Automatically generating rules for connection security
First Claim
1. A method in a computer system for creating security policies for firewall policies and connection policies, the method comprising:
- providing a user interface through which a user can specify security rules relating to firewall policy and connection policy; and
automatically generating firewall rules and connection rules from the specified security rules.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for creating security policies for firewall and connection policies in an integrated manner is provided. The security system provides a user interface through which a user can define a security rule that specifies both a firewall policy and a connection policy. After the security rule is specified, the security system automatically generates a firewall rule and a connection rule to implement the security rule. The security system provides the firewall rule to a firewall engine that is responsible for enforcing the firewall rules and provides the connection rule to an IPsec engine that is responsible for enforcing the connection rules.
-
Citations
20 Claims
-
1. A method in a computer system for creating security policies for firewall policies and connection policies, the method comprising:
-
providing a user interface through which a user can specify security rules relating to firewall policy and connection policy; and
automatically generating firewall rules and connection rules from the specified security rules. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-readable medium containing instructions for controlling a computer system to generate a connection rule, by a method comprising:
-
establishing endpoint information for the connection rule based on local and remote address information of the security rule;
establishing an action for the connection rule based on whether conditions of the security rule can be copied to the connection rule; and
establishing connection security suites for the connection rule based on default security suites. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A computer-readable medium containing a data structure that includes:
-
a firewall action;
conditions that include direction, local application, local service, local address, remote address, local port, and remote port; and
connection security indicating security to be applied to a connection through which data that satisfies the conditions transits. - View Dependent Claims (19, 20)
-
Specification