Filter rule validation and administration for firewalls
First Claim
1. A method for validating test packets against a set of filter rules for a firewall between a secure computer network and a nonsecure computer network comprising the steps of:
- presenting a user interface in which a test packet can be defined, wherein the user interface includes means for defining values for attributes of the test packet, wherein the attributes of the test packet are selected from a set of attributes of normal packets normally sent between the secure and nonsecure computer networks;
responsive to user input, validating a defined test packet against a set of filter rules in the firewall; and
responsive to failure of the test packet in the validating step, displaying a filter rule which denied the test packet in the set of filter rules.
2 Assignments
0 Petitions
Accused Products
Abstract
Filter rules on a firewall between a secure computer network and a nonsecure computer network are validated from a user interface. A user interface is presented in which a test packet can be defined. The user interface includes controls for defining values for attributes of the test packet, wherein the attributes of the test packet are selected from a set of attributes of normal packets normally sent between the secure and nonsecure computer networks. A defined test packet is validated against a set of filter rules in the firewall or matched against the filter rules to determine those filter rules with matching attributes to the defined packet. When validating, responsive to the failure of the test packet in the validating step, the filter rule in the set of filter rules which denied the test packet is displayed.
-
Citations
27 Claims
-
1. A method for validating test packets against a set of filter rules for a firewall between a secure computer network and a nonsecure computer network comprising the steps of:
-
presenting a user interface in which a test packet can be defined, wherein the user interface includes means for defining values for attributes of the test packet, wherein the attributes of the test packet are selected from a set of attributes of normal packets normally sent between the secure and nonsecure computer networks; responsive to user input, validating a defined test packet against a set of filter rules in the firewall; and responsive to failure of the test packet in the validating step, displaying a filter rule which denied the test packet in the set of filter rules. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for validating test packets against a set of filter rules for a firewall computer between a secure computer network and a nonsecure computer network, comprising the steps of:
-
presenting a user interface in which a test packet can be defined, wherein the user interface includes means for defining values for attributes of the test packet, wherein the attributes of the test packet are selected from a set of attributes of normal packets normally sent between the secure and nonsecure computer networks; responsive to user input, running a query on a test packet to determine whether any filter rules share attributes with the test packet; displaying results of the query in a scatter bar representing a set of filter rules, wherein locations of matching filter rules are indicated by lines through the scatter bar; and responsive to user input, performing an action on a selected filter rule. - View Dependent Claims (7, 11, 12)
-
-
8. A system including processor and memory for validating test packets against a set of filter rules for a firewall between a secure computer network and a nonsecure computer network comprising:
-
means for presenting a user interface in which a test packet can be defined, wherein the user interface includes means for defining values for attributes of the test packet, wherein the attributes of the test packet are selected from a set of attributes of normal packets normally sent between the secure and nonsecure computer networks; means responsive to user input for validating a defined test packet against a set of filter rules in the firewall; and means responsive to failure of the test packet in the validating step for displaying a filter rule which denied the test packet in the set of filter rules. - View Dependent Claims (9, 10)
-
-
13. A system including processor and memory for validating test packets against a set of filtering for a firewall computer between a secure computer network and a nonsecure computer network, comprising:
-
means for presenting a user interface in which a test packet can be defined, wherein the user interface includes means for defining values for attributes of the test packet, wherein the attributes of the test packet are selected from a set of attributes of normal packets normally sent between the secure and nonsecure computer networks; means responsive to user input for running a query on a test packet to determine whether any filter rules share attributes with the test packet; means for displaying results of the query in a scatter bar representing a set of filter rules, wherein locations of matching filter rules are indicated by lines through the scatter bar; and means responsive to user input for performing an action on a selected filter rule. - View Dependent Claims (14)
-
-
15. A computer program product in a computer readable medium for validating test packets against a set of filter rules on a firewall between a secure computer network and a nonsecure computer network comprising:
-
means for presenting a user interface in which a test packet can be defined, wherein the user interface includes means for defining values for attributes of the test packet, wherein the attributes of the test packet are selected from a set of attributes of normal packets normally sent between the secure and nonsecure computer networks; means for responsive to user input for validating a defined test packet against a set of filter rules in the firewall; and means responsive to failure of the test packet in the validating step for displaying a filter rule in the set of filter rules which denied the test packet. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A computer program product in a computer readable medium for validating test packets against a set of filter rules for a firewall computer between a secure computer network and a nonsecure computer network, comprising:
-
means for presenting a user interface in which a test packet can be defined, wherein the user interface includes means for defining values for attributes of the test packet, wherein the attributes of the test packet are selected from a set of attributes of normal packets normally sent between the secure and nonsecure computer networks; means for responsive to user input for running a query on a test packet to determine whether any filter rules share attributes with the test packet; means displaying results of the query in a scatter bar representing a set of filter rules, wherein locations of matching filter rules are indicated by lines through the scatter bar; and means responsive to user input for performing an action on a selected filter rule. - View Dependent Claims (21)
-
-
22. A method for validating test packets against a set filter rules for a firewall between a secure computer network and a nonsecure computer network comprising the steps of:
-
presenting a user interface in which a test packet can be defined, wherein the user interface includes means for defining values for attributes of the test packet, wherein the attributes of the test packet are selected from a set of attributes of normal packets normally sent between the secure and nonsecure computer networks; responsive to user input, validating a defined test packet against a set of filter rules in the firewall; and responsive to failure of the test packet in the validating step, displaying a subset of filter rules which passed the packet and a filter rule which denied the test packet. - View Dependent Claims (23, 24)
-
-
25. A method for validating test packets against a set of filtering for a firewall computer between a secure computer network and a nonsecure computer network, comprising the steps of:
-
presenting a user interface in which a test packet can be defined, wherein the user interface includes means for defining values for attributes of the test packet, wherein the attributes of the test packet are selected from a set of attributes of normal packets normally sent between the secure and nonsecure computer networks; responsive to user input, running a query on a test packet to determine whether which ones of a set of filter rules share attributes with the test packet; and displaying results of the query showing matching filter rules in a different manner from nonmatching filter rules. - View Dependent Claims (26, 27)
-
Specification