{"id":20607,"date":"2024-10-08T10:21:35","date_gmt":"2024-10-08T03:21:35","guid":{"rendered":"https:\/\/thegioifirewall.com\/?p=20607"},"modified":"2025-03-24T07:27:21","modified_gmt":"2025-03-24T07:27:21","slug":"sophos-firewall-v21-cai-tien-vpn-va-dinh-tuyen","status":"publish","type":"post","link":"https:\/\/vacif.com\/en\/sophos-firewall-v21-cai-tien-vpn-va-dinh-tuyen\/","title":{"rendered":"Sophos Firewall v21: C\u1ea3i ti\u1ebfn VPN v\u00e0 \u0111\u1ecbnh tuy\u1ebfn"},"content":{"rendered":"\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"573\" src=\"https:\/\/uploads.thegioifirewall.com\/2024\/10\/sophos-firewall-v21-cai-tien-vpn-va-dinh-tuyen-1024x573.png\" alt=\"\" class=\"wp-image-20609\" srcset=\"https:\/\/vacif.com\/en\/wp-content\/uploads\/sites\/3\/2024\/10\/sophos-firewall-v21-cai-tien-vpn-va-dinh-tuyen-1024x573.png 1024w, https:\/\/vacif.com\/en\/wp-content\/uploads\/sites\/3\/2024\/10\/sophos-firewall-v21-cai-tien-vpn-va-dinh-tuyen-600x336.png 600w, https:\/\/vacif.com\/en\/wp-content\/uploads\/sites\/3\/2024\/10\/sophos-firewall-v21-cai-tien-vpn-va-dinh-tuyen-300x168.png 300w, https:\/\/vacif.com\/en\/wp-content\/uploads\/sites\/3\/2024\/10\/sophos-firewall-v21-cai-tien-vpn-va-dinh-tuyen-768x430.png 768w, https:\/\/vacif.com\/en\/wp-content\/uploads\/sites\/3\/2024\/10\/sophos-firewall-v21-cai-tien-vpn-va-dinh-tuyen.png 1273w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><strong><br><\/strong>C\u00e1ch t\u1eadn d\u1ee5ng t\u1ed1i \u0111a c\u00e1c t\u00ednh n\u0103ng m\u1edbi trong Sophos Firewall v21.<\/p>\n\n\n\n<p>\u0110\u01b0\u1ee3c vi\u1ebft b\u1edfi Chris McCormack<\/p>\n\n\n\n<p><strong>Ng\u00e0y 23 th\u00e1ng 9 n\u0103m 2024<\/strong><\/p>\n\n\n\n<p>Sophos Firewall v21 mang \u0111\u1ebfn nh\u1eefng c\u1ea3i ti\u1ebfn m\u1edbi th\u00fa v\u1ecb cho ch\u1ee9c n\u0103ng VPN, x\u00e1c th\u1ef1c v\u00e0 \u0111\u1ecbnh tuy\u1ebfn.<\/p>\n\n\n\n<p><strong>C\u1ea3i ti\u1ebfn VPN<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>T\u00f9y ch\u1ecdn k\u00edch ho\u1ea1t v\u00e0 h\u1ee7y k\u00edch ho\u1ea1t h\u00e0ng lo\u1ea1t hi\u1ec7n kh\u1ea3 d\u1ee5ng cho c\u00e1c k\u1ebft n\u1ed1i (xem \u1ea3nh ch\u1ee5p m\u00e0n h\u00ecnh b\u00ean d\u01b0\u1edbi)<\/li>\n\n\n\n<li>T\u00ednh n\u0103ng l\u1ecdc n\u00e2ng cao tr\u00ean trang qu\u1ea3n l\u00fd VPN hi\u1ec7n h\u1ee3p nh\u1ea5t th\u00f4ng tin tr\u00ean nhi\u1ec1u trang<\/li>\n\n\n\n<li>T\u00ecm ki\u1ebfm d\u1ef1a tr\u00ean gi\u00e1 tr\u1ecb v\u00e0 v\u0103n b\u1ea3n mi\u1ec5n ph\u00ed hi\u1ec7n \u0111\u01b0\u1ee3c h\u1ed7 tr\u1ee3 trong c\u1ea5u h\u00ecnh VPN cho m\u1ea1ng, m\u1ea1ng con, ng\u01b0\u1eddi d\u00f9ng truy c\u1eadp t\u1eeb xa v\u00e0 VPN site-to-site<\/li>\n\n\n\n<li>\u0110\u00e3 th\u00eam ch\u1ebf \u0111\u1ed9 xem giao di\u1ec7n XFRM c\u1ee5 th\u1ec3 v\u00e0o trang Giao di\u1ec7n \u0111\u1ec3 d\u1ec5 d\u00e0ng l\u1ecdc c\u00e1c giao di\u1ec7n RBVPN<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"369\" src=\"https:\/\/uploads.thegioifirewall.com\/2024\/10\/sophos-firewall-v21-cai-tien-vpn-va-dinh-tuyen-1-1024x369.png\" alt=\"\" class=\"wp-image-20610\" srcset=\"https:\/\/vacif.com\/en\/wp-content\/uploads\/sites\/3\/2024\/10\/sophos-firewall-v21-cai-tien-vpn-va-dinh-tuyen-1-1024x369.png 1024w, https:\/\/vacif.com\/en\/wp-content\/uploads\/sites\/3\/2024\/10\/sophos-firewall-v21-cai-tien-vpn-va-dinh-tuyen-1-600x216.png 600w, https:\/\/vacif.com\/en\/wp-content\/uploads\/sites\/3\/2024\/10\/sophos-firewall-v21-cai-tien-vpn-va-dinh-tuyen-1-300x108.png 300w, https:\/\/vacif.com\/en\/wp-content\/uploads\/sites\/3\/2024\/10\/sophos-firewall-v21-cai-tien-vpn-va-dinh-tuyen-1-768x277.png 768w, https:\/\/vacif.com\/en\/wp-content\/uploads\/sites\/3\/2024\/10\/sophos-firewall-v21-cai-tien-vpn-va-dinh-tuyen-1.png 1428w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><strong>C\u1ea3i ti\u1ebfn VPN Site to Site<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>C\u00e1c c\u1ed5ng t\u1eeb xa d\u1ef1a tr\u00ean FQDN \u0111\u00e3 \u0111\u01b0\u1ee3c t\u1ed1i \u01b0u h\u00f3a \u0111\u1ec3 c\u1ea3i thi\u1ec7n kh\u1ea3 n\u0103ng m\u1edf r\u1ed9ng cho c\u00e1c tri\u1ec3n khai ph\u00e2n t\u00e1n<\/li>\n\n\n\n<li>Chuy\u1ec3n ti\u1ebfp DHCP qua giao di\u1ec7n XFRM hi\u1ec7n \u0111\u01b0\u1ee3c h\u1ed7 tr\u1ee3 cho l\u01b0u l\u01b0\u1ee3ng \u0111\u1ebfn m\u00e1y ch\u1ee7 DHCP \u0111\u01b0\u1ee3c tri\u1ec3n khai ph\u00eda sau t\u01b0\u1eddng l\u1eeda t\u1eeb xa (xem h\u00ecnh minh h\u1ecda b\u00ean d\u01b0\u1edbi)<\/li>\n\n\n\n<li>Vi\u1ec7c tri\u1ec3n khai RBVPN c\u00f3 th\u1ec3 t\u0103ng th\u1eddi gian ho\u1ea1t \u0111\u1ed9ng c\u1ee7a giao di\u1ec7n XFRM l\u00ean t\u1edbi 20 l\u1ea7n, gi\u1ea3m thi\u1ec3u \u0111\u00e1ng k\u1ec3 s\u1ef1 gi\u00e1n \u0111o\u1ea1n trong qu\u00e1 tr\u00ecnh chuy\u1ec3n \u0111\u1ed5i \u0111\u01b0\u1eddng h\u1ea7m, chuy\u1ec3n \u0111\u1ed5i d\u1ef1 ph\u00f2ng HA ho\u1eb7c kh\u1edfi \u0111\u1ed9ng l\u1ea1i<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"514\" src=\"https:\/\/uploads.thegioifirewall.com\/2024\/10\/sophos-firewall-v21-cai-tien-vpn-va-dinh-tuyen-2-1024x514.png\" alt=\"\" class=\"wp-image-20611\" srcset=\"https:\/\/vacif.com\/en\/wp-content\/uploads\/sites\/3\/2024\/10\/sophos-firewall-v21-cai-tien-vpn-va-dinh-tuyen-2-1024x514.png 1024w, https:\/\/vacif.com\/en\/wp-content\/uploads\/sites\/3\/2024\/10\/sophos-firewall-v21-cai-tien-vpn-va-dinh-tuyen-2-600x301.png 600w, https:\/\/vacif.com\/en\/wp-content\/uploads\/sites\/3\/2024\/10\/sophos-firewall-v21-cai-tien-vpn-va-dinh-tuyen-2-300x151.png 300w, https:\/\/vacif.com\/en\/wp-content\/uploads\/sites\/3\/2024\/10\/sophos-firewall-v21-cai-tien-vpn-va-dinh-tuyen-2-768x386.png 768w, https:\/\/vacif.com\/en\/wp-content\/uploads\/sites\/3\/2024\/10\/sophos-firewall-v21-cai-tien-vpn-va-dinh-tuyen-2.png 1428w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><strong>C\u1ea3i ti\u1ebfn x\u00e1c th\u1ef1c<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>T\u00edch h\u1ee3p Google Workspace th\u00f4ng qua m\u00e1y kh\u00e1ch LDAP v\u00e0 kh\u1ea3 n\u0103ng t\u01b0\u01a1ng th\u00edch SSO c\u1ee7a Google Chromebook v\u1edbi c\u00e1c lo\u1ea1i m\u00e1y ch\u1ee7 LDAP cho ph\u00e9p ch\u1ee9c n\u0103ng SSO cho m\u00f4i tr\u01b0\u1eddng Google LDAP d\u00e0nh cho Chromebook<\/li>\n\n\n\n<li>Hi\u1ec7u su\u1ea5t x\u1eed l\u00fd \u0111\u0103ng nh\u1eadp h\u00e0ng lo\u1ea1t \u0111\u01b0\u1ee3c c\u1ea3i thi\u1ec7n t\u1edbi 4 l\u1ea7n \u0111\u1ed1i v\u1edbi Radius SSO, STAS v\u00e0 Synchronized User ID \u0111\u1ec3 c\u00f3 th\u1ec3 x\u1eed l\u00fd h\u00e0ng ngh\u00ecn y\u00eau c\u1ea7u \u0111\u0103ng nh\u1eadp \u0111\u1ed3ng th\u1eddi ngay c\u1ea3 trong nhi\u1ec1u m\u00f4i tr\u01b0\u1eddng SSO (k\u1ebft h\u1ee3p STAS, Radius SSO v\u00e0 Synchronized User ID)<\/li>\n\n\n\n<li>Ngo\u00e0i ra, h\u1ed7 tr\u1ee3 \u0111\u00e3 \u0111\u01b0\u1ee3c th\u00eam v\u00e0o cho tr\u1ea3i nghi\u1ec7m AD SSO minh b\u1ea1ch khi HSTS \u0111\u01b0\u1ee3c th\u1ef1c thi, cho ph\u00e9p b\u1eaft tay Kerberos v\u00e0 NTLM qua HTTP ho\u1eb7c HTTPS<\/li>\n<\/ul>\n\n\n\n<p><strong>Qu\u1ea3n l\u00fd tuy\u1ebfn \u0111\u01b0\u1eddng t\u0129nh v\u00e0 \u0111\u1ed9ng<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ng\u01b0\u1eddi d\u00f9ng c\u00f3 th\u1ec3 sao ch\u00e9p c\u00e1c tuy\u1ebfn t\u0129nh, b\u1eadt ho\u1eb7c t\u1eaft ch\u00fang v\u00e0 th\u00eam m\u00f4 t\u1ea3 th\u00f4ng qua t\u00f9y ch\u1ecdn Qu\u1ea3n l\u00fd m\u1edbi cho m\u1ed7i tuy\u1ebfn t\u0129nh trong b\u1ea3ng (xem \u1ea3nh ch\u1ee5p m\u00e0n h\u00ecnh b\u00ean d\u01b0\u1edbi)<\/li>\n\n\n\n<li>Hi\u1ec7n t\u1ea1i c\u00f3 t\u00f9y ch\u1ecdn tuy\u1ebfn \u0111\u01b0\u1eddng blackhole v\u00e0 h\u1ed7 tr\u1ee3 \u0111a \u0111\u01b0\u1eddng d\u1eabn chi ph\u00ed b\u1eb1ng nhau (ECMP) \u0111\u1ec3 c\u00e2n b\u1eb1ng t\u1ea3i<\/li>\n\n\n\n<li>\u0110\u1ecbnh tuy\u1ebfn \u0111\u1ed9ng c\u00f3 t\u00f9y ch\u1ecdn m\u1edbi \u0111\u1ec3 ph\u00e2n ph\u1ed1i l\u1ea1i c\u00e1c tuy\u1ebfn BGP v\u00e0o OSPFv3<\/li>\n\n\n\n<li>\u0110\u1ecbnh tuy\u1ebfn \u0111\u1ed9ng hi\u1ec7n kh\u00f4ng c\u00f3 t\u00e1c \u0111\u1ed9ng n\u00e0o trong c\u00e1c t\u00ecnh hu\u1ed1ng chuy\u1ec3n \u0111\u1ed5i d\u1ef1 ph\u00f2ng HA<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"513\" src=\"https:\/\/uploads.thegioifirewall.com\/2024\/10\/sophos-firewall-v21-cai-tien-vpn-va-dinh-tuyen-3-1024x513.png\" alt=\"\" class=\"wp-image-20612\" srcset=\"https:\/\/vacif.com\/en\/wp-content\/uploads\/sites\/3\/2024\/10\/sophos-firewall-v21-cai-tien-vpn-va-dinh-tuyen-3-1024x513.png 1024w, https:\/\/vacif.com\/en\/wp-content\/uploads\/sites\/3\/2024\/10\/sophos-firewall-v21-cai-tien-vpn-va-dinh-tuyen-3-600x300.png 600w, https:\/\/vacif.com\/en\/wp-content\/uploads\/sites\/3\/2024\/10\/sophos-firewall-v21-cai-tien-vpn-va-dinh-tuyen-3-300x150.png 300w, https:\/\/vacif.com\/en\/wp-content\/uploads\/sites\/3\/2024\/10\/sophos-firewall-v21-cai-tien-vpn-va-dinh-tuyen-3-768x385.png 768w, https:\/\/vacif.com\/en\/wp-content\/uploads\/sites\/3\/2024\/10\/sophos-firewall-v21-cai-tien-vpn-va-dinh-tuyen-3.png 1430w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>H\u00e3y xem video demo ng\u1eafn n\u00e0y \u0111\u1ec3 bi\u1ebft c\u00e1ch th\u1ee9c ho\u1ea1t \u0111\u1ed9ng v\u00e0 c\u00e1ch thi\u1ebft l\u1eadp<\/p>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/techvids.sophos.com\/watch\/nxdUCAMmcdWMWDmTksYa41\n<\/div><\/figure>\n\n\n\n<p>B\u1eaft \u0111\u1ea7u t\u1eadn d\u1ee5ng kh\u1ea3 n\u0103ng m\u1edbi tuy\u1ec7t v\u1eddi n\u00e0y trong Sophos Firewall v21 b\u1eb1ng c\u00e1ch tham gia ch\u01b0\u01a1ng tr\u00ecnh truy c\u1eadp s\u1edbm (<a href=\"https:\/\/events.sophos.com\/events\/9496899a-0e84-4fa3-9d8a-07f23841dc1c\">https:\/\/events.sophos.com\/events\/9496899a-0e84-4fa3-9d8a-07f23841dc1c<\/a>) . Ch\u1ec9 c\u1ea7n \u0111\u0103ng k\u00fd ch\u01b0\u01a1ng tr\u00ecnh, nh\u1ea5p v\u00e0o li\u00ean k\u1ebft trong email c\u1ee7a b\u1ea1n \u0111\u1ec3 t\u1ea3i xu\u1ed1ng g\u00f3i c\u1eadp nh\u1eadt ch\u01b0\u01a1ng tr\u00ecnh c\u01a1 s\u1edf v\u00e0 c\u00e0i \u0111\u1eb7t n\u00f3 tr\u00ean Sophos Firewall c\u1ee7a b\u1ea1n.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>C\u00e1ch t\u1eadn d\u1ee5ng t\u1ed1i \u0111a c\u00e1c t\u00ednh n\u0103ng m\u1edbi trong Sophos Firewall v21. \u0110\u01b0\u1ee3c vi\u1ebft b\u1edfi Chris McCormack Ng\u00e0y 23 th\u00e1ng 9 n\u0103m 2024 Sophos Firewall v21 mang \u0111\u1ebfn nh\u1eefng c\u1ea3i ti\u1ebfn m\u1edbi th\u00fa v\u1ecb cho ch\u1ee9c n\u0103ng VPN, x\u00e1c th\u1ef1c v\u00e0 \u0111\u1ecbnh tuy\u1ebfn. C\u1ea3i ti\u1ebfn VPN C\u1ea3i ti\u1ebfn VPN Site to Site C\u1ea3i ti\u1ebfn [&hellip;]<\/p>\n","protected":false},"author":8,"featured_media":20609,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","ocean_post_layout":"","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"","ocean_second_sidebar":"","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"","ocean_custom_header_template":"","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"","ocean_menu_typo_font_family":"","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"","ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"on","ocean_gallery_id":[],"footnotes":""},"categories":[80],"tags":[193,490],"class_list":["post-20607","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-huong-dan-tai-lieu","tag-sophos","tag-vpn","entry","has-media"],"_links":{"self":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/20607","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/comments?post=20607"}],"version-history":[{"count":1,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/20607\/revisions"}],"predecessor-version":[{"id":21148,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/20607\/revisions\/21148"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/media\/20609"}],"wp:attachment":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/media?parent=20607"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/categories?post=20607"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/tags?post=20607"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}