CN109218323A - A kind of remote configuring method for firewall box - Google Patents
A kind of remote configuring method for firewall box Download PDFInfo
- Publication number
- CN109218323A CN109218323A CN201811138765.6A CN201811138765A CN109218323A CN 109218323 A CN109218323 A CN 109218323A CN 201811138765 A CN201811138765 A CN 201811138765A CN 109218323 A CN109218323 A CN 109218323A
- Authority
- CN
- China
- Prior art keywords
- remote
- firewall box
- firewall
- management center
- remote management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/163—In-band adaptation of TCP data exchange; In-band control procedures
Abstract
The present invention relates to network communication and firewall technology field, in particular to a kind of remote configuring method for firewall box.A kind of remote configuring method for firewall box of the invention, remote management center can carry out tactful allocation to firewall box, solve the problems such as management of firewall box in use is inconvenient by the network interface of connection firewall box.
Description
Technical field
The present invention relates to network communication and firewall technology field, in particular to a kind of remotely matching for firewall box
Set method.
Background technique
In recent years, with the development of social informatization, firewall box is more more and more universal, especially in army, government, bank
Contour security industry using more and more, this just proposes high requirement to the centralized management of equipment and configuration.Existing equipment
Often lack centralized and unified management, be easy to cause the problems such as service efficiency is low, equipment management is chaotic, is made in high-volume use
At many inconvenience.
Summary of the invention
In order to solve problems in the prior art, the present invention provides a kind of remote configuring method for firewall box,
Remote management center can be carried out tactful allocation to firewall box, be solved by the network interface of connection firewall box
The problems such as management of firewall box in use is inconvenient.
The technical solution adopted in the present invention is as follows:
A kind of remote configuring method for firewall box is to send encryption certainly to firewall box by remote management center
Definition strategy and default policy, firewall box running background Remote Management Broker service routine are responsible for monitoring long-range management number
According to remote management center supports the configuration of customized to firewall box strategy and default policy.
Customized strategy includes communication protocol, communicating pair IP address, communicating pair port numbers, communication strategy.
Customized strategy adds setting in remote management center by user manually, and customized strategy the upper limit of the number is by database
Size determines.
Default policy is the default policy being arranged when remote management center dispatches from the factory, and can be modified.
Remote configuring method specifically includes the following steps:
A, the managing main frame of remote management center connects the management mouth of firewall box by cable, and administrator logs in management system
System, adds the IP address and ID number of firewall box;
B, remote management center initiates monitoring request, the Remote Management Broker clothes of firewall box to the firewall box to be managed
Business can handle the connection, and return to response message;
C, after remote management center receives the monitoring response message of firewall, start to send administrator to firewall box and set in advance
Fixed firewall policy ciphertext data, after firewall box management module receives the firewall policy ciphertext data, forwarding
Data deciphering is carried out to deciphering module, deciphering module carries out CRC check to data packet and decrypts, by management module after successful decryption
Data parsing is carried out, and updates and is locally configured, completes a remote policy configuration process.
There is tactful Configuration Agent service in the management module of firewall box, which can monitor the TCP port of firewall,
It can receive the data packet of remote management center.
Technical solution provided by the invention has the benefit that
1, for remote management terminal by the gigabit networking interface of firewall box to tactful allocation is carried out, message transmission rate is fast;
2, the policy data packet that remote management center is sent to firewall box is encryption data, ensure that the safety of data transmission
Property;
3, Handshake Protocol is used when data are transmitted between remote management center and firewall, shape is initiated by remote management center first
State monitoring connection, if TCP connection can be established correctly, firewall box returns to successful connection information, and remote management center is to anti-
Wall with flues equipment sends encryption data, and the deciphering module in firewall box is to management module is returned to after data deciphering, by managing
Module updates being locally configured for firewall.It ensure that the safety and stability of connection.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for
For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other
Attached drawing.
Fig. 1 is a kind of communication process method figure of remote configuring method for firewall box of the invention.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached drawing to embodiment party of the present invention
Formula is described in further detail.
Embodiment one
As shown in Fig. 1, a kind of remote configuring method for firewall box of the present embodiment, comprising the following steps:
A, the managing main frame of remote management center connects the management mouth of firewall box by cable, and administrator logs in management system
System, adds the IP address and ID number of firewall box;
B, remote management center initiates monitoring request, the Remote Management Broker clothes of firewall box to the firewall box to be managed
Business can handle the connection, and return to response message;
C, after remote management center receives the monitoring response message of firewall, start to send administrator to firewall box and set in advance
Fixed firewall policy ciphertext data, after firewall box management module receives the firewall policy ciphertext data, forwarding
Data deciphering is carried out to deciphering module, deciphering module carries out CRC check to data packet and decrypts, by management module after successful decryption
Data parsing is carried out, and updates and is locally configured, completes a remote policy configuration process.
A kind of remote configuring method for firewall box of this implementation, remote management center pass through firewall box
The management that gigabit networking interface carries out firewall policy to firewall is allotted;Remote management center is by gigabit networking interface and prevents
The communication of wall with flues equipment, can guarantee data transmission bauds;Remote management center can issue customized strategy to firewall box
And default policy, customized strategy pass through administrative center according to use demand self-setting by user, default policy is long-range pipe
The firewall policy that reason center is defaulted when dispatching from the factory;Tactful Configuration Agent service routine resides firewall management module backstage, is responsible for
Receive the data of remote management center;The firewall policy that remote management center issues is encryption data, ensure that data are transmitted
Safety;When deciphering module in firewall receives encryption policy data, message packet format is verified, and is solved
Clear data is returned to firewall management module by close processing;Firewall management module receives the tactful clear data after decryption
Afterwards, synchronized update local policy configuration;When remote management center allots strategy to firewall box, pass through even-odd check and data
The double insurance mode of encryption verifies the correctness of data, prevents the malice of data transmission procedure from distorting.
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all in spirit of the invention and
Within principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.
Claims (6)
1. a kind of remote configuring method for firewall box is to send to encrypt to firewall box by remote management center
Customized strategy and default policy, firewall box running background Remote Management Broker service routine are responsible for monitoring long-range management
Data, remote management center support the configuration of customized to firewall box strategy and default policy.
2. a kind of remote configuring method for firewall box according to claim 1, which is characterized in that it is described from
Definition strategy includes communication protocol, communicating pair IP address, communicating pair port numbers, communication strategy.
3. a kind of remote configuring method for firewall box according to claim 1 or 2, which is characterized in that described
Customized strategy add setting manually in remote management center by user, customized tactful the upper limit of the number is determined by Database size
It is fixed.
4. a kind of remote configuring method for firewall box according to claim 1, which is characterized in that described lacks
Saving strategy is the default policy being arranged when remote management center factory, and can be modified.
5. a kind of remote configuring method for firewall box according to claim 1, which is characterized in that described is remote
Journey configuration method specifically includes the following steps:
A, the managing main frame of remote management center connects the management mouth of firewall box by cable, and administrator logs in management system
System, adds the IP address and ID number of firewall box;
B, remote management center initiates monitoring request, the Remote Management Broker clothes of firewall box to the firewall box to be managed
Business can handle the connection, and return to response message;
C, after remote management center receives the monitoring response message of firewall, start to send administrator to firewall box and set in advance
Fixed firewall policy ciphertext data, after firewall box management module receives the firewall policy ciphertext data, forwarding
Data deciphering is carried out to deciphering module, deciphering module carries out CRC check to data packet and decrypts, by management module after successful decryption
Data parsing is carried out, and updates and is locally configured, completes a remote policy configuration process.
6. a kind of remote configuring method for firewall box according to claim 5, which is characterized in that described is anti-
There is tactful Configuration Agent service in the management module of wall with flues equipment, which can monitor the TCP port of firewall, can receive long-range
The data packet of administrative center.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811138765.6A CN109218323A (en) | 2018-09-28 | 2018-09-28 | A kind of remote configuring method for firewall box |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811138765.6A CN109218323A (en) | 2018-09-28 | 2018-09-28 | A kind of remote configuring method for firewall box |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109218323A true CN109218323A (en) | 2019-01-15 |
Family
ID=64981977
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811138765.6A Pending CN109218323A (en) | 2018-09-28 | 2018-09-28 | A kind of remote configuring method for firewall box |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109218323A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110300105A (en) * | 2019-06-24 | 2019-10-01 | 山东超越数控电子股份有限公司 | A kind of remote cipher key management method of network cryptographic machine |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103036870A (en) * | 2012-10-26 | 2013-04-10 | 青岛海天炜业自动化控制系统有限公司 | Industrial firewall without industrial protocol (IP) distributed type depth check arithmetic based on industrial protocol object linking and embedding for process control (OPC) classic |
CN104253770A (en) * | 2013-06-27 | 2014-12-31 | 杭州华三通信技术有限公司 | Method and equipment for realizing distributed virtual switch system |
CN104951676A (en) * | 2014-04-14 | 2015-09-30 | 腾讯科技(深圳)有限公司 | Mobile terminal control method, mobile terminal control device and mobile terminal control system |
US9319382B2 (en) * | 2014-07-14 | 2016-04-19 | Cautela Labs, Inc. | System, apparatus, and method for protecting a network using internet protocol reputation information |
CN105592052A (en) * | 2015-09-10 | 2016-05-18 | 杭州华三通信技术有限公司 | Method and device for configuring firewall rules |
CN106154843A (en) * | 2015-03-27 | 2016-11-23 | 上海科泰世纪科技有限公司 | Control method, control equipment and control system |
CN106411852A (en) * | 2016-08-31 | 2017-02-15 | 浙江宇视科技有限公司 | Distributed terminal access control method, and apparatus |
-
2018
- 2018-09-28 CN CN201811138765.6A patent/CN109218323A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103036870A (en) * | 2012-10-26 | 2013-04-10 | 青岛海天炜业自动化控制系统有限公司 | Industrial firewall without industrial protocol (IP) distributed type depth check arithmetic based on industrial protocol object linking and embedding for process control (OPC) classic |
CN104253770A (en) * | 2013-06-27 | 2014-12-31 | 杭州华三通信技术有限公司 | Method and equipment for realizing distributed virtual switch system |
CN104951676A (en) * | 2014-04-14 | 2015-09-30 | 腾讯科技(深圳)有限公司 | Mobile terminal control method, mobile terminal control device and mobile terminal control system |
US9319382B2 (en) * | 2014-07-14 | 2016-04-19 | Cautela Labs, Inc. | System, apparatus, and method for protecting a network using internet protocol reputation information |
CN106154843A (en) * | 2015-03-27 | 2016-11-23 | 上海科泰世纪科技有限公司 | Control method, control equipment and control system |
CN105592052A (en) * | 2015-09-10 | 2016-05-18 | 杭州华三通信技术有限公司 | Method and device for configuring firewall rules |
CN106411852A (en) * | 2016-08-31 | 2017-02-15 | 浙江宇视科技有限公司 | Distributed terminal access control method, and apparatus |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110300105A (en) * | 2019-06-24 | 2019-10-01 | 山东超越数控电子股份有限公司 | A kind of remote cipher key management method of network cryptographic machine |
CN110300105B (en) * | 2019-06-24 | 2022-01-04 | 超越科技股份有限公司 | Remote key management method of network cipher machine |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2782309B1 (en) | Bidirectional forwarding detection (bfd) session negotiation method, device and system | |
US7685292B1 (en) | Techniques for establishment and use of a point-to-point tunnel between source and target devices | |
CN101420455A (en) | Systems and/or methods for streaming reverse http gateway, and network including the same | |
US9185092B2 (en) | Confidential communication method using VPN, system thereof, program thereof, and recording medium for the program | |
CN113726795B (en) | Message forwarding method and device, electronic equipment and readable storage medium | |
CN102761494A (en) | IKE (Internet Key Exchange) negotiation processing method and device | |
US9485217B2 (en) | Method for configuring network nodes of a telecommunications network, telecommunications network, program and computer program product | |
WO2015176465A1 (en) | Account management method and apparatus | |
US20170295019A1 (en) | Communication device and packet transmission/reception program | |
WO2019237683A1 (en) | Protocol packet, and method for managing virtual client terminal device | |
CN109005179A (en) | Network security tunnel establishing method based on port controlling | |
CN104463670A (en) | Websocket-based bank preposition transaction system construction method | |
CN107948208A (en) | A kind of method and device of network application layer transparent encryption | |
CN111064738A (en) | TLS (transport layer Security) secure communication method and system | |
CN109218323A (en) | A kind of remote configuring method for firewall box | |
CN106130863B (en) | Transfer approach, device and the system of LAN protocol message | |
US20160316021A1 (en) | Remote out of band management | |
CN103401751A (en) | Method and device for establishing IPSEC (Internet Protocol Security) tunnels | |
CN106571937A (en) | Router, mobile terminal and alarm information sending and reception method | |
CN101895522A (en) | Host identity tag acquisition method and system | |
JP2006277752A (en) | Computer remote-managing method | |
CN109150661A (en) | A kind of method for discovering equipment and device | |
JP4517911B2 (en) | Policy distribution method, system, program, policy distribution server, and client terminal | |
CN102523235A (en) | Method for self-adaptive support of more pieces of monitoring equipment | |
CN113259347B (en) | Equipment safety system and equipment behavior management method in industrial Internet |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190115 |