Method and system for distributed firewall security policy configuration based on overlay network

A distributed firewall and security policy technology, applied in the field of network security, can solve problems such as the inability to implement firewall policy configuration in the global network, the lack of network device bearer status awareness, and the inability to generate security policies, etc.
CN103457920AInactive Publication Date: 2013-12-18INST OF ACOUSTICS CHINESE ACAD OF SCI +1
5 Cites 18 Cited by

Patent Information

Authority / Receiving Office
CN Β· China
Current Assignee / Owner
INST OF ACOUSTICS CHINESE ACAD OF SCI
Publication Date
2013-12-18
Estimated Expiration
Not applicable Β· inactive patent

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention provides a method and system for distributed firewall security policy configuration based on an overlay network. The method for distributed firewall security policy configuration based on the overlay network comprises the following steps that firstly, an intelligent node deployed in a certain region collects first reference information reflecting service flow information carried by the network in the region corresponding to the intelligent node, and security policies are generated according to the first reference information; secondly, the intelligent node in the first step simultaneously distributes the security policies generated by the intelligent node to a firewall in the region corresponding to the intelligent node and intelligent nodes in other regions; thirdly, the security policies received by the intelligent nodes in other regions from other nodes are used as second reference information by the intelligent nodes in other regions, security polices corresponding to the intelligent nodes in other regions are adjusted dynamically, the security polices generated by the intelligent nodes in other regions are distributed to the firewalls in the regions, and therefore security policy configuration between the regions is completed. The intelligent node in the first step generates the security policies according to the first reference information and firewall performance state information.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The present invention relates to the technical field of network security, more specifically to an overlay network-based distributed firewall security policy configuration method and system. Background technique

[0002] Firewall (Firewall) is a device composed of software and hardware devices, which can construct a protective barrier between internal network and external network, between private network and public network. The firewall device can allow or restrict the passage of transmitted data according to the set rules. Firewalls are still an indispensable means of ensuring network security. In the case of a small network, traditional border firewalls are very effective. However, with the explosive growth of network scale, the defects of traditional firewall technology began to be revealed. Problems such as network single-point bottlenecks, limited new service support capabilities, and single security management model make traditional border fire...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More