WO2020248367A1 - Network connection method and related apparatus - Google Patents

Network connection method and related apparatus Download PDF

Info

Publication number
WO2020248367A1
WO2020248367A1 PCT/CN2019/102344 CN2019102344W WO2020248367A1 WO 2020248367 A1 WO2020248367 A1 WO 2020248367A1 CN 2019102344 W CN2019102344 W CN 2019102344W WO 2020248367 A1 WO2020248367 A1 WO 2020248367A1
Authority
WO
WIPO (PCT)
Prior art keywords
intranet
access device
wireless access
mobile wireless
firewall
Prior art date
Application number
PCT/CN2019/102344
Other languages
French (fr)
Chinese (zh)
Inventor
范安心
黄成尧
王绪军
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2020248367A1 publication Critical patent/WO2020248367A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/088Access security using filters or firewalls

Definitions

  • This application relates to the field of communications, and in particular to a network connection method and related devices.
  • This application provides a network connection method and related equipment. Through this application, it is possible to recommend switching the connected intranet firewall for the mobile wireless access device according to the planned itinerary information of the mobile wireless access device, ensuring that the user performs the target intranet The quality of the network accessed.
  • the first aspect of the embodiments of the present application provides a network connection method, including:
  • the intranet firewall distribution device obtains the planned itinerary information for the mobile wireless access device to access the target intranet, where the planned itinerary information includes the itinerary information of at least one planned itinerary node of the mobile wireless access device, wherein the plan The itinerary information of the itinerary node includes the planned travel time and the corresponding planned travel location;
  • the intranet firewall distribution device determines a first intranet firewall from a plurality of intranet firewalls deployed for the target intranet according to the planned itinerary information, where the first intranet firewall is the mobile An intranet firewall matched by the wireless access device when it reaches the planned trip node;
  • the intranet firewall distribution device determines that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information according to the access device status information of the mobile wireless access device.
  • the first IP address of the first intranet firewall is sent to the mobile wireless access device, so that the mobile wireless access device establishes a connection with the first intranet firewall according to the first IP address, and disconnects Open the connection with the second intranet firewall, which is for the intranet firewall distribution device to obtain the planned itinerary information of the mobile wireless access device according to the information sent by the mobile wireless access device.
  • the intranet firewall matched by the mobile wireless access device is determined from a plurality of intranet firewalls deployed for the target intranet.
  • the second aspect of the embodiments of the present application provides a network connection method, including:
  • the mobile wireless access device sends the planned itinerary information for accessing the target intranet to the intranet firewall distribution device, so that the intranet firewall distribution device selects from multiple intranets deployed for the target intranet according to the planned itinerary information.
  • a first intranet firewall is determined in the network firewall, and the first intranet firewall is an intranet firewall that matches when the mobile wireless access device reaches the planned itinerary node, wherein the planned itinerary information includes Travel information of at least one planned travel node of the mobile wireless access device, where the travel information of the planned travel node includes the planned travel time and the corresponding planned travel location;
  • the mobile wireless access device receives the first IP address of the first intranet firewall, where the first IP address is that the intranet firewall assigns the device according to the access device status information of the mobile wireless access device , Sending it to the mobile wireless access device when it is determined that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information;
  • the mobile wireless access device sends a firewall connection request to the first intranet firewall according to the first IP address, so that the first intranet firewall communicates with the mobile wireless access device according to the firewall connection request. establish connection;
  • the mobile wireless access device disconnects from a second intranet firewall, and the second intranet firewall means that before the mobile wireless access device sends the planned itinerary information to the intranet firewall distribution device,
  • the intranet firewall distribution device determines the mobile from among the multiple intranet firewalls deployed for the target intranet. A firewall that matches the wireless access device.
  • the third aspect of the embodiments of the present application provides an intranet firewall distribution device, including:
  • the itinerary information acquiring unit is configured to acquire planned itinerary information for the mobile wireless access device to access the target intranet, where the planned itinerary information includes the itinerary information of at least one planned itinerary node of the mobile wireless access device, where all The itinerary information of the planned itinerary node includes the planned travel time and the corresponding planned travel location;
  • the first intranet firewall determining unit is configured to determine a first intranet firewall from a plurality of intranet firewalls deployed for the target intranet according to the planned itinerary information, where the first intranet firewall is An intranet firewall that matches when the mobile wireless access device reaches the planned trip node;
  • the IP address sending unit is configured to, according to the access device status information of the mobile wireless access device, determine that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information, and set all
  • the first IP address of the first intranet firewall is sent to the mobile wireless access device, so that the mobile wireless access device establishes a connection with the first intranet firewall according to the first IP address, and disconnects Open the connection with the second intranet firewall, which is for the intranet firewall distribution device to obtain the planned itinerary information of the mobile wireless access device according to the information sent by the mobile wireless access device.
  • the intranet firewall matched by the mobile wireless access device is determined from a plurality of intranet firewalls deployed for the target intranet.
  • the fourth aspect of the embodiments of the present application provides a mobile wireless access device, including:
  • the itinerary sending unit is configured to send the planned itinerary information for accessing the target intranet to the intranet firewall distribution device, so that the intranet firewall distribution device selects the information about the planned itinerary from a plurality of A first intranet firewall is determined in the intranet firewall, and the first intranet firewall is an intranet firewall that matches when the mobile wireless access device reaches the planned itinerary node, wherein the planned itinerary information Including itinerary information of at least one planned itinerary node of the mobile wireless access device, where the itinerary information of the planned itinerary node includes the planned travel time and the corresponding planned travel location;
  • the address receiving unit is configured to receive a first IP address of the first intranet firewall, where the first IP address is that the intranet firewall allocation device is based on the access device status information of the mobile wireless access device, Sent to the mobile wireless access device when it is determined that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information;
  • the firewall connection unit is configured to send a firewall connection request to the first intranet firewall according to the first IP address, so that the first intranet firewall establishes with the mobile wireless access device according to the firewall connection request connection;
  • the firewall connection unit is further configured to disconnect the connection with a second intranet firewall for the mobile wireless access device sending the planned itinerary information to the intranet firewall distribution device Previously, the intranet firewall allocation device determined the intranet firewall from the multiple intranet firewalls deployed for the target intranet according to the intranet connection request sent by the mobile wireless access device for the target intranet. Mobile wireless access device matching firewall.
  • the fifth aspect of the embodiments of the present application provides a mobile wireless access device, including a processor, a memory, and a communication interface.
  • the processor, the memory, and the communication interface are connected to each other, wherein the communication interface is used to receive and send data.
  • the memory is used for storing program code
  • the processor is used for calling the program code, and when the program code is executed by a computer, the computer executes the method of the second aspect.
  • the sixth aspect of the embodiments of the present application provides a computer non-volatile readable storage medium
  • the computer non-volatile readable storage medium stores a computer program
  • the computer program includes program instructions
  • the program instructions are When executed by a computer, the computer executes the method of the first aspect or the second aspect.
  • the mobile wireless access device is recommended to switch the connected intranet firewall to the mobile wireless access device according to the planned itinerary information of the mobile wireless access device, which ensures that the user uses the user terminal to connect to the intranet firewall through the mobile wireless access device The network quality of the target intranet access.
  • FIG. 1 is a schematic diagram of a framework of an intranet access system provided by an embodiment of this application;
  • FIG. 2 is a schematic diagram of system interaction of a network connection method provided by an embodiment of this application.
  • FIG. 3 is a schematic diagram of system interaction of another network connection method provided by an embodiment of the application.
  • FIG. 4 is a schematic structural diagram of a mobile wireless access device provided by an embodiment of this application.
  • FIG. 5 is a schematic structural diagram of an intranet firewall distribution device provided by an embodiment of the application.
  • Fig. 6 is a schematic structural diagram of another mobile wireless access device provided by an embodiment of the application.
  • Figure 1 is a schematic diagram of the framework of an intranet access system provided by an embodiment of the application.
  • the intranet firewall 1, the intranet firewall 2, and the intranet firewall 3 are targeted Three intranet firewalls deployed in the intranet, mobile wireless access device 1 and mobile wireless access device 2 are respectively connected to the intranet firewall 1, the mobile wireless access device 3 is connected to the intranet firewall 3, and the user terminal 1 and The mobile wireless access device 2 is connected, and the user terminal 2 is connected with the mobile wireless access device.
  • the target intranet is a local communication network that interconnects various computers, servers, and databases in a local geographic area of a specific enterprise, a specific institution, a specific school, etc.
  • the terminal or server in the target intranet communicates with the terminal or server in the target intranet, it is realized through the data link layer, and the communication message does not need to be routed through the router; in the terminal or server outside the target intranet When communicating, it is achieved through the network layer.
  • the communication message sent by the terminal or server in the target intranet needs to be routed to the terminal or server outside the target intranet, the terminal or the terminal outside the target intranet, and
  • the communication message returned by the server needs to be routed to the terminal or server on the target intranet after the router undergoes network address translation.
  • the intranet firewall deployed for the target intranet can be a firewall deployed around the world that filters data packets entering and leaving the target intranet.
  • the intranet firewall is connected to the router of the target intranet through the WAN, and then passes through the target intranet.
  • the router realizes the connection to the intranet server of the target intranet.
  • the mobile wireless access device is a mobile wireless access device that can transmit wireless network signals and has a routing function.
  • the mobile wireless access device will access the data network by inserting a SIM (Subscriber Identification Module) card. It can also access a wired network by inserting a network cable, and can also access a wireless network by connecting to WIFI.
  • the user terminal can access the wireless network transmitted by the mobile wireless access device to connect with the mobile wireless access device.
  • SIM Subscriber Identification Module
  • the intranet firewall distribution device may be a device that has a domain name resolution function for the target intranet, and stores the IP addresses and deployment locations of each firewall deployed for the target intranet, such as GTM (Global Traffic Manager, global traffic management) Equipment etc.
  • GTM Global Traffic Manager, global traffic management
  • the user terminal may be a terminal device with a wireless network receiving function, such as a notebook computer, a mobile phone, and a tablet computer.
  • FIG. 2 is a schematic diagram of system interaction of a network connection method provided by an embodiment of the application. As shown in the figure, the method may include steps S201 to S205:
  • the mobile wireless access device sends the planned itinerary information for accessing the target intranet to the intranet firewall distribution device.
  • the planned itinerary information for accessing the target intranet is the itinerary information that the mobile wireless access device plans to visit the target intranet in the itinerary corresponding to the planned itinerary information, or the mobile wireless access device plan Itinerary information for visiting the target intranet after reaching the planned itinerary node.
  • the planned travel information includes travel information of at least one planned travel node of the mobile wireless access device, wherein the travel information of the planned travel node includes the planned travel time and the corresponding planned travel location.
  • the itinerary information of the planned itinerary node may be the arrival at Shenzhen Baoan International Airport at 14:00 on March 17, 2019, Beijing time, or the arrival at Shanghai Hongqiao International Airport in 3 hours.
  • the planned itinerary information sent by the mobile wireless access device to the intranet firewall distribution device may be input by the user through the mobile wireless access device, or may be through a user connected to the mobile wireless access device After the terminal is input, it is sent to the mobile wireless access device. It can also be extracted by the user terminal from user information such as emails, short messages, memos, etc. of the user terminal. The mobile wireless access device obtains planned itinerary information. There are no restrictions.
  • the intranet firewall distribution device determines a first intranet firewall from a plurality of intranet firewalls deployed for the target intranet according to the planned itinerary information.
  • the first intranet firewall is an intranet firewall that matches when the mobile wireless access device reaches the planned trip node.
  • the arrival of the mobile wireless access device at the planned journey node may include at least two situations: the mobile wireless access device arrives at the planned journey location corresponding to the planned journey node and the system time arrives at the planned journey node The corresponding planned travel time.
  • an optional implementation manner for determining the first intranet firewall is: the intranet firewall distribution device will target multiple intranets deployed on the target intranet Among the firewalls, the intranet firewall closest to the planned travel location is determined to be the first intranet firewall. For example, the deployment locations of the three intranet firewalls deployed for the target intranet are New York, Shanghai, and London respectively, and the planned travel location is Paris, then the intranet firewall deployed in London is determined as the first intranet firewall. Net firewall.
  • an optional implementation manner for determining the first intranet firewall is: the planned itinerary information also includes the planned travel location of the mobile wireless access device During the stay period, the intranet firewall distribution device obtains the low-load period of each intranet firewall deployed for the target intranet, and the intranet firewall distribution will target the multiple intranet firewalls deployed on the target intranet , The intranet firewall with the longest overlap period of the low load period and the stay period is determined as the first intranet firewall.
  • the low-load periods of the three intranet firewalls deployed for the target intranet are 23:00 Beijing time-3 o'clock the next day, 8:00 Beijing time-9 o'clock, Beijing time 19:00-24:00, the plan
  • the stay period included in the itinerary information is 23:00 Beijing time-9:00 the next day
  • the intranet firewall distribution device determines the intranet firewall whose low load period is 23:00 Beijing time-3:00 next day as the first intranet Firewall.
  • the first intranet firewall corresponding to each planned trip node is determined according to the specific implementation steps described above.
  • the intranet firewall distribution device determines that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information according to the access device status information of the mobile wireless access device may at least Contains the following two implementation methods:
  • the status information of the access device includes the current actual travel location of the mobile wireless access device, and the intranet firewall distribution device determines between the actual travel location and the planned travel location in the planned travel node When the distance of is less than the preset distance threshold, it is determined that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information.
  • the current actual travel location of the mobile wireless access device may be sent by the mobile wireless access device to the intranet firewall distribution device in real time, or it may be the intranet firewall distribution device according to the mobile wireless access
  • the real-time positioning information sent by the device is determined by positioning technology.
  • the access device status information includes the current actual travel time of the mobile wireless access device, and the intranet firewall distribution device determines that the actual travel time is consistent with the planned travel time in the planned travel node , Determining that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information.
  • the actual travel time is consistent with the system time of the intranet firewall distribution device.
  • S204 The mobile wireless access device establishes a connection with the first intranet firewall according to the first IP address.
  • the mobile wireless access device sends a firewall connection request to the first intranet firewall according to the first IP address, so that the first intranet firewall sends a firewall connection request to the mobile device according to the firewall connection request.
  • a connection with the mobile wireless access device is established.
  • the firewall connection request carries the access device identification code of the mobile wireless access device, such as a MAC address, and the first intranet firewall determines that the access device identification code is preset When one of the identification codes of the access device is allowed to be connected, it is determined that the identity authentication of the mobile wireless access device is passed.
  • the firewall connection request carries the user name and password input by the user through the mobile wireless access device
  • the first intranet firewall determines that the user name and password are preset users allowed to connect When one of the name and password is set, it is determined that the identity authentication of the mobile wireless access device is passed.
  • the firewall connection request carries the digital certificate of the mobile wireless access device
  • the first intranet firewall is based on the access device digital certificate carried in the access device digital certificate.
  • the issuer information of the access device determines the certificate issuer of the digital certificate of the access device; after the first intranet firewall obtains the issuer digital certificate of the certificate issuer, it passes the issuer contained in the issuer’s digital certificate
  • the public key is used to decrypt the digital signature in the digital certificate of the access device using the public key of the issuing party to obtain the certificate fingerprint of the digital certificate of the access device.
  • the first intranet firewall will use the specified Ukraine
  • the Greek algorithm performs a hash calculation on the digital certificate of the access device to obtain the hash value of the digital certificate; the first intranet firewall determines that the hash value of the digital certificate obtained by the hash calculation of the first intranet firewall is When the fingerprints of the access device certificates are consistent, it is determined that the identity authentication of the mobile wireless access device is passed.
  • the mobile wireless access device initiates a three-way handshake to establish a connection based on the TCP/IP protocol with the first intranet firewall.
  • the specific steps are as follows: the mobile wireless access device sends to the first intranet firewall SYN (Synchronize Sequence Numbers, synchronization sequence number) data packet; after the first intranet firewall receives the SYN data packet, it sends a SYN+ACK (ACKnowledge Character, confirmation character) data packet to the mobile wireless access device After the mobile wireless access device receives the SYN+ACK data packet, it feeds back the ACK data packet to the first intranet firewall; the first intranet firewall receives the feedback from the mobile wireless access device After the ACK packet, the connection between the mobile wireless access device and the first intranet firewall is established.
  • SYN Synchromize Sequence Numbers, synchronization sequence number
  • the mobile wireless access device obtains the real-time travel location of the mobile wireless access device; the mobile wireless access device determines that the mobile wireless access device arrives at the plan according to the real-time travel location When the planned travel location corresponding to the travel node, a firewall connection request is sent to the first intranet firewall according to the first IP address. Since the actual itinerary corresponding to the planned itinerary node has certain uncertainty, after the intranet firewall allocation device sends the first IP address to the mobile wireless access device, the mobile wireless access When the device confirms that it has arrived at the planned itinerary location corresponding to the planned itinerary node, it sends a firewall connection request to the first intranet firewall to avoid the inaccuracy of the actual itinerary, which may cause the mobile wireless access device to arrive at the planned itinerary. When the itinerary is delayed, the intranet firewall connected to the mobile wireless access device is switched prematurely, ensuring the accuracy and effectiveness of the intranet firewall switching.
  • S205 The mobile wireless access device disconnects from the second intranet firewall.
  • the second intranet firewall means that the intranet firewall allocation device, before acquiring the planned itinerary information of the mobile wireless access device, according to the intranet access to the target intranet sent by the mobile wireless access device Request, determine the intranet firewall matched by the mobile wireless access device from the multiple intranet firewalls deployed for the target intranet.
  • the mobile wireless access device initiates four waves to disconnect the TCP/IP connection with the second intranet firewall.
  • the specific steps are as follows: the mobile wireless access device sends a FIN (Finish) to the second intranet firewall. Character, the end character) data packet; after receiving the FIN data packet, the second intranet firewall sends an ACK data packet to the mobile wireless access device; the second intranet firewall sends an ACK data packet to the mobile wireless access device The incoming device sends a FIN data packet; after receiving the FIN data packet, the mobile wireless access device sends an ACK data packet to the second intranet firewall; the second intranet firewall distribution device receives the ACK After the data packet, the disconnection of the connection between the mobile wireless access device and the second intranet firewall is completed.
  • the network connection method may further include steps S206 to S211:
  • S206 The user terminal sends an intranet access request for the target intranet to the mobile wireless access device.
  • the user terminal may send a wireless network connection request to the mobile wireless access device, and the mobile wireless access device may directly establish a connection with the user terminal, or through the wireless network After the user terminal identity information carried in the connection request is verified, a connection with the user terminal is established.
  • the user terminal identity information may be the user name and password input by the user inputted by the user terminal to access the wireless network established by the mobile wireless access device, and may also be the biometric input received by the user terminal.
  • the information may also be terminal equipment identification information of the user terminal.
  • step S206 is executed after step S205, that is, the intranet access request of the user terminal in step S206 is that after the mobile wireless access device is disconnected from the second intranet firewall, the user terminal Intranet access request to the target intranet.
  • S207 The mobile wireless access device sends the intranet access request to the first intranet firewall.
  • S208 The first intranet firewall routes the intranet access request to the intranet server of the target intranet.
  • the intranet access request is an access request for a server in the target intranet, such as an access request for a Web server in the target intranet, an access request for an FTP server in the target intranet, and an access request for a server in the target intranet. State the access request of the mail server in the target intranet, etc.
  • the first intranet firewall After the first intranet firewall receives the intranet access request sent by the mobile wireless access device, it sends the intranet access request to the router of the target intranet through the external network. The router routes the intranet access request to the corresponding intranet server in the target intranet through the target intranet.
  • the intranet server returns an intranet request response message in response to the intranet access request to the first intranet firewall.
  • the intranet server After the intranet server generates an intranet request response message in response to the intranet access request, it sends the intranet request response message to the router of the target intranet through the target intranet, and the target The router of the internal network sends the internal network request response message to the first internal network firewall through the external network.
  • the intranet access request is a request to obtain a file in a file server in the target intranet
  • the intranet request response message may be the file sent by the file server.
  • S210 The first intranet firewall sends the intranet request response message to the mobile wireless access device.
  • the mobile wireless access device sends the intranet request response message to the user terminal.
  • the intranet firewall distribution device selects from multiple intranet firewalls deployed for the target intranet according to the planned itinerary information , Determine the first intranet firewall assigned to the mobile wireless access device when the mobile wireless access device reaches the planned trip node, and determine the mobile wireless access device's access device status information according to the mobile wireless access device
  • the access device meets the itinerary node condition corresponding to the planned itinerary node in the planned itinerary information
  • the first IP address of the first intranet firewall is sent to the mobile wireless access device, so that the mobile wireless access device is connected to the mobile wireless access device according to the first IP address.
  • the first intranet firewall establishes a connection and disconnects the connection with the second intranet firewall. It realizes the recommendation to the mobile wireless access device to switch the connected intranet firewall according to the planned itinerary information of the mobile wireless access device, ensuring that the user uses the user terminal to access the target intranet through the connection between the mobile wireless access device and the intranet firewall Network quality.
  • FIG. 3 is a schematic diagram of system interaction of another network connection method provided by an embodiment of the application. As shown in the figure, the method may include:
  • the mobile wireless access device sends the planned itinerary information for accessing the target intranet to the intranet firewall distribution device.
  • the intranet firewall distribution device determines from the multiple intranet firewalls deployed for the target intranet according to the planned itinerary information that when the mobile wireless access device reaches the planned itinerary node The first intranet firewall allocated by the mobile wireless access device.
  • step S301 and step S302 please refer to the specific implementation of step S201 and step S202 in the embodiment corresponding to FIG. 2, which will not be repeated here.
  • the mobile wireless access device acquires the real-time travel location of the mobile wireless access device from a preset time before the planned travel time of the planned travel node to the planned travel time of the planned travel node .
  • the itinerary information of the planned itinerary node is the arrival at Beijing West Railway Station at 15:00 on February 3, 2019 Beijing time
  • the preset time is 14:30 on February 3, 2019 Beijing time
  • the preset location The mobile wireless access device mentioned above will obtain its real-time travel location through positioning technology from 14:30 on February 3, 2019 Beijing time to 15:00 on February 3, 2019 Beijing time.
  • the mobile wireless access device sends location arrival information to the intranet firewall distribution device when it is determined according to the real-time travel location that the mobile wireless access device arrives at the planned travel location corresponding to the planned travel node.
  • determining that the mobile wireless access device itself arrives at the planned travel location corresponding to the planned travel node includes: an optional method for the mobile wireless access device to determine the actual travel location and the planned travel location Consistent, another optional way is for the mobile wireless access device to determine that the distance between the actual travel location and the planned travel location is less than a preset distance threshold.
  • the intranet firewall allocation device sends the first IP address of the first intranet firewall to the mobile wireless access device according to the location arrival information.
  • S306 The mobile wireless access device establishes a connection with the first intranet firewall according to the first IP address.
  • S307 The mobile wireless access device disconnects from the second intranet firewall.
  • step S307 when the mobile wireless access device receives the intranet access request for the target intranet sent by the user terminal connected to the mobile wireless access device, it passes through the connection with the first intranet firewall.
  • the connection provides the user terminal with a service to access the target intranet.
  • the intranet firewall distribution device uses the planned itinerary information from a plurality of devices deployed for the target intranet.
  • the internal network firewall it is determined that the first internal network firewall allocated to the mobile wireless access device when the mobile wireless access device arrives at the planned trip node, and the mobile wireless access device is The itinerary location is monitored, and when it is determined according to its actual itinerary location that it arrives at the planned itinerary location corresponding to the planned itinerary node of the planned itinerary information, the location arrival information is sent to the intranet firewall distribution device to request the intranet
  • the firewall allocation device sends the first IP address of the first intranet firewall to the mobile wireless access device
  • the mobile wireless access device switches the connected intranet firewall according to the first IP address. It is ensured that as soon as the mobile wireless access device arrives at the planned itinerary location corresponding to the planned itinerary node of the planned itinerary information, the connected intranet firewall is switched, which ensures the timeliness and effectiveness of the intranet firewall switching.
  • FIG. 4 is a schematic structural diagram of a mobile wireless access device provided by an embodiment of the application.
  • the mobile wireless access device 40 may at least include a itinerary sending unit 401, an address receiving unit 402, and The firewall connection unit 403, where:
  • the itinerary sending unit 401 is configured to send the planned itinerary information for accessing the target intranet to the intranet firewall distribution device, so that the intranet firewall distribution device selects the planned itinerary for the target intranet according to the planned itinerary information.
  • a first intranet firewall is determined among the three intranet firewalls, and the first intranet firewall is an intranet firewall that matches when the mobile wireless access device reaches the planned trip node, wherein the planned trip
  • the information includes travel information of at least one planned travel node of the mobile wireless access device, and the travel information of the planned travel node includes the planned travel time and the corresponding planned travel location.
  • the address receiving unit 402 is configured to receive a first IP address of the first intranet firewall, where the first IP address is that the intranet firewall allocation device is in accordance with the access device status information of the mobile wireless access device When it is determined that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information to the mobile wireless access device.
  • the firewall connection unit 403 is configured to send a firewall connection request to the first intranet firewall according to the first IP address, so that the first intranet firewall communicates with the mobile wireless access device according to the firewall connection request establish connection.
  • the firewall connection unit 403 is further configured to disconnect the connection with a second intranet firewall for the mobile wireless access device when sending the planned itinerary to the intranet firewall distribution device Before the information, the intranet firewall distribution device determines all the intranet firewalls from the multiple intranet firewalls deployed for the target intranet according to the intranet connection request sent by the mobile wireless access device for the target intranet. The firewall matches the mobile wireless access equipment.
  • firewall connection unit 403 is specifically configured to:
  • firewall connection unit 403 is further configured to:
  • the location arrival information is sent to the intranet firewall distribution device so that the intranet firewall distribution device Sending the first IP address to the mobile wireless access device according to the location arrival information.
  • the itinerary sending unit 401 is further configured to:
  • Receiving planned itinerary information for accessing the target intranet sent by the user terminal where the planned itinerary information is extracted by the user terminal from user information stored in the user terminal and sent to the mobile wireless access device.
  • the mobile wireless access device can execute various steps performed by the mobile wireless access device in the network connection methods shown in Figures 2 to 3 through its built-in functional modules.
  • the mobile wireless access device can execute various steps performed by the mobile wireless access device in the network connection methods shown in Figures 2 to 3 through its built-in functional modules.
  • Figure 2 The implementation details of each step in the embodiment corresponding to FIG. 3 will not be repeated here.
  • the intranet firewall distribution device determines from the multiple intranet firewalls deployed for the target intranet according to the planned itinerary information
  • the device satisfies the itinerary node condition corresponding to the planned itinerary node in the planned itinerary information, it sends the first IP address of the first intranet firewall to the address receiving unit, so that the firewall connection unit establishes with the first intranet firewall according to the first IP address
  • the message transmission unit provides the user terminal connected to the mobile wireless access device with the service of accessing the intranet server in the target intranet. It realizes the recommendation to the mobile wireless access device to switch the connected intranet firewall according to the planned itinerary information of the mobile wireless access device, ensuring that the user uses the user terminal to access the target
  • FIG. 5 is a schematic structural diagram of an intranet firewall distribution device provided by an embodiment of the application.
  • the firewall distribution device 50 may at least include an itinerary information acquisition unit 501 and a first intranet firewall determination Unit 502 and IP address sending unit 503, where:
  • the itinerary information acquiring unit 501 is configured to acquire planned itinerary information for a mobile wireless access device to access a target intranet, where the planned itinerary information includes itinerary information of at least one planned itinerary node of the mobile wireless access device, where: The itinerary information of the planned itinerary node includes the planned travel time and the corresponding planned travel location;
  • the first intranet firewall determining unit 502 is configured to determine a first intranet firewall from a plurality of intranet firewalls deployed for the target intranet according to the planned itinerary information, wherein the first intranet firewall Is an intranet firewall matched by the mobile wireless access device when it reaches the planned trip node;
  • the IP address sending unit 503 is configured to: when it is determined that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information according to the access device status information of the mobile wireless access device, The first IP address of the first intranet firewall is sent to the mobile wireless access device, so that the mobile wireless access device establishes a connection with the first intranet firewall according to the first IP address, and Disconnect the connection with the second intranet firewall.
  • the second intranet firewall assigns the device to the intranet firewall before acquiring the planned itinerary information of the mobile wireless access device, according to the target information sent by the mobile wireless access device.
  • the intranet access request of the target intranet is an intranet firewall matched by the mobile wireless access device determined from a plurality of intranet firewalls deployed for the target intranet.
  • the first intranet firewall determining unit 502 is specifically configured to: among the multiple intranet firewalls deployed for the target intranet, the distance to the planned travel location in the itinerary information of the planned travel node is the closest The internal firewall of is determined to be the first internal firewall.
  • the planned itinerary information further includes the planned stay period of the mobile wireless access device at the planned itinerary location;
  • the first intranet firewall determining unit 502 is specifically configured to: obtain information specific to the target intranet The low load period of each intranet firewall deployed; among the multiple intranet firewalls deployed for the target intranet, the intranet firewall with the longest overlap period between the low load period and the stay period is determined as the Describe the first intranet firewall.
  • the access device status information includes the current actual travel location of the mobile wireless access device; the IP address sending unit 503 is specifically configured to: determine the actual travel location and the planned travel node When the distance between the planned travel locations in is less than the preset distance threshold, it is determined that the mobile wireless access device meets the travel node condition corresponding to the planned travel node in the planned travel information.
  • the access device status information includes the current actual travel time of the mobile wireless access device; the IP address sending unit 503 is specifically configured to: determine the actual travel time and the planned travel node When the planned travel time in the, it is determined that the mobile wireless access device meets the travel node condition corresponding to the planned travel node in the planned travel information.
  • the intranet firewall distribution device can execute the steps performed by the intranet firewall distribution device described in the network connection method shown in Figures 2 to 3 through its built-in functional modules.
  • the intranet firewall distribution device can execute the steps performed by the intranet firewall distribution device described in the network connection method shown in Figures 2 to 3 through its built-in functional modules.
  • Figure 2 please refer to Figure 2.
  • the implementation details of each step in the embodiment corresponding to FIG. 3 will not be repeated here.
  • the first intranet firewall determination unit determines from the planned itinerary information from the target intranet deployed Among the multiple intranet firewalls, it is determined that the first intranet firewall allocated to the mobile wireless access device when the mobile wireless access device reaches the planned itinerary node, and the IP address sending unit is based on the mobile wireless access device
  • the first IP address of the first intranet firewall is sent to the mobile wireless access device, so that the mobile wireless access device
  • the access device establishes a connection with the first intranet firewall according to the first IP address, and disconnects the connection with the second intranet firewall. It realizes the recommendation to the mobile wireless access device to switch the connected intranet firewall according to the planned itinerary information of the mobile wireless access device, ensuring that the user uses the user terminal to access the target intranet through the connection
  • FIG. 6 is a schematic structural diagram of another mobile wireless access device provided by an embodiment of the application.
  • the service data transfer apparatus 60 includes a processor 601, a memory 602, and a communication interface 603.
  • the processor 601 is connected to the memory 602 and the communication interface 603.
  • the processor 601 may be connected to the memory 602 and the communication interface 603 through a bus.
  • the processor 601 is configured to support the mobile wireless access device to perform corresponding functions in the network connection methods described in FIGS. 2 to 3.
  • the processor 601 may be a central processing unit (Central Processing Unit, CPU), a network processor (Network Processor, NP), a hardware chip, or any combination thereof.
  • the foregoing hardware chip may be an application-specific integrated circuit (ASIC), a programmable logic device (Programmable Logic Device, PLD), or a combination thereof.
  • the aforementioned PLD may be a complex programmable logic device (Complex Programmable Logic Device, CPLD), a field programmable logic gate array (Field-Programmable Gate Array, FPGA), a general array logic (Generic Array Logic, GAL) or any combination thereof.
  • the memory 602 is used to store program codes and the like.
  • the memory 602 includes internal memory, which may include at least one of the following: volatile memory (such as dynamic random access memory (DRAM), static RAM (SRAM), synchronous dynamic RAM (SDRAM), etc.) and non-volatile memory (For example, one-time programmable read-only memory (OTPROM), programmable ROM (PROM), erasable programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM).
  • volatile memory such as dynamic random access memory (DRAM), static RAM (SRAM), synchronous dynamic RAM (SDRAM), etc.
  • non-volatile memory for example, one-time programmable read-only memory (OTPROM), programmable ROM (PROM), erasable programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM).
  • OTPROM one-time programmable read-only memory
  • PROM programmable ROM
  • EPROM erasable programm
  • the memory 602 may also include external memory, external
  • the memory may include at least one of the following: Hard Disk Drive (HDD) or Solid-State Drive (SSD), flash drive, such as high-density flash (CF), secure digital (SD), micro SD, mini type SD, limit number (xD), memory stick, etc.
  • HDD Hard Disk Drive
  • SSD Solid-State Drive
  • flash drive such as high-density flash (CF), secure digital (SD), micro SD, mini type SD, limit number (xD), memory stick, etc.
  • the communication interface 603 is used to receive or send data.
  • the processor 601 may call the program code to perform the following operations:
  • the intranet firewall distribution device obtains the planned itinerary information for the mobile wireless access device to access the target intranet, where the planned itinerary information includes the itinerary information of at least one planned itinerary node of the mobile wireless access device, wherein the plan The itinerary information of the itinerary node includes the planned travel time and the corresponding planned travel location;
  • the intranet firewall distribution device determines a first intranet firewall from a plurality of intranet firewalls deployed for the target intranet according to the planned itinerary information, where the first intranet firewall is the mobile An intranet firewall matched by the wireless access device when it reaches the planned trip node;
  • the intranet firewall distribution device determines that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information according to the access device status information of the mobile wireless access device.
  • the first IP address of the first intranet firewall is sent to the mobile wireless access device, so that the mobile wireless access device establishes a connection with the first intranet firewall according to the first IP address, and disconnects Open the connection with the second intranet firewall, which is the distribution device for the intranet firewall before obtaining the planned itinerary information of the mobile wireless access device according to the information sent by the mobile wireless access device.
  • the intranet firewall matched by the mobile wireless access device is determined from a plurality of intranet firewalls deployed for the target intranet.
  • each operation may also correspond to the corresponding description of the method embodiment shown in FIG. 2 to FIG. 3; the processor 601 may also be used to perform other operations in the above method embodiment.
  • the embodiments of the present application also provide a computer non-volatile readable storage medium, the computer non-volatile readable storage medium stores a computer program, the computer program includes program instructions, and the program instructions are executed by a computer.
  • the computer When the computer is caused to execute the method described in the foregoing embodiment, the computer may be a part of the aforementioned intranet firewall distribution device or mobile wireless access device.
  • the program can be stored in a computer readable storage medium. During execution, it may include the procedures of the above-mentioned method embodiments.
  • the storage medium may be a magnetic disk, an optical disc, a read-only memory (Read-Only Memory, ROM), or a random access memory (Random Access Memory, RAM), etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiments of the present application are applicable to access control in security protection. Disclosed are a network connection method and a related apparatus. The method comprises: an intranet firewall allocation device acquiring planned trip information of a mobile wireless access device accessing a target intranet; the intranet firewall allocation device determining a first intranet firewall allocated to the mobile wireless access device; and when determining that a trip node condition is met, the intranet firewall allocation device sending a first IP address of the first intranet firewall to the mobile wireless access device in order to cause the mobile wireless access device to establish a connection with the first intranet firewall and to cut off a connection with a second intranet firewall, thereby realizing the switching of the intranet firewalls connected to the mobile wireless access device. By means of the present application, connected intranet firewalls can be recommended to and switched for a mobile wireless access device according to planned trip information of the mobile wireless access device, thereby ensuring the network quality when a user accesses a target intranet.

Description

一种网络连接方法及相关装置Network connection method and related device
本申请要求于2019年06月10日提交中国专利局、申请号为2019104989754、申请名称为“一种内网访问方法及相关装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of a Chinese patent application filed with the Chinese Patent Office on June 10, 2019, the application number is 2019104989754, and the application name is "a method for accessing an intranet and related devices", the entire content of which is incorporated herein by reference Applying.
技术领域Technical field
本申请涉及通信领域,尤其涉及一种网络连接方法及相关装置。This application relates to the field of communications, and in particular to a network connection method and related devices.
背景技术Background technique
随着全球经济的一体化,越来越多的企业在全球各地都开展了相关业务,这就需要企业的员工被派遣到全球各地去办公。在一些办公场景中,企业员工到外地出差时需要访问得到公司内网服务器的一些资源,例如访问企业内网网页、访问内网文件服务器中共享文件夹中存储的文件等,这就需要提供一种针对出差员工的访问企业内网的方法。With the integration of the global economy, more and more companies have carried out related businesses all over the world, which requires company employees to be dispatched to work around the world. In some office scenarios, employees of an enterprise need to access some resources of the company’s intranet server when they travel abroad, such as accessing corporate intranet web pages, accessing files stored in shared folders in the intranet file server, etc. This requires providing a A method for traveling employees to access the corporate intranet.
申请内容Application content
本申请提供一种网络连接方法及相关设备,通过本申请可以实现根据移动无线接入设备的计划行程信息为移动无线接入设备推荐切换所连接的内网防火墙,保证了用户对目标内网进行访问的网络质量。This application provides a network connection method and related equipment. Through this application, it is possible to recommend switching the connected intranet firewall for the mobile wireless access device according to the planned itinerary information of the mobile wireless access device, ensuring that the user performs the target intranet The quality of the network accessed.
本申请实施例第一方面提供了一种网络连接方法,包括:The first aspect of the embodiments of the present application provides a network connection method, including:
内网防火墙分配设备获取移动无线接入设备对目标内网进行访问的计划行程信息,所述计划行程信息包括所述移动无线接入设备的至少一个计划行程节点的行程信息,其中,所述计划行程节点的行程信息包含计划行程时间及其对应的计划行程地点;The intranet firewall distribution device obtains the planned itinerary information for the mobile wireless access device to access the target intranet, where the planned itinerary information includes the itinerary information of at least one planned itinerary node of the mobile wireless access device, wherein the plan The itinerary information of the itinerary node includes the planned travel time and the corresponding planned travel location;
所述内网防火墙分配设备根据所述计划行程信息,从针对所述目标内网部署的多个内网防火墙中确定出第一内网防火墙,其中,所述第一内网防火墙为所述移动无线接入设备在到达所述计划行程节点的情况下匹配的内网防火墙;The intranet firewall distribution device determines a first intranet firewall from a plurality of intranet firewalls deployed for the target intranet according to the planned itinerary information, where the first intranet firewall is the mobile An intranet firewall matched by the wireless access device when it reaches the planned trip node;
所述内网防火墙分配设备在根据所述移动无线接入设备的接入设备状态信息,确定所述移动无线接入设备满足所述计划行程信息中计划行程节点对应的行程节点条件时,将所述第一内网防火墙的第一IP地址发送给所述移动无线接入设备,以使所述移动无线接入设备根据所述第一IP地址与所述第一内网防火墙建立连接,并断开与第二内网防火墙的连接,所述第二内网防火墙为所述内网防火墙分配设备在获取移动无线接入设备的计划行程信息之前,根据所述移动无线接入设备发送的针对所述目标内网的内网访问请求,从针对所述目标内网部署的多个内网防火墙中确定出的所述移动无线接入设备匹配的内网防火墙。When the intranet firewall distribution device determines that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information according to the access device status information of the mobile wireless access device, The first IP address of the first intranet firewall is sent to the mobile wireless access device, so that the mobile wireless access device establishes a connection with the first intranet firewall according to the first IP address, and disconnects Open the connection with the second intranet firewall, which is for the intranet firewall distribution device to obtain the planned itinerary information of the mobile wireless access device according to the information sent by the mobile wireless access device. For the intranet access request of the target intranet, the intranet firewall matched by the mobile wireless access device is determined from a plurality of intranet firewalls deployed for the target intranet.
本申请实施例第二方面提供了一种网络连接方法,包括:The second aspect of the embodiments of the present application provides a network connection method, including:
移动无线接入设备向内网防火墙分配设备发送对目标内网进行访问的计划行程信息,以使所述内网防火墙分配设备根据所述计划行程信息从针对所述目标内网部署的多个内网防火墙中确定出第一内网防火墙,所述第一内网防火墙为所述移动无线接入设备在到达所述计划行程节点的情况下匹配的内网防火墙,其中,所述计划行程信息包括所述移动无线接入设备的至少一个计划行程节点的行程信息,所述计划行程节点的行程信息包含计划行 程时间及其对应的计划行程地点;The mobile wireless access device sends the planned itinerary information for accessing the target intranet to the intranet firewall distribution device, so that the intranet firewall distribution device selects from multiple intranets deployed for the target intranet according to the planned itinerary information. A first intranet firewall is determined in the network firewall, and the first intranet firewall is an intranet firewall that matches when the mobile wireless access device reaches the planned itinerary node, wherein the planned itinerary information includes Travel information of at least one planned travel node of the mobile wireless access device, where the travel information of the planned travel node includes the planned travel time and the corresponding planned travel location;
所述移动无线接入设备接收所述第一内网防火墙的第一IP地址,所述第一IP地址为所述内网防火墙分配设备在根据所述移动无线接入设备的接入设备状态信息,确定所述移动无线接入设备满足所述计划行程信息中计划行程节点对应的行程节点条件时向所述移动无线接入设备发送的;The mobile wireless access device receives the first IP address of the first intranet firewall, where the first IP address is that the intranet firewall assigns the device according to the access device status information of the mobile wireless access device , Sending it to the mobile wireless access device when it is determined that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information;
所述移动无线接入设备根据所述第一IP地址向所述第一内网防火墙发送防火墙连接请求,以使所述第一内网防火墙根据所述防火墙连接请求与所述移动无线接入设备建立连接;The mobile wireless access device sends a firewall connection request to the first intranet firewall according to the first IP address, so that the first intranet firewall communicates with the mobile wireless access device according to the firewall connection request. establish connection;
所述移动无线接入设备断开与第二内网防火墙的连接,所述第二内网防火墙为所述移动无线接入设备在向所述内网防火墙分配设备发送所述计划行程信息之前,所述内网防火墙分配设备根据所述移动无线接入设备发送的针对所述目标内网的内网连接请求,从针对所述目标内网部署的多个内网防火墙中确定出的所述移动无线接入设备匹配的防火墙。The mobile wireless access device disconnects from a second intranet firewall, and the second intranet firewall means that before the mobile wireless access device sends the planned itinerary information to the intranet firewall distribution device, According to the intranet connection request for the target intranet sent by the mobile wireless access device, the intranet firewall distribution device determines the mobile from among the multiple intranet firewalls deployed for the target intranet. A firewall that matches the wireless access device.
本申请实施例第三方面,提供了一种内网防火墙分配设备,包括:The third aspect of the embodiments of the present application provides an intranet firewall distribution device, including:
行程信息获取单元,用于获取移动无线接入设备对目标内网进行访问的计划行程信息,所述计划行程信息包括所述移动无线接入设备的至少一个计划行程节点的行程信息,其中,所述计划行程节点的行程信息包含计划行程时间及其对应的计划行程地点;The itinerary information acquiring unit is configured to acquire planned itinerary information for the mobile wireless access device to access the target intranet, where the planned itinerary information includes the itinerary information of at least one planned itinerary node of the mobile wireless access device, where all The itinerary information of the planned itinerary node includes the planned travel time and the corresponding planned travel location;
第一内网防火墙确定单元,用于根据所述计划行程信息,从针对所述目标内网部署的多个内网防火墙中确定出第一内网防火墙,其中,所述第一内网防火墙为所述移动无线接入设备在到达所述计划行程节点的情况下匹配的内网防火墙;The first intranet firewall determining unit is configured to determine a first intranet firewall from a plurality of intranet firewalls deployed for the target intranet according to the planned itinerary information, where the first intranet firewall is An intranet firewall that matches when the mobile wireless access device reaches the planned trip node;
IP地址发送单元,用于在根据所述移动无线接入设备的接入设备状态信息,确定所述移动无线接入设备满足所述计划行程信息中计划行程节点对应的行程节点条件时,将所述第一内网防火墙的第一IP地址发送给所述移动无线接入设备,以使所述移动无线接入设备根据所述第一IP地址与所述第一内网防火墙建立连接,并断开与第二内网防火墙的连接,所述第二内网防火墙为所述内网防火墙分配设备在获取移动无线接入设备的计划行程信息之前,根据所述移动无线接入设备发送的针对所述目标内网的内网访问请求,从针对所述目标内网部署的多个内网防火墙中确定出的所述移动无线接入设备匹配的内网防火墙。The IP address sending unit is configured to, according to the access device status information of the mobile wireless access device, determine that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information, and set all The first IP address of the first intranet firewall is sent to the mobile wireless access device, so that the mobile wireless access device establishes a connection with the first intranet firewall according to the first IP address, and disconnects Open the connection with the second intranet firewall, which is for the intranet firewall distribution device to obtain the planned itinerary information of the mobile wireless access device according to the information sent by the mobile wireless access device. For the intranet access request of the target intranet, the intranet firewall matched by the mobile wireless access device is determined from a plurality of intranet firewalls deployed for the target intranet.
本申请实施例第四方面,提供了一种移动无线接入设备,包括:The fourth aspect of the embodiments of the present application provides a mobile wireless access device, including:
行程发送单元,用于向内网防火墙分配设备发送对目标内网进行访问的计划行程信息,以使所述内网防火墙分配设备根据所述计划行程信息从针对所述目标内网部署的多个内网防火墙中确定出第一内网防火墙,所述第一内网防火墙为所述移动无线接入设备在到达所述计划行程节点的情况下匹配的内网防火墙,其中,所述计划行程信息包括所述移动无线接入设备的至少一个计划行程节点的行程信息,所述计划行程节点的行程信息包含计划行程时间及其对应的计划行程地点;The itinerary sending unit is configured to send the planned itinerary information for accessing the target intranet to the intranet firewall distribution device, so that the intranet firewall distribution device selects the information about the planned itinerary from a plurality of A first intranet firewall is determined in the intranet firewall, and the first intranet firewall is an intranet firewall that matches when the mobile wireless access device reaches the planned itinerary node, wherein the planned itinerary information Including itinerary information of at least one planned itinerary node of the mobile wireless access device, where the itinerary information of the planned itinerary node includes the planned travel time and the corresponding planned travel location;
地址接收单元,用于接收所述第一内网防火墙的第一IP地址,所述第一IP地址为所述内网防火墙分配设备在根据所述移动无线接入设备的接入设备状态信息,确定所述移动无线接入设备满足所述计划行程信息中计划行程节点对应的行程节点条件时向所述移动无线接入设备发送的;The address receiving unit is configured to receive a first IP address of the first intranet firewall, where the first IP address is that the intranet firewall allocation device is based on the access device status information of the mobile wireless access device, Sent to the mobile wireless access device when it is determined that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information;
防火墙连接单元,用于根据所述第一IP地址向所述第一内网防火墙发送防火墙连接请求,以使所述第一内网防火墙根据所述防火墙连接请求与所述移动无线接入设备建立连接;The firewall connection unit is configured to send a firewall connection request to the first intranet firewall according to the first IP address, so that the first intranet firewall establishes with the mobile wireless access device according to the firewall connection request connection;
所述防火墙连接单元,还用于断开与第二内网防火墙的连接,所述第二内网防火墙为所述移动无线接入设备在向所述内网防火墙分配设备发送所述计划行程信息之前,所述内网防火墙分配设备根据所述移动无线接入设备发送的针对所述目标内网的内网连接请求,从针对所述目标内网部署的多个内网防火墙中确定的所述移动无线接入设备匹配的防火墙。The firewall connection unit is further configured to disconnect the connection with a second intranet firewall for the mobile wireless access device sending the planned itinerary information to the intranet firewall distribution device Previously, the intranet firewall allocation device determined the intranet firewall from the multiple intranet firewalls deployed for the target intranet according to the intranet connection request sent by the mobile wireless access device for the target intranet. Mobile wireless access device matching firewall.
本申请实施例第五方面提供了一种移动无线接入设备,包括处理器、存储器以及通信接口,所述处理器、存储器和通信接口相互连接,其中,所述通信接口用于接收和发送数据,所述存储器用于存储程序代码,所述处理器用于调用所述程序代码,所述程序代码当被计算机执行时使所述计算机执行上述第二方面的方法。The fifth aspect of the embodiments of the present application provides a mobile wireless access device, including a processor, a memory, and a communication interface. The processor, the memory, and the communication interface are connected to each other, wherein the communication interface is used to receive and send data. The memory is used for storing program code, and the processor is used for calling the program code, and when the program code is executed by a computer, the computer executes the method of the second aspect.
本申请实施例第六方面提供了一种计算机非易失性可读存储介质,所述计算机非易失性可读存储介质存储有计算机程序,所述计算机程序包括程序指令,所述程序指令当被计算机执行时使所述计算机执行上述第一方面或者上述第二方面的方法。The sixth aspect of the embodiments of the present application provides a computer non-volatile readable storage medium, the computer non-volatile readable storage medium stores a computer program, the computer program includes program instructions, and the program instructions are When executed by a computer, the computer executes the method of the first aspect or the second aspect.
通过本申请,实现了根据移动无线接入设备的计划行程信息向移动无线接入设备推荐切换所连接的内网防火墙,保证了用户使用用户终端通过移动无线接入设备与内网防火墙的连接进行目标内网访问的网络质量。Through this application, it is realized that the mobile wireless access device is recommended to switch the connected intranet firewall to the mobile wireless access device according to the planned itinerary information of the mobile wireless access device, which ensures that the user uses the user terminal to connect to the intranet firewall through the mobile wireless access device The network quality of the target intranet access.
附图说明Description of the drawings
图1为本申请实施例提供的一种内网访问系统的框架示意图;FIG. 1 is a schematic diagram of a framework of an intranet access system provided by an embodiment of this application;
图2为本申请实施例提供的一种网络连接方法的系统交互示意图;2 is a schematic diagram of system interaction of a network connection method provided by an embodiment of this application;
图3为本申请实施例提供的另一种网络连接方法的系统交互示意图;3 is a schematic diagram of system interaction of another network connection method provided by an embodiment of the application;
图4为本申请实施例提供的一种移动无线接入设备的结构示意图;FIG. 4 is a schematic structural diagram of a mobile wireless access device provided by an embodiment of this application;
图5为本申请实施例提供的一种内网防火墙分配设备的结构示意图;FIG. 5 is a schematic structural diagram of an intranet firewall distribution device provided by an embodiment of the application;
图6为本申请实施例提供的另一种移动无线接入设备的结构示意图。Fig. 6 is a schematic structural diagram of another mobile wireless access device provided by an embodiment of the application.
具体实施方式Detailed ways
下面将结合图1至图5,对本申请实施例提供的网络连接方法及相关装置进行说明。In the following, the network connection method and related devices provided by the embodiments of the present application will be described with reference to FIGS. 1 to 5.
图1为本申请实施例提供的一种内网访问系统的框架示意图,如图所示,在该内网访问系统框架中,内网防火墙1、内网防火墙2和内网防火墙3为针对目标内网部署的3个内网防火墙,移动无线接入设备1和移动无线接入设备2分别与内网防火墙1相连接,移动无线接入设备3与内网防火墙3相连接,用户终端1与移动无线接入设备2相连接,用户终端2与移动无线接入设备相连接。Figure 1 is a schematic diagram of the framework of an intranet access system provided by an embodiment of the application. As shown in the figure, in the framework of the intranet access system, the intranet firewall 1, the intranet firewall 2, and the intranet firewall 3 are targeted Three intranet firewalls deployed in the intranet, mobile wireless access device 1 and mobile wireless access device 2 are respectively connected to the intranet firewall 1, the mobile wireless access device 3 is connected to the intranet firewall 3, and the user terminal 1 and The mobile wireless access device 2 is connected, and the user terminal 2 is connected with the mobile wireless access device.
这里,目标内网为将特定企业、特定机构、特定学校等的一个局部地理范围内的各种计算机、服务器和数据库等互相连接起来的局域通信网络。目标内网中的终端或服务器在于所述目标内网中的终端或服务器等进行通信时,通过数据链路层实现,通信消息无需经过路由器的路由;在于所述目标内网外的终端或服务器进行通信时,通过网络层实现,目标内网内的终端或服务器发送的通信消息需要经过路由器经过网络地址转换后,路由至所述目标内网外的终端或服务器,目标内网外的终端或服务器返回的通信消息需要路由器经过网络地址转换后,路由至目标内网的终端或服务器。Here, the target intranet is a local communication network that interconnects various computers, servers, and databases in a local geographic area of a specific enterprise, a specific institution, a specific school, etc. When the terminal or server in the target intranet communicates with the terminal or server in the target intranet, it is realized through the data link layer, and the communication message does not need to be routed through the router; in the terminal or server outside the target intranet When communicating, it is achieved through the network layer. The communication message sent by the terminal or server in the target intranet needs to be routed to the terminal or server outside the target intranet, the terminal or the terminal outside the target intranet, and The communication message returned by the server needs to be routed to the terminal or server on the target intranet after the router undergoes network address translation.
这里,针对目标内网部署的内网防火墙可以是部署在全球各地的针对进出目标内网的数据包进行过滤的防火墙,内网防火墙通过广域网与目标内网的路由器相连接,进而通过 目标内网的路由器实现于目标内网的内网服务器的连接。Here, the intranet firewall deployed for the target intranet can be a firewall deployed around the world that filters data packets entering and leaving the target intranet. The intranet firewall is connected to the router of the target intranet through the WAN, and then passes through the target intranet. The router realizes the connection to the intranet server of the target intranet.
这里,移动无线接入设备为可移动的,能发射无线网络信号的,且有路由功能的无线接入设备。移动无线接入设备将通过插入SIM(Subscriber Identification Module,用户身份识别)卡接入数据网络,也可以通过插入网线的方式接入有线网络,还可以通过连接WIFI的方式接入无线网络。用户终端可以接入移动无线接入设备发射的无线网络与移动无线接入设备连接。Here, the mobile wireless access device is a mobile wireless access device that can transmit wireless network signals and has a routing function. The mobile wireless access device will access the data network by inserting a SIM (Subscriber Identification Module) card. It can also access a wired network by inserting a network cable, and can also access a wireless network by connecting to WIFI. The user terminal can access the wireless network transmitted by the mobile wireless access device to connect with the mobile wireless access device.
这里,内网防火墙分配装置可以是具有针对目标内网的域名解析功能的,且存储有针对目标内网部署的各个防火墙IP地址和部署位置的设备,如GTM(Global Traffic Manager,全局流量管理)设备等。Here, the intranet firewall distribution device may be a device that has a domain name resolution function for the target intranet, and stores the IP addresses and deployment locations of each firewall deployed for the target intranet, such as GTM (Global Traffic Manager, global traffic management) Equipment etc.
这里,用户终端可以为包括笔记本电脑、手机、平板电脑等具有无线网络接收功能的终端设备。Here, the user terminal may be a terminal device with a wireless network receiving function, such as a notebook computer, a mobile phone, and a tablet computer.
参见图2,图2为本申请实施例提供的一种网络连接方法的系统交互示意图,如图所示,所述方法可以包括步骤S201~S205:Refer to FIG. 2, which is a schematic diagram of system interaction of a network connection method provided by an embodiment of the application. As shown in the figure, the method may include steps S201 to S205:
S201,移动无线接入设备向内网防火墙分配设备发送对目标内网进行访问的计划行程信息。S201: The mobile wireless access device sends the planned itinerary information for accessing the target intranet to the intranet firewall distribution device.
这里,对目标内网进行访问的计划行程信息为所述移动无线接入设备计划在所述计划行程信息对应的行程中对目标内网进行访问的行程信息,或所述移动无线接入设备计划在达到所述计划行程节点后对目标内网进行访问的行程信息。所述计划行程信息包括所述移动无线接入设备的至少一个计划行程节点的行程信息,其中所述计划行程节点的行程信息包含计划行程时间及其对应的计划行程地点。例如所述计划行程节点的行程信息可以为北京时间2019年3月17日14点整到达深圳宝安国际机场,也可以为3个小时后到达上海虹桥国际机场等。所述移动无线接入设备向所述内网防火墙分配设备发送的计划行程信息可以为用户通过所述移动无线接入设备输入的,也可以是通过与所述移动无线接入设备相连接的用户终端输入后,发送给所述移动无线接入设备的,还可以是用户终端从用户终端的邮件、短信、备忘录等用户信息中等提取到的,移动无线接入设备对计划行程信息的获取方法此处不做限定。Here, the planned itinerary information for accessing the target intranet is the itinerary information that the mobile wireless access device plans to visit the target intranet in the itinerary corresponding to the planned itinerary information, or the mobile wireless access device plan Itinerary information for visiting the target intranet after reaching the planned itinerary node. The planned travel information includes travel information of at least one planned travel node of the mobile wireless access device, wherein the travel information of the planned travel node includes the planned travel time and the corresponding planned travel location. For example, the itinerary information of the planned itinerary node may be the arrival at Shenzhen Baoan International Airport at 14:00 on March 17, 2019, Beijing time, or the arrival at Shanghai Hongqiao International Airport in 3 hours. The planned itinerary information sent by the mobile wireless access device to the intranet firewall distribution device may be input by the user through the mobile wireless access device, or may be through a user connected to the mobile wireless access device After the terminal is input, it is sent to the mobile wireless access device. It can also be extracted by the user terminal from user information such as emails, short messages, memos, etc. of the user terminal. The mobile wireless access device obtains planned itinerary information. There are no restrictions.
S202,所述内网防火墙分配设备根据所述计划行程信息,从针对所述目标内网部署的多个内网防火墙中确定出第一内网防火墙。S202: The intranet firewall distribution device determines a first intranet firewall from a plurality of intranet firewalls deployed for the target intranet according to the planned itinerary information.
其中,所述第一内网防火墙为所述移动无线接入设备在到达所述计划行程节点的情况下匹配的内网防火墙。Wherein, the first intranet firewall is an intranet firewall that matches when the mobile wireless access device reaches the planned trip node.
具体的,所述移动无线接入设备到达所述计划行程节点可以至少包含两种情况:所述移动无线接入设备到达所述计划行程节点对应的计划行程地点和系统时间到达所述计划行程节点对应的计划行程时间。Specifically, the arrival of the mobile wireless access device at the planned journey node may include at least two situations: the mobile wireless access device arrives at the planned journey location corresponding to the planned journey node and the system time arrives at the planned journey node The corresponding planned travel time.
针对上述两种情况中的第一种情况,一种确定所述第一内网防火墙的可选的实现方式为:所述内网防火墙分配设备将针对所述目标内网部署的多个内网防火墙中,与所述计划行程地点距离最近的内网防火墙确定为所述第一内网防火墙。例如,针对所述目标内网部署的3个内网防火墙的部署位置分别为纽约、上海和伦敦,所述计划行程地点为巴黎,则将部署在伦敦的内网防火墙确定为所述第一内网防火墙。In view of the first of the above two cases, an optional implementation manner for determining the first intranet firewall is: the intranet firewall distribution device will target multiple intranets deployed on the target intranet Among the firewalls, the intranet firewall closest to the planned travel location is determined to be the first intranet firewall. For example, the deployment locations of the three intranet firewalls deployed for the target intranet are New York, Shanghai, and London respectively, and the planned travel location is Paris, then the intranet firewall deployed in London is determined as the first intranet firewall. Net firewall.
针对上述两种情况的第二种情况,一种确定所述第一内网防火墙的可选的实现方式为:所述计划行程信息还包括所述移动无线接入设备计划在所述计划行程地点的停留时段,所述内网防火墙分配设备获取针对所述目标内网部署的各个内网防火墙的低负载时段,所述内网防火墙分配将针对所述目标内网部署的多个内网防火墙中,所述低负载时段与所述停留时段的重叠时段最长的内网防火墙,确定为所述第一内网防火墙。例如,针对所述目标内网部署的3个内网防火墙的低负载时段分别为北京时间23点-次日3点、北京时间8点-9点、北京时间19点-24点,所述计划行程信息包含的停留时段为北京时间23点-次日9点,所述内网防火墙分配设备将低负载时段为北京时间23点-次日3点的内网防火墙确定为所述第一内网防火墙。In view of the second situation of the above two cases, an optional implementation manner for determining the first intranet firewall is: the planned itinerary information also includes the planned travel location of the mobile wireless access device During the stay period, the intranet firewall distribution device obtains the low-load period of each intranet firewall deployed for the target intranet, and the intranet firewall distribution will target the multiple intranet firewalls deployed on the target intranet , The intranet firewall with the longest overlap period of the low load period and the stay period is determined as the first intranet firewall. For example, the low-load periods of the three intranet firewalls deployed for the target intranet are 23:00 Beijing time-3 o'clock the next day, 8:00 Beijing time-9 o'clock, Beijing time 19:00-24:00, the plan The stay period included in the itinerary information is 23:00 Beijing time-9:00 the next day, and the intranet firewall distribution device determines the intranet firewall whose low load period is 23:00 Beijing time-3:00 next day as the first intranet Firewall.
这里,当所述计划行程节点包含多个时,根据上述具体实现步骤确定各个计划行程节点对应的第一内网防火墙。Here, when the planned trip node includes multiple nodes, the first intranet firewall corresponding to each planned trip node is determined according to the specific implementation steps described above.
S203,所述内网防火墙分配设备在根据所述移动无线接入设备的接入设备状态信息,确定所述移动无线接入设备满足所述计划行程信息中计划行程节点对应的行程节点条件时,将所述第一内网防火墙的第一IP地址发送给所述移动无线接入设备。S203: When the intranet firewall distribution device determines, according to the access device status information of the mobile wireless access device, that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information, Sending the first IP address of the first intranet firewall to the mobile wireless access device.
具体的,所述内网防火墙分配设备根据所述移动无线接入设备的接入设备状态信息,确定所述移动无线接入设备满足所述计划行程信息中计划行程节点对应的行程节点条件可以至少包含以下两种实现方式:Specifically, the intranet firewall distribution device determines that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information according to the access device status information of the mobile wireless access device may at least Contains the following two implementation methods:
一、所述接入设备状态信息包含所述移动无线接入设备当前的实际行程地点,所述内网防火墙分配设备在确定所述实际行程地点与所述计划行程节点中的计划行程地点之间的距离小于预设距离阈值时,确定所述移动无线接入设备满足所述计划行程信息中计划行程节点对应的行程节点条件。所述移动无线接入设备当前的实际行程地点可以为所述移动无线接入设备实时发送给所述内网防火墙分配设备的,也可以是所述内网防火墙分配设备根据所述移动无线接入设备实时发送的定位信息,通过定位技术确定得到的。1. The status information of the access device includes the current actual travel location of the mobile wireless access device, and the intranet firewall distribution device determines between the actual travel location and the planned travel location in the planned travel node When the distance of is less than the preset distance threshold, it is determined that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information. The current actual travel location of the mobile wireless access device may be sent by the mobile wireless access device to the intranet firewall distribution device in real time, or it may be the intranet firewall distribution device according to the mobile wireless access The real-time positioning information sent by the device is determined by positioning technology.
二、所述接入设备状态信息包含所述移动无线接入设备当前的实际行程时间,所述内网防火墙分配设备在确定所述实际行程时间与所述计划行程节点中的计划行程时间一致时,确定所述移动无线接入设备满足所述计划行程信息中计划行程节点对应的行程节点条件。这里,所述实际行程时间与所述内网防火墙分配设备的系统时间一致。2. The access device status information includes the current actual travel time of the mobile wireless access device, and the intranet firewall distribution device determines that the actual travel time is consistent with the planned travel time in the planned travel node , Determining that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information. Here, the actual travel time is consistent with the system time of the intranet firewall distribution device.
S204,所述移动无线接入设备根据所述第一IP地址与所述第一内网防火墙建立连接。S204: The mobile wireless access device establishes a connection with the first intranet firewall according to the first IP address.
具体的,所述移动无线接入设备根据所述第一IP地址,向所述第一内网防火墙发送防火墙连接请求,以使所述第一内网防火墙根据所述防火墙连接请求对所述移动接入设备的身份验证通过后,建立与所述移动无线接入设备的连接。Specifically, the mobile wireless access device sends a firewall connection request to the first intranet firewall according to the first IP address, so that the first intranet firewall sends a firewall connection request to the mobile device according to the firewall connection request. After the identity verification of the access device is passed, a connection with the mobile wireless access device is established.
一种实现方式中,所述防火墙连接请求中携带所述移动无线接入设备的接入设备识别码,如MAC地址,所述第一内网防火墙在确定所述接入设备识别码为预设的允许连接接入设备识别码中的其中一个时,确定对所述移动无线接入设备的身份认证通过。In an implementation manner, the firewall connection request carries the access device identification code of the mobile wireless access device, such as a MAC address, and the first intranet firewall determines that the access device identification code is preset When one of the identification codes of the access device is allowed to be connected, it is determined that the identity authentication of the mobile wireless access device is passed.
另一种实现方式中,所述防火墙连接请求中携带用户通过所述移动无线接入设备输入的用户名和密码,所述第一内网防火墙在确定所述用户名和密码为预设的允许连接用户名和密码中的其中一组时,确定对所述移动无线接入设备的身份认证通过。In another implementation manner, the firewall connection request carries the user name and password input by the user through the mobile wireless access device, and the first intranet firewall determines that the user name and password are preset users allowed to connect When one of the name and password is set, it is determined that the identity authentication of the mobile wireless access device is passed.
又一种实现方式中,所述防火墙连接请求中携带所述移动无线接入设备的数字证书, 所述第一内网防火墙根据所述接入设备数字证书中携带的所述接入设备数字证书的发布方信息,确定所述接入设备数字证书的证书发布方;所述第一内网防火墙获取所述证书发布方的发布方数字证书后,通过所述发布方数字证书中包含的发布方公钥,并使用所述发布方公钥对所述接入设备数字证书中的数字签名进行解密得到所述接入设备数字证书的证书指纹,所述第一内网防火墙在将使用指定的哈希算法对所述接入设备数字证书进行哈希计算得到数字证书哈希值;所述第一内网防火墙在确定所述第一内网防火墙进行哈希计算得到的数字证书哈希值与所述接入设备证书指纹一致时,确定对所述移动无线接入设备的身份认证通过。In yet another implementation manner, the firewall connection request carries the digital certificate of the mobile wireless access device, and the first intranet firewall is based on the access device digital certificate carried in the access device digital certificate. The issuer information of the access device determines the certificate issuer of the digital certificate of the access device; after the first intranet firewall obtains the issuer digital certificate of the certificate issuer, it passes the issuer contained in the issuer’s digital certificate The public key is used to decrypt the digital signature in the digital certificate of the access device using the public key of the issuing party to obtain the certificate fingerprint of the digital certificate of the access device. The first intranet firewall will use the specified Kazakhstan The Greek algorithm performs a hash calculation on the digital certificate of the access device to obtain the hash value of the digital certificate; the first intranet firewall determines that the hash value of the digital certificate obtained by the hash calculation of the first intranet firewall is When the fingerprints of the access device certificates are consistent, it is determined that the identity authentication of the mobile wireless access device is passed.
具体的,所述移动无线接入设备发起三次握手与所述第一内网防火墙建立基于TCP/IP协议的连接,具体步骤如下:所述移动无线接入设备向所述第一内网防火墙发送SYN(Synchronize Sequence Numbers,同步序列编号)数据包;所述第一内网防火墙接收到所述SYN数据包后,向所述移动无线接入设备发送SYN+ACK(ACKnowledge Character,确认字符)数据包;所述移动无线接入设备接收到所述SYN+ACK数据包后,向所述第一内网防火墙反馈ACK数据包;所述第一内网防火墙接收到所述移动无线接入设备反馈的ACK数据包后,所述移动无线接入设备与所述第一内网防火墙之间的连接建立完成。Specifically, the mobile wireless access device initiates a three-way handshake to establish a connection based on the TCP/IP protocol with the first intranet firewall. The specific steps are as follows: the mobile wireless access device sends to the first intranet firewall SYN (Synchronize Sequence Numbers, synchronization sequence number) data packet; after the first intranet firewall receives the SYN data packet, it sends a SYN+ACK (ACKnowledge Character, confirmation character) data packet to the mobile wireless access device After the mobile wireless access device receives the SYN+ACK data packet, it feeds back the ACK data packet to the first intranet firewall; the first intranet firewall receives the feedback from the mobile wireless access device After the ACK packet, the connection between the mobile wireless access device and the first intranet firewall is established.
可选的,所述移动无线接入设备获取所述移动无线接入设备的实时行程地点;所述移动无线接入设备在根据所述实时行程地点确定所述移动无线接入设备到达所述计划行程节点对应的计划行程地点时,根据所述第一IP地址向所述第一内网防火墙发送防火墙连接请求。由于与所述计划行程节点对应的实际行程具有一定的不确定性,在所述内网防火墙分配设备将所述第一IP地址发送给所述移动无线接入设备以后,所述移动无线接入设备在确认自身到达所述计划行程节点对应的计划行程地点时,向所述第一内网防火墙发送防火墙连接请求,避免了由于实际行程的不准确,导致在移动无线接入设备到达所述计划行程地点有延误时,与移动无线接入设备连接的内网防火墙切换的过早,保证了内网防火墙切换的准确性和有效性。Optionally, the mobile wireless access device obtains the real-time travel location of the mobile wireless access device; the mobile wireless access device determines that the mobile wireless access device arrives at the plan according to the real-time travel location When the planned travel location corresponding to the travel node, a firewall connection request is sent to the first intranet firewall according to the first IP address. Since the actual itinerary corresponding to the planned itinerary node has certain uncertainty, after the intranet firewall allocation device sends the first IP address to the mobile wireless access device, the mobile wireless access When the device confirms that it has arrived at the planned itinerary location corresponding to the planned itinerary node, it sends a firewall connection request to the first intranet firewall to avoid the inaccuracy of the actual itinerary, which may cause the mobile wireless access device to arrive at the planned itinerary. When the itinerary is delayed, the intranet firewall connected to the mobile wireless access device is switched prematurely, ensuring the accuracy and effectiveness of the intranet firewall switching.
S205,所述移动无线接入设备断开与第二内网防火墙的连接。S205: The mobile wireless access device disconnects from the second intranet firewall.
这里,所述第二内网防火墙为所述内网防火墙分配设备在获取移动无线接入设备的计划行程信息之前,根据所述移动无线接入设备发送的针对所述目标内网的内网访问请求,从针对所述目标内网部署的多个内网防火墙中确定出的所述移动无线接入设备匹配的内网防火墙。Here, the second intranet firewall means that the intranet firewall allocation device, before acquiring the planned itinerary information of the mobile wireless access device, according to the intranet access to the target intranet sent by the mobile wireless access device Request, determine the intranet firewall matched by the mobile wireless access device from the multiple intranet firewalls deployed for the target intranet.
所述移动无线接入设备发起四次挥手断开与所述第二内网防火墙的TCP/IP连接,具体步骤如下:所述移动无线接入设备向所述第二内网防火墙发送FIN(Finish Character,结束字符)数据包;所述第二内网防火墙接收到所述FIN数据包后,向所述移动无线接入设备发送ACK数据包;所述第二内网防火墙向所述移动无线接入设备发送FIN数据包;所述移动无线接入设备接收到所述FIN数据包后,向所述第二内网防火墙发送ACK数据包;所述第二内网防火墙分配设备接收到所述ACK数据包后,所述移动无线接入设备与所述第二内网防火墙之间的连接断开完成。The mobile wireless access device initiates four waves to disconnect the TCP/IP connection with the second intranet firewall. The specific steps are as follows: the mobile wireless access device sends a FIN (Finish) to the second intranet firewall. Character, the end character) data packet; after receiving the FIN data packet, the second intranet firewall sends an ACK data packet to the mobile wireless access device; the second intranet firewall sends an ACK data packet to the mobile wireless access device The incoming device sends a FIN data packet; after receiving the FIN data packet, the mobile wireless access device sends an ACK data packet to the second intranet firewall; the second intranet firewall distribution device receives the ACK After the data packet, the disconnection of the connection between the mobile wireless access device and the second intranet firewall is completed.
可选的,所述网络连接方法还可以包括步骤S206~S211:Optionally, the network connection method may further include steps S206 to S211:
S206,用户终端向所述移动无线接入设备发送针对目标内网的内网访问请求。S206: The user terminal sends an intranet access request for the target intranet to the mobile wireless access device.
具体的,步骤S206之前,所述用户终端可以向所述移动无线接入设备发送无线网络连接请求,所述移动无线接入设备可以直接与所述用户终端建立连接,也可以通过所述无线网络连接请求携带的用户终端身份信息进行验证后,建立与所述用户终端的连接。所述用户终端身份信息可以为所述用户终端接收到的用户输入的接入所述移动无线接入设备建立的无线网络的用户名与密码,还可以为用户终端接收到的用户输入的生物特征信息,还可以为所述用户终端的终端设备标识信息。Specifically, before step S206, the user terminal may send a wireless network connection request to the mobile wireless access device, and the mobile wireless access device may directly establish a connection with the user terminal, or through the wireless network After the user terminal identity information carried in the connection request is verified, a connection with the user terminal is established. The user terminal identity information may be the user name and password input by the user inputted by the user terminal to access the wireless network established by the mobile wireless access device, and may also be the biometric input received by the user terminal The information may also be terminal equipment identification information of the user terminal.
这里,步骤S206在步骤S205之后执行,即步骤S206中所述用户终端的所述内网访问请求为所述移动无线接入设备与所述第二内网防火墙断开连接后,所述用户终端对所述目标内网的内网访问请求。Here, step S206 is executed after step S205, that is, the intranet access request of the user terminal in step S206 is that after the mobile wireless access device is disconnected from the second intranet firewall, the user terminal Intranet access request to the target intranet.
S207,所述移动无线接入设备将所述内网访问请求发送给所述第一内网防火墙。S207: The mobile wireless access device sends the intranet access request to the first intranet firewall.
S208,所述第一内网防火墙将所述内网访问请求路由至所述目标内网的内网服务器。S208: The first intranet firewall routes the intranet access request to the intranet server of the target intranet.
具体的,所述内网访问请求为针对目标内网中的服务器的访问请求,例如针对所述目标内网中Web服务器的访问请求、针对所述目标内网中FTP服务器的访问请求、针对所述目标内网中邮件服务器的访问请求等。所述第一内网防火墙接收到所述移动无线接入设备发送的内网访问请求之后,通过外网将所述内网访问请求发送给所述目标内网的路由器,所述目标内网的路由器通过所述目标内网将所述内网访问请求路由至所述目标内网中对应的内网服务器。Specifically, the intranet access request is an access request for a server in the target intranet, such as an access request for a Web server in the target intranet, an access request for an FTP server in the target intranet, and an access request for a server in the target intranet. State the access request of the mail server in the target intranet, etc. After the first intranet firewall receives the intranet access request sent by the mobile wireless access device, it sends the intranet access request to the router of the target intranet through the external network. The router routes the intranet access request to the corresponding intranet server in the target intranet through the target intranet.
S209,所述内网服务器向所述第一内网防火墙返回响应所述内网访问请求的内网请求响应消息。S209: The intranet server returns an intranet request response message in response to the intranet access request to the first intranet firewall.
具体的,所述内网服务器响应所述内网访问请求生成内网请求响应消息后,将所述内网请求响应消息通过所述目标内网发送给所述目标内网的路由器,所述目标内网的路由器通过外网将所述内网请求响应消息发送给所述第一内网防火墙。例如,若所述内网访问请求为请求获取目标内网中文件服务器中的某文件,则所述内网请求响应消息可以为文件服务器发送的该文件。Specifically, after the intranet server generates an intranet request response message in response to the intranet access request, it sends the intranet request response message to the router of the target intranet through the target intranet, and the target The router of the internal network sends the internal network request response message to the first internal network firewall through the external network. For example, if the intranet access request is a request to obtain a file in a file server in the target intranet, the intranet request response message may be the file sent by the file server.
S210,所述第一内网防火墙将所述内网请求响应消息发送给所述移动无线接入设备。S210: The first intranet firewall sends the intranet request response message to the mobile wireless access device.
S211,所述移动无线接入设备将所述内网请求响应消息发送给所述用户终端。S211: The mobile wireless access device sends the intranet request response message to the user terminal.
本申请实施例中,内网防火墙分配设备在接收到移动无线接入设备发送的针对目标内网进行访问的计划行程信息后,根据计划行程信息从针对目标内网部署的多个内网防火墙中,确定在移动无线接入设备到达所述计划行程节点的情况下为所述移动无线接入设备分配的第一内网防火墙,并在根据移动无线接入设备的接入设备状态信息确定移动无线接入设备满足计划行程信息中计划行程节点对应的行程节点条件时,将第一内网防火墙的第一IP地址发送给移动无线接入设备,以使移动无线接入设备根据第一IP地址与第一内网防火墙建立连接,并断开与第二内网防火墙的连接。实现了根据移动无线接入设备的计划行程信息向移动无线接入设备推荐切换所连接的内网防火墙,保证了用户使用用户终端通过移动无线接入设备与内网防火墙的连接进行目标内网访问的网络质量。In the embodiment of this application, after receiving the planned itinerary information for access to the target intranet sent by the mobile wireless access device, the intranet firewall distribution device selects from multiple intranet firewalls deployed for the target intranet according to the planned itinerary information , Determine the first intranet firewall assigned to the mobile wireless access device when the mobile wireless access device reaches the planned trip node, and determine the mobile wireless access device's access device status information according to the mobile wireless access device When the access device meets the itinerary node condition corresponding to the planned itinerary node in the planned itinerary information, the first IP address of the first intranet firewall is sent to the mobile wireless access device, so that the mobile wireless access device is connected to the mobile wireless access device according to the first IP address. The first intranet firewall establishes a connection and disconnects the connection with the second intranet firewall. It realizes the recommendation to the mobile wireless access device to switch the connected intranet firewall according to the planned itinerary information of the mobile wireless access device, ensuring that the user uses the user terminal to access the target intranet through the connection between the mobile wireless access device and the intranet firewall Network quality.
参见图3,图3为本申请实施例提供的另一种网络连接方法的系统交互示意图,如图所示,所述方法可以包括:Referring to FIG. 3, FIG. 3 is a schematic diagram of system interaction of another network connection method provided by an embodiment of the application. As shown in the figure, the method may include:
S301,移动无线接入设备向内网防火墙分配设备发送对目标内网进行访问的计划行程信息。S301: The mobile wireless access device sends the planned itinerary information for accessing the target intranet to the intranet firewall distribution device.
S302,所述内网防火墙分配设备根据所述计划行程信息从针对所述目标内网部署的多个内网防火墙中,确定在所述移动无线接入设备到达所述计划行程节点的情况下为所述移动无线接入设备分配的第一内网防火墙。S302. The intranet firewall distribution device determines from the multiple intranet firewalls deployed for the target intranet according to the planned itinerary information that when the mobile wireless access device reaches the planned itinerary node The first intranet firewall allocated by the mobile wireless access device.
步骤S301和步骤S302的具体实现方式参阅图2对应的实施例中步骤S201和步骤S202的具体实现方式,此处不再赘述。For the specific implementation of step S301 and step S302, please refer to the specific implementation of step S201 and step S202 in the embodiment corresponding to FIG. 2, which will not be repeated here.
S303,所述移动无线接入设备在从所述计划行程节点的计划行程时间前的预设时间至所述计划行程节点的计划行程时间之间,获取所述移动无线接入设备的实时行程地点。S303. The mobile wireless access device acquires the real-time travel location of the mobile wireless access device from a preset time before the planned travel time of the planned travel node to the planned travel time of the planned travel node .
例如,所述计划行程节点的行程信息为北京时间2019年2月3日15点到达北京西站,所述预设时间为北京时间2019年2月3日14点30分,所述预设所述移动无线接入设备从北京时间2019年2月3日14点30分起,至北京时间2019年2月3日15点之间,通过定位技术获取自身的实时行程地点。For example, the itinerary information of the planned itinerary node is the arrival at Beijing West Railway Station at 15:00 on February 3, 2019 Beijing time, the preset time is 14:30 on February 3, 2019 Beijing time, and the preset location The mobile wireless access device mentioned above will obtain its real-time travel location through positioning technology from 14:30 on February 3, 2019 Beijing time to 15:00 on February 3, 2019 Beijing time.
S304,所述移动无线接入设备在根据所述实时行程地点确定所述移动无线接入设备到达所述计划行程节点对应的计划行程地点时,向所述内网防火墙分配设备发送地点到达信息。S304: The mobile wireless access device sends location arrival information to the intranet firewall distribution device when it is determined according to the real-time travel location that the mobile wireless access device arrives at the planned travel location corresponding to the planned travel node.
这里,所述移动无线接入设备确定自身到达所述计划行程节点对应的计划行程地点包括:一种可选的方式为所述移动无线接入设备确定所述实际行程地点与所述计划行程地点一致,另一种可选的方式为所述移动无线接入设备确定所述实际行程地点与所述计划行程地点的距离小于预设的距离阈值。Here, determining that the mobile wireless access device itself arrives at the planned travel location corresponding to the planned travel node includes: an optional method for the mobile wireless access device to determine the actual travel location and the planned travel location Consistent, another optional way is for the mobile wireless access device to determine that the distance between the actual travel location and the planned travel location is less than a preset distance threshold.
S305,所述内网防火墙分配设备根据所述地点到达信息向所述移动无线接入设备发送所述第一内网防火墙的第一IP地址。S305: The intranet firewall allocation device sends the first IP address of the first intranet firewall to the mobile wireless access device according to the location arrival information.
S306,所述移动无线接入设备根据所述第一IP地址与所述第一内网防火墙建立连接。S306: The mobile wireless access device establishes a connection with the first intranet firewall according to the first IP address.
S307,所述移动无线接入设备断开与第二内网防火墙的连接。S307: The mobile wireless access device disconnects from the second intranet firewall.
步骤S307之后,所述移动无线接入设备在接收到与所述移动无线接入设备相连接的用户终端发送的针对目标内网的内网访问请求时,通过与所述第一内网防火墙的连接为所述用户终端提供访问目标内网的服务,具体实现方式可以参阅图2对应的实施例中步骤S206~步骤S211的实现方式,此处不再赘述。After step S307, when the mobile wireless access device receives the intranet access request for the target intranet sent by the user terminal connected to the mobile wireless access device, it passes through the connection with the first intranet firewall. The connection provides the user terminal with a service to access the target intranet. For a specific implementation manner, please refer to the implementation manner of step S206 to step S211 in the embodiment corresponding to FIG. 2, which will not be repeated here.
本申请实施例中,内网防火墙分配设备在接收到移动无线接入设备发送的对目标内网进行访问的计划行程信息后,根据所述计划行程信息从针对所述目标内网部署的多个内网防火墙中,确定在所述移动无线接入设备到达所述计划行程节点的情况下为所述移动无线接入设备分配的第一内网防火墙,所述移动无线接入设备对自身的实际行程地点进行监控,在根据自身的实际行程地点确定自身到达所述计划行程信息的计划行程节点对应的计划行程地点时,向所述内网防火墙分配设备发送地点到达信息,以请求所述内网防火墙分配设备向所述移动无线接入设备发送所述第一内网防火墙的第一IP地址后,所述移动无线接入设备根据所述第一IP地址进行所连接的内网防火墙的切换。确保了在移动无线接入设备一到达所述计划行程信息的计划行程节点对应的计划行程地点,就进行所连接的内网防火墙的切换,保证了内网防火墙切换的及时性和有效性。In the embodiment of the present application, after receiving the planned itinerary information for accessing the target intranet sent by the mobile wireless access device, the intranet firewall distribution device uses the planned itinerary information from a plurality of devices deployed for the target intranet. In the internal network firewall, it is determined that the first internal network firewall allocated to the mobile wireless access device when the mobile wireless access device arrives at the planned trip node, and the mobile wireless access device is The itinerary location is monitored, and when it is determined according to its actual itinerary location that it arrives at the planned itinerary location corresponding to the planned itinerary node of the planned itinerary information, the location arrival information is sent to the intranet firewall distribution device to request the intranet After the firewall allocation device sends the first IP address of the first intranet firewall to the mobile wireless access device, the mobile wireless access device switches the connected intranet firewall according to the first IP address. It is ensured that as soon as the mobile wireless access device arrives at the planned itinerary location corresponding to the planned itinerary node of the planned itinerary information, the connected intranet firewall is switched, which ensures the timeliness and effectiveness of the intranet firewall switching.
参见图4,图4为本申请实施例提供的一种移动无线接入设备的结构示意图,如图所示,所述移动无线接入设备40至少可以包括行程发送单元401、地址接收单元402和防火墙连接单元403,其中:Referring to Figure 4, Figure 4 is a schematic structural diagram of a mobile wireless access device provided by an embodiment of the application. As shown in the figure, the mobile wireless access device 40 may at least include a itinerary sending unit 401, an address receiving unit 402, and The firewall connection unit 403, where:
行程发送单元401,用于向内网防火墙分配设备发送对目标内网进行访问的计划行程信息,以使所述内网防火墙分配设备根据所述计划行程信息从针对所述目标内网部署的多个内网防火墙中确定出第一内网防火墙,所述第一内网防火墙为所述移动无线接入设备在到达所述计划行程节点的情况下匹配的内网防火墙,其中,所述计划行程信息包括所述移动无线接入设备的至少一个计划行程节点的行程信息,所述计划行程节点的行程信息包含计划行程时间及其对应的计划行程地点。The itinerary sending unit 401 is configured to send the planned itinerary information for accessing the target intranet to the intranet firewall distribution device, so that the intranet firewall distribution device selects the planned itinerary for the target intranet according to the planned itinerary information. A first intranet firewall is determined among the three intranet firewalls, and the first intranet firewall is an intranet firewall that matches when the mobile wireless access device reaches the planned trip node, wherein the planned trip The information includes travel information of at least one planned travel node of the mobile wireless access device, and the travel information of the planned travel node includes the planned travel time and the corresponding planned travel location.
地址接收单元402,用于接收所述第一内网防火墙的第一IP地址,所述第一IP地址为所述内网防火墙分配设备在根据所述移动无线接入设备的接入设备状态信息,确定所述移动无线接入设备满足所述计划行程信息中计划行程节点对应的行程节点条件时向所述移动无线接入设备发送的。The address receiving unit 402 is configured to receive a first IP address of the first intranet firewall, where the first IP address is that the intranet firewall allocation device is in accordance with the access device status information of the mobile wireless access device When it is determined that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information to the mobile wireless access device.
防火墙连接单元403,用于根据所述第一IP地址向所述第一内网防火墙发送防火墙连接请求,以使所述第一内网防火墙根据所述防火墙连接请求与所述移动无线接入设备建立连接。The firewall connection unit 403 is configured to send a firewall connection request to the first intranet firewall according to the first IP address, so that the first intranet firewall communicates with the mobile wireless access device according to the firewall connection request establish connection.
所述防火墙连接单元403,还用于断开与第二内网防火墙的连接,所述第二内网防火墙为所述移动无线接入设备在向所述内网防火墙分配设备发送所述计划行程信息之前,所述内网防火墙分配设备根据所述移动无线接入设备发送的针对所述目标内网的内网连接请求,从针对所述目标内网部署的多个内网防火墙中确定的所述移动无线接入设备匹配的防火墙。The firewall connection unit 403 is further configured to disconnect the connection with a second intranet firewall for the mobile wireless access device when sending the planned itinerary to the intranet firewall distribution device Before the information, the intranet firewall distribution device determines all the intranet firewalls from the multiple intranet firewalls deployed for the target intranet according to the intranet connection request sent by the mobile wireless access device for the target intranet. The firewall matches the mobile wireless access equipment.
可选的,所述防火墙连接单元403,具体用于:Optionally, the firewall connection unit 403 is specifically configured to:
获取所述移动无线接入设备的实时行程地点;Acquiring the real-time travel location of the mobile wireless access device;
在根据所述实时行程地点确定所述移动无线接入设备到达所述计划行程节点对应的计划行程地点时,根据所述第一IP地址向所述第一内网防火墙发送防火墙连接请求。When it is determined according to the real-time travel location that the mobile wireless access device arrives at the planned travel location corresponding to the planned travel node, sending a firewall connection request to the first intranet firewall according to the first IP address.
可选的,所述防火墙连接单元403还用于:Optionally, the firewall connection unit 403 is further configured to:
在从所述计划行程节点的计划行程时间前的预设时间至所述计划行程节点的计划行程时间之间,获取所述移动无线接入设备的实时行程地点;Acquiring the real-time travel location of the mobile wireless access device from a preset time before the planned travel time of the planned travel node to the planned travel time of the planned travel node;
在根据所述实时行程地点确定所述移动无线接入设备到达所述计划行程节点对应的计划行程地点时,向所述内网防火墙分配设备发送地点到达信息,以使所述内网防火墙分配设备根据所述地点到达信息向所述移动无线接入设备发送所述第一IP地址。When it is determined according to the real-time travel location that the mobile wireless access device arrives at the planned travel location corresponding to the planned travel node, the location arrival information is sent to the intranet firewall distribution device so that the intranet firewall distribution device Sending the first IP address to the mobile wireless access device according to the location arrival information.
可选的,所述行程发送单元401还用于:Optionally, the itinerary sending unit 401 is further configured to:
接收用户终端发送的对目标内网进行访问的计划行程信息,所述计划行程信息为所述用户终端从所述用户终端中存储的用户信息中提取后发送给所述移动无线接入设备的。Receiving planned itinerary information for accessing the target intranet sent by the user terminal, where the planned itinerary information is extracted by the user terminal from user information stored in the user terminal and sent to the mobile wireless access device.
具体实现中,所述移动无线接入设备可以通过其内置的各个功能模块执行如图2至图3的网络连接方法中所述移动无线接入设备执行的各个步骤,具体实施细节可参阅图2至图3对应的实施例中各个步骤的实现细节,此处不再赘述。In specific implementation, the mobile wireless access device can execute various steps performed by the mobile wireless access device in the network connection methods shown in Figures 2 to 3 through its built-in functional modules. For specific implementation details, refer to Figure 2 The implementation details of each step in the embodiment corresponding to FIG. 3 will not be repeated here.
本申请实施例中,内网防火墙分配设备在接收到行程发送单元发送的针对目标内网进行访问的计划行程信息后,根据计划行程信息从针对目标内网部署的多个内网防火墙中,确定在移动无线接入设备到达所述计划行程节点的情况下为所述移动无线接入设备分配的第一内网防火墙,并在根据移动无线接入设备的接入设备状态信息确定移动无线接入设备满足计划行程信息中计划行程节点对应的行程节点条件时,将第一内网防火墙的第一IP地址发送给地址接收单元,以使防火墙连接单元根据第一IP地址与第一内网防火墙建立连接,并断开与第二内网防火墙的连接后,通过消息传输单元为与移动无线接入设备相连的用户终端提供访问目标内网中的内网服务器的服务。实现了根据移动无线接入设备的计划行程信息向移动无线接入设备推荐切换所连接的内网防火墙,保证了用户使用用户终端通过移动无线接入设备与内网防火墙的连接进行目标内网访问的网络质量。In the embodiment of the application, after receiving the planned itinerary information for access to the target intranet sent by the itinerary sending unit, the intranet firewall distribution device determines from the multiple intranet firewalls deployed for the target intranet according to the planned itinerary information The first intranet firewall allocated to the mobile wireless access device when the mobile wireless access device arrives at the planned trip node, and determines the mobile wireless access based on the access device status information of the mobile wireless access device When the device satisfies the itinerary node condition corresponding to the planned itinerary node in the planned itinerary information, it sends the first IP address of the first intranet firewall to the address receiving unit, so that the firewall connection unit establishes with the first intranet firewall according to the first IP address After connecting and disconnecting from the second intranet firewall, the message transmission unit provides the user terminal connected to the mobile wireless access device with the service of accessing the intranet server in the target intranet. It realizes the recommendation to the mobile wireless access device to switch the connected intranet firewall according to the planned itinerary information of the mobile wireless access device, ensuring that the user uses the user terminal to access the target intranet through the connection between the mobile wireless access device and the intranet firewall Network quality.
参见图5,图5为本申请实施例提供的一种内网防火墙分配设备的结构示意图,如图所示,所述防火墙分配设备50至少可以包括行程信息获取单元501、第一内网防火墙确定单元502和IP地址发送单元503,其中:Referring to FIG. 5, FIG. 5 is a schematic structural diagram of an intranet firewall distribution device provided by an embodiment of the application. As shown in the figure, the firewall distribution device 50 may at least include an itinerary information acquisition unit 501 and a first intranet firewall determination Unit 502 and IP address sending unit 503, where:
行程信息获取单元501,用于获取移动无线接入设备对目标内网进行访问的计划行程信息,所述计划行程信息包括所述移动无线接入设备的至少一个计划行程节点的行程信息,其中,所述计划行程节点的行程信息包含计划行程时间及其对应的计划行程地点;The itinerary information acquiring unit 501 is configured to acquire planned itinerary information for a mobile wireless access device to access a target intranet, where the planned itinerary information includes itinerary information of at least one planned itinerary node of the mobile wireless access device, where: The itinerary information of the planned itinerary node includes the planned travel time and the corresponding planned travel location;
第一内网防火墙确定单元502,用于根据所述计划行程信息,从针对所述目标内网部署的多个内网防火墙中确定出第一内网防火墙,其中,所述第一内网防火墙为所述移动无线接入设备在到达所述计划行程节点的情况下匹配的内网防火墙;The first intranet firewall determining unit 502 is configured to determine a first intranet firewall from a plurality of intranet firewalls deployed for the target intranet according to the planned itinerary information, wherein the first intranet firewall Is an intranet firewall matched by the mobile wireless access device when it reaches the planned trip node;
IP地址发送单元503,用于在根据所述移动无线接入设备的接入设备状态信息,确定所述移动无线接入设备满足所述计划行程信息中计划行程节点对应的行程节点条件时,将所述第一内网防火墙的第一IP地址发送给所述移动无线接入设备,以使所述移动无线接入设备根据所述第一IP地址与所述第一内网防火墙建立连接,并断开与第二内网防火墙的连接,所述第二内网防火墙为所述内网防火墙分配设备在获取移动无线接入设备的计划行程信息之前,根据所述移动无线接入设备发送的针对所述目标内网的内网访问请求,从针对所述目标内网部署的多个内网防火墙中确定出的所述移动无线接入设备匹配的内网防火墙。The IP address sending unit 503 is configured to: when it is determined that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information according to the access device status information of the mobile wireless access device, The first IP address of the first intranet firewall is sent to the mobile wireless access device, so that the mobile wireless access device establishes a connection with the first intranet firewall according to the first IP address, and Disconnect the connection with the second intranet firewall. The second intranet firewall assigns the device to the intranet firewall before acquiring the planned itinerary information of the mobile wireless access device, according to the target information sent by the mobile wireless access device. The intranet access request of the target intranet is an intranet firewall matched by the mobile wireless access device determined from a plurality of intranet firewalls deployed for the target intranet.
可选的,所述第一内网防火墙确定单元502具体用于:将针对所述目标内网部署的多个内网防火墙中,与所述计划行程节点的行程信息中的计划行程地点距离最近的内网防火墙确定为所述第一内网防火墙。Optionally, the first intranet firewall determining unit 502 is specifically configured to: among the multiple intranet firewalls deployed for the target intranet, the distance to the planned travel location in the itinerary information of the planned travel node is the closest The internal firewall of is determined to be the first internal firewall.
可选的,所述计划行程信息还包括所述移动无线接入设备计划在所述计划行程地点的停留时段;所述第一内网防火墙确定单元502具体用于:获取针对所述目标内网部署的各个内网防火墙的低负载时段;将针对所述目标内网部署的多个内网防火墙中,所述低负载时段与所述停留时段的重叠时段最长的内网防火墙,确定为所述第一内网防火墙。Optionally, the planned itinerary information further includes the planned stay period of the mobile wireless access device at the planned itinerary location; the first intranet firewall determining unit 502 is specifically configured to: obtain information specific to the target intranet The low load period of each intranet firewall deployed; among the multiple intranet firewalls deployed for the target intranet, the intranet firewall with the longest overlap period between the low load period and the stay period is determined as the Describe the first intranet firewall.
可选的,所述接入设备状态信息包含所述移动无线接入设备当前的实际行程地点;所述IP地址发送单元503,具体用于:在确定所述实际行程地点与所述计划行程节点中的计划行程地点之间的距离小于预设距离阈值时,确定所述移动无线接入设备满足所述计划行程信息中计划行程节点对应的行程节点条件。Optionally, the access device status information includes the current actual travel location of the mobile wireless access device; the IP address sending unit 503 is specifically configured to: determine the actual travel location and the planned travel node When the distance between the planned travel locations in is less than the preset distance threshold, it is determined that the mobile wireless access device meets the travel node condition corresponding to the planned travel node in the planned travel information.
可选的,所述接入设备状态信息包含所述移动无线接入设备当前的实际行程时间;所述IP地址发送单元503,具体用于:在确定所述实际行程时间与所述计划行程节点中的计划行程时间一致时,确定所述移动无线接入设备满足所述计划行程信息中计划行程节点对应的行程节点条件。Optionally, the access device status information includes the current actual travel time of the mobile wireless access device; the IP address sending unit 503 is specifically configured to: determine the actual travel time and the planned travel node When the planned travel time in the, it is determined that the mobile wireless access device meets the travel node condition corresponding to the planned travel node in the planned travel information.
具体实现中,所述内网防火墙分配设备可以通过其内置的各个功能模块执行如图2至图3的网络连接方法中所述内网防火墙分配设备执行的各个步骤,具体实施细节可参阅图2至图3对应的实施例中各个步骤的实现细节,此处不再赘述。In specific implementation, the intranet firewall distribution device can execute the steps performed by the intranet firewall distribution device described in the network connection method shown in Figures 2 to 3 through its built-in functional modules. For specific implementation details, please refer to Figure 2. The implementation details of each step in the embodiment corresponding to FIG. 3 will not be repeated here.
本申请实施例中,行程信息获取单元在接收到移动无线接入设备发送的针对目标内网进行访问的计划行程信息后,第一内网防火墙确定单元根据计划行程信息从针对目标内网部署的多个内网防火墙中,确定在移动无线接入设备到达所述计划行程节点的情况下为所述移动无线接入设备分配的第一内网防火墙,IP地址发送单元在根据移动无线接入设备的接入设备状态信息确定移动无线接入设备满足计划行程信息中计划行程节点对应的行程节点条件时,将第一内网防火墙的第一IP地址发送给移动无线接入设备,以使移动无线接入设备根据第一IP地址与第一内网防火墙建立连接,并断开与第二内网防火墙的连接。实现了根据移动无线接入设备的计划行程信息向移动无线接入设备推荐切换所连接的内网防火墙,保证了用户使用用户终端通过移动无线接入设备与内网防火墙的连接进行目标内网访问的网络质量。In the embodiment of the present application, after the itinerary information acquiring unit receives the planned itinerary information for access to the target intranet sent by the mobile wireless access device, the first intranet firewall determination unit determines from the planned itinerary information from the target intranet deployed Among the multiple intranet firewalls, it is determined that the first intranet firewall allocated to the mobile wireless access device when the mobile wireless access device reaches the planned itinerary node, and the IP address sending unit is based on the mobile wireless access device When the status information of the access device determines that the mobile wireless access device meets the travel node conditions corresponding to the planned travel node in the planned travel information, the first IP address of the first intranet firewall is sent to the mobile wireless access device, so that the mobile wireless access device The access device establishes a connection with the first intranet firewall according to the first IP address, and disconnects the connection with the second intranet firewall. It realizes the recommendation to the mobile wireless access device to switch the connected intranet firewall according to the planned itinerary information of the mobile wireless access device, ensuring that the user uses the user terminal to access the target intranet through the connection between the mobile wireless access device and the intranet firewall Network quality.
参见图6,图6为本申请实施例提供的另一种移动无线接入设备的结构示意图,如图所示,所述业务数据的转移装置60包括处理器601、存储器602以及通信接口603。处理器601连接到存储器602和通信接口603,例如处理器601可以通过总线连接到存储器602和通信接口603。Referring to FIG. 6, FIG. 6 is a schematic structural diagram of another mobile wireless access device provided by an embodiment of the application. As shown in the figure, the service data transfer apparatus 60 includes a processor 601, a memory 602, and a communication interface 603. The processor 601 is connected to the memory 602 and the communication interface 603. For example, the processor 601 may be connected to the memory 602 and the communication interface 603 through a bus.
处理器601被配置为支持所述移动无线接入设备执行图2-图3所述的网络连接方法中相应的功能。该处理器601可以是中央处理器(Central Processing Unit,CPU),网络处理器(Network Processor,NP),硬件芯片或者其任意组合。上述硬件芯片可以是专用集成电路(Application-Specific Integrated Circuit,ASIC),可编程逻辑器件(Programmable Logic Device,PLD)或其组合。上述PLD可以是复杂可编程逻辑器件(Complex Programmable Logic Device,CPLD),现场可编程逻辑门阵列(Field-Programmable Gate Array,FPGA),通用阵列逻辑(Generic Array Logic,GAL)或其任意组合。The processor 601 is configured to support the mobile wireless access device to perform corresponding functions in the network connection methods described in FIGS. 2 to 3. The processor 601 may be a central processing unit (Central Processing Unit, CPU), a network processor (Network Processor, NP), a hardware chip, or any combination thereof. The foregoing hardware chip may be an application-specific integrated circuit (ASIC), a programmable logic device (Programmable Logic Device, PLD), or a combination thereof. The aforementioned PLD may be a complex programmable logic device (Complex Programmable Logic Device, CPLD), a field programmable logic gate array (Field-Programmable Gate Array, FPGA), a general array logic (Generic Array Logic, GAL) or any combination thereof.
存储器602用于存储程序代码等。存储器602包括内部存储器,内部存储器可以包括以下至少一项:易失性存储器(例如动态随机存取存储器(DRAM)、静态RAM(SRAM)、同步动态RAM(SDRAM)等)和非易失性存储器(例如一次性可编程只读存储器(OTPROM)、可编程ROM(PROM)、可擦除可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)。存储器602还可以包括外部存储器,外部存储器可以包括以下至少一项:硬盘(Hard Disk Drive,HDD)或固态硬盘(Solid-State Drive,SSD)、闪驱,例如高密度闪存(CF)、安全数字(SD)、微型SD、迷你型SD、极限数字(xD)、存储棒等。The memory 602 is used to store program codes and the like. The memory 602 includes internal memory, which may include at least one of the following: volatile memory (such as dynamic random access memory (DRAM), static RAM (SRAM), synchronous dynamic RAM (SDRAM), etc.) and non-volatile memory (For example, one-time programmable read-only memory (OTPROM), programmable ROM (PROM), erasable programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM). The memory 602 may also include external memory, external The memory may include at least one of the following: Hard Disk Drive (HDD) or Solid-State Drive (SSD), flash drive, such as high-density flash (CF), secure digital (SD), micro SD, mini type SD, limit number (xD), memory stick, etc.
所述通信接口603用于接收或发送数据。The communication interface 603 is used to receive or send data.
处理器601可以调用所述程序代码以执行以下操作:The processor 601 may call the program code to perform the following operations:
内网防火墙分配设备获取移动无线接入设备对目标内网进行访问的计划行程信息,所述计划行程信息包括所述移动无线接入设备的至少一个计划行程节点的行程信息,其中,所述计划行程节点的行程信息包含计划行程时间及其对应的计划行程地点;The intranet firewall distribution device obtains the planned itinerary information for the mobile wireless access device to access the target intranet, where the planned itinerary information includes the itinerary information of at least one planned itinerary node of the mobile wireless access device, wherein the plan The itinerary information of the itinerary node includes the planned travel time and the corresponding planned travel location;
所述内网防火墙分配设备根据所述计划行程信息,从针对所述目标内网部署的多个内网防火墙中确定出第一内网防火墙,其中,所述第一内网防火墙为所述移动无线接入设备在到达所述计划行程节点的情况下匹配的内网防火墙;The intranet firewall distribution device determines a first intranet firewall from a plurality of intranet firewalls deployed for the target intranet according to the planned itinerary information, where the first intranet firewall is the mobile An intranet firewall matched by the wireless access device when it reaches the planned trip node;
所述内网防火墙分配设备在根据所述移动无线接入设备的接入设备状态信息,确定所述移动无线接入设备满足所述计划行程信息中计划行程节点对应的行程节点条件时,将所述第一内网防火墙的第一IP地址发送给所述移动无线接入设备,以使所述移动无线接入设备根据所述第一IP地址与所述第一内网防火墙建立连接,并断开与第二内网防火墙的连接,所述第二内网防火墙为所述内网防火墙分配设备在获取移动无线接入设备的计划行程信息之前,根据所述移动无线接入设备发送的针对所述目标内网的内网访问请求,从针对所述目标内网部署的多个内网防火墙中确定出的所述移动无线接入设备匹配的内网防火墙。When the intranet firewall distribution device determines that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information according to the access device status information of the mobile wireless access device, The first IP address of the first intranet firewall is sent to the mobile wireless access device, so that the mobile wireless access device establishes a connection with the first intranet firewall according to the first IP address, and disconnects Open the connection with the second intranet firewall, which is the distribution device for the intranet firewall before obtaining the planned itinerary information of the mobile wireless access device according to the information sent by the mobile wireless access device. For the intranet access request of the target intranet, the intranet firewall matched by the mobile wireless access device is determined from a plurality of intranet firewalls deployed for the target intranet.
需要说明的是,各个操作的实现还可以对应参照图2-图3所示的方法实施例的相应描述;所述处理器601还可以用于执行上述方法实施例中的其他操作。It should be noted that the implementation of each operation may also correspond to the corresponding description of the method embodiment shown in FIG. 2 to FIG. 3; the processor 601 may also be used to perform other operations in the above method embodiment.
本申请实施例还提供一种计算机非易失性可读存储介质,所述计算机非易失性可读存储介质存储有计算机程序,所述计算机程序包括程序指令,所述程序指令当被计算机执行时使所述计算机执行如前述实施例所述的方法,所述计算机可以为上述提到的内网防火墙分配设备或移动无线接入设备的一部分。The embodiments of the present application also provide a computer non-volatile readable storage medium, the computer non-volatile readable storage medium stores a computer program, the computer program includes program instructions, and the program instructions are executed by a computer. When the computer is caused to execute the method described in the foregoing embodiment, the computer may be a part of the aforementioned intranet firewall distribution device or mobile wireless access device.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,所述的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)或随机存储记忆体(Random Access Memory,RAM)等。A person of ordinary skill in the art can understand that all or part of the processes in the above-mentioned embodiment methods can be implemented by instructing relevant hardware through a computer program. The program can be stored in a computer readable storage medium. During execution, it may include the procedures of the above-mentioned method embodiments. Wherein, the storage medium may be a magnetic disk, an optical disc, a read-only memory (Read-Only Memory, ROM), or a random access memory (Random Access Memory, RAM), etc.
以上所揭露的仅为本申请较佳实施例而已,当然不能以此来限定本申请之权利范围,因此依本申请权利要求所作的等同变化,仍属本申请所涵盖的范围。The above-disclosed are only preferred embodiments of this application, and of course the scope of rights of this application cannot be limited by this. Therefore, equivalent changes made according to the claims of this application still fall within the scope of this application.

Claims (20)

  1. 一种网络连接方法,其特征在于,包括:A network connection method, characterized by comprising:
    内网防火墙分配设备获取移动无线接入设备对目标内网进行访问的计划行程信息,所述计划行程信息包括所述移动无线接入设备的至少一个计划行程节点的行程信息,其中,所述计划行程节点的行程信息包含计划行程时间及其对应的计划行程地点;The intranet firewall distribution device obtains the planned itinerary information for the mobile wireless access device to access the target intranet, where the planned itinerary information includes the itinerary information of at least one planned itinerary node of the mobile wireless access device, wherein the plan The itinerary information of the itinerary node includes the planned travel time and the corresponding planned travel location;
    所述内网防火墙分配设备根据所述计划行程信息,从针对所述目标内网部署的多个内网防火墙中确定出第一内网防火墙,其中,所述第一内网防火墙为所述移动无线接入设备在到达所述计划行程节点的情况下匹配的内网防火墙;The intranet firewall distribution device determines a first intranet firewall from a plurality of intranet firewalls deployed for the target intranet according to the planned itinerary information, where the first intranet firewall is the mobile An intranet firewall matched by the wireless access device when it reaches the planned trip node;
    所述内网防火墙分配设备在根据所述移动无线接入设备的接入设备状态信息,确定所述移动无线接入设备满足所述计划行程信息中计划行程节点对应的行程节点条件时,将所述第一内网防火墙的第一IP地址发送给所述移动无线接入设备,以使所述移动无线接入设备根据所述第一IP地址与所述第一内网防火墙建立连接,并断开与第二内网防火墙的连接,所述第二内网防火墙为所述内网防火墙分配设备在获取移动无线接入设备的计划行程信息之前,根据所述移动无线接入设备发送的针对所述目标内网的内网访问请求,从针对所述目标内网部署的多个内网防火墙中确定出的所述移动无线接入设备匹配的内网防火墙。When the intranet firewall distribution device determines that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information according to the access device status information of the mobile wireless access device, The first IP address of the first intranet firewall is sent to the mobile wireless access device, so that the mobile wireless access device establishes a connection with the first intranet firewall according to the first IP address, and disconnects Open the connection with the second intranet firewall, which is for the intranet firewall distribution device to obtain the planned itinerary information of the mobile wireless access device according to the information sent by the mobile wireless access device. For the intranet access request of the target intranet, the intranet firewall matched by the mobile wireless access device is determined from a plurality of intranet firewalls deployed for the target intranet.
  2. 如权利要求1所述的方法,其特征在于,所述内网防火墙分配设备根据所述计划行程信息,从针对所述目标内网部署的多个内网防火墙中确定出第一内网防火墙包括:The method according to claim 1, wherein the intranet firewall distribution device determines that the first intranet firewall from a plurality of intranet firewalls deployed for the target intranet according to the planned itinerary information includes :
    所述内网防火墙分配设备将针对所述目标内网部署的多个内网防火墙中,与所述计划行程节点的行程信息中的计划行程地点距离最近的内网防火墙确定为所述第一内网防火墙。The intranet firewall distribution device determines the intranet firewall that is closest to the planned trip location in the itinerary information of the planned trip node among the multiple intranet firewalls deployed for the target intranet as the first intranet Net firewall.
  3. 如权利要求1所述的方法,其特征在于,所述计划行程信息还包括所述移动无线接入设备计划在所述计划行程地点的停留时段;The method according to claim 1, wherein the planned itinerary information further comprises the planned stay period of the mobile wireless access device at the planned itinerary location;
    所述内网防火墙分配设备根据所述计划行程信息,从针对所述目标内网部署的多个内网防火墙中确定出第一内网防火墙包括:According to the planned itinerary information, the intranet firewall distribution device determines that the first intranet firewall includes:
    所述内网防火墙分配设备获取针对所述目标内网部署的各个内网防火墙的低负载时段;Acquiring, by the intranet firewall distribution device, the low load period of each intranet firewall deployed for the target intranet;
    所述内网防火墙分配设备将针对所述目标内网部署的多个内网防火墙中,所述低负载时段与所述停留时段的重叠时段最长的内网防火墙,确定为所述第一内网防火墙。The intranet firewall distribution device determines, among the multiple intranet firewalls deployed for the target intranet, the intranet firewall with the longest overlap period of the low load period and the stay period as the first intranet Net firewall.
  4. 如权利要求1~3中任一所述的方法,其特征在于,所述接入设备状态信息包含所述移动无线接入设备当前的实际行程地点;The method according to any one of claims 1 to 3, wherein the access device status information includes the current actual travel location of the mobile wireless access device;
    所述内网防火墙分配设备根据所述移动无线接入设备的接入设备状态信息,确定所述移动无线接入设备满足所述计划行程信息中计划行程节点对应的行程节点条件包括:According to the access device status information of the mobile wireless access device, the intranet firewall distribution device determining that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information includes:
    所述内网防火墙分配设备在确定所述实际行程地点与所述计划行程节点中的计划行程地点之间的距离小于预设距离阈值时,确定所述移动无线接入设备满足所述计划行程信息中计划行程节点对应的行程节点条件。When determining that the distance between the actual travel location and the planned travel location in the planned travel node is less than a preset distance threshold, the intranet firewall distribution device determines that the mobile wireless access device satisfies the planned travel information Itinerary node conditions corresponding to the planned itinerary node.
  5. 如权利要求1~3中任一所述的方法,其特征在于,所述接入设备状态信息包含所述移动无线接入设备当前的实际行程时间;The method according to any one of claims 1 to 3, wherein the access device status information includes the current actual travel time of the mobile wireless access device;
    所述内网防火墙分配设备根据所述移动无线接入设备的接入设备状态信息,确定所述移动无线接入设备满足所述计划行程信息中计划行程节点对应的行程节点条件包括:According to the access device status information of the mobile wireless access device, the intranet firewall distribution device determining that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information includes:
    所述内网防火墙分配设备在确定所述实际行程时间与所述计划行程节点中的计划行程时间一致时,确定所述移动无线接入设备满足所述计划行程信息中计划行程节点对应的行程节点条件。When determining that the actual travel time is consistent with the planned travel time in the planned travel node, the intranet firewall distribution device determines that the mobile wireless access device satisfies the travel node corresponding to the planned travel node in the planned travel information condition.
  6. 一种网络连接方法,其特征在于,包括:A network connection method, characterized by comprising:
    移动无线接入设备向内网防火墙分配设备发送对目标内网进行访问的计划行程信息,以使所述内网防火墙分配设备根据所述计划行程信息从针对所述目标内网部署的多个内网防火墙中确定出第一内网防火墙,所述第一内网防火墙为所述移动无线接入设备在到达所述计划行程节点的情况下匹配的内网防火墙,其中,所述计划行程信息包括所述移动无线接入设备的至少一个计划行程节点的行程信息,所述计划行程节点的行程信息包含计划行程时间及其对应的计划行程地点;The mobile wireless access device sends the planned itinerary information for accessing the target intranet to the intranet firewall distribution device, so that the intranet firewall distribution device selects from multiple intranets deployed for the target intranet according to the planned itinerary information. A first intranet firewall is determined in the network firewall, and the first intranet firewall is an intranet firewall that matches when the mobile wireless access device reaches the planned itinerary node, wherein the planned itinerary information includes Travel information of at least one planned travel node of the mobile wireless access device, where the travel information of the planned travel node includes the planned travel time and the corresponding planned travel location;
    所述移动无线接入设备接收所述第一内网防火墙的第一IP地址,所述第一IP地址为所述内网防火墙分配设备在根据所述移动无线接入设备的接入设备状态信息,确定所述移动无线接入设备满足所述计划行程信息中计划行程节点对应的行程节点条件时向所述移动无线接入设备发送的;The mobile wireless access device receives the first IP address of the first intranet firewall, where the first IP address is that the intranet firewall assigns the device according to the access device status information of the mobile wireless access device , Sending it to the mobile wireless access device when it is determined that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information;
    所述移动无线接入设备根据所述第一IP地址向所述第一内网防火墙发送防火墙连接请求,以使所述第一内网防火墙根据所述防火墙连接请求与所述移动无线接入设备建立连接;The mobile wireless access device sends a firewall connection request to the first intranet firewall according to the first IP address, so that the first intranet firewall communicates with the mobile wireless access device according to the firewall connection request. establish connection;
    所述移动无线接入设备断开与第二内网防火墙的连接,所述第二内网防火墙为所述移动无线接入设备在向所述内网防火墙分配设备发送所述计划行程信息之前,所述内网防火墙分配设备根据所述移动无线接入设备发送的针对所述目标内网的内网连接请求,从针对所述目标内网部署的多个内网防火墙中确定出的所述移动无线接入设备匹配的防火墙。The mobile wireless access device disconnects from a second intranet firewall, and the second intranet firewall means that before the mobile wireless access device sends the planned itinerary information to the intranet firewall distribution device, According to the intranet connection request for the target intranet sent by the mobile wireless access device, the intranet firewall distribution device determines the mobile from among the multiple intranet firewalls deployed for the target intranet. A firewall that matches the wireless access device.
  7. 如权利要求6所述的方法,其特征在于,所述移动无线接入设备根据所述第一IP地址向所述第一内网防火墙发送防火墙连接请求包括:The method according to claim 6, wherein the mobile wireless access device sending a firewall connection request to the first intranet firewall according to the first IP address comprises:
    所述移动无线接入设备获取所述移动无线接入设备的实时行程地点;Acquiring, by the mobile wireless access device, the real-time travel location of the mobile wireless access device;
    所述移动无线接入设备在根据所述实时行程地点确定所述移动无线接入设备到达所述计划行程节点对应的计划行程地点时,根据所述第一IP地址向所述第一内网防火墙发送防火墙连接请求。When the mobile wireless access device determines according to the real-time travel location that the mobile wireless access device arrives at the planned travel location corresponding to the planned travel node, the mobile wireless access device reports to the first intranet firewall according to the first IP address Send a firewall connection request.
  8. 如权利要求6所述的方法,其特征在于,所述方法还包括:The method of claim 6, wherein the method further comprises:
    所述移动无线接入设备在从所述计划行程节点的计划行程时间前的预设时间至所述计划行程节点的计划行程时间之间,获取所述移动无线接入设备的实时行程地点;The mobile wireless access device acquires the real-time travel location of the mobile wireless access device from a preset time before the planned travel time of the planned travel node to the planned travel time of the planned travel node;
    所述移动无线接入设备在根据所述实时行程地点确定所述移动无线接入设备到达所述计划行程节点对应的计划行程地点时,向所述内网防火墙分配设备发送地点到达信息,以使所述内网防火墙分配设备根据所述地点到达信息向所述移动无线接入设备发送所述第一IP地址。When the mobile wireless access device determines according to the real-time travel location that the mobile wireless access device arrives at the planned travel location corresponding to the planned travel node, it sends location arrival information to the intranet firewall distribution device so that The intranet firewall allocation device sends the first IP address to the mobile wireless access device according to the location arrival information.
  9. 如权利要求6~8中任一所述的方法,其特征在于,所述方法还包括:8. The method according to any one of claims 6 to 8, wherein the method further comprises:
    所述移动无线接入设备接收用户终端发送的对目标内网进行访问的计划行程信息,所述计划行程信息为所述用户终端从所述用户终端中存储的用户信息中提取并发送给所述移动无线接入设备的。The mobile wireless access device receives the planned itinerary information for accessing the target intranet sent by the user terminal, where the planned itinerary information is extracted by the user terminal from the user information stored in the user terminal and sent to the Mobile wireless access equipment.
  10. 一种内网防火墙分配设备,其特征在于,包括:An intranet firewall distribution device is characterized in that it includes:
    行程信息获取单元,用于获取移动无线接入设备对目标内网进行访问的计划行程信息,所述计划行程信息包括所述移动无线接入设备的至少一个计划行程节点的行程信息,其中,所述计划行程节点的行程信息包含计划行程时间及其对应的计划行程地点;The itinerary information acquiring unit is configured to acquire planned itinerary information for the mobile wireless access device to access the target intranet, where the planned itinerary information includes the itinerary information of at least one planned itinerary node of the mobile wireless access device, where all The itinerary information of the planned itinerary node includes the planned travel time and the corresponding planned travel location;
    第一内网防火墙确定单元,用于根据所述计划行程信息,从针对所述目标内网部署的多个内网防火墙中确定出第一内网防火墙,其中,所述第一内网防火墙为所述移动无线接入设备在到达所述计划行程节点的情况下匹配的内网防火墙;The first intranet firewall determining unit is configured to determine a first intranet firewall from a plurality of intranet firewalls deployed for the target intranet according to the planned itinerary information, where the first intranet firewall is An intranet firewall that matches when the mobile wireless access device reaches the planned trip node;
    IP地址发送单元,用于在根据所述移动无线接入设备的接入设备状态信息,确定所述移动无线接入设备满足所述计划行程信息中计划行程节点对应的行程节点条件时,将所述第一内网防火墙的第一IP地址发送给所述移动无线接入设备,以使所述移动无线接入设备根据所述第一IP地址与所述第一内网防火墙建立连接,并断开与第二内网防火墙的连接,所述第二内网防火墙为所述内网防火墙分配设备在获取移动无线接入设备的计划行程信息之前,根据所述移动无线接入设备发送的针对所述目标内网的内网访问请求,从针对所述目标内网部署的多个内网防火墙中确定出的所述移动无线接入设备匹配的内网防火墙。The IP address sending unit is configured to, according to the access device status information of the mobile wireless access device, determine that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information, and set all The first IP address of the first intranet firewall is sent to the mobile wireless access device, so that the mobile wireless access device establishes a connection with the first intranet firewall according to the first IP address, and disconnects Open the connection with the second intranet firewall, which is for the intranet firewall distribution device to obtain the planned itinerary information of the mobile wireless access device according to the information sent by the mobile wireless access device. For the intranet access request of the target intranet, the intranet firewall matched by the mobile wireless access device is determined from a plurality of intranet firewalls deployed for the target intranet.
  11. 如权利要求10所述的设备,其特征在于,所述第一内网防火墙确定单元具体用于:The device according to claim 10, wherein the first intranet firewall determining unit is specifically configured to:
    将针对所述目标内网部署的多个内网防火墙中,与所述计划行程节点的行程信息中的计划行程地点距离最近的内网防火墙确定为所述第一内网防火墙。Among the multiple intranet firewalls deployed for the target intranet, the intranet firewall closest to the planned trip location in the trip information of the planned trip node is determined as the first intranet firewall.
  12. 如权利要求10所述的设备,其特征在于,所述计划行程信息还包括所述移动无线接入设备计划在所述计划行程地点的停留时段;The device according to claim 10, wherein the planned itinerary information further comprises the planned stay period of the mobile wireless access device at the planned itinerary location;
    所述第一内网防火墙确定单元具体用于:The first intranet firewall determining unit is specifically configured to:
    获取针对所述目标内网部署的各个内网防火墙的低负载时段;Acquiring the low load period of each intranet firewall deployed for the target intranet;
    将针对所述目标内网部署的多个内网防火墙中,所述低负载时段与所述停留时段的重叠时段最长的内网防火墙,确定为所述第一内网防火墙。Among the multiple intranet firewalls deployed for the target intranet, the intranet firewall having the longest overlap period of the low load period and the stay period is determined as the first intranet firewall.
  13. 如权利要求10~12任一所述的设备,其特征在于,所述接入设备状态信息包含所述移动无线接入设备当前的实际行程地点;The device according to any one of claims 10-12, wherein the access device status information includes the current actual travel location of the mobile wireless access device;
    所述IP地址发送单元,具体用于:The IP address sending unit is specifically used for:
    在确定所述实际行程地点与所述计划行程节点中的计划行程地点之间的距离小于预设距离阈值时,确定所述移动无线接入设备满足所述计划行程信息中计划行程节点对应的行程节点条件。When it is determined that the distance between the actual travel location and the planned travel location in the planned travel node is less than a preset distance threshold, it is determined that the mobile wireless access device satisfies the travel corresponding to the planned travel node in the planned travel information Node conditions.
  14. 如权利要求10~12任一所述的设备,其特征在于,所述接入设备状态信息包含所述移动无线接入设备当前的实际行程时间;The device according to any one of claims 10-12, wherein the access device status information includes the current actual travel time of the mobile wireless access device;
    所述IP地址发送单元,具体用于:The IP address sending unit is specifically used for:
    在确定所述实际行程时间与所述计划行程节点中的计划行程时间一致时,确定所述移动无线接入设备满足所述计划行程信息中计划行程节点对应的行程节点条件。When it is determined that the actual travel time is consistent with the planned travel time in the planned travel node, it is determined that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information.
  15. 一种移动无线接入设备,其特征在于,包括:A mobile wireless access device, characterized in that it comprises:
    行程发送单元,用于向内网防火墙分配设备发送对目标内网进行访问的计划行程信息,以使所述内网防火墙分配设备根据所述计划行程信息从针对所述目标内网部署的多个内网防火墙中确定出第一内网防火墙,所述第一内网防火墙为所述移动无线接入设备在到达所述计划行程节点的情况下匹配的内网防火墙,其中,所述计划行程信息包括所述移动无线 接入设备的至少一个计划行程节点的行程信息,所述计划行程节点的行程信息包含计划行程时间及其对应的计划行程地点;The itinerary sending unit is configured to send the planned itinerary information for accessing the target intranet to the intranet firewall distribution device, so that the intranet firewall distribution device selects the information about the planned itinerary from a plurality of A first intranet firewall is determined in the intranet firewall, and the first intranet firewall is an intranet firewall that matches when the mobile wireless access device reaches the planned itinerary node, wherein the planned itinerary information Including itinerary information of at least one planned itinerary node of the mobile wireless access device, where the itinerary information of the planned itinerary node includes the planned travel time and the corresponding planned travel location;
    地址接收单元,用于接收所述第一内网防火墙的第一IP地址,所述第一IP地址为所述内网防火墙分配设备在根据所述移动无线接入设备的接入设备状态信息,确定所述移动无线接入设备满足所述计划行程信息中计划行程节点对应的行程节点条件时向所述移动无线接入设备发送的;The address receiving unit is configured to receive a first IP address of the first intranet firewall, where the first IP address is that the intranet firewall allocation device is based on the access device status information of the mobile wireless access device, Sent to the mobile wireless access device when it is determined that the mobile wireless access device satisfies the travel node condition corresponding to the planned travel node in the planned travel information;
    防火墙连接单元,用于根据所述第一IP地址向所述第一内网防火墙发送防火墙连接请求,以使所述第一内网防火墙根据所述防火墙连接请求与所述移动无线接入设备建立连接;The firewall connection unit is configured to send a firewall connection request to the first intranet firewall according to the first IP address, so that the first intranet firewall establishes with the mobile wireless access device according to the firewall connection request connection;
    所述防火墙连接单元,还用于断开与第二内网防火墙的连接,所述第二内网防火墙为所述移动无线接入设备在向所述内网防火墙分配设备发送所述计划行程信息之前,所述内网防火墙分配设备根据所述移动无线接入设备发送的针对所述目标内网的内网连接请求,从针对所述目标内网部署的多个内网防火墙中确定的所述移动无线接入设备匹配的防火墙。The firewall connection unit is further configured to disconnect the connection with a second intranet firewall for the mobile wireless access device sending the planned itinerary information to the intranet firewall distribution device Previously, the intranet firewall allocation device determined the intranet firewall from the multiple intranet firewalls deployed for the target intranet according to the intranet connection request sent by the mobile wireless access device for the target intranet. Mobile wireless access device matching firewall.
  16. 如权利要求15所述的设备,其特征在于,所述防火墙连接单元,具体用于:The device according to claim 15, wherein the firewall connection unit is specifically configured to:
    获取所述移动无线接入设备的实时行程地点;Acquiring the real-time travel location of the mobile wireless access device;
    在根据所述实时行程地点确定所述移动无线接入设备到达所述计划行程节点对应的计划行程地点时,根据所述第一IP地址向所述第一内网防火墙发送防火墙连接请求。When it is determined according to the real-time travel location that the mobile wireless access device arrives at the planned travel location corresponding to the planned travel node, sending a firewall connection request to the first intranet firewall according to the first IP address.
  17. 如权利要求15所述的设备,其特征在于,所述防火墙连接单元还用于:The device according to claim 15, wherein the firewall connection unit is further configured to:
    在从所述计划行程节点的计划行程时间前的预设时间至所述计划行程节点的计划行程时间之间,获取所述移动无线接入设备的实时行程地点;Acquiring the real-time travel location of the mobile wireless access device from a preset time before the planned travel time of the planned travel node to the planned travel time of the planned travel node;
    在根据所述实时行程地点确定所述移动无线接入设备到达所述计划行程节点对应的计划行程地点时,向所述内网防火墙分配设备发送地点到达信息,以使所述内网防火墙分配设备根据所述地点到达信息向所述移动无线接入设备发送所述第一IP地址。When it is determined according to the real-time travel location that the mobile wireless access device arrives at the planned travel location corresponding to the planned travel node, the location arrival information is sent to the intranet firewall distribution device so that the intranet firewall distribution device Sending the first IP address to the mobile wireless access device according to the location arrival information.
  18. 如权利要求15~17任一所述的设备,其特征在于,所述行程发送单元还用于:The device according to any one of claims 15 to 17, wherein the itinerary sending unit is further configured to:
    接收用户终端发送的对目标内网进行访问的计划行程信息,所述计划行程信息为所述用户终端从所述用户终端中存储的用户信息中提取后发送给所述移动无线接入设备的。Receiving planned itinerary information for accessing the target intranet sent by the user terminal, where the planned itinerary information is extracted by the user terminal from user information stored in the user terminal and sent to the mobile wireless access device.
  19. 一种移动无线接入设备,其特征在于,包括处理器、存储器以及通信接口,所述处理器、存储器和通信接口相互连接,其中,所述通信接口用于接收和发送数据,所述存储器用于存储程序代码,所述处理器用于调用所述程序代码,执行如权利要求6-9任一项所述的方法。A mobile wireless access device, which is characterized by comprising a processor, a memory, and a communication interface, the processor, the memory and the communication interface are connected to each other, wherein the communication interface is used for receiving and sending data, and the memory is used for In storing program code, the processor is used to call the program code to execute the method according to any one of claims 6-9.
  20. 一种计算机非易失性可读存储介质,其特征在于,所述计算机非易失性可读存储介质存储有计算机程序,所述计算机程序包括程序指令,所述程序指令当被处理器执行时使所述处理器执行如权利要求1-9任一项所述的方法。A computer nonvolatile readable storage medium, wherein the computer nonvolatile readable storage medium stores a computer program, the computer program includes program instructions, and the program instructions when executed by a processor The processor is caused to execute the method according to any one of claims 1-9.
PCT/CN2019/102344 2019-06-10 2019-08-23 Network connection method and related apparatus WO2020248367A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910498975.4A CN110213769B (en) 2019-06-10 2019-06-10 Intranet access method and related device
CN201910498975.4 2019-06-10

Publications (1)

Publication Number Publication Date
WO2020248367A1 true WO2020248367A1 (en) 2020-12-17

Family

ID=67791774

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/102344 WO2020248367A1 (en) 2019-06-10 2019-08-23 Network connection method and related apparatus

Country Status (2)

Country Link
CN (1) CN110213769B (en)
WO (1) WO2020248367A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111917743B (en) * 2020-07-15 2022-07-19 中国工商银行股份有限公司 Method, system, device and medium for switching access relation between nodes

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130166756A1 (en) * 2002-05-06 2013-06-27 Apple Inc. Method and arrangement for suppressing duplicate network resources
CN106162549A (en) * 2015-05-19 2016-11-23 中兴通讯股份有限公司 The processing method and processing device of access network
CN106993278A (en) * 2017-04-07 2017-07-28 青檬微智科技(深圳)有限公司 A kind of method, relevant device and system for automatically controlling smart machine access
CN109660593A (en) * 2018-11-05 2019-04-19 深圳绿米联创科技有限公司 Platform of internet of things access management method, apparatus and system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102055735A (en) * 2009-11-04 2011-05-11 中国移动通信集团山东有限公司 Configuration method and device of firewall access control policy
US10917384B2 (en) * 2017-09-12 2021-02-09 Synergex Group Methods, systems, and media for modifying firewalls based on dynamic IP addresses
CN109076005B (en) * 2018-04-28 2021-02-09 深圳前海达闼云端智能科技有限公司 VPN line switching method and device and electronic equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130166756A1 (en) * 2002-05-06 2013-06-27 Apple Inc. Method and arrangement for suppressing duplicate network resources
CN106162549A (en) * 2015-05-19 2016-11-23 中兴通讯股份有限公司 The processing method and processing device of access network
CN106993278A (en) * 2017-04-07 2017-07-28 青檬微智科技(深圳)有限公司 A kind of method, relevant device and system for automatically controlling smart machine access
CN109660593A (en) * 2018-11-05 2019-04-19 深圳绿米联创科技有限公司 Platform of internet of things access management method, apparatus and system

Also Published As

Publication number Publication date
CN110213769B (en) 2022-11-25
CN110213769A (en) 2019-09-06

Similar Documents

Publication Publication Date Title
US9614958B2 (en) Predictive computer network services provisioning for mobile users
EP2512087B1 (en) Method and system for accessing network through public device
WO2020083288A1 (en) Safety defense method and apparatus for dns server, and communication device and storage medium
CN110266674B (en) Intranet access method and related device
WO2020248368A1 (en) Intranet accessing method, system, and related device
CN109936515B (en) Access configuration method, information providing method and device
US11271945B2 (en) Localized access control for authorized modifications of data using a cryptographic hash
CN104253798A (en) Network security monitoring method and system
CN110336793B (en) Intranet access method and related device
EP2512088A1 (en) Method and system for accessing network on public device
WO2020248367A1 (en) Network connection method and related apparatus
CN110311785B (en) Intranet access method and related device
CN110324826B (en) Intranet access method and related device
CN110324318B (en) Intranet access method and related device
WO2022110836A1 (en) Communication method and communication apparatus
CN105592454A (en) Method and system for realizing WLAN sharing and WLAN sharing register server
CN104539446A (en) Shared WLAN management achieving method and system and WLAN shared registering server
CN105610599B (en) User data management and device
WO2016061981A1 (en) Wlan sharing method and system, and wlan sharing registration server
JP6609660B2 (en) COMMUNICATION SYSTEM, COMMUNICATION DEVICE, COMMUNICATION METHOD, AND COMMUNICATION PROGRAM
US20190058689A1 (en) Remote network connection system, access equipment and connection method thereof
CN114338167B (en) Communication encryption system, method, storage medium and electronic device
CN116938639B (en) Virtual private network access method, device and storage medium
CN114499965B (en) Internet surfing authentication method and system based on POP3 protocol
JP6225283B1 (en) Closed network connection device, program, and method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19932870

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19932870

Country of ref document: EP

Kind code of ref document: A1