Systems and methods for managing networks

US 7,725,921 B2
Filed: 04/22/2004
Issued: 05/25/2010
Est. Priority Date: 04/22/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method for managing networks, comprising:

providing a plurality of network templates that are each associated with a different network topology and include parameters for implementing the associated network topology;

selecting at least one of the plurality of network templates,wherein each of the plurality of network templates includes multiple security policies for a user to select, wherein the multiple security policies are tested for compatibility prior to selection and provide varying levels of security and network performance;

configuring a network device or providing a wizard utility for inputting information to implement the network topology associated with the selected network template based, at least in part, on the parameters, the wizard utility including an address range area to show an address range for the selected network template;

displaying the parameters associated with the selected network template to the user; and

presenting a secondary wizard utility for guiding the user in customizing the selected network template, the secondary wizard utility is further to;

query the user for network addresses to be used for one or more networks in each of the one or more selected network templates; and

present the user with a selection of security policies tailored for the one or more selected network templates by displaying a policy selection area to present available security policies and a policy description area to provide information that describes each security policy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The described systems and methods are directed at managing networks using network templates. Each network template is associated with a different network topology and includes parameters for implementing the associated network topology. A user may implement a particular network topology by selecting a corresponding network template. A configurator may be used to configure a network device to implement the network topology associated with the selected network template based, at least in part, on the parameters.

13 Citations

View as Search Results

29 Claims

1. A method for managing networks, comprising:
- providing a plurality of network templates that are each associated with a different network topology and include parameters for implementing the associated network topology;
  
  selecting at least one of the plurality of network templates,wherein each of the plurality of network templates includes multiple security policies for a user to select, wherein the multiple security policies are tested for compatibility prior to selection and provide varying levels of security and network performance;
  
  configuring a network device or providing a wizard utility for inputting information to implement the network topology associated with the selected network template based, at least in part, on the parameters, the wizard utility including an address range area to show an address range for the selected network template;
  
  displaying the parameters associated with the selected network template to the user; and
  
  presenting a secondary wizard utility for guiding the user in customizing the selected network template, the secondary wizard utility is further to;
  
  query the user for network addresses to be used for one or more networks in each of the one or more selected network templates; and
  
  present the user with a selection of security policies tailored for the one or more selected network templates by displaying a policy selection area to present available security policies and a policy description area to provide information that describes each security policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method as recited in claim 1, wherein the network device is a firewall.
  - 3. The method as recited in claim 1, wherein the parameters for implementing the associated selected network template include at least one of network identifiers, grouping, relationship, or policy.
  - 4. The method as recited in claim 1, further comprising:
    - determining addresses associated with private networks included in the selected network template; and
      
      configuring the network device with the addresses.
  - 5. The method as recited in claim 4, wherein the private networks include at least one of an internal network, a perimeter network, a DMZ network, a departmental network, a virtual private network (VPN), or an intranet.
  - 6. The method as recited in claim 1, further comprising:
    - enabling a selection of at least one policy from a set of policies associated with the selected network templates; and
      
      upon receiving a selection, configuring the network device with the selected policy.
  - 7. The method as recited in claim 6, further comprising customizing the selected network template with the selected policy.
  - 8. The method as recited in claim 1, wherein the network topologies associated with the plurality of network templates include at least one of an edge firewall, a 3-Leg demilitarized zone (DMZ), a front firewall, a back firewall, a departmental firewall, a branch office, and a line filter.
  - 9. The method as recited in claim 7, wherein each network template is pre-defined and pre-tested prior to selecting the one or more network templates.

10. A method for configuring a firewall, comprising:
- selecting one or more of a plurality of network templates that each include parameters associated with a particular network topology,wherein each of the plurality of network templates consists of multiple security policies for a user to select, wherein the multiple security policies are tested for compatibility prior to selection and provide varying levels of security and network performance;
  
  providing a wizard utility to input information for implementing the network topology associated with the selected network template, the wizard utility including an address range area to show an address range for the selected network template;
  
  presenting a secondary wizard utility to guide the user in customizing the selected network template, the secondary wizard utility is further to;
  
  query the user for network addresses to be used for one or more networks in each of the one or more selected network templates; and
  
  present the user with a selection of security policies tailored for the one or more selected network templates by displaying a policy selection area to present available security policies and a policy description area to provide information that describes each security policy;
  
  determining addresses associated with private networks coupled to the firewall; and
  
  configuring the firewall to implement the network topology in accordance with the parameters included in the selected network template and the addresses.
- View Dependent Claims (11, 12)
- - 11. The method as recited in claim 10, further comprising:
    - presenting a plurality of security policies associated with the selected network template for selection;
      
      receiving a selection of at least one of the security policies; and
      
      configuring the firewall to implement the selected security policy.
  - 12. The method as recited in claim 10, further comprising:
    - determining at least one security policy associated with the selected network template; and
      
      configuring the firewall to implement the determined security policy.

13. A system, comprising:
- a firewall coupled to a plurality of private networks and an external network; and
  
  a configurator coupled to the firewall, the configurator including a plurality of network templates having parameters associated with a particular network topology, the configurator is to select at least one of the network templates and to configure the firewall with the parameters associated with the selected network template,wherein each of the plurality of network templates includes multiple security policies for the configurator to select, wherein further the multiple security policies are tested for compatibility prior to selection and provide varying levels of security and network performance;
  
  a wizard utility associated with the configurator to input information for implementing the network topology associated with the selected network template, the wizard utility including an address range area to show an address range for the selected network template; and
  
  a secondary wizard utility associated with the configurator to guide the user in customizing the selected network template, the secondary wizard utility is further to;
  
  query the user for network addresses to be used for one or more networks in each of the one or more selected network templates; and
  
  present the user with a selection of security policies tailored for the one or more selected network templates by displaying a policy selection area to present available security policies and a policy description area to provide information that describes each security policy.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The system as recited in claim 13, wherein the configurator is to further determine addresses associated with the private networks and to configure the firewall with the addresses.
  - 15. The system as recited in claim 13, wherein the configurator is to further determine the addresses from user input.
  - 16. The system as recited in claim 13, wherein the configurator is to further determine security policies associated with a selected network template and to apply at least one of the security policies to configure the firewall.
  - 17. The system as recited in claim 16, wherein the configurator is to further enable a user selection of the at least one security policy.
  - 18. The system as recited in claim 13, wherein the configurator is to further automatically apply a default security policy associated with the selected network template.
  - 19. The system as recited in claim 13, wherein the private networks include at least one of an internal network, a perimeter network, a DMZ network, a departmental network, a virtual private network (VPN), or an intranet.
  - 20. The system as recited in claim 13, wherein the external networks include at least one of a wide area network (WAN) or the Internet.

21. A computer-readable storage medium, comprising:
- a data structure representing a plurality of network templates that are each associated with a different network topology;
  
  wherein each of the plurality of network templates consists of multiple security policies for selection, wherein the multiple security policies are tested for compatibility prior to selection and provide varying levels of security and network performance;
  
  a wizard utility to select at least one of the plurality of network templates and to input information for implementing the network topology associated with the selected network template, the wizard utility including an address range area to show an address range for the selected network template;
  
  a secondary wizard utility for guiding a user in customizing the at least one of the plurality of network templates, the secondary wizard utility is further to;
  
  query the user for network addresses to be used for one or more networks in each of the one or more selected network templates; and
  
  present the user with a selection of security policies tailored for the one or more selected network templates by displaying a policy selection area to present available security policies and a policy description area to provide information that describes each security policy; and
  
  information for implementing the associated network topology with a firewall.
- View Dependent Claims (22, 23, 24, 25, 26, 27)
- - 22. The computer-readable storage medium as recited in claim 21, wherein the information in the data structure includes network identifiers representing networks and network nodes that are included in a network topology associated with at least one of the network templates.
  - 23. The computer-readable storage medium as recited in claim 21, wherein the information in the data structure includes grouping identifiers representing groups of networks in a network topology associated with at least one of the network templates.
  - 24. The computer-readable storage medium as recited in claim 21, wherein the information in the data structure includes relationship identifiers representing how networks in a network topology associated with at least one of the network templates relate and interact with each other.
  - 25. The computer-readable storage medium as recited in claim 21, wherein the information in the data structure includes security policies related to a network topology associated with at least one of the network templates.
  - 26. The computer-readable storage medium as recited in claim 21, wherein the information in the data structure includes data for presenting at least one of the network templates in a user interface.
  - 27. The computer-readable storage medium as recited in claim 21, wherein the data structure is in extensible markup language (XML).

28. A method for handling networking information in a user interface, comprising:
- graphically presenting a plurality of network templates on the user interface, each network template including parameters associated with a particular network topology;
  
  selecting at least one of the network templates;
  
  providing a wizard utility for inputting information for implementing the network topology associated with the selected network template, the wizard utility including an address range area to show an address range for the selected network template,wherein the wizard utility enables the input of at least one of addresses associated private networks, security policy selection, and information for customizing at least one of the network templates;
  
  presenting a secondary wizard utility that guides a user in customizing the at least one of the selected network templates, the secondary wizard utility is further to;
  
  query the user for network addresses to be used for one or more networks in each of the one or more selected network templates; and
  
  present the user with a selection of security policies tailored for the one or more selected network templates by displaying a policy selection area to present available security policies and a policy description area to provide information that describes each security policy; and
  
  graphically presenting information associated with the implemented network topology.
- View Dependent Claims (29)
- - 29. The method as recited in claim 28, wherein graphically presenting the plurality of network templates on the user interface includes presenting a graph that illustrates the network topology associated with each network template.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Trutner, Oren, Goltz, Keren, Lior, Linda, Kurtz, Adi, Ein-Gil, Boaz, Ben-Zew, Uri, Hagege, Adina
Primary Examiner(s)
TRAN, ELLEN C

Application Number

US10/830,912
Publication Number

US 20050240990A1
Time in Patent Office

2,224 Days
Field of Search

726/11, 726/13, 726/15, 726/1, 726/14
US Class Current

726/1
CPC Class Codes

H04L 63/0227 Filtering policies mail mes...

Systems and methods for managing networks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for managing networks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links