Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A kind of SDP terminal traffic agent method, device, equipment and storage medium

A terminal and traffic technology, applied in the computer field, can solve problems such as knocking on the door amplification and the inability to manage and control the four-layer traffic, and achieve the effect of improving network security.

Active Publication Date: 2022-03-25
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] In view of this, the purpose of the present invention is to provide a SDP terminal traffic proxy method, device, equipment and medium, which can realize the authentication control of the four-layer traffic of the terminal, and solve the knock-on amplification and four-way traffic of the traditional zero-trust SDP. The problem that layer traffic cannot be controlled

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A kind of SDP terminal traffic agent method, device, equipment and storage medium
  • A kind of SDP terminal traffic agent method, device, equipment and storage medium
  • A kind of SDP terminal traffic agent method, device, equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is only some embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0039]In the existing technology, SDP gradually releases the access policy from the client IP to the TCP port of the application gateway by knocking on the door. However, in reality, the egress IP of the traffic of multiple terminals may be the same, which will cause the problem of port policy amplification. , and authentication control canno...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present application discloses an SDP terminal traffic proxy method, device, equipment and storage medium. The method includes: sending a knock request to the SDP controller through the SDP terminal agent, and receiving the knock result obtained after the SDP controller accesses the target gateway according to the knock request, and then configuring the terminal according to the knock result Routing table: Obtain the user's application access request for the target application through the physical network card, and send the application access request to the HTTP tunnel client according to the routing table, so as to modify the corresponding application access request through the HTTP tunnel client data packet, so that the modified data packet contains the device identification information corresponding to the local terminal; the modified data packet is sent to the HTTP tunnel server end of the target gateway through the HTTP tunnel client, so that the target gateway Perform permission control on the user according to the device identification information in the modified data packet. It can realize the authentication and control of the four-layer traffic.

Description

technical field [0001] The present invention relates to the field of computer technology, in particular to an SDP terminal traffic proxy method, device, equipment and storage medium. Background technique [0002] At present, SDP (Software Defined Perimeter, software-defined boundary) is one of the important technical directions of zero trust. Its main purpose is to reduce the exposure of application gateway ports. The main logic is to gradually release the client IP to the application gateway by knocking on the door. The access policy of the TCP (Transmission Control Protocol, Transmission Control Protocol) port (generally controlled by iptables), but in reality, the egress IP of the traffic of multiple terminals may be the same, which will cause the problem of port policy amplification. Moreover, for the zero-trust application gateway, it can only obtain the IP address of the last network node through which the traffic passes. For multiple terminals using the same egress IP...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L67/02H04L67/56H04L9/40
CPCH04L67/02H04L63/08H04L67/56
Inventor 刘威范渊刘博
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products