Web-based administration of IP tunneling on internet firewalls

US 5,864,666 A
Filed: 12/23/1996
Issued: 01/26/1999
Est. Priority Date: 12/23/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method for administering tunneling on a firewall computer between a secure computer network and a nonsecure computer network, comprising the steps of:

presenting a graphical depiction of tunnels between addresses in the networks as lines connecting icons representing network addresses, wherein the graphical depiction of tunnels can be selectively altered to show all defined tunnels, show only active tunnels or show only inactive tunnels;

responsive to user selection, from a user, of a first line, displaying a selected tunnel definition represented by the first line; and

responsive to user input, from the user, performing an action on the selected tunnel definition.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Administering tunneling on a firewall computer between a secure computer network and a nonsecure computer network in a web based interface is disclosed. Tunnels are displayed in graphical depictions as lines connecting icons representing network addresses. User selection of a line, will bring up a selected tunnel definition represented by the first line is displayed in another pane in the interface or a list of filter rules applicable to the tunnel. At this point, an action on the selected tunnel definition may be performed responsive to user input. Queries can be run on a tunnel definition to determine whether any existing tunnel definitions match the entered tunnel definition, or whether there are any filter rules in effect for a given tunnel definition. The results of the query are displayed in a scatter bar in another pane in the user interface, wherein locations of matches are indicated by lines through the scatter bar. A small bar is displayed proximate to the scatter bar, the small bar indicating the position of the displayed list relative to a complete list represented by the scatter bar.

184 Citations

30 Claims

1. A method for administering tunneling on a firewall computer between a secure computer network and a nonsecure computer network, comprising the steps of:
- presenting a graphical depiction of tunnels between addresses in the networks as lines connecting icons representing network addresses, wherein the graphical depiction of tunnels can be selectively altered to show all defined tunnels, show only active tunnels or show only inactive tunnels;
  
  responsive to user selection, from a user, of a first line, displaying a selected tunnel definition represented by the first line; and
  
  responsive to user input, from the user, performing an action on the selected tunnel definition.
- View Dependent Claims (2, 3, 4)
- - 2. The method as recited in claim 1 wherein the lines are drawn in different manners each indicating a property of the respective tunnel.
  - 3. The method as recited in claim 2 wherein the property is a security status enabled for the tunnel.
  - 4. The method as recited in claim 1 wherein the graphical depiction includes an indicia to indicate the direction from which each tunnel originated.

5. A method for administering tunneling on a firewall computer between a secure computer network and a nonsecure computer network, comprising the steps of:
- presenting a user interface having a first pane in which a tunnel definition can be entered;
  
  responsive to user input, from the user, running a query on an entered tunnel definition to determine whether any existing tunnel definitions match the entered tunnel definition;
  
  displaying results of the query in a scatter bar in another pane in the user interface, wherein locations of matching tunnel definitions are indicated by lines through the scatter bar; and
  
  responsive to user input from the user, performing an action on a selected tunnel definition.
- View Dependent Claims (6, 7)
- - 6. The method as recited in claim 5 further comprising the steps of:
    - displaying a list of tunnel definitions in a third pane wherein the matching tunnel definitions are displayed in a different manner than nonmatching tunnel definitions; and
      
      displaying a small bar proximate to the scatter bar, the small bar indicating a position of the list of tunnel definitions displayed in the third pane relative to a complete list of tunnel definitions represented by the scatter bar.
  - 7. The method as recited in claim 5 further comprising the step of displaying a small bar proximate to the scatter bar indicating a concentration of matching tunnel definitions.

8. A method for administering tunneling on a firewall computer between a secure computer network and a nonsecure computer network, comprising the steps of:
- presenting a graphical depiction of tunnels between addresses in the networks as lines connecting icons representing network addresses;
  
  responsive to user selection, from a user, of a first line, displaying a list of filter rules applicable to a selected tunnel represented by the first line;
  
  displaying a list of filter rules in a scatter bar, wherein location of the filter rules applicable to the selected tunnel are indicated by lines through the scatter bar; and
  
  responsive to user input, from the user, performing an action on a selected filter rule.
- View Dependent Claims (9, 10)
- - 9. The method as recited in claim 8wherein the display of the scatter bar is responsive to a query on the selected tunnel to determine whether any existing filter rules are applicable to the selected tunnel.
  - 10. The method as recited in claim 9 further comprising the steps of:
    - displaying matching filter rules in a different manner than nonmatching filter rules in the list of filter rules; and
      
      displaying a small bar proximate to the scatter bar, the small bar indicating a position of the list of filter rules relative to a complete list of filter rules represented by the scatter bar.

11. A system including processor and memory for administering tunneling on a firewall computer between a secure computer network and a nonsecure computer network, comprising:
- means for presenting a graphical depiction of tunnels between addresses in the networks as lines connecting icons representing network addresses, wherein the graphical depiction of the tunnels can be selectively altered to show defined tunnels, show only active tunnels or show only inactive tunnels;
  
  means responsive to user selection, from a user, of a first line, for displaying a selected tunnel definition represented by the first line; and
  
  means responsive to user input, from the user, for performing an action on the selected tunnel definition.
- View Dependent Claims (12, 13, 14)
- - 12. The system as recited in claim 11 wherein the lines are drawn in different manners each indicating a property of the respective tunnel.
  - 13. The system as recited in claim 12 wherein the property is a security status enabled for the tunnel.
  - 14. The system as recited in claim 11 wherein the graphical depiction includes an indicia of the direction from which each tunnel originated.

15. A system including processor and memory for administering tunneling on a firewall computer between a secure computer network and a nonsecure computer network, comprising:
- means for presenting a user interface having a first pane in which a tunnel definition can be entered;
  
  means responsive to user input from a user for running a query on an entered tunnel definition to determine whether any existing tunnel definitions match the entered tunnel definition;
  
  means for displaying results of the query in a scatter bar in another pane in the user interface, wherein locations of matching tunnel definitions are indicated by lines through the scatter bar; and
  
  means responsive to user input from the user for performing an action on a selected tunnel definition.
- View Dependent Claims (16, 17)
- - 16. The system as recited in claim 15 further comprising the steps of:
    - means for displaying a list of tunnel definitions in a third pane wherein the matching tunnel definitions are displayed in a different manner than nonmatching tunnel definitions; and
      
      means for displaying a small bar proximate to the scatter bar, the small bar indicating a position of the list of tunnel definitions displayed in the third pane relative to a complete list of tunnel definitions represented by the scatter bar.
  - 17. The system as recited in claim 15 further comprising means for displaying a small bar proximate to the scatter bar indicating a concentration of matching tunnel definitions.

18. A system including processor and memory for administering tunneling on a firewall computer between a secure computer network and a nonsecure computer network, comprising:
- means for presenting a graphical depiction of tunnels between addresses in the networks as lines connecting icons representing network addresses;
  
  means responsive to user selection, from a user, of a first line for displaying a list of filter rules applicable to a selected tunnel represented by the first line; and
  
  means for displaying a list of filter rules in a scatter bar, wherein location of the filter rules applicable to the selected tunnel are indicated by lines through the scatter bar;
  
  means responsive to user input, from the user, for performing an action on a selected filter rule.
- View Dependent Claims (19, 20)
- - 19. The system as recited in claim 18wherein the display of the scatter bar is responsive to a query on the selected tunnel to determine whether any existing filter rules are applicable to the selected tunnel.
  - 20. The system as recited in claim 19 further comprising:
    - means for displaying matching filter rules in a different manner than nonmatching filter rules in the list of filter rules; and
      
      means for displaying a small bar proximate to the scatter bar, the small bar indicating a position of the list of filter rules relative to a complete list of filter rules represented by the scatter bar.

21. A computer program product in a computer readable medium for administering tunneling on a firewall computer between a secure computer network and a nonsecure computer network, comprising:
- means for presenting a graphical depiction of tunnels between addresses in the networks as lines connecting icons representing network addresses, wherein the graphical depiction of the tunnels can be selectively altered to show defined tunnels, show only active tunnels or show only inactive tunnels;
  
  means responsive to user selection, from a user, of a first line for displaying a selected tunnel definition represented by the first line; and
  
  means responsive to user input, from the user, for performing an action on the selected tunnel definition.
- View Dependent Claims (22, 23, 24)
- - 22. The product as recited in claim 21 wherein the lines are drawn in different manners each indicating a property of the tunnel.
  - 23. The product as recited in claim 22 wherein the property is a security status enabled for the tunnel.
  - 24. The product as recited in claim 21 wherein the graphical depiction includes an indicia to indicate the direction from which each tunnel originated.

25. A computer program product in a computer readable medium for administering tunneling on a firewall computer between a secure computer network and a nonsecure computer network, comprising:
- means for presenting a user interface having a first pane in which a tunnel definition can be entered;
  
  means responsive to user input from a user for running a query on an entered tunnel definition to determine whether any existing tunnel definitions match the entered tunnel definition;
  
  means for displaying results of the query in a scatter bar wherein locations of matching tunnel definitions are indicated by lines through the scatter bar; and
  
  means responsive to user input from the user for performing an action on a selected tunnel definition.
- View Dependent Claims (26, 27)
- - 26. The product as recited in claim 25 further comprising:
    - means for displaying a list of tunnel definitions wherein the matching tunnel definitions are displayed in a different manner than nonmatching tunnel definitions; and
      
      means for displaying a small bar proximate to the scatter bar, the small bar indicating a position of the list of tunnel definitions relative to a complete list of tunnel definitions represented by the scatter bar.
  - 27. The product as recited in claim 25 further comprising means for displaying a small bar proximate to the scatter bar indicating a concentration of matching tunnel definitions.

28. A computer program product in a computer readable medium for administering tunneling on a firewall computer between a secure computer network and a nonsecure computer network, comprising:
- means for presenting a graphical depiction of tunnels between addresses in the networks as lines connecting icons representing network addresses;
  
  means for responsive to user selection, from a user, of a first line for displaying a list of filter rules applicable to a selected tunnel represented by the first line; and
  
  means for displaying a list of filter rules in a scatter bar, wherein location of the filter rules applicable to the selected tunnel are indicated by lines through the scatter bar;
  
  means responsive to user input, from the user for performing an action on a selected filter rule.
- View Dependent Claims (29, 30)
- - 29. The product as recited in claim 28wherein the display of the scatter bar is responsive to a query on the selected tunnel to determine whether any existing filter rules are applicable to the selected tunnel.
  - 30. The product as recited in claim 29 further comprising:
    - means for displaying matching filter rules in a different manner than nonmatching filter rules in the list of filter rules; and
      
      means for displaying a small bar proximate to the scatter bar, the small bar indicating a position of the list of filter rules relative to a complete list of filter rules represented by the scatter bar.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
International Business Machines Corporation
Inventors
Shrader, Theodore Jack London
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
Baderman, Scott T.

Application Number

US08/773,542
Time in Patent Office

764 Days
Field of Search

395/187.01, 395/188.01, 395/186, 395/200.59, 395/183.22, 380/23, 380/25
US Class Current

726/15
CPC Class Codes

H04L 41/22   comprising specially adapte...

H04L 41/28   Restricting access to netwo...

H04L 41/34   Signalling channels for net...

H04L 63/0218   Distributed architectures, ...

Web-based administration of IP tunneling on internet firewalls

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

184 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Web-based administration of IP tunneling on internet firewalls

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

184 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links