Unlock instant, AI-driven research and patent intelligence for your innovation.

A data message and a method for safe mutual access of data flow on a firewall

A data packet and firewall technology, applied in the field of data flow security mutual access, can solve problems such as firewall waste of equipment system resources, impact on equipment performance, degradation, etc., to achieve flexible access, make up for resource waste, and improve flexibility

Active Publication Date: 2021-04-06
XIAN UNIV OF TECH
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The purpose of the present invention is also to provide a data flow security mutual access method for data messages on the firewall, which solves the problem of wasting equipment system resources caused by traditional firewall division methods and a large number of applications of security forwarding strategies, which affects equipment performance degradation The problem

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A data message and a method for safe mutual access of data flow on a firewall
  • A data message and a method for safe mutual access of data flow on a firewall

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0016] The present invention will be described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0017] The structure of the data message provided by the present invention is as figure 1 with figure 2 As shown, it includes the Mac header segment, IP header segment, new protocol header segment, TCP / UDP header segment, data payload segment, and FCS segment. The new protocol header segment includes the version number field, priority field, and authentication type field and the hash value field. In this embodiment, the data length of the Mac header segment is 14B, the data length of the IP header segment is 20B, and the corresponding data length of the TCP / UDP header segment is corresponding to 20 / 8B, the data load segment, and the data length of the FCS segment The data length of the header section of the new protocol is 4B, and the data length of the version number field, priority field, verification type field, and hash value field are...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A kind of data message of the present invention comprises Mac head section, IP header section, new protocol header section, TCP / UDP header section, data payload section and FCS section, and new protocol header section includes version number field and priority field. The data flow security mutual access method of the data message on the firewall comprises: establishing the data message format, and updating the forwarding protocol; the firewall decapsulates the data message, if the source IP address and the target IP address are both private Network, match the target address and interface address correspondence table with the interface policy table to confirm whether forwarding is allowed; if the source IP address and target IP address are private network addresses and public network addresses respectively, if forwarding is allowed, NAT processing is performed first, and then send. The scheme of the present invention is simple to implement and clear in principle, can more effectively solve the problem of safe access of data streams in different networks, and improves the flexibility of data mutual access configuration between different networks.

Description

technical field [0001] The invention belongs to the technical field of data communication and network security, specifically relates to a data message, and also relates to a data flow security mutual access method on a firewall based on the data message Background technique [0002] At present, the traditional firewall adopts the method of area division to distinguish the security level of the network. Although the area division of the traditional firewall reasonably divides different interfaces into different security levels, so as to realize the legal access of data packets under the permission of the security policy, but if To achieve access from different security areas, you must configure the inter-zone default packet filtering policy or the inter-zone security forwarding policy. Although the configuration of the inter-zone default packet filtering policy is simple and rarely wastes system resources, its policy conditions are extremely broad. In other words, it is very ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/02H04L63/0236H04L63/123
Inventor 吴鹏飞李腾张启东贾璐瑶
Owner XIAN UNIV OF TECH