CN207382349U - Gateway isolation card based on FPGA and the network safety isolator comprising the isolation card - Google Patents
Gateway isolation card based on FPGA and the network safety isolator comprising the isolation card Download PDFInfo
- Publication number
- CN207382349U CN207382349U CN201720897827.6U CN201720897827U CN207382349U CN 207382349 U CN207382349 U CN 207382349U CN 201720897827 U CN201720897827 U CN 201720897827U CN 207382349 U CN207382349 U CN 207382349U
- Authority
- CN
- China
- Prior art keywords
- network
- card
- chip
- fpga
- isolation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Small-Scale Networks (AREA)
Abstract
The utility model discloses a kind of gateway isolation card based on FPGA and the network safety isolator comprising the isolation card, pluggable on Intranet/outer net mainboard, isolation card includes:Network interface connector, the connection being used to implement between two isolation cards;Fpga chip is connected with the host in shielding system where isolation card, can obtain the network environment detection signal of the network security protection system on host, and sends corresponding enable signal to network card chip;Network card chip is connected respectively with the CPU on fpga chip, network interface, mainboard, for the connection or disconnection of the network communication between the CPU of the enable signal control intranet and extranet sent according to fpga chip.The utility model is simple and practical, can be applied in multiple network safety equipment.
Description
Technical field
The utility model is related to network communication field more particularly to a kind of gateway isolation card based on FPGA and comprising this every
Network safety isolator from card.
Background technology
With the fast development of computer technology, the business handled on computers is also from simple mathematical operation, text
Part processing etc. develops to information sharing and big data processing based on complicated in-house network, extranet and Global Internet.
While computer disposal and concatenation ability are constantly promoted, the safety problem based on network connection also becomes increasingly conspicuous.
At present, most enterprises and individual are guaranteed network security by fire wall, can make enterprise using fire wall
It is mutually isolated between internal lan and external network, limit network access.However, this isolation in logic and imperfect,
Hacker can break through the barrier of fire wall by technological means completely, and intranet data is stolen and is distorted.Except fire wall,
Much the enterprise high to data confidentiality requirement additionally uses gateway isolation card to ensure the safety of therein network, this hard
Part equipment can directly disconnect the physical connection between intranet and extranet in dangerous invasion.
Current gateway isolation card mainly uses two kinds of technologies:One kind is double hard disc physical isolation technology, operation principle
It is one hard disk of increase in existing computer, by the control in isolation card and on-off circuit, realizes work station inside and outside
Dual working condition between net (two states are physically isolated completely).But this method needs are additionally pacified on the computer of user
One piece of hard disk is filled, and needs to carry out the dual wired work of intranet and extranet, which increase the limitations of its application range.Another object
Reason isolation scheme is electric initial stage on computers, using the data-signal and network seletion signals of fpga chip acquisition hard disk, is sentenced
Not whether to be not the network to be selected, then control signal is latched, and then complete the control to relay, reach intranet and extranet
The purpose of network isolation.The shortcomings that this scheme, is the delay since data-signal and relay make use of to switch so that after
The switching of electric appliance is after initial several data exchanges, and causing IDE controllers, can completely does not obtain the letter of certain block hard disk
Breath, causes and compatibility issue is generated between hard disk and mainboard.
Utility model content
The technical problems to be solved in the utility model is, for the drawbacks described above of the prior art, provides one kind and is based on
The gateway isolation card of FPGA and the network safety isolator comprising the isolation card.
Technical solution is used by the utility model solves its technical problem:Construct a kind of gateway isolation based on FPGA
Card, it is pluggable on Intranet/outer net mainboard, including:
Network interface connector, the connection being used to implement between two isolation cards;
Fpga chip is connected with the host in shielding system where isolation card, can obtain the network safety prevention on host
The network environment detection signal of system, and corresponding enable signal is sent to network card chip;
Network card chip is connected respectively with the CPU on fpga chip, network interface, mainboard, is made for what is sent according to fpga chip
The connection or disconnection of network communication between the CPU of energy signal control intranet and extranet.
Preferably, the network interface connector includes two header connectors, the network card chip is I350 network card chips.
Preferably, the hurricane four generations chip EP4CE6E2217 of the model altera corp of fpga chip, network card chip
Model Intel I350-AM2, network interface connector include the header connector of two 2 × 5Pin, the LAN0_ of network card chip
Respectively via a resistance eutral grounding, 132 pins of fpga chip connect via a resistance for DIS_N pins, LAN1_DIS_N pins
The LAN0_DIS_N pins of network card chip are connected to, 133 pins of fpga chip are connected to network card chip via a resistance
LAN1_DIS_N pins.
Preferably, the isolation card further includes an EEPROM being connected with network card chip and is connected with fpga chip
Another EEPROM.
The invention also discloses a kind of network safety isolator, including Intranet mainboard, outer net mainboard and two
The gateway isolation card, Intranet mainboard, outer net mainboard are correspondingly connected with respectively by standard PCIE interfaces and two gateway isolation cards,
And pass through gateway isolation card and carry out network communication.
The gateway isolation card based on FPGA for implementing the utility model and the network safety isolator comprising the isolation card,
It has the advantages that:Fpga chip can be believed with the detection that real-time reception network security protection system is sent in the utility model
Number and send corresponding enable signal to network card chip, network card chip can be according in the enable signal control that fpga chip is sent
The connection or disconnection of network communication between the CPU of outer net, it is simple and practical, it can be applied in multiple network safety equipment.
Description of the drawings
It in order to illustrate the embodiment of the utility model or the technical proposal in the existing technology more clearly, below will be to embodiment
Or attached drawing needed to be used in the description of the prior art is briefly described, it should be apparent that, the accompanying drawings in the following description is only
It is the embodiment of the utility model, for those of ordinary skill in the art, without creative efforts, also
Other attached drawings can be obtained according to the attached drawing of offer:
Fig. 1 is the structure diagram of the network safety isolator of the utility model;
Fig. 2 is the structure diagram of the gateway isolation card of the utility model;
Fig. 3 is the partial circuit diagram of the specific embodiment of the gateway isolation card of the utility model.
Specific embodiment
For the ease of understanding the utility model, the utility model is more fully retouched below with reference to relevant drawings
It states.The exemplary embodiments of the utility model are given in attached drawing.But the utility model can in many different forms come in fact
It is existing, however it is not limited to embodiment described herein.On the contrary, the purpose for providing these embodiments is the public affairs made to the utility model
Open content more thorough and comprehensive.
It should be noted that " connected " or " connection ", not only include two entities being connected directly, also include logical
It crosses and is indirectly connected with other entities beneficial to improvement.
Unless otherwise defined, all of technologies and scientific terms used here by the article is led with belonging to the technology of the utility model
The normally understood meaning of technical staff in domain is identical.It is simply in the term used in the description of the utility model herein
The purpose of description specific embodiment, it is not intended that in limitation the utility model.Term as used herein " and/or " include
The arbitrary and all combination of one or more relevant Listed Items.
In order to be better understood from the technical solution of the utility model, below in conjunction with Figure of description and specific implementation
The technical solution of the utility model is described in detail in mode, it should be understood that in the utility model embodiment and embodiment
Specific features be the detailed description to technical scheme rather than the restriction to technical scheme, rushed not
In the case of prominent, the technical characteristic in the utility model embodiment and embodiment can be mutually combined.
With reference to figure 1, the network safety isolator of the utility model includes Intranet mainboard, outer net mainboard and two nets
Lock isolation card, Intranet mainboard, the main function of outer net mainboard are to provide PCIE signal to isolation card, Intranet mainboard, outer net mainboard
It is correspondingly connected with respectively by standard PCIE interfaces and two gateway isolation cards, and passes through gateway isolation card and carry out network communication.
With reference to Fig. 2, gateway isolation card specifically includes:
Network interface connector, the connection being used to implement between two isolation cards.In preferred embodiment, network interface connection implement body bag
Include the header connector for two 2 × 5Pin for transferring electric signal.
Fpga chip is connected with the host in shielding system where isolation card, can obtain the network safety prevention on host
The network environment detection signal of system, and corresponding enable signal is sent to network card chip.In preferred embodiment, fpga chip
The hurricane four generations chip EP4CE6E2217 of model altera corp.Network security protection system is existing system, this practicality
New is only to detect signal by it, therefore is not related to the improvement to software algorithm.
I350 network card chips are connected respectively with the CPU on fpga chip, network interface, mainboard, and what is transmitted between CPU is
Two groups of electric signals are transmitted by two header connectors between PCIEx4 signals, with another isolation card, I350 network card chips can
The enable signal sent according to fpga chip controls the connection or disconnection of the network communication between the CPU of intranet and extranet.It is preferably real
It applies in example, the model Intel I350-AM2 of network card chip.
Two EEPROM, an EEPROM are connected with network card chip, another EEPROM is connected with fpga chip.
The segment chip pin of fpga chip, network card chip is only illustrated with specific reference to Fig. 3, in figure, wherein U61-4 is represented
The part-structure figure of fpga chip, U1D represent the part-structure figure of network card chip.As shown in FIG., the LAN0_ of network card chip
DIS_N pins, LAN1_DIS_N pins are grounded respectively via resistance R21, a R22, and 132 pins of fpga chip are via one
Resistance R710 is connected to the LAN0_DIS_N pins of network card chip, and 133 pins of fpga chip are via a resistance R711 connection
To the LAN1_DIS_N pins of network card chip.
It should be noted that the enabled letter that the two PIN foot of LAN0_DIS_N and LAN1_DIS_N receive on network card chip
Number it is the signal for controlling network interface connection or disconnection.When the two PIN foot draw high 3.3V, can normally recognize in systems
Two network interfaces;And when the two signal grounds, it is identified in systems less than any network interface, this equates be disconnected isolation card
Network interface connection.On general I350 network card equipments, the two signals generally acquiescence draws high 3.3V, that is, keeps network interface normal
Identification and communication, and in the utility model, the two PIN foot are grounded by resistance R21 and R22, that is, give tacit consent to two network interface quilts
Disabling.
The operation principle of the utility model is as follows:
The PCIEx4 signals that CPU is sent are input in the I350 chips (AM2) of isolation card by (outer) host plate interior first, are connect
2 groups of network signals (electric signal) can be exported to two header connectors by each I350 chips, wherein every group of network signal includes 4
To differential signal.
When security protection system operationally, monitoring current network whether can have in real time and be subject to dangerous invasion, and will detection
Signal is sent in fpga chip.Fpga chip can control DEV_OFF_1, DEV_ of 133,134 pins according to detection signal
The level value of OFF_2 signals, two PIN foot LAN0_ which is separately input to I350 network card chips by I/O mouthfuls
In DIS_N and LAN1_DIS_N.If system is just under attack at this time, DEV_OFF_1, DEV_OFF_2 are low level, and work as and be
During system safe operation, DEV_OFF_1, DEV_OFF_2 are high level.It can be seen in figure 3 that as DEV_OFF_1, DEV_OFF_
2 when being high level, the two PIN foot of I350 network card chips are also driven high, and network interface can normally identify uses, and when the two are believed
When number being low level, I350 network card chip pin levels do not change, and for the low level of acquiescence, network interface can not use, i.e., interior
Connection between outer net is disconnected.
In conclusion the gateway isolation card based on FPGA and the network security comprising the isolation card of implementing the utility model
Isolating device has the advantages that:Fpga chip can be sent out with real-time reception network security protection system in the utility model
The detection signal that goes out simultaneously sends corresponding enable signal to network card chip, and network card chip can send enabled according to fpga chip
The connection or disconnection of network communication between the CPU of signal control intranet and extranet, it is simple and practical, it can be applied to multiple network peace
In full equipment.
The embodiment of the utility model is described above in conjunction with attached drawing, but the utility model is not limited to
The specific embodiment stated, above-mentioned specific embodiment is only schematical rather than restricted, this field it is common
Technical staff is not departing from the utility model aims and scope of the claimed protection situation under the enlightenment of the utility model
Under, many forms can be also made, these are belonged within the protection of the utility model.
Claims (6)
1. a kind of gateway isolation card based on FPGA, pluggable on Intranet/outer net mainboard, which is characterized in that including:
Network interface connector, the connection being used to implement between two isolation cards;
Fpga chip is connected with the host in shielding system where isolation card, can obtain the network security protection system on host
Network environment detection signal, and send corresponding enable signal to network card chip;
Network card chip is connected respectively with the CPU on fpga chip, network interface, mainboard, for the enabled letter sent according to fpga chip
Number control intranet and extranet CPU between network communication connection or disconnection.
2. the gateway isolation card according to claim 1 based on FPGA, which is characterized in that the network interface connector includes two
A header connector.
3. the gateway isolation card according to claim 1 based on FPGA, which is characterized in that the network card chip is I350 nets
The core of the card piece.
4. the gateway isolation card according to claim 1 based on FPGA, which is characterized in that the model of fpga chip
The hurricane four generations chip EP4CE6E2217 of altera corp, the model Intel I350-AM2 of network card chip, network interface connector
Include the header connector of two 2 × 5Pin, the LAN0_DIS_N pins of network card chip, LAN1_DIS_N pins are respectively via one
A resistance eutral grounding, 132 pins of fpga chip are connected to the LAN0_DIS_N pins of network card chip, FPGA cores via a resistance
133 pins of piece are connected to the LAN1_DIS_N pins of network card chip via a resistance.
5. the gateway isolation card according to claim 1 based on FPGA, which is characterized in that the isolation card further includes and net
One EEPROM of the core of the card piece connection and another EEPROM being connected with fpga chip.
6. a kind of network safety isolator, which is characterized in that including Intranet mainboard, outer net mainboard and two gateway isolation
Card, the gateway isolation card are such as claim 1-5 any one of them gateway isolation cards, Intranet mainboard, outer net mainboard difference
It is correspondingly connected with by standard PCIE interfaces and two gateway isolation cards, and passes through gateway isolation card and carry out network communication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201720897827.6U CN207382349U (en) | 2017-07-24 | 2017-07-24 | Gateway isolation card based on FPGA and the network safety isolator comprising the isolation card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201720897827.6U CN207382349U (en) | 2017-07-24 | 2017-07-24 | Gateway isolation card based on FPGA and the network safety isolator comprising the isolation card |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN207382349U true CN207382349U (en) | 2018-05-18 |
Family
ID=62298995
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201720897827.6U Expired - Fee Related CN207382349U (en) | 2017-07-24 | 2017-07-24 | Gateway isolation card based on FPGA and the network safety isolator comprising the isolation card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN207382349U (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112638721A (en) * | 2020-06-24 | 2021-04-09 | 华为技术有限公司 | Vehicle control device, whole vehicle integrated unit and vehicle |
| CN115118459A (en) * | 2022-06-02 | 2022-09-27 | 合肥卓讯云网科技有限公司 | Method and equipment for realizing secure data exchange based on security card and isolation card heterogeneous |
-
2017
- 2017-07-24 CN CN201720897827.6U patent/CN207382349U/en not_active Expired - Fee Related
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112638721A (en) * | 2020-06-24 | 2021-04-09 | 华为技术有限公司 | Vehicle control device, whole vehicle integrated unit and vehicle |
| CN115118459A (en) * | 2022-06-02 | 2022-09-27 | 合肥卓讯云网科技有限公司 | Method and equipment for realizing secure data exchange based on security card and isolation card heterogeneous |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN207382349U (en) | Gateway isolation card based on FPGA and the network safety isolator comprising the isolation card | |
| CN208126373U (en) | IIC fault detection response circuit and IIC bus system | |
| CN108259226A (en) | Security configuration and platform management are carried out using network is managed | |
| US7409563B2 (en) | Method and apparatus for preventing un-authorized attachment of computer peripherals | |
| US20150363344A1 (en) | Selectively Connecting a Port of an Electrical Device to Components in the Electrical Device | |
| US20130163437A1 (en) | Network card detecting circuit | |
| CN103164789A (en) | Debug circuit structure provided with safety verification and achieving method of debug circuit structure provided with safety verification | |
| CN213782407U (en) | Network cable port socket with insertion detection function | |
| US20110185090A1 (en) | Apparatus for Translating and Expanding Inputs for a Point Of Sale Device | |
| CN107977333A (en) | A kind of cipher card and the method for communication | |
| CN100424672C (en) | Network safety control equipment based on physical isolation and data exchange monitoring | |
| CN106990854A (en) | A kind of server displayless realizes KVM_OVER_IP system and method | |
| CN205123779U (en) | Support card to carry USB storage device's network security isolating device | |
| CN103049715A (en) | Computer capable of controlling enabling of peripherals | |
| CN111885179B (en) | External terminal protection device and protection system based on file monitoring service | |
| CN104883340A (en) | Method for preventing invasions and access equipment | |
| CN208158603U (en) | A kind of gigabit network interface bypass equipment | |
| CN202940836U (en) | Network switching device | |
| Cheng-ying et al. | Research on multi-master communication system based on RS485 bus | |
| CN205594636U (en) | Computer network security controller | |
| KR101484401B1 (en) | Serial communication apparatus for dual ring network node | |
| CN208768105U (en) | Network isolating device | |
| US10122684B1 (en) | Local area network electronic perimeter security | |
| CN203054850U (en) | Computer with outer external device controllable and enabled | |
| CN103944858A (en) | Inside and outside internetwork isolating computer |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20180518 Termination date: 20200724 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |