{"id":19768,"date":"2024-07-23T15:54:59","date_gmt":"2024-07-23T08:54:59","guid":{"rendered":"https:\/\/thegioifirewall.com\/?p=19768"},"modified":"2025-03-24T07:27:23","modified_gmt":"2025-03-24T07:27:23","slug":"huong-dan-cau-hinh-xac-thuc-user-domain-giua-sophos-xgs-va-ad-server-su-dung-stas-de-quan-ly-users-va-group-chan-web-va-app-trong-domain","status":"publish","type":"post","link":"https:\/\/vacif.com\/en\/huong-dan-cau-hinh-xac-thuc-user-domain-giua-sophos-xgs-va-ad-server-su-dung-stas-de-quan-ly-users-va-group-chan-web-va-app-trong-domain\/","title":{"rendered":"H\u01b0\u1edbng d\u1eabn c\u1ea5u h\u00ecnh x\u00e1c th\u1ef1c user domain gi\u1eefa sophos XGS v\u00e0 AD server s\u1eed d\u1ee5ng STAS \u0111\u1ec3 qu\u1ea3n l\u00fd users v\u00e0 group ch\u1eb7n web v\u00e0 app trong domain"},"content":{"rendered":"\n

B\u00e0i vi\u1ebft h\u01b0\u1edbng d\u1eabn c\u00e1ch c\u1ea5u h\u00ecnh STAS \u0111\u1ec3 qu\u1ea3n l\u00fd users v\u00e0 group truy c\u1eadp web v\u00e0 app trong domain, \u0111\u00e2y l\u00e0 t\u00ednh n\u0103ng cung c\u1ea5p kh\u1ea3 n\u0103ng x\u00e1c th\u1ef1c ng\u01b0\u1eddi d\u00f9ng trong m\u1ea1ng n\u1ed9i b\u1ed9 m\u1ed9t c\u00e1ch t\u1ef1 \u0111\u1ed9ng ch\u1ec9 c\u1ea7n \u0111\u0103ng nh\u1eadp tr\u00ean m\u00e1y tr\u1ea1m c\u1ee7a ng\u01b0\u1eddi d\u00f9ng. V\u00e0 c\u0169ng kh\u00f4ng c\u1ea7n ph\u1ea3i c\u00e0i \u0111\u1eb7t SSO \u1edf tr\u00ean m\u1ed7i m\u00e1y tr\u1ea1m. D\u1ec5 d\u00e0ng s\u1eed d\u1ee5ng cho end user v\u00e0 m\u1ee9c \u0111\u1ed9 b\u1ea3o m\u1eadt cao h\u01a1n<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Chi ti\u1ebft s\u01a1 \u0111\u1ed3 m\u1ea1ng<\/p>\n\n\n\n

AD server c\u00f3 \u0111\u1ecba ch\u1ec9 IP 10.0.0.12\/24<\/p>\n\n\n\n

C\u00e1c m\u00e1y tr\u1ea1m trong m\u1ea1ng \u0111\u01b0\u1ee3c c\u1ea5p IP \u0111\u1ed9ng v\u1edbi l\u1edbp m\u1ea1ng 172.17.17.0\/24<\/p>\n\n\n\n

Gateway c\u1ee7a c\u00e1c m\u00e1y tr\u1ea1m l\u00e0 thi\u1ebft b\u1ecb Sophos XGS c\u00f3 IP l\u00e0 172.17.17.1\/24<\/p>\n\n\n\n

T\u00ecnh hu\u1ed1ng c\u1ea5u h\u00ecnh<\/p>\n\n\n\n

B\u00e0i vi\u1ebft s\u1ebd th\u1ef1c hi\u1ec7n c\u1ea5u h\u00ecnh STAS tr\u00ean thi\u1ebft b\u1ecb Sophos firewall v\u00e0 AD server \u0111\u1ec3 m\u00e1y tr\u1ea1m c\u1ee7a ng\u01b0\u1eddi d\u00f9ng trong m\u00f4i tr\u01b0\u1eddng domain ch\u1ec9 c\u1ea7n \u0111\u0103ng nh\u1eadp username v\u00e0 password l\u00e0 c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c x\u00e1c th\u1ef1c c\u1ea3 tr\u00ean Sophos firewall. T\u00e0i kho\u1ea3n username v\u00e0 password \u0111\u00e3 \u0111\u01b0\u1ee3c \u0111\u1ed3ng b\u1ed9 ho\u00e1 gi\u1eefa AD server v\u00e0 Sophos firewall. \u0110\u1ed3ng th\u1eddi t\u1ea1o rule \u0111\u1ec3 ch\u1eb7n truy c\u1eadp web v\u00e0 app cho c\u00e1c users v\u00e0 group.<\/p>\n\n\n\n

\u0110\u1ed3ng th\u1eddi s\u1eed d\u1ee5ng firewall rule v\u1edbi source identity l\u00e0 group v\u00e0 user v\u00e0 web policy \u0111\u1ec3 ki\u1ec3m tra ho\u1ea1t \u0111\u1ed9ng m\u1ea1ng c\u1ee7a ng\u01b0\u1eddi d\u00f9ng domain, show c\u00e1c th\u00f4ng tin v\u1ec1 group, user tr\u00ean c\u00e1c giao di\u1ec7n report, monitoring, logging<\/p>\n\n\n\n

C\u00e1c b\u01b0\u1edbc c\u1ea5u h\u00ecnh<\/p>\n\n\n\n

C\u1ea5u h\u00ecnh ADS <\/p>\n\n\n\n

Download STAS tr\u00ean AD <\/p>\n\n\n\n

C\u00e0i \u0111\u1eb7t STAS tr\u00ean AD<\/p>\n\n\n\n

C\u1ea5u h\u00ecnh STAS tr\u00ean AD<\/p>\n\n\n\n

Th\u00eam AD server v\u00e0o Sophos XGS \u0111\u1ec3 x\u00e1c th\u1ef1c user doman<\/p>\n\n\n\n

\u0110i\u1ec1u ch\u1ec9nh c\u1ea5u h\u00ecnh service \u0111\u1ec3 x\u00e1c th\u1ef1c b\u1eb1ng AD server <\/p>\n\n\n\n

C\u1ea5u h\u00ecnh STAS tr\u00ean XGS firewall<\/p>\n\n\n\n

T\u1ea1o firewall rule v\u1edbi source identify l\u00e0 group, user \u0111\u1ec3 s\u1eed d\u1ee5ng x\u00e1c th\u1ef1c STAS<\/p>\n\n\n\n

Ki\u1ec3m tra ho\u1ea1t \u0111\u1ed9ng STAS <\/p>\n\n\n\n

Ki\u1ec3m tra giao di\u1ec7n report, monitoring, logging<\/p>\n\n\n\n

Ki\u1ec3m tra t\u00ednh n\u0103ng ch\u1eb7n web app tr\u00ean c\u00e1c m\u00e1y tr\u1ea1m.<\/p>\n\n\n\n

H\u01b0\u1edbng d\u1eabn c\u1ea5u h\u00ecnh<\/p>\n\n\n\n

B1: C\u1ea5u h\u00ecnh ADS<\/p>\n\n\n\n

C\u1ea5u h\u00ecnh tr\u00ean AD <\/p>\n\n\n\n

\u0110\u0103ng nh\u1eadp v\u00e0o AD server v\u1edbi \u0111\u1ecba ch\u1ec9 IP l\u00e0 10.0.0.200<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Sau khi v\u00e0o \u0111\u01b0\u1ee3c trang giao di\u1ec7n c\u1ee7a vmware esxi, ch\u00fang ta b\u1eaft \u0111\u1ea7u t\u1ea1o 1 con AD m\u1edbi. Chu\u1ed9t ph\u1ea3i v\u00e0o Virtual Machines > CreateRegister VM <\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Ch\u1ecdn Create a new virtual machine sau \u0111\u00f3 b\u1ea5m next <\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

\u0110\u1eb7t t\u00ean cho m\u00e1y l\u00e0 AD-son > Guest OS family ch\u1ecdn windows > Guest OS version ch\u1ecdn Microsoft Windows Server 2019 (64-bit)<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Storage \u1edf \u0111\u00e2y m\u00ecnh ch\u1ec9 c\u00f3 1 kho d\u1eef li\u1ec7u v\u00e0 m\u00ecnh ch\u1ecdn <\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

CPU ch\u1ecdn 2 > Memory ch\u1ecdn 4096 MB > hard disk ch\u1ecdn 40 GB Network adapter 1 ch\u1ecdn VMnetwork > CD\/DVD Drive 1 ch\u1ecdn datastore ISO file > video card v\u00e0o m\u1ee5c default setttings v\u00e0 ch\u1ecdn file window iso <\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n
\n
\"\"<\/figure>\n<\/div>\n\n\n

Sau khi nh\u1ea5n finish ta s\u1ebd c\u00f3 \u0111\u01b0\u1ee3c m\u00e1y \u1ea3o AD-son<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

B\u1ea5m v\u00e0o m\u00e1y \u1ea3o v\u00e0 b\u1eaft \u0111\u1ea7u kh\u1edfi ch\u1ea1y > \u0111\u0103ng nh\u1eadp v\u00e0o acc admin <\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Khi v\u00e0o s\u1ebd hi\u1ec7n giao di\u1ec7n qu\u1ea3n tr\u1ecb<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Ti\u1ebfp theo ch\u00fang ta v\u00e0o th\u01b0 m\u1ee5c sophos \u1edf \u1ed5 \u0111\u0129a C \u0111\u1ec3 c\u1ea5p quy\u1ec1n cho \u1ee9ng d\u1ee5ng<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n
\n
\"\"<\/figure>\n<\/div>\n\n\n

Nh\u1ea5n Edit v\u00e0 t\u00ecm t\u1eeb kh\u00f3a Administrator (SONVACIF\\Administrator) sau \u0111\u00f3 tick ch\u1ecdn t\u1ea5t c\u1ea3 c\u00e1c quy\u1ec1n<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n
\n
\"\"<\/figure>\n<\/div>\n\n\n

Ti\u1ebfp theo nh\u1eadp v\u00e0o thanh t\u00ecm ki\u1ebfm g\u00f5 t\u1eeb h\u00f3a local security policy \u0111\u1ec3 xem setting b\u1ea3o m\u1eadt v\u00e0 tick ch\u1ecdn 2 n\u00fat Success v\u00e0 Failure<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Ti\u1ebfp theo v\u00e0o m\u1ee5c user rights Assignment >> Log on as a service >> add user son v\u00e0 Administrator v\u00e0o <\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

V\u00e0o Advanced Audit Policy Configuration >> system Audit Policies >> Account Logon >> tick ch\u1ecdn c\u1ea3 2 <\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Ti\u1ebfp theo v\u00e0o m\u1ee5c Logon\/Logoff >> tick ch\u1ecdn c\u1ea3 2<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

B3: C\u00e0i \u0111\u1eb7t STAS tr\u00ean AD server<\/p>\n\n\n\n

\u0110\u0103ng nh\u1eadp v\u00e0o trang user portal b\u1eb1ng c\u00e1c t\u00e0i kho\u1ea3n \u0111\u00e3 t\u1ea1o \u1edf server manager \u0111\u1ec3 t\u1ea3i STAS<\/p>\n\n\n\n

Download Client >> Download for windows<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n
\n
\"\"<\/figure>\n<\/div>\n\n\n

Kh\u1edfi ch\u1ea1y \u1ee9ng d\u1ee5ng b\u1eb1ng quy\u1ec1n admin >> ch\u1ecdn SSO Suite<\/p>\n\n\n

\n
\"\"\/<\/figure>\n<\/div>\n\n
\n
\"\"\/<\/figure>\n<\/div>\n\n\n

Nh\u1eadp username v\u00e0 password t\u00e0i kho\u1ea3n administrator domain (administrator@sonvacif.com)<\/a> >> b\u1ea5m next<\/p>\n\n\n\n

– Nh\u1ea5n finish \u0111\u1ec3 ho\u00e0n th\u00e0nh c\u00e0i \u0111\u1eb7t<\/p>\n\n\n\n

B4: C\u1ea5u h\u00ecnh STAS<\/p>\n\n\n\n

– M\u1edf STAS b\u1eb1ng c\u00e1ch double v\u00e0o Sophos Transparent Authentication Suite tr\u00ean m\u00e0n h\u00ecnh desktop<\/p>\n\n\n\n

– Tr\u00ean STA Collector: <\/p>\n\n\n\n

+ \u1ede m\u1ee5c Sophos Appliance >> Nh\u1ea5n Add \u0111\u1ec3 th\u00eam \u0111\u1ecba ch\u1ec9 IP c\u1ee7a port LAN c\u1ee7a sophos XGS (ip port 1 LAN c\u1ee7a m\u00ecnh l\u00e0 192.168.223.0\/24 v\u00e0 IP c\u1ee7a AD server 10.0.0.0\/24)<\/p>\n\n\n\n

+ \u1ede Workstation Polling Settings: Ch\u1ecdn WMI<\/p>\n\n\n\n

+ \u1ede Logoff Detection Settings v\u00e0 Appliance Port >> Gi\u1eef c\u1ea5u h\u00ecnh default<\/p>\n\n\n\n

-> Nh\u1ea5n Apply<\/p>\n\n\n\n

+ STA Agent<\/strong> s\u1ebd gi\u00e1m s\u00e1t c\u00e1c y\u00eau c\u1ea7u x\u00e1c th\u1ef1c ng\u01b0\u1eddi d\u00f9ng v\u00e0 g\u1eedi th\u00f4ng tin \u0111\u1ebfn b\u1ed9 thu th\u1eadp \u0111\u1ec3 x\u00e1c th\u1ef1c Sau \u0111\u00f3 STA Collector <\/strong>s\u1ebd thu th\u1eadp c\u00e1c y\u00eau c\u1ea7u x\u00e1c th\u1ef1c ng\u01b0\u1eddi d\u00f9ng t\u1eeb t\u00e1c nh\u00e2n, x\u1eed l\u00fd c\u00e1c y\u00eau c\u1ea7u v\u00e0 g\u1eedi ch\u00fang \u0111\u1ebfn t\u01b0\u1eddng l\u1eeda \u0111\u1ec3 x\u00e1c th\u1ef1c.<\/p>\n\n\n

\n
\"\"\/<\/figure>\n<\/div>\n\n\n

Tr\u00ean STA Agent<\/p>\n\n\n\n

\u1ede m\u1ee5c Monitor Networks >> Nh\u1ea5n Add \u0111\u1ec3 th\u00eam LAN network m\u00e0 b\u1ea1n mu\u1ed1n x\u00e1c th\u1ef1c<\/p>\n\n\n\n

-> Nh\u1ea5n Apply<\/p>\n\n\n

\n
\"\"\/<\/figure>\n<\/div>\n\n\n

– \u1ede General tab<\/p>\n\n\n\n

+ Nh\u1eadp NetBIOS c\u1ee7a domain<\/p>\n\n\n\n

+ Nh\u1eadp FQDN c\u1ee7a domain<\/p>\n\n\n\n

+ Nh\u1ea5n Start \u0111\u1ec3 kh\u1edfi \u0111\u1ed9ng STAS<\/p>\n\n\n\n

-> Nh\u1ea5n Apply -> Nh\u1ea5n OK<\/p>\n\n\n

\n
\"\"\/<\/figure>\n<\/div>\n\n\n

B5: Th\u00eam AD server v\u00e0o Sophos XGS \u0111\u1ec3 x\u00e1c th\u1ef1c user domain<\/p>\n\n\n\n

C\u1ea5u h\u00ecnh tr\u00ean Sophos XGS<\/p>\n\n\n\n

Authentication -> Server -> Nh\u1ea5n Add<\/strong><\/p>\n\n\n\n

    \n
  • \u1ede m\u1ee5c Server type<\/strong>: Ch\u1ecdn Active Directory<\/strong><\/li>\n\n\n\n
  • Server name<\/strong>: Nh\u1eadp t\u00ean server m\u00e0 b\u1ea1n mu\u1ed1n qu\u1ea3n l\u00fd<\/li>\n\n\n\n
  • Server IP\/domain<\/strong>: Nh\u1eadp \u0111\u1ecba ch\u1ec9 IP c\u1ee7a AD<\/li>\n\n\n\n
  • Port<\/strong>: 389<\/li>\n\n\n\n
  • NetBIOS domain<\/strong>: Nh\u1eadp t\u00ean NetBIOS c\u1ee7a AD<\/li>\n\n\n\n
  • ADS username<\/strong>: Nh\u1eadp administrator<\/li>\n\n\n\n
  • Password<\/strong>: Nh\u1eadp password c\u1ee7a t\u00e0i kho\u1ea3n administrator<\/li>\n\n\n\n
  • Connection security<\/strong>: Ch\u1ecdn Simple<\/li>\n\n\n\n
  • Display name attribute<\/strong>: Nh\u1eadp t\u00ean cho server m\u00e0 b\u1ea1n mu\u1ed1n qu\u1ea3n l\u00fd<\/li>\n\n\n\n
  • Email address attribute<\/strong>: Nh\u1eadp email m\u00e0 b\u1ea1n mu\u1ed1n (c\u00f3 th\u1ec3 \u0111\u1ec3 tr\u1ed1ng)<\/li>\n\n\n\n
  • Domain name<\/strong>: Nh\u1eadp domain name<\/li>\n\n\n\n
  • Search queries<\/strong>: Nh\u1eadp domain name theo \u0111\u1ecbnh d\u1ea1ng queries (VD: dc=vcf,dc=com)<\/li>\n<\/ul>\n\n\n\n

    -> Nh\u1ea5n Test connection<\/strong> -> Nh\u1ea5n Save<\/strong><\/p>\n\n\n

    \n
    \"\"\/<\/figure>\n<\/div>\n\n\n
      \n
    • Khi t\u1ea1o xong s\u1ebd hi\u1ec7n Server AD-son<\/li>\n\n\n\n
    • V\u00e0o import \u0111\u1ec3 add group v\u00e0 user t\u1eeb AD server<\/li>\n<\/ul>\n\n\n
      \n
      \"\"\/<\/figure>\n<\/div>\n\n
      \n
      \"\"\/<\/figure>\n<\/div>\n\n\n

      Tick ch\u1ecdn group v\u00e0 users m\u00ecnh mu\u1ed1n add <\/p>\n\n\n\n

      -> B\u1ea5m next <\/p>\n\n\n

      \n
      \"\"\/<\/figure>\n<\/div>\n\n
      \n
      \"\"\/<\/figure>\n<\/div>\n\n\n

      B6: \u0110i\u1ec1u ch\u1ec9nh c\u1ea5u h\u00ecnh Service cho x\u00e1c th\u1ef1c b\u1eb1ng AD server<\/strong><\/h4>\n\n\n\n

      Authentication -> Services<\/p>\n\n\n\n

      \u1ede Firewall authentication methods<\/strong><\/p>\n\n\n\n

        \n
      • Ch\u1ecdn AD c\u1ee7a b\u1ea1n v\u00e0 b\u1ecf ch\u1ecdn Local<\/li>\n\n\n\n
      • \u1ede Default group<\/strong>: Ch\u1ecdn OU m\u00e0 b\u1ea1n mu\u1ed1n th\u00eam<\/li>\n<\/ul>\n\n\n\n

        -> Nh\u1ea5n Apply<\/strong><\/p>\n\n\n

        \n
        \"\"\/<\/figure>\n<\/div>\n\n\n

        B7: C\u1ea5u h\u00ecnh STAS tr\u00ean XGS firewall<\/strong><\/h4>\n\n\n\n
          \n
        • Authentication -> B\u1eadt STAS b\u1eb1ng c\u00e1ch ch\u1ecdn ON <\/strong>v\u00e0 nh\u1ea5n Active STAS<\/strong><\/li>\n<\/ul>\n\n\n
          \n
          \"\"\/<\/figure>\n<\/div>\n\n\n
            \n
          • Nh\u1eadp \u0111\u1ecba ch\u1ec9 IP c\u1ee7a AD Server \u1edf m\u1ee5c Collector IP -> Nh\u1ea5n Save<\/strong><\/li>\n<\/ul>\n\n\n
            \n
            \"\"\/<\/figure>\n<\/div>\n\n
            \n
            \"\"\/<\/figure>\n<\/div>\n\n\n

            B8: V\u00e0o m\u00e1y \u1ea3o VMWare Workstation \u0111\u1ec3 t\u1ea1o client <\/p>\n\n\n\n

              \n
            • \u1ede \u0111\u00e2y m\u00ecnh \u0111\u00e3 t\u1ea1o 2 m\u00e1y c\u00f3 t\u00ean l\u00e0 Client-PC1 v\u00e0 Client-PC3<\/li>\n\n\n\n
            • Client -PC1 c\u00f3 \u0111\u1ecba ch\u1ec9 IP LAN l\u00e0 172.17.17.22<\/li>\n\n\n\n
            • Client-PC3 c\u00f3 \u0111\u1ecba ch\u1ec9 IP LAN l\u00e0 172.17.17.21<\/li>\n<\/ul>\n\n\n
              \n
              \"\"\/<\/figure>\n<\/div>\n\n
              \n
              \"\"\/<\/figure>\n<\/div>\n\n\n

              Sau khi \u0111\u0103ng nh\u1eadp v\u00e0o c\u00e1c user th\u00ec ch\u00fang ta quay l\u1ea1i AD server \u0111\u1ec3 ki\u1ec3m tra Live users<\/p>\n\n\n

              \n
              \"\"\/<\/figure>\n<\/div>\n\n\n

              Ti\u1ebfp theo \u0111\u1ec3 c\u00f3 th\u1ec3 hi\u1ec7n user th\u00ec ch\u00fang ta c\u1ea7n ph\u1ea3i \u0111\u0103ng nh\u1eadp v\u00e0o trang user portal >> \u0111\u0103ng nh\u1eadp v\u00e0o user<\/p>\n\n\n

              \n
              \"\"\/<\/figure>\n<\/div>\n\n
              \n
              \"\"\/<\/figure>\n<\/div>\n\n\n

              Sau \u0111\u00f3 quay l\u1ea1i trang Sophos >> Authentication >> users >> nh\u1ea5n Purge AD users \u0111\u1ec3 hi\u1ec7n users l\u00ean<\/p>\n\n\n

              \n
              \"\"\/<\/figure>\n<\/div>\n\n
              \n
              \"\"\/<\/figure>\n<\/div>\n\n\n

              Ti\u1ebfp t\u1ee5c v\u00e0o m\u1ee5c current activities >> Live users \u0111\u1ec3 ki\u1ec3m tra c\u00e1c users \u0111ang ho\u1ea1t \u0111\u1ed9ng (Sau khi th\u00e0nh c\u00f4ng c\u00e1c b\u01b0\u1edbc tr\u00ean m\u1edbi hi\u1ec7n \u0111\u01b0\u1ee3c c\u00e1c Live users) <\/p>\n\n\n

              \n
              \"\"\/<\/figure>\n<\/div>\n\n\n
                \n
              • Ti\u1ebfp theo v\u00e0o Rules and policies >> Firewall Rules >> Add firewall rule >> new firewall rule<\/li>\n<\/ul>\n\n\n\n
                  \n
                • Rule name: Block user domain <\/li>\n\n\n\n
                • Tick ch\u1ecdn log firewall traffic ghi l\u1ea1i l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp <\/li>\n\n\n\n
                • Source zones >> LAN<\/li>\n\n\n\n
                • Destination zones >> WAN <\/li>\n\n\n\n
                • Source networks and devices >> Ch\u1ecdn IP c\u00e1c m\u00e1y users m\u00e0 m\u00ecnh \u0111\u00e3 t\u1ea1o \u0111\u1ec3 \u00e1p d\u1ee5ng c\u00e1c quy t\u1eafc<\/strong><\/li>\n\n\n\n
                • Destination network >> Any<\/strong><\/li>\n\n\n\n
                • Tick ch\u1ecdn match know users >> ch\u1ecdn user ho\u1eb7c group m\u00e0 m\u00ecnh mu\u1ed1n x\u00e1c th\u1ef1c<\/li>\n<\/ul>\n\n\n
                  \n
                  \"\"\/<\/figure>\n<\/div>\n\n
                  \n
                  \"\"\/<\/figure>\n<\/div>\n\n
                  \n
                  \"\"\/<\/figure>\n<\/div>\n\n\n

                  Ti\u1ebfp theo >> t\u1ea1o li\u00ean k\u1ebft NAT >> create linked NAT rule >> m\u1ee5c translated source (SNAT) >> ch\u1ecdn MASQ<\/p>\n\n\n

                  \n
                  \"\"\/<\/figure>\n<\/div>\n\n
                  \n
                  \"\"\/<\/figure>\n<\/div>\n\n\n

                  \u0110\u1ec3 ch\u1eb7n web v\u00e0 app th\u00ec tick ch\u1ecdn v\u00e0o web policy >> ch\u1ecdn policy m\u00ecnh \u0111\u00e3 t\u1ea1o (\u1edf \u0111\u00e2y m\u00ecnh \u0111\u00e3 t\u1ea1o policy \u0111\u1ec3 ch\u1eb7n instagram v\u00e0 youtube) >>  tick ch\u1ecdn Block QUIC protocol (s\u1eed d\u1ee5ng QUIC c\u00f3 th\u1ec3 v\u01b0\u1ee3t qua qu\u00e1 tr\u00ecnh l\u1ecdc web. Vi\u1ec7c b\u1eadt t\u00f9y ch\u1ecdn n\u00e0y s\u1ebd \u0111\u1ea3m b\u1ea3o c\u00e1c trang web \u0111\u00f3 s\u1eed d\u1ee5ng HTTP\/S) >> Nh\u1ea5n Save <\/strong> <\/strong><\/p>\n

                  \"\"\/<\/figure>\n\n\n\n

                  Ti\u1ebfp theo >> v\u00e0o ph\u1ea7n Administrator >> tick ch\u1ecdn Client \u1edf zone LAN >> nh\u1ea5n apply<\/p>\n\n\n

                  \n
                  \"\"\/<\/figure>\n<\/div>\n\n\n

                  Sau \u0111\u00f3 ch\u00fang ta v\u00e0o l\u1ea1i 2 m\u00e1y \u1ea3o PC 1 v\u00e0 PC 3 >> \u1edf PC 3 v\u00e0o instagram th\u00ec b\u1ecb ch\u1eb7n c\u00f2n PC 1 th\u00ec v\u1eabn v\u00f4 \u0111\u01b0\u1ee3c b\u00ecnh th\u01b0\u1eddng (L\u01b0u \u00fd<\/strong> c\u00e1c m\u00e1y ph\u1ea3i trong domain v\u00e0 c\u00f9ng chung 1 m\u1ea1ng LAN th\u00ec m\u1edbi l\u00e0m \u0111\u01b0\u1ee3c)<\/p>\n\n\n

                  \n
                  \"\"\/<\/figure>\n<\/div>\n\n
                  \n
                  \"\"\/<\/figure>\n<\/div>","protected":false},"excerpt":{"rendered":"

                  B\u00e0i vi\u1ebft h\u01b0\u1edbng d\u1eabn c\u00e1ch c\u1ea5u h\u00ecnh STAS \u0111\u1ec3 qu\u1ea3n l\u00fd users v\u00e0 group truy c\u1eadp web v\u00e0 app trong domain, \u0111\u00e2y l\u00e0 t\u00ednh n\u0103ng cung c\u1ea5p kh\u1ea3 n\u0103ng x\u00e1c th\u1ef1c ng\u01b0\u1eddi d\u00f9ng trong m\u1ea1ng n\u1ed9i b\u1ed9 m\u1ed9t c\u00e1ch t\u1ef1 \u0111\u1ed9ng ch\u1ec9 c\u1ea7n \u0111\u0103ng nh\u1eadp tr\u00ean m\u00e1y tr\u1ea1m c\u1ee7a ng\u01b0\u1eddi d\u00f9ng. V\u00e0 c\u0169ng kh\u00f4ng c\u1ea7n […]<\/p>\n","protected":false},"author":8,"featured_media":19770,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","ocean_post_layout":"","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"","ocean_second_sidebar":"","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"","ocean_custom_header_template":"","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"","ocean_menu_typo_font_family":"","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"","ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"on","ocean_gallery_id":[],"footnotes":""},"categories":[80],"tags":[454,452,455,456],"class_list":["post-19768","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-huong-dan-tai-lieu","tag-ad-server","tag-sophos-xgs","tag-stas","tag-user-domain","entry","has-media"],"_links":{"self":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/19768","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/comments?post=19768"}],"version-history":[{"count":1,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/19768\/revisions"}],"predecessor-version":[{"id":20096,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/19768\/revisions\/20096"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/media\/19770"}],"wp:attachment":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/media?parent=19768"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/categories?post=19768"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/tags?post=19768"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}