Firewall configuration validation
First Claim
1. A method of processing configuration of a network node, the configuration comprising a processing rule base, which contains rules to be used in the network node for filtering data packets, the rules comprising one or more identification values for identifying a data packet and an action, said method comprising validating the configuration of the network node by determining, whether the processing rule base fulfils requirements defined in a validation rule base.
9 Assignments
0 Petitions
Accused Products
Abstract
The invention relates to processing configuration of a network node, such as for example a firewall, and for sharing the configuration management between several administrators. The configuration comprises a processing rule base, which contains rules to be used in the network node for filtering data packets, the rules comprising one or more identification values for identifying a data packet and an action. The configuration of the network node is validated by determining, whether the processing rule base fulfils requirements defined in a validation rule base. The use of validation rule base enables verifying that processing rule bases managed by different administrators fulfil some set requirements. Additionally, the invention accounts for detecting human errors in configurations.
57 Citations
24 Claims
-
1. A method of processing configuration of a network node, the configuration comprising a processing rule base, which contains rules to be used in the network node for filtering data packets, the rules comprising one or more identification values for identifying a data packet and an action, said method comprising
validating the configuration of the network node by determining, whether the processing rule base fulfils requirements defined in a validation rule base.
-
19. A computer-readable medium, containing a computer software which, when executed in a computer device, causes the computer device to provide a routine for processing configuration of a network node, the configuration including a processing rule base, which contains rules to be used in the network node for filtering data packets, the rules including one or more identification values for identifying a data packet and an action, said routine comprising
validating the configuration of the network node by determining, whether the processing rule base fulfils requirements defined in a validation rule base.
-
22. An arrangement for processing configuration of a network node, the configuration including a processing rule base, which contains rules to be used in the network node for filtering data packets, the rules including one or more identification values for identifying a data packet and an action, the arrangement comprising
a validation mechanism for validating the configuration of the network node by determining, whether the processing rule base fulfils requirements defined in a validation rule base.
Specification