摘要 |
Disclosed is a method for implementing a virtual firewall. The method comprises: acquiring an identifier of a virtual firewall instance according to received first information of a data traffic; searching for a configuration parameter of the virtual firewall according to the identifier of the virtual firewall instance, and searching for an ACL rule set according to packet information of the data traffic; and generating a session entry according to the data traffic, the configuration parameter of the virtual firewall and the ACL rule set, and storing a related security service parameter of a session in the data traffic into the session entry. Also disclosed is a device for implementing a virtual firewall. In this way, a physical firewall can be divided into multiple logical firewalls for use, each logical firewall can separately apply for separate resources; in addition, defects of deployment of a conventional firewall are overcome, and separate security service policies can be provided to different users at the same time on the premise that maintenance and management costs are greatly reduced. |