关键词: 状态检测 防火墙 TCP FPC-A千兆网络

Abstract:

State detection is the main stream of the current firewall technologies. This paper introduces the principle of state detection firewall. The flowchar  t of state detection and the model of state transition for the TCP packets are presented. A method of sequence number scope check and dynamic timeout ma nagement ensures the system security. A hash algorithm is adopted to manage the state table, and the design is implemented on FPC-A. The experiment shows that the design can work well in a Gigabit network environment.

Key words: state detection, firewall, TCP FPGA, Gigabit network