Method and apparatus for reconfiguring and managing firewalls and security devices
First Claim
1. A method for reconfiguring network security devices coupled to a network directory services server from a single administration point, the network directory services server providing network directory services to the network security devices, the method comprising:
- providing a hierarchical directory structure having interconnected sub-directories, the hierarchical directory structure coupled to the network security devices and the network directory services server;
storing configuration data for the network security devices at a pre-determined directory location, the network security devices capable of providing security for at least both IP and IPX protocol environments;
copying the configuration data from the predetermined directory location to a first sub-directory using the network directory services provided by the network directory services server in response to a first reconfigure request;
copying the configuration data from the first sub-directory to any lower level sub-directory directly coupled or indirectly coupled to the first sub-directory in the hierarchical directory structure;
installing the configuration data on any network security device coupled to the first sub-directory and any lower level sub-directory directly coupled or indirectly coupled to the first sub-directory; and
updating configuration of the network security devices according to the configuration data.
8 Assignments
0 Petitions
Accused Products
Abstract
A method for reconfiguring network security devices coupled to a network directory services server, the network directory services server providing network directory services to the network security devices, includes the steps of storing configuration data for a first network security device at a pre-determined directory location, copying the configuration data from the predetermined directory location to a directory used by the first network security device using the network directory services in response to a first reconfigure request, and updating configuration of the first network security device according to the configuration data in the directory used by the first network security device.
-
Citations
24 Claims
-
1. A method for reconfiguring network security devices coupled to a network directory services server from a single administration point, the network directory services server providing network directory services to the network security devices, the method comprising:
-
providing a hierarchical directory structure having interconnected sub-directories, the hierarchical directory structure coupled to the network security devices and the network directory services server;
storing configuration data for the network security devices at a pre-determined directory location, the network security devices capable of providing security for at least both IP and IPX protocol environments;
copying the configuration data from the predetermined directory location to a first sub-directory using the network directory services provided by the network directory services server in response to a first reconfigure request;
copying the configuration data from the first sub-directory to any lower level sub-directory directly coupled or indirectly coupled to the first sub-directory in the hierarchical directory structure;
installing the configuration data on any network security device coupled to the first sub-directory and any lower level sub-directory directly coupled or indirectly coupled to the first sub-directory; and
updating configuration of the network security devices according to the configuration data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
storing configuration data for a first subset of the network security devices at the pre-determined directory location, the first subset delineated by a configuration administration tool in association with the network directory services;
copying the configuration data for the first subset of the network security devices from the predetermined directory location to a sub-directory directly coupled or indirectly coupled to said first subset of the network security devices using the network directory services in response to a second reconfigure request;
installing the configuration data on the first subset of the network security devices; and
updating configuration of the first subset of the network security devices according to the configuration data.
-
-
5. The method of claim 4 further comprising receiving the second reconfigure request from the first subset of the network security devices.
-
6. The method of claim 4 further comprising the step of generating the second reconfigure request when operation of the first subset of the network security devices is disrupted.
-
7. The method of claim 1 wherein the network directory services is selected from a class comprising Novell Directory Services, Light weight Directory Access Protocol, and Microsoft Active Directory Services.
-
8. The method of claim 1 further comprising providing a first network security device, wherein the first network security device provides functionality of a firewall.
-
9. A method for configuring network security devices comprising:
-
providing a network directory server providing network directory services to a plurality of network security devices which are capable of providing security for a plurality of network environments;
classifying each network security device into one or more hierarchical classes of network security devices, said hierarchical classes including a network security class, a first network security sub-class, and a second network security sub-class, said first and said second network security sub-classes being sub-classes of said network security class;
storing configuration data for said first and said second network security sub-classes at a first directory location coupled to the network directory server, said first directory location including one or more directories;
copying the configuration data from the first directory location to a first sub-directory using the network directory services provided by the network directory server, in response to a first update request;
copying the configuration data to each sub-directory coupled to said first sub-directory, wherein the first sub-directory and each sub-directory coupled to said first sub-directory are used by network security devices classified within the first network security sub-class; and
updating configuration of network security devices classified within the first network security sub-class according to the configuration data in the respective sub-directories. - View Dependent Claims (10, 11, 12, 13)
updating the configuration data for the second network security sub-class to form updated configuration data for the second network security sub-class;
storing the configuration data for the second network security sub-class at the first directory location;
copying the configuration data from the first directory location to a second sub-directory;
copying the configuration data to each sub-directory coupled to said second sub-directory, wherein the second sub-directory and each sub-directory coupled to said second sub-directory are used by network security devices classified within the second network security sub-class; and
updating configuration of the network security devices classified within the second network security sub-class according to the configuration data in the respective sub-directories.
-
-
12. The method of claim 9 wherein the network directory services is selected from a class comprising Novell Directory Services, Light weight Directory Access Protocol, and Microsoft Active Directory Services.
-
13. The method of claim 9 wherein the network security devices classified within the first network security sub-class include firewall functionality.
-
14. A network of network security devices including a computer system for reconfiguring the network security devices and for providing directory services to the network security devices, the computer system including:
-
a processor; and
a computer readable media including;
code that directs the processor to provide a hierarchical directory structure having interconnected sub-directories, the hierarchical directory structure coupled to the network security devices;
code that directs the processor to store configuration data for the network security devices at a pre-determined directory location, the network security devices capable of providing security for at least both IP and IPX protocol environments;
code that directs the processor to copy the configuration data from the predetermined directory location to a first sub-directory using the directory services, in response to a reconfigure request;
code that directs the processor to copy the configuration data from the first sub-directory to any lower level sub-directory directly coupled or indirectly coupled to the first sub-directory in the hierarchical directory structure;
code that directs the processor to install the configuration data on any network security device coupled to the first sub-directory and any lower level sub-directory directly coupled or indirectly coupled to the first sub-directory; and
code that directs the first network security device to reconfigure according to the configuration data in the sub-directory used by the first network security device. - View Dependent Claims (15, 16, 17, 18)
code that directs the processor to store configuration data for a second network security device at the pre-determined directory location;
code that directs the processor to copy the configuration data for the second network security device from the predetermined directory location to a second sub-directory using the directory services, in response to a reconfigure request;
code that directs the processor to copy the configuration data from the second sub-directory to any lower level sub-directory directly coupled or indirectly coupled to the second sub-directory in the hierarchical directory structure;
code that directs the processor to install the configuration data on the second network security device coupled to the second sub-directory; and
code that directs the second network security device to reconfigure according to the configuration data for the second network security device in the second sub-directory used by the second network security device.
-
-
16. The network of claim 15 wherein the network security devices are based upon a Novell IntranetWare operating system, and the second network security device is based upon an operating system selected from the class comprising WindowsNT, Novell NetWare, Novell IntranetWare, and UNIX.
-
17. The network of claim 14 wherein the directory services is selected from a class comprising Novell Directory Services, Lightweight Directory Access Protocol, and Microsoft Active Directory Services.
-
18. The network of claim 14 wherein the network security devices include firewall features.
-
19. A method for reconfiguring one or more network security devices from a single administration point, the network security devices coupled to a network directory services server, the network directory services server providing network directory services to the network security devices, the method comprising:
-
storing configuration data at a predetermined directory location, the directory location coupled to the network directory services server;
classifying each of the one or more network security devices into a hierarchical directory structure, the directory structure comprising a plurality of subdirectories;
copying the configuration data from the directory location to a first subdirectory using the network directory services in response to an update request;
copying the configuration data to each subdirectory directly coupled or indirectly coupled to the first subdirectory in the hierarchical directory structure;
installing the configuration data on all network security devices coupled to the first subdirectory and each subdirectory directly coupled or indirectly coupled to the first subdirectory. - View Dependent Claims (20, 21, 22, 23, 24)
-
Specification