Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for firewall policy control

A firewall policy and firewall technology, applied in the field of data communication, can solve the problems that the firewall finds the security domain, cannot carry out policy control and deep security processing, etc.

Active Publication Date: 2016-03-02
NEW H3C SECURITY TECH CO LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Because in this application scenario, each virtual device shares a physical Ethernet port, when the policy control diverts traffic to the firewall, the firewall cannot find the corresponding security domain based on the port, so policy control and in-depth security processing cannot be performed.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for firewall policy control
  • Method and device for firewall policy control
  • Method and device for firewall policy control

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0018] In order to achieve the purpose of the present invention, the core idea adopted by the present invention is: firstly receive the configuration of the user, and generate a virtual interface on the firewall, which is only used to mark the incoming interface and outgoing interface of the message, but does not participate in the actual message Forward the text and add the virtual interface to the security zone. Further, the virtual interface includes an IP-based address group or a MAC address group. The address group is used to determine the source and destination addresses of the message. When the source address of the message is within the address group range, the incoming interface is changed to the virtual interface, and the destination address of the message is an address within the address group range. , change the packet outbound interface to a virtual interface, and find the corresponding security domain through the virtual interface, so as to realize the firewall p...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

When communication from a first virtual device to a second virtual device is received, it is determined a first virtual interface associated with the first virtual device and a second virtual interface associated with the second virtual device. It is then determined a first security domain associated with the first virtual interface and a second security domain associated with the second virtual interface to implement a security policy between the first security domain and second security domain. The communication between the virtual devices is allowed or blocked.

Description

technical field [0001] The invention relates to the technical field of data communication, in particular to a method and a device for implementing firewall policy control between data center virtual devices. Background technique [0002] In a cloud computing data center, a physical server is usually virtualized into several virtual devices. Each virtual device is assigned to different users to provide different services, and users sometimes need to implement access and control between different virtual devices on the same physical server. However, since each virtual device shares a physical Ethernet port, and the policy control of the firewall is based on the security domain (the security domain is essentially a collection of ports), therefore, the access and control between different virtual devices are diverted to the firewall. The firewall cannot find the corresponding domain based on the physical port, so policy control and in-depth security processing cannot be perform...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/02G06F9/45558G06F2009/45587G06F2009/45595H04L63/20
Inventor 王其勇
Owner NEW H3C SECURITY TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com