CN109962914A - A kind of firewall configuration method and device - Google Patents

A kind of firewall configuration method and device Download PDF

Info

Publication number
CN109962914A
CN109962914A CN201910186573.0A CN201910186573A CN109962914A CN 109962914 A CN109962914 A CN 109962914A CN 201910186573 A CN201910186573 A CN 201910186573A CN 109962914 A CN109962914 A CN 109962914A
Authority
CN
China
Prior art keywords
firewall box
firewall
target
information
facility information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910186573.0A
Other languages
Chinese (zh)
Other versions
CN109962914B (en
Inventor
胡有福
杜鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPTech Technologies Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN201910186573.0A priority Critical patent/CN109962914B/en
Publication of CN109962914A publication Critical patent/CN109962914A/en
Application granted granted Critical
Publication of CN109962914B publication Critical patent/CN109962914B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)

Abstract

Disclose a kind of firewall configuration method and device.A kind of firewall configuration method, which is characterized in that the method is applied to OpenStack server-side, comprising: receive data distributing request;It determines and whether specifies target firewall box in the data distributing request, the target firewall box is any appliance in preparatory matched several firewall boxes;Refer in the case where set the goal firewall box in data distributing request, according to the facility information of the target firewall box, sends the configuration data specified in the data distributing request;In the data distributing request in the case where not specified target firewall box, the facility information of matched several firewall boxes in advance is obtained;Target firewall box is determined according to facility information obtained, and the configuration data specified in the data distributing request is sent to identified target firewall box.

Description

A kind of firewall configuration method and device
Technical field
This specification embodiment is related to network communication technology field more particularly to a kind of firewall configuration method and device.
Background technique
OpenStack is that the open source cloud computing management platform project of current main-stream is provided by the multiple components for being included The extensions clothes such as the kernel services such as calculating, network, storage and FWaaS (Firewall as a Service, firewall service) Business.
When OpenStack server-side and firewall hardware equipment interconnection, FWaaS may be implemented, firewall box is matched It sets.In the prior art, FWaaS is merely able to carry out resource for firewall box and the configuration such as issues, and can not configure simultaneously More firewall boxes.Therefore it is impossible to meet the demands that more firewall boxes are disposed under large-scale network-estabilishing cloud environment.
Summary of the invention
In view of this, this specification embodiment provides a kind of firewall configuration method and device, it is applied to OpenStack and takes Business end, technical solution are as follows:
A kind of firewall configuration method, which is characterized in that the method is applied to OpenStack server-side, comprising:
Receive data distributing request;
It determines in the data distributing request and whether specifies target firewall box, the target firewall box is preparatory Any appliance in matched several firewall boxes;
The data distributing request in refer to set the goal firewall box in the case where, according to the target firewall box Facility information, send the configuration data specified in data distributing request;
In the data distributing request in the case where not specified target firewall box, obtain matched in advance several anti- The facility information of wall with flues equipment;
Target firewall box is determined according to facility information obtained, and is sent to identified target firewall box The configuration data specified in the data distributing request.
A kind of firewall configuration device, which is characterized in that described device is applied to OpenStack server-side, comprising:
Request receiving module issues request for receiving data;
Specified determining module, for determining in the data distributing request whether specify target firewall box, the mesh Marking firewall box is any appliance in preparatory matched several firewall boxes;
Data transmission blocks, in the case where setting the goal firewall box for referring in data distributing request, according to The facility information of the target firewall box sends the configuration data specified in the data distributing request;
Information acquisition module, in the case where not specified target firewall box, being obtained in data distributing request Obtain the facility information of several firewall boxes matched in advance;
Equipment determining module, for determining target firewall box according to facility information obtained;
The data transmission blocks are also used to send to identified target firewall box in the data distributing request Specified configuration data.
Technical solution provided by this specification embodiment can match the facility information of several firewall boxes in advance, So as in data distributing, to a certain firewall box down distributing configuration data that is specified or determining, to realize one FWaaS can carry out resources for more firewall boxes and the configuration such as issue, while configure more firewall boxes, meet big rule The demand of more firewall boxes is disposed under mould networking cloud environment.
It should be understood that above general description and following detailed description be only it is exemplary and explanatory, not This specification embodiment can be limited.
In addition, any embodiment in this specification embodiment does not need to reach above-mentioned whole effects.
Detailed description of the invention
In order to illustrate more clearly of this specification embodiment or technical solution in the prior art, below will to embodiment or Attached drawing needed to be used in the description of the prior art is briefly described, it should be apparent that, the accompanying drawings in the following description is only The some embodiments recorded in this specification embodiment for those of ordinary skill in the art can also be attached according to these Figure obtains other attached drawings.
Fig. 1 is the flow diagram of this specification embodiment firewall configuration method;
Fig. 2 is the structural schematic diagram of this specification embodiment firewall configuration device;
Fig. 3 is the structural schematic diagram of this specification embodiment data transmission blocks;
Fig. 4 is the structural schematic diagram of this specification embodiment equipment determining module;
Fig. 5 is the structural schematic diagram for configuring a kind of equipment of this specification embodiment device.
Specific embodiment
In order to make those skilled in the art more fully understand the technical solution in this specification embodiment, below in conjunction with this Attached drawing in specification embodiment is described in detail the technical solution in this specification embodiment, it is clear that described Embodiment is only a part of the embodiment of this specification, instead of all the embodiments.The embodiment of base in this manual, Those of ordinary skill in the art's every other embodiment obtained, all should belong to the range of protection.
In view of the problems of the existing technology, this specification provides a kind of firewall configuration method, is applied to OpenStack Server-side, shown in Figure 1, this method may comprise steps of:
S101 receives data distributing request;
This specification embodiment does not limit the trigger mechanism of data distributing request.
In one example, can by user in configuration interface manually, such as by can be to OpenStack server-side The Web configuration interface or Command Line Interface configured issues data distributing request to OpenStack server-side;
In another example, it can also be set out automatically according to pre-set time or other conditions, it such as can be with Periodically carry out data distributing;Etc..
Those skilled in the art can be configured according to actual needs.
S102 determines in the data distributing request whether specify target firewall box, the target firewall box For any appliance in preparatory matched several firewall boxes;
In this specification embodiment, it can specifically be pre-configured with several firewall boxes in several ways, this illustrates reality It applies example not limiting this, those skilled in the art can be configured flexibly according to the actual situation.
It, first can be by developer by fire prevention to be matched in a kind of specific embodiment of this specification embodiment In the information write-in matching files of wall equipment, for example, creating fwaas_driver.ini file and with configuration group [fw_device_ 1] 1 firewall is indicated, so as to add more firewall boxes in matching files.
Further, it is also possible to which several information of firewall box are written in matching files, set for example, can be written into firewall The docking that the information of the equipment such as standby IP, user name, password and description itself and every firewall box need to configure Docking informations such as vlan, docking IP information and docking RT equipment etc..
Accordingly, OpenStack server-side can obtain firewall box matching files first, and parse the matching File obtains the several groups facility information for including in this document;Wherein, any group of facility information is to be matched anti-for describing to correspond to Wall with flues equipment;Then by several groups firewall box information obtained, it is stored in the firewall box information that local terminal is pre-created In table, so as to local terminal acquisition when issuing matched data to matched firewall box.May include in the table major key id, The fields such as router_id, fw_ip, username, password, status and priority.
In addition, if firewall box need to be docked with router, then the router data table pre-established can also be extended, Firewall box column are added for it, for identifying the firewall box of each router docking.
In another specific embodiment of this specification embodiment, can also to above-mentioned firewall box information table into Row updates.It can receive firewall box information table first and update request, for example, can be triggered by user by configuration interface, Or setting timing automatic trigger mechanism, etc..After receiving update request, obtains the update and request corresponding firewall Equipment matching files, and the matching files are parsed, obtain the several groups facility information for including in this document;Compare and parses To facility information and local terminal firewall box information table in the facility information that stores it is whether consistent, and in inconsistent situation Under, the facility information stored in local terminal firewall box information table is updated using the facility information parsed.
For example, OpenStack server-side can traverse configuration file fwaas_ when starting FWaaS service Configuration group [fw_device_n] in driver.ini, and the configuration group being not present in local terminal firewall box information table is believed Breath is written in the table, and deletes the configuration group information for existing in the table but being not present in configuration file.
In addition, OpenStack server-side start FWaaS service when, can also according in configuration group docking vlan and IP information is docked, corresponding vlan-if interface is created;And default route is created, outgoing interface is the vlan-if mouthfuls, and next-hop is The IP of the direct-connected mouth vlan of RT equipment.
It may include that firewall is set in another specific embodiment of this specification embodiment, in above equipment information Standby operating status situation.It is preparatory to be stored in local terminal by several groups firewall box information obtained for OpenStack server-side It, can also be according to the every group of firewall box information stored in table: to this group of firewall after the firewall box information table of creation The corresponding firewall box of facility information carries out state-detection;In the case where testing result is operating status, which is tied Fruit is stored in this group of firewall box information;In the case where testing result is not running state, which is stored in the group Firewall box information, and carry out equipment not running warning.
For example, if firewall box can normal communication, be operating status (as be labeled as Active), otherwise for not Operating status (as being labeled as Down), and can prompt check network failure in Web configuration interface.
S103, the data distributing request in refer to set the goal firewall box in the case where, according to the target prevent fires The facility information of wall equipment sends the configuration data specified in the data distributing request;
User can specify the firewall box of OpenStack server-side data distributing, for example, can configure boundary in Web The selection in face (such as interface Dashboard), for another example, can be specified by order line " -- device " attribute, etc..To, There may be specified target firewall boxes in the data distributing request.
Specifically, OpenStack server-side can obtain the mesh stored in the firewall box information table first The facility information of firewall box is marked, and determines the state-detection in the facility information as a result, according to the state-detection knot Fruit determines whether the target firewall box is operating status.
If so, according to the facility information of the target firewall box, described in the transmission of Xiang Suoshu target firewall box The configuration data specified in data distributing request;If it is not, then carrying out the target firewall box not running warning.
S104 in the data distributing request in the case where not specified target firewall box, is obtained matched in advance The facility information of several firewall boxes;
S105 determines target firewall box according to facility information obtained, and sets to identified target firewall Preparation send the configuration data specified in the data distributing request.
For ease of description, S104 is illustrated in conjunction with S105.
And if data distributing request in not specified target firewall box, can by OpenStack server-side according to The facility information of firewall box determines target firewall box and sends configuration data.
Specifically, preset several indexs can be obtained first, and are directed to any group of firewall box information obtained: It determines in this group of facility information, several finger target values, using identified index value, it is corresponding anti-to calculate this group of facility information Load capacity value is met default screening rule according to each load capacity value calculated by the load capacity value of wall with flues equipment Equipment is determined as target firewall box.
For example, several indexs may include: the memory headroom of firewall box, memory space, maximum concurrent remainder, And/or newly-built session number, etc..
The indices of matching firewall box can be periodically collected (as using 5s by the period) by FWaaS Agent Value, and the weight of default indices calculate the weighted results of indices value as load capacity value, so that energy will be loaded The maximum firewall box of force value is determined as target firewall box.
It can also be a fire prevention with 2 firewall boxes in a kind of specific embodiment of this specification embodiment Wall group, 2 equipment are respectively master and slave firewall box, to avoid influencing entire when a firewall box breaks down The firewall functionality of system is realized.In each firewall group, can by configuration distributing mouth IP (usually managing an IP) address, The IP address corresponds to 2 firewall boxes in the firewall group.
It is specified in data distributing request when OpenStack server-side sends configuration data to firewall box Firewall box can be a firewall group, and master firewall equipment of the OpenStack server-side in the firewall group is fortune In the case where row state, configuration data is sent to the master firewall equipment, and the master firewall equipment in the firewall group is not In the case where for operating status, the slave firewall equipment into the firewall group sends configuration data;Similarly, if under data Hair request in and not specified firewall box, then OpenStack server-side can be calculated according to the index value of master firewall equipment Load capacity value, or the load capacity value of the firewall group is calculated according to the index value of master and slave firewall box, to select The firewall box for meeting default screening rule sends configuration data.
Corresponding to above method embodiment, this specification embodiment also provides a kind of firewall configuration device, is applied to OpenStack server-side, it is shown in Figure 2, the apparatus may include:
Request receiving module 110 issues request for receiving data;
Specified determining module 120, it is described for determining in the data distributing request whether specify target firewall box Target firewall box is any appliance in preparatory matched several firewall boxes;
Data transmission blocks 130, in the case where setting the goal firewall box for referring in data distributing request, root According to the facility information of the target firewall box, the configuration data specified in the data distributing request is sent;
Information acquisition module 140, in the case where being used for the not specified target firewall box in data distributing request, Obtain the facility information of matched several firewall boxes in advance;
Equipment determining module 150, for determining target firewall box according to facility information obtained;
The data transmission blocks 130 are also used to send the data distributing to identified target firewall box and ask The configuration data specified in asking.
It is shown in Figure 3 in a kind of specific embodiment of this specification embodiment, the data transmission blocks 130, May include:
Information obtainment unit 131 is set for obtaining the target firewall stored in the firewall box information table Standby facility information, and determine the state-detection result in the facility information;
Status determining unit 132, for according to the state-detection as a result, determine the target firewall box whether be Operating status;
Data transmission unit 133 is used in the case where the target firewall box is operating status, according to the mesh The facility information of firewall box is marked, Xiang Suoshu target firewall box sends the configuration number specified in the data distributing request According to;
Warning unit 134, for carrying out the target in the case where the target firewall box is not running state The warning of firewall box not running.
It is shown in Figure 4 in a kind of specific embodiment of this specification embodiment, the equipment determining module 150, May include:
Index obtaining unit 151, for obtaining preset several indexs;
Equipment screening unit 152, for being directed to any group of firewall box information obtained: determining this group of facility information In, several finger target values;Using identified index value, the load energy that this group of facility information corresponds to firewall box is calculated Force value;According to each load capacity value calculated, load capacity value is met to the equipment of default screening rule, it is anti-to be determined as target Wall with flues equipment.
The function of each unit and the realization process of effect are specifically detailed in the above method and correspond to step in above-mentioned apparatus Realization process, details are not described herein.
For device embodiment, since it corresponds essentially to embodiment of the method, so related place is referring to method reality Apply the part explanation of example.The apparatus embodiments described above are merely exemplary, wherein described be used as separation unit The unit of explanation may or may not be physically separated, and component shown as a unit can be or can also be with It is not physical unit, it can it is in one place, or may be distributed over multiple network units.It can be according to actual The purpose for needing to select some or all of the modules therein to realize this specification example scheme.Ordinary skill people Member can understand and implement without creative efforts.
This specification embodiment also provides a kind of computer equipment, includes at least memory, processor and is stored in On reservoir and the computer program that can run on a processor, wherein processor realizes fire prevention above-mentioned when executing described program Wall configuration method.This method includes at least:
A kind of firewall configuration method, which is characterized in that the method is applied to OpenStack server-side, comprising:
Receive data distributing request;
It determines in the data distributing request and whether specifies target firewall box, the target firewall box is preparatory Any appliance in matched several firewall boxes;
The data distributing request in refer to set the goal firewall box in the case where, according to the target firewall box Facility information, send the configuration data specified in data distributing request;
In the data distributing request in the case where not specified target firewall box, obtain matched in advance several anti- The facility information of wall with flues equipment;
Target firewall box is determined according to facility information obtained, and is sent to identified target firewall box The configuration data specified in the data distributing request.
Fig. 5 shows one kind provided by this specification embodiment and more specifically calculates device hardware structural schematic diagram, The equipment may include: processor 1010, memory 1020, input/output interface 1030, communication interface 1040 and bus 1050.Wherein processor 1010, memory 1020, input/output interface 1030 and communication interface 1040 are real by bus 1050 The now communication connection inside equipment each other.
Processor 1010 can use general CPU (Central Processing Unit, central processing unit), micro- place Reason device, application specific integrated circuit (Application Specific Integrated Circuit, ASIC) or one Or the modes such as multiple integrated circuits are realized, for executing relative program, to realize technical side provided by this specification embodiment Case.
Memory 1020 can use ROM (Read Only Memory, read-only memory), RAM (Random Access Memory, random access memory), static storage device, the forms such as dynamic memory realize.Memory 1020 can store Operating system and other applications are realizing technical solution provided by this specification embodiment by software or firmware When, relevant program code is stored in memory 1020, and execution is called by processor 1010.
Input/output interface 1030 is for connecting input/output module, to realize information input and output.Input and output/ Module can be used as component Configuration (not shown) in a device, can also be external in equipment to provide corresponding function.Wherein Input equipment may include keyboard, mouse, touch screen, microphone, various kinds of sensors etc., output equipment may include display, Loudspeaker, vibrator, indicator light etc..
Communication interface 1040 is used for connection communication module (not shown), to realize the communication of this equipment and other equipment Interaction.Wherein communication module can be realized by wired mode (such as USB, cable etc.) and be communicated, can also be wirelessly (such as mobile network, WIFI, bluetooth etc.) realizes communication.
Bus 1050 include an access, equipment various components (such as processor 1010, memory 1020, input/it is defeated Outgoing interface 1030 and communication interface 1040) between transmit information.
It should be noted that although above equipment illustrates only processor 1010, memory 1020, input/output interface 1030, communication interface 1040 and bus 1050, but in the specific implementation process, which can also include realizing normal fortune Other assemblies necessary to row.In addition, it will be appreciated by those skilled in the art that, it can also be only comprising real in above equipment Component necessary to existing this specification example scheme, without including all components shown in figure.
Although this specification includes many specific implementation details, these are not necessarily to be construed as the model for limiting any invention It encloses or range claimed, and is primarily used for describing the feature of the specific embodiment of specific invention.In this specification Certain features described in multiple embodiments can also be combined implementation in a single embodiment.On the other hand, individually implementing Various features described in example can also be performed separately in various embodiments or be implemented with any suitable sub-portfolio.This Outside, although feature can work in certain combinations as described above and even initially so be claimed, institute is come from One or more features in claimed combination can be removed from the combination in some cases, and claimed Combination can be directed toward the modification of sub-portfolio or sub-portfolio.
Similarly, although depicting operation in the accompanying drawings with particular order, this is understood not to require these behaviour Make the particular order shown in execute or sequentially carry out or require the operation of all illustrations to be performed, to realize desired knot Fruit.In some cases, multitask and parallel processing may be advantageous.In addition, the various system modules in above-described embodiment Separation with component is understood not to be required to such separation in all embodiments, and it is to be understood that described Program assembly and system can be usually integrated in together in single software product, or be packaged into multiple software product.
The specific embodiment of theme has been described as a result,.Other embodiments are within the scope of the appended claims.? In some cases, the movement recorded in claims can be executed in different order and still realize desired result.This Outside, the processing described in attached drawing and it is nonessential shown in particular order or sequential order, to realize desired result.In certain realities In existing, multitask and parallel processing be may be advantageous.
The foregoing is merely the preferred embodiments of this specification embodiment, do not implement to limit this specification Example, all within the spirit and principle of this specification embodiment, any modification, equivalent substitution, improvement and etc. done should all include Within the scope of the protection of this specification embodiment.

Claims (10)

1. a kind of firewall configuration method, which is characterized in that the method is applied to OpenStack server-side, comprising:
Receive data distributing request;
It determines and whether specifies target firewall box in the data distributing request, the target firewall box is matching in advance Several firewall boxes in any appliance;
The data distributing request in refer to set the goal firewall box in the case where, according to setting for the target firewall box Standby information sends the configuration data specified in the data distributing request;
In the data distributing request in the case where not specified target firewall box, matched several firewalls in advance are obtained The facility information of equipment;
Target firewall box is determined according to facility information obtained, and to described in the transmission of identified target firewall box The configuration data specified in data distributing request.
2. the method according to claim 1, wherein several firewall boxes of matching, comprising:
Obtain firewall box matching files;
The matching files are parsed, the several groups facility information for including in this document is obtained;Wherein, any group of facility information is used for The corresponding firewall box to be matched of description;
Several groups firewall box information obtained is stored in the firewall box information table that local terminal is pre-created, so as to Local terminal acquisition when issuing matched data to matched firewall box.
3. according to the method described in claim 2, it is characterized in that, the method also includes:
It receives firewall box information table and updates request;
It obtains the update and requests corresponding firewall box matching files;
The matching files are parsed, the several groups facility information for including in this document is obtained;
Whether consistent compare the facility information stored in the facility information and local terminal firewall box information table parsed, and In the case of inconsistencies, the equipment stored in local terminal firewall box information table is believed using the facility information parsed Breath is updated.
4. according to the method described in claim 2, it is characterized in that, the method is by several groups firewall box obtained Information, after being stored in the firewall box information table that local terminal is pre-created, further includes:
According to the every group of firewall box information stored in table:
State-detection is carried out to the corresponding firewall box of this group of firewall box information;
In the case where testing result is operating status, which is stored in this group of firewall box information;
In the case where testing result is not running state, which is stored in this group of firewall box information, and carry out The warning of equipment not running.
5. the method according to claim 1, wherein described believe according to the equipment of the target firewall box Breath sends the configuration data specified in the data distributing request, comprising:
The facility information of the target firewall box stored in the firewall box information table is obtained, and is set described in determination State-detection result in standby information;
According to the state-detection as a result, determining whether the target firewall box is operating status;
If so, Xiang Suoshu target firewall box sends the data according to the facility information of the target firewall box Issue the configuration data specified in request;
If it is not, then carrying out the target firewall box not running warning.
6. the method according to claim 1, wherein described determine that target is prevented fires according to facility information obtained Wall equipment, comprising:
Preset several indexs are obtained, and are directed to any group of firewall box information obtained:
It determines in this group of facility information, several finger target values;
Using identified index value, the load capacity value that this group of facility information corresponds to firewall box is calculated;
According to each load capacity value calculated, load capacity value is met to the equipment of default screening rule, it is anti-to be determined as target Wall with flues equipment.
7. the method according to claim 1, wherein several indexs include:
Memory headroom, memory space, maximum concurrent remainder, and/or the newly-built session number of firewall box.
8. a kind of firewall configuration device, which is characterized in that described device is applied to OpenStack server-side, comprising:
Request receiving module issues request for receiving data;
Specified determining module, for determining in the data distributing request whether specify target firewall box, the target is anti- Wall with flues equipment is any appliance in preparatory matched several firewall boxes;
Data transmission blocks, in the case where setting the goal firewall box for referring in data distributing request, according to described The facility information of target firewall box sends the configuration data specified in the data distributing request;
Information acquisition module, in the case where not specified target firewall box, being obtained pre- in data distributing request The first facility information of matched several firewall boxes;
Equipment determining module, for determining target firewall box according to facility information obtained;
The data transmission blocks are also used to send to identified target firewall box in the data distributing request and specify Configuration data.
9. device according to claim 8, which is characterized in that the data transmission blocks, comprising:
Information obtainment unit, the equipment for obtaining the target firewall box stored in the firewall box information table Information, and determine the state-detection result in the facility information;
Status determining unit, for according to the state-detection as a result, determining whether the target firewall box is operation shape State;
Data transmission unit, for being prevented fires according to the target in the case where the target firewall box is operating status The facility information of wall equipment, Xiang Suoshu target firewall box send the configuration data specified in the data distributing request;
Warning unit, for carrying out the target firewall in the case where the target firewall box is not running state The warning of equipment not running.
10. device according to claim 8, which is characterized in that the equipment determining module, comprising:
Index obtaining unit, for obtaining preset several indexs;
Equipment screening unit, for being directed to any group of firewall box information obtained: it determines in this group of facility information, it is described Several finger target values;Using identified index value, the load capacity value that this group of facility information corresponds to firewall box is calculated;Root According to each load capacity value calculated, load capacity value is met to the equipment of default screening rule, is determined as target firewall and sets It is standby.
CN201910186573.0A 2019-03-12 2019-03-12 Firewall configuration method and device Active CN109962914B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910186573.0A CN109962914B (en) 2019-03-12 2019-03-12 Firewall configuration method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910186573.0A CN109962914B (en) 2019-03-12 2019-03-12 Firewall configuration method and device

Publications (2)

Publication Number Publication Date
CN109962914A true CN109962914A (en) 2019-07-02
CN109962914B CN109962914B (en) 2021-07-23

Family

ID=67024253

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910186573.0A Active CN109962914B (en) 2019-03-12 2019-03-12 Firewall configuration method and device

Country Status (1)

Country Link
CN (1) CN109962914B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113162979A (en) * 2021-03-17 2021-07-23 深圳乐播科技有限公司 Service publishing method, device, equipment and storage medium
CN113329022A (en) * 2021-05-31 2021-08-31 北京天融信网络安全技术有限公司 Information processing method of virtual firewall and electronic equipment

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101610264A (en) * 2009-07-24 2009-12-23 深圳市永达电子股份有限公司 The management method of a kind of firewall system, safety service platform and firewall system
CN102055742A (en) * 2009-11-10 2011-05-11 中国移动通信集团吉林有限公司 Method and device for configuring firewall
US20140351392A1 (en) * 2012-05-08 2014-11-27 Guest Tek Interactive Entertainment Ltd. Automatically configuring computer network at hospitality establishment with reservation-specific settings
CN104579723A (en) * 2013-10-16 2015-04-29 宇宙互联有限公司 Gateway configuration management system and method
US9223635B2 (en) * 2012-10-28 2015-12-29 Citrix Systems, Inc. Network offering in cloud computing environment
CN106302466A (en) * 2016-08-17 2017-01-04 东软集团股份有限公司 The management method of a kind of fire wall and system
CN107888597A (en) * 2017-11-16 2018-04-06 杭州迪普科技股份有限公司 A kind of FWaaS security domains collocation method and device
CN107959585A (en) * 2017-11-08 2018-04-24 新华三信息安全技术有限公司 A kind of firewall configuration method, apparatus and electronic equipment
CN108173842A (en) * 2017-12-26 2018-06-15 国家电网公司 The disposition optimization method of software definition fire wall based on openstack cloud platforms
CN108471397A (en) * 2018-01-31 2018-08-31 华为技术有限公司 Firewall configuration, file transmitting method and device
CN109361711A (en) * 2018-12-14 2019-02-19 泰康保险集团股份有限公司 Firewall configuration method, apparatus, electronic equipment and computer-readable medium

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101610264A (en) * 2009-07-24 2009-12-23 深圳市永达电子股份有限公司 The management method of a kind of firewall system, safety service platform and firewall system
CN102055742A (en) * 2009-11-10 2011-05-11 中国移动通信集团吉林有限公司 Method and device for configuring firewall
US20140351392A1 (en) * 2012-05-08 2014-11-27 Guest Tek Interactive Entertainment Ltd. Automatically configuring computer network at hospitality establishment with reservation-specific settings
US9223635B2 (en) * 2012-10-28 2015-12-29 Citrix Systems, Inc. Network offering in cloud computing environment
CN104579723A (en) * 2013-10-16 2015-04-29 宇宙互联有限公司 Gateway configuration management system and method
CN106302466A (en) * 2016-08-17 2017-01-04 东软集团股份有限公司 The management method of a kind of fire wall and system
CN107959585A (en) * 2017-11-08 2018-04-24 新华三信息安全技术有限公司 A kind of firewall configuration method, apparatus and electronic equipment
CN107888597A (en) * 2017-11-16 2018-04-06 杭州迪普科技股份有限公司 A kind of FWaaS security domains collocation method and device
CN108173842A (en) * 2017-12-26 2018-06-15 国家电网公司 The disposition optimization method of software definition fire wall based on openstack cloud platforms
CN108471397A (en) * 2018-01-31 2018-08-31 华为技术有限公司 Firewall configuration, file transmitting method and device
CN109361711A (en) * 2018-12-14 2019-02-19 泰康保险集团股份有限公司 Firewall configuration method, apparatus, electronic equipment and computer-readable medium

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113162979A (en) * 2021-03-17 2021-07-23 深圳乐播科技有限公司 Service publishing method, device, equipment and storage medium
CN113162979B (en) * 2021-03-17 2021-11-23 深圳乐播科技有限公司 Service publishing method, device, equipment and storage medium
CN113329022A (en) * 2021-05-31 2021-08-31 北京天融信网络安全技术有限公司 Information processing method of virtual firewall and electronic equipment
CN113329022B (en) * 2021-05-31 2022-08-05 北京天融信网络安全技术有限公司 Information processing method of virtual firewall and electronic equipment

Also Published As

Publication number Publication date
CN109962914B (en) 2021-07-23

Similar Documents

Publication Publication Date Title
CN108234168B (en) Data display method and system based on service topology
CN105979009B (en) A kind of increase load automatic balancing method for cloud application container
CN107689882A (en) The method and apparatus of service deployment in a kind of virtualization network
CN110489126B (en) Compiling task execution method and device, storage medium and electronic device
CN108563579B (en) White box testing method, device and system and storage medium
CN106445473B (en) container deployment method and device
GB2523338A (en) Testing a virtualised network function in a network
EP3244569A1 (en) Asset information management method and device
CN115185647B (en) virtio equipment direct connection method and related device
CN113742031A (en) Node state information acquisition method and device, electronic equipment and readable storage medium
CN109962914A (en) A kind of firewall configuration method and device
US20230254383A1 (en) Operations control of network services
CN111934904B (en) Capacity expansion method, controller and system
CN115795929A (en) Simulation deduction evaluation system and method
CN110532060A (en) A kind of hybrid network environmental data collecting method and system
CN110069406A (en) The TPC-DS test method and system of automatic trigger
CN108650337B (en) Server detection method, system and storage medium
CN110727511B (en) Control method for application program, network side device and computer readable storage medium
CN112698930A (en) Method, device, equipment and medium for obtaining server identification
CN107707424A (en) The control method and system of load condition
CN109739518A (en) Generate the method and device of offline software resource
CN113656152B (en) Local simulation method, system, medium and electronic equipment based on container cloud environment
CN115134281A (en) Network consumption source type component performance test optimization method, system and device
JP2014186432A (en) Electronic apparatus and script generation device
KR101737468B1 (en) Apparatus and method for managing resource in virtualization environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant