Managing network firewall configuration utilizing source lists
First Claim
1. A method for managing network-based communications comprising:
- obtaining a set of network firewall configuration information for configuring a network firewall on behalf of a customer from a plurality of sources, wherein individual network configuration information is provided by a source different from a network point of presence;
parsing the set of network firewall configuration information to identify a list of network address information, the list of network address information associated with one or more source network address ranges;
processing the list of network address information, wherein processing the list of network address information includes prioritizing the list of network address information based on a size of source network address range in the list of network address information and a weight of a source of the network firewall configuration information, wherein the prioritized list is ordered such that a larger source network address range is listed before and has a higher priority relative to a smaller source network address range;
processing the prioritized list of network address information to limit a number of network address ranges in the prioritized list of network address information to be below a maximum threshold;
generating network firewall configuration information for the network firewall on behalf of the customer based on the prioritized list of network address information, wherein the generated network firewall configuration information causes communications from a network address that is included in the prioritized list to be blocked; and
causing the network firewall to be configured based on the generated network firewall configuration information.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for configuration of network-based firewall services based on network firewall configuration information provided by one or more sources are provided. The network firewall configuration information can include one or more lists of network address ranges that will be used by the network firewall to process data communications received at a data center. The received network firewall configuration information can be prioritized and filtered to conform to a maximum threshold number of network address ranges that can be configured on a network firewall service. The filtered and processed network address range information can then be utilized to configure one or more network firewall services or application hosted within a data center.
18 Citations
20 Claims
-
1. A method for managing network-based communications comprising:
-
obtaining a set of network firewall configuration information for configuring a network firewall on behalf of a customer from a plurality of sources, wherein individual network configuration information is provided by a source different from a network point of presence; parsing the set of network firewall configuration information to identify a list of network address information, the list of network address information associated with one or more source network address ranges; processing the list of network address information, wherein processing the list of network address information includes prioritizing the list of network address information based on a size of source network address range in the list of network address information and a weight of a source of the network firewall configuration information, wherein the prioritized list is ordered such that a larger source network address range is listed before and has a higher priority relative to a smaller source network address range; processing the prioritized list of network address information to limit a number of network address ranges in the prioritized list of network address information to be below a maximum threshold; generating network firewall configuration information for the network firewall on behalf of the customer based on the prioritized list of network address information, wherein the generated network firewall configuration information causes communications from a network address that is included in the prioritized list to be blocked; and causing the network firewall to be configured based on the generated network firewall configuration information. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. Non-transitory computer storage storing computer-executable instructions, wherein the computer-executable instructions cause one or more computing devices to perform a process for managing network-based communications comprising:
-
obtaining a set of network firewall configuration information for configuring a network firewall on behalf of a customer, wherein individual network configuration information is provided by a source different from a network point of presence; processing the set of network firewall configuration information to identify a list of network address information, the list of network address information associated with one or more source network address ranges; prioritizing the list of network address information based on a size of source network address range in the list of network address information and a weight of a source of the network firewall configuration information, wherein the prioritized list is ordered such that a larger source network address range is listed before and has a higher priority relative to a smaller source network address range; processing the prioritized list of network address information to limit a number of network address ranges in the prioritized list of network address information to be below a maximum threshold; generating network firewall configuration information for the network firewall on behalf of the customer based on the prioritized list of network address information, wherein the generated network firewall configuration information causes communications from a network address that is included in the prioritized list to be blocked; and causing the network firewall to be configured based on the generated network firewall configuration information. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 20)
-
-
17. A system comprising:
one or more hardware computing devices in communication with one or more computer-readable memories storing executable instructions, the one or more hardware computing devices programmed by the executable instructions to at least; obtain a set of network firewall configuration information for configuring a network firewall on behalf of a customer, wherein individual network configuration information is provided by a source different from a network point of presence; process the set of network firewall configuration information to identify a list of network address information, the list of network address information associated with one or more source network address ranges; prioritize the list of network address information based on a size of source network address range in the list of network address information and a weight of a source of the network firewall configuration information, wherein the prioritized list is ordered such that a larger source network address range is listed before and has a higher priority relative to a smaller source network address range; process the prioritized list of network address information to limit a number of network address ranges in the prioritized list of network address information to be below a maximum threshold; generate network firewall configuration information for the network firewall on behalf of the customer based on the prioritized list of network address information, wherein the generated network firewall configuration information causes communications from a network address that is included in the prioritized list to be blocked; and cause configuration of the network firewall in accordance with the generated network firewall configuration information. - View Dependent Claims (18, 19)
Specification