Zone-Based Firewall Policy Model for a Virtualized Data Center
First Claim
1. A method comprising:
- at a virtual network device, defining and storing information representing a first security management zone for a virtual firewall policy comprising one or more common attributes of applications associated with the first security zone;
defining and storing information representing a first firewall rule for the first security zone comprising first conditions for matching common attributes of applications associated with the first security zone, and an action to be performed on application traffic;
receiving parameters associated with the application traffic;
determining if the application traffic parameters satisfy the first conditions of the first firewall rule; and
in response to determining that the first conditions are satisfied, performing the action.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are provided for implementing a zone-based firewall policy. At a virtual network device, information is defined and stored that represents a security management zone for a virtual firewall policy comprising one or more common attributes of applications associated with the security zone. Information representing a firewall rule for the security zone is defined and comprises first conditions for matching common attributes of applications associated with the security zone and an action to be performed on application traffic. Parameters associated with the application traffic are received that are associated with properly provisioned virtual machines. A determination is made whether the application traffic parameters satisfy the conditions of the firewall rule and in response to determining that the conditions are satisfied, the action is performed.
-
Citations
23 Claims
-
1. A method comprising:
-
at a virtual network device, defining and storing information representing a first security management zone for a virtual firewall policy comprising one or more common attributes of applications associated with the first security zone; defining and storing information representing a first firewall rule for the first security zone comprising first conditions for matching common attributes of applications associated with the first security zone, and an action to be performed on application traffic; receiving parameters associated with the application traffic; determining if the application traffic parameters satisfy the first conditions of the first firewall rule; and in response to determining that the first conditions are satisfied, performing the action. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An apparatus comprising:
-
one or more virtual interfaces; and a processor configured to; define and store information representing a first security management zone for a virtual firewall policy comprising one or more common attributes of applications/virtual machines associated with the first security zone; define and store information representing a first firewall rule for the first security zone comprising first conditions for matching common attributes of applications associated with the first security zone, and an action to be performed on application traffic; receive parameters associated with the application traffic; determine if the application traffic parameters satisfy the first conditions of the first firewall rule; and perform the action when it is determined that the first conditions are satisfied. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. One or more computer readable media storing instructions that, when executed by a processor, cause the processor to:
-
define and store information representing a first security management zone for a virtual firewall policy comprising one or more common attributes of applications associated with the first security zone; define and store information representing a first firewall rule for the first security zone comprising first conditions for matching common attributes of applications associated with the first security zone, and an action to be performed on application traffic; receive parameters associated with the application traffic; determine if the application traffic parameters satisfy the first conditions of the first firewall rule; and perform the action when it is determined that the first conditions are satisfied. - View Dependent Claims (20, 21, 22, 23)
-
Specification