Firewall system for interconnecting two IP networks managed by two different administrative entities

US 7,299,353 B2
Filed: 08/11/2003
Issued: 11/20/2007
Est. Priority Date: 09/05/2002
Status: Active Grant

First Claim

Patent Images

1. A firewall system for interconnecting a first IP network to a second IP network, wherein a data packet transmitted or received by the first IP network is filtered by using a first firewall function and a data packet transmitted or received by the second IP network is filtered by using a second firewall function, the firewall system comprising:

a console port for enabling an administrator to administer each lP network and to enter filtering rules for updating the associated firewall function;

control means for interconnecting to the console port;

a firewall device in communication with the console port, and comprising a filtering means for performing both the first firewall function and the second firewall function, and for transmitting filtering rules so that each administrator of the first IP network and the second IP network independently manages their respective networks from the console port;

wherein the filtering means further comprises a first filtering unit for performing the first filtering function and a second filtering unit for performing the second firewall function; and

a second network address translation unit interconnected between the second IP network and the second filtering unit for changing a destination IP address of a packet transmitted to the second IP network and for changing the source IP address of a packet received from the second IP network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Firewall system for interconnecting a first IP network (10) to a second IP network (16), these networks belonging to two different entities having each a different administration wherein any data packet transmitted/received by the first IP network is filtered by using a first firewall function and any data packet transmitted/received by the second IP network is filtered by using a second firewall function. The system comprises essentially a single firewall device (20) including filtering means (41, 43) performing both first firewall function and second firewall function, a console port (37) enabling the administrator in charge of each IP network to enter filtering rules for updating the associated firewall function and control means (39, 47, 49) interconnecting the console port and the filtering means for transmitting thereto the filtering rules so that each administrator may independently manage the system from the console port.

84 Citations

View as Search Results

11 Claims

1. A firewall system for interconnecting a first IP network to a second IP network, wherein a data packet transmitted or received by the first IP network is filtered by using a first firewall function and a data packet transmitted or received by the second IP network is filtered by using a second firewall function, the firewall system comprising:
- a console port for enabling an administrator to administer each lP network and to enter filtering rules for updating the associated firewall function;
  
  control means for interconnecting to the console port;
  
  a firewall device in communication with the console port, and comprising a filtering means for performing both the first firewall function and the second firewall function, and for transmitting filtering rules so that each administrator of the first IP network and the second IP network independently manages their respective networks from the console port;
  
  wherein the filtering means further comprises a first filtering unit for performing the first filtering function and a second filtering unit for performing the second firewall function; and
  
  a second network address translation unit interconnected between the second IP network and the second filtering unit for changing a destination IP address of a packet transmitted to the second IP network and for changing the source IP address of a packet received from the second IP network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The firewall system of claim 1, further comprising an IP gateway interconnected between the first filtering unit and the second filtering unit for determining the routing rules to be applied to data packets, and a routing control point in communication with the IP gateway for providing routing rules.
  - 3. The firewall system of claim 1, comprising a first IP gateway in communication with the first IP network for retrieving routing rules from a first routing control point, and a second IP gateway in communication with the second IP network for retrieving routing rules from a second routing control point.
  - 4. The firewall system of claim 3, wherein said control means includes a common control unit connected to the console port for identifying the administrator entering filtering rules through the console port, and a first control unit and a second control unit respectively in communication with the first and second IP networks, for managing the filtering rules.
  - 5. The firewall system of claim 4, further comprising a merge unit connected to the first control unit and to the second control unit for determining whether a rule entered by an administrator is redundant with respect to one of the rules entered by the other administrator.
  - 6. The firewall system of claim 5, wherein the merge unit determines whether to merge two rules when the two rules correspond to the same action, the same protocol, the same port number, or when there is an overlapping source address and/or destination address.
  - 7. The firewall system of claim 6, wherein the merge unit determines whether two rules are identical and if so, transmits one of the rules to a common rule configuration file to be used as filtering rule for both the first and second firewall functions.
  - 8. The firewall system of claim 7, wherein the merge unit determines whether one of two rules is included in the other rule, when the rules are not identical and if so, transmits the included rule to the common rule configuration file.
  - 9. The firewall system of claim 8, wherein a tag is added to each rule before sending the rule to the common rule configuration file, the tag being used to identify the type of rule as determined by the merge unit.
  - 10. The firewall system of claim 9, wherein the merge unit compares a rule entered by the administrator with a subsequent rule entered by the other administrator when the merge unit decides not to merge the two rules and stops comparing when the merge unit decides to merge the rules.
  - 11. The firewall system of claim 10, wherein the firewall device comprises a first firewall device and a second firewail device which are functionally identical for processing respectively the data packets in the data path from the first IP network to the second IP network and the data packets in the data path from the second IP network and the first IP network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Corporation (AT&T, Inc.)
Original Assignee
AT&T Corporation (AT&T, Inc.)
Inventors
Grisi, Nicolas, Bruno, Aurélien, Le Pennec, Jean-François, Sommerlatt, Jean-Marie
Primary Examiner(s)
Peeso; Thomas R.

Application Number

US10/638,839
Publication Number

US 20040049701A1
Time in Patent Office

1,562 Days
Field of Search

713/154, 713/161, 713/162, 713/168, 713/193
US Class Current

713/159
CPC Class Codes

H04L 41/042   comprising distributed mana...

H04L 61/2503   Translation of Internet pro...

H04L 63/0209   Architectural arrangements,...

H04L 63/0263   Rule management

H04L 63/0272   Virtual private networks

Firewall system for interconnecting two IP networks managed by two different administrative entities

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

84 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Firewall system for interconnecting two IP networks managed by two different administrative entities

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

84 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links