CN100426794C - Method for processing data stream between different fire-proof walls - Google Patents
Method for processing data stream between different fire-proof walls Download PDFInfo
- Publication number
- CN100426794C CN100426794C CNB2005101126455A CN200510112645A CN100426794C CN 100426794 C CN100426794 C CN 100426794C CN B2005101126455 A CNB2005101126455 A CN B2005101126455A CN 200510112645 A CN200510112645 A CN 200510112645A CN 100426794 C CN100426794 C CN 100426794C
- Authority
- CN
- China
- Prior art keywords
- compartment wall
- fire compartment
- virtual
- zone
- safety zone
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for processing data stream between different firewalls, both arranging virtual safty region on virtual firewall and root firewall, and setting safety policies between each virtual safety region and other private safety regions of the firewall it belongs to, and when data stream is transmitted between virtual firewalls or between root firewall and virtual firewall, adopting source safety region of the firewall that the data stream belongs to, and the safety policies between virtual safety regions to filter the data stream at the transitting end, and adopting destination safety region of the firewall that the data stream reaches, and the safety policies between virtual safety regions to fitler the data stream at the receiving end. And it adopts reasonable safety policies and filteration to the data stream, and makes the firewalls play the role of protecting network safety.
Description
Technical field
The present invention relates to the virtual firewall technology, refer to that especially a kind of the processing cross between the different virtual fire compartment wall or the method for data flow between root fire compartment wall and virtual firewall.
Background technology
(FW Firewall) is meant and is arranged between the heterogeneous networks, as the combination of a series of parts between believable intranet and incredible public network or the network security territory fire compartment wall.The data flow that fire compartment wall can be crossed over fire compartment wall by monitoring, restriction, change as much as possible to information, structure and the operation conditions of outside gauze screen network inside, realizes safeguard protection to network with this.Fire compartment wall has been monitored the data interaction between internal network and the external network effectively, has guaranteed the safety of internal network.
At present, fire compartment wall is usually formulated security strategy based on safety zone rather than interface, and there are trustable network (Trust) zone, unreliable network (Untrust) zone and the non-zone of setting up defences (DMZ) in common safety zone.Virtual firewall is the logical sub entity that the fire compartment wall main system is derived, and the user is shown as independently fire compartment wall.After creating virtual firewall, the fire compartment wall main system that the user is faced is called the root fire compartment wall, and the root fire compartment wall is one; The quantity of virtual firewall can should have one at least according to the configuration dynamic creation.The virtual firewall technology is just progressively adopted by manufacturer and user, is the problem undetermined that virtual firewall is used but adopt which kind of safety zone mechanism of dividing always.
Fig. 1 is prior art virtual firewall and root firewall security area dividing schematic diagram, from Fig. 1 as seen, certain fire compartment wall comprises a root fire compartment wall and two virtual firewalls, wherein, the root fire compartment wall is divided into three safety zones: a public safety zone that is used for interim data stream is that public Untrust zone, two privately owned safety zones are Trust zone and DMZ; The privately owned safety zone of virtual firewall 1 (VFW1) comprises Trust zone and two safety zones of DMZ; The privately owned safety zone of virtual firewall 2 (VFW2) comprises two safety zones of DMZ and Untrust zone, and between each privately owned safety zone and public Untrust zone of root fire compartment wall, be provided with security strategy between privately owned safety zone of each of each virtual firewall and the public Untrust zone, security strategy can be provided with separately according to actual conditions.In addition, be also shown in from Fig. 1, fire compartment wall all belongs to public Untrust zone with the extraneous port that is connected, such as the port one that belongs to the root fire compartment wall, the port 2 that belongs to VFW1 and VFW2, wherein, port one and port 2 are physical port, and port 2 is divided into two logic ports: the Vlan1 and the Vlan2 that belongs to VFW2 that belong to VFW1.All arrive the purpose safety zone of receiving data stream after via public Untrust zone when dotted line represents that the data flow passing fire wall transmits among Fig. 1 from the safety zone, source that sends data flow, and when the data flow passing fire wall, adopt the security strategy between safety zone, source and the public Untrust zone successively and public Untrust is regional and the purpose safety zone between security strategy data stream is filtered.
Fig. 2 is that prior art is handled between leap different virtual fire compartment wall or the flow chart of the data flow between root fire compartment wall and virtual firewall, specifically describe prior art when data flow is crossed between the different virtual fire compartment wall or crossed over virtual firewall and root fire compartment wall in conjunction with Fig. 1, to the processing method of data flow, this method may further comprise the steps:
Step 200: the privately owned safety zone of each virtual firewall is set, the public safety zone and the privately owned safety zone thereof of root fire compartment wall; And the port that will belong to each fire compartment wall is arranged on the public safety zone.
The realization of this step no longer repeats as shown in Figure 1 here.
Step 201: the security strategy that security strategy, public safety zone and each privately owned safety zone of root fire compartment wall between each privately owned safety zone of virtual firewall and the public safety zone are set respectively.
The setting of security strategy belongs to those skilled in the art's known technology, repeats no more here.
Step 202: if data flow is crossed between virtual firewall or crossed between root fire compartment wall and virtual firewall and transmit, then the interregional security strategy filtering data of safety zone, source and public safety flows under transmitting terminal adopts this data flow; The purpose safety zone and the interregional security strategy filtering data of public safety that adopt this data flow to arrive at receiving terminal flow.
In conjunction with Fig. 1, if data flow is sent to the DMZ of VFW2 from the Trust zone of VFW1, the security strategy that the Trust zone that then will successively adopt VFW1 and public Untrust are interregional and public Untrust is regional and the DMZ of VFW2 between security strategy data stream is filtered, promptly adopt by public Untrust zone and carry out security strategy between the territory of transfer.
From said method as seen, the safety zone division mechanism of prior art virtual firewall has following characteristics:
1) the privately owned safety zone of each virtual firewall and public safety is interregional and public safety zone and other privately owned safety zone of root fire compartment wall between be provided with security strategy.
2) fire compartment wall and the extraneous port that is connected are set on the public safety zone, comprise physical port and/or logic interfacing.From the data flow in public safety zone, can be assigned to different virtual firewalls or root fire compartment wall according to certain data flow classification standard such as different port, different VLAN or different address field.
3), all adopt by the public safety zone and carry out security strategy between the territory of transfer for the data flow of crossing over the different virtual fire compartment wall or crossing over root fire compartment wall and virtual firewall.
Carry out the method that security strategy is handled the data flow of crossing over fire compartment wall between the territory of transfer by public Untrust zone according to above-mentioned prior art, can't determine to adopt which kind of security strategy for the data flow of in same public safety zone, crossing over different virtual fire compartment wall or leap virtual firewall and root fire compartment wall.The data flow between the Vlan1 of Spanning Port 1 and port 2 among Fig. 1 for example; though the zone of crossing over is all public Untrust zone; but data flow has but been crossed over root fire compartment wall and VFW1; under this situation; can not determine what security strategy is this data flow adopted; thereby can not adopt rational security strategy to data flow, carry out rational filtration treatment, not reach the effect that fire compartment wall is protected network security.
In addition, for need adopting security strategy between the territory by the data flow that transfer is carried out in public Untrust zone, and the security strategy that is provided with between the territory at present can not fundamentally be distinguished interim data stream and non-interim data flows.The stream of the non-interim data between the Trust zone of the Vlan2 of Spanning Port 2 and VFW1 among Fig. 1 for example adopts the security strategy between the Trust zone of public Untrust zone and VFW1 to filter; And the interim data stream between the DMZ of the Trust zone of crossing over VFW1 and VFW2 can adopt the security strategy between the Trust zone of the regional and VFW1 of public Untrust to filter equally.Owing to can not distinguish interim data stream and non-interim data stream, then can not adopt rational security strategy at different data streams better, rationally filter, thereby can not reach the effect that fire compartment wall is protected network security.
Summary of the invention
In view of this; main purpose of the present invention is to provide a kind of method of handling the data flow between different fire-proof walls; can adopt rational security strategy at the data flow between different fire-proof walls; rationally filter, make fire compartment wall reach the effect that network security is protected better.
For achieving the above object, technical scheme of the present invention specifically is to realize like this
A kind of method of handling data stream between different fire-proof walls is used for comprising the fire compartment wall of root fire compartment wall and virtual firewall, and this method may further comprise the steps:
A., privately owned safety zone is set respectively in described virtual firewall and is used for the virtual secure zone that interim data flows, privately owned safety zone is set respectively in described fire compartment wall and is used for the virtual secure zone that interim data flows, and on the arbitrary privately owned safety zone that in described virtual firewall and root fire compartment wall, has been provided with respectively port separately is set;
B. each privately owned safety zone in described virtual firewall and root fire compartment wall and the interregional security strategy that is provided with of the virtual secure in the fire compartment wall under it respectively;
When C. data flow is crossed over the fire compartment wall transmission, after the interregional security strategy of the safety zone, source of fire compartment wall and this fire compartment wall virtual secure is filtered this data flow under the transmitting terminal employing data flow, data are passed to receiving terminal, and the interregional security strategy of the purpose safety zone of the receiving terminal employing fire compartment wall that data flow reached and this fire compartment wall virtual secure is filtered this data flow.
Described virtual firewall is at least one.
Virtual secure in described virtual firewall and root fire compartment wall zone is for sharing the safety zone or being safety zone independently separately.
Crossing over fire compartment wall described in the step C is: cross over different virtual firewalls or be leap root fire compartment wall and virtual firewall.
Also comprise among the step B: between the privately owned safety zone of described virtual firewall and root fire compartment wall, security strategy is set respectively.
Described security strategy is identical security strategy or different security strategy.
As seen from the above technical solution, the inventive method is in each virtual firewall and root fire compartment wall, except being provided with as required respectively the privately owned safety zone, also need to be provided for respectively the virtual secure zone of interim data stream, and the port that will belong to each virtual firewall and root fire compartment wall is separately positioned on the arbitrary privately owned safety zone of place fire compartment wall separately; Between the privately owned safety zone of each fire compartment wall, security strategy is set, simultaneously respectively in each the privately owned safety zone and the interregional security strategy that is provided with of self virtual secure of each fire compartment wall; Like this, when data flow is crossed between virtual firewall or transmit between leap root fire compartment wall and virtual firewall, the interregional security strategy of the safety zone, source of fire compartment wall and virtual secure is filtered this data flow under transmitting terminal adopts data flow, and the interregional security strategy of the purpose safety zone of the fire compartment wall that then adopts data flow and arrived at receiving terminal and virtual secure is filtered this data flow.
The virtual secure zone that the present invention is provided with on each virtual firewall and root fire compartment wall can be the safety zone of sharing, and also can be safety zone independently.From the inventive method as seen, to virtual firewall, the virtual secure zone is used to receive the data flow from other virtual firewall or root fire compartment wall, perhaps sends the data flow that is sent to other virtual firewall or root fire compartment wall; To the root fire compartment wall, the virtual secure zone is used to receive the data flow from other virtual firewall, perhaps sends the data flow that is sent to other virtual firewall.Because the existence in virtual secure zone, make and cross between virtual firewall or cross over interim data between root fire compartment wall and virtual firewall and flow through and transmit, and the security strategy that adopts is at interim data stream and be provided with by the virtual secure zone.
In addition, be arranged on the privately owned safety zone of self, make the data flow that between different port, transmits be confirmed as interim data stream, thereby need to have determined the security strategy of employing owing to belong to the port of each fire compartment wall among the present invention.
In sum, the inventive method is crossed between virtual firewall at difference or the data flow of crossing between virtual firewall and root fire compartment wall has adopted rational security strategy, has carried out reasonable filtration, makes fire compartment wall reach the effect that network security is protected.
Description of drawings
Fig. 1 is prior art virtual firewall and root firewall security area dividing schematic diagram;
Fig. 2 is that prior art is handled between leap different virtual fire compartment wall or the flow chart of the data flow between root fire compartment wall and virtual firewall;
Fig. 3 is virtual firewall of the present invention and root firewall security area dividing schematic diagram;
Fig. 4 is that the present invention handles between leap different virtual fire compartment wall or the flow chart of the data flow between root fire compartment wall and virtual firewall.
Embodiment
Core concept of the present invention is: privately owned safety zone is set respectively in each virtual firewall and root fire compartment wall and is used for the virtual secure zone of interim data stream, and the port that will belong to each virtual firewall and root fire compartment wall is separately positioned on the arbitrary privately owned safety zone of place fire compartment wall separately; Between the privately owned safety zone of each fire compartment wall, security strategy is set, simultaneously respectively in each the privately owned safety zone and the interregional security strategy that is provided with of self virtual secure of each fire compartment wall; When data flow is crossed between virtual firewall or transmit between leap root fire compartment wall and virtual firewall, the interregional security strategy of the safety zone, source of fire compartment wall and virtual secure is filtered this data flow under transmitting terminal adopts data flow, and the interregional security strategy of the purpose safety zone of the fire compartment wall that then adopts data flow and arrived at receiving terminal and virtual secure is filtered this data flow.
For making purpose of the present invention, technical scheme and advantage clearer, below with reference to the accompanying drawing preferred embodiment that develops simultaneously, the present invention is described in more detail.
Fig. 3 is virtual firewall of the present invention and root firewall security area dividing schematic diagram, and from Fig. 3 as seen, certain fire compartment wall comprises a root fire compartment wall and two virtual firewalls.The root fire compartment wall is divided into virtual secure zone (Vzone) and three privately owned safety zones, and wherein privately owned safety zone comprises Untrust zone, Trust zone and DMZ; VFW1 is divided into Vzone and privately owned safety zone totally four safety zones, and wherein privately owned safety zone comprises Untrust zone, Trust zone and DMZ; VFW2 is divided into Vzone and two privately owned safety zones, and wherein privately owned safety zone comprises DMZ and Untrust zone; And each in root fire compartment wall and virtual firewall is provided with security strategy between privately owned safety zone, the interregional security strategy that all is provided with of the privately owned safety zone of in each virtual firewall each and self virtual secure, the interregional security strategy that all is provided with of the privately owned safety zone of each of root fire compartment wall and self virtual secure.
In addition, be also shown in from Fig. 3, the port that each virtual firewall or root fire compartment wall are connected with the external world all belongs to the arbitrary privately owned safety zone of self, be arranged on the Untrust zone of root fire compartment wall such as the port one that belongs to the root fire compartment wall, belong to that a logic port Vlan1 is arranged on the Untrust zone of VFW1 in the port 2 of VFW1, and belong to the Untrust zone that another logic port Vlan2 in the port 2 of VFW2 is arranged on VFW2.
All arrive the purpose safety zone after via the virtual secure zone when dotted line represents that data flow is crossed over fire compartment wall and transmitted among Fig. 3 from the safety zone, source, and when data flow is crossed over fire compartment wall, adopt the security strategy between safety zone, source and the virtual secure zone successively and virtual secure is regional and the purpose safety zone between security strategy data stream is filtered.For example: dotted line a represents from the data flow of the port one Untrust zone from the root fire compartment wall, after the interregional security strategy of the Untrust of security strategy between the Untrust zone of employing root fire compartment wall and the Vzone of root fire compartment wall and the Vzone of VFW1 and VFW1 is filtered, be sent to the Vlan1 of the port 2 of VFW1; Dotted line b represents the data flow from root fire compartment wall DMZ, after the interregional security strategy of Untrust of the security strategy between the Vzone of employing root fire compartment wall DMZ and root fire compartment wall and the Vzone of VFW2 and VFW2 is filtered, is sent to the Untrust zone of VFW2; Dotted line c represents the data flow from the Trust zone of VFW1, after the security strategy between the DMZ of the security strategy between the Trust zone of employing VFW1 and the Vzone of VFW1 and the Vzone of VFW2 and VFW2 is filtered, is sent to the DMZ of VFW2.
Fig. 4 is that the present invention handles between leap different virtual fire compartment wall or the flow chart of the data flow between root fire compartment wall and virtual firewall, specifically describe the present invention when data flow is crossed between the different virtual fire compartment wall or crossed over virtual firewall and root fire compartment wall in conjunction with Fig. 3, to the processing method of data flow, this method may further comprise the steps:
Step 400: the privately owned safety zone and the virtual secure zone of each virtual firewall are set, the privately owned safety zone of root fire compartment wall and virtual secure zone thereof; And the port that will belong to each fire compartment wall is arranged on arbitrary separately privately owned safety zone.
The realization of this step no longer repeats as shown in Figure 3 here.
Step 401: the security strategy between each virtual firewall and the privately owned safety zone of root fire compartment wall is set respectively, each privately owned safety zone in root fire compartment wall and each virtual firewall is set and the security strategy between the virtual secure zone in the fire compartment wall under it respectively.
The setting of security strategy belongs to those skilled in the art's known technology, repeats no more here.What emphasize here is; the interregional security strategy that is provided with of virtual secure in the privately owned safety zone of in each fire compartment wall each and its affiliated fire compartment wall; solved in the prior art when being undertaken by public Untrust zone that security strategy is handled the data flow of crossing over fire compartment wall between the territory of transfer; can't determine to adopt the problem of which kind of security strategy for the data flow of crossing over different virtual fire compartment wall or leap virtual firewall and root fire compartment wall in the same public safety zone; also guaranteed to make fire compartment wall reach the effect that network security is protected at crossing between virtual firewall or crossing over virtual firewall and rationally filter with different interim data streams between the root fire compartment wall.Set security strategy can be identical, also can be different.
From step 400 and step 401 as seen, the inventive method all is provided with the virtual secure zone on virtual firewall and root fire compartment wall, and the security strategy between other privately owned safety zone of each virtual secure zone and self affiliated fire compartment wall is set.
Step 402: if data flow is crossed between virtual firewall or crossed between root fire compartment wall and virtual firewall and transmit, then the interregional security strategy filtering data of the safety zone, source of fire compartment wall and virtual secure flows under transmitting terminal adopts this data flow; Adopt the purpose safety zone and the interregional security strategy filtering data stream of virtual secure of fire compartment wall that this data flow arrives at receiving terminal.
The virtual secure zone that on each virtual firewall and root fire compartment wall, is provided with that the present invention proposes, to virtual firewall, the virtual secure zone is used to receive the data flow from other virtual firewall or root fire compartment wall, perhaps sends the data flow that is sent to other virtual firewall or root fire compartment wall; To the root fire compartment wall, the virtual secure zone is used to receive the data flow from other virtual firewall, perhaps sends the data flow that is sent to other virtual firewall.Owing to the existence in virtual secure zone, the security strategy of the interim data stream employing between feasible leap virtual firewall or between leap root fire compartment wall and virtual firewall flows at interim data and is provided with.
In addition,, make the data flow that between different port, transmits be confirmed as interim data stream, thereby need to have determined the security strategy that adopts because the port that belongs to each fire compartment wall among the present invention is arranged on separately the privately owned safety zone.
In sum, the inventive method is crossed between virtual firewall at difference or the data flow of crossing between virtual firewall and root fire compartment wall has adopted rational security strategy, has carried out reasonable filtration, makes fire compartment wall reach the effect that network security is protected.
The above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.
Claims (6)
1. method of handling data stream between different fire-proof walls is used for comprising the fire compartment wall of root fire compartment wall and virtual firewall it is characterized in that this method may further comprise the steps:
A., privately owned safety zone is set respectively in described virtual firewall and is used for the virtual secure zone that interim data flows, privately owned safety zone is set respectively in described fire compartment wall and is used for the virtual secure zone that interim data flows, and on the arbitrary privately owned safety zone that in described virtual firewall and root fire compartment wall, has been provided with respectively port separately is set;
B. each privately owned safety zone in described virtual firewall and root fire compartment wall and the interregional security strategy that is provided with of the virtual secure in the fire compartment wall under it respectively;
When C. data flow is crossed over the fire compartment wall transmission, after the interregional security strategy of the safety zone, source of fire compartment wall and this fire compartment wall virtual secure is filtered this data flow under the transmitting terminal employing data flow, data are passed to receiving terminal, and the interregional security strategy of the purpose safety zone of the receiving terminal employing fire compartment wall that data flow reached and this fire compartment wall virtual secure is filtered this data flow.
2. method according to claim 1 is characterized in that, described virtual firewall is at least one.
3. method according to claim 1 is characterized in that, virtual secure in described virtual firewall and root fire compartment wall zone is for sharing the safety zone or being safety zone independently separately.
4. method according to claim 1 is characterized in that, crosses over fire compartment wall described in the step C to be: cross over different virtual firewalls or be leap root fire compartment wall and virtual firewall.
5. method according to claim 1 is characterized in that, also comprises among the step B: between the privately owned safety zone of described virtual firewall and root fire compartment wall security strategy is set respectively.
6. method according to claim 1 or 5 is characterized in that described security strategy is identical security strategy or different security strategy.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005101126455A CN100426794C (en) | 2005-10-11 | 2005-10-11 | Method for processing data stream between different fire-proof walls |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005101126455A CN100426794C (en) | 2005-10-11 | 2005-10-11 | Method for processing data stream between different fire-proof walls |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1949741A CN1949741A (en) | 2007-04-18 |
| CN100426794C true CN100426794C (en) | 2008-10-15 |
Family
ID=38019128
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005101126455A Expired - Fee Related CN100426794C (en) | 2005-10-11 | 2005-10-11 | Method for processing data stream between different fire-proof walls |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100426794C (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101374110B (en) * | 2008-10-22 | 2011-05-11 | 成都市华为赛门铁克科技有限公司 | Method, system and equipment for processing packet of wireless service network |
| CN101478533B (en) * | 2008-11-29 | 2012-05-23 | 成都市华为赛门铁克科技有限公司 | Method and system for transmitting and receiving data across virtual firewall |
| WO2015168902A1 (en) * | 2014-05-08 | 2015-11-12 | 华为技术有限公司 | Method, device and system for generating access control list rules |
| CN105939356B (en) * | 2016-06-13 | 2019-06-14 | 北京网康科技有限公司 | A kind of virtual firewall division methods and device |
| CN106534153B (en) * | 2016-11-30 | 2023-06-13 | 广东科达洁能股份有限公司 | Bridge connection private line establishment system based on Internet |
| CN107483341B (en) * | 2017-08-29 | 2020-10-02 | 杭州迪普科技股份有限公司 | Method and device for rapidly forwarding firewall-crossing messages |
| US11201854B2 (en) * | 2018-11-30 | 2021-12-14 | Cisco Technology, Inc. | Dynamic intent-based firewall |
| CN110290153A (en) * | 2019-07-19 | 2019-09-27 | 国网安徽省电力有限公司信息通信分公司 | A method and device for automatically delivering port management policies of a firewall |
| CN111132170A (en) * | 2019-12-31 | 2020-05-08 | 奇安信科技集团股份有限公司 | Communication method and device of virtual firewall, virtual firewall and topological structure |
| CN112511439B (en) * | 2020-11-25 | 2023-03-14 | 杭州迪普科技股份有限公司 | Data forwarding method, device, equipment and computer readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6202081B1 (en) * | 1998-07-21 | 2001-03-13 | 3Com Corporation | Method and protocol for synchronized transfer-window based firewall traversal |
| US20040073812A1 (en) * | 1996-02-06 | 2004-04-15 | Wesinger Ralph E. | Firewall providing enhanced network security and user transparency |
| CN1555170A (en) * | 2003-12-23 | 2004-12-15 | 沈阳东软软件股份有限公司 | Flow filtering fine wall |
-
2005
- 2005-10-11 CN CNB2005101126455A patent/CN100426794C/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040073812A1 (en) * | 1996-02-06 | 2004-04-15 | Wesinger Ralph E. | Firewall providing enhanced network security and user transparency |
| US6202081B1 (en) * | 1998-07-21 | 2001-03-13 | 3Com Corporation | Method and protocol for synchronized transfer-window based firewall traversal |
| CN1555170A (en) * | 2003-12-23 | 2004-12-15 | 沈阳东软软件股份有限公司 | Flow filtering fine wall |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1949741A (en) | 2007-04-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7633889B2 (en) | Carrier network of virtual network system and communication node of carrier network | |
| US7672227B2 (en) | Loop prevention system and method in a stackable ethernet switch system | |
| CN100426794C (en) | Method for processing data stream between different fire-proof walls | |
| KR101252828B1 (en) | Method for managing ethernet ring network of vlan-based bridge | |
| US20100165878A1 (en) | Communication Module with Network Isolation and Communication Filter | |
| CN102427429B (en) | A kind of realize the method for switch built-in message security protection, system and switch | |
| CN104519065B (en) | A kind of industry control method of realizing fireproof wall for supporting filtering Modbus Transmission Control Protocol | |
| CN101257379B (en) | Collocating method for preventing attack of network, method and apparatus for preventing attack | |
| CN111953661A (en) | A SDN-based east-west traffic security protection method and system | |
| CN103812752B (en) | In a kind of power telecom network between VLAN resource-sharing method | |
| EP2023545B1 (en) | VLAN data framing and transmission | |
| CA2674280C (en) | Control frame handling by a provider backbone bridge | |
| CN103812796B (en) | Communication system and network repeater | |
| JP7156310B2 (en) | COMMUNICATION DEVICE, COMMUNICATION SYSTEM, COMMUNICATION CONTROL METHOD, AND PROGRAM | |
| JP2014183354A (en) | Relay system, relay device, and relay method | |
| JP2007174152A (en) | Network congestion control system and method thereof | |
| CN1324867C (en) | Route exchanger of integrated fire proof wall | |
| JP2007310662A (en) | Firewall device | |
| CN107968770A (en) | Network firewall and its data processing method based on domestic autonomous hardware and software platform | |
| Cisco | Configuring 802.1Q and Layer 2 Protocol Tunneling | |
| CN114785564A (en) | A general method of anti-jumping machine based on Ethernet bridge rules | |
| CN2669499Y (en) | Route exchanger | |
| CN112804131A (en) | Access control method based on VLAN structure | |
| CN106549798B (en) | A method of network, which is constructed, in IP communication network manages bus | |
| CN202406132U (en) | Switch |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20081015 Termination date: 20211011 |