VLAN Router with Firewall Supporting Multiple Security Layers
First Claim
1. A firewall capable of creating a plurality of trust levels for a plurality of computer networks comprising:
- a router and a switch;
wherein the router only permits a packet to pass to a destination when the destination does not have a trust level higher than a trust level of a source of the packet.
0 Assignments
0 Petitions
Accused Products
Abstract
A router containing a firewall capable of supporting a plurality of different security levels. The router of the present invention creates a plurality of Virtual Local Area Networks (VLANs) using a network switch. The VLAN Rules Table (VRT) allows a network administrator to designate a trust level for each VLAN. The trust level may be different for every VLAN and the administrator may designate different rules for each VLAN. The Security Program (SP) analyzes each packet passing through the firewall and determines if the packet is permitted under the rules for the VLAN trust level. An alternative embodiment in which the switch in the router is divided into a plurality of sub-switches is also disclosed. In the alternative embodiment, the firewall need only compare the packet to rules which were not applied in the lower trust levels, eliminating the redundant rules from the comparison process.
-
Citations
32 Claims
-
1. A firewall capable of creating a plurality of trust levels for a plurality of computer networks comprising:
-
a router and a switch; wherein the router only permits a packet to pass to a destination when the destination does not have a trust level higher than a trust level of a source of the packet. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A router comprising:
-
a switch connected to a firewall and a plurality of computer networks; and wherein the firewall creates a plurality of trust levels and associates a trust level with each computer network so that the router permits a packet to pass to a destination only when the destination does not have a trust level higher than a trust level of a source of the packet. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
-
-
17-23. -23. (canceled)
-
24. A program product operable on a computer, the program product comprising:
-
a computer-readable medium; wherein the computer-readable medium comprises instructions comprising; instructions for determining the destination of the packet; instructions for accessing a plurality of rules; instructions for determining the appropriate rules to use to analyze the packet; instructions for analyzing the packet using the rules; instructions for determining if the packet is permitted under the rules; responsive to a determination that the rules permit the packet, instructions for permitting the packet; and responsive to a determination that the rules deny the packet, instructions for denying the packet. - View Dependent Claims (25, 26)
-
-
27. A program product operable on a computer, the program product comprising:
-
a computer-readable medium; wherein the computer-readable medium comprises instructions comprising; instructions for determining the sub-switch location of a packet; instructions for determining a source of the packet; instructions for determining a destination of the packet; instructions for determining if the packet is attempting to go to a higher trust level; and responsive to a determination that the packet is not attempting to go to a higher trust level, instructions for permitting the packet. - View Dependent Claims (28, 29, 30)
-
-
31. A firewall capable of creating a plurality of trust levels for a plurality of computer networks comprising:
-
a plurality of rules; a table defining the relationship between the trust levels, the rules, and the computer networks; a configuration program, wherein the configuration program allows a user to add, delete, or modify the rules and trust levels in the table; a security program, wherein the security program analyzes a packet and determines if the rules permit or deny the packet, the security program comprising; instructions for determining the destination of the packet; instructions for determining the appropriate rules to use to analyze the packet using the table; instructions for analyzing the packet using the rules; instructions for determining if the packet is permitted under the rules; responsive to a determination that the rules permit the packet, instructions for permitting the packet; responsive to a determination that the rules deny the packet, instructions for denying the packet; and responsive to a determination that the rules do not permit or deny the packet, instructions for denying the packet; wherein the packet is permitted to pass to the destination only when the destination does not have a trust level higher than a trust level of a source of the packet. - View Dependent Claims (32)
-
Specification