With the development of Internet, this single entry point is more and more thought as a performance bottle-neck and a security hidden trouble, and the same time, the inner network is reliable, is proved to be connecting less in fact. Concept of distributed firewall is introduced to eliminate these shortcomings. The distributed firewall takes on the architecture that the Control Center makes security policy and many node firewalls execute the policy, and effectively solves the abuse raised with the more and more policy and the inner network's security.This dissertation studies the shortcomings of traditional firewall and to these shortcomings, puts forward the distributed firewall, analysis the basic principle, architecture and workflow in detailed. It also studies the typical distributed firewall and its key technologies. After the technology analsizing, this dissertation puts forward a distributed firewall schema which fits with Small and medium enterprise network safety conditions. And it studies policy management and analysis the function and trait and the related technologies of policy executer, then discusses the whole schema and strut of log server module, gives the key module design schema ,data flow description. At last, it is tested that this firewall can meet the network safety requirements of small and medium enterprise. |