A firewall based on a multiprocessor architecture comprises a main processor for processing a management flow of the firewall and a coprocessor which is used for carrying out parallel processing on the service flow of the firewall, and the main processor and the coprocessor are independent of each other and communicate with each other through a communication interface. The firewall provided by theinvention adopts a double-processor architecture, the two processors are independent of each other and are in limited communication through the communication interface, and when the main processor isattacked by a network or the main processor cannot work normally, the service processing unit of the coprocessor can still process the service flow normally. Compared with other industrial control firewalls, the firewall disclosed by the invention has the advantages that the reduced processing time reaches several orders of magnitudes, and the 100% throughput is achieved under the conditions of gigabit rate linear speed and 64-byte Ethernet message through the modules such as message deep analysis, basic strategy matching, industrial control protocol function code matching, industrial controlprotocol parameter matching, alarm information uploading and the like.