A few problems often make an user bemused: On the function of the product, the description of each manufacturers is very duplicate, ” of promising young person of a few “ and well-known trademark are extremely similar. Face this kind of situation, how should differentiate? 　　

The description gets very similar product, even if same a function, go up in specific implementation, mix in usability go up easily with the gender, individual difference ground is very apparent. 　

One, the visit control of network layer

All firewall must have this function, call its firewall otherwise. Of course, most road by implement also can realize this function through the ACL of oneself. 　

1. Regulation edits 　

Main to the visit control of network layer show is on the regular editor of firewall, we must make an on-the-spot investigation: Whether can control pass regular expression to come out to the visit of network layer? Is visit pilot size adequate fine? Same a regulation, whether to provide different time paragraph control method? Whether did regular configuration offer affable interface? Whether can you reflect the safe volition that the net is in charge of easily? 　　

2. IP/MAC address binds calm 　

It is IP/MAC address binds calm function likewise, a few detail must make an on-the-spot investigation, be like firewall whether the automatic collect that realizes IP address and MAC address? Whether is the visit that decides regulation to disobeying IP/MAC address to bind offerred call the police accordingly mechanism? Because these functions are very practical, if firewall cannot offer the automatic collect of IP address and MAC address, net canal may be forced to adopt other measures to win place administer the IP of the user and MAC address, this will be very insipid the job. 　　

3, NAT (network address is changed) 　

This one originally one of standard functions that the way already developed firewall gradually by the function of implemental equipment. But to this one function, the difference that each manufacturer realizes is very big, a lot of manufacturer realize NAT function to put in very big question: Be hard to configure and use, the member that this will is in charge of to the net brings tremendous trouble. We must learn the working principle of NAT, raise the network knowledge level of oneself, pass an analysis to compare, find a kind to configure and use the firewall that goes up to be handled simply in NAT.

2, the visit that uses a layer controls 　

The actual strength that this one function is each firewall manufacturers is nodded than going all out, also be most the place that gives prize. Although can have state,monitor module because of a lot of firewall that are based on implementation of free operating system (the kernel module that waits because of Linux, FreeBSD has supported condition to monitor) , but take creed ” to applying the control of the layer to cannot realize “ however, need honest process designing. 　　
Previous12 Next