CN109962914B - Firewall configuration method and device - Google Patents
Firewall configuration method and device Download PDFInfo
- Publication number
- CN109962914B CN109962914B CN201910186573.0A CN201910186573A CN109962914B CN 109962914 B CN109962914 B CN 109962914B CN 201910186573 A CN201910186573 A CN 201910186573A CN 109962914 B CN109962914 B CN 109962914B
- Authority
- CN
- China
- Prior art keywords
- firewall
- equipment
- information
- target
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
Abstract
A firewall configuration method and device are disclosed. A firewall configuration method is applied to an OpenStack server and comprises the following steps: receiving a data issuing request; determining whether a target firewall device is appointed in the data issuing request, wherein the target firewall device is any one of a plurality of firewall devices matched in advance; under the condition that target firewall equipment is specified in the data issuing request, sending configuration data specified in the data issuing request according to equipment information of the target firewall equipment; under the condition that the target firewall equipment is not specified in the data issuing request, acquiring equipment information of a plurality of firewall equipment which are matched in advance; and determining target firewall equipment according to the obtained equipment information, and sending the configuration data specified in the data issuing request to the determined target firewall equipment.
Description
Technical Field
The embodiment of the specification relates to the technical field of network communication, in particular to a firewall configuration method and device.
Background
OpenStack is a mainstream open-source cloud computing management platform project at present, and provides core services such as computing, network and storage, and extension services such as FWaaS (Firewall as a Service) through a plurality of included components.
When the OpenStack server is in butt joint with the firewall hardware equipment, the configuration of the FWaaS to the firewall equipment can be realized. In the prior art, the FWaaS can only perform configuration such as resource distribution and the like for one firewall device, but cannot configure multiple firewall devices at the same time. Therefore, the requirement of deploying multiple firewall devices in a large-scale networking cloud environment cannot be met.
Disclosure of Invention
In view of this, embodiments of the present specification provide a firewall configuration method and apparatus, which are applied to an OpenStack server, and the technical solution is as follows:
a firewall configuration method is applied to an OpenStack server and comprises the following steps:
receiving a data issuing request;
determining whether a target firewall device is appointed in the data issuing request, wherein the target firewall device is any one of a plurality of firewall devices matched in advance;
under the condition that target firewall equipment is specified in the data issuing request, sending configuration data specified in the data issuing request according to equipment information of the target firewall equipment;
under the condition that the target firewall equipment is not specified in the data issuing request, acquiring equipment information of a plurality of firewall equipment which are matched in advance;
and determining target firewall equipment according to the obtained equipment information, and sending the configuration data specified in the data issuing request to the determined target firewall equipment.
A firewall configuration device is applied to an OpenStack server and comprises the following steps:
the request receiving module is used for receiving a data issuing request;
the appointed determining module is used for determining whether a target firewall device is appointed in the data issuing request, wherein the target firewall device is any one of a plurality of firewall devices matched in advance;
the data sending module is used for sending the configuration data specified in the data issuing request according to the equipment information of the target firewall equipment under the condition that the target firewall equipment is specified in the data issuing request;
the information obtaining module is used for obtaining the device information of a plurality of firewall devices matched in advance under the condition that the target firewall device is not specified in the data issuing request;
the device determining module is used for determining target firewall equipment according to the obtained device information;
and the data sending module is also used for sending the configuration data specified in the data sending request to the determined target firewall equipment.
According to the technical scheme provided by the embodiment of the specification, the device information of a plurality of firewall devices can be matched in advance, so that the configuration data can be issued to a specified or determined certain firewall device when the data is issued, the configuration that one FWaaS can issue resources and the like for a plurality of firewall devices is realized, the plurality of firewall devices are configured at the same time, and the requirement of deploying the plurality of firewall devices in a large-scale networking cloud environment is met.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of embodiments of the invention.
In addition, any one of the embodiments in the present specification is not required to achieve all of the effects described above.
Drawings
In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the embodiments of the present specification, and other drawings can be obtained by those skilled in the art according to the drawings.
Fig. 1 is a schematic flow chart illustrating a firewall configuration method according to an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of a firewall configuration apparatus according to an embodiment of the present disclosure;
FIG. 3 is a schematic structural diagram of a data transmission module according to an embodiment of the present disclosure;
FIG. 4 is a schematic structural diagram of a device determination module according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of an apparatus for configuring a device according to an embodiment of the present disclosure.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the embodiments of the present specification, the technical solutions in the embodiments of the present specification will be described in detail below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all the embodiments. All other embodiments that can be derived by one of ordinary skill in the art from the embodiments given herein are intended to be within the scope of protection.
To solve the problems in the prior art, the present specification provides a firewall configuration method, which is applied to an OpenStack server, and as shown in fig. 1, the method may include the following steps:
s101, receiving a data issuing request;
the embodiments of the present description do not limit the triggering mechanism of the data issuing request.
In one example, a user can manually start in a configuration interface, for example, a data issuing request is sent to an OpenStack server through a Web configuration interface or a command line interface that can configure the OpenStack server;
in another example, the automatic departure may also be performed according to a preset time or other conditions, for example, data may be issued periodically; and so on.
The setting can be carried out by the person skilled in the art according to the actual requirements.
S102, determining whether a target firewall device is appointed in the data issuing request, wherein the target firewall device is any one of a plurality of firewall devices matched in advance;
in the embodiment of the present description, a plurality of firewall devices may be configured in advance in a plurality of ways, which is not limited in the embodiment of the present description, and those skilled in the art may flexibly configure the firewall devices according to actual situations.
In a specific implementation manner of the embodiment of the present specification, a developer may first write information of firewall devices to be matched into a matching file, for example, create a fwas _ driver.ini file and represent 1 firewall by a configuration group [ fw _ device _1], so that multiple firewall devices may be added to the matching file.
In addition, some information of the firewall device may be written in the matching file, for example, information of the firewall device itself, such as an IP, a user name, a password, and a description, and docking information, such as a docking vlan, docking IP information, and a docking RT device, that needs to be configured for each firewall device may be written.
Correspondingly, the OpenStack server may first obtain a firewall device matching file, and parse the matching file to obtain a plurality of sets of device information included in the file; any group of equipment information is used for describing corresponding firewall equipment to be matched; and then, storing the obtained groups of firewall equipment information into a firewall equipment information table pre-established by the home terminal so as to facilitate the home terminal to obtain the matching data when the home terminal issues the matching data to the matched firewall equipment. Fields such as primary key id, router _ id, fw _ ip, username, password, status, and priority may be included in the table.
In addition, if the firewall device needs to be in butt joint with the router, the pre-established router data table can be expanded, and a firewall device column is added for identifying the firewall device in butt joint with each router.
In another specific implementation manner of the embodiment of the present specification, the firewall device information table may be further updated. First, a firewall device information table update request may be received, which may be triggered by a user through a configuration interface, or a timing auto-trigger mechanism may be set, for example. After receiving an update request, obtaining a firewall device matching file corresponding to the update request, and analyzing the matching file to obtain a plurality of groups of device information included in the file; and comparing whether the analyzed device information is consistent with the device information stored in the local firewall device information table, and updating the device information stored in the local firewall device information table by using the analyzed device information under the condition of inconsistency.
For example, when the OpenStack server starts the FWaaS service, the OpenStack server may traverse the configuration group [ fw _ device _ n ] in the configuration file fwas _ driver.ini, write configuration group information that does not exist in the local firewall device information table into the table, and delete configuration group information that exists in the table but does not exist in the configuration file.
In addition, when the OpenStack server side starts the FWaaS service, a corresponding vlan-if interface can be created according to the docking vlan and the docking IP information in the configuration group; and a default route is established, the output interface is the vlan-if port, and the next hop is the IP of the direct connection port vlan of the RT device.
In another specific implementation manner of the embodiment of this specification, the device information may include an operation status of the firewall device. The OpenStack server stores a plurality of groups of obtained firewall device information into a firewall device information table created by the server in advance, and can also store each group of firewall device information in the table according to the firewall device information: performing state detection on the firewall equipment corresponding to the firewall equipment information; storing the detection result into the firewall equipment information under the condition that the detection result is in the running state; and storing the detection result into the firewall equipment information group and giving an alarm that the equipment does not operate when the detection result is in the non-operating state.
For example, if the firewall device can communicate normally, it is in an Active state (e.g., marked as Active), otherwise it is in an inactive state (e.g., marked as Down), and can prompt in the Web configuration interface to check for network failures.
S103, under the condition that the target firewall equipment is specified in the data issuing request, sending the configuration data specified in the data issuing request according to the equipment information of the target firewall equipment;
the user may specify the firewall device to which the OpenStack server issues data, for example, the selection may be made in a Web configuration interface (e.g., Dashboard interface), or, for example, the "- -device" attribute may be specified through a command line, etc. Thus, there may be a designated target firewall device in the data delivery request.
Specifically, the OpenStack server may first obtain the device information of the target firewall device stored in the firewall device information table, determine a state detection result in the device information, and determine whether the target firewall device is in an operating state according to the state detection result.
If so, sending the configuration data specified in the data issuing request to the target firewall equipment according to the equipment information of the target firewall equipment; and if not, warning that the target firewall equipment does not operate.
S104, under the condition that the target firewall equipment is not appointed in the data issuing request, acquiring the equipment information of a plurality of firewall equipment which are matched in advance;
and S105, determining target firewall equipment according to the obtained equipment information, and sending the configuration data specified in the data issuing request to the determined target firewall equipment.
For convenience of description, S104 and S105 will be described in combination.
And if the target firewall equipment is not specified in the data issuing request, the OpenStack server can determine the target firewall equipment according to the equipment information of the firewall equipment and send configuration data.
Specifically, a plurality of preset indexes may be obtained first, and for any one set of obtained firewall device information: and determining the values of the indexes in the set of equipment information, calculating the load capacity value of the firewall equipment corresponding to the set of equipment information by using the determined index values, and determining the equipment with the load capacity value meeting the preset screening rule as the target firewall equipment according to each calculated load capacity value.
For example, several metrics may include: memory space, storage space, maximum number of concurrency residuals, and/or number of new sessions of the firewall device, and so on.
The FWaaS Agent may periodically (for example, with a period of 5 s) collect index values of the matched firewall devices, preset weights of the indexes, and calculate a weighted result of the index values as a load capacity value, thereby determining the firewall device with the maximum load capacity value as the target firewall device.
In a specific implementation manner of the embodiment of this specification, 2 pieces of firewall equipment may also be taken as a firewall group, and the 2 pieces of firewall equipment are respectively taken as a master firewall equipment and a slave firewall equipment, so that when one firewall equipment fails, firewall function implementation of the whole system is prevented from being affected. In each firewall group, an IP (usually management IP) address can be issued by one configuration, and the IP address corresponds to 2 firewall devices in the firewall group.
When the OpenStack server sends configuration data to the firewall device, the firewall device specified in the data issuing request can be a firewall group, the OpenStack server sends the configuration data to the main firewall device when the main firewall device in the firewall group is in a running state, and sends the configuration data to the slave firewall device in the firewall group when the main firewall device in the firewall group is not in the running state; similarly, if the firewall device is not specified in the data issuing request, the OpenStack server may calculate the load capacity value according to the index value of the master firewall device, or calculate the load capacity value of the firewall group according to the index values of the master and slave firewall devices, so as to select the firewall device that meets the preset screening rule to send the configuration data.
Corresponding to the foregoing method embodiment, an embodiment of the present specification further provides a firewall configuration device, which is applied to an OpenStack server, and as shown in fig. 2, the firewall configuration device may include:
a request receiving module 110, configured to receive a data issuing request;
a designation determining module 120, configured to determine whether a target firewall device is designated in the data issuing request, where the target firewall device is any one of a plurality of firewall devices that are matched in advance;
a data sending module 130, configured to send configuration data specified in the data issuing request according to the device information of the target firewall device when the target firewall device is specified in the data issuing request;
an information obtaining module 140, configured to obtain device information of a plurality of firewall devices that are matched in advance when a target firewall device is not specified in the data issuing request;
a device determining module 150, configured to determine a target firewall device according to the obtained device information;
the data sending module 130 is further configured to send the configuration data specified in the data issuing request to the determined target firewall device.
In a specific implementation manner of the embodiment of this specification, referring to fig. 3, the data sending module 130 may include:
an information obtaining unit 131, configured to obtain the device information of the target firewall device stored in the firewall device information table, and determine a state detection result in the device information;
a state determining unit 132, configured to determine whether the target firewall device is in an operating state according to the state detection result;
a data sending unit 133, configured to send, to the target firewall device, configuration data specified in the data issuing request according to the device information of the target firewall device when the target firewall device is in an operating state;
and an alarm unit 134, configured to give an alarm that the target firewall device is not operating when the target firewall device is in an inoperative state.
In a specific implementation manner of the embodiment of the present specification, referring to fig. 4, the device determining module 150 may include:
an index obtaining unit 151, configured to obtain a plurality of preset indexes;
a device screening unit 152, configured to, for any obtained set of firewall device information: determining the values of the indexes in the set of equipment information; calculating the load capacity value of the firewall equipment corresponding to the set of equipment information by using the determined index value; and according to the calculated load capacity values, determining the equipment with the load capacity value meeting the preset screening rule as target firewall equipment.
The implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution of the embodiments of the present specification. One of ordinary skill in the art can understand and implement it without inventive effort.
The present specification further provides a computer device, which at least includes a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the foregoing firewall configuration method when executing the computer program. The method at least comprises the following steps:
a firewall configuration method is applied to an OpenStack server and comprises the following steps:
receiving a data issuing request;
determining whether a target firewall device is appointed in the data issuing request, wherein the target firewall device is any one of a plurality of firewall devices matched in advance;
under the condition that target firewall equipment is specified in the data issuing request, sending configuration data specified in the data issuing request according to equipment information of the target firewall equipment;
under the condition that the target firewall equipment is not specified in the data issuing request, acquiring equipment information of a plurality of firewall equipment which are matched in advance;
and determining target firewall equipment according to the obtained equipment information, and sending the configuration data specified in the data issuing request to the determined target firewall equipment.
Fig. 5 is a schematic diagram illustrating a more specific hardware structure of a computing device according to an embodiment of the present disclosure, where the computing device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 are communicatively coupled to each other within the device via bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random Access Memory), a static storage device, a dynamic storage device, or the like. The memory 1020 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 1020 and called to be executed by the processor 1010.
The input/output interface 1030 is used for connecting an input/output module to input and output information. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.
The communication interface 1040 is used for connecting a communication module (not shown in the drawings) to implement communication interaction between the present apparatus and other apparatuses. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, Bluetooth and the like).
It should be noted that although the above-mentioned device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040 and the bus 1050, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.
While this specification contains many specific implementation details, these should not be construed as limitations on the scope of any invention or of what may be claimed, but rather as descriptions of features specific to particular embodiments of particular inventions. Certain features that are described in this specification in the context of separate embodiments can also be implemented in combination in a single embodiment. In other instances, features described in connection with one embodiment may be implemented as discrete components or in any suitable subcombination. Moreover, although features may be described above as acting in certain combinations and even initially claimed as such, one or more features from a claimed combination can in some cases be excised from the combination, and the claimed combination may be directed to a subcombination or variation of a subcombination.
Similarly, while operations are depicted in the drawings in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order, or that all illustrated operations be performed, to achieve desirable results. In some cases, multitasking and parallel processing may be advantageous. Moreover, the separation of various system modules and components in the embodiments described above should not be understood as requiring such separation in all embodiments, and it should be understood that the described program components and systems can generally be integrated together in a single software product or packaged into multiple software products.
Thus, particular embodiments of the subject matter have been described. Other embodiments are within the scope of the following claims. In some cases, the actions recited in the claims can be performed in a different order and still achieve desirable results. Further, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some implementations, multitasking and parallel processing may be advantageous.
The above description is only a preferred embodiment of the present disclosure, and should not be taken as limiting the present disclosure, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the present disclosure should be included in the scope of the present disclosure.
Claims (10)
1. A firewall configuration method is applied to an OpenStack server and comprises the following steps:
receiving a data issuing request;
determining whether a target firewall device is appointed in the data issuing request, wherein the target firewall device is any one of a plurality of firewall devices matched in advance;
under the condition that target firewall equipment is specified in the data issuing request, sending configuration data specified in the data issuing request according to equipment information of the target firewall equipment;
under the condition that the target firewall equipment is not specified in the data issuing request, acquiring equipment information of a plurality of firewall equipment which are matched in advance;
and determining target firewall equipment according to the obtained equipment information, and sending the configuration data specified in the data issuing request to the determined target firewall equipment.
2. The method of claim 1, wherein matching firewall devices comprises:
obtaining a firewall device matching file;
analyzing the matched file to obtain a plurality of groups of equipment information included in the file; any group of equipment information is used for describing corresponding firewall equipment to be matched;
and storing the obtained groups of firewall equipment information into a firewall equipment information table pre-established by the home terminal so as to facilitate the home terminal to obtain the matching data when the home terminal issues the matching data to the matched firewall equipment.
3. The method of claim 2, further comprising:
receiving an updating request of a firewall equipment information table;
obtaining a firewall equipment matching file corresponding to the updating request;
analyzing the matched file to obtain a plurality of groups of equipment information included in the file;
and comparing whether the analyzed device information is consistent with the device information stored in the local firewall device information table, and updating the device information stored in the local firewall device information table by using the analyzed device information under the condition of inconsistency.
4. The method according to claim 2, wherein after storing the obtained sets of firewall device information into a firewall device information table created in advance at the home terminal, the method further comprises:
according to each group of firewall device information stored in the table:
performing state detection on the firewall equipment corresponding to the firewall equipment information;
storing the detection result into the firewall equipment information under the condition that the detection result is in the running state;
and storing the detection result into the firewall equipment information group and giving an alarm that the equipment does not operate when the detection result is in the non-operating state.
5. The method according to claim 1, wherein the sending the configuration data specified in the data delivery request according to the device information of the target firewall device includes:
acquiring the equipment information of the target firewall equipment stored in the firewall equipment information table, and determining a state detection result in the equipment information;
determining whether the target firewall equipment is in an operating state or not according to the state detection result;
if so, sending the configuration data specified in the data issuing request to the target firewall equipment according to the equipment information of the target firewall equipment;
and if not, warning that the target firewall equipment does not operate.
6. The method of claim 1, wherein determining a target firewall device based on the obtained device information comprises:
obtaining a plurality of preset indexes, and aiming at any one group of obtained firewall equipment information:
determining the values of the indexes in the set of equipment information;
calculating the load capacity value of the firewall equipment corresponding to the set of equipment information by using the determined index value;
and according to the calculated load capacity values, determining the equipment with the load capacity value meeting the preset screening rule as target firewall equipment.
7. The method of claim 6, wherein the plurality of metrics comprises:
memory space, storage space, maximum concurrency residual, and/or number of new sessions of the firewall device.
8. A firewall configuration device is applied to an OpenStack server and comprises the following steps:
the request receiving module is used for receiving a data issuing request;
the appointed determining module is used for determining whether a target firewall device is appointed in the data issuing request, wherein the target firewall device is any one of a plurality of firewall devices matched in advance;
the data sending module is used for sending the configuration data specified in the data issuing request according to the equipment information of the target firewall equipment under the condition that the target firewall equipment is specified in the data issuing request;
the information obtaining module is used for obtaining the device information of a plurality of firewall devices matched in advance under the condition that the target firewall device is not specified in the data issuing request;
the device determining module is used for determining target firewall equipment according to the obtained device information;
and the data sending module is also used for sending the configuration data specified in the data sending request to the determined target firewall equipment.
9. The apparatus of claim 8, wherein the data sending module comprises:
an information obtaining unit, configured to obtain device information of the target firewall device stored in the firewall device information table, and determine a state detection result in the device information;
a state determining unit, configured to determine whether the target firewall device is in an operating state according to the state detection result;
the data sending unit is used for sending the configuration data specified in the data issuing request to the target firewall equipment according to the equipment information of the target firewall equipment under the condition that the target firewall equipment is in the running state;
and the warning unit is used for warning that the target firewall equipment does not operate under the condition that the target firewall equipment is in the non-operating state.
10. The apparatus of claim 8, wherein the device determination module comprises:
the index obtaining unit is used for obtaining a plurality of preset indexes;
and the equipment screening unit is used for aiming at any one group of obtained firewall equipment information: determining the values of the indexes in the set of equipment information; calculating the load capacity value of the firewall equipment corresponding to the set of equipment information by using the determined index value; and according to the calculated load capacity values, determining the equipment with the load capacity value meeting the preset screening rule as target firewall equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910186573.0A CN109962914B (en) | 2019-03-12 | 2019-03-12 | Firewall configuration method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910186573.0A CN109962914B (en) | 2019-03-12 | 2019-03-12 | Firewall configuration method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109962914A CN109962914A (en) | 2019-07-02 |
| CN109962914B true CN109962914B (en) | 2021-07-23 |
Family
ID=67024253
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910186573.0A Active CN109962914B (en) | 2019-03-12 | 2019-03-12 | Firewall configuration method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109962914B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113162979B (en) * | 2021-03-17 | 2021-11-23 | 深圳乐播科技有限公司 | Service publishing method, device, equipment and storage medium |
| CN113329022B (en) * | 2021-05-31 | 2022-08-05 | 北京天融信网络安全技术有限公司 | Information processing method of virtual firewall and electronic equipment |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101610264A (en) * | 2009-07-24 | 2009-12-23 | 深圳市永达电子股份有限公司 | The management method of a kind of firewall system, safety service platform and firewall system |
| CN102055742A (en) * | 2009-11-10 | 2011-05-11 | 中国移动通信集团吉林有限公司 | Method and device for configuring firewall |
| CN104579723A (en) * | 2013-10-16 | 2015-04-29 | 宇宙互联有限公司 | Gateway configuration management system and method |
| US9223635B2 (en) * | 2012-10-28 | 2015-12-29 | Citrix Systems, Inc. | Network offering in cloud computing environment |
| CN106302466A (en) * | 2016-08-17 | 2017-01-04 | 东软集团股份有限公司 | The management method of a kind of fire wall and system |
| CN107888597A (en) * | 2017-11-16 | 2018-04-06 | 杭州迪普科技股份有限公司 | A kind of FWaaS security domains collocation method and device |
| CN107959585A (en) * | 2017-11-08 | 2018-04-24 | 新华三信息安全技术有限公司 | A kind of firewall configuration method, apparatus and electronic equipment |
| CN108173842A (en) * | 2017-12-26 | 2018-06-15 | 国家电网公司 | The disposition optimization method of software definition fire wall based on openstack cloud platforms |
| CN108471397A (en) * | 2018-01-31 | 2018-08-31 | 华为技术有限公司 | Firewall configuration, file transmitting method and device |
| CN109361711A (en) * | 2018-12-14 | 2019-02-19 | 泰康保险集团股份有限公司 | Firewall configuration method, apparatus, electronic equipment and computer-readable medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CA2775804C (en) * | 2012-05-08 | 2013-01-29 | Guest Tek Interactive Entertainment Ltd. | Automatically configuring computer network at hospitality establishment with reservation-specific settings |
-
2019
- 2019-03-12 CN CN201910186573.0A patent/CN109962914B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101610264A (en) * | 2009-07-24 | 2009-12-23 | 深圳市永达电子股份有限公司 | The management method of a kind of firewall system, safety service platform and firewall system |
| CN102055742A (en) * | 2009-11-10 | 2011-05-11 | 中国移动通信集团吉林有限公司 | Method and device for configuring firewall |
| US9223635B2 (en) * | 2012-10-28 | 2015-12-29 | Citrix Systems, Inc. | Network offering in cloud computing environment |
| CN104579723A (en) * | 2013-10-16 | 2015-04-29 | 宇宙互联有限公司 | Gateway configuration management system and method |
| CN106302466A (en) * | 2016-08-17 | 2017-01-04 | 东软集团股份有限公司 | The management method of a kind of fire wall and system |
| CN107959585A (en) * | 2017-11-08 | 2018-04-24 | 新华三信息安全技术有限公司 | A kind of firewall configuration method, apparatus and electronic equipment |
| CN107888597A (en) * | 2017-11-16 | 2018-04-06 | 杭州迪普科技股份有限公司 | A kind of FWaaS security domains collocation method and device |
| CN108173842A (en) * | 2017-12-26 | 2018-06-15 | 国家电网公司 | The disposition optimization method of software definition fire wall based on openstack cloud platforms |
| CN108471397A (en) * | 2018-01-31 | 2018-08-31 | 华为技术有限公司 | Firewall configuration, file transmitting method and device |
| CN109361711A (en) * | 2018-12-14 | 2019-02-19 | 泰康保险集团股份有限公司 | Firewall configuration method, apparatus, electronic equipment and computer-readable medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109962914A (en) | 2019-07-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108234168B (en) | Data display method and system based on service topology | |
| CN106533753B (en) | Role configuration method and device of distributed system | |
| CN107733708B (en) | Equipment parameter configuration method and device, computer equipment and storage medium | |
| CN107800565B (en) | Inspection method, inspection device, inspection system, computer equipment and storage medium | |
| CN106790131B (en) | Parameter modification method and device and distributed platform | |
| US10169203B2 (en) | Test simulation for software defined networking environments | |
| EP3239840B1 (en) | Fault information provision server and fault information provision method | |
| US10944655B2 (en) | Data verification based upgrades in time series system | |
| US20160261459A1 (en) | Package dependency maps for distributed computing | |
| US9692828B2 (en) | Monitoring system for an avionics platform with three-tier architecture | |
| CN110677493B (en) | Service state determination method and device, computer device and storage medium | |
| CN110209342B (en) | Capacity expansion method, device, equipment and system for cloud hard disk | |
| CN109962914B (en) | Firewall configuration method and device | |
| CN110784515A (en) | Data storage method based on distributed cluster and related equipment thereof | |
| CN105262835A (en) | Data storage method and device of multiple machine rooms | |
| CN112333249A (en) | Business service system and method | |
| JP2017069895A (en) | Fault separation method and administrative server for performing fault separation | |
| US20230070063A1 (en) | Workflow automation utilizing metadata structure | |
| CN110780918A (en) | Middleware container processing method and device, electronic equipment and storage medium | |
| US11159610B2 (en) | Cluster formation offload using remote access controller group manager | |
| CN112769829A (en) | Deployment method of cloud physical machine, related equipment and readable storage medium | |
| CN112540805A (en) | Integrated item packaging method, device, equipment, storage medium and program product | |
| CN116302467A (en) | Task allocation method, device and storage medium | |
| CN110971478A (en) | Pressure measurement method and device for cloud platform service performance and computing equipment | |
| CN110928679B (en) | Resource allocation method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |