Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Firewall policy query, elastic scaling method and system, device, storage medium

A firewall policy and query method technology, applied in the field of network security, can solve the problems of low elastic scaling efficiency, inaccurate policy query results, low firewall policy elastic scaling efficiency, etc., and achieve the effect of improving adjustment efficiency.

Active Publication Date: 2022-03-15
CITIC AIBANK CORPORATION LIMITED
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] 1. Low efficiency of policy query: If only one IP address is provided, when you need to query all firewall policies related to this IP, you usually need to traverse all the policies of all firewalls. Each firewall has at least hundreds of policies, and you need to judge the relevance , the strategy query efficiency is low
[0006] 2. The policy query result is inaccurate, and there are a large number of non-strongly related policies: when judging whether an IP matches a policy, it generally only judges whether the above IP is within the source IP address range or destination IP address range of this policy , this will often match more default policies between regions or address segments, resulting in more query results. There are a large number of policies that the queryer does not care about, and the query results are of little significance
[0007] 3. The efficiency of firewall policy elastic scaling is low: when the application corresponding to an IP address needs to be expanded, then the firewall policy related to this IP address also needs to be elastically expanded, and the IP address of the newly expanded node is added. This process includes querying the strong correlation of the original IP address Firewall policy, and modify the firewall policy based on the query results. The manual method is undoubtedly very inefficient, and the existing automatic methods are limited by the accuracy of the policy query results.
Therefore, the current firewall policy elastic scaling efficiency is low

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Firewall policy query, elastic scaling method and system, device, storage medium
  • Firewall policy query, elastic scaling method and system, device, storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0045] The present invention will be described in detail below with reference to the accompanying drawings and specific embodiments. The embodiments cannot be repeated here, but the embodiments of the present invention are not limited to the following embodiments.

[0046] figure 1 It is a block diagram of steps used in the firewall policy query method of the present invention. like figure 1 As shown, a firewall policy query method of the present invention includes:

[0047] S1. Obtain firewall policy configuration information, parse the firewall configuration information into standardized format data, and build a firewall policy information base;

[0048] S2. According to the query information, automatically determine the security zone to which the source IP address and the destination IP address in the firewall configuration information belong, and automatically determine the source IP address and the destination IP address traffic path through the firewall device;

[004...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention relates to a firewall policy query, elastic scaling method, system, equipment, storage medium, and firewall policy query method, including: S1. Acquiring firewall policy configuration information, parsing the firewall configuration information into standardized format data, and constructing a firewall policy Information base; S2. According to the query information, automatically determine the source IP address in the firewall configuration information, the security zone to which the destination IP address belongs, and automatically judge the source IP address and the destination IP address flow path firewall device; S3 . Automatically calculating the policy correlation between the query information and the firewall policy; and feeding back the query result according to the policy correlation.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a firewall policy query and elastic scaling method and system, equipment and storage medium. Background technique [0002] Firewall is a technical measure to protect computer network security. It isolates internal and external networks by establishing a corresponding network communication monitoring system on the network boundary to block network intrusions from the outside. Firewall policies refer to regulations, rules, requirements, or filtering terms that the firewall refers to. Policy information generally includes information such as source IP addresses, destination IP addresses, protocols, and destination ports. The firewall needs to release or block the data flow through the firewall according to the firewall policy. Therefore, the firewall plays an important role in the access control and security isolation between areas. [0003] With the growth of network scal...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40H04L67/06
CPCH04L63/02H04L63/0236H04L63/20H04L63/10H04L67/06
Inventor 林路
Owner CITIC AIBANK CORPORATION LIMITED
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com