白丝美女被狂躁免费视频网站,500av导航大全精品,yw.193.cnc爆乳尤物未满,97se亚洲综合色区,аⅴ天堂中文在线网官网

Firewall control device, method and firewall device

專利號(hào)
US10097515B2
公開日期
2018-10-09
申請(qǐng)人
FUJITSU LIMITED(JP Kawasaki)
發(fā)明人
Dai Suzuki
IPC分類
H04L29/06; G06F9/455
技術(shù)領(lǐng)域
fw,fwc,fws,entry,in,discarded,discarding,packets,address,packet
地域: Kawasaki-shi, Kanagawa

摘要

A firewall control device controls a plurality of firewall devices provided between a core network and a plurality of sub-networks respectively, the firewall control device is configured to receive, from the plurality of firewall devices, data amount information indicating an amount of the data discarded in the plurality of firewall devices respectively and node information indicating a transmission source node of the discarded data, identify, based on the data amount information and the node information, a data flow including the discarded data which is transmitted from an information processing device indicated by the node information and of which total amount of the discarded data exceeds a threshold value, and set, in a first firewall device which is included in the plurality of firewall devices and which is coupled to the information processing device, a first discarding flow entry defining discarding of data of the identified data flow.

說明書

In other words, some or all of the FWC 7 and the FWs 5 may be real machines or may be VMs.

Each of the FWs 5 exemplarily stores therein information or data in which traffics permitted to pass between the core network 2 and the corresponding sub-network 3 and traffics to be blocked therebetween are registered. The “traffic” may be called a “data flow” or may be simply called a “flow”. The information or data for controlling a passage or blocking (may be called “discarding”) of a flow may be conveniently called a “flow entry” or simply called an “entry”.

Based on entries, each of the FWs 5 may identify flows to be permitted to pass through the relevant FW 5 and flows to be blocked by the relevant FW 5, may cause data of the flows caused to pass to pass therethrough, and may discard data of the flows to be blocked. The contents of the flow entries may be exemplarily determined in accordance with a policy (may be called a “FW policy”) related to the FW in the corresponding sub-network 3.

Note that data of a flow caused to pass or to be blocked may be exemplarily packet data or frame data. The packet data may be simply abbreviated to a “packet”, and the frame data may be simply abbreviated to a “frame”. The “frame” may be exemplarily an Ethernet frame. The “Ethernet” is a registered trademark.

As a setting method for flow entries in each of the FWs 5, 2 methods are considered.

權(quán)利要求

1
微信群二維碼
意見反饋