CN116708401A - Security gateway remote access information processing method and device - Google Patents

Security gateway remote access information processing method and device Download PDF

Info

Publication number
CN116708401A
CN116708401A CN202310689379.0A CN202310689379A CN116708401A CN 116708401 A CN116708401 A CN 116708401A CN 202310689379 A CN202310689379 A CN 202310689379A CN 116708401 A CN116708401 A CN 116708401A
Authority
CN
China
Prior art keywords
address
information table
security gateway
remote access
demand
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310689379.0A
Other languages
Chinese (zh)
Inventor
陈硕
刘新儒
马俊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202310689379.0A priority Critical patent/CN116708401A/en
Publication of CN116708401A publication Critical patent/CN116708401A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application provides a security gateway remote access information processing method and device, relates to the technical field of information security, and can be used in the financial field or other technical fields. The method comprises the following steps: inquiring a management IP address in the equipment information table according to the demand destination address, and inquiring an address pool information table according to the demand source IP address if the demand for opening the equipment management route is determined not to be met according to the inquiry result of the equipment information table; if the address pool information table is determined to have the data matched with the IP address of the demand source, inquiring the routing information table according to the demand destination address; if the existing service route is determined according to the route information table query result and the existing resource information is queried according to the IP address of the demand source, a first prompt message which is not required to open the security gateway for remote access is generated. The apparatus performs the above method. The method and the device provided by the embodiment of the application can improve the working efficiency of the remote access configuration of the security gateway and ensure that the work can be processed in time.

Description

Security gateway remote access information processing method and device
Technical Field
The application relates to the technical field of information security, in particular to a security gateway remote access information processing method and device.
Background
With the deep development of informatization construction, the office automation degree and the demands are continuously improved, and more companies adopt VPN systems to provide a rapid, convenient, safe and effective remote access mode. Among them, SSL VPN security gateways are widely used.
The security gateway remote access needs to be configured, the existing method needs to manually configure and update the SSL VPN security gateway, and the problems of low efficiency and difficulty in guaranteeing data timeliness exist in the prior art when the configuration and update are performed along with the increase of the remote office access requirements and the improvement of requirements.
Disclosure of Invention
Aiming at the problems in the prior art, the embodiment of the application provides a method and a device for processing security gateway remote access information, which can at least partially solve the problems in the prior art.
In one aspect, the present application provides a method for processing security gateway remote access information, including:
inquiring a management IP address in the equipment information table according to the demand destination address, and inquiring an address pool information table according to the demand source IP address if the demand for opening the equipment management route is determined not to be met according to the inquiry result of the equipment information table;
if the address pool information table is determined to have the data matched with the IP address of the demand source, inquiring the routing information table according to the demand destination address;
if the existing service route is determined according to the route information table query result and the existing resource information is queried according to the IP address of the demand source, a first prompt message which is not required to open the security gateway for remote access is generated.
Wherein, the querying the existing resource information according to the demand source IP address includes:
and inquiring an address pool information table, a user group role relation table, a role resource relation table and a resource information table according to the IP address of the demand source to obtain resource information associated with the IP address of the demand source.
The security gateway remote access information processing method further comprises the following steps:
if the device management routing requirement is determined to be opened according to the query result of the device information table, the routing information table is queried according to the IP address of the requirement source;
if the existence of the management route is determined according to the query result of the route information table, a first prompt message which is not required to be accessed remotely by opening the security gateway is directly generated.
The security gateway remote access information processing method further comprises the following steps:
if the management route does not exist according to the query result of the route information table, generating a management route configuration command according to the IP address of the demand source and the port information table;
and executing the management route configuration command, generating management route configuration information, and generating a second prompt message which needs to open the security gateway for remote access.
The security gateway remote access information processing method further comprises the following steps:
if the fact that the data matched with the IP address of the demand source does not exist in the address pool information table is determined, a first prompt message which is not required to be accessed remotely by opening the security gateway is directly generated.
The security gateway remote access information processing method further comprises the following steps:
if no service route exists according to the query result of the route information table, generating a service route configuration command according to the required destination address and the port information table;
executing the service route configuration command, generating service route configuration information, and generating a second prompt message for opening the security gateway for remote access;
and executing the step of inquiring the resource information according to the IP address of the demand source.
The security gateway remote access information processing method further comprises the following steps:
if no resource information exists according to the demand source IP address query, generating a configuration command for creating the resource information according to the demand destination address;
executing a configuration command for creating the resource information, generating the resource configuration information, and generating a second prompt message for opening the remote access of the security gateway.
In one aspect, the present application provides a security gateway remote access information processing apparatus, including:
the determining unit is used for inquiring the management IP address in the equipment information table according to the demand destination address, and inquiring the address pool information table according to the demand source IP address if the equipment management routing demand is not opened according to the inquiring result of the equipment information table;
the query unit is used for querying the routing information table according to the demand destination address if the data matched with the demand source IP address exists in the address pool information table;
and the generating unit is used for generating a first prompt message which does not need to open the security gateway for remote access if the route of the service exists according to the query result of the route information table and the information of the resource exists according to the IP address of the demand source.
In still another aspect, an embodiment of the present application provides an electronic device, including: a processor, a memory, and a bus, wherein,
the processor and the memory complete communication with each other through the bus;
the memory stores program instructions executable by the processor, the processor invoking the program instructions capable of performing the method of:
inquiring a management IP address in the equipment information table according to the demand destination address, and inquiring an address pool information table according to the demand source IP address if the demand for opening the equipment management route is determined not to be met according to the inquiry result of the equipment information table;
if the address pool information table is determined to have the data matched with the IP address of the demand source, inquiring the routing information table according to the demand destination address;
if the existing service route is determined according to the route information table query result and the existing resource information is queried according to the IP address of the demand source, a first prompt message which is not required to open the security gateway for remote access is generated.
Embodiments of the present application provide a non-transitory computer readable storage medium comprising:
the non-transitory computer readable storage medium stores computer instructions that cause the computer to perform the method of:
inquiring a management IP address in the equipment information table according to the demand destination address, and inquiring an address pool information table according to the demand source IP address if the demand for opening the equipment management route is determined not to be met according to the inquiry result of the equipment information table;
if the address pool information table is determined to have the data matched with the IP address of the demand source, inquiring the routing information table according to the demand destination address;
if the existing service route is determined according to the route information table query result and the existing resource information is queried according to the IP address of the demand source, a first prompt message which is not required to open the security gateway for remote access is generated.
According to the security gateway remote access information processing method and device, the management IP address in the equipment information table is queried according to the demand destination address, and if the equipment management routing demand is not opened according to the query result of the equipment information table, the address pool information table is queried according to the demand source IP address; if the address pool information table is determined to have the data matched with the IP address of the demand source, inquiring the routing information table according to the demand destination address; if the existing service route is determined according to the route information table query result and the existing resource information is queried according to the IP address of the demand source, a first prompt message which does not need to open the security gateway for remote access is generated, the working efficiency of the security gateway for remote access configuration can be improved, and the work can be timely processed.
Drawings
In order to more clearly illustrate the embodiments of the application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art. In the drawings:
fig. 1 is a flow chart of a security gateway remote access information processing method according to an embodiment of the present application.
Fig. 2 is a flow chart of a security gateway remote access information processing method according to another embodiment of the present application.
Fig. 3 is a schematic structural diagram of a security gateway remote access information processing method according to an embodiment of the present application.
Fig. 4 is a flowchart of a security gateway remote access information processing method according to another embodiment of the present application.
Fig. 5 is a schematic structural diagram of a security gateway remote access information processing apparatus according to an embodiment of the present application.
Fig. 6 is a schematic diagram of an entity structure of an electronic device according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the embodiments of the present application will be described in further detail with reference to the accompanying drawings. The exemplary embodiments of the present application and their descriptions herein are for the purpose of explaining the present application, but are not to be construed as limiting the application. It should be noted that, without conflict, the embodiments of the present application and features of the embodiments may be arbitrarily combined with each other.
Description of related terms:
virtual private network VPN: based on public network, the system comprehensively utilizes multiple network security technologies such as tunnel encapsulation, authentication, encryption, access control and the like, and provides safe network intercommunication and resource sharing for headquarters, branches, partners and remote and mobile office staff.
SSL VPN security gateway: the system is hardware equipment which comprehensively supports SSL protocol, accords with password management regulations and integrates security functions such as encryption, access control and the like.
The method of the embodiment of the application relates to a plurality of data tables, and is uniformly described as follows:
accessing a demand policy table containing demand information: a demand source IP address, a demand destination address, a protocol type and a destination port number;
an equipment information table containing equipment base information: managing IP address, equipment name, network area, vendor and equipment model;
the port information table comprises a device port name, a port type, a port IP address, a subnet mask, a gateway IP address and an affiliated device IP address;
the routing information table comprises a target network segment address, a subnet mask, a gateway IP address and an affiliated device IP address;
an address pool information table containing address pool types (production, office, test), address pool IP addresses, subnet masks, user group names, affiliated institution names, affiliated device IP addresses;
a user group role relation table containing user group names, role names and IP addresses of the affiliated devices;
a role resource relation table containing a role name, a resource name and an IP address of the affiliated equipment;
a resource information table containing a resource name, a resource description, a resource type, and a resource IP address;
the result record table contains the generated change scheme if the record requirement is satisfied.
Fig. 1 is a flow chart of a security gateway remote access information processing method according to an embodiment of the present application, and as shown in fig. 1, the security gateway remote access information processing method according to an embodiment of the present application includes:
step S1: and inquiring the management IP address in the equipment information table according to the demand destination address, and inquiring the address pool information table according to the demand source IP address if the demand for opening the equipment management route is determined not to be met according to the inquiry result of the equipment information table.
Step S2: if the address pool information table is determined to have the data matched with the IP address of the demand source, the routing information table is queried according to the demand destination address.
Step S3: if the existing service route is determined according to the route information table query result and the existing resource information is queried according to the IP address of the demand source, a first prompt message which is not required to open the security gateway for remote access is generated.
In the step S1, the device queries the management IP address in the device information table according to the request destination address, and if it is determined that the device management routing request is not opened according to the device information table query result, queries the address pool information table according to the request source IP address. The apparatus may be a computer device performing the method and may comprise, for example, a server. It should be noted that, the data acquisition and analysis according to the embodiments of the present application are authorized by the user. As shown in fig. 2, before this step, a network area to which the source IP address and the destination address of the demand belong may be determined, and the network area is described as follows:
the network area is to distinguish different network areas according to different bearing service function types, information resource importance and attack risk. The content related by the technical scheme is only in one network area, and whether the method of the embodiment of the application is used or not is rapidly positioned by judging the network area of the demand IP address (comprising the demand source IP address and the demand destination address).
If it is determined that the network area to which the demand source IP address and the demand destination address belong is the network area a, and the service function corresponding to the network area a needs to perform security gateway remote access configuration, the information resource corresponding to the network area a is important, and also needs to perform security gateway remote access configuration, the network area a is prone to be subjected to network attack, i.e. is prone to be subjected to attack risk, and also needs to perform security gateway remote access configuration, and in summary, the method of the embodiment of the present application needs to be performed on the network area a.
As shown in fig. 2, by querying the management IP address in the device information table, the device information table query result may be obtained including opening the device management routing requirement, and not opening the device management routing requirement.
If the device management routing requirement is determined not to be opened, namely, the device management routing requirement is not opened, the address pool information table is queried according to the IP address of the requirement source, whether the IP address which is the same as the IP address of the requirement source exists in the address pool information table is queried, and if the IP address which is the same as the IP address of the requirement source exists in the address pool information table, the data which is matched with the IP address of the requirement source exists in the address pool information table is determined.
If not, it is determined that there is no data matching the demand source IP address in the address pool information table.
In the step S2, if the device determines that the address pool information table has data matching the IP address of the source of demand, the device queries the routing information table according to the destination address of demand. Routes can be determined according to the link relationships between the addresses in the routing information table, and then traffic routes can be selected from the routes.
In the step S3, if the device determines that there is a service route according to the query result of the routing information table and queries the information of the existence resource according to the IP address of the source of demand, then a first prompting message that does not need to open a security gateway for remote access is generated. The security gateway remote access may be in particular SSL VPN security gateway remote access.
Generating a first prompt message without opening the security gateway remote access means that the security gateway remote access configuration is not required, and generating the first prompt message can remind related personnel that the security gateway remote access configuration is not required. The querying the existing resource information according to the demand source IP address includes:
and inquiring an address pool information table, a user group role relation table, a role resource relation table and a resource information table according to the IP address of the demand source to obtain resource information associated with the IP address of the demand source. The obtaining of the associated resource information can be realized by the following method:
obtaining the user group name by inquiring the address pool information table;
inquiring a user group role relation table through the user group name to obtain a role name;
inquiring a role resource relation table through the role name to obtain a resource name;
the resource information is obtained by inquiring the resource information table through the resource name, and the resource information specifically comprises the resource name, the resource description, the resource type, the resource IP address and the like.
The security gateway remote access information processing method further comprises the following steps:
if the device management routing requirement is determined to be opened according to the query result of the device information table, the routing information table is queried according to the IP address of the requirement source; routes may be determined based on the link relationships between the addresses in the routing information table, and management routes may be selected from the routes.
If the existence of the management route is determined according to the query result of the route information table, a first prompt message which is not required to be accessed remotely by opening the security gateway is directly generated. Determining that the management route exists indicates that the management route has been configured without requiring further management route configuration.
The security gateway remote access information processing method further comprises the following steps:
if the management route does not exist according to the query result of the route information table, generating a management route configuration command according to the IP address of the demand source and the port information table; determining that there is no management route indicates that there is no management route configured yet, and management route configuration is required.
And executing the management route configuration command, generating management route configuration information, and generating a second prompt message which needs to open the security gateway for remote access. By executing the management route configuration command, the management route configuration is realized, the generation of the second prompt message can remind relevant personnel of just performing security gateway remote access configuration, and the relevant personnel can check whether the management route configuration is correct or not by inquiring the latest configuration information.
Further, the first hint message and the second hint message may be recorded and stored in a result record table.
The security gateway remote access information processing method further comprises the following steps:
if the fact that the data matched with the IP address of the demand source does not exist in the address pool information table is determined, a first prompt message which is not required to be accessed remotely by opening the security gateway is directly generated. Referring to the above example, there is no data matching the demand source IP address, it is explained that the same IP address as the demand source IP address is not found in the address pool information table. The generation of the first prompting message can remind relevant personnel of not needing to conduct security gateway remote access configuration.
The security gateway remote access information processing method further comprises the following steps:
if no service route exists according to the query result of the route information table, generating a service route configuration command according to the required destination address and the port information table; with reference to the above example, the routes may be determined based on the link relationships between the addresses in the routing information table, and if no traffic route is found from these routes, it is explained that no traffic route exists. Determining that no service route exists, it indicates that no service route is configured yet, and service route configuration is needed.
Executing the service route configuration command, generating service route configuration information, and generating a second prompt message for opening the security gateway for remote access; by executing the service route configuration command, the service route configuration is realized, the generation of the second prompt message can remind relevant personnel of just performing security gateway remote access configuration, and the relevant personnel can check whether the service route configuration is correct or not by inquiring the latest configuration information.
And executing the step of inquiring the resource information according to the IP address of the demand source. The description will not be repeated with reference to the above embodiments.
The security gateway remote access information processing method further comprises the following steps:
if no resource information exists according to the demand source IP address query, generating a configuration command for creating the resource information according to the demand destination address; if no resource information is found from the resource information table, it is indicated that no resource information exists. And determining that the resource information does not exist, wherein the resource information is not configured yet, and the resource information needs to be configured.
Executing a configuration command for creating the resource information, generating the resource configuration information, and generating a second prompt message for opening the remote access of the security gateway. By executing the configuration command of the created resource information, the resource information configuration is realized, the generation of the second prompt message can remind relevant personnel of just performing security gateway remote access configuration, and the relevant personnel can check whether the resource information configuration is correct or not by inquiring the latest configuration information.
As shown in fig. 3, the security gateway remote access information processing method provided by the embodiment of the present application may be implemented based on modularization, and specifically includes an access requirement analyzer device, a security gateway device configuration analyzer device, a openness verification executor device, a configuration change scheme generating device, and a log and result feedback device; wherein:
and the access demand analyzer device analyzes the IP address of the demand source, the demand destination address, the protocol type and the destination port number by analyzing the access demand policy table, and stores related information into a database.
And the security gateway configuration analyzer device analyzes the security gateway equipment configuration, and obtains the required field information and stores the required field information into the database by calling the security gateway equipment API interface or analyzing the security gateway equipment configuration file.
And the openness verification executor device performs openness verification logic check analysis on the access requirement strategy table content and the field information of the related data table of the existing database to obtain whether the configuration environment of the existing equipment meets the requirement or not, and returns a result.
And the configuration change scheme generating device generates a configuration change scheme of the corresponding security gateway equipment according to the requirement information to be opened in the returned result of the opening verification executor device.
And the log and result feedback device records the result information of the openness verification executor device and the configuration change scheme generating device, and feeds back the result and the change scheme of whether to be opened to network operation and maintenance personnel.
As shown in fig. 4, the flow of the security gateway remote access information processing method provided by the embodiment of the present application is described as follows:
in step S001, the access request policy table is parsed by the access request parser device, the request source IP address, the request destination address, the protocol type and the destination port number are parsed, and the related information is stored into the database.
Step S002, the required field information is stored in the database through the security gateway configuration analyzer device, the required field information and the related information are obtained from the database through the openness verification executor device, and the openness verification logic check analysis is performed, if the result 1 is returned: if the requirement is satisfied without opening, executing step S003; if the result 2 is returned: if the demand is not satisfied and the demand is not satisfied, step S004 is executed.
And step S003, feeding back the requirements of operation and maintenance personnel to meet the requirements of no need of opening.
Step S004, a configuration change scheme of the corresponding security gateway equipment is generated through a configuration change scheme generating device.
And step S005, feeding back the configuration change scheme to network operation and maintenance personnel through a log and result feedback device.
The security gateway remote access information processing method provided by the embodiment of the application has the following beneficial effects:
1. the method has the advantages that the openness inquiry and the automatic generation of a change scheme of the SSL VPN remote access requirement are realized, and the technical labor cost and the time cost of network operation and maintenance personnel are greatly reduced;
2. the method is applicable to various types of security gateway equipment of various manufacturers in the current mainstream, and has universality;
3. the whole process is automatic, and personnel participation is not needed.
According to the security gateway remote access information processing method provided by the embodiment of the application, the management IP address in the equipment information table is queried according to the demand destination address, and if the demand for opening the equipment management route is not determined according to the query result of the equipment information table, the address pool information table is queried according to the IP address of the demand source; if the address pool information table is determined to have the data matched with the IP address of the demand source, inquiring the routing information table according to the demand destination address; if the existing service route is determined according to the route information table query result and the existing resource information is queried according to the IP address of the demand source, a first prompt message which does not need to open the security gateway for remote access is generated, the working efficiency of the security gateway for remote access configuration can be improved, and the work can be timely processed.
Further, the querying the existing resource information according to the demand source IP address includes:
and inquiring an address pool information table, a user group role relation table, a role resource relation table and a resource information table according to the IP address of the demand source to obtain resource information associated with the IP address of the demand source. Reference is made to the above description and will not be repeated.
The security gateway remote access information processing method provided by the embodiment of the application can efficiently acquire the resource information associated with the IP address of the demand source.
Further, the security gateway remote access information processing method further comprises the following steps:
if the device management routing requirement is determined to be opened according to the query result of the device information table, the routing information table is queried according to the IP address of the requirement source; reference is made to the above description and will not be repeated.
If the existence of the management route is determined according to the query result of the route information table, a first prompt message which is not required to be accessed remotely by opening the security gateway is directly generated. Reference is made to the above description and will not be repeated.
The security gateway remote access information processing method provided by the embodiment of the application can prompt related personnel in time without opening the security gateway remote access configuration.
Further, the security gateway remote access information processing method further comprises the following steps:
if the management route does not exist according to the query result of the route information table, generating a management route configuration command according to the IP address of the demand source and the port information table; reference is made to the above description and will not be repeated.
And executing the management route configuration command, generating management route configuration information, and generating a second prompt message which needs to open the security gateway for remote access. Reference is made to the above description and will not be repeated.
The security gateway remote access information processing method provided by the embodiment of the application can prompt related personnel to open the security gateway remote access configuration in time.
Further, the security gateway remote access information processing method further comprises the following steps:
if the fact that the data matched with the IP address of the demand source does not exist in the address pool information table is determined, a first prompt message which is not required to be accessed remotely by opening the security gateway is directly generated. Reference is made to the above description and will not be repeated.
The security gateway remote access information processing method provided by the embodiment of the application can prompt related personnel in time without opening the security gateway remote access configuration.
Further, the security gateway remote access information processing method further comprises the following steps:
if no service route exists according to the query result of the route information table, generating a service route configuration command according to the required destination address and the port information table; reference is made to the above description and will not be repeated.
Executing the service route configuration command, generating service route configuration information, and generating a second prompt message for opening the security gateway for remote access; reference is made to the above description and will not be repeated.
And executing the step of inquiring the resource information according to the IP address of the demand source. Reference is made to the above description and will not be repeated.
The security gateway remote access information processing method provided by the embodiment of the application can prompt related personnel to open the security gateway remote access configuration in time.
Further, the security gateway remote access information processing method further comprises the following steps:
if no resource information exists according to the demand source IP address query, generating a configuration command for creating the resource information according to the demand destination address; reference is made to the above description and will not be repeated.
Executing a configuration command for creating the resource information, generating the resource configuration information, and generating a second prompt message for opening the remote access of the security gateway. Reference is made to the above description and will not be repeated.
The security gateway remote access information processing method provided by the embodiment of the application can prompt related personnel to open the security gateway remote access configuration in time.
It should be noted that, the security gateway remote access information processing method provided by the embodiment of the application can be used in the financial field, and also can be used in any technical field except the financial field.
Fig. 5 is a schematic structural diagram of a security gateway remote access information processing apparatus according to an embodiment of the present application, and as shown in fig. 5, the security gateway remote access information processing apparatus according to an embodiment of the present application includes a determining unit 501, a querying unit 502, and a generating unit 503, where:
the determining unit 501 is configured to query the management IP address in the device information table according to the required destination address, and if it is determined that the device management routing requirement is not opened according to the device information table query result, query the address pool information table according to the requirement source IP address; the query unit 502 is configured to query the routing information table according to the demand destination address if it is determined that the address pool information table has data matching the demand source IP address; the generating unit 503 is configured to generate a first prompting message without opening a security gateway for remote access if the routing of the presence service is determined according to the query result of the routing information table, and the presence resource information is queried according to the IP address of the source of demand.
Specifically, the determining unit 501 in the apparatus is configured to query the management IP address in the device information table according to the required destination address, and if it is determined that the device management routing requirement is not opened according to the device information table query result, query the address pool information table according to the requirement source IP address; the query unit 502 is configured to query the routing information table according to the demand destination address if it is determined that the address pool information table has data matching the demand source IP address; the generating unit 503 is configured to generate a first prompting message without opening a security gateway for remote access if the routing of the presence service is determined according to the query result of the routing information table, and the presence resource information is queried according to the IP address of the source of demand.
The security gateway remote access information processing device provided by the embodiment of the application queries the management IP address in the equipment information table according to the demand destination address, and if the equipment management routing demand is not opened according to the query result of the equipment information table, queries the address pool information table according to the demand source IP address; if the address pool information table is determined to have the data matched with the IP address of the demand source, inquiring the routing information table according to the demand destination address; if the existing service route is determined according to the route information table query result and the existing resource information is queried according to the IP address of the demand source, a first prompt message which does not need to open the security gateway for remote access is generated, the working efficiency of the security gateway for remote access configuration can be improved, and the work can be timely processed.
Further, the generating unit 503 is specifically configured to:
and inquiring an address pool information table, a user group role relation table, a role resource relation table and a resource information table according to the IP address of the demand source to obtain resource information associated with the IP address of the demand source.
The security gateway remote access information processing method provided by the embodiment of the application can efficiently acquire the resource information associated with the IP address of the demand source.
Further, the security gateway remote access information processing apparatus is further configured to:
if the device management routing requirement is determined to be opened according to the query result of the device information table, the routing information table is queried according to the IP address of the requirement source;
if the existence of the management route is determined according to the query result of the route information table, a first prompt message which is not required to be accessed remotely by opening the security gateway is directly generated.
The security gateway remote access information processing method provided by the embodiment of the application can prompt related personnel in time without opening the security gateway remote access configuration.
Further, the security gateway remote access information processing apparatus is further configured to:
if the management route does not exist according to the query result of the route information table, generating a management route configuration command according to the IP address of the demand source and the port information table;
and executing the management route configuration command, generating management route configuration information, and generating a second prompt message which needs to open the security gateway for remote access.
The security gateway remote access information processing method provided by the embodiment of the application can prompt related personnel to open the security gateway remote access configuration in time.
Further, the security gateway remote access information processing apparatus is further configured to:
if the fact that the data matched with the IP address of the demand source does not exist in the address pool information table is determined, a first prompt message which is not required to be accessed remotely by opening the security gateway is directly generated.
The security gateway remote access information processing method provided by the embodiment of the application can prompt related personnel in time without opening the security gateway remote access configuration.
Further, the security gateway remote access information processing apparatus is further configured to:
if no service route exists according to the query result of the route information table, generating a service route configuration command according to the required destination address and the port information table;
executing the service route configuration command, generating service route configuration information, and generating a second prompt message for opening the security gateway for remote access;
and executing the step of inquiring the resource information according to the IP address of the demand source.
The security gateway remote access information processing method provided by the embodiment of the application can prompt related personnel to open the security gateway remote access configuration in time.
Further, the security gateway remote access information processing apparatus is further configured to:
if no resource information exists according to the demand source IP address query, generating a configuration command for creating the resource information according to the demand destination address;
executing a configuration command for creating the resource information, generating the resource configuration information, and generating a second prompt message for opening the remote access of the security gateway.
The security gateway remote access information processing method provided by the embodiment of the application can prompt related personnel to open the security gateway remote access configuration in time.
The embodiment of the present application provides a processing flow of a security gateway remote access information processing device, which may be specifically used to execute the above embodiments of the method, and the functions thereof are not described herein in detail, and may refer to the detailed description of the above embodiments of the method.
Fig. 6 is a schematic diagram of an entity structure of an electronic device according to an embodiment of the present application, as shown in fig. 6, where the electronic device includes: a processor (processor) 601, a memory (memory) 602, and a bus 603;
wherein, the processor 601 and the memory 602 complete communication with each other through the bus 603;
the processor 601 is configured to invoke program instructions in the memory 602 to perform the methods provided in the above method embodiments, for example, including:
inquiring a management IP address in the equipment information table according to the demand destination address, and inquiring an address pool information table according to the demand source IP address if the demand for opening the equipment management route is determined not to be met according to the inquiry result of the equipment information table;
if the address pool information table is determined to have the data matched with the IP address of the demand source, inquiring the routing information table according to the demand destination address;
if the existing service route is determined according to the route information table query result and the existing resource information is queried according to the IP address of the demand source, a first prompt message which is not required to open the security gateway for remote access is generated.
The present embodiment discloses a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, are capable of performing the methods provided by the above-described method embodiments, for example comprising:
inquiring a management IP address in the equipment information table according to the demand destination address, and inquiring an address pool information table according to the demand source IP address if the demand for opening the equipment management route is determined not to be met according to the inquiry result of the equipment information table;
if the address pool information table is determined to have the data matched with the IP address of the demand source, inquiring the routing information table according to the demand destination address;
if the existing service route is determined according to the route information table query result and the existing resource information is queried according to the IP address of the demand source, a first prompt message which is not required to open the security gateway for remote access is generated.
The present embodiment provides a computer-readable storage medium storing a computer program that causes the computer to execute the methods provided by the above-described method embodiments, for example, including:
inquiring a management IP address in the equipment information table according to the demand destination address, and inquiring an address pool information table according to the demand source IP address if the demand for opening the equipment management route is determined not to be met according to the inquiry result of the equipment information table;
if the address pool information table is determined to have the data matched with the IP address of the demand source, inquiring the routing information table according to the demand destination address;
if the existing service route is determined according to the route information table query result and the existing resource information is queried according to the IP address of the demand source, a first prompt message which is not required to open the security gateway for remote access is generated.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In the description of the present specification, reference to the terms "one embodiment," "one particular embodiment," "some embodiments," "for example," "an example," "a particular example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The foregoing description of the embodiments has been provided for the purpose of illustrating the general principles of the application, and is not meant to limit the scope of the application, but to limit the application to the particular embodiments, and any modifications, equivalents, improvements, etc. that fall within the spirit and principles of the application are intended to be included within the scope of the application.

Claims (10)

1. A security gateway remote access information processing method, comprising:
inquiring a management IP address in the equipment information table according to the demand destination address, and inquiring an address pool information table according to the demand source IP address if the demand for opening the equipment management route is determined not to be met according to the inquiry result of the equipment information table;
if the address pool information table is determined to have the data matched with the IP address of the demand source, inquiring the routing information table according to the demand destination address;
if the existing service route is determined according to the route information table query result and the existing resource information is queried according to the IP address of the demand source, a first prompt message which is not required to open the security gateway for remote access is generated.
2. The security gateway remote access information processing method according to claim 1, wherein the querying presence resource information according to the demand source IP address includes:
and inquiring an address pool information table, a user group role relation table, a role resource relation table and a resource information table according to the IP address of the demand source to obtain resource information associated with the IP address of the demand source.
3. The security gateway remote access information processing method according to claim 1, characterized in that the security gateway remote access information processing method further comprises:
if the device management routing requirement is determined to be opened according to the query result of the device information table, the routing information table is queried according to the IP address of the requirement source;
if the existence of the management route is determined according to the query result of the route information table, a first prompt message which is not required to be accessed remotely by opening the security gateway is directly generated.
4. The security gateway remote access information processing method according to claim 3, characterized in that the security gateway remote access information processing method further comprises:
if the management route does not exist according to the query result of the route information table, generating a management route configuration command according to the IP address of the demand source and the port information table;
and executing the management route configuration command, generating management route configuration information, and generating a second prompt message which needs to open the security gateway for remote access.
5. The security gateway remote access information processing method according to claim 1, characterized in that the security gateway remote access information processing method further comprises:
if the fact that the data matched with the IP address of the demand source does not exist in the address pool information table is determined, a first prompt message which is not required to be accessed remotely by opening the security gateway is directly generated.
6. The security gateway remote access information processing method according to claim 1, characterized in that the security gateway remote access information processing method further comprises:
if no service route exists according to the query result of the route information table, generating a service route configuration command according to the required destination address and the port information table;
executing the service route configuration command, generating service route configuration information, and generating a second prompt message for opening the security gateway for remote access;
and executing the step of inquiring the resource information according to the IP address of the demand source.
7. The security gateway remote access information processing method according to claim 1, characterized in that the security gateway remote access information processing method further comprises:
if no resource information exists according to the demand source IP address query, generating a configuration command for creating the resource information according to the demand destination address;
executing a configuration command for creating the resource information, generating the resource configuration information, and generating a second prompt message for opening the remote access of the security gateway.
8. A security gateway remote access information processing apparatus, comprising:
the determining unit is used for inquiring the management IP address in the equipment information table according to the demand destination address, and inquiring the address pool information table according to the demand source IP address if the equipment management routing demand is not opened according to the inquiring result of the equipment information table;
the query unit is used for querying the routing information table according to the demand destination address if the data matched with the demand source IP address exists in the address pool information table;
and the generating unit is used for generating a first prompt message which does not need to open the security gateway for remote access if the route of the service exists according to the query result of the route information table and the information of the resource exists according to the IP address of the demand source.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method of any one of claims 1 to 7 when the computer program is executed by the processor.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method according to any one of claims 1 to 7.
CN202310689379.0A 2023-06-12 2023-06-12 Security gateway remote access information processing method and device Pending CN116708401A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310689379.0A CN116708401A (en) 2023-06-12 2023-06-12 Security gateway remote access information processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310689379.0A CN116708401A (en) 2023-06-12 2023-06-12 Security gateway remote access information processing method and device

Publications (1)

Publication Number Publication Date
CN116708401A true CN116708401A (en) 2023-09-05

Family

ID=87828804

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310689379.0A Pending CN116708401A (en) 2023-06-12 2023-06-12 Security gateway remote access information processing method and device

Country Status (1)

Country Link
CN (1) CN116708401A (en)

Similar Documents

Publication Publication Date Title
CN111488595B (en) Method for realizing authority control and related equipment
CN112615849A (en) Micro-service access method, device, equipment and storage medium
CN101552801B (en) A method and system for on-line browsing and downloading the address-book of user group
CN106127038B (en) A kind of processing method and system of blacklist
CN107135661A (en) Data processing method, device, system and information collecting device
CN102834823B (en) Data management at catalog data base
CN112217656B (en) Method and device for synchronizing configuration information of network equipment in SD-WAN (secure digital-to-Wide area network) system
US8767564B2 (en) Field communication system and field communication method
CN112367211B (en) Method, device and storage medium for generating configuration template by device command line
CN110147684A (en) For realizing the method and apparatus of block chain data-privacy protection
CN110266517A (en) External service call method, device and terminal device based on gateway
CN107431879A (en) The method and apparatus that expiry notification receives request are handled in a wireless communication system
CN115309566A (en) Dynamic management method and system for service interface
CN105100002B (en) The operating method and device of attribute
CN109271807A (en) The data safety processing method and system of database
CN114548833A (en) Integrated intelligent operation and maintenance control method, system and operation and maintenance platform
US20150281217A1 (en) Authentication of network nodes
CN114285852A (en) Service calling method and device based on multi-stage service platform
CN106874371A (en) A kind of data processing method and device
CN103957173B (en) semantic switch
CN110445765B (en) Data sharing method based on block chain, terminal device and medium
CN116708401A (en) Security gateway remote access information processing method and device
CN115757589A (en) Data exchange and sharing method and device of database and readable storage medium
KR102314557B1 (en) System for managing security control and method thereof
CN105631559A (en) Enterprise information management system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination