Method for deploying a firewall and virtual private network to a computer network

US 8,424,074 B2
Filed: 06/17/2009
Issued: 04/16/2013
Est. Priority Date: 06/17/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A method for deploying a firewall and virtual private network to a computer network having at least one computer and a connection to the Internet with backbone servers thereon, the method comprising:

programming the firewall with generic bridge mode code which sets the firewall to bridge mode and causes the firewall to serve as a bridge allowing all traffic to pass transparently through the firewall and logging computer network traffic data;

shipping the firewall to the computer network location;

installing the firewall between the Internet connection device and any existing switch on the computer network;

generating route mode code based on the computer network traffic data gathered while in bridge mode;

converting the firewall from bridge mode to route mode, such conversion comprising;

programming the firewall from the inside to the outside, wherein the backbone servers are called over the Internet and the route mode code is received back, where the route mode code is then uploaded to the firewall'"'"'s LAN interface;

validating the firewall'"'"'s route mode configuration, such validation comprising;

establishing communication from the inside to the outside creating an inside to outside communication path, wherein the backbone servers are called over the Internet and either an acknowledgement is received back or the computer network traffic data is logged, the firewall is reverted to bridge mode, the computer network traffic data is sent to the backbone servers for analysis and Internet connectivity downtime for the computer network is minimized; and

providing, by the backbone server, a set of recursive Domain Naming System (DNS) servers that allow for DNS resolution independent of the Internet Service Provider (ISP) for the computer network and that ensure devices on the computer network use these DNS servers for IP redirection.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention is an improved system and method of efficiently deploying a large scale roll out of secure networks, including a VPN, to clients with limited or non-existent technical staff. The invention allows for a person with minimal technical skills to install, and, if necessary, uninstall the solution. Through a series of automated and/or remotely-controlled steps provided through connections established from inside the site to a centralized system over an unprotected network, the site'"'"'s network can be secured, updated, and/or reconfigured, and returned to its previous state if errors should occur. Furthermore, a virtual private network (VPN) can be established that allows multiple hosts on the VPN but on different local networks to have the same IP address. Additionally, without any additional hardware and as part of the installation process, the invention protects the site from unauthorized local network devices either by preventing them from passing traffic off the local network or by generating notification of their existence.

8 Citations

View as Search Results

5 Claims

1. A method for deploying a firewall and virtual private network to a computer network having at least one computer and a connection to the Internet with backbone servers thereon, the method comprising:
- programming the firewall with generic bridge mode code which sets the firewall to bridge mode and causes the firewall to serve as a bridge allowing all traffic to pass transparently through the firewall and logging computer network traffic data;
  
  shipping the firewall to the computer network location;
  
  installing the firewall between the Internet connection device and any existing switch on the computer network;
  
  generating route mode code based on the computer network traffic data gathered while in bridge mode;
  
  converting the firewall from bridge mode to route mode, such conversion comprising;
  
  programming the firewall from the inside to the outside, wherein the backbone servers are called over the Internet and the route mode code is received back, where the route mode code is then uploaded to the firewall'"'"'s LAN interface;
  
  validating the firewall'"'"'s route mode configuration, such validation comprising;
  
  establishing communication from the inside to the outside creating an inside to outside communication path, wherein the backbone servers are called over the Internet and either an acknowledgement is received back or the computer network traffic data is logged, the firewall is reverted to bridge mode, the computer network traffic data is sent to the backbone servers for analysis and Internet connectivity downtime for the computer network is minimized; and
  
  providing, by the backbone server, a set of recursive Domain Naming System (DNS) servers that allow for DNS resolution independent of the Internet Service Provider (ISP) for the computer network and that ensure devices on the computer network use these DNS servers for IP redirection.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein the firewall'"'"'s generic bridge mode code eliminates the need for customization prior to installation at the computer network location.
  - 3. The method of claim 1 wherein the firewall'"'"'s generic bridge mode code logs computer network traffic which is sent to the backbone servers for analysis, and enables the generation of the route mode code, thereby eliminating need for personal on-site analysis at the computer network'"'"'s location.
  - 4. The method of claim 1 wherein the firewall has the capability to support the same Internet Protocol (IP) address on both the firewall'"'"'s LAN and WAN interfaces thereby enabling the LAN side of the firewall to take the role of the original computer network default gateway and the WAN side to continue to communicate to the Internet using the original computer network default gateway, avoiding the need to renumber the Internet Protocol (IP) addresses of the computer network.
  - 5. The method of claim 1 wherein once the firewall route mode configuration is validated, the firewall is added to a firewall management application system for monitoring and change control, the firewall application management system being capable of managing thousands of firewalls without the need for static Internet Protocol addresses to minimize Internet costs, and all communication occurs from the inside to the outside thereby eliminating the need to communicate directly to the WAN side of the Internet connection device or to open pinholes for communication through the firewall.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Netsurion LLC (Vendor Safe Technologies Holdings LLC)
Original Assignee
Vendor Safe Technologies LLC
Inventors
Cyprus, Mark E., Ferrill, Jay F.
Primary Examiner(s)
SHAW, PETER C

Application Number

US12/486,133
Publication Number

US 20100325730A1
Time in Patent Office

1,399 Days
Field of Search

726/11, 726/23
US Class Current

726/11
CPC Class Codes

H04L 63/0209   Architectural arrangements,...

H04L 63/0272   Virtual private networks

H04L 63/20   for managing network securi...

Method for deploying a firewall and virtual private network to a computer network

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

8 Citations

5 Claims

Specification

Use Cases

Quick Links

Others

Method for deploying a firewall and virtual private network to a computer network

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

5 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others