Abstract: This article summarizes the reason and damage of unacquainted network edge problem in firewall engineering configuration, proposes three traditional solutions to this problem. Combining project experiences in large network, a demand analysis and log-exploring technical system is put forward as a new solution to configurate unacquainted network edge access rules. Based on many case studies and managerial psychology, demand analysis method is detailed design. Based on database and firewalls log analysis technology, log-exploring method is detailed design. The method in this article has been test and proven to be successful by using the mainstream firewall.

Key words: network access control, firewall, unacquainted network edge, demand analysis, log-exploring