CN102710669A - 一种防火墙策略控制的方法及装置 - Google Patents
一种防火墙策略控制的方法及装置 Download PDFInfo
- Publication number
- CN102710669A CN102710669A CN2012102267179A CN201210226717A CN102710669A CN 102710669 A CN102710669 A CN 102710669A CN 2012102267179 A CN2012102267179 A CN 2012102267179A CN 201210226717 A CN201210226717 A CN 201210226717A CN 102710669 A CN102710669 A CN 102710669A
- Authority
- CN
- China
- Prior art keywords
- virtual
- interface
- message
- group
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45595—Network integration; Enabling network access in virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
Claims (9)
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210226717.9A CN102710669B (zh) | 2012-06-29 | 2012-06-29 | 一种防火墙策略控制的方法及装置 |
PCT/CN2013/073303 WO2014000483A1 (en) | 2012-06-29 | 2013-03-28 | Firewall security between virtual devices |
EP13810155.5A EP2868062B1 (en) | 2012-06-29 | 2013-03-28 | Firewall security between virtual devices |
US14/391,166 US9426117B2 (en) | 2012-06-29 | 2013-03-28 | Firewall security between virtual devices |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210226717.9A CN102710669B (zh) | 2012-06-29 | 2012-06-29 | 一种防火墙策略控制的方法及装置 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102710669A true CN102710669A (zh) | 2012-10-03 |
CN102710669B CN102710669B (zh) | 2016-03-02 |
Family
ID=46903222
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210226717.9A Active CN102710669B (zh) | 2012-06-29 | 2012-06-29 | 一种防火墙策略控制的方法及装置 |
Country Status (4)
Country | Link |
---|---|
US (1) | US9426117B2 (zh) |
EP (1) | EP2868062B1 (zh) |
CN (1) | CN102710669B (zh) |
WO (1) | WO2014000483A1 (zh) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2014000483A1 (en) * | 2012-06-29 | 2014-01-03 | Hangzhou H3C Technologies Co., Ltd. | Firewall security between virtual devices |
CN103561027A (zh) * | 2013-11-05 | 2014-02-05 | 曙光云计算技术有限公司 | 虚拟网络隔离的实现方法和实现装置 |
CN103685235A (zh) * | 2013-11-18 | 2014-03-26 | 汉柏科技有限公司 | 一种基于防火墙的三层网络虚拟化实现方法及系统 |
WO2015096580A1 (zh) * | 2013-12-26 | 2015-07-02 | 华为技术有限公司 | 网络流量控制设备及其安全策略配置方法及装置 |
CN105100026A (zh) * | 2014-05-22 | 2015-11-25 | 杭州华三通信技术有限公司 | 一种报文安全转发方法及装置 |
CN110365577A (zh) * | 2019-07-24 | 2019-10-22 | 北京神州绿盟信息安全科技股份有限公司 | 一种安全资源池的引流系统 |
CN112511439A (zh) * | 2020-11-25 | 2021-03-16 | 杭州迪普科技股份有限公司 | 数据转发方法、装置、设备及计算机可读存储介质 |
CN113079128A (zh) * | 2020-01-06 | 2021-07-06 | 中国移动通信集团安徽有限公司 | 信息封堵方法、装置、计算设备及计算机存储介质 |
CN113098856A (zh) * | 2021-03-29 | 2021-07-09 | 绿盟科技集团股份有限公司 | 一种透明模式下的虚拟专用网络vpn实现方法及安全设备 |
CN113169967A (zh) * | 2018-11-30 | 2021-07-23 | 思科技术公司 | 动态的基于意图的防火墙 |
CN113179252A (zh) * | 2021-03-30 | 2021-07-27 | 新华三信息安全技术有限公司 | 一种安全策略管理方法、装置、设备及机器可读存储介质 |
CN113794640A (zh) * | 2021-08-20 | 2021-12-14 | 新华三信息安全技术有限公司 | 一种报文处理方法、装置、设备及机器可读存储介质 |
CN115150170A (zh) * | 2022-06-30 | 2022-10-04 | 北京天融信网络安全技术有限公司 | 安全策略配置方法、装置、电子设备和存储介质 |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9716619B2 (en) | 2011-03-31 | 2017-07-25 | NextPlane, Inc. | System and method of processing media traffic for a hub-based system federating disparate unified communications systems |
US20140359457A1 (en) * | 2013-05-30 | 2014-12-04 | NextPlane, Inc. | User portal to a hub-based system federating disparate unified communications systems |
US9705840B2 (en) | 2013-06-03 | 2017-07-11 | NextPlane, Inc. | Automation platform for hub-based system federating disparate unified communications systems |
DE102015200801A1 (de) * | 2015-01-20 | 2016-07-21 | Continental Teves Ag & Co. Ohg | Elektronische Steuerungsvorrichtung |
CN106998287B (zh) * | 2016-01-22 | 2019-11-05 | 北京北信源软件股份有限公司 | 一种针对隔离网络环境的即时通信群消息合并转发方法 |
CN111049855B (zh) * | 2019-12-25 | 2022-02-01 | 北京天融信网络安全技术有限公司 | 一种基于标签的策略配置方法及装置 |
CN112532516A (zh) * | 2020-11-27 | 2021-03-19 | 杭州迪普科技股份有限公司 | 流量转发方法、装置、设备及计算机可读存储介质 |
CN115001964B (zh) * | 2022-05-19 | 2023-08-22 | 中国人民银行数字货币研究所 | 一种管理防火墙的方法和装置 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1697396A (zh) * | 2004-05-10 | 2005-11-16 | 华为技术有限公司 | 基于防火墙实现本地虚拟私网络的方法 |
CN101800730A (zh) * | 2009-02-09 | 2010-08-11 | 国际商业机器公司 | 安全增强的虚拟机通信方法和虚拟机系统 |
CN102244622A (zh) * | 2011-07-25 | 2011-11-16 | 北京网御星云信息技术有限公司 | 用于服务器虚拟化的虚拟网关防护方法、安全网关及系统 |
CN102307246A (zh) * | 2010-09-25 | 2012-01-04 | 广东电子工业研究院有限公司 | 基于云计算的虚拟机间安全通信保护系统及其方法 |
US8166474B1 (en) * | 2005-09-19 | 2012-04-24 | Vmware, Inc. | System and methods for implementing network traffic management for virtual and physical machines |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7333482B2 (en) | 2000-12-22 | 2008-02-19 | Interactive People Unplugged Ab | Route optimization technique for mobile IP |
US7516475B1 (en) | 2002-07-01 | 2009-04-07 | Cisco Technology, Inc. | Method and apparatus for managing security policies on a network |
US7296092B2 (en) | 2004-06-30 | 2007-11-13 | Nokia, Inc. | Apparatus for inter-domain communications including a virtual switch for routing data packets between virtual interfaces of the virtual switch |
GB2418326B (en) | 2004-09-17 | 2007-04-11 | Hewlett Packard Development Co | Network vitrualization |
GB2449593A (en) | 2006-03-17 | 2008-11-26 | Fujitsu Ltd | Network design processing device, network design processing method and network design processing program |
US8190755B1 (en) * | 2006-12-27 | 2012-05-29 | Symantec Corporation | Method and apparatus for host authentication in a network implementing network access control |
US20090249471A1 (en) | 2008-03-27 | 2009-10-01 | Moshe Litvin | Reversible firewall policies |
US8213336B2 (en) | 2009-02-23 | 2012-07-03 | Cisco Technology, Inc. | Distributed data center access switch |
US8363656B2 (en) | 2010-09-15 | 2013-01-29 | International Business Machines Corporation | Multiple virtual machines sharing a single IP address |
US9325525B2 (en) | 2010-12-28 | 2016-04-26 | Citrix Systems, Inc. | Systems and methods for VLAN tagging via cloud bridge |
US8516241B2 (en) * | 2011-07-12 | 2013-08-20 | Cisco Technology, Inc. | Zone-based firewall policy model for a virtualized data center |
CN102710669B (zh) | 2012-06-29 | 2016-03-02 | 杭州华三通信技术有限公司 | 一种防火墙策略控制的方法及装置 |
-
2012
- 2012-06-29 CN CN201210226717.9A patent/CN102710669B/zh active Active
-
2013
- 2013-03-28 US US14/391,166 patent/US9426117B2/en active Active
- 2013-03-28 EP EP13810155.5A patent/EP2868062B1/en active Active
- 2013-03-28 WO PCT/CN2013/073303 patent/WO2014000483A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1697396A (zh) * | 2004-05-10 | 2005-11-16 | 华为技术有限公司 | 基于防火墙实现本地虚拟私网络的方法 |
US8166474B1 (en) * | 2005-09-19 | 2012-04-24 | Vmware, Inc. | System and methods for implementing network traffic management for virtual and physical machines |
CN101800730A (zh) * | 2009-02-09 | 2010-08-11 | 国际商业机器公司 | 安全增强的虚拟机通信方法和虚拟机系统 |
CN102307246A (zh) * | 2010-09-25 | 2012-01-04 | 广东电子工业研究院有限公司 | 基于云计算的虚拟机间安全通信保护系统及其方法 |
CN102244622A (zh) * | 2011-07-25 | 2011-11-16 | 北京网御星云信息技术有限公司 | 用于服务器虚拟化的虚拟网关防护方法、安全网关及系统 |
Cited By (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9426117B2 (en) | 2012-06-29 | 2016-08-23 | Hangzhou H3C Technologies Co., Ltd. | Firewall security between virtual devices |
WO2014000483A1 (en) * | 2012-06-29 | 2014-01-03 | Hangzhou H3C Technologies Co., Ltd. | Firewall security between virtual devices |
CN103561027A (zh) * | 2013-11-05 | 2014-02-05 | 曙光云计算技术有限公司 | 虚拟网络隔离的实现方法和实现装置 |
CN103685235A (zh) * | 2013-11-18 | 2014-03-26 | 汉柏科技有限公司 | 一种基于防火墙的三层网络虚拟化实现方法及系统 |
WO2015096580A1 (zh) * | 2013-12-26 | 2015-07-02 | 华为技术有限公司 | 网络流量控制设备及其安全策略配置方法及装置 |
US10051007B2 (en) | 2013-12-26 | 2018-08-14 | Huawei Technologies Co., Ltd. | Network traffic control device, and security policy configuration method and apparatus thereof |
CN105100026A (zh) * | 2014-05-22 | 2015-11-25 | 杭州华三通信技术有限公司 | 一种报文安全转发方法及装置 |
CN105100026B (zh) * | 2014-05-22 | 2018-07-20 | 新华三技术有限公司 | 一种报文安全转发方法及装置 |
CN113169967A (zh) * | 2018-11-30 | 2021-07-23 | 思科技术公司 | 动态的基于意图的防火墙 |
CN110365577A (zh) * | 2019-07-24 | 2019-10-22 | 北京神州绿盟信息安全科技股份有限公司 | 一种安全资源池的引流系统 |
CN110365577B (zh) * | 2019-07-24 | 2021-10-15 | 绿盟科技集团股份有限公司 | 一种安全资源池的引流系统及安全检查方法 |
CN113079128A (zh) * | 2020-01-06 | 2021-07-06 | 中国移动通信集团安徽有限公司 | 信息封堵方法、装置、计算设备及计算机存储介质 |
CN113079128B (zh) * | 2020-01-06 | 2022-10-18 | 中国移动通信集团安徽有限公司 | 信息封堵方法、装置、计算设备及计算机存储介质 |
CN112511439A (zh) * | 2020-11-25 | 2021-03-16 | 杭州迪普科技股份有限公司 | 数据转发方法、装置、设备及计算机可读存储介质 |
CN112511439B (zh) * | 2020-11-25 | 2023-03-14 | 杭州迪普科技股份有限公司 | 数据转发方法、装置、设备及计算机可读存储介质 |
CN113098856A (zh) * | 2021-03-29 | 2021-07-09 | 绿盟科技集团股份有限公司 | 一种透明模式下的虚拟专用网络vpn实现方法及安全设备 |
CN113179252A (zh) * | 2021-03-30 | 2021-07-27 | 新华三信息安全技术有限公司 | 一种安全策略管理方法、装置、设备及机器可读存储介质 |
CN113179252B (zh) * | 2021-03-30 | 2022-04-01 | 新华三信息安全技术有限公司 | 一种安全策略管理方法、装置、设备及机器可读存储介质 |
CN113794640A (zh) * | 2021-08-20 | 2021-12-14 | 新华三信息安全技术有限公司 | 一种报文处理方法、装置、设备及机器可读存储介质 |
CN113794640B (zh) * | 2021-08-20 | 2022-11-18 | 新华三信息安全技术有限公司 | 一种报文处理方法、装置、设备及机器可读存储介质 |
CN115150170A (zh) * | 2022-06-30 | 2022-10-04 | 北京天融信网络安全技术有限公司 | 安全策略配置方法、装置、电子设备和存储介质 |
CN115150170B (zh) * | 2022-06-30 | 2024-03-12 | 北京天融信网络安全技术有限公司 | 安全策略配置方法、装置、电子设备和存储介质 |
Also Published As
Publication number | Publication date |
---|---|
WO2014000483A1 (en) | 2014-01-03 |
EP2868062A1 (en) | 2015-05-06 |
EP2868062A4 (en) | 2015-12-30 |
CN102710669B (zh) | 2016-03-02 |
US20150074788A1 (en) | 2015-03-12 |
US9426117B2 (en) | 2016-08-23 |
EP2868062B1 (en) | 2019-06-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102710669A (zh) | 一种防火墙策略控制的方法及装置 | |
US9825822B1 (en) | Group networking in an overlay network | |
JP6073338B2 (ja) | 仮想化されたホームipサービスデリバリのためのアーキテクチャ | |
CN103650430B (zh) | 报文处理方法、装置、主机和网络系统 | |
US9876756B2 (en) | Network access method and device for equipment | |
US20130024553A1 (en) | Location independent dynamic IP address assignment | |
KR20190013964A (ko) | IoT 디바이스 접속, 발견 및 네트워킹 | |
CN103546497B (zh) | 一种分布式防火墙IPSec业务负载分担的方法及装置 | |
US8219713B2 (en) | Method and system for a network controller based pass-through communication mechanism between local host and management controller | |
CN112272145B (zh) | 一种报文处理方法、装置、设备及机器可读存储介质 | |
CN111224821B (zh) | 安全服务部署系统、方法及装置 | |
CN106302320B (zh) | 用于对用户的业务进行授权的方法、装置及系统 | |
CN106712988B (zh) | 一种虚拟网络管理方法及装置 | |
EP2974147B1 (en) | Loop-free hybrid network | |
CN105471596A (zh) | 网络管理的方法和装置 | |
US8611358B2 (en) | Mobile network traffic management | |
CN103081418A (zh) | 计算机系统和计算机系统中的通信方法 | |
CN104468368B (zh) | 配置bgp邻居的方法及装置 | |
US9686316B2 (en) | Layer-2 security for industrial automation by snooping discovery and configuration messages | |
CN104980361A (zh) | 一种负载均衡方法、装置及系统 | |
US20140181279A1 (en) | Virtual Console-Port Management | |
CN105657078B (zh) | 一种数据传输方法、装置及多层网络管理器 | |
US20200244663A1 (en) | Group zoning and access control over a network | |
CN105357332B (zh) | 一种网络地址转换方法及装置 | |
CN105264839A (zh) | 基于软件定义网络的组网方法及设备 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou science and Technology Development Zone, Zhejiang high tech park, No. six and road, No. 310 Patentee before: Huasan Communication Technology Co., Ltd. |
|
CP03 | Change of name, title or address | ||
TR01 | Transfer of patent right |
Effective date of registration: 20180921 Address after: 230088 the 541 phase of H2 two, two innovation industrial park, No. 2800, innovation Avenue, Hi-tech Zone, Hefei, Anhui. Patentee after: Xinhua three information Safe Technology Ltd Address before: 310052 Changhe Road, Binjiang District, Hangzhou, Zhejiang Province, No. 466 Patentee before: Xinhua three Technology Co., Ltd. |
|
TR01 | Transfer of patent right |