CN109218323A - A kind of remote configuring method for firewall box - Google Patents

A kind of remote configuring method for firewall box Download PDF

Info

Publication number
CN109218323A
CN109218323A CN201811138765.6A CN201811138765A CN109218323A CN 109218323 A CN109218323 A CN 109218323A CN 201811138765 A CN201811138765 A CN 201811138765A CN 109218323 A CN109218323 A CN 109218323A
Authority
CN
China
Prior art keywords
remote
firewall box
firewall
management center
remote management
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811138765.6A
Other languages
Chinese (zh)
Inventor
刘强
张小亮
李若寒
曹刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Chaoyue CNC Electronics Co Ltd
Original Assignee
Shandong Chaoyue CNC Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Chaoyue CNC Electronics Co Ltd filed Critical Shandong Chaoyue CNC Electronics Co Ltd
Priority to CN201811138765.6A priority Critical patent/CN109218323A/en
Publication of CN109218323A publication Critical patent/CN109218323A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/163In-band adaptation of TCP data exchange; In-band control procedures

Abstract

The present invention relates to network communication and firewall technology field, in particular to a kind of remote configuring method for firewall box.A kind of remote configuring method for firewall box of the invention, remote management center can carry out tactful allocation to firewall box, solve the problems such as management of firewall box in use is inconvenient by the network interface of connection firewall box.

Description

A kind of remote configuring method for firewall box
Technical field
The present invention relates to network communication and firewall technology field, in particular to a kind of remotely matching for firewall box Set method.
Background technique
In recent years, with the development of social informatization, firewall box is more more and more universal, especially in army, government, bank Contour security industry using more and more, this just proposes high requirement to the centralized management of equipment and configuration.Existing equipment Often lack centralized and unified management, be easy to cause the problems such as service efficiency is low, equipment management is chaotic, is made in high-volume use At many inconvenience.
Summary of the invention
In order to solve problems in the prior art, the present invention provides a kind of remote configuring method for firewall box, Remote management center can be carried out tactful allocation to firewall box, be solved by the network interface of connection firewall box The problems such as management of firewall box in use is inconvenient.
The technical solution adopted in the present invention is as follows:
A kind of remote configuring method for firewall box is to send encryption certainly to firewall box by remote management center Definition strategy and default policy, firewall box running background Remote Management Broker service routine are responsible for monitoring long-range management number According to remote management center supports the configuration of customized to firewall box strategy and default policy.
Customized strategy includes communication protocol, communicating pair IP address, communicating pair port numbers, communication strategy.
Customized strategy adds setting in remote management center by user manually, and customized strategy the upper limit of the number is by database Size determines.
Default policy is the default policy being arranged when remote management center dispatches from the factory, and can be modified.
Remote configuring method specifically includes the following steps:
A, the managing main frame of remote management center connects the management mouth of firewall box by cable, and administrator logs in management system System, adds the IP address and ID number of firewall box;
B, remote management center initiates monitoring request, the Remote Management Broker clothes of firewall box to the firewall box to be managed Business can handle the connection, and return to response message;
C, after remote management center receives the monitoring response message of firewall, start to send administrator to firewall box and set in advance Fixed firewall policy ciphertext data, after firewall box management module receives the firewall policy ciphertext data, forwarding Data deciphering is carried out to deciphering module, deciphering module carries out CRC check to data packet and decrypts, by management module after successful decryption Data parsing is carried out, and updates and is locally configured, completes a remote policy configuration process.
There is tactful Configuration Agent service in the management module of firewall box, which can monitor the TCP port of firewall, It can receive the data packet of remote management center.
Technical solution provided by the invention has the benefit that
1, for remote management terminal by the gigabit networking interface of firewall box to tactful allocation is carried out, message transmission rate is fast;
2, the policy data packet that remote management center is sent to firewall box is encryption data, ensure that the safety of data transmission Property;
3, Handshake Protocol is used when data are transmitted between remote management center and firewall, shape is initiated by remote management center first State monitoring connection, if TCP connection can be established correctly, firewall box returns to successful connection information, and remote management center is to anti- Wall with flues equipment sends encryption data, and the deciphering module in firewall box is to management module is returned to after data deciphering, by managing Module updates being locally configured for firewall.It ensure that the safety and stability of connection.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other Attached drawing.
Fig. 1 is a kind of communication process method figure of remote configuring method for firewall box of the invention.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached drawing to embodiment party of the present invention Formula is described in further detail.
Embodiment one
As shown in Fig. 1, a kind of remote configuring method for firewall box of the present embodiment, comprising the following steps:
A, the managing main frame of remote management center connects the management mouth of firewall box by cable, and administrator logs in management system System, adds the IP address and ID number of firewall box;
B, remote management center initiates monitoring request, the Remote Management Broker clothes of firewall box to the firewall box to be managed Business can handle the connection, and return to response message;
C, after remote management center receives the monitoring response message of firewall, start to send administrator to firewall box and set in advance Fixed firewall policy ciphertext data, after firewall box management module receives the firewall policy ciphertext data, forwarding Data deciphering is carried out to deciphering module, deciphering module carries out CRC check to data packet and decrypts, by management module after successful decryption Data parsing is carried out, and updates and is locally configured, completes a remote policy configuration process.
A kind of remote configuring method for firewall box of this implementation, remote management center pass through firewall box The management that gigabit networking interface carries out firewall policy to firewall is allotted;Remote management center is by gigabit networking interface and prevents The communication of wall with flues equipment, can guarantee data transmission bauds;Remote management center can issue customized strategy to firewall box And default policy, customized strategy pass through administrative center according to use demand self-setting by user, default policy is long-range pipe The firewall policy that reason center is defaulted when dispatching from the factory;Tactful Configuration Agent service routine resides firewall management module backstage, is responsible for Receive the data of remote management center;The firewall policy that remote management center issues is encryption data, ensure that data are transmitted Safety;When deciphering module in firewall receives encryption policy data, message packet format is verified, and is solved Clear data is returned to firewall management module by close processing;Firewall management module receives the tactful clear data after decryption Afterwards, synchronized update local policy configuration;When remote management center allots strategy to firewall box, pass through even-odd check and data The double insurance mode of encryption verifies the correctness of data, prevents the malice of data transmission procedure from distorting.
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all in spirit of the invention and Within principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.

Claims (6)

1. a kind of remote configuring method for firewall box is to send to encrypt to firewall box by remote management center Customized strategy and default policy, firewall box running background Remote Management Broker service routine are responsible for monitoring long-range management Data, remote management center support the configuration of customized to firewall box strategy and default policy.
2. a kind of remote configuring method for firewall box according to claim 1, which is characterized in that it is described from Definition strategy includes communication protocol, communicating pair IP address, communicating pair port numbers, communication strategy.
3. a kind of remote configuring method for firewall box according to claim 1 or 2, which is characterized in that described Customized strategy add setting manually in remote management center by user, customized tactful the upper limit of the number is determined by Database size It is fixed.
4. a kind of remote configuring method for firewall box according to claim 1, which is characterized in that described lacks Saving strategy is the default policy being arranged when remote management center factory, and can be modified.
5. a kind of remote configuring method for firewall box according to claim 1, which is characterized in that described is remote Journey configuration method specifically includes the following steps:
A, the managing main frame of remote management center connects the management mouth of firewall box by cable, and administrator logs in management system System, adds the IP address and ID number of firewall box;
B, remote management center initiates monitoring request, the Remote Management Broker clothes of firewall box to the firewall box to be managed Business can handle the connection, and return to response message;
C, after remote management center receives the monitoring response message of firewall, start to send administrator to firewall box and set in advance Fixed firewall policy ciphertext data, after firewall box management module receives the firewall policy ciphertext data, forwarding Data deciphering is carried out to deciphering module, deciphering module carries out CRC check to data packet and decrypts, by management module after successful decryption Data parsing is carried out, and updates and is locally configured, completes a remote policy configuration process.
6. a kind of remote configuring method for firewall box according to claim 5, which is characterized in that described is anti- There is tactful Configuration Agent service in the management module of wall with flues equipment, which can monitor the TCP port of firewall, can receive long-range The data packet of administrative center.
CN201811138765.6A 2018-09-28 2018-09-28 A kind of remote configuring method for firewall box Pending CN109218323A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811138765.6A CN109218323A (en) 2018-09-28 2018-09-28 A kind of remote configuring method for firewall box

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811138765.6A CN109218323A (en) 2018-09-28 2018-09-28 A kind of remote configuring method for firewall box

Publications (1)

Publication Number Publication Date
CN109218323A true CN109218323A (en) 2019-01-15

Family

ID=64981977

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811138765.6A Pending CN109218323A (en) 2018-09-28 2018-09-28 A kind of remote configuring method for firewall box

Country Status (1)

Country Link
CN (1) CN109218323A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110300105A (en) * 2019-06-24 2019-10-01 山东超越数控电子股份有限公司 A kind of remote cipher key management method of network cryptographic machine

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103036870A (en) * 2012-10-26 2013-04-10 青岛海天炜业自动化控制系统有限公司 Industrial firewall without industrial protocol (IP) distributed type depth check arithmetic based on industrial protocol object linking and embedding for process control (OPC) classic
CN104253770A (en) * 2013-06-27 2014-12-31 杭州华三通信技术有限公司 Method and equipment for realizing distributed virtual switch system
CN104951676A (en) * 2014-04-14 2015-09-30 腾讯科技(深圳)有限公司 Mobile terminal control method, mobile terminal control device and mobile terminal control system
US9319382B2 (en) * 2014-07-14 2016-04-19 Cautela Labs, Inc. System, apparatus, and method for protecting a network using internet protocol reputation information
CN105592052A (en) * 2015-09-10 2016-05-18 杭州华三通信技术有限公司 Method and device for configuring firewall rules
CN106154843A (en) * 2015-03-27 2016-11-23 上海科泰世纪科技有限公司 Control method, control equipment and control system
CN106411852A (en) * 2016-08-31 2017-02-15 浙江宇视科技有限公司 Distributed terminal access control method, and apparatus

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103036870A (en) * 2012-10-26 2013-04-10 青岛海天炜业自动化控制系统有限公司 Industrial firewall without industrial protocol (IP) distributed type depth check arithmetic based on industrial protocol object linking and embedding for process control (OPC) classic
CN104253770A (en) * 2013-06-27 2014-12-31 杭州华三通信技术有限公司 Method and equipment for realizing distributed virtual switch system
CN104951676A (en) * 2014-04-14 2015-09-30 腾讯科技(深圳)有限公司 Mobile terminal control method, mobile terminal control device and mobile terminal control system
US9319382B2 (en) * 2014-07-14 2016-04-19 Cautela Labs, Inc. System, apparatus, and method for protecting a network using internet protocol reputation information
CN106154843A (en) * 2015-03-27 2016-11-23 上海科泰世纪科技有限公司 Control method, control equipment and control system
CN105592052A (en) * 2015-09-10 2016-05-18 杭州华三通信技术有限公司 Method and device for configuring firewall rules
CN106411852A (en) * 2016-08-31 2017-02-15 浙江宇视科技有限公司 Distributed terminal access control method, and apparatus

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110300105A (en) * 2019-06-24 2019-10-01 山东超越数控电子股份有限公司 A kind of remote cipher key management method of network cryptographic machine
CN110300105B (en) * 2019-06-24 2022-01-04 超越科技股份有限公司 Remote key management method of network cipher machine

Similar Documents

Publication Publication Date Title
EP2782309B1 (en) Bidirectional forwarding detection (bfd) session negotiation method, device and system
US7685292B1 (en) Techniques for establishment and use of a point-to-point tunnel between source and target devices
CN101420455A (en) Systems and/or methods for streaming reverse http gateway, and network including the same
US9185092B2 (en) Confidential communication method using VPN, system thereof, program thereof, and recording medium for the program
CN113726795B (en) Message forwarding method and device, electronic equipment and readable storage medium
CN102761494A (en) IKE (Internet Key Exchange) negotiation processing method and device
US9485217B2 (en) Method for configuring network nodes of a telecommunications network, telecommunications network, program and computer program product
WO2015176465A1 (en) Account management method and apparatus
US20170295019A1 (en) Communication device and packet transmission/reception program
WO2019237683A1 (en) Protocol packet, and method for managing virtual client terminal device
CN109005179A (en) Network security tunnel establishing method based on port controlling
CN104463670A (en) Websocket-based bank preposition transaction system construction method
CN107948208A (en) A kind of method and device of network application layer transparent encryption
CN111064738A (en) TLS (transport layer Security) secure communication method and system
CN109218323A (en) A kind of remote configuring method for firewall box
CN106130863B (en) Transfer approach, device and the system of LAN protocol message
US20160316021A1 (en) Remote out of band management
CN103401751A (en) Method and device for establishing IPSEC (Internet Protocol Security) tunnels
CN106571937A (en) Router, mobile terminal and alarm information sending and reception method
CN101895522A (en) Host identity tag acquisition method and system
JP2006277752A (en) Computer remote-managing method
CN109150661A (en) A kind of method for discovering equipment and device
JP4517911B2 (en) Policy distribution method, system, program, policy distribution server, and client terminal
CN102523235A (en) Method for self-adaptive support of more pieces of monitoring equipment
CN113259347B (en) Equipment safety system and equipment behavior management method in industrial Internet

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190115