CN217428139U - Firewall device - Google Patents
Firewall device Download PDFInfo
- Publication number
- CN217428139U CN217428139U CN202221237977.1U CN202221237977U CN217428139U CN 217428139 U CN217428139 U CN 217428139U CN 202221237977 U CN202221237977 U CN 202221237977U CN 217428139 U CN217428139 U CN 217428139U
- Authority
- CN
- China
- Prior art keywords
- network
- data
- target network
- unit
- transmission unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The utility model discloses a prevent hot wall equipment. Wherein, this firewall equipment includes: the photoelectric conversion unit is used for acquiring first network data from first network equipment and converting the first network data into target network data, wherein the first network data is an optical signal, and the target network data is an electric signal; the target network cards are connected with the photoelectric conversion units, and are used for transmitting target network data from the photoelectric conversion units to the data transmission units; the data transmission unit is connected with the target network cards and is used for transmitting the target network data from the target network cards to the data processing unit; and the data processing unit is connected with the data transmission unit and used for detecting the abnormal information in the target network data to obtain a detection result. The utility model provides a because the network card that directly uses transmission light signal among the current hot wall equipment that prevents provides the light mouth for the treater, the technical problem that prevents that hot wall equipment configuration is with high costs that leads to.
Description
Technical Field
The utility model relates to a network security field particularly, relates to a prevent hot wall equipment.
Background
The firewall device is a device for isolating network data and detecting abnormality, and plays an important role in the field of industrial network security.
In the existing firewall device, an optical fiber network card such as I210-IS for transmitting optical signals IS usually used to provide an optical port for the processor, but the cost of the optical fiber network card IS high, the supply period in the market IS long, and the quality cannot be effectively guaranteed, so that the overall configuration cost of the existing firewall device IS high.
In view of the above problems, no effective solution has been proposed.
SUMMERY OF THE UTILITY MODEL
The embodiment of the utility model provides a prevent hot wall equipment to at least, solve because the present network card that directly uses transmission light signal in preventing hot wall equipment provides the light mouth for the treater, prevent the technical problem that hot wall equipment configuration is with high costs that leads to.
According to the utility model discloses an aspect of the embodiment provides a prevent hot wall equipment, include: the photoelectric conversion unit is used for acquiring first network data from first network equipment and converting the first network data into target network data, wherein the first network data is an optical signal, and the target network data is an electric signal; the target network cards are connected with the photoelectric conversion units, and are used for transmitting target network data from the photoelectric conversion units to the data transmission units; the data transmission unit is connected with the target network cards and used for transmitting the target network data from the target network cards to the data processing unit; and the data processing unit is connected with the data transmission unit and used for detecting the abnormal information in the target network data to obtain a detection result.
Optionally, the photoelectric conversion unit, the plurality of target network cards, the data transmission unit and the data processing unit are arranged on the motherboard.
Optionally, the firewall device further includes: and the memory slot is arranged on the back of the mainboard and used for connecting at least one memory bank.
Optionally, the photoelectric conversion unit includes: the first type network ports are arranged on the mainboard and used for acquiring first network data from first network equipment; the first chips are arranged on the mainboard and used for converting the first network data into target network data, wherein each first chip is connected with one first type network port.
Optionally, the photoelectric conversion unit further includes: and the network transformers are arranged on the mainboard and used for adjusting the voltage between the first chip and the target network card, wherein each network transformer is connected with one first chip and one target network card.
Optionally, the data transmission unit further includes: and the resetting subunit is connected with the first chip and the target network card and is used for resetting the first chip and the target network card.
Optionally, the firewall device further includes: and the electric signal transmission unit is connected with the data transmission unit and is used for acquiring second network data from second network equipment and sending the second network data to the data transmission unit, wherein the network data transmitted by the second network equipment is an electric signal, and the network data transmitted by the first network equipment is an optical signal.
Optionally, the electrical signal transmission unit includes: the target network card group is connected with the data transmission unit and used for sending second network data to the data transmission unit, wherein the target network card group consists of at least two target network cards; the network bypass unit is used for generating a control instruction according to the power-on state of the target network card group, wherein each network bypass unit consists of a plurality of relays and is connected with one target network card group; and the network port group also adjusts the circuit connection state between the at least two types of network ports in the network port group according to the control instruction generated by the network bypass unit.
Optionally, the firewall device further includes: and the video output interface is arranged on the data transmission unit and used for connecting an external display device and outputting the target network data to the display device.
Optionally, the firewall device further includes: and the indicator light is connected with the target network card and used for generating light information according to the connection state between the target network card and the photoelectric conversion unit as well as the data transmission unit.
The embodiment of the utility model provides an in, adopt and use the photoelectric conversion unit to convert the mode of light signal into the signal of telecommunication, acquire first network data from first network equipment through the photoelectric conversion unit to convert first network data into target network data, wherein, first network data is the light signal, and target network data is the signal of telecommunication. And then connecting a plurality of target network cards with the photoelectric conversion unit, wherein the target network cards are used for transmitting target network data from the photoelectric conversion unit to the data transmission unit. Meanwhile, the data transmission unit is connected with the target network cards and used for transmitting the target network data from the target network cards to the data processing unit; and the data processing unit is connected with the data transmission unit and is used for detecting abnormal information in the target network data to obtain a detection result.
As can be seen from the above, in the firewall device of the present application, the traditional optical fiber network card is not used as the processor expansion optical port, but a mode of combining the photoelectric conversion unit and the target network card is used, the photoelectric conversion unit converts the optical signal into the electrical signal, and then the target network card for transmitting the electrical signal transmits the electrical signal from the photoelectric conversion unit to the data transmission unit. It should be noted that, compared with the optical fiber network card for transmitting optical signals, the photoelectric conversion unit and the target network card for transmitting electrical signals are lower in price and more stable in performance, so that the optical port provided for the processor by the optical fiber network card is replaced by combining the photoelectric conversion unit and the target network card, the overall configuration cost of the firewall device can be reduced, and the problem of high configuration cost of the existing firewall device is solved.
Therefore, through the firewall equipment in the application, the purpose of providing the optical port for the processor without using the optical fiber network card is achieved, the cost of the firewall equipment is reduced, the stability of the firewall equipment is improved, and the technical problem that the configuration cost of the firewall equipment is high due to the fact that the optical port is provided for the processor by the existing network card for directly using the transmission optical signal in the firewall equipment is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without undue limitation to the invention. In the drawings:
fig. 1 is a schematic diagram of an alternative firewall device according to an embodiment of the invention;
fig. 2 is a schematic structural diagram of an alternative firewall device according to an embodiment of the present invention;
fig. 3 is a schematic partial structural diagram of an alternative firewall device according to an embodiment of the present invention;
fig. 4 is a schematic partial structural diagram of an alternative firewall device according to an embodiment of the present invention;
fig. 5 is a schematic partial structural diagram of an alternative firewall device according to an embodiment of the present invention.
100-a photoelectric conversion unit; 200-a target network card; 300-a data transmission unit; 400-a data processing unit; 500, a main board; 600-an electrical signal transmission unit; 700-a power supply device;
110-a first type of portal; 120-a first chip; 130-network transformer; 310-a reset subunit; 320-a video output interface; 330-serial peripheral interface; 340-serial communication interface; 350-universal serial interface; 360-storage device interface; 510-memory slot; 520-indicator light; 610-a network bypass unit; 620-second type portal.
Detailed Description
In order to make the technical solution of the present invention better understood, the technical solution of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only some embodiments of the present invention, not all embodiments. Based on the embodiments in the present invention, all other embodiments obtained by a person skilled in the art without creative efforts shall belong to the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1
According to the embodiment of the utility model, an embodiment of preventing hot wall equipment is provided, fig. 1 is according to the utility model discloses an optional schematic diagram of preventing hot wall equipment of embodiment, as shown in fig. 1, prevent hot wall equipment in this application includes: the system comprises a photoelectric conversion unit 100, a plurality of target network cards 200, a data transmission unit 300 and a data processing unit 400.
Specifically, the optical-to-electrical conversion unit 100 is configured to acquire first network data from a first network device, and convert the first network data into target network data, where the first network data is an optical signal and the target network data is an electrical signal; a plurality of target network cards 200 connected to the photoelectric conversion unit 100, wherein the target network cards 200 are used for transmitting target network data from the photoelectric conversion unit 100 to the data transmission unit 300; the data transmission unit 300 is connected to the target network cards 200, and is configured to transmit the target network data from the target network cards 200 to the data processing unit 400; the data processing unit 400 is connected to the data transmission unit 300, and is configured to detect abnormal information in the target network data to obtain a detection result.
The data processing unit 400 may be a mega-core C4600 series of processors, and it should be noted that the whole development process of the series of processors is completed by a domestic development team, so that transparent and controllable performance of all development links is realized, and the series of processors is a truly domestic X86 general processor. And the series of processors are designed by four-core four-wire process, based on 28nm technology, the mass production working frequency is 2.0GHz, the power consumption is only 18W, the X86 instruction set and the CPU hardware virtualization technology are compatible, and various operating systems can be stably operated, so that the performance and the safety are guaranteed on the hardware level. The condition that the delivery cycle of the current global chip is seriously lagged is combined, and the delivery cycle of partial foreign processor chips is long and the price is high, so that the whole firewall equipment has price advantage and better market application prospect by adopting the megacore C4600 series of processors.
In addition, the data transmission unit 300 may be a ZX-100S chip, and since the external interface of the mega-core C4600 series processor only has a V4BUS interface, in order to expand other interfaces, the ZX-100S chip is configured to be connected with the processor, so as to provide more types and more number of interfaces for the processor. The target network card 200 may be an I211-AT network card, which is a network card for transmitting electrical signals, and has been applied in the market for a long time due to its mature manufacturing process, so that it has the advantages of low price and stable performance compared with an optical fiber network card. The photoelectric conversion unit 100 includes a plurality of first type ports 110, a plurality of first chips 120, and a plurality of network transformers 130, wherein the first type ports 110 may be optical ports having optical modules for transmitting optical signals, the first chips 120 may be RTL8211FS chips which may be used for converting optical signals into electrical signals or electrical signals into optical signals, and the network transformers 130 are generally disposed between the first chips 120 and the target network card 200 for adjusting voltages between the first chips 120 and the target network card 200.
It should be noted that the photoelectric conversion unit 100 described above can convert an optical signal into an electrical signal and also convert an electrical signal into an optical signal. On the basis, the firewall device in the application is in bidirectional transmission and processing when processing network data. Specifically, on one hand, the firewall device in the present application may be that the photoelectric conversion unit 100 acquires an optical signal from the first network device, converts the optical signal into an electrical signal, then the target network card 200 transmits the electrical signal from the photoelectric conversion unit 100 to the data transmission unit 300, and the data transmission unit 300 transmits the electrical signal to the data processing unit 400, and finally the data processing unit 400 detects abnormal information in the electrical signal to obtain a detection result. On the other hand, the detection result generated by the data processing unit 400 is also an electrical signal, the data transmission unit 300 transmits the detection result from the data processing unit 400 to the target network card 200, and then the target network card 200 sends the detection result to the photoelectric conversion unit 100, and the photoelectric conversion unit 100 converts the detection result into an optical signal and transmits the optical signal to the first network device.
As can be seen from the above analysis, in the firewall device of the present application, a conventional optical fiber network card is not used as an optical port for processor expansion, but a mode of combining the photoelectric conversion unit 100 with the target network card 200 is used, an optical signal is converted into an electrical signal by the photoelectric conversion unit 100, and then the target network card 200 for transmitting the electrical signal transmits the electrical signal from the photoelectric conversion unit 100 to the data transmission unit 300. It should be noted that, compared with the optical network card for transmitting optical signals, the optical-to-electrical conversion unit 100 and the target network card 200 for transmitting electrical signals are lower in price and more stable in performance, so that the optical interface provided for the processor by the optical network card is replaced by combining the optical-to-electrical conversion unit 100 and the target network card 200, the overall configuration cost of the firewall device can be reduced, and the problem of high configuration cost of the existing firewall device is solved.
Therefore, through the firewall equipment in the application, the purpose of providing the optical port for the processor without using the optical fiber network card is achieved, the cost of the firewall equipment is reduced, the stability of the firewall equipment is improved, and the technical problem that the configuration cost of the firewall equipment is high due to the fact that the optical port is provided for the processor by the existing network card for directly using the transmission optical signal in the firewall equipment is solved.
In an alternative embodiment, the photoelectric conversion unit 100, the plurality of target network cards 200, the data transmission unit 300, and the data processing unit 400 are disposed on the motherboard 500. Meanwhile, the firewall device further includes at least one memory slot 510 disposed on the back side of the motherboard 500, and configured to connect to at least one memory bank.
In the present application, the DDR3L notebook memory slot of the SO-DIMM may be selected as the memory slot 510, and since the area occupied by the notebook memory slot is small, the area of the motherboard 500 may be saved, and the cost may be reduced, and in addition, the area of the motherboard 500 may be further reduced by placing the notebook memory slot on the back of the motherboard 500.
In addition, the memory slot 510 is disposed on the back side of the motherboard 500, and according to the DDR line-out sequence of ZX-100S, the memory slot 510 can directly use a standard slot without using a reverse slot. Because generally speaking, the devices on the back of the motherboard 500 are fewer and all have more resistance-capacitance, and the devices of high-speed signals are all placed on the front, therefore, the memory slot 510 is placed on the back of the motherboard 500, the adjacent two sides of the memory bank installed in the whole machine are the back of the chassis and the motherboard 500 respectively, and the distance between the two sides is less than 4mm, thereby being beneficial to the integrity of DDR signals and being capable of reducing the electromagnetic interference of DDR parts to the greatest extent. Meanwhile, because the price of DDR3L is lower than that of DDR3, placing memory slot 510 with DDR3L on the back of motherboard 500 is the best choice for integrating price and performance.
In an alternative embodiment, the photoelectric conversion unit 100 includes: a plurality of first type network ports 110, disposed on the motherboard 500, for obtaining first network data from a first network device; and a plurality of first chips 120 disposed on the motherboard 500, for converting the first network data into the target network data, wherein each of the first chips 120 is connected to one of the first-type ports 110.
Optionally, the first type of network port 110 is an optical port including an optical module, and the first chip 120 may be an RTL8211FS chip. Fig. 2 shows a schematic structural diagram of a firewall device according to an embodiment of the present invention, as shown in fig. 2, the data processing unit 400 and the memory slot 510 are connected to the data transmission unit 300, the data transmission unit 300 is connected to a plurality of target network cards 200, wherein there are two target network cards 200 connected to the photoelectric conversion unit 100, the photoelectric conversion unit 100 includes two first type ports 110 and two first chips 120, and each first type port 110 is connected to one first chip 120.
In an alternative embodiment, the photoelectric conversion unit 100 further includes: a plurality of network transformers 130, disposed on the motherboard 500, for adjusting a voltage between the first chip 120 and the target network card 200, where each network transformer 130 is connected to one first chip 120 and one target network card 200.
Optionally, fig. 3 shows a schematic partial structure diagram of a firewall device according to an embodiment of the present invention. As shown in fig. 3, in the photoelectric conversion unit 100, each target network card 200 is connected to a network transformer 130, and then the network transformer 130 is connected to a first chip 120, except that the first chip 120 is connected to a first type network port 110, and the target network card 200 is connected to a data transmission unit 300. It should be noted that the network transformer 130 is used to adjust the voltage between the first chip 120 and the target network card 200, so as to avoid the problem that the first chip 120 or the target network card 200 is burned down due to an excessive voltage difference.
As can be seen from the above, in the photoelectric conversion unit 100 of the present application, the target network card 200 is first accessed from a PCIE (peripheral component interconnect express) Interface extended by the data transmission unit 300, and then the target network card 200 generates a gigabit Interface signal MDI Interface, which is converted from a standard gigabit Interface through the network transformer 130, and the MDI Interface is converted from an electrical signal to an optical signal accessed to the optical module through the first chip 120, thereby generating the standard gigabit Interface.
In an alternative embodiment, as shown in fig. 4, a plurality of network transformers 130 may be further connected between the target network card 200 and the first chip 120, so that the voltage of the electrical signal is adjusted for multiple times, thereby adapting to more application scenarios.
In an alternative embodiment, the data transmission unit 300 further comprises: the reset subunit 310 is connected to the first chip 120 and the target network card 200, and configured to reset the first chip 120 and the target network card 200. As shown in fig. 5, the resetting subunit 310 may be a resetting button, and is installed on the data transmission unit 300, and meanwhile, the resetting subunit 310 is further connected to the target network card 200 and the first chip 120 in a wired connection or wireless connection manner, so that when the firewall device needs to be reset, the resetting of the data transmission unit 300, the first chip 120, and the target network card 200 can be realized only by the resetting subunit 310.
In an optional embodiment, the firewall device in the present application further includes: and the indicator lamp 520 is connected with the target network card 200 and is used for generating light information according to the connection state between the target network card 200 and the photoelectric conversion unit 100 and the data transmission unit 300.
Alternatively, as shown in fig. 5, the indicator lamp 520 in the present application is a status indicator lamp of a light port (i.e., the first type network port 110). The indicator light 520 is controlled by the target network card 200. For example, taking the target network card 200 as an I211-AT network card as an example, the pin LED1 of the I211-AT is selected: a LINK _ ACT _ N signal; pin LED 2: LAN _ LINK _1000_ N signal. Selecting an I211-AT electric interface LINK _ ACT _ N signal as a LINK _ ACT _ N signal of an optical interface to be used for representing LINK and ACT (namely connection state); the I211-AT electrical port LAN _ LINK _1000_ N signal is selected as the LAN _ LINK _1000_ N signal of the optical port to be used as a signal representing the transmission rate of 1000M. The status indicator lamp of the optical port is controlled through the I211-AT network card, so that the connection status of the network can be truly represented.
In addition, when the first chip 120 is an RTL8211FS chip, the status indicator light of the optical port can be controlled by using the optical port status indicator light pin of the RTL8211FS chip, and when CFG _ MODE [2:0] is set to 3' b110, LINK _ ACT signals using the RTL8211FS pin 35LED0 as the optical port may be used to indicate LINK and ACT, and LAN _ LINK _1000 signals using the RTL8211FS pin 37LED2(UTP and Fiber are both valid at 1000M) as the optical port may be used to indicate a transmission rate of 1000M. It should be noted that although the RTL8211FS can control the status indicator light of the optical port, the RTL8211FS does not control the network link as a core component of the photoelectric conversion unit 100. The docking device of the data processing unit 400 and the data transmission unit 300 is an I211-AT network card, so the status indicator light of the optical port is more suitably controlled by the I211-AT network card.
In an optional embodiment, the firewall device in the present application further includes: the electrical signal transmission unit 600 is connected to the data transmission unit 300, and is configured to obtain second network data from a second network device, and send the second network data to the data transmission unit 300, where the network data transmitted by the second network device is an electrical signal, and the network data transmitted by the first network device is an optical signal.
Specifically, the electrical signal transmission unit 600 includes: at least one target network card group connected to the data transmission unit 300 and configured to send second network data to the data transmission unit 300, where the target network card group is composed of at least two target network cards 200; the network bypass unit 610 is used for generating a control instruction according to the power-on state of the target network card group, wherein each network bypass unit 610 is composed of a plurality of relays, and each network bypass unit 610 is connected with one target network card group; and at least one network port group, wherein each network port group is connected to one network bypass unit 610, each network port group is composed of at least two second-type network ports 620, the second-type network ports 620 are used for acquiring second network data from second network equipment, and the network port group further adjusts a circuit connection state between the at least two type network ports in the network port group according to a control instruction generated by the network bypass unit 610.
Optionally, as shown in fig. 2, in the firewall device of the present application, a part of the target network cards 200 in the plurality of target network cards 200 is connected to the optical-electrical transmission unit, and the remaining part of the target network cards 200 is used as a component of the electrical signal transmission unit 600. As shown in fig. 2, the electrical signal transmission unit 600 in fig. 2 has four target network cards 200, each two target network cards 200 form a target network card group, and each target network card group is connected to a network bypass unit 610, and the network bypass unit 610 is also connected to a network port group. In fig. 2, there are four second-type ports 620, and each two second-type ports 620 form a port group, and the second-type ports 620 can be understood as electrical ports for transmitting electrical signals, which are known to those skilled in the art.
In addition, the network Bypass unit 610 is a Bypass unit, and specifically, the Bypass unit at least includes a plurality of relays and a single chip microcomputer, the single chip microcomputer can obtain the power-on state of the target network card group, and generates a control instruction according to the power-on state, because the Bypass unit has a plurality of relays, and the relays are disposed in the circuits of at least two types of network ports of the network port group, the working state of each relay can be determined according to the control instruction, and further the circuit connection state between at least two second types of network ports 620 in the network port group is controlled.
In an alternative embodiment, as shown in fig. 2, a video output interface 320, a serial peripheral interface 330, a serial communication interface 340, a universal serial interface 350, and a storage device interface 360 are further disposed on the data transmission unit 300 of the present application. Meanwhile, the processor in the present application is also connected with a power supply device 700. The video output interface 320 may be a VGA (video graphics array) interface, and is used to connect to an external display device and output target network data to the display device. The above-mentioned serial peripheral interface 330 may be an RJ45 interface for connecting peripheral devices such as a printer. The serial communication interface 340 may be a com1 interface, the universal serial bus interface 350 may be a USB (universal serial bus) interface, and the storage device interface 360 may be a sata (serial advanced technology attachment) interface.
In addition, when the ZX-100S chip is selected as the data transmission unit 300, the resource of the ZX-100S chip can be fully utilized to provide four electrical ports and two optical ports for the processor. Specifically, according to the resources of the ZX-100S chip, the PCIE _ SATA Configuration (Configuration parameters) may be configured to be 8, and at this time, the ZX-100S chip may expand 6 PCIE resources. Wherein, lane01-04 of PHYB forms a PCIE PORT with 4 lanes; lane00 of PHYB forms a PCIE PORT of 1 Lane (transmission path); lane00-03 of PHYA constitutes a PCIE PORT of 4 lanes; lane04-07 of PHYA constitutes a PCIE PORT of 4 lanes; lane00 of PHYC constitutes a PCIE PORT of 1 Lane; lane01 from PHYC constitutes a PCIE PORT of 1 Lane.
Each PCIE allocates one PCIE CLK and one reset: PCIE1 is allocated PCIECLK2 and-PEX 2RST by Lane01-04 of PHYB; PCIE2 has PCIE CLK3 and-PEX 3RST allocated by Lane00 of PHYB; PCIE3 is allocated PCIECLK0 and-PEX 0RST by lane00-03 of PHYA; PCIE4 is allocated PCIECLK1 and-PEX 1RST by lane04-07 of PHYA; PCIE5 has PCIE CLK4 and-PEX 4RST distributed by Lane00 of PHYC; PCIE6 has PCIE CLK5 and-PEX 5RST distributed by Lane01 of PHYC.
Since the PCIE resource required by each network port only needs one lane, in the present application, the PCIE1, PCIE3, and PCIE4 composed of 4 lanes only use the first lane, for example, PCIE1 uses lane01 of PHYB, and the remaining lanes 02-lane04 of PHYB are left unconnected.
In an alternative embodiment, when the RTL8211FS chip is selected as the first chip 120, the Operation Mode CFG _ MODE [2:0] of the RTL8211FS chip needs to be set to 3 'b 110 or 3' b 111. The present application chooses to set CFG _ MODE [2:0] to 3' b 110. Wherein, when CFG _ MODE [2:0] is set to 3' b110, pin 23CFG _ MODE2 of RTL8211FS is pulled up to 3.3V using a 4.7K resistor, pin 24CFG _ MODE1 of RTL8211FS is pulled up to 3.3V using a 4.7K resistor, and pin 25CFG _ MODE0 of RTL8211FS is pulled down to GND using a 4.7K resistor (ground state).
From the above analysis, it can be seen that by using the combination of the I211-AT network card and the RTL8211FS chip to expand the optical ports for the processor, multiple optical ports can be provided for the processor without using an optical network card, thereby solving the problem of high configuration cost of the firewall device caused by directly using the network card for transmitting optical signals to provide the optical ports for the processor in the existing firewall device, and achieving the effect of reducing the configuration cost of the firewall device.
The above embodiment numbers of the present invention are only for description, and do not represent the advantages and disadvantages of the embodiments.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to the related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed technology can be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, a division of a unit may be a division of a logic function, and an actual implementation may have another division, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or may not be executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to perform all or part of the steps of the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk, and various media capable of storing program codes.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, a plurality of improvements and decorations can be made without departing from the principle of the present invention, and these improvements and decorations should also be regarded as the protection scope of the present invention.
Claims (10)
1. A firewall device, comprising:
the device comprises a photoelectric conversion unit (100) and a control unit, wherein the photoelectric conversion unit is used for acquiring first network data from first network equipment and converting the first network data into target network data, the first network data is an optical signal, and the target network data is an electric signal;
a plurality of target network cards (200) connected to the photoelectric conversion unit (100), wherein the target network cards (200) are used for transmitting the target network data from the photoelectric conversion unit (100) to a data transmission unit (300);
the data transmission unit (300) is connected with the target network cards (200) and is used for transmitting the target network data from the target network cards (200) to the data processing unit (400);
the data processing unit (400) is connected with the data transmission unit (300) and is used for detecting abnormal information in the target network data to obtain a detection result.
2. The firewall device according to claim 1, wherein the photoelectric conversion unit (100), the plurality of target network cards (200), the data transmission unit (300), and the data processing unit (400) are disposed on a motherboard (500).
3. The firewall device of claim 2, further comprising:
and the memory slot (510) is arranged on the back surface of the mainboard (500) and is used for connecting at least one memory bank.
4. Firewall device according to claim 2, wherein the photoelectric conversion unit (100) comprises:
a plurality of first-type network ports (110) arranged on the main board (500) and used for acquiring the first network data from the first network equipment;
a plurality of first chips (120) disposed on the motherboard (500) for converting the first network data into the target network data, wherein each of the first chips (120) is connected to one of the first type ports (110).
5. Firewall device according to claim 4, wherein the photoelectric conversion unit (100) further comprises:
a plurality of network transformers (130) disposed on the motherboard (500) for adjusting a voltage between the first chip (120) and the target network card (200), wherein each of the network transformers (130) is connected to one of the first chip (120) and one of the target network card (200).
6. The firewall device according to claim 4, wherein the data transmission unit (300) further comprises:
the resetting subunit (310) is connected to the first chip (120) and the target network card (200), and is configured to reset the first chip (120) and the target network card (200).
7. The firewall device of claim 1, further comprising:
the electric signal transmission unit (600) is connected with the data transmission unit (300) and is used for acquiring second network data from second network equipment and sending the second network data to the data transmission unit (300), wherein the network data transmitted by the second network equipment is an electric signal, and the network data transmitted by the first network equipment is an optical signal.
8. The firewall device according to claim 7, wherein the electrical signal transmission unit (600) comprises:
at least one target network card group, connected to the data transmission unit (300), for sending the second network data to the data transmission unit (300), wherein the target network card group is composed of at least two target network cards (200);
at least one network bypass unit (610) for generating a control instruction according to the power-on state of the target network card group, wherein each network bypass unit (610) is composed of a plurality of relays, and each network bypass unit (610) is connected with one target network card group;
at least one network port group, wherein each network port group is connected with one network bypass unit (610), each network port group is composed of at least two second-type network ports (620), the second-type network ports (620) are used for acquiring the second network data from the second network equipment, and the network port group further adjusts the circuit connection state between the at least two second-type network ports (620) in the network port group according to the control instruction generated by the network bypass unit (610).
9. The firewall device of claim 1, further comprising:
and the video output interface (320) is arranged on the data transmission unit (300) and is used for connecting an external display device and outputting the target network data to the display device.
10. The firewall device according to claim 1, further comprising:
and the indicator light (520) is connected with the target network card (200) and is used for generating light information according to the connection state between the target network card (200) and the photoelectric conversion unit (100) and between the target network card and the data transmission unit (300).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202221237977.1U CN217428139U (en) | 2022-05-20 | 2022-05-20 | Firewall device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202221237977.1U CN217428139U (en) | 2022-05-20 | 2022-05-20 | Firewall device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN217428139U true CN217428139U (en) | 2022-09-13 |
Family
ID=83190695
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202221237977.1U Active CN217428139U (en) | 2022-05-20 | 2022-05-20 | Firewall device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN217428139U (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116827699A (en) * | 2023-05-09 | 2023-09-29 | 北京华电众信技术股份有限公司 | System and method for realizing optical port |
-
2022
- 2022-05-20 CN CN202221237977.1U patent/CN217428139U/en active Active
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116827699A (en) * | 2023-05-09 | 2023-09-29 | 北京华电众信技术股份有限公司 | System and method for realizing optical port |
| CN116827699B (en) * | 2023-05-09 | 2024-04-09 | 北京华电众信技术股份有限公司 | System and method for realizing optical port |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105051706B (en) | The equipment of operation for the low-power PHY with PCIE protocol stacks, method and system | |
| CN107491148A (en) | A kind of server hard disc attachment structure | |
| CN211427190U (en) | Server circuit and mainboard based on Feiteng treater 2000+ | |
| CN105119849B (en) | A kind of exchange board structure and the data managing method applied to exchange board structure | |
| CN104737148A (en) | Virtual gpio | |
| US9910814B2 (en) | Method, apparatus and system for single-ended communication of transaction layer packets | |
| CN102253913A (en) | Device for carrying out state acquisition and output control on multi-board-card port | |
| CN217428139U (en) | Firewall device | |
| CN107818062A (en) | A kind of hard disk backboard and its design method of compatible SAS, SATA and NVME hard disk | |
| CN105354116A (en) | Hot-plug detection method, apparatus, system and mobile terminal | |
| CN106528469A (en) | Mainboard | |
| CN110908475A (en) | Shenwei 1621CPU ICH-free 2 suite server mainboard | |
| CN209248436U (en) | A kind of expansion board clamping and server | |
| CN106649162A (en) | Pci-Express multi-port aggregation system and use method thereof | |
| CN112948316A (en) | AI edge computing all-in-one machine framework based on network interconnection | |
| CN216927600U (en) | Network data computing system and server with built-in network data computing system | |
| CN103530256B (en) | The process device and method of CPCIe and PCI protocol data | |
| CN213276462U (en) | Two-way server mainboard and two-way server | |
| CN216352292U (en) | Server mainboard and server | |
| CN214202377U (en) | CPCIE main control board based on Feiteng platform | |
| CN115480828A (en) | System for realizing number expansion and hot plug of NVME (network video management entity) hard disk by Feiteng platform | |
| CN204189089U (en) | A kind of server | |
| CN113434445A (en) | Management system and server for I3C to access DIMM | |
| CN201491018U (en) | Network security platform | |
| CN103544133B (en) | Conversion device and conversion method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |