Methods, systems, and computer program products for network firewall policy optimization
First Claim
Patent Images
1. A method for producing a performance optimized firewall policy, the method comprising:
- (a) defining a firewall policy including an ordered list of firewall rules;
(b) for each rule, defining a probability indicating the likelihood of receiving a packet matching each rule; and
(c) sorting neighboring rules in order of non-increasing probability in a manner that preserves the firewall policy.
4 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and computer program products for firewall policy optimization are disclosed. According to one method, a firewall policy including an ordered list of firewall rules is defined. For each rule, a probability indicating a likelihood of receiving a packet matching the rule is determined. The rules are sorted in order of non-increasing probability in a manner that preserves the firewall policy.
-
Citations
41 Claims
-
1. A method for producing a performance optimized firewall policy, the method comprising:
-
(a) defining a firewall policy including an ordered list of firewall rules;
(b) for each rule, defining a probability indicating the likelihood of receiving a packet matching each rule; and
(c) sorting neighboring rules in order of non-increasing probability in a manner that preserves the firewall policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for firewall policy optimization, the system comprising:
-
(a) a firewall policy editor for allowing a user to define a firewall policy including an ordered list of firewall rules and for receiving input regarding probabilities indicating the likelihood of receiving a packet matching each rule; and
(b) a firewall policy optimizer for sorting neighboring rules in order of non-increasing probability in a manner that preserves the firewall policy. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A network firewall comprising:
-
(a) a firewall policy data structure for storing an ordered list of firewall rules;
(b) a firewall policy engine for implementing a firewall policy by comparing packets to the rules in the order specified by the firewall policy data structure; and
(c) a firewall policy optimizer for optimizing performance of the network firewall by reordering the rules in a manner that reduces an average number of rule comparisons per packet and hat preserves the firewall policy. - View Dependent Claims (28)
-
-
29. A computer program product comprising computer executable instructions embodied in a computer readable medium for performing steps comprising:
-
(a) defining a firewall policy including an ordered list of firewall rules;
(b) for each rule, defining a probability indicating the likelihood of receiving a packet matching each rule; and
(c) sorting neighboring rules in order of non-increasing probability in a manner that preserves the firewall policy. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
Specification