CN1324867C - Route exchanger of integrated fire proof wall - Google Patents
Route exchanger of integrated fire proof wall Download PDFInfo
- Publication number
- CN1324867C CN1324867C CNB2003101103308A CN200310110330A CN1324867C CN 1324867 C CN1324867 C CN 1324867C CN B2003101103308 A CNB2003101103308 A CN B2003101103308A CN 200310110330 A CN200310110330 A CN 200310110330A CN 1324867 C CN1324867 C CN 1324867C
- Authority
- CN
- China
- Prior art keywords
- module
- fwsm
- switching module
- compartment wall
- fire compartment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
- 238000012545 processing Methods 0.000 claims abstract description 12
- 230000005540 biological transmission Effects 0.000 claims description 2
- 238000004891 communication Methods 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 6
- 238000012423 maintenance Methods 0.000 description 3
- 230000006855 networking Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000000034 method Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention relates to a route exchanger of an integrated firewall, which comprises a master control module, a back board, a switching module and a firewall module, wherein a control channel and a data channel are arranged on the back board, the switching module is provided with internet physical ports and an intranet port, and the firewall module is provided with an intranet, a demilitarized zone (DMZ) and an internet interface; the master control module of the route exchanger respectively configures a forwarding chip of the switching module and a processing unit of the firewall module through the control channel of the back board, the switching module and the firewall module transfer data through the data channel of the back board, and the internet physical ports of the switching module are positioned at the intranet, the DMZ and the internet interface of the firewall module. The present invention can simplify network structures, reduce network devices, reduce network investments and enhance network stability. The present invention can be broadly applied to the field of data communication.
Description
Affiliated technical field:
The invention belongs to data communication field, relate in particular to a kind of multi-layer switches of integrated fire compartment wall.
Background technology:
Along with the scale of IP data communications net is increasing, level is more and more, and operation maintenance cost also goes up thereupon, and the maintenance management technology is also complicated more, operator wishes that IP Telecommunication Network is simple more, reliable, can safeguard, so that the network configuration flattening is an operator is desirable.
Multi-layer switches combine the high bandwidth and the complicated flexible processing ability of router of switch, can replace them, are widely used in network design, have promoted the flattening of network configuration widely.
Internet worm forces fire compartment wall to become the essential equipment of enterprise network with attack, and common fire compartment wall generally as the outlet of enterprise network, filters virus, takes precautions against functions such as attack and execution encryption, deciphering, the protection enterprise information security.
The introducing of fire compartment wall has increased enterprise information security, but has increased network configuration level and maintenance complexity, has also reduced the enterprise network outlet bandwidth simultaneously, has also increased many network investments.
Enterprise network typical case fire compartment wall networking structure as shown in Figure 1, firewall box has interior network interface, three kinds of network interfaces of DMZ (demilitarized zone) and outer network interface, the fire compartment wall major function is to protect Intranet.
The key point that is connected to become network egress between fire compartment wall and the internal network, for reliability and the fail safe that strengthens network, as shown in Figure 2, important enterprise network generally at export deployment redundancy, backup fire compartment wall, has increased network complexity and cost widely.
Summary of the invention:
The object of the present invention is to provide a kind of multi-layer switches of integrated fire compartment wall, simplify network configuration, reduce the network equipment, reduce network investment, strengthen stability of network.
The multi-layer switches of integrated fire compartment wall of the present invention comprise the master control module and the backboard of multi-layer switches, establish control channel and data channel on the backboard; Switching Module; And FWSM; Wherein Switching Module is established network physical port and Intranet port; FWSM is established Intranet, DMZ and outer network interface; The master control module of multi-layer switches is configured the route switching processing unit of Switching Module and the fire compartment wall processing unit of FWSM by the control channel of backboard; Switching Module and FWSM are by the data channel Data transmission of backboard.
FWSM itself can not established Intranet, DMZ and outer network interface, and the network physical port of Switching Module is defined as the Intranet of FWSM, DMZ and outer network interface.
Switching Module and FWSM are respectively established CPU, and the master control module of multi-layer switches is connected with each CPU by backboard control channel, and the route switching processing unit of Switching Module and the fire compartment wall processing unit of FWSM are configured respectively.
The present invention is with the business module of fire compartment wall as the frame switch, in the control plane and datum plane that the control plane and the datum plane of fire compartment wall is incorporated into switch (as shown in Figure 3), that routing and switching function and firewall functionality is integrated in an equipment.The multi-layer switches of integrated fire compartment wall can be simplified network configuration, reduce the network equipment, reduce network investment, owing to there has not been the connection line of fire compartment wall and internal network, have reduced the possible critical failure point of network, have strengthened stability of network.
Description of drawings:
Fig. 1 enterprise network typical case fire compartment wall networking structure schematic diagram
The 1---router; The 2---multi-layer switches; The 3---fire compartment wall;
Fig. 2 disposes the enterprise network typical case fire compartment wall networking structure schematic diagram of redundancy, backup fire compartment wall
The 4---active link; The 5---reserve link;
Fig. 3 structural representation of the present invention
Fig. 4 logical construction block diagram of the present invention
Fig. 5 fire compartment wall processing unit of the present invention configuration schematic diagram
Fig. 6 data flow of the present invention, control flows schematic diagram
Embodiment:
As shown in Figure 4, be logic diagram of the present invention.
The control of fire compartment wall is finished by the CPU of this module board, and the manager signs in to the CPU of FWSM by the control structure passage of architecture for exchanging, thereby the fire compartment wall processing unit is configured.
The function of fire compartment wall comprises filtration, ACL, NAT, VPN, IDS and encrypting and decrypting, the configuration management order is very many, and its configuration management mode is also different with switch, so two kinds of configurations should not be mixed, but under same interface, provide two configuration surroundings, come configuration switch and fire compartment wall respectively, as shown in Figure 5.
For streamlining management and system complexity, FWSM itself does not externally provide physical network port, but fire compartment wall still has in-house network, DMZ and three kinds of interfaces of extranets, these three kinds of interfaces use the physical network port of other Switching Modules, and the port that can define as required on the Switching Module is certain interface of fire compartment wall.
As shown in Figure 6, enter switch from the packet of outer net Internet from the outer net port, by the high-speed data channel on forwarding chip and the backboard, Switching Module is given FWSM with packet; FWSM to data filter etc. handle after, safe data are delivered to Switching Module by backboard; Switching Module is given the enterprise network Intranet user packet by the Intranet port, and data communication internal by this flow process fire compartment wall, outer network has played the effect of monitoring, has protected the information security of Intranet.
Claims (3)
1, a kind of multi-layer switches of integrated fire compartment wall comprise the master control module and the backboard of multi-layer switches, establish control channel and data channel on the backboard; Switching Module is established network physical port and Intranet port; It is characterized in that also comprising FWSM; FWSM is established Intranet, DMZ and outer network interface; The master control module of multi-layer switches is configured the route switching processing unit of Switching Module and the fire compartment wall processing unit of FWSM by the control channel of backboard; Switching Module and FWSM are by the data channel Data transmission of backboard.
2, the multi-layer switches of integrated fire compartment wall as claimed in claim 1 is characterized in that FWSM itself can not establish Intranet, DMZ and outer network interface, and the network physical port of Switching Module is orientated the Intranet of FWSM, DMZ and outer network interface as.
3, the multi-layer switches of integrated fire compartment wall as claimed in claim 1 or 2, it is characterized in that Switching Module and FWSM respectively establish CPU, the master control module of multi-layer switches is connected with each CPU by backboard control channel, and the route switching processing unit of Switching Module and the fire compartment wall processing unit of FWSM are configured respectively.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2003101103308A CN1324867C (en) | 2003-12-30 | 2003-12-30 | Route exchanger of integrated fire proof wall |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2003101103308A CN1324867C (en) | 2003-12-30 | 2003-12-30 | Route exchanger of integrated fire proof wall |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1556633A CN1556633A (en) | 2004-12-22 |
| CN1324867C true CN1324867C (en) | 2007-07-04 |
Family
ID=34335582
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2003101103308A Expired - Lifetime CN1324867C (en) | 2003-12-30 | 2003-12-30 | Route exchanger of integrated fire proof wall |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1324867C (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100444582C (en) * | 2006-01-24 | 2008-12-17 | 杭州华三通信技术有限公司 | Switching device with firewall function |
| WO2008046317A1 (en) * | 2006-10-17 | 2008-04-24 | Hangzhou H3C Technologies Co., Ltd. | System of implementing the integration of different components, network forwarding component and independent application component |
| CN100479368C (en) * | 2007-06-15 | 2009-04-15 | 中兴通讯股份有限公司 | Switcher firewall plug board |
| CN106131020B (en) * | 2016-07-17 | 2020-05-01 | 合肥赑歌数据科技有限公司 | Firewall virtualization module and management method |
| CN106603523A (en) * | 2016-12-09 | 2017-04-26 | 北京东土军悦科技有限公司 | Message forwarding method and network switching device |
| CN107918375A (en) * | 2017-12-15 | 2018-04-17 | 航天晨光股份有限公司 | A kind of equipment high in the clouds monitoring management system |
| CN115733721A (en) * | 2021-08-31 | 2023-03-03 | 台湾联想环球科技股份有限公司 | Network management device, network management system, and network management method |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1075695C (en) * | 1996-09-02 | 2001-11-28 | 北京天融信网络安全技术有限公司 | Fireproof wall system |
-
2003
- 2003-12-30 CN CNB2003101103308A patent/CN1324867C/en not_active Expired - Lifetime
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1075695C (en) * | 1996-09-02 | 2001-11-28 | 北京天融信网络安全技术有限公司 | Fireproof wall system |
Non-Patent Citations (3)
| Title |
|---|
| 新一代路由器-路由交换机 翁惠玉,杨传厚,数据通信,第2期 1999 * |
| 新型骨干数据交换机的结构特点 陆明,徐川零,通信世界 2001 * |
| 新型骨干数据交换机的结构特点 陆明,徐川零,通信世界 2001;新一代路由器-路由交换机 翁惠玉,杨传厚,数据通信,第2期 1999 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1556633A (en) | 2004-12-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9225683B2 (en) | Integrated security switch | |
| US8737398B2 (en) | Communication module with network isolation and communication filter | |
| US8199754B2 (en) | Intrusion prevention system edge controller | |
| US8893256B2 (en) | System and method for protecting CPU against remote access attacks | |
| CN100426794C (en) | Method for processing data stream between different fire-proof walls | |
| US20070058641A1 (en) | Enterprise physical layer switch | |
| US8479275B1 (en) | Secure high-throughput data-center network employing routed firewalls | |
| KR20040086807A (en) | Assisted port monitoring with distributed filtering | |
| CN102427429B (en) | A kind of realize the method for switch built-in message security protection, system and switch | |
| CN204392296U (en) | Secure isolation gateway in a kind of industrial control network | |
| CN1324867C (en) | Route exchanger of integrated fire proof wall | |
| CN213521957U (en) | Network access system based on digital ship network security | |
| CN2669499Y (en) | Route exchanger | |
| CN103812768A (en) | High-performance network data processing platform system | |
| CN1809035A (en) | Novel firewall device integrating routing and switching function | |
| CN100393047C (en) | Intrusion detecting system and network apparatus linking system and method | |
| US7509520B1 (en) | Network interface device having bypass capability | |
| CN202406132U (en) | Switch | |
| CN201957045U (en) | Switch with firewall and routing functions | |
| US7877505B1 (en) | Configurable resolution policy for data switch feature failures | |
| Cisco | Configuring SPAN | |
| Cisco | Configuring SPAN | |
| EP1645098A1 (en) | Mechanism and coupling device, so-called secure switch, for securing a data access | |
| Leischner et al. | Security through VLAN segmentation: Isolating and securing critical assets without loss of usability | |
| CN212935935U (en) | Network security front-end processing device of urban rail transit comprehensive monitoring system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: HUAWEI TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: GANGWAN NETWORK CO., LTD. Effective date: 20061020 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20061020 Address after: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Applicant after: HUAWEI TECHNOLOGIES Co.,Ltd. Address before: 100089, No. 21 West Third Ring Road, Beijing, Haidian District, Long Ling Building, 13 floor Applicant before: Harbour Networks Holdings Ltd. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CX01 | Expiry of patent term |
Granted publication date: 20070704 |
|
| CX01 | Expiry of patent term |