Method for deploying a firewall and virtual private network to a computer network
First Claim
1. A method for deploying a firewall and virtual private network to a computer network having at least one computer and a connection to the Internet with backbone servers thereon, the method comprising:
- programming the firewall with generic bridge mode code which sets the firewall to bridge mode and causes the firewall to serve as a bridge allowing all traffic to pass transparently through the firewall and logging computer network traffic data;
shipping the firewall to the computer network location;
installing the firewall between the Internet connection device and any existing switch on the computer network;
generating route mode code based on the computer network traffic data gathered while in bridge mode;
converting the firewall from bridge mode to route mode, such conversion comprising;
programming the firewall from the inside to the outside, wherein the backbone servers are called over the Internet and the route mode code is received back, where the route mode code is then uploaded to the firewall'"'"'s LAN interface;
validating the firewall'"'"'s route mode configuration, such validation comprising;
establishing communication from the inside to the outside creating an inside to outside communication path, wherein the backbone servers are called over the Internet and either an acknowledgement is received back or the computer network traffic data is logged, the firewall is reverted to bridge mode, the computer network traffic data is sent to the backbone servers for analysis and Internet connectivity downtime for the computer network is minimized; and
providing, by the backbone server, a set of recursive Domain Naming System (DNS) servers that allow for DNS resolution independent of the Internet Service Provider (ISP) for the computer network and that ensure devices on the computer network use these DNS servers for IP redirection.
7 Assignments
0 Petitions
Accused Products
Abstract
This invention is an improved system and method of efficiently deploying a large scale roll out of secure networks, including a VPN, to clients with limited or non-existent technical staff. The invention allows for a person with minimal technical skills to install, and, if necessary, uninstall the solution. Through a series of automated and/or remotely-controlled steps provided through connections established from inside the site to a centralized system over an unprotected network, the site'"'"'s network can be secured, updated, and/or reconfigured, and returned to its previous state if errors should occur. Furthermore, a virtual private network (VPN) can be established that allows multiple hosts on the VPN but on different local networks to have the same IP address. Additionally, without any additional hardware and as part of the installation process, the invention protects the site from unauthorized local network devices either by preventing them from passing traffic off the local network or by generating notification of their existence.
8 Citations
5 Claims
-
1. A method for deploying a firewall and virtual private network to a computer network having at least one computer and a connection to the Internet with backbone servers thereon, the method comprising:
-
programming the firewall with generic bridge mode code which sets the firewall to bridge mode and causes the firewall to serve as a bridge allowing all traffic to pass transparently through the firewall and logging computer network traffic data; shipping the firewall to the computer network location; installing the firewall between the Internet connection device and any existing switch on the computer network; generating route mode code based on the computer network traffic data gathered while in bridge mode; converting the firewall from bridge mode to route mode, such conversion comprising;
programming the firewall from the inside to the outside, wherein the backbone servers are called over the Internet and the route mode code is received back, where the route mode code is then uploaded to the firewall'"'"'s LAN interface;validating the firewall'"'"'s route mode configuration, such validation comprising;
establishing communication from the inside to the outside creating an inside to outside communication path, wherein the backbone servers are called over the Internet and either an acknowledgement is received back or the computer network traffic data is logged, the firewall is reverted to bridge mode, the computer network traffic data is sent to the backbone servers for analysis and Internet connectivity downtime for the computer network is minimized; andproviding, by the backbone server, a set of recursive Domain Naming System (DNS) servers that allow for DNS resolution independent of the Internet Service Provider (ISP) for the computer network and that ensure devices on the computer network use these DNS servers for IP redirection. - View Dependent Claims (2, 3, 4, 5)
-
Specification