®ããŸãããã®å ŽåãRED ã¢ãã©ã€ã¢ã³ã¹ã¯ã€ã³ã¿ãŒãããçµç±ã§èšå®ãåä¿¡ããŸããRED ãã€ã³ã¿ãŒãããã«æ¥ç¶ããŠããªãå Žåã¯ãUSB ã¡ã¢ãªã«ããæåã§èšå®ãå°å ¥ã§ããŸãã 泚 â æåã«ããããã€ã¹ã®å°å ¥ã¯ããã¡ãŒã ãŠã§ã¢ã®ããŒãžã§ã³ã 9.1 以éã® RED ã¢ãã© ã€ã¢ã³ã¹ã®ã¿ã§å®è¡ã§ããŸãã èŠå â æåã«ããå°å ¥ãéžæããå Žåã¯ãç¹ã«ãã¡ãŒã«ã§éä¿¡ãããããã¯è§£é€ã³ãŒãã ãªãããã«ä¿ç®¡ããŠããå¿ èŠããããŸããããã¯è§£é€ã³ãŒããçŽå€±ããå ŽåãRED ã¢ãã©ã€ã¢ ã³ã¹ãä»ã® UTM ãšæ¥ç¶ããããšãåºæ¥ãªããªããŸãã 3G/UMTS ãã§ã€ã«ãªãŒã:RED ãªããžã§ã³ 2 以éã§ã¯ãRED ã¢ãã©ã€ã¢ã³ã¹ã« USB ããŒãã ä»ããŠããããã3G/UMTS USB ã¡ã¢ãªãæ¥ç¶ã§ããŸãããããéžæãããšãWAN ã€ã³ã¿ ãã§ãŒã¹ã«é害ãçºçããéããã®ã¡ã¢ãªã¯ã€ã³ã¿ãŒãããã¢ãããªã³ã¯ã®ãã§ã€ã«ãªãŒããŒãš ããŠæ©èœããŸããå¿ èŠãªèšå®ã«ã€ããŠã¯ãã€ã³ã¿ãŒããããããã€ããŒã®èšå®ã¬ã€ããåç §ã ãŠãã ããã l ãŠãŒã¶å/ãã¹ã¯ãŒã (ä»»æ):å¿ èŠãªå Žåãã¢ãã€ã«ãããã¯ãŒã¯ã®ãŠãŒã¶åãšãã¹ ã¯ãŒããå ¥åããŸãã l PIN (ä»»æ):PIN ãèšå®ãããŠããå ŽåãSIM ã«ãŒãã® PIN ãå ¥åããŸãã 泚 â ééã£ã PIN ãå ¥åãããšãWAN ã€ã³ã¿ãã§ãŒã¹ã®é害æã«ã3G/UMTS ã«ãã æ¥ç¶ã確ç«ã§ããŸããããã®å ŽåãRED ã¢ãã©ã€ã¢ã³ã¹ã®ã3G/UMTS ãã§ã€ã«ãªãŒ ããŒããã§ãã¯ããã¯ã¹ã¯èªåçã«éžæã解é€ãããŸããããã«ãããééã£ã PIN ã¯äžåºŠãã䜿çšãããŸãããWAN ã€ã³ã¿ãã§ãŒã¹ã埩æ§ãããšãRED ã¢ãã©ã€ã¢ã³ ã¹ã«èŠåã衚瀺ãããŸãã3G/UMTS ãã§ã€ã«ãªãŒããŒã®ã¢ãããªã³ã¯ã«ééã£ã PIN ãå ¥åãããŸããããã°ã€ã³æ å ±ãå€æŽããŠãã ããããRED ã®ç·šé ããã€ã¢ãã° ããã¯ã¹ãéããšã 3G/UMTS ãã§ã€ã«ãªãŒã㌠ãèªåçã«éžæ解é€ãããããšã瀺 ãã¡ãã»ãŒãžã衚瀺ãããŸãããã§ãã¯ããã¯ã¹ãå床éžæããåã«ãPIN ãä¿®æ£ã ãŠãã ãããééã£ã PIN ã§3åæ¥ç¶ãè©Šè¡ãããšãSIM ã«ãŒãã¯ããã¯ãããŸãã ããã¯ã®è§£é€ã¯ RED ã¢ãã©ã€ã¢ã³ã¹ã UTMã§ã¯ã§ããŸããã 408 l ã¢ãã€ã«ãããã¯ãŒã¯:ã¢ãã€ã«ãããã¯ãŒã¯ã®çš®é¡ããGSM ãŸã㯠CDMA ããéžæã ãŸãã l APN:ãããã€ãã®ã¢ã¯ã»ã¹ãã€ã³ãåã®æ å ±ãå ¥åããŸãã UTM 9 管çã¬ã€ã 14 RED ãããžã¡ã³ã l 14.3 [ãµãŒã] ã¯ã©ã€ã¢ã³ããããžã¡ã³ã ãã€ã€ã«æåå (ãªãã·ã§ã³):ãããã€ããç°ãªããã€ã€ã«æååã䜿çšããŠããå Ž åãããã«å ¥åããŸããããã©ã«ã㯠*99# ã§ãã 泚 â 次ã®èšå®ã¯å¿ ãæåã§è¡ã£ãŠãã ããã1) å¿ èŠãªãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ã®äœæ (ããããã¯ãŒã¯ãããã¯ã·ã§ã³ > ãã¡ã€ã¢ãŠã©ãŒã« > ã«ãŒã« ã)ã2) å¿ èŠãªãã¹ã«ã¬ãŒãã«ãŒã« ã®äœæ (ããããã¯ãŒã¯ãããã¯ã·ã§ã³ > NAT > ãã¹ã«ã¬ãŒã ã)ã 4. ãä¿å ããã¯ãªãã¯ããŸãã RED ã¢ãã©ã€ã¢ã³ã¹ãäœæããããREDããªã¹ãã«è¡šç€ºãããŸãã èªåã«ããããã€ã¹ã®å°å ¥ã§ã¯ãRED ã®èµ·åçŽåŸã«ãSophosRED ããããžã§ãã³ã°ãµãŒãã¹ (RPS) ããèšå®ãååŸãããŸãããã®åŸãUTMãšã®æ¥ç¶ UTM REDã¢ãã©ã€ã¢ã³ã¹ã確ç«ãã㟠ãã æåã«ããããã€ã¹ã®å°å ¥ã§ã¯ããREDããªã¹ãã®æ°ãããšã³ããªã«ã¯ãããŠã³ããŒã ããã¿ã³ã衚瀺ã ããŸããèšå®ãã¡ã€ã«ãããŠã³ããŒãããUSB ã¡ã¢ãªã®ã«ãŒããã£ã¬ã¯ããªã«ä¿åããŸãã次ã«ãUSB ã¡ã¢ãªã RED ã¢ãã©ã€ã¢ã³ã¹ã®é»æºãå ¥ããåã«å·®ã蟌ã¿ãŸããRED 㯠USB ã¡ã¢ãªããèšå®ãå åŸããŸãããã®åŸãUTM ãšã®æ¥ç¶ UTM RED ã¢ãã©ã€ã¢ã³ã¹ã確ç«ãããŸãã èŠå âããã¯è§£é€ã³ãŒããå¿ ãä¿ç®¡ããŠãããŠãã ãããããã¯è§£é€ã³ãŒãã¯ãRED ã¢ãã©ã€ã¢ã³ã¹ ãèšå®ãåä¿¡ããåŸããã«ãã°ããŒãã«èšå® ãã¿ãã§æå®ããã¢ãã¬ã¹ã«ã¡ãŒã«ã§éä¿¡ãããŸãã (æåãšèªåã®å°å ¥ãåãæ¿ããå Žåã¯ãããããã®ããã¯è§£é€ã³ãŒããå¿ ãä¿ç®¡ããŠãããŠãã ããã)ãã®ããã¯è§£é€ã³ãŒãã¯ãä»ã§ RED ã¢ãã©ã€ã¢ã³ã¹ã䜿çšãããšãã«å¿ èŠã«ãªããŸã UTM. ããã¯è§£é€ã³ãŒããæå ã«ãªãå ŽåãRED ã¢ãã©ã€ã¢ã³ã¹ãããã¯è§£é€ããããã«ã¯ãSophosãµ ããŒãã«é£çµ¡ããå¿ èŠããããŸãããã ãããµããŒãã察å¿ã§ããã®ã¯ Sophos RED ããããžã§ã ã³ã°ãµãŒãã¹ã«ãã£ãŠèšå®ãèªåã§ã€ã³ã¹ããŒã«ããå Žåã«éããŸãã RED ã¢ãã©ã€ã¢ã³ã¹ãç·šéããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸããèšå®ããããã¹ãŠã® RED ã¢ãã©ã€ã¢ã³ã¹ã®ã¹ããŒã¿ã¹ã¯ãWebAdmin ã® RED æŠèŠããŒãžã§ç¢ºèªã§ããŸãã äžå³ã¯ãRED 50 ã§æäŸããåæ£/ãã§ã€ã«ãªãŒããŒã®4ã€ã®çµã¿åããã瀺ããŠããŸããå®ç·ã¯ åæ£ãè¡šããç¹ç·ã¯ãã§ã€ã«ãªãŒããŒãè¡šããŠããŸãã UTM 9 管çã¬ã€ã 409 14.4 [ãµãŒã] å°å ¥ãã«ã 14 RED ãããžã¡ã³ã Figure 25 RED 50:ãã¹ãåãšã¢ãããªã³ã¯ãšãåæ£ (éç·) ããã³ãã¹ãåãšã¢ãããªã³ã¯ãšããã§ã€ã« ãªãŒã㌠(èµ€) Figure 26 RED 50:ãã¹ãåã®åæ£ãšã¢ãããªã³ã¯ã®ãã§ã€ã«ãªãŒã㌠(ç·) ããã³ãã¹ãåã®ãã§ã€ã« ãªãŒããŒãšã¢ãããªã³ã¯ã®åæ£ (é) RED ã¢ãã©ã€ã¢ã³ã¹ã®åé€ RED ã¢ãã©ã€ã¢ã³ã¹ãåé€ããã«ã¯ãã¢ãã©ã€ã¢ã³ã¹åã®æšªã«ãããåé€ ããã¿ã³ãã¯ãªãã¯ããŸãã RED ãªããžã§ã¯ãã«äŸåé¢ä¿ããããšããèŠåã衚瀺ãããŸããRED ã¢ãã©ã€ã¢ã³ã¹ãåé€ã㊠ããé¢é£ããã€ã³ã¿ãã§ãŒã¹ãšäŸåé¢ä¿ã¯ åé€ãããŸãããããã¯ãRED ã¢ãã©ã€ã¢ã³ã¹éã§ã€ã³ã¿ ãã§ãŒã¹ã移åã§ããããã«ããããã®æå³çãªèšèšã§ãã RED ã¢ãã©ã€ã¢ã³ã¹ã®èšå®ãå®å šã«åé€ããã«ã¯ãæœåšçãªã€ã³ã¿ãã§ãŒã¹ãšãã®ä»ã®å®çŸ©ãæ åã§åé€ããŠãã ããã 14.4 [ãµãŒã] å°å ¥ãã«ã ãRED ãããžã¡ã³ã > å°å ¥ãã«ã ãã¿ãã«ã¯ãRED ç°å¢ã®ã»ããã¢ãããšçµ±åã®ããã®ãŠã£ã¶ãŒãã ãããŸãããã®ãŠã£ã¶ãŒãã¯ããã¯ã©ã€ã¢ã³ããããžã¡ã³ããã¿ãã§ã®éåžžã®èšå®ã®ç°¡æçãšãªããŸãã å¿ é ãã£ãŒã«ããšãå¿ èŠã«å¿ããŠããªãã·ã§ã³ãããŒã¯ã®ä»ãããã£ãŒã«ãã«å ¥åããŠããRED ã®å°å ¥ ã ãã¯ãªãã¯ããã ãã§ãã ããŒãžåã®åã« [ãµãŒã] ã¿ã°ãä»ããŠããå Žåã¯ãUTMããµãŒã (RED ãã) ãšããŠæ©èœãããå Ž åã«ã®ã¿ããã®ããŒãžã®èšå®ãå¿ èŠã«ãªãããšãè¡šããŠããŸãã 410 UTM 9 管çã¬ã€ã 14 RED ãããžã¡ã³ã 14.4 [ãµãŒã] å°å ¥ãã«ã 泚 â å©äŸ¿æ§ã®ããããæšæº ãããã³ãæšæº/åå² ãã¢ãŒãã§ã¯ããã¯ã©ã€ã¢ã³ããããžã¡ã³ããã¿ããšé ããå°å ¥ãã«ããæå®ãã IP ã¢ãã¬ã¹ã®ããŒã«ã«ã€ã³ã¿ãã§ãŒã¹ãå©çšå¯èœãª IP ã¢ãã¬ã¹ç¯å² ã®ååãã«ããŒãããªã¢ãŒããããã¯ãŒã¯çš DHCP ãµãŒããããŒã«ã« DNS ãªãŸã«ããžã®ã¢ã¯ã»ã¹ ãšãã£ããªããžã§ã¯ããèªåçã«äœæããŸãããéé/åå² ãã¢ãŒãã§ã¯ãå°å ¥ãã«ã㯠DHCP ã¯ã© ã€ã¢ã³ã (ã€ãŒãµããã DHCP ) ã€ã³ã¿ãã§ãŒã¹ã®ã¿äœæããŸãã å°å ¥ãã«ãã¯ãåãªãã·ã§ã³ã«ã€ããŠæŠèŠãæäŸããRED ãã¯ãããžãŒã§æäŸããã 3ã€ã®ãªã ã¬ãŒã·ã§ã³ã¢ãŒãããããã«ã€ããŠã¹ã±ãããæäŸããŸãã 以äžã¯ãRED ã® 3ã€ã®ãªãã¬ãŒã·ã§ã³ã¢ãŒãã®èª¬æãšäœ¿çšäŸã§ãã æšæº UTMããªã¢ãŒããããã¯ãŒã¯å šäœã管çããŸããDHCP ãµãŒãããã³ããã©ã«ãã²ãŒããŠã§ã€ãšããŠæ© èœããŸãã äŸ:æ¯åºã 1ã€ãããã»ãã¥ãªãã£äžã®çç±ããããã®ãã¹ãŠã®ãã©ãã£ãã¯ãæ¬åºã®UTMçµç±ã§ ã«ãŒãã£ã³ã°ããããããã«ããããªã¢ãŒããµã€ãã¯ãLAN çµç±ã§æ¥ç¶ãããŠããããã«ããŒã«ã«ãã ãã¯ãŒã¯ã®äžéšãšãªããŸãã æšæº/åå² æ³š â VLAN ã¿ã°ã®ä»ãããã¬ãŒã ã¯ããã®æäœã¢ãŒãã§ã¯åŠçã§ããŸãããRED ã¢ãã©ã€ã¢ã³ã¹ ã®èåŸã§ VLAN ã䜿çšããŠããå Žååã¯ã代ããã«ãæšæº ãã¢ãŒãã䜿çšããŠãã ããã ãæšæº ãã¢ãŒããšåæ§ã«ãUTMããªã¢ãŒããããã¯ãŒã¯å šäœã管çããŸããDHCP ãµãŒãããã³ããã© ã«ãã²ãŒããŠã§ã€ãšããŠæ©èœããŸãããã ãããåå²ãããã¯ãŒã¯ ãããã¯ã¹ã«ãªã¹ãããããããã¯ãŒã¯ å®ãŠã®ãã©ãã£ãã¯ã®ã¿ããããŒã«ã«UTMã«ãªãã€ã¬ã¯ããããç¹ãç°ãªããŸããå®çŸ©ãããåå² ãããã¯ãŒã¯ããçºçããŠããªããã¹ãŠã®ãã©ãã£ãã¯ã¯ãã€ã³ã¿ãŒãããã«çŽæ¥ã«ãŒãã£ã³ã°ãã㟠ãã äŸ:æ¯åºã 1ã€ãããã»ãã¥ãªãã£äžã®çç±ãããããŒã«ã«ã€ã³ãã©ããããžã®ã¢ã¯ã»ã¹ãå¿ èŠãšããŠã ããããªã¢ãŒããããã¯ãŒã¯ã®ãã©ãã£ãã¯ãUTMçµç±ã§ã«ãŒãã£ã³ã°ããã (äŸãã°ããã©ãã£ãã¯ã«å¯Ÿ ãããŠã€ã«ã¹ãã§ãã¯ã®ãããããã㯠HTTP ãããã·ã䜿çšãããã)ã UTM 9 管çã¬ã€ã 411 14.4 [ãµãŒã] å°å ¥ãã«ã 14 RED ãããžã¡ã³ã éé/åå² æ³š â VLAN ã¿ã°ã®ä»ãããã¬ãŒã ã¯ããã®æäœã¢ãŒãã§ã¯åŠçã§ããŸãããRED ã¢ãã©ã€ã¢ã³ã¹ ã®èåŸã§ VLAN ã䜿çšããŠããå Žååã¯ã代ããã«ãæšæº ãã¢ãŒãã䜿çšããŠãã ããã ãªã¢ãŒããããã¯ãŒã¯ã¯ç¬ç«ãããŸãŸã§ãUTM㯠IP ã¢ãã¬ã¹ããªã¢ãŒãDHCP ãµãŒãããååŸããŠã ã®ãããã¯ãŒã¯ã®äžéšãšãªããŸãããªã¢ãŒããããã¯ãŒã¯ã®ç¹å®ã®ãã©ãã£ãã¯ã®ã¿ãç¹å®ã®ããã ã¯ãŒã¯ãŸãã¯ããŒã«ã«ãã¡ã€ã³ãžã®ã¢ã¯ã»ã¹ãèš±å¯ãããŸããUTMã¯ãªã¢ãŒããããã¯ãŒã¯ãã³ã³ã ããŒã«ã§ããªããããåå² DNS ãµãŒã ãå®çŸ©ããªãéãããããªãã¯ã«è§£æ±ºå¯èœã§ã¯ãªãããŒã«ã« ãã¡ã€ã³ããªã¢ãŒãã«ãŒã¿ã§è§£æ±ºããããšã¯ã§ããŸãããããã¯ããªã¢ãŒãã¯ã©ã€ã¢ã³ãããã¯ãšãª (å ãåãã) å¯èœãªããŒã«ã« DNS ãµãŒãã§ãã æè¡çã«ã¯ãRED ã¢ãã©ã€ã¢ã³ã¹ã®ããŒã«ã«ã€ã³ã¿ãã§ãŒã¹ãšãããŒã«ã«ã®UTMãžã®ã¢ãããªã³ã¯ã€ ã³ã¿ãã§ãŒã¹ã䞊ã³ã«ãªã¢ãŒãã«ãŒã¿ãžã®ãªã³ã¯ã¯ããã®ã¢ãŒãã§ããªããžãããŸãã(RED 50 ã¢ãã©ã€ ã¢ã³ã¹ã§ã¯ãLAN ããŒã㯠WAN 1 ã«ããããªããžãããŸããã)UTMã¯ãªã¢ãŒããããã¯ãŒã¯ã®å¯äž ã®ã¯ã©ã€ã¢ã³ãã§ãããããåå²ãããã¯ãŒã¯ãžã®ãã©ãã£ãã¯ãä»ã®ã¢ãŒããšåæ§ã«ã«ãŒãã£ã³ã°ã ãããšã¯ã§ããŸããããã®ãããRED ã¢ãã©ã€ã¢ã³ã¹ã¯ãã¹ãŠã®ãã©ãã£ãã¯ãã€ã³ã¿ãŒã»ããããŸãã ãåå²ãããã¯ãŒã¯ ãããã¯ã¹ã«ãªã¹ãããããããã¯ãŒã¯å®ãŠã®ãã©ãã£ãã¯ãããåå²ãã¡ã€ã³ããã㯠ã¹ã«ãªã¹ãããããã¡ã€ã³å®ãŠã®ãã©ãã£ãã¯ã¯ãUTMã€ã³ã¿ãã§ãŒã¹ã«ãªãã€ã¬ã¯ããããŸããããã¯ã åããŒã¿ãã±ããå ã§ããã©ã«ãã²ãŒããŠã§ã€ã® MAC ã¢ãã¬ã¹ãUTMã® MAC ã¢ãã¬ã¹ã«çœ®ãæãã ããšã§å®çŸããŸãã äŸ:ã€ã³ãã©ãããããããŒã«ã«ãããã¯ãŒã¯å ã®ç¹å®ã®ãµãŒããžã®ã¢ã¯ã»ã¹ãå¿ èŠãªããŒãããŒãŸ ãã¯ãµãŒãã¹ãããã€ãããããRED ã¢ãã©ã€ã¢ã³ã¹ã䜿çšããããšã§ããã®ããŒãããŒã®ããã ã¯ãŒã¯ã¯èªç€Ÿã®ãããã¯ãŒã¯ããã®ç¬ç«ãå®å šã«ä¿ãããŸãããç¹å®ã®ç®çã®ããã«ãèªç€Ÿã® ãããã¯ãŒã¯ã®æ±ºããããéšåã« LAN çµç±ã§æ¥ç¶ããŠãããã®ããã«ã¢ã¯ã»ã¹ããããšã¯ã§ã㟠ãã 泚 â å°å ¥ãã«ãã䜿çšãããšãRED ã¢ãã©ã€ã¢ã³ã¹ã®ã¢ãããªã³ã¯ã¢ãŒãã¯ãããã®ãªãã¬ãŒã·ã§ ã³ã¢ãŒãã§ã DHCP ã¯ã©ã€ã¢ã³ããšãªããŸãã代ããã«ã¹ã¿ãã£ã㯠IP ã¢ãã¬ã¹ãå²ãåœãŠãå¿ èŠã ããå Žåã¯ããã¯ã©ã€ã¢ã³ããããžã¡ã³ããã¿ã㧠RED ã¢ãã©ã€ã¢ã³ã¹ãèšå®ããå¿ èŠããããŸãã 412 UTM 9 管çã¬ã€ã 14 RED ãããžã¡ã³ã 14.5 [ã¯ã©ã€ã¢ã³ã] ãã³ãã«ãããžã¡ã³ã 14.5 [ã¯ã©ã€ã¢ã³ã] ãã³ãã«ãããžã¡ã³ã ãRED ãããžã¡ã³ã > ãã³ãã«ãããžã¡ã³ããããŒãžã§ã¯ãå¥ã®UTMã« RED ãã³ãã«ã確ç«ãããã ã«ãUTMã RED ã¢ãã©ã€ã¢ã³ã¹ãšããŠæ©èœããããã«èšå®ã§ããŸããããã«ããããªã¢ãŒããã¹ãUTM ãUTMã® RED ãããšããŠæ©èœããããã«ãªããŸãã ããŒãžåã®åã« [ã¯ã©ã€ã¢ã³ã] ã¿ã°ãä»ããŠããå Žåã¯ãUTMã RED ã¯ã©ã€ã¢ã³ããšããŠæ©èœãã ãå Žåã«ã®ã¿ããã®ããŒãžã®èšå®ãå¿ èŠã«ãªãããšãè¡šããŠããŸãã UTMããã¹ãUTMã«æ¥ç¶ããããã«ã¯ãããããžã§ãã³ã°ãã¡ã€ã«ãå¿ èŠã«ãªããŸãããã®ãã¡ã€ã« ã¯ãã¹ãUTMã§äœæããå¿ èŠããããŸã (ãã¯ã©ã€ã¢ã³ããããžã¡ã³ãããåç §)ã UTMããã¹ãUTMã«æ¥ç¶ããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãã¹ãUTMã§ãããŒã«ã«UTMããã¯ã©ã€ã¢ã³ããããžã¡ã³ãããªã¹ãã«è¿œå ããŸãã 2. ãã¹ãUTMã§ãUTMããããžã§ãã³ã°ãã¡ã€ã«ãããŠã³ããŒãããŸãã 3. ããŒã«ã«UTMã§ããã³ãã«ãè¿œå ããã¯ãªãã¯ããŸãã ããã³ãã«ã®è¿œå ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 4. 次ã®èšå®ãè¡ããŸãã ãã³ãã«å:ãã®ãã³ãã«ã説æããååãå ¥åããŸãã UTM ãã¹ãå:ãªã¢ãŒã UTM ãã¹ããéžæããŸãã Prov.ãã¡ã€ã«:ãã©ã«ãã¢ã€ã³ã³ãã¯ãªãã¯ããã¢ããããŒãããããããžã§ãã³ã°ãã¡ã€ã«ãéž æããŠããã¢ããããŒãéå§ ããã¯ãªãã¯ããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 5. ãä¿å ããã¯ãªãã¯ããŸãã RED ãã³ãã«ã確ç«ãããããã³ãã«ãããžã¡ã³ãããªã¹ãã«è¡šç€ºãããŸãã UTM 9 管çã¬ã€ã 413 15 ãµã€ãé VPN ãã®ç« ã§ã¯Sophos UTMã®ãµã€ãé VPN èšå®ã®æ§ææ¹æ³ã«ã€ããŠèª¬æããŸããSophos UTM ã®ãµ ã€ãé VPN ã¯ãããŒãã£ã«ãã©ã€ããŒããããã¯ãŒã¯ (VPN) ã«ãã£ãŠå®çŸããŸããVPN ã¯ã€ã³ã¿ãŒ ããããªã©ã®ãããªãã¯ãããã¯ãŒã¯äžã§ãªã¢ãŒããããã¯ãŒã¯ãæ©å¯æ§ãä¿ã¡çžäºéä¿¡ããããã® ã»ãã¥ã¢ã§ã³ã¹ãå¹æã®é«ãæ¹æ³ã§ããVPN ã§ã¯æå·åãã³ããªã³ã°ãããã³ã«ã® IPsec ã䜿çšã ãŠãVPN äžãäŒéãããããŒã¿ã®æ©å¯æ§ãšãã©ã€ãã·ãŒãä¿ã¡ãŸãã åç § â ãµã€ãé VPN æ¥ç¶ã®èšå®æ¹æ³ã®è©³çŽ°ã¯ãSophos ãµããŒãããŒã¿ããŒã¹ãåç §ããŠãã ã ãã ãã®ç« ã§ã¯ã次ã®ãããã¯ã«ã€ããŠèª¬æããŸãã l Amazon VPC l IPsec l SSL l 蚌ææžç®¡ç WebAdmin ã®ããµã€ãé VPNãæŠèŠããŒãžã«ã¯ãèšå®ããããã¹ãŠã® Amazon VPCãIPsecãããã³ SSL ã³ãã¯ã·ã§ã³ãšãã®çŸåšã®ã¹ããŒã¿ã¹ã衚瀺ãããŸããåã³ãã¯ã·ã§ã³ã®ç¶æ ã¯ããã®ã¹ããŒã¿ ã¹ã¢ã€ã³ã³ã®è²ã§ç€ºãããŸããã¹ããŒã¿ã¹ã¢ã€ã³ã³ã¯ 2çš®é¡ãããŸããã³ãã¯ã·ã§ã³åã®é£ãã®å€§ã㪠ã¢ã€ã³ã³ã¯ãã³ãã¯ã·ã§ã³ã®å šäœçãªç¶æ ãè¡šããŸããããããã®è²ã¯ä»¥äžã®ç¶æ ãæå³ããŸãã l ç·è² â ãã¹ãŠã® SA (ã»ãã¥ãªãã£ã¢ãœã·ãšãŒã·ã§ã³) ã確ç«ãããŸãããã³ãã¯ã·ã§ã³ã¯å®å š ã«æ©èœããŠããŸãã l é»è² â SA ã®äžéšã確ç«ãããŠããŸãããã³ãã¯ã·ã§ã³ã¯éšåçã«æ©èœããŠããŸãã l èµ€è² â SA ããŸã£ãã確ç«ãããŠããŸãããã³ãã¯ã·ã§ã³ãæ©èœããŠããŸããã ãã³ãã«æ å ±ã®é£ãã®å°ããªã¢ã€ã³ã³ã¯ããã³ãã«ã®ç¶æ ãè¡šããŸããããããã®è²ã¯ä»¥äžã®ç¶æ ãæå³ããŸãã l ç·è² â ãã¹ãŠã®SA ã確ç«ãããŸããããã³ãã«ã¯å®å šã«æ©èœããŠããŸãã l é»è² â IPsec SA ã確ç«ãããŸããããISAKMP SA (ã€ã³ã¿ãŒãããã»ãã¥ãªãã£ã¢ãœã·ãšãŒã·ã§ ã³ãšéµç®¡çãããã³ã« ) ãæ©èœããŠããŸããããã³ãã«ã¯å®å šã«æ©èœããŠããŸãã l èµ€è² â SA ããŸã£ãã確ç«ãããŠããŸãããã³ãã¯ã·ã§ã³ãæ©èœããŠããŸããã 15.1 Amazon VPC 15 ãµã€ãé VPN 15.1 Amazon VPC Amazon VPC (ããŒãã£ã«ãã©ã€ããŒãã¯ã©ãŠã) ã¯ãåçšã¯ã©ãŠãã³ã³ãã¥ãŒãã£ã³ã°ãµãŒãã¹ã§ãã ãŠãŒã¶ã¯ããŒãã£ã«ãã©ã€ããŒãã¯ã©ãŠããäœæããåŸããããããŒã«ã«ãããã¯ãŒã¯ã«æ¥ç¶ã ãŠãIPsec ãã³ãã«ã§éäžç®¡çããããšãã§ããŸãã Sophos UTMã«ã¹ã¿ãã£ãã¯ã®ãããªã㯠IP ã¢ãã¬ã¹ãããå Žåã¯ãAmazon VPC ãUTMã«æ¥ç¶ã§ã ãŸããVPN ã³ãã¯ã·ã§ã³ã®ãã¹ãŠã®èšå®ã¯ãAmazon ç°å¢ã§è¡ãå¿ èŠããããŸãããã®åŸ ã¯ãAmazon ã¢ã¯ã»ã¹ããŒã¿ãŸãã¯èšå®ãã¡ã€ã«ã䜿çšããŠã³ãã¯ã·ã§ã³ããŒã¿ãã€ã³ããŒãããã ã ã§æžã¿ãŸãã 15.1.1 ã¹ããŒã¿ã¹ ããµã€ãé VPN > Amazon VPC > ã¹ããŒã¿ã¹ ãããŒãžã«ã¯ãAmazon VPC ã®ãã¹ãŠã®ã³ãã¯ã·ã§ã³ã㪠ã¹ããããŸãã ããã§ã¯ãã³ãã¯ã·ã§ã³ãæå¹ãŸãã¯ç¡å¹ã«ããããšãã§ããŸãã Amazon VPC ã®ã³ãã¯ã·ã§ã³ãæå¹ã«ããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ãã»ããã¢ãããããŒãžã§ãVPC æ¥ç¶ã 1ã€ä»¥äžã€ã³ããŒãããŸãã 2. ãã¹ããŒã¿ã¹ ãããŒãžã§ãAmazon VPC ãæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããç·è²ã«ãªããã€ã³ããŒãããã VPC æ¥ç¶ã衚瀺ãããŸãã 3. ç®çã®ã³ãã¯ã·ã§ã³ãæå¹ã«ããŸãã æå¹ã«ããã³ãã¯ã·ã§ã³ã®ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããç·è²ã«ãªããVPC ã³ãã¯ã·ã§ã³ã® 2ã€ã®ãã³ãã«ã衚瀺ãããŸãã 泚 â åã³ãã¯ã·ã§ã³ã¯ãåé·åã®ããã«ã¢ã¯ãã£ããªãã³ãã«ãšããã¯ã¢ãããã³ãã«ã® 2〠ã®ãã³ãã«ããæ§æãããŸããã¢ã¯ãã£ããªãã³ãã«ã«ã¯ãBGP è¡ã®æåŸã«ããããã¹ã¯ã 衚瀺ãããŸãããã³ãã«ã®ã¹ããŒã¿ã¹ã¢ã€ã³ã³ã¯å¶åŸ¡ç®çã®ããã«ã®ã¿è¡šç€ºãããŠããã1 ã€ã®ãã³ãã«ãæå¹ãŸãã¯ç¡å¹ã«ããããšã¯ã§ããŸããã ãã¹ãŠã® Amazon VPC ã³ãã¯ã·ã§ã³ãç¡å¹ã«ããã«ã¯ãäžçªäžã®ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã1 ã€ã®ã³ãã¯ã·ã§ã³ãç¡å¹ã«ããã«ã¯ããã®ã³ãã¯ã·ã§ã³ã®ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã 416 UTM 9 管çã¬ã€ã 15 ãµã€ãé VPN 15.1 Amazon VPC ã³ãã¯ã·ã§ã³ãéããŠãªã¹ãããåé€ããã«ã¯ããã®ã³ãã¯ã·ã§ã³ã®èµ€ãåé€ã¢ã€ã³ã³ãã¯ãªãã¯ã㟠ãã 泚 â ã³ãã¯ã·ã§ã³ã¯ Amazon VPC åŽã§èšå®ãããŠããããã以åãšåãããŒã¿ã䜿çšããããšã§å é€ããã³ãã¯ã·ã§ã³ãSophos UTMã«å床ã€ã³ããŒãã§ããŸãã 15.1.2 ã»ããã¢ãã ããµã€ãé VPN > Amazon VPC > ã»ããã¢ãããããŒãžã§ã¯ãAmazon VPC (ããŒãã£ã«ãã©ã€ããŒã㯠ã©ãŠã) ã«å¯Ÿããã³ãã¯ã·ã§ã³ãè¿œå ã§ããŸãã1ã€ã® Amazon Web Service (AWS) ã¢ã«ãŠã³ã ãšãSophos UTMã® IP ã¢ãã¬ã¹ãã«ã¹ã¿ãã²ãŒããŠã§ã€ (VPC VPN æ¥ç¶ã®ãšã³ããã€ã³ããæã Amazon ã®çšèª) ãšããŠäœ¿çšããŠèšå®ãããŠãããã¹ãŠã®ã³ãã¯ã·ã§ã³ãã€ã³ããŒãããããAmazon ããããŠã³ããŒãã§ããèšå®ãã¡ã€ã«ã䜿çšã㊠1ã€ãã€ã³ãã¯ã·ã§ã³ãè¿œå ã§ããŸãã Amazon ã¯ã¬ãã³ ã·ã£ã«ã« ã ã ã€ã³ ããŒã 1ã€ã® AWS ã¢ã«ãŠã³ãã§èšå®ããã³ãã¯ã·ã§ã³ãšãSophos UTMã® IP ã¢ãã¬ã¹ãã«ã¹ã¿ãã²ãŒããŠã§ã€ãš ããŠäœ¿çšããŠèšå®ããã³ãã¯ã·ã§ã³ããã¹ãŠäžåºŠã«ã€ã³ããŒãããããšãã§ããŸããããã«ã¯ãåã« Amazon Web Service ã¢ã«ãŠã³ãã®äœææã«æäŸããã AWS ã®ã¯ã¬ãã³ã·ã£ã«ãå ¥åããŸãã 泚 âãã¹ããŒã¿ã¹ ãã¿ãã«ãªã¹ããããæ¢åã®å šã³ãã¯ã·ã§ã³ã¯ãã€ã³ããŒãäžã«åé€ãããŸãã ã³ãã¯ã·ã§ã³ãã€ã³ããŒãããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. 次ã®èšå®ãè¡ããŸãã ã¢ã¯ã»ã¹ããŒ:Amazon ã¢ã¯ã»ã¹ã㌠ID ãå ¥åããŸãããã㯠20æåã®è±æ°åã·ãŒã±ã³ã¹ã§ ãã ã·ãŒã¯ã¬ããããŒ:ã·ãŒã¯ã¬ããã¢ã¯ã»ã¹ããŒãå ¥åããŸãããã㯠40æåã®ã·ãŒã±ã³ã¹ã§ãã 2. ãé©çš ããã¯ãªãã¯ããŸãã ã³ãã¯ã·ã§ã³ãã€ã³ããŒãããããã¹ããŒã¿ã¹ ãããŒãžã«è¡šç€ºãããŸãã Amazon VPC èšå®ã« ã ã ã€ã³ ããŒã æ¢åã®ã³ãã¯ã·ã§ã³ãªã¹ãã«1ã€ã®æ¥ç¶ãè¿œå ããã«ã¯ããã®ã³ãã¯ã·ã§ã³ã®èšå®ãã¡ã€ã«ãã¢ãã ããŒãããå¿ èŠããããŸãã 1ã€ã®ã³ãã¯ã·ã§ã³ãã€ã³ããŒãããã«ã¯ã以äžã®æé ã«åŸããŸãã UTM 9 管çã¬ã€ã 417 15.2 IPsec 15 ãµã€ãé VPN 1. Amazon VPC ã³ãã¯ã·ã§ã³ã®èšå®ãã¡ã€ã«ãããŠã³ããŒãããŸãã Amazon ã®ããŠã³ããŒããã€ã¢ãã°ã§ãããã³ããŒãããããããŠã³ãªã¹ããããSophosããéžæã ãŸãã 2. ããã¡ã€ã«ã®ã¢ããããŒã ããã€ã¢ãã°ããã¯ã¹ãéããŸãã ãVPC èšå®ãã¡ã€ã« ãããã¯ã¹ã®æšªã«ãããã©ã«ãã¢ã€ã³ã³ãã¯ãªãã¯ããŸãã 3. èšå®ãã¡ã€ã«ãéžæããŠã¢ããããŒãããŸãã éžæãããã¡ã€ã«ãã¢ããããŒãããã«ã¯ããã¢ããããŒãéå§ ããã¿ã³ãã¯ãªãã¯ããŸãã ãã¡ã€ã«åããVPC èšå®ãã¡ã€ã« ãããã¯ã¹ã«è¡šç€ºãããŸãã 4. ã¹ã¿ãã£ãã¯ã«ãŒãã£ã³ã°ã䜿çšããå Žåã¯ããªã¢ãŒããããã¯ãŒã¯ãå ¥åããŠãã ããã ãªã¢ãŒããããã¯ãŒã¯ã¯ãèšå®ãã¡ã€ã«ã®äžéšã§ã¯ãããŸããããããã£ãŠãããªã¢ãŒãããã ã¯ãŒã¯ ããã£ãŒã«ãã«ã10.0.0.0/8 ãªã©å¥ã«å ¥åããå¿ èŠããããŸãããã®ãã£ãŒã«ã ã¯ãAmazon VPC ã§åçã«ãŒãã£ã³ã°ã§ãªããéçã«ãŒãã£ã³ã°ã䜿çšããããã«èšå®ããå Ž åã®ã¿ã«éèŠã§ãã 5. ãé©çš ããã¯ãªãã¯ããŸãã ã³ãã¯ã·ã§ã³ãã€ã³ããŒãããããã¹ããŒã¿ã¹ ãããŒãžã«è¡šç€ºãããŸãã 15.2 IPsec IPsec (IP Security) ãšã¯ããã¹ãŠã® IP ãã±ãããæå·åãŸãã¯èªèšŒããããš (ãããã¯ãã®äž¡æ¹) ã« ãã£ãŠ IP (ã€ã³ã¿ãŒããããããã³ã«) éä¿¡ã®ã»ãã¥ãªãã£ãç¶æããããã®æšæºã§ãã IPsec æšæºã¯ã次㮠2ã€ã®ãµãŒãã¹ã¢ãŒããš 2ã€ã®ãããã³ã«ãå®çŸ©ããŠããŸãã l ãã©ã³ã¹ããŒãã¢ãŒã l ãã³ãã«ã¢ãŒã l AH (èªèšŒããã) èªèšŒãããã³ã« l ESP (ã«ãã»ã«åã»ãã¥ãªãã£ãã€ããŒã) æå·å (ããã³èªèšŒ) ãããã³ã« IPsec ã«ã¯ãSA (ã»ãã¥ãªãã£ã¢ãœã·ãšãŒã·ã§ã³) ãšéµé åžãæåããã³èªåã§ç®¡çããããã®æ¹æ³ ãçšæãããŠããŸãããããã®ç¹åŸŽã¯ãDOI (解éãã¡ã€ã³) ã§äžå 管çãããŠããŸãã IPsec ã¢ãŒã IPsec ã¯ããã©ã³ã¹ããŒãã¢ãŒããŸãã¯ãã³ãã«ã¢ãŒãã§æ©èœããŸããååçã«ããã¹ãéæ¥ç¶ã§ã¯ã© ã¡ãã®ã¢ãŒãã䜿çšã§ããŸãããã ããããããã®ãšã³ããã€ã³ããã»ãã¥ãªãã£ã²ãŒããŠã§ã€ã§ãã 418 UTM 9 管çã¬ã€ã 15 ãµã€ãé VPN 15.2 IPsec å Žåããã³ãã«ã¢ãŒãã䜿çšããå¿ èŠããããŸãããã® UTM ã§ã® IPsec VPN æ¥ç¶ã§ã¯ãåžžã«ãã³ã ã«ã¢ãŒãã䜿çšãããŸãã ãã©ã³ã¹ããŒãã¢ãŒãã§ã¯ãå ã® IP ãã±ããã¯ä»ã®ãã±ããã«ã«ãã»ã«åãããŸãããå ã® IP ãã ãã¯ç¶æããããã±ããã®æ®ãã®éšåã¯å¹³æã®ãŸãŸ (AH) ãŸãã¯ã«ãã»ã«åãã㊠(ESP) éä¿¡ãã ãŸãããã±ããå šäœã AH ã§èªèšŒããããšããESP ã§ãã€ããŒããã«ãã»ã«åããŠèªèšŒããããšãã§ã ãŸãããããã®å Žåããå ã®ãããã¯å¹³æãšã㊠WAN çµç±ã§éä¿¡ãããŸãã ãã³ãã«ã¢ãŒãã§ã¯ããã±ããããããšãã€ããŒãã®å šäœãæ°ãã IP ãã±ããã«ã«ãã»ã«åãã㟠ããIP ãããã IP ãã±ããã«è¿œå ãããå®å ã¢ãã¬ã¹ã¯åä¿¡åŽãã³ãã«ãšã³ããã€ã³ãã«èšå®ãã ãŸããã«ãã»ã«åãã±ããã® IP ã¢ãã¬ã¹ã¯å€æŽãªãã§ç¶æãããŸããç¶ããŠãå ã®ãã±ããã AH ã§èªèšŒãããããESP ã§ã«ãã»ã«åãããŠèªèšŒãããŸãã IPsec ãããã³ã« IPsec ã§ã¯ãIP ã¬ãã«ã§å®å šã«éä¿¡ããããã« 2ã€ã®ãããã³ã«ã䜿çšããŸãã l AH (èªèšŒããã):ãã±ããéä¿¡è ãèªèšŒãããã±ããããŒã¿ã®å®å šæ§ãä¿èšŒããããã®ããã ã³ã«ã l ã«ãã»ã«åã»ãã¥ãªãã£ãã€ããŒã (ESP):ãã±ããå šäœãæå·åãããã®ã³ã³ãã³ããèªèšŒãã ããã®ãããã³ã«ã AH (èªèšŒããã) ãããã³ã«ã¯ããã±ããããŒã¿ã®ä¿¡é Œæ§ãšå®å šæ§ããã§ãã¯ããŸããããã«ãéä¿¡è ãšåä¿¡è ã® IP ã¢ãã¬ã¹ãéä¿¡äžã«å€æŽãããŠããªãããšããã§ãã¯ããŸãããã±ããã¯ãããã·ã¥ ããŒã¹ã®ã¡ãã»ãŒãžèªèšŒã³ãŒã (HMAC) ãšéµã䜿çšããŠäœæããããã§ãã¯ãµã ã䜿çšããŠèªèšŒã ããŸãã次ã®ããããã®ããã·ã¥ã¢ã«ãŽãªãºã ã䜿çšãããŸãã l MD5 (ã¡ãã»ãŒãžãã€ãžã§ã¹ããããŒãžã§ã³ 5):ãã®ã¢ã«ãŽãªãºã ã§ã¯ãä»»æã®ãµã€ãºã®ã¡ãã»ãŒ ãžãã 128ãããã®ãã§ãã¯ãµã ãçæãããŸãããã®ãã§ãã¯ãµã ã¯ã¡ãã»ãŒãžã®æçŽã®ã ããªãã®ã§ãã¡ãã»ãŒãžãå€æŽããããšãã§ãã¯ãµã ãå€ãããŸãããã®ããã·ã¥å€ã¯ãããžã¿ ã«çœ²åãŸãã¯ã¡ãã»ãŒãžãã€ãžã§ã¹ããšãåŒã°ããŸãã l SHA-1 (ã»ãã¥ã¢ããã·ã¥):ãã®ã¢ã«ãŽãªãºã ã§ã¯ MD5 ãšé¡äŒŒããããã·ã¥ãçæãããŸã ããSHA-1 ããã·ã¥ã¯é·ãã 160ãããã§ããSHA-1 ã¯éµã MD5 ããé·ããããMD5 ãã匷 åãªã»ãã¥ãªãã£ãå®çŸããŸãã MD5 ãšæ¯èŒãããšãSHA-1 ããã·ã¥ã¯èšç®ãé£ãããçæã«å¿ èŠãª CPU æéã¯ããé·ããªããŸãã ãã¡ãããèšç®é床ã¯ãããã»ããµã®åŠçé床ãšSophos UTMã§äœ¿çšããã IPsec VPN æ¥ç¶ã®æ°ã« äŸåããŸãã ESP (ã«ãã»ã«åã»ãã¥ãªãã£ãã€ããŒã) ãããã³ã«ã«ã¯ãæå·å以å€ã«ãéä¿¡è ãèªèšŒãããã±ãã ã³ã³ãã³ããæ€èšŒããæ©èœããããŸãããã³ãã«ã¢ãŒã㧠ESP ã䜿çšãããšãIP ãã±ããå šäœ (ããã UTM 9 管çã¬ã€ã 419 15.2 IPsec 15 ãµã€ãé VPN ãšãã€ããŒã) ãæå·åãããŸããããã§ãæå·åãããŠããªã IP ããããš ESP ããããã«ãã»ã«å ãããã±ããã«è¿œå ãããŸããæ°ãã IP ãããã«ã¯ãåä¿¡åŽã²ãŒããŠã§ã€ãšéä¿¡åŽã²ãŒããŠã§ã€ã®ã¢ ãã¬ã¹ãå«ãŸããŠããŸãããããã® IP ã¢ãã¬ã¹ã¯ãVPN ãã³ãã«ã®ã¢ãã¬ã¹ã§ãã æå·åä»ãã® ESP ã§ã¯ãé垞次ã®ã¢ã«ãŽãªãºã ã䜿çšãããŸãã l 3DES (ããªãã«ããŒã¿æå·åæšæº) l AES (é«åºŠæå·åæšæº) ãããã®ãã¡ãAES ãæãå®å šã§ããAES ã§äœ¿çšå¯èœãªéµã®æå¹é·ã¯ 128ãããã192ãããã256 ãããã§ããSophos UTMSophos UTM ã¯ãå€æ°ã®æå·åã¢ã«ãŽãªãºã ããµããŒãããŠããŸããèªèšŒã« 㯠MD5 ãŸã㯠SHA-1 ã¢ã«ãŽãªãºã ã䜿çšã§ããŸãã NATãã©ããŒãµã« (NAT-T) NAT ãã©ããŒãµã«ãšã¯ãNAT ããã€ã¹ã䜿çšãã TCP/IP ãããã¯ãŒã¯å ã®ãã¹ãéã§æ¥ç¶ãç¢ºç« ããããã®æè¡ã§ãããã®æ¥ç¶ã¯ãESP ãã±ããã® UDP ã«ãã»ã«åã䜿çšããŠãNAT ããã€ã¹çµ ç±ã§ IPsec ãã³ãã«ã確ç«ããããšã«ãã£ãŠå®çŸããŸããUDP ã«ãã»ã«åã¯ãIPsec ãã¢é㧠NAT ãæ€åºãããå Žåã®ã¿ã«äœ¿çšãããŸããæ€åºãããªãã£ãå Žåã¯ãéåžžã® ESP ãã±ããã䜿çšã ããŸãã NAT ãã©ããŒãµã«ã«ãããã²ãŒããŠã§ã€ãŸãã¯ããŒããŠã©ãªã¢ã NAT ã«ãŒã¿ã®èåŸã«é 眮ããªã ããIPsec ãã³ãã«ã確ç«ã§ããããã«ãªããŸãããã®æ©èœã䜿çšããå Žåãäž¡æ¹ã® IPsec ãã¢ã§ NAT ãã©ããŒãµã«ããµããŒããããŠããå¿ èŠããããŸããããŽã·ãšãŒã·ã§ã³ã¯èªåçã«è¡ãã㟠ããNAT ããã€ã¹ã§ IPsec ãã¹ã¹ã«ãŒããªãã«ãªã£ãŠããããšã確èªããŠãã ããããªã³ã«ãªã£ãŠã ããšãNAT ãã©ããŒãµã«ã®äœ¿çšã«æ¯éãåºãå¯èœæ§ããããŸãã ããŒããŠã©ãªã¢ã§ NAT ãã©ããŒãµã«ã䜿çšããå ŽåãWebAdmin å ã®å¯Ÿå¿ãŠãŒã¶ãªããžã§ã¯ãã«é çãªãªã¢ãŒãã¢ã¯ã»ã¹ IP ã¢ãã¬ã¹ (RAS ã¢ãã¬ã¹) ãèšå®ãããŠããå¿ èŠããããŸã (WebAdmin ã® ããŠãŒã¶ ãããŒãžã®ããªã¢ãŒãã¢ã¯ã»ã¹ã«ã¹ã¿ãã£ã㯠IP ã¢ãã¬ã¹ãäœ¿çš ããåç §ããŠãã ãã) ã ããŒã¿æªéä¿¡æã«ç¢ºç«ããããã³ãã«ãæéåãã«ãªãããšãé²ãããã«ãNAT ãã©ããŒãµã«ã® keep-alive ä¿¡å·ãããã©ã«ã㧠60ç§ééã§éä¿¡ãããŸããkeep-alive ã¡ãã»ãŒãžã¯ãNAT ã«ãŒã¿ã ã»ãã·ã§ã³ã«é¢é£ããã¹ããŒãæ å ±ãç¶æããŠããããã³ãã«ãéãããŸãŸã§ããããšã確èªããã ãã«éä¿¡ãããŸãã TOS ããµãŒãã¹ã¿ã€ããããã (TOS ããã) ã¯ãIP ãããã«ããããã€ãã® 4ããããã©ã°ã§ãããããã®ãã ãã¯ãã©ã®ã¿ã€ãã®ãµãŒãã¹å質ãå¿ èŠã§ãããã転éã¢ããªã±ãŒã·ã§ã³ããããã¯ãŒã¯ã«äŒããã 420 UTM 9 管çã¬ã€ã 15 ãµã€ãé VPN 15.2 IPsec ãšãèš±å¯ããããããµãŒãã¹ã¹ã¿ã€ãããããšåŒã°ããŠããŸãã Sophos UTMãžã® IPsec å°å ¥ã§ã¯ãTOS ã®å€ã¯åžžã«ã³ããŒãããŸãã 15.2.1 ã³ãã¯ã·ã§ã³ ããµã€ãé VPN > IPsec > ã³ãã¯ã·ã§ã³ãã¿ãã§ã¯ãIPsec ã³ãã¯ã·ã§ã³ãäœæããã³ç·šéããããšã㧠ããŸãã IPsec ã³ãã¯ã·ã§ã³ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãã³ãã¯ã·ã§ã³ãã¿ãã§ãæ°èŠ IPsec ã³ãã¯ã·ã§ã³ããã¯ãªãã¯ããŸãã ãIPsec ã³ãã¯ã·ã§ã³ã®è¿œå ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã®æ¥ç¶ã説æããååãå ¥åããŠãã ããã ãªã¢ãŒãã²ãŒããŠã§ã€:ãªã¢ãŒãã²ãŒããŠã§ã€å®çŸ©ãéžæããŸãããªã¢ãŒãã²ãŒããŠã§ã€ã¯ãããµã€ã é VPN > IPsec > ãªã¢ãŒãã²ãŒããŠã§ã€ãã¿ãã§èšå®ããŸãã ããŒã«ã«ã€ã³ã¿ãã§ãŒã¹:IPsec ãã³ãã«ã®ããŒã«ã«ãšã³ããã€ã³ããšããŠäœ¿çšãããã€ã³ã¿ ãã§ãŒã¹ã®ååãéžæããŸãã ããªã·ãŒ:ãã® IPsec ã³ãã¯ã·ã§ã³ã® IPsec ããªã·ãŒãéžæããŸããIPsec ããªã·ãŒã¯ãããµã€ã é VPN > IPsec > ããªã·ãŒãã¿ãã§å®çŸ©ã§ããŸãã ããŒã«ã«ãããã¯ãŒã¯:VPN ãã³ãã«çµç±ã§ã¢ã¯ã»ã¹å¯èœã«ããããŒã«ã«ãããã¯ãŒã¯ãéžæ ããŸãã èªåãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«:ãã®ãªãã·ã§ã³ãéžæãããšããã®æ¥ç¶çšã®ãã©ãã£ãã¯ãèš±å¯ ãããã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ãèªåçã«è¿œå ããããšãã§ããŸããã«ãŒã«ã¯ãæ¥ç¶ã確ç«ã ããšããã«è¿œå ãããæ¥ç¶ãç¡å¹ã«ãªããšåé€ãããŸããããå³æ Œãª IPsec æ¥ç¶ã䜿çšãã å Žåã¯ããèªåãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã« ããç¡å¹ã«ããŠã代ããã«ãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã« ã»ããå ã® IPsec ãªããžã§ã¯ãã䜿çšããŠãã ããã å³å¯ã«ãŒãã£ã³ã°:ã¹ããªã¯ãã«ãŒãã£ã³ã°ãéžæãããšãVPN ã«ãŒãã£ã³ã°ã¯ (å®å IP ã¢ã㬠ã¹ã®ã¿ã§ã¯ãªã) éä¿¡å IP ã¢ãã¬ã¹ãšå®å IP ã¢ãã¬ã¹ã«åŸã£ãŠå®è¡ãããŸãããã®å Ž åãVPN ãã³ãã«å®çŸ©ãšå®å šã«äžèŽãããã±ããã®ã¿ã VPN ãã³ãã«ã«ã«ãŒãã£ã³ã°ãã㟠ãããã®çµæãSNAT ã䜿çšããŠæ¬æ¥ãã³ãã«å®çŸ©ã®äžéšã§ã¯ãªããããã¯ãŒã¯ãŸãã¯ãã¹ ãã VPN ãã³ãã«ã«è¿œå ããããšã¯ã§ããŸãããäžæ¹ãå³å¯ã«ãŒãã£ã³ã°ã䜿çšããªãå Žåã ç°ãªãéä¿¡å ã¢ãã¬ã¹ããåããããã¯ãŒã¯ã«å¯ŸããŠéæå·å/æå·åã®æ··åšããã»ãã ã¢ãããè¡ãããšã¯ã§ããŸããã UTM 9 管çã¬ã€ã 421 15.2 IPsec 15 ãµã€ãé VPN ãã³ãã«ãããŒã«ã«ã€ã³ã¿ãã§ãŒã¹ã«ãã€ã³ã:ããã©ã«ãã§ãã®ãªãã·ã§ã³ã¯éžæ解é€ãã㊠ãããéä¿¡å ãæå®ããããŒã«ã«ãããã¯ãŒã¯ã§ãéä¿¡å ãæå®ãããªã¢ãŒããããã¯ãŒã¯ã® ãã©ãã£ãã¯ãã¹ãŠã¯ãåžžã«ããã® IPsec ãã³ãã«çµç±ã§éä¿¡ãããŸããã»ã¬ã¯ã¿ãåžžã«åã㧠ãããããç°ãªãã€ã³ã¿ãŒãã§ãŒã¹ã«ãåäžã®ãã³ãã«ãè€æ°ãã€ã³ãããããšã¯ã§ããŸããã ããããæå¹ã«ããå Žåãæå®ãã IPsec ã»ã¬ã¯ã¿ã¯ãéžæããããŒã«ã«ã€ã³ã¿ãŒãã§ãŒã¹ã« ãã€ã³ããããŸãããããã£ãŠãéçã«ãŒã㧠IPsec ããªã·ãŒãåé¿ããããç°ãªãã¢ãã㪠ã³ã¯ã䜿çšããŠåé·ã® IPsec ãã³ãã«ãæå®ããŠããã«ããã¹ã«ãŒã«ã䜿çšããŠã䜿çšå¯èœ ãªã€ã³ã¿ãŒãã§ãŒã¹ãš IPsec ãã³ãã«ã«ãŠããã©ãã£ãã¯ã®åæ£ãå®çŸããããšãå¯èœã§ãã ã ã®èšå®ã¯æ¬¡ã®ãããªå Žåã«äœ¿çšããŸãã l ã¹ã¿ãã£ãã¯ã«ãŒãçµç±ã§ãªã¢ãŒããããã¯ãŒã¯ã«æå±ããããŒã«ã«ãã¹ãã® IPsec ã㪠ã·ãŒãåé¿ããã l ãã«ããã¹ã«ãŒã«ã䜿çšããã¬ã€ã€ãŒ 3 ããã³ã¬ã€ã€ãŒ 4 ã«åºã¥ãããã©ãã£ãã¯ãã è€æ°ã® IPsec ãã³ãã«ãèªåãã§ã€ã«ãªãŒããŒã®ãã MPLS ãªã³ã¯ã§åæ£ããã 泚 â ãã®ãªãã·ã§ã³ã¯ãã€ã³ã¿ãŒãã§ãŒã¹ã°ã«ãŒãã§ã¯äœ¿çšã§ããŸããã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããã³ãã¯ã·ã§ã³ã IPsec ã®ãã³ãã¯ã·ã§ã³ããªã¹ãã«è¡šç€ºãããŸãã æ¥ç¶ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã ã©ã€ããã°ãéã:IPsec VPN ã©ã€ããã°ã«ã¯ã確ç«ããã IPsec ã³ãã¯ã·ã§ã³ã«é¢ããã¢ãã¿ãªã³ã°æ å ±ã衚瀺ãããŸãããã¿ã³ãã¯ãªãã¯ããŠãæ°ãããŠã£ã³ããŠã§ã©ã€ããã°ãéããŸãã 15.2.2 ãªã¢ãŒãã²ãŒããŠã§ã€ ããµã€ãé VPN > IPsec > ãªã¢ãŒãã²ãŒããŠã§ã€ãã¿ãã§ã¯ããµã€ãé VPN ãã³ãã«çšã«ãªã¢ãŒãã²ãŒã ãŠã§ã€ãå®çŸ©ã§ããŸãããããã®ãªã¢ãŒããããã¯ãŒã¯å®çŸ©ã¯ããIPsec > ã³ãã¯ã·ã§ã³ãã¿ã㧠IPsec ã³ ãã¯ã·ã§ã³ãäœæãããšäœ¿çšå¯èœã«ãªããŸãã ãªã¢ãŒãã²ãŒããŠã§ã€ãè¿œå ããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ããªã¢ãŒãã²ãŒããŠã§ã€ãã¿ãã§ããæ°èŠãªã¢ãŒãã²ãŒããŠã§ã€ããã¯ãªãã¯ããŸãã ããªã¢ãŒãã²ãŒããŠã§ã€ã®è¿œå ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã®ãªã¢ãŒãã²ãŒããŠã§ã€ã説æããååãå ¥åããŠãã ããã 422 UTM 9 管çã¬ã€ã 15 ãµã€ãé VPN 15.2 IPsec ã²ãŒããŠã§ã€ã¿ã€ã:ã²ãŒããŠã§ã€ã®ã¿ã€ããéžæããŸãã次ã®ã¿ã€ãã䜿çšã§ããŸãã l ã€ãã·ãšãŒããè¡ã:ãªã¢ãŒããšã³ããã€ã³ãã«éç IP ã¢ãã¬ã¹ãããããªã¢ãŒãã²ãŒã ãŠã§ã€ãžã®æ¥ç¶ãã²ãŒããŠã§ã€ã«ãã£ãŠéå§ã§ããå Žåã«éžæããŸããéžæããå Ž åããã²ãŒããŠã§ã€ãããã¯ã¹ã«ãªã¢ãŒãã²ãŒããŠã§ã€ãæå®ããŸãããã®ãªãã·ã§ã³ã¯ã㪠ã¢ãŒãã²ãŒããŠã§ã€ã DynDNS ã«ãã£ãŠè§£æ±ºãããå Žåã«ãéžæã§ããŸãã l ã¬ã¹ãã³ãã®ã¿:ãªã¢ãŒããšã³ããã€ã³ãã® IP ã¢ãã¬ã¹ãäžæã§ããããDynDNS ã§è§£ 決ã§ããªãå Žåã«éžæããŸããã²ãŒããŠã§ã€ã¯ãªã¢ãŒãã²ãŒããŠã§ã€ãžã®æ¥ç¶ãéå§ã§ ãããå¿çã®ã¿ãè¡ãã°è¯ãæ¥ç¶ãåä¿¡ãããŸã§åŸ æ©ããŸãã èªèšŒã¿ã€ã:ãã®ãªã¢ãŒãã²ãŒããŠã§ã€å®çŸ©ã®èªèšŒã¿ã€ããéžæããŸãã次ã®ã¿ã€ãã䜿çšã§ã ãŸãã l äºåå ±æéµ:ãäºåå ±æéµ ã(PSK) ã«ããèªèšŒã§ã¯ãç§å¯ã®ãã¹ã¯ãŒããéµãšããŠäœ¿çš ããŸãããããã®ãã¹ã¯ãŒãã¯ãæ¥ç¶ã確ç«ããåã«ãšã³ããã€ã³ãã«é åžããå¿ èŠ ããããŸããæ°ãã VPN ãã³ãã«ã確ç«ããããšã䞡端ã§ãçžæåŽãç§å¯ã®ãã¹ ã¯ãŒããç¥ã£ãŠããããšã®ãã§ãã¯ãè¡ãããŸããPSK ã®ã»ãã¥ãªãã£ã¯ã䜿çšããã ã¹ã¯ãŒãã®å質ã«äŸåããŸããäžè¬çãªèšèãæå¥ã§ã¯ãèŸæžæ»æã«å¯ŸããŠè匱 ã§ããåžžæã®ããŸãã¯é·æç㪠IPsec ã³ãã¯ã·ã§ã³ã§ã¯ããã¹ã¯ãŒãã®ä»£ããã«èšŒæ æžã䜿çšãã¹ãã§ãã l RSA éµ:RSA éµã䜿çšããèªèšŒã¯ãããé«åºŠã§ãããã®æ¹åŒã§ã¯ãå ¬ééµãšç§å¯éµã ãæãéµãã¢ãæ¥ç¶ã®äž¡ç«¯ã§çæãããŸããç§å¯éµã¯ãéµäº€ææã®æå·åãšèªèšŒ ã§å¿ èŠã§ãããã®èªèšŒæ¹åŒã䜿çšãã IPsecVPN æ¥ç¶ã®äž¡ãšã³ããã€ã³ãã¯ãç¬èª ã®éµãã¢ãå¿ èŠãšããŸãããªã¢ãŒããŠãããã®å ¬é RSA éµ (ããµã€ãé VPN > IPsec > ããŒã«ã« RSA éµ ã) ãããŒã«ã«ãŠãããã®ãå ¬ééµ ãããã¯ã¹ã«ã³ããŒããéæ¹åã®ã³ ããŒãè¡ããŸããããã«ãããããã® RSA éµã«å¯Ÿå¿ãã VPN ID ã¿ã€ããš VPN èå¥å ãå ¥åããŸãã l ããŒã«ã« X.509 蚌ææž:åæ§ã«ãX.509 蚌ææžã«ããèªèšŒæ¹åŒãå ¬ééµãšç§å¯éµã䜿 çšããŸããX.509 蚌ææžã«ã¯ãå ¬ééµãšãéµã®ææè ãç¹å®ããæ å ±ãå«ãŸããŠã ãŸãããã®ãããªèšŒææžã¯ãä¿¡é ŒãããèªèšŒå± (CA) ã«ãã£ãŠçœ²åãããçºè¡ãããã ã®ã§ããéµäº€æäžã«èšŒææžã亀æãããããŒã«ã«ä¿åããã CA 蚌ææžã䜿çšã㊠èªèšŒãããŸãããªã¢ãŒãã²ãŒããŠã§ã€ã® X.509 蚌ææžããŠãããã«ããŒã«ã«ä¿åãã㊠ããå Žåããã®èªèšŒã¿ã€ãã䜿çšããŠãã ããã l ãªã¢ãŒã X.509 蚌ææž:ãªã¢ãŒãã²ãŒããŠã§ã€ã® X.509 蚌ææžããŠãããã«ããŒã«ã«ä¿å ãããŠããªãå Žåããã®èªèšŒã¿ã€ãã䜿çšããŠãã ããããªã¢ãŒããŠãããã§äœ¿çšãã㊠ãã蚌ææžã® VPN ID ã¿ã€ããš VPN èå¥åãéžæããå¿ èŠããããŸãããã®èšŒææž ã¯ãããµã€ãé VPN > IPsec > 詳现 ãã¿ãã®ãããŒã«ã« X.509 蚌ææž ããšãªã¢ã§éžæãã ããã®ã§ãã UTM 9 管çã¬ã€ã 423 15.2 IPsec 15 ãµã€ãé VPN VPN ID ã¿ã€ã:èªèšŒã¿ã€ãã«ãã£ãŠã¯ãVPN ID ã¿ã€ããš VPN èå¥åãéžæããå¿ èŠããã㟠ããããã§å ¥åãã VPN èå¥åã¯ããªã¢ãŒããµã€ãã§èšå®ããå€ãšäžèŽããŠããå¿ èŠããã ãŸãããµã€ãé VPN ãã³ãã«ã®ç¢ºç«ã« 2å°ã®UTMã¢ãã©ã€ã¢ã³ã¹ã䜿çšããŠãããšããŸãã ããŒã«ã«ãŠãããã§ã®èªèšŒã¿ã€ããšããŠãRSA éµ ããéžæããå ŽåãVPN ID ã¿ã€ããš VPN èå¥ åããªã¢ãŒããŠãããã®ããµã€ãé VPN > IPsec > ããŒã«ã« RSA éµ ãã¿ãã§ã®èšå®ãšäžèŽã㊠ããå¿ èŠããããŸãã次㮠VPN ID ã¿ã€ããéžæã§ããŸãã l IP ã¢ãã¬ã¹ l ãã¹ãå l ã¡ãŒã«ã¢ãã¬ã¹ l èå¥å:ãªã¢ãŒã X.509 蚌ææž èªèšŒã®ã¿ã§äœ¿çšã l ä»»æ:ãå¿çã®ã¿ ãã²ãŒããŠã§ã€ã¿ã€ãã®ããã©ã«ãã ãªã¢ãŒããããã¯ãŒã¯:ãªã¢ãŒãã²ãŒããŠã§ã€çµç±ã§ã¢ã¯ã»ã¹å¯èœã«ãããªã¢ãŒããããã¯ãŒã¯ã éžæããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. å¿ èŠã«å¿ããŠã詳现èšå®ãè¡ããŸãã 以äžã®è©³çŽ°èšå®ã¯ã圱é¿ãç解ããŠããå Žåã«ã®ã¿è¡ã£ãŠãã ããã Path MTU ãã£ã¹ã«ããªã®ãµããŒã:PMTU (ãã¹æ倧äŒéåäœ) ãšã¯ãéä¿¡ãããããŒã¿ã ã±ããã®ãµã€ãºã§ããIP ããŒã¿ãã±ããã¯ãéä¿¡å ããå®å ãŸã§ã®ãã¹ã®ã©ãã§ããã©ã°ã¡ã³ ããŒã·ã§ã³ (æçå) ãå¿ èŠãšããªãæ倧ãµã€ãºã«ããããšãæãŸããŸãããã¹äžã®äžéšã«ãŒ ã¿ã«ãšã£ãŠæçåããªãã§è»¢éããã«ã¯å€§ãéããããŒã¿ãã±ãããããå Žåããã®ã«ãŒã¿ ã¯ããããç Žæ£ããŠãICMP Destination Unreachable ã¡ãã»ãŒãžããfragmentation needed and DF setããæå³ããã³ãŒããšãšãã«è¿ããŸããéä¿¡å ãã¹ãã¯ããã®ãããªã¡ãã»ãŒãžãåä¿¡ã ããšããã®ãã¹ã«å¯ŸããŠæ³å®ããã PMTU ãæžãããŸãã ãã®ãªãã·ã§ã³ãæå¹ã«ãããšããµãŒãåŽã§ PMTU ãæå¹ã«ãªã£ãŠããå Žåã«UTMã PMTU ãæå¹åããŸãã 茻茳ç¶æ éç¥ãµããŒã (ECN):ECN (æ瀺çãªèŒ»èŒ³éç¥) ãšã¯ã€ã³ã¿ãŒããããããã³ã«ã®æ¡åŒµ ã§ããããããã¯ãŒã¯èŒ»èŒ³ã®ãšã³ãããŒãšã³ããªéç¥ããã±ããã®ãããããªãã§èš±å¯ããŸãã å ã® IP ãã±ããã®ããããã IPsec ãã±ããã®ãããã« ECN æ å ±ãã³ããŒããã«ã¯ããã®ãª ãã·ã§ã³ãéžæããŸãããªã¢ãŒããšã³ããã€ã³ãããã³äžäœã®ãããã¯ãŒã¯ãšé¢äžããã«ãŒã¿ã ããããµããŒãããŠããå¿ èŠããããŸãã XAUTHã¯ã©ã€ã¢ã³ãã¢ãŒãã®æå¹å:XAUTHãšã¯ãIPsec IKE ã®æ¡åŒµã§ãããVPN ã²ãŒããŠã§ã€ ã§ãŠãŒã¶åãšãã¹ã¯ãŒãã䜿çšããŠãŠãŒã¶ãèªèšŒããŸãããã®ãªã¢ãŒãã²ãŒããŠã§ã€ã§ã®èªèšŒ 424 UTM 9 管çã¬ã€ã 15 ãµã€ãé VPN 15.2 IPsec ã« XAUTH ã䜿çšããããã«ã¯ããã®ãªãã·ã§ã³ãéžæããŠããªã¢ãŒãã²ãŒããŠã§ã€ã®èŠæ±ã« åŸã£ãŠãŠãŒã¶åãšãã¹ã¯ãŒã (2å) ãå ¥åããŸãã 4. ãä¿å ããã¯ãªãã¯ããŸãã ã²ãŒããŠã§ã€å®çŸ©ãããªã¢ãŒãã²ãŒããŠã§ã€ããªã¹ãã«è¡šç€ºãããŸãã ãªã¢ãŒãã²ãŒããŠã§ã€å®çŸ©ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 15.2.3 ããªã·ãŒ ãIPsec > ããªã·ãŒãã¿ãã§ã¯ãIPsec ã³ãã¯ã·ã§ã³çšã®ãã©ã¡ãŒã¿ãã«ã¹ã¿ãã€ãºããããªã·ãŒã«çµ±åã ãããšãã§ããŸããIPsec ããªã·ãŒã¯ãIPsec ã³ãã¯ã·ã§ã³ã® IKE (ã€ã³ã¿ãŒãããéµäº€æ) ãš IPsec ãã ããŒã¶ã«ãã©ã¡ãŒã¿ãå®çŸ©ããŸããããããã® IPsec ã³ãã¯ã·ã§ã³ã«ã¯ IPsec ããªã·ãŒãå¿ èŠã§ãã 泚 â Sophos UTM ã¯ãIKE ãã§ãŒãº 1 ã®ã¡ã€ã³ã¢ãŒãã®ã¿ããµããŒãããŠããŸããã¢ã°ã¬ãã·ãã¢ãŒ ãã¯ãµããŒããããŠããŸããã IPsec ããªã·ãŒãäœæããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ãããªã·ãŒãã¿ãã§ããæ°èŠ IPsec ããªã·ãŒããã¯ãªãã¯ããŸãã ãIPsec ããªã·ãŒã®è¿œå ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã®ããªã·ãŒã説æããååãå ¥åããŸãã IKE æå·åã¢ã«ãŽãªãºã :æå·åã¢ã«ãŽãªãºã ã§ã¯ãIKE ã¡ãã»ãŒãžã®æå·åã«äœ¿çšãã㢠ã«ãŽãªãºã ãæå®ããŸãã以äžã®ã¢ã«ãŽãªãºã ããµããŒããããŠããŸãã l DES (56ããã) l 3DES (168ããã) l AES 128 (128ããã) l AES 192 (192ããã) l AES 256 (256ããã) l Blowfish (128ããã) l Twofish (128ããã) l Serpent (128ããã) UTM 9 管çã¬ã€ã 425 15.2 IPsec 15 ãµã€ãé VPN ã»ãã¥ãªãã£ã«é¢ããæ³šèš â DES ã®äœ¿çšã¯æšå¥šãããŸãããã¢ã«ãŽãªãºã ã®åŒ·åºŠãäœã ãããè匱æ§ã«ã€ãªããå¯èœæ§ããããŸãã IKE èªèšŒã¢ã«ãŽãªãºã :èªèšŒã¢ã«ãŽãªãºã ã§ã¯ãIKE ã¡ãã»ãŒãžã®å®å šæ§ãã§ãã¯ã«äœ¿çšãã ã¢ã«ãŽãªãºã ãæå®ããŸãã以äžã®ã¢ã«ãŽãªãºã ããµããŒããããŠããŸãã l MD5 (128ããã) l SHA1 (160ããã) l SHA2 256 (256ããã) l SHA2 384 (384ããã) l SHA2 512 (512ããã) IKE SA ã©ã€ãã¿ã€ã :ãã®å€ã«ã¯ãIKE SA (ã»ãã¥ãªãã£ã¢ãœã·ãšãŒã·ã§ã³) ãæå¹ãªæé (ã€ãŸ ã次ã®éµæŽæ°ãè¡ãã¿ã€ãã³ã°) ãç§åäœã§æå®ããŸããæå¹ãªå€ã¯ 60ç§ïœ28800ç§ (8æé) ã§ããããã©ã«ãå€ã¯ 7800ç§ã§ãã IKE DH ã°ã«ãŒã:æ¥ç¶ãããŽã·ãšãŒãããéã¯ãéä¿¡ããããŒãã£ã¯ããŒã¿ã®æå·åã«äœ¿çš ããå®éã®éµã«ã€ããŠãåã決ããŸããIKE ã¯ã»ãã·ã§ã³éµãçæããããã«ãã©ã³ãã ã㌠ã¿ãå©çšãã Diffie-Hellman (DH) ã¢ã«ãŽãªãºã ã䜿çšããŸããã©ã³ãã ããŒã¿ã®çæã¯ã㌠ã«ãããã«åºã¥ããŠè¡ãããŸããåºæ¬çã«ã¯ IKE ã°ã«ãŒããããŒã«ãããæ°ãç¥ãããŸãã ããŒã«ãããæ°ãå€ãã»ã©ãã©ã³ãã ãªæ°åã倧ãããªããŸããæ°åã倧ããã»ã©ãDiffieHellman ã¢ã«ãŽãªãºã ã®è§£èªã¯é£ãããªããŸããçµæãšããŠãããŒã«ãããæ°ãå€ããã°å®å š ã§ãããCPU ã®äœ¿çšéãå¢ããŸããçŸåšã¯ä»¥äžã® Diffie-Hellman ã°ã«ãŒãããµããŒããã ãŠããŸãã l Group 1:MODP 768 l Group 2:MODP 1024 l Group 5:MODP 1536 l Group 14:MODP 2048 l Group 15:MODP 3072 l Group 16:MODP 4096 ã»ãã¥ãªãã£ã«é¢ããæ³šèš â ã°ã«ãŒã1 (MODP 768) ã¯åŒ±ããçžäºéçšæ§ã®çç±ã®ã¿ãã ãµããŒããããŠããŸãã䜿çšã¯æšå¥šãããŸãããè匱æ§ã«ã€ãªããå¯èœæ§ããããŸãã 426 UTM 9 管çã¬ã€ã 15 ãµã€ãé VPN 15.2 IPsec IPsec æå·åã¢ã«ãŽãªãºã :IKE ã®å Žåãšåãæå·åã¢ã«ãŽãªãºã ãããã«ã以äžã®ãšã³ããªã ãããŸãã l æå·åãªã (null) l AES 128 CTR (128ããã) l AES 192 CTR (192ããã) l AES 256 CTR (256ããã) l AES 128 GCM (96ããã) l AES 192 GCM (96ããã) l AES 256 GCM (96ããã) l AES 128 GCM (128ããã) l AES 192 GCM (128ããã) l AES 256 GCM (128ããã) ã»ãã¥ãªãã£ã«é¢ããæ³šèš â æå·åãå®è¡ããªãããšããŸã㯠DES ã®äœ¿çšã¯æšå¥šãããŸã ããè匱æ§ã«ã€ãªããå¯èœæ§ããããŸãã IPsec èªèšŒã¢ã«ãŽãªãºã :IKE ã®å ŽåãšåãèªèšŒã¢ã«ãŽãªãºã ãããã«ã以äžã®ã¢ã«ãŽãªãºã ããããŸãã l SHA2 256 (96ããã) l SHA2 384 (96ããã) l SHA2 512 (96ããã) ãããã¯ãããŒãžã§ã³ 8 ããå€ã UTM (ã€ãŸã ASG) ãªã©ãRFC 4868 ã«æºæ ããŠããªããã³ã ã«ãšã³ããã€ã³ãçšã§ããåãæšãŠããããã§ãã¯ãµã 㧠96ãããããé·ããã®ã«ã¯å¯Ÿå¿ã㊠ããŸããã IPsec SA ã©ã€ãã¿ã€ã :ãã®å€ã«ã¯ãIPsec SA ãæå¹ãªæé (ã€ãŸã次ã®éµæŽæ°ãè¡ãã¿ã€ã ã³ã°) ãç§åäœã§æå®ããŸããæå¹ãªå€ã¯ 60ç§ïœ86400ç§ (1æ¥) ã§ããããã©ã«ãå€ã¯ 3600 ç§ã§ãã IPsec PFS ã°ã«ãŒã: Perfect Forward Secrecy(PFS) ãšããæŠå¿µã§ã¯ãã»ãã·ã§ã³éµã䜿çšã§ã ãªããªã£ãå Žåã«ããã®ç¹å®ã»ãã·ã§ã³ã®ããŒã¿ã«ã®ã¿ã¢ã¯ã»ã¹ãèš±å¯ããŸããPFS ãååš ããã«ã¯ãIPsec SA ã®ä¿è·ã«äœ¿çšãããéµã¯ãIKE SA ã®éµãååŸããããã«äœ¿çšãããã© UTM 9 管çã¬ã€ã 427 15.2 IPsec 15 ãµã€ãé VPN ã³ãã éµäœæçšã®ãããªã¢ã«ãã掟çãããã®ã§ã¯ãªãããšãå¿ èŠã§ãããã®å ŽåãPFS 㯠2åç®ã® Diffie-Hellman éµäº€æãéå§ããIPsec æ¥ç¶ã«å¯ŸããŠéžæããã DH ã°ã«ãŒãã æ°ãã«ã©ã³ãã çæãããéµãååŸããããšãææ¡ããŸãããµããŒããããŠãã DiffieHellman ã°ã«ãŒã㯠IKE ã®å Žåãšåãã§ãã PFS ãæå¹ã«ãããšå®å šæ§ãé«ãŸããŸããã亀æã«ããã«æéããããããã«ãªããŸããäœ éãªããŒããŠã§ã¢ã§ã¯ PFS ã¯äœ¿çšããªãããšããå§ãããŸãã 泚 â PFS ã¯ãã¹ãŠã®ãã³ããŒãšã®å®å šãªçžäºéçšæ§ã¯ãããŸãããããŽã·ãšãŒã·ã§ã³æ ã«åé¡ãçºçããããPFS ãç¡å¹ã«ããŠãã ããã å³å¯ããªã·ãŒ:IPsec ã²ãŒããŠã§ã€ãæå·åã¢ã«ãŽãªãºã ããã³ãã®åŒ·åºŠã«ã€ããŠææ¡ãè¡ã ãšãIPsec ããªã·ãŒãããã«å¯Ÿå¿ããŠããªãå Žåã§ããåä¿¡åŽã²ãŒããŠã§ã€ããã®ææ¡ãå ãå ¥ããå ŽåããããŸãããã®ãªãã·ã§ã³ãéžæãããšãæå®ãããã©ã¡ãŒã¿ãå³å¯ã«ãã®ãš ãã䜿çšããããšã«ã€ããŠãªã¢ãŒããšã³ããã€ã³ããåæããªããšãã¯ãIPsec æ¥ç¶ã¯ç¢ºç«ã ããŸãããUTMã® IPsec ããªã·ãŒã AES-256 æå·åãå¿ èŠãšããéã«ãSSH Sentinel ã䜿 çšããããŒããŠã©ãªã¢ã AES-128 ã䜿çšããŠæ¥ç¶ããããšãããšãå³æ Œãªããªã·ãŒãªãã·ã§ã³ ãæå¹ã§ããå Žåã¯ãæ¥ç¶ã¯æåŠãããŸãã 泚 â å§çž®ã®èšå®ã¯ãã¹ããªã¯ãããªã·ãŒããä»ããŠã¯æœè¡ãããŸããã å§çž®:IP ãã€ããŒãå§çž®ãããã³ã« (IPComp) ã«ãã£ãŠIPãã±ãããæå·åã®åã«å§çž®ããã ã©ãããæå®ããŸããIPComp 㯠IP ãã±ãããå§çž®ããŠãã®ãµã€ãºãçž®å°ããéä¿¡ãã¹ããŸã ã¯ã²ãŒããŠã§ã€ã®ãã¢éã®å šäœçãªéä¿¡ããã©ãŒãã³ã¹ãåäžãããŸããããã©ã«ãã§ã¯å§ çž®ã¯ãªãã«ãªã£ãŠããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããããªã·ãŒããããªã·ãŒããªã¹ãã«è¡šç€ºãããŸãã ããªã·ãŒãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 15.2.4 ããŒã«ã« RSA éµ RSA èªèšŒã§ã¯ãVPN ãšã³ããã€ã³ãã®èªèšŒã« RSA éµã䜿çšãããŸãããšã³ããã€ã³ãã®å ¬ééµã¯ã ã³ãã¯ã·ã§ã³ã確ç«ãããåã«æåã§äº€æããå¿ èŠããããŸãããã®èªèšŒã¿ã€ãã䜿çšããå Ž åãVPN èå¥åãå®çŸ©ããŠãããŒã«ã« RSA éµãäœæããå¿ èŠããããŸããã²ãŒããŠã§ã€ã®å ¬é 428 UTM 9 管çã¬ã€ã 15 ãµã€ãé VPN 15.2 IPsec RSA éµããSophos UTM ã«å¯Ÿã㊠IPsec RSA èªèšŒã䜿çšãããªã¢ãŒã IPsec ããã€ã¹ã§äœ¿çšã§ãã ããã«ããå¿ èŠããããŸãã çŸåšã®ã ãŒã«ã«å ¬é RSA éµ çŸåšã€ã³ã¹ããŒã«ãããŠããããŒã«ã« RSA éµãã¢ã®å ¬ééšåã衚瀺ãããŸããããã¯ã¹ãã¯ãªã㯠ããCtrl-A ãš Ctrl-C ãæŒããŠã¯ãªããããŒãã«ã³ããŒããŠãã ããã ã ãŒã«ã« RSA éµ VPN ãªãã·ã§ã³ ã客æ§ã®ããŒãºã«æé©ãª VPN ID ã¿ã€ããéžæããŸããããã©ã«ãã§ã¯ãã²ãŒããŠã§ã€ã®ãã¹ãåã VPN èå¥åãšããŠååŸãããŸããã¹ã¿ãã£ã㯠(éç) IP ã¢ãã¬ã¹ãããŒã«ã« VPN ãšã³ããã€ã³ããšã ãå Žåã¯ããIP ã¢ãã¬ã¹ ããéžæããŸãããããã¯ãã¢ãã€ã« IPsec ããŒããŠã©ãªã¢ã® VPN ID ãšã㊠ã¡ãŒã«ã¢ãã¬ã¹ã䜿çšããããšãã§ããŸãã l ãã¹ãå:ããã©ã«ãèšå®ã¯ã²ãŒããŠã§ã€ã®ãã¹ãåã§ãããã ããããã§ä»ã®ãã¹ãåãå ¥å ããããšãã§ããŸãã l ã¡ãŒã«ã¢ãã¬ã¹:ããã©ã«ãã§ã¯ã²ãŒããŠã§ã€ã® admin ã¢ã«ãŠã³ãã®ã¡ãŒã«ã¢ãã¬ã¹ã§ãããã ããããã§ä»ã®ã¡ãŒã«ã¢ãã¬ã¹ãå ¥åããããšãã§ããŸãã l IP ã¢ãã¬ã¹:ã²ãŒããŠã§ã€ã®å€éšã€ã³ã¿ãã§ãŒã¹ã® IP ã¢ãã¬ã¹ã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãå€æŽããŠããRSA éµã«å€åã¯ãããŸããã ã ãŒã«ã« RSA éµã®åçæ æ°ãã RSA éµãçæããã«ã¯ãåžæããéµãµã€ãºãéžæãããé©çš ããã¯ãªãã¯ããŸããããã«ããã éµçæããã»ã¹ãéå§ããŸããéžæããéµã®é·ããšäœ¿çšããŠããããŒããŠã§ã¢ã«å¿ããŠãåŠçã«ã¯ æ°åããæ倧 2æéãããå ŽåããããŸããéµãµã€ãº (éµã®é·ã) ã¯ã1ã€ã®æå·ã§äœ¿çšå¯èœãªéµ ã®æ°ã®å°ºåºŠã§ããé·ãã¯éåžžããããã§æå®ããŸãã次ã®éµãµã€ãºããµããŒããããŠããŸãã l 1024 ããã l 2048 ããã l 4096 ããã RSA éµãçæãããšãé©åãªå ¬ééµããçŸåšã®ããŒã«ã«å ¬é RSA éµ ãããã¯ã¹ã«è¡šç€ºãããŸãã æ°ãã RSA éµãçæãããšãå€ãéµãäžæžããããŸãã 15.2.5 詳现 ããµã€ãé VPN > IPsec > 詳现 ãã¿ãã§ã¯ãIPsecVPN ã®è©³çŽ°ãªãã·ã§ã³ãèšå®ããããšãã§ããŸãã åžæã®èªèšŒã¿ã€ãã«å¿ããŠãããŒã«ã«èšŒææž (X.509 èªèšŒã®å Žå) ãããŒã«ã« RSA éµ (RSA èªèšŒã® UTM 9 管çã¬ã€ã 429 15.2 IPsec 15 ãµã€ãé VPN å Žå) ãªã©ãå®çŸ©å¯èœã§ãããã®èšå®ã¯çç·ŽãŠãŒã¶ã®ã¿ãè¡ã£ãŠãã ããã ã ãŒã«ã« X.5 0 9 蚌ææž X.509 èªèšŒã§ã¯ã蚌ææžã䜿çšã㊠VPN ãšã³ããã€ã³ãã®å ¬ééµãæ€èšŒããŸãããã®èªèšŒã¿ã€ãã 䜿çšããå Žåã¯ããããŒã«ã« X.509 蚌ææž ããšãªã¢ã®ããããããŠã³ãªã¹ãããããŒã«ã«èšŒææžãéž æããå¿ èŠããããŸããéžæããéµ/蚌ææžã¯ãX.509 èªèšŒãéžæãããå Žåã®ãªã¢ãŒããã¢ãžã® ã²ãŒããŠã§ã€ã®èªèšŒã«äœ¿çšãããŸãã é©åãªç§å¯éµããã蚌ææžã®ã¿éžæã§ããŸããä»ã®èšŒææžã¯ãã®ããããããŠã³ãªã¹ãã§ã¯å©çš ã§ããŸããã éžæã§ãã蚌ææžããªãå Žåãæ°ãã蚌ææžãäœæãããããŸãã¯ã¢ããããŒãæ©èœã䜿çšããŠã€ ã³ããŒãããŠãã蚌ææžç®¡ç ãã¡ãã¥ãŒã§è¿œå ããå¿ èŠããããŸãã 蚌ææžãéžæããããç§å¯éµãä¿è·ãããã¹ãã¬ãŒãºãå ¥åããŸãããã¹ãã¬ãŒãºã¯ä¿åããã»ã¹ ã§ç¢ºèªããããã¹ãã¬ãŒãºãæå·åéµãšäžèŽããªãå Žåã¯ãšã©ãŒã¡ãã»ãŒãžã衚瀺ãããŸãã ã¢ã¯ãã£ããªéµ/蚌ææžãéžæãããšãããã¯ãããŒã«ã« X.509 蚌ææž ããšãªã¢ã«è¡šç€ºãããŸãã ãããã ã¢æ€åº (D PD ) ããããã¢æ€åº (DPD) ã䜿çšããããã¢æ€åºãªãã·ã§ã³ã䜿çšããŠããªã¢ãŒã VPN ã²ãŒããŠã§ã€ãã ãã¯ã¯ã©ã€ã¢ã³ãã«æ¥ç¶ã§ããªãå Žåã¯æ¥ç¶ãèªåçã«çµäºããŸããã¹ã¿ãã£ãã¯ãšã³ããã€ã³ããš ã®æ¥ç¶ã§ã¯ããã³ãã«ã¯èªåçã«åããŽã·ãšãŒããããŸãããã€ãããã¯ãšã³ããã€ã³ããšã®æ¥ç¶ã§ ã¯ããªã¢ãŒãåŽã§ãã³ãã«ã®åããŽã·ãšãŒããè¡ãããšãå¿ èŠã§ããéåžžã¯ãã®ãªãã·ã§ã³ãåžžã«æ å¹ã«ããŠããã»ããå®å šã§ããIPsec ãã¢ã¯ãªã¢ãŒãåŽãããããã¢æ€åºããµããŒããããã©ããã èªåçã«å€æããå¿ èŠã«å¿ããŠéåžžã¢ãŒãã«ãã©ãŒã«ããã¯ããŸãã N AT ã ã©ããŒãµã« (N AT- T) NAT ãã©ããŒãµã«ã䜿çš:ãã®ãªãã·ã§ã³ãéžæãããšãIPsec ãã©ãã£ãã¯ã¯ãããããã¯ãŒã¯ã¢ãã¬ã¹ å€æ ã(NAT) ã䜿çšããã¢ããã¹ããªãŒã ã·ã¹ãã ãééã§ããããã«ãªããŸããããã«ãNATãã©ã㌠ãµã«ã®ããŒãã¢ã©ã€ã (keepalive) ééãå®çŸ©ã§ããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ã㟠ãã 430 UTM 9 管çã¬ã€ã 15 ãµã€ãé VPN 15.2 IPsec CRLåŠç 蚌ææžã®ãããã€ããããŸã æå¹ãªèšŒææžã«äžããããæ¿èªãåãæ¶ãå ŽåããããããããŸã ããããšãã°ã蚌ææžã®åå人ãäžæ£ãªããŒã¿ (ååãªã©) ã䜿ã£ãŠãããäžæ£ã«ååŸããããšã å€æããå Žåãã蚌ææžã«åã蟌ãŸããå ¬ééµã®äžéšã§ããç§å¯éµãæ»æè ãå ¥æããå Žå ã¯ã蚌ææžã倱å¹ããŸãããã®ãããªå Žåã«åããŠããããã蚌ææžå€±å¹ãªã¹ã (CRL) ã䜿çšã ããŸããCRL ã«ã¯éåžžãäŸç¶ãšããŠæå¹æéã¯æ®ã£ãŠãããã®ã®ç¡å¹ãšããã蚌ææžã®ã·ãªã¢ã« çªå·ãå«ãŸããŠããŸãã ãããã®æå¹æéãåãããšã蚌ææžã¯ç¡å¹ã«ãªãããããã¯ãªã¹ãããåé€ãããŸãã èªåååŸ:ãã®æ©èœã¯ãHTTPãAnonymous (å¿å) FTPããŸã㯠LDAP ããŒãžã§ã³ 3 ãä»ãããŒã ããŒèšŒææžã§å®çŸ©ããã URL ãéã㊠CRL ãèŠæ±ããŸããæå¹æéãåããããèŠæ±ã«ãã£ãŠ CRL ãããŠã³ããŒãããä¿åããŠæŽæ°ã§ããŸãããã®æ©èœããããŒã80 ãŸã㯠443 ãçµç±ããã«äœ¿ çšããå Žåã¯ãé©åãªãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ãèšå®ããŠãCRL é åžãµãŒãã«ã¢ã¯ã»ã¹ã§ãããã ã«ããŠãã ããã å³å¯ããªã·ãŒ:ãã®ãªãã·ã§ã³ãæå¹ã«ãããšã察å¿ãã CRL ã®ãªãããŒãããŒèšŒææžã¯æåŠãã ãŸãã PSK ãã ãŒã: å¿çã®ã¿ã¢ãŒãã䜿çšããIPsecæ¥ç¶ã§ã¯ãããããã® IPsec æ¥ç¶ã«å¯ŸããŠå¥ã ã®äºåå ±æéµ (PSK) ã䜿çšããããšãéžæã§ããŸãã PSKãããŒãã®æå¹åãã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŠããã®ãªãã·ã§ã³ãæå¹ã«ããŸããã ã®èšå®ã¯ãL2TP-over-IPsecããªã¢ãŒãã¢ã¯ã»ã¹ IPsecãVPN IPsec ã®åæ¥ç¶ã«åœ±é¿ãäžããŸãã 15.2.6 ãããã° IKE ãããã° ãIKE ãããã°ãã»ã¯ã·ã§ã³ã§ IKE ãããã°ãªãã·ã§ã³ãèšå®ã§ããŸããã©ã®ã¿ã€ãã® IKE ã¡ãã»ãŒãžãŸ ãã¯éä¿¡ã«ã€ããŠãããã°åºåãäœæãããã¯ãã§ãã¯ããã¯ã¹ã§éžæããŸãã 泚 â ãIKE ãããã°ãã»ã¯ã·ã§ã³ã¯ãããµã€ãé VPN IPsecããããªã¢ãŒãã¢ã¯ã»ã¹ IPsecãããL2TP over IPsecããããã³ãCisco VPN ã¯ã©ã€ã¢ã³ããã¡ãã¥ãŒã®ããããã°ãã¿ãã§åããã®ã䜿çšãããŠã㟠ãã 以äžã®ãã©ã°ããã°ã§ããŸãã UTM 9 管çã¬ã€ã 431 15.3 SSL l ã³ã³ãããŒã«ãããŒ:IKE ã¹ããŒãã®ã³ã³ãããŒã«ã¡ãã»ãŒãžã衚瀺ããŸãã l ã¢ãŠãããŠã³ããã±ãã:éä¿¡ IKE ã¡ãã»ãŒãžã®ã³ã³ãã³ãã衚瀺ããŸãã l ã€ã³ããŠã³ããã±ãã:åä¿¡ IKE ã¡ãã»ãŒãžã®ã³ã³ãã³ãã衚瀺ããŸãã l ã«ãŒãã«ã¡ãã»ãŒãž:ã«ãŒãã«ãšã®éä¿¡ã¡ãã»ãŒãžã衚瀺ããŸãã l åé·æ§æ (HA)ãã®ä»ã® HA ããŒããšã®éä¿¡ã衚瀺ããŸãã 15 ãµã€ãé VPN 15.3 SSL ãµã€ãé VPNãã³ãã«ã¯ SSL æ¥ç¶ãä»ããŠç¢ºç«ã§ããŸããSSL VPN æ¥ç¶ã«ã¯æ確ãªåœ¹å²ããã㟠ãããã³ãã«ãšã³ããã€ã³ãã¯ã¯ã©ã€ã¢ã³ããŸãã¯ãµãŒããšããŠæ©èœããŸããåžžã«ã¯ã©ã€ã¢ã³ããæ¥ç¶ ãéå§ãããµãŒããã¯ã©ã€ã¢ã³ãã®èŠæ±ã«å¿çããŸããããã¯ãéåžžã¯äž¡æ¹ã®ãšã³ããã€ã³ããæ¥ ç¶ãéå§ã§ãã IPsec ãšã¯å¯Ÿç §çã§ãã 泚 â ã³ãã¯ã·ã§ã³ã®ç¢ºç«ã«åé¡ãããå Žåã¯ãWeb ãã£ã«ã¿ãééã¢ãŒãã§åäœã㊠SSL ã¹ã㣠ã³ãæå¹ã«ãªã£ãŠãããã©ããã確èªããŠãã ãããWeb ãã£ã«ã¿ãééã¢ãŒãã§åäœã㊠SSL ã¹ ãã£ã³ãæå¹ã«ãªã£ãŠããå Žåã¯ãVPN æ¥ç¶ã®ã¿ãŒã²ãããã¹ãããééã¢ãŒãã¹ããããªã¹ãã (ãWeb ãããã¯ã·ã§ã³ > Web ãã£ã«ã¿ãªã³ã° > 詳现 ãã®äž) ã«è¿œå ãããŠããããšã確èªããŠãã ããã 15.3.1 ã³ãã¯ã·ã§ã³ SSLVPN ãµã€ãéãã³ãã«ãäœæããã«ã¯ãæåã«ãµãŒãèšå®ãäœæããããšãå¿ èŠã§ããã¯ã©ã€ ã¢ã³ãã®èšå®ã¯ãåžžã« 2çªç®ã®ã¹ãããã§è¡ããŸãã ãµãŒãèšå®ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãã³ãã¯ã·ã§ã³ãã¿ãã§ããæ°èŠ SSL ã³ãã¯ã·ã§ã³ããã¯ãªãã¯ããŸãã ãSSL ã³ãã¯ã·ã§ã³ã®è¿œå ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ã³ãã¯ã·ã§ã³ã¿ã€ã:ããããããŠã³ãªã¹ããããServerã(ãµãŒã) ãéžæããŸãã ã³ãã¯ã·ã§ã³å:ãã®ã³ãã¯ã·ã§ã³ã説æããååãå ¥åããŠãã ããã ã¹ã¿ãã£ãã¯ä»®æ³ IP ã¢ãã¬ã¹ãäœ¿çš (ä»»æ):ãã®ãªãã·ã§ã³ã¯ãIP ã¢ãã¬ã¹ããŒã«ãšã¯ã©ã€ã¢ã³ ãã®ãããã¯ãŒã¯ç°å¢ã«äºææ§ããªãå Žåã®ã¿éžæããŠãã ãããããã©ã«ãã§ãã¯ã©ã€ã¢ã³ ãã«ã¯ãä»®æ³ IP ããŒã« ã(ãèšå® ãã¿ãã§èšå®) ã«ãã IP ã¢ãã¬ã¹ãå²ãåœãŠãããŸãããŸã ã«ããã®ãã㪠IP ã¢ãã¬ã¹ãã¯ã©ã€ã¢ã³ããã¹ãã§ãã§ã«äœ¿çšãããŠããå ŽåããããŸããã 432 UTM 9 管çã¬ã€ã 15 ãµã€ãé VPN 15.3 SSL ã®ãããªå Žåã¯ããã¹ã¿ãã£ãã¯ã㢠IP ããã£ãŒã«ãã«é©å㪠IP ã¢ãã¬ã¹ãå ¥åããŸãããã® IP ã¢ãã¬ã¹ã¯ããã³ãã«ã»ããã¢ããæã«ã¯ã©ã€ã¢ã³ãã«å²ãåœãŠãããŸãã ããŒã«ã«ãããã¯ãŒã¯:ãªã¢ãŒãããã®ã¢ã¯ã»ã¹ãèš±å¯ãã 1ã€ä»¥äžã®ããŒã«ã«ãããã¯ãŒã¯ã è¿œå ããŸãã ãªã¢ãŒããããã¯ãŒã¯:ããŒã«ã«ãããã¯ãŒã¯ãžã®æ¥ç¶ãèš±å¯ãã 1ã€ä»¥äžã®ãªã¢ãŒãããã ã¯ãŒã¯ãè¿œå ããŸãã 泚 âãããŒã«ã«ãããã¯ãŒã¯ ããšããªã¢ãŒããããã¯ãŒã¯ ãã®èšå®ã¯ãåŸã§ã¯ã©ã€ã¢ã³ãã®èšå®ã ããçŽããã«å€æŽã§ããŸãã èªåãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã« (ä»»æ):æå¹ã«ãããšãUTM ã¯ãã¢ã¯ã»ã¹ãããã¹ãŠã® SSL VPN ã¯ã©ã€ã¢ã³ãã«å¯ŸããéžæãããããŒã«ã«ãããã¯ãŒã¯ãžã®ã¢ã¯ã»ã¹ãèªåçã«èš±å¯ã ãŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããSSLãµãŒãã³ãã¯ã·ã§ã³ããã³ãã¯ã·ã§ã³ããªã¹ãã«è¡šç€ºãããŸãã 4. èšå®ãã¡ã€ã«ãããŠã³ããŒãããŸãã æ°ããäœæãã SSL ãµãŒãã³ãã¯ã·ã§ã³ã®è¡ã«ãããããŠã³ããŒã ããã¿ã³ã䜿çšããŠããã®æ¥ ç¶ã®ã¯ã©ã€ã¢ã³ãèšå®ãã¡ã€ã«ãããŠã³ããŒãããŸãã èšå®ãã¡ã€ã«ã®æå·å (ä»»æ):ã»ãã¥ãªãã£ã®ããã«èšå®ãã¡ã€ã«ãæå·åããããšãæšå¥šã ãŸãããã¹ã¯ãŒãã 2åå ¥åããŸãã ããã¢èšå®ã®ããŠã³ããŒã ããã¯ãªãã¯ããŠãã¡ã€ã«ãä¿åããŸãã ãã®ãã¡ã€ã«ã¯ãã¯ã©ã€ã¢ã³ãåŽã®ç®¡çè ããã³ãã«ã®ã¯ã©ã€ã¢ã³ããšã³ããã€ã³ããã»ããã¢ã ãããéã«å¿ èŠã«ãªããŸãã 次ã®ã¹ãããã¯ã¯ã©ã€ã¢ã³ãã®èšå®ã§ãããã¯ãµãŒãåŽã§ã¯ ãªãã¯ã©ã€ã¢ã³ãåŽã§è¡ããŸããããŠã³ ããŒãããã¯ã©ã€ã¢ã³ãèšå®ãã¡ã€ã«ãæå ã«ããããšã確èªããŠãã ããã ã¯ã©ã€ã¢ã³ãèšå®ãäœæããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ãã³ãã¯ã·ã§ã³ãã¿ãã§ããæ°èŠ SSL ã³ãã¯ã·ã§ã³ããã¯ãªãã¯ããŸãã ãSSL ã³ãã¯ã·ã§ã³ã®è¿œå ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ã³ãã¯ã·ã§ã³ã¿ã€ã:ããããããŠã³ãªã¹ããããClientã(ã¯ã©ã€ã¢ã³ã) ãéžæããŸãã ã³ãã¯ã·ã§ã³å:ãã®ã³ãã¯ã·ã§ã³ã説æããååãå ¥åããŠãã ããã UTM 9 管çã¬ã€ã 433 15.3 SSL 15 ãµã€ãé VPN èšå®ãã¡ã€ã«:ãã©ã«ãã¢ã€ã³ã³ãã¯ãªãã¯ããã¯ã©ã€ã¢ã³ãèšå®ãã¡ã€ã«ãåç §ããŠããã¢ãã ããŒãéå§ ããã¯ãªãã¯ããŸãã ãã¹ã¯ãŒã (ä»»æ):ãã¡ã€ã«ãæå·åãããŠããå Žåã¯ããã¹ã¯ãŒããå ¥åããŸãã HTTP ãããã·ãµãŒããäœ¿çš (ä»»æ):ã¯ã©ã€ã¢ã³ãããããã·ã®èåŸã«ããå Žåã¯ããã® ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ãããããã·ã®èšå®ãå ¥åããŸãã ãããã·èªèšŒãäœ¿çš (ä»»æ):ãããã·ã«å¯Ÿããã¯ã©ã€ã¢ã³ãã®èªèšŒãå¿ èŠãªå Žåã¯ãã ã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ãããŠãŒã¶åãšãã¹ã¯ãŒããå ¥åããŸãã ãã¢ãã¹ãåãäžæžã (ä»»æ):ãµãŒãã·ã¹ãã ã®éåžžã®ãã¹ãå (ãŸã㯠DynDNS ãã¹ãå) ãã¯ã©ã€ã¢ã³ããã¹ãã§è§£æ±ºã§ããªãå Žåã¯ããã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ãããã¹ã åãããã«å ¥åããŸãã èªåãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã« (ä»»æ):æå¹ã«ãããšãUTM ã¯ããã³ãã«åããŒã«ã«ããã ã¯ãŒã¯ãšãã³ãã«åãªã¢ãŒããããã¯ãŒã¯äžã®ãã¹ãéã®ãã©ãã£ãã¯ãèªåçã«èš±å¯ããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ãã SSL VPN ã¯ã©ã€ã¢ã³ãã³ãã¯ã·ã§ã³ããã³ãã¯ã·ã§ã³ããªã¹ãã«è¡šç€ºãããŸãã ã¯ã©ã€ã¢ã³ãã³ãã¯ã·ã§ã³ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã ããµã€ãé VPNãã¡ãã¥ãŒãã¯ãªãã¯ãããšãæŠèŠããŒãžã« SSL VPN ã³ãã¯ã·ã§ã³ã®ã¹ããŒã¿ã¹ã衚瀺 ãããŸããã³ãã¯ã·ã§ã³ã確ç«ãããšãã¹ããŒã¿ã¹ã¢ã€ã³ã³ãç·è²ã«å€ãããŸãããã®åŸããã³ãã«äž¡ åŽã®çžäºæ¥ç¶ããããµããããã«é¢ããæ å ±ãåç §å¯èœã«ãªããŸãã 15.3.2 èšå® ãSSL > èšå® ãã¿ãã§ãSSL VPN ãµãŒãæ¥ç¶ã®åºæ¬èšå®ãèšå®ã§ããŸãã 泚 â ãã®ã¿ãã¯ããµã€ãé VPN > SSLãããã³ããªã¢ãŒãã¢ã¯ã»ã¹ > SSLãã§åãã§ããããã§å ããå€ æŽã¯ãåžžã«äž¡æ¹ã® SSL èšå®ã«åœ±é¿ãäžããŸãã ãµãŒãèšå® SSLVPN æ¥ç¶ã«ã€ããŠä»¥äžã®èšå®ãè¡ãããšãã§ããŸãã l 434 ã€ã³ã¿ãã§ãŒã¹ã¢ãã¬ã¹:ããã©ã«ãã¯ããã¹ãŠ ãã§ããWeb ã¢ããªã±ãŒã·ã§ã³ãã¡ã€ã¢ãŠã©ãŒã«ã 䜿çšããå ŽåããµãŒãã¹ã SSL æ¥ç¶ããªã¹ã³ããããã®ã€ã³ã¿ãã§ãŒã¹ã¢ãã¬ã¹ãæå®ãã å¿ èŠããããŸãããµã€ãé/ãªã¢ãŒãã¢ã¯ã»ã¹ SSL æ¥ç¶ãã³ãã©ãš Web ã¢ããªã±ãŒã·ã§ã³ãã¡ã€ UTM 9 管çã¬ã€ã 15 ãµã€ãé VPN 15.3 SSL ã¢ãŠã©ãŒã«ãåä¿¡ SSL æ¥ç¶ãèå¥ã§ããããã«ããããã«ããã®èšå®ãå¿ èŠã§ãã l l ãããã³ã«:䜿çšãããããã³ã«ãéžæããŸããTCP ãŸã㯠UDP ãéžæã§ããŸãã ããŒã:ããŒããå€æŽã§ããŸããããã©ã«ã㯠443 ã§ããããŒã 10443ãSUM ã²ãŒããŠã§ã€ã ããŒãžã£ããŒã 4422ããŸã㯠WebAdmin ã€ã³ã¿ãã§ãŒã¹ã䜿çšããŠããããŒãã¯äœ¿çšã§ã㟠ããã l ãã¹ãåãäžæžã:ããã¹ãåãäžæžããããã¯ã¹ã®å€ã¯ãã¯ã©ã€ã¢ã³ã VPN æ¥ç¶ã®ã¿ãŒã²ãã ãã¹ãåãšããŠäœ¿çšãããããã©ã«ãã§ã¯ã²ãŒããŠã§ã€ã®ãã¹ãåã«ãªããŸããã·ã¹ãã ã®é åžžã®ãã¹ãå (ãŸã㯠DynDNS ãã¹ãå) ã«ãã®ååã§ã€ã³ã¿ãŒãããããå°éã§ããªãå Žå ã®ã¿ãããã©ã«ããå€æŽããŸãã ä»®æ³ IP ããŒã« ããŒã«ãããã¯ãŒã¯:ããã¯ãç¹å®ã® IP ç¯å²ãã SSL ã¯ã©ã€ã¢ã³ãã« IP ã¢ãã¬ã¹ãé åžãããã㫠䜿çšãããä»®æ³ IP ã¢ãã¬ã¹ããŒã«ã§ããããã©ã«ãã§ã¯ããVPN ããŒã« (SSL)ããéžæãããŠã㟠ããå¥ã®ã¢ãã¬ã¹ããŒã«ãéžæããå Žåã¯ãããããã¹ã¯ã 29 ããã以äžã«ããå¿ èŠããããŸããã ã®çç±ã¯ãOpenVPN ã¯ããããã¹ã¯ã /30ã/31ããŸã㯠/32 ã®ã¢ãã¬ã¹ããŒã«ãæ±ããªããã㧠ãã D u p lic ate ( éè€) CN ãŠãŒã¶ãç°ãªã IP ã¢ãã¬ã¹ããåæã«æ¥ç¶ã§ããããã«ããå Žåã¯ãã1ãŠãŒã¶åœããã®è€æ°åæ æ¥ç¶ãèš±å¯ ããéžæããŸããç¡å¹ã«ãããšããŠãŒã¶ããã 1ã€ã®åæ SSL VPN æ¥ç¶ã®ã¿ãå¯èœã« ãªããŸãã 15.3.3 詳现 ãSSL > 詳现 ãã¿ãã§ãæå·åèšå®ãå§çž®èšå®ããããã°èšå®ãªã©ãåçš®ã®é«åºŠãªãµãŒããªãã·ã§ã³ ãèšå®ã§ããŸãã 泚 â ãã®ã¿ãã¯ããµã€ãé VPN > SSLãããã³ããªã¢ãŒãã¢ã¯ã»ã¹ > SSLãã§åãã§ããããã§å ããå€ æŽã¯ãåžžã«äž¡æ¹ã® SSL èšå®ã«åœ±é¿ãäžããŸãã ã æå·åèšå®ã ãããã®èšå®ã§ããã¹ãŠã®SSL VPNãªã¢ãŒãã¢ã¯ã»ã¹ã¯ã©ã€ã¢ã³ãã®æå·åãã©ã¡ãŒã¿ãå¶åŸ¡ã㟠ãã l æå·åã¢ã«ãŽãªãºã :æå·åã¢ã«ãŽãªãºã ã¯ãVPN ãã³ãã«ãéããŠéä¿¡ãããããŒã¿ã®æ å·åã«äœ¿çšããã¢ã«ãŽãªãºã ãæå®ããŸãã以äžã®ã¢ã«ãŽãªãºã ããµããŒããããŠããŸãã UTM 9 管çã¬ã€ã 435 15.4 蚌ææžç®¡ç 15 ãµã€ãé VPN ãããã¯ãã¹ãŠ æå·ãããã¯é£é (Cipher Block Chaining) (CBC) ã¢ãŒãã§åäœããŸãã l DES-EDE3-CBC l l AES-128-CBC (128ããã) l AES-192-CBC (192ããã) l AES-256-CBC (256ããã) l BF-CBC (Blowfish (128ããã)) èªèšŒã¢ã«ãŽãªãºã :èªèšŒã¢ã«ãŽãªãºã ã¯ãVPN ãã³ãã«ãéããŠéä¿¡ãããããŒã¿ã®å®å šæ§ ãã§ãã¯ã«äœ¿çšããã¢ã«ãŽãªãºã ãæå®ããŸãã以äžã®ã¢ã«ãŽãªãºã ããµããŒããããŠã㟠ãã l MD5 (128ããã) l SHA-1 (160ããã) l éµãµã€ãº:éµãµã€ãº (éµã®é·ã) ãšã¯ãDiffie-Hellman éµäº€æã®é·ãã§ããéµãé·ããã°é·ã ã»ã©ã察称éµã¯ã»ãã¥ã¢ã«ãªããŸããé·ãã¯ãããåäœã§æå®ããŸãã1024ããããŸã㯠2048 ãããã®éµãµã€ãºãéžæã§ããŸãã l ãµãŒã蚌ææž:SSL VPN ãµãŒããã¯ã©ã€ã¢ã³ãã«å¯ŸããŠèªãã®èº«å ã蚌æããããã«äœ¿çš ããããŒã«ã« SSL 蚌ææžãéžæããŸãã l éµã©ã€ãã¿ã€ã :éµã®æå¹æéãå ¥åããŸããããã©ã«ã㯠28,800ç§ã§ãã å§çž®èšå® SSL VPN ãã©ãã£ãã¯ã®å§çž®:æå¹ã«ãããšãSSL VPN ãã³ãã«ãéããŠéä¿¡ããããã¹ãŠã®ããŒã¿ ã¯ãæå·åã®åã«å§çž®ãããŸãã ãããã° èšå® ãããã°ã¢ãŒãã®æå¹å:ãããã°ã¢ãŒããæå¹ã«ãããšããããã°ã«åœ¹ç«ã€å€ãã®æ å ±ã SSL VPN ãã°ãã¡ã€ã«ã«å«ãŸããŸãã 15.4 蚌ææžç®¡ç ããµã€ãé VPN > 蚌ææžç®¡ç ãããã¡ãã¥ãŒã¯ãSophos UTM ã®èšŒææžé¢é£ã®ããããæäœãäžå 管 çããå Žæã§ããããšãã°ãX.509 蚌ææžã®äœæãŸãã¯ã€ã³ããŒãããCRL (蚌ææžå€±å¹ãªã¹ã) ã® ã¢ããããŒããªã©ãè¡ãããšãã§ããŸãã 436 UTM 9 管çã¬ã€ã 15 ãµã€ãé VPN 15.4 蚌ææžç®¡ç 15.4.1 蚌ææž ããµã€ãé VPN > 蚌ææžç®¡ç > 蚌ææžããã¿ãã§ãX.509 æšæºåœ¢åŒã§å ¬ééµèšŒææžãäœæãŸãã¯ã€ ã³ããŒãã§ããŸãããããã蚌ææžã¯ããžã¿ã«çœ²åããã説ææžã§ãé垞㯠èªèšŒå± (CA) ãå ¬ééµ ããã³ X.500 è¡šèšæ³ã«ããç¹å®ã® èå¥å (DN) ãšãšãã«çºè¡ããŸãã ãã®ã¿ãã§äœæãã蚌ææžãã¹ãŠã«ã¯ RSA éµãå«ãŸããŠããŸããããã¯ãWebAdmin ã€ã³ã¿ãã§ãŒ ã¹ãžã®ååãã°ã€ã³æã«æäŸããæ å ±ã䜿çšããŠãèªåçã«äœæãããèªå·±çœ²åèªèšŒå±ãVPN ã«çœ²åãã CAãã«ãã£ãŠèªå·±çœ²åãããŸãã 蚌ææžãçæããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ã蚌ææž ãã¿ãã§ããæ°èŠèšŒææž ããã¯ãªãã¯ããŸãã ã蚌ææžã®è¿œå ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã®èšŒææžã説æããååãå ¥åããŠãã ããã ã¡ãœãã:蚌ææžãäœæããã«ã¯ããçæ ããéžæããŸã (蚌ææžã®ã¢ããããŒãã«é¢ãã詳现 ã¯ã以äžãåç §ããŠãã ãã)ã éµãµã€ãº:RSA éµã®é·ããéµã¯é·ããã°é·ãã»ã©å®å šã§ãã1024ãããã2048ãããããŸã㯠4096ãããã®éµãµã€ãºãéžæã§ããŸãã䜿çšããäºå®ã®ã¢ããªã±ãŒã·ã§ã³ãããŒããŠã§ã¢ã ãã€ã¹ãšäºææ§ã®ããæ倧éµãµã€ãºãéžæããŠãã ãããé·ãéµã䜿çšããããšã§ããã©ãŒ ãã³ã¹ã«æ·±å»ãªåé¡ãçºçããå Žåãé€ããããã©ãŒãã³ã¹ãæé©åããããã«éµã®é·ã ãåæžããªãããã«ããŠãã ããã VPN ID ã¿ã€ã:蚌ææžã«ã¯äžæã®èå¥åãå®çŸ©ããå¿ èŠããããŸãã以äžã®ã¿ã€ãã®èå¥ åã䜿çšã§ããŸãã l ã¡ãŒã«ã¢ãã¬ã¹ l ãã¹ãå l IP ã¢ãã¬ã¹ l èå¥å (DN): VPN ID:éžæãã VPN ID ã¿ã€ãã«å¿ããŠããã®ããã¹ãããã¯ã¹ã«é©åãªå€ãå ¥åããŸããã ãšãã°ããVPN ID ã¿ã€ãããªã¹ããããIP ã¢ãã¬ã¹ ããéžæããå Žåããã®ããã¹ãããã¯ã¹ã« IP ã¢ãã¬ã¹ãå ¥åããŸãããã®ããã¹ãããã¯ã¹ã¯ããVPN ID ã¿ã€ãããªã¹ãã§ãèå¥å ããéžæã ãå Žåã¯é衚瀺ã«ãªããŸãã UTM 9 管çã¬ã€ã 437 15.4 蚌ææžç®¡ç 15 ãµã€ãé VPN ããããããŠã³ãªã¹ãããã³ãåœ ããããã¡ãŒã« ããŸã§ã®ããã¹ãããã¯ã¹ã䜿çšããŠã蚌ææžã® ææè ãç¹å®ããæ å ±ãå ¥åããŸãããã®æ å ±ã¯ãèå¥å ããäœæããããã«äœ¿çšãã㟠ããã€ãŸãããã®å ¬ééµã蚌ææžãèå¥ããå£äœã®ååã«ãªããŸãããã®åå㯠X.500 æš æºã®å€æ°ã®å人æ å ±ãå«ã¿ãã€ã³ã¿ãŒãããäžã§äžæã§ãããšæ³å®ãããŸãã蚌ææžã ããŒããŠã©ãªã¢æ¥ç¶çšã§ããå Žåã¯ããäžè¬å ãããã¯ã¹ã«ãŠãŒã¶åãå ¥åããŸãã蚌ææžã ãã¹ãçšã§ããå Žåã¯ããã¹ãåãå ¥åããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã 蚌ææžãã蚌ææž ããªã¹ãã«è¡šç€ºãããŸãã 蚌ææžãåé€ããã«ã¯ãããããã®èšŒææžã®ãåé€ ããã¿ã³ãã¯ãªãã¯ããŸãã ãŸãã¯ã蚌ææžãã¢ããããŒãããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ã蚌ææž ãã¿ãã§ããæ°èŠèšŒææž ããã¯ãªãã¯ããŸãã ã蚌ææžã®è¿œå ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã®èšŒææžã説æããååãå ¥åããŠãã ããã ã¡ãœãã:ãã¢ããããŒã ããéžæããŸãã ãã¡ã€ã«ã¿ã€ã:蚌ææžã®ãã¡ã€ã«ã¿ã€ããéžæããŸãã以äžã®ããããã®ã¿ã€ãã®èšŒææžã ã¢ããããŒãã§ããŸãã l PKCS#12 (蚌ææž+CA):PKCS ã¯ãRSA ã©ãã©ããªã«ããèæ¡ããå ¬éããããå ¬ééµ æå·æšæº ã(PKCS) ã®ã°ã«ãŒãã§ããPKCS#12 ãã¡ã€ã«åœ¢åŒã¯äžè¬çã«ãç§å¯éµãå ¬ ééµèšŒææžãšãšãã«ã³ã³ããã®ãã¹ãã¬ãŒãºã§ä¿è·ããŠä¿åããããã«äœ¿çšãã㟠ãããã®åœ¢åŒã®ãã¡ã€ã«ãã¢ããããŒãããã«ã¯ããã®ã³ã³ãããã¹ãã¬ãŒãºãç¥ã£ãŠ ããããšãå¿ èŠã§ãã l PEM (蚌ææžã®ã¿):ãã¹ã¯ãŒãäžèŠã® Base64 ãšã³ã³ãŒãã®ããã©ã€ãã·ãŒåŒ·åã¡ãŒ ã« ã(PEM) ãã¡ã€ã«åœ¢åŒã ãã¡ã€ã«:ããã¡ã€ã« ãããã¯ã¹ã®é£ãã®ãã©ã«ãã¢ã€ã³ã³ãã¯ãªãã¯ããã¢ããããŒããã蚌ææž ãéžæããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã 蚌ææžãã蚌ææž ããªã¹ãã«è¡šç€ºãããŸãã 蚌ææžãåé€ããã«ã¯ãããããã®èšŒææžã®ãåé€ ããã¿ã³ãã¯ãªãã¯ããŸãã 438 UTM 9 管çã¬ã€ã 15 ãµã€ãé VPN 15.4 蚌ææžç®¡ç 蚌ææžã¯ PKCS#12 ãŸã㯠PEM 圢åŒã§ããŠã³ããŒãã§ããŸããPEM ãã¡ã€ã«ã¯èšŒææžã ããå«ã¿ ãŸããäžæ¹ PKCS#12 ãã¡ã€ã«ã¯ãç§å¯éµãšçœ²åã«äœ¿çšããã CA 蚌ææžãå«ãã§ããŸãã 15.4.2 èªèšŒå± ããµã€ãé VPN > 蚌ææžç®¡ç > èªèšŒå±ããã¿ãã§ããŠãããã«æ°ãããèªèšŒå± ããè¿œå ã§ããŸããäžè¬ çã«ãèªèšŒå± (CA) ã¯ãä»ã®ããŒãã£ã䜿çšããããžã¿ã«èšŒææžãçºè¡ããæ©é¢ã§ããCA ã¯ã蚌 ææžã«å«ãŸããå ¬ééµãããã®èšŒææžã«èšèŒããã人ãçµç¹ããã¹ãããããã¯ä»ã®ãšã³ãã£ã㣠ã«å±ããããšããCA èªèº«ã®èšŒææžã®ç§å¯éµã䜿ã£ãŠèšŒææžã®çœ²åèŠæ±ã«çœ²åããããšã§èšŒæã ãŸãããã®ããããã®ãããªCAã¯çœ²å CA ãšåŒã°ããŸãã UTM ã§ã¯ã眲å CA ã¯ãUTM ãžã®ååã®ãã°ã€ã³æã«æäŸããæ å ±ã䜿ã£ãŠèªåçã«äœæãã ãŸãããã®ããã«ãã蚌ææž ãã¿ãã§äœæãããã¹ãŠã®èšŒææžã¯ãèªå·±çœ²åã®èšŒææžã§ããã€ãŸãã çºè¡è ãšå¯Ÿè±¡ã¯åãã«ãªããŸãã代ããã«ããµãŒãããŒãã£ãã³ãã®çœ²å CA ãã€ã³ããŒãããããš ãã§ããŸããããã«ãIPsec æ¥ç¶ãèŠæ±ãããã¹ãããŠãŒã¶ã®çæ£æ§ã確èªããéã«ãç§å¯éµãäž æãªå¥ã® CA 蚌ææžã䜿çšããããšãã§ããŸãããããã® CA 蚌ææžã¯æ€èšŒ CA ãšåŒã°ãããã®ã¿ ãã§è¿œå ã§ããŸãã éèŠ â 䜿çšããŠããã·ã¹ãã ã§è€æ°ã®æ€èšŒ CA ãæã€ããšãã§ããŸããã眲å CA 㯠1ã€ã«éã ããŠããŸããæ°ãã眲å CA ãã¢ããããŒããããšã以åã€ã³ã¹ããŒã«ããã眲å CA ã¯èªåç㫠確èªCAã«ãªããŸãã CA ãã€ã³ããŒãããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ãèªèšŒå± ãã¿ãã§ããCA ãã€ã³ããŒãããã¯ãªãã¯ããŸãã ãCA ãã€ã³ããŒãããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã® CA ã説æããååãå ¥åããŠãã ããã ã¿ã€ã:ã€ã³ããŒããã CA ã®ã¿ã€ããéžæããŸããç¢ºèª CA ãšçœ²å CA ã®ãããããéžæã§ã ãŸããç¢ºèª CA 㯠PEM 圢åŒã§ã眲å CA 㯠PKCS#12 圢åŒã§å©çšã§ããŸãã CA 蚌ææž:ãCA 蚌ææž ãããã¯ã¹ã®é£ãã®ãã©ã«ãã¢ã€ã³ã³ãã¯ãªãã¯ããŠãã€ã³ããŒããã蚌 ææžãéžæããŸããæ°ãã眲å CA ãã¢ããããŒãããå Žåã¯ãPKCS#12 ã³ã³ããã«äœ¿çšã ããŠãããã¹ã¯ãŒããå ¥åããå¿ èŠããããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ãã CA 蚌ææžããèªèšŒå± ããªã¹ãã«è¡šç€ºãããŸãã UTM 9 管çã¬ã€ã 439 15.4 蚌ææžç®¡ç 15 ãµã€ãé VPN CA ãåé€ããã«ã¯ãããããã® CA ã®ãåé€ ããã¿ã³ãã¯ãªãã¯ããŸãã 眲å CA 㯠PKCS#12 圢åŒã§ããŠã³ããŒãã§ããŸãã次ã«ãã¹ã¯ãŒãã®å ¥åãä¿ãããã³ãããè¡š 瀺ãããŸãããã®ãã¹ã¯ãŒãã䜿çšã㊠PKCS#12 ã³ã³ããã®ã»ãã¥ãªãã£ãä¿è·ãããŸãããŸããæ€ èšŒ CA 㯠PEM 圢åŒã§ããŠã³ããŒãã§ããŸãã 15.4.3 蚌ææžå€±å¹ãªã¹ã(CRL) CRL ã¯ã倱å¹ããããã«äœ¿çšã§ããªã蚌ææž (æ£ç¢ºã«ã¯ã·ãªã¢ã«çªå·) ã®ãªã¹ãã§ããããµã€ãé VPN > 蚌ææžç®¡ç > 蚌ææžå€±å¹ãªã¹ã (CRL)ãã¿ãã§ãPKI ã§äœ¿çšããŠãã CRL ãã¢ããããŒãã§ã ãŸãã CRLãã¢ããããŒãããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ã蚌ææžå€±å¹ãªã¹ã (CRL)ãã¿ãã§ããCRL ãã¢ããããŒã ããã¯ãªãã¯ããŸãã ãCRL ãã¢ããããŒã ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã® CRL ã説æããååãå ¥åããŠãã ããã CRL ãã¡ã€ã«:ãCRL ãã¡ã€ã« ãããã¯ã¹ã®é£ãã®ãã©ã«ãã¢ã€ã³ã³ãã¯ãªãã¯ããã¢ããããŒãã ã CRL ãéžæããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ãã CRL ã倱å¹ãªã¹ãã®äžèŠ§ã«è¡šç€ºãããŸãã CRL ãåé€ããã«ã¯ãããããã® CRL ã®ãåé€ ããã¿ã³ãã¯ãªãã¯ããŸãã 15.4.4 詳现 ããµã€ãé VPN > 蚌ææžç®¡ç > 詳现ãã¿ãã§ããŠãããã®åæã»ããã¢ããæã«äœæããã VPN 眲 å CA ãåçæã§ããŸããVPN 眲å CA ã¯ããªã¢ãŒãã¢ã¯ã»ã¹ããµã€ãé VPN æ¥ç¶ã«äœ¿çšãããã ãžã¿ã«èšŒææžã«çœ²åããèªèšŒå±ã§ããå€ã VPN 眲å CA ã¯ãæ€èšŒ CA ãšããŠä¿æãããŸãã 眲å CA ã®åçæ çŸåšã®çœ²å CA ã䜿çšããŠãã¹ãŠã®ãŠãŒã¶èšŒææžãæŽæ°ã§ããŸãããã®æ©èœã¯ãèªèšŒå± ãã¿ãã§å¥ ã® VPN 眲å CA ãã€ã³ã¹ããŒã«ãããšãã«äœ¿çšããŸãã 440 UTM 9 管çã¬ã€ã 15 ãµã€ãé VPN 15.4 蚌ææžç®¡ç èŠå âUTM ããã³ãŠãŒã¶èšŒææžã¯ãæ°ãã眲å CA ã䜿ã£ãŠåçæãããŸããããã«ãã£ãŠã蚌 ææžã䜿çšãããæ¢åã®ãµã€ãé VPN æ¥ç¶ããªã¢ãŒãã¢ã¯ã»ã¹ VPN æ¥ç¶ã¯äœ¿çšã§ããªããªã㟠ãã UTM 9 管çã¬ã€ã 441 16 ãªã¢ãŒãã¢ã¯ã»ã¹ ãã®ç« ã§ã¯ãSophos UTMã®ãªã¢ãŒãã¢ã¯ã»ã¹èšå®ã®æ§ææ¹æ³ã«ã€ããŠèª¬æããŸããSophos UTMã 䜿çšãããªã¢ãŒãã¢ã¯ã»ã¹ã¯ãããŒãã£ã«ãã©ã€ããŒããããã¯ãŒã¯ (VPN) ã«ãã£ãŠå®çŸããŸããVPN ã¯ãåšå® å€åã®åŸæ¥å¡ãªã©ã®ãªã¢ãŒããŠãŒã¶ã«äŒæ¥ãããã¯ãŒã¯ãžã®ã¢ã¯ã»ã¹ãæäŸããããã® ã»ãã¥ã¢ã§ã³ã¹ãå¹æã®é«ãæ¹æ³ã§ããVPN 㯠IPsec ã PPTP ãªã©ã®æå·åãã³ããªã³ã°ãããã³ ã«ã䜿çšããŠãVPN ã§äŒéãããããŒã¿ã®æ©å¯æ§ãšãã©ã€ãã·ãŒãä¿è·ããŸãã åç § â ãªã¢ãŒãã¢ã¯ã»ã¹ VPN æ¥ç¶ã®èšå®æ¹æ³ã®è©³çŽ°ã¯ãSophos ãµããŒãããŒã¿ããŒã¹ãåç §ã ãŠãã ããã UTMã¯ãããããã®ãªã¢ãŒãã¢ã¯ã»ã¹æ¥ç¶ã¿ã€ãã«å¿ èŠãªã€ã³ã¹ããŒã«ããã³èšå®ãã¡ã€ã«ãèªå çã«çæããŸãããããã®ãã¡ã€ã«ã¯ãŠãŒã¶ããŒã¿ã«ããçŽæ¥ããŠã³ããŒãã§ããŸãããã ãããŠãŒ ã¶ã«ã¯ã䜿çšå¯èœãªæ¥ç¶ã¿ã€ãã«å¯Ÿå¿ãããã¡ã€ã«ã®ã¿ãæäŸãããŸããããšãã°ãSSL ãªã¢ãŒã ã¢ã¯ã»ã¹ã䜿çšã§ãããŠãŒã¶ã«ã¯ãSSL ã€ã³ã¹ããŒã«ãã¡ã€ã«ã®ã¿ãæäŸãããŸãã 泚 â ãã¹ãŠã®ãŠãŒã¶ãŸãã¯éžæãããŠãŒã¶ã®ãªã¢ãŒãã¢ã¯ã»ã¹èšå®ãã¡ã€ã«ã¯ããå®çŸ©ãšãŠãŒã¶ > ãŠãŒã¶ãšã°ã«ãŒã > ãŠãŒã¶ ãã¿ãã§ããŠã³ããŒãã§ããŸãã ããªã¢ãŒãã¢ã¯ã»ã¹ã¹ããŒã¿ã¹ ãããŒãžã«ã¯ãå šãªã³ã©ã€ã³ãŠãŒã¶ã®æŠèŠãå«ãŸããŸãã ãã®ç« ã§ã¯ã次ã®ãããã¯ã«ã€ããŠèª¬æããŸãã l SSL l PPTP l L2TP over IPsec l IPsec l HTML5 VPN ããŒã¿ã« l Cisco VPN ã¯ã©ã€ã¢ã³ã l 詳现 l 蚌ææžç®¡ç 16.1 SSL 16 ãªã¢ãŒãã¢ã¯ã»ã¹ 16.1 SSL Sophos UTM ã®ãªã¢ãŒãã¢ã¯ã»ã¹ SSL æ©èœã¯ããã«æ©èœã® SSL VPN ãœãªã¥ãŒã·ã§ã³ã§ãã OpenVPN ã«ãã£ãŠå®çŸããŸããããã«ãããã客æ§ã®äŒç€Ÿãšãªã¢ãŒãåŸæ¥å¡ã®éã§ãã€ã³ãããŒãã€ã³ãã®æ å·åãã³ãã«ãäœæããããšãå¯èœã«ãªããŸãããã®æ©èœã§ã¯ãã€ã³ã¿ãŒããããªãœãŒã¹ãžã®ã¢ã¯ã» ã¹ãèš±å¯ããããã«ãSSL蚌ææžããã³ãŠãŒã¶å/ãã¹ã¯ãŒãã®çµã¿åãããå¿ èŠãšããŸãããã ã«ãèš±å¯ãããåãŠãŒã¶ã¯ãã»ãã¥ã¢ãªãŠãŒã¶ããŒã¿ã«ãããã«ã¹ã¿ãã€ãºãããSSL VPN ã¯ã©ã€ ã¢ã³ããœãããŠã§ã¢ãã³ãã«ãããŠã³ããŒãã§ããŸãããã®ãã³ãã«ã«ã¯ãç¡æã®SSL VPN ã¯ã©ã€ã¢ã³ ããSSL 蚌ææžãããã³ã¯ã³ã¯ãªãã¯ã§ç°¡åã«ã€ã³ã¹ããŒã«ã§ããèšå®ãå«ãŸããŠããŸãããã® SSL VPN ã¯ã©ã€ã¢ã³ãã¯ããã€ãã£ã Outlookããã€ãã£ã Windows ãã¡ã€ã«å ±æãªã©ã®ã»ãšãã©ã®ããžã ã¹ã¢ããªã±ãŒã·ã§ã³ããµããŒãããŠããŸãã åç § â SSL VPN ã¯ã©ã€ã¢ã³ãã®äœ¿çšæ¹æ³ã«é¢ãã詳现ã¯ãSophos ãµããŒãããŒã¿ããŒã¹ãåç § ããŠãã ããã 16.1.1 ãããã¡ã€ã« ããªã¢ãŒãã¢ã¯ã»ã¹ > SSL > ãããã¡ã€ã« ãã¿ãã§ããªã¢ãŒãã¢ã¯ã»ã¹ãŠãŒã¶ã«å¯ŸããŠç°ãªããããã¡ã€ã« ãäœæããSSL VPN ã¢ã¯ã»ã¹ã®åºæ¬èšå®ãå®çŸ©ã§ããŸãã SSL VPN ãããã¡ã€ã«ãèšå®ããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ããããã¡ã€ã« ãã¿ãã§ããæ°èŠãªã¢ãŒã ã¢ã¯ã»ã¹ ãããã¡ã€ã« ããã¯ãªãã¯ããŸãã ããªã¢ãŒã ã¢ã¯ã»ã¹ ãããã¡ã€ã«ã®è¿œå ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã ãããã¡ã€ã«å:ãã®ãããã¡ã€ã«ã説æããååãå ¥åããŠãã ããã ãŠãŒã¶ãšã°ã«ãŒã:ãã®ãããã¡ã€ã«ã§ SSL VPN ãªã¢ãŒãã¢ã¯ã»ã¹ã䜿çšã§ããããã«ãã ãŠãŒã¶ãšãŠãŒã¶ã°ã«ãŒããéžæããŸãã ããŒã«ã«ãããã¯ãŒã¯:VPN SSL ãã³ãã«çµç±ã§éžæãã SSL ã¯ã©ã€ã¢ã³ããžã¢ã¯ã»ã¹å¯èœã« ããããŒã«ã«ãããã¯ãŒã¯ãéžæããŸãã 泚 â ããã©ã«ãã§ãSophos UTMã® SSLVPN ãœãªã¥ãŒã·ã§ã³ã¯ã ããããã¹ããªãããã³ããªã³ ã°ãæ¡çšããŠããŸããããã¯ããªã¢ãŒã VPN ãŠãŒã¶ã« VPN äžã®ãªãœãŒã¹ãžã®ã¢ã¯ã»ã¹ãèš± å¯ãããšåæã«ãã€ã³ã¿ãŒããããªã©ã®ãããªãã¯ãããã¯ãŒã¯ãžã®ã¢ã¯ã»ã¹ãèš±å¯ãããã 444 UTM 9 管çã¬ã€ã 16 ãªã¢ãŒãã¢ã¯ã»ã¹ 16.1 SSL ã»ã¹ã§ãããã ãããããŒã«ã«ãããã¯ãŒã¯ ããã£ãŒã«ãã§ããã¹ãŠ ããéžæãããšãã¹ããªããã ã³ããªã³ã°ããã€ãã¹ã§ããŸãããã®çµæããã¹ãŠã®ãã©ãã£ãã¯ã VPN SSL ãã³ãã«çµç± ã§ã«ãŒãã£ã³ã°ãããŸãããã®å ŽåããŠãŒã¶ã«ãããªãã¯ãããã¯ãŒã¯ãžã®ã¢ã¯ã»ã¹ãèš±å¯ ãããã©ããã¯ããã¡ã€ã¢ãŠã©ãŒã«ã®èšå®ã«ãã£ãŠæ±ºãŸããŸãã èªåãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«:ãã®ãªãã·ã§ã³ãéžæãããšããã®ãããã¡ã€ã«çšã®ãã©ãã£ã㯠ãèš±å¯ãããã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ãèªåçã«è¿œå ããããšãã§ããŸããã«ãŒã«ã¯ããã ãã¡ã€ã«ãæå¹ã«ãªããšããã«è¿œå ããããããã¡ã€ã«ãç¡å¹ã«ãªããšåé€ãããŸãããã®ãª ãã·ã§ã³ãéžæããªãå Žåã¯ãé©åãªãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ãæåã§æå®ããå¿ èŠããã ãŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ãããããã¡ã€ã«ãããããã¡ã€ã« ããªã¹ãã«è¡šç€ºãããŸãã ãããã¡ã€ã«ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 泚 â ãŠãŒã¶ããŒã¿ã«ã®ããªã¢ãŒãã¢ã¯ã»ã¹ ãã¡ãã¥ãŒã¯ãããŠãŒã¶ãšã°ã«ãŒããããã¯ã¹ã§éžæããã ãŠãŒã¶ãããã³UTMã«ãŠãŒã¶å®çŸ©ããããŠãŒã¶ã®ã¿ã䜿çšã§ããŸã (ãå®çŸ©ãšãŠãŒã¶ > ãŠãŒã¶ãš ã°ã«ãŒã > ãŠãŒã¶ ããåç §)ããŠãŒã¶ããŒã¿ã«ãžã®ãã°ã€ã³ã«æåããèªèšŒããããŠãŒã¶ã« ã¯ãSSL VPN ã¯ã©ã€ã¢ã³ããœãããŠã§ã¢ãã³ãã«ãã€ã³ã¹ããŒã«æé (SophosãµããŒãããŒã¿ã㌠ã¹ãã§å ¥æå¯èœ) ãžã®ãªã³ã¯ãæäŸãããŸããCA 蚌ææžãã€ã³ã¹ããŒã«ãããŠããªãå Žåããã ã¹ãåãããŒã¿ã«èšŒææžã«ããäžè¬åãšäžèŽããªãå ŽåãAndroid ç°å¢ã®äžéšã®ãã©ãŠã¶ã§ã㊠ã³ããŒãã«å€±æããå ŽåããããŸãããã®å ŽåããŠãŒã¶ã¯ãCA 蚌ææžãã€ã³ã¹ããŒã«ããããå¥ ã®ãã©ãŠã¶ã䜿çšããå¿ èŠããããŸãã ã©ã€ãã ã° ãéã ãVPN ã©ã€ããã°ãéããã¯ããªã¢ãŒãã¢ã¯ã»ã¹ã¢ã¯ãã£ããã£ããã°ããŸãããã¿ã³ãã¯ãªãã¯ããŠãæ°ã ããŠã£ã³ããŠã§ã©ã€ããã°ãéããŸãã 16.1.2 èšå® ãSSL > èšå® ãã¿ãã§ãSSL VPN ãµãŒãæ¥ç¶ã®åºæ¬èšå®ãèšå®ã§ããŸãã 泚 â ãã®ã¿ãã¯ããµã€ãé VPN > SSLãããã³ããªã¢ãŒãã¢ã¯ã»ã¹ > SSLãã§åãã§ããããã§å ããå€ æŽã¯ãåžžã«äž¡æ¹ã® SSL èšå®ã«åœ±é¿ãäžããŸãã UTM 9 管çã¬ã€ã 445 16.1 SSL 16 ãªã¢ãŒãã¢ã¯ã»ã¹ ãµãŒãèšå® SSLVPN æ¥ç¶ã«ã€ããŠä»¥äžã®èšå®ãè¡ãããšãã§ããŸãã l ã€ã³ã¿ãã§ãŒã¹ã¢ãã¬ã¹:ããã©ã«ãã¯ããã¹ãŠ ãã§ããWeb ã¢ããªã±ãŒã·ã§ã³ãã¡ã€ã¢ãŠã©ãŒã«ã 䜿çšããå ŽåããµãŒãã¹ã SSL æ¥ç¶ããªã¹ã³ããããã®ã€ã³ã¿ãã§ãŒã¹ã¢ãã¬ã¹ãæå®ãã å¿ èŠããããŸãããµã€ãé/ãªã¢ãŒãã¢ã¯ã»ã¹ SSL æ¥ç¶ãã³ãã©ãš Web ã¢ããªã±ãŒã·ã§ã³ãã¡ã€ ã¢ãŠã©ãŒã«ãåä¿¡ SSL æ¥ç¶ãèå¥ã§ããããã«ããããã«ããã®èšå®ãå¿ èŠã§ãã l ãããã³ã«:䜿çšãããããã³ã«ãéžæããŸããTCP ãŸã㯠UDP ãéžæã§ããŸãã l ããŒã:ããŒããå€æŽã§ããŸããããã©ã«ã㯠443 ã§ããããŒã 10443ãSUM ã²ãŒããŠã§ã€ã ããŒãžã£ããŒã 4422ããŸã㯠WebAdmin ã€ã³ã¿ãã§ãŒã¹ã䜿çšããŠããããŒãã¯äœ¿çšã§ã㟠ããã l ãã¹ãåãäžæžã:ããã¹ãåãäžæžããããã¯ã¹ã®å€ã¯ãã¯ã©ã€ã¢ã³ã VPN æ¥ç¶ã®ã¿ãŒã²ãã ãã¹ãåãšããŠäœ¿çšãããããã©ã«ãã§ã¯ã²ãŒããŠã§ã€ã®ãã¹ãåã«ãªããŸããã·ã¹ãã ã®é åžžã®ãã¹ãå (ãŸã㯠DynDNS ãã¹ãå) ã«ãã®ååã§ã€ã³ã¿ãŒãããããå°éã§ããªãå Žå ã®ã¿ãããã©ã«ããå€æŽããŸãã ä»®æ³ IP ããŒã« ããŒã«ãããã¯ãŒã¯:ããã¯ãç¹å®ã® IP ç¯å²ãã SSL ã¯ã©ã€ã¢ã³ãã« IP ã¢ãã¬ã¹ãé åžãããã㫠䜿çšãããä»®æ³ IP ã¢ãã¬ã¹ããŒã«ã§ããããã©ã«ãã§ã¯ããVPN ããŒã« (SSL)ããéžæãããŠã㟠ããå¥ã®ã¢ãã¬ã¹ããŒã«ãéžæããå Žåã¯ãããããã¹ã¯ã 29 ããã以äžã«ããå¿ èŠããããŸããã ã®çç±ã¯ãOpenVPN ã¯ããããã¹ã¯ã /30ã/31ããŸã㯠/32 ã®ã¢ãã¬ã¹ããŒã«ãæ±ããªããã㧠ãã D up lic ate ( éè€) CN ãŠãŒã¶ãç°ãªã IP ã¢ãã¬ã¹ããåæã«æ¥ç¶ã§ããããã«ããå Žåã¯ãã1ãŠãŒã¶åœããã®è€æ°åæ æ¥ç¶ãèš±å¯ ããéžæããŸããç¡å¹ã«ãããšããŠãŒã¶ããã 1ã€ã®åæ SSL VPN æ¥ç¶ã®ã¿ãå¯èœã« ãªããŸãã 16.1.3 詳现 ãSSL > 詳现 ãã¿ãã§ãæå·åèšå®ãå§çž®èšå®ããããã°èšå®ãªã©ãåçš®ã®é«åºŠãªãµãŒããªãã·ã§ã³ ãèšå®ã§ããŸãã 泚 â ãã®ã¿ãã¯ããµã€ãé VPN > SSLãããã³ããªã¢ãŒãã¢ã¯ã»ã¹ > SSLãã§åãã§ããããã§å ããå€ æŽã¯ãåžžã«äž¡æ¹ã® SSL èšå®ã«åœ±é¿ãäžããŸãã 446 UTM 9 管çã¬ã€ã 16 ãªã¢ãŒãã¢ã¯ã»ã¹ 16.1 SSL ã æå·åèšå®ã ãããã®èšå®ã§ããã¹ãŠã®SSL VPNãªã¢ãŒãã¢ã¯ã»ã¹ã¯ã©ã€ã¢ã³ãã®æå·åãã©ã¡ãŒã¿ãå¶åŸ¡ã㟠ãã l l æå·åã¢ã«ãŽãªãºã :æå·åã¢ã«ãŽãªãºã ã¯ãVPN ãã³ãã«ãéããŠéä¿¡ãããããŒã¿ã®æ å·åã«äœ¿çšããã¢ã«ãŽãªãºã ãæå®ããŸãã以äžã®ã¢ã«ãŽãªãºã ããµããŒããããŠããŸãã ãããã¯ãã¹ãŠ æå·ãããã¯é£é (Cipher Block Chaining) (CBC) ã¢ãŒãã§åäœããŸãã l DES-EDE3-CBC l AES-128-CBC (128ããã) l AES-192-CBC (192ããã) l AES-256-CBC (256ããã) l BF-CBC (Blowfish (128ããã)) èªèšŒã¢ã«ãŽãªãºã :èªèšŒã¢ã«ãŽãªãºã ã¯ãVPN ãã³ãã«ãéããŠéä¿¡ãããããŒã¿ã®å®å šæ§ ãã§ãã¯ã«äœ¿çšããã¢ã«ãŽãªãºã ãæå®ããŸãã以äžã®ã¢ã«ãŽãªãºã ããµããŒããããŠã㟠ãã l MD5 (128ããã) l SHA-1 (160ããã) l éµãµã€ãº:éµãµã€ãº (éµã®é·ã) ãšã¯ãDiffie-Hellman éµäº€æã®é·ãã§ããéµãé·ããã°é·ã ã»ã©ã察称éµã¯ã»ãã¥ã¢ã«ãªããŸããé·ãã¯ãããåäœã§æå®ããŸãã1024ããããŸã㯠2048 ãããã®éµãµã€ãºãéžæã§ããŸãã l ãµãŒã蚌ææž:SSL VPN ãµãŒããã¯ã©ã€ã¢ã³ãã«å¯ŸããŠèªãã®èº«å ã蚌æããããã«äœ¿çš ããããŒã«ã« SSL 蚌ææžãéžæããŸãã l éµã©ã€ãã¿ã€ã :éµã®æå¹æéãå ¥åããŸããããã©ã«ã㯠28,800ç§ã§ãã å§çž®èšå® SSL VPN ãã©ãã£ãã¯ã®å§çž®:æå¹ã«ãããšãSSL VPN ãã³ãã«ãéããŠéä¿¡ããããã¹ãŠã®ããŒã¿ ã¯ãæå·åã®åã«å§çž®ãããŸãã ãããã° èšå® ãããã°ã¢ãŒãã®æå¹å:ãããã°ã¢ãŒããæå¹ã«ãããšããããã°ã«åœ¹ç«ã€å€ãã®æ å ±ã SSL VPN ãã°ãã¡ã€ã«ã«å«ãŸããŸãã UTM 9 管çã¬ã€ã 447 16.2 PPTP 16 ãªã¢ãŒãã¢ã¯ã»ã¹ 16.2 PPTP PPTP (Point-to-Point Tunneling Protocol) ã«ãããåäžã®ã€ã³ã¿ãŒãããããŒã¹ã®ãã¹ãã¯ãæå·åã ã³ãã«ãéããŠå éšãããã¯ãŒã¯ãµãŒãã¹ã«ã¢ã¯ã»ã¹ããããšãå¯èœã«ãªããŸããPPTP ã®èšå®ã¯ 容æã§ãMicrosoft Windows ã·ã¹ãã ã§ã¯ç¹å¥ãªã¯ã©ã€ã¢ã³ããœãããŠã§ã¢ã¯å¿ èŠãããŸããã PPTP 㯠Windows 95 以éã® Microsoft Windows ããŒãžã§ã³ã«å«ãŸããŠããŸããPPTP ãSophos UTM ã§äœ¿çšããã«ã¯ãã¯ã©ã€ã¢ã³ãã³ã³ãã¥ãŒã¿ãMSCHAPv2 èªèšŒãããã³ã«ããµããŒãããããšãå¿ èŠ ã§ããWindows 95 ããã³ 98 ã®ãŠãŒã¶ããã®ãããã³ã«ããµããŒãããã«ã¯ãã·ã¹ãã ã«æŽæ°ãã ã±ãŒãžãé©çšããå¿ èŠããããŸãã 16.2.1 ã°ããŒãã« ã°ããŒãã« PPTP ãªãã·ã§ã³ãèšå®ããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ãã°ããŒãã« ãã¿ãã§ãPPTP ãªã¢ãŒãã¢ã¯ã»ã¹ãæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«ãªãããã¡ã€ã³èšå® ããšãªã¢ãç·šéå¯èœã«ãªããŸãã 2. 次ã®èšå®ãè¡ããŸãã èªèšŒèŠæ±å :èªèšŒã¡ã«ããºã ãéžæããŸããPPTP ãªã¢ãŒãã¢ã¯ã»ã¹ã¯ãããŒã«ã«èªèšŒãš RADIUS èªèšŒã®ã¿ããµããŒãããŸãã l ããŒã«ã«:ãããŒã«ã« ããéžæããå ŽåãPPTP ãªã¢ãŒãã¢ã¯ã»ã¹ã䜿çšã§ããããã«ãã ãŠãŒã¶ãšãŠãŒã¶ã°ã«ãŒããæå®ããŠãã ãããããã¯ãšã³ãã®ãŠãŒã¶ã°ã«ãŒãããã£ãŒ ã«ãã«ãã©ãã°ããããšã¯ã§ããŸããããŠãŒã¶ã¢ã«ãŠã³ããæå®ãããŸã§ã¯ãPPTP 㪠ã¢ãŒãã¢ã¯ã»ã¹ã¯ã¢ã¯ãã£ãã«ã§ããŸããã 泚 â éžæãããŠãŒã¶ã®ãŠãŒã¶åãšãã¹ã¯ãŒãã«ã¯å°å·å¯èœãª ASCII æåããäœ¿çš ã§ããªãããšããããŸã (1)ã 泚 â SSL VPNåæ§ããŠãŒã¶ããŒã¿ã«ã®ããªã¢ãŒãã¢ã¯ã»ã¹ ãã¡ãã¥ãŒã«ã¢ã¯ã»ã¹ã§ãã ã®ã¯ãããŠãŒã¶ãšã°ã«ãŒããããã¯ã¹ã§éžæããããŠãŒã¶ãšããŠãŒã¶å®çŸ©ãUTMã«å® 1http://en.wikipedia.org/wiki/ASCII#ASCII_printable_characters 448 UTM 9 管çã¬ã€ã 16 ãªã¢ãŒãã¢ã¯ã»ã¹ 16.2 PPTP 矩ãããŠãããŠãŒã¶ã®ã¿ã§ãããŠãŒã¶ããŒã¿ã«ãžã®ãã°ã€ã³ã«æåããèš±å¯ãŠãŒ ã¶ã«ã¯ãã€ã³ã¹ããŒã«æé (Sophos ãµããŒãããŒã¿ããŒã¹ã§å ¥æå¯èœ) ãžã®ãªã³ã¯ã æäŸãããŸãã l RADIUS:RADIUS ã¯ãRADIUS ãµãŒããäºåã«èšå®ããŠããå Žåã«ã®ã¿éžæã§ã㟠ãããã®èªèšŒæ¹æ³ã§ã¯ããŠãŒã¶ã¯å€éš RADIUS ãµãŒãã«å¯ŸããŠèªèšŒãããŸãããã® ãµãŒãã¯ãå®çŸ©ãšãŠãŒã¶ > èªèšŒãµãŒã > ãµãŒã ãã¿ãã§èšå®ã§ããŸããããŠãŒã¶ãšã° ã«ãŒãããã€ã¢ãã°ããã¯ã¹ãã°ã¬ãŒã¢ãŠã衚瀺ãããŸãããã®èšå®ã¯ãŸã å€æŽã§ã㟠ããã圱é¿ã¯ãããŸãããRADIUS ãµãŒã㯠MSCHAPv2 ãã£ã¬ã³ãž/å¿çèªèšŒããµ ããŒãããå¿ èŠããããŸãããµãŒãã¯ã¯ã©ã€ã¢ã³ãã® IP ã¢ãã¬ã¹ã DNS/WINS ãµãŒã ã¢ãã¬ã¹ãªã©ã®ãã©ã¡ãŒã¿ãæ»ãããšãã§ããŸããPPTP ã¢ãžã¥ãŒã«ã¯ãNAS-ID ãšã㊠ãpptpãã RADIUS ãµãŒãã«éä¿¡ããŸããRADIUS èªèšŒãéžæããå Žåã¯ãããŒã«ã« ãŠãŒã¶ã¯ PPTP ã§ã¯èªèšŒã§ããªããªãããšã«æ³šæããŠãã ãããããã«ãã¯ã©ã€ã¢ã³ã㯠MSCHAPv2 èªèšŒããµããŒãããå¿ èŠãããããšã«ã泚æããŠãã ããã IP ã¢ãã¬ã¹ã®å²åœãŠ:IP ã¢ãã¬ã¹ã¯ãäºåã«å®çŸ©ãã IP ã¢ãã¬ã¹ããŒã«ããå²ãåœãŠãããš ããDHCP ãµãŒãã䜿çšããŠèªåçã«é åžããããšãã§ããŸãã l IP ã¢ãã¬ã¹ããŒã«:PPTP ã«ãã£ãŠãªã¢ãŒãã¢ã¯ã»ã¹ããã¯ã©ã€ã¢ã³ãã«ç¹å®ã® IP ç¯å² ãã IP ã¢ãã¬ã¹ãå²ãåœãŠãå Žåã¯ããã®ãªãã·ã§ã³ãéžæããŸããããã©ã«ãã§ã¯ã ãã©ã€ããŒã IP ã¹ããŒã¹ 10.242.1.0/24 ã®ã¢ãã¬ã¹ãå²ãåœãŠãããŸãããã®ãã ãã¯ãŒã¯å®çŸ©ã¯ VPN ããŒã« (PPTP) ãšåŒã°ãããã¹ãŠã®ãããã¯ãŒã¯åºæã®èšå®ãª ãã·ã§ã³ã§äœ¿çšã§ããŸããç°ãªããããã¯ãŒã¯ã䜿çšããå Žåã¯ãVPNããŒã« (PPTP) ã®å®çŸ©ããå®çŸ©ãšãŠãŒã¶ > ãããã¯ãŒã¯å®çŸ© ãããŒãžã§å€æŽããŸãããŸãã¯ããããŒã« ãããã¯ãŒã¯ ãããã¹ãããã¯ã¹ã®é£ãã®ãïŒãã¢ã€ã³ã³ãã¯ãªãã¯ããŠãå¥ã® IP ã¢ãã¬ã¹ ããŒã«ãäœæããããšãã§ããŸãã l DHCPãµãŒã:ãDHCP ãµãŒã ããéžæããå ŽåãDHCP ãµãŒããæ¥ç¶ã«äœ¿çšãããã ãã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ãæå®ããŠãã ãããDHCPãµãŒãã¯ã€ã³ã¿ãã§ãŒã¹ã«çŽæ¥æ¥ç¶ ããå¿ èŠã¯ãããŸãããã«ãŒã¿ãä»ããŠãã¢ã¯ã»ã¹ã§ããŸããããŒã«ã« DHCP ãµãŒã ã¯ãµããŒããããŸãããããã§éžæãã DHCP ãµãŒãã¯ãç©ççã«ç°ãªãã·ã¹ãã äž ã§çšŒåããŠããå¿ èŠããããŸãã 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã ã©ã€ãã ã° PPTP ããŒã¢ã³ã©ã€ããã°ã¯ããã¹ãŠã® PPTP ãªã¢ãŒãã¢ã¯ã»ã¹ã¢ã¯ãã£ããã£ããã°ããŸãããã¿ã³ ãã¯ãªãã¯ããŠãæ°ãããŠã£ã³ããŠã§ã©ã€ããã°ãéããŸãã UTM 9 管çã¬ã€ã 449 16.2 PPTP 16 ãªã¢ãŒãã¢ã¯ã»ã¹ 16.2.2 iOS ããã€ã¹ ãŠãŒã¶ããŒã¿ã«ã§ iOS ããã€ã¹ãŠãŒã¶ã«å¯Ÿã PPTP ã®èªåèšå®ãæäŸããããšãã§ããŸãã ãã ãããã°ã«ãŒãã« ãã¿ãã®ããŠãŒã¶ãšã°ã«ãŒããããã¯ã¹ã«è¿œå ããããŠãŒã¶ã®ã¿ã«å¯ŸããŠããŠãŒ ã¶ããŒã¿ã«ãµã€ãã«èšå®ãã¡ã€ã«ã衚瀺ãããŸããiOS ããã€ã¹ã®ã¹ããŒã¿ã¹ã¯ããã©ã«ãã§æå¹ ã«ãªã£ãŠããŸãã ã³ãã¯ã·ã§ã³å:PPTP æ¥ç¶ã説æããååãå ¥åããiOS ããã€ã¹ã®ãŠãŒã¶ãã©ã®æ¥ç¶ã確ç«ãã ããšããŠããã®ãèå¥ã§ããããã«ããŸããããã©ã«ãã®ååã¯ãã客æ§ã®äŒç€Ÿåã®åŸã« PPTP ã ããã³ã«ãç¶ãããã®ã«ãªããŸãã 泚 â ãã³ãã¯ã·ã§ã³å ãã¯ãã¹ãŠã® iOS ããã€ã¹èšå® (PPTPãL2TP over IPsecãCisco VPN Client) ã§äžæã§ããå¿ èŠããããŸãã ãã¹ãåãäžæžã:ã·ã¹ãã ã®ãã¹ãåãã¯ã©ã€ã¢ã³ãããããªãã¯ã«è§£æ±ºã§ããªãå Žåã¯ãããã« ãµãŒãã®ãã¹ãåãå ¥åããŠãããã«ãã£ãŠãã·ã¹ãã ã® DNS ãã¹ãå ãã®åã®ãDynDNS ãã¹ãå ã ã®å éšèšå®ãäžæžãããŸãã iOS ããã€ã¹ã®èªåèšå®ãç¡å¹ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã°ã¬ãŒã«å€ãããŸãã 16.2.3 詳现 ããªã¢ãŒãã¢ã¯ã»ã¹ > PPTP > 詳现 ãã¿ãã§ãæå·åã®åŒ·åºŠãš PPTP ãªã¢ãŒãã¢ã¯ã»ã¹ã«é¢ããããã ã°åºåéãèšå®ã§ããŸããPPTP ã®è©³çŽ°ãªãã·ã§ã³ã¯ãPPTP ãªã¢ãŒãã¢ã¯ã»ã¹ã®ã¹ããŒã¿ã¹ããã° ããŒãã« ãã¿ãã§æå¹ã«ãªã£ãŠããªããšèšå®ã§ããŸããã æå·åŒ·åºŠ 匷ã (128ããã) ãŸãã¯åŒ±ã (40ããã) ãã³ãã«æå·åãéžæã§ããŸã (MPPE)ã128ãããæå·åã ãµããŒãããªããšã³ããã€ã³ãããªãéãã匱ãæå·åã¯äœ¿çšããªãã§ãã ããã ãããã° ã¢ãŒã ãããã°ã¢ãŒãã®æå¹å:ãã®ãªãã·ã§ã³ã§ãPPTP ãã°ã§çæããããããã°åºåã®éãå¶åŸ¡ã㟠ããæ¥ç¶ã§åé¡ãçºçããã¯ã©ã€ã¢ã³ããã©ã¡ãŒã¿ã®ããŽã·ãšãŒã·ã§ã³ã«é¢ãã詳现ãªæ å ±ãå¿ èŠ ã§ããå Žåãªã©ã«ããã®ãªãã·ã§ã³ãéžæããŸãã 450 UTM 9 管çã¬ã€ã 16 ãªã¢ãŒãã¢ã¯ã»ã¹ 16.3 L2TP over IPsec 16.3 L2TP over IPsec L2TP (Layer Two (2) Tunneling Protocolã®ç¥ç§°) ãšã¯ãæ¢åã®ãããã¯ãŒã¯ (éåžžã¯ã€ã³ã¿ãŒããã) ã ä»ã㊠2ã€ã®ãã¢éã§ãããã¯ãŒã¯ãã©ãã£ãã¯ããã³ããªã³ã°ããããã®ããŒã¿ãªã³ã¯ã¬ã€ã€ (OSI ã¢ãŒ ãã®ã¬ã€ã€2) ãããã³ã«ã§ãããVPN ãšãåŒã³ãŸããL2TP ãããã³ã«ã«ã¯æ©å¯æ§ãæ¬ ãããããå€ã ã®å Žåã¯æ©å¯æ§ãèªèšŒãå®å šæ§ãæäŸãã IPsec ãšçµã¿åãããŠäœ¿çšããŸããããã 2ã€ã®ããã ã³ã«ã®çµã¿åãããå¥åãL2TP over IPsecããšåŒã³ãŸããL2TP over IPsec ã䜿çšãããšãPPTP ãš åãæ©èœãæäŸããªãããæå·åããã IPsec ãã³ãã«çµç±ã®ãããã¯ãŒã¯ã¢ã¯ã»ã¹ãåã ã®ãã¹ ãã«æäŸããããšãã§ããŸãã 16.3.1 ã°ããŒãã« ãL2TP over IPsec > ã°ããŒãã« ãã¿ãã§ã¯ãL2TPover IPsec çµç±ã®ãªã¢ãŒãã¢ã¯ã»ã¹ãã»ããã¢ããã ãããã®åºæ¬ãªãã·ã§ã³ãèšå®ã§ããŸãã L2TP over IPsec ã䜿çšããã«ã¯ã次ã®æé ã«åŸã£ãŠãã ããã 1. ãã°ããŒãã« ãã¿ãã§ãL2TP over IPsec ãæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«ãªããããµãŒãèšå®ããã³ IP ã¢ãã¬ã¹å²ãåœãŠ ããšãªã¢ãç·šé å¯èœã«ãªããŸãã 2. 次ã®èšå®ãè¡ããŸãã ã€ã³ã¿ãã§ãŒã¹:L2TP VPN ã¢ã¯ã»ã¹ã«äœ¿çšãããããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ãéžæããŸãã èªèšŒã¢ãŒã:以äžã®èªèšŒã¢ãŒãããéžæã§ããŸãã l äºåå ±æéµ:äºåå ±æéµãšããŠäœ¿çšããããã¹ã¯ãŒããå ¥åããŸããäºåå ±æéµ æ¹ åŒã§ã¯ãéä¿¡ãè¡ãåã«ãéä¿¡åœäºè éã§å ±æã·ãŒã¯ã¬ããã亀æããŸããéä¿¡ã®ã ãã«ã¯ãã·ãŒã¯ã¬ãããç¥ã£ãŠããããšãäž¡è ã蚌æããŸããå ±æã·ãŒã¯ã¬ãããš ã¯ãL2TP çšã®æå·åã¢ã«ãŽãªãºã ã䜿çšããŠãã©ãã£ãã¯ãæå·åããããã«äœ¿çšã ããå®å šãªãã¬ãŒãºãŸãã¯ãã¹ã¯ãŒãã§ããã»ãã¥ãªãã£ãé«ããããã«ãå ±æã·ãŒã¯ ã¬ããã匷åããé©åãªææ³ããšãå¿ èŠããããŸããå ±æã·ãŒã¯ã¬ããã®ã»ãã¥ãªã㣠ã¯ããã¹ã¯ãŒãã®å質ãšããããã©ãã ãå®å šã«äŒéãããã«ããã£ãŠããŸããäž è¬çãªèšèããæããã¹ã¯ãŒãã¯ãèŸæžæ»æã«å¯ŸããŠéåžžã«è匱ã§ãããã®ããã å ±æã·ãŒã¯ã¬ããã¯éåžžã«é·ãããããŸããŸãªæåã倧æåãæ°åãçµã¿åãããå¿ èŠããããŸãããã®ãããäºåå ±æã·ãŒã¯ã¬ããã䜿çšããèªèšŒæ¹åŒã¯ãå¯èœãªéã UTM 9 管çã¬ã€ã 451 16.3 L2TP over IPsec 16 ãªã¢ãŒãã¢ã¯ã»ã¹ 蚌ææžæ¹åŒã«åãæ¿ããå¿ èŠããããŸãã 泚 â iOS ããã€ã¹ã§ã¯ PSK èªèšŒã®ã¿ããµããŒããããŠãããããiOS ããã€ã¹ãž ã®ã¢ã¯ã»ã¹ãæå¹ã«ããããã«ã¯ãäºåå ±æéµ ãéžæããå¿ èŠããããŸãã l X.509 CA ãã§ãã¯:X.509 蚌ææžã«ãããåå è ã®å€ã倧èŠæš¡ãª VPN ã»ããã¢ããã§ã® å ¬éèªèšŒéµã®äº€æã容æã«ãªããŸãããããã CA ã VPN ãšã³ããã€ã³ãã®å ¬ééµ ãåéããŠãã§ãã¯ããåã¡ã³ãã«å¯ŸããŠèšŒææžãçºè¡ããŸãã蚌ææžã«ã¯ããã¢ã®ã¢ ã€ãã³ãã£ãã£ãšå ¬ééµãå«ãŸããŠããŸãã蚌ææžã¯ããžã¿ã«çœ²åãããŠããããã æ€åºãããã«ä»äººãåœé 蚌ææžãçºè¡ããããšã¯ã§ããŸããã éµäº€æäžã«èšŒææžã亀æãããããŒã«ã«ä¿åããã CA å ¬ééµã䜿çšããŠæ€èšŒãã ãŸããç¶ããŠãå ¬ééµãšãã©ã€ããŒãéµã䜿çšã㊠VPN ãšã³ããã€ã³ãã®å®éã®èªèšŒ ãè¡ãããŸãããã®èªèšŒã¢ãŒãã䜿çšããããã«ã¯ãX.509 蚌ææžãéžæããŸãã X.509 èªèšŒãæ©èœããããã«ã¯ãããªã¢ãŒãã¢ã¯ã»ã¹ > 蚌ææžç®¡ç > èªèšŒå± (CA) ã¿ã ã§æå¹ãª CA ãèšå®ããå¿ èŠããããŸãã IP ã¢ãã¬ã¹ã®å²åœãŠ:IP ã¢ãã¬ã¹ã¯ãäºåã«å®çŸ©ãã IP ã¢ãã¬ã¹ããŒã«ããå²ãåœãŠãããš ããDHCP ãµãŒãã䜿çšããŠèªåçã«é åžããããšãã§ããŸãã l ããŒã«ãããã¯ãŒã¯:ããã©ã«ãã§ã¯ãIP ã¢ãã¬ã¹ã®å²åœæ¹æ³ãšããŠãIP ã¢ãã¬ã¹ã㌠㫠ããéžæãããŠããããããŒã«ãããã¯ãŒã¯ ãã«ã¯äºåå®çŸ©æžã¿ã®ãVPN ããŒã« (L2TP)ããããã¯ãŒã¯å®çŸ©ãéžæãããŠããŸããVPN ããŒã« (L2TP) ãšã¯ããã©ã€ããŒã ã€ã³ã¿ãŒãããçšã® IP ã¢ãã¬ã¹ã¹ããŒã¹ 10.x.x.x ããã¯ã©ã¹ C ãµããããã䜿çšã ãŠã©ã³ãã ã«çæããããããã¯ãŒã¯ã§ããããã¯ããŠãŒã¶ãæ¥ç¶å ãšããŠå°çšã®ã¢ ãã¬ã¹ããŒã«ãæã€ããšãä¿èšŒãããã®ã§ãããéåžžã¯äžåå€æŽããå¿ èŠããããŸã ããå¥ã®ãããã¯ãŒã¯ã䜿çšãããå Žåã¯ããVPN ããŒã« (L2TP)ãã®å®çŸ©ãå€æŽãã ãããã㧠IP ã¢ãã¬ã¹ããŒã«ãšããŠä»ã®ãããã¯ãŒã¯ãå²ãåœãŠãŸãã 泚 â L2TP VPN ããŒã«ã«å¯ŸããŠãã©ã€ããŒã IP ã¢ãã¬ã¹ã䜿çšããŠãããã€ã³ã¿ãŒ ããããžã®ã¢ã¯ã»ã¹ã« IPsec ãã¹ããèš±å¯ãããå Žåãé©åãªãã¹ã«ã¬ãŒãã£ã³ã°ãŸ ã㯠NAT ã«ãŒã«ã IP ã¢ãã¬ã¹ããŒã«ã«çšæããå¿ èŠããããŸãã l DHCPãµãŒã:ãDHCP ãµãŒã ããéžæããå ŽåãDHCP ãµãŒããæ¥ç¶ã«äœ¿çšãããã ãã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ãæå®ããŠãã ãããDHCPãµãŒãã¯ã€ã³ã¿ãã§ãŒã¹ã«çŽæ¥æ¥ç¶ ããå¿ èŠã¯ãããŸãããã«ãŒã¿ãä»ããŠãã¢ã¯ã»ã¹ã§ããŸããããŒã«ã« DHCP ãµãŒã ã¯ãµããŒããããŸãããããã§éžæãã DHCP ãµãŒãã¯ãç©ççã«ç°ãªãã·ã¹ãã äž ã§çšŒåããŠããå¿ èŠããããŸãã 452 UTM 9 管çã¬ã€ã 16 ãªã¢ãŒãã¢ã¯ã»ã¹ 16.3 L2TP over IPsec 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã èšå®ããã£ã³ã»ã«ããã«ã¯ãã¢ã³ããŒè²ã®ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ã¢ã¯ã»ã¹å¶åŸ¡ èªèšŒèŠæ±å :L2TP ãªã¢ãŒãã¢ã¯ã»ã¹ã¯ãããŒã«ã«èªèšŒãš RADIUS èªèšŒã®ã¿ããµããŒãããŸãã l ããŒã«ã«:ãããŒã«ã« ããéžæããå ŽåãL2TP ãªã¢ãŒãã¢ã¯ã»ã¹ã䜿çšã§ããããã«ãããŠãŒã¶ ãšãŠãŒã¶ã°ã«ãŒããæå®ããŠãã ãããããã¯ãšã³ãã®ãŠãŒã¶ã°ã«ãŒãããã£ãŒã«ãã«ãã©ãã° ããããšã¯ã§ããŸãããããŒã«ã«ãŠãŒã¶ã®å Žåãéåžžã®æ¹æ³ã§ãŠãŒã¶ãè¿œå ãããããã® ãŠãŒã¶ã«å¯Ÿã㊠L2TP ãæå¹ã«ããŸãããŠãŒã¶ãŸãã¯ã°ã«ãŒããéžæããªãå ŽåãL2TP 㪠ã¢ãŒãã¢ã¯ã»ã¹ã¯ãªãã«ãªããŸãã 泚 â éžæãããŠãŒã¶ã®ãŠãŒã¶åãšãã¹ã¯ãŒãã«ã¯å°å·å¯èœãª ASCII æåãã䜿çšã§ã㪠ãããšããããŸã (1)ã 泚 âSSLVPNåæ§ããŠãŒã¶ããŒã¿ã«ã®ããªã¢ãŒãã¢ã¯ã»ã¹ ãã¡ãã¥ãŒã«ã¢ã¯ã»ã¹ã§ããã®ã¯ã ããŠãŒã¶ãšã°ã«ãŒããããã¯ã¹ã§éžæããããŠãŒã¶ãšããŠãŒã¶å®çŸ©ãUTMã«å®çŸ©ãããŠãã ãŠãŒã¶ã®ã¿ã§ããèªèšŒã¢ãŒãã«å¿ããŠããŠãŒã¶ããŒã¿ã«ãžã®ãã°ã€ã³ã«æåããèªèšŒãŠãŒ ã¶ã«ã¯ãIPsec äºåå ±æéµ (èªèšŒã¢ãŒããäºåå ±æéµ ã) ãŸã㯠PKCS#12 ãã¡ã€ã« (èªèšŒ ã¢ãŒããX.509 CA ãã§ã㯠ã) ãªãã³ã«ã€ã³ã¹ããŒã«æé (Sophos ãµããŒãããŒã¿ããŒã¹ã§å ¥ æå¯èœ) ãžã®ãªã³ã¯ãæäŸãããŸãã l RADIUS:ãRADIUSããéžæãããšãèªèšŒèŠæ±ã¯ RADIUS ãµãŒãã«è»¢éãããŸããL2TP 㢠ãžã¥ãŒã«ã¯ãNAS-IDãšããŠãl2tpãã RADIUS ãµãŒãã«éä¿¡ããŸãã ã¯ã©ã€ã¢ã³ããšãµãŒãéã§ãèªèšŒã¢ã«ãŽãªãºã ã®ããŽã·ãšãŒã·ã§ã³ãèªåçã«è¡ãããŸããããŒã« ã«ãŠãŒã¶ã«å¯ŸããSophos UTMã¯æ¬¡ã®èªèšŒãããã³ã«ããµããŒãããŠããŸãã l MSCHAPv2 l PAP ããã©ã«ãã§ãWindows ã¯ã©ã€ã¢ã³ã㯠MSCHAPv2 ãããŽã·ãšãŒã·ã§ã³ããŸãã RADIUSãŠãŒã¶ã«å¯ŸããSophos UTMã¯æ¬¡ã®èªèšŒãããã³ã«ããµããŒãããŠããŸãã 1http://en.wikipedia.org/wiki/ASCII#ASCII_printable_characters UTM 9 管çã¬ã€ã 453 16.3 L2TP over IPsec l MSCHAPv2 l MSCHAP l CHAP l PAP 16 ãªã¢ãŒãã¢ã¯ã»ã¹ 16.3.2 iOS ããã€ã¹ ãŠãŒã¶ããŒã¿ã«ã§ iOS ããã€ã¹ãŠãŒã¶ã«å¯Ÿãèªå L2TP over IPsec èšå®ãæäŸããããšãã§ã㟠ãã ãã ãããã°ã«ãŒãã« ãã¿ãã®ããŠãŒã¶ãšã°ã«ãŒããããã¯ã¹ã«è¿œå ããããŠãŒã¶ã®ã¿ã«å¯ŸããŠããŠãŒ ã¶ããŒã¿ã«ãµã€ãã«èšå®ãã¡ã€ã«ã衚瀺ãããŸããiOS ããã€ã¹ã®ã¹ããŒã¿ã¹ã¯ããã©ã«ãã§æå¹ ã«ãªã£ãŠããŸãã ã³ãã¯ã·ã§ã³å:L2TP over IPsec æ¥ç¶ã説æããååãå ¥åããiOS ããã€ã¹ã®ãŠãŒã¶ãã©ã®æ¥ç¶ ã確ç«ããããšããŠããã®ãèå¥ã§ããããã«ããŸããããã©ã«ãã®ååã¯ãã客æ§ã®äŒç€Ÿåã®åŸ ã« L2TP over IPsec ãããã³ã«ãç¶ãããã®ã«ãªããŸãã 泚 â ãã³ãã¯ã·ã§ã³å ãã¯ãã¹ãŠã® iOS ããã€ã¹èšå® (PPTPãL2TP over IPsecãCisco VPN Client) ã§äžæã§ããå¿ èŠããããŸãã ãã¹ãåãäžæžã:ã·ã¹ãã ã®ãã¹ãåãã¯ã©ã€ã¢ã³ãããããªãã¯ã«è§£æ±ºã§ããªãå Žåã¯ãããã« ãµãŒãã®ãã¹ãåãå ¥åããŠãããã«ãã£ãŠãã·ã¹ãã ã® DNS ãã¹ãå ãã®åã®ãDynDNS ãã¹ãå ã ã®å éšèšå®ãäžæžãããŸãã iOS ããã€ã¹ã®èªåèšå®ãç¡å¹ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã°ã¬ãŒã«å€ãããŸãã 16.3.3 ãããã° IKE ãããã° ãIKE ãããã°ãã»ã¯ã·ã§ã³ã§ IKE ãããã°ãªãã·ã§ã³ãèšå®ã§ããŸããã©ã®ã¿ã€ãã® IKE ã¡ãã»ãŒãžãŸ ãã¯éä¿¡ã«ã€ããŠãããã°åºåãäœæãããã¯ãã§ãã¯ããã¯ã¹ã§éžæããŸãã 454 UTM 9 管çã¬ã€ã 16 ãªã¢ãŒãã¢ã¯ã»ã¹ 16.4 IPsec 泚 â ãIKE ãããã°ãã»ã¯ã·ã§ã³ã¯ãããµã€ãé VPN IPsecããããªã¢ãŒãã¢ã¯ã»ã¹ IPsecãããL2TP over IPsecããããã³ãCisco VPN ã¯ã©ã€ã¢ã³ããã¡ãã¥ãŒã®ããããã°ãã¿ãã§åããã®ã䜿çšãããŠã㟠ãã 以äžã®ãã©ã°ããã°ã§ããŸãã l ã³ã³ãããŒã«ãããŒ:IKE ã¹ããŒãã®ã³ã³ãããŒã«ã¡ãã»ãŒãžã衚瀺ããŸãã l ã¢ãŠãããŠã³ããã±ãã:éä¿¡ IKE ã¡ãã»ãŒãžã®ã³ã³ãã³ãã衚瀺ããŸãã l ã€ã³ããŠã³ããã±ãã:åä¿¡ IKE ã¡ãã»ãŒãžã®ã³ã³ãã³ãã衚瀺ããŸãã l ã«ãŒãã«ã¡ãã»ãŒãž:ã«ãŒãã«ãšã®éä¿¡ã¡ãã»ãŒãžã衚瀺ããŸãã l åé·æ§æ (HA)ãã®ä»ã® HA ããŒããšã®éä¿¡ã衚瀺ããŸãã L2 TP ãããã° ããããã°ã¢ãŒããæå¹ã«ããããéžæãããšãIPsec VPN ãã°ãã¡ã€ã«ã«ãL2TP ãŸã㯠PPP æ¥ç¶ ããŽã·ãšãŒã·ã§ã³ã«é¢ããå€ãã®æ å ±ãå«ãŸããããã«ãªããŸãã 16.4 IPsec IPsec (IP Security) ãšã¯ããã¹ãŠã® IP ãã±ãããæå·åãŸãã¯èªèšŒããããš (ãããã¯ãã®äž¡æ¹) ã« ãã£ãŠ IP (ã€ã³ã¿ãŒããããããã³ã«) éä¿¡ã®ã»ãã¥ãªãã£ãç¶æããããã®æšæºã§ãã IPsec æšæºã¯ã次㮠2ã€ã®ãµãŒãã¹ã¢ãŒããš 2ã€ã®ãããã³ã«ãå®çŸ©ããŠããŸãã l ãã©ã³ã¹ããŒãã¢ãŒã l ãã³ãã«ã¢ãŒã l AH (èªèšŒããã) èªèšŒãããã³ã« l ESP (ã«ãã»ã«åã»ãã¥ãªãã£ãã€ããŒã) æå·å (ããã³èªèšŒ) ãããã³ã« IPsec ã«ã¯ãSA (ã»ãã¥ãªãã£ã¢ãœã·ãšãŒã·ã§ã³) ãšéµé åžãæåããã³èªåã§ç®¡çããããã®æ¹æ³ ãçšæãããŠããŸãããããã®ç¹åŸŽã¯ãDOI (解éãã¡ã€ã³) ã§äžå 管çãããŠããŸãã IPsec ã¢ãŒã IPsec ã¯ããã©ã³ã¹ããŒãã¢ãŒããŸãã¯ãã³ãã«ã¢ãŒãã§æ©èœããŸããååçã«ããã¹ãéæ¥ç¶ã§ã¯ã© ã¡ãã®ã¢ãŒãã䜿çšã§ããŸãããã ããããããã®ãšã³ããã€ã³ããã»ãã¥ãªãã£ã²ãŒããŠã§ã€ã§ãã UTM 9 管çã¬ã€ã 455 16.4 IPsec 16 ãªã¢ãŒãã¢ã¯ã»ã¹ å Žåããã³ãã«ã¢ãŒãã䜿çšããå¿ èŠããããŸãããã® UTM ã§ã® IPsec VPN æ¥ç¶ã§ã¯ãåžžã«ãã³ã ã«ã¢ãŒãã䜿çšãããŸãã ãã©ã³ã¹ããŒãã¢ãŒãã§ã¯ãå ã® IP ãã±ããã¯ä»ã®ãã±ããã«ã«ãã»ã«åãããŸãããå ã® IP ãã ãã¯ç¶æããããã±ããã®æ®ãã®éšåã¯å¹³æã®ãŸãŸ (AH) ãŸãã¯ã«ãã»ã«åãã㊠(ESP) éä¿¡ãã ãŸãããã±ããå šäœã AH ã§èªèšŒããããšããESP ã§ãã€ããŒããã«ãã»ã«åããŠèªèšŒããããšãã§ã ãŸãããããã®å Žåããå ã®ãããã¯å¹³æãšã㊠WAN çµç±ã§éä¿¡ãããŸãã ãã³ãã«ã¢ãŒãã§ã¯ããã±ããããããšãã€ããŒãã®å šäœãæ°ãã IP ãã±ããã«ã«ãã»ã«åãã㟠ããIP ãããã IP ãã±ããã«è¿œå ãããå®å ã¢ãã¬ã¹ã¯åä¿¡åŽãã³ãã«ãšã³ããã€ã³ãã«èšå®ãã ãŸããã«ãã»ã«åãã±ããã® IP ã¢ãã¬ã¹ã¯å€æŽãªãã§ç¶æãããŸããç¶ããŠãå ã®ãã±ããã AH ã§èªèšŒãããããESP ã§ã«ãã»ã«åãããŠèªèšŒãããŸãã IPsec ãããã³ã« IPsec ã§ã¯ãIP ã¬ãã«ã§å®å šã«éä¿¡ããããã« 2ã€ã®ãããã³ã«ã䜿çšããŸãã l AH (èªèšŒããã):ãã±ããéä¿¡è ãèªèšŒãããã±ããããŒã¿ã®å®å šæ§ãä¿èšŒããããã®ããã ã³ã«ã l ã«ãã»ã«åã»ãã¥ãªãã£ãã€ããŒã (ESP):ãã±ããå šäœãæå·åãããã®ã³ã³ãã³ããèªèšŒãã ããã®ãããã³ã«ã AH (èªèšŒããã) ãããã³ã«ã¯ããã±ããããŒã¿ã®ä¿¡é Œæ§ãšå®å šæ§ããã§ãã¯ããŸããããã«ãéä¿¡è ãšåä¿¡è ã® IP ã¢ãã¬ã¹ãéä¿¡äžã«å€æŽãããŠããªãããšããã§ãã¯ããŸãããã±ããã¯ãããã·ã¥ ããŒã¹ã®ã¡ãã»ãŒãžèªèšŒã³ãŒã (HMAC) ãšéµã䜿çšããŠäœæããããã§ãã¯ãµã ã䜿çšããŠèªèšŒã ããŸãã次ã®ããããã®ããã·ã¥ã¢ã«ãŽãªãºã ã䜿çšãããŸãã l MD5 (ã¡ãã»ãŒãžãã€ãžã§ã¹ããããŒãžã§ã³ 5):ãã®ã¢ã«ãŽãªãºã ã§ã¯ãä»»æã®ãµã€ãºã®ã¡ãã»ãŒ ãžãã 128ãããã®ãã§ãã¯ãµã ãçæãããŸãããã®ãã§ãã¯ãµã ã¯ã¡ãã»ãŒãžã®æçŽã®ã ããªãã®ã§ãã¡ãã»ãŒãžãå€æŽããããšãã§ãã¯ãµã ãå€ãããŸãããã®ããã·ã¥å€ã¯ãããžã¿ ã«çœ²åãŸãã¯ã¡ãã»ãŒãžãã€ãžã§ã¹ããšãåŒã°ããŸãã l SHA-1 (ã»ãã¥ã¢ããã·ã¥):ãã®ã¢ã«ãŽãªãºã ã§ã¯ MD5 ãšé¡äŒŒããããã·ã¥ãçæãããŸã ããSHA-1 ããã·ã¥ã¯é·ãã 160ãããã§ããSHA-1 ã¯éµã MD5 ããé·ããããMD5 ãã匷 åãªã»ãã¥ãªãã£ãå®çŸããŸãã MD5 ãšæ¯èŒãããšãSHA-1 ããã·ã¥ã¯èšç®ãé£ãããçæã«å¿ èŠãª CPU æéã¯ããé·ããªããŸãã ãã¡ãããèšç®é床ã¯ãããã»ããµã®åŠçé床ãšSophos UTMã§äœ¿çšããã IPsec VPN æ¥ç¶ã®æ°ã« äŸåããŸãã ESP (ã«ãã»ã«åã»ãã¥ãªãã£ãã€ããŒã) ãããã³ã«ã«ã¯ãæå·å以å€ã«ãéä¿¡è ãèªèšŒãããã±ãã ã³ã³ãã³ããæ€èšŒããæ©èœããããŸãããã³ãã«ã¢ãŒã㧠ESP ã䜿çšãããšãIP ãã±ããå šäœ (ããã 456 UTM 9 管çã¬ã€ã 16 ãªã¢ãŒãã¢ã¯ã»ã¹ 16.4 IPsec ãšãã€ããŒã) ãæå·åãããŸããããã§ãæå·åãããŠããªã IP ããããš ESP ããããã«ãã»ã«å ãããã±ããã«è¿œå ãããŸããæ°ãã IP ãããã«ã¯ãåä¿¡åŽã²ãŒããŠã§ã€ãšéä¿¡åŽã²ãŒããŠã§ã€ã®ã¢ ãã¬ã¹ãå«ãŸããŠããŸãããããã® IP ã¢ãã¬ã¹ã¯ãVPN ãã³ãã«ã®ã¢ãã¬ã¹ã§ãã æå·åä»ãã® ESP ã§ã¯ãé垞次ã®ã¢ã«ãŽãªãºã ã䜿çšãããŸãã l 3DES (ããªãã«ããŒã¿æå·åæšæº) l AES (é«åºŠæå·åæšæº) ãããã®ãã¡ãAES ãæãå®å šã§ããAES ã§äœ¿çšå¯èœãªéµã®æå¹é·ã¯ 128ãããã192ãããã256 ãããã§ããSophos UTMSophos UTM ã¯ãå€æ°ã®æå·åã¢ã«ãŽãªãºã ããµããŒãããŠããŸããèªèšŒã« 㯠MD5 ãŸã㯠SHA-1 ã¢ã«ãŽãªãºã ã䜿çšã§ããŸãã NATãã©ããŒãµã« (NAT-T) NAT ãã©ããŒãµã«ãšã¯ãNAT ããã€ã¹ã䜿çšãã TCP/IP ãããã¯ãŒã¯å ã®ãã¹ãéã§æ¥ç¶ãç¢ºç« ããããã®æè¡ã§ãããã®æ¥ç¶ã¯ãESP ãã±ããã® UDP ã«ãã»ã«åã䜿çšããŠãNAT ããã€ã¹çµ ç±ã§ IPsec ãã³ãã«ã確ç«ããããšã«ãã£ãŠå®çŸããŸããUDP ã«ãã»ã«åã¯ãIPsec ãã¢é㧠NAT ãæ€åºãããå Žåã®ã¿ã«äœ¿çšãããŸããæ€åºãããªãã£ãå Žåã¯ãéåžžã® ESP ãã±ããã䜿çšã ããŸãã NAT ãã©ããŒãµã«ã«ãããã²ãŒããŠã§ã€ãŸãã¯ããŒããŠã©ãªã¢ã NAT ã«ãŒã¿ã®èåŸã«é 眮ããªã ããIPsec ãã³ãã«ã確ç«ã§ããããã«ãªããŸãããã®æ©èœã䜿çšããå Žåãäž¡æ¹ã® IPsec ãã¢ã§ NAT ãã©ããŒãµã«ããµããŒããããŠããå¿ èŠããããŸããããŽã·ãšãŒã·ã§ã³ã¯èªåçã«è¡ãã㟠ããNAT ããã€ã¹ã§ IPsec ãã¹ã¹ã«ãŒããªãã«ãªã£ãŠããããšã確èªããŠãã ããããªã³ã«ãªã£ãŠã ããšãNAT ãã©ããŒãµã«ã®äœ¿çšã«æ¯éãåºãå¯èœæ§ããããŸãã ããŒããŠã©ãªã¢ã§ NAT ãã©ããŒãµã«ã䜿çšããå ŽåãWebAdmin å ã®å¯Ÿå¿ãŠãŒã¶ãªããžã§ã¯ãã«é çãªãªã¢ãŒãã¢ã¯ã»ã¹ IP ã¢ãã¬ã¹ (RAS ã¢ãã¬ã¹) ãèšå®ãããŠããå¿ èŠããããŸã (WebAdmin ã® ããŠãŒã¶ ãããŒãžã®ããªã¢ãŒãã¢ã¯ã»ã¹ã«ã¹ã¿ãã£ã㯠IP ã¢ãã¬ã¹ãäœ¿çš ããåç §ããŠãã ãã) ã ããŒã¿æªéä¿¡æã«ç¢ºç«ããããã³ãã«ãæéåãã«ãªãããšãé²ãããã«ãNAT ãã©ããŒãµã«ã® keep-alive ä¿¡å·ãããã©ã«ã㧠60ç§ééã§éä¿¡ãããŸããkeep-alive ã¡ãã»ãŒãžã¯ãNAT ã«ãŒã¿ã ã»ãã·ã§ã³ã«é¢é£ããã¹ããŒãæ å ±ãç¶æããŠããããã³ãã«ãéãããŸãŸã§ããããšã確èªããã ãã«éä¿¡ãããŸãã TOS ããµãŒãã¹ã¿ã€ããããã (TOS ããã) ã¯ãIP ãããã«ããããã€ãã® 4ããããã©ã°ã§ãããããã®ãã ãã¯ãã©ã®ã¿ã€ãã®ãµãŒãã¹å質ãå¿ èŠã§ãããã転éã¢ããªã±ãŒã·ã§ã³ããããã¯ãŒã¯ã«äŒããã UTM 9 管çã¬ã€ã 457 16.4 IPsec 16 ãªã¢ãŒãã¢ã¯ã»ã¹ ãšãèš±å¯ããããããµãŒãã¹ã¹ã¿ã€ãããããšåŒã°ããŠããŸãã Sophos UTMãžã® IPsec å°å ¥ã§ã¯ãTOS ã®å€ã¯åžžã«ã³ããŒãããŸãã 16.4.1 ã³ãã¯ã·ã§ã³ ãIPsec > ã³ãã¯ã·ã§ã³ãã¿ãã§ã¯ãIPsec ã³ãã¯ã·ã§ã³ãäœæããç·šéããããšãã§ããŸãã IPsec ã³ãã¯ã·ã§ã³ãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãã³ãã¯ã·ã§ã³ãã¿ãã§ãæ°èŠ IPsec ãªã¢ãŒãã¢ã¯ã»ã¹ã«ãŒã« ããã¯ãªãã¯ããŸãã ãIPsec ãªã¢ãŒãã¢ã¯ã»ã¹ã«ãŒã«ã®è¿œå ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã®æ¥ç¶ã説æããååãå ¥åããŠãã ããã ã€ã³ã¿ãã§ãŒã¹:IPsec ãã³ãã«ã®ããŒã«ã«ãšã³ããã€ã³ããšããŠäœ¿çšãããã€ã³ã¿ãã§ãŒã¹ã®å åãéžæããŸãã ããŒã«ã«ãããã¯ãŒã¯:VPN ãã³ãã«çµç±ã§ã¢ã¯ã»ã¹å¯èœã«ããããŒã«ã«ãããã¯ãŒã¯ãéžæ ããŸãã ä»®æ³ IP ããŒã«:ã¯ã©ã€ã¢ã³ãã«ã¹ã¿ãã£ã㯠IP ã¢ãã¬ã¹ãå®çŸ©ãããŠããªãå Žåãã¯ã©ã€ã¢ã³ã ã¯ãã® IP ã¢ãã¬ã¹ããŒã«ã«å²ãåœãŠããã IP ã¢ãã¬ã¹ãååŸããŸããããã©ã«ãããŒã«ã¯ VPNããŒã« (IPsec) ã§ããããã©ã€ããŒã IP ã¹ããŒã¹ 10.242.4.0/24 ããæããŸãããã ããä»ã® IP ã¢ãã¬ã¹ããŒã«ãéžæãŸãã¯äœæããããšãã§ããŸãã ããªã·ãŒ:ãã® IPsec ã³ãã¯ã·ã§ã³ã® IPsec ããªã·ãŒãéžæããŸããIPsec ããªã·ãŒã¯ãããªã¢ãŒã ã¢ã¯ã»ã¹ > IPsec > ããªã·ãŒãã¿ãã§å®çŸ©ã§ããŸãã èªèšŒã¿ã€ã:ãã®ãªã¢ãŒãã²ãŒããŠã§ã€å®çŸ©ã®èªèšŒã¿ã€ããéžæããŸãã次ã®ã¿ã€ãã䜿çšã§ã ãŸãã 458 l äºåå ±æéµ:ãäºåå ±æéµ ã(PSK) ã«ããèªèšŒã§ã¯ãç§å¯ã®ãã¹ã¯ãŒããéµãšããŠäœ¿çš ããŸãããããã®ãã¹ã¯ãŒãã¯ãæ¥ç¶ã確ç«ããåã«ãšã³ããã€ã³ãã«é åžããå¿ èŠ ããããŸããæ°ãã VPN ãã³ãã«ã確ç«ããããšã䞡端ã§ãçžæåŽãç§å¯ã®ãã¹ ã¯ãŒããç¥ã£ãŠããããšã®ãã§ãã¯ãè¡ãããŸããPSK ã®ã»ãã¥ãªãã£ã¯ã䜿çšããã ã¹ã¯ãŒãã®å質ã«äŸåããŸããäžè¬çãªèšèãæå¥ã§ã¯ãèŸæžæ»æã«å¯ŸããŠè匱 ã§ããåžžæã®ããŸãã¯é·æç㪠IPsec ã³ãã¯ã·ã§ã³ã§ã¯ããã¹ã¯ãŒãã®ä»£ããã«èšŒæ æžã䜿çšãã¹ãã§ãã l X.509 蚌ææž:X.509 蚌ææžã«ããèªèšŒæ¹åŒã§ã¯ãå ¬ééµãšç§å¯éµã䜿çšã㟠ããX.509 蚌ææžã«ã¯ãå ¬ééµãšãéµã®ææè ãç¹å®ããæ å ±ãå«ãŸããŠããŸããã ã®ãããªèšŒææžã¯ãä¿¡é ŒãããèªèšŒå± (CA) ã«ãã£ãŠçœ²åãããçºè¡ããããã®ã§ UTM 9 管çã¬ã€ã 16 ãªã¢ãŒãã¢ã¯ã»ã¹ 16.4 IPsec ããéžæåŸããã® IPsec ã³ãã¯ã·ã§ã³ã®äœ¿çšãèš±å¯ãããŠãŒã¶ãæå®ããŸããããã¯ãš ã³ããŠãŒã¶ã°ã«ãŒãããèš±å¯ãŠãŒã¶ ããã£ãŒã«ãã«ãã©ãã°ããããšã¯ã§ããŸããããèª åãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã« ããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããå Žåãé€ããé©å㪠ãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ãããããã¯ãŒã¯ãããã¯ã·ã§ã³ãã¡ãã¥ãŒã«æåã§æå®ããå¿ èŠããããŸãã 泚 â ãŠãŒã¶ããŒã¿ã«ã«ã¢ã¯ã»ã¹ã§ããã®ã¯ããèš±å¯ããããŠãŒã¶ ãããã¯ã¹ã§éžæã ããŠãããUTMã«ãŠãŒã¶å®çŸ©ãååšãããŠãŒã¶ã®ã¿ã§ãããŠãŒã¶ããŒã¿ã«ãžã®ã ã°ã€ã³ã«æåããèªèšŒããããŠãŒã¶ã«ã¯ãSophos IPsec Client (SIC)ãèšå®ãã¡ã€ ã«ãPKCS#12ãã¡ã€ã«ãã€ã³ã¹ããŒã«æé (Sophos ãµããŒãããŒã¿ããŒã¹ã§å ¥æå¯ èœ) ãžã®ãªã³ã¯ãæäŸãããŸãã l CA DN ç §å:ãã®èªèšŒã¿ã€ãã§ã¯ãCA 蚌ææžã® DN (èå¥å) ã®ç §åã䜿çšã ãŠãVPN ãšã³ããã€ã³ãã®éµãæ€èšŒããŸããéžæããå ŽåãèªèšŒå± ã 1ã€éžæãã㪠ã¢ãŒãã¢ã¯ã»ã¹ã¯ã©ã€ã¢ã³ãã® DN ãšäžèŽãã DN ãã¹ã¯ ãéžæããŸããããã§ãããã¢ãµ ããããç¯å² ããéžæãŸãã¯è¿œå ããŸããã¯ã©ã€ã¢ã³ãã¯ãããããã®èšŒææžã DN ã ã¹ã¯ãšäžèŽããªããã°æ¥ç¶ãèš±å¯ãããŸããã XAUTH ã®æå¹å (ãªãã·ã§ã³):èšå®ãããããã¯ãšã³ãã«å¯ŸãããŠãŒã¶èªèšŒãå¿ èŠã§ããå Ž åã¯ãæ¡åŒµèªèšŒãæå¹ã«ããå¿ èŠããããŸãã èªåãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã« (ãªãã·ã§ã³):ãã®ãªãã·ã§ã³ã¯ãèªèšŒã¿ã€ã X.509 蚌ææž ã®ã¿ã§ 䜿çšå¯èœã§ãã ãã®ãªãã·ã§ã³ãéžæãããšããã®æ¥ç¶çšã®ãã©ãã£ãã¯ãèš±å¯ãããã¡ã€ã¢ ãŠã©ãŒã«ã«ãŒã«ãèªåçã«è¿œå ããããšãã§ããŸããã«ãŒã«ã¯ãæ¥ç¶ã確ç«ãããšããã« è¿œå ãããæ¥ç¶ãç¡å¹ã«ãªããšåé€ãããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ãããªã¢ãŒãã¢ã¯ã»ã¹ã«ãŒã«ããã³ãã¯ã·ã§ã³ããªã¹ãã«è¡šç€ºãããŸãã ãªã¢ãŒãã¢ã¯ã»ã¹ã«ãŒã«ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 16.4.2 ããªã·ãŒ ããªã¢ãŒãã¢ã¯ã»ã¹ > IPsec > ããªã·ãŒãã¿ãã§ã¯ãIPsec ã³ãã¯ã·ã§ã³ã®ãã©ã¡ãŒã¿ãã«ã¹ã¿ãã€ãºããã ãªã·ãŒã«çµ±åããããšãã§ããŸããIPsec ããªã·ãŒã¯ãIPsec ã³ãã¯ã·ã§ã³ã® IKE (ã€ã³ã¿ãŒãããéµäº€ æ) ãš IPsec ããããŒã¶ã«ãã©ã¡ãŒã¿ãå®çŸ©ããŸããããããã® IPsec ã³ãã¯ã·ã§ã³ã«ã¯ IPsec ã㪠ã·ãŒãå¿ èŠã§ãã UTM 9 管çã¬ã€ã 459 16.4 IPsec 16 ãªã¢ãŒãã¢ã¯ã»ã¹ 泚 â Sophos UTM ã¯ãIKE ãã§ãŒãº 1 ã®ã¡ã€ã³ã¢ãŒãã®ã¿ããµããŒãããŠããŸããã¢ã°ã¬ãã·ãã¢ãŒ ãã¯ãµããŒããããŠããŸããã IPsec ããªã·ãŒãäœæããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ãããªã·ãŒãã¿ãã§ããæ°èŠ IPsec ããªã·ãŒããã¯ãªãã¯ããŸãã ãIPsec ããªã·ãŒã®è¿œå ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ãã®ããªã·ãŒã説æããååãå ¥åããŸãã IKE æå·åã¢ã«ãŽãªãºã :æå·åã¢ã«ãŽãªãºã ã§ã¯ãIKE ã¡ãã»ãŒãžã®æå·åã«äœ¿çšãã㢠ã«ãŽãªãºã ãæå®ããŸãã以äžã®ã¢ã«ãŽãªãºã ããµããŒããããŠããŸãã l DES (56ããã) l 3DES (168ããã) l AES 128 (128ããã) l AES 192 (192ããã) l AES 256 (256ããã) l Blowfish (128ããã) l Twofish (128ããã) l Serpent (128ããã) ã»ãã¥ãªãã£ã«é¢ããæ³šèš â DES ã®äœ¿çšã¯æšå¥šãããŸãããã¢ã«ãŽãªãºã ã®åŒ·åºŠãäœã ãããè匱æ§ã«ã€ãªããå¯èœæ§ããããŸãã IKE èªèšŒã¢ã«ãŽãªãºã :èªèšŒã¢ã«ãŽãªãºã ã§ã¯ãIKE ã¡ãã»ãŒãžã®å®å šæ§ãã§ãã¯ã«äœ¿çšãã ã¢ã«ãŽãªãºã ãæå®ããŸãã以äžã®ã¢ã«ãŽãªãºã ããµããŒããããŠããŸãã 460 l MD5 (128ããã) l SHA1 (160ããã) l SHA2 256 (256ããã) l SHA2 384 (384ããã) l SHA2 512 (512ããã) UTM 9 管çã¬ã€ã 16 ãªã¢ãŒãã¢ã¯ã»ã¹ 16.4 IPsec IKE SA ã©ã€ãã¿ã€ã :ãã®å€ã«ã¯ãIKE SA (ã»ãã¥ãªãã£ã¢ãœã·ãšãŒã·ã§ã³) ãæå¹ãªæé (ã€ãŸ ã次ã®éµæŽæ°ãè¡ãã¿ã€ãã³ã°) ãç§åäœã§æå®ããŸããæå¹ãªå€ã¯ 60ç§ïœ28800ç§ (8æé) ã§ããããã©ã«ãå€ã¯ 7800ç§ã§ãã IKE DH ã°ã«ãŒã:æ¥ç¶ãããŽã·ãšãŒãããéã¯ãéä¿¡ããããŒãã£ã¯ããŒã¿ã®æå·åã«äœ¿çš ããå®éã®éµã«ã€ããŠãåã決ããŸããIKE ã¯ã»ãã·ã§ã³éµãçæããããã«ãã©ã³ãã ã㌠ã¿ãå©çšãã Diffie-Hellman (DH) ã¢ã«ãŽãªãºã ã䜿çšããŸããã©ã³ãã ããŒã¿ã®çæã¯ã㌠ã«ãããã«åºã¥ããŠè¡ãããŸããåºæ¬çã«ã¯ IKE ã°ã«ãŒããããŒã«ãããæ°ãç¥ãããŸãã ããŒã«ãããæ°ãå€ãã»ã©ãã©ã³ãã ãªæ°åã倧ãããªããŸããæ°åã倧ããã»ã©ãDiffieHellman ã¢ã«ãŽãªãºã ã®è§£èªã¯é£ãããªããŸããçµæãšããŠãããŒã«ãããæ°ãå€ããã°å®å š ã§ãããCPU ã®äœ¿çšéãå¢ããŸããçŸåšã¯ä»¥äžã® Diffie-Hellman ã°ã«ãŒãããµããŒããã ãŠããŸãã l Group 1:MODP 768 l Group 2:MODP 1024 l Group 5:MODP 1536 l Group 14:MODP 2048 l Group 15:MODP 3072 l Group 16:MODP 4096 ã»ãã¥ãªãã£ã«é¢ããæ³šèš â ã°ã«ãŒã1 (MODP 768) ã¯åŒ±ããçžäºéçšæ§ã®çç±ã®ã¿ãã ãµããŒããããŠããŸãã䜿çšã¯æšå¥šãããŸãããè匱æ§ã«ã€ãªããå¯èœæ§ããããŸãã IPsec æå·åã¢ã«ãŽãªãºã :IKE ã®å Žåãšåãæå·åã¢ã«ãŽãªãºã ãããã«ã以äžã®ãšã³ããªã ãããŸãã l æå·åãªã (null) l AES 128 CTR (128ããã) l AES 192 CTR (192ããã) l AES 256 CTR (256ããã) l AES 128 GCM (96ããã) l AES 192 GCM (96ããã) l AES 256 GCM (96ããã) l AES 128 GCM (128ããã) UTM 9 管çã¬ã€ã 461 16.4 IPsec 16 ãªã¢ãŒãã¢ã¯ã»ã¹ l AES 192 GCM (128ããã) l AES 256 GCM (128ããã) ã»ãã¥ãªãã£ã«é¢ããæ³šèš â æå·åãå®è¡ããªãããšããŸã㯠DES ã®äœ¿çšã¯æšå¥šãããŸã ããè匱æ§ã«ã€ãªããå¯èœæ§ããããŸãã IPsec èªèšŒã¢ã«ãŽãªãºã :IKE ã®å ŽåãšåãèªèšŒã¢ã«ãŽãªãºã ãããã«ã以äžã®ã¢ã«ãŽãªãºã ããããŸãã l SHA2 256 (96ããã) l SHA2 384 (96ããã) l SHA2 512 (96ããã) ãããã¯ãããŒãžã§ã³ 8 ããå€ã UTM (ã€ãŸã ASG) ãªã©ãRFC 4868 ã«æºæ ããŠããªããã³ã ã«ãšã³ããã€ã³ãçšã§ããåãæšãŠããããã§ãã¯ãµã 㧠96ãããããé·ããã®ã«ã¯å¯Ÿå¿ã㊠ããŸããã IPsec SA ã©ã€ãã¿ã€ã :ãã®å€ã«ã¯ãIPsec SA ãæå¹ãªæé (ã€ãŸã次ã®éµæŽæ°ãè¡ãã¿ã€ã ã³ã°) ãç§åäœã§æå®ããŸããæå¹ãªå€ã¯ 60ç§ïœ86400ç§ (1æ¥) ã§ããããã©ã«ãå€ã¯ 3600 ç§ã§ãã IPsec PFS ã°ã«ãŒã: Perfect Forward Secrecy(PFS) ãšããæŠå¿µã§ã¯ãã»ãã·ã§ã³éµã䜿çšã§ã ãªããªã£ãå Žåã«ããã®ç¹å®ã»ãã·ã§ã³ã®ããŒã¿ã«ã®ã¿ã¢ã¯ã»ã¹ãèš±å¯ããŸããPFS ãååš ããã«ã¯ãIPsec SA ã®ä¿è·ã«äœ¿çšãããéµã¯ãIKE SA ã®éµãååŸããããã«äœ¿çšãããã© ã³ãã éµäœæçšã®ãããªã¢ã«ãã掟çãããã®ã§ã¯ãªãããšãå¿ èŠã§ãããã®å ŽåãPFS 㯠2åç®ã® Diffie-Hellman éµäº€æãéå§ããIPsec æ¥ç¶ã«å¯ŸããŠéžæããã DH ã°ã«ãŒãã æ°ãã«ã©ã³ãã çæãããéµãååŸããããšãææ¡ããŸãããµããŒããããŠãã DiffieHellman ã°ã«ãŒã㯠IKE ã®å Žåãšåãã§ãã PFS ãæå¹ã«ãããšå®å šæ§ãé«ãŸããŸããã亀æã«ããã«æéããããããã«ãªããŸããäœ éãªããŒããŠã§ã¢ã§ã¯ PFS ã¯äœ¿çšããªãããšããå§ãããŸãã 泚 â PFS ã¯ãã¹ãŠã®ãã³ããŒãšã®å®å šãªçžäºéçšæ§ã¯ãããŸãããããŽã·ãšãŒã·ã§ã³æ ã«åé¡ãçºçããããPFS ãç¡å¹ã«ããŠãã ããã å³å¯ããªã·ãŒ:IPsec ã²ãŒããŠã§ã€ãæå·åã¢ã«ãŽãªãºã ããã³ãã®åŒ·åºŠã«ã€ããŠææ¡ãè¡ã ãšãIPsec ããªã·ãŒãããã«å¯Ÿå¿ããŠããªãå Žåã§ããåä¿¡åŽã²ãŒããŠã§ã€ããã®ææ¡ãå ãå ¥ããå ŽåããããŸãããã®ãªãã·ã§ã³ãéžæãããšãæå®ãããã©ã¡ãŒã¿ãå³å¯ã«ãã®ãš 462 UTM 9 管çã¬ã€ã 16 ãªã¢ãŒãã¢ã¯ã»ã¹ 16.4 IPsec ãã䜿çšããããšã«ã€ããŠãªã¢ãŒããšã³ããã€ã³ããåæããªããšãã¯ãIPsec æ¥ç¶ã¯ç¢ºç«ã ããŸãããUTMã® IPsec ããªã·ãŒã AES-256 æå·åãå¿ èŠãšããéã«ãSSH Sentinel ã䜿 çšããããŒããŠã©ãªã¢ã AES-128 ã䜿çšããŠæ¥ç¶ããããšãããšãå³æ Œãªããªã·ãŒãªãã·ã§ã³ ãæå¹ã§ããå Žåã¯ãæ¥ç¶ã¯æåŠãããŸãã 泚 â å§çž®ã®èšå®ã¯ãã¹ããªã¯ãããªã·ãŒããä»ããŠã¯æœè¡ãããŸããã å§çž®:IP ãã€ããŒãå§çž®ãããã³ã« (IPComp) ã«ãã£ãŠIPãã±ãããæå·åã®åã«å§çž®ããã ã©ãããæå®ããŸããIPComp 㯠IP ãã±ãããå§çž®ããŠãã®ãµã€ãºãçž®å°ããéä¿¡ãã¹ããŸã ã¯ã²ãŒããŠã§ã€ã®ãã¢éã®å šäœçãªéä¿¡ããã©ãŒãã³ã¹ãåäžãããŸããããã©ã«ãã§ã¯å§ çž®ã¯ãªãã«ãªã£ãŠããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããããªã·ãŒããããªã·ãŒããªã¹ãã«è¡šç€ºãããŸãã ããªã·ãŒãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 16.4.3 詳现 ããªã¢ãŒãã¢ã¯ã»ã¹ > IPsec > 詳现 ãã¿ãã§ãIPsec VPN ã®è©³çŽ°ãªãã·ã§ã³ãèšå®ã§ããŸããåžæã®èª 蚌ã¿ã€ãã«å¿ããŠãããŒã«ã«èšŒææž (X.509 èªèšŒã®å Žå) ãããŒã«ã« RSA éµ (RSA èªèšŒã®å Žå) ãªã© ãå®çŸ©å¯èœã§ãããã®èšå®ã¯çç·ŽãŠãŒã¶ã®ã¿ãè¡ã£ãŠãã ããã ã ãŒã«ã« X.509 蚌ææž X.509 èªèšŒã§ã¯ã蚌ææžã䜿çšã㊠VPN ãšã³ããã€ã³ãã®å ¬ééµãæ€èšŒããŸãããã®èªèšŒã¿ã€ãã 䜿çšããå Žåã¯ããããŒã«ã« X.509 蚌ææž ããšãªã¢ã®ããããããŠã³ãªã¹ãããããŒã«ã«èšŒææžãéž æããå¿ èŠããããŸããéžæããéµ/蚌ææžã¯ãX.509 èªèšŒãéžæãããå Žåã®ãªã¢ãŒããã¢ãžã® ã²ãŒããŠã§ã€ã®èªèšŒã«äœ¿çšãããŸãã é©åãªç§å¯éµããã蚌ææžã®ã¿éžæã§ããŸããä»ã®èšŒææžã¯ãã®ããããããŠã³ãªã¹ãã§ã¯å©çš ã§ããŸããã éžæã§ãã蚌ææžããªãå Žåãæ°ãã蚌ææžãäœæãããããŸãã¯ã¢ããããŒãæ©èœã䜿çšããŠã€ ã³ããŒãããŠãã蚌ææžç®¡ç ãã¡ãã¥ãŒã§è¿œå ããå¿ èŠããããŸãã 蚌ææžãéžæããããç§å¯éµãä¿è·ãããã¹ãã¬ãŒãºãå ¥åããŸãããã¹ãã¬ãŒãºã¯ä¿åããã»ã¹ ã§ç¢ºèªããããã¹ãã¬ãŒãºãæå·åéµãšäžèŽããªãå Žåã¯ãšã©ãŒã¡ãã»ãŒãžã衚瀺ãããŸãã ã¢ã¯ãã£ããªéµ/蚌ææžãéžæãããšãããã¯ãããŒã«ã« X.509 蚌ææž ããšãªã¢ã«è¡šç€ºãããŸãã UTM 9 管çã¬ã€ã 463 16.4 IPsec 16 ãªã¢ãŒãã¢ã¯ã»ã¹ ãããã ã¢æ€åº (D PD ) ããããã¢æ€åº (DPD) ã䜿çšããããã¢æ€åºãªãã·ã§ã³ã䜿çšããŠããªã¢ãŒã VPN ã²ãŒããŠã§ã€ãã ãã¯ã¯ã©ã€ã¢ã³ãã«æ¥ç¶ã§ããªãå Žåã¯æ¥ç¶ãèªåçã«çµäºããŸããã¹ã¿ãã£ãã¯ãšã³ããã€ã³ããš ã®æ¥ç¶ã§ã¯ããã³ãã«ã¯èªåçã«åããŽã·ãšãŒããããŸãããã€ãããã¯ãšã³ããã€ã³ããšã®æ¥ç¶ã§ ã¯ããªã¢ãŒãåŽã§ãã³ãã«ã®åããŽã·ãšãŒããè¡ãããšãå¿ èŠã§ããéåžžã¯ãã®ãªãã·ã§ã³ãåžžã«æ å¹ã«ããŠããã»ããå®å šã§ããIPsec ãã¢ã¯ãªã¢ãŒãåŽãããããã¢æ€åºããµããŒããããã©ããã èªåçã«å€æããå¿ èŠã«å¿ããŠéåžžã¢ãŒãã«ãã©ãŒã«ããã¯ããŸãã N AT ã ã©ããŒãµã« (N AT- T) NAT ãã©ããŒãµã«ã䜿çš:ãã®ãªãã·ã§ã³ãéžæãããšãIPsec ãã©ãã£ãã¯ã¯ãããããã¯ãŒã¯ã¢ãã¬ã¹ å€æ ã(NAT) ã䜿çšããã¢ããã¹ããªãŒã ã·ã¹ãã ãééã§ããããã«ãªããŸããããã«ãNATãã©ã㌠ãµã«ã®ããŒãã¢ã©ã€ã (keepalive) ééãå®çŸ©ã§ããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ã㟠ãã CRLåŠç 蚌ææžã®ãããã€ããããŸã æå¹ãªèšŒææžã«äžããããæ¿èªãåãæ¶ãå ŽåããããããããŸã ããããšãã°ã蚌ææžã®åå人ãäžæ£ãªããŒã¿ (ååãªã©) ã䜿ã£ãŠãããäžæ£ã«ååŸããããšã å€æããå Žåãã蚌ææžã«åã蟌ãŸããå ¬ééµã®äžéšã§ããç§å¯éµãæ»æè ãå ¥æããå Žå ã¯ã蚌ææžã倱å¹ããŸãããã®ãããªå Žåã«åããŠããããã蚌ææžå€±å¹ãªã¹ã (CRL) ã䜿çšã ããŸããCRL ã«ã¯éåžžãäŸç¶ãšããŠæå¹æéã¯æ®ã£ãŠãããã®ã®ç¡å¹ãšããã蚌ææžã®ã·ãªã¢ã« çªå·ãå«ãŸããŠããŸãã ãããã®æå¹æéãåãããšã蚌ææžã¯ç¡å¹ã«ãªãããããã¯ãªã¹ãããåé€ãããŸãã èªåååŸ:ãã®æ©èœã¯ãHTTPãAnonymous (å¿å) FTPããŸã㯠LDAP ããŒãžã§ã³ 3 ãä»ãããŒã ããŒèšŒææžã§å®çŸ©ããã URL ãéã㊠CRL ãèŠæ±ããŸããæå¹æéãåããããèŠæ±ã«ãã£ãŠ CRL ãããŠã³ããŒãããä¿åããŠæŽæ°ã§ããŸãããã®æ©èœããããŒã80 ãŸã㯠443 ãçµç±ããã«äœ¿ çšããå Žåã¯ãé©åãªãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ãèšå®ããŠãCRL é åžãµãŒãã«ã¢ã¯ã»ã¹ã§ãããã ã«ããŠãã ããã å³å¯ããªã·ãŒ:ãã®ãªãã·ã§ã³ãæå¹ã«ãããšã察å¿ãã CRL ã®ãªãããŒãããŒèšŒææžã¯æåŠãã ãŸãã PSK ãã ãŒã: å¿çã®ã¿ã¢ãŒãã䜿çšããIPsecæ¥ç¶ã§ã¯ãããããã® IPsec æ¥ç¶ã«å¯ŸããŠå¥ã ã®äºåå ±æéµ (PSK) ã䜿çšããããšãéžæã§ããŸãã PSKãããŒãã®æå¹åãã®ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŠããã®ãªãã·ã§ã³ãæå¹ã«ããŸããã ã®èšå®ã¯ãL2TP-over-IPsecããªã¢ãŒãã¢ã¯ã»ã¹ IPsecãVPN IPsec ã®åæ¥ç¶ã«åœ±é¿ãäžããŸãã 464 UTM 9 管çã¬ã€ã 16 ãªã¢ãŒãã¢ã¯ã»ã¹ 16.5 HTML5 VPN ããŒã¿ã« 16.4.4 ãããã° IKE ãããã° ãIKE ãããã°ãã»ã¯ã·ã§ã³ã§ IKE ãããã°ãªãã·ã§ã³ãèšå®ã§ããŸããã©ã®ã¿ã€ãã® IKE ã¡ãã»ãŒãžãŸ ãã¯éä¿¡ã«ã€ããŠãããã°åºåãäœæãããã¯ãã§ãã¯ããã¯ã¹ã§éžæããŸãã 泚 â ãIKE ãããã°ãã»ã¯ã·ã§ã³ã¯ãããµã€ãé VPN IPsecããããªã¢ãŒãã¢ã¯ã»ã¹ IPsecãããL2TP over IPsecããããã³ãCisco VPN ã¯ã©ã€ã¢ã³ããã¡ãã¥ãŒã®ããããã°ãã¿ãã§åããã®ã䜿çšãããŠã㟠ãã 以äžã®ãã©ã°ããã°ã§ããŸãã l ã³ã³ãããŒã«ãããŒ:IKE ã¹ããŒãã®ã³ã³ãããŒã«ã¡ãã»ãŒãžã衚瀺ããŸãã l ã¢ãŠãããŠã³ããã±ãã:éä¿¡ IKE ã¡ãã»ãŒãžã®ã³ã³ãã³ãã衚瀺ããŸãã l ã€ã³ããŠã³ããã±ãã:åä¿¡ IKE ã¡ãã»ãŒãžã®ã³ã³ãã³ãã衚瀺ããŸãã l ã«ãŒãã«ã¡ãã»ãŒãž:ã«ãŒãã«ãšã®éä¿¡ã¡ãã»ãŒãžã衚瀺ããŸãã l åé·æ§æ (HA)ãã®ä»ã® HA ããŒããšã®éä¿¡ã衚瀺ããŸãã 16.5 HTML5 VPN ããŒã¿ã« HTML5 VPNããŒã¿ã«æ©èœã䜿çšãããšãå€éšãããã¯ãŒã¯ã®ãŠãŒã¶ã¯ããã©ã°ã€ã³ãã€ã³ã¹ããŒã«ã ãªããŠãããã©ãŠã¶ã®ã¿ãã¯ã©ã€ã¢ã³ããšããŠäœ¿çšããŠããããããèšå®ãããŠããã³ãã¯ã·ã§ã³ã¿ã€ã ã§å éšãªãœãŒã¹ã«ã¢ã¯ã»ã¹ããããšãã§ããŸãããã®ããã«ã¯ããŠãŒã¶ã¯UTMã®ãŠãŒã¶ããŒã¿ã«ã« ãã°ã€ã³ããå¿ èŠããããŸãããã®ããŒã¿ã«ã® ãHTML5 VPNããŒã¿ã«( HTML5 VPN Portal) ãã¿ãã« ã¯ããã®ãŠãŒã¶ã䜿çšã§ããå šã³ãã¯ã·ã§ã³ã®ãªã¹ãã衚瀺ãããŸãããæ¥ç¶( Connect) ããã¿ã³ã㯠ãªãã¯ãããšãå®çŸ©ãããŠããå éšãªãœãŒã¹ãžã®æ¥ç¶ãéå§ãããŸãã管çè ã¯ãèš±å¯ãŠãŒã¶ãã³ ãã¯ã·ã§ã³ã¿ã€ãããã®ä»ã®èšå®ãæå®ããŠãäºåã«ãããã®ã³ãã¯ã·ã§ã³ãäœæããå¿ èŠããã㟠ããå éšãªãœãŒã¹ãžã®ã¢ã¯ã»ã¹ã«ã¯ããªã¢ãŒããã¹ã¯ãããã«ã¢ã¯ã»ã¹ããããã®ãªã¢ãŒããã¹ã¯ãã ããããã³ã«( RDP) ãä»®æ³ãããã¯ãŒã¯ã³ã³ãã¥ãŒãã£ã³ã°( VNC) ãWebã¢ããªã±ãŒã·ã§ã³ ( HTTP/HTTPS) ã䜿çšããããã®ãã©ãŠã¶ãã¿ãŒããã«ã»ãã·ã§ã³çšã®Telnet/ã»ãã¥ã¢ã·ã§ã« ( SSH) ãªã©ãåçš®ã®ã³ãã¯ã·ã§ã³ã¿ã€ãã䜿çšã§ããŸããããããHTML 5 VPN ããŒã¿ã«ã§ã¯ããŠãŒã¶ ã®ããŒã«ã«ã³ã³ãã¥ãŒã¿ã«ãã³ã³ãã³ããããŠã³ããŒãããããšã¯èš±å¯ãããŸãã (äŸ: HTTP çµç±ãª ã©)ã UTM 9 管çã¬ã€ã 465 16.5 HTML5 VPN ããŒã¿ã« 16 ãªã¢ãŒãã¢ã¯ã»ã¹ ãã®æ©èœã䜿çšãããšãããèªäœã§ã¯ãã«ããŠãŒã¶ã¢ã¯ã»ã¹ããµããŒãããªãå éšãªãœãŒã¹( ã¹ã€ã ãã®ãããªãããã¯ãŒã¯ããŒããŠã§ã¢ãªã©) ãžã®è€æ°ãŠãŒã¶ã®ã¢ã¯ã»ã¹ãèš±å¯ããããã·ã¹ãã ãŸã ã¯ãããã¯ãŒã¯å šäœãžã®ã¢ã¯ã»ã¹ãèš±å¯ããã®ã§ã¯ãªãã1ã€ã®ãµãŒãã¹ã®ã¿ã«çµã£ã詳现ãªã¢ã¯ ã»ã¹ç®¡çãç°¡åã«è¡ãããšãã§ããŸãã äŸïŒ l é»è©±ã·ã¹ãã ãä¿å®ããé»è©±ãµãŒãã¹äŒç€Ÿã«ã¢ã¯ã»ã¹ãæäŸã l ã€ã³ãã©ããããªã©ãç¹å®ã®å éšWebãµã€ããžã®ã¢ã¯ã»ã¹ãæäŸã 泚 â ãã©ãŠã¶ã¯ HTML5 ã«æºæ ãããã®ã§ããå¿ èŠããããŸããHTML5 VPN æ©èœã«å¯Ÿå¿ããŠã ããã©ãŠã¶ã¯æ¬¡ã®ãšããã§ããFirefox 6.0 以éãInternet Explorer 10 以éãChromeãSafari 5 以é (Mac ç°å¢ã®ã¿)ã 16.5.1 ã°ããŒãã« ããªã¢ãŒãã¢ã¯ã»ã¹ > HTML5 VPN ããŒã¿ã« > ã°ããŒãã« ãã¿ãã§ã¯ãHTML5 VPN ããŒã¿ã«ãæå¹å ããå VPN ããŒã¿ã«ã³ãã¯ã·ã§ã³ã管çã§ããŸããèš±å¯ããããŠãŒã¶ã®å ŽåããŠãŒã¶ããŒã¿ã«ã® ãHTML5 VPN ããŒã¿ã« ãã¿ãã§æå¹ãªæ¥ç¶ã䜿çšã§ããŸãã HTML5 VPN ããŒã¿ã«ãæå¹åããŠãæ°èŠ HTML5 VPN ã³ãã¯ã·ã§ã³ãäœæããã«ã¯ã次ã®æé ã« åŸããŸãã 1. HTML5 VPN ããŒã¿ã«ãæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããç·è²ã«ãªãããæ¥ç¶ ããšãªã¢ãç·šéå¯èœã«ãªããŸããèš±å¯ãããŠãããŠãŒã¶ ã«ã¯ãæå¹ã«ãããŠããæ¢åã®å šã³ãã¯ã·ã§ã³ããŠãŒã¶ããŒã¿ã«ã«è¡šç€ºãããŸãã 2. ãæ°èŠ HTML5 VPN ããŒã¿ã«ã³ãã¯ã·ã§ã³ããã¿ã³ãã¯ãªãã¯ããŸãã ãHTML5 VPN ããŒã¿ã«ã³ãã¯ã·ã§ã³ã®è¿œå ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 3. 次ã®èšå®ãè¡ããŸãã åå:ãã®æ¥ç¶ã説æããååãå ¥åããŠãã ããã ã³ãã¯ã·ã§ã³ã¿ã€ã:æ¥ç¶ã¿ã€ããéžæããŸããéžæããã³ãã¯ã·ã§ã³ã¿ã€ãã«ãã£ãŠã¯ãç°ãªã ãã©ã¡ãŒã¿ã衚瀺ãããŸãã次ã®ã¿ã€ãã䜿çšã§ããŸãã l 466 ãªã¢ãŒããã¹ã¯ããã:Windows ãã¹ãã§ãªã¢ãŒããã¹ã¯ãããã»ãã·ã§ã³ãéå§ããå Žå ãªã©ããªã¢ãŒããã¹ã¯ããããããã³ã« (RDP) ã䜿çšãããªã¢ãŒãã¢ã¯ã»ã¹ã UTM 9 管çã¬ã€ã 16 ãªã¢ãŒãã¢ã¯ã»ã¹ 16.5 HTML5 VPN ããŒã¿ã« l Webapp (HTTP):HTTP ã䜿çšãã Web ã¢ããªã±ãŒã·ã§ã³ãžã®ãã©ãŠã¶ããŒã¹ã®ã¢ã¯ã» ã¹ã l Webapp (HTTPS):HTTPS ã䜿çšãã Web ã¢ããªã±ãŒã·ã§ã³ãžã®ãã©ãŠã¶ããŒã¹ã®ã¢ã¯ ã»ã¹ã 泚 â HTTP/HTTPS æ¥ç¶ã«äœ¿çšããã URL ã¯ããã®ã³ãã¯ã·ã§ã³ã®ãå®å ãããã㌠ãããããã³ããã¹ ããªãã·ã§ã³ããæ§æãããŸããWeb ã¢ããªã±ãŒã·ã§ã³ã¯ Mozilla Firefox (ããŒãžã§ã³ 6.0 以é) ã«å¯Ÿå¿ããŠããå¿ èŠããããŸãã l Telnet:ã¹ã€ãããããªã³ã¿ã«ã¢ã¯ã»ã¹ãæäŸããå Žåãªã©ã®ãTelnet ãããã³ã«ãäœ¿çš ããã¿ãŒããã«ã¢ã¯ã»ã¹ã l SSH:SSH ã䜿çšããã¿ãŒããã«ã¢ã¯ã»ã¹ã l VNC:Linux/Unix ãã¹ãã®ãªã¢ãŒããã¹ã¯ããããéãå Žåãªã©ã®ãä»®æ³ãããã¯ãŒã¯ã³ã³ ãã¥ãŒãã£ã³ã° (VNC) ã䜿çšãããªã¢ãŒãã¢ã¯ã»ã¹ã 泚 â çŸåšã¯ VNC ã®åŸæ¥ã®èªèšŒ (ãã¹ã¯ãŒãã®ã¿) ã®ã¿ããµããŒããããŠããŸãã ãµãŒãããæ£ããèšå®ãããŠããããšã確èªããŠãã ããã å®å :èš±å¯ããããŠãŒã¶ãæ¥ç¶ã§ãããã¹ããè¿œå ããŸãã 泚 â éžæããå®å ãã¹ããèªå·±çœ²å蚌ææžãæäŸããå Žåã蚌ææžã® CN (äžè¬å) ã å®å ãã¹ãåãšäžèŽããããšã確èªããŠãã ãããäžèŽããªãå Žåã¯ãããŒã¿ã«ã®ãã©ãŠã¶ ã«èšŒææžèŠåãåºãŸããããšãã°ãDNS ãã¹ããšã㊠www.mydomain.com ã䜿çšããå Ž åãèªå·±çœ²å蚌ææžã«ãã®ååãå«ãŸããããšã確èªããŠãã ãããDNS ãã¹ãã®ä»£ãã ã«ãã¹ãã䜿çšããå Žåããã¹ãã® IP ã¢ãã¬ã¹ã SAN (Subject Alternative Name) ãšããŠèª 己眲å蚌ææžã«å«ãŸããŠããããšã確èªããŠãã ããã ãã¹ (ã³ãã¯ã·ã§ã³ã¿ã€ãã Webapp ã®ã¿):èš±å¯ããããŠãŒã¶ãæ¥ç¶ã§ãããã¹ãå ¥åã㟠ãã ãŠãŒã¶å (ã³ãã¯ã·ã§ã³ã¿ã€ãã SSH ã®ã¿):ãŠãŒã¶ãæ¥ç¶ã«äœ¿çšãããŠãŒã¶åãå ¥åã㟠ãã èªåãã°ã€ã³/èªåãã°ã€ã³ (åºæ¬èªèšŒ):æå¹ã«ãããšããŠãŒã¶ã¯èªèšŒããŒã¿ãç¥ããªããŠãã ã°ã€ã³ã§ããŸãããã®å Žåã¯ã管çè ãèªèšŒããŒã¿ãæäŸããå¿ èŠããããŸãã衚瀺ããã ãªãã·ã§ã³ã¯éžæããã³ãã¯ã·ã§ã³ã¿ã€ãã«äŸåããŸãã UTM 9 管çã¬ã€ã 467 16.5 HTML5 VPN ããŒã¿ã« l ãŠãŒã¶å:ãŠãŒã¶ãæ¥ç¶ã«äœ¿çšãããŠãŒã¶åãå ¥åããŸãã l ãã¹ã¯ãŒã:ãŠãŒã¶ãæ¥ç¶ã«äœ¿çšãããã¹ã¯ãŒããå ¥åããŸãã 16 ãªã¢ãŒãã¢ã¯ã»ã¹ 泚 â ã³ãã¯ã·ã§ã³ã¿ã€ã Telnet ã䜿çšããå Žåãã»ãã¥ãªãã£äžã®çç±ãããTelnet ãµãŒãããéä¿¡ããããããŒã®é·ãã (ãã¹ã¯ãŒãããã³ãããå«ã) 4096 æåãè¶ ããªãå Žåã®ã¿ãèªåãã°ã€ã³ã¯æ©èœããŸãããããŒããã以äžã®æåæ°ã«ãªã ãšãèªåãã°ã€ã³ã«å€±æããŸãããã®å Žåã¯ããããŒã®é·ããçãããããæåã®ã ã°ã€ã³ã«åãæ¿ããŸãã l èªèšŒæ¹åŒ (ã³ãã¯ã·ã§ã³ã¿ã€ãã SSH ã®ã¿):SSH ã®èªèšŒæ¹åŒãéžæããŸããéžæãã ãŠãŒã¶åã«å¯Ÿããããã¹ã¯ãŒã ããæäŸããããSSH æ¥ç¶ã®ãSSH ç§å¯éµ ããè¿œå ã§ã ãŸãã SSL ãã¹ã蚌ææž (ã³ãã¯ã·ã§ã³ã¿ã€ãã HTTPS ã®ã¿):å®å ãã¹ããèå¥ãã SSL ãã¹ãã®ã» ãã¥ãªãã£èšŒææžãè¿œå ããŸãã l SSL 蚌ææž:ããã§ããããã¿ã³ãã¯ãªãã¯ããŠãéžæããå®å ãã¹ãã®èšŒææžãèªåç ã«è¿œå ããŸãã ãã¹ãå ¬ééµ (ã³ãã¯ã·ã§ã³ã¿ã€ãã SSH ã®ã¿):SSH ãã¹ãã®å ¬ééµãè¿œå ããŸãã l SSH å ¬ééµ:ããã§ããããã¿ã³ãã¯ãªãã¯ããŠãéžæããå®å ãã¹ãã® SSH å ¬ééµãèª åçã«ååŸããŸãã èš±å¯ãŠãŒã¶ (ãŠãŒã¶ããŒã¿ã«):VPN ããŒã¿ã«ã³ãã¯ã·ã§ã³ã®äœ¿çšãèš±å¯ãããŠãŒã¶ãŸãã¯ã° ã«ãŒããè¿œå ããŸããåæç¶æ ã§ã¯ãïŒãŠãŒã¶ã¯ ïŒã€ã®ã³ãã¯ã·ã§ã³ãåæã«å©çšããããš ãã§ããŸãããŠãŒã¶ãåæã«ã»ãã·ã§ã³ãå ±æãããå Žåã å ±æã»ãã·ã§ã³ ãã§ãã¯ããã¯ã¹ 㮠詳现 ã»ã¯ã·ã§ã³éžæããŠäžããã 泚 â ããã¯ãšã³ãã¡ã³ãã·ããã«ã°ã«ãŒããè¿œå ãããšãããã®ã°ã«ãŒãããŠãŒã¶ããŒã¿ã« ã«ãŠèš±å¯ãããŠããããšã確èªããŠäžãããããããžã¡ã³ã > ãŠãŒã¶ããŒã¿ã« > ã°ããŒãã« ã ã¿ããããéžæãããã å šãŠã®ãŠãŒã¶ãèš±å¯ ã ç¹å®ã®ãŠãŒã¶ã®ã¿ ãããã¯æ確ã«ã°ã«ãŒ ããè¿œå ãããç¹å®ã®ã°ã«ãŒãã¡ã³ããŒã®ã¿ã«ãŠãŒã¶ããŒã¿ã«ãžã®èš±å¯ãäžããå Žåãã ã®ã°ã«ãŒããžã®èš±å¯ã¯äžããããªãããšã«ãªããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 4. 次ã®è©³çŽ°èšå®ãä»»æã§è¡ããŸãã 468 UTM 9 管çã¬ã€ã 16 ãªã¢ãŒãã¢ã¯ã»ã¹ 16.6 Cisco VPN ã¯ã©ã€ã¢ã³ã ããŒã:ã³ãã¯ã·ã§ã³ã®ããŒãçªå·ãå ¥åããŸããããã©ã«ãã§ã¯ãéžæããã³ãã¯ã·ã§ã³ã¿ã€ã ã®æšæºããŒããéžæãããŸãã ãããã³ã«ã»ãã¥ãªã㣠(ã³ãã¯ã·ã§ã³ã¿ã€ãã ãªã¢ãŒããã¹ã¯ãããã®ã¿):ãªã¢ãŒããã¹ã¯ããã ã»ãã·ã§ã³ã®ã»ãã¥ãªãã£ãããã³ã«ãéžæããŸããRDPãTLS ãŸã㯠NLA (ãããã¯ãŒã¯ã¬ãã« èªèšŒ) ããéžæã§ããŸããéžæããèšå®ããµãŒãã®èšå®ã«å¯Ÿå¿ããŠããå¿ èŠããã㟠ããNLA ãéžæããå Žåã¯ãäžèšã® èªåãã°ã€ã³ãæå¹ã«ããå¿ èŠããããŸãã å ±æã»ãã·ã§ã³:ãŠãŒã¶ã«åæã®ã³ãã¯ã·ã§ã³ãšåãç»é¢ã®é²èŠ§ãèš±å¯ããå Žåã¯ããã®ãªã ã·ã§ã³ãéžæããŸãã å€éšãªãœãŒã¹ãèš±å¯ (ã³ãã¯ã·ã§ã³ã¿ã€ãã Webapp (HTTP/S) ã®ã¿):ãã®ã³ãã¯ã·ã§ã³çµç±ã§ ã¢ã¯ã»ã¹ãèš±å¯ããè¿œå ã®ãªãœãŒã¹ãå ¥åããŸããäŸãã°ãç»åããã®ä»ã®ãªãœãŒã¹ã Web ããŒãžãšã¯å¥ã®ãµãŒãã«ä¿ç®¡ãããŠããå Žåãªã©ã«äŸ¿å©ã§ããéžæãããã¹ããŸãã¯ããã ã¯ãŒã¯ç¯å²ã«å¯ŸããŠããŒã 80 ããã³ 443 ãèš±å¯ãããŸãã 5. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããã³ãã¯ã·ã§ã³ããã³ãã¯ã·ã§ã³ããªã¹ãã«è¡šç€ºãããŸãã 6. ã³ãã¯ã·ã§ã³ãæå¹ã«ããŸãã ã³ãã¯ã·ã§ã³ãæå¹ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã èš±å¯ããããŠãŒã¶ãã³ãã¯ã·ã§ã³ã䜿çšã§ããããã«ãªããŸããããã¯ããŠãŒã¶ããŒã¿ã«ã® ãHTML5 VPN ããŒã¿ã« ãã¿ãã«è¡šç€ºãããŸãã æ¥ç¶ãç·šéãŸãã¯åé€ããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 16.6 Cisco VPN ã¯ã©ã€ã¢ã³ã Sophos UTM ã¯ãCisco VPN ã¯ã©ã€ã¢ã³ãçµç±ã® IPsec ãªã¢ãŒãã¢ã¯ã»ã¹ããµããŒãããŸããCisco VPN ã¯ã©ã€ã¢ã³ãã¯ãCisco Systems ã®æäŸããå®è¡å¯èœåœ¢åŒããã°ã©ã ã§ããããã䜿çšãããšã ã³ã³ãã¥ãŒã¿ã®ã»ãã¥ãªãã£ãç¶æããªãã VPN (ããŒãã£ã«ãã©ã€ããŒããããã¯ãŒã¯) ã«ãªã¢ãŒãæ¥ ç¶ããããšãã§ããŸãã 16.6.1 ã°ããŒãã« ããªã¢ãŒãã¢ã¯ã»ã¹ > Cisco VPN ã¯ã©ã€ã¢ã³ã > ã°ããŒãã« ãã¿ãã§ã¯ãCisco VPN ã¯ã©ã€ã¢ã³ãçµç±ã® ãªã¢ãŒãã¢ã¯ã»ã¹ãã»ããã¢ããããããã®åºæ¬ãªãã·ã§ã³ãèšå®ããããšãã§ããŸãã Sophos UTMãèšå®ã㊠Cisco VPN ã¯ã©ã€ã¢ã³ãæ¥ç¶ãèš±å¯ãããããã«ããã«ã¯ã次ã®æé ã«åŸã£ ãŠãã ããã UTM 9 管çã¬ã€ã 469 16.6 Cisco VPN ã¯ã©ã€ã¢ã³ã 16 ãªã¢ãŒãã¢ã¯ã»ã¹ 1. ãã°ããŒãã« ãã¿ãã§ãCisco VPN ã¯ã©ã€ã¢ã³ããæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«ãªããããµãŒãèšå® ããšãªã¢ãç·šéå¯èœã«ãªããŸãã 2. 次ã®èšå®ãè¡ããŸãã ã€ã³ã¿ãã§ãŒã¹:Cisco VPN ã¯ã©ã€ã¢ã³ãæ¥ç¶ã«äœ¿çšããã€ã³ã¿ãã§ãŒã¹ãéžæããŸãã ãµãŒã蚌ææž:ãµãŒããã¯ã©ã€ã¢ã³ãã«å¯ŸããŠèªãã®èº«å ã蚌æããããã«äœ¿çšãã蚌æ æžãéžæããŸãã ããŒã«ãããã¯ãŒã¯:æ¥ç¶ã¯ã©ã€ã¢ã³ãã«ä»®æ³ãããã¯ãŒã¯ã¢ãã¬ã¹ãå²ãåœãŠãããã«ãä»®æ³ ãããã¯ãŒã¯ã¢ãã¬ã¹ãéžæããããã®ãããã¯ãŒã¯ããŒã«ãéžæããŸããããã©ã«ãã§ãVPN ããŒã« (Cisco)ããéžæãããŠããŸãã ãŠãŒã¶ãšã°ã«ãŒã:Cisco VPN ã¯ã©ã€ã¢ã³ãçµç±ã§UTMã«æ¥ç¶ããããšãèš±å¯ããããŠãŒã¶ãŸ ãã¯ã°ã«ãŒã (ãããã¯ãã®äž¡æ¹) ãéžæããŸãããã ããããã¯ãšã³ãã¡ã³ãã·ããã°ã«ãŒã ãããã¯ã¹ã«ãã©ãã°ããããšã¯ã§ããŸããããã®çç±ã¯ãIPsec èšå®æã«ãŠãŒã¶èšŒææžã å¿ èŠã§ããã«ãé¢ãããã蚌ææžã¯ãŠãŒã¶ãæåã«ãã°ã€ã³ã«æåãããšãã«åããŠçæ ãããããã§ãã ããŒã«ã«ãããã¯ãŒã¯:VPN ãã³ãã«çµç±ã§ã¢ã¯ã»ã¹å¯èœã«ããããŒã«ã«ãããã¯ãŒã¯ãéžæ ããŸãã èªåãã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã« (ãªãã·ã§ã³): ãã®ãªãã·ã§ã³ãéžæãããšããã®æ¥ç¶çšã®ãã© ãã£ãã¯ãèš±å¯ãããã¡ã€ã¢ãŠã©ãŒã«ã«ãŒã«ãèªåçã«è¿œå ããããšãã§ããŸããã«ãŒã«ã¯ã æ¥ç¶ã確ç«ãããšããã«è¿œå ãããæ¥ç¶ãç¡å¹ã«ãªããšåé€ãããŸãã 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã ã©ã€ãã ã° IPsec IKE ããŒã¢ã³ãã°ã®æ¥ç¶ãã°ã远跡ããã«ã¯ãã©ã€ããã°ã䜿çšããŸããã©ã€ããã°ã«ã¯ãæ¥ ç¶ã®ç¢ºç«ãç¶æãçµäºã«é¢ããæ å ±ã衚瀺ãããŸãã 16.6.2 iOS ããã€ã¹ ãŠãŒã¶ããŒã¿ã«ã§ iOS ããã€ã¹ã«å¯Ÿã Cisco IPsec ã®èªåèšå®ãæäŸããããšãã§ããŸãã ãã ãããã°ã«ãŒãã« ãã¿ãã®ããŠãŒã¶ãšã°ã«ãŒããããã¯ã¹ã«è¿œå ããããŠãŒã¶ã®ã¿ã«å¯ŸããŠããŠãŒ ã¶ããŒã¿ã«ãµã€ãã«èšå®ãã¡ã€ã«ã衚瀺ãããŸããiOS ããã€ã¹ã®ã¹ããŒã¿ã¹ã¯ããã©ã«ãã§æå¹ ã«ãªã£ãŠããŸãã 470 UTM 9 管çã¬ã€ã 16 ãªã¢ãŒãã¢ã¯ã»ã¹ 16.6 Cisco VPN ã¯ã©ã€ã¢ã³ã ã³ãã¯ã·ã§ã³å:Cisco IPsec æ¥ç¶ã説æããååãå ¥åããiOS ããã€ã¹ã®ãŠãŒã¶ãã©ã®æ¥ç¶ã確 ç«ããããšããŠããã®ãèå¥ã§ããããã«ããŸããããã©ã«ãã®ååã¯ãã客æ§ã®äŒç€Ÿåã®åŸã« Cisco IPsec ãããã³ã«ãç¶ãããã®ã«ãªããŸãã 泚 â ãã³ãã¯ã·ã§ã³å ãã¯ãã¹ãŠã® iOS ããã€ã¹èšå® (PPTPãL2TP over IPsecãCisco VPN Client) ã§äžæã§ããå¿ èŠããããŸãã ãã¹ãåãäžæžã:ã·ã¹ãã ã®ãã¹ãåãã¯ã©ã€ã¢ã³ãããããªãã¯ã«è§£æ±ºã§ããªãå Žåã¯ãããã« ãµãŒãã®ãã¹ãåãå ¥åããŠãããã«ãã£ãŠãã·ã¹ãã ã® DNS ãã¹ãå ãã®åã®ãDynDNS ãã¹ãå ã ã®å éšèšå®ãäžæžãããŸãã VPN æ¥ç¶ã®ãªã³ããã³ã確ç«:ãã±ãŒã·ã§ã³ãããã¯ã¹ã®ãªã¹ãå ã®ãã¹ãåãŸãã¯ãã¡ã€ã³ã®ãã ãããšäžèŽãããšãã«æ¥ç¶ãèªåçã«éå§ããã«ã¯ããã®ãªãã·ã§ã³ãéžæããŸãã l ãã¡ã€ã³ãŸãã¯ãã¹ãã«ãããã³ã°:ãªã³ããã³ã㧠VPN æ¥ç¶ã確ç«ãããã¡ã€ã³ãŸãã¯ãã¹ã åãå ¥åããŸããäŸãã°ããŒã«ã«ã€ã³ãã©ããããªã©ãããã«å ¥ããŸãã l DNS åç §ã«å€±æããå Žåã®ã¿ç¢ºç«:ããã©ã«ãã§ã¯ãDNS åç §ã«å€±æããå Žåã®ã¿ VPN æ¥ç¶ã確ç«ãããŸãããã®ãªãã·ã§ã³ãéžæããªãå Žåã¯ããã¹ãåã®è§£æ±ºã«é¢ä¿ãªã VPN æ¥ç¶ã確ç«ãããŸãã æ¥ç¶ããiOSããã€ã¹ãããã°ããŒãã« ãã¿ãã«æå®ãããµãŒã蚌ææžã«è¡šç€ºãããŸããiOS ãã〠ã¹ã¯ããã®èšŒææžã® VPN ID ããµãŒãã®ãã¹ãåãšäžèŽããŠããããã§ãã¯ããç°ãªãå Žåã«ã¯æ¥ ç¶ãæåŠããŸãããµãŒã蚌ææžã§ VPN ID ã¿ã€ãã«ãèå¥å ãã䜿çšããŠããå Žåã代ããã«ãäžè¬ å ããã£ãŒã«ãã䜿çšãããŸãããµãŒã蚌ææžããããã®å¶çŽãæºãããŠããããšã確èªããå¿ èŠ ããããŸãã iOS ããã€ã¹ã®èªåèšå®ãç¡å¹ã«ããã«ã¯ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã°ã¬ãŒã«å€ãããŸãã 16.6.3 ãããã° IKE ãããã° ãIKE ãããã°ãã»ã¯ã·ã§ã³ã§ IKE ãããã°ãªãã·ã§ã³ãèšå®ã§ããŸããã©ã®ã¿ã€ãã® IKE ã¡ãã»ãŒãžãŸ ãã¯éä¿¡ã«ã€ããŠãããã°åºåãäœæãããã¯ãã§ãã¯ããã¯ã¹ã§éžæããŸãã 泚 â ãIKE ãããã°ãã»ã¯ã·ã§ã³ã¯ãããµã€ãé VPN IPsecããããªã¢ãŒãã¢ã¯ã»ã¹ IPsecãããL2TP over IPsecããããã³ãCisco VPN ã¯ã©ã€ã¢ã³ããã¡ãã¥ãŒã®ããããã°ãã¿ãã§åããã®ã䜿çšãããŠã㟠ãã UTM 9 管çã¬ã€ã 471 16.7 詳现 16 ãªã¢ãŒãã¢ã¯ã»ã¹ 以äžã®ãã©ã°ããã°ã§ããŸãã l ã³ã³ãããŒã«ãããŒ:IKE ã¹ããŒãã®ã³ã³ãããŒã«ã¡ãã»ãŒãžã衚瀺ããŸãã l ã¢ãŠãããŠã³ããã±ãã:éä¿¡ IKE ã¡ãã»ãŒãžã®ã³ã³ãã³ãã衚瀺ããŸãã l ã€ã³ããŠã³ããã±ãã:åä¿¡ IKE ã¡ãã»ãŒãžã®ã³ã³ãã³ãã衚瀺ããŸãã l ã«ãŒãã«ã¡ãã»ãŒãž:ã«ãŒãã«ãšã®éä¿¡ã¡ãã»ãŒãžã衚瀺ããŸãã l åé·æ§æ (HA)ãã®ä»ã® HA ããŒããšã®éä¿¡ã衚瀺ããŸãã 16.7 詳现 ããªã¢ãŒãã¢ã¯ã»ã¹ > 詳现 ãããŒãžã§ã¯ããªã¢ãŒãã¢ã¯ã»ã¹ã¯ã©ã€ã¢ã³ãã®è©³çŽ°èšå®ãè¡ãããšãã§ã ãŸããããã§å ¥åãã DNS ãµãŒããš WINS ãµãŒãã® IP ã¢ãã¬ã¹ã¯ãã²ãŒããŠã§ã€ãžã®æ¥ç¶ã®ç¢ºç« æã«ãªã¢ãŒãã¢ã¯ã»ã¹ã¯ã©ã€ã¢ã³ãã䜿çšããããã«æäŸãããããã«ãã£ãŠãã¡ã€ã³ã®å®å šãªåå 解決ãå®çŸããŸãã DNS ãµãŒã:çµç¹ã® DNS ãµãŒããæ倧 2å°æå®ããŸãã WINS ãµãŒã:çµç¹ã® WINS ãµãŒããæ倧 2å°æå®ããŸããWINS (Windows ã€ã³ã¿ãŒãããããŒãã³ã° ãµãŒãã¹) ãšã¯ããã€ã¯ããœããã Windows OS ã«å®è£ ãã NBNS (NetBIOSããŒã ãµãŒã) 㧠ããDNS ããã¡ã€ã³åã察象ã«ããŠããããã«ãWINS 㯠NetBIOS åã察象ã«ããŠãã¹ãåãš IP ã¢ã ã¬ã¹ãäžå çã«ãããã³ã°ããŸãã ãã¡ã€ã³å:çµç¹ã® å®å šä¿®é£Ÿãã¡ã€ã³å (FQDN) ãå ¥åããŸããå®å šä¿®é£Ÿãã¡ã€ã³åãšã¯ãDNS ããªãŒ éå±€ã§ã®ããŒãã®çµ¶å¯Ÿäœçœ®ãæå®ããæçãªãã¡ã€ã³åã§ã (intranet.example.com ãªã©)ã 泚 â PPTP ããã³L2TP over IPsec ã®å Žåããã¡ã€ã³åã¯èªåçã«é ä¿¡ ã§ãããã¯ã©ã€ã¢ã³ãåŽã§ èšå®ããå¿ èŠããããŸãã Cisco VPN ã¯ã©ã€ã¢ã³ãã䜿çšãã iOS ããã€ã¹ã§ã¯ãäžã§æå®ãã DNS ãµãŒããæå®ãã¡ã€ã³ ã«å±ãããã¹ãã®è§£æ±ºã«ã®ã¿äœ¿çšãããŸãã 16.8 蚌ææžç®¡ç ããµã€ãé VPN > 蚌ææžç®¡ç ãã¡ãã¥ãŒãšããªã¢ãŒãã¢ã¯ã»ã¹ > 蚌ææžç®¡ç ãã¡ãã¥ãŒã«ã¯ãåãèšå® ãªãã·ã§ã³ãå«ãŸããŠããŸãããããã®èšå®ãªãã·ã§ã³ã䜿çšãããšãSophos UTMã®ãã¹ãŠã®èšŒæ æžé¢é£ãªãã·ã§ã³ã管çããããšãã§ããŸããããšãã°ãX.509 蚌ææžã®äœæãŸãã¯ã€ã³ããŒã ããCRL (蚌ææžå€±å¹ãªã¹ã) ã®ã¢ããããŒããªã©ãè¡ãããšãã§ããŸãã 472 UTM 9 管çã¬ã€ã 16 ãªã¢ãŒãã¢ã¯ã»ã¹ 16.8 蚌ææžç®¡ç 16.8.1 蚌ææž ããµã€ãé VPNã>ã蚌ææžç®¡çã>ã蚌ææžããåç §ããŠãã ããã 16.8.2 èªèšŒå± (CA) ãããµã€ãé VPN > 蚌ææžç®¡ç > CAããåç §ããŠãã ããã 16.8.3 蚌ææžå€±å¹ãªã¹ã(CRL) ããµã€ãé VPNã>ã蚌ææžç®¡çã>ã蚌ææžå€±å¹ãªã¹ã (CRL)ããåç §ããŠãã ããã 16.8.4 詳现 ããµã€ãé VPN > 蚌ææžç®¡ç > 詳现 ããåç §ããŠãã ããã UTM 9 管çã¬ã€ã 473 17 ãã°ãšã¬ããŒã ãã®ç« ã§ã¯ãSophos UTMã®ãã°ããã³ã¬ããŒãæ©èœã«ã€ããŠèª¬æããŸãã Sophos UTM ã¯ãåçš®ã·ã¹ãã ããã³ãããã¯ãŒã¯ä¿è·ã€ãã³ããç¶ç¶çã«èšé²ããããšã«ãããè± å¯ãªãã°æ©èœãæäŸããŸãã詳现ãªç£æ»èšŒè·¡ã«ãããéå»ãšçŸåšã®ããŸããŸãªãããã¯ãŒã¯ã¢ã¯ã㣠ããã£ã«é¢ããåæãå®çŸããæœåšçãªã»ãã¥ãªãã£äžã®è åšãç¹å®ããããçºçããŠããåé¡ã®ã ã©ãã«ã·ã¥ãŒãã£ã³ã°ãè¡ãããšãã§ããŸãã Sophos UTMã®ã¬ããŒãæ©èœã¯ãçŸåšã®ãã°ããŒã¿ãåéãããããã°ã©ã圢åŒã§è¡šç€ºããããšã§ã 管ç察象ããã€ã¹ã®ãªã¢ã«ã¿ã€ã æ å ±ãæäŸããŸãã WebAdmin ã®ããã°ããŒãã£ã·ã§ã³ã¹ããŒã¿ã¹ ãããŒãžã¯ããã£ã¹ã¯ã®æ®å®¹éããã£ã«ã¢ããã¬ãŒã (䜿 çšéå¢å é床) ã«ã€ããŠã®æ å ±ããéå» 4é±éã®ãã°ããŒãã£ã·ã§ã³ã®äœ¿çšç¶æ³ã瀺ããã¹ãã°ã© ã ãªã©ãSophos UTMãŠãããã®ãã°ããŒãã£ã·ã§ã³ã®ã¹ããŒã¿ã¹ã瀺ããŸãããã£ã«ã¢ããã¬ãŒãã¯ã 枬å®å°ç¹ãšéå§å°ç¹ã®å·®åãçµéæéã§å²ã£ãŠèšç®ãããããåœåã¯å€ãããäžæ£ç¢ºã«ãªã㟠ãããã·ã¹ãã ã®çšŒåæéãé·ããªãã°ãªãã»ã©ç²ŸåºŠãå¢ããŸãã ãã®ç« ã§ã¯ã次ã®ãããã¯ã«ã€ããŠèª¬æããŸãã l ãã°ãã¡ã€ã«ã®é²èŠ§ l ããŒããŠã§ã¢ l ãããã¯ãŒã¯äœ¿çšç l ãããã¯ãŒã¯ãããã¯ã·ã§ã³ l Webãããã¯ã·ã§ã³ l Eã¡ãŒã«ãããã¯ã·ã§ã³ l ãªã¢ãŒãã¢ã¯ã»ã¹ l WebãµãŒããããã¯ã·ã§ã³ l ãšã°ãŒã¯ãã£ãã¬ããŒã l ãã°èšå® l ã¬ããŒãèšå® 17 ãã°ãšã¬ããŒã ã¬ããŒãã£ã³ã°ã°ã©ã Sophos UTM ã¬ããŒãã£ã³ã°ã°ã©ããæãç·ã°ã©ããåã°ã©ãã§è¡šç€ºããŸãã察話çãªæ§è³ªäžããã ãã®ã°ã©ãã§ã¯æ å ±ã«ãã现ããã¢ã¯ã»ã¹ããããšãå¯èœãšãªã£ãŠããŸãã æãç·ã°ã©ã æãç·ã°ã©ããžã®å¯Ÿè©±çæäœãç°¡åã§ãã ããŠã¹ã®ã«ãŒãœã«ãã°ã©ãäžã«çœ®ããšã倧ããªããã (ç¹) ã衚瀺ãããã°ã©ãã®ãã®éšåã®è©³çŽ°ãªæ å ±ã衚瀺ãããŸãããã®ãããã¯ãã°ã©ãã®ç·ã« 沿ã£ãŠç§»åããŸããããŠã¹ã®ã«ãŒãœã«ã移åãããšãããããããã«åŸã£ãŠç§»åããŸããã°ã©ãã«äœ æ¬ãã®ç·ãããå Žåããããã¯ããŠã¹ã«ãŒãœã«ã®ç§»åã«åŸã£ãŠç·ã®éã移åããŸããããã«ãããã ã®è²ã¯ãããã衚瀺ããŠããæ å ±ãã©ã®ç·ã«é¢é£ãããã«ãã£ãŠå€ãããããç·ãäºãã«è¿æ¥ã ãŠããå Žåã«åœ¹ç«ã¡ãŸãã Figure 27 ã¬ããŒãã£ã³ã°:æãç·ã°ã©ãã®äŸ åã°ã©ã æãç·ã°ã©ããšåæ§ã«ãåã°ã©ãã察話çãªæäœãè¡ãããšãã§ããŸããããŠã¹ã®ã«ãŒãœã«ãåã° ã©ãã®äžéšã«çœ®ããŸãããããšããã®éšåã¯åã°ã©ãã®ä»ã®éšåããå³åº§ã«åãé¢ããããã®éš åã®è©³çŽ°ãªæ å ±ãããŒã«ãã³ãã«è¡šç€ºãããŸãã Figure 28 ã¬ããŒãã£ã³ã°:åã°ã©ãã®äŸ 476 UTM 9 管çã¬ã€ã 17 ãã°ãšã¬ããŒã 17.1 ãã°ãã¡ã€ã«ã®é²èŠ§ 17.1 ãã°ãã¡ã€ã«ã®é²èŠ§ ããã°ãšã¬ããŒã > ãã°ãã¡ã€ã«ã®é²èŠ§ ãã¡ãã¥ãŒã§ãåçš®ãã°ãã¡ã€ã«ã衚瀺ããã³æ€çŽ¢ã§ããŸãã 17.1.1 ä»æ¥ã®ãã°ãã¡ã€ã« ããã°ãšã¬ããŒã > ãã°ãã¡ã€ã«ã®é²èŠ§ > ä»æ¥ã®ãã°ãã¡ã€ã« ãã¿ãã§ãçŸåšã®ãã¹ãŠã®ãã°ã«å®¹æ ã«ã¢ã¯ã»ã¹ã§ããŸãã ãã®ã¿ãã§ã¯ããã¹ãŠã®ãã°ãã¡ã€ã«ã«é©çšã§ããããŸããŸãªäœæ¥ãå®è¡ã§ããŸãã次ã®äœæ¥ãå® è¡ã§ããŸãã l ã©ã€ããã°:ãããã¢ãããŠã€ã³ããŠãéãããªã¢ã«ã¿ã€ã ã§ãã°ãã¡ã€ã«ã衚瀺ã§ããŸããæ°ã ãã¢ã¯ãã£ããã£ãçºçãããšããªã¢ã«ã¿ã€ã ã§ãã°ãã¡ã€ã«ã«æ°ããè¡ãè¿œå ãããŸãããèª åã¹ã¯ããŒã« ããéžæãããšããããã¢ãããŠã€ã³ããŠãèªåçã¹ã¯ããŒã«ããŠã³ããŠãåžžã« ææ°ã®ãã°ã衚瀺ãããŸããããã«ããããã¢ãããŠã€ã³ããŠã«ã¯ãã£ã«ã¿ããã¹ãããã¯ã¹ã å«ãŸããŠãããããã«ãã£ãŠæ°ãããã°ã®è¡šç€ºãããã£ã«ã¿ã«äžèŽããã¬ã³ãŒãã ãã«å¶é㧠ããŸãã l 衚瀺:ãããã¢ãããŠã£ã³ããŠãéããçŸåšã®ç¶æ ã®ãã°ãã¡ã€ã«ã衚瀺ãããŸãã l ã¯ãªã¢:ãã°ãã¡ã€ã«ã®ã³ã³ãã³ããåé€ããŸãã ããŒãã«äžéšã®ããããããŠã³ãªã¹ãã䜿çšããŠãéžæãããã°ãã¡ã€ã«ã zip ãã¡ã€ã«åœ¢åŒã§ã㊠ã³ããŒããããããããã®ã³ã³ãã³ããåæã«åé€ãããã§ããŸãã 17.1.2 ã¢ãŒã«ã€ããã°ãã¡ã€ã« ããã°ãšã¬ããŒã > ãã°ãã¡ã€ã«ã®é²èŠ§ > ã¢ãŒã«ã€ããã°ãã¡ã€ã« ãã¿ãã§ããã°ãã¡ã€ã«ã¢ãŒã«ã€ãã 管çããããšãã§ããŸãããã¹ãŠã®ãã°ãã¡ã€ã«ã¯ãã€ãªãŒããŒã¹ã§ã¢ãŒã«ã€ããããŸããã¢ãŒã«ã€ ããããã°ãã¡ã€ã«ã«ã¢ã¯ã»ã¹ããã«ã¯ããã°ãæžã蟌ãŸããŠããSophos UTMã®ãµãã·ã¹ãã ãšå¹Ž æãéžæããŸãã éžæã«äžèŽãããã¹ãŠã®å©çšã§ãããã°ãã¡ã€ã«ã幎代é ã«è¡šç€ºãããŸããã¢ãŒã«ã€ããããã° ãã¡ã€ã«ã¯ãé²èŠ§ããããzip ãã¡ã€ã«åœ¢åŒã§ããŠã³ããŒãã§ããŸãã ããŒãã«äžéšã®ããããããŠã³ãªã¹ãã䜿çšããŠãéžæãããã°ãã¡ã€ã«ãzipãã¡ã€ã«åœ¢åŒã§ããŠã³ ããŒããããåæã«åé€ãããããããšãã§ããŸãã UTM 9 管çã¬ã€ã 477 17.2 ããŒããŠã§ã¢ 17 ãã°ãšã¬ããŒã 17.1.3 ãã°ãã¡ã€ã«ã®æ€çŽ¢ ããã°ãšã¬ããŒã > ãã°ãã¡ã€ã«ã®é²èŠ§ > ãã°ãã¡ã€ã«ã®æ€çŽ¢ ãã¿ãã§ãããŸããŸãªæéã®ããŒã«ã«ã ã°ãã¡ã€ã«ãæ€çŽ¢ã§ããŸããæåã«ãæ€çŽ¢ãããã°ãã¡ã€ã«ãéžæãã次ã«æ€çŽ¢ããèªå¥ãå ¥åã ãŠãæ€çŽ¢æéãéžæããŸãããæéãéžæ ããªã¹ããããã«ã¹ã¿ã æé ããéžæããå Žåã¯ãéå§æ¥ãš çµäºæ¥ãæå®ã§ããŸãããæ€çŽ¢éå§ ããã¿ã³ãã¯ãªãã¯ãããšããããã¢ãããŠã€ã³ããŠã«ã¯ãšãªçµæã 衚瀺ãããŸãããã©ãŠã¶ã«ãã£ãŠã¯ãWebAdmin çšã«ãããã¢ãããŠã€ã³ããŠãèš±å¯ããå¿ èŠããã ãŸãã 17.2 ããŒããŠã§ã¢ ããã°ãšã¬ããŒã > ããŒããŠã§ã¢ ãã¡ãã¥ãŒã«ã¯ãããŸããŸãªæéã«ãããããŒããŠã§ã¢ã³ã³ããŒãã³ã ã®äœ¿çšç¶æ³ã«é¢ããæŠèŠçãªçµ±èšã衚瀺ãããŸãã 17.2.1 ãã€ãªãŒ ãããŒããŠã§ã¢ > ãã€ãªãŒãã¿ãã¯ã次ã®ããŒããŠã§ã¢ã³ã³ããŒãã³ãã«é¢ããéå» 24æéã®çµ±èšæŠ 芳ã瀺ããŸãã l CPU ã®äœ¿çšç¶æ³ l ã¡ã¢ãª/ã¹ã¯ããã®äœ¿çšç¶æ³ l ããŒãã£ã·ã§ã³ã®äœ¿çšç¶æ³ CPU ã®äœ¿çšç¶æ³:ãã¹ãã°ã©ã ã«ãçŸåšã®ããã»ããµäœ¿çšç¶æ³ (%) ã衚瀺ãããŸãã ã¡ã¢ãª/ã¹ã¯ããã®äœ¿çšç¶æ³:ã¡ã¢ãªãšã¹ã¯ããã®äœ¿çšç¶æ³ (%)ãã¹ã¯ããã®äœ¿çšç¶æ³ã¯ãã·ã¹ãã æ§ æã«ãã£ãŠå€§ããç°ãªããŸããäŸµå ¥é²åŸ¡ããããã·ãµãŒããªã©ã®ãµãŒãã¹ãã¢ã¯ãã£ãã«ãããšãã¡ ã¢ãªã®äœ¿çšçãé«ããªããŸããã·ã¹ãã ã®ã¡ã¢ãªãäžè¶³ãããšãã¹ã¯ããã¹ããŒã¹ã䜿çšããããã ã«ãªããã·ã¹ãã å šäœã®ããã©ãŒãã³ã¹ãäœäžããŸããã¹ã¯ããã¹ããŒã¹ã®äœ¿çšã¯ã§ããã ãäœã æããå¿ èŠããããŸãããã®ããã«ã¯ãã·ã¹ãã ã§å©çšã§ããã¡ã¢ãªã®åèšå®¹éãå¢ãããŸãã ããŒãã£ã·ã§ã³ã®äœ¿çšç¶æ³:éžæãããããŒãã£ã·ã§ã³ã®äœ¿çšç¶æ³ (%)ããã¹ãŠã®ãã£ãŒãã«ã¯3ã€ã® ã°ã©ãã衚瀺ãããããããã1ã€ã®ããŒããã£ã¹ã¯ãã©ã€ãããŒãã£ã·ã§ã³ã瀺ããŸãã l 478 ã«ãŒã:ã«ãŒãããŒãã£ã·ã§ã³ãšã¯ãSophos UTMã®ã«ãŒããã£ã¬ã¯ããªãããããŒãã£ã·ã§ã³ã§ ãããã®ããŒãã£ã·ã§ã³ã«ã¯ãæŽæ°ããã±ãŒãžãšããã¯ã¢ãããä¿åãããŸãã UTM 9 管çã¬ã€ã 17 ãã°ãšã¬ããŒã 17.3 ãããã¯ãŒã¯äœ¿çšç¶æ³ l ãã°:ãã°ããŒãã£ã·ã§ã³ãšã¯ããã°ãã¡ã€ã«ãšã¬ããŒãã£ã³ã°ããŒã¿ãä¿åãããããŒãã£ã·ã§ ã³ã§ãããã®ããŒãã£ã·ã§ã³ã®å®¹éãäžè¶³ããŠããå Žåãããã°ãšã¬ããŒã > ãã°èšå® > ããŒã« ã«ãã°ãã§èšå®ã調æŽããŠãã ããã l ã¹ãã¬ãŒãž:ã¹ãã¬ãŒãžããŒãã£ã·ã§ã³ãšã¯ããããã·ãµãŒãã¹ãããŒã¿ãä¿åããããŒãã£ã·ã§ ã³ã§ãããWeb ãã£ã«ã¿çšã®ç»åãSMTP ãããã·çšã®ã¡ãã»ãŒãžãéé¢ã¡ãŒã«ãªã©ãããã« ä¿åãããŸããããã«ãããŒã¿ããŒã¹ãäžæããŒã¿ãèšå®ãã¡ã€ã«ãä¿åãããŸãã 17.2.2 ãŠã£ãŒã¯ãªãŒ ãããŒããŠã§ã¢ > ãŠã£ãŒã¯ãªãŒãã¿ãã¯ãéžæãããããŒããŠã§ã¢ã³ã³ããŒãã³ãã«é¢ããéå»7æ¥éã® æŠèŠçãªçµ±èšã瀺ããŸãããã¹ãã°ã©ã ã«ã€ããŠã¯ãããã€ãªãŒãã®ã»ã¯ã·ã§ã³ãåç §ããŠãã ããã 17.2.3 ãã³ã¹ãªãŒ ãããŒããŠã§ã¢ > ãã³ã¹ãªãŒãã¿ãã¯ãéžæãããããŒããŠã§ã¢ã³ã³ããŒãã³ãã«é¢ããéå»4é±éã® æŠèŠçãªçµ±èšã瀺ããŸãããã¹ãã°ã©ã ã«ã€ããŠã¯ãããã€ãªãŒãã®ã»ã¯ã·ã§ã³ãåç §ããŠãã ããã 17.2.4 幎次 ãããŒããŠã§ã¢ > 幎次 ãã¿ãã¯ãéžæãããããŒããŠã§ã¢ã³ã³ããŒãã³ãã«é¢ããéå» 12ãæéã®æŠ èŠçãªçµ±èšã瀺ããŸãããã¹ãã°ã©ã ã«ã€ããŠã¯ãããã€ãªãŒãã®ã»ã¯ã·ã§ã³ãåç §ããŠãã ããã 17.3 ãããã¯ãŒã¯äœ¿çšç¶æ³ ããã°ãšã¬ããŒã > ãããã¯ãŒã¯äœ¿çšç¶æ³ ãã¡ãã¥ãŒã®ã¿ãã«ã¯ãããŸããŸãªæéå ã«Sophos UTMã® åã€ã³ã¿ãã§ãŒã¹ãééãããã©ãã£ãã¯ã«é¢ããæŠèŠçãªçµ±èšã衚瀺ãããŸããåãã£ãŒãã®ã㌠ã¿ã¯ã次ã®åäœã䜿çšããŠç€ºãããŸãã l u (ãã€ã¯ãã10-6) l m (ããªã10-3) l k (ããã103) l M (ã¡ã¬ã106) l G (ã®ã¬ã109) 10-18ïœ108 ã®ç¯å²å ã§ã¹ã±ãŒãªã³ã°å¯èœã§ãã UTM 9 管çã¬ã€ã 479 17.3 ãããã¯ãŒã¯äœ¿çšç¶æ³ 17 ãã°ãšã¬ããŒã 17.3.1 ãã€ãªãŒ ããããã¯ãŒã¯äœ¿çšç¶æ³ > ãã€ãªãŒãã¿ãã«ã¯ãèšå®ãããŠããåã€ã³ã¿ãã§ãŒã¹ãééãããã© ãã£ãã¯ã«é¢ããéå»24æéã®æŠèŠçãªçµ±èšã衚瀺ãããŸãã åãã¹ãã°ã©ã ã«ã¯ã次ã®2ã€ã®ã°ã©ãã衚瀺ãããŸãã l åä¿¡:該åœã€ã³ã¿ãã§ãŒã¹ã§ã®å¹³ååä¿¡ãã©ãã£ã㯠(bpsåäœ)ã l éä¿¡:該åœã€ã³ã¿ãã§ãŒã¹ã§ã®å¹³åéä¿¡ãã©ãã£ã㯠(bpsåäœ)ã ãåææ¥ç¶æ° ããã£ãŒãã¯ãåææ¥ç¶ã®åèšã瀺ããŸãã 17.3.2 ãŠã£ãŒã¯ãªãŒ ããããã¯ãŒã¯äœ¿çšç¶æ³ > ãŠã£ãŒã¯ãªãŒãã¿ãã«ã¯ãèšå®ãããŠããåã€ã³ã¿ãã§ãŒã¹ãééãããã© ãã£ãã¯ã«é¢ããéå» 7æ¥éã®æŠèŠçãªçµ±èšã衚瀺ãããŸãããã¹ãã°ã©ã ã«ã€ããŠã¯ãããã€ãªãŒã ã®ã»ã¯ã·ã§ã³ãåç §ããŠãã ããã 17.3.3 ãã³ã¹ãªãŒ ããããã¯ãŒã¯äœ¿çšç¶æ³ > ãã³ã¹ãªãŒãã¿ãã«ã¯ãèšå®ãããŠããåã€ã³ã¿ãã§ãŒã¹ãééãããã© ãã£ãã¯ã«é¢ããéå»4é±éã®æŠèŠçãªçµ±èšã衚瀺ãããŸãããã¹ãã°ã©ã ã«ã€ããŠã¯ãããã€ãªãŒã ã®ã»ã¯ã·ã§ã³ãåç §ããŠãã ããã 17.3.4 幎次 ããããã¯ãŒã¯äœ¿çšç¶æ³ > ã€ã€ãªãŒãã¿ãã«ã¯ãèšå®ãããŠããåã€ã³ã¿ãã§ãŒã¹ãééãããã© ãã£ãã¯ã«é¢ããéå»12ãæã®æŠèŠçãªçµ±èšã衚瀺ãããŸãããã¹ãã°ã©ã ã«ã€ããŠã¯ããã〠ãªãŒãã®ã»ã¯ã·ã§ã³ãåç §ããŠãã ããã 17.3.5 垯å䜿çšç¶æ³ ããããã¯ãŒã¯äœ¿çšç¶æ³ > 垯å䜿çšç¶æ³ ãã¿ãã«ã¯ãããã€ã¹ãã転éããããããã¯ãŒã¯ãã© ãã£ãã¯ãããã€ã¹ã«è»¢éããããããã¯ãŒã¯ãã©ãã£ãã¯ãããã€ã¹ãçµç±ããŠè»¢éãããããã ã¯ãŒã¯ãã©ãã£ãã¯ã«ã€ããŠã®å æ¬çãªããŒã¿ã衚瀺ãããŸãã æåã®ããããããŠã³ãªã¹ãããã衚瀺ããããŒã¿ã®ã¿ã€ããéžæããŸã (äŸ: äžäœã¯ã©ã€ã¢ã³ãã äž äœãµãŒãã¹ãã¯ã©ã€ã¢ã³ãå¥ ãªã©)ã å¿ èŠãªãšã³ããªãéžæããè¿œå ã§ããã¯ã¹ã衚瀺ãããå Žåã¯ã 480 UTM 9 管çã¬ã€ã 17 ãã°ãšã¬ããŒã 17.3 ãããã¯ãŒã¯äœ¿çšç¶æ³ 該åœããããã£ã«ã¿ã®æ¡ä»¶ãæå®ããŸãããŸãã¯ãäžéšã«ããããããããŠã³ãªã¹ãã䜿çšããŠãæ å»ã«ãã£ãŠãšã³ããªããã£ã«ã¿ãªã³ã°ã§ããŸãããã£ã«ã¿ãé©çšããã«ã¯ããã®ã€ã©ãæŽæ° ããã¿ã³ã㯠ãªãã¯ããŸãã çµæã®è¡šã®ãã¯ã©ã€ã¢ã³ãå¥ /ãµãŒãå¥ ããã¥ãŒã§ IP ãŸãã¯ãã¹ãåãã¯ãªãã¯ãããšãããã¯èªåç ã«ãã¯ã©ã€ã¢ã³ãå¥ã®äžäœãµãŒãã¹ ããã¥ãŒã®ãã£ã«ã¿ãšããŠäœ¿çšãããŸããåŸã§ãããããµãŒãå¥ã® äžäœãµãŒãã¹ ããã¥ãŒã«åãæ¿ããããšããIP/ãããã¯ãŒã¯ããããã¯ãŒã¯ç¯å² (192.168.1.0/24ã10/8 ãªã©) ãæåã§æå®ããŠãæŽæ° ããã¿ã³ãã¯ãªãã¯ãããããã®èšå®ãç¢ºå® ããããšãã§ããŸãã ããµãŒãã¹å¥ ããã¥ãŒã§ã¯ããããã³ã«ãšãµãŒãã¹ãã³ã³ãã§åºåã£ãŠå ¥åããããšãã§ããŸã (TCP,SMTP ãUDP,6000 ãªã©)ããããã³ã«ãæå®ããªããšãTCP ã䜿çšãããŸã (HTTP ãæå¹ã§ ã)ãããã©ã«ãã§ã¯ã1ããŒãžããã 20件衚瀺ãããŸãããããè¶ ããæ°ã®ãšã³ããªãããå Žåã¯ã ã次ãžã/ãæ»ããã¢ã€ã³ã³ã䜿çšããŠååŸã®ããŒãžã«ç§»åã§ããŸãããè¡æ° ãããããããŠã³ãªã¹ãã§ã1 ããŒãžã«è¡šç€ºãããšã³ããªã®æ°ãå€æŽã§ããŸãã äžäœã¢ããªã±ãŒã·ã§ã³/äžäœã¢ããªã±ãŒã·ã§ã³ã°ã«ãŒã:ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã«ããªãã®å Žåã ãããã¯ãŒã¯ãã©ãã£ãã¯ã¯ãæªåé¡ããšè¡šç€ºãããŸããã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã«ãæå¹ãªå Žåã ãããã¯ãŒã¯ãã©ãã£ãã¯ã¯ã¿ã€ãã§è¡šç€ºãããŸã (äŸ: ãWebAdminãããNTPãããfacebookã)ãã¢ããªã±ãŒ ã·ã§ã³ã³ã³ãããŒã«ã«é¢ãã詳现ã¯ããWeb ãããã¯ã·ã§ã³ > ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã« ãã®ç« ãå ç §ããŠãã ããã ã¿ãå³äžé ã®å¯Ÿå¿ããã¢ã€ã³ã³ãã¯ãªãã¯ãããšãããŒã¿ã PDF ããã㯠Excel 圢åŒã§ããŠã³ããŒã ã§ããŸããã¬ããŒãã¯ãçŸåšéžæãããŠãããã¥ãŒ (衚瀺) ããçæãããŸããããã«ããåã°ã©ãã㢠ã€ã³ã³ã衚瀺ãããŠããå Žåããããã¯ãªãã¯ãããšãè¡šã®äžã«åã°ã©ãã衚瀺ãããŸãã ãã©ãã£ãã¯ã®ã©ãã« IN ãš OUT ã¯ãèŠç¹ã«å¿ããŠç°ãªããŸãããããã·ã¢ãŒãã§å®è¡ããŠããå Ž åãã¯ã©ã€ã¢ã³ã㯠(ééã¢ãŒãã§ãã£ãŠã) UTMã§ããŒã 8080 ã«æ¥ç¶ããããããã®ã¯ã©ã€ã¢ã³ãã ãéä¿¡ãããããŒã¿ (èŠæ±) ã¯å éšã€ã³ã¿ãã§ãŒã¹ã«ãã㊠åä¿¡ ãã©ãã£ãã¯ãšãªããã¯ã©ã€ã¢ã³ãå®ãŠ ã«éä¿¡ãããããŒã¿ (å¿ç) 㯠éä¿¡ ãã©ãã£ãã¯ãšãªããŸãã è¡šã®åã®ããããã¯ãªãã¯ãããšããã¹ãŠã®ããŒã¿ã䞊ã¹æ¿ããããšãã§ããŸãã ããšãã°ããã¹ãŠ ã®ãã¹ããåä¿¡ãã©ãã£ãã¯å¥ã«ãœãŒãããå Žåãè¡šã®èŠåºãã§ãINããã¯ãªãã¯ããŸããããã«ãããå ä¿¡ãã©ãã£ãã¯ãæãå€ãçºçããŠãããã¹ããå é ã«è¡šç€ºãããŸãããã©ãã£ãã¯ã®ããŒã¿éã¯ãã ãã€ã (KiB) ããã³ã¡ããã€ã (MiB) åäœã§è¡šç€ºãããŸãããããããã³ã³ãã¥ãŒã¿ã®èšæ¶å®¹éã瀺ã 2 ã®çŽ¯ä¹åäœã§ã (äŸ: 1ãããã€ã = 210ãã€ã = 1024ãã€ã)ã UTM 9 管çã¬ã€ã 481 17.4 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ 17 ãã°ãšã¬ããŒã 17.4 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ ããã°ãšã¬ããŒã > ãããã¯ãŒã¯ãããã¯ã·ã§ã³ãã¡ãã¥ãŒã®ã¿ãã«ã¯ãSophos UTMã«ãã£ãŠæ€åºããã é¢é£ãããã¯ãŒã¯ãããã¯ã·ã§ã³ã€ãã³ãã«ã€ããŠã®æŠèŠçãªçµ±èšã衚瀺ãããŸãã 17.4.1 ãã€ãªãŒ ããããã¯ãŒã¯ãããã¯ã·ã§ã³ > ãã€ãªãŒãã¿ãã¯ã次ã®ã€ãã³ãã«é¢ããéå» 24æéã®çµ±èšæŠèŠ³ã瀺 ããŸãã l ãã¡ã€ã¢ãŠã©ãŒã«éå l äŸµå ¥é²åŸ¡çµ±èš ãã¡ã€ã¢ãŠã©ãŒã«éå:ãããããŸãã¯æåŠããããã¹ãŠã®ããŒã¿ãã±ããã¯ããã¡ã€ã¢ãŠã©ãŒã«éå ãšããŠã«ãŠã³ããããŸãããã¡ã€ã¢ãŠã©ãŒã«éåã®åæ°ã¯ã5åéã®æ å ã§èšç®ãããŸãã IPSçµ±èš:ãã¹ãŠã®ã°ã©ãã«ã¯ã次㮠2ã€ã®ã°ã©ãã衚瀺ãããŸãã l ã¢ã©ãŒãã€ãã³ã:äŸµå ¥ã¢ã©ãŒããããªã¬ããããŒã¿ãã±ããã®æ°ã l ããããã€ãã³ã:äŸµå ¥é²åŸ¡ã·ã¹ãã ã«ãã£ãŠãããããããããŒã¿ãã±ããã®æ°ã 17.4.2 ãŠã£ãŒã¯ãªãŒ ããããã¯ãŒã¯ãããã¯ã·ã§ã³ > ãŠã£ãŒã¯ãªãŒãã¿ãã«ã¯ãéå» 7æ¥é以å ã«çºçãããã¡ã€ã¢ãŠã©ãŒã« éåããã³äŸµå ¥é²åŸ¡ã€ãã³ãã«é¢ããæŠèŠçãªçµ±èšã衚瀺ãããŸãããã¹ãã°ã©ã ã«ã€ããŠã¯ã ããã€ãªãŒãã®ã»ã¯ã·ã§ã³ãåç §ããŠãã ããã 17.4.3 ãã³ã¹ãªãŒ ããããã¯ãŒã¯ãããã¯ã·ã§ã³ > ãã³ã¹ãªãŒãã¿ãã«ã¯ãéå» 4é±é以å ã«çºçãããã¡ã€ã¢ãŠã©ãŒã«é åããã³äŸµå ¥é²åŸ¡ã€ãã³ãã«é¢ããæŠèŠçãªçµ±èšã衚瀺ãããŸãããã¹ãã°ã©ã ã«ã€ããŠã¯ããã ã€ãªãŒãã®ã»ã¯ã·ã§ã³ãåç §ããŠãã ããã 17.4.4 幎次 ããããã¯ãŒã¯ãããã¯ã·ã§ã³ > ã€ã€ãªãŒãã¿ãã«ã¯ãéå» 12ãæ以å ã«çºçãããã¡ã€ã¢ãŠã©ãŒã«é åããã³äŸµå ¥é²åŸ¡ã€ãã³ãã«é¢ããæŠèŠçãªçµ±èšã衚瀺ãããŸãããã¹ãã°ã©ã ã«ã€ããŠã¯ããã 482 UTM 9 管çã¬ã€ã 17 ãã°ãšã¬ããŒã 17.4 ãããã¯ãŒã¯ãããã¯ã·ã§ã³ ã€ãªãŒãã®ã»ã¯ã·ã§ã³ãåç §ããŠãã ããã 17.4.5 ãã¡ã€ã¢ãŠã©ãŒã« ããããã¯ãŒã¯ãããã¯ã·ã§ã³ > ãã¡ã€ã¢ãŠã©ãŒã« ãã¿ãã«ã¯ããã¡ã€ã¢ãŠã©ãŒã«ã¢ã¯ãã£ããã£ã«é¢ãã å æ¬çãªããŒã¿ããéä¿¡å IPãéä¿¡å ãã¹ããåä¿¡ãã±ããæ°ããµãŒãã¹æ°ã«åŸã£ãŠåé¡ãããŠè¡š 瀺ãããŸãã 泚 â TTL ã 1以äžã®ãã±ããã¯ãã°ã«èšé²ãããã«ãããããããŸãã æåã®ããããããŠã³ãªã¹ãããã衚瀺ããããŒã¿ã®ã¿ã€ããéžæããŸã (äŸ: äžäœéä¿¡å ãã¹ãã äž äœãµãŒãã¹ãå®å å¥ ãªã©)ã å¿ èŠãªãšã³ããªãéžæããè¿œå ã§ããã¯ã¹ã衚瀺ãããå Žåã¯ã該åœã ãããã£ã«ã¿ã®æ¡ä»¶ãæå®ããŸãããŸãã¯ãäžéšã«ããããããããŠã³ãªã¹ãã䜿çšããŠãæå»ã«ã㣠ãŠãšã³ããªããã£ã«ã¿ãªã³ã°ã§ããŸãããã£ã«ã¿ãé©çšããã«ã¯ããã®ã€ã©ãæŽæ° ããã¿ã³ãã¯ãªãã¯ã㟠ãã çµæã®è¡šã§ IP ãŸãã¯ãã¹ãåãã¯ãªãã¯ãããšããäžäœãµãŒãã¹ ããã¥ãŒã®ãã£ã«ã¿ãšããŠèªåç㫠䜿çšãããŸããIP/ãããã¯ãŒã¯ããããã¯ãŒã¯ç¯å² (192.168.1.0/24ã10/8 ãªã©) ãæåã§æå® ããŠããæŽæ° ããã¿ã³ãæŒãããããã®èšå®ã䜿çšããããšãã§ããŸãã ããµãŒãã¹å¥ ããã¥ãŒã§ã¯ããããã³ã«ãšãµãŒãã¹ãã³ã³ãã§åºåã£ãŠå ¥åããããšãã§ããŸã (TCP,SMTP ãUDP,6000 ãªã©)ã ããã©ã«ãã§ã¯ã1ããŒãžããã 20件衚瀺ãããŸãããããè¶ ããæ°ã®ãšã³ããªãããå Žåã¯ãã次 ãžã/ãæ»ããã¢ã€ã³ã³ã䜿çšããŠååŸã®ããŒãžã«ç§»åã§ããŸãããè¡æ° ãããããããŠã³ãªã¹ãã§ã1 ããŒãžã«è¡šç€ºãããšã³ããªã®æ°ãå€æŽã§ããŸãã ã¿ãå³äžé ã®å¯Ÿå¿ããã¢ã€ã³ã³ãã¯ãªãã¯ãããšãããŒã¿ã PDF ããã㯠Excel 圢åŒã§ããŠã³ããŒã ã§ããŸããã¬ããŒãã¯ãçŸåšéžæãããŠãããã¥ãŒ (衚瀺) ããçæãããŸããããã«ããåã°ã©ãã㢠ã€ã³ã³ã衚瀺ãããŠããå Žåããããã¯ãªãã¯ãããšãè¡šã®äžã«åã°ã©ãã衚瀺ãããŸãã è¡šã®åã®ããããã¯ãªãã¯ãããšããã¹ãŠã®ããŒã¿ã䞊ã¹æ¿ããããšãã§ããŸãã 17.4.6 IPS ããããã¯ãŒã¯ãããã¯ã·ã§ã³ > IPSãã¿ãã«ã¯ããããã¯ãŒã¯ã§ã®äŸµå ¥é²åŸ¡ã¢ã¯ãã£ããã£ã«é¢ããå æ¬ çãªããŒã¿ã衚瀺ãããŸãã æåã®ããããããŠã³ãªã¹ãããã衚瀺ããããŒã¿ã®ã¿ã€ããéžæããŸã (äŸ: äžäœéä¿¡å ãã¹ãã äž äœå®å ãéä¿¡å å¥ ãªã©)ã å¿ èŠãªãšã³ããªãéžæããè¿œå ã§ããã¯ã¹ã衚瀺ãããå Žåã¯ã該åœãã ããã£ã«ã¿ã®æ¡ä»¶ãæå®ããŸãããŸãã¯ãäžéšã«ããããããããŠã³ãªã¹ãã䜿çšããŠãæå»ã«ãã£ãŠ UTM 9 管çã¬ã€ã 483 17.5 Webãããã¯ã·ã§ã³ 17 ãã°ãšã¬ããŒã ãšã³ããªããã£ã«ã¿ãªã³ã°ã§ããŸãããã£ã«ã¿ãé©çšããã«ã¯ããã®ã€ã©ãæŽæ° ããã¿ã³ãã¯ãªãã¯ã㟠ãã ããã©ã«ãã§ã¯ã1ããŒãžããã 20件衚瀺ãããŸãããããè¶ ããæ°ã®ãšã³ããªãããå Žåã¯ãã次 ãžã/ãæ»ããã¢ã€ã³ã³ã䜿çšããŠååŸã®ããŒãžã«ç§»åã§ããŸãããè¡æ° ãããããããŠã³ãªã¹ãã§ã1 ããŒãžã«è¡šç€ºãããšã³ããªã®æ°ãå€æŽã§ããŸãã è¡šã®åã®ããããã¯ãªãã¯ãããšããã¹ãŠã®ããŒã¿ã䞊ã¹æ¿ããããšãã§ããŸãã ã¿ãå³äžé ã®å¯Ÿå¿ããã¢ã€ã³ã³ãã¯ãªãã¯ãããšãããŒã¿ã PDF ããã㯠Excel 圢åŒã§ããŠã³ããŒã ã§ããŸããã¬ããŒãã¯ãçŸåšéžæãããŠãããã¥ãŒ (衚瀺) ããçæãããŸããããã«ããåã°ã©ãã㢠ã€ã³ã³ã衚瀺ãããŠããå Žåããããã¯ãªãã¯ãããšãè¡šã®äžã«åã°ã©ãã衚瀺ãããŸãã 17.5 Webãããã¯ã·ã§ã³ ããã°ãšã¬ããŒã > Web ãããã¯ã·ã§ã³ãã¡ãã¥ãŒã®ã¿ãã«ã¯ãæãã¢ã¯ãã£ã㪠Web ãŠãŒã¶ãšæãããè¡š 瀺ãããŠãã Web ãµã€ãã«é¢ããæŠèŠçãªçµ±èšã衚瀺ãããŸãã 17.5.1 Web 䜿çšç¶æ³ã¬ããŒã ããã°ãšã¬ããŒã > Web ãããã¯ã·ã§ã³ > Web 䜿çšç¶æ³ã¬ããŒããããŒãžã¯ããããã¯ãŒã¯ãã©ãã£ãã¯ã ãŠãŒã¶ã® Web 䜿çšç¶æ³ã確èªããããã®åŒ·åãªããŒã«ã§ããäžèŠãããšãã®ããŒãžã¯éåžžã«é£ 解ã§ããã䜿çšããŠã¿ãŠçµæã調ã¹ãããšããå§ããŠã¿ãŸãããã ããŒãžæ§æ ã ããã㌠ãŸãã次ã®èŠçŽ ããæ§æãããŠãããããããŒããããŸãã l ããŒã :ãã®ã¢ã€ã³ã³ã䜿çšããŠãã¯ãªãã¯ããã£ã«ã¿ããã¹ãŠã¯ãªã¢ããŠæåã®ç¶æ ã«æ»ãã ãšãã§ããŸãã l åãž/次ãž:ãããã®ã¢ã€ã³ã³ã䜿çšããŠãå€æŽãèšå®ã®å±¥æŽãåãž (ãŸãã¯åŸããž) 移åã ãããšãã§ããŸããäžè¬ç㪠Web ãã©ãŠã¶ãšåæ§ã«æ©èœããŸãã l é²èŠ§å¯èœãªã¬ããŒã:ãã®ããããããŠã³ãªã¹ãã«ã¯ãä¿åãããã¬ããŒã (ããããã°) ãå« ããå©çšå¯èœãªãã¹ãŠã®ã¬ããŒãã¿ã€ããå«ãŸããŸããããã¯ããã©ã«ãã§ããµã€ããã«èšå®ã ããŠããŸãããWeb 䜿çšç¶æ³ã¬ããŒããããŒãžã®çµæããŒãã«ã¯ããã®ã¬ããŒãã¿ã€ãèšå®ã« çŽæ¥äŸåããŠããŸãã 484 UTM 9 管çã¬ã€ã 17 ãã°ãšã¬ããŒã 17.5 Webãããã¯ã·ã§ã³ 泚 â ãã£ã«ã¿ã䜿çšããŠã¬ããŒãã次ã ã«ã¯ãªãã¯ãããšããé²èŠ§å¯èœãªã¬ããŒããèšå®ãèª åçã«å€åããã®ã確èªã§ããŸããããã¯åžžã«ãææ°ã®ã¬ããŒãåºæºãåæ ãããŸãã æšæº:ã¬ããŒãã¿ã€ãã¯è€æ°ãããŸãã詳现ã¯ä»¥äžãåç §ããŠãã ããã ä¿åæžã¿ Web ã¬ããŒã:ããã§ã¯ãéå»ã«äœæãããä¿åããã Web ã¬ããŒããéžæã§ã㟠ãã l åé€:ä¿åããã Web ã¬ããŒããåé€ããã«ã¯ããã®ã¢ã€ã³ã³ãã¯ãªãã¯ããŸããæšæºã¬ããŒã ã¯åé€ã§ããŸããã l ä¿å:çŸåšã®ãã¥ãŒãä¿åããŠãåŸæ¥ãã®ãã¥ãŒã«ç°¡åã«ã¢ã¯ã»ã¹ã§ããããã«ããã«ã¯ãã ã®ã¢ã€ã³ã³ãã¯ãªãã¯ããŸããããã¯ãå©çšå¯èœãªã¬ããŒããããããããŠã³ãªã¹ãã«ä¿åãã㟠ãããã¬ããŒãã®éä¿¡ ããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ãããšããã®ã¬ããŒããåä¿¡ãã¹ãã¡ãŒ ã«åä¿¡è ã 1人以äžå ¥åããããšãã§ããŸãããŸããä¿åãããã¬ããŒããå®æçã«åä¿¡ã ãããšãã§ããŸãã詳ããã¯ãã¹ã±ãžã¥ãŒã«ãããã¬ããŒãããåç §ããŠãã ããã ãã£ã«ã¿ã㌠次ã«ã次ã®èŠçŽ ããæ§æãããŠãããã£ã«ã¿ããŒããããŸãã l ãã©ã¹ (+):ãã®ã¢ã€ã³ã³ãã¯ãªãã¯ããŠãè¿œå ã®ãã£ã«ã¿ãäœæããŸãã詳现ã¯ä»¥äžãåç §ã㊠ãã ããã l 件æ°:ããããããŠã³ãªã¹ãã䜿çšããŠãããŒãã«ã«è¡šç€ºãããçµæãæžããããšãã§ããŸãã çµæããäžäœ 10件ã50件ã100件ã®çµæã«å¶éããããšãã§ããŸãã l æå»:ããããããŠã³ãªã¹ãã䜿çšããŠãããŒãã«ã«è¡šç€ºãããçµæããç¹å®ã®æéæ å ã®çµ æã«çµã蟌ããåºããããšãã§ããŸãããã«ã¹ã¿ã ãã¿ã€ã ãã¬ãŒã ãéžæãããšãç¬èªã®æé æ ãæå®ã§ããŸãã l éšé:ããããããŠã³ãªã¹ãã䜿çšããŠãããŒãã«ã«è¡šç€ºãããçµæããæå®ããéšéã«çµã蟌 ãããšãã§ããŸããéšéã¯ãéšé ãããŒãžã§äœæã§ããŸãã çµæããŒãã« æåŸã«ãçµæããŒãã«ããããŸããããã«è¡šç€ºãããçµæã¯ã第äžã«ãéžæããã¬ããŒãã¿ã€ãã«äŸ åã (ãå©çšå¯èœãªã¬ããŒãããªã¹ãã«åžžã«åæ )ã第äºã«ãå®çŸ©ãããã£ã«ã¿ã«äŸåããŸãã 泚 â å¿ååãæå¹ã«ãããšããŠãŒã¶ã¯ååã IP ã¢ãã¬ã¹ã§è¡šç€ºããã代ããã«ãæ°å€ã§åæã ããŸãã ã¬ããŒãã¿ã€ãã«å¿ããŠãããŒãã«ã«ã¯ç°ãªãæ å ±ã衚瀺ãããŸãã UTM 9 管çã¬ã€ã 485 17.5 Webãããã¯ã·ã§ã³ ãŠãŒã¶ 17 ãã°ãšã¬ããŒã ã«ããŽãª ãµã€ã ãã¡ã€ã³ URL äžæžã # ãã©ãã£ã㯠% æé ããŒãž ãªã¯ãšã¹ã ãŠãŒã¶ ãµã€ã ã«ããŽãª* ã¢ã¯ã·ã§ã³* çç±* æ å ±* * = ãããã®ã»ã«ãã¯ãªãã¯ããŠãæ å ±ãããã«ããªã«ããŠã³ã§ããŸãã #:çºçãããã©ãã£ãã¯ã«é¢ããé äœã ãã©ãã£ãã¯:çºçãããã©ãã£ãã¯ã®ãµã€ãºã %:ãã©ãã£ãã¯å šäœã«å¯Ÿããå²åã æé:ãŠãŒã¶ã Web ãµã€ãã«æ»åšããæéã ããŒãž:èŠæ±ãããããŒãžæ° èŠæ±:ã«ããŽãªããµã€ãããã¡ã€ã³ããŸã㯠URL å¥ã®èŠæ±æ°ã ãŠãŒã¶:ãããã¯ãåé¿ãããŠãŒã¶åãå¿ååãæå¹ã«ãããšãuser_# ã衚瀺ãããŸãã ãµã€ã:ãããã¯ãåé¿ããããµã€ãã ã«ããŽãª:ãã URL ãå±ãããã¹ãŠã®ã«ããŽãªã衚瀺ãããŸããã«ããŽãªãè€æ°ååšããå Žåãã«ã ãŽãªãã¯ãªãã¯ãããšå°ãããã€ã¢ãã°ãã£ãŒã«ããéããããããã®ã«ããŽãªãéžæã§ããŸãããã® ã«ããŽãªã«åºã¥ããŠãã£ã«ã¿ãäœæãããŸãã ã¢ã¯ã·ã§ã³:Web ãµã€ããã¯ã©ã€ã¢ã³ãã«é ä¿¡ãããã (é ä¿¡æžã¿ )ãã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã«ã«ãŒ ã«ã«ãã£ãŠ ããã㯠ããããããŸãã¯ãããã¯ã®åé¿æ©èœã䜿çšããŠãŠãŒã¶ããããã¯ãããããŒãž ãžã¢ã¯ã»ã¹ããã (ãªãŒããŒã©ã€ã ) ã衚瀺ããŸãã çç±:Web ãµã€ãèŠæ±ããããã¯ãŸãã¯ãªãŒããŒã©ã€ããããçç±ã衚瀺ããŸããäŸ:ãŠãŒã¶ã msi ãã¡ã€ã«ã®ããŠã³ããŒããè©Šè¡ãããã¡ã€ã«è»¢éãçŠæ¢ããã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã«ã«ãŒã«ã 486 UTM 9 管çã¬ã€ã 17 ãã°ãšã¬ããŒã 17.5 Webãããã¯ã·ã§ã³ ãã£ãå Žåãã»ã«ã«çç±ããmsiããšè¡šç€ºãããŸãããªãŒããŒã©ã€ããããããŒãžã®å ŽåããŠãŒã¶ã« ãã£ãŠå ¥åãããçç±ã衚瀺ãããŸãã æ å ±:å©çšå¯èœãªå Žåããã®ã»ã«ã«ã¯ Web ãµã€ãèŠæ±ããããã¯ãããçç±ã瀺ãè¿œå æ å ±ãè¡š 瀺ãããŸã (äŸ: ãã¡ã€ã«ããŠã³ããŒããæ¡åŒµåã«åºã¥ããŠãããã¯ãããå Žåãã»ã«ã«ã¯ãæ¡åŒµåã ãšè¡šç€ºãããŸã)ã ãã£ã«ã¿ã®å®çŸ© ãã£ã«ã¿ã¯ãçµæããŒãã«ã«è¡šç€ºãããæ å ±ãããªã«ããŠã³ããããã«äœ¿çšãããŸãã2ãšããã®å® 矩æ¹æ³ããããŸãããã£ã«ã¿ããŒã®ã+ãã¢ã€ã³ã³ãã¯ãªãã¯ããããããŒãã«ãã¯ãªãã¯ããŸãã ã+ãã¢ã€ã³ã³ã䜿çšããå Žå:ãã£ã«ã¿ããŒã§ç·ã®ã+ãã¢ã€ã³ã³ãã¯ãªãã¯ãããšããã£ãŒã«ãã 2ã€ãã å°ãããã£ã«ã¿ããŒã衚瀺ãããŸãã1çªç®ã®ãã£ãŒã«ãã®ããããããŠã³ãªã¹ãã䜿çšãããšã㬠ããŒãã¿ã€ããéžæã§ããŸã (ãã«ããŽãªããªã©)ã2çªç®ã®ãã£ãŒã«ãã䜿çšãããšãéžæããã¬ããŒãã¿ ã€ãã®å€ãéžæãããå ¥åããããšãã§ããŸã (äŸ:ãã«ããŽãªããéžãã å Žåããæ人åãããã㯠ã㪠ã©)ããä¿å ããã¯ãªãã¯ããŠãã£ã«ã¿ãä¿åããçµæããŒãã«ã«é©çšãŸãã ããŒãã«ã䜿çšããå Žå:ããŒãã«ãã¯ãªãã¯ããã¯ãªãã¯ããã¢ã€ãã ã«è€æ°ã®ã¬ããŒãã¿ã€ãããã å Žåã¯ããã¬ããŒãæ¹å ããéããŸãã衚瀺ãããããããã®ãªãã·ã§ã³ããã£ã«ã¿çšã«éžæããå¿ èŠããããŸãããã¬ããŒãæ¹å ããŠã£ã³ããŠãéãããšãé¢é£ãã£ã«ã¿ãäœæããããã£ã«ã¿ããŒã«è¡šç€º ãããŸããçµæããŒãã«ã«ãæ°ãã«ãã£ã«ã¿ãããçµæã衚瀺ãããŸãã äŸ:ãWeb 䜿çšç¶æ³ ã¬ããŒããã®ããã©ã«ãã¬ããŒãã¯ããµã€ããã§ããçµæããŒãã«ã§ãä»»æã®è¡ã㯠ãªãã¯ããŸã (äŸ:ãamazon.comã)ããã¬ããŒãæ¹å ããŠã£ã³ããŠãéãã3ã€ã®ãªãã·ã§ã³ãæ瀺ãã㟠ãããµã€ãã® ãã¡ã€ã³ã«é¢ããæ å ±ããµã€ãã蚪åãããŠãŒã¶ ã«é¢ããæ å ±ããµã€ããå±ããã«ããŽãª ã«é¢ããæ å ±ã®ãããããåç §ããããšãã§ããŸããè€æ°ã®ãŠãŒã¶ããamazon.comãã蚪åããã ãšãããããŸãããããã«è©³çŽ°ã確èªããããã«ãããŠãŒã¶ ãããã¯ã¹ãã¯ãªãã¯ããŸãããŠã£ã³ããŠã éããŸãããããããŒã§ã¯ã¬ããŒãã¿ã€ããããŠãŒã¶ ãã«å€ããããã£ã«ã¿ããŒã§ã¯ããŠãŒã¶ ãã®çµæ ããŒãã«ãéžæãããµã€ã (ãamazon.comã) ã«ãã£ãŠãã£ã«ã¿ãããããšã確èªã§ããŸããããã㣠ãŠãããŒãã«ã«ã¯ãã®ãµã€ãã蚪åãããã¹ãŠã®ãŠãŒã¶ãšããããã®ã»ãã·ã§ã³ã«é¢ããè¿œå æ å ±ã 衚瀺ãããŸãã 泚 â äžéšã®ããŒãã«ã»ã«ã«ã¯ç¬èªã®ãã£ã«ã¿ããããã (äžã®ãçµæããŒãã« ãã»ã¯ã·ã§ã³ã§ã¢ã¹ ã¿ãªã¹ã¯ (*) ã®ä»ããã¢ã€ãã )ãã¯ãªãã¯ããããŒãã«è¡ã«ãã£ãŠçµæãç°ãªãå ŽåããããŸãã 17.5.2 æ€çŽ¢ãšã³ãžã³ã¬ããŒã ããã°ãšã¬ããŒã > Web ãããã¯ã·ã§ã³ > æ€çŽ¢ãšã³ãžã³ã¬ããŒããããŒãžã«ã¯ããŠãŒã¶ã䜿çšããŠãã æ€çŽ¢ãšã³ãžã³ããŠãŒã¶ãè¡ã£ãæ€çŽ¢ã«é¢ããæ å ±ã衚瀺ãããŸããäžèŠãããšãã®ããŒãžã¯éåžž UTM 9 管çã¬ã€ã 487 17.5 Webãããã¯ã·ã§ã³ 17 ãã°ãšã¬ããŒã ã«é£è§£ã§ããã䜿çšããŠã¿ãŠçµæã調ã¹ãããšããå§ããŠã¿ãŸãããã ããŒãžæ§æ ã ããã㌠ãŸãã次ã®èŠçŽ ããæ§æãããŠãããããããŒããããŸãã l ããŒã :ãã®ã¢ã€ã³ã³ã䜿çšããŠãã¯ãªãã¯ããã£ã«ã¿ããã¹ãŠã¯ãªã¢ããŠæåã®ç¶æ ã«æ»ãã ãšãã§ããŸãã l åãž/次ãž:ãããã®ã¢ã€ã³ã³ã䜿çšããŠãå€æŽãèšå®ã®å±¥æŽãåãž (ãŸãã¯åŸããž) 移åã ãããšãã§ããŸããäžè¬ç㪠Web ãã©ãŠã¶ãšåæ§ã«æ©èœããŸãã l é²èŠ§å¯èœãªã¬ããŒã:ãã®ããããããŠã³ãªã¹ãã«ã¯ãä¿åãããã¬ããŒã (ããããã°) ãå« ããå©çšå¯èœãªãã¹ãŠã®ã¬ããŒãã¿ã€ããå«ãŸããŸããããã¯ããã©ã«ãã§ãæ€çŽ¢ ãã«èšå®ã ããŠããŸãããæ€çŽ¢ãšã³ãžã³ã¬ããŒããããŒãžã®çµæããŒãã«ã¯ããã®ã¬ããŒãã¿ã€ãèšå®ã«çŽ æ¥äŸåããŠããŸãã 泚 â ãã£ã«ã¿ã䜿çšããŠã¬ããŒãã次ã ã«ã¯ãªãã¯ãããšããé²èŠ§å¯èœãªã¬ããŒããèšå®ãèª åçã«å€åããã®ã確èªã§ããŸããããã¯åžžã«ãææ°ã®ã¬ããŒãåºæºãåæ ãããŸãã æšæº:ã¬ããŒãã¿ã€ã㯠3çš®é¡ãããŸãã詳现ã¯ä»¥äžãåç §ããŠãã ããã ä¿åãããæ€çŽ¢ãšã³ãžã³ã¬ããŒã:ããã§ã¯ãéå»ã«äœæãããä¿åãããæ€çŽ¢ãšã³ãžã³ã¬ ããŒããéžæã§ããŸãã l åé€:ä¿åãããæ€çŽ¢ãšã³ãžã³ã¬ããŒããåé€ããã«ã¯ããã®ã¢ã€ã³ã³ãã¯ãªãã¯ããŸããæšæº ã¬ããŒãã¯åé€ã§ããŸããã l ä¿å:çŸåšã®ãã¥ãŒãä¿åããŠãåŸæ¥ãã®ãã¥ãŒã«ç°¡åã«ã¢ã¯ã»ã¹ã§ããããã«ããã«ã¯ãã ã®ã¢ã€ã³ã³ãã¯ãªãã¯ããŸããããã¯ãå©çšå¯èœãªã¬ããŒããããããããŠã³ãªã¹ãã«ä¿åãã㟠ãããã¬ããŒãã®éä¿¡ ããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ãããšããã®ã¬ããŒããåä¿¡ãã¹ãã¡ãŒ ã«åä¿¡è ã 1人以äžå ¥åããããšãã§ããŸãããŸããä¿åãããã¬ããŒããå®æçã«åä¿¡ã ãããšãã§ããŸãã詳ããã¯ãã¹ã±ãžã¥ãŒã«ãããã¬ããŒãããåç §ããŠãã ããã ãã£ã«ã¿ã㌠次ã«ã次ã®èŠçŽ ããæ§æãããŠãããã£ã«ã¿ããŒããããŸãã l 488 ãã©ã¹ (+):ãã®ã¢ã€ã³ã³ãã¯ãªãã¯ããŠãè¿œå ã®ãã£ã«ã¿ãäœæããŸãã詳现ã¯ä»¥äžãåç §ã㊠ãã ããã UTM 9 管çã¬ã€ã 17 ãã°ãšã¬ããŒã 17.5 Webãããã¯ã·ã§ã³ l 件æ°:ããããããŠã³ãªã¹ãã䜿çšããŠãããŒãã«ã«è¡šç€ºãããçµæãæžããããšãã§ããŸãã çµæããäžäœ 10件ã50件ã100件ã®çµæã«å¶éããããšãã§ããŸãã l æå»:ããããããŠã³ãªã¹ãã䜿çšããŠãããŒãã«ã«è¡šç€ºãããçµæããç¹å®ã®æéæ å ã®çµ æã«çµã蟌ããåºããããšãã§ããŸãããã«ã¹ã¿ã ãã¿ã€ã ãã¬ãŒã ãéžæãããšãç¬èªã®æé æ ãæå®ã§ããŸãã l éšé:ããããããŠã³ãªã¹ãã䜿çšããŠãããŒãã«ã«è¡šç€ºãããçµæããæå®ããéšéã«çµã蟌 ãããšãã§ããŸããéšéã¯ãéšé ãããŒãžã§äœæã§ããŸãã çµæããŒãã« æåŸã«ãçµæããŒãã«ããããŸããããã«è¡šç€ºãããçµæã¯ã第äžã«ãéžæããã¬ããŒãã¿ã€ãã«äŸ åã (ãå©çšå¯èœãªã¬ããŒãããªã¹ãã«åžžã«åæ ) ã第äºã«ãå®çŸ©ãããã£ã«ã¿ã«äŸåããŸãã次ã®ã¬ ããŒãã¿ã€ãã䜿çšã§ããŸãã l æ€çŽ¢:ãŠãŒã¶ã䜿çšããæ€çŽ¢æååã衚瀺ããŸãã l æ€çŽ¢ãšã³ãžã³:ãŠãŒã¶ã䜿çšããæ€çŽ¢ãšã³ãžã³ã衚瀺ããŸãã l ãŠãŒã¶ã®æ€çŽ¢:æ€çŽ¢ãè¡ã£ããŠãŒã¶ã衚瀺ããŸãã 泚 â å¿ååãæå¹ã«ãããšããŠãŒã¶ã¯ååã IP ã¢ãã¬ã¹ã§è¡šç€ºããã代ããã«ãæ°å€ã§åæã ããŸãã ããããã®ã¬ããŒãã¿ã€ãã«å¯ŸããŠãããŒãã«ã«ã¯ä»¥äžã®æ å ±ã衚瀺ãããŸãã #:é »åºŠã«é¢ããé äœã èŠæ±:æ€çŽ¢æååãæ€çŽ¢ãšã³ãžã³ããŠãŒã¶å¥ã®èŠæ±åæ°ã %:æ€çŽ¢å šäœã«å¯Ÿããå²åã ãã£ã«ã¿ã®å®çŸ© ãã£ã«ã¿ã¯ãçµæããŒãã«ã«è¡šç€ºãããæ å ±ãããªã«ããŠã³ããããã«äœ¿çšãããŸãã2ãšããã®å® 矩æ¹æ³ããããŸãããã£ã«ã¿ããŒã®ã+ãã¢ã€ã³ã³ãã¯ãªãã¯ããããããŒãã«ãã¯ãªãã¯ããŸãã ã+ãã¢ã€ã³ã³ã䜿çšããå Žå:ãã£ã«ã¿ããŒã§ç·ã®ã+ãã¢ã€ã³ã³ãã¯ãªãã¯ãããšããã£ãŒã«ãã 2ã€ãã å°ãããã£ã«ã¿ããŒã衚瀺ãããŸãã1çªç®ã®ãã£ãŒã«ãã®ããããããŠã³ãªã¹ãã䜿çšãããšã㬠ããŒãã¿ã€ããéžæã§ããŸã (ãæ€çŽ¢ãšã³ãžã³ããªã©)ã2çªç®ã®ãã£ãŒã«ãã䜿çšãããšãéžæãã㬠ããŒãã¿ã€ãã®å€ãéžæãããå ¥åããããšãã§ããŸã (äŸ:ãæ€çŽ¢ãšã³ãžã³ããéžãã å ŽåããGoogle (google.com)ããªã©)ããä¿å ããã¯ãªãã¯ããŠãã£ã«ã¿ãä¿åããçµæããŒãã«ã«é©çšããŸãã UTM 9 管çã¬ã€ã 489 17.5 Webãããã¯ã·ã§ã³ 17 ãã°ãšã¬ããŒã ããŒãã«ã䜿çšããå Žå:ããŒãã«ãã¯ãªãã¯ããã¯ãªãã¯ããã¢ã€ãã ã«è€æ°ã®ã¬ããŒãã¿ã€ãããã å Žåã¯ããã¬ããŒãæ¹å ããéããŸãã衚瀺ãããããããã®ãªãã·ã§ã³ããã£ã«ã¿çšã«éžæããå¿ èŠããããŸãããã¬ããŒãæ¹å ããŠã£ã³ããŠãéãããšãé¢é£ãã£ã«ã¿ãäœæããããã£ã«ã¿ããŒã«è¡šç€º ãããŸããçµæããŒãã«ã«ãæ°ãã«ãã£ã«ã¿ãããçµæã衚瀺ãããŸãã äŸ:ãæ€çŽ¢ãšã³ãžã³ã¬ããŒããã®ããã©ã«ãã¬ããŒãã¯ãæ€çŽ¢ ãã§ããçµæããŒãã«ã§ãä»»æã®è¡ã㯠ãªãã¯ããŸã (äŸ:ã倩æ°ã)ããã¬ããŒãæ¹å ããŠã£ã³ããŠãéãã2ã€ã®ãªãã·ã§ã³ãæ瀺ãããŸããæ€çŽ¢ ã«å¯ŸããŠäœ¿çšãããæ€çŽ¢ãšã³ãžã³ã«é¢ããæ å ±ã衚瀺ããã (ãæ€çŽ¢ãšã³ãžã³ã)ããã®æååãæ€ çŽ¢ãããŠãŒã¶ã«é¢ããæ å ±ã衚瀺ããŸã (ããŠãŒã¶æ€çŽ¢ ã)ãè€æ°ã®ãŠãŒã¶ãã倩æ°ãã«ã€ããŠæ€çŽ¢ã ãããšãããããŸãããããã«è©³çŽ°ã確èªããããã«ãããŠãŒã¶æ€çŽ¢ ãããã¯ã¹ãã¯ãªãã¯ããŸãããŠã£ ã³ããŠãéããŸãããããããŒã§ã¬ããŒãã¿ã€ããããŠãŒã¶æ€çŽ¢ ãã«å€ããããã£ã«ã¿ããŒã§ããŠãŒã¶ æ€çŽ¢ ãã®çµæããŒãã«ãéžæããæ€çŽ¢æåå (ã倩æ°ã) ã«ãã£ãŠãã£ã«ã¿ãããããšã確èªã§ã㟠ãããããã£ãŠãããŒãã«ã«ã¯ã倩æ°ãã«ã€ããŠæ€çŽ¢ãããã¹ãŠã®ãŠãŒã¶ãšããããã®æ€çŽ¢ã«é¢ãã è¿œå æ å ±ã衚瀺ãããŸãã 17.5.3 éšé ããã°ãšã¬ããŒã > Web ãããã¯ã·ã§ã³ > éšé ãããŒãžã§ã¯ããŠãŒã¶ãŸãã¯ãã¹ãããã³ãããã¯ãŒã¯ã ä»®æ³éšéã«ã°ã«ãŒãåããããšãã§ããŸãã次ã«ããããã®éšéã䜿çšã㊠Web 䜿çšç¶æ³ã¬ããŒã ãæ€çŽ¢ãšã³ãžã³ã¬ããŒãããã£ã«ã¿ããããšãã§ããŸãã éšéãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãéšé ãã¿ãã§ããéšéã®è¿œå ããã¯ãªãã¯ããŸãã ãæ°èŠéšéã®è¿œå ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. ååãå ¥åããŸãã ãåå ããã£ãŒã«ãã«ãéšéã説æããååãå ¥åããŸãã 3. ãŠãŒã¶ãŸãã¯ãã¹ã/ãããã¯ãŒã¯ãè¿œå ããŸãã éšéã®å®çŸ©ã«ã¯ããŠãŒã¶ãšãã¹ã/ãããã¯ãŒã¯ã®ããããããå«ããããšãã§ãããäž¡æ¹ã åæã«å«ããããšã¯ã§ããŸããã l ãŠãŒã¶:ãã®éšéã«å ãããŠãŒã¶ã 1人以äžããã¯ã¹ã«è¿œå ããŸãã l ãã¹ã/ãããã¯ãŒã¯:ãã®éšéã«å ãããã¹ããŸãã¯ãããã¯ãŒã¯ã 1ã€ä»¥äžããã¯ã¹ã« è¿œå ããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 4. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããéšéããéšé ããªã¹ãã«è¡šç€ºãããŸãã éšéãç·šéãåé€ããŸãã¯è€è£œããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸãã 490 UTM 9 管çã¬ã€ã 17 ãã°ãšã¬ããŒã 17.5 Webãããã¯ã·ã§ã³ éšéã®äœ¿çšã«ã€ããŠè©³ããã¯ããWeb 䜿çšç¶æ³ã¬ããŒãããšãæ€çŽ¢ãšã³ãžã³ã¬ããŒããã®ã»ã¯ã·ã§ã³ãå ç §ããŠãã ããã 17.5.4 ã¹ã±ãžã¥ãŒã«ã¬ããŒã ããã°ãšã¬ããŒã > Web ãããã¯ã·ã§ã³ > ã¹ã±ãžã¥ãŒã«ã¬ããŒããããŒãžã§ã¯ãå®æçã«ã¡ãŒã«ã§éä¿¡ ãããä¿åæžã¿ã¬ããŒããå®çŸ©ããããšãã§ããŸããã¹ã±ãžã¥ãŒã«ã¬ããŒããäœæããããã«ã¯ãã ããããä¿åæžã¿ã®ã¬ããŒããå°ãªããšã 1ã€å¿ èŠã§ã (ã¬ããŒãã®ä¿åã«ã€ããŠã¯ããWeb 䜿çšç¶ æ³ã¬ããŒãããŸãã¯ãæ€çŽ¢ãšã³ãžã³ã¬ããŒããã®ã»ã¯ã·ã§ã³ãåç §)ã ã¹ã±ãžã¥ãŒã«ã¬ããŒããäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãã¹ã±ãžã¥ãŒã«ã¬ããŒããã¿ãã§ããã¹ã±ãžã¥ãŒã«ã¬ããŒãã®è¿œå ããã¯ãªãã¯ããŸãã ãæ°èŠã¹ã±ãžã¥ãŒã«ã¬ããŒãã®è¿œå ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 2. 次ã®èšå®ãè¡ããŸãã åå:ã¹ã±ãžã¥ãŒã«ã¬ããŒãã説æããååãå ¥åããŸãã éé:ããããããŠã³ãªã¹ããããã¬ããŒããéä¿¡ããééãéžæããŸãã ã¬ããŒã:ä¿åããããã¹ãŠã®ã¬ããŒããããã«è¡šç€ºãããŸããéžæããééã§éä¿¡ããå㬠ããŒãã®åã«ãããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŠãã ããã åä¿¡è :éžæããã¬ããŒããåä¿¡ããåä¿¡è ãããã¯ã¹ã«è¿œå ããŸããã€ã³ããŒããã¿ã³ã䜿 çšããŠåä¿¡è ã®ãªã¹ããè¿œå ããããšãã§ããŸãã ã³ã¡ã³ã (ä»»æ):説æãªã©ã®æ å ±ãè¿œå ããŸãã 3. ãä¿å ããã¯ãªãã¯ããŸãã æ°ããã¹ã±ãžã¥ãŒã«ãããã¬ããŒãããã¹ã±ãžã¥ãŒã«ã¬ããŒãããªã¹ãã«è¡šç€ºãããŸãã ã¹ã±ãžã¥ãŒã«ã¬ããŒããç·šéãåé€ããŸãã¯è€è£œããã«ã¯ã察å¿ãããã¿ã³ãã¯ãªãã¯ããŸããã¹ã± ãžã¥ãŒã«ã¬ããŒãèªäœãåé€ããã«ã¬ããŒãã®éä¿¡ãç¡å¹åããã«ã¯ãã¬ããŒãã®ãã°ã«ã¹ã€ãã ã䜿çšããŸãã 17.5.5 ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã« ããã°ãšã¬ããŒã > Web ãããã¯ã·ã§ã³ > ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã« ãããŒãžã«ã¯ãæ§ã ãªæéã«ã ããæãã¢ã¯ãã£ããªéä¿¡å ãæã蚪åãé »ç¹ãªå®å ãæã人æ°ã®é«ãã¢ããªã±ãŒã·ã§ã³ã«ã€ã㊠ã®ç·åçãªçµ±èšã衚瀺ãããŸãã æåã®ããããããŠã³ãªã¹ãããã衚瀺ããããŒã¿ã®ã¿ã€ããéžæããŸã (äŸ: äžäœéä¿¡å ã äžäœã¢ ããªã±ãŒã·ã§ã³ãªã©)ã å¿ èŠãªãšã³ããªãéžæããè¿œå ã§ããã¯ã¹ã衚瀺ãããå Žåã¯ã該åœããã UTM 9 管çã¬ã€ã 491 17.5 Webãããã¯ã·ã§ã³ 17 ãã°ãšã¬ããŒã ãã£ã«ã¿ã®æ¡ä»¶ãæå®ããŸãããŸãã¯ãäžéšã«ããããããããŠã³ãªã¹ãã䜿çšããŠãæå»ã«ãã£ãŠãš ã³ããªããã£ã«ã¿ãªã³ã°ã§ããŸãããã£ã«ã¿ãé©çšããã«ã¯ããã®ã€ã©ãæŽæ° ããã¿ã³ãã¯ãªãã¯ããŸãã ããã©ã«ãã§ã¯ã1ããŒãžããã 20件衚瀺ãããŸãããããè¶ ããæ°ã®ãšã³ããªãããå Žåã¯ãã次 ãžã/ãæ»ããã¢ã€ã³ã³ã䜿çšããŠååŸã®ããŒãžã«ç§»åã§ããŸãããè¡æ° ãããããããŠã³ãªã¹ãã§ã1 ããŒãžã«è¡šç€ºãããšã³ããªã®æ°ãå€æŽã§ããŸãã ã¿ãå³äžé ã®å¯Ÿå¿ããã¢ã€ã³ã³ãã¯ãªãã¯ãããšãããŒã¿ã PDF ããã㯠Excel 圢åŒã§ããŠã³ããŒã ã§ããŸããã¬ããŒãã¯ãçŸåšéžæãããŠãããã¥ãŒ (衚瀺) ããçæãããŸããããã«ããåã°ã©ãã㢠ã€ã³ã³ã衚瀺ãããŠããå Žåããããã¯ãªãã¯ãããšãè¡šã®äžã«åã°ã©ãã衚瀺ãããŸãã è¡šã®åã®ããããã¯ãªãã¯ãããšããã¹ãŠã®ããŒã¿ã䞊ã¹æ¿ããããšãã§ããŸãã æãã¢ã¯ãã£ããªéä¿¡å ã¯ããã«ã¯è¡šã«è¡šç€ºããããã»ãã·ã§ã³ã¿ã€ã ã¢ãŠãã®çºçåŸã«è¡šç€ºãã ãŸããããšãã°ãç¹å®ã¯ã©ã€ã¢ã³ã (ãŠãŒã¶åãŸã㯠IP ã¢ãã¬ã¹) ã 5åéWeb ãµãŒãã£ã³ãåæ¢ãã ãšããŸãããã®å ŽåãUTMã¯ãã®ãµãŒãã£ã³ã»ãã·ã§ã³ããããã (dead)ããšå€æããæãã¢ã¯ãã£ããªé ä¿¡å ãªã¹ãã«è¡šç€ºããåã«ããŒã¿ããŒã¹ã«éããŸãã ããã«ããã¢ããªã±ãŒã·ã§ã³å¥ ããããã¯ãéä¿¡å å¥ ãã䜿çšããã¬ããŒããéžæã§ããŸããç¶ããŠãã㣠ã«ã¿ãã£ãŒã«ãã衚瀺ãããŸããããã«ãæ±ããã¢ããªã±ãŒã·ã§ã³ãéä¿¡å ãå ¥åãããæŽæ° ãã㯠ãªãã¯ããŠèšå®ã確èªããå¿ èŠããããŸããè¡šã«ã¯ãæå®ããã¢ããªã±ãŒã·ã§ã³ãŸãã¯éä¿¡å ã§ã㣠ã«ã¿ãããçµæã衚瀺ãããŸã (ããããã°)ã ããŒã»ã³ãèšå· (%) ãã¯ã€ã«ãã«ãŒããšããŠäœ¿çšã§ããŸããããŒã¯ãŒãæ«å°Ÿã«ããŒã»ã³ãèšå·ãä»ã ãå Žåã¯ãå®å šäžèŽãŸãã¯éšåäžèŽãæ€çŽ¢ããããã«Sophos UTMã«æ瀺ããããšã«ãªããŸããã㣠ã«ã¿ãã£ãŒã«ãã§ã¯å€§æåãšå°æåãåºå¥ãããŸããäŸ:ãã¢ããªã±ãŒã·ã§ã³ããã£ãŒã«ãã«ãGoogle%ã ãšå ¥åãããšãè¡šã«ã¯ãGoogle Safe BrowsingãããGoogle AnalyticsãããGoogleããªã©ã衚瀺ãããŸã ãããgoogleãã¯è¡šç€ºãã ãŸããã 17.5.6 éå¿åå ãWeb ãããã¯ã·ã§ã³ > éå¿åå ãã¿ãã¯ãå¿ååãæå¹ã«ãªã£ãŠããå Žåã®ã¿ã¢ã¯ã»ã¹å¯èœã§ã (ããã°ãšã¬ããŒã > ã¬ããŒãã£ã³ã°èšå® > å¿åå ããåç §)ã ããã§ã¯ãWeb ãããã¯ã·ã§ã³ã¬ããŒãã«é¢ããç¹å®ãŠãŒã¶ã®å¿ååããããããšãã§ããŸãã次㮠æé ã§å®è¡ããŸãã 1. äž¡æ¹ã®ãã¹ã¯ãŒããå ¥åããŸãã å¿ååãæå¹ã«ããããã«æå®ãã1çªç®ãš2çªç®ã®ãã¹ã¯ãŒããå ¥åããŸãã 2. éå¿ååã«ãããŠãŒã¶ãè¿œå ããŸãã ããŠãŒã¶ã®éå¿åå ãããã¯ã¹ã«ãéå¿åã«ãããŠãŒã¶ã®ãŠãŒã¶åãè¿œå ããŸãã 492 UTM 9 管çã¬ã€ã 17 ãã°ãšã¬ããŒã 17.6 Eã¡ãŒã«ãããã¯ã·ã§ã³ 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã 17.6 Eã¡ãŒã«ãããã¯ã·ã§ã³ ããã°ãšã¬ããŒã > Eã¡ãŒã«ãããã¯ã·ã§ã³ãã¡ãã¥ãŒã®ã¿ãã«ã¯ãã¡ãŒã«ãããŒãã¡ãŒã«äœ¿çšç¶æ³ããã ã³Eã¡ãŒã«ãããã¯ã·ã§ã³ã«ã€ããŠã®æŠèŠçãªçµ±èšã衚瀺ãããŸãã 17.6.1 䜿çšç¶æ³ã°ã©ã ãEã¡ãŒã«ãããã¯ã·ã§ã³ > 䜿çšç¶æ³ã°ã©ã ãã¿ãã«ã¯ãããŸããŸãªæéæ å ã«UTMãééããã¡ãŒã« ãããŒã®æŠèŠçãªçµ±èšã衚瀺ãããŸãã l ãã€ãªãŒ l ãŠã£ãŒã¯ãªãŒ l ãã³ã¹ãªãŒ l 幎次 17.6.2 ã¡ãŒã«äœ¿çšç¶æ³ ãEã¡ãŒã«ãããã¯ã·ã§ã³ > ã¡ãŒã«äœ¿çšç¶æ³ ãã¿ãã«ã¯ãããŸããŸãªæé垯ã§æãã¢ã¯ãã£ãã«äœ¿çšã ããã¡ãŒã«ã¢ãã¬ã¹ãã¢ãã¬ã¹ãã¡ã€ã³ã«é¢ããå æ¬çãªçµ±èšã衚瀺ãããŸãã æåã®ããããããŠã³ãªã¹ãããã衚瀺ããããŒã¿ã®ã¿ã€ããéžæããŸã (äŸ: äžäœéä¿¡è ã äžäœãã¡ ã€ã³ãªã©)ã å¿ èŠãªãšã³ããªãéžæããè¿œå ã§ããã¯ã¹ã衚瀺ãããå Žåã¯ã該åœããããã£ã«ã¿ã® æ¡ä»¶ãæå®ããŸãããŸãã¯ãäžéšã«ããããããããŠã³ãªã¹ãã䜿çšããŠãæå»ã«ãã£ãŠãšã³ããªã ãã£ã«ã¿ãªã³ã°ã§ããŸãããã£ã«ã¿ãé©çšããã«ã¯ããã®ã€ã©ãæŽæ° ããã¿ã³ãã¯ãªãã¯ããŸãã ããã©ã«ãã§ã¯ã1ããŒãžããã 20件衚瀺ãããŸãããããè¶ ããæ°ã®ãšã³ããªãããå Žåã¯ãã次 ãžã/ãæ»ããã¢ã€ã³ã³ã䜿çšããŠååŸã®ããŒãžã«ç§»åã§ããŸãããè¡æ° ãããããããŠã³ãªã¹ãã§ã1 ããŒãžã«è¡šç€ºãããšã³ããªã®æ°ãå€æŽã§ããŸãã è¡šã®åã®ããããã¯ãªãã¯ãããšããã¹ãŠã®ããŒã¿ã䞊ã¹æ¿ããããšãã§ããŸãã ã¿ãå³äžé ã®å¯Ÿå¿ããã¢ã€ã³ã³ãã¯ãªãã¯ãããšãããŒã¿ã PDF ããã㯠Excel 圢åŒã§ããŠã³ããŒã ã§ããŸããã¬ããŒãã¯ãçŸåšéžæãããŠãããã¥ãŒ (衚瀺) ããçæãããŸããããã«ããåã°ã©ãã㢠ã€ã³ã³ã衚瀺ãããŠããå Žåããããã¯ãªãã¯ãããšãè¡šã®äžã«åã°ã©ãã衚瀺ãããŸãã UTM 9 管çã¬ã€ã 493 17.6 Eã¡ãŒã«ãããã¯ã·ã§ã³ 17 ãã°ãšã¬ããŒã 17.6.3 ãããã¯ã¡ãŒã« ãEã¡ãŒã«ãããã¯ã·ã§ã³ > ãããã¡ãŒã« ãã¿ãã«ã¯ãã¢ã³ããŠã€ã«ã¹ããã³ã¢ã³ãã¹ãã ã«ãã£ãŠã ããã¯ããããã¹ãŠã®ã¡ãŒã«èŠæ±ã«é¢ããå æ¬çãªçµ±èšã衚瀺ãããŸãã æåã®ããããããŠã³ãªã¹ãããã衚瀺ããããŒã¿ã®ã¿ã€ããéžæããŸã (äŸ: äžäœã¹ãã ãããã¯å€ å®çç± ã äžäœãããã¯ãã«ãŠã§ã¢ ãªã©)ã å¿ èŠãªãšã³ããªãéžæããè¿œå ã§ããã¯ã¹ã衚瀺ãããå Ž åã¯ã該åœããããã£ã«ã¿ã®æ¡ä»¶ãæå®ããŸãããŸãã¯ãäžéšã«ããããããããŠã³ãªã¹ãã䜿çšã ãŠãæå»ã«ãã£ãŠãšã³ããªããã£ã«ã¿ãªã³ã°ã§ããŸãããã£ã«ã¿ãé©çšããã«ã¯ããã®ã€ã©ãæŽæ° ããã¿ ã³ãã¯ãªãã¯ããŸãã ããã©ã«ãã§ã¯ã1ããŒãžããã 20件衚瀺ãããŸãããããè¶ ããæ°ã®ãšã³ããªãããå Žåã¯ãã次 ãžã/ãæ»ããã¢ã€ã³ã³ã䜿çšããŠååŸã®ããŒãžã«ç§»åã§ããŸãããè¡æ° ãããããããŠã³ãªã¹ãã§ã1 ããŒãžã«è¡šç€ºãããšã³ããªã®æ°ãå€æŽã§ããŸãã è¡šã®åã®ããããã¯ãªãã¯ãããšããã¹ãŠã®ããŒã¿ã䞊ã¹æ¿ããããšãã§ããŸãã ã¿ãå³äžé ã®å¯Ÿå¿ããã¢ã€ã³ã³ãã¯ãªãã¯ãããšãããŒã¿ã PDF ããã㯠Excel 圢åŒã§ããŠã³ããŒã ã§ããŸããã¬ããŒãã¯ãçŸåšéžæãããŠãããã¥ãŒ (衚瀺) ããçæãããŸããããã«ããåã°ã©ãã㢠ã€ã³ã³ã衚瀺ãããŠããå Žåããããã¯ãªãã¯ãããšãè¡šã®äžã«åã°ã©ãã衚瀺ãããŸãã 17.6.4 éå¿åå ãEã¡ãŒã«ãããã¯ã·ã§ã³ > éå¿åå ãã¿ãã¯ãå¿ååãæå¹ã«ãªã£ãŠããå Žåã®ã¿ã¢ã¯ã»ã¹å¯èœã§ ã (ããã°ãšã¬ããŒã > ã¬ããŒãã£ã³ã°èšå® > å¿åå ããåç §)ã ããã§ã¯ãã¡ãŒã«ãããã¯ã·ã§ã³ã¬ããŒãã§ç¹å®ã®ã¡ãŒã«ã¢ãã¬ã¹ããã¡ã€ã³ã®å¿ååãäžæ¢ããããš ãã§ããŸãã次ã®æé ã§å®è¡ããŸãã 1. äž¡æ¹ã®ãã¹ã¯ãŒããå ¥åããŸãã å¿ååãæå¹ã«ããããã«æå®ãã 1çªç®ãš 2çªç®ã®ãã¹ã¯ãŒããå ¥åããŸãã 2. 次ã®èšå®ãè¡ããŸãã ã¢ãã¬ã¹ã®éå¿åå:éå¿ååããã¡ãŒã«ã¢ãã¬ã¹ãè¿œå ããŸãã éå¿ååãããã¡ã€ã³:éå¿ååãããã¡ã€ã³ãè¿œå ããŸãã 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã æå®ããã¡ãŒã«ã¢ãã¬ã¹ãšãã¡ã€ã³ã¯ã¬ããŒãã«è¡šç€ºãããããã«ãªããŸãã 494 UTM 9 管çã¬ã€ã 17 ãã°ãšã¬ããŒã 17.7 ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ 17.7 ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ ããã°ãšã¬ããŒã > ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ãã¡ãã¥ãŒã®ã¿ãã«ã¯ãSophos UTM ã«ãã£ãŠæ€åºããã é¢é£ã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ã€ãã³ãã«ã€ããŠã®çµ±èšã®æŠèŠã衚瀺ãããŸãã 17.7.1 ãã€ãªãŒ ãã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ > ãã€ãªãŒãã¿ãã¯ãã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ããã³ã¢ã¯ã»ã¹ãã€ã³ãã«é¢ã ãéå» 24æéã®çµ±èšæŠèŠ³ã瀺ããŸãã SSID å¥ã¬ããŒãã£ã³ ã° åã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã®ãã£ãŒãã衚瀺ãããŸããåãã£ãŒãã«ã¯ã次㮠2ã€ã®ã°ã©ãã衚瀺ã ããŸãã l æ¥ç¶ã¯ã©ã€ã¢ã³ã:ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã«ãŒãã«æ¥ç¶ããŠããã¯ã©ã€ã¢ã³ãã®æ°ã l 倱æããæ¥ç¶è©Šè¡åæ°:ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã§æ¥ç¶ã«å€±æããè©Šè¡åæ°ã APå¥ã¬ããŒãã£ã³ ã° åã¢ã¯ã»ã¹ãã€ã³ãã«ã€ããŠãæ倧ããã³å¹³åã®æ¥ç¶ãŠãŒã¶æ°ãã¢ããã¿ã€ã (éå» 24æéã§ã¢ã¯ ã»ã¹ãã€ã³ãã皌åããŠãã环ç©æé)ãããã³åæ¥ç¶ã®æ°ãããŒãã«ã«è¡šç€ºãããŸãã 17.7.2 ãŠã£ãŒã¯ãªãŒ ãã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ > ãŠã£ãŒã¯ãªãŒãã¿ãã«ã¯ãéå» 7æ¥éã®ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ããã³ ã¢ã¯ã»ã¹ãã€ã³ãã«é¢ããæŠèŠçãªçµ±èšã衚瀺ãããŸãããã¹ãã°ã©ã ã«ã€ããŠã¯ãããã€ãªãŒãã® ã»ã¯ã·ã§ã³ãåç §ããŠãã ããã 17.7.3 ãã³ã¹ãªãŒ ãã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ > ãã³ã¹ãªãŒãã¿ãã«ã¯ãéå» 4é±éã®ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ããã³ã¢ã¯ ã»ã¹ãã€ã³ãã«é¢ããæŠèŠçãªçµ±èšã衚瀺ãããŸãããã¹ãã°ã©ã ã«ã€ããŠã¯ãããã€ãªãŒãã®ã»ã¯ ã·ã§ã³ãåç §ããŠãã ããã UTM 9 管çã¬ã€ã 495 17.8 ãªã¢ãŒãã¢ã¯ã»ã¹ 17 ãã°ãšã¬ããŒã 17.7.4 幎次 ãã¯ã€ã€ã¬ã¹ãããã¯ã·ã§ã³ > 幎次 ãã¿ãã«ã¯ãéå» 12ãæéã®ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ããã³ã¢ã¯ã» ã¹ãã€ã³ãã«é¢ããæŠèŠçãªçµ±èšã衚瀺ãããŸãããã¹ãã°ã©ã ã«ã€ããŠã¯ãããã€ãªãŒãã®ã»ã¯ã·ã§ ã³ãåç §ããŠãã ããã 17.8 ãªã¢ãŒãã¢ã¯ã»ã¹ ããã°ãšã¬ããŒã > ãªã¢ãŒãã¢ã¯ã»ã¹ ãã¡ãã¥ãŒã®ã¿ãã¯ããªã¢ãŒãã¢ã¯ã»ã¹ã¢ã¯ãã£ããã£ããã³ã»ãã·ã§ ã³æ å ±ã«é¢ããå šäœçãªçµ±èšãæäŸããŸãã 17.8.1 ã¢ã¯ãã£ãã㣠ããªã¢ãŒãã¢ã¯ã»ã¹ > ã¢ã¯ãã£ããã£ãã¿ãã¯ãããŸããŸãªæéã«ã€ã㊠IPsecãSSL VPNãPPTPããã ã³ L2TP ã®UTMã®ãªã¢ãŒãã¢ã¯ã»ã¹ã¢ã¯ãã£ããã£ã«é¢ããçµ±èšæŠèŠãæäŸããŸãã l ãã€ãªãŒ l ãŠã£ãŒã¯ãªãŒ l ãã³ã¹ãªãŒ l 幎次 æéãéžæ:ããããããŠã³ãªã¹ãã䜿çšããŠãã¬ããŒãæéãéžæããŸããããŒãžã¯èªåçã«ãªã㌠ã (åèªã¿èŸŒã¿) ãããŸãã 17.8.2 ã»ãã·ã§ã³ ããªã¢ãŒãã¢ã¯ã»ã¹ > ã»ãã·ã§ã³ãã¿ãã¯ãããŸããŸãªæéç¯å²ã«ã€ããŠãå®äºããã»ãã·ã§ã³ã倱æã ããã°ã€ã³ãããã³çŸåšã®ãŠãŒã¶ã«é¢ããå æ¬çãªçµ±èšãæäŸããŸãã 泚 â ãUpãããã³ãDownãåã«ãªã¢ãŒãã¢ã¯ã»ã¹æ¥ç¶ã®ã¢ã«ãŠã³ãã£ã³ã°ããŒã¿ã衚瀺ãããŸãã㢠ã«ãŠã³ãã£ã³ã°ã¯ã·ã¹ãã ãžã®è² è·ãå¢ãããããããã©ã«ãã§ã¯ç¡å¹ã«ãªã£ãŠããŸããããªã¢ãŒã ã¢ã¯ã»ã¹ã¢ã«ãŠã³ãã£ã³ã°ãã»ã¯ã·ã§ã³ã® ãã¬ããŒãèšå® > èšå® ãã¿ãã§æå¹ã«ã§ããŸãã æåã®ããããããŠã³ãªã¹ãã§ã衚瀺ããã»ãã·ã§ã³ã¿ã€ããéžæã§ããŸã (çŸåšã®ãŠãŒã¶ ãå®äºãã ã»ãã·ã§ã³ã倱æãããã°ã€ã³)ããã£ã«ã¿ãé©çšããã«ã¯ããæŽæ° ããã¿ã³ãã¯ãªãã¯ããŸãã 496 UTM 9 管çã¬ã€ã 17 ãã°ãšã¬ããŒã 17.9 Web ãµãŒããããã¯ã·ã§ã³ 2çªç®ã®ããããããŠã³ãªã¹ãã§çµæããã£ã«ã¿ã§ããŸããéžæããã»ãã·ã§ã³ã¿ã€ãã«ãã£ãŠã¯ãç°ãª ããã£ã«ã¿ãå©çšã§ããŸã (äŸ: ãµãŒãã¹å¥ ãŸã㯠éä¿¡å IP ã¢ãã¬ã¹å¥ )ãäžéšã®ãã£ã«ã¿ã«ã¯ã㣠ã«ã¿åŒæ°ãéžæãŸãã¯å ¥åããå¿ èŠããããŸãã 3çªç®ã®ããããããŠã³ãªã¹ãã§çµæãæéå¥ã«ãã£ã«ã¿ã§ããŸãããã£ã«ã¿ãé©çšããã«ã¯ããã®éœ 床ãæŽæ° ããã¿ã³ãã¯ãªãã¯ããŸãã ããã©ã«ãã§ã¯ã1ããŒãžããã 20件衚瀺ãããŸãããããè¶ ããæ°ã®ãšã³ããªãããå Žåã¯ãã次 ãžã/ãæ»ããã¢ã€ã³ã³ã䜿çšããŠååŸã®ããŒãžã«ç§»åã§ããŸãããè¡æ° ãããããããŠã³ãªã¹ãã§ã1 ããŒãžã«è¡šç€ºãããšã³ããªã®æ°ãå€æŽã§ããŸãã è¡šã®åã®ããããã¯ãªãã¯ãããšããã¹ãŠã®ããŒã¿ã䞊ã¹æ¿ããããšãã§ããŸãã ã¿ãå³äžé ã®å¯Ÿå¿ããã¢ã€ã³ã³ãã¯ãªãã¯ãããšãããŒã¿ã PDF ããã㯠Excel 圢åŒã§ããŠã³ããŒã ã§ããŸããã¬ããŒãã¯ãçŸåšéžæãããŠãããã¥ãŒ (衚瀺) ããçæãããŸããããã«ããåã°ã©ãã㢠ã€ã³ã³ã衚瀺ãããŠããå Žåããããã¯ãªãã¯ãããšãè¡šã®äžã«åã°ã©ãã衚瀺ãããŸãã 17.9 Web ãµãŒããããã¯ã·ã§ã³ ããã°ãšã¬ããŒã > Web ãµãŒããããã¯ã·ã§ã³ãã¡ãã¥ãŒã®ã¿ãã¯ãWeb ãµãŒãã®èŠæ±ãèŠåãã¢ã©ãŒã ã«é¢ããæŠèŠçãªçµ±èšã衚瀺ããŸãã 17.9.1 䜿çšç¶æ³ã°ã©ã ãWeb ãµãŒããããã¯ã·ã§ã³ > 䜿çšç¶æ³ã°ã©ã ãã¿ãã¯ãããŸããŸãªæéæ å ã«UTMã§çºçãã Web ãµãŒãã®èŠæ±ãèŠåãã¢ã©ãŒãã«é¢ããæŠèŠçãªçµ±èšã衚瀺ããŸãã l ãã€ãªãŒ l ãŠã£ãŒã¯ãªãŒ l ãã³ã¹ãªãŒ l 幎次 17.9.2 詳现 ãWeb ãµãŒããããã¯ã·ã§ã³ > 詳现 ]ã¿ãã«ã¯ãããŸããŸãªæéæ å ã§æãã¢ã¯ãã£ãã ã£ãã¯ã©ã€ã¢ ã³ããä»®æ³ãã¹ããããã¯ãšã³ããå¿çã³ãŒããããã³æ§ã ãªæ»æã«é¢ããå æ¬çãªçµ±èšã衚瀺ãã ãŸãã UTM 9 管çã¬ã€ã 497 17.10 ãšã°ãŒã¯ãã£ãã¬ããŒã 17 ãã°ãšã¬ããŒã æåã®ããããããŠã³ãªã¹ãããã衚瀺ããããŒã¿ã®ã¿ã€ããéžæããŸã (äŸ: äžäœã¯ã©ã€ã¢ã³ãã äž äœæ»æè ãä»®æ³ãã¹ãå¥ ãªã©)ã å¿ èŠãªãšã³ããªãéžæããè¿œå ã§ããã¯ã¹ã衚瀺ãããå Žåã¯ã該 åœããããã£ã«ã¿ã®æ¡ä»¶ãæå®ããŸãããŸãã¯ãäžéšã«ããããããããŠã³ãªã¹ãã䜿çšããŠãæå» ã«ãã£ãŠãšã³ããªããã£ã«ã¿ãªã³ã°ã§ããŸãããã£ã«ã¿ãé©çšããã«ã¯ããã®ã€ã©ãæŽæ° ããã¿ã³ã㯠ãªãã¯ããŸãã ããã©ã«ãã§ã¯ã1ããŒãžããã 20件衚瀺ãããŸãããããè¶ ããæ°ã®ãšã³ããªãããå Žåã¯ãã次 ãžã/ãæ»ããã¢ã€ã³ã³ã䜿çšããŠååŸã®ããŒãžã«ç§»åã§ããŸãããè¡æ° ãããããããŠã³ãªã¹ãã§ã1 ããŒãžã«è¡šç€ºãããšã³ããªã®æ°ãå€æŽã§ããŸãã ã¿ãå³äžé ã®å¯Ÿå¿ããã¢ã€ã³ã³ãã¯ãªãã¯ãããšãããŒã¿ã PDF ããã㯠Excel 圢åŒã§ããŠã³ããŒã ã§ããŸããã¬ããŒãã¯ãçŸåšéžæãããŠãããã¥ãŒ (衚瀺) ããçæãããŸããããã«ããåã°ã©ãã㢠ã€ã³ã³ã衚瀺ãããŠããå Žåããããã¯ãªãã¯ãããšãè¡šã®äžã«åã°ã©ãã衚瀺ãããŸãã è¡šã®åã®ããããã¯ãªãã¯ãããšããã¹ãŠã®ããŒã¿ã䞊ã¹æ¿ããããšãã§ããŸãã 17.10 ãšã°ãŒã¯ãã£ãã¬ããŒã ããã°ãšã¬ããŒã > ãšã°ãŒã¯ãã£ãã¬ããŒããã¡ãã¥ãŒã§ã¯ãåãµãŒãã¹ã®ãããã¯ãŒã¯äœ¿çšç¶æ³ã衚瀺 ããããã«éèŠãªã¬ããŒãã£ã³ã°ããŒã¿ãã°ã©ãã£ã«ã«ãªåœ¢åŒã«ãŸãšããããšãã§ããŸãã 17.10.1 ã¬ããŒããèŠã ããã°ãšã¬ããŒã > ãšã°ãŒã¯ãã£ãã¬ããŒã > ã¬ããŒããèŠããã¿ãã§ã¯ããã¬ããŒãã£ã³ã°ãã¡ãã¥ãŒã®ã¿ ããšããŒãžã«ããåã ã®ã¬ããŒãã«åºã¥ããŠãå®å šãªãšã°ãŒã¯ãã£ãã¬ããŒããäœæããããšãã§ã ãŸãããšã°ãŒã¯ãã£ãã¬ããŒãã衚瀺ãããŠã£ã³ããŠãéãã«ã¯ããã¬ããŒãã®äœæ ããã¿ã³ãã¯ãªãã¯ã ãŸãã 17.10.2 ã¢ãŒã«ã€ããšã°ãŒã¯ãã£ãã¬ããŒã ããšã°ãŒã¯ãã£ãã¬ããŒã > ã¢ãŒã«ã€ããšã°ãŒã¯ãã£ãã¬ããŒããã¿ãã«ã¯ãã¢ãŒã«ã€ãããããã¹ãŠã® ãšã°ãŒã¯ãã£ãã¬ããŒãã®æŠèŠã衚瀺ãããŸãããèšå® ãã¿ãã§ã¢ãŒã«ã€ããéžæãããŠãããšã°ãŒã¯ ãã£ãã¬ããŒãã®ã¿ãã¢ãŒã«ã€ããããŸãã 17.10.3 èšå® ããšã°ãŒã¯ãã£ãã¬ããŒã > èšå® ãã¿ãã§ã¯ããšã°ãŒã¯ãã£ãã¬ããŒãã®èšå®ãè¡ãããšãã§ããŸãã 498 UTM 9 管çã¬ã€ã 17 ãã°ãšã¬ããŒã 17.11 ãã°èšå® ãã€ãªãŒãšã° ãŒã¯ãã£ãã¬ããŒã ãã€ãªãŒãšã°ãŒã¯ãã£ãã¬ããŒã:æå¹ã«ãããšããšã°ãŒã°ãã£ãã¬ããŒããæ¯æ¥äœæãããŸãã PDFã¬ããŒããã¢ãŒã«ã€ã:æå¹ã«ãããšããã€ãªãŒãšã°ãŒã°ãã£ãã¬ããŒãã PDF 圢åŒã§ã¢ãŒã«ã€ã åãããŸããã¢ãŒã«ã€ãåããããšã°ãŒã¯ãã£ãã¬ããŒãã«ã¯ ã¢ãŒã«ã€ããšã°ãŒã¯ãã£ãã¬ããŒããã ã¢ã¯ã»ã¹ã§ããŸãã HTML ã§ã¯ãªã PDF 圢åŒã§ã¬ããŒããéä¿¡:æå¹ã«ãããšãã¡ãŒã«ãšã°ãŒã°ãã£ãã¬ããŒãã PDF ãã¡ã€ã«ãšããŠã¡ãŒã«ã«æ·»ä»ããŠéä¿¡ãããŸããæå¹ã«ããªãå Žåã¯ãHTML 圢åŒã§éä¿¡ãã㟠ãã ã¡ãŒã«ã¢ãã¬ã¹:ãšã°ãŒã¯ãã£ãã¬ããŒãã®åä¿¡è ã®ã¡ãŒã«ã¢ãã¬ã¹ãå ¥åããŸãã ㊠ã£ãŒã¯ãªãŒãšã° ãŒã¯ãã£ãã¬ããŒã 倧éšåã®èšå®ã«ã€ããŠã¯ãããã€ãªãŒãšã°ãŒã¯ãã£ãã¬ããŒããã®ã»ã¯ã·ã§ã³ãåç §ããŠãã ããã ãã®ã¬ããŒãã§ã¯ããšã°ãŒã¯ãã£ãã¬ããŒããããŒã¿ã®åéãéå§ããææ¥ãéžæã§ããŸãã ãã³ ã¹ãªãŒãšã° ãŒã¯ãã£ãã¬ããŒã 倧éšåã®èšå®ã«ã€ããŠã¯ãããã€ãªãŒãšã°ãŒã¯ãã£ãã¬ããŒããã®ã»ã¯ã·ã§ã³ãåç §ããŠãã ããã 17.11 ãã°èšå® ããã°ãšã¬ããŒã > ãã°èšå® ãã¡ãã¥ãŒã§ãããŒã«ã«ããã³ãªã¢ãŒããã°ã®åºæ¬çãªèšå®ãæ§æã§ã㟠ãã 17.11.1 ããŒã«ã«ãã° ããã°ãšã¬ããŒã > ãã°èšå® > ããŒã«ã«ãã°ãã¿ãã§ãããŒã«ã«ãã°ã®èšå®ãè¡ãããšãã§ããŸããã ãã©ã«ãã§ã¯ããŒã«ã«ãã°ã¯æå¹ã«ãªã£ãŠããŸãã ãã ããããŒã«ã«ãã°ãç¡å¹ã«ãªã£ãŠããå Žåã¯ã以äžã®æé ã§æå¹ã«ã§ããŸãã 1. ãããŒã«ã«ãã°ãã¿ãã§ããŒã«ã«ãã°ãæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããç·è²ã«å€ããããã®ã¿ãå ã®ãšãªã¢ãç·šéå¯èœã«ãªããŸãã UTM 9 管çã¬ã€ã 499 17.11 ãã°èšå® 17 ãã°ãšã¬ããŒã 2. ãã€ãã°ãã¡ã€ã«ãåé€ããããæéãéžæããŸãã ããããããŠã³ãªã¹ãããããã°ãã¡ã€ã«ã«èªåçã«é©çšããã¢ã¯ã·ã§ã³ãéžæããŸããããã© ã«ãã§ã¯ãããã°ãã¡ã€ã«ãåé€ããªãããéžæãããŠããŸãã 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã ããã å€ ããã§ããŒã«ã«ãã°ã®ãããå€ãå®çŸ©ã§ããŸãããããå€ã¯ããã®å€ã«éããå Žåã«å®è¡ãããç¹ å®ã®ã¢ã¯ã·ã§ã³ã«çµã³ä»ããããŸãã次ã®äœæ¥ãå®è¡ã§ããŸãã l ãªã:äœãèµ·ãããŸããã l éç¥ã®éä¿¡: ïŒãããå€ã«éããããšã管çè ã«äŒããéç¥ãéä¿¡ããŸãã l å€ããã°ããåé€:æ®ãã®éãèšå®ãããããå€ããäžã«ãªããŸã§ããããã¯ãã°ãã¡ã€ã«ã® ã¢ãŒã«ã€ãã空ã«ãªããŸã§ãæãå€ããã°ãã¡ã€ã«ãåé€ãããŸããããã«ããã®ã¢ã¯ã·ã§ã³ ã®éç¥ã管çè ã«éä¿¡ãããŸãã l ã·ã¹ãã ã®ã·ã£ããããŠã³:ã·ã¹ãã ãã·ã£ããããŠã³ããŸãããã®ã€ãã³ãã®éç¥ã管çè ã« éä¿¡ãããŸãã ã·ã¹ãã ãã·ã£ããããŠã³ããå Žåã¯ã管çè ã¯ããŒã«ã«ãã°ã®èšå®ãå€æŽãããã°ãã¡ã€ã« ã®åé€ãèšå®ãããããããã¯ãã°ãã¡ã€ã«ãæåã§ç§»å/åé€ããå¿ èŠããããŸããã·ã¹ ãã ã·ã£ããããŠã³ã®çç±ãæç¶ããå Žåã¯ã次åã®ãã°æ¶å»ããã»ã¹ã®å®è¡æ (æ¯æ¥å å 12:00 ã€ãŸãçå€äžã«å®æœ) ã«ã·ã¹ãã ã¯åã³èªããã·ã£ããããŠã³ããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã 17.11.2 Syslogéä¿¡ãã°éžæ ããã°ãšã¬ããŒã > ãã°èšå® > ãªã¢ãŒã Syslog ãµãŒã ãã¿ãã§ããªã¢ãŒããã°ã®èšå®ãè¡ãããšãã§ã㟠ãããã®æ©èœã«ãããUTMããä»ã®ãã¹ãã«ãã°ã¡ãã»ãŒãžã転éã§ããŸããããã¯ããã¹ãã䜿çšã ãŠããã€ãã®UTMãããã°æ å ±ãåéãããããã¯ãŒã¯ã«ç¹ã«åœ¹ç«ã¡ãŸããéžæãããã¹ãã§ã¯ã Syslog ãããã³ã«äºæã®ãã°ããŒã¢ã³ãå®è¡ããå¿ èŠããããŸãã ãªã¢ãŒã syslog ãµãŒããèšå®ããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ããªã¢ãŒã Syslog ãµãŒã ãã¿ãã§ãªã¢ãŒã syslog ãæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«ãªããããªã¢ãŒã Syslog èšå® ããšãªã¢ãç·šéå¯èœã«ãªããŸãã 500 UTM 9 管çã¬ã€ã 17 ãã°ãšã¬ããŒã 17.11 ãã°èšå® 2. ãSyslog ãµãŒã ãããã¯ã¹ã®ã+ãã¢ã€ã³ã³ãã¯ãªãã¯ããŠãµãŒããäœæããŸãã ãSyslog ãµãŒãã®è¿œå ããã€ã¢ãã°ããã¯ã¹ãéããŸãã 3. 次ã®èšå®ãè¡ããŸãã åå:ãªã¢ãŒã syslog ãµãŒãã説æããååãå ¥åããŸãã ãµãŒã:UTMãããã°ããŒã¿ãåä¿¡ããå¿ èŠããããã¹ããè¿œå ãŸãã¯éžæããŸãã èŠå â UTMèªäœã®ã€ã³ã¿ãã§ãŒã¹ããªã¢ãŒã syslog ãã¹ããšããŠäœ¿çšããªãã§ãã ããããã ãè¡ããšããã°ã«ãŒãã«ãªããŸãã ããŒã:æ¥ç¶ã«äœ¿çšããããŒããè¿œå ãŸãã¯éžæããŸãã 4. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã ãªã¢ãŒã Syslog ãããã¡ ãã®ãšãªã¢ã§ããªã¢ãŒã syslog ã®ãããã¡ãµã€ãºãå€æŽã§ããŸãããããã¡ãµã€ãºã¯ãããã¡ã«ä¿æã ãããã°ã®è¡æ°ã§ããããã©ã«ã㯠1000 ã§ãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã ãªã¢ãŒã Syslog ã ã° ã®éžæ ãã®ãšãªã¢ã¯ãªã¢ãŒã syslog ãæå¹ãªãšãã®ã¿ç·šéã§ããŸããsyslog ãµãŒãã«éä¿¡ãããã°ã® ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŠãã ãããããã¹ãŠãéžæ ããªãã·ã§ã³ãéžæãããšãäžåºŠã«ãã¹ ãŠã®ãã°ãéžæããããšãã§ããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã 17.11.3 ãªã¢ãŒããã°ãã¡ã€ã«ã¢ãŒã«ã€ã ããã°ãšã¬ããŒã > ãã°èšå® > ãªã¢ãŒããã°ãã¡ã€ã«ã¢ãŒã«ã€ããã¿ãã§ããã°ãã¡ã€ã«ã®ãªã¢ãŒãã¢ãŒã« ã€ããèšå®ããããšãã§ããŸãããªã¢ãŒããã°ãã¡ã€ã«ã®ã¢ãŒã«ã€ããæå¹ã«ãããšãåæ¥ã®ãã°ãã¡ ã€ã«ã¯1ã€ã®ãã¡ã€ã«ã«éçŽã»å§çž®ããããªã¢ãŒããã°ãã¡ã€ã«ã®ã¹ãã¬ãŒãžã«è»¢éãããŸããããã ãããŠã³ãªã¹ãã§è»¢éæ¹æ³ãéžæã§ããŸãã ãªã¢ãŒããã°ãã¡ã€ã«ã®ã¢ãŒã«ã€ããèšå®ããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ãªã¢ãŒããã°ãã¡ã€ã«ã¢ãŒã«ã€ãæ©èœãæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«ãªããããªã¢ãŒããã°ãã¡ã€ã«ã¢ãŒã«ã€ãããšãªã¢ãç·šéå¯èœã« ãªããŸãã UTM 9 管çã¬ã€ã 501 17.11 ãã°èšå® 17 ãã°ãšã¬ããŒã 2. ãã°ãã¡ã€ã«ã®ã¢ãŒã«ã€ãæ¹åŒãéžæããŸãã ããããããŠã³ãªã¹ãã§ãåžæã®ã¢ãŒã«ã€ãæ¹åŒãéžæããŸããéžæããæ¹åŒã«å¿ããŠãå ã¢ãŒã«ã€ãæ¹åŒã«é¢é£ããèšå®ãªãã·ã§ã³ãäžã«è¡šç€ºãããŸãã以äžã®ã¢ãŒã«ã€ãæ¹åŒã ãéžæã§ããŸãã l l FTP ãµãŒã:FTP (ãã¡ã€ã«è»¢éãããã³ã«) æ¹åŒã§ã¯ã以äžã®ãã©ã¡ãŒã¿ãèšå®ããå¿ èŠããããŸãã l ãã¹ã:FTP ãµãŒãã®ãã¹ãã®å®çŸ©ã l ãµãŒãã¹:ãµãŒãããªã¹ã³ãã TCP ããŒãã l ãŠãŒã¶å:FTP ãµãŒãã¢ã«ãŠã³ãã®ãŠãŒã¶åã l ãã¹ã¯ãŒã:FTP ãµãŒãã¢ã«ãŠã³ãã®ãã¹ã¯ãŒãã l ãã¹:ãã°ãã¡ã€ã«ãä¿åãããŠãããªã¢ãŒã (çžå¯Ÿ) ãã¹ã SMB (CIFS) å ±æ:SMB æ¹åŒã§ã¯ã以äžã®ãã©ã¡ãŒã¿ãèšå®ããå¿ èŠããããŸãã l ãã¹ã:SMB ãµãŒãã®ãã¹ãã®å®çŸ©ã l ãŠãŒã¶å:SMB ã¢ã«ãŠã³ãã®ãŠãŒã¶åã l ãã¹ã¯ãŒã:SMBã¢ã«ãŠã³ãã®ãã¹ã¯ãŒãã ã»ãã¥ãªãã£ã«é¢ããæ³šèš â ãã¹ã¯ãŒãã¯èšå®ãã¡ã€ã«ã«ãã¬ãŒã³ããã¹ã㧠ä¿åãããŸãããããã£ãŠããã®ãã°ã«åºæã®ãŠãŒã¶/ãã¹ã¯ãŒãã®çµã¿å ãããäœæããããšããå§ãããŸãã l l å ±æ:SMB å ±æåããã°ãã¡ã€ã«ã®è»¢éå ã®ãã¹ãŸãã¯ãããã¯ãŒã¯å ±ææ å ± ãå ¥åããŸã (äŸ: /logs/log_file_archive)ã l ã¯ãŒã¯ã°ã«ãŒã/ãã¡ã€ã³:ãã°ãã¡ã€ã«ã®ã¢ãŒã«ã€ããå ¥ããã¯ãŒã¯ã°ã«ãŒã㟠ãã¯ãã¡ã€ã³ãå ¥åããŸãã Secure Copy (SSH ãµãŒã):SCP æ¹åŒã䜿çšããã«ã¯ãå ¬é SSH DSA éµããã䜿ãã® SCP ãµãŒãã®æ¿èªæžã¿éµã«è¿œå ããå¿ èŠããããŸããLinux ã·ã¹ãã ã§ã¯ãSSH DSA éµãã«ããããŒã¹ãããŠãèšå®ããããŠãŒã¶ã¢ã«ãŠã³ãã® ~/.ssh/authorized_ keys ãã¡ã€ã«ã«è¿œå ã§ããŸããã€ã³ã¹ãŒããŒã«æã«Sophos UTMã«ãã£ãŠæ°ãã SSHDSA éµãäœæãããŸããã»ãã¥ãªãã£äžã®çç±ããããã® SSH DSA éµã¯ãã㯠ã¢ããã«ã¯å«ãŸããŸããããããã£ãŠãæ°èŠãŸãã¯ããã¯ã¢ããã®ã€ã³ã¹ããŒã«åŸã«ã æ°ãã SSH DSA éµããªã¢ãŒããµãŒãã«ä¿åããŠããã°ãã¡ã€ã«ã®ã¢ãŒã«ã€ãã SCP ãµãŒãã«å®å šã«ã³ããŒã§ããããã«ããå¿ èŠããããŸãã SCP æ¹åŒã«ä»¥äžã®èšå®ãå¿ èŠã§ãã 502 UTM 9 管çã¬ã€ã 17 ãã°ãšã¬ããŒã l 17.12 ã¬ããŒãèšå® l ãã¹ã:SCP ãµãŒãã®ãã¹ãã®å®çŸ©ã l ãŠãŒã¶å:SCP ãµãŒãã¢ã«ãŠã³ãã®ãŠãŒã¶åã l ãã¹:ãã°ãã¡ã€ã«ã®ä¿åå ã® (å®å šãª) ãªã¢ãŒããã¹ã l å ¬é DSA éµ:ãªã¢ãŒãã¹ãã¬ãŒãžãã¹ãäžã§ãæäŸãããå ¬é DSA éµãæ¿èªæž ã¿éµã®ãªã¹ãã«è¿œå ããŸãã ã¡ãŒã«ã§éä¿¡:ãã°ãã¡ã€ã«ã®ã¢ãŒã«ã€ããã¡ãŒã«ã§éä¿¡ããããã«ãæå¹ãªã¡ãŒã«ã¢ ãã¬ã¹ãå ¥åããŸãã 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã 転éã倱æãããšãã¢ãŒã«ã€ãã¯UTMã«æ®ããŸããããããã®ãã°åé€ããã»ã¹æã«ãUTMã¯æ®ã ã®ãã¹ãŠã®ã¢ãŒã«ã€ããé ä¿¡ããããšè©Šã¿ãŸãã 17.12 ã¬ããŒãèšå® ããã°ãšã¬ããŒã > ã¬ããŒãèšå® ãã¡ãã¥ãŒã§ãã¬ããŒãã£ã³ã°ã®ç¹å®æ©èœã®æå¹å/ç¡å¹åãããŒã¿ ä¿ææé/éã®èšå®ãšãã£ãã¬ããŒãã£ã³ã°æ©èœã®èšå®ãè¡ãããšãã§ããŸããããã«ããã©ã€ã ã·ãŒä¿è·ã匷åããããã«ããŒã¿ãå¿åã«ããããšãã§ããŸãã 17.12.1 èšå® ãèšå® ãã¿ãã§ãã¬ããŒãã¢ã¯ã·ã§ã³ããã³ã¬ããŒãããŒã¿ãèªåçã«åé€ããããŸã§ã®ã·ã¹ãã ã§ã® ä¿ææéãå®çŸ©ã§ããŸãã以äžã®ã¬ããŒããããã¯ãèšå®ã§ããŸãã l ã¢ããªã±ãŒã·ã§ã³ã³ã³ãããŒã« l èªèšŒ l Eã¡ãŒã«ãããã¯ã·ã§ã³ l ãã¡ã€ã¢ãŠã©ãŒã« l IPS l ãããã¯ãŒã¯äœ¿çšç¶æ³ l ãªã¢ãŒãã¢ã¯ã»ã¹ l Web ãããã¯ã·ã§ã³ l Web ãµãŒããããã¯ã·ã§ã³ UTM 9 管çã¬ã€ã 503 17.12 ã¬ããŒãèšå® 17 ãã°ãšã¬ããŒã å·ŠåŽã®ãã§ãã¯ããã¯ã¹ã䜿çšããŠãç¹å®ãããã¯ã«é¢ããã¬ããŒããæå¹/ç¡å¹ã«ããŸããããã©ã« ãã§ã¯ããã¹ãŠã®ã¬ããŒããããã¯ãæå¹ã«ãªã£ãŠããŸãã å³åŽã®ããããããŠã³ãªã¹ãã䜿çšããŠãã¬ããŒãããŒã¿ã®ä¿ææéãèšå®ããŸãã Note â äžèŠãªã¬ããŒããç¡å¹ã«ããããšã§ããã·ã³ã®åºæ¬çãªè² è·ãæžãããããã©ãŒãã³ã¹ã®ã ãã«ããã¯ãåæžã§ããŸããã¬ããŒãã®ä¿ææéã¯ã§ããã ãçãèšå®ããŠãã ãããä¿åããŒã¿ ã®éãå€ããšåºæ¬çãªè² è·ãé«ããªããåçãªã¬ããŒãããŒãžã®å¿çæ§ãäœäžãããŸãã ãã®ã¿ãã®èšå®ã¯ããã°ãã¡ã€ã«ã¢ãŒã«ã€ããžã¯åœ±é¿ããŸããã Web ãã ãã¯ã·ã§ã³ ã¬ããŒã 詳现ã¬ã ã« ãã®ã»ã¯ã·ã§ã³ã§ã¯ãWeb ãããã¯ã·ã§ã³ã¬ããŒãã®è©³çŽ°ã¬ãã«ãå®çŸ©ããããšãã§ããŸãã詳现ã¬ã ã«ãé«ããããšãã¡ã¢ãªã®äœ¿çšéãšã·ã¹ãã è² è·ãç®ã«èŠããŠå¢å ãããããå¿ èŠã§ãªãéãã¯ã 詳现ã¬ãã«ãäœãããŠãã ããã 以äžã®è©³çŽ°ã¬ãã«ãèšå®ã§ããŸãã l ãã¡ã€ã³ã®ã¿:ã¬ããŒãã«ã¯ãURL ã®ãããã¬ãã«ãã¡ã€ã³ãšã»ã«ã³ãã¬ãã«ãã¡ã€ã³ (äŸ: example.com) ã衚瀺ãããŸãããµãŒãã¬ãã«ãã¡ã€ã³ã¯ã匷å¶ãããšè¡šç€ºãããŸã (äŸ: example.co.uk)ã l ãã«ãã¡ã€ã³:ã¬ããŒãã«ã¯ããã«ãã¡ã€ã³ã衚瀺ãããŸã (äŸ: www.example.comãshop.example.com)ã l 1ã¬ãã«ã®URL:ã¬ããŒãã«ã¯ãURLã®æåã® (ä»®æ³) ãã£ã¬ã¯ããªãè¿œå ã§è¡šç€ºãããŸã (äŸ: www.example.com/en/)ã l 2ã¬ãã«ã®URL:ã¬ããŒãã«ã¯ãURL ã®æåã® 2ã€ã® (ä»®æ³) ãã£ã¬ã¯ããªãè¿œå ã§è¡šç€ºãã㟠ã (äŸ: www.example.com/en/products/)ã l 3ã¬ãã«ã®URL:ã¬ããŒãã«ã¯ãURL ã®æåã® 3ã€ã® (ä»®æ³) ãã£ã¬ã¯ããªãè¿œå ã§è¡šç€ºãã㟠ã (äŸ: www.example.com/en/products/new/)ã ãšã° ãŒã¯ãã£ãã¬ããŒã èšå® ãã®ãšãªã¢ã§ãä¿æãããšã°ãŒã¯ãã£ãã¬ããŒãã®æ°ãããããå®çŸ©ã§ããŸãã l ãã€ãªãŒã¬ããŒã:æ倧 60 l ãŠã£ãŒã¯ãªãŒã¬ããŒã:æ倧 52 l ãã³ã¹ãªãŒã¬ããŒã:æ倧 12 èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã 504 UTM 9 管çã¬ã€ã 17 ãã°ãšã¬ããŒã 17.12 ã¬ããŒãèšå® ãšã°ãŒã¯ãã£ãã¬ããŒããšãã®ãªãã·ã§ã³ã«é¢ãã詳现ã¯ãããã°ãšã¬ããŒã > ãšã°ãŒã¯ãã£ãã¬ããŒãã ãåç §ããŠãã ããã PD F çšçŽèšå® PDF ãšã°ãŒã¯ãã£ãã¬ããŒãã®ããã©ã«ãã®çšçŽãµã€ãºã¯ A4 ã§ããããããããŠã³ãªã¹ãã䜿çšã ãŠããã¬ã¿ãŒããŸãã¯ããªãŒã¬ã« ããéžæã§ããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã ãªã¢ãŒã ã¢ã¯ã»ã¹ã¢ã«ãŠ ã³ ãã£ã³ ã° ãªã¢ãŒãã¢ã¯ã»ã¹æ¥ç¶ã®ã¢ã«ãŠã³ãã£ã³ã°ãæå¹ãŸãã¯ç¡å¹ã«ã§ããŸããæå¹ã«ãããšããªã¢ãŒã ã¢ã¯ã»ã¹æ¥ç¶ã«é¢ããããŒã¿ãä¿ç®¡ãããããã°ãšã¬ããŒã > ãªã¢ãŒãã¢ã¯ã»ã¹ > ã»ãã·ã§ã³ãã¿ãã® ãDownãããã³ãUpãåã«è¡šç€ºãããŸããç¡å¹ã«ãããšãã¢ã«ãŠã³ãã£ã³ã°ã¯åæ¢ããŸãããã®æ©èœã æå¹ã«ãããšãã·ã¹ãã ãžã®è² è·ãå¢å€§ããå¯èœæ§ããããŸãã CSV åºåãæåèšå® ããã§ã¯ãCSV 圢åŒãžã®ã¬ããŒãã£ã³ã°ããŒã¿ã®ãšã¯ã¹ããŒãæã«äœ¿çšããããªãã¿ãå®çŸ©ã§ã㟠ããWindows ãªãã¬ãŒãã£ã³ã°ã·ã¹ãã ã§ã¯ããšã¯ã¹ããŒãããããŒã¿ã Excel ãªã©ã®è¡šèšç®ããã°ã© ã ã§æ£ç¢ºã«è¡šç€ºãããããã«ããããã«ãããªãã¿ãã·ã¹ãã ã®å°åèšå®ãšäžèŽããå¿ èŠããã㟠ãã IPFIX ã¢ã«ãŠ ã³ ãã£ã³ ã° IPFIX ã䜿çšããŠãUTMã® IPv4 ãããŒããŒã¿ããããã€ãã«ãšã¯ã¹ããŒãããã¢ãã¿ãªã³ã°ãã¬ããŒãã ã¢ã«ãŠã³ãã£ã³ã°ãæéè«æ±ãªã©ã®ããã«äœ¿çšããããšãã§ããŸãã IPFIX (Internet Protocol Flow Information Export) ã¯ãã¢ã«ãŠã³ãã£ã³ã°æ å ±ãæ®éçãªæ¹æ³ã§ãšã¯ ã¹ããŒãããããã®ã¡ãã»ãŒãžããŒã¹ã®ãããã³ã«ã§ããã¢ã«ãŠã³ãã£ã³ã°æ å ±ã¯ããšã¯ã¹ããŒã¿ã«ã ãåéãããã³ã¬ã¯ã¿ã«éä¿¡ãããŸããIPv4 ãããŒã®äžè¬çãªã¢ã«ãŠã³ãæ å ±ã¯ãéä¿¡å ã¢ãã¬ã¹ã å®å ã¢ãã¬ã¹ãéä¿¡å ããŒããå®å ããŒãããã€ãããã±ãããããã³ãããã¯ãŒã¯ãã©ãã£ãã¯åé¡ ããŒã¿ã§æ§æãããŸãã æå¹ã«ãããšãUTM ã¯ãšã¯ã¹ããŒã¿ãšããŠæ©èœããŸããIPFIX ã¢ã«ãŠã³ãã£ã³ã°æ å ±ããšã¯ã¹ããŒãã ãŸããã³ã¬ã¯ã¿ã¯éåžžãããã€ãã®ãµã€ãã«é 眮ããããã㧠1ã€ä»¥äžã®UTMã®ã¢ã«ãŠã³ãã£ã³ã° ããŒã¿ãéçŽãããŠåæãããŸãããããã€ãã§ã®ã·ã¹ãã ã®ã»ããã¢ããæã«ãã¹ãåãæäŸã ãã1ã€ã®ãšã¯ã¹ããŒã¿ãã€ãŸãUTMæ¯ã«äžæã® OID (Observation Domain ID) ãå®çŸ©ããå¿ èŠãã ããŸãããã®ããŒã¿ã該åœãããã£ãŒã«ãã«å ¥åããŸãã ããŒã¿ã¯ãUDP ããŒã 4739 ã§ãšã¯ã¹ããŒããããŸãã1ã€ã®ãããã¯ãŒã¯æ¥ç¶ãããšã¯ã¹ããŒãæ¹å ã®ããã«1ã€ãšå¿çã®ããã« 1ã€ã®åèš 2ã€ã® IPFIX ãããŒã䜿çšããŸãã UTM 9 管çã¬ã€ã 505 17.12 ã¬ããŒãèšå® 17 ãã°ãšã¬ããŒã 泚ã»ãã¥ãªã㣠â IPFIX ã®ã¢ã«ãŠã³ãããŒã¿ã¯æå·åã®ãªãç¶æ ã§éä¿¡ãããããšã«æ³šæããŠäžã ããããã«ãã®ããŒã¿ã®éä¿¡ã¯ãã©ã€ããŒããããã¯ãŒã¯çµç±ã§è¡ãããããšãæšå¥šããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã 17.12.2 é€å€ ãã¬ããŒãèšå® > é€å€ ãã¿ãã§ãç¹å®ã®ãã¡ã€ã³ãã¢ãã¬ã¹ãã¬ããŒãããé€å€ã§ããŸããããã¯ãšã° ãŒã¯ãã£ãã¬ããŒãã«å ããããã°ãšã¬ããŒããããŒãžãšçµ±èšæŠèŠããŒãžã«åœ±é¿ãåãŒããŸãã 泚 â ä»æ¥ã®çµ±èšããŒãžã®æ å ±ã¯ã10ïœ15åæ¯ã«æŽæ°ãããã®ã¿ã§ããããããã®åœ±é¿ãçµ±èš ããŒãžã«çŽã¡ã«è¡šããããã§ã¯ãããŸãããã€ã³ããŒãæ©èœã«ãã£ãŠè€æ°ã®é ç®ãäžåºŠã«å®çŸ© ããããšãå¯èœã§ãã ã¬ããŒãã£ã³ ã° é€å€:We b ãã®ã»ã¯ã·ã§ã³ã«ã¯ããã¹ãŠã®Webãããã¯ã·ã§ã³ã¬ããŒãããé€å€ãããã¡ã€ã³ãå®çŸ©ã§ããŸãããã¡ ã€ã³åã«ã¯ãããã°ãšã¬ããŒã > Web ãããã¯ã·ã§ã³ > Web 䜿çšç¶æ³ã¬ããŒããã¿ãã®ããã¡ã€ã³ãã¬ããŒã ã«ãªã¹ãããããã®ãšãŸã£ããåãååãæå®ããå¿ èŠããããŸãã èšå®ãä¿åããã«ã¯ãé©çš ã ãã¯ãªãã¯ããŸãã ã¬ããŒãã£ã³ ã° é€å€:ã¡ ãŒã« ãããã® 2ã€ã®ã»ã¯ã·ã§ã³ã«ã¯ããã¹ãŠã®ã¡ãŒã«ãããã¯ã·ã§ã³ã¬ããŒãããé€å€ãããã¡ã€ã³ãšã¡ãŒ ã«ã¢ãã¬ã¹ãå®çŸ©ã§ããŸãã ç¹å®ã®ãã¡ã€ã³ã®ãã¹ãŠã®ã¡ãŒã«ã¢ãã¬ã¹ãé€å€ããã«ã¯ãããã¡ã€ã³ãããã¯ã¹ã䜿çšã㟠ããsophos.com ã®ããã«ãã¡ãŒã«ã¢ãã¬ã¹ã®ãã¡ã€ã³éšåã®ã¿ãå ¥åããŸããã¬ããŒãããç¹å®ã® ã¡ãŒã«ã¢ãã¬ã¹ãé€å€ããã«ã¯ããã¢ãã¬ã¹ ãããã¯ã¹ã䜿çšããŸãã èšå®ãä¿åããã«ã¯ãé©çš ã ãã¯ãªãã¯ããŸãã æå®ãããã¡ã€ã³åãŸãã¯ã¢ãã¬ã¹ãå«ãéä¿¡è ãŸãã¯åä¿¡è ã®ã¡ãŒã«ãããã¹ãŠã®ã¡ãŒã«ãã ãã¯ã·ã§ã³ã¬ããŒãããé€å€ãããŸãã ã¬ããŒãã£ã³ ã° é€å€:ããã 㯠ãŒã¯ãã ãã¯ã·ã§ã³ ãã®ã»ã¯ã·ã§ã³ã«ã¯ããã¹ãŠã®ãããã¯ãŒã¯ãããã¯ã·ã§ã³ã¬ããŒãããé€å€ãã IPv4 ããã³ IPv6 㢠ãã¬ã¹ãå®çŸ©ã§ããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã 506 UTM 9 管çã¬ã€ã 17 ãã°ãšã¬ããŒã 17.12 ã¬ããŒãèšå® ã¬ããŒãã£ã³ ã° é€å€:ããã 㯠ãŒã¯ã¢ã«ãŠ ã³ ãã£ã³ ã° ãã®ã»ã¯ã·ã§ã³ã«ã¯ããã¹ãŠã®ãããã¯ãŒã¯äœ¿çšç¶æ³ã¬ããŒãããé€å€ãã IPv4 ããã³ IPv6 ã¢ã㬠ã¹ãå®çŸ©ã§ããŸãã èšå®ãä¿åããã«ã¯ãé©çš ããã¯ãªãã¯ããŸãã 17.12.3 å¿åå ãã¬ããŒãèšå® > å¿åå ãã¿ãã§ã¯ãã4ã€ã®ç®ã®ååã (four-eyes principle) ã«åºã¥ããŠããŒã¿ãå¿å ã«ã§ããŸããããã¯ã2人ã®äººéããã®æé ãæ¿èªããå Žåã®ã¿éå¿ååã§ããããšãæå³ã㟠ããå¿åã«ãããšããŠãŒã¶ããŒã¿ã®ã¬ããŒãã衚瀺ããéã«ãã®ããŒã¿ã®æ©å¯æ§ãä¿ãããããã ã¢ã¯ã·ã§ã³ (Web ãµãŒãã£ã³ãªã©) ããç¹å®ã®äººéã«ãã¬ãŒã¹ããã¯ãã (ããã®ãŒã) ããšãã§ããªã ãªããŸãã å¿åã«ããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ãå¿åå ãã¿ãã§å¿ååãæå¹ã«ããŸãã ãã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«ãªãããå¿ååèšå® ããšãªã¢ãç·šéå¯èœã«ãªããŸãã 2. 2ã€ã®ã»ãã¥ãªãã£ãã¹ã¯ãŒããå ¥åããŸãã ã4ã€ã®ç®ã®ååãã¯ãç°ãªã 2人ã®äººéãäºããç§å¿ããŠãããã¹ã¯ãŒããå ¥åãããšãã® ã¿æå¹ã§ãã 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã å¿ååãå床ã°ããŒãã«ã«ç¡å¹ã«ããã«ã¯ããã®äž¡æ¹ã®ãã¹ã¯ãŒããå¿ èŠã«ãªããŸãã 1. ãå¿åå ãã¿ãã§ããã°ã«ã¹ã€ãããã¯ãªãã¯ããŸãã ãã°ã«ã¹ã€ãããã¢ã³ããŒè²ã«ãªãããå¿ååèšå® ããšãªã¢ãç·šéå¯èœã«ãªããŸãã 2. äž¡æ¹ã®ãã¹ã¯ãŒããå ¥åããŸãã å¿ååãæå¹ã«ããããã«æå®ãã 1çªç®ãš 2çªç®ã®ãã¹ã¯ãŒããå ¥åããŸãã 3. ãé©çš ããã¯ãªãã¯ããŸãã èšå®ãä¿åãããŸãã å¿ èŠã«å¿ããŠãå¿ååã 1人ã®ãŠãŒã¶ã«å¯ŸããŠç¡å¹ã«ã§ããŸãã詳现ã¯ããã°ãšã¬ããŒã >> Web ã ããã¯ã·ã§ã³ãããã³ããã°ãšã¬ããŒã > Eã¡ãŒã«ãããã¯ã·ã§ã³ããåç §ããŠãã ããã UTM 9 管çã¬ã€ã 507 18 ãµããŒã ãã®ç« ã§ã¯ãSophos UTMã§äœ¿çšã§ãããµããŒãããŒã«ã«ã€ããŠèª¬æããŸãã ããµããŒããã¡ãã¥ãŒã®ããŒãžã«ã¯ãããŸããŸãª Web ãªã³ã¯ããåãåããæ å ±ã圹ç«ã€ãããã¯ãŒã¯ ããŒã«ã®åºåãªã©ãã客æ§ãµããŒãé¢é£ã®å€æ°ã®æ©èœãå«ãŸããŠããŸãããããã掻çšãããã ãšã§ãUTM ã®ã³ãã³ãã©ã€ã³ã€ã³ã¿ãã§ãŒã¹ã䜿çšããªãã§ãéèŠãªãããã¯ãŒã¯ããããã£ãå€æã ãããšãã§ããŸãã ãã®ç« ã§ã¯ã次ã®ãããã¯ã«ã€ããŠèª¬æããŸãã l ããã¥ã¡ã³ã l å°å·å¯èœåœ¢åŒèšå®æ å ± l ãµããŒãçªå£ l ããŒã« l 詳现 ããã«ãããµããŒããã¡ãã¥ãŒã®ã¡ã€ã³ããŒãžã«ã¯ã以äžã®æ å ±ãžã® Web ãªã³ã¯ãå«ãŸããŠããŸãã l ãµããŒãããŒã¿ããŒã¹ (KB):Sophos NSG ã®å ¬åŒãµããŒãããŒã¿ããŒã¹ã«ã¯ãSophos UTM ã® èšå®ã«é¢ããããŸããŸãªæ å ±ãæ²èŒãããŠããŸãã l æ¢åã®åé¡ç¹ãªã¹ã (KIL):解決ã§ããªãæ¢ç¥ã®åé¡ã察å¿çã®ããæ¢ç¥ã®åé¡ã®ãªã¹ã㧠ãã l ããŒããŠã§ã¢äºææ§ãªã¹ã (HCL):Sophos UTM ãœãããŠã§ã¢ã«å¯Ÿå¿ããããŒããŠã§ã¢ã®ãªã¹ã㧠ãã l Up2Date æ å ±:Sophos NSGUp2Date ããã°ã«ã¯ã補åã®æ¹åããã¡ãŒã ãŠã§ã¢ã®æŽæ°ã«ã€ã ãŠã®æ å ±ãæ²èŒãããŠããŸãã 18.1 ããã¥ã¡ã³ã ãªã³ ã©ã€ã³ ã ã«ã ãã®ã»ã¯ã·ã§ã³ã«ã¯ããªã³ã©ã€ã³ãã«ãã®éãæ¹ãããã³äœ¿çšã«é¢ãã説æããããŸãã 18.2 å°å·å¯èœåœ¢åŒèšå®æ å ± 18 ãµããŒã ããã¥ã¢ã«ã®ã㊠㳠ã ãŒã ææ°ã®ç®¡çã¬ã€ãã PDF 圢åŒã§ããŠã³ããŒãã§ããŸããã¬ã€ãã®èšèªãéžæãããããŠã³ããŒãé å§ ããã¯ãªãã¯ããŸããPDF ææžãéãããã«ã¯ãAdobe Reader ã Xpdf ãšãã£ãå°çšã®ãªãŒããŒãå¿ èŠã§ãã åç § â æ§ããŒãžã§ã³ã® UTM ã®ç®¡çã¬ã€ããããã®ä»ã®ããã¥ã¡ã³ãã¯ã SophosãµããŒãããŒã¿ ããŒã¹ããããŠã³ããŒãã§ããŸãã 18.2 å°å·å¯èœåœ¢åŒèšå®æ å ± ããµããŒã > å°å·å¯èœåœ¢åŒèšå®æ å ± ãããŒãžã§ã¯ãçŸåšã® WebAdmin èšå®ã«ã€ããŠè©³çŽ°ãªã¬ããŒã ãäœæã§ããŸãã 泚 â å°å·å¯èœåœ¢åŒèšå®æ å ±ã¯æ°ãããŠã£ã³ããŠã§éããŸãããã©ãŠã¶ã«ãã£ãŠã¯ãWebAdmin çš ã«ãããã¢ãããŠã€ã³ããŠãèš±å¯ããå¿ èŠããããŸãã å°å·å¯èœåœ¢åŒèšå®æ å ±ã®æ§é ã¯ãWebAdmin ã¡ãã¥ãŒã®æ§é ãšåãã§ããããã察å¿ãã WebAdmin ã®èšå®ãªãã·ã§ã³ãç°¡åã«èŠã€ããããšãã§ããŸãã å°å·å¯èœåœ¢åŒèšå®æ å ±ãã©ãŠã¶ããŒãžã¯ãæŠèŠããŒãž (çŽ¢åŒ ) ãšè€æ°ã®ãµãããŒãžããæããŸãã ãµãããŒãžãžã®ãªã³ã¯ã¯ãã«ãŒã§ãã€ã©ã€ããããŠããŸãããµãããŒãžã«ã¯ãé¢é£ãããã¯ã®è©³çŽ°æ å ±ã衚瀺ãããŸãããµãããŒãžã®äžéšã«ããã玢åŒã«æ»ãããªã³ã¯ãã¯ãªãã¯ããŠããã€ã§ããµãã㌠ãžãã玢åŒã«æ»ãããšãã§ããŸãã å°å·å¯èœåœ¢åŒèšå®æ å ±ã«ã¯ä»ã«2ã€ã®è¡šç€ºãªãã·ã§ã³ããããŸãã l WebAdmin åœ¢åŒ l Confd åœ¢åŒ ãããã®è¡šç€ºãªãã·ã§ã³ãžã®ãªã³ã¯ã¯ã玢åŒããŒãžã®äžéšã«ãããŸãã 18.3 ãµããŒãçªå£ Sophos ã¯ãã»ãã¥ãªãã£ãœãªã¥ãŒã·ã§ã³ã®ããã«ç·åçãªã«ã¹ã¿ããŒãµããŒããµãŒãã¹ãæäŸããŠã ãŸããã客æ§ã® ãµããŒã/ã¡ã³ããã³ã¹ã¬ãã«ã«å¿ããŠãããŸããŸãªã¬ãã«ã®ã¢ã¯ã»ã¹ãµãŒãã¹ã«å 510 UTM 9 管çã¬ã€ã 18 ãµããŒã 18.4 ããŒã« ããSophos ãµãŒãã¹éšéã Sophos NSG èªå®ããŒãããŒã«ããããŸããŸãªã¬ãã«ã®ãµããŒããæäŸ ããŠããŸãã Sophos UTM ã«é¢é£ãããã¹ãŠã®ãµããŒãã±ãŒã¹ã¯ãMyAstaro ã©ã€ã»ã³ã¹ããŒã¿ã«çµç±ã§åŠçã ããŸãããµããŒãã±ãŒã¹ãéãã«ã¯ããæ°ãããŠã£ã³ããŠã§ãµããŒããã±ããããªãŒãã³ããããã¯ãªã㯠ã㊠Web ãã©ãŒã ã䜿çšããŠãã ããã 18.4 ããŒã« ããµããŒã > ããŒã« ãã¡ãã¥ãŒã®ã¿ãã«ã¯ãæçšãªãããã¯ãŒã¯ããŒã«ã®åºåã衚瀺ãããŸããããã ã䜿çšãããšãUTM ã®ã³ãã³ãã©ã€ã³ã€ã³ã¿ãã§ãŒã¹ã䜿çšããªãã§ãéèŠãªãããã¯ãŒã¯ãããã㣠ãå€æããããšãã§ããŸããããã§ã¯ã以äžã®ããŒã«ã®åºåãèŠãããšãã§ããŸãã l Ping l Traceroute l DNS ã«ãã¯ã¢ãã 18.4.1 Ping ãã§ã㯠ping ããã°ã©ã ã¯ãIP ãããã¯ãŒã¯ã暪æããŠç¹å®ãã¹ãã«å°éã§ãããã©ããããã¹ãããããã® ã³ã³ãã¥ãŒã¿ãããã¯ãŒã¯ããŒã«ã§ããping ã¯ãICMP ãšã³ãŒèŠæ± ãã±ãããã¿ãŒã²ãããã¹ãã«éä¿¡ ããICMP ãšã³ãŒå¿ç ã«ããè¿ä¿¡ãåŸ æ©ããããšã§æ©èœããŸããping ã¯ãééã®ã¿ã€ãã³ã°ãšå¿ççã 䜿çšããŠããã¹ãéã®åŸåŸ©æéãšãã±ããçŽå€±çãè©äŸ¡ããŸãã ping ãã§ãã¯ãè¡ãã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ping ãã¹ããéžæããŸãã ping ãããã¹ããéžæããŸãããPing ãã¹ããããã¯ã¹ã§ããã¹ãå®çŸ©ã®ãããã¹ããéžæã§ã ãŸãããŸãã¯ãããã¹ãå/IPã¢ãã¬ã¹ãå ¥å ããéžæããŠã«ã¹ã¿ã ãã¹ãåãŸã㯠IP ã¢ãã¬ã¹ ãäžã®ããã¹ãããã¯ã¹ã«å ¥åããããšãã§ããŸãã 2. IP ããŒãžã§ã³ãéžæããŸã (IPv6 ãã°ããŒãã«ã«æå¹ã«ããŠããå Žåã«ã®ã¿äœ¿çšå¯èœã§ ã)ã ãIP ããŒãžã§ã³ãããããããŠã³ãªã¹ãã§ããIPv4ããŸãã¯ãIPv6ããéžæããŸãã 3. ãé©çš ããã¯ãªãã¯ããŸãã ping ãã§ãã¯ã®åºåããPing ãã§ãã¯çµæ ããšãªã¢ã«è¡šç€ºãããŸãã UTM 9 管çã¬ã€ã 511 18.4 ããŒã« 18 ãµããŒã 18.4.2 Traceroute traceroute (ãã¬ãŒã¹ã«ãŒã) ããã°ã©ã ã¯ãIP ãããã¯ãŒã¯äžã§ãã±ããã䜿çšããã«ãŒãã®æ±ºå®ã« 䜿çšãããã³ã³ãã¥ãŒã¿ãããã¯ãŒã¯ããŒã«ã§ããtraceroute ã¯ããã±ããã®äŒéã«é¢äžããã«ãŒã¿ ã® IP ã¢ãã¬ã¹ãäžèŠ§è¡šç€ºããŸããäžå®ã®æéå ã«ãã±ããã®ã«ãŒããå€æã§ããªãå Žåã¯ãIP 㢠ãã¬ã¹ã®ä»£ããã«ã¢ã¹ã¿ãªã¹ã¯ (*) ã§å ±åããŸããäžå®ã®åæ°ã ã倱æãããšã確èªäœæ¥ã¯çµäºã ãŸãã確èªã®äžæã«ã¯å€ãã®çç±ãèããããŸãããã»ãšãã©ã®å Žåã¯ããããã¯ãŒã¯ãã¹ã®ãã¡ ã€ã¢ãŠã©ãŒã«ã traceroute ãã±ããããããã¯ããããšãåå ãšãªããŸãã ã«ãŒãã远跡ããã«ã¯ã以äžã®æé ã«åŸããŸãã 1. traceroute ãã¹ããæå®ããŸãã ã«ãŒãã远跡ãããã¹ããæå®ããŸãããTraceroute å ãã¹ããããã¯ã¹ã§ããã¹ãå®çŸ©ã®ãã ãã¹ããéžæã§ããŸãããŸãã¯ãããã¹ãå/IPã¢ãã¬ã¹ãå ¥å ããéžæããŠã«ã¹ã¿ã ãã¹ãå㟠ã㯠IP ã¢ãã¬ã¹ãäžã®ããã¹ãããã¯ã¹ã«å ¥åããããšãã§ããŸãã 2. IP ããŒãžã§ã³ãéžæããŸã (IPv6 ãã°ããŒãã«ã«æå¹ã«ããŠããå Žåã«ã®ã¿äœ¿çšå¯èœã§ ã)ã ãIP ããŒãžã§ã³ãããããããŠã³ãªã¹ãã§ããIPv4ããŸãã¯ãIPv6ããéžæããŸãã 3. ãããã¢ãã¬ã¹ããã¹ãå解決ãããæ°åã§è¡šç€º (ä»»æ)ã ãã¹ã§èŠã€ãã£ãåã²ãŒããŠã§ã€ã«ã€ããŠãããŒã ãµãŒã㧠IP ã¢ãã¬ã¹ãã DNS ãã¹ãå ãžã®åå解決ãè¡ããªãå Žåã¯ããã®ãªãã·ã§ã³ãéžæããŸãã 4. ãé©çš ããã¯ãªãã¯ããŸãã traceroute ã®åºåãããã¬ãŒã¹ã«ãŒãã®çµæ ããšãªã¢ã«è¡šç€ºãããŸãã 18.4.3 DNS ã«ãã¯ã¢ãã dig ããã°ã©ã (Domain Information Groper ã®ç¥) ã¯ãDNS ããŒã ãµãŒãã«åãåãããè¡ãããã ã¯ãŒã¯ããŒã«ã§ããdig ããã°ã©ã 㯠DNS ã«ãã¯ã¢ãããå®è¡ããã¯ãšãªããããŒã ãµãŒãããè¿ã ããå¿çã衚瀺ããŸãã DNS ã«ãã¯ã¢ãããè¡ãã«ã¯ã以äžã®æé ã«åŸããŸãã 1. ãã¹ãå/IP ã¢ãã¬ã¹ãæå®ããŸãã DNS æ å ±ãå€å®ããããã¹ãã®ãã¹ãåãŸã㯠IP ã¢ãã¬ã¹ãå ¥åããŸãã 2. ã詳现åºåã®æå¹å ããéžæããŸã (ä»»æ)ã ãã®ãªãã·ã§ã³ãéžæãããšããã詳现ãªæ å ±ãåºåãããŸãã 512 UTM 9 管çã¬ã€ã 18 ãµããŒã 18.5 詳现 3. ãé©çš ããã¯ãªãã¯ããŸãã dig ã®åºåããDNS ã«ãã¯ã¢ããã®çµæ ããšãªã¢ã«è¡šç€ºãããŸãã 18.5 詳现 ããµããŒã > 詳现 ãã¡ãã¥ãŒã«ã¯ãUTM ã«é¢ãããã詳现ãªæ å ±ã衚瀺ãããé«åºŠãªæ©èœãæäŸã ããŠããŸããããã«ã¯ãå®è¡äžã®ããã»ã¹ãšããŒã«ã«ãããã¯ãŒã¯æ¥ç¶ã®æŠèŠã衚瀺ãããã«ãŒã㣠ã³ã°ããŒãã«ãšã€ã³ã¿ãã§ãŒã¹ããŒãã«ã確èªããããšãã§ããŸããããã«ããããã°ããªã«ããªã®ã ãã®ãµããŒãããã±ãŒãžãããŠã³ããŒããããããã°ãã¡ã€ã«ã«è¡šç€ºãããå éšäœ¿çšã®èšå®ãªãã¡ã¬ ã³ã¹ã«é¢ããèæ¯æ å ±ã確èªããããšãã§ããŸãã 18.5.1 ããã»ã¹ãªã¹ã ps ããã°ã©ã ã¯ããããè¡ã«ç¶ããã³ã³ãããŒã«ç«¯æ«ãæã€ããã»ã¹ã«é¢ããæ å ±ã衚瀺ããŸããã ã®æ å ±ã¯ãã³ã³ãããŒã«ç«¯æ«æ¯ã«ãœãŒãããã次ã«ããã»ã¹ ID æ¯ã«ãœãŒããããŸãã 18.5.2 LAN ã³ãã¯ã·ã§ã³ ã³ãã³ã netstat (ããããã¯ãŒã¯çµ±èš ãã®ç¥èª) ãšã¯ãã³ã³ãã¥ãŒã¿ã«çŸåšååšããã¢ã¯ãã£ããªã€ã³ ã¿ãŒãããæ¥ç¶ (åä¿¡ãšéä¿¡ã®äž¡æ¹) ã®ãªã¹ãã衚瀺ãããããã¯ãŒã¯ããŒã«ã§ãã 18.5.3 ã«ãŒãã£ã³ã°ããŒãã« ip ã³ãã³ãã¯ãTCP/IP ãããã¯ãŒã¯ã®ã³ã³ãããŒã«ãšãã©ãã£ãã¯ã³ã³ãããŒã«ã®ããã®ãããã¯ãŒã¯ ããŒã«ã§ãããã©ã¡ãŒã¿ route show table all ä»ãã§å®è¡ããããã®ã³ãã³ãã¯ãUTM ã®ãã¹ ãŠã®ã«ãŒãã£ã³ã°ããŒãã«ã®å 容ã衚瀺ããŸãã 18.5.4 ã€ã³ã¿ãã§ãŒã¹ããŒãã« ãã®ããŒãã«ã«ã¯ãSophos UTMã®ãã¹ãŠã®èšå®æžã¿ã€ã³ã¿ãã§ãŒã¹ (ãããã¯ãŒã¯ã€ã³ã¿ãã§ãŒã¹ ã«ãŒããšä»®æ³ã€ã³ã¿ãã§ãŒã¹ã®äž¡æ¹) ã衚瀺ãããŸããaddr ãã©ã¡ãŒã¿ä»ãã§å®è¡ãã ip ã³ãã³ã ããã€ã³ã¿ãã§ãŒã¹ãšãã®ããããã£ã衚瀺ããŸãã UTM 9 管çã¬ã€ã 513 18.5 詳现 18 ãµããŒã 18.5.5 ã³ã³ãã£ã°ãã³ã ãããã°ããªã«ããªã®ããã«ãSophos UTMã®ã€ã³ã¹ããŒã«ã«é¢ããŠã§ããã ãå€ãã®æ å ±ãåéã ãŠãããšäŸ¿å©ã§ããããã«ã¯ãããµããŒã > 詳现 > ã³ã³ãã£ã°ãã³ããã¿ãã§ããŠã³ããŒãå¯èœãªãµã㌠ãããã±ãŒãžã䜿çšã§ããŸããzip ãã¡ã€ã«ã«ã¯æ¬¡ã®ã¢ã€ãã ãå«ãŸããŠããŸãã l UTM èšå®ã®å šãã³ã (storage.abf)ãããã¯çã®ããã¯ã¢ãããã¡ã€ã«ã§ã¯ãªããããã ã¹ã¯ãŒããªã©ãå«ãŸããŠãããããããã°ç®çã®ã¿ã§äœ¿çšã§ããŸãã l ã·ã¹ãã å ã«ååšããããŒããŠã§ã¢ã«é¢ããæ å ± (hwinfo)ã l ã·ã¹ãã ã«ã€ã³ã¹ããŒã«ããããœãããŠã§ã¢ããã±ãŒãžã«é¢ããæ å ± (swinfo)ã 18.5.6 REF_ ããªãŸã«ã ãããã°ã®ããã«ãã·ã¹ãã å éšã§äœ¿çšãããŠããèšå®ãªãã¡ã¬ã³ã¹ããªãŸã«ãããããšãã§ã㟠ãããã°å ã§ãªãã¡ã¬ã³ã¹ãèŠã€ããå Žåããªãã¡ã¬ã³ã¹æååãããã«è²Œãä»ããŠãã ãã (äŸ: REF_ DefaultSuperAdmin)ãã¿ãã«ãèšå®çš Configuration ããŒã¢ã³ã®ããŒã¿æ§é ã®è©²åœç®æã衚瀺ã ããŸãã 514 UTM 9 管çã¬ã€ã 19 ãã°ãªã UTM ãããã°ã¢ãŠãããã«ã¯ãããã°ãªã ãã¡ãã¥ãŒãšã³ããªãã¯ãªãã¯ããŸããé©åã«ãã°ã¢ãŠãã㪠ãã£ãå ŽåããWebãã©ãŠã¶ã誀ã£ãŠéããŠããŸã£ãå Žåã«ã¯ãçŽ30ç§éåãã°ã€ã³ã§ããªãå¯èœ æ§ããããŸãã 泚 â ã»ãã·ã§ã³äžã«å¥ã®Webãµã€ãã«ã¢ã¯ã»ã¹ããå Žåã«ãããã°ã¢ãŠãããããšã«ãªããŸãããã® å Žåããã°ã€ã³ããªããå¿ èŠããããŸãã 20 ãŠãŒã¶ããŒã¿ã« ããã§ã¯ããŠãŒã¶ããŒã¿ã«ã®æ©èœããã³ããã§ãšã³ããŠãŒã¶ã«æäŸããããµãŒãã¹ã«ã€ããŠèª¬æã ãŸãã Sophos UTMã®ãŠãŒã¶ããŒã¿ã«ã¯ãèš±å¯ãããŠãŒã¶ã«ããŒãœãã«ãªã¡ãŒã«ããã³ãªã¢ãŒãã¢ã¯ã»ã¹ã äžå¿ãšãããµãŒãã¹ãæäŸãããã©ãŠã¶ããŒã¹ã¢ããªã±ãŒã·ã§ã³ã§ãããŠãŒã¶ããŒã¿ã«ã«ã¢ã¯ã»ã¹ã ãã«ã¯ãSophos UTMã® URL (https://192.168.2.100 ãªã©) ã«ãã©ãŠãºããŸã (HTTPS ãããã³ ã«)ã ãã°ã€ã³ããŒãžã§ããŠãŒã¶ã¯ãããããŒã®å³åŽã«ããããããããŠã³ãªã¹ãããèšèªãéžæã§ã㟠ãã 管çè ã WebAdmin ã§æå¹ã«ãããµãŒãã¹ããã³æ©èœã«å¿ããŠããŠãŒã¶ã¯ä»¥äžã®ãµãŒãã¹ã«ã¢ã¯ ã»ã¹ã§ããŸãã l ã¡ãŒã«éé¢ l ã¡ãŒã«ãã° l POP3 ã¢ã«ãŠã³ã l éä¿¡è ãã¯ã€ããªã¹ã l éä¿¡è ãã©ãã¯ãªã¹ã l ãããã¹ããã l ã¯ã©ã€ã¢ã³ãèªèšŒ l ãªã¢ãŒãã¢ã¯ã»ã¹ l HTML5 VPN ããŒã¿ã« l ãã¹ã¯ãŒãã®å€æŽ l HTTPS ãããã· 20.1 ãŠãŒã¶ããŒã¿ã«:éé¢ã¡ãŒã« ã¡ãŒã«éé¢æ©èœã«ããããŠãŒã¶ã¯éé¢ãããŠããã¡ãã»ãŒãžã衚瀺ãããããªãªãŒã¹ããããšãã§ã ãŸãã 20.1 ãŠãŒã¶ããŒã¿ã«:éé¢ã¡ãŒã« 20 ãŠãŒã¶ããŒã¿ã« 泚 âãã¡ãŒã«éé¢ ãã¿ãã¯ããŠãŒã¶ã®ã¡ãŒã«ã¢ãã¬ã¹ãã«ããã¢ãã¿ãªã³ã°ããããããã¯ãŒã¯ãŸã㯠ãã¡ã€ã³ã«å±ãã管çè ã«ãã£ãŠãŠãŒã¶ã«ãã®æ©èœã®ã¢ã¯ã»ã¹æš©ãå²ãåœãŠãããŠããå Žåã«ã® ã¿è¡šç€ºãããŸãããŠãŒã¶ã SMTP ãš POP3 ã®äž¡æ¹ã§ã¡ãŒã«ãåä¿¡ããå Žåã¯ãã¡ãŒã«ããPOP3 éé¢ ãããã³ãSMTP éé¢ ãã® 2ã€ã®ã¿ãã«ç·šæãããŸãããããã®ã¿ãã®æ©èœã¯åãã§ãã ãã¡ãŒã«éé¢ ãã¿ãã«ã¯ããŠãŒã¶å®ãŠã«éä¿¡ãããSophos UTMã«ãã£ãŠãããã¯ããã³éé¢ãããã ã¹ãŠã®ã¡ãŒã«ã®æŠèŠã衚瀺ãããŸããPOP3 ã®éé¢ã¡ãŒã«ã衚瀺ãããããã«ããã«ã¯ããŠãŒã¶ ã¯ãPOP3 ã¢ã«ãŠã³ããã¿ãã«ãŠãŒã¶ã® POP3 è³æ Œæ å ±ãå ¥åããå¿ èŠããããŸãã éé¢ã¡ãŒã«ã®ãœãŒããšãã£ã«ã¿ ããã©ã«ãã§ã¯ãã¹ãŠã®ã¡ãŒã«ã衚瀺ãããŸãããªã¹ãã« 20件ãè¶ ããã¡ãŒã«ãå«ãŸããå Žåãè€ æ°ããŒãžã«åå²ãããã>ã(次ãž) ãã¿ã³ãšã<ã (æ»ã) ãã¿ã³ã䜿çšããŠç§»åããããšãã§ããŸãã 衚瀺ãªãã·ã§ã³ãå€æŽããã«ã¯ã次ã®æé ã«åŸããŸãã Sort by( ãœãŒãé ) :ããã©ã«ãã§ã¯ãåä¿¡æå»ã«ãããªã¹ãããœãŒããããŠããŸããããã§ã¯ãå¥ ã®ãœãŒãåºæºãéžæã§ããŸãã and show( 衚瀺) :ãã§ãã¯ããã¯ã¹ãéžæããããšã§ã1ããŒãžããã 20件ã50件ã100件ã250 件ã500件ã1000件ããŸãã¯ãã¹ãŠã®ã¡ãã»ãŒãžã衚瀺ããããšãã§ããŸãããã¹ãŠã®ã¡ã ã»ãŒãžã®è¡šç€ºã«ã¯æéããããå ŽåããããŸãã 以äžã®é ç®ã§ã¡ãŒã«ããã£ã«ã¿ããããšãã§ããŸãã l # éé¢ã¡ãã»ãŒãž:ããŒãžäžéšã®ãã§ãã¯ããã¯ã¹ãéžæããŠãéé¢çç± (æªè³ªãªã³ã³ãã³ãã ã¹ãã ãè¡šçŸãšã®äžèŽããã¡ã€ã«æ¡åŒµåãMIME ã¿ã€ããã¹ãã£ã³äžå¯èœãªã©) å¥ã«ã¡ãŒã«ã 衚瀺ãŸãã¯é衚瀺ã«ã§ããŸãã l ã¢ãã¬ã¹:éä¿¡è ã¢ãã¬ã¹ã«å¿ããŠã¡ãã»ãŒãžããã£ã«ã¿ã§ããŸãã l éä¿¡è /件å ãµãã¹ããªã³ã°:éä¿¡è ãŸãã¯ä»¶åãå ¥åããŠãéé¢ãããã¡ãã»ãŒãžãæ€çŽ¢ã§ ããŸãã l åä¿¡æ¥:ç¹å®ã®æéå ã«åŠçãããã¡ãã»ãŒãžã®ã¿ã衚瀺ããã«ã¯ãæ¥ä»ãå ¥åããããã« ã¬ã³ããŒã¢ã€ã³ã³ã§æ¥ä»ãéžæããŸãã éé¢ã¡ãŒã«ã®ç®¡ç ããããã®ã¡ãã»ãŒãžã®åã®ãã§ãã¯ããã¯ã¹ãå©çšããããã¡ãã»ãŒãžãã¯ãªãã¯ãéžæããããšã« ããã次ã®äœæ¥ãå®è¡ã§ããŸãã次ã®äœæ¥ãå®è¡ã§ããŸãã 518 UTM 9 管çã¬ã€ã 20 ãŠãŒã¶ããŒã¿ã« 20.2 ãŠãŒã¶ããŒã¿ã«:ã¡ãŒã«ãã° l 衚瀺:ã¡ãŒã«ã®ã³ã³ãã³ãã瀺ããŠã£ã³ããŠãéããŸãã l ããŠã³ããŒã:éžæããã¡ãã»ãŒãžã EML 圢åŒã§ããŠã³ããŒããããŸãã l åé€:éžæãããã¡ãã»ãŒãžãåé€ããŸãããããåãæ¶ãããšã¯ã§ããŸããã l éä¿¡è ã®ãã¯ã€ããªã¹ãå:ã¡ãŒã«ãåä¿¡ãã¬ã€ã«ç§»åããéä¿¡è ããã¯ã€ããªã¹ãã«è¿œå ã㟠ããä»åŸãã®éä¿¡è ããéãããã¡ãŒã«ãéé¢ãããªãããã«ãªããŸããæªè³ªãªã³ã³ãã³ã ãå«ãã¡ãŒã«ã¯ããã¯ã€ããªã¹ãã®éä¿¡è ããéãããŠããå Žåã§ããåžžã«éé¢ãããŸãã l ãªãªãŒã¹:éžæãããã¡ãã»ãŒãžãéé¢ãããªãªãŒã¹ããŸãã 泚 â ããã§èš±å¯ãããã¢ã¯ã·ã§ã³ã¯ãã¡ãŒã«ãéé¢ãããçç±ããã³ WebAdmin ã®èšå®ã«åºã¥ã ãŠç°ãªããŸãããŠãŒã¶ã¯æ瀺çã«èš±å¯ãããŠããã¡ãã»ãŒãžã®ã¿ããªãªãŒã¹ã§ããŸããéé¢ã«ä¿ çãããŠããã¡ãã»ãŒãžããã¹ãŠ ãªãªãŒã¹ã§ããã®ã¯ç®¡çè ã ãã§ãã ã°ããŒãã«ã¯ãªãŒã³ã¢ããã¢ã¯ã·ã§ã³ã®éžæ:ããã«ã¯ãã¡ãã»ãŒãžã«å¯ŸããŠã°ããŒãã«ã«é©çšããã ããŸããŸãªåé€ãªãã·ã§ã³ããããŸããã€ãŸããéžæãããŠããªãã¡ãã»ãŒãžã衚瀺ãããŠããªã ã¡ãã»ãŒãžã«ããªãã·ã§ã³ãé©çšãããŸãã 20.2 ãŠãŒã¶ããŒã¿ã«:ã¡ãŒã«ãã° ãã®ã¿ãã§ããšã³ããŠãŒã¶ã¯ SMTP çµç±ã§éä¿¡ãããã¡ãŒã«ã®ãã©ãã£ãã¯ã®ãã°ã衚瀺ããããšã ã§ããŸãã 泚 âãã¡ãŒã«ãã°ãã¿ãã¯ããŠãŒã¶ã®ã¡ãŒã«ã¢ãã¬ã¹ãSophos UTMã® SMTP ãããã·ã«ããã¢ãã¿ãª ã³ã°ããããã¡ã€ã³ã«å±ãã管çè ã«ãã£ãŠãŠãŒã¶ã«ãã®æ©èœã®ã¢ã¯ã»ã¹æš©ãå²ãåœãŠãããŠã ãå Žåã«ã®ã¿è¡šç€ºãããŸãããŠãŒã¶ã SMTP ãš POP3 ã®äž¡æ¹ã§ã¡ãŒã«ãåä¿¡ããå Žåããã®ã¿ã ã®ååã¯ãSMTP ãã°ãã«ãªããŸãã ãã¡ãŒã«ãã°ãã¿ãã«ã¯ããŠãŒã¶ã®ã¡ãŒã«ã¢ãã¬ã¹ã®ãã¹ãŠã®ã¡ãŒã«ãã©ãã£ãã¯ã«é¢ãããã°ãšã³ã㪠ã瀺ãããŸããæªé ä¿¡ã®ã¡ãŒã«ã®ãã°ãšã³ããªã«ã¯ãé ä¿¡ãããªãã£ãçç±ã«é¢ããæ å ±ãå«ãŸ ããŸãããã°ãšã³ããªãããã«ã¯ãªãã¯ãããšããŠã£ã³ããŠãéãã詳现ãªãã°æ å ±ã衚瀺ãããŸãã ããã©ã«ãã§ã¯ãã¹ãŠã®ã¡ãŒã«ã衚瀺ãããŸãããªã¹ãã« 20件ãè¶ ããã¡ãŒã«ãå«ãŸããå Žåãè€ æ°ããŒãžã«åå²ãããã>ã(次ãž) ãã¿ã³ãšã<ã (æ»ã) ãã¿ã³ã䜿çšããŠç§»åããããšãã§ããŸãã 衚瀺ãªãã·ã§ã³ãå€æŽããã«ã¯ã次ã®æé ã«åŸããŸãã Sort by( ãœãŒãé ) :ããã©ã«ãã§ã¯ãåä¿¡æå»ã«ãããªã¹ãããœãŒããããŠããŸããããã§ã¯ãå¥ UTM 9 管çã¬ã€ã 519 20.3 ãŠãŒã¶ããŒã¿ã«:POP3 ã¢ã«ãŠã³ã 20 ãŠãŒã¶ããŒã¿ã« ã®ãœãŒãåºæºãéžæã§ããŸãã and show( 衚瀺) :ãã§ãã¯ããã¯ã¹ãéžæããããšã§ã1ããŒãžããã 20件ã50件ã100件ã250 件ã500件ã1000件ããŸãã¯ãã¹ãŠã®ã¡ãã»ãŒãžã衚瀺ããããšãã§ããŸãããã¹ãŠã®ã¡ã ã»ãŒãžã®è¡šç€ºã«ã¯æéããããå ŽåããããŸãã 以äžã®é ç®ã§ã¡ãŒã«ããã£ã«ã¿ããããšãã§ããŸãã l # ãã¡ã€ã«ã®ãã°ã€ãã³ã:ããŒãžäžéšã®ãã§ãã¯ããã¯ã¹ãéžæããŠãã¹ããŒã¿ã¹ã«å¿ããŠã¡ãŒ ã«ã衚瀺ãŸãã¯é衚瀺ã«ã§ããŸãã l ã¢ãã¬ã¹:éä¿¡è ã¢ãã¬ã¹ã«å¿ããŠã¡ãŒã«ããã£ã«ã¿ã§ããŸãã l éä¿¡è /件å ãµãæåå:éä¿¡è ãŸãã¯ä»¶åãå ¥åããŠãéé¢ãããã¡ãã»ãŒãžãæ€çŽ¢ã§ã ãŸãã l åä¿¡æ¥:ç¹å®ã®æéå ã«åŠçãããã¡ãã»ãŒãžã®ã¿ã衚瀺ããã«ã¯ãæ¥ä»ãå ¥åããããã« ã¬ã³ããŒã¢ã€ã³ã³ã§æ¥ä»ãéžæããŸãã 20.3 ãŠãŒã¶ããŒã¿ã«:POP3 ã¢ã«ãŠã³ã ãã®ã¿ãã§ããšã³ããŠãŒã¶ã¯ãèªåå®ãŠã® POP3 éé¢ã¡ãŒã«ã衚瀺ã»é ä¿¡ããéé¢ãªããŒããåä¿¡ã ãããã«èšå®ã§ããŸãã 泚 â POP3 ã¢ã«ãŠã³ã ã¿ãã¯ç®¡çè ã POP3 ãæå¹åããPOP3 ãµãŒããè¿œå ããå Žåã®ã¿å© çšã§ããŸãã ãã®ããŒãžã§ããŠãŒã¶ã¯ã䜿çšãã POP3 ã¢ã«ãŠã³ãã®ã¢ã«ãŠã³ãæ å ±ãå ¥åããå¿ èŠããã㟠ããPOP3 ã¢ã«ãŠã³ãæ å ±ãå ¥åãããã¹ãã ã¡ãŒã«ã®ã¿ããŠãŒã¶ããŒã¿ã«ã«è¡šç€ºãã㟠ããPOP3 ã¢ã«ãŠã³ãã®ã¢ã«ãŠã³ãæ å ±ãä¿åãããŠãããŠãŒã¶ã¯ãåã¡ãŒã«ã¢ãã¬ã¹ã«ã€ããŠã å¥ã ã®éé¢ã¬ããŒããåãåããŸãã 20.4 ãŠãŒã¶ããŒã¿ã«:éä¿¡è ãã¯ã€ããªã¹ã éä¿¡è ãã¯ã€ããªã¹ãæ©èœã«ããããŠãŒã¶ã¯ã¡ãŒã«éä¿¡è ããã¯ã€ããªã¹ãã«è¿œå ããŠããã®éä¿¡è ããã®ã¡ãã»ãŒãžãã¹ãã ãšããŠåŠçãããªãããã«ããããšãã§ããŸãããã ãããŠã€ã«ã¹ãå«ã ã¡ãŒã«ãã¹ãã£ã³äžå¯èœãªã¡ãŒã«ã¯éé¢ãããŸãã 520 UTM 9 管çã¬ã€ã 20 ãŠãŒã¶ããŒã¿ã« 20.5 ãŠãŒã¶ããŒã¿ã«:éä¿¡è ãã©ãã¯ãªã¹ã 泚 âãéä¿¡è ãã¯ã€ããªã¹ããã¿ãã¯ããŠãŒã¶ã®ã¡ãŒã«ã¢ãã¬ã¹ãSophos UTMã«ããã¢ãã¿ãªã³ã°ã ãããããã¯ãŒã¯ãŸãã¯ãã¡ã€ã³ã«å±ãã管çè ã«ãã£ãŠãŠãŒã¶ã«ãã®æ©èœã®ã¢ã¯ã»ã¹æš©ãå²ãåœ ãŠãããŠããå Žåã«ã®ã¿è¡šç€ºãããŸãã ãã¯ã€ããªã¹ãã«éä¿¡è ãè¿œå ããã«ã¯ãã+ãã¢ã€ã³ã³ãã¯ãªãã¯ããŠã¢ãã¬ã¹ãå ¥åãããã§ãã¯ã¢ã€ ã³ã³ãã¯ãªãã¯ããŠä¿åããŸããæå¹ãªã¡ãŒã«ã¢ãã¬ã¹ãå ¥åããã ([email protected] ãªã©)ã㢠ã¹ã¿ãªã¹ã¯ãã¯ã€ã«ãã«ãŒããšããŠäœ¿çšããŠç¹å®ãã¡ã€ã³ã®ãã¹ãŠã®ã¡ãŒã«ã¢ãã¬ã¹ãæå®ã§ããŸã (*@example.com ãªã©)ã 20.5 ãŠãŒã¶ããŒã¿ã«:éä¿¡è ãã©ãã¯ãªã¹ã ãã®ã¿ãã§ããšã³ããŠãŒã¶ã¯ã¡ãŒã«éä¿¡è ããã©ãã¯ãªã¹ãã«è¿œå ããŠããã®éä¿¡è ããã®ã¡ãã»ãŒ ãžãåžžã«ã¹ãã ãšããŠåŠçããããšãã§ããŸãã 泚 âãéä¿¡è ãã©ãã¯ãªã¹ããã¿ãã¯ããŠãŒã¶ã®ã¡ãŒã«ã¢ãã¬ã¹ãSophos UTMã«ããã¢ãã¿ãªã³ã°ã ãããããã¯ãŒã¯ãŸãã¯ãã¡ã€ã³ã«å±ãã管çè ã«ãã£ãŠãŠãŒã¶ã«ãã®æ©èœã®ã¢ã¯ã»ã¹æš©ãå²ãåœ ãŠãããŠããå Žåã«ã®ã¿è¡šç€ºãããŸãã ãã©ãã¯ãªã¹ãã¯ãã·ã¹ãã å 㧠SMTP ãš POP3 ã䜿çšãããŠããã°ãSMTP ãš POP3 ã®äž¡æ¹ã® ã¡ãŒã«ã«é©çšãããŸãããã©ãã¯ãªã¹ãã«éä¿¡è ãè¿œå ããã«ã¯ãã+ãã¢ã€ã³ã³ãã¯ãªãã¯ããŠã¢ãã¬ã¹ ãå ¥åãããã§ãã¯ã¢ã€ã³ã³ãã¯ãªãã¯ããŠä¿åããŸããæå¹ãªã¡ãŒã«ã¢ãã¬ã¹ ([email protected] ãªã©) ãå ¥åãããããã¡ã€ã³å šäœ (*@hotmail.com ãªã©) ãæå®ãã ããšãã§ããŸãã 20.6 ãŠãŒã¶ããŒã¿ã«:ãããã¹ããã ãããã¹ãããæ©èœã«ãããã«ãã§ãããã«ãäŒæ¥ãªã©ã§ã¯ã²ã¹ãã«æéå¶éããã©ãã£ãã¯å¶éã課 ããã€ã³ã¿ãŒãããã¢ã¯ã»ã¹ãæäŸã§ããŸãã 泚 â ãŠãŒã¶ããŒã¿ã«ã®ããããã¹ããããã¿ãã¯ã管çè ã ãã¹ã¯ãŒã ã ããŠãã£ãŒã¿ã€ãã®ããã ã¹ããããäœæãããŠãŒã¶ãèš±å¯ãŠãŒã¶ã«è¿œå ããŠããå Žåã«ã®ã¿è¡šç€ºãããŸãã UTM 9 管çã¬ã€ã 521 20.6 ãŠãŒã¶ããŒã¿ã«:ãããã¹ããã 20 ãŠãŒã¶ããŒã¿ã« ãã®ã¿ãã§ã¯ãã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã®ã²ã¹ãã«ãããã¹ãããã¢ã¯ã»ã¹æ å ±ãé ä¿¡ã§ããŸããã¿ã ã§å¯èœãªæ©èœã¯ãéžæãããããã¹ãããã®ã¿ã€ãã«å¿ããŠãäžè¬çãªãã¹ã¯ãŒããé ä¿¡ããããã ãŠãã£ãŒãäœæããŠé ä¿¡ãããã®ããããã«ãªããŸãã ãããã¹ãããã¿ã€ã:åœæ¥æå¹ãã¹ã¯ãŒã ããã¹ã¯ãŒã ããã£ãŒã«ãã«ã¯ãçŸåšã®ãã¹ã¯ãŒãã衚瀺ãããŸãããã¹ã¯ãŒã㯠1æ¥ã« 1åèªåç ã«å€æŽãããŸããããããæåã§ãã¹ã¯ãŒããå€æŽããããšãã§ããŸãããã¹ã¯ãŒããå€æŽãããšã å€ããã¹ã¯ãŒããå³æã«ç¡å¹ã«ãªããã¢ã¯ãã£ããªã»ãã·ã§ã³ãçµäºããŸãã ãã¹ã¯ãŒããå€æŽããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãŠãŒã¶ããŒã¿ã«ã§ãããããã¹ããããã¿ããéžæããŸãã 2. ã¢ã¯ã»ã¹æ å ±ã管çãããããã¹ããããéžæããŸãã ããããã¹ããããããããããŠã³ãªã¹ãããããã¹ã¯ãŒããå€æŽãããããã¹ããããéžæã㟠ãã 3. æ°ãããã¹ã¯ãŒããå®çŸ©ããŸãã ããã¹ã¯ãŒã ããã£ãŒã«ãã«æ°ãããã¹ã¯ãŒããå ¥åãããããçæ ããã¿ã³ãã¯ãªãã¯ããŠèªå çã«æ°ãããã¹ã¯ãŒããäœæããŸãã 4. æ°ãããã¹ã¯ãŒããã¡ãŒã«ã§éä¿¡ããã«ã¯ããã¡ãŒã«éä¿¡ ããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ã ãŸãã 管çè ã«ãã£ãŠæå®ãããŠããã¡ãŒã«åä¿¡è ã«ãã¹ã¯ãŒããéä¿¡ãããŸãã管çè ãã¡ãŒ ã«ã¢ãã¬ã¹ãèšå®ããŠããªãå Žåã¯ããã§ãã¯ããã¯ã¹ã¯éžæã§ããŸããã 5. ãä¿å ããã¯ãªãã¯ããŸãã ãã¹ã¯ãŒããå³æã«å€æŽãããŸãã ãããã¹ãããã¿ã€ã:ããŠãã£ãŒ ããããäžæã®ã³ãŒããæã€ããŠãã£ãŒãäœæããããšãã§ããŸããããŠãã£ãŒã¯å°å·ããŠã²ã¹ã ã«æäŸããããšãã§ããŸããäœæããããŠãã£ãŒã®ãªã¹ãã«ãããããŠãã£ãŒã®äœ¿çšç¶æ³ãææ¡ã ãã³ç®¡çã§ããŸãã ããŠãã£ãŒãäœæããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ãŠãŒã¶ããŒã¿ã«ã§ãããããã¹ããããã¿ããéžæããŸãã 2. ã¢ã¯ã»ã¹æ å ±ã管çãããããã¹ããããéžæããŸãã ããããã¹ããããããããããŠã³ãªã¹ããããããŠãã£ãŒãäœæãããããã¹ããããéžæã㟠ãã 522 UTM 9 管çã¬ã€ã 20 ãŠãŒã¶ããŒã¿ã« 20.6 ãŠãŒã¶ããŒã¿ã«:ãããã¹ããã 3. ãããŠãã£ãŒå®çŸ© ããã£ãŒã«ãããããŠãã£ãŒã¿ã€ããéžæããŸãã ããŠãã£ãŒã¿ã€ãã¯ç®¡çè ã«ãã£ãŠå®çŸ©ãããŠããŸããã©ã®ç®çã«ã©ã®ã¿ã€ãã®ããŠãã£ãŒ ã䜿çšãããã¯ã瀟å ã§å®çŸ©ããå¿ èŠããããŸãã 4. ãæ° ããã£ãŒã«ãã«ã¯ããã®ã¿ã€ãã®ããŠãã£ãŒã®äœææ°ãå ¥åããŸãã 5. ãªãã·ã§ã³ã§ããã³ã¡ã³ãããã£ãŒã«ãã«ã³ã¡ã³ããå ¥åããŸãã ãã®ã³ã¡ã³ãã¯ããŠãã£ãŒãªã¹ãã«è¡šç€ºãããŸãã 6. ããŠãã£ãŒãçŽæ¥å°å·ããã«ã¯ããå°å· ããã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããŸãã 7. ãããŠãã£ãŒã®äœæ ããã¿ã³ãã¯ãªãã¯ããŸãã ããŠãã£ãŒãçæãããŸããäžã®ããŠãã£ãŒãªã¹ãã®æ°ããè¡ã«ãåããŠãã£ãŒãå³æ㫠衚瀺ãããŸããå°å·ãæå®ããå Žåã¯ãããŠãã£ãŒãçŽæ¥å°å·ãããŸããåããŠãã£ãŒã« ã¯ãäžæã®ã³ãŒãããããŸãã 泚 â ããŠãã£ãŒã®å 容ããµã€ãºãã¬ã€ã¢ãŠãã¯ç®¡çè ã«ãã£ãŠèšå®ãããŸãã ããŠãã£ãŒãªã¹ãã§ããŠãã£ãŒã管çããããšãã§ããŸãããªã¹ãã®äžŠã¹æ¿ãããã£ã«ã¿ãã³ã¡ã³ãã® å ¥åãŸãã¯å€æŽãéžæããããŠãã£ãŒã®å°å·ãåé€ããšã¯ã¹ããŒããè¡ãããšãã§ããŸãã l ãªã¹ãã䞊ã¹æ¿ããã«ã¯ãããœãŒãåºæº ãããããããŠã³ãªã¹ãããç®çã®ãœãŒãåºæºãéžæã ãŸããå³ã®ããããããŠã³ãªã¹ãã䜿çšãããšã1ããŒãžã«è¡šç€ºããããŠãã£ãŒã®æ°ãå€æŽã§ ããŸãã l ãªã¹ãããã£ã«ã¿ããã«ã¯ããã¹ããŒã¿ã¹ ãããã³ãŒã ãããŸãã¯ãã³ã¡ã³ããã®ããããã®ãã£ãŒã«ã ã䜿çšããŸããå ¥åããã«ã€ãããªã¹ããçŽæ¥ãã£ã«ã¿ãããŸãããã£ã«ã¿ããªã»ããããã«ã¯ã ã¹ããŒã¿ã¹ãšã³ããªã®ããã¹ãŠ ããéžæãããã³ãŒã ãããã³ã¡ã³ããããã¹ããã£ãŒã«ããããã¹ãŠ ã®ããã¹ããåé€ããŸãã l ã³ã¡ã³ããå ¥åãããå€æŽããå Žåã¯ãåããŠãã£ãŒã®ãã³ã¡ã³ããåã«ããã¡ã¢åž³ã¢ã€ã³ã³ ãã¯ãªãã¯ããŸããç·šéãã£ãŒã«ãã衚瀺ãããŸããããã¹ããå ¥åãããç·šéã㊠Enter ããŒãæŒããããã§ãã¯ããŒã¯ãã¯ãªãã¯ããŸãã l ããŠãã£ãŒãå°å·ãããåé€ããã«ã¯ãç®çã®ããŠãã£ãŒã®åã«ãããã§ãã¯ããã¯ã¹ã« ãã§ãã¯ãå ¥ããäžéšã«ããå¿ èŠãªãã¿ã³ãã¯ãªãã¯ããŸãã 泚 â ããŠãã£ãŒã¯ãäžå®ã®æéã®çµéåŸã«èªåçã«åé€ããããšãã§ããŸãããã®æé ã¯ç®¡çè ãèšå®ã§ããŸãã l ããŠãã£ãŒããšã¯ã¹ããŒãããã«ã¯ã次ã®æé ã«åŸããŸããç®çã®ããŠãã£ãŒã®åã«ãã ãã§ãã¯ããã¯ã¹ã«ãã§ãã¯ãå ¥ããäžéšã«ãããCSV ãžã®ãšã¯ã¹ããŒãããã¿ã³ãã¯ãªãã¯ã㟠ãããŠã£ã³ããŠã衚瀺ãããCSV ãã¡ã€ã«ãä¿åããããCSV ãã¡ã€ã«ãçŽæ¥éãããéžæ㧠UTM 9 管çã¬ã€ã 523 20.7 ãŠãŒã¶ããŒã¿ã«:ã¯ã©ã€ã¢ã³ãèªèšŒ 20 ãŠãŒã¶ããŒã¿ã« ããŸããéžæããããŠãã£ãŒã 1ã€ã® CSV ãã¡ã€ã«ã«ä¿åãããŸãããã¡ã€ã«ãéãéã«ã¯ã åã®åºåãæåãšããŠæ£ããæåãéžæããããã«ããŠãã ããã 20.7 ãŠãŒã¶ããŒã¿ã«:ã¯ã©ã€ã¢ã³ãèªèšŒ ã¯ã©ã€ã¢ã³ãèªèšŒã䜿çšãããšããŠãŒã¶ã¯Sophos Authentication Agent (SAA) ã®ã»ããã¢ãããã¡ã€ã« ãããŠã³ããŒãã§ããŸããSAA 㯠Web ãã£ã«ã¿ã®èªèšŒã¢ãŒããšããŠäœ¿çšã§ããŸãã 泚 âãã¯ã©ã€ã¢ã³ãèªèšŒ ãã¿ãã¯ã管çè ã«ãã£ãŠã¯ã©ã€ã¢ã³ãèªèšŒãæå¹åãããŠããå Žåã«ã® ã¿äœ¿çšã§ããŸãã 20.8 ãŠãŒã¶ããŒã¿ã«:ãªã¢ãŒãã¢ã¯ã»ã¹ ãªã¢ãŒãã¢ã¯ã»ã¹æ©èœã«ããããŠãŒã¶ã¯æäŸãããŠãããªã¢ãŒãã¢ã¯ã»ã¹ã¯ã©ã€ã¢ã³ããœãããŠã§ã¢ãš èšå®ãã¡ã€ã«ãããŠã³ããŒãããããšãã§ããŸãã 泚 â ããªã¢ãŒãã¢ã¯ã»ã¹ ãã¿ãã¯ããŠãŒã¶ã«å¯ŸããŠæäœ ïŒã€ã®ãªã¢ãŒãã¢ã¯ã»ã¹ã¢ãŒããæå¹ã«ãªã£ ãŠããå Žåã®ã¿å©çšã§ããŸãã ãã®ããŒãžã«ã¯ã管çè ããŠãŒã¶ã«å¯ŸããŠæå¹ã«ããŠããæ¥ç¶ã¿ã€ãã«å¯Ÿå¿ãããªã¢ãŒãã¢ã¯ã»ã¹ ããŒã¿ã®ã¿ãæäŸãããŸããããšãã°ãSSLVPN ãªã¢ãŒãã¢ã¯ã»ã¹ã®ã¿ãæå¹ã«ãããŠããå Žåã ãSSL VPNãã»ã¯ã·ã§ã³ã®ã¿ã衚瀺ãããŸãã åæ¥ç¶ã¿ã€ããå¥ã®ã»ã¯ã·ã§ã³ã«è¡šç€ºãããŸããæ¥ç¶ã¿ã€ãã«ãã£ãŠã¯ãåãœãããŠã§ã¢ãããŠã³ ããŒãããããã®æ å ±ããã¿ã³ããããŸãã該åœããå Žåã¯ã ã»ã¯ã·ã§ã³ã®äžéšã«ãæ°ãããŠã£ã³ã ãŠã§ã€ã³ã¹ããŒã«æé ãéãããªã³ã¯ã衚瀺ãããŸãããããã¯ãªãã¯ãããšã詳现ãªã€ã³ã¹ããŒã«æ é ãéããŸãã 20.9 ãŠãŒã¶ããŒã¿ã«:HTML5 VPNããŒã¿ã« HTML5 VPN ããŒã¿ã«ã䜿çšãããšãå€éšãããã¯ãŒã¯ã®ãŠãŒã¶ã¯ããã©ãŠã¶ã®ã¿ãã¯ã©ã€ã¢ã³ããšã ãŠäœ¿çšããŠããããããèšå®ãããŠããã³ãã¯ã·ã§ã³ã¿ã€ãã§å éšãªãœãŒã¹ã«ã¢ã¯ã»ã¹ããããšãã§ã ãŸãã 524 UTM 9 管çã¬ã€ã 20 ãŠãŒã¶ããŒã¿ã« 20.9 ãŠãŒã¶ããŒã¿ã«:HTML5 VPNããŒã¿ã« 泚 âãHTML5 VPN ããŒã¿ã« ãã¿ãã¯ã管çè ã VPN ã³ãã¯ã·ã§ã³ãäœæãããŠãŒã¶ãèš±å¯ãŠãŒã¶ ã«è¿œå ããŠããå Žåã«ã®ã¿è¡šç€ºãããŸãã 泚 â ãã©ãŠã¶ã¯ HTML5 ã«æºæ ãããã®ã§ããå¿ èŠããããŸããHTML5 VPN æ©èœã«å¯Ÿå¿ããŠã ããã©ãŠã¶ã¯æ¬¡ã®ãšããã§ããFirefox 6.0 以éãInternet Explorer 10 以éãChromeãSafari 5 以é (Mac ç°å¢ã®ã¿)ã ãHTML5 VPN ããŒã¿ã« ãã¿ãã«ã¯ãèš±å¯ãããŠããã³ãã¯ã·ã§ã³ã®ãªã¹ãã衚瀺ãããŸããã¢ã€ã³ã³ã« ãããã³ãã¯ã·ã§ã³ã¿ã€ãã瀺ãããŸãã ã³ãã¯ã·ã§ã³ã䜿çšããã«ã¯ã次ã®æé ã«åŸããŸãã 1. ããããã®ãæ¥ç¶ ããã¿ã³ãã¯ãªãã¯ããŸãã æ°ãããã©ãŠã¶ãŠã£ã³ããŠãéããŸãããã®å 容ãšã¬ã€ã¢ãŠãã¯ã³ãã¯ã·ã§ã³ã¿ã€ãã«äŸåã㟠ããããšãã°ãHTTP ãŸã㯠HTTPS ã³ãã¯ã·ã§ã³ãéããå Žåã«ã¯ãWeb ãµã€ããå«ãŸã㟠ãããSSH ã³ãã¯ã·ã§ã³ã®å Žåã¯ã³ãã³ãã©ã€ã³ã€ã³ã¿ãã§ãŒã¹ãšãªããŸãã 2. æ°ãã VPN ãŠã£ã³ããŠã§äœæ¥ããã äžéšã®ã¿ã¹ã¯ã§ã¯ãVPN ãŠã£ã³ããŠã®äžéšã«ã«ãŒãœã«ãéã¶ãšãã³ãã¯ã·ã§ã³ã¿ã€ãåºæã®ã¡ ãã¥ãŒããŒã衚瀺ãããŸãã l ãã¡ã³ã¯ã·ã§ã³ããŒãããŒã®çµã¿åããã䜿çšãã:ãã¡ã³ã¯ã·ã§ã³ããŒã CTRL-ALTDEL ããŒãªã©ã®ç¹æ®ã³ãã³ãã䜿çšããå Žåã¯ããããŒããŒã ãã¡ãã¥ãŒã®è©²åœãããš ã³ããªãéžæããå¿ èŠããããŸãã l ããŒã«ã«ãã¹ããã VPN ãŠã£ã³ããŠãžã³ã㌠& ããŒã¹ããã:ããŒã«ã«ã³ã³ãã¥ãŒã¿ã§ã 該åœããããã¹ããã¯ãªããããŒããžã³ããŒããå¿ èŠããããŸããã³ãã¯ã·ã§ã³ãŠã£ã³ã ãŠã§ããã¯ãªããããŒã ãã¡ãã¥ãŒãéžæããŸããCTRL-V ããŒãæŒããŠãããã¹ãããã ã¹ãããã¯ã¹ãžè²Œãä»ããŸãã次ã«ããµãŒããžéä¿¡ ããã¿ã³ãã¯ãªãã¯ããŸããSSH ã Telnet ã³ãã¯ã·ã§ã³ã§ã¯ãããã¹ãã¯çŽæ¥ã«ãŒãœã«ã®äœçœ®ã«è²Œãä»ããããŸããRDP ã VNC ã³ãã¯ã·ã§ã³ã§ã¯ãããã¹ãã¯ãµãŒãã®ã¯ãªããããŒãã«éä¿¡ãããåŸãéåžž ã©ãã貌ãä»ããããšãã§ããŸãã 泚 â ã³ã㌠& ããŒã¹ã㯠Webapp ã³ãã¯ã·ã§ã³ã§ã¯äœ¿çšã§ããŸããã l VPN ãŠã£ã³ããŠããå¥ã®ãŠã£ã³ããŠãžã³ã㌠& ããŒã¹ããã:SSH ããã³ Telnet ã³ã㯠ã·ã§ã³ã§ã¯ãããŒã«ã«ãŠã£ã³ããŠã§å®æœããèŠé ã§ãåçŽã«ããã¹ããã³ããŒããŠè²Œã ä»ããã ãã§ããRDP ã VNC ã³ãã¯ã·ã§ã³ã§ã¯ãVPN ãŠã£ã³ããŠã§ã該åœããããã¹ã ãã¯ãªããããŒããžã³ããŒããå¿ èŠããããŸããç¶ããŠãã¯ãªããããŒã ãã¡ãã¥ãŒãéžæ UTM 9 管çã¬ã€ã 525 20.10 ãŠãŒã¶ããŒã¿ã«:ãã¹ã¯ãŒãã®å€æŽ 20 ãŠãŒã¶ããŒã¿ã« ããŸããã³ããŒããããã¹ããããã¹ãããã¯ã¹ã«è¡šç€ºãããŸããããã¹ããéžæ ããCTRL-C ããŒãæŒããŸããããã§ããã¹ããããŒã«ã«ã®ã¯ãªããããŒãã«å ¥ããéåžž ã©ãã貌ãä»ããããšãã§ããŸãã l ãªã¢ãŒããã¹ã¯ãããæ¥ç¶ã§ããŒããŒãã®é 眮ãå€æŽãã:Windows ãã¹ãã䜿çšãã㪠ã¢ãŒããã¹ã¯ãããæ¥ç¶ã§ã¯ãVPN ãŠã£ã³ããŠã®ããŒããŒãèšèªã®èšå®ãå€æŽã§ã㟠ããç¹ã« Windows ãã°ã€ã³ã®å Žåã¯ããã¹ã¯ãŒããæ£ç¢ºã«ã¿ã€ãããŠããããšã確èªã ãããã«ãéžæèšèªã Windows ã®èšèªèšå®ãšäžèŽããå¿ èŠããããŸãããããŒããŒã > ããŒããŒãã¬ã€ã¢ãŠããã¡ãã¥ãŒã§é©åãªèšèªãéžæããŸããéžæããããŒããŒãã¬ã€ ã¢ãŠã㯠cookie ã«ä¿åãããŸãã l Webapp ã³ãã¯ã·ã§ã³ã§ã¹ã¿ãŒãããŒãžã«æ»ã:Webapp ã³ãã¯ã·ã§ã³ã§ããã©ã«ãã®ã㌠ãžã«æ»ãã«ã¯ããããã²ãŒã·ã§ã³ > ããŒã ãã¡ãã¥ãŒãéžæããŸãã 3. äœæ¥ãå®äºããããã³ãã¯ã·ã§ã³ãéããŸãã l æçµçã«æ¥ç¶ãçµäºããã«ã¯ããæ¥ç¶ ãã¡ãã¥ãŒãããã»ãã·ã§ã³ã®åæ¢ ãã³ãã³ããéž æããããã¿ã€ãã«ããŒã® X ã¢ã€ã³ã³ãã¯ãªãã¯ããŠãã©ãŠã¶ãŠã£ã³ããŠãéããŸãããã³ ãã¯ã·ã§ã³ããã¿ã³ãå床䜿çšããŠæ°èŠã»ãã·ã§ã³ãéå§ã§ããŸãã l ã»ãã·ã§ã³ãåæããã«ã¯ããã³ãã¯ã·ã§ã³ãã¡ãã¥ãŒãããã»ãã·ã§ã³ã®åæ¢ ãã³ãã³ãã éžæããŸããã»ãã·ã§ã³ã®ã¹ããŒã¿ã¹ã¯ 5åéã«ããã£ãŠä¿åãããŸãããã®æéå ã«åæ¥ç¶ãããšã以åã®ã»ãã·ã§ã³ãç¶ç¶ã§ããŸãã 20.10 ãŠãŒã¶ããŒã¿ã«:ãã¹ã¯ãŒãã®å€æŽ ãã¹ã¯ãŒãã®å€æŽæ©èœã«ããããŠãŒã¶ã¯ãŠãŒã¶ããŒã¿ã«ã«ã¢ã¯ã»ã¹ããããã®ãã¹ã¯ãŒããšãäœ¿çš ã§ããå Žåã¯ãPPTP ãä»ãããªã¢ãŒãã¢ã¯ã»ã¹çšã®ãã¹ã¯ãŒããå€æŽã§ããŸãã 20.11 ãŠãŒã¶ããŒã¿ã«:HTTPS ãããã· HTTPS ãããã·æ©èœã«ããããŠãŒã¶ã¯ HTTP/S ãããã·ã® CA 蚌ææžãã€ã³ããŒãããŠãã»ãã¥ã¢ Web ãµã€ãã®èšªåæã«è¡šç€ºããããšã©ãŒã¡ãã»ãŒãžãåé¿ããããšãã§ããŸãã 泚 â ãŠãŒã¶ããŒã¿ã«ã®ãHTTPS ãããã· ãã¿ãã¯ã管çè ã«ãã£ãŠ HTTP/S ãããã·ã®èšŒææžã æäŸãããŠãããŠãŒã¶ã®ã¿ã«è¡šç€ºãããŸãã ããããã· CA 蚌ææžãã€ã³ããŒãããã¯ãªãã¯ãããšããŠãŒã¶ã®ãã©ãŠã¶ã«ãä»ã®ç®çã«å¯Ÿã㊠CA ã ä¿¡é Œãããã確èªããããã³ããã衚瀺ãããŸãã 526 UTM 9 管çã¬ã€ã çšèªé 3 3DES Triple Data Encryption Standard (ããªãã« ããŒã¿æå·åæšæº) A ACC Astaro Command Center ACPI Advanced Configuration and Power Interface (ã¢ããã³ã¹ãã³ã³ãã£ã®ã¥ã¬ãŒ ã·ã§ã³ã¢ã³ããã¯ãŒã€ã³ã¿ãã§ãŒã¹) AD Active Directory Address Resolution Protocol (ã¢ãã¬ã¹è§£æ±ºã ããã³ã«) ãã¹ãã® IP ã¢ãã¬ã¹ããããããªãå Žå ã«ããã®ã€ãŒãµããã MAC ã¢ãã¬ã¹ã確 å®ããããã«äœ¿çšãããã ADSL Asymmetric Digital Subscriber Line (é察 称ããžã¿ã«å å ¥è ç·) Advanced Configuration and Power Interface (ã¢ããã³ã¹ãã³ã³ãã£ã°ã¬ãŒã·ã§ã³ã¢ã³ãã ã¯ãŒã€ã³ã¿ãã§ãŒã¹) ACPI ãšã¯é»å管çæšæºã® 1ã€ã§ãããã³ ã³ãã¥ãŒã¿å ã®åããã€ã¹ã«åæ£ããã é»åéããªãã¬ãŒãã£ã³ã°ã·ã¹ãã ã§å¶ 埡ã§ããããã«ãããã®ã§ãã Advanced Programmable Interrupt Controller (ã¢ããã³ã¹ãããã°ã©ããã«ã€ã³ã¿ã©ããã³ã³ ãããŒã©) ãã«ãããã»ããµã³ã³ãã¥ãŒã¿ã·ã¹ãã 㧠ã®å²ã蟌ã¿ãåŠçããã¢ãŒããã¯ãã£ã AES Advanced Encryption Standard (é«åºŠæå· åæšæº) AFC Astaro Flow Classifier AH Authentication Header (èªèšŒããã) AMG Astaro Mail Gateway APIC Advanced Programmable Interrupt Controller (ã¢ããã³ã¹ãããã°ã©ããã«ã€ ã³ã¿ã©ããã³ã³ãããŒã©) ARP Address Resolution Protocol (ã¢ãã¬ã¹è§£ 決ãããã³ã«) AS Autonomous System (èªåŸã·ã¹ãã ) ASCII American Standard Code for Information Interchange (æ å ±äº€æçšç±³åœæšæºã³ãŒã) ASG Astaro Security Gateway Astaro Command Center è€æ°ã® Astaro ã²ãŒããŠã§ã€è£ 眮ã 1ã€ã® ã€ã³ã¿ãã§ãŒã¹ã§ç£èŠç®¡çããããã®ãœ ãããŠã§ã¢ãããŒãžã§ã³ 4 ãããSophos UTM Manager (SUM) ã«ååãå€æŽãã ãŸããã Astaro Security Gateway ã¡ãŒã«ãš Web ã»ãã¥ãªãã£ãå«ããçµ±åè åšç®¡çã®ããã®ãœãããŠã§ã¢ãããŒãžã§ã³ 9 ãããUnified Threat Management (UTM) ã«ååãå€æŽãããŸããã Authentication Header (èªèšŒããã) ã¢ã³ããªãã¬ã€ãæäŸããäŒéäžã«ãã±ã ãã®å 容ãæ¹ãããããŠããªãããšãæ€ çšèªé 蚌ãã IPSec ãããã³ã«ã Autonomous System (èªåŸã·ã¹ãã ) 1ã€ã®ãšã³ãã£ãã£ã«ãã£ãŠç®¡çããã IP ãããã¯ãŒã¯ãšã«ãŒã¿ã®éåäœã§ããã〠ã³ã¿ãŒãããã«å¯ŸããŠå ±éã®ã«ãŒãã£ã³ã° ããªã·ãŒãæã€ã AWG Astaro Web Gateway AWS Amazon Web Services Cipher Block Chaining (æå·ãããã¯é£é) æå·åŠçã¢ãŒãã® 1ã€ã§ãããå¹³æ (ã ã¬ãŒã³ããã¹ã) ã®åãããã¯ãçŽåã®æ å·æãããã¯ãšãæä»çè«çå (XOR)ãã ãŠããæå·åãããããã«ãããæå·æ ã®åãããã¯ã¯ãã®æç¹ãŸã§ã®ãã¹ãŠã® å¹³æãããã¯ã«äŸåããããã«ãªãã B CMS Content Management System (ã³ã³ãã³ã 管çã·ã¹ãã ) BATV Bounce Address Tag Validation (ããŠã³ã¹ ã¢ãã¬ã¹ã¿ã°æ€èšŒ) CPU Central Processing Unit (äžå€®åŠçè£ çœ®) BGP Border Gateway Protocol CRL Certificate Revocation List (蚌ææžå€±å¹ãª ã¹ã) Bounce Address Tag Validation (ããŠã³ã¹ã¢ã ã¬ã¹ã¿ã°æ€èšŒ) ã¡ãŒã«ã¡ãã»ãŒãžã«æå®ãããè¿ä¿¡ã¢ã ã¬ã¹ãæå¹ã§ãããã©ãããå€å®ããã ãã«èŠå®ãããææ³ã®ååãåœé ããã è¿ä¿¡ã¢ãã¬ã¹ãžã®ããŠã³ã¹ã¡ãã»ãŒãžã æåŠããããã«èšèšãããŠããã C CA èªèšŒå± (CA) CBC Cipher Block Chaining (æå·ãããã¯é£é) CDMA Code Division Multiple Access (笊å·åå² å€éã¢ã¯ã»ã¹) Certificate Authority (èªèšŒå±) ä»ã®ããŒãã£ã«ãã£ãŠäœ¿çšãããããžã¿ ã«èšŒææžãçºè¡ããå£äœãŸãã¯çµç¹ã 528 CHAP Challenge-Handshake Authentication Protocol (ãã£ã¬ã³ãžãã³ãã·ã§ã€ã¯èªèšŒã ããã³ã«) CSS Cascading Style Sheets (ã«ã¹ã±ãŒãã£ã³ã° ã¹ã¿ã€ã«ã·ãŒã) D DC Domain Controller (ãã¡ã€ã³ã³ã³ãããŒã©) DCCçš Direct Client Connection (çŽæ¥ã¯ã©ã€ã¢ã³ã æ¥ç¶) DDoS Distributed Denial of Service (åæ£åãµãŒ ãã¹æåŠ) DER Distinguished Encoding Rules (èå¥ç¬Šå·å èŠå) UTM 9 管çã¬ã€ã çšèªé Destination Network Address Translation (å® å ãããã¯ãŒã¯ã¢ãã¬ã¹å€æ) ããŒã¿ãã±ããã®å®å ã¢ãã¬ã¹ãæžãæã ãç¹æ®ãª NATã DHCP Dynamic Host Configuration Protocol (ã〠ãããã¯ãã¹ãèšå®ãããã³ã«) Domain Name Service (ãã¡ã€ã³ããŒã ãµãŒã ã¹) ã€ã³ã¿ãŒããããä»ããŠæ¥ç¶ãããã³ã³ ãã¥ãŒã¿ã®åºåºã® IP ã¢ãã¬ã¹ãã人㫠ãšã£ãŠããããããååããšã€ãªã¢ã¹ã« å€æããã DoS Denial of Service (ãµãŒãã¹æåŠ) Digital Signature Algorithm (ããžã¿ã«çœ²å㢠ã«ãŽãªãºã ) ç±³åœé£éŠæ¿åºãæšå¥šããŠããããžã¿ã« 眲åã«ã€ããŠã®æšæº (FIPS)ã DSA Digital Signature Algorithm (ããžã¿ã«çœ²å ã¢ã«ãŽãªãºã ) Digital Subscriber Line (ããžã¿ã«å å ¥è ç·) å°åé»è©±ç¶²ã®ã±ãŒãã«äžã§ã®ããžã¿ã« ããŒã¿äŒéãæäŸããæè¡çŸ€ã DSCP Differentiated Services Code Point (å·®å¥ åãµãŒãã¹ã³ãŒããã€ã³ã) Distinguished Encoding Rules (èå¥ç¬Šå·åèŠ å) X.509 蚌ææžãªã©ããžã¿ã«çœ²åãŸãã¯çœ² åãæ€èšŒãããããŒã¿ãªããžã§ã¯ããç¬Šå· åããããã®æ¹åŒã DSL Digital Subscriber Line (ããžã¿ã«å å ¥è ç·) DKIM Domain Keys Identified Mail (ãã¡ã€ã³ã㌠èå¥ã¡ãŒã«) DUID DHCP Unique Identifier (DHCP åºæèå¥ å) DMZ Demilitarized Zone (éæŠè£ å°åž¯) Dynamic Host Configuration Protocol (ãã€ã ããã¯ãã¹ãèšå®ãããã³ã«) ãããã¯ãŒã¯äžã®ããã€ã¹ãIPã¢ãã¬ã¹ã ååŸããããã«äœ¿çšãããããã³ã«ã DN Distinguished Name (èå¥å) E DNAT Destination Network Address Translation (å®å ãããã¯ãŒã¯ã¢ãã¬ã¹å€æ) DNS Domain Name Service (ãã¡ã€ã³ããŒã ãµãŒ ãã¹) DOI Domain of Interpretation (解éãã¡ã€ã³) UTM 9 管çã¬ã€ã ECN Explicit Congestion Notification (æ瀺ç㪠茻茳éç¥) Encapsulating Security Payload (ã«ãã»ã«å ã»ãã¥ãªãã£ãã€ããŒã) ããŒã¿ã®æ©å¯æ§ (æå·)ãã¢ã³ããªãã¬ã€ã èªèšŒãæäŸãã IPSec ãããã³ã«ã ESP Encapsulating Security Payload (ã«ãã»ã« åã»ãã¥ãªãã£ãã€ããŒã) 529 çšèªé Explicit Congestion Notification (æ瀺çãªèŒ» 茳éç¥) æ瀺çãªèŒ»èŒ³éç¥ (ECN) ãšã¯ã€ã³ã¿ãŒ ããããããã³ã«ã®æ¡åŒµã§ãããããã ã¯ãŒã¯èŒ»èŒ³ã®ãšã³ãããŒãšã³ããªéç¥ã ãã±ããã®ãããããªãã§èš±å¯ã㟠ããECNã¯ãæ¥ç¶ã®äž¡ãšã³ããã€ã³ãã®é ã§äœ¿çšã®ããŽã·ãšãŒããæåããŠããå Ž åã«ã®ã¿æ©èœããŸãã GSM Global System for Mobile Communications (æ±æ¬§å·ããžã¿ã«ç§»åé»è©±æ¹åŒ) F HA åé·å (HA) FAT File Allocation Table (ãã¡ã€ã«ã¢ãã±ãŒã·ã§ ã³ããŒãã«) File Transfer Protocol (ãã¡ã€ã«è»¢éãããã³ ã«) ãã±ãã亀æ網äžã§ã®ãã¡ã€ã«äº€æçšã ããã³ã«ã FQHN Fully Qualified HostName (å®å šä¿®é£Ÿãã¹ã å) FTP File Transfer Protocol (ãã¡ã€ã«è»¢éããã ã³ã«) G Generic Routing Encapsulation (ãžã§ããªã㯠ã«ãŒãã£ã³ã°ã«ãã»ã«å) ä»»æã®ãããã¯ãŒã¯å±€ãã±ããå ã§ä»»æ ã®ãããã¯ãŒã¯å±€ãã±ãããã«ãã»ã«åã ãããã«èŠå®ããããã³ããªã³ã°ãããã³ ã«ã GeoIP è¡æç»åã䜿çšããŠäžçäžã®ããã€ã¹ ã®äœçœ®ãç¹å®ããæè¡ã GRE Generic Routing Encapsulation (ãžã§ã ãªãã¯ã«ãŒãã£ã³ã°ã«ãã»ã«å) 530 H H.323 ãã±ãã亀æ網äžã§ã®é³å£°ã»æ åéä¿¡ ã»ãã·ã§ã³ãæäŸãããããã³ã«ã HCL Hardware Compatibility List (ããŒããŠã§ã¢ äºææ§ãªã¹ã) HELO SMTP (Simple Mail Transfer Protocol: ç°¡æ ã¡ãŒã«è»¢éãããã³ã«) ã®ã³ãã³ãã§ã ããã¯ã©ã€ã¢ã³ãã¯ããã䜿çšããŠãµãŒã ããã®åæã°ãªãŒãã£ã³ã°ã«å¿çããŸãã HIPS Host-based Intrusion Prevention System (ãã¹ãããŒã¹ã®äŸµå ¥é²æ¢ã·ã¹ãã ) HMAC Hash-based Message Authentication Code (ããã·ã¥ããŒã¹ã®ã¡ãã»ãŒãžèªèšŒã³ãŒã) HTML Hypertext Transfer Markup Language (ã ã€ããŒããã¹ã転éããŒã¯ã¢ããèšèª) HTTP Hypertext Transfer Protocol (ãã€ããŒã ãã¹ã転éãããã³ã«) HTTP over SSL ããã»ãã¥ã¢ãª HTTP éä¿¡ãå®çŸããã ããã³ã«ã HTTP/S Hypertext Transfer Protocol Secure (ã〠ããŒããã¹ã転éãããã³ã«ã»ãã¥ã¢) UTM 9 管çã¬ã€ã çšèªé HTTPS Hypertext Transfer Protocol Secure (ã〠ããŒããã¹ã転éãããã³ã«ã»ãã¥ã¢) Hypertext Transfer Protocol (ãã€ããŒããã¹ ã転éãããã³ã«) ã€ã³ã¿ãŒãããäžã§æ å ±ã転éãããã ã®ãããã³ã«ã I IANA Internet Assigned Numbers Authority (ã€ã³ ã¿ãŒãããçªå·å²åœåœå±) ICMP Internet Control Message Protocol (ã€ã³ ã¿ãŒãããå¶åŸ¡ã¡ãã»ãŒãžãããã³ã«) Internet Control Message Protocol (ã€ã³ã¿ãŒ ãããå¶åŸ¡ã¡ãã»ãŒãžãããã³ã«) ãããã¯ãŒã¯ã®ã¹ããŒã¿ã¹ããã®ä»ã®ã³ã³ ãããŒã«æ å ±ã«ã€ããŠã®æ å ±ãéåä¿¡ã ãããã«äœ¿çšãããç¹å¥ãª IP ãããã³ ã«ã Internet Protocol (ã€ã³ã¿ãŒããããããã³ã«) ãã±ãã亀æ網äžã§ã®ããŒã¿éä¿¡ã«äœ¿çš ãããããŒã¿æåãããã³ã«ã Internet Relay Chat (ã€ã³ã¿ãŒããããªã¬ãŒ ãã£ãã) ã€ã³ã¿ãŒãããäžã§ã®ã€ã³ã¹ã¿ã³ãéä¿¡ã å¯èœã«ãããªãŒãã³ãããã³ã«ã IP Internet Protocol (ã€ã³ã¿ãŒããããããã³ ã«) ID Identity (ã¢ã€ãã³ãã£ãã£) IDE Intelligent Drive Electronics (ã€ã³ããªãžã§ã³ ããã©ã€ããšã¬ã¯ãããã¯ã¹) IDENT ç¹å®ã® TCP æ¥ç¶ã®ãŠãŒã¶ãç¹å®ããã ãã®æšæºãããã³ã«ã IDN International Domain Name (åœéãã¡ã€ã³ å) IE Internet Explorer IP ã¢ãã¬ã¹ ã€ã³ã¿ãŒããããããã³ã«æšæºã䜿çšãã ã³ã³ãã¥ãŒã¿ãããã¯ãŒã¯äžã®åããã€ã¹ ãäºããç¹å®ããéä¿¡ããããã«äœ¿çšã ãäžæã®çªå·ã IPS IPS (äŸµå ¥é²åŸ¡ã·ã¹ãã ) IPsec Internet Protocol Security (ã€ã³ã¿ãŒããã ãããã³ã«ã»ãã¥ãªãã£) IRC Internet Relay Chat (ã€ã³ã¿ãŒããããªã¬ãŒ ãã£ãã) IKE Internet Key Exchange (ã€ã³ã¿ãŒãããéµäº€ æ) ISP Internet Service Provider (ã€ã³ã¿ãŒããã ãµãŒãã¹ãããã€ã) IM L Instant Messaging (ã€ã³ã¹ã¿ã³ãã¡ãã»ãŒãž ã³ã°) UTM 9 管çã¬ã€ã L2TP Layer Two (2) Tunneling Protocol (ã¬ã€ã€ 2 ãã³ããªã³ã°ãããã³ã«) 531 çšèªé LAG Link Aggregation Group (ãªã³ã¯ã¢ã°ãªã²ãŒ ã·ã§ã³ã°ã«ãŒã) LAN Local Area Network (ããŒã«ã«ãšãªã¢ããã ã¯ãŒã¯) LDAP Lightweight Directory Access Protocol (ã© ã€ããŠã§ã€ããã£ã¬ã¯ããªã¢ã¯ã»ã¹ãããã³ ã«) Link-state advertisement (ãªã³ã¯ã¹ããŒãã¢ã ãã¿ã€ãºã¡ã³ã) IP çšã® OSPF ã«ãŒãã£ã³ã°ãããã³ã«ã® åºæ¬çãªéä¿¡æ段ã LSA Link-state advertisement (ãªã³ã¯ã¹ããŒã ã¢ããã¿ã€ãºã¡ã³ã) LTE 3GPP Long Term Evolution (3GPP ãã³ã° ã¿ãŒã ãšããªã¥ãŒã·ã§ã³) M MAC Media Access Control (ã¡ãã£ã¢ã¢ã¯ã»ã¹ã³ ã³ãããŒã«) MAC ã¢ãã¬ã¹ ã»ãšãã©ã®åœ¢æ ã®ãããã¯ãŒã¯ããŒããŠã§ ã¢ã«å²ãåœãŠãããäžæã®ã³ãŒãã Management Information Base (管çæ å ± ããŒã¹) éä¿¡ãããã¯ãŒã¯å ã®ããã€ã¹ã管çã ãããã«äœ¿çšãããããŒã¿ããŒã¹ã®çš® é¡ããããã¯ãŒã¯å ã®ãšã³ãã£ã㣠(ã«ãŒã¿ ãã¹ã€ãããªã©) ã管çããããã«äœ¿çšã ãã (ä»®æ³) ããŒã¿ããŒã¹å ã®ãªããžã§ã¯ ãã®éåããæ§æãããã MD5 Message-Digest algorithm 5 (ã¡ãã»ãŒãžã ã€ãžã§ã¹ãã¢ã«ãŽãªãºã 5) 532 Message-Digest algorithm 5 (ã¡ãã»ãŒãžã〠ãžã§ã¹ãã¢ã«ãŽãªãºã 5) 128ãããã®ããã·ã¥å€ã«ããæå·ãã ã·ã¥é¢æ°ã MIB Management Information Base (管çæ å ± ããŒã¹) MIME ã¿ã€ã Multipurpose Internet Mail Extensions (å€ ç®çã€ã³ã¿ãŒãããã¡ãŒã«æ¡åŒµ) MPLS Multiprotocol Label Switching (ãã«ããã ãã³ã«ã©ãã«ã¹ã€ããã³ã°) MPPE Microsoft Point-to-Point Encryption (ã ã€ã¯ããœãããã€ã³ãããŒãã€ã³ãæå·å) MSCHAP Microsoft Challenge Handshake Authentication Protocol (ãã€ã¯ããœãã ãã£ã¬ã³ãžãã³ãã·ã§ã€ã¯èªèšŒãããã³ã«) MSCHAPv2 Microsoft Challenge Handshake Authentication Protocol Version 2 (ãã€ã¯ ããœãããã£ã¬ã³ãžãã³ãã·ã§ã€ã¯èªèšŒã ããã³ã«ããŒãžã§ã³2) MSP ãããŒãžã ãµãŒãã¹ ãããã€ã MSSP ãããŒãžãã»ãã¥ãªãã£ãµãŒãã¹ããã〠ã MTU Maximum Tansmission Unit (æ倧äŒéå äœ) Multipurpose Internet Mail Extensions (å€ç® çã€ã³ã¿ãŒãããã¡ãŒã«æ¡åŒµ) ã¡ãŒã«ã®ãã©ãŒããããæ¡åŒµããUS-ASCII 以å€ã®æåã»ããã®ããã¹ããããã¹ã以 å€ã®æ·»ä»ç©ããã«ãããŒãã¡ãã»ãŒãžæ¬ UTM 9 管çã¬ã€ã çšèªé äœãASCII 以å€ã®æåã»ããã§ã®ããã æ å ±ããµããŒãããããã®ã€ã³ã¿ãŒããã æšæºã MX ã¬ã³ãŒã ã€ã³ã¿ãŒãããã§ã¡ãŒã«ãã©ã®ããã«ã«ãŒ ãã£ã³ã°ããã®ããæå®ããããã¡ã€ã³ ããŒã ã·ã¹ãã (DNS) å ã®ãªãœãŒã¹ã¬ ã³ãŒãã®çš®é¡ã N NAS Network Access Server (ãããã¯ãŒã¯ã¢ã¯ ã»ã¹ãµãŒã) NAT Network Address Translation (ãããã¯ãŒã¯ ã¢ãã¬ã¹å€æ) NAT-T NAT Traversal (NAT ãã©ããŒãµã«) Network Address Translation (ãããã¯ãŒã¯ã¢ ãã¬ã¹å€æ) IP ã¢ãã¬ã¹ãåå©çšããããã®ã·ã¹ã ã ã Network Time Protocol (ãããã¯ãŒã¯ã¿ã€ã ã ããã³ã«) ãã±ãã亀æ網äžã§ã³ã³ãã¥ãŒã¿ã·ã¹ãã ã®ã¯ããã¯ãåæããããã®ãããã³ã«ã NIC Network Interface Card (ãããã¯ãŒã¯ã€ã³ ã¿ãã§ãŒã¹ã«ãŒã) Not-so-stubby area (Not-so-stubby ãšãªã¢) OSPF ãããã³ã«ã®äžã§ãèªåŸã·ã¹ãã (AS) å€éšã«ãŒããã€ã³ããŒããããããã ããã¯ããŒã³ã«éä¿¡ããããšã¯ã§ãããã ããã¯ããŒã³ããã®ä»ã®ãšãªã¢ãã AS å€éšã«ãŒããåä¿¡ããããšã¯ã§ããªãã¿ã€ ãã®ã¹ã¿ããšãªã¢ã NTLM NT LAN Manager (Microsoft Windows) NTP Network Time Protocol (ãããã¯ãŒã¯ã¿ã€ ã ãããã³ã«) O Open Shortest Path First (ãªãŒãã³ã·ã§ãŒã ã¹ããã¹ãã¡ãŒã¹ã) ãããã¯ãŒã¯ã«ãŒãã£ã³ã°ã®ããã®ã㪠ã³ã¯ã¹ããŒãåã®éå±€ç㪠IGP (interior gateway protocol)ã OpenPGP 匷åãªå ¬ééµãšå¯Ÿç§°æå·ãçµã¿åãã ãŠãé»åéä¿¡ãšããŒã¿ã¹ãã¬ãŒãžã®ãã ã®ã»ãã¥ãªãã£ãµãŒãã¹ãæäŸããããã ã³ã«ã OSI Open Source Initiative (ãªãŒãã³ãœãŒã¹ã€ ãã·ã¢ãã) OSPF Open Shortest Path First (ãªãŒãã³ã·ã§ãŒ ãã¹ããã¹ãã¡ãŒã¹ã) OU Organisational Unit (çµç¹åäœ) P PAC Proxy Auto Configuration (ãããã·ã®èªå èšå®) PAP Password Authentication Protocol (ãã¹ ã¯ãŒãèªèšŒãããã³ã«) PCI Peripheral Component Interconnect (ã㪠ãã§ã©ã«ã³ã³ããŒãã³ãã€ã³ã¿ãŒã³ãã¯ã) NSSA Not-so-stubby area (Not-so-stubby ãšãª ã¢) UTM 9 管çã¬ã€ã 533 çšèªé PEM Privacy Enhanced Mail (ãã©ã€ãã·ãŒæ¡åŒµ ã¡ãŒã«) PGP Pretty Good Privacy (ããªãã£ã°ãããã©ã€ ãã·ãŒ) PKCS Public Key Cryptography Standards (å ¬é éµæå·æšæº) PKI Public Key Infrastructure (å ¬ééµæå·åº ç€) PMTU Path Maximum Transmission Unit (ãã¹æ 倧äŒéåäœ) POP3 Post Office Protocol version 3 (ãã¹ã㪠ãã£ã¹ãããã³ã«ããŒãžã§ã³3) Post Office Protocol version 3 (ãã¹ããªãã£ã¹ ãããã³ã«ããŒãžã§ã³3) ãã±ãã亀æ網äžã§ã¡ãŒã«ãé ä¿¡ããã ãã®ãããã³ã«ã PPP Point-to-Point Protocol (ãã€ã³ãããŒã〠ã³ããããã³ã«) PPPoA PPP over ATM Protocol (PPP ãªãŒã㌠ATMP ãããã³ã«) PPTP Point to Point Tunneling Protocol (ãã€ã³ã ããŒãã€ã³ããã³ããªã³ã°ãããã³ã«) Privacy Enhanced Mail (ãã©ã€ãã·ãŒæ¡åŒµ ã¡ãŒã«) å ¬ééµæå·ã䜿çšããŠã¡ãŒã«ã®ã»ãã¥ãª ãã£ãä¿è·ããããã®ãåæã® IETF æ æ¡ã 534 PSK ã¯é€ããŸãã äºåå ±æéµ (Preshared Key) Q QoS Quality of Service (ãµãŒãã¹å質) R RADIUS Remote Authentication Dial In User Service (ãªã¢ãŒãèªèšŒãã€ã€ã«ã€ã³ãŠãŒã¶ãµãŒã ã¹) RAID Redundant Array of Independent Disks (ç¬ ç«ãã£ã¹ã¯åé·ã¢ã¬ã€) RAM Random Access Memory (ã©ã³ãã ã¢ã¯ã» ã¹ã¡ã¢ãª) RAS Remote Access Server (ãªã¢ãŒãã¢ã¯ã»ã¹ ãµãŒã) RBL Realtime Blackhole List (ãªã¢ã«ã¿ã€ã ã ã©ãã¯ããŒã«ãªã¹ã) RDN Relative Distinguished Name (çžå¯Ÿèå¥å) RDNS Reverse Domain Name Service (ãªããŒã¹ã ã¡ã€ã³ããŒã ãµãŒãã¹) RDP Remote Desktop Protocol (ãªã¢ãŒããã¹ã¯ ããããããã³ã«) RED Random Early Detection (ã©ã³ãã åææ€ ç¥) UTM 9 管çã¬ã€ã çšèªé Redundant Array of Independent Disks (ç¬ç« ãã£ã¹ã¯åé·ã¢ã¬ã€) è€æ°ã®ããŒããã©ã€ãã䜿çšããŠãã©ã€ã éã§ããŒã¿ãå ±æãŸãã¯è€è£œããããŒã¿ ä¿ç®¡ã¹ããŒã ã Secure Shell (ã»ãã¥ã¢ã·ã§ã«) ç°ãªããã±ãã亀æ網ã«ãŸãããããŒã« ã«ã³ã³ãã¥ãŒã¿ãšãªã¢ãŒãã³ã³ãã¥ãŒã¿ã®é ã§ã»ãã¥ã¢ãªãã£ãã«ã確ç«ããããã® ãããã³ã«ã Remote Authentication Dial In User Service (㪠ã¢ãŒãèªèšŒãã€ã€ã«ã€ã³ãŠãŒã¶ãµãŒãã¹) ã«ãŒã¿ãªã©ã®ãããã¯ãŒã¯ããã€ã¹ãäž å€®ããŒã¿ããŒã¹ã«å¯ŸããŠãŠãŒã¶ãèªèšŒã§ ããããã«èšèšããããããã³ã«ã Secure Sockets Layer (ã»ãã¥ã¢ãœã±ããã¬ã€ ã€) ã€ã³ã¿ãŒãããäžã§ã»ãã¥ã¢ãªéä¿¡ãæäŸ ããæå·ãããã³ã«ãTLS (ãã©ã³ã¹ããŒã ã¬ã€ã€ã»ãã¥ãªãã£) ã®å身ã§ããã RFC Request for Comment (ãªã¯ãšã¹ããã©ãŒã³ ã¡ã³ã) Secure/Multipurpose Internet Mail Extensions (ã»ãã¥ã¢å€ç®çã€ã³ã¿ãŒãããã¡ãŒã«æ¡åŒµ) MIME ã«ã«ãã»ã«åãããã¡ãŒã«ã«å¯Ÿã ãå ¬ééµæå·åã眲åã®ããã®æšæºã RPS RED ããããžã§ãã³ã°ãµãŒãã¹ RSA Rivest, Shamir, & Adleman (ãªãã¹ããã·ã£ã ã¢ããšãŒãã«ãã³: å ¬ééµæå·åæè¡) S S/MIME Secure/Multipurpose Internet Mail Extensions (ã»ãã¥ã¢å€ç®çã€ã³ã¿ãŒãã ãã¡ãŒã«æ¡åŒµ) SA Security Associations (ã»ãã¥ãªãã£ã¢ãœã· ãšãŒã·ã§ã³) SAA Sophos Authentication Agent (ãœãã©ã¹èª 蚌ãšãŒãžã§ã³ã) SCP Secure Copy (ã»ãã¥ã¢ã³ããŒ: ã»ãã¥ã¢é ä¿¡çšã® SSH ã³ã³ãã¥ãŒã¿ã¢ããªã±ãŒã·ã§ã³ ã¹ã€ãŒãããã®) SCSI Small Computer System Interface (ã¹ã¢ãŒ ã«ã³ã³ãã¥ãŒã¿ã·ã¹ãã ã€ã³ã¿ãã§ãŒã¹) UTM 9 管çã¬ã€ã Security Parameter Index (ã»ãã¥ãªãã£ãã© ã¡ãŒã¿ã€ã³ããã¯ã¹) IP ãã©ãã£ãã¯ã®ãã³ããªã³ã°ã« IPSec ã 䜿çšãããšãã«ãããã«è¿œå ãããèå¥ ã¿ã°ã Sender Policy Framework (éä¿¡è ããªã·ãŒã ã¬ãŒã ã¯ãŒã¯) SMTP (Simple Mail Transfer Protocol: ç°¡æ ã¡ãŒã«è»¢éãããã³ã«) ã®æ¡åŒµãSPF ã䜿 çšãããšãã¹ãã ã«ããèŠããã SMTP MAIL FROM (ãªã¿ãŒã³ãã¹) ã®åœé ã¢ã㬠ã¹ããœãããŠã§ã¢ã§ç¹å®ããæåŠããããš ãã§ããã Session Initiation Protocol (ã»ãã·ã§ã³éå§ã ããã³ã«) 2ã€ä»¥äžã®éä¿¡ããŒãããŒéã§ã»ãã·ã§ã³ ã確ç«ãå€æŽãçµäºããããã®ã·ã°ã㪠ã³ã°ãããã³ã«ããã®ããã¹ãæåã®ããã ã³ã«ã¯ HTTP ãããŒã¹ãšããŠãããIP ãã ãã¯ãŒã¯çµç±ã§TCPãŸã㯠UDP ãéã㊠信å·ããŒã¿ãéä¿¡ã§ããããã®ã ããVoIP (Voice-over-IP) ãããªé»è©±ã㪠ã¢ã«ã¿ã€ã ãªãã¹ãã¡ãã£ã¢ãµãŒãã¹ãªã© ã®åºç€ãšãªãã SFQ Stochastic Fairness Queuing (確ççäžå ãã¥ãŒã€ã³ã°) 535 çšèªé SIM Subscriber Identification Module Simple Mail Transfer Protocol (ç°¡æã¡ãŒã«è»¢ éãããã³ã«) ãã±ãã亀æ網äžã§ã¡ãŒã«ãéåä¿¡ãã ããã«äœ¿çšããããããã³ã«ã Single sign-on (ã·ã³ã°ã«ãµã€ã³ãªã³) ãŠãŒã¶ãäžåºŠã ãèªèšŒãè¡ãã1ã€ã®ã ã¹ã¯ãŒãã䜿çšããŠè€æ°ã®ã¢ããªã±ãŒã·ã§ ã³ãã·ã¹ãã ã«ã¢ã¯ã»ã¹ã§ããããã«ãã èªèšŒæ¹åŒã SIP Session Initiation Protocol (ã»ãã·ã§ã³éå§ ãããã³ã«) SLAAC Stateless Address Autoconfiguration (ã¹ ããŒãã¬ã¹ã¢ãã¬ã¹èªåèšå®) SMB Server Message Block (ãµãŒãã¡ãã»ãŒãž ãããã¯) SMP Symmetric Multiprocessing (察称åãã« ãããã»ãã·ã³ã°) 536 ããŒãžã§ã³ 5 ã§ãããæ£ããæ©èœãããã ã«ã¯ã¯ã©ã€ã¢ã³ãåŽã®ããã°ã©ã ã«å°å ¥ ããå¿ èŠãããã SOCKS SOCKetS Sophos UTM Manager è€æ°ã® UTM è£ çœ®ã 1ã€ã®ã€ã³ã¿ãã§ãŒã¹ ã§ç£èŠç®¡çããããã®ãœãããŠã§ã¢ã(æ§ è£œå: Astaro Command Center)ã Source Network Address Translation (éä¿¡å ãããã¯ãŒã¯ã¢ãã¬ã¹å€æ) ç¹æ®ãª NATãSNAT ã§ã¯ãæ¥ç¶ãéå§ã ãã³ã³ãã¥ãŒã¿ã® IP ã¢ãã¬ã¹ãæžãæã ãããã Spanning Tree Protocol (ã¹ããã³ã°ããªãŒã ããã³ã«) ããªããžã®ã«ãŒããæ€åºããŠåé¿ãããã ãã¯ãŒã¯ãããã³ã« SPF Sender Policy Framework (éä¿¡è ã㪠ã·ãŒãã¬ãŒã ã¯ãŒã¯) SPI Security Parameter Index (ã»ãã¥ãªãã£ã ã©ã¡ãŒã¿ã€ã³ããã¯ã¹) SMTP Simple Mail Transfer Protocol (ç°¡æã¡ãŒã« 転éãããã³ã«) SSH Secure Shell (ã»ãã¥ã¢ã·ã§ã«) SNAT Source Network Address Translation (éä¿¡ å ãããã¯ãŒã¯ã¢ãã¬ã¹å€æ) SSID Service Set Identifier (ãµãŒãã¹ã»ããèå¥ å) SNMP Simple Network Message Protocol (ã·ã³ã ã«ãããã¯ãŒã¯ã¡ãã»ãŒãžãããã³ã«) SSL Secure Sockets Layer (ã»ãã¥ã¢ãœã±ãã㬠ã€ã€) SOCKetS ã¯ã©ã€ã¢ã³ããµãŒãã¢ããªã±ãŒã·ã§ã³ã ãããã¯ãŒã¯ãã¡ã€ã¢ãŠã©ãŒã«ã®ãµãŒãã¹ ãééçã«äœ¿çšã§ããããã«ããã€ã³ã¿ãŒ ããããããã³ã«ãçŸåšãSOCKS (å¥å: ãã¡ã€ã¢ãŠã©ãŒã«ãã©ããŒã¹ãããã³ã«) 㯠SSO Single sign-on (ã·ã³ã°ã«ãµã€ã³ãªã³) UTM 9 管çã¬ã€ã çšèªé STP Spanning Tree Protocol (ã¹ããã³ã°ããªãŒ ãããã³ã«) SUA Sophos User Authentication (ãœãã©ã¹ãŠãŒ ã¶èªèšŒ) SUM Sophos UTM Manager Symmetric Multiprocessing (察称åãã«ãã ãã»ãã·ã³ã°) è€æ° CPU ã䜿çšããããšã TOS Type of Service (ãµãŒãã¹ã¿ã€ã) Transmission Control Protocol (äŒéå¶åŸ¡ãã ãã³ã«) ã€ã³ã¿ãŒããããããã³ã«ã¹ã€ãŒãã®ããã ã³ã«ãããã«ããããããã¯ãŒã¯å ã®ã³ã³ ãã¥ãŒã¿äžã®ã¢ããªã±ãŒã·ã§ã³ãçžäºæ¥ ç¶ã§ããããã®ãããã³ã«ã«ãã£ãŠãããŒã¿ ãéä¿¡è ããåä¿¡è ãžç¢ºå®ãã€é åºé ãã«éä¿¡ãããã SYN Synchronous (åæ) Transport Layer Security (ãã©ã³ã¹ããŒãã¬ã€ ã€ã»ãã¥ãªãã£) ã€ã³ã¿ãŒãããäžã§ã»ãã¥ã¢ãªéä¿¡ãæäŸ ããæå·ãããã³ã«ãSSL (ã»ãã¥ã¢ãœã±ã ãã¬ã€ã€) ã®åŸç¶ãããã³ã«ã§ããã T TTL Time-to-live (çåæé) TACACS Terminal Access Controller Access Control System (ã¿ãŒããã«ã¢ã¯ã»ã¹ã³ã³ãããŒã© ã¢ã¯ã»ã¹ã³ã³ãããŒã«ã·ã¹ãã ) U TCP Transmission Control Protocol (äŒéå¶åŸ¡ ãããã³ã«) TFTP Trivial File Transfer Protocol (ç°¡æãã¡ã€ ã«è»¢éãããã³ã«) Time-to-live (çåæé) IP (ã€ã³ã¿ãŒããããããã³ã«) ãããå ã® 8 ãããã®ãã£ãŒã«ãã§ããããã±ããããã ãã¯ãŒã¯çµç±ã§äŒéã§ããå¶éæéãæ å®ããããã®æéãçµéãããšããã®ã ã±ããã¯å»æ£ãããã TKIP Temporal Key Integrity Protocol (äžæéµ å®å šæ§ãããã³ã«) TLS Transport Layer Security (ãã©ã³ã¹ããŒã㬠ã€ã€ã»ãã¥ãªãã£) UTM 9 管çã¬ã€ã UDP User Datagram Protocol (ãŠãŒã¶ããŒã¿ã° ã©ã ãããã³ã«) UMTS Universal Mobile Telecommunications System (ãŠãããŒãµã«ç§»åäœéä¿¡ã·ã¹ ãã ) Unified Threat Management ã¡ãŒã«ãš Web ã»ãã¥ãªãã£ãå«ããçµ±åè åšç®¡çã®ããã®ãœãããŠã§ã¢ã(æ§è£œå: Astaro Security Gateway)ã Uniform Resource Locator (ãŠããã©ãŒã 㪠ãœãŒã¹ãã±ãŒã¿) ã€ã³ã¿ãŒãããäžã®ãªãœãŒã¹ã®äœçœ®ãæå® ããæååã Up2Date Sophos ãµãŒãããé¢é£ããæŽæ°ãã ã±ãŒãžãããŠã³ããŒãããããã®ãµãŒã ã¹ã 537 çšèªé UPS Uninterruptible Power Supply (ç¡åé»é»æº è£ çœ®) URL Uniform Resource Locator (ãŠããã©ãŒã 㪠ãœãŒã¹ãã±ãŒã¿) USB Universal Serial Bus (ãŠãããŒãµã«ã·ãªã¢ ã«ãã¹) User Datagram Protocol (ãŠãŒã¶ããŒã¿ã°ã© ã ãããã³ã«) ãããã¯ãŒã¯äžã®ã³ã³ãã¥ãŒã¿ã®ã¢ã㪠ã±ãŒã·ã§ã³ã§çãã¡ãã»ãŒãž (å¥å: ããŒã¿ ã°ã©ã ) ããããšãããããã®ãããã³ã«ã UTC Coordinated Universal Time (åå®äžçæ) UTM Unified Threat Management V VDSL Very High Speed Digital Subscriber Line (è¶ é«éããžã¿ã«å å ¥è ç·) Virtual Private Network (ããŒãã£ã«ãã©ã€ ããŒããããã¯ãŒã¯) å ¬è¡éä¿¡ã€ã³ãã©ãå©çšãããã©ã€ããŒã ããŒã¿ãããã¯ãŒã¯ãPPTP ã IPSec ãªã© ã®ãã³ããªã³ã°ãããã³ã«ã䜿çšããŠãã©ã€ ãã·ãŒãç¶æããã 538 VoIP Voice over IP (ãã€ã¹ãªãŒã㌠IP) VPC Virtual Private Cloud (ããŒãã£ã«ãã©ã€ ããŒãã¯ã©ãŠã) VPN Virtual Private Network (ããŒãã£ã«ãã© ã€ããŒããããã¯ãŒã¯) W WAF Web ã¢ããªã±ãŒã·ã§ã³ ãã¡ã€ã¢ãŠã©ãŒã« WAN Wide Area Network (ã¯ã€ããšãªã¢ããã ã¯ãŒã¯) W-CDMA Wideband Code Division Multiple Access (åº åž¯å笊å·åå²å€éã¢ã¯ã»ã¹) WebAdmin UTMãSUMãACCãASGãAWGãããã³ AMG ãªã©ã® Sophos/Astaro 補åçšã® Web ããŒã¹ GUIã WEP Wired Equivalent Privacy (æç·åçæ©å¯) VLAN Virtual LAN (ããŒãã£ã« LAN) Windows Internet Naming Service (Windows〠ã³ã¿ãŒãããããŒãã³ã°ãµãŒãã¹) ãã€ã¯ããœããã Windows ã«å®è£ ãã NBNS (NetBIOS Name Server: NetBIOS ããŒã ãµãŒã)ãNetBIOS ã³ã³ãã¥ãŒã¿å ã®ããã®ããŒã ãµãŒãããã³ãµãŒãã¹ã§ ããã VNC Virtual Network Computing (ä»®æ³ããã ã¯ãŒã¯ã³ã³ãã¥ãŒãã£ã³ã°) WINS Windows Internet Naming Service (Windows ã€ã³ã¿ãŒãããããŒãã³ã°ãµãŒãã¹) Voice over IP (ãã€ã¹ãªãŒã㌠IP) ã€ã³ã¿ãŒãããäžãŸãã¯ãã®ä»ã® IP ã㌠ã¹ã®ãããã¯ãŒã¯äžã§ã®é³å£°äŒè©±ã«ãŒ ãã£ã³ã°ã WLAN Wireless Local Area Network (ç¡ç· LAN) UTM 9 管çã¬ã€ã çšèªé WPA Wi-Fi Protected Access (Wi-Fi ä¿è·ã¢ã¯ã» ã¹) X X.509 ITU-T (åœéé»æ°éä¿¡é£åãé»æ°éä¿¡æš æºåéšé) ãå ¬éããããžã¿ã«èšŒææžã® ä»æ§ãå人ãŸãã¯ã³ã³ãã¥ãŒã¿ã·ã¹ãã ã®èå¥ã«å¿ èŠãªæ å ±ãå±æ§ãèŠå®ã ãã XSS Cross-site scripting (ã¯ãã¹ãµã€ãã¹ã¯ãªã ãã£ã³ã°) 〠ã€ã³ã¿ãŒããããµãŒãã¹ãããã€ã ã€ã³ã¿ãŒããããé¢é£ãµãŒãã¹ãžã®ã¢ã¯ ã»ã¹ãå©çšè ã«è²©å£²ããäŒæ¥ãŸãã¯çµ ç¹ã 㯠ã¯ã©ã¹ã¿ ãªã³ã¯ãããã³ã³ãã¥ãŒã¿ã®ã°ã«ãŒããç· å¯ã«é£æºããŠå€ãã®å±é¢ã§ 1å°ã®ã³ã³ ãã¥ãŒã¿ãšããŠæ©èœããã ãµ ãµãããããã¹ã¯ ãããã¯ãŒã¯ã®ãµãããããã¹ã¯ (å¥å: ããããã¹ã¯) ãšãããã¯ãŒã¯ã¢ãã¬ã¹ã« ãã£ãŠãããŒã«ã«ãããã¯ãŒã¯ã®äžéšãšãª ãã¢ãã¬ã¹ãšãªããªãã¢ãã¬ã¹ãå®çŸ©ãã ããåã ã®ã³ã³ãã¥ãŒã¿ã¯ããã®å®çŸ©ã«åº ã¥ããŠãããã¯ãŒã¯ã«å²ãåœãŠãããã ã ãããŒããã£ã¹ã ãããã¯ãŒã¯å ã®ä»ã®ãã¹ãŠã®ã³ã³ ãã¥ãŒã¿ã«åããŠã¡ãã»ãŒãžãäžæ¬éä¿¡ ããããã«ã³ã³ãã¥ãŒã¿ã§äœ¿çšãããã¢ã ã¬ã¹ãããšãã°ãIP ã¢ãã¬ã¹ã 192.168.2.0 ã§ãããã¯ãŒã¯ãã¹ã¯ã 255.255.255.0 ã® ãããã¯ãŒã¯ã¯ããããŒããã£ã¹ãã¢ãã¬ã¹ ã 192.168.2.255 ãšãªãã ã ãããã· ã¯ã©ã€ã¢ã³ããä»ã®ãããã¯ãŒã¯ãµãŒãã¹ ã«å¯ŸããŠéæ¥çã«ãããã¯ãŒã¯æ¥ç¶ã§ã ãããã«ããã³ã³ãã¥ãŒã¿ãããã¯ãŒã¯ãµãŒ ãã¹ãæäŸããã³ã³ãã¥ãŒã¿ã ãããã³ã« 2ã€ã®ã³ã³ãã¥ãŒã¿ãšã³ããã€ã³ãéã§ã®æ¥ ç¶ãéä¿¡ãããŒã¿è»¢éãå¶åŸ¡ãŸãã¯å®çŸ ããããã®ãæ確ã§æšæºåãããã«ãŒã« ã»ããã ã ããŒã ããŒã¿ãçŽæ¥äº€æããããã«ããã°ã©ã ã§äœ¿çšã§ããä»®æ³ããŒã¿æ¥ç¶ãå ·äœçã« ã¯ãããŒããšã¯è¿œå ã®èå¥åã§ãã (TCP ãš UDP ã®å Žåã0ïœ65535 ã®çªå·)ããã ã«ãããã³ã³ãã¥ãŒã¿ã¯ãã 2å°ã®ã³ã³ ãã¥ãŒã¿éã«ååšããè€æ°ã®åææ¥ç¶ã èŠåããããšãã§ããã ããŒãã¹ãã£ã³ ãããã¯ãŒã¯ãã¹ãã®ç©ºãããŒããæ¢ãè¡ çºã ã ã ããã€ã¹ããªãŒ ã¡ã€ã³ã¡ãã¥ãŒã®äžã«ãããSUM ã«ç»é²ã ãããã¹ãŠã®ã²ãŒããŠã§ã€è£ 眮ã«ã¢ã¯ã» ã¹æš©ãä»äžããã UTM 9 管çã¬ã€ã ãã¹ã«ã¬ãŒã LAN å šäœã§ 1ã€ã®ãããªã㯠IP ã¢ãã¬ã¹ ã䜿çšããŠã€ã³ã¿ãŒãããã®ä»ã®éšåãšé ä¿¡ã§ããããã«ãã NAT ããŒã¹ã®æè¡ã 539 çšèªé ãããŒãžãã»ãã¥ãªãã£ãµãŒãã¹ãããã€ã äŒæ¥ã«å¯ŸããŠã»ãã¥ãªãã£ãµãŒãã¹ãæ äŸããã 㪠ãªã¢ã«ã¿ã€ã ãã©ãã¯ããŒã«ãªã¹ã ã¹ãã è¡çºã«é¢äžããŠãã IP ã¢ãã¬ã¹ã® ãªã¹ããã€ã³ã¿ãŒããããµã€ããå ¬éã§ãã æ段ãã»ãšãã©ã®ã¡ãŒã«è»¢éãšãŒãžã§ã³ã (ã¡ãŒã«ãµãŒã) ãœãããŠã§ã¢ã¯ã1ã€ä»¥äž ã®ãã©ãã¯ããŒã«ãªã¹ãã«èšèŒããããµã€ ãããéä¿¡ãããã¡ãã»ãŒãžãæåŠããã ãã©ã°ãä»å ãããããããã«èšå®ã§ã ããWeb ãµãŒãããRBL ã«æ²èŒãããŠã ãã¯ã©ã€ã¢ã³ããæåŠããããšãã§ã㟠ãã ã« ã«ãŒã¿ æãå¹çã®è¯ããã¹ã§å®å ãŸã§ãã±ãã ã転éããããã«æå®ããããããã¯ãŒã¯ ããã€ã¹ã å ± å ±æã·ãŒã¯ã¬ãã ã»ãã¥ã¢éä¿¡ã® 2ã€ã®ãšã³ãã£ãã£éã§å ± æãããŠãããã¹ã¯ãŒããŸãã¯ãã¹ã ã¬ãŒãºã å åé·å (HA) ä¿¡é Œã§ããã¬ãã«ã®éçšç¶ç¶æ§ãç¢ºå® ã«ä¿èšŒããããã®ã·ã¹ãã èšèšãããã³ ã«ã ç¡ ç¡åé»é»æºè£ 眮 æ¥ç¶ãããæ©åšã«å¯Ÿããç¶ç¶çãªé é» ãç¶æããããã®ããã€ã¹ãéåžžé»æºã 䜿çšã§ããªããšãã«ã¯å¥ã®é»æºããé» åãäŸçµŠããã 540 UTM 9 管çã¬ã€ã å³ã®äžèŠ§ Figure 1 WebAdmin:åæãã°ã€ã³ããŒãž 23 Figure 2 WebAdmin:éåžžã®ãã°ã€ã³ããŒãž 24 Figure 3 WebAdmin:ããã·ã¥ããŒã 26 Figure 4 WebAdmin:æŠèŠ 29 Figure 5 WebAdmin:ãªã¹ãã®äŸ 32 Figure 6 WebAdmin:ãã€ã¢ãã°ããã¯ã¹ã®äŸ 34 Figure 7 WebAdmin:ãªããžã§ã¯ã ãªã¹ã ãããã¯ãŒã¯ãããªããžã§ã¯ãããã©ãã°ãã 37 Figure 8 MyAstaro ããŒã¿ã« 60 Figure 9 ã©ã€ã»ã³ã¹:ãµãã¹ã¯ãªãã·ã§ã³èŠåã¡ãã»ãŒãž 64 Figure 10 Up2Date:é²æãŠã£ã³ã㊠67 Figure 11 ãŠãŒã¶ããŒã¿ã«:Welcome ããŒãž 75 Figure 12 ã«ã¹ã¿ãã€ãº:ãããã¯ãããããŒãžã®äŸãšã«ã¹ã¿ãã€ãºå¯èœãªéšå 81 Figure 13 ã«ã¹ã¿ãã€ãº:HTTP ããŠã³ããŒãããŒãžãã¹ããã 1/3ãã¡ã€ã«ããŠã³ããŒãäž 84 Figure 14 ã«ã¹ã¿ãã€ãº:HTTP ããŠã³ããŒãããŒãžãã¹ããã 2/3ãŠã€ã«ã¹ã¹ãã£ã³äž 85 Figure 15 ã«ã¹ã¿ãã€ãº:HTTP ããŠã³ããŒãããŒãžãã¹ããã 3/3ãã¡ã€ã«ã®ããŠã³ããŒãå®äº 85 Figure 16 ã«ã¹ã¿ãã€ãº:POP3 ãããã·ã®ãããã¯ã¡ãã»ãŒãž 87 Figure 17 ã°ã«ãŒãïŒ Sophos UTM 115 Figure 18 èªèšŒ:Microsoft Management Console 122 Figure 19 ã¡ãŒã«æå·å:2ã€ã®Sophos UTMãŠãããã®äœ¿çš 327 Figure 20 ã¡ãŒã«ãããŒãžã£ â Sophos UTM 339 Figure 21 ãšã³ããã€ã³ããããã¯ã·ã§ã³:æŠèŠ 348 Figure 22 ã¡ãã·ã¥ãããã¯ãŒã¯ã®äœ¿çšäŸ - ã¯ã€ã€ã¬ã¹ããªããž 378 Figure 23 ã¡ãã·ã¥ãããã¯ãŒã¯ã®äœ¿çšäŸ - ã¯ã€ã€ã¬ã¹ãªããŒã¿ãŒ 379 Figure 24 RED:ã»ããã¢ããã®ç¥å³ 401 Figure 25 RED 50:ãã¹ãåãšã¢ãããªã³ã¯ãšãåæ£ (éç·) ããã³ãã¹ãåãšã¢ãããªã³ã¯ãšãã㧠ã€ã«ãªãŒã㌠(èµ€) 410 Figure 26 RED 50:ãã¹ãåã®åæ£ãšã¢ãããªã³ã¯ã®ãã§ã€ã«ãªãŒã㌠(ç·) ããã³ãã¹ãåã®ã㧠ã€ã«ãªãŒããŒãšã¢ãããªã³ã¯ã®åæ£ (é) 410 Figure 27 ã¬ããŒãã£ã³ã°:æãç·ã°ã©ãã®äŸ 476 Figure 28 ã¬ããŒãã£ã³ã°:åã°ã©ãã®äŸ 476