Network firewall policy configuration facilitation
First Claim
1. A system for providing network-based firewall policy configuration and facilitation associated with a firewall, the system comprising:
- a memory device for storing a program for providing the network-based firewall policy configuration and facilitation associated with the firewall; and
a processor, functionally coupled to the memory device, the processor being responsive to computer-executable instructions contained in the program and operative to;
receive a first request to add an application not currently supported by a user'"'"'s firewall policy,generate a time window during which a user can run the application,receive a firewall modification request to modify the user'"'"'s firewall policy to allow the application,determine whether the application includes one or more questionable packets, andif the application is determined to include one or more questionable packets, modify the user'"'"'s firewall policy to allow packets associated with the application determined not to be questionable to pass through the firewall unblocked and exclude the one or more questionable packets associated with the application from modification of the user'"'"'s firewall policy such that the one or more questionable packets are blocked from passing through the firewall.
8 Assignments
0 Petitions
Accused Products
Abstract
Systems for providing information on network firewall policy configuration facilitation include a firewall facilitation coordinator configured to receive a request to add an application not currently supported by a user'"'"'s firewall policy, and to generate a time window during which a user can run the application and observe which types of packets are utilized by the application. A policy modification agent associated with the firewall is configured to communicate with the firewall facilitation coordinator. The policy modification agent is further configured to receive a firewall modification request from the firewall facilitation coordinator, to accomplish the observation of packets flowing through the firewall during the time window, and to subsequently modify the user'"'"'s firewall policy such that the application is able to communicate as needed through the firewall, rather than being blocked. Other systems and methods are also provided.
66 Citations
44 Claims
-
1. A system for providing network-based firewall policy configuration and facilitation associated with a firewall, the system comprising:
-
a memory device for storing a program for providing the network-based firewall policy configuration and facilitation associated with the firewall; and a processor, functionally coupled to the memory device, the processor being responsive to computer-executable instructions contained in the program and operative to; receive a first request to add an application not currently supported by a user'"'"'s firewall policy, generate a time window during which a user can run the application, receive a firewall modification request to modify the user'"'"'s firewall policy to allow the application, determine whether the application includes one or more questionable packets, and if the application is determined to include one or more questionable packets, modify the user'"'"'s firewall policy to allow packets associated with the application determined not to be questionable to pass through the firewall unblocked and exclude the one or more questionable packets associated with the application from modification of the user'"'"'s firewall policy such that the one or more questionable packets are blocked from passing through the firewall. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for modifying a firewall policy of a network-based firewall, the method comprising:
-
receiving a first request to modify the firewall policy to incorporate filtering rules to allow packets associated with a new application to pass through the network-based firewall without being blocked; sending a user an indication of a time window during which the user can exercise the new application; examining the packets traversing to/from the network-based firewall from/to the user to determine whether the new application includes one or more questionable packets; and if the new application is determined to include one or more questionable packets, then; modifying the firewall policy to allow packets associated with the new application determined not to be questionable to pass through the network-based firewall unblocked, and excluding the one or more questionable packets associated with the new application from modification of the user'"'"'s firewall policy such that the one or more questionable packets are blocked from passing through the network-based firewall. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A computer-readable storage medium for providing network-based firewall policy configuration and facilitation associated with a firewall, comprising:
-
logic configured to receive a first request to modify a firewall policy to incorporate filtering rules to allow packets associated with a new application to pass through the firewall without being blocked; logic configured to send a user an indication of a time window during which the user can exercise the new application; logic configured to examine the packets traversing to/from the firewall from/to the user to determine whether the new application includes one or more questionable packets; and if the application is determined to include one or more questionable packets, logic configured to modify the firewall policy to allow packets associated with the new application determined not to be questionable to pass through the firewall unblocked and exclude the one or more questionable packets associated with the new application from modification of the firewall policy such that the one or more questionable packets are blocked from passing through the firewall. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. A system for providing network-based firewall policy configuration and facilitation associated with a firewall, comprising:
-
a memory device for storing a program for providing the network-based firewall policy configuration and facilitation associated with the firewall; and a processor, functionally coupled to the memory device, the processor being responsive to computer-executable instructions contained in the program and operative to; receive a request to add an application not currently supported by a user'"'"'s firewall policy, generate a time window during which a user can run the application, check packets observed during the time window to be associated with the application to determine whether the packets include one or more questionable packets, when the application is determined to include one or more questionable packets, group the one or more questionable packets by type, prioritize groups of the one or more questionable packets based on a likelihood that the groups will be required to be added to the firewall policy in order to allow the application to function properly, and modify the user'"'"'s firewall policy to allow packets associated with the application determined not to be questionable to pass through the firewall unblocked and exclude the groups of the one or more questionable packets associated with the application from modification of the user'"'"'s firewall policy such that the groups of the one or more questionable packets are blocked from passing through the firewall. - View Dependent Claims (40)
-
-
41. A method for modifying a firewall policy of a network-based firewall, comprising:
-
notifying a coordinating entity of a request to modify the firewall policy to incorporate filtering rules to allow packets from a new application to pass through the network-based firewall without being blocked; notifying a policy modifier of the modification request; sending a user an indication of a time window during which the user can exercise the new application; examining the packets traversing to/from the network-based firewall from/to the user to determine whether the packets include one or more questionable packets; when the application is determined to include one or more questionable packets, grouping the one or more questionable packets by type; prioritizing groups of the one or more questionable packets based on a likelihood that the groups will be required to be added to the firewall policy in order to allow the new application to function properly; modifying the firewall policy to allow packets associated with the application determined not to be questionable to pass through the firewall unblocked; and excluding the groups of the one or more questionable packets associated with the application from modification of the firewall policy such that the groups of the one or more questionable packets are blocked from passing through the firewall. - View Dependent Claims (42)
-
-
43. A computer-readable storage medium for providing network-based firewall policy configuration and facilitation associated with a firewall, comprising:
-
logic configured to notify a coordinating entity of a request to modify a firewall policy to incorporate filtering rules to allow packets from a new application to pass through the firewall without being blocked; logic configured to notify a policy modifier of the modification request; logic configured to send a user an indication of a time window during which the user can exercise the new application; logic configured to examine the packets traversing to/from the firewall from/to the user to determine whether the packets include one or more questionable packets; when the packets are determined to include one or more questionable packets, logic configured to group the one or more questionable packets by type; logic configured to prioritize groups of the one or more questionable packets based on a likelihood that the groups will be required to be added to the firewall policy in order to allow the new application to function properly; and logic configured to modify the firewall policy to allow packets associated with the new application determined not to be questionable to pass through the firewall unblocked and to exclude the groups of the one or more questionable packets associated with the new application from modification of the user'"'"'s firewall policy such that the groups of the one or more questionable packets are blocked from passing through the firewall. - View Dependent Claims (44)
-
Specification