Method and device for realizing virtual firewall

A technology of virtual firewall and configuration parameters, applied in the field of network security

Active Publication Date: 2016-05-11
ZTE CORP
View PDF5 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The present invention provides a method and device for implementing a virtual firewall, the main purpose of which is to solve the technical problem of how to implement multiple virtual firewall instances on a single hardware platform

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for realizing virtual firewall
  • Method and device for realizing virtual firewall
  • Method and device for realizing virtual firewall

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0061] It should be understood that the specific embodiments described herein are only used to explain the present invention, but not to limit the present invention.

[0062] The present invention provides a method for realizing a virtual firewall.

[0063] refer to figure 1 , figure 1 It is a schematic flowchart of the first embodiment of the method for implementing a virtual firewall according to the present invention.

[0064] In the first embodiment, the method for implementing a virtual firewall includes:

[0065] Step 101, obtaining the identifier of the virtual firewall instance according to the first information of the received data traffic;

[0066] Wherein, the first information includes at least quintuple, virtual local area network (Virtual Local Area Network, VLAN) information or Internet Protocol (Internet Protocol, IP) information in the packet of the data traffic.

[0067] Preferably, the obtaining the identifier of the virtual firewall instance according t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for realizing a virtual firewall. The method includes the following steps that: the identifier of a virtual firewall instance is obtained according to the first information of received data flow; the configuration parameters of the virtual firewall are searched according to the identifier of the virtual firewall instance, and an ACL rule group is searched according to the message information of the data flow; and session table entries are generated according to the data flow, the configuration parameters of the virtual firewall and the ACL rule group, relevant security service parameters of sessions in the data flow are saved in the session table entries. The invention also discloses a device for realizing a virtual firewall. With the method and device for realizing the virtual firewall of the invention adopted, a physical firewall can be divided into a plurality of logical firewalls for use, and each logical firewall can independently apply for resources; and at the same time, the disadvantages of traditional firewall deployment can be eliminated, and independent security service strategies can be provided for different users under the premise that maintenance and management cost can be greatly reduced.

Description

technical field [0001] The invention relates to the field of network security, in particular to a method and device for implementing a virtual firewall. Background technique [0002] In the traditional solution, when the system needs multiple sets of firewalls for protection, multiple firewalls are generally deployed for protection. The traditional method is to deploy a firewall in front of the CE device, and manage and configure it separately. For example, in an MPLSVPN network, security protection is required between VPNs. The traditional solution has obvious shortcomings: [0003] Enterprises need to deploy and manage multiple independent firewalls, resulting in higher ownership and maintenance costs, and greater complexity in network management; multiple independent firewalls placed centrally will occupy more rack space and bring additional overhead to integrated cabling. Complexity: Due to the development of services, new changes may occur in the division of MPLSVPN or...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L9/40
Inventor 王煜
Owner ZTE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap