CN101212453A - Network access control method and firewall device - Google Patents
Network access control method and firewall device Download PDFInfo
- Publication number
- CN101212453A CN101212453A CNA2006101563343A CN200610156334A CN101212453A CN 101212453 A CN101212453 A CN 101212453A CN A2006101563343 A CNA2006101563343 A CN A2006101563343A CN 200610156334 A CN200610156334 A CN 200610156334A CN 101212453 A CN101212453 A CN 101212453A
- Authority
- CN
- China
- Prior art keywords
- network
- firewall
- virtual
- network packet
- firewall device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 19
- 238000001514 detection method Methods 0.000 claims abstract description 8
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000002265 prevention Effects 0.000 description 1
- 238000000275 quality assurance Methods 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a method for realizing network access control and a firewall device thereof. The firewall device is arranged between a first network and a second network and the device comprises a plurality of virtual firewalls divided in logic. Each virtual firewall is provided with a safety strategy. The control method comprises the following steps: the first network send a network packet which accesses the second network; the firewall device, according to the contained information in the network packet, respectively sends the network packet to the corresponding virtual firewalls; the virtual firewall carries out a safety detection to the network packet; if the network conforms to the safety strategy of the virtual firewall, the network packet is allowed to pass through the firewall device; if the network fails to conform to the safety strategy of the virtual firewall, the network packet is prohibited from passing through the firewall device. As the network flow enters the firewall device, the network is divided and then is sent to the corresponding virtual firewall. Therefore, only the safety strategy in the corresponding virtual firewall is needed to look for, thus increasing working efficiency.
Description
Technical field
The present invention relates to a kind of network control method and device thereof, particularly relate to a kind of method and firewall device thereof of realizing access to netwoks control.
Background technology
Fire compartment wall is as network security device, is arranged on usually between the network to guarantee Network Communicate Security, and for example, fire compartment wall is set at wide area network and needs between the local area network (LAN) of high safety performance.Fire compartment wall is according to its predefined security strategy, determines to mail to the network packet (network packet) of wide area network or whether allow to pass through fire compartment wall from the network packet that wide area network mails to local area network (LAN) from local area network (LAN).Fire compartment wall is carried out filter to network packet, if network packet meets the security strategy of firewall configuration, network packet is allowed to by fire compartment wall, if the security strategy of not meeting, network packet then is dropped, and does not allow to pass through fire compartment wall.Above-mentioned predefined security strategy can be internal security strategy or external security strategy, wherein internally security strategy is the visit of local area network (LAN) being sent at wide area network and the strategy of carrying out, and externally security strategy then is the visit of wide area network being sent at local area network (LAN) and the strategy of carrying out.
Not only expansion along with scope of the enterprise, become becomes increasingly complex the internal network of enterprise (that is, local area network (LAN)), for the fire compartment wall that is in enterprise's outlet, because the different user (as different departments) in the local area network (LAN) needs different security strategies, cause the security strategy of fire compartment wall more and more.Therefore, when wide-area network access local area network (LAN) or local area network (LAN) visit wide area network, the security strategy that fire compartment wall need be inquired about is also many more, and search efficiency is low, therefore, passes through the corresponding minimizing of network packet of fire compartment wall in the unit interval, inefficiency.In addition, when network broke down, increasing security strategy made management difficulty become increasing in the fire compartment wall, and the expense of operation also increases gradually.Be head it off, it is a better solution that all departments of enterprise are independently managed, need each department that an independently fire compartment wall is set respectively but manage independently, this will need to buy more firewall box, cause the significantly increase of entreprise cost.
Summary of the invention
The technical problem to be solved in the present invention is to provide a kind of method and firewall device thereof of realizing access to netwoks control, in order to improve the efficient of visiting between the network and to simplify network management.
For solving the problems of the technologies described above, the invention provides a kind of method that realizes access to netwoks control, first network in its Control Network system and the visit between second network, this network system comprises the firewall device between first network and second network, firewall device comprises a plurality of virtual firewalls from dividing in logic, and each virtual firewall all disposes the cover security strategy of oneself.This method comprises the steps: 1) first network send one the visit the second network of network bag; 2) information that comprises according to described network packet of firewall device is delivered to the corresponding virtual fire compartment wall with described network packet branch; 3) virtual firewall carries out safety detection to described network packet; 4) judge whether described network packet meets the security strategy of virtual firewall; 5) if described network packet meets the security strategy of virtual firewall, allow described network packet to pass through firewall device; And 6), forbid that described network packet passes through firewall device if described network packet does not meet the security strategy of virtual firewall.
The present invention also provides a kind of firewall device of realizing method for network access control, and it controls the visit between first network and second network.This firewall device comprises a plurality of virtual firewalls from being provided with in logic, and each virtual firewall all disposes the cover security strategy of oneself.The information that the network packet that firewall device sends according to first network comprises, the virtual firewall that this network packet is distributed to correspondingly carries out safety detection, if this network packet meets the security strategy of virtual firewall, allow this network packet to pass through firewall device, if this network packet does not meet the security strategy of virtual firewall, forbid that this network packet passes through firewall device.
Compared with prior art, the present invention logically is provided with a plurality of virtual firewalls in a firewall device, each virtual firewall disposes the cover security strategy of oneself, and make network traffics one enter firewall device, just be distributed to the corresponding virtual fire compartment wall, only need search the security strategy in the respective virtual fire compartment wall, therefore improve operating efficiency, also reduce the complexity of configuration simultaneously and alleviated managerial degree of difficulty.
Below in conjunction with the drawings and specific embodiments technical scheme of the present invention is described in detail, so that characteristic of the present invention and advantage are more obvious.
Description of drawings
Fig. 1 comprises the block diagram of firewall device of the present invention with the network system of realization access to netwoks controlled function.
Fig. 2 is the flow chart that communicates between two networks in network environment shown in Figure 1.
Embodiment
Fig. 1 comprises the block diagram of firewall device of the present invention with the network system of realization access to netwoks controlled function.This network system comprises the firewall device 120 that is arranged between local area network (LAN) 100 and the wide area network 110.Firewall device 120 can be an equipment or be integrated with the equipment such as router, gateway of firewall functionality independently.According to the needs that security strategy is provided with, the user who has identical security strategy in the local area network (LAN) 100 can be divided in together, forms user's group.In one embodiment of the invention, local area network (LAN) 100 is that the network of enterprises and user wherein are divided into N user and organize 1001,1002,1003 ... 100n.Firewall device 120 provides a plurality of virtual firewalls from dividing in logic, realizes a plurality of network securitys territory (securitydomain).The quantity of virtual firewall can be according to the demand of users in the local area network (LAN) 100 and the logic setting.In one embodiment of the invention, comprise N virtual firewall 1201,1202,1203 ... 120n, each virtual firewall dispose the cover security strategy of oneself and manage corresponding user and organize 1001,1002,1003 ... 100n.
In one embodiment of the invention, it can be all kinds of servers of enterprise that first user during N user organizes in the local area network (LAN) 100 organizes 1001, as mail server and Web server etc., it can be Finance Department and market department that second user organizes 1002, and it can be research and development department and quality assurance department that the 3rd user organizes 1003.Each virtual firewall has a cover security strategy that oneself defines, comprise external security strategy and internal security strategy, manage corresponding user's group, for example, first virtual firewall, 1201 management first users organize 1001, the second virtual firewalls, 1202 management second users and organize 1002.
User in the local area network (LAN) 100 is divided into N user's group according to different security strategies, and the network traffics in the local area network (LAN) 100 are sorted out according to the characteristics of oneself, and every class flow is all managed by a virtual firewall.Manage class network traffics for realizing each virtual firewall, it is the visit of same user's group, the user can be classified according to the IP address, by firewall device 120 is carried out logic configuration, make one section IP address user of each virtual firewall management, organize 1001 as first virtual firewall, 1,201 first users of management in one section IP address.As an alternative embodiment of the invention, the user can be classified according to network interface, make the network traffics on each virtual firewall management consolidated network interface.Firewall device 120 provides a plurality of network interfaces, and each network interface connects class user group.A plurality of users in user's group are connected to a switch, switch are connected to the network interface of firewall device 120 again.When having only a computer in user's group, can directly its netting twine be inserted the network interface of firewall device 120, and need not to adopt switch.In actual applications, can select to adopt network interface or IP address to distinguish network traffics (that is user's visit) in the local area network (LAN) 100 as the case may be.In general, the network interface configuration mode relatively is suitable for the fixing user of physical address, for example organizes 1001 by first user that server is formed.IP address configuration mode has greater flexibility, be more suitable in the strong user of mobility, for example, second user who is made up of Finance Department and market department organizes 1002, because the personnel in these departments need frequent mobile office, if adopt the network interface mode to dispose, because of having left original network interface, the user must redefine, increased complexity, and adopt the IP address to dispose, no matter how the user moves, only otherwise change this user's IP address, then still manage by same virtual firewall.
When wide area network 110 needs visit local area network (LAN) 100, for example visit first user and organize user in 1001, wide area network 110 sends a network packet of wanting to visit local area network (LAN) 100, the destination address of the local area network (LAN) 100 that firewall device 120 comprises according to this network packet, find and this destination address corresponding virtual fire compartment wall, organize 1001 first virtual firewall 1201 as corresponding first user, so this network packet is delivered to first virtual firewall 1201 by branch.Then, security strategy according to 1201 configurations of first virtual firewall, this network packet is carried out safety detection, if meet all security strategies of first virtual firewall 1201, then network packet is allowed to by firewall device 120, realizes communicating by letter of wide area network 110 and local area network (LAN) 100, as long as this network packet does not meet wherein security strategy, then this network packet is dropped, and does not allow by firewall device 120, thereby forbids local area network (LAN) 100 is conducted interviews.Other users in the local area network (LAN) 100 organize and generally do not allow wide area network 110 to conduct interviews, receive the network packet of sending from wide area network 110 when firewall device 120, destination address according to this network packet is judged, as long as destination address is not that first user organizes the user in 1001, just directly this network packet is discarded, thus the visit of 110 pairs of local area network (LAN)s 100 of prevention wide area network.
In sum, the present invention logically is divided into different security domains to the different user in the same local area network (LAN) 100 according to practical application request, and promptly the user organizes, and each security domain all comprises one group of user that identical security strategy demand is arranged.Accordingly, firewall device 120 provides a plurality of virtual firewalls from dividing in logic, and each virtual firewall disposes IP address and the security strategy in the class security domain that needs its management.That is to say that the network traffics in the local area network (LAN) are sorted out according to the characteristics of oneself, and every class flow is all managed by a virtual firewall.When local area network (LAN) 100 sends network packet, based on the source address or the network interface of this network packet, select corresponding virtual firewall, carry out the external security strategy of this virtual firewall.When wide area network 110 sends network packet, based on the destination address of this network packet, select corresponding virtual firewall, carry out the internal security strategy of this virtual firewall.Therefore, the present invention adopts virtual firewall to make network traffics one enter firewall device 120, just be distributed to the corresponding virtual fire compartment wall, only need search the security strategy in the respective virtual fire compartment wall, improved operating efficiency, also reduced the complexity of configuration simultaneously and alleviated managerial degree of difficulty.
For convenient management, can set a keeper for each virtual firewall, and,, alleviate the workload of network management with to the separately management separately of each virtual firewall for it is provided with different passwords.Certainly, also can be by a virtual firewall that keeper's unified management is all.No matter be management or unified management separately, because each virtual firewall only disposes the security strategy of class network traffics of its management, thereby, when network breaks down, only need search the security strategy in the respective virtual fire compartment wall, reduce the complexity of management.In addition, according to the increase or the minimizing of security domain, quantity and security strategy that can the corresponding configuration virtual firewall provide the modifiability of network.In addition, the cost that logic is provided with a plurality of virtual firewalls in firewall device can be much lower than the cost of buying a plurality of firewall boxs and each firewall box is safeguarded, thereby saved the spending of enterprise.
It should be noted last that: above embodiment is only unrestricted in order to explanation the present invention, although the present invention is had been described in detail with reference to preferred embodiment, those of ordinary skill in the art is to be understood that, can make amendment or be equal to replacement the present invention, and not breaking away from the spirit and scope of the present invention, it all should be encompassed in the middle of the claim scope of the present invention.
Claims (9)
1. method that realizes access to netwoks control, first network in its Control Network system and the visit between second network, this network system comprises the firewall device between first network and second network, firewall device comprises a plurality of virtual firewalls from dividing in logic, each virtual firewall all disposes the cover security strategy of oneself, this method comprises: 1) first network sends visit second a network of network bag, it is characterized in that described method is further comprising the steps of:
2) information that comprises according to described network packet of firewall device is delivered to corresponding virtual fire compartment wall with it with described network packet branch;
3) described virtual firewall carries out safety detection to described network packet;
4) judge whether network packet meets the security strategy of virtual firewall;
5), allow network packet to pass through firewall device if network packet meets the security strategy of virtual firewall; And
6), forbid that network packet passes through firewall device if network packet does not meet the security strategy of virtual firewall.
2. the method for realization access to netwoks control according to claim 1 is characterized in that described first network is a local area network (LAN), and described second network is a wide area network.
3. the method for realization access to netwoks control according to claim 2 is characterized in that the information that described network packet comprises is the source address of corresponding local area network (LAN) or the network interface that receives the firewall device of this network packet.
4. according to the method for claim 2 or 3 described realization accesss to netwoks control, it is characterized in that, described local area network (LAN) comprises a plurality of security domains, each security domain all comprises one group of user that identical security strategy demand is arranged, and the network packet that each security domain sends is delivered to a corresponding virtual fire compartment wall by branch and carried out safety detection.
5. the method for realization access to netwoks control according to claim 1 is characterized in that described first network is a wide area network, and described second network is a local area network (LAN).
6. the method for realization access to netwoks control according to claim 5 is characterized in that the information that described network packet comprises is the destination address of corresponding local area network (LAN).
7. firewall device of realizing the described method for network access control of claim 1, it controls the visit between first network and second network, it is characterized in that, this firewall device comprises a plurality of virtual firewalls from being provided with in logic, each virtual firewall all disposes the cover security strategy of oneself, the information that the network packet that firewall device sends according to first network comprises, the virtual firewall that this network packet is distributed to correspondingly carries out safety detection, if this network packet meets the security strategy of described virtual firewall, allow this network packet to pass through firewall device, if this network packet does not meet the security strategy of described virtual firewall, forbid that this network packet passes through firewall device.
8. firewall device according to claim 7, it is characterized in that, described first network is a local area network (LAN), described second network is a wide area network, described local area network (LAN) comprises a plurality of security domains, each security domain all comprises one group of user that identical security strategy demand is arranged, the security domain of a correspondence of each virtual firewall management.
9. firewall device according to claim 7 is characterized in that, described firewall device is router or the gateway that is integrated with firewall functionality.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2006101563343A CN101212453A (en) | 2006-12-29 | 2006-12-29 | Network access control method and firewall device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2006101563343A CN101212453A (en) | 2006-12-29 | 2006-12-29 | Network access control method and firewall device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101212453A true CN101212453A (en) | 2008-07-02 |
Family
ID=39612127
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2006101563343A Pending CN101212453A (en) | 2006-12-29 | 2006-12-29 | Network access control method and firewall device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101212453A (en) |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010060385A1 (en) * | 2008-11-29 | 2010-06-03 | 成都市华为赛门铁克科技有限公司 | Method, apparatus and system for crossing virtual firewall to transmit and receive data |
| CN101854342A (en) * | 2009-03-31 | 2010-10-06 | 凹凸电子(武汉)有限公司 | Application identification system, device, and method for identifying network applications |
| CN102244622A (en) * | 2011-07-25 | 2011-11-16 | 北京网御星云信息技术有限公司 | Virtual gateway protection method, virtual security gateway and system for server virtualization |
| CN102394897A (en) * | 2011-12-18 | 2012-03-28 | 西安安智科技有限公司 | System for realizing virtual firewall safety strategy through combining bottom line strategy and method thereof |
| CN103973673A (en) * | 2014-04-09 | 2014-08-06 | 汉柏科技有限公司 | Virtual firewall partitioning method and equipment |
| CN104113522A (en) * | 2014-02-20 | 2014-10-22 | 西安未来国际信息股份有限公司 | Design of virtual firewall assembly acting on cloud computing data center security domain |
| CN104184717A (en) * | 2014-02-20 | 2014-12-03 | 西安未来国际信息股份有限公司 | Virtual host safety protection system design |
| CN104519030A (en) * | 2013-09-30 | 2015-04-15 | 西门子公司 | Method and device for safety detection |
| CN105939356A (en) * | 2016-06-13 | 2016-09-14 | 北京网康科技有限公司 | Virtual firewall dividing method and device |
| CN106027639A (en) * | 2016-05-18 | 2016-10-12 | 新浪网技术(中国)有限公司 | WAN (Wide Area Network) access method and apparatus for PAAS (Platform-as-a-Service) platform |
| CN106534346A (en) * | 2016-12-07 | 2017-03-22 | 北京奇虎科技有限公司 | Virtual WAF-based flow control method, apparatus and system |
| CN103763310B (en) * | 2013-12-31 | 2017-04-12 | 曙光云计算技术有限公司 | Firewall service system and method based on virtual network |
| CN107733800A (en) * | 2017-11-29 | 2018-02-23 | 郑州云海信息技术有限公司 | A kind of SDN message transmitting method and its device |
| CN108156079A (en) * | 2017-12-29 | 2018-06-12 | 深信服网络科技(深圳)有限公司 | A kind of data packet forwarding system and method based on cloud service platform |
| CN109889529A (en) * | 2019-03-01 | 2019-06-14 | 国电南瑞科技股份有限公司 | A Firewall Implementation Method of Communication Controller Based on IPTABLE |
| CN110113324A (en) * | 2019-04-24 | 2019-08-09 | 东莞理工学院 | A network security device and firewall device |
| CN110290153A (en) * | 2019-07-19 | 2019-09-27 | 国网安徽省电力有限公司信息通信分公司 | A method and device for automatically delivering port management policies of a firewall |
| CN110572415A (en) * | 2019-10-14 | 2019-12-13 | 迈普通信技术股份有限公司 | Safety protection method, equipment and system |
| CN114884692A (en) * | 2022-03-31 | 2022-08-09 | 中国工商银行股份有限公司 | Network access control method and device |
-
2006
- 2006-12-29 CN CNA2006101563343A patent/CN101212453A/en active Pending
Cited By (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101478533B (en) * | 2008-11-29 | 2012-05-23 | 成都市华为赛门铁克科技有限公司 | Method and system for transmitting and receiving data across virtual firewall |
| WO2010060385A1 (en) * | 2008-11-29 | 2010-06-03 | 成都市华为赛门铁克科技有限公司 | Method, apparatus and system for crossing virtual firewall to transmit and receive data |
| CN101854342A (en) * | 2009-03-31 | 2010-10-06 | 凹凸电子(武汉)有限公司 | Application identification system, device, and method for identifying network applications |
| CN102244622A (en) * | 2011-07-25 | 2011-11-16 | 北京网御星云信息技术有限公司 | Virtual gateway protection method, virtual security gateway and system for server virtualization |
| CN102394897A (en) * | 2011-12-18 | 2012-03-28 | 西安安智科技有限公司 | System for realizing virtual firewall safety strategy through combining bottom line strategy and method thereof |
| CN104519030A (en) * | 2013-09-30 | 2015-04-15 | 西门子公司 | Method and device for safety detection |
| CN104519030B (en) * | 2013-09-30 | 2018-07-17 | 西门子公司 | A kind of method and apparatus for safety detection |
| CN103763310B (en) * | 2013-12-31 | 2017-04-12 | 曙光云计算技术有限公司 | Firewall service system and method based on virtual network |
| CN104113522A (en) * | 2014-02-20 | 2014-10-22 | 西安未来国际信息股份有限公司 | Design of virtual firewall assembly acting on cloud computing data center security domain |
| CN104184717A (en) * | 2014-02-20 | 2014-12-03 | 西安未来国际信息股份有限公司 | Virtual host safety protection system design |
| CN103973673A (en) * | 2014-04-09 | 2014-08-06 | 汉柏科技有限公司 | Virtual firewall partitioning method and equipment |
| CN103973673B (en) * | 2014-04-09 | 2017-11-03 | 汉柏科技有限公司 | The method and apparatus for dividing virtual firewall |
| CN106027639B (en) * | 2016-05-18 | 2019-05-17 | 新浪网技术(中国)有限公司 | A kind of wide-area network access method and device of PAAS platform |
| CN106027639A (en) * | 2016-05-18 | 2016-10-12 | 新浪网技术(中国)有限公司 | WAN (Wide Area Network) access method and apparatus for PAAS (Platform-as-a-Service) platform |
| CN105939356A (en) * | 2016-06-13 | 2016-09-14 | 北京网康科技有限公司 | Virtual firewall dividing method and device |
| CN106534346B (en) * | 2016-12-07 | 2019-12-10 | 北京奇虎科技有限公司 | Flow control method, device and system based on virtual WAF |
| CN106534346A (en) * | 2016-12-07 | 2017-03-22 | 北京奇虎科技有限公司 | Virtual WAF-based flow control method, apparatus and system |
| CN107733800A (en) * | 2017-11-29 | 2018-02-23 | 郑州云海信息技术有限公司 | A kind of SDN message transmitting method and its device |
| CN108156079A (en) * | 2017-12-29 | 2018-06-12 | 深信服网络科技(深圳)有限公司 | A kind of data packet forwarding system and method based on cloud service platform |
| CN108156079B (en) * | 2017-12-29 | 2021-08-13 | 深信服科技股份有限公司 | Data packet forwarding system and method based on cloud service platform |
| CN109889529A (en) * | 2019-03-01 | 2019-06-14 | 国电南瑞科技股份有限公司 | A Firewall Implementation Method of Communication Controller Based on IPTABLE |
| CN110113324A (en) * | 2019-04-24 | 2019-08-09 | 东莞理工学院 | A network security device and firewall device |
| CN110290153A (en) * | 2019-07-19 | 2019-09-27 | 国网安徽省电力有限公司信息通信分公司 | A method and device for automatically delivering port management policies of a firewall |
| CN110572415A (en) * | 2019-10-14 | 2019-12-13 | 迈普通信技术股份有限公司 | Safety protection method, equipment and system |
| CN110572415B (en) * | 2019-10-14 | 2022-01-21 | 迈普通信技术股份有限公司 | Safety protection method, equipment and system |
| CN114884692A (en) * | 2022-03-31 | 2022-08-09 | 中国工商银行股份有限公司 | Network access control method and device |
| CN114884692B (en) * | 2022-03-31 | 2024-01-30 | 中国工商银行股份有限公司 | Network access control method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101212453A (en) | Network access control method and firewall device | |
| Hantouti et al. | Service function chaining in 5G & beyond networks: Challenges and open research issues | |
| CN101094225B (en) | Network, system and method of differentiated security service | |
| US7617271B2 (en) | Integrated service management system | |
| US7693980B2 (en) | Integrated service management system | |
| US9716690B2 (en) | Integrated security switch | |
| CN101582900B (en) | Firewall security policy configuration method and management unit | |
| US8081640B2 (en) | Network system, network management server, and access filter reconfiguration method | |
| Hyun et al. | Interface to network security functions for cloud-based security services | |
| US20040193906A1 (en) | Network service security | |
| CN101635702B (en) | Method for forwarding data packet using security strategy | |
| CN105187378A (en) | Computerized System And Method For Handling Network Traffic | |
| CA2650410A1 (en) | Method and apparatus for optimizing a firewall | |
| CN102137024A (en) | Message processing method, exit routing device and border routing device | |
| US7822036B2 (en) | Method and system for policy-based routing in a private network-to-network interface protocol based network | |
| CN112104540A (en) | Cross-domain resource dynamic arranging method and cross-domain interconnection system | |
| CN105721487A (en) | Information processing method and electronic equipment | |
| US7225255B2 (en) | Method and system for controlling access to network resources using resource groups | |
| CN100456747C (en) | Implementation method and network equipment for unicast reverse path inspection | |
| CN101917414B (en) | BGP (Border Gateway Protocol) classification gateway device and method for realizing gateway function by using same | |
| US7219142B1 (en) | Scoping of policies in a hierarchical customer service management system | |
| US20090073973A1 (en) | Router having black box function and network system including the same | |
| Cisco | Working with Security Policies | |
| CN101262503B (en) | Method for withdrawing user IP addresses of DHCP device | |
| Cisco | mls exclude protocol |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20080702 |