DEPLOYING FIREWALL FOR VIRTUAL NETWORK DEFINED OVER PUBLIC CLOUD INFRASTRUCTURE
First Claim
1. A method of processing a data message that is sent by a first machine to a second machine through a virtual network that is defined over a plurality of public cloud datacenters, the method comprising:
- at a firewall service machine that is deployed at a first public cloud datacenter,using a set of attributes associated with the data message to identify a firewall rule that is applicable to the data message; and
performing a firewall action specified by the identified firewall rule on the data message, said performing comprising;
dropping the data message when the firewall action specifies that the data message should be dropped; and
allowing the data message to pass through the virtual network when the firewall action specifies that the data message should be allowed to pass through.
3 Assignments
0 Petitions
Accused Products
Abstract
Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity'"'"'s data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.
86 Citations
18 Claims
-
1. A method of processing a data message that is sent by a first machine to a second machine through a virtual network that is defined over a plurality of public cloud datacenters, the method comprising:
at a firewall service machine that is deployed at a first public cloud datacenter, using a set of attributes associated with the data message to identify a firewall rule that is applicable to the data message; and performing a firewall action specified by the identified firewall rule on the data message, said performing comprising; dropping the data message when the firewall action specifies that the data message should be dropped; and allowing the data message to pass through the virtual network when the firewall action specifies that the data message should be allowed to pass through. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
Specification