×

Conditional declarative policies

  • US 10,333,986 B2
  • Filed: 04/05/2017
  • Issued: 06/25/2019
  • Est. Priority Date: 03/30/2015
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for producing a firewall rule set comprising:

  • receiving a declarative policy associated with a computer network security policy, the declarative policy including at least one predetermined category and an action associated with the at least one predetermined category, the at least one predetermined category indicating a plurality of workloads, the action being at least one of forward, block, redirect, and log, wherein the declarative policy is high risk assets are not allowed to communicate with high value assets;

    collecting information from at least one external system of record, the information associated with the at least one predetermined category;

    generating a firewall rule set using the declarative policy and the information, the firewall rule set including workload addresses to or from which network communications are at least one of forwarded, blocked, redirected, and logged, the firewall rule set being at a lower level of abstraction than the declarative policy; and

    provisioning the firewall rule set to a plurality of enforcement points of a distributed firewall, each enforcement point policing network communications among respective workloads using the firewall rule set.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×