Distributed firewall implementation and control
First Claim
Patent Images
1. A method of providing firewall services in a local area network having a plurality of devices comprising:
- determining firewall service capabilities published by each of a first device and a second device in the local area network, the first device and the second device each coupled to a downstream side of a router in the local area network, the router configured to receive traffic destined for the first device and the second device;
determining that the firewall service capabilities published by the second device do not meet a firewall service requirement for the second device in the local area network;
determining that the firewall service capabilities published by the first device meet a firewall service requirement for the first device in the local area network and meet the firewall service requirement for the second device in the local area network;
configuring, by a controller, the router in the local area network to direct traffic destined for the second device to the first device over a first logical connection when the traffic destined for the second device is received by the router from an external network and to direct traffic destined for the second device to the second device over a second logical connection when the traffic destined for the second device is received by the router from the first device in the local area network; and
implementing, by the controller, a distributed firewall system including the first device and the second device in the local area network by configuring the first device to provide firewall service for itself to meet the firewall service requirement for the first device and to provide firewall service for the second device to meet the firewall service requirement for the second device according to the firewall service capabilities published by the first device, wherein the first device is configured to;
filter traffic directed to the first device by the router over the first logical connection according to the firewall service requirement for the first device when the traffic is destined for the first device,filter traffic directed to the first device by the router over the first logical connection according to the firewall service requirement for the second device when the traffic is destined for the second device,re-address the filtered traffic filtered according to the firewall service requirement for the second device to the second device, andtransmit the traffic re-addressed to the second device to the router for delivery to the second device over the second logical connection.
2 Assignments
0 Petitions
Accused Products
Abstract
One or more devices on a network may be configured to provide firewall services for other devices on the network. Each of the firewall service suppliers may publish its capability with respect to firewall services and the service receivers may publish their requirements for firewall services. A manager function may broker the requests and offers to match services and requirements. A default firewall service may be provided to devices not publishing their requirements. Network topologies may be re-configured to first route traffic addressed to a device to its corresponding firewall service provider.
98 Citations
20 Claims
-
1. A method of providing firewall services in a local area network having a plurality of devices comprising:
-
determining firewall service capabilities published by each of a first device and a second device in the local area network, the first device and the second device each coupled to a downstream side of a router in the local area network, the router configured to receive traffic destined for the first device and the second device; determining that the firewall service capabilities published by the second device do not meet a firewall service requirement for the second device in the local area network; determining that the firewall service capabilities published by the first device meet a firewall service requirement for the first device in the local area network and meet the firewall service requirement for the second device in the local area network; configuring, by a controller, the router in the local area network to direct traffic destined for the second device to the first device over a first logical connection when the traffic destined for the second device is received by the router from an external network and to direct traffic destined for the second device to the second device over a second logical connection when the traffic destined for the second device is received by the router from the first device in the local area network; and implementing, by the controller, a distributed firewall system including the first device and the second device in the local area network by configuring the first device to provide firewall service for itself to meet the firewall service requirement for the first device and to provide firewall service for the second device to meet the firewall service requirement for the second device according to the firewall service capabilities published by the first device, wherein the first device is configured to; filter traffic directed to the first device by the router over the first logical connection according to the firewall service requirement for the first device when the traffic is destined for the first device, filter traffic directed to the first device by the router over the first logical connection according to the firewall service requirement for the second device when the traffic is destined for the second device, re-address the filtered traffic filtered according to the firewall service requirement for the second device to the second device, and transmit the traffic re-addressed to the second device to the router for delivery to the second device over the second logical connection. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A local area network having a plurality of devices adapted for configurable firewall protection comprising:
-
a first device coupled to a downstream side of a router, the first device having firewall service capabilities that meet a firewall service requirement for the first device in the local area network; a second device coupled to the downstream side of the router, the second device having firewall service capabilities that do not meet a firewall service requirement for the second device in the local area network; and a controller for implementing a distributed firewall system including the first device and the second device in the local area network when the firewall service capabilities of the first device meet the firewall service requirement for the first device in the local area network and meet the firewall service requirement for the second device in the local area network by; configuring the router in the local area network to direct traffic destined for the second device to the first device over a first logical connection when the traffic destined for the second device is received by the router from an external network and to direct traffic destined for the second device to the second device over a second logical connection when the traffic destined for the second device is received by the router from the first device in the local area network, and configuring the first device to provide firewall service for itself to meet the firewall service requirement for the first device and to provide firewall service for the second device to meet the firewall service requirement for the second device according to the firewall service capabilities of the first device, wherein the first device is configured to; filter traffic directed to the first device by the router over the first logical connection according to the firewall service requirement for the first device when the traffic is destined for the first device, filter traffic directed to the first device by the router over the first logical connection according to the firewall service requirement for the second device when the traffic is destined for the second device, re-address the traffic filtered according the firewall service requirement for the second device to the second device, and transmit the traffic re-addressed to the second device to the router for delivery to the second device over the second logical connection. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer storage medium that does not consist of a signal, the computer storage medium storing computer-executable instructions that, when executed, cause a computing device to perform a method of providing firewall services in a local area network, the method comprising:
-
determining firewall service capabilities published by each of a first device and a second device in the local area network, the first device and the second device each coupled to a downstream side of a router in the local area network, the router configured to receive traffic destined for the first device and the second device; determining that the firewall service capabilities published by the second device do not meet a firewall service requirement for the second device in the local area network; determining that the firewall service capabilities published by the first device meet a firewall service requirement for the first device in the local area network and meet the firewall service requirement for the second device in the local area network; configuring the router in the local area network to direct traffic destined for the second device to the first device over a first logical connection when the traffic destined for the second device is received by the router from an external network and to direct traffic destined for the second device to the second device over a second logical connection when the traffic destined for the second device is received by the router from the first device in the local area network; and implementing a distributed firewall system including the first device and the second device in the local area network by configuring the first device to provide firewall service for itself to meet the firewall service requirement for the first device and to provide firewall service for the second device to meet the firewall service requirement for the second device according to the firewall service capabilities published by the first device, wherein the first device is configured to; filter traffic directed to the first device by the router over the first logical connection according to the firewall service requirement for the first device when the traffic is destined for the first device, filter traffic directed to the first device by the router over the first logical connection according to the firewall service requirement for the second device when the traffic is destined for the second device, re-address the traffic filtered according to the firewall service requirement for the second device to the second device, and transmit the traffic re-addressed to the second device to the router for delivery to the second device over the second logical connection.
-
Specification