Firewall security policy configuration method and management unit

A technology of security policy and management device, applied in the field of network security, which can solve the problems of ineffective utilization, error-prone, troublesome, etc.

Active Publication Date: 2009-11-18
CHENGDU HUAWEI TECH
View PDF0 Cites 32 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In the process of realizing the present invention, the inventor found that the prior art has at least the following problems: when the user configures the security policy of a single firewall, the user will need to configure and issue each firewall. When the number of manageme

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Firewall security policy configuration method and management unit
  • Firewall security policy configuration method and management unit
  • Firewall security policy configuration method and management unit

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0028] figure 1 It is a schematic flowchart of a firewall security policy configuration method according to an embodiment of the present invention, and the method includes:

[0029] Step S101: Obtain attack defense configuration information including maximum packet rate, packet size or switch parameters sent from the source firewall;

[0030] Step S102: Obtain the first filtering rule information including IP address, port number, network protocol and action attribute sent from the source firewall;

[0031] Step S103: Generate a policy packet containing security policy configuration information according to the attack defense configuration information and the first filtering rule information;

[0032] Step S104: Send the security policy configuration information to the associated firewall according to the associated firewall information corresponding to the security policy configuration information in the policy package.

[0033] The method further includes: sending security...

Embodiment 2

[0075] Figure 13 It is a schematic structural diagram of a management device according to an embodiment of the present invention. Such as Figure 13 As shown, the management device includes: a configuration information acquisition unit 1301, a rule information acquisition unit 1302, a policy package generation unit 1303 and an information sending unit 1304, wherein:

[0076] The configuration information obtaining unit 1301 is used to obtain the attack defense configuration information that includes the maximum packet rate, packet size or switch parameters sent from the source firewall; The firewall sends a command requesting attack defense configuration information, and receives the attack defense configuration information including the maximum packet rate, packet size or switch parameters returned by the source firewall through the communication protocol after receiving the command. The configuration information obtaining unit 1301 may also obtain information from the sou...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a firewall security policy configuration method and a management unit. The method comprises the following steps of: obtaining attack prevention configuration information which includes maximum message rate, message size or an on-and-off parameter and is sent from the firewall; obtaining first filter rule information which includes an IP address, a port number, a network protocol and action attribute and is sent from the firewall; generating a policy package including security policy configuration information according to the attack prevention configuration information and the first filter rule information; and sending the security policy configuration information to the association firewall according to association firewall information corresponding to the security policy configuration information in the policy package. In the embodiment of the invention, the security policy of a single firewall is reversely reduced to the policy package, thus providing convenience for a user to conduct security policy configuration on the firewall.

Description

technical field [0001] The invention relates to network security technology, in particular to a firewall security policy configuration method and management device. Background technique [0002] The modern firewall system is not only an "entrance barrier", but also an access control point for several networks. All data flows passing through the network protected by the firewall should first pass through the firewall, making the firewall a gateway for information to enter, so the firewall can Protect the security of the entire internal network on the Internet. In each network separated by a firewall, all computers are considered "trusted", and the communication between them can not be interfered by the firewall. Between the various networks separated by the firewall, mutual access must be carried out in accordance with the "security policy" stipulated by the firewall. Therefore, it is necessary to configure the security policy of the firewall to realize the protection of th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/08H04L12/24
Inventor 赵伟
Owner CHENGDU HUAWEI TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap