Firewall rule management
First Claim
Patent Images
1. A datacenter comprising:
- a plurality of host computing devices for executing a plurality of data compute nodes;
a first set of controllers for provisioning the data compute nodes;
a plurality of different firewall devices; and
a second of set of controllers for providing a management console to search and modify firewall rules for the different firewall devices, wherein the management console (i) displays a plurality of firewall rules enforced by the plurality of firewall devices and (ii) after receiving a set of filtering criteria, displays a subset of the plurality of firewall rules that satisfy the set of filtering criteria.
0 Assignments
0 Petitions
Accused Products
Abstract
Some embodiments provide a central firewall management system that can be used to manage different firewall devices from a single management interface. This management interface provides a uniform interface for defining different firewall rule sets and deploying these rules sets on different firewall devices (e.g., port-linked firewall engines, firewall service VMs, network-perimeter firewall devices, etc.). Also, this interface allows the location and/or behavior of the firewall rule sets to be dynamically modified. The management interface in some embodiments also provides controls for filtering and debugging firewall rules.
65 Citations
16 Claims
-
1. A datacenter comprising:
-
a plurality of host computing devices for executing a plurality of data compute nodes; a first set of controllers for provisioning the data compute nodes; a plurality of different firewall devices; and a second of set of controllers for providing a management console to search and modify firewall rules for the different firewall devices, wherein the management console (i) displays a plurality of firewall rules enforced by the plurality of firewall devices and (ii) after receiving a set of filtering criteria, displays a subset of the plurality of firewall rules that satisfy the set of filtering criteria. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A datacenter comprising:
-
a plurality of host computing devices for executing a plurality of data compute nodes; a first set of controllers for provisioning the data compute nodes; a plurality of different firewall devices comprising firewall engines executing on host computing devices, network perimeter firewall devices, and firewall appliances; and a second of set of controllers for providing a management console to search and modify firewall rules for the different firewall devices. - View Dependent Claims (9, 10)
-
-
11. A datacenter comprising:
-
a plurality of host computing devices for executing a plurality of data compute nodes; a first set of controllers for provisioning the data compute nodes; a plurality of different firewall devices comprising firewall devices from different vendors; and a second of set of controllers for providing a management console to search and modify firewall rules for the different firewall devices.
-
-
12. A datacenter comprising:
-
a plurality of host computing devices for executing a plurality of data compute nodes; a first set of controllers for provisioning the data compute nodes; a plurality of different firewall devices; and a second of set of controllers for providing a management console to search and modify firewall rules for the different firewall devices, wherein the management console serves as a single interface for receiving, modifying, filtering, and debugging firewall rules for the plurality of different firewall devices in the data center.
-
-
13. A datacenter comprising:
-
a plurality of host computing devices for executing a plurality of data compute nodes; a first set of controllers for provisioning the data compute nodes; a plurality of different firewall devices; and a second of set of controllers for providing a management console to search and modify firewall rules for the different firewall devices, wherein the management console comprises a first section for displaying firewall rules that are defined by reference to L3 parameters, and a second section for displaying firewall rules by reference to L2 parameters.
-
-
14. A datacenter comprising:
-
a plurality of host computing devices for executing a plurality of data compute nodes; a first set of controllers for provisioning the data compute nodes; a plurality of different firewall devices; and a second of set of controllers for providing a management console to search and modify firewall rules for the different firewall devices, wherein the firewall management console comprises a first section for displaying firewall rules that are defined for re-directing data messages to one or more third party appliances that perform one or more security services in the datacenter, and a second section for displaying firewall rules that are enforced by other firewall devices in the datacenter.
-
-
15. A datacenter comprising:
-
a plurality of host computing devices for executing a plurality of data compute nodes; a first set of controllers for provisioning the data compute nodes; a plurality of different firewall devices; and a second of set of controllers for providing a management console to search and modify firewall rules for the different firewall devices, wherein each firewall rule includes a tuple for defining a set of firewall devices for enforcing the firewall rule. - View Dependent Claims (16)
-
Specification