Host firewall integration with edge traversal technology
First Claim
1. A method of authorizing traffic received at a host firewall of a host within a local network and destined for a target in the host, the method comprising:
- determining an edge traversal context indicating whether the traffic traversed an edge of the local network to reach the host;
evaluating the traffic against a firewall rule that includes an edge traversal criterion;
authorizing the traffic to pass through the host firewall to the target, if the traffic satisfies the firewall rule based on the determined edge traversal context of the traffic.
2 Assignments
0 Petitions
Accused Products
Abstract
A host firewall can determine and consider whether unsolicited traffic is inbound from beyond the edge of the network and allow or block such traffic based at least in part upon this characteristic. In one implementation, an edge traversal parameter can be set on a host firewall rule, which typically includes other parameters such as port, protocol, etc. If the unsolicited traffic received via an edge traversal interface matches a host firewall rule that has the edge traversal criterion, then the firewall does not block the traffic. On the other hand, if the unsolicited traffic received via an edge traversal interface fails to satisfy the edge traversal criterion on any firewall rule, then the firewall blocks the traffic.
-
Citations
20 Claims
-
1. A method of authorizing traffic received at a host firewall of a host within a local network and destined for a target in the host, the method comprising:
-
determining an edge traversal context indicating whether the traffic traversed an edge of the local network to reach the host; evaluating the traffic against a firewall rule that includes an edge traversal criterion; authorizing the traffic to pass through the host firewall to the target, if the traffic satisfies the firewall rule based on the determined edge traversal context of the traffic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-readable storage medium having computer-executable instructions for performing a computer process that authorizes traffic received at a host firewall of a host within a local network and destined for a target in the host, the computer process comprising:
-
determining an edge traversal context indicating whether the traffic traversed an edge of the local network to reach the host; evaluating context of the traffic against a firewall rule that includes an edge traversal criterion; authorizing the traffic to pass through the host firewall to the target, if the context of the traffic satisfies the firewall rule based on the determined edge traversal context of the traffic. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A host computer that authorizes traffic received of the host within a local network, the host computer comprising:
-
a target in the host to which the traffic is destined; a host firewall that determines an edge traversal context indicating whether the traffic traversed an edge of the local network to reach the host, evaluates the traffic against a firewall rule that includes an edge traversal criterion, and authorizes the traffic to pass through the host firewall to the target, if the traffic satisfies the firewall rule based on the determined edge traversal context of the traffic. - View Dependent Claims (18, 19, 20)
-
Specification