| With the development of the Internet, the society makes a big progress. The Internet shortens the space, but it spreads impediment too. Security of Internet becomes more and more important. As we know the firewall is one of the tools of network defense. But with the development of technology, traditional perimeter firewall shows its insufficiency to protect the host in the enterprise. The distributed firewall, which integrates the technology of Virtual Private Network (VPN), is the effective method to solve the conflict between safety and expense.First, this paper designed a flexible and high-powered security system through combining the technique of distributed firewall and the one of the expanded IPsec VPN. To know more about the security system, the paper described the main functions of the system and the structures of the relating databases. Then, after comparing the software that be used to realize the distributed firewall enforcement agent with the hardware that be used in the same way, the paper proposed to realize the firewall with the Enhanced Network Interface Card (ENIC). There are at least three methods to design the ENIC, such as by the Network Processor (NP), by the Application-Specific Integrated Circuit (ASIC) or by the Field Programmable Gate Array (FPGA). And this paper designed the ENIC with the NP. At last, the paper discussed the policy management in two aspects, the based concepts of the policy management and the policy implement. We described the concepts of the domain, role-based policy, relation between the rules, and the arithmetic to add rule to the policy. In the last section of this paper, we introduced the Ponder language which is one of the description languages, and gave the policy implement model for the Ponder language. |
PDF Full Text Request