Movatterモバイル変換

[0]ホーム
URL:

CN113329022B - Information processing method of virtual firewall and electronic equipment - Google Patents

Information processing method of virtual firewall and electronic equipmentDownload PDF

Info

Publication number
CN113329022B
CN113329022BCN202110598565.4ACN202110598565ACN113329022BCN 113329022 BCN113329022 BCN 113329022BCN 202110598565 ACN202110598565 ACN 202110598565ACN 113329022 BCN113329022 BCN 113329022B
Authority
CN
China
Prior art keywords
virtual firewall
address
request message
target
firewall
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110598565.4A
Other languages
Chinese (zh)
Other versions
CN113329022A (en
Inventor
马瑞武
吴兴
赵振洋
丁传玉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co LtdfiledCriticalBeijing Topsec Technology Co Ltd
Priority to CN202110598565.4ApriorityCriticalpatent/CN113329022B/en
Publication of CN113329022ApublicationCriticalpatent/CN113329022A/en
Application grantedgrantedCritical
Publication of CN113329022BpublicationCriticalpatent/CN113329022B/en
Activelegal-statusCriticalCurrent
Anticipated expirationlegal-statusCritical

Links

Images

Classifications

Landscapes

Abstract

The invention provides an information processing method of a virtual firewall and electronic equipment, wherein the method is applied to the electronic equipment with a plurality of virtual firewalls and comprises the following steps: when a target virtual firewall receives a request message sent by a user side, determining the type of the request message; under the condition that the type of the request message is determined to be a target type, the target virtual firewall sends the request message to a first virtual firewall to enable the first virtual firewall to respond, wherein remote management service is deployed on the first virtual firewall and used for responding to the request message of the target type, and IP addresses are distributed to management interfaces of the target virtual firewall; and the target virtual firewall receives the response message sent by the first virtual firewall and forwards the response message to the user side. The information processing method of the virtual firewall can effectively manage the virtual firewall and ensure the stability of the whole virtual firewall.

Description

Information processing method of virtual firewall and electronic equipment
Technical Field
The embodiment of the invention relates to the field of intelligent equipment, in particular to an information processing method of a virtual firewall and electronic equipment.
Background
With the increasing scale of enterprises, the increase of departments and branch institutions, the division of functions and authorities and liabilities among all departments and branch institutions is more and more detailed, and the requirements on safety are diversified. In order to meet different security requirements, enterprises need to increase the deployment amount of firewalls. It is obviously undesirable if the overall deployment is a physical firewall, which can be costly.
In order to reduce the enterprise cost, an enterprise generally purchases a firewall supporting a virtual technology, multiple devices of the virtual firewall are virtualized on one physical firewall to meet the requirement, and each virtual firewall can be regarded as an independent firewall device to be used. When the virtual firewall virtualized by one physical device is too much, higher requirements are put forward on the performance and stability of the whole firewall. The local management of the virtual firewall brings negative effects to the performance and stability of the whole firewall.
At present, the schemes commonly adopted for local management of virtual firewalls include using namespace technology to solve virtualization of remote management services, or using IP protocol stack technology to solve virtualization of remote management services. However, with namespace technology, remote management services need to be started under each virtual firewall, which may result in service redundancy, thereby affecting the overall performance of the firewall. If the remote management service is transplanted to the IP protocol stack by using the IP protocol stack, the remote management service and the IP protocol stack are likely to be unstable, thereby further affecting the stability of the firewall overall system.
Disclosure of Invention
The invention provides an information processing method of a virtual firewall, which can effectively manage the firewall of the virtual machine and ensure the stability of the whole physical firewall.
The embodiment of the invention provides an information processing method of a virtual firewall, which is applied to electronic equipment, wherein the electronic equipment is provided with a plurality of virtual firewalls, and the method comprises the following steps:
when a target virtual firewall receives a request message sent by a user side, determining the type of the request message;
under the condition that the type of the request message is determined to be a target type, the target virtual firewall sends the request message to a first virtual firewall to enable the first virtual firewall to respond, wherein remote management service is deployed on the first virtual firewall and used for responding to the request message of the target type, and IP addresses are distributed to management interfaces of the target virtual firewall;
and the target virtual firewall receives the response message sent by the first virtual firewall and forwards the response message to the user side.
Optionally, before the target virtual firewall receives the request packet sent by the user side, the method further includes:
when the physical firewall is in a starting state, allocating an IP address to a management interface of each virtual firewall;
deploying the remote management service on the first virtual firewall.
Optionally, the IP address includes an internal IP address of the management interface and a management IP address.
Optionally, when the target virtual firewall receives a request packet sent by a user, determining the type of the request packet includes:
when a target virtual firewall receives a request message sent by a user side, whether a target IP address of the request message is consistent with a management IP address of the target virtual firewall is determined, and if so, the type of the request message is determined to be the target type.
Optionally, when it is determined that the request packet type is the target type, the sending, by the target virtual firewall, the request packet to the first virtual firewall includes:
the target virtual firewall converts a source IP address of the request message into an internal IP address of the target virtual firewall and converts a destination IP address of the request message into an internal IP address of the first virtual firewall under the condition that the type of the request message is determined to be the target type;
converting the IP address of the source port of the request message into the internal IP address of the target virtual firewall;
recording the address conversion information of the request message;
and sending the request message after the address conversion to the first virtual firewall.
Optionally, the method further comprises:
the first virtual firewall receives and processes the request message to generate the response message;
the first virtual firewall determines the destination IP address of the response message as the internal IP address of the target virtual firewall according to the received IP address of the request message;
and the first virtual firewall sends the response message to the target virtual firewall based on the determined destination IP address.
Optionally, the receiving, by the target virtual firewall, the response packet sent by the first virtual firewall, and forwarding the response packet to the user side includes:
after receiving the response message, the target virtual firewall correspondingly reduces the IP address of the response message and the IP address of the source port to the IP address carried by the request message respectively based on the recorded address conversion information of the request message;
and sending the response message with the restored address to the user side based on the IP address carried by the request message.
Another embodiment of the present invention also provides an electronic device, which includes a physical firewall and a plurality of virtual firewalls, where the plurality of virtual firewalls includes:
the first virtual firewall is deployed with remote management service and used for responding to the request message of the target type and generating and forwarding a response message;
the target virtual firewall is used for determining the type of the request message when receiving the request message sent by a user side, sending the request message to a first virtual firewall under the condition that the type of the request message is determined to be the target type, and enabling the first virtual firewall to respond, wherein IP addresses are distributed to management interfaces of the target virtual firewall, and after the target virtual firewall receives the response message sent by the first virtual firewall, the response message is forwarded to the user side.
Optionally, the method further comprises:
a processor for assigning an IP address to a management interface of each of the virtual firewalls and deploying the remote management service on the first virtual firewall when a physical firewall is in a boot state.
Optionally, the IP address includes an internal IP address of the management interface and a management IP address.
Based on the disclosure of the above embodiment, it can be known that the embodiment of the present invention has the beneficial effects that a first virtual firewall is assigned with a remote management service, an IP address is allocated to a management interface of each virtual firewall, and when a target virtual firewall receives a request packet and determines that the type of the request packet is a target type, the request packet is redirected to the first virtual firewall, so that the first virtual firewall processes the request packet based on the remote management service to generate a response packet. After receiving the response message, the target virtual firewall may forward the response message to the user side. Because each virtual firewall is not provided with the remote management service, service redundancy is effectively avoided, and the remote management service is provided without third-party physical equipment or virtual equipment, so that the overall stability and performance of the virtual firewall and the physical firewall can be effectively improved.
Drawings
Fig. 1 is a flowchart illustrating a method of processing information by a virtual firewall according to an exemplary embodiment.
Fig. 2 is a flowchart illustrating a method of processing information by a virtual firewall according to an example embodiment.
Fig. 3 is a flowchart illustrating a method of processing information by a virtual firewall according to an example embodiment.
Fig. 4 is a flowchart illustrating a method of processing information by a virtual firewall according to an example embodiment.
Fig. 5 is a block diagram illustrating a structure of an electronic device according to an example embodiment.
Detailed Description
The following detailed description of specific embodiments of the present invention is provided in connection with the accompanying drawings, which are not intended to limit the invention.
It will be understood that various modifications may be made to the embodiments disclosed herein. The following description is, therefore, not to be taken in a limiting sense, but is made merely as an exemplification of embodiments. Other modifications will occur to those skilled in the art within the scope and spirit of the disclosure.
The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate embodiments of the disclosure and, together with a general description of the disclosure given above, and the detailed description of the embodiments given below, serve to explain the principles of the disclosure.
These and other characteristics of the invention will become apparent from the following description of a preferred form of embodiment, given as a non-limiting example, with reference to the accompanying drawings.
It should also be understood that, although the invention has been described with reference to some specific examples, a person of skill in the art shall certainly be able to achieve many other equivalent forms of the invention, having the characteristics as set forth in the claims and hence all coming within the field of protection defined thereby.
The above and other aspects, features and advantages of the present disclosure will become more apparent in view of the following detailed description when taken in conjunction with the accompanying drawings.
Specific embodiments of the present disclosure are described hereinafter with reference to the accompanying drawings; however, it is to be understood that the disclosed embodiments are merely examples of the disclosure that may be embodied in various forms. Well-known and/or repeated functions and structures have not been described in detail so as not to obscure the present disclosure with unnecessary or unnecessary detail. Therefore, specific structural and functional details disclosed herein are not to be interpreted as limiting, but merely as a basis for the claims and as a representative basis for teaching one skilled in the art to variously employ the present disclosure in virtually any appropriately detailed structure.
The specification may use the phrases "in one embodiment," "in another embodiment," "in yet another embodiment," or "in other embodiments," which may each refer to one or more of the same or different embodiments in accordance with the disclosure.
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
Fig. 1 is a flowchart illustrating a method for processing information by using a virtual firewall according to an exemplary embodiment, and as shown in fig. 1, an embodiment of the present invention provides an information processing method by using a virtual firewall, which is applied to an electronic device having a plurality of virtual firewalls, where the method includes:
when a management interface of a target virtual firewall receives a request message sent by a user side, determining the type of the request message, wherein an IP address is distributed to the management interface of the target virtual firewall;
under the condition that the type of the request message is determined to be the target type, the target virtual firewall sends the request message to a first virtual firewall to enable the first virtual firewall to respond, wherein remote management service is deployed on the first virtual firewall and used for responding to the request message of the target type;
and the management interface of the target virtual firewall receives the response message sent by the first virtual firewall and forwards the response message to the user side.
For example, a plurality of virtual firewalls are created on the electronic device based on the physical firewall, and only the first virtual firewall of the plurality of virtual firewalls is configured with the remote management service, such as the remote management service implemented based on ssh protocol (Secure Shell), telnet protocol, and so on. And the rest virtual firewalls do not configure the service. The number of the first virtual firewalls is not fixed, and may be one or multiple, and specifically may be determined according to actual management requirements, for example, when the number of the virtual firewalls is too large, the number of the first virtual firewalls may be increased, otherwise, when the number of the virtual firewalls is less, the number of the first virtual firewalls may be decreased. Each created virtual firewall is provided with a management interface and is distributed with an IP address so as to represent the identity of each virtual firewall and realize the receiving and forwarding of messages. When a user sends a request message to a target virtual firewall based on a user side, if the user sends the request message to the target virtual firewall based on ssh on the user side, the target virtual firewall determines the type of the request message, and when the type of the request message is determined to be the target type, the request message is redirected to a first virtual firewall, so that the first virtual firewall processes the request message and generates a response message, and then the first virtual firewall sends the response message to the target virtual firewall based on the IP address of the target virtual firewall so that the response message is forwarded to the client.
Based on the above content, it can be known that the present embodiment has the beneficial effects that the first virtual firewall is assigned with the remote management service, and meanwhile, an IP address is allocated to the management interface of each virtual firewall, and when the target virtual firewall receives the request packet and determines that the type of the request packet is the target type, the request packet is redirected to the first virtual firewall, so that the first virtual firewall processes the request packet based on the remote management service, and generates the response packet. After receiving the response message, the target virtual firewall may forward the response message to the user side. Because the plurality of virtual firewalls in the embodiment are not all deployed with the remote management service, only the first virtual firewall has the service, thereby effectively avoiding service redundancy, reducing the response load of each virtual firewall, and avoiding the phenomenon that the overall stability of the virtual firewall is affected due to the instability of third-party equipment without providing the remote management service by the third-party physical equipment or virtual equipment.
Further, in this embodiment, before the target virtual firewall receives the request message sent by the user side, the method further includes:
when the physical firewall is in a starting state, allocating an IP address to a management interface of each virtual firewall;
a remote management service is deployed on the first virtual firewall.
The IP address in this embodiment includes an internal IP address and a management IP address of the management interface, and the remote management service may be implemented based on a ssh protocol (Secure Shell, Secure Shell protocol), a telnet protocol, or other application programs capable of implementing the remote management service, and is not particularly limited. When the method is applied specifically, when the physical firewall is in a starting state and local management resources are initialized, a unique internal IP address and a management IP address are allocated to a management interface of each virtual firewall, corresponding static neighbor is added to the first virtual firewall, and services such as ssh and telnet are configured and started.
Further, in this embodiment, when the management interface of the target virtual firewall receives a request packet sent by the user side, determining the type of the request packet includes:
when the target virtual firewall receives a request message sent by a user side, whether a target IP address of the request message is consistent with a management IP address of the target virtual firewall is determined, and if so, the type of the request message is determined to be a target type.
For example, the target virtual firewall may actually receive many different types of messages, and some messages need to be processed by the target virtual firewall itself, for example, messages related to network security generated in the responsible network region need to be processed by the target virtual firewall itself. Therefore, in order to distinguish the received message, the target virtual firewall in this embodiment needs to perform type judgment on the received message, and when the type of the received message is judged to be the target type, such as a management type request message, it is determined that the message needs to be processed by the first virtual firewall. In actual application, the target virtual firewall can determine the target type by judging whether the destination IP address of the request message is consistent with the management IP of the management interface of the target virtual firewall, and the target type is required to be processed by the first virtual firewall if the destination IP address of the request message is consistent with the management IP of the management interface of the target virtual firewall.
Further, as shown in fig. 2, in this embodiment, when determining that the type of the request packet is the target type, the sending, by the target virtual firewall, the request packet to the first virtual firewall includes:
under the condition that the type of the request message is determined to be the target type, the target virtual firewall converts a source IP address of the request message into an internal IP address of the target virtual firewall and converts a target IP address of the request message into an internal IP address of the first virtual firewall;
converting the IP address of the source port of the request message into the internal IP address of the target virtual firewall;
recording the address conversion information of the current request message;
and sending the request message after the address conversion to the first virtual firewall.
Specifically, when the target virtual firewall determines that the type of the request packet is the target type, Network Address Translation needs to be performed on the source IP Address of the request packet, and the Network Address Translation may be specifically implemented based on an NAT (Network Address Translation) protocol. During actual application, the target virtual firewall determines a source IP address, a source port address and a destination IP address of the request message, modifies both the source IP address and the source port address into an internal IP address of a management interface of the target virtual firewall, and converts the destination IP address into an internal IP address of a management interface of the first virtual server. And simultaneously recording address translation information corresponding to the request message, namely, the source IP address of the request message and the source port is changed into the address, and the destination IP address is changed into the address. After the address conversion is completed, the target virtual firewall can send the request message to the management interface of the first virtual firewall.
Optionally, the method in this embodiment further includes:
the first virtual firewall receives and processes the request message to generate a response message;
the first virtual firewall determines that the destination IP address of the response message is the internal IP address of the target virtual firewall according to the IP address of the received request message;
and the first virtual firewall sends the response message to the target virtual firewall based on the determined destination IP address.
For example, after receiving the request message, the management interface of the first virtual firewall processes the request message and generates a response message. And then the first virtual firewall needs to determine the source IP address of the received request message, and after verification, the source IP address can be determined to be the internal IP address of the target virtual firewall.
Further, the receiving, by the target virtual firewall in this embodiment, the response packet sent by the first virtual firewall, and forwarding the response packet to the user side includes:
after receiving the response message, the target virtual firewall correspondingly reduces the IP address of the response message and the IP address of the source port to the IP address carried by the request message respectively based on the recorded address conversion information of the request message;
and sending the response message after the address reduction to the user side based on the IP address carried by the request message.
Specifically, after receiving the response message, the target virtual firewall searches for address conversion record information of the corresponding request message, then reduces the source port and the destination IP address of the response message to the source IP address of the original request message based on the address conversion record information, then converts the source IP address of the response message to the management IP address of the target virtual firewall, and after the address conversion is completed, the response message can be sent to the user side to realize response.
To describe the method of the present embodiment in more detail, the following description is made with reference to specific examples:
the method comprises the following specific implementation steps:
the implementation is described by taking three virtual firewalls as examples, and specifically includes:
1) after the physical firewall is started, internal IP addresses are respectively distributed to the management interfaces of the virtual firewall: eth 0: 10.1.1.254, eth1: 10.1.1.1, eth2: 10.1.1.2. and simultaneously configuring the management IP address of the management interface of the virtual firewall: eth 0: 2.2.2.1, eth1:1.1.1.1, eth2: 1.1.1.2. The virtual firewall local management deployment can refer to fig. 3 and 4.
2) The user (1.1.1.3) manages the virtual firewall 1 (i.e., the target virtual firewall) through SSH and initiates the request 1.1.1.3: 9090 → 1.1.1.1: 22.
3) After receiving the request message, thevirtual firewall 1 determines that the destination IP address of the request message is the same as the management IP address of its own management interface, and then determines that the request message needs to be redirected to the first virtual firewall.
4) Thevirtual firewall 1 performs NAT translation of a source IP address and a destination IP address on the request message, specifically, the source IP address of the request message is translated into an internal IP address of thevirtual firewall 1, and the source port also needs to be translated synchronously. The destination IP address of the request message is then translated to the internal IP address of the first virtual firewall. Meanwhile, thevirtual firewall 1 records the conversion result, and the converted request message is: 10.1.1.1: 898910.1.1.254: 22.
5) And after NAT is carried out on the message, the message is sent to the first virtual firewall, so that the first virtual firewall carries out corresponding request response processing, for example, the request message is a request about flow management, the first virtual firewall carries out flow control, and a response message is generated according to the flow control. After the message is processed, the first virtual firewall determines the destination IP address of the response message according to the received request message, and determines that 10.1.1.1 in the request message belongs to thevirtual firewall 1, so that the response message is determined to be sent to thevirtual firewall 1.
6) After receiving the response message, thevirtual firewall 1 searches the recorded NAT conversion result, and then restores the IP address and port of the response message to 1.1.1: 221.1.1.3: 9090 based on the conversion result, and sends out the response message.
As shown in fig. 5, the present invention also provides an electronic device, which includes a physical firewall, and a plurality of virtual firewalls, the plurality of virtual firewalls including:
the first virtual firewall is deployed with remote management service and used for responding to the request message of the target type and generating and forwarding a response message;
and the target virtual firewall is used for determining the type of the request message when receiving the request message sent by the user side, sending the request message to the first virtual firewall under the condition of determining that the type of the request message is the target type, so that the first virtual firewall responds, wherein IP addresses are distributed to management interfaces of the target virtual firewall, and after the target virtual firewall receives the response message sent by the first virtual firewall, the response message is forwarded to the user side.
The method has the advantages that the first virtual firewall is appointed to be deployed with the remote management service, the IP address is distributed to the management interface of each virtual firewall, when the target virtual firewall receives the request message and determines that the type of the request message is the target type, the request message is redirected into the first virtual firewall, the first virtual firewall processes the request message based on the remote management service, and the response message is generated. After receiving the response message, the target virtual firewall may forward the response message to the user side. Because the plurality of virtual firewalls in the embodiment are not all deployed with the remote management service, only the first virtual firewall has the service, thereby effectively avoiding service redundancy, reducing the response load of each virtual firewall, and avoiding the phenomenon that the overall stability of the virtual firewall is affected due to the instability of third-party equipment without providing the remote management service by the third-party physical equipment or virtual equipment.
Optionally, the electronic device of this embodiment further includes:
and the processor is used for allocating an IP address to the management interface of each virtual firewall and deploying the remote management service on the first virtual firewall when the physical firewall is in a starting state.
Optionally, the IP address in this embodiment includes an internal IP address of the management interface and a management IP address.
Optionally, when the management interface of the target virtual firewall receives a request packet sent by a user, determining the type of the request packet includes:
when a management interface of a target virtual firewall receives a request message sent by a user side, whether a target IP address of the request message is consistent with a management IP address of the target virtual firewall is determined, and if so, the type of the request message is determined to be the target type.
Optionally, when it is determined that the request packet type is the target type, the sending, by the target virtual firewall, the request packet to the first virtual firewall includes:
the target virtual firewall converts a source IP address of the request message into an internal IP address of the target virtual firewall and converts a destination IP address of the request message into an internal IP address of the first virtual firewall under the condition that the type of the request message is determined to be the target type;
converting the IP address of the source port of the request message into the internal IP address of the target virtual firewall;
recording the address conversion information of the request message;
and sending the request message after the address conversion to the first virtual firewall.
Optionally, the first virtual firewall of this embodiment is further configured to:
the first virtual firewall receives and processes the request message to generate the response message;
the first virtual firewall determines the destination IP address of the response message as the internal IP address of the target virtual firewall according to the received IP address of the request message;
and the first virtual firewall sends the response message to the target virtual firewall based on the determined destination IP address.
Optionally, the receiving, by the management interface of the target virtual firewall, the response packet sent by the first virtual firewall, and forwarding the response packet to the user side includes:
after receiving the response message, the target virtual firewall correspondingly restores the IP address of the response message and the IP address of the source port into the IP address carried by the request message respectively based on the recorded address conversion information of the request message;
and sending the response message with the restored address to the user side based on the IP address carried by the request message.
Another embodiment of the present invention further provides an electronic device, including:
one or more processing modules;
a storage module configured to store one or more programs;
the one or more programs, when executed by the one or more processing modules, cause the one or more processing modules to implement the above-described methods.
An embodiment of the present application also provides a storage medium having a computer program stored thereon, which when executed by a processor implements the method as described above. It should be understood that each solution in this embodiment has a corresponding technical effect in the foregoing method embodiments, and details are not described here.
Embodiments of the present application also provide a computer program product tangibly stored on a computer-readable medium and comprising computer-executable instructions that, when executed, cause at least one processor to perform a method such as the embodiments described above. It should be understood that each solution in this embodiment has a corresponding technical effect in the foregoing method embodiments, and details are not described here.
Note that the computer storage media of the present application can be either computer readable signal media or computer readable storage media or any combination of the two. The computer readable medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access storage media (RAM), a read-only storage media (ROM), an erasable programmable read-only storage media (EPROM or flash memory), an optical fiber, a portable compact disc read-only storage media (CD-ROM), an optical storage media piece, a magnetic storage media piece, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, antenna, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
It should be understood that although the present application has been described in terms of various embodiments, not every embodiment includes only a single embodiment, and such description is for clarity purposes only, and those skilled in the art will recognize that the embodiments described herein may be combined as suitable to form other embodiments, as will be appreciated by those skilled in the art.
The above embodiments are only exemplary embodiments of the present invention, and are not intended to limit the present invention, and the scope of the present invention is defined by the claims. Various modifications and equivalents may be made by those skilled in the art within the spirit and scope of the present invention, and such modifications and equivalents should also be considered as falling within the scope of the present invention.

Claims (10)

CN202110598565.4A2021-05-312021-05-31Information processing method of virtual firewall and electronic equipmentActiveCN113329022B (en)

Priority Applications (1)

Application NumberPriority DateFiling DateTitle
CN202110598565.4ACN113329022B (en)2021-05-312021-05-31Information processing method of virtual firewall and electronic equipment

Applications Claiming Priority (1)

Application NumberPriority DateFiling DateTitle
CN202110598565.4ACN113329022B (en)2021-05-312021-05-31Information processing method of virtual firewall and electronic equipment

Publications (2)

Publication NumberPublication Date
CN113329022A CN113329022A (en)2021-08-31
CN113329022Btrue CN113329022B (en)2022-08-05

Family

ID=77422488

Family Applications (1)

Application NumberTitlePriority DateFiling Date
CN202110598565.4AActiveCN113329022B (en)2021-05-312021-05-31Information processing method of virtual firewall and electronic equipment

Country Status (1)

CountryLink
CN (1)CN113329022B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN114172695B (en)*2021-11-222024-10-11闪捷信息科技有限公司Method, device, equipment and storage medium for forwarding serial fireproof wall message

Citations (12)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN104364761A (en)*2012-06-152015-02-18思杰系统有限公司Systems and methods for forwarding traffic in a cluster network
CN105939356A (en)*2016-06-132016-09-14北京网康科技有限公司Virtual firewall dividing method and device
CN107733800A (en)*2017-11-292018-02-23郑州云海信息技术有限公司A kind of SDN message transmitting method and its device
CN107948205A (en)*2017-12-312018-04-20中国移动通信集团江苏有限公司Firewall strategy-generating method, device, equipment and medium
CN108347481A (en)*2018-01-312018-07-31温州庄吉服饰有限公司A kind of remote service security system
CN108600415A (en)*2018-05-282018-09-28郑州云海信息技术有限公司A kind of virtual network accesses method, system and the SDN controllers of outer net
CN109962914A (en)*2019-03-122019-07-02杭州迪普科技股份有限公司A kind of firewall configuration method and device
CN109981367A (en)*2019-03-282019-07-05湖南大学Method based on the empty machine paas service management that Intranet penetrates
CN110365697A (en)*2019-07-262019-10-22新华三大数据技术有限公司A kind of virtual firewall setting method, device, electronic equipment and storage medium
CN110995768A (en)*2019-12-312020-04-10奇安信科技集团股份有限公司 Building and generating firewall methods, apparatus, apparatus, media and program products
CN112511439A (en)*2020-11-252021-03-16杭州迪普科技股份有限公司Data forwarding method, device, equipment and computer readable storage medium
CN112866214A (en)*2021-01-042021-05-28广州品唯软件有限公司Firewall strategy issuing method and device, computer equipment and storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN104468304B (en)*2013-09-222018-07-03华为技术有限公司A kind of method of pond elementary state synchronizing information, pond Register and pond element
EP3780557B1 (en)*2019-02-252023-02-15Bright Data Ltd.System and method for url fetching retry mechanism

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN104364761A (en)*2012-06-152015-02-18思杰系统有限公司Systems and methods for forwarding traffic in a cluster network
CN105939356A (en)*2016-06-132016-09-14北京网康科技有限公司Virtual firewall dividing method and device
CN107733800A (en)*2017-11-292018-02-23郑州云海信息技术有限公司A kind of SDN message transmitting method and its device
CN107948205A (en)*2017-12-312018-04-20中国移动通信集团江苏有限公司Firewall strategy-generating method, device, equipment and medium
CN108347481A (en)*2018-01-312018-07-31温州庄吉服饰有限公司A kind of remote service security system
CN108600415A (en)*2018-05-282018-09-28郑州云海信息技术有限公司A kind of virtual network accesses method, system and the SDN controllers of outer net
CN109962914A (en)*2019-03-122019-07-02杭州迪普科技股份有限公司A kind of firewall configuration method and device
CN109981367A (en)*2019-03-282019-07-05湖南大学Method based on the empty machine paas service management that Intranet penetrates
CN110365697A (en)*2019-07-262019-10-22新华三大数据技术有限公司A kind of virtual firewall setting method, device, electronic equipment and storage medium
CN110995768A (en)*2019-12-312020-04-10奇安信科技集团股份有限公司 Building and generating firewall methods, apparatus, apparatus, media and program products
CN112511439A (en)*2020-11-252021-03-16杭州迪普科技股份有限公司Data forwarding method, device, equipment and computer readable storage medium
CN112866214A (en)*2021-01-042021-05-28广州品唯软件有限公司Firewall strategy issuing method and device, computer equipment and storage medium

Also Published As

Publication numberPublication date
CN113329022A (en)2021-08-31

Similar Documents

PublicationPublication DateTitle
US20220123960A1 (en)Data Packet Processing Method, Host, and System
CN110896371B (en)Virtual network equipment and related method
CN103634364B (en)A kind of system for realizing remote desktop, method, client and service centre
US11870701B2 (en)Data transmission method, switch, and site
US10320788B2 (en)Method for transferring authorization information, relay device, and server
CN111694519B (en)Method, system and server for mounting cloud hard disk on bare metal server
CN113326228A (en)Message forwarding method, device and equipment based on remote direct data storage
CN111212134A (en)Request message processing method and device, edge computing system and electronic equipment
CN108259632B (en)CGN implementation method and device
CN110012118B (en)Method and controller for providing Network Address Translation (NAT) service
CN112583655B (en) Data transmission method, device, electronic device and readable storage medium
CN104243608B (en)A kind of communication means, cloud management server and virtual switch
CN106131122A (en)A kind of method and device disposing load balancing service
CN113329022B (en)Information processing method of virtual firewall and electronic equipment
WO2025195160A1 (en)Domain name resolution method, system and apparatus for edge computing, and device and medium
CN106330492A (en) A method, device and system for configuring user equipment forwarding table
CN117615042B (en)Data communication method, device, computer equipment and storage medium
EP4503571A1 (en)Address configuration method and electronic device
CN114666846B (en)Communication method and gateway equipment
CN113489775B (en)Seven-layer load balancing server and load balancing method based on VPP
CN116318916A (en) A Method for Realizing SSH Service Based on Satellite-Earth Link
CN105119829B (en)Data transmission method, device and system
CN113422921B (en)Audio/video communication system, method, medium and computing equipment based on K8s cluster
CN120658542A (en) Data processing method, device, equipment, storage medium and program product
CN118802841A (en) IP address allocation method and device

Legal Events

DateCodeTitleDescription
PB01Publication
PB01Publication
SE01Entry into force of request for substantive examination
SE01Entry into force of request for substantive examination
GR01Patent grant
GR01Patent grant
[8]ページ先頭
©2009-2025 Movatter.jp