Systems and methods for dynamic firewall policy configuration
First Claim
Patent Images
1. A method for firewall configuration comprising:
- receiving, at a processing device, input defining a firewall policy for a firewall managing access to a subnet of network components deployed within a communications network, the firewall policy including a firewall configuration for the firewall and a network component configuration for a network component of the subnet of network components;
processing, using the processing device, the input to determine that the firewall configuration and the network component configuration are logically valid prior to configuring the firewall with the firewall configuration;
automatically configuring, using the processing device, the firewall configuration at the firewall and the network component configuration at the network component in response to determining that the firewall configuration and the network component configuration are logically valid; and
activating, using the processing device, the firewall within the communications network to manage traffic to and from the subnet,wherein processing the input to determine that the firewall configuration and the network component configuration are logically valid comprises;
executing the firewall configuration at the firewall and the network component configuration at the network component to capture data corresponding to the firewall configuration and the network component configuration, without permanently implementing the firewall configuration at the firewall and the network component configuration at the network component; and
analyzing the data against a set of rules to verify the firewall configuration and the network component configuration are being implemented at the firewall and the network component as expected.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for receiving information on network firewall policy configurations are disclosed. Based on the received firewall configuration information, a configuration of a firewall and/or subnet of network devices is automatically provisioned and/or configured to control network traffic to and from the subnet.
-
Citations
15 Claims
-
1. A method for firewall configuration comprising:
-
receiving, at a processing device, input defining a firewall policy for a firewall managing access to a subnet of network components deployed within a communications network, the firewall policy including a firewall configuration for the firewall and a network component configuration for a network component of the subnet of network components; processing, using the processing device, the input to determine that the firewall configuration and the network component configuration are logically valid prior to configuring the firewall with the firewall configuration; automatically configuring, using the processing device, the firewall configuration at the firewall and the network component configuration at the network component in response to determining that the firewall configuration and the network component configuration are logically valid; and activating, using the processing device, the firewall within the communications network to manage traffic to and from the subnet, wherein processing the input to determine that the firewall configuration and the network component configuration are logically valid comprises; executing the firewall configuration at the firewall and the network component configuration at the network component to capture data corresponding to the firewall configuration and the network component configuration, without permanently implementing the firewall configuration at the firewall and the network component configuration at the network component; and analyzing the data against a set of rules to verify the firewall configuration and the network component configuration are being implemented at the firewall and the network component as expected. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for firewall configuration comprising:
-
a subnet of network components deployed within a communications network, the subnet accessible through a firewall; at least one processor; and non-transient computer-readable media communicably coupled to the at least one processor having instructions stored thereon that, when executed by the at least one processor, cause the at least one processor to; receive input defining a firewall policy for a firewall managing access to a subnet of network components deployed within a communications network, the firewall policy including a firewall configuration for the firewall and a network component configuration for a network component of the subnet of network components; process the input to determine that the firewall configuration and the network component configuration are logically valid prior to configuring the firewall with the firewall configuration; automatically configure the firewall configuration at the firewall and the network component configuration at the network component in response to determining that the firewall configuration and the network component configuration are logically valid; and activate the firewall within the communications network to manage traffic to and from the subnet, wherein, to process the input to determine that the firewall configuration and the network component configuration are logically valid, comprises; execute the firewall configuration at the firewall and the network component configuration at the network component to capture data corresponding to the firewall configuration and the network component configuration, without permanently implementing the firewall configuration at the firewall and the network component configuration at the network component; and analyze the data against a set of rules to verify the firewall configuration and the network component configuration are being implemented at the firewall and the network component as expected. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A non-transitory computer-readable medium for firewall configuration including instructions, executable by a processor, the instructions comprising:
-
receiving input defining a firewall policy for a firewall managing access to a subnet of network components deployed within a communications network, the firewall policy including a firewall configuration for the firewall and a network component configuration for a network component of the subnet of network components; processing the input to determine that the firewall configuration and the network component configuration are logically valid prior to configuring the firewall with the firewall configuration; automatically configuring the firewall configuration at the firewall and the network component configuration at the network component in response to determining that the firewall configuration and the network component configuration are logically valid; and activating the firewall within the communications network to manage traffic to and from the subnet, wherein processing the input to determine that the firewall configuration and the network component configuration are logically valid comprises; executing the firewall configuration at the firewall and the network component configuration at the network component to capture data corresponding to the firewall configuration and the network component configuration, without permanently implementing the firewall configuration at the firewall and the network component configuration at the network component; and analyzing the data against a set of rules to verify the firewall configuration and the network component configuration are being implemented at the firewall and the network component as expected. - View Dependent Claims (12, 13, 14, 15)
-
Specification