Method and apparatus for enabling enhanced control of traffic propagation through a network firewall
First Claim
1. A method of controlling traffic on a communication network, the method comprising the steps of:
- obtaining, by a network firewall, information from a firewall agent configured to collect information about at least one of user and application activity; and
adjusting filtering rules to be applied by the network firewall at least in part based on the information from the firewall agent.
6 Assignments
0 Petitions
Accused Products
Abstract
A distributed firewall system is used to implement a network firewall with enhanced control over network traffic to allow policy to be implemented on a per-user basis, a per-application basis, a per-user and application basis, and to allow ports to be dynamically opened and closed as needed by the applications. The distributed firewall system may include application identifiers associated with applications running on a network element, one or more firewall agents instantiated on the network element hosting the applications, and a firewall configured to interface with the firewall agents. Communications between the distributed components are secured to allow the firewall to detect if an agent has been compromised, and to allow the firewall agent to determine if the application has been compromised. The distributed firewall system may work in a VPN environment, such as in connection with a VPN server, to implement firewall policy at the point where VPN traffic enters the protected network.
-
Citations
24 Claims
-
1. A method of controlling traffic on a communication network, the method comprising the steps of:
-
obtaining, by a network firewall, information from a firewall agent configured to collect information about at least one of user and application activity; and
adjusting filtering rules to be applied by the network firewall at least in part based on the information from the firewall agent. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A distributed firewall system, comprising:
-
at least one firewall agent configured to collect information about at least one application configured to provide services on a communication network; and
a firewall appliance configured receive at least a portion of the collected information and to apply filter rules to network traffic on the communication network, said filter rules being adjustable based at least in part on the received information. - View Dependent Claims (18, 20, 21, 22, 23)
-
-
19. The distributed firewall system of 17, further comprising at least one application identifier associated with the application and configured to provide path information and application signature information to the firewall agent.
-
24. A Virtual Private Network (VPN) server, comprising:
-
VPN software configured to allow the VPN server to perform at least one of encapsulation and encryption to traffic to be carried on a VPN tunnel; and
firewall software configured to enable the VPN server to apply firewall policy to traffic on the VPN tunnel.
-
Specification