Systems and methods for dynamic firewall policy configuration

US 10,462,104 B2
Filed: 02/23/2017
Issued: 10/29/2019
Est. Priority Date: 02/29/2016
Status: Active Grant

First Claim

Patent Images

1. A method for firewall configuration comprising:

receiving, at a processing device, input defining a firewall policy for a firewall managing access to a subnet of network components deployed within a communications network, the firewall policy including a firewall configuration for the firewall and a network component configuration for a network component of the subnet of network components;

processing, using the processing device, the input to determine that the firewall configuration and the network component configuration are logically valid prior to configuring the firewall with the firewall configuration;

automatically configuring, using the processing device, the firewall configuration at the firewall and the network component configuration at the network component in response to determining that the firewall configuration and the network component configuration are logically valid; and

activating, using the processing device, the firewall within the communications network to manage traffic to and from the subnet,wherein processing the input to determine that the firewall configuration and the network component configuration are logically valid comprises;

executing the firewall configuration at the firewall and the network component configuration at the network component to capture data corresponding to the firewall configuration and the network component configuration, without permanently implementing the firewall configuration at the firewall and the network component configuration at the network component; and

analyzing the data against a set of rules to verify the firewall configuration and the network component configuration are being implemented at the firewall and the network component as expected.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for receiving information on network firewall policy configurations are disclosed. Based on the received firewall configuration information, a configuration of a firewall and/or subnet of network devices is automatically provisioned and/or configured to control network traffic to and from the subnet.

9 Citations

15 Claims

1. A method for firewall configuration comprising:
- receiving, at a processing device, input defining a firewall policy for a firewall managing access to a subnet of network components deployed within a communications network, the firewall policy including a firewall configuration for the firewall and a network component configuration for a network component of the subnet of network components;
  
  processing, using the processing device, the input to determine that the firewall configuration and the network component configuration are logically valid prior to configuring the firewall with the firewall configuration;
  
  automatically configuring, using the processing device, the firewall configuration at the firewall and the network component configuration at the network component in response to determining that the firewall configuration and the network component configuration are logically valid; and
  
  activating, using the processing device, the firewall within the communications network to manage traffic to and from the subnet,wherein processing the input to determine that the firewall configuration and the network component configuration are logically valid comprises;
  
  executing the firewall configuration at the firewall and the network component configuration at the network component to capture data corresponding to the firewall configuration and the network component configuration, without permanently implementing the firewall configuration at the firewall and the network component configuration at the network component; and
  
  analyzing the data against a set of rules to verify the firewall configuration and the network component configuration are being implemented at the firewall and the network component as expected.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the firewall policy is implemented at the firewall and the network component for a specific period of time.
  - 3. The method of claim 1, wherein the firewall policy includes at least one of a set of source ports for outgoing network traffic, a set of destination ports for incoming network traffic, and at least one protocol for defining the rules of communication of the network traffic when transmitting the network traffic to and from the subnet.
  - 4. The method of claim 1, further comprising generating a time window for which the firewall policy is applicable to the subnet, wherein the time window is generated based on the received input.
  - 5. The method of claim 1, further comprising:
    - receiving a modification to the firewall policy to unblock an application from accessing the subnet;
      
      modifying the firewall policy to allow at least a portion of network traffic associated with the application to pass through the firewall unblocked; and
      
      implementing the modified firewall policy at the firewall.

6. A system for firewall configuration comprising:
- a subnet of network components deployed within a communications network, the subnet accessible through a firewall;
  
  at least one processor; and
  
  non-transient computer-readable media communicably coupled to the at least one processor having instructions stored thereon that, when executed by the at least one processor, cause the at least one processor to;
  
  receive input defining a firewall policy for a firewall managing access to a subnet of network components deployed within a communications network, the firewall policy including a firewall configuration for the firewall and a network component configuration for a network component of the subnet of network components;
  
  process the input to determine that the firewall configuration and the network component configuration are logically valid prior to configuring the firewall with the firewall configuration;
  
  automatically configure the firewall configuration at the firewall and the network component configuration at the network component in response to determining that the firewall configuration and the network component configuration are logically valid; and
  
  activate the firewall within the communications network to manage traffic to and from the subnet,wherein, to process the input to determine that the firewall configuration and the network component configuration are logically valid, comprises;
  
  execute the firewall configuration at the firewall and the network component configuration at the network component to capture data corresponding to the firewall configuration and the network component configuration, without permanently implementing the firewall configuration at the firewall and the network component configuration at the network component; and
  
  analyze the data against a set of rules to verify the firewall configuration and the network component configuration are being implemented at the firewall and the network component as expected.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system of claim 6, wherein the firewall policy is implemented at the firewall and the network component for a specific period of time.
  - 8. The system of claim 6, wherein the firewall policy includes at least one of a set of source ports for outgoing network traffic, a set of destination ports for incoming network traffic, and at least one protocol for defining the rules of communication of the network traffic when transmitting the network traffic to and from the subnet.
  - 9. The system of claim 6, wherein the at least one processor is further configured to generate a time window for which the firewall policy is applicable to the subnet, wherein the time window is generated based on the received input.
  - 10. The system of claim 6, wherein the at least one processor is further configured to:
    - receive a modification to the firewall policy to unblock an application from accessing the subnet;
      
      modify the firewall policy to allow at least a portion of network traffic associated with the application to pass through the firewall unblocked; and
      
      implement the modified firewall policy at the firewall.

11. A non-transitory computer-readable medium for firewall configuration including instructions, executable by a processor, the instructions comprising:
- receiving input defining a firewall policy for a firewall managing access to a subnet of network components deployed within a communications network, the firewall policy including a firewall configuration for the firewall and a network component configuration for a network component of the subnet of network components;
  
  processing the input to determine that the firewall configuration and the network component configuration are logically valid prior to configuring the firewall with the firewall configuration;
  
  automatically configuring the firewall configuration at the firewall and the network component configuration at the network component in response to determining that the firewall configuration and the network component configuration are logically valid; and
  
  activating the firewall within the communications network to manage traffic to and from the subnet,wherein processing the input to determine that the firewall configuration and the network component configuration are logically valid comprises;
  
  executing the firewall configuration at the firewall and the network component configuration at the network component to capture data corresponding to the firewall configuration and the network component configuration, without permanently implementing the firewall configuration at the firewall and the network component configuration at the network component; and
  
  analyzing the data against a set of rules to verify the firewall configuration and the network component configuration are being implemented at the firewall and the network component as expected.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The non-transitory computer-readable medium of claim 11, wherein the firewall policy is implemented at the firewall and the network component for a specific period of time.
  - 13. The non-transitory computer-readable medium of claim 11, wherein the firewall policy includes at least one of a set of source ports outgoing network traffic, a set of destination ports for incoming network traffic, and at least one protocol for defining the rules of communication of the network traffic when transmitting the network traffic to and from the subnet.
  - 14. The non-transitory computer-readable medium of claim 11, further comprising generating a time window for which the firewall policy is applicable to the subnet, wherein the time window is generated based on the received input.
  - 15. The non-transitory computer-readable medium of claim 11, further comprising:
    - receiving a modification to the firewall policy to unblock an application from accessing the subnet;
      
      modifying the firewall policy to allow at least a portion of network traffic associated with the application to pass through the firewall unblocked; and
      
      implementing the modified firewall policy at the firewall.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Level 3 Communications LLC (Lumen Technologies, Inc.)
Original Assignee
Level 3 Communications LLC (Lumen Technologies, Inc.)
Inventors
Wang, Jin-Gen, Ewert, Travis D.
Primary Examiner(s)
Hailu, Teshome

Application Number

US15/440,335
Publication Number

US 20170250951A1
Time in Patent Office

978 Days
Field of Search

726 14
US Class Current
CPC Class Codes

H04L 41/0869   Validating the configuratio...

H04L 41/0886   Fully automatic configuration

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0272   Virtual private networks

Systems and methods for dynamic firewall policy configuration

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

9 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for dynamic firewall policy configuration

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links