| 主权项 |
1. A method for firewall security between virtual devices-on-a, the method comprising:
receiving by a physical interface of a firewall device, a communication from a first virtual device to a second virtual device, wherein the first virtual device is hosted on a physical device which is separate from the firewall device and the second virtual device is hosted on a physical device which is separate from the firewall device; determining, by the firewall device, a first virtual interface associated with the first virtual device based on an address of the first virtual device and an address set of the first virtual interface; determining, by the firewall device, second virtual interface associated with the second virtual device based on an address of the second virtual device and an address set of the second virtual interface;
determining, by the firewall device, a first security domain associated with the first virtual interface and a second security domain associated with the second virtual interface; and to-implementing, by the firewall device, a security policy between the first
security domain and second security domain; wherein implementing the security policy comprises blocking the communication based on the security policy, or allowing the communication based on the security policy, wherein allowing the communication includes forwarding the communication to the second virtual device; wherein if the address of the first virtual device and/or address of the second virtual device are dynamically obtained from a Dynamic Host Configuration Protocol (DHCP) server, the first address set and second address set are configured based on a policy of the DHCP server. |
