Device for checking firewall policy
First Claim
Patent Images
1. A policy checking device to check whether or not a policy is properly set in a firewall device, said policy checking device comprising:
- a configuration information storage unit for storing network configuration information describing a network to be managed by said firewall device;
a policy information storage unit for storing policy information describing a policy to be enforced by said firewall device;
an emulation unit for establishing a virtual network based on the network configuration information and transmitting a packet using the virtual network;
a connection unit for connecting the virtual network and said firewall device; and
a check performing unit for checking whether or not the action of said firewall device is in accordance with the policy information by monitoring the packet transmitted by said emulation unit.
1 Assignment
0 Petitions
Accused Products
Abstract
An emulation unit establishes a virtual network equivalent to a network to be managed by a firewall device based on network configuration information. A check performing unit gives an instruction to verify the policies set in the firewall device to the emulation unit. The emulation unit transmits a packet to the firewall device based on the given instruction through a connection unit. The check performing unit verifies the policies set in the firewall device based on the response from the firewall device.
84 Citations
12 Claims
-
1. A policy checking device to check whether or not a policy is properly set in a firewall device, said policy checking device comprising:
-
a configuration information storage unit for storing network configuration information describing a network to be managed by said firewall device;
a policy information storage unit for storing policy information describing a policy to be enforced by said firewall device;
an emulation unit for establishing a virtual network based on the network configuration information and transmitting a packet using the virtual network;
a connection unit for connecting the virtual network and said firewall device; and
a check performing unit for checking whether or not the action of said firewall device is in accordance with the policy information by monitoring the packet transmitted by said emulation unit. - View Dependent Claims (2, 3, 4)
-
-
5. A policy checking device to check whether or not a policy including a condition and a result is properly set in a firewall device, said policy checking device comprising:
-
a detection unit for detecting a singular point condition from a policy to be enforced by said firewall device;
a selection unit for selecting predetermined number of ordinary area conditions other than the singular point condition from the policy to be enforced by said firewall device; and
a verification unit for verifying whether or not results corresponding to the singular point condition and the ordinary area conditions can be obtained by said firewall device. - View Dependent Claims (6, 7, 8)
-
-
9. A policy checking method for checking whether or not a policy is properly set in a firewall device, said method comprising:
-
obtaining network configuration information describing a network to be managed by said firewall device;
obtaining policy information describing a policy to be enforced by said firewall device;
establishing a virtual network based on the network configuration information;
transmitting a packet to said firewall device using the virtual network; and
verifying whether or not the action of said firewall device is in accordance with the policy information by monitoring the packet transmitted to said firewall device.
-
-
10. A policy checking method for checking whether or not a policy including a condition and a result is properly set in a firewall device, said policy checking method comprising:
-
detecting a singular point condition from a policy to be enforced by said firewall device;
selecting predetermined number of ordinary area conditions other than the singular point conditions from the policy to be enforced by said firewall device; and
verifying whether or not results corresponding to the singular point condition and the ordinary area conditions can be obtained by said firewall.
-
-
11. A computer readable medium storing a policy checking program for checking whether or not a policy is properly set in a firewall device, said program enabling a computer to perform a method:
-
obtaining network configuration information describing a network to be managed by said firewall device;
obtaining policy information describing a policy to be enforced by said firewall device;
establishing a virtual network based on the network configuration information;
transmitting a packet to said firewall device using the virtual network; and
verifying whether or not the action of said firewall device is in accordance with the policy information by monitoring the packet transmitted to said firewall device.
-
-
12. A computer readable medium storing a policy checking program for checking whether or not a policy including a condition and a result is properly set in a firewall device, said program enabling a computer to perform a method:
-
detecting a singular point condition from a policy to be enforced by said firewall device;
selecting predetermined number of ordinary area conditions other than the singular point conditions from the policy to be enforced by said firewall device; and
verifying whether or not results corresponding to the singular point condition and the ordinary area conditions can be obtained by said firewall.
-
Specification