CN203896379U - Firewall system with reliable access control performance - Google Patents
Firewall system with reliable access control performance Download PDFInfo
- Publication number
- CN203896379U CN203896379U CN201420268524.4U CN201420268524U CN203896379U CN 203896379 U CN203896379 U CN 203896379U CN 201420268524 U CN201420268524 U CN 201420268524U CN 203896379 U CN203896379 U CN 203896379U
- Authority
- CN
- China
- Prior art keywords
- firewall
- external
- internal
- access control
- management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Abstract
The utility model relates to a firewall system with reliable access control performance. The system comprises an external firewall, an internal firewall, an external switch, an internal switch, and a router. The router is connected with the internal switch through the external firewall, the external switch, and the internal firewall. The system is characterized by adding an external management server, an internal management server, and a plurality of DMZ servers. The external management server is connected with the management port of the external firewall. The plurality of DMZ servers are connected with the Ethernet ports of the external switch. The internal management server is connected with the management port of the internal firewall. Aimed at the external firewall and the internal firewall, the system is provided with corresponding management servers, realizing physical isolation of the firewalls and the management servers, satisfying requirements of external Internet on local area network access request, and satisfying security needs of protecting internal networks. The firewall system with reliable access control performance is flexible in access control and high in security, and is practical and convenient.
Description
Technical field
The utility model relates to a kind of firewall system with reliable access control performance, belongs to computer network facility technical field.
Background technology
In recent years, flourish along with the Internet financial industry, the responsive critical data needing protection is more and more, and the fail safe of local area network is had higher requirement.In order to ensure availability; make external system use internal server with good conditionsi; adopt single many DMZ of fire compartment wall structure of supporting multiple interfaces; single fire compartment wall will carry the task of the different demands for security in military area and multiple non-military regions; the numerous configurations of access control rule are complicated on the one hand, on the other hand numerous tasks of different demands for security are positioned over to protection itself under same barrier and just have potential safety hazard.Adopt the system of two fire rated wall structures, administration module and FWSM are all positioned in fire compartment wall, do not realize the physical isolation of firewall management and enforcement, caused potential safety hazard, this local area network system safety has proposed stern challenge, has affected the fail safe of whole LAN system.
Utility model content
The purpose of this utility model is for the deficiencies in the prior art, provides a kind of access control flexible, safe, the practical and convenient firewall system with reliable access control performance.Its technical scheme is:
A kind of firewall system with reliable access control performance, comprise external firewall, interior firewall, external switch, inner exchanging machine and router, wherein router is successively through external firewall, external switch and interior firewall connect inner exchanging machine, inner exchanging machine connects internal network, it is characterized in that: set up external management server, internal control server and multiple DMZ server, wherein external management server connects the management mouth of external firewall, multiple DMZ servers all connect the Ethernet mouth of external switch, internal control server connects the management mouth of interior firewall.
The described firewall system with reliable access control performance, DMZ server adopts 2~46.
Compared with prior art, its advantage is the utility model:
1, be respectively equipped with corresponding management server for inside and outside two fire compartment walls, realized the physical isolation of fire compartment wall and management server, improved fail safe.
2, DMZ server is used for providing external service, each DMZ server all can be considered an independently non-military region, the data that enter this region from external the Internet only need and be filtered through the inspection of external firewall, and access control rule is relatively loose, allows outer computer to initiate access; The internet of connection route device and the exchanges data being connected between the internal network of internal exchanger, just need to all be filtered and check at inside and outside two fire compartment wall places, access control rule is strict, and do not allow the computer in external the Internet initiatively to access internal network, control flexibly, safe, practical and convenient.
3, many DMZ server is suitable for there is the situation that service is externally provided compared with multiserver, each server all forms a DMZ, for the demand for security of different server, different access control strategy is set, data flow is filtered and controls according to the mobile interval difference of data, between different DMZ servers, forbidden data flows, and can control very subtly data.
4, two fire rated wall structures have met the needs of the access request of outside Ethernet local area network, have met again the security needs of protection internal network.
Brief description of the drawings
Fig. 1 is the circuit connection diagram of the utility model embodiment.
In Fig. 1: 1, external firewall 2, interior firewall 3, external switch 4, inner exchanging machine 5, router 6, external management server 7, internal control server 8, DMZ server.
Embodiment
Below in conjunction with accompanying drawing, the utility model is described in further detail:
In the embodiment shown in fig. 1: comprise external firewall 1, interior firewall 2, external switch 3, inner exchanging machine 4 and router five, wherein router five connects inner exchanging machine 4 through external firewall 1, external switch 3, interior firewall 2 successively, external management server 6,7 and 2 DMZ servers 8 of internal control server are set up, wherein external management server 6 connects the management mouth of external firewall 1, multiple DMZ servers 8 all connect the Ethernet mouth of external switch 3, and internal control server 7 connects the management mouth of interior firewall 2.
Claims (2)
1. one kind has the firewall system of reliable access control performance, comprise external firewall (1), interior firewall (2), external switch (3), inner exchanging machine (4) and router (5), wherein router (5) is successively through external firewall (1), external switch (3) and interior firewall (2) connect inner exchanging machine (4), it is characterized in that: set up external management server (6), internal control server (7) and multiple DMZ server (8), wherein external management server (6) connects the management mouth of external firewall (1), multiple DMZ servers (8) all connect the Ethernet mouth of external switch (3), internal control server (7) connects the management mouth of interior firewall (2).
2. the firewall system with reliable access control performance according to claim 1, is characterized in that: DMZ server (8) adopts 2~46.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201420268524.4U CN203896379U (en) | 2014-05-23 | 2014-05-23 | Firewall system with reliable access control performance |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201420268524.4U CN203896379U (en) | 2014-05-23 | 2014-05-23 | Firewall system with reliable access control performance |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN203896379U true CN203896379U (en) | 2014-10-22 |
Family
ID=51722731
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201420268524.4U Expired - Fee Related CN203896379U (en) | 2014-05-23 | 2014-05-23 | Firewall system with reliable access control performance |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN203896379U (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107659582A (en) * | 2017-10-27 | 2018-02-02 | 李刚 | A kind of depth defense system for successfully managing APT attacks |
| CN113364734A (en) * | 2021-04-29 | 2021-09-07 | 通富微电子股份有限公司 | Internal network protection method and system |
-
2014
- 2014-05-23 CN CN201420268524.4U patent/CN203896379U/en not_active Expired - Fee Related
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107659582A (en) * | 2017-10-27 | 2018-02-02 | 李刚 | A kind of depth defense system for successfully managing APT attacks |
| CN107659582B (en) * | 2017-10-27 | 2023-08-08 | 李刚 | Deep defense system for effectively treating APT attack |
| CN113364734A (en) * | 2021-04-29 | 2021-09-07 | 通富微电子股份有限公司 | Internal network protection method and system |
| CN113364734B (en) * | 2021-04-29 | 2022-07-26 | 通富微电子股份有限公司 | Internal network protection method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106612225B (en) | Openstack-based agent deployment system and method | |
| CN104301321B (en) | A kind of method and system for realizing distributed network security protection | |
| WO2014133586A3 (en) | System and method for rapid link failure handling | |
| WO2011113394A3 (en) | Router, virtual cluster routers system and establishing method thereof | |
| WO2014184671A3 (en) | Systems and methods for efficient network security adjustment | |
| CN104506614B (en) | A kind of design method at the more live data centers of distribution based on cloud computing | |
| EP4258720A3 (en) | Small cell network architecture for servicing multiple network operations | |
| CN106302371A (en) | A kind of firewall control method based on subscriber service system and system | |
| CN203896379U (en) | Firewall system with reliable access control performance | |
| CN105245504A (en) | North-south flow safety protection system in cloud computing network | |
| CN103067270A (en) | Virtual machine exchange visit safety control method and device | |
| CN103096033A (en) | Power distribution surveillance video data transmission system based on metropolitan area network distributed architecture and control method | |
| CN110417725B (en) | Multi-layer cooperative defense model suitable for source network load control private network | |
| US10728171B2 (en) | Governing bare metal guests | |
| CN205142265U (en) | Network protection device suitable for data processing amount is big | |
| CN205142271U (en) | Adoption has network security protector of switch of preventing hot wall function | |
| CN210536668U (en) | Network system based on wireless private network router | |
| KR101624294B1 (en) | Dedicated controller for integrated management of united communication outlet switch | |
| CN106685924A (en) | Network security detection system based on firewall | |
| CN205486301U (en) | E -Government platform data management system | |
| CN205142275U (en) | Adopt transportation industry network protection device of distributed switching machine | |
| CN106559322B (en) | A kind of security protection gateway based on more Godson parallel processing architectures | |
| CN107196802A (en) | A kind of Outband network management system | |
| CN104052665A (en) | Method and equipment for determining flow forwarding path | |
| CN202918332U (en) | Communication network system for deploying security proxy server in transparent mode |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20141022 Termination date: 20150523 |
|
| EXPY | Termination of patent right or utility model |