SDP terminal traffic proxy method and device, equipment and storage medium

A terminal and traffic technology, applied in the computer field, can solve problems such as knocking on the door amplification and the inability to manage and control the four-layer traffic, and achieve the effect of improving network security.

Active Publication Date: 2021-12-28
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] In view of this, the purpose of the present invention is to provide a SDP terminal traffic proxy method, device, equipment and medium, which can realize the authentication control of the four-layer traffic of the terminal, and solve the knock-on amplification and four-way traffic of the traditional zero-trust SDP. The problem that layer traffic cannot be controlled

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SDP terminal traffic proxy method and device, equipment and storage medium
  • SDP terminal traffic proxy method and device, equipment and storage medium
  • SDP terminal traffic proxy method and device, equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is only some embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0039]In the existing technology, SDP gradually releases the access policy from the client IP to the TCP port of the application gateway by knocking on the door. However, in reality, the egress IP of the traffic of multiple terminals may be the same, which will cause the problem of port policy amplification. , and authentication control canno...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an SDP terminal traffic proxy method and device, equipment and a storage medium. The method comprises the following steps: sending a knock request to an SDP controller through an SDP terminal proxy, receiving a knock result obtained after the SDP controller accesses a target gateway according to the knock request, and then configuring a routing table of a terminal according to the knock result; acquiring an application access request of a user for a target application through a physical network card, and sending the application access request to an HTTP tunnel client according to the routing table, so that a data packet corresponding to the application access request is modified through the HTTP tunnel client, and the modified data packet contains equipment identification information corresponding to a local terminal; and sending the modified data packet to an HTTP tunnel server of the target gateway through the HTTP tunnel client, so that the target gateway performs authority control on the user according to the equipment identification information in the modified data packet. The authentication management and control of the four-layer traffic can be realized.

Description

technical field [0001] The present invention relates to the field of computer technology, in particular to an SDP terminal traffic proxy method, device, equipment and storage medium. Background technique [0002] At present, SDP (Software Defined Perimeter, software-defined boundary) is one of the important technical directions of zero trust. Its main purpose is to reduce the exposure of application gateway ports. The main logic is to gradually release the client IP to the application gateway by knocking on the door. The access policy of the TCP (Transmission Control Protocol, Transmission Control Protocol) port (generally controlled by iptables), but in reality, the egress IP of the traffic of multiple terminals may be the same, which will cause the problem of port policy amplification. Moreover, for the zero-trust application gateway, it can only obtain the IP address of the last network node through which the traffic passes. For multiple terminals using the same egress IP...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/08H04L29/06
CPCH04L67/02H04L63/08H04L67/56
Inventor 刘威范渊刘博
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap