CN110324826B - Intranet access method and related device - Google Patents

Intranet access method and related device Download PDF

Info

Publication number
CN110324826B
CN110324826B CN201910503676.5A CN201910503676A CN110324826B CN 110324826 B CN110324826 B CN 110324826B CN 201910503676 A CN201910503676 A CN 201910503676A CN 110324826 B CN110324826 B CN 110324826B
Authority
CN
China
Prior art keywords
intranet
firewall
mobile wireless
wireless access
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910503676.5A
Other languages
Chinese (zh)
Other versions
CN110324826A (en
Inventor
王绪军
黄成尧
谢文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201910503676.5A priority Critical patent/CN110324826B/en
Priority to PCT/CN2019/102347 priority patent/WO2020248369A1/en
Publication of CN110324826A publication Critical patent/CN110324826A/en
Application granted granted Critical
Publication of CN110324826B publication Critical patent/CN110324826B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/088Access security using filters or firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent

Abstract

The embodiment of the invention is suitable for access control in security protection, and discloses an intranet access method and a related device, wherein the method comprises the following steps: the method comprises the steps that intranet firewall distribution equipment acquires access equipment state information of connection between mobile wireless access equipment and a first intranet firewall of a target intranet; when the intranet firewall distribution equipment determines that the mobile wireless access equipment meets the condition of switching the connected firewalls, determining a second intranet firewall matched with the mobile wireless access equipment; and the mobile wireless access equipment establishes connection with the second intranet firewall, disconnects the connection with the first intranet firewall and provides service for accessing the target intranet for the user terminal through the connection with the second intranet firewall. The invention can improve the access efficiency of the user to the target intranet and ensure the access quality of the target intranet.

Description

Intranet access method and related device
Technical Field
The present application relates to the field of communications, and in particular, to an intranet access method and related apparatus.
Background
With the integration of global economy, more and more enterprises have developed related businesses around the world, which requires that employees of the enterprises be dispatched to work around the world. In some office scenarios, the enterprise employee at a foreign location needs to access some resources of the intranet server, such as accessing intranet web pages, accessing files stored in a shared folder in the intranet file server, and so on. In a conventional manner, the VPN (Virtual Private Network) is usually implemented, a VPN server needs to be established in an intranet of a company, and after an external employee connects to the internet locally through a mobile phone, a computer, or the like, the external employee connects to the VPN server in the intranet through the internet, and then accesses the intranet through the VPN server. When an enterprise employee connects to the intranet through a terminal such as a computer, it is necessary to configure parameters for connecting to the intranet VPN, such as an address of an intranet VPN server, a login name and a password of a user, and then dial up and connect. The user operation is more and the latency is longer, comparatively influences connection efficiency.
Disclosure of Invention
The invention provides an intranet access method and a related device, which can improve the access efficiency of a user to a target intranet and ensure the network quality of the target intranet.
A first aspect of an embodiment of the present invention provides an intranet access method, including:
the method comprises the steps that intranet firewall distribution equipment acquires access equipment state information of connection between mobile wireless access equipment and a first intranet firewall of a target intranet, the first intranet firewall is a firewall matched with the mobile wireless access equipment and is determined from a plurality of intranet firewalls deployed for the target intranet according to an intranet connection request after an intranet connection request for the target intranet sent by the mobile wireless access equipment is received, and the access equipment state information comprises a real-time geographic position of the mobile wireless access equipment;
when the intranet firewall distribution equipment determines that the mobile wireless access equipment meets the condition of switching the connected firewalls according to the real-time geographic position, determining a second intranet firewall matched with the mobile wireless access equipment from a plurality of intranet firewalls deployed aiming at the target intranet according to the state information of the access equipment;
the intranet firewall allocation equipment sends a second IP address of the second intranet firewall to the mobile wireless access equipment, so that the mobile wireless access equipment can establish connection with the second intranet firewall according to the second IP address, and after the connection with the first intranet firewall is disconnected, the second intranet firewall routes an intranet access request of a target intranet sent by the mobile wireless access equipment to an intranet server of the target intranet, and the second intranet firewall further sends an intranet request response message returned by the intranet access request in response to the intranet server to the user terminal through the mobile wireless access equipment.
With reference to the first aspect, in a first possible implementation manner, the determining, by the intranet firewall allocation device according to the real-time geographic location, that the mobile wireless access device satisfies a condition for switching a connected firewall includes:
the intranet firewall distribution equipment acquires deployment positions of a plurality of intranet firewalls deployed for the target intranet;
and the intranet firewall distribution equipment determines that the first intranet firewall is not in a plurality of intranet firewalls deployed for the target intranet according to the real-time geographic position and the deployment positions of the plurality of intranet firewalls deployed for the target intranet, and determines that the mobile wireless access equipment meets the condition of switching the connected firewalls when the firewall is closest to the mobile wireless access equipment.
With reference to the first aspect, in a second possible implementation manner, before the intranet firewall allocation device obtains the state information of the access device connected between the mobile wireless access device and the first intranet firewall of the target intranet, the method further includes:
the intranet firewall allocation equipment receives an intranet connection request sent by the mobile wireless access equipment aiming at the target intranet;
the intranet firewall distribution equipment determines the current geographic position of the mobile wireless access equipment according to the intranet connection request;
the intranet firewall distribution equipment determines a first intranet firewall matched with the mobile wireless access equipment from a plurality of intranet firewalls deployed aiming at the target intranet according to the current geographic position;
and the intranet firewall allocation equipment sends the first IP address of the first intranet firewall to the mobile wireless access equipment so that the mobile wireless access equipment establishes connection with the first intranet firewall according to the first IP address.
With reference to the first aspect, in a third possible implementation manner, the determining, by the intranet firewall allocation device according to the current geographic location, a first intranet firewall matched with the mobile wireless access device from a plurality of intranet firewalls deployed for the target intranet by the intranet firewall allocation device includes:
the intranet firewall allocation equipment determines a first intranet access sub-region, aiming at the target intranet, in which the mobile wireless access equipment is located according to the current geographic position;
the intranet firewall distribution equipment determines the first intranet firewall corresponding to the first intranet access sub-region according to the corresponding relation between the preset intranet access sub-region and the firewall of the target intranet;
the intranet firewall distribution equipment determines that the mobile wireless access equipment meets the condition of switching the connected firewall according to the real-time geographic position, and the condition comprises the following steps:
and when the intranet firewall distribution equipment determines that the mobile wireless access equipment is transferred from the first intranet access sub-region to a second intranet access sub-region aiming at the target intranet, determining that the mobile wireless access equipment meets the condition of switching the connected firewall.
With reference to the first aspect, in a fourth possible implementation manner, the determining, by the intranet firewall distribution device according to the state information of the access device, a second intranet firewall matched with the mobile wireless access device from multiple intranet firewalls deployed for the target intranet includes:
and the intranet firewall distribution equipment determines a second intranet firewall matched with the mobile wireless access equipment from a plurality of intranet firewalls deployed aiming at the target intranet according to the real-time geographic position.
With reference to the first aspect, in a fifth possible implementation manner, the access device status information includes network delays between the mobile wireless access device and each intranet firewall deployed for the target intranet when the access device status information is acquired;
the step that the intranet firewall distribution equipment determines a second intranet firewall matched with the mobile wireless access equipment from a plurality of intranet firewalls deployed aiming at the target intranet according to the state information of the access equipment comprises the following steps:
and the intranet firewall distribution equipment determines the firewall corresponding to the minimum network delay in the network delays between the mobile wireless access equipment and the intranet firewalls deployed aiming at the target intranet as the second intranet firewall.
With reference to the first aspect, in a sixth possible implementation manner, the obtaining, by the intranet firewall allocation device, the access device state information of the connection between the mobile wireless access device and the first intranet firewall of the target intranet, includes:
the intranet prevents that hot wall distribution equipment periodically acquires the access equipment state information that the first intranet of mobile wireless access equipment and target intranet prevents hot wall and is connected, perhaps, receiving prevent hot wall switching request that mobile wireless access equipment sent, acquire the access equipment state information that mobile wireless access equipment and the first intranet of target intranet prevent hot wall and are connected, prevent hot wall switching request for mobile wireless access equipment is confirming when mobile wireless access equipment satisfies the intranet that changes the connected and prevents hot wall, the request of the hot wall that the switching that sends is connected.
A second aspect of the present invention provides an intranet firewall distribution apparatus, including:
the system comprises a state acquisition unit, a state acquisition unit and a state acquisition unit, wherein the state acquisition unit is used for acquiring the state information of access equipment connected with a first intranet firewall of a target intranet, the first intranet firewall is a firewall matched with the mobile wireless access equipment and is determined from a plurality of intranet firewalls deployed aiming at the target intranet according to an intranet connection request after receiving an intranet connection request aiming at the target intranet sent by the mobile wireless access equipment, and the access equipment state information comprises the real-time geographic position of the mobile wireless access equipment;
a firewall determining unit, configured to determine, according to the real-time geographic location, a second intranet firewall matched with the mobile wireless access device from a plurality of intranet firewalls deployed for the target intranet according to the access device state information when it is determined that the mobile wireless access device meets a condition for switching a connected firewall;
and the address sending unit is used for sending a second IP address of the second intranet firewall to the mobile wireless access equipment so that the mobile wireless access equipment establishes connection with the second intranet firewall according to the second IP address and disconnects the connection with the first intranet firewall, the second intranet firewall routes an intranet access request of a user terminal to an intranet server of a target intranet through the mobile wireless access equipment, the intranet access request is sent by the intranet server to respond to the intranet access request, and an intranet request response message returned by the intranet access request is sent to the user terminal through the mobile wireless access equipment.
A third aspect of an embodiment of the present invention provides an intranet firewall allocation apparatus, including a processor, a memory, and a communication interface, where the processor, the memory, and the communication interface are connected to each other, where the communication interface is configured to receive and send data, the memory is configured to store a program code, and the processor is configured to call the program code, where the program code, when executed by a computer, causes the computer to execute any one of the foregoing first aspect and various possible implementation manners of the first aspect.
A fourth aspect of embodiments of the present invention provides a computer storage medium, which stores a computer program, where the computer program includes program instructions, and the program instructions, when executed by a computer, cause the computer to perform any one of the above first aspect and each possible implementation manner of the first aspect.
In the embodiment of the invention, after receiving an intranet connection request aiming at a target intranet sent by a mobile wireless access device, an intranet firewall distribution device distributes a matched first intranet firewall to the mobile wireless access device from a plurality of intranet firewalls deployed aiming at the target intranet according to the intranet connection request, after the mobile wireless access device establishes connection with the first intranet firewall, the intranet firewall distribution device judges whether the conditions for switching the firewalls are met according to the real-time geographic position of the mobile wireless access device, when the conditions are determined to be met, the intranet firewall distribution device distributes a switched second intranet firewall to the mobile wireless access device according to the access device state information of the connection between the mobile wireless access device and the first intranet firewall, after the mobile wireless access device establishes connection with the second intranet firewall, the connection with the first intranet firewall is disconnected, and provides the service of accessing the target intranet for the user terminal through the connection with the firewall of the second intranet. According to the embodiment of the invention, a user does not need to configure any parameter before accessing the target intranet, so that the access efficiency aiming at the target intranet is improved, and meanwhile, when the intranet firewall distribution equipment determines that the mobile wireless access equipment meets the condition of switching the connected firewall according to the real-time geographic position, the intranet firewall distribution equipment redistributes the second intranet firewall to the mobile wireless access equipment, so that the intranet firewall connected with the mobile wireless access equipment is always the optimal intranet firewall matched with the state information of the access equipment, and the network quality of the intranet accessed by the user terminal is ensured.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a schematic frame diagram of an intranet access system according to an embodiment of the present invention;
fig. 2 is a system interaction diagram of an intranet access method according to an embodiment of the present invention;
fig. 3 is a system interaction diagram of another intranet access method according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an intranet firewall distribution device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of another intranet firewall distribution device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic diagram of a framework of an intranet access system according to an embodiment of the present invention, as shown in the figure, in the framework of the intranet access system, an intranet firewall 1, an intranet firewall 2, and an intranet firewall 3 are 3 intranet firewalls deployed for a target intranet, a mobile wireless access device 1 and a mobile wireless access device 2 are respectively connected to the intranet firewall 1, the mobile wireless access device 3 is connected to the intranet firewall 3, a user terminal 1 is connected to the mobile wireless access device 2, and the user terminal 2 is connected to the mobile wireless access device.
Here, the target intranet is a local area communication network that connects various computers, servers, databases, and the like within one local geographical range of a specific enterprise, a specific organization, a specific school, and the like to each other. When the terminal or the server in the target intranet carries out communication, the communication is realized through a data link layer, and communication messages do not need to pass through the route of a router; when the terminal or the server outside the target intranet carries out communication, the communication is realized through a network layer, communication messages sent by the terminal or the server inside the target intranet need to be routed to the terminal or the server outside the target intranet after being converted by a router through network address, and communication messages returned by the terminal or the server outside the target intranet need to be routed to the terminal or the server inside the target intranet after being converted by the router through the network address.
Here, the intranet firewall deployed for the target intranet may be a firewall deployed in each global place and configured to filter data packets entering and exiting the target intranet, and the intranet firewall is connected to the router of the target intranet through the wide area network, and further connected to the intranet server of the target intranet through the router of the target intranet.
Here, the mobile wireless access device is a mobile wireless access device which can transmit wireless network signals and has a routing function. The mobile wireless access device accesses a data network by inserting a Subscriber Identity Module (SIM) card, accesses a wired network by inserting a network cable, and accesses a wireless network by connecting a wireless fidelity (WIFI). The user terminal can access the wireless network transmitted by the mobile wireless access equipment to connect with the mobile wireless access equipment.
Here, the intranet firewall allocation apparatus may be a device, such as a GTM (Global Traffic Manager) device, which has a domain name resolution function for the target intranet and stores the IP addresses and deployment positions of the intranet firewalls deployed for the target intranet.
Here, the user terminal may be a terminal device having a wireless network receiving function, including a notebook computer, a mobile phone, a tablet computer, and the like.
Referring to fig. 2, fig. 2 is a system interaction schematic diagram of an intranet access method according to an embodiment of the present invention, as shown in the figure, the method may include:
s201, the mobile wireless access equipment sends an intranet connection request aiming at a target intranet to intranet firewall distribution equipment.
Specifically, the mobile wireless access device may send an intranet connection request to the intranet firewall distribution device after being triggered to start, may send an intranet connection request to the intranet firewall distribution device after receiving a function start instruction sent by a user to access a target intranet, or may send an intranet connection request to the intranet firewall distribution device when receiving an intranet access request sent by a connected user terminal for the target intranet. The intranet connection request can carry the intranet domain name of the target intranet, so that the intranet firewall distribution equipment can determine the intranet connection request as the intranet connection request for the target intranet after analyzing the intranet domain name.
S202, the intranet firewall allocation equipment determines the current geographic position of the mobile wireless access equipment according to the intranet connection request.
Specifically, the intranet connection request may carry a geographic location of the mobile wireless access device, and the intranet firewall allocation device directly obtains the geographic location of the mobile wireless access device from the intranet connection request; the intranet connection request can also carry positioning information of the mobile wireless access equipment, the intranet firewall allocation equipment can acquire the positioning information from the intranet connection request, and the location position of the mobile wireless access equipment is determined through a positioning technology according to the positioning information, for example, the positioning information can be an IP address, GPS data, WIFI access point information, connection base station information and the like of the mobile wireless access equipment, and the positioning technology can be an IP positioning technology, a GPS positioning technology, a WIFI positioning technology, a base station positioning technology and the like.
S203, the intranet firewall distribution equipment determines a first intranet firewall matched with the mobile wireless access equipment from a plurality of intranet firewalls deployed aiming at the target intranet according to the current geographic position.
Here, the intranet firewall allocation device may store IP addresses and deployment locations of firewalls deployed for a plurality of intranets, for example, there are a subsidiary a and a subsidiary B for the company M, the subsidiary a and the subsidiary B have intranets for their respective subsidiary companies, and the intranets need to be connected via an extranet, and the mobile wireless access device of the company M may simultaneously store IP addresses and deployment locations of the firewalls of the intranets deployed for the subsidiary a intranet and IP addresses and deployment locations of the firewalls of the intranets deployed for the subsidiary B intranet. The intranet connection request can carry the intranet domain name of the target intranet, so that after the intranet firewall distribution equipment receives the intranet connection request, the intranet domain name is analyzed, the intranet connection request is determined to be the intranet connection request aiming at the target intranet, and then the IP addresses and the deployment positions of a plurality of intranet firewall deployed aiming at the target intranet are obtained.
In an implementation manner of determining the first intranet firewall, the intranet firewall allocation device may determine, according to the geographic location and a deployment location of each intranet firewall deployed for the target intranet, an intranet firewall closest to the mobile wireless access device in the plurality of intranet firewalls deployed for the target intranet as the first intranet firewall.
In another implementation manner of determining the first intranet firewall, all access areas for the target intranet are divided into intranet access sub-areas for each intranet firewall of the target intranet in advance, and a corresponding relationship between the intranet access sub-areas and the intranet firewalls of the target intranet is preset in the intranet firewall distribution equipment. The intranet firewall distribution equipment determines a first intranet access sub-region where the mobile wireless access equipment is located according to the geographic position of the mobile wireless access equipment, and then determines an intranet firewall corresponding to the first intranet access sub-region as the first intranet firewall.
S204, the intranet firewall allocation equipment sends the first IP address of the first intranet firewall to the mobile wireless access equipment.
S205, the mobile wireless access equipment establishes connection with the first intranet firewall according to the first IP address.
Specifically, the mobile wireless access device sends a firewall connection request to the first intranet firewall according to the first IP address, so that the first intranet firewall establishes connection with the mobile wireless access device after passing authentication of the mobile access device according to the firewall connection request.
In one implementation manner, the firewall connection request carries an access device identifier, such as an MAC address, of the mobile wireless access device, and the first intranet firewall determines that the identity authentication of the mobile wireless access device passes when determining that the access device identifier is one of the preset access device identifiers that allow connection.
In another implementation manner, the firewall connection request carries a user name and a password input by a user through the mobile wireless access device, and the first intranet firewall determines that the identity authentication of the mobile wireless access device passes when determining that the user name and the password are one of preset user names and passwords allowed to be connected.
In yet another implementation manner, the firewall connection request carries a digital certificate of the mobile wireless access device, and the first intranet firewall determines a certificate issuer of the digital certificate of the access device according to issuer information of the digital certificate of the access device carried in the digital certificate of the access device; after the first intranet firewall acquires the issuer digital certificate of the certificate issuer, the certificate fingerprint of the access equipment digital certificate is obtained by decrypting the digital signature in the access equipment digital certificate through the issuer public key contained in the issuer digital certificate and using the issuer public key, and the first intranet firewall performs hash calculation on the access equipment digital certificate by using a specified hash algorithm to obtain a digital certificate hash value; and when the first intranet firewall determines that the digital certificate hash value obtained by performing hash calculation on the first intranet firewall is consistent with the certificate fingerprint of the access equipment, determining that the identity authentication of the mobile wireless access equipment passes.
Here, the mobile wireless access device initiates a three-way handshake to establish a TCP/IP protocol-based connection with the first intranet firewall, and the specific steps are as follows: the mobile wireless access equipment sends SYN (synchronization Sequence Numbers) data packets to the first intranet firewall; after receiving the SYN packet, the first intranet firewall sends a SYN + ACK (acknowledgement Character) packet to the mobile wireless access device; after receiving the SYN + ACK data packet, the mobile wireless access equipment feeds back an ACK data packet to the first intranet firewall; and after the first intranet firewall receives the ACK data packet fed back by the mobile wireless access equipment, the connection establishment between the mobile wireless access equipment and the first intranet firewall is completed.
S206, the intranet firewall allocation equipment acquires the state information of the access equipment connected with the mobile wireless access equipment and the first intranet firewall.
The access device status information may include a real-time geographic location of the mobile wireless access device when the access device status information is acquired, or may include a network delay between the mobile wireless access device and each intranet firewall deployed for the target intranet when the access device status information is acquired. The real-time geographic position of the mobile wireless access device may be determined by the intranet firewall distribution device according to the positioning information sent by the mobile wireless access device through positioning modes such as IP positioning, GPS positioning, WIFI positioning, base station positioning, and the like, or may be directly sent by the mobile wireless access device to the intranet firewall. The network delay between the mobile wireless access device and each intranet firewall may be a one-way network delay between the mobile wireless access device and each intranet firewall, or a round-trip network delay. The network delay between the mobile wireless access equipment and each intranet firewall can be determined by the intranet firewall distribution equipment, or can be sent to the intranet firewall distribution equipment after the mobile wireless access equipment or each intranet firewall is determined.
And S207, when the intranet firewall distribution equipment determines that the mobile wireless access equipment meets the condition of switching the connected firewalls according to the real-time geographic position, determining a second intranet firewall matched with the mobile wireless access equipment from a plurality of intranet firewalls deployed aiming at the target intranet according to the state information of the access equipment.
Specifically, the intranet firewall allocation device may periodically acquire current access device state information of the mobile wireless access device, and further periodically determine whether the mobile wireless access device meets a condition for switching a connected firewall in the current period according to a real-time geographic location included in the access state information; the firewall switching method can also be used for acquiring the access equipment state information of the mobile wireless access equipment when receiving a firewall switching request sent by the mobile wireless access equipment, and further judging whether the mobile wireless access equipment really meets the condition of switching the connected firewall according to the real-time geographic position contained in the access state information, wherein the firewall switching request is sent when the mobile wireless access equipment determines that the mobile wireless access equipment meets the requirement of changing the connected intranet firewall according to the geographic position of the mobile wireless access equipment or the network condition of accessing the intranet by the mobile wireless access equipment and the like. For example, the mobile wireless access device monitors a packet loss rate of message transmission between the mobile wireless access device and the first intranet firewall, and sends a firewall switching request to the intranet firewall distribution device when determining that the packet loss rate is greater than a preset threshold.
Here, corresponding to the implementation manner in which the intranet firewall allocation apparatus determines the first intranet firewall for the mobile wireless access apparatus in step S203, the determining, by the intranet firewall allocation apparatus, that the mobile wireless access apparatus satisfies the condition of switching the connected firewall may include: in one implementation manner, the intranet firewall distribution equipment acquires deployment positions of a plurality of intranet firewalls deployed for the target intranet, and determines that the mobile wireless access equipment meets the condition for switching the connected firewalls when the intranet firewall distribution equipment determines that the first intranet firewall is not a firewall closest to the mobile wireless access equipment in the plurality of intranet firewalls deployed for the target intranet according to the real-time geographic position and the deployment positions of the plurality of intranet firewalls deployed for the target intranet; in another implementation manner, when it is determined that the mobile wireless access device is transferred from the first intranet access sub-region to a second intranet access sub-region for the target intranet, the intranet firewall allocation device determines that the mobile wireless access device meets the condition for switching the connected firewall.
One implementation manner of determining, by the intranet firewall distribution device according to the state information of the access device, a second intranet firewall matched with the mobile wireless access device from a plurality of intranet firewalls deployed for the target intranet may be: and the intranet firewall distribution equipment determines a second intranet firewall corresponding to the mobile wireless access equipment from a plurality of intranet firewalls deployed aiming at the target intranet according to the real-time geographic position contained in the access equipment state information. The intranet firewall allocation device determines the implementation manner of the second intranet firewall according to the real-time geographic position of the mobile wireless access device, which may refer to the determination of the implementation manner of the first intranet firewall by the intranet firewall allocation device according to the geographic position of the mobile wireless access device obtained in step S202 in step S203, and details are not repeated here.
S208, the intranet firewall allocation device sends the second IP address of the second intranet firewall to the mobile wireless access device.
S209, the mobile wireless access equipment establishes connection with the second intranet firewall according to the second IP address.
Specifically, the mobile wireless access device initiates a three-way handshake to establish a connection based on a TCP/IP protocol with the second intranet firewall, which may refer to an implementation manner of establishing a connection between the mobile wireless access device and the first intranet firewall in step S205, and details are not described here.
S210, the mobile wireless access equipment is disconnected with the first intranet firewall.
The mobile wireless access equipment initiates four-time waving to disconnect the TCP/IP connection with the first intranet firewall, and the specific steps are as follows: the mobile wireless access equipment sends a FIN (Finish Character) data packet to the first intranet firewall; after receiving the FIN data packet, the first intranet firewall sends an ACK data packet to the mobile wireless access equipment; the first intranet firewall sends a FIN data packet to the mobile wireless access equipment; after receiving the FIN data packet, the mobile wireless access equipment sends an ACK data packet to the first intranet firewall; and after the first intranet firewall distribution equipment receives the ACK data packet, the connection between the mobile wireless access equipment and the first intranet firewall is disconnected.
S211, the user terminal sends an intranet access request aiming at a target intranet to the mobile wireless access equipment.
Specifically, before step S211, the user terminal may send a wireless network connection request to the mobile wireless access device, and the mobile wireless access device may directly establish a connection with the user terminal, or establish a connection with the user terminal after being verified through user terminal identity information carried in the wireless network connection request. The user terminal identity information may be a user name and a password, which are input by the user and received by the user terminal, of a wireless network established by the mobile wireless access device for accessing, may also be biometric information, which is input by the user and received by the user terminal, and may also be terminal device identification information of the user terminal.
Here, step S211 is executed after step S210, that is, after the intranet access request of the user terminal in step S211 is that the mobile wireless access device is disconnected from the second intranet firewall, the user terminal requests intranet access to the target intranet.
S212, the mobile wireless access equipment sends the intranet access request to the second intranet firewall.
S213, the second intranet firewall routes the intranet access request to the intranet server of the target intranet.
Specifically, the intranet access request is an access request for a server in a target intranet, for example, an access request for a Web server in the target intranet, an access request for an FTP server in the target intranet, an access request for a mail server in the target intranet, and the like. And after receiving an intranet access request sent by the mobile wireless access equipment, the second intranet firewall sends the intranet access request to the router of the target intranet through an extranet, and the router of the target intranet routes the intranet access request to a corresponding intranet server in the target intranet through the target intranet.
S214, the intranet server returns an intranet request response message responding to the intranet access request to the second intranet firewall.
Specifically, after the intranet server responds to the intranet access request to generate an intranet request response message, the intranet request response message is sent to the router of the target intranet through the target intranet, and the router of the target intranet sends the intranet request response message to the second intranet firewall through an extranet. For example, if the intranet access request requests to acquire a certain file in a file server in a target intranet, the intranet request response message may be the file sent by the file server.
And S215, the second intranet firewall sends the intranet request response message to the mobile wireless access equipment.
S216, the mobile wireless access device sends the intranet request response message to the user terminal.
In the embodiment of the invention, after receiving an intranet connection request aiming at a target intranet sent by a mobile wireless access device, an intranet firewall distribution device distributes a matched first intranet firewall for the mobile wireless access device from a plurality of intranet firewalls deployed aiming at the target intranet according to the intranet connection request, after the mobile wireless access device establishes connection with the first intranet firewall, the intranet firewall distribution device judges whether the conditions for switching the firewalls are met or not according to the real-time geographic position of the mobile wireless access device, when the conditions are determined to be met, the intranet firewall distribution device distributes a switched second intranet firewall for the mobile wireless access device according to the access device state information of the connection between the mobile wireless access device and the first intranet firewall, after the connection between the mobile wireless access device and the second intranet firewall is established, the connection with the first intranet firewall is disconnected, and provides the service of accessing the target intranet for the user terminal through the connection with the firewall of the second intranet. According to the embodiment of the invention, a user does not need to configure any parameter before accessing the target intranet, so that the access efficiency aiming at the target intranet is improved, and meanwhile, when the intranet firewall distribution equipment determines that the mobile wireless access equipment meets the condition of switching the connected firewall according to the real-time geographic position, the intranet firewall distribution equipment redistributes the second intranet firewall to the mobile wireless access equipment, so that the intranet firewall connected with the mobile wireless access equipment is always the optimal intranet firewall matched with the state information of the access equipment, and the network quality of the intranet accessed by the user terminal is ensured.
Referring to fig. 3, fig. 3 is a system interaction schematic diagram of another intranet access method provided in the embodiment of the present invention, as shown in the figure, the method may include:
s301, the mobile wireless access equipment sends an intranet connection request aiming at a target intranet to intranet firewall distribution equipment.
S302, the intranet firewall allocation device determines the current network delay between the mobile wireless access device and each intranet firewall deployed for the target intranet according to the intranet connection request.
Specifically, one implementation manner of determining the current network delay between the mobile wireless access device and each intranet firewall by the intranet firewall allocation device may be as follows: the intranet firewall distribution equipment sends an access equipment IP address of the mobile wireless access equipment to each intranet firewall, each intranet firewall sends a network delay test message to the mobile wireless access equipment according to the access equipment IP address, the mobile wireless access equipment forwards the received network delay test message to the intranet firewall distribution equipment, the network delay test message received by the intranet firewall distribution equipment carries sending time data of the network delay test message sent by each intranet firewall deployed aiming at the target intranet, the mobile wireless access equipment receives receiving time data of the network delay test message, and the intranet firewall distribution equipment sends the sending time data and the receiving time data according to the sending time data and the receiving time data carried in each received network delay test message, determining a network delay between the mobile wireless access device and each intranet firewall deployed for the target intranet.
Another implementation manner of the intranet firewall allocation device determining the current network delay between the mobile wireless access device and each intranet firewall may be: the intranet firewall distribution equipment sends firewall IP addresses of all intranet firewalls deployed for the target intranet to the mobile wireless access equipment, the mobile wireless access equipment sends network delay test messages to all intranet firewalls according to the firewall IP addresses, all intranet firewalls forward the received network delay test messages to the intranet firewall distribution equipment, the network delay test messages received by the intranet firewall distribution equipment carry sending time data of the network delay test messages sent by the mobile wireless access equipment, and all intranet firewalls deployed for the target intranet receive receiving time data of the network delay test messages; and the intranet firewall distribution equipment determines target network delay between the mobile wireless access equipment and each intranet firewall deployed aiming at the target intranet according to the sending time data and the receiving time data carried in each received network delay test message.
One implementation way for the mobile wireless access device to determine the current network delay between the mobile wireless access device and each intranet firewall may be: the intranet firewall allocation equipment sends firewall IP addresses of the intranet firewalls deployed for the target intranet to the mobile wireless access equipment, the mobile wireless access equipment sends network delay test messages to the intranet firewalls according to the IP addresses, and the intranet firewalls return the network delay test messages to the mobile wireless access equipment after receiving the network delay test messages; and the mobile wireless access equipment determines the network delay between the mobile wireless access equipment and each intranet firewall according to the sending time data of the network delay test message sent to each intranet firewall and the receiving time data of the network delay test message returned by each intranet firewall.
One implementation way of determining the current network delay between the mobile wireless access device and each intranet firewall for each intranet firewall deployed in the target intranet may be: the intranet firewall allocation equipment sends an access equipment IP address of the mobile wireless access equipment to each intranet firewall, each intranet firewall sends a network delay test message to the mobile wireless access equipment according to the access equipment IP address, the mobile wireless access equipment returns the received network delay test message to each intranet firewall after receiving the network delay test message sent by each intranet firewall, and each intranet firewall determines the network delay of the mobile wireless access equipment and the intranet firewall according to sending time data of the network delay test message to the mobile wireless access equipment and receiving time data of the network delay test message returned by the mobile wireless access equipment.
And S303, the intranet firewall distribution equipment determines a first intranet firewall matched with the mobile wireless access equipment from a plurality of intranet firewalls deployed aiming at the target intranet according to the current network delay.
Specifically, the intranet firewall allocation device determines, as the first intranet firewall, the intranet firewall corresponding to the minimum network delay among current network delays between the mobile wireless access device and each intranet firewall deployed for the target intranet.
S304, the intranet firewall allocation device sends the first IP address of the first intranet firewall to the mobile wireless access device.
S305, the mobile wireless access equipment establishes connection with the first intranet firewall according to the first IP address.
S306, the intranet firewall distribution equipment acquires the access equipment state information of the mobile wireless access equipment.
And S307, when the intranet firewall distribution equipment determines that the first intranet firewall is not the intranet firewall closest to the mobile wireless access equipment according to the real-time geographic position contained in the access equipment state information, the intranet firewall corresponding to the minimum network delay in the real-time network delay between the mobile wireless access equipment and each intranet firewall contained in the access equipment state information is determined as the second intranet firewall.
After the second intranet firewall is determined in step S307, the second IP address of the second intranet firewall is sent to the mobile wireless access device, so that the mobile wireless access device switches the connected intranet firewall from the first intranet firewall to the second intranet firewall, and the specific implementation steps refer to the implementation manners of step S208 to step S216 in the embodiment corresponding to fig. 2, which are not described herein again.
In the embodiment of the invention, after receiving an intranet connection request aiming at a target intranet sent by a mobile wireless access device, an intranet firewall distribution device distributes a matched first intranet firewall to the mobile wireless access device from a plurality of intranet firewalls deployed aiming at the target intranet according to the intranet connection request, after the mobile wireless access device establishes connection with the first intranet firewall, the intranet firewall distribution device judges whether the conditions for switching the firewalls are met according to the real-time geographic position of the mobile wireless access device, when the conditions are determined to be met, the intranet firewall distribution device distributes a switched second intranet firewall to the mobile wireless access device according to the access device state information of the connection between the mobile wireless access device and the first intranet firewall, after the mobile wireless access device establishes connection with the second intranet firewall, the connection with the first intranet firewall is disconnected, and provides the service of accessing the target intranet for the user terminal through the connection with the firewall of the second intranet. According to the embodiment of the invention, a user does not need to configure any parameter before accessing the target intranet, so that the access efficiency aiming at the target intranet is improved, and meanwhile, when the intranet firewall distribution equipment determines that the mobile wireless access equipment meets the condition of switching the connected firewall according to the real-time geographic position, the intranet firewall distribution equipment redistributes the second intranet firewall to the mobile wireless access equipment, so that the intranet firewall connected with the mobile wireless access equipment is always the optimal intranet firewall matched with the state information of the access equipment, and the network quality of the intranet accessed by the user terminal is ensured.
In the embodiment of the invention, after the intranet firewall distribution equipment receives the intranet connection request aiming at the target intranet sent by the mobile wireless access equipment, allocating a first intranet firewall with minimum current network delay between a plurality of intranet firewalls deployed for a target intranet and the mobile wireless access device to the mobile wireless access device, after the mobile wireless access equipment establishes connection with a first intranet firewall, when the intranet firewall determines that the first intranet firewall is not the intranet firewall closest to the mobile wireless access equipment, determining the intranet firewall with the minimum network delay with the mobile wireless access equipment as a second intranet firewall for the mobile wireless access equipment to distribute and switch, disconnecting the mobile wireless access equipment from the first intranet firewall after establishing connection with the second intranet firewall, and provides the service of accessing the target intranet for the user terminal through the connection with the firewall of the second intranet. According to the embodiment of the invention, a user does not need to configure any parameter before accessing the target intranet, so that the access efficiency aiming at the target intranet is improved, and meanwhile, when the intranet firewall distribution equipment determines that the mobile wireless access equipment meets the condition of switching the connected intranet firewall, the connection of the mobile wireless access equipment with the second intranet firewall with the minimum network delay between the mobile wireless access equipment and the mobile wireless access equipment is ensured, and the network quality of the user terminal accessing the intranet is ensured.
Referring to fig. 4, fig. 4 is a schematic structural diagram of a mobile wireless access device according to an embodiment of the present invention, as shown in the figure, the intranet firewall allocation device 40 may at least include a state obtaining unit 401, a firewall determining unit 402, and an address sending unit 403, where:
the system comprises a state acquisition unit, a state acquisition unit and a state acquisition unit, wherein the state acquisition unit is used for acquiring the state information of access equipment connected with a first intranet firewall of a target intranet, the first intranet firewall is a firewall matched with the mobile wireless access equipment and is determined from a plurality of intranet firewalls deployed aiming at the target intranet according to an intranet connection request after receiving an intranet connection request aiming at the target intranet sent by the mobile wireless access equipment, and the access equipment state information comprises the real-time geographic position of the mobile wireless access equipment;
a firewall determining unit, configured to determine, according to the real-time geographic location, a second intranet firewall matched with the mobile wireless access device from a plurality of intranet firewalls deployed for the target intranet according to the access device state information when it is determined that the mobile wireless access device meets a condition for switching a connected firewall;
and the address sending unit is used for sending a second IP address of the second intranet firewall to the mobile wireless access equipment so that the mobile wireless access equipment establishes connection with the second intranet firewall according to the second IP address and disconnects the connection with the first intranet firewall, the second intranet firewall routes an intranet access request of a user terminal to an intranet server of a target intranet through the mobile wireless access equipment, the intranet access request is sent by the intranet server to respond to the intranet access request, and an intranet request response message returned by the intranet access request is sent to the user terminal through the mobile wireless access equipment.
In a specific implementation, the intranet firewall allocation device may execute, through each built-in functional module, each step executed by the intranet firewall allocation device in the intranet access method shown in fig. 2 to 3, and specific implementation details may refer to implementation details of each step in the embodiment corresponding to fig. 2 to 3, which are not described herein again.
In the embodiment of the invention, after receiving an intranet connection request aiming at a target intranet sent by a mobile wireless access device, a state acquisition unit allocates a matched first intranet firewall for the mobile wireless access device from a plurality of intranet firewalls deployed aiming at the target intranet according to the intranet connection request, after the mobile wireless access device establishes connection with the first intranet firewall, the state acquisition unit acquires the real-time geographic position of the mobile wireless access device, a firewall determination unit judges whether the condition of switching the firewall is met or not according to the real-time geographic position of the mobile wireless access device, when the condition is determined to be met, a second switched intranet firewall is allocated for the mobile wireless access device according to the access device state information of the connection between the mobile wireless access device and the first intranet firewall, and an address sending unit sends a second IP address of the second intranet firewall to the mobile wireless access device, after the mobile wireless access equipment is connected with the firewall of the second intranet, the connection with the firewall of the first intranet is disconnected, and the service for accessing the target intranet is provided for the user terminal through the connection with the firewall of the second intranet. According to the embodiment of the invention, a user does not need to configure any parameter before accessing the target intranet, so that the access efficiency aiming at the target intranet is improved, and meanwhile, when the firewall determining unit determines that the mobile wireless access equipment meets the condition of switching the connected firewall according to the real-time geographic position, the firewall determining unit reallocates the second intranet firewall for the mobile wireless access equipment, so that the intranet firewall connected with the mobile wireless access equipment is always the optimal intranet firewall matched with the state information of the access equipment, and the network quality of the intranet accessed by the user terminal is ensured.
Referring to fig. 5, fig. 5 is a schematic structural diagram of another intranet firewall distribution apparatus according to an embodiment of the present invention, and as shown in the figure, the intranet firewall distribution apparatus 50 includes a processor 501, a memory 502, and a communication interface 503. The processor 501 is connected to a memory 502 and a communication interface 503, for example, the processor 501 may be connected to the memory 502 and the communication interface 503 through a bus.
The processor 501 is configured to support the intranet firewall distribution equipment to perform the corresponding functions of the intranet firewall distribution equipment in the intranet access method described in fig. 2 to 3. The Processor 501 may be a Central Processing Unit (CPU), a Network Processor (NP), a hardware chip, or any combination thereof. The hardware chip may be an Application-Specific Integrated Circuit (ASIC), a Programmable Logic Device (PLD), or a combination thereof. The PLD may be a Complex Programmable Logic Device (CPLD), a Field-Programmable Gate Array (FPGA), General Array Logic (GAL), or any combination thereof.
The memory 502 is used to store program codes and the like. The memory 502 includes internal memory that may include at least one of: volatile memory (e.g., Dynamic Random Access Memory (DRAM), Static RAM (SRAM), Synchronous Dynamic RAM (SDRAM), etc.) and non-volatile memory (e.g., one-time programmable read-only memory (OTPROM), Programmable ROM (PROM), Erasable Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM). memory 502 may also include external memory, which may include at least one of a Hard Disk (Hard Disk Drive, HDD) or a Solid-State Drive (SSD), flash drives, such as high-density flash (CF), Secure Digital (SD), micro SD, mini SD, extreme digital (xD), memory sticks, etc.
The communication interface 503 is used for receiving or transmitting data.
The processor 501 may call the program code to perform the following operations:
acquiring access equipment state information of a mobile wireless access equipment connected with a first intranet firewall of a target intranet, wherein the first intranet firewall is a firewall matched with the mobile wireless access equipment and is determined from a plurality of intranet firewalls deployed for the target intranet according to an intranet connection request after receiving an intranet connection request for the target intranet sent by the mobile wireless access equipment, and the access equipment state information comprises a real-time geographic position of the mobile wireless access equipment;
when the mobile wireless access equipment is determined to meet the condition of switching the connected firewalls according to the real-time geographic position, determining a second intranet firewall matched with the mobile wireless access equipment from a plurality of intranet firewalls deployed aiming at the target intranet according to the state information of the access equipment;
and sending a second IP address of the second intranet firewall to the mobile wireless access equipment so that the mobile wireless access equipment establishes connection with the second intranet firewall according to the second IP address and disconnects the connection with the first intranet firewall, the second intranet firewall routes an intranet access request of a user terminal for a target intranet, which is sent by the mobile wireless access equipment, to the intranet server of the target intranet, and the second intranet firewall further sends an intranet request response message returned by the intranet access request in response to the intranet access request to the user terminal through the mobile wireless access equipment.
It should be noted that, the implementation of each operation may also correspond to the corresponding description of the method embodiments shown in fig. 2 to fig. 3; the processor 501 may also be configured to perform other operations in the above method embodiments.
Embodiments of the present invention also provide a computer storage medium storing a computer program, the computer program comprising program instructions, which when executed by a computer, cause the computer to perform the method according to the foregoing embodiments, wherein the computer may be a part of the above mentioned intranet firewall distribution apparatus.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.

Claims (8)

1. An intranet access method, comprising:
the method comprises the steps that intranet firewall distribution equipment acquires access equipment state information of connection between mobile wireless access equipment and a first intranet firewall of a target intranet, wherein the first intranet firewall is a firewall matched with the mobile wireless access equipment and is determined from a plurality of intranet firewalls deployed for the target intranet according to intranet connection requests after receiving intranet connection requests sent by the mobile wireless access equipment and aiming at the target intranet, the access equipment state information comprises the real-time geographic position of the mobile wireless access equipment, the intranet firewall distribution equipment stores the deployment position of each intranet firewall, and the target intranet is a local communication network which connects various computers, servers and databases in a local geographic range;
when the intranet firewall distribution equipment determines that the mobile wireless access equipment meets the condition of switching the connected firewalls according to the real-time geographic position, the intranet firewall distribution equipment determines a second intranet firewall matched with the mobile wireless access equipment from a plurality of intranet firewalls deployed aiming at the target intranet according to the state information of the access equipment, and the method comprises the following steps: the intranet firewall distribution equipment acquires deployment positions of a plurality of intranet firewalls deployed for the target intranet, determines that the first intranet firewall is not one of the plurality of intranet firewalls deployed for the target intranet according to the real-time geographic position and the deployment positions of the plurality of intranet firewalls deployed for the target intranet, determines that the mobile wireless access equipment meets the condition of switching the connected firewalls when the first intranet firewall is closest to the mobile wireless access equipment, and determines the intranet firewall closest to the mobile wireless access equipment as a second intranet firewall matched with the mobile wireless access equipment from the plurality of intranet firewalls deployed for the target intranet according to the real-time geographic position;
the intranet firewall allocation equipment sends the second IP address of the second intranet firewall to the mobile wireless access equipment, so that the mobile wireless access equipment can establish connection with the second intranet firewall according to the second IP address, and after the connection with the first intranet firewall is disconnected, the second intranet firewall enables a user terminal to pass through the intranet access request sent by the mobile wireless access equipment and aiming at the target intranet, the intranet access request is routed to the intranet server of the target intranet, and the intranet server responds to the intranet access request returned by the intranet access request and sends an intranet request response message to the user terminal through the mobile wireless access equipment.
2. The method of claim 1, wherein before the intranet firewall distribution device obtains access device status information of the mobile wireless access device connected to the first intranet firewall of the target intranet, the method further comprises:
the intranet firewall allocation equipment receives an intranet connection request sent by the mobile wireless access equipment aiming at the target intranet;
the intranet firewall distribution equipment determines the current geographic position of the mobile wireless access equipment according to the intranet connection request;
the intranet firewall distribution equipment determines a first intranet firewall matched with the mobile wireless access equipment from a plurality of intranet firewalls deployed aiming at the target intranet according to the current geographic position;
and the intranet firewall allocation equipment sends the first IP address of the first intranet firewall to the mobile wireless access equipment so that the mobile wireless access equipment establishes connection with the first intranet firewall according to the first IP address.
3. The method according to claim 2, wherein the determining, by the intranet firewall distribution device, a first intranet firewall that the mobile wireless access device matches from a plurality of intranet firewalls deployed for the target intranet based on the current geographic location comprises:
the intranet firewall allocation equipment determines a first intranet access sub-region, aiming at the target intranet, in which the mobile wireless access equipment is located according to the current geographic position;
the intranet firewall distribution equipment determines the first intranet firewall corresponding to the first intranet access sub-region according to the corresponding relation between the preset intranet access sub-region and the firewall of the target intranet;
the intranet firewall distribution equipment determines that the mobile wireless access equipment meets the condition of switching the connected firewall according to the real-time geographic position, and the condition comprises the following steps:
and when the intranet firewall distribution equipment determines that the mobile wireless access equipment is transferred from the first intranet access sub-region to a second intranet access sub-region aiming at the target intranet, determining that the mobile wireless access equipment meets the condition of switching the connected firewall.
4. The method of claim 1, wherein the access device status information includes network delays between the mobile wireless access device and respective intranet firewalls deployed for the target intranet when the access device status information is obtained;
the step that the intranet firewall distribution equipment determines a second intranet firewall matched with the mobile wireless access equipment from a plurality of intranet firewalls deployed aiming at the target intranet according to the state information of the access equipment comprises the following steps:
and the intranet firewall distribution equipment determines the firewall corresponding to the minimum network delay in the network delays between the mobile wireless access equipment and the intranet firewalls deployed aiming at the target intranet as the second intranet firewall.
5. The method of claim 1, wherein the obtaining, by the intranet firewall distribution device, access device state information of the connection between the mobile wireless access device and the first intranet firewall of the target intranet comprises:
the intranet prevents that hot wall distribution equipment periodically acquires the access equipment state information that the first intranet of mobile wireless access equipment and target intranet prevents hot wall and is connected, perhaps, receiving prevent hot wall switching request that mobile wireless access equipment sent, acquire the access equipment state information that mobile wireless access equipment and the first intranet of target intranet prevent hot wall and are connected, prevent hot wall switching request for mobile wireless access equipment is confirming when mobile wireless access equipment satisfies the intranet that changes the connected and prevents hot wall, the request of the hot wall that the switching that sends is connected.
6. An intranet firewall distribution device, comprising:
the system comprises a state acquisition unit, a state acquisition unit and a local area communication network, wherein the state acquisition unit is used for acquiring access equipment state information of a mobile wireless access equipment connected with a first intranet firewall of a target intranet, the first intranet firewall is a firewall matched with the mobile wireless access equipment and is determined from a plurality of intranet firewalls deployed aiming at the target intranet according to an intranet connection request after receiving an intranet connection request sent by the mobile wireless access equipment and aiming at the target intranet, the access equipment state information comprises a real-time geographic position of the mobile wireless access equipment, the intranet firewall distribution equipment stores the deployment position of each intranet firewall, and the target intranet is a local area communication network which connects various computers, servers and databases in a local geographic range;
a firewall determining unit, configured to determine, when it is determined that the mobile wireless access device satisfies a condition of switching a firewall connected to the mobile wireless access device according to the real-time geographic location, a second intranet firewall matched with the mobile wireless access device from a plurality of intranet firewalls deployed for the target intranet according to the access device status information, wherein the firewall determining unit is further configured to obtain deployment locations of the plurality of intranet firewalls deployed for the target intranet, determine, according to the real-time geographic location and the deployment locations of the plurality of intranet firewalls deployed for the target intranet, that the first intranet firewall is not one of the plurality of intranet firewalls deployed for the target intranet, and determine that the mobile wireless access device satisfies the condition of switching the firewall connected to the mobile wireless access device when the firewall is closest to the mobile wireless access device, according to the real-time geographic position, determining an intranet firewall closest to the mobile wireless access equipment from a plurality of intranet firewalls deployed aiming at the target intranet as a second intranet firewall matched with the mobile wireless access equipment;
and the address sending unit is used for sending a second IP address of the second intranet firewall to the mobile wireless access equipment so that the mobile wireless access equipment establishes connection with the second intranet firewall according to the second IP address and disconnects the connection with the first intranet firewall, the second intranet firewall routes an intranet access request of a user terminal to an intranet server of a target intranet through the mobile wireless access equipment, the intranet access request is sent by the intranet server to respond to the intranet access request, and an intranet request response message returned by the intranet access request is sent to the user terminal through the mobile wireless access equipment.
7. An intranet firewall distribution device, comprising a processor, a memory and a communication interface, wherein the processor, the memory and the communication interface are connected with each other, the communication interface is used for receiving and sending data, the memory is used for storing program codes, and the processor is used for calling the program codes to execute the method according to any one of claims 1 to 5.
8. A computer storage medium, characterized in that it stores a computer program comprising program instructions which, when executed by a processor, cause the processor to carry out the method according to any one of claims 1-5.
CN201910503676.5A 2019-06-10 2019-06-10 Intranet access method and related device Active CN110324826B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201910503676.5A CN110324826B (en) 2019-06-10 2019-06-10 Intranet access method and related device
PCT/CN2019/102347 WO2020248369A1 (en) 2019-06-10 2019-08-23 Firewall switching method and related apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910503676.5A CN110324826B (en) 2019-06-10 2019-06-10 Intranet access method and related device

Publications (2)

Publication Number Publication Date
CN110324826A CN110324826A (en) 2019-10-11
CN110324826B true CN110324826B (en) 2022-08-16

Family

ID=68119495

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910503676.5A Active CN110324826B (en) 2019-06-10 2019-06-10 Intranet access method and related device

Country Status (2)

Country Link
CN (1) CN110324826B (en)
WO (1) WO2020248369A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112492602B (en) * 2020-11-19 2023-08-01 武汉武钢绿色城市技术发展有限公司 5G terminal safety access device, system and equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106027463A (en) * 2016-01-21 2016-10-12 李明 Data transmission method
CN106559304A (en) * 2016-11-15 2017-04-05 乐视控股(北京)有限公司 A kind of connection configuration method and device of VPN
CN109076005A (en) * 2018-04-28 2018-12-21 深圳前海达闼云端智能科技有限公司 A kind of VPN circuit switching method, device and electronic equipment
CN109660459A (en) * 2017-10-10 2019-04-19 中国移动通信集团广东有限公司 A kind of physical gateway and its method for being multiplexed IP address

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100525307C (en) * 2006-01-17 2009-08-05 北京邮电大学 Method for crossing firewall under mobile environment
IL181427A0 (en) * 2007-02-19 2007-07-04 Deutsche Telekom Ag Novel dynamic firewall for nsp networks
CN101635759A (en) * 2009-08-26 2010-01-27 深圳华为通信技术有限公司 Method and device for realizing mobile terminal firewall
CN103051642A (en) * 2013-01-18 2013-04-17 上海云和信息系统有限公司 Method for realizing accessing of local area network equipment in firewall based on VPN (Virtual Private Network) and network system
US9282080B2 (en) * 2013-03-11 2016-03-08 Xerox Corporation Customer vetted device status communication system and method
CN104135461A (en) * 2013-05-02 2014-11-05 中国移动通信集团河北有限公司 Firewall policy processing method and device
US10341296B2 (en) * 2013-09-13 2019-07-02 Vmware, Inc. Firewall configured with dynamic collaboration from network services in a virtual network environment
CN108683632A (en) * 2018-04-04 2018-10-19 山石网科通信技术有限公司 Firewall security policy method of adjustment and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106027463A (en) * 2016-01-21 2016-10-12 李明 Data transmission method
CN106559304A (en) * 2016-11-15 2017-04-05 乐视控股(北京)有限公司 A kind of connection configuration method and device of VPN
CN109660459A (en) * 2017-10-10 2019-04-19 中国移动通信集团广东有限公司 A kind of physical gateway and its method for being multiplexed IP address
CN109076005A (en) * 2018-04-28 2018-12-21 深圳前海达闼云端智能科技有限公司 A kind of VPN circuit switching method, device and electronic equipment

Also Published As

Publication number Publication date
CN110324826A (en) 2019-10-11
WO2020248369A1 (en) 2020-12-17

Similar Documents

Publication Publication Date Title
CN106878135B (en) Connection method and device
CN113949573A (en) Zero-trust service access control system and method
US11943297B2 (en) Distributed network security system providing isolation of customer data
WO2022247751A1 (en) Method, system and apparatus for remotely accessing application, device, and storage medium
CN110266674B (en) Intranet access method and related device
CN110336794B (en) Intranet access method, system and related device
CN111132305B (en) Method for 5G user terminal to access 5G network, user terminal equipment and medium
CN113824791A (en) Access control method, device, equipment and readable storage medium
CN109936515B (en) Access configuration method, information providing method and device
CN110336793B (en) Intranet access method and related device
JP7476366B2 (en) Relay method, relay system, and relay program
US11743724B2 (en) System and method for accessing a privately hosted application from a device connected to a wireless network
CN104253798A (en) Network security monitoring method and system
CN110324826B (en) Intranet access method and related device
CN111866993B (en) Wireless local area network connection management method, device, software program and storage medium
CN110324318B (en) Intranet access method and related device
CN111093196B (en) Method for 5G user terminal to access 5G network, user terminal equipment and medium
CN110213769B (en) Intranet access method and related device
CN113852697B (en) SDP terminal flow proxy method, device, equipment and storage medium
US11496516B2 (en) Secure multiplexed routing
CN110311785B (en) Intranet access method and related device
JP5726302B2 (en) Secret or protected access to a network of nodes distributed across a communication architecture using a topology server
CN115442100A (en) Data access method based on multi-node zero-trust gateway and related equipment
CN116938486A (en) Access control method, device, system, equipment and storage medium
CN111953798A (en) Cross-network communication method, device and system and proxy server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant