Firewall policy query, elastic scaling method and system, device, storage medium

Abstract

The present invention relates to a firewall policy query, elastic scaling method, system, equipment, storage medium, and firewall policy query method, including: S1. Acquiring firewall policy configuration information, parsing the firewall configuration information into standardized format data, and constructing a firewall policy Information base; S2. According to the query information, automatically determine the source IP address in the firewall configuration information, the security zone to which the destination IP address belongs, and automatically judge the source IP address and the destination IP address flow path firewall device; S3 . Automatically calculating the policy correlation between the query information and the firewall policy; and feeding back the query result according to the policy correlation.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a firewall policy query and elastic scaling method and system, equipment and storage medium. Background technique [0002] Firewall is a technical measure to protect computer network security. It isolates internal and external networks by establishing a corresponding network communication monitoring system on the network boundary to block network intrusions from the outside. Firewall policies refer to regulations, rules, requirements, or filtering terms that the firewall refers to. Policy information generally includes information such as source IP addresses, destination IP addresses, protocols, and destination ports. The firewall needs to release or block the data flow through the firewall according to the firewall policy. Therefore, the firewall plays an important role in the access control and security isolation between areas. [0003] With the growth of network scal...

AI Technical Summary

Problems solved by technology

[0005] 1. Low efficiency of policy query: If only one IP address is provided, when you need to query all firewall policies related to this IP, you usually need to traverse all the policies of all firewalls. Each firewall has at least hundreds of policies, and you need to judge the relevance , the strategy query efficiency is low

[0006] 2. The policy query result is inaccurate, and there are a large number of non-strongly related policies: when judging whether an IP matches a policy, it generally only judges whether the above IP is within the source IP address range or destination IP address range of this policy , this will often match more default policies between regions or address segments, resulting in more query results. There are a large number of policies that the queryer does not care about, and the query results are of little significance

[0007] 3. The efficiency of firewall policy elastic scaling is low: when the application corresponding to an IP address needs to be expanded, then the firewall policy related to this IP address also needs to be elastically expanded, and the IP address of the newly expanded node is added. This process includes querying the strong correlation of the original IP address Firewall policy, and modify the firewall policy based on the query results. The manual method is undoubtedly very inefficient, and the existing automatic methods are limited by the accuracy of the policy query results.

Therefore, the current firewall policy elastic scaling efficiency is low

Images