Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Firewall device

A firewall and virtual firewall technology, applied in the direction of network connection, etc., can solve the problems of loss of security policies, inability to filter and forward, and inability to publish security policies, and achieve the effect of increasing the number of users and suppressing the retrieval processing time.

Inactive Publication Date: 2006-03-15
NIPPON TELEGRAPH & TELEPHONE CORP
View PDF1 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0029] In addition, since multiple networks or terminals are connected to the NW-based firewall, in the above-mentioned NW-based firewall having a unit for loading security policies according to network or terminal connections, sometimes multiple security policies are loaded. In this case, the load processing of the CPU of the NW-based firewall becomes larger, and the processing for filtering and forwarding cannot be performed, which affects the performance of filtering and forwarding.
[0030] Also, even in a device that issues a security policy, if the amount of issuance exceeds the performance of the device, the security policy cannot be issued
[0031] In addition, even in the line used to issue security policies, when the amount of issuance exceeds the capacity of the line, loss or delay of security policies will occur

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Firewall device
  • Firewall device
  • Firewall device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1-1

[0112] First, Embodiment 1-1 of the present invention will be described using FIG. 8 and FIG. 9 . In this example, it is assumed that the connection method between the user and the network is PPP, and the authentication communication is RADIUS.

[0113] The firewall device 100 has a virtual firewall for each user. For example, in the firewall device 100 there are: a virtual firewall 102 that protects the terminal 111 of user #a using the security policy of user #a; a virtual firewall 103 that protects the terminal 112 of user #b using the security policy of user #b.

[0114] In addition, user names and virtual firewall IDs that can be set in advance are registered in the allocation management table 101 . That is, in the allocation management table 101, the correspondence relationship between the user name #a and the virtual firewall ID 102, and the user name #b and the virtual firewall ID 103 is registered. However, since the user IP address serving as the user ID of each us...

Embodiment 1-2

[0122] Embodiment 1-2 of the present invention will be described using FIG. 10 . This example shows the following situation: In Embodiment 1-1, due to reasons such as errors in the username or password sent from user #a, the combination of the username and password sent through the notification 141 of the username and password is the same as the login in The combination of the username and password in the RADIUS server 130 is inconsistent.

[0123] In addition, since the process of issuing the user name and password notification 141 from the LCP 139 is the same as that of the embodiment 1-1, description thereof will be omitted.

[0124] For the reason described above, when the authentication error notification 642 is issued from the RADIUS server 130, the firewall device 100 transmits the authentication error notification 643 to the user terminal 111, and ends the PPP establishment process. At this time, the firewall device 100 does not perform any processing on the allocatio...

Embodiment 1-3

[0126] A third embodiment of the present invention will be described using FIG. 8 , FIG. 11 and FIG. 12 . This example shows a method in which, in Embodiment 1-1, the terminal 114 of the user #c who has not logged in to the firewall service connects to the Internet 110, and then performs IP communication with the terminal 113 of the connection partner. In addition, the user #c who has not logged in the firewall service has not registered the user name and virtual firewall in the allocation management table 101-3, but can enjoy the communication service of the Internet 110 through the terminal 114, and log the user name and password in the RADIUS server 130 .

[0127] In FIG. 12 , operations up to notification 142 of the user IP address are the same as those in Embodiment 1-1, and description thereof will be omitted.

[0128] When the user IP address notification 142 is received, the firewall device 100 holds the user IP address [c.c.c.c] of the user terminal described in the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A firewall apparatus including plural virtual firewalls, each virtual firewall including a dependent firewall policy, is disclosed. The firewall apparatus includes: a distribution management table for managing a user name and a virtual firewall ID; a part configured to receive authentication information for network connection from a user terminal, and hold a user name included in the authentication information; a part configured to report the authentication information to the authentication server; and a part configured to receive an authentication response from the authentication server, and hold a user ID, included in the authentication response, to be provided to the user terminal. The firewall apparatus registers the user ID in the distribution management table associating the user ID with the user name.

Description

technical field [0001] This invention relates to a firewall device for protecting users connected to external networks such as the Internet. Background technique [0002] A firewall (also referred to as FW) is provided as one of means for enhancing the security of one's own terminal or one's own network. [0003] A firewall is installed between your own terminal or your own network and the external network that want to improve security, and implements the following filtering process: according to the preset security policy, judge the packet from the external network to your own terminal or network, or Whether the packet from the own terminal or the network to the external network can pass, if the packet is passable, the packet is passed, and if the packet is not passable, the packet is discarded. [0004] A security policy is a policy that combines address, protocol type, port number, direction, passability, or other conditions as a rule, and gathers a variety of such rules...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/66
Inventor 长田和彦冈大祐铃木亮一池川隆司市川弘幸石川忠司
Owner NIPPON TELEGRAPH & TELEPHONE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products