| The continual development of firewall technology has higher demands on networl security management platform. Conventional security management platform has not met the needs of standardlization, integrity and without of device. While firewall security management based on policy can perform unique descripition of policy, unique management of firewall log, device integrity management and integration with other platform.This papers studies firewall security management platform based on policy including by SMC(security management center), DS(directory server), PDP(policy demand point) and PEP (policy enforcement point). At SMC, making use of GSPML (Group Security Policy Marktive Language based on XML)language descriptiving firewall security policy, SMC can make security policy convenientaly, transformation of data structure before distributing policy, central restoring and analysizing of firewall log by intelligently way. Each PDP can test validation and consistence of firewall policy and restoring&sumrizing firewall log. Each PEP can distribute and perform security policy effectively, collecting firewall log real time. Moreover, reliable communication based on UDP can slove the missing of policy packet among of SMC, PDP and PEP. |
PDF Full Text Request