CN115987785A - Firewall data synchronization method and device and electronic equipment - Google Patents
Firewall data synchronization method and device and electronic equipment Download PDFInfo
- Publication number
- CN115987785A CN115987785A CN202211550785.0A CN202211550785A CN115987785A CN 115987785 A CN115987785 A CN 115987785A CN 202211550785 A CN202211550785 A CN 202211550785A CN 115987785 A CN115987785 A CN 115987785A
- Authority
- CN
- China
- Prior art keywords
- configuration
- target
- field
- data
- firewall
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a firewall data synchronization method and device and electronic equipment. Wherein, the method comprises the following steps: detecting whether a local configuration file of a firewall changes; under the condition that a local configuration file is changed, first configuration change information sent by a firewall is received through a target platform, wherein the first configuration change information at least comprises target configuration data and target fields; acquiring a numerical value of a first field stored by a target platform, and comparing whether the numerical value of the target field is the same as the numerical value of the first field or not; and under the condition that the value of the target field is different from the value of the first field, updating first configuration data stored in the target platform based on the target configuration data. The invention solves the technical problem of low efficiency in the prior art that the configuration data in the firewall and the unified management platform are synchronized manually.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a firewall data synchronization method and device and electronic equipment.
Background
With the rise of emerging technologies such as cloud computing, internet of things, big data and the like, the network information security boundary is weakened continuously, the security protection content is increased continuously, and great challenges are provided for data security and information security.
At present, an important measure of a large enterprise in the aspect of information security is to arrange firewalls at the headquarters of the enterprise and each branch office to protect the incoming and outgoing traffic. And, managing the firewalls on the unified management platform, for example, editing a configuration such as a policy on the unified management platform and issuing the configuration to the firewalls, or importing the configuration such as the policy of the firewalls to the unified management platform. In the related art, manual operation is often needed to perform configuration such as firewall policy importing on a unified management platform, which causes a problem of low efficiency. Moreover, if the configuration on the firewall is not imported to the unified management platform, the configuration on the firewall may be lost if the configuration such as the policy is directly operated on the unified management platform and is issued to the firewall.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The embodiment of the invention provides a firewall data synchronization method, a firewall data synchronization device and electronic equipment, and at least solves the technical problem of low efficiency in the prior art that the firewall and configuration data in a unified management platform are synchronized manually.
According to an aspect of the embodiments of the present invention, a method for synchronizing firewall data is provided, including: detecting whether a local configuration file of a firewall changes; under the condition that a local configuration file is changed, first configuration change information sent by a firewall is received through a target platform, wherein the first configuration change information at least comprises target configuration data and target fields, the target configuration data are changed data in the local configuration file, and the numerical values of the target fields are used for representing the number of times that the local configuration file is changed; acquiring a value of a first field stored by a target platform, and comparing whether the value of the target field is the same as the value of the first field, wherein the value of the first field is used for representing the number of times of change stored by the target platform; and under the condition that the numerical value of the target field is different from the numerical value of the first field, updating first configuration data stored in the target platform based on the target configuration data, wherein the first configuration data is data before the local configuration file is changed.
Further, the method for synchronizing firewall data further comprises: locking a synchronous task execution function of a target platform; detecting whether at least one second configuration change message is received or not under the condition that the synchronous task execution function is in a locked state, wherein the receiving time of the at least one second configuration change message is later than that of the first configuration change message; when at least one second configuration change information is received, the at least one second configuration change information is marked with a corresponding timestamp based on the reception time of the second configuration change information.
Further, the method for synchronizing firewall data further comprises the following steps: analyzing the first configuration change information to obtain target configuration data and a target field; determining a first field in a first database table in the target platform based on the target field; and acquiring the numerical value of the first field from the first database table, and comparing whether the numerical value of the target field is the same as the numerical value of the first field.
Further, the method for synchronizing firewall data further comprises the following steps: storing the target configuration data in a second field in a second database table in the target platform, wherein the data in the second field represents the latest configuration data in the firewall; newly adding and/or editing the corresponding firewall configuration in the target platform according to the newly added configuration and/or the edited configuration in the target configuration data; and according to the data in the second field, performing data adding and/or data editing on the data in a third field corresponding to the first configuration data in the second database table, wherein the data in the third field represents the configuration data of the firewall stored in the target platform.
Further, the method for synchronizing firewall data further comprises the following steps: deleting the corresponding firewall configuration in the target platform according to the deletion configuration in the target configuration data; and according to the data in the second field, deleting the data in a third field corresponding to the first configuration data in the second database table.
Further, the method for synchronizing firewall data further comprises the following steps: and updating the numerical value of the first field into the numerical value of the target field in the first database table.
Further, the method for synchronizing firewall data further comprises the following steps: generating prompt information, wherein the prompt information is used for representing that the firewall configuration in the target platform is updated; unlocking the synchronous task execution function according to the prompt information; determining whether at least one second configuration change message exists in a message queue, wherein the message queue is used for storing the configuration change message sent by a firewall; when at least one second configuration change information exists in the information queue, acquiring configuration change information corresponding to the latest timestamp from the at least one second configuration change information; and generating a synchronization task based on the configuration change information corresponding to the latest timestamp, wherein the synchronization task is used for synchronizing the configuration data in the firewall and the configuration data in the target platform.
According to another aspect of the embodiments of the present invention, there is also provided a device for synchronizing firewall data, including: the detection module is used for detecting whether the local configuration file of the firewall changes; the firewall comprises a receiving module, a sending module and a receiving module, wherein the receiving module is used for receiving first configuration change information sent by the firewall through a target platform under the condition that a local configuration file changes, the first configuration change information at least comprises target configuration data and a target field, the target configuration data is changed data in the local configuration file, and the value of the target field is used for representing the number of times of the change of the local configuration file; the first processing module is used for acquiring a value of a first field stored by the target platform and comparing whether the value of the target field is the same as the value of the first field or not, wherein the value of the first field is used for representing the number of times of change stored by the target platform; and the second processing module is used for updating the first configuration data stored in the target platform based on the target configuration data under the condition that the numerical value of the target field is different from the numerical value of the first field, wherein the first configuration data is data before the local configuration file is changed.
According to another aspect of the embodiments of the present invention, there is also provided a computer-readable storage medium, in which a computer program is stored, where the computer program is configured to execute the above-mentioned firewall data synchronization method when running.
According to another aspect of the embodiments of the present invention, there is also provided an electronic device, including one or more processors; a memory for storing one or more programs that, when executed by the one or more processors, cause the one or more processors to implement a method for running a program, wherein the program is configured to perform the above-described firewall data synchronization method when run.
In the embodiment of the invention, a mode of automatically synchronizing the configuration of the firewall to the target platform is adopted, whether the local configuration file of the firewall is changed or not is detected, then under the condition that the local configuration file is changed, first configuration change information sent by the firewall is received through the target platform, then the numerical value of a first field stored in the target platform is obtained, whether the numerical value of the target field is the same as the numerical value of the first field or not is compared, and then under the condition that the numerical value of the target field is not the same as the numerical value of the first field, the first configuration data stored in the target platform is updated based on the target configuration data. The first configuration change information at least comprises target configuration data and a target field, the target configuration data is data changed in a local configuration file, the numerical value of the target field is used for representing the number of times of change of the local configuration file, the numerical value of the first field is used for representing the number of times of change stored by a target platform, and the first configuration data is data before the local configuration file is changed.
In the process, whether the configuration of the firewall is changed or not can be determined by detecting whether the local configuration file of the firewall is changed or not, so that whether the synchronous task needs to be accurately judged or not is guaranteed; receiving first configuration change information sent by a firewall through a target platform, and providing a data basis for subsequently comparing whether the numerical value of a target field is the same as the numerical value of a first field; by comparing whether the numerical value of the target field is the same as the numerical value of the first field, whether the synchronous task needs to be carried out is accurately determined, and a guarantee is provided for synchronizing the configuration change on the firewall to the unified management platform, so that the configuration change on the firewall is synchronized to the unified management platform before the unified management platform issues the strategy to the firewall, and the situation that the configuration on the firewall is deleted by mistake is effectively avoided; and updating the first configuration data stored in the target platform based on the target configuration data, so that the configuration of the firewall is automatically synchronized to the target platform, and the efficiency of synchronizing the configuration data in the firewall and the unified management platform is improved.
Therefore, through the technical scheme of the invention, the aim of automatically synchronizing the configuration of the firewall to the target platform is fulfilled, so that the technical effect of improving the efficiency of synchronizing the configuration data in the firewall and the unified management platform is realized, and the technical problem of low efficiency in the prior art of manually synchronizing the configuration data in the firewall and the unified management platform is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a flow chart of an alternative firewall data synchronization method according to an embodiment of the invention;
FIG. 2 is a flow chart illustrating operation of an alternative firewall data synchronization system in accordance with an embodiment of the present invention;
fig. 3 is a schematic diagram of an alternative firewall data synchronization apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be noted that the related information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data for presentation, analyzed data, etc.) related to the present invention are information and data authorized by the user or sufficiently authorized by each party. For example, an interface is provided between the system and the relevant user or organization, before obtaining the relevant information, an obtaining request needs to be sent to the user or organization through the interface, and after receiving the consent information fed back by the user or organization, the relevant information is obtained.
Example 1
In accordance with an embodiment of the present invention, there is provided a method embodiment of a method for synchronizing firewall data, it being noted that the steps illustrated in the flowchart of the figure may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than presented herein.
Fig. 1 is a flowchart of an optional firewall data synchronization method according to an embodiment of the present invention, and as shown in fig. 1, the method includes the following steps:
step S101, detecting whether the local configuration file of the firewall changes.
In the above steps, whether the local configuration file of the firewall changes or not can be detected through an application system, a processor, an electronic device and other devices. Optionally, in this embodiment, whether the local configuration file of the firewall changes is detected through a system including the firewall and the target platform.
Fig. 2 is a flowchart illustrating an operation of an alternative firewall data synchronization system according to an embodiment of the present invention, and as shown in fig. 2, it is first detected whether a local configuration file of a firewall has changed. Optionally, when the user changes the configuration of the firewall according to the user's own needs, the local configuration file of the firewall may change.
It should be noted that, by detecting whether the local configuration file of the firewall changes, it can be determined whether the user changes the configuration of the firewall, thereby ensuring accurate determination of whether a synchronization task needs to be performed.
Step S102, receiving first configuration change information sent by a firewall through a target platform under the condition that a local configuration file changes, wherein the first configuration change information at least comprises target configuration data and a target field, the target configuration data is changed data in the local configuration file, and the value of the target field is used for representing the number of times the local configuration file changes.
In the above steps, the target platform may be a unified management platform that manages a plurality of firewalls. Optionally, the first configuration change information may be sent to the target platform by the firewall in a form of a message, for example, when a configuration change is configured on the firewall, the firewall sends a configuration change message to the target platform. The target configuration data is data that changes in the local configuration file, for example, configuration changes such as adding a policy, editing a route, deleting a rule on a firewall are performed, and corresponding data in the local configuration file changes. The target field may be a seqNo field, for example, a seqNo field of an integer type is added to the local configuration file, and an initial value of the seqNo field is 1, which is used to characterize the number of times that the local configuration file changes, that is, 1 is added to the firewall per se every time the configuration changes.
Specifically, as shown in fig. 2, when the local configuration file changes, that is, when the configuration on the firewall changes, the firewall sends a configuration change message to the unified management platform, and sends the target configuration data and the target field to the unified management platform.
It should be noted that, the first configuration change information sent by the firewall is received by the target platform, and a data basis is provided for subsequently comparing whether the value of the target field is the same as the value of the first field.
Step S103, obtaining a value of a first field stored by the target platform, and comparing whether the value of the target field is the same as the value of the first field, wherein the value of the first field is used for representing the number of times of change stored by the target platform.
In the above step, the value of the first field may be the number of firewall configuration changes recorded by the target platform. The value of the target field may be the value of the seqNo field. Specifically, the unified management platform database stores the target field in the first configuration change information through the latest _ seqNo of the first database table, and the managed _ seqNo stores the first field recorded by the unified management platform. For example, the value of the first field recorded by the unified management platform is 2, when a change is configured on the firewall, the target field, that is, the seqNo field, is added with 1 by itself, that is, 3, and then the firewall sends the change message to the target platform through configuration, at this time, the value of the target field is 3, and the value of the first field is 2.
It should be noted that, by comparing whether the value of the target field is the same as the value of the first field, it is achieved that whether a synchronization task needs to be performed is accurately determined, and a guarantee is provided for synchronizing the configuration change on the firewall to the unified management platform, so that it can be ensured that the configuration change on the firewall is synchronized to the unified management platform before the unified management platform issues a policy to the firewall, and the situation that the configuration on the firewall is deleted by mistake is effectively avoided.
And step S104, under the condition that the numerical value of the target field is different from the numerical value of the first field, updating first configuration data stored in the target platform based on the target configuration data, wherein the first configuration data is data before the local configuration file is changed.
In the above step, the first configuration data may be firewall configuration data stored in the target platform. Specifically, the unified management platform database stores the first configuration data through the reordered _ value of the second database table. In the above example, the value of the target field is 3, the value of the first field is 2, that is, the value of the target field is different from the value of the first field, and the first configuration data stored in the unified management platform, that is, the data for updating the recorded _ value record, is updated based on the target configuration data in the first configuration change information sent by the firewall.
It should be noted that, based on the target configuration data, the first configuration data stored in the target platform is updated, so that the configuration of the firewall is automatically synchronized to the target platform, and the efficiency of synchronizing the configuration data in the firewall and the unified management platform is improved.
Based on the solutions defined in the foregoing steps S101 to S104, it can be known that, in the embodiment of the present invention, a manner of automatically synchronizing the configuration of the firewall to the target platform is adopted, and first, whether the local configuration file of the firewall changes is detected, then, under the condition that the local configuration file changes, first configuration change information sent by the firewall is received through the target platform, then, a value of a first field stored by the target platform is obtained, and is compared with whether the value of the target field is the same as the value of the first field, and then, under the condition that the value of the target field is not the same as the value of the first field, the first configuration data stored in the target platform is updated based on the target configuration data. The first configuration change information at least comprises target configuration data and a target field, the target configuration data is data changed in a local configuration file, the numerical value of the target field is used for representing the number of times of change of the local configuration file, the numerical value of the first field is used for representing the number of times of change stored by a target platform, and the first configuration data is data before the local configuration file is changed.
It is easy to notice that, in the above process, whether the user changes the configuration of the firewall can be determined by detecting whether the local configuration file of the firewall changes, thereby ensuring the accurate judgment of whether the synchronization task needs to be performed; receiving first configuration change information sent by a firewall through a target platform, and providing a data basis for subsequently comparing whether the numerical value of a target field is the same as the numerical value of a first field; by comparing whether the numerical value of the target field is the same as the numerical value of the first field, whether the synchronous task needs to be carried out is accurately determined, and a guarantee is provided for synchronizing the configuration change on the firewall to the unified management platform, so that the configuration change on the firewall is synchronized to the unified management platform before the unified management platform issues the strategy to the firewall, and the situation that the configuration on the firewall is deleted by mistake is effectively avoided; and updating the first configuration data stored in the target platform based on the target configuration data, so that the configuration of the firewall is automatically synchronized to the target platform, and the efficiency of synchronizing the configuration data in the firewall and the unified management platform is improved.
Therefore, through the technical scheme of the invention, the aim of automatically synchronizing the configuration of the firewall to the target platform is fulfilled, so that the technical effect of improving the efficiency of synchronizing the configuration data in the firewall and the unified management platform is realized, and the technical problem of low efficiency in the prior art that the configuration data in the firewall and the unified management platform are manually synchronized is solved.
In an optional embodiment, after receiving the first configuration change information sent by the firewall through the target platform, the synchronization task execution function of the target platform is first locked, and then, in a case that the synchronization task execution function is in a locked state, whether at least one piece of second configuration change information is received is detected, and in a case that at least one piece of second configuration change information is received, a corresponding timestamp is marked to the at least one piece of second configuration change information based on a receiving time of the second configuration change information. Wherein the reception time of the at least one second configuration change information is later than the reception time of the first configuration change information.
Specifically, as shown in fig. 2, after receiving first configuration change information sent by the firewall through the target platform, the synchronization task execution function of the target platform is locked first, and if there is a configuration message, the configuration message is marked, and no parsing and warehousing operation is performed, so as to prevent a situation that the firewall configuration is lost due to simultaneous multiple synchronization tasks performed on the same firewall.
Optionally, when the synchronization task is performed, that is, the configuration of the firewall is automatically synchronized to the unified management platform, a situation that a user continuously changes the configuration of the firewall may exist, so that a situation that the firewall sends a plurality of configuration change messages to the unified management platform may occur. Therefore, it is necessary to detect whether at least one second configuration change information is received in a case where the sync task execution function is in a locked state. Optionally, after the firewall sends the first configuration change information to the target platform, the local configuration file of the firewall changes again, and the firewall continues to send the second configuration change information to the target platform.
Further, in a case where at least one second configuration change information is received, the at least one second configuration change information is marked with a corresponding time stamp based on a reception time of the second configuration change information. Optionally, the second configuration change information may be sent to the target platform by the firewall in the form of a send message. For example, the unified management platform receives 3 configuration change messages, which are respectively message 1, message 2, and message 3, and the corresponding receiving times are respectively 8:05,8:10,8:15, then timestamp message 1 with 8:05, message 2 is time stamped with 8: timestamp message 3 with 8:15.
it should be noted that, by locking the synchronization task execution function of the target platform, the situation that the configuration of the firewall is lost due to simultaneous multiple synchronization tasks on the same firewall is avoided.
In an optional embodiment, in the process of obtaining a value of a first field stored in a target platform and comparing whether the value of the target field is the same as the value of the first field, first parsing the first configuration change information to obtain target configuration data and the target field, then determining the first field in a first database table in the target platform based on the target field, then obtaining the value of the first field from the first database table, and comparing whether the value of the target field is the same as the value of the first field.
Optionally, the first database table may be a t _ seqNo table, where seqNo fields of multiple firewalls are stored in the t _ seqNo table, and each firewall has a unique ID identifier, for example, firewall No. 1, firewall No. 2, and so on. Optionally, the seqNo fields of different firewalls are different, that is, the seqNo fields of the firewalls correspond to the ID identifiers of the firewalls one by one. Through the seqNo field, the corresponding firewall can be determined from the t _ seqNo table, and thus corresponds to the first field of the firewall.
Specifically, as shown in fig. 2, the seqNo field, which is the target field, can be obtained by analyzing the first configuration change information, that is, analyzing the configuration change message, and the seqNo field is stored in the latest _ seqNo of the t _ seqNo table. The value of the first field is obtained from the first database table, i.e. the value of the first field is obtained from the reordered _ seqNo of the t _ seqNo table.
Further, it is compared whether the latest _ seqNo and the retrieved _ seqNo are the same. Optionally, when the value of the target field is the same as the value of the first field, it is determined that the configuration on the firewall is not changed, that is, the configuration is consistent with the configuration stored on the unified management platform, the synchronization task is not performed, and the unlocking process is performed on the synchronization task execution function. For example, after the firewall is offline for some reasons, the firewall is online again, the unified management platform obtains the configuration information of the firewall, and since the configuration information of the firewall is not changed, the target field seqNo field is not subjected to the operation of adding 1, the value of the seqNo field is not changed, and the value of the target field is the same as that of the first field.
In an optional embodiment, when the value of the target field is different from the value of the first field, in the process of updating the first configuration data stored in the target platform based on the target configuration data, the target configuration data is first stored in the second field in the second database table in the target platform, then the firewall configuration corresponding to the target platform is newly added and/or edited according to the newly added configuration and/or edited configuration in the target configuration data, and then the data in the third field corresponding to the first configuration data in the second database table is newly added and/or edited according to the data in the second field. Wherein the data in the second field characterizes the latest configuration data in the firewall, and the data in the third field characterizes the configuration data of the firewall stored in the target platform.
Alternatively, the second database table may be a t _ config table, where the t _ config table stores configuration information of a plurality of firewalls. The second field may be fw _ value in the t _ config table, which stores the latest configuration data of the firewall. The third field may be a reordered value in the t _ config table, and stores the firewall configuration data recorded by the unified management platform.
Specifically, the value of the object field is different from the value of the first field, for example, the value of the object field stored in latest _ seqNo is 3, and the value of the first field stored in registered_seqno is 2. And if the latest _ seqNo and the retrieved _ seqNo are not the same, storing the target configuration data in a second field in a second database table in the target platform, namely storing the latest configuration data sent by the firewall into fw _ value of the t _ config table.
And further, newly adding and/or editing the corresponding firewall configuration in the target platform according to the newly added configuration and/or the edited configuration in the target configuration data. Specifically, as shown in fig. 2, in the unified management platform, new configuration and/or edited configuration of the firewall are applied. For example, configuration of a new policy and an edited route is performed on the firewall, and a corresponding new policy and an edited route are performed on the firewall configuration on the unified management platform.
And further, performing data addition and/or data editing on data in a third field corresponding to the first configuration data in the second database table according to the data in the second field. Specifically, the data in fw _ value is updated to reordered _ value.
In an optional embodiment, after data addition and/or data editing is performed on data in a third field corresponding to first configuration data in a second database table according to data in a second field, a firewall configuration corresponding to a target platform is deleted according to a deletion configuration in target configuration data, and then data in the third field corresponding to the first configuration data in the second database table is deleted according to data in the second field.
Alternatively, the deleting configuration in the target configuration data may be deleting a rule from the firewall. Because a certain address is bound in the rule, namely the rule and the address have a reference relationship, the rule cannot be deleted directly, the rule needs to be edited first, the address is not used any more, and then the rule can be deleted. Therefore, after data adding and/or data editing is performed on the data in the third field corresponding to the first configuration data in the second database table, the firewall configuration corresponding to the target platform is deleted according to the deletion configuration in the target configuration data.
And further, according to the data in the second field, deleting the data in a third field corresponding to the first configuration data in the second database table. Specifically, the corresponding configuration data is deleted in the reordered _ value.
In an alternative embodiment, the value of the first field is updated to the value of the target field in the first database table after the target configuration data is stored in the second database table in the target platform in the second database table.
Optionally, as shown in fig. 2, after the target configuration data is stored in fw _ value in the t _ config table in the unified management platform, the value of the retrieved _ seqNo in the t _ seqNo table is updated to the value of the late _ seqNo, that is, the value of the retrieved _ seqNo is updated to be consistent with the value of the late _ seqNo.
In an optional embodiment, when the value of the target field is different from the value of the first field, the first configuration data stored in the target platform is updated based on the target configuration data, then prompt information is generated, then unlocking processing is performed on the synchronization task execution function according to the prompt information, then whether at least one second configuration change information exists in the information queue is determined, and when at least one second configuration change information exists in the information queue, the configuration change information corresponding to the latest timestamp is acquired from the at least one second configuration change information, and then the synchronization task is generated based on the configuration change information corresponding to the latest timestamp. The synchronization task is used for synchronizing the configuration data in the firewall and the configuration data in the target platform, the prompt message is used for representing that the firewall configuration in the target platform is updated, and the message queue is used for storing configuration change messages sent by the firewall.
Optionally, after updating the first configuration data stored in the target platform based on the target configuration data, it is considered that a synchronization task is completed, and a prompt message is generated after the task is completed. Furthermore, according to the prompt message, unlocking the synchronous task execution function, namely releasing the synchronous lock.
Further, as shown in FIG. 2, after the synchronization lock is released, it is determined whether at least one second configuration change message exists in the message queue. The information queue is used for storing configuration change information sent by the firewall. And when at least one second configuration change information exists in the information queue, acquiring the configuration change information corresponding to the latest timestamp from the at least one second configuration change information, and then generating the synchronization task based on the configuration change information corresponding to the latest timestamp.
Specifically, the at least one second configuration change message exists in the message queue, and the configuration of the firewall may be changed by the user when the synchronization task is performed, that is, the configuration of the firewall is automatically synchronized to the unified management platform, so that the firewall sends a plurality of configuration change messages to the unified management platform. For example, there are 3 pieces of configuration change information in the information queue, that is, the unified management platform receives 3 pieces of configuration change information, which are respectively message 1, message 2, and message 3, and the timestamp of message 1 is 8:05, the timestamp of message 2 is 8:10, the timestamp of message 3 is 8:15, the configuration change information corresponding to the latest timestamp is that the timestamp is 8:15, message 3.
Optionally, the configuration change information corresponding to the latest timestamp is obtained from at least one second configuration change information, that is, the configuration change information corresponding to the message 3 is obtained from the message 1, the message 2, and the message 3. Further, based on the configuration change information corresponding to the message 3, a synchronization task is generated, that is, as shown in fig. 2, the process of configuring the automatic synchronization firewall to the target platform is repeated from the locking of the synchronization task execution function of the target platform, that is, the addition of the synchronization lock.
In this embodiment, when the firewall configuration is changed, a configuration change message is sent to the unified management platform, and the unified management platform receives the message, executes a synchronization configuration task, and synchronizes the latest configuration of the firewall. By the technical scheme of the invention, the operation of manually synchronizing the firewall configuration to the unified management platform before the unified management platform issues the configuration each time is omitted, so that the condition that the firewall configuration is deleted by mistake due to the fact that the firewall configuration is not synchronized to the unified management platform and the configuration issuing of the unified management platform fails is avoided.
Therefore, through the technical scheme of the invention, the aim of automatically synchronizing the configuration of the firewall to the target platform is fulfilled, so that the technical effect of improving the efficiency of synchronizing the configuration data in the firewall and the unified management platform is realized, and the technical problem of low efficiency in the prior art that the configuration data in the firewall and the unified management platform are manually synchronized is solved.
Example 2
According to an embodiment of the present invention, an embodiment of a firewall data synchronization apparatus is provided, where fig. 3 is a schematic diagram of an optional firewall data synchronization apparatus according to an embodiment of the present invention, as shown in fig. 3, the apparatus includes: a detection module 301, configured to detect whether a local configuration file of a firewall changes; a receiving module 302, configured to receive, by a target platform, first configuration change information sent by a firewall under a condition that a local configuration file changes, where the first configuration change information at least includes target configuration data and a target field, the target configuration data is data that changes in the local configuration file, and a value of the target field is used to represent a number of times that the local configuration file changes; the first processing module 303 is configured to obtain a value of a first field stored in the target platform, and compare whether the value of the target field is the same as the value of the first field, where the value of the first field is used to represent the number of changes stored in the target platform; the second processing module 304 is configured to, when the value of the target field is different from the value of the first field, update first configuration data stored in the target platform based on the target configuration data, where the first configuration data is data before the local configuration file is changed.
It should be noted that the detection module 301, the receiving module 302, the first processing module 303 and the second processing module 304 correspond to steps S101 to S104 in the above embodiment, and the four modules are the same as the corresponding steps in the implementation example and application scenario, but are not limited to the disclosure in the above embodiment 1.
Optionally, the device for synchronizing firewall data further includes: the third processing module is used for locking the synchronous task execution function of the target platform; the first detection module is used for detecting whether at least one piece of second configuration change information is received or not under the condition that the synchronous task execution function is in a locked state, wherein the receiving time of the at least one piece of second configuration change information is later than that of the first configuration change information; and the fourth processing module is used for marking the corresponding timestamp on the at least one second configuration change information based on the receiving time of the second configuration change information under the condition that the at least one second configuration change information is received.
Optionally, as shown in fig. 2, after the first configuration change information sent by the firewall is received by the target platform, the synchronization task execution function of the target platform is first locked, and if there is another configuration message, the configuration message is marked, and no parsing and warehousing operation is performed, so as to prevent a situation that the firewall configuration is lost due to simultaneous performance of multiple synchronization tasks on the same firewall.
Optionally, when the synchronization task is performed, that is, the configuration of the firewall is automatically synchronized to the unified management platform, a situation that a user continuously changes the configuration of the firewall may exist, so that a situation that the firewall sends a plurality of configuration change messages to the unified management platform may occur. Therefore, it is necessary to detect whether at least one second configuration change information is received in a case where the sync task execution function is in a locked state. Optionally, after the firewall sends the first configuration change information to the target platform, the local configuration file of the firewall changes again, and the firewall continues to send the second configuration change information to the target platform.
Further, in a case where at least one second configuration change information is received, the at least one second configuration change information is marked with a corresponding time stamp based on a reception time of the second configuration change information. Optionally, the second configuration change information may be sent to the target platform by the firewall in the form of a send message. For example, the unified management platform receives 3 configuration change messages, which are respectively message 1, message 2, and message 3, and the corresponding receiving times are respectively 8:05,8:10,8:15, then message 1 is time stamped with 8:05, timestamp message 2 with 8: timestamp message 3 with 8:15.
it should be noted that, by locking the synchronization task execution function of the target platform, the situation that the configuration of the firewall is lost due to simultaneous multiple synchronization tasks on the same firewall is avoided.
Optionally, the first processing module includes: the fifth processing unit is used for analyzing the first configuration change information to obtain target configuration data and a target field; a first determining unit, configured to determine, based on the target field, a first field in a first database table in the target platform; and the sixth processing unit is used for acquiring the numerical value of the first field from the first database table and comparing whether the numerical value of the target field is the same as the numerical value of the first field.
Optionally, the first database table may be a t _ seqNo table, where seqNo fields of multiple firewalls are stored in the t _ seqNo table, and each firewall has a unique ID, for example, firewall No. 1, firewall No. 2, and so on. Optionally, the seqNo fields of different firewalls are different, that is, the seqNo field of a firewall corresponds to the ID of the firewall one by one. Through the seqNo field, the corresponding firewall can be determined from the t _ seqNo table, and thus corresponds to the first field of the firewall.
Specifically, as shown in fig. 2, the seqNo field, which is the target field, can be obtained by analyzing the first configuration change information, that is, analyzing the configuration change message, and the seqNo field is stored in the latest _ seqNo of the t _ seqNo table. The value of the first field is obtained from the first database table, i.e. the value of the first field is obtained from the reordered _ seqNo of the t _ seqNo table.
Further, it is compared whether latest _ seqNo and reordered _ seqNo are the same. Optionally, when the value of the target field is the same as the value of the first field, it is determined that the configuration on the firewall is not changed, that is, the configuration is consistent with the configuration stored on the unified management platform, the synchronization task is not performed, and the synchronization task execution function is unlocked. For example, after the firewall is offline for some reasons, the firewall is online again, the unified management platform obtains the configuration information of the firewall, and since the configuration information of the firewall is not changed, the target field seqNo field is not subjected to the operation of adding 1, the value of the seqNo field is not changed, and the value of the target field is the same as that of the first field.
Optionally, the second processing module includes: the first storage unit is used for storing the target configuration data in a second field in a second database table in the target platform, wherein the data in the second field represents the latest configuration data in the firewall; the seventh processing unit is used for adding and/or editing the corresponding firewall configuration in the target platform according to the added configuration and/or the edited configuration in the target configuration data; and the eighth processing unit is used for performing data adding and/or data editing on data in a third field corresponding to the first configuration data in the second database table according to the data in the second field, wherein the data in the third field represents the configuration data of the firewall stored in the target platform.
Alternatively, the second database table may be a t _ config table, where the t _ config table stores configuration information of a plurality of firewalls. The second field may be fw _ value in the t _ config table, which stores the latest configuration data of the firewall. The third field may be a reordered value in the t _ config table, and stores the firewall configuration data recorded by the unified management platform.
Specifically, the value of the object field is different from the value of the first field, for example, the value of the object field stored in latest _ seqNo is 3, and the value of the first field stored in reordered_seqno is 2. And if the latest _ seqNo and the retrieved _ seqNo are not the same, storing the target configuration data in a second field in a second database table in the target platform, namely storing the latest configuration data sent by the firewall into fw _ value of the t _ config table.
And further, newly adding and/or editing the corresponding firewall configuration in the target platform according to the newly added configuration and/or the edited configuration in the target configuration data. Specifically, as shown in fig. 2, in the unified management platform, new configuration and/or edited configuration of the firewall are applied. For example, configuration of a new policy and an edited route is performed on the firewall, and a corresponding new policy and an edited route are performed on the firewall configuration on the unified management platform.
And further, according to the data in the second field, performing data addition and/or data editing on the data in a third field corresponding to the first configuration data in the second database table. Specifically, the data in fw _ value is updated to reordered _ value.
Optionally, the firewall data synchronization apparatus further includes: the ninth processing module is used for deleting the corresponding firewall configuration in the target platform according to the deletion configuration in the target configuration data; and the tenth processing module is used for deleting data in a third field corresponding to the first configuration data in the second database table according to the data in the second field.
Alternatively, the deleting configuration in the target configuration data may be deleting a rule from the firewall. Because a certain address is bound in the rule, namely the rule and the address have a reference relationship, the rule cannot be deleted directly, the rule needs to be edited first, the address is not used any more, and then the rule can be deleted. Therefore, after data adding and/or data editing is performed on the data in the third field corresponding to the first configuration data in the second database table, the firewall configuration corresponding to the target platform is deleted according to the deletion configuration in the target configuration data.
And further, according to the data in the second field, deleting the data in a third field corresponding to the first configuration data in the second database table. Specifically, the corresponding configuration data is deleted in the reordered _ value.
Optionally, the device for synchronizing firewall data further includes: and the updating module is used for updating the numerical value of the first field into the numerical value of the target field in the first database table.
Optionally, as shown in fig. 2, after the target configuration data is stored in fw _ value in the t _ config table in the unified management platform, the value of the retrieved _ seqNo in the t _ seqNo table is updated to the value of the late _ seqNo, that is, the value of the retrieved _ seqNo is updated to be consistent with the value of the late _ seqNo.
Optionally, the firewall data synchronization apparatus further includes: the prompt module is used for generating prompt information, wherein the prompt information is used for representing that the firewall configuration in the target platform is updated; the eleventh processing module is used for unlocking the synchronous task execution function according to the prompt information; the second determining module is used for determining whether at least one piece of second configuration change information exists in an information queue, wherein the information queue is used for storing the configuration change information sent by the firewall; the acquisition module is used for acquiring configuration change information corresponding to the latest timestamp from at least one piece of second configuration change information under the condition that the at least one piece of second configuration change information exists in the information queue; and the synchronization module is used for generating a synchronization task based on the configuration change information corresponding to the latest timestamp, wherein the synchronization task is used for synchronizing the configuration data in the firewall and the configuration data in the target platform.
Optionally, after the first configuration data stored in the target platform is updated based on the target configuration data, it is considered that a synchronization task is completed, and a prompt message is generated after the task is completed. Further, according to the prompt information, unlocking the synchronous task execution function, namely releasing the synchronous lock.
Further, as shown in FIG. 2, after releasing the synchronization lock, it is determined whether at least one second configuration change message exists in the message queue. The information queue is used for storing configuration change information sent by the firewall. And when at least one second configuration change information exists in the information queue, acquiring the configuration change information corresponding to the latest timestamp from the at least one second configuration change information, and then generating the synchronization task based on the configuration change information corresponding to the latest timestamp.
Specifically, the at least one second configuration change message exists in the message queue, and the configuration of the firewall may be changed by the user when the synchronization task is performed, that is, the configuration of the firewall is automatically synchronized to the unified management platform, so that the firewall sends a plurality of configuration change messages to the unified management platform. For example, there are 3 configuration change messages in the information queue, that is, the unified management platform receives 3 configuration change messages, which are respectively message 1, message 2, and message 3, where the timestamp of message 1 is 8:05, the timestamp of message 2 is 8:10, the timestamp of message 3 is 8:15, the configuration change information corresponding to the latest timestamp is that the timestamp is 8:15, message 3.
Optionally, the configuration change information corresponding to the latest timestamp is obtained from at least one second configuration change information, that is, the configuration change information corresponding to the message 3 is obtained from the message 1, the message 2, and the message 3. Further, based on the configuration change information corresponding to the message 3, a synchronization task is generated, that is, as shown in fig. 2, the process of configuring the automatic synchronization firewall to the target platform is repeated from the locking of the synchronization task execution function of the target platform, that is, the addition of the synchronization lock.
In this embodiment, when the firewall configuration is changed, a configuration change message is sent to the unified management platform, and the unified management platform receives the message, executes a synchronization configuration task, and synchronizes the latest configuration of the firewall. By the technical scheme of the invention, the operation of manually synchronizing the firewall configuration to the unified management platform before the unified management platform issues the configuration each time is omitted, so that the condition that the firewall configuration is deleted by mistake due to the fact that the firewall configuration is not synchronized to the unified management platform and the configuration issuing of the unified management platform fails is avoided.
Example 3
According to another aspect of the embodiments of the present invention, there is also provided a computer-readable storage medium, in which a computer program is stored, wherein the computer program is configured to execute the above-mentioned firewall data synchronization method when running.
Example 4
According to another aspect of the embodiments of the present invention, there is also provided an electronic device, including one or more processors; a memory for storing one or more programs that, when executed by the one or more processors, cause the one or more processors to implement a method for running a program, wherein the program is configured to perform the above-described firewall data synchronization method when run.
The device herein may be a server, a PC, a PAD, a mobile phone, etc.
The above-mentioned serial numbers of the embodiments of the present invention are only for description, and do not represent the advantages and disadvantages of the embodiments.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed technology can be implemented in other ways. The above-described apparatus embodiments are merely illustrative, and for example, the division of the units may be a logical division, and in actual implementation, there may be another division, for example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or may not be executed. In addition, the shown or discussed coupling or direct coupling or communication connection between each other may be an indirect coupling or communication connection through some interfaces, units or modules, and may be electrical or in other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on a plurality of units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention, which is substantially or partly contributed by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (10)
1. A method for synchronizing firewall data is applied to a system comprising a firewall and a target platform, and comprises the following steps:
detecting whether the local configuration file of the firewall is changed or not;
under the condition that the local configuration file is changed, receiving first configuration change information sent by the firewall through the target platform, wherein the first configuration change information at least comprises target configuration data and target fields, the target configuration data is changed data in the local configuration file, and the numerical value of the target fields is used for representing the number of times of changing the local configuration file;
obtaining a value of a first field stored by the target platform, and comparing whether the value of the target field is the same as the value of the first field, wherein the value of the first field is used for representing the number of times of change stored by the target platform;
and updating first configuration data stored in the target platform based on the target configuration data under the condition that the numerical value of the target field is different from the numerical value of the first field, wherein the first configuration data is data before the local configuration file is changed.
2. The method of claim 1, wherein after receiving, by the target platform, the first configuration change information sent by the firewall, the method further comprises:
locking a synchronous task execution function of the target platform;
detecting whether at least one second configuration change message is received or not under the condition that the synchronous task execution function is in a locked state, wherein the receiving time of the at least one second configuration change message is later than that of the first configuration change message;
when the at least one second configuration change information is received, marking the at least one second configuration change information with a corresponding timestamp based on the receiving time of the second configuration change information.
3. The method of claim 1, wherein obtaining the value of the first field stored by the target platform and comparing whether the value of the target field is the same as the value of the first field comprises:
analyzing the first configuration change information to obtain the target configuration data and the target field;
determining, based on the target field, the first field in a first database table in the target platform;
and acquiring the numerical value of the first field from the first database table, and comparing whether the numerical value of the target field is the same as the numerical value of the first field.
4. The method of claim 3, wherein in the event that the value of the target field is not the same as the value of the first field, updating the first configuration data stored in the target platform based on the target configuration data comprises:
storing the target configuration data in a second field in a second database table in the target platform, wherein data in the second field characterizes up-to-date configuration data in the firewall;
newly adding and/or editing the corresponding firewall configuration in the target platform according to the newly added configuration and/or the edited configuration in the target configuration data;
and according to the data in the second field, performing data addition and/or data editing on the data in a third field corresponding to the first configuration data in the second database table, wherein the data in the third field represents the firewall configuration data stored in the target platform.
5. The method of claim 4, wherein after performing data addition and/or data editing on the data in the third field corresponding to the first configuration data in the second database table according to the data in the second field, the method further comprises:
deleting the corresponding firewall configuration in the target platform according to the deletion configuration in the target configuration data;
and according to the data in the second field, deleting the data in a third field corresponding to the first configuration data in the second database table.
6. The method of claim 4, wherein after storing the target configuration data in a second field in a second database table in the target platform, the method further comprises:
updating the value of the first field to the value of the target field in the first database table.
7. The method of claim 2, wherein in the case that the value of the target field is not the same as the value of the first field, after updating the first configuration data stored in the target platform based on the target configuration data, the method further comprises:
generating prompt information, wherein the prompt information is used for representing that the updating of the firewall configuration in the target platform is completed;
unlocking the synchronous task execution function according to the prompt information;
determining whether the at least one second configuration change message exists in a message queue, wherein the message queue is used for storing the configuration change message sent by the firewall;
when the at least one second configuration change information exists in the information queue, acquiring configuration change information corresponding to a latest timestamp from the at least one second configuration change information;
and generating a synchronization task based on the configuration change information corresponding to the latest timestamp, wherein the synchronization task is used for synchronizing the configuration data in the firewall and the configuration data in the target platform.
8. An apparatus for synchronizing firewall data, comprising:
the detection module is used for detecting whether the local configuration file of the firewall changes;
a receiving module, configured to receive, by a target platform, first configuration change information sent by the firewall under a condition that the local configuration file changes, where the first configuration change information at least includes target configuration data and a target field, the target configuration data is changed data in the local configuration file, and a value of the target field is used to represent a number of times that the local configuration file changes;
the first processing module is used for acquiring a numerical value of a first field stored by the target platform and comparing whether the numerical value of the target field is the same as the numerical value of the first field, wherein the numerical value of the first field is used for representing the number of times of change stored by the target platform;
and a second processing module, configured to update, based on the target configuration data, first configuration data stored in the target platform when the value of the target field is different from the value of the first field, where the first configuration data is data before the local configuration file is changed.
9. A computer-readable storage medium, in which a computer program is stored, wherein the computer program is configured to execute the method for synchronizing firewall data according to any one of claims 1 to 7 when running.
10. An electronic device, wherein the electronic device comprises one or more processors; memory for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement a method for running a program, wherein the program is arranged to perform the method for synchronizing firewall data of any of claims 1 to 7 when run.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211550785.0A CN115987785A (en) | 2022-12-05 | 2022-12-05 | Firewall data synchronization method and device and electronic equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211550785.0A CN115987785A (en) | 2022-12-05 | 2022-12-05 | Firewall data synchronization method and device and electronic equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115987785A true CN115987785A (en) | 2023-04-18 |
Family
ID=85960287
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211550785.0A Pending CN115987785A (en) | 2022-12-05 | 2022-12-05 | Firewall data synchronization method and device and electronic equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115987785A (en) |
-
2022
- 2022-12-05 CN CN202211550785.0A patent/CN115987785A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107220142B (en) | Method and device for executing data recovery operation | |
CN111459749B (en) | Prometheus-based private cloud monitoring method and device, computer equipment and storage medium | |
WO2017034772A1 (en) | Monitoring the life cycle of a computer network connection | |
CN111190962B (en) | File synchronization method and device and local terminal | |
CN108228814A (en) | Method of data synchronization and device | |
CN110619226A (en) | Platform-based data processing method, system, equipment and storage medium | |
CN112052247A (en) | Index updating system, method and device of search engine, electronic equipment and storage medium | |
CN107040576A (en) | Information-pushing method and device, communication system | |
CN110599321B (en) | Tax data processing method and device, server and storage medium | |
CN113672692B (en) | Data processing method, data processing device, computer equipment and storage medium | |
CN113312669B (en) | Password synchronization method, device and storage medium | |
WO2024146285A1 (en) | Blockchain-based data processing method, device, and readable storage medium | |
CN114416883A (en) | Block chain light node data synchronization method, device, equipment and readable storage medium | |
CN113779153A (en) | Data synchronization method and device, electronic equipment and storage medium | |
CN114153705A (en) | Data monitoring method and device based on configuration management database | |
CN111935260B (en) | Account synchronization method and device, electronic equipment and storage medium | |
CN105827739B (en) | Contact information synchronous method, device, server and system | |
CN112714010A (en) | Network topology management method, device, expansion unit and storage medium | |
CN115987785A (en) | Firewall data synchronization method and device and electronic equipment | |
CN108595924B (en) | Business authority management method and device, computer equipment and storage medium | |
CN115499487A (en) | Server configuration file updating method and device, storage medium and equipment | |
CN115632815A (en) | Data updating method and device, electronic equipment and storage medium | |
JP2009053896A (en) | Unauthorized operation detector and program | |
CN114238507A (en) | Data synchronization method and device based on multiple databases | |
CN109167826B (en) | Method, device and system for putting WEB application on shelf |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |