Firewall
Firewall technology through the combination of various types for security management and screening software and hardware equipment to help its internal computer network, to build a protective barrier between the relative isolation of the external network, in order to protect a user-data and safety information technology.
Function mainly in that the firewall technology to detect and deal possible security risks of running a computer network, data transmission problems, which process comprises the isolation and protection measures, can be implemented simultaneously with the detection of the recording operation among the computer network security, to ensure the security of computer network operations, user data protection and integrity of information, to provide users with better and more secure computer network experience.
Policy configuration and optimization
Firewall policy optimization and adjustment is an important part of network maintenance work, the strategy is to optimize the performance of equipment operation will produce
raw significantly. Considering the complex flow of enterprise business, more business types often, it is recommended that when setting policy as much as possible
to ensure a unified plan to improve efficiency settings to improve readability, reduce maintenance difficulty.
Policy configuration and maintenance need to pay attention where there is:
the last policy defines the commissioning phase for all the access permit and log, so that does not affect the business case
to find the missing addendum; After confirming all the traffic are thoroughly investigated and released, may be the last - of defined to prohibit all access
and record 8-chi, in order to observe the whereabouts of illegal traffic in trial operation. After the commissioning phase, and then finally a "ban
all access" policy removal.
Firewall according to the order from top to bottom search policy table match strategy, policy order impact on the speed of the connection is established there,
suggested that high traffic applications and latency-sensitive applications placed on top of the policy table, the more special strategic positioning without too specific
policies from above.
Policy configuration Log (logging) option effectively record, troubleshooting, etc., but this feature is enabled will consume
some resources. Recommend selective use of the large volume of business on the Internet, or using only when necessary.
Simplified policy table is not only easy to maintain, but also helps to quickly match. Try to keep the policy table simple and short, the rules
of more and more likely to make mistakes. More simple strategies that can be incorporated into a portfolio strategy by defining address groups and service groups.
Strategies for regional network access control in one direction. If the source and destination areas are different, the firewall between regional
policy lookup policy table. If the source and destination areas within the same region and blocking is enabled, the firewall in the area of internal
policy lookup policy table. If you do not find a match in the region or between regions within the policy table, the security device inspection
The default access to check relevant region for a match.
Policy change control. After you have organized policy rules, should be written on the note and up to date. Notes can help administrators understand the
purpose of each policy, the more comprehensive understanding of the policy, the less likely misconfigured. If you have multiple administrators firewall,
when the recommended strategy adjustment, those changes will change the specific time, changing the cause of adding comments to facilitate follow-up maintenance.