CN1549151A - Network enclosed flow direction controlling apparatus - Google Patents
Network enclosed flow direction controlling apparatus Download PDFInfo
- Publication number
- CN1549151A CN1549151A CNA03123786XA CN03123786A CN1549151A CN 1549151 A CN1549151 A CN 1549151A CN A03123786X A CNA03123786X A CN A03123786XA CN 03123786 A CN03123786 A CN 03123786A CN 1549151 A CN1549151 A CN 1549151A
- Authority
- CN
- China
- Prior art keywords
- port
- network
- condition
- package
- fire wall
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The network package flow direction controller includes the first connection port to outer network; the second connection port to inner network; the third connection port to the outward connection port of fire wall; the fourth port to the inward connection port of fire wall; and the processing unit, which includes the first filter module to judge whether the information package from the outer network coincides with the first condition, the second filter module to judge whether the information package from the inner network coincides with the second condition, and the first bridging module to transmit the package coinciding with the first condition to the inner network via the second connection port and transmit the package coinciding with the second condition to the fire wall via the third connection port.
Description
[technical field]
The present invention relates to a kind of control device, particularly relate to a kind of can be applicable to one be provided with a fire wall internal network and can for particular packet by and possess the network package flow control apparatus of firewall functionality.
[background technology]
As shown in Figure 1; 92 of the world-wide webs (internet) of general now Intranet 91 and outside; be typically provided with a firewall unit 93; except that protection internal network 91 is not subjected to the malicious attack and invasion of other user in the world-wide web 92, can prevent that also Intranet 91 users from externally divulging a secret in Email modes such as (email) without permission.
Except that general filterableness fire wall (filter) and the property acted on behalf of fire wall (proxy), tool network address translation (Network Address Translation, be called for short NAT down) firewall system of function, the user can't learn internal network 91 users' real IP address in the world-wide web 92 owing to can make, and a large amount of virtual IP addresses can be provided and remedy the deficiency of real IP, so also be one of common fire wall design.
But, when internal network 91 user's desires are used the media services of the networking telephone, video signal, online game or other (real-time) interaction in real time in many ways, unless externally use instead into world-wide web common cognitive real IP, otherwise just can't use above-mentioned service, on the contrary, directly externally online once cross over the NAT fire wall, the possibility that suffers external attack is then arranged again.
In addition, the network management personnel also can pass through for the particular packet of this service according to networking telephone fabricator's suggestion open portion Port.But the setting of opening or closing of these Ports not only causes burden to general webmaster personnel, and scale is more had technical difficulty than small enterprise or individual.
[summary of the invention]
Fundamental purpose of the present invention be to provide a kind of for particular packet by and possess the network package flow control apparatus of firewall functionality.
A time purpose of the present invention is wieldy network package flow control apparatus in that a kind of network environment that can directly be installed in the tool firewall functionality is provided.
For achieving the above object, technical scheme of the present invention is as follows:
A kind of network package flow control apparatus, for being arranged at a network environment, this network environment comprises that an external network, an internal network and are positioned at the fire wall between this outside and internal network, and this fire wall also has a Port and an external Port in a couple who passes through for message packet.This control device comprises: one first Port, for being connected to this external network; One second connectivity port is for being connected to this internal network; One the 3rd Port is for the external Port that is connected to this fire wall; One the 4th Port is for the internal connectivity port that is connected to this fire wall; One storage element stores a first condition and a second condition; One processing unit comprises: one first filtering module, and whether the message packet that judgement is imported this first connectivity port from this external network meets this first condition; One second filtering module, whether the message packet that judgement is imported this second connectivity port from this internal network meets this second condition; One first bridge module, this first filtering module is judged that the message packet that meets this first condition bridges to this second connectivity port for exporting this internal network to, and this first filtering module is judged that the message packet that does not meet this first condition bridges to the 3rd Port to export this firewall unit to; And one second bridge module, this second filtering module is judged that the message packet that meets this second condition bridges to this first Port for exporting this external network to, and this second filtering module is judged that the message packet that does not meet this second condition bridges to the 4th Port to export this fire wall to.
Below by most preferred embodiment and accompanying drawing network package flow control apparatus of the present invention is elaborated,
[description of drawings]
Fig. 1 is an existing network system synoptic diagram that is provided with fire wall.
Fig. 2 is the network that a tool firewall system is located in network package flow control apparatus of the present invention preferred embodiment
The environment synoptic diagram.
Fig. 3 is soft, the hardware structure synoptic diagram of this preferred embodiment.
Fig. 4 is the registration package synoptic diagram of voice-over-net service.
Fig. 5 is the implementation step process flow diagram of this preferred embodiment
[embodiment]
As shown in Figure 2; the preferred embodiment of network package flow control apparatus 10 of the present invention; be for being arranged at an existing network environment 100; this network environment 100 comprises that an outside networking 20, an internal network 30 and are positioned at the fire wall 40 of 20,30 of this outside and internal networks; with in guaranteeing that internal network 30 is subjected under the security mechanism of fire wall 40 protection, simultaneously in the outside and 20,30 of internal networks voice-over-net (VOIP) service of interactive real-time is provided.
Outside and internal network 20,30 are example with a world-wide web (internet) and an Intranet (intranet) respectively in the present embodiment, but as have the knack of this skill personage and know, external network 20 does not exceed with Wide Area Networks (WAL) such as world-wide webs that present embodiment is lifted, and can be as LAN (LAN) such as another Intranets yet.
In addition, in network environment shown in Figure 2 100, control device 10 is to borrow an existing ADSL Modem 50 to be connected with 20 of external networks, but this connection line also can be by being provided as dialing and connecting modulator-demodular unit (modem) or wideband cable modem (wideband cable modem) collocation line related, ISDN service circuit, T1 special line or other wired or wireless network entity line system.
Simultaneously, express for asking easy, 30 of control device 10 and internal networks are directly to borrow an existing Ethernet hub 31 (Ethernet hub) to be connected to most platform personal computers 32, but change in the example in other, the effect of hub 31 also can be as token ring (token ring) network system or other designing institute and replaces.31 of control device 10 and hubs then more can be provided with the webserver (server) of an enterprises, and connect one or most hub 31 again by the webserver, and personal computer 32 also can be other suitable equipment that is positioned on the network node and replaces.Fire wall 40 is that the existing server with a tool network address translation (Network AddressTranslation, following abbreviation NAT) function is an example in the present embodiment, and it also connects another existing demilitarized zone, and (De-Militarily Zone, DMZ) server 41.
As shown in Figure 3, the main entity framework of control device 10 comprises a processing unit 11, a storage element 12, a flash memory (flash ROM) 13, one SRAM (SRAM) 14, one first Port 151, one second Port 152, one the 3rd Port 153, one the 4th Port 154, one first end device connectivity port 161 and one second terminal Port 162.Processing unit 11 is the chip of a central processing unit (as Intel 486) or other suitable pattern in the present embodiment, 12 of storage elements are example with a Winchester disk drive (hard-disk), but as disk sheet, tape magnetic such as (tape) storage device, discs optical disc drives such as (CD) or other fix or extraction-type numeral (digital) data storage device also applicable.
As previously mentioned, present embodiment is to be used among Fig. 2 outside and 20,30 of internal networks to set up a voice-over-net (VOIP) that not influenced by firewall system online, and first and second condition 122,123 is also just relevant with voice-over-net package (packet) characteristic.The calling of voice-over-net talks (call session) initialization (initiation) program is to adopt talks initializtion protocol (the Session InitiationProtocol that IEIF formulates in the present embodiment, under be called for short Session Initiation Protocol) carry out, and in talking after both sides confirm to set up, then carry out the transmission of real-time voice data according to real-time application transport agreement (Transport Protocol for Real-Time Application, following abbreviation Real-time Transport Protocol).
According to Session Initiation Protocol, before arbitrary personal computer 32 of internal network 30 carried out the voice-over-net talks with date (figure does not show) of external network 20 for a moment, both sides all must be in advance to a registrar that is positioned at external network 20 rear ends (registry server) its IP of 21 Login Registers and URL address.Wherein, as shown in Figure 4, be sent to UDP (User Datagram Protocol)/IP (InternetProtocol) the agreement package 60 of a representative network voice service of this registrar 21, comprise an IP gauge outfit (header) section 61, one UDP gauge outfit section 62 and a data (payload) section 63.IP gauge outfit section 61 further comprises an address (as the 163.1.1.1 that exemplifies among the figure), source and a destination address (as 140.1.1.1 among the figure), UDP gauge outfit section 62 comprises port, connectivity port number (as 6010 among the figure), source and a purpose Port port number (as 6010 among the figure) of a corresponding application-specific, and 63 of data segments comprise the record relevant with register requirement (as SIP REGISTER among the figure).But what must particularly point out is, an essential meaning number is not all only had at above-mentioned IP address shown in Figure 4 and UDP Port port for illustrating, and also may not meet the relevant regulations of Session Initiation Protocol.
Cooperate shown in Fig. 3,4, first and second condition 122,123 selected is number to be example with the Port port in the UDP/IP package of above-mentioned request registration in the present embodiment, in other words, when the Port port of UDP gauge outfit section in this package No. 62 is 6010, just meet first condition 122 and second condition 123, just can judge that also this package is to belong to the voice-over-net service to own.But it should be noted that above-mentioned first and second condition 122,123 also can comprise as most Ports port number, TCP (Transport Control Protocol) connectivity port port numbers, IP address or other specific program forms.And the voice-over-net that present embodiment is lifted also can be other media formats as the transmission of online game, real-time imaging and other real-time interactive and replaces, and still also do not exceed with these medium, and essence can be applicable to the application program of any real-time or non real-time transmission.
11 of processing units have one first filtering module 111, one second filtering module 112, one first bridge module 113 and one second bridge module 114, with foundation operating system 121 and first to fourth condition 122 to 125, filtering information (information) package also determines its flow direction, and its details is detailed later.
Shown in Fig. 2,3, first to fourth Port 151 to 154 is connected to the modulator-demodular unit 50 1 corresponding connectivity ports (figure does not show) towards external network 20, the hub 31 1 corresponding Ports (figure does not show) of internal network 30, an external Port (figure does not show) of firewall unit 40 respectively, and an external Port of firewall unit 40 (figure does not show).First to fourth connectivity port, 151 to 154 entities are that each is an example with a RJ45 joint in the present embodiment, and it then is provided with corresponding hardware control chip 155,156,157 and 158 in control device 10 inside.
First and second end device connectivity port 161 in the present embodiment, 162 is example with a RS232 joint all, and can optionally be online to the input media 172 that a terminal monitor (monitor) 171 reaches just like keyboard or other suitable pattern respectively, can see through the management interface program 126 that monitor 171 cooperates aforementioned storage element 12 to store for the user, browse the mode of operation that supervises control device 10, respectively pass through the flow direction of control device 10 message packet, and the stored historical record archives 127 of storage element 12 etc., and can further make necessary management operations such as input modification by input media 172.Certainly, control device 10 also can see through internal network 30 and manage operation by 30 1 certain computers on the internal network (webserver as described above).
The part implementation step process flow diagram that below will cooperate preferred embodiment of the present invention shown in Figure 5 is described in further detail with regard to processing unit 11 effect of control device 1O.At first shown in step 701, second Port 152 receives via hub 31 after majority second message packet from a personal computer 32, shown in step 702, second filtering module 112 of processing unit 11 will judge whether this second message packet meets the second condition 123 that aforementioned storage element 12 stores.Shown in step 703, if meet second condition 123 (just belonging to aforementioned networking voice data packet) through judgement, whether then further again judgement meets the 4th condition 125 (its details is detailed later), if through judging that arbitrary package meets the second, the 4th condition 123,125 o'clock simultaneously, second bridge module 114 just blocks this package shown in step 704 and abandons (its details also is detailed later) except that (reject) in second Port 152.If a package only meets second condition 123 and is not inconsistent the 4th condition 125, shown in step 705, second bridge module 114 of control device 10 directly bridges to this package first Port 151 exactly, and shown in step 706 registrar 21 request registration after modulator-demodular unit 50 is sent to external network 20 with package, just cross over the safety control mechanism of fire wall 40 fully, and not reason NAT effect and can't be online with registrar 21.
On the contrary, shown in step 707, if through judging that this message packet from personal computer 32 is not inconsistent second condition 123 (just belonging to the voice-over-net package of application program in addition), second bridge module 114 just directly bridges to this package the 4th Port 154, then shown in step 708, further package is sent to fire wall 40, and shown in step 709, has safety controls such as NAT now by fire wall 40.Then, shown in step 710, fire wall 40 will be sent to the 3rd Port 153 to this package after the safety filtering management and control, by the 3rd Port 153 package is reached first Port 151 shown in the step 711 for another example, then shown in step 712, package is sent to corresponding end (figure does not show) in the external network 20 through modulator-demodular unit 50.
In addition, for the further unwarranted employee of restricted internal network 30 place enterprises uses voice-over-net service contact with foreign countries privately, the the 3rd, the 4th condition 124,125 just is foundation with the pc ip address that employee without permission uses in the present embodiment, when just the IP address of arbitrary package is unauthorized employee pc ip address, just meet the 3rd, the 4th condition 124,125.As described above shown in the step 703,704, if through judging that arbitrary package meets the second, the 4th condition 123,125 o'clock simultaneously, second bridge module 114 just blocks this package and removes and abandon in second Port 152.Simultaneously, this incident also will be recorded in the historical record archives 127 of storage element 12, for webmaster personal management reference.
In like manner, received through modulator-demodular unit 50 by first connectivity port 151 and, will be judged whether this message packet meets first condition 122 by first filtering module 111 of processing unit 11 from arbitrary first information package of external network 20.If meet first condition 122 (just belonging to the voice-over-net package) through judgement, first bridge module 113 of control device 10 just directly bridges to this package second Port 152, is then received by unique individual's computing machine 32 through hub 31.On the contrary, if through judging that this package is not inconsistent first condition 122 (just belonging to the voice-over-net package of application program in addition), first bridge module 113 just bridges to this package the 3rd Port 153, then be sent to fire wall 40 and carry out safety control, and after fire wall 40 is sent to the 4th Port 154, be sent to second Port 152 by the 4th Port 154 again, begin at last to be sent to unique individual's computing machine 32 through hub 31.In addition, if through judging that arbitrary first package meets the first, the 3rd condition 122,124 o'clock simultaneously, first bridge module 113 blocks this package equally and removes and abandon in first Port 151.
Other it should be noted that, in the present embodiment for ease of explanation, first, second condition 122,123 and the 3rd, the 4th condition the 124, the 125th are set identical in twos, but change in the example in other, first, second condition 122,123 and the 3rd, the 4th condition 124,125 also can be partly or entirely different in twos, just for control device 10, lead to external network 20 and lead to 30 liang of reverse directions of internal network from internal network 30 from external network 20, may be different at the control strategy that flows to that the same application package is taked.
By said apparatus, network system configuration and implementation method; the invention provides a kind of networking package flow control apparatus and method; this device can directly be installed in the internal network environment that is provided with firewall box; only need simple wiring just can use; set or network system architecture and need not change any fire wall, so can significantly reduce webmaster personnel's burden or change the required expense of updating apparatus.
Simultaneously, under enforcement of the present invention, still keep safety control functions such as original fire wall such as NAT, and do not have the problem that suffers the external network malicious intrusions or outwards divulge a secret from internal network.Moreover, in preferred embodiment of the present invention, because of transmitting, so more can promote the overall network exchange velocity at specific connectivity port and the open particular path of application program.
Claims (25)
1, a kind of network package flow control apparatus, for being arranged at a network environment, this network environment comprises an external network, one internal network and one is positioned at the fire wall between this outside and internal network, and for reaching from this internal network to most second Datagrams of outside Network Transmission to most first Datagrams of inner Network Transmission from this external network, this fire wall also has a Port and an external connectivity port in one pair, this device comprises: one first Port, one second Port, one the 3rd Port, one the 4th Port, one storage element and a processing unit is characterized in that:
This first Port is for being connected to this external network;
This second Port is for being connected to this internal network;
The 3rd Port is for the external Port that is connected to this fire wall;
The 4th Port is for the internal Port that is connected to this fire wall;
This storage unit stores has a first condition;
This processing unit includes:
One first filtering module judges respectively whether this first information package meets this first condition;
One first bridge module, this first filtering module is judged that respectively this first information package that meets this first condition bridges to this second Port directly to be sent to this internal network, and this first filtering module judged that respectively this first information package that does not meet this first condition bridges to the 3rd Port, carries out management and control with the external Port that is sent to this fire wall by this fire wall.
2, network package flow control apparatus as claimed in claim 1 is characterized in that:
This storage element more stores a second condition, this processing unit then more comprises one second filtering module and one second bridge module, this second filtering module is to judge respectively whether this second message packet meets this second condition, this second bridge module is then judged this second filtering module that respectively this second message packet that meets this second condition bridges to this first connectivity port to be sent to this external network, and this second filtering module judged that respectively this second message packet that does not meet this second condition bridges to the 4th Port, carries out management and control with the internal Port that is sent to this fire wall by this fire wall.
3, network package flow control apparatus as claimed in claim 1 is characterized in that: this device is a network gateway.
4, network package flow control apparatus as claimed in claim 2 is characterized in that: this first condition comprises a predetermined Port port number.
5, network package flow control apparatus as claimed in claim 4 is characterized in that: this second condition comprises a predetermined Port port number.
6, network package flow control apparatus as claimed in claim 5, it is characterized in that: this first condition and second condition are identical.
7, network package flow control apparatus as claimed in claim 2, it is characterized in that: this storage element more stores one the 3rd condition, and this first filtering module judges respectively whether this first information package meets the 3rd condition, and this first bridge module is more judged this first filtering module that then respectively this first information package that meets this first and the 3rd condition simultaneously is in this first Port interception.
8, network package flow control apparatus as claimed in claim 7, it is characterized in that: this storage element more stores one the 4th condition, and this second filtering module judges respectively whether this second message packet meets the 4th condition, and this second bridge module is more judged this second filtering module that then respectively this second message packet that meets this second and the 4th condition simultaneously is in this second Port interception.
9, a kind of network package flows to control program, make this electronic installation be carried out majority for being installed on the electronic installation in the network environment and flow to controlled step, this network environment comprises an external network, one internal network and one is positioned at the fire wall between this outside and internal network, and for reaching from this internal network to most second Datagrams of outside Network Transmission to most first Datagrams of inner Network Transmission from this external network, this fire wall also has a Port and an external connectivity port in one pair, this electronic installation then comprises one for first connectivity port that is connected to this external network, one for second Port that is connected to this internal network, one for the 3rd Port that is connected to the external Port of this fire wall, reach one for the 4th Port that is connected to the internal Port of this fire wall, it is characterized in that these flow to controlled step and comprise:
Judge respectively whether this first information package meets a predetermined first condition;
To bridge to this second connectivity port directly to be sent to this internal network through respectively this first information package that judgement meets this first condition; And
To bridge to the 3rd Port through respectively this first information package that judgement does not meet this first condition, carry out management and control by this fire wall with the external Port that is sent to this fire wall.
10, network package as claimed in claim 9 flows to control program, it is characterized in that:
These flow to controlled step and more comprise:
Judge respectively whether this second message packet meets a predetermined second condition;
To bridge to this first connectivity port to be sent to this external network through respectively this second message packet that judgement meets this second condition; And
To bridge to the 4th Port through respectively this second message packet that judgement does not meet this second condition, carry out management and control by this fire wall with the internal Port that is sent to this fire wall.
11, network package as claimed in claim 10 flows to control program, it is characterized in that this first condition comprises a predetermined Port port number.
12, network package as claimed in claim 11 flows to control program, it is characterized in that this second condition comprises a predetermined Port port number.
13, network package as claimed in claim 12 flows to control program, it is characterized in that this first condition is identical with this second condition.
14, network package as claimed in claim 9 flows to control program, it is characterized in that:
These flow to controlled step and more comprise:
Judge whether each this first information package meets the 3rd a predetermined condition; And
Will be through judging that respectively this first information package that meets this first and the 3rd condition simultaneously is in this first Port interception.
15, network package as claimed in claim 14 flows to control program, it is characterized in that:
These flow to controlled step and more comprise:
Judge respectively whether this second message packet meets the 4th a predetermined condition; And
Will be through judging that respectively this first information package that meets this second and the 4th condition simultaneously is in this second Port interception.
16, a kind of electronic installation is characterized in that its installation and can carry out program as claimed in claim 9.
17, electronic installation as claimed in claim 16 is characterized in that: this electronic installation is a network gateway.
18, electronic installation as claimed in claim 16 is characterized in that: this electronic installation is a computing machine.
19, a kind of network monitoring system, for being arranged between an external network and an internal network, for from this external network to the most first information packages of inner Network Transmission and from this internal network to most second message packet of outside Network Transmission, this system comprises: a fire wall and a package flow control apparatus, it is characterized in that:
This fire wall is positioned between this outside and internal network, and has a Port and an external Port in one pair;
This package flow control apparatus has:
One first Port is for being connected to this external network;
One second Port is for being connected to this internal network;
One the 3rd Port is for the external Port that is connected to this fire wall;
One the 4th Port is for the internal Port that is connected to this fire wall;
One storage element stores a first condition;
One processing unit comprises:
One first filtering module judges respectively whether this first information package meets this first condition;
One first bridge module, this first filtering module is judged that respectively this first information package that meets this first condition bridges to this second connectivity port directly to be sent to this internal network, and this first filtering module judged that respectively this first information package that does not meet this first condition bridges to the 3rd Port, carries out management and control with the external Port that is sent to this fire wall by this fire wall.
20, network monitoring system as claimed in claim 19 is characterized in that:
This storage element more stores a second condition, this processing unit then more comprises one second filtering module and one second bridge module, this second filtering module is to judge respectively whether this second message packet meets this second condition, this second bridge module is then judged this second filtering module that respectively this second message packet that meets this second condition bridges to this first Port to be sent to this external network, and this second filtering module judged that respectively this second message packet that does not meet this second condition bridges to the 4th Port, carries out management and control with the internal Port that is sent to this fire wall by this fire wall.
21, network monitoring system as claimed in claim 20 is characterized in that: this first condition comprises a predetermined Port port number.
22, network monitoring system as claimed in claim 21 is characterized in that: this second condition comprises a predetermined Port port number.
23, network monitoring system as claimed in claim 20 is characterized in that: this first condition and second condition are identical.
24, network monitoring system as claimed in claim 20 is characterized in that:
This storage element more stores one the 3rd condition, and this first filtering module judges respectively whether this first information package meets the 3rd condition, and this first bridge joint module is more judged this first filtering module that then respectively this first information package that meets this first and the 3rd condition simultaneously is in this first Port interception.
25, network monitoring system as claimed in claim 24 is characterized in that:
This storage element more stores one the 4th condition, and this second filtering module judges respectively whether this second message packet meets the 4th condition, and this second bridge joint module is more judged this second filtering module that then respectively this second message packet that meets this second and the 4th condition simultaneously is in this second Port interception.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA03123786XA CN1549151A (en) | 2003-05-21 | 2003-05-21 | Network enclosed flow direction controlling apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA03123786XA CN1549151A (en) | 2003-05-21 | 2003-05-21 | Network enclosed flow direction controlling apparatus |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1549151A true CN1549151A (en) | 2004-11-24 |
Family
ID=34321463
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA03123786XA Pending CN1549151A (en) | 2003-05-21 | 2003-05-21 | Network enclosed flow direction controlling apparatus |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1549151A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101827070A (en) * | 2009-03-06 | 2010-09-08 | 英华达股份有限公司 | Portable communication device |
| CN102143048A (en) * | 2010-01-28 | 2011-08-03 | 鸿富锦精密工业(深圳)有限公司 | Packet forwarding equipment and method for balancing load |
| CN102821027A (en) * | 2011-06-08 | 2012-12-12 | 鸿富锦精密工业(深圳)有限公司 | Customer premise equipment (CPE) and packet forwarding method thereof |
-
2003
- 2003-05-21 CN CNA03123786XA patent/CN1549151A/en active Pending
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101827070A (en) * | 2009-03-06 | 2010-09-08 | 英华达股份有限公司 | Portable communication device |
| CN102143048A (en) * | 2010-01-28 | 2011-08-03 | 鸿富锦精密工业(深圳)有限公司 | Packet forwarding equipment and method for balancing load |
| CN102143048B (en) * | 2010-01-28 | 2014-03-26 | 鸿富锦精密工业(深圳)有限公司 | Packet forwarding equipment and method for balancing load |
| CN102821027A (en) * | 2011-06-08 | 2012-12-12 | 鸿富锦精密工业(深圳)有限公司 | Customer premise equipment (CPE) and packet forwarding method thereof |
| CN102821027B (en) * | 2011-06-08 | 2015-03-11 | 鸿富锦精密工业(深圳)有限公司 | Customer premise equipment (CPE) and packet forwarding method thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8582749B2 (en) | Method and apparatus for connecting packet telephony calls between secure and non-secure networks | |
| US7274684B2 (en) | Method and system for implementing and managing a multimedia access network device | |
| US7254832B1 (en) | Firewall control for secure private networks with public VoIP access | |
| JP4777999B2 (en) | Session controller and operation method thereof | |
| US6978383B2 (en) | Null-packet transmission from inside a firewall to open a communication window for an outside transmitter | |
| US8607323B2 (en) | Method for providing media communication across firewalls | |
| US9531776B2 (en) | Multimedia communication control unit as a secure device for multimedia communication between LAN users and other network users | |
| US6230271B1 (en) | Dynamic policy-based apparatus for wide-range configurable network service authentication and access control using a fixed-path hardware configuration | |
| US7047561B1 (en) | Firewall for real-time internet applications | |
| EP1805616B1 (en) | Methods and systems for automatic denial of service protection in an ip device | |
| US7369537B1 (en) | Adaptive Voice-over-Internet-Protocol (VoIP) testing and selecting transport including 3-way proxy, client-to-client, UDP, TCP, SSL, and recipient-connect methods | |
| US20040085952A1 (en) | Mechanism for implementing Voice Over IP telephony behind network firewalls | |
| US7853996B1 (en) | Methodology, measurements and analysis of performance and scalability of stateful border gateways | |
| CN1549151A (en) | Network enclosed flow direction controlling apparatus | |
| US20040187033A1 (en) | Gateway for use in a network monitoring system to control packet flow to a firewall | |
| EP2141885B1 (en) | Embedded firewall at a telecommunications endpoint | |
| Ackermann et al. | Vulnerabilities and Security Limitations of current IP Telephony Systems | |
| Roedig et al. | Evaluating and improving firewalls for ip-telephony environments | |
| Cisco | Cisco MC3810 - Cisco IOS Release 12.2 XB | |
| Cisco | Configuring Context-Based Access Control | |
| US20050177718A1 (en) | Systems and methods for video transport service | |
| CN1905471A (en) | Active virus detecting protecting system and protecting method thereof | |
| KR20050001125A (en) | system, method and medium for providing VoIP service in Firewall/NAT | |
| Macaulay | What Comes Next?......................... CONTRIBUTING AUTHOR: Lee Wagner | |
| Brady et al. | DEPLOYING A DYNAMIC VOICE-OVER-IP FIREWALL WITH IP TELEPHONY APPLICATIONS |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |