CN103532974B - Virtual firewall configuration method and device - Google Patents
Virtual firewall configuration method and device Download PDFInfo
- Publication number
- CN103532974B CN103532974B CN201310516388.6A CN201310516388A CN103532974B CN 103532974 B CN103532974 B CN 103532974B CN 201310516388 A CN201310516388 A CN 201310516388A CN 103532974 B CN103532974 B CN 103532974B
- Authority
- CN
- China
- Prior art keywords
- virtual
- configuration
- regularization term
- virtual firewall
- firewall
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 238000000605 extraction Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000008034 disappearance Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 1
- 239000000686 essence Substances 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 206010022000 influenza Diseases 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 239000011800 void material Substances 0.000 description 1
Abstract
The invention discloses a virtual firewall configuration method and device. The method comprises steps as follows: determining rule items, requiring the same configuration, of a plurality of virtual firewalls; extracting determined rule items, and performing unified configuration on the extracted rule items; and configuring other rule items of the plurality of virtual firewalls. By means of the virtual firewall configuration method and device, unified configuration is performed on the rule items, requiring the same configuration, in the plurality of virtual firewalls, therefore, configuration load for the plurality of virtual firewalls is relieved, the mismatching rate caused by artificial configuration one by one is reduced, device stability can be promoted, and unified management of users is facilitated. Besides, separate configuration is performed for other rule items of the virtual firewalls with different configuration, so that the plurality of virtual firewalls are configured integrally, and virtual firewall vulnerability brought by configuration absence is avoided.
Description
Technical field
The present invention relates to computer realm, and especially, it is related to the collocation method and device of a kind of virtual firewall.
Background technology
At present, physics fire wall signs in each firewall configuration page to anti-using the method being separately configured
The regularization term of wall with flues carries out various configurations.
In cloud computing environment, it will virtual firewall is automatically created or closed according to the demand of user.Also, according to
The characteristics of cloud computing, the quantity of virtual firewall can be a lot, if configured one by one, can cause managing for virtual firewall
Property reduce.Additionally, due to artificial operational error device can be caused unstable.And large number of fire wall is investigated one by one
Become unrealistic.
For needing to configure the regularization term of multiple virtual firewalls in correlation technique, virtual firewall is caused to manage
The problem that rationality is reduced, not yet proposes at present effective solution.
The content of the invention
For needing to configure the regularization term of multiple virtual firewalls in correlation technique, virtual firewall is caused to manage
The problem that rationality is reduced, the present invention proposes a kind of collocation method and device of virtual firewall, can be to needing in virtual firewall
The regularization term for being similarly configured carries out unifying configuration, so as to mitigate configuration burden, and avoid due to it is artificial one by one
Configuration, so as to improve the stability of device.
The technical scheme is that what is be achieved in that:
According to an aspect of the invention, there is provided a kind of collocation method of virtual firewall.
The collocation method of the virtual firewall includes:
Determine that multiple virtual firewalls need the regularization term for being similarly configured;
The regularization term for determining is extracted, and the regularization term to extracting carries out unifying configuration;
Other regularization terms of multiple virtual firewalls are configured.
And, before carrying out unifying configuration to the regularization term extracted, above-mentioned collocation method is further included:
It is determined that the virtual firewall having been switched on;
Also, determine that multiple virtual firewalls need the regularization term for being similarly configured to include:
It is determined that the virtual firewall having been switched on needs the regularization term for being similarly configured.
Also, above-mentioned collocation method is further included:
All fire walls are divided into multiple domains by the function of all fire walls for being configured as needed;
Also, determine that multiple virtual firewalls need the regularization term for being similarly configured to include:
The regularization term for needing to be similarly configured is determined to the virtual firewall in each domain.
Wherein, all fire walls are divided into into multiple domains includes:
It is function is identical or part identical virtual firewall is divided to a domain.
Further, above-mentioned collocation method includes:
Prestore the IP address of whole virtual machines.
Additionally, above-mentioned collocation method includes:
In the case where needing to configure virtual machine, the IP address corresponding to the virtual machine is extracted;
Pass through extracted IP address and be connected to the virtual machine, to determine the position of the virtual firewall corresponding to the virtual machine
Put.
According to an aspect of the invention, there is provided a kind of configuration device of virtual firewall.
The configuration device of the virtual firewall includes:
Determining module, the regularization term similarly configured for determining multiple virtual firewalls to need;
Extraction module, for extracting the regularization term for determining, and the regularization term to extracting carries out unifying configuration;
Configuration module, for configuring to other regularization terms of multiple virtual firewalls.
Also, above-mentioned configuration device is further included:
Division module, the function of all fire walls for being configured as needed is divided on all fire walls many
Individual domain;
Also, determining module is further used for determining the rule for needing to be similarly configured to the virtual firewall in each domain
Then item.
Wherein, division module is further used for that function is identical or part identical virtual firewall is divided to one
Domain.
Additionally, above-mentioned configuration device includes:
Module is prestored, for prestoring the IP address of whole virtual machines.
The present invention by needing the regularization term for being similarly configured to carry out to unify configuration in multiple virtual firewalls, so as to
Mitigate the configuration burden to multiple virtual firewalls, and avoid due to artificial configuration one by one, reduce the rate of mismatching, can
Improve the stability of device, user friendly unified management.Additionally, other regularization terms to different configuration of virtual firewall
Separately configured, be intactly configured with multiple virtual firewalls, it is to avoid the caused virtual firewall due to configuration disappearance
Leak.
Description of the drawings
Fig. 1 is the flow chart of the collocation method of virtual firewall according to embodiments of the present invention;
Fig. 2 is the signal in the virtual firewall domain used in the collocation method of virtual firewall according to embodiments of the present invention
Figure;
Fig. 3 be virtual firewall according to embodiments of the present invention collocation method in configuration when there is virtual firewall domain
Schematic diagram;
Fig. 4 is the block diagram of the configuration device of virtual firewall according to embodiments of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than the embodiment of whole.It is based on
Embodiment in the present invention, the every other embodiment that those of ordinary skill in the art are obtained belongs to present invention protection
Scope.
A kind of embodiments in accordance with the present invention, there is provided collocation method of virtual firewall.
As shown in figure 1, the collocation method of virtual firewall according to embodiments of the present invention includes:
Step S101, determines that multiple virtual firewalls need the regularization term for being similarly configured;
Step S103, extracts the regularization term for determining, and the regularization term to extracting carries out unifying configuration;
Other regularization terms of multiple virtual firewalls are configured by step S105.
And, before carrying out unifying configuration to the regularization term extracted, collocation method according to embodiments of the present invention can be with
Further determine that the virtual firewall having been switched on;Also, it is determined that multiple virtual firewalls need the rule for being similarly configured
Then while item, it is identical that collocation method according to embodiments of the present invention can determine that the virtual firewall having been switched on needs to carry out
The regularization term of configuration.
Also, collocation method according to embodiments of the present invention may further include:What is configured as needed is all
All fire walls are divided into multiple domains by the function of fire wall.Also, determine that multiple virtual firewalls need to be similarly configured
Regularization term when the virtual firewall that can be directed in each domain determine and need the regularization term that be similarly configured.
Wherein, all fire walls are divided into into multiple domains can be by function is identical or part identical virtual firewall
It is divided to a domain.
Further, collocation method according to embodiments of the present invention can prestore the IP address of whole virtual machines.
Additionally, collocation method according to embodiments of the present invention is in the case where needing to configure virtual machine, it is right to extract
Should be in the IP address of the virtual machine.Also, collocation method according to embodiments of the present invention passes through extracted IP address and is connected to
The virtual machine, to determine the position of the virtual firewall corresponding to the virtual machine.
All virtual firewalls are detected by the collocation method of virtual firewall according to embodiments of the present invention automatically,
Judge whether the state of fire wall opens according to corresponding result of detection.The unified configuration page is set, to needing to carry out identical matching somebody with somebody
The regularization term of the fire wall put carries out unifying to arrange, step S101 as shown in Figure 1.To needing to carry out different configuration of fire wall
Regularization term be respectively provided with, step S105 as shown in Figure 1.Wherein, the above-mentioned unified configuration page can be by virtual
The IP address of main frame is connected on fictitious host computer, and finds the configuration file of fire wall(In actual applications, configuration file leads to
The fixed position being often placed in fictitious host computer.)
According to another embodiment of the invention, design fire wall domain can be set, multiple virtual firewall needs are determined
The regularization term for being similarly configured, the fire wall with the regularization term for needing to be similarly configured is placed in same domain, with
Ensure that as far as possible many identical configurations are unified configurations.As shown in figure 3, with 4 virtual firewalls as example, arranging 2 fire prevention
Wall domain:Virtual firewall domain 1 and virtual firewall domain 2.To put with the virtual firewall 1 and virtual firewall 2 that similarly configure
In virtual firewall domain 1, virtual firewall domain 2 will be placed in the virtual firewall 3 and virtual firewall 4 that similarly configure
In.
As shown in figure 4, domain 1(That is virtual firewall domain 1)Be configured to be needed in virtual firewall 1 and virtual firewall 2 into
The regularization term that row is similarly configured, the regularization term unification decentralization order to needing to be similarly configured in domain 1.To virtual firewall 1
With need to carry out different configuration of regularization term in virtual firewall 2 to be respectively configured, such as configuration 1, configuration 2 ... configuration 6.Domain
2(That is virtual firewall domain 2)The regularization term for needing to be similarly configured is configured in virtual firewall 3 and virtual firewall 4, it is right
The regularization term for being similarly configured is needed to unify decentralization order in domain 2.To need in virtual firewall 3 and virtual firewall 4 into
The different configuration of regularization term of row is respectively configured, such as configuration 1, configuration 2 ... configuration 6.
A kind of embodiments in accordance with the present invention, there is provided configuration device of virtual firewall.
As shown in figure 4, the configuration device of virtual firewall according to embodiments of the present invention includes:
Determining module 41, the regularization term similarly configured for determining multiple virtual firewalls to need;
Extraction module 42, for extracting the regularization term for determining, and the regularization term to extracting carries out unifying configuration;
Configuration module 43, for configuring to other regularization terms of multiple virtual firewalls.
Also, configuration device according to embodiments of the present invention is further included:
Division module(It is not shown), the function of all fire walls for being configured as needed, by all fire walls
It is divided into multiple domains;
Also, determining module 41 is further used for determining the virtual firewall in each domain needs what is similarly configured
Regularization term.
Wherein, division module(It is not shown)It is further used for function is identical or part identical virtual firewall is drawn
Divide to a domain.
Additionally, configuration device according to embodiments of the present invention includes:
Prestore module(It is not shown), for prestoring the IP address of whole virtual machines.
In sum, by means of the above-mentioned technical proposal of the present invention, the present invention in multiple virtual firewalls by needing
The regularization term for being similarly configured carries out unifying configuration, so as to mitigate the configuration burden to multiple virtual firewalls, and avoids
Due to artificial configuration one by one, the stability of device can be improved.Further, void is confirmed by detecting automatically in advance
Intend the use state of fire wall, it is possible to increase allocative efficiency.Additionally, entering to other regularization terms of different configuration of virtual firewall
Row is separately configured, and is intactly configured with multiple virtual firewalls, it is to avoid due to configuration disappearance, caused virtual firewall leaks
Hole.
Presently preferred embodiments of the present invention is the foregoing is only, not to limit the present invention, all essences in the present invention
Within god and principle, any modification, equivalent substitution and improvements made etc. should be included within the scope of the present invention.
Claims (6)
1. a kind of collocation method of virtual firewall, it is characterised in that include:
Determine that multiple virtual firewalls need the regularization term for being similarly configured;
The regularization term for determining is extracted, and the regularization term to extracting carries out unifying configuration;
Other regularization terms of the plurality of virtual firewall are configured;
All fire walls are divided into multiple domains by the function of all fire walls for being configured as needed;
Also, determine that multiple virtual firewalls need the regularization term for being similarly configured to include:
The regularization term for needing to be similarly configured is determined to the virtual firewall in each domain;
Wherein, all fire walls are divided into into multiple domains includes:By function is identical or part identical virtual firewall is drawn
Divide to a domain.
2. collocation method according to claim 1, it is characterised in that carry out unifying configuration in the regularization term to extracting
Before, the collocation method is further included:
It is determined that the virtual firewall having been switched on;
Also, determine that multiple virtual firewalls need the regularization term for being similarly configured to include:
It is determined that the virtual firewall having been switched on needs the regularization term for being similarly configured.
3. collocation method according to claim 1 and 2, it is characterised in that include:
Prestore the IP address of whole virtual machines.
4. collocation method according to claim 3, it is characterised in that include:
In the case where needing to configure virtual machine, the IP address corresponding to the virtual machine is extracted;
Pass through extracted IP address and be connected to the virtual machine, to determine the position of the virtual firewall corresponding to the virtual machine.
5. a kind of configuration device of virtual firewall, it is characterised in that include:
Determining module, the regularization term similarly configured for determining multiple virtual firewalls to need;
Extraction module, for extracting the regularization term for determining, and the regularization term to extracting carries out unifying configuration;
Configuration module, for configuring to other regularization terms of the plurality of virtual firewall;
All fire walls are divided into multiple domains by division module, the function of all fire walls for being configured as needed;
Also, the determining module is further used for determining the rule for needing to be similarly configured to the virtual firewall in each domain
Then item;
The division module is further used for that function is identical or part identical virtual firewall is divided to a domain.
6. configuration device according to claim 5, it is characterised in that include:
Module is prestored, for prestoring the IP address of whole virtual machines.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310516388.6A CN103532974B (en) | 2013-10-28 | 2013-10-28 | Virtual firewall configuration method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310516388.6A CN103532974B (en) | 2013-10-28 | 2013-10-28 | Virtual firewall configuration method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103532974A CN103532974A (en) | 2014-01-22 |
| CN103532974B true CN103532974B (en) | 2017-05-03 |
Family
ID=49934653
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310516388.6A Active CN103532974B (en) | 2013-10-28 | 2013-10-28 | Virtual firewall configuration method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103532974B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101098262A (en) * | 2007-07-03 | 2008-01-02 | 中兴通讯股份有限公司 | SNMP interface based equipment arrangement testing approach and device |
| CN101945013A (en) * | 2010-09-20 | 2011-01-12 | 中兴通讯股份有限公司 | System and method for implementing server configuration management |
| CN103209197A (en) * | 2012-01-12 | 2013-07-17 | 百度在线网络技术(北京)有限公司 | Cluster server deployment method and cluster server deployment system |
-
2013
- 2013-10-28 CN CN201310516388.6A patent/CN103532974B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101098262A (en) * | 2007-07-03 | 2008-01-02 | 中兴通讯股份有限公司 | SNMP interface based equipment arrangement testing approach and device |
| CN101945013A (en) * | 2010-09-20 | 2011-01-12 | 中兴通讯股份有限公司 | System and method for implementing server configuration management |
| CN103209197A (en) * | 2012-01-12 | 2013-07-17 | 百度在线网络技术(北京)有限公司 | Cluster server deployment method and cluster server deployment system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103532974A (en) | 2014-01-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10230765B2 (en) | Techniques to deliver security and network policies to a virtual network function | |
| CN106790091B (en) | Cloud safety protection system and flow cleaning method | |
| US20220255896A1 (en) | Managed forwarding element detecting invalid packet addresses | |
| CN103067380B (en) | A kind of deployment configuration method and system of virtual secure equipment | |
| CN105100026B (en) | A kind of safe retransmission method of message and device | |
| CN106797349A (en) | For the dynamic cascading cluster of dynamic VNF | |
| CN104718723A (en) | A framework for networking and security services in virtual networks | |
| EP3228060A1 (en) | Context-aware distributed firewall | |
| US20140109097A1 (en) | Automated Technique to Configure and Provision Components of a Converged Infrastructure | |
| CN105049412A (en) | Secure data exchange method, device and equipment among different networks | |
| CN105635332A (en) | Method for multiple virtual machines to share IP of single external network | |
| CN105991361A (en) | Monitoring method and monitoring system for cloud servers in cloud computing platform | |
| CN109379347A (en) | A kind of safety protecting method and equipment | |
| US9935834B1 (en) | Automated configuration of virtual port channels | |
| Törhönen | Designing a software-defined datacenter | |
| CN111355686A (en) | Method, device, system and storage medium for defending flood attacks | |
| CN104205745B (en) | Method and device for processing message | |
| CN103167006B (en) | Virtual machine provides the method for Web service, monitor of virtual machine and system | |
| CN104050038B (en) | A kind of virtual machine migration method based on policy-aware | |
| Xu et al. | Identifying SDN state inconsistency in OpenStack | |
| US8813223B2 (en) | Secure network topology on a virtualized server | |
| US10129184B1 (en) | Detecting the source of link errors in a cut-through forwarding network fabric | |
| CN103532974B (en) | Virtual firewall configuration method and device | |
| CN108712308A (en) | The method and apparatus that the network equipment is detected in virtual network | |
| US9716631B2 (en) | End host physical connection on a switch port using multiple ethernet frames |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100193 Beijing, Haidian District, northeast Wang West Road, building 8, building 36, floor 5 Patentee after: Shuguang Cloud Computing Group Co.,Ltd. Address before: 100193 Beijing, Haidian District, northeast Wang West Road, building 8, building 36, floor 5 Patentee before: DAWNING CLOUD COMPUTING TECHNOLOGY Co.,Ltd. |
|
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 100193 5 floor, 36 building, No. 8 Northeast Road, Haidian District, Beijing. Patentee after: Shuguang Cloud Computing Group Co.,Ltd. Country or region after: China Address before: 100193 5 floor, 36 building, No. 8 Northeast Road, Haidian District, Beijing. Patentee before: Shuguang Cloud Computing Group Co.,Ltd. Country or region before: China |