HIERARCHICAL FIREWALLS
First Claim
Patent Images
1. A method of implementing a firewall, the method comprising:
- a) receiving a layer of policies from each of a plurality of entities with different levels of authority; and
b) evaluating received packets based on the received layers of policies, wherein a layer of policies of a higher level of authority can accept a received packet, block the received packet, or delegate a decision of whether to accept or block the received packet to a layer of policies of a lower level of authority.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of implementing a firewall that receives a layer of policies from each of multiple entities with different levels of authority. The method evaluates received packets based on the received layers of policies. A layer of policies of a higher level of authority can accept a received packet, block the received packet, or delegate a decision of whether to accept or block the received packet to a layer of policies of a lower level of authority.
-
Citations
24 Claims
-
1. A method of implementing a firewall, the method comprising:
-
a) receiving a layer of policies from each of a plurality of entities with different levels of authority; and b) evaluating received packets based on the received layers of policies, wherein a layer of policies of a higher level of authority can accept a received packet, block the received packet, or delegate a decision of whether to accept or block the received packet to a layer of policies of a lower level of authority. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
a) providing a firewall coordinator for coordinating firewall policies for each of a plurality of virtual machines running on a plurality of host nodes, wherein the firewall coordinator comprises a policy manager for accepting policies for a particular virtual machine from a plurality of users with multiple authority levels; and b) providing a plurality of firewalls implemented on the plurality of host nodes, wherein the firewalls are for implementing the firewall policies of the users, wherein implementing the policies comprises implementing policies of a user of a higher authority level that contradict policies of a user with a lower authority level.
-
-
12. A security system for controlling passage of data packets to and from a plurality of virtual machines on a plurality of host nodes, the security system comprising:
-
a) a firewall coordinator for coordinating firewall policies for each of the plurality of virtual machines running on a plurality of host nodes, wherein the firewall coordinator comprises a policy manager for accepting policies for a particular virtual machine from a plurality of users with different authority levels; and b) a plurality of firewalls implemented on the plurality of host nodes, wherein the firewalls are for implementing the firewall policies, wherein implementing the policies comprises implementing policies of a user of a higher authority level that contradict policies of a user of a lower authority level. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer readable storage medium storing a computer program which when executed by at least one processor implements a firewall, the computer program comprising:
-
a) a set of instruction for receiving a multiple layer set of policies, wherein each of at least two of the multiple layers were set by entities with different levels of authority; and b) a set of instruction for evaluating received packets based on the received multiple layer set of policies, wherein a layer of policies of a higher level of authority can accept a received packet, block the received packet, or delegate a decision of whether to accept or block the received packet to a layer of policies of a lower level of authority. - View Dependent Claims (21, 22, 23)
-
-
24. For a system that applies a set of policies with different hierarchical levels to determine whether to allow a packet to pass a firewall, a method comprising:
-
a) receiving a first packet and determining at a first hierarchical level to allow the first packet to pass the firewall; b) receiving a second packet and determining at the first hierarchical level to block the first packet; c) receiving a third packet, determining at the first hierarchical level to delegate the determination of whether to allow the third packet to pass to a second hierarchical level; and d) determining at the second hierarchical level to allow the third packet to pass the firewall.
-
Specification