Method of managing a network device, a management system, and a network device
First Claim
1. A method of managing a firewall device, said method comprisingsetting up, by a management system in response to a command inputted by an administrator, a first network connection from the management system to a firewall device having a first configuration,providing a second configuration to said firewall device by said management system over said first network connection, starting to apply said second configuration temporarily as a new configuration in said firewall device,storing said first configuration as a fallback configuration in said firewall device,starting, by said firewall device, an independent and automatic self-diagnostics procedure which includes(i) measuring, by said firewall device, a time elapsed after said temporarily starting to apply said second configuration as the new configuration,(ii) monitoring, by said firewall device, if a subsequent test network connection is received and successfully set up from said management system to said firewall device before said measured elapsed time exceeds a predetermined time limit in order to test operation of the new configuration,(iii) diagnosing, independently and automatically by said firewall device, that said temporarily applied second configuration operates correctly, setting said second configuration permanently as the new configuration in said firewall device, and ending said independent and automatic self-diagnostics procedure, if said second network connection is received and successfully set up before said measured elapsed time exceeds said predetermine time limit, and(iv) diagnosing, independently and automatically by said firewall device that said temporarily applied second configuration fails to operate correctly, ending application of said second configuration as the new configuration in said firewall device, and returning to use said stored first configuration in said firewall device, if said second network connection from said management system is not received and successfully set up to said firewall device before said measured elapsed time exceeds said predetermined time limit.
9 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to a method of managing a network device, a network device, and a management system. A configuration of a firewall is changed over a network connection by a remote management system (10). The firewall (11) applies the change configuration after receiving a command from the management system (10). Shortly after the changed configuration is applied, the management system (10) takes a new connection to the firewall (11). With this new connection, the configuration is accepted for permanent use in the firewall (11). If a new connection is not successfully set-up within a given time limit, the firewall (11) will automatically return to use the old configuration. Thereby, the firewall (11) is able to restore from any loss of management connection caused by a mistake in the changed configuration.
15 Citations
14 Claims
-
1. A method of managing a firewall device, said method comprising
setting up, by a management system in response to a command inputted by an administrator, a first network connection from the management system to a firewall device having a first configuration, providing a second configuration to said firewall device by said management system over said first network connection, starting to apply said second configuration temporarily as a new configuration in said firewall device, storing said first configuration as a fallback configuration in said firewall device, starting, by said firewall device, an independent and automatic self-diagnostics procedure which includes (i) measuring, by said firewall device, a time elapsed after said temporarily starting to apply said second configuration as the new configuration, (ii) monitoring, by said firewall device, if a subsequent test network connection is received and successfully set up from said management system to said firewall device before said measured elapsed time exceeds a predetermined time limit in order to test operation of the new configuration, (iii) diagnosing, independently and automatically by said firewall device, that said temporarily applied second configuration operates correctly, setting said second configuration permanently as the new configuration in said firewall device, and ending said independent and automatic self-diagnostics procedure, if said second network connection is received and successfully set up before said measured elapsed time exceeds said predetermine time limit, and (iv) diagnosing, independently and automatically by said firewall device that said temporarily applied second configuration fails to operate correctly, ending application of said second configuration as the new configuration in said firewall device, and returning to use said stored first configuration in said firewall device, if said second network connection from said management system is not received and successfully set up to said firewall device before said measured elapsed time exceeds said predetermined time limit.
-
6. A method of managing a firewall device, said method comprising
setting up, by a management system in response to a command inputted by an administrator, a first network connection from the management system to a firewall device having a first configuration, providing a second configuration to said firewall device by said management system over said first network connection, said firewall device starting to apply said second configuration temporarily as a new configuration in said firewall device in a timed manner according to timing parameters defined during said providing step, storing said first configuration as a fallback configuration in said firewall device, releasing the first network connection, said firewall device starting an automatic and independent self-diagnostics procedure that requests said management system to set up a subsequent second test network connection upon said firewall device starts to temporarily apply the second configuration as the new configuration, initiating a set up of said second test network connection from said management system to said firewall device in order to test the operation of the new configuration, and said firewall device diagnosing independently and automatically that said second configuration operates correctly, and setting said temporarily applied second configuration permanently as the new configuration in said firewall device, if said self-diagnostics procedure detects that said second network connection is received and successfully set up, and said firewall device diagnosing independently and automatically that said second configuration fails to operate correctly, and ending temporary application of said second configuration as the new configuration in said firewall device and returning to use said stored first configuration in said firewall device if said self-diagnostics procedure detects that said second connection from said management system is not received and set up within a predetermined period of time after starting to apply said second configuration as the new configuration in said firewall device.
-
7. A network device managed remotely by a management system, said device comprising
a first mechanism configured to apply a first configuration in said network device, a second mechanism enabling said management system to provide a second configuration over a first network connection setup from said management system, a third mechanism configured to apply said second configuration temporarily as a new configuration in said network device, a memory configured to store said first configuration as a fallback configuration in said network device, and an independent and automatic self-diagnostics mechanism configured to independently-and automatically diagnose that said second configuration operates correctly, and to accept said temporarily applied second configuration for permanent use as the new configuration, if said self-diagnostics mechanism detects that a subsequent second test network connection is received and successfully set up from said management system within a predetermined period of time after starting to apply said second configuration temporarily as the new configuration in said network device, and diagnose that said second configuration fails to operate correctly to end application of said second configuration as the new configuration in said network device and to return said network device to use said stored first configuration if said self-diagnostics mechanism detects that said subsequent second test network connection is not received and successfully set up from said management system within a predetermined period of time after starting application of said second configuration temporarily as the new configuration in the network device.
-
11. A system comprising a network device and a management system for remote management of said network device, wherein said management system includes
a first mechanism configured to, in response to a command inputted by an administrator, set up a first network connection to said network device for changing a configuration temporarily to a new configuration and for storing an old configuration as a fallback configuration in said network device, and a second mechanism for setting up a new test connection to said network device within a predetermined period of time after said first network connection or after a request from said network device, in order to approve said changed configuration for a permanent use as the new configuration in said network device if the test connection is successful, while a failure to set up said test connection causes the network element to return to use said stored fallback configuration, and wherein said network device includes a third mechanism configured to apply said changed configuration temporarily as the new configuration in said network device, a memory configured to store the old configuration as a fallback configuration in said network device, and an automatic and independent self-diagnostics mechanism configured to automatically and independently diagnose that said second configuration operates correctly, and to accept said temporarily applied new configuration for permanent use as the new configuration, if said self-diagnostics procedure detects that the test network connection is successfully received and set up from said management system within a predetermined period of time after starting to apply said changed configuration temporarily as the new configuration in said network device, and diagnose that said second configuration fails to operate correctly, and to end to apply said changed configuration as the new configuration in said network device and to independently return said network device to use said stored old configuration if said self-diagnostics mechanism detects that a subsequent second test network connection is not received and successfully set up from said management system within a predetermined period of time after starting to apply said second configuration temporarily as the new configuration in said network device.
-
14. A computer-readable storage medium, containing a computer software, wherein executing said software in a computer causes the computer to operate as a firewall device and to execute the steps of
using a first configuration in said firewall device, receiving a second configuration over a first network connection from a management system, applying said second configuration temporarily as a new configuration in said firewall device, storing said first configuration as a fallback configuration in said firewall device, an independent and automatic self-diagnostics procedure that includes (i) monitoring if a subsequent second test network connection is received and successfully set up from said management system to said firewall device within a predetermined period of time after starting to apply said second configuration in order to test operation of the new configuration, (ii) diagnosing independently and automatically that said second configuration operates correctly, and accepting said temporarily applied second configuration permanently as the new configuration in said firewall device, if said self-diagnostics procedure detects that the subsequent second test network connection is received and successfully set up from said management system to test the new configuration, and (iii) diagnosing independently and automatically that said second configuration fails to operate correctly, and ending said temporary application of said second configuration as the new configuration in said firewall device and returning to use said stored first configuration in said firewall device if said self-diagnostics procedure detects that said second test network connection fails or is not setup within a predetermined period of time after starting to apply the second configuration temporarily as the new configuration.
Specification