Method and apparatus for graphical presentation of firewall security policy
First Claim
1. A computer program product for reporting permitted message flows through a firewall, the computer program product comprising:
- one or more computer-readable non-transitory storage devices and program instructions stored on the one or more storage devices, the program instructions comprising;
program instructions to generate and display a firewall icon representing the firewall and a network icon, the network icon representing a first network;
program instructions to generate and display a first arrow in a first color pointing from the displayed firewall icon to the displayed network icon to indicate that a first communication is permitted to the first network, the first arrow displayed in the first color to represent a security level of a second network from which the first communication originates and to which the firewall is coupled;
program instructions, responsive to a user selection of the displayed first arrow, to determine and display a list of ports from the second network that are permitted by the firewall to originate messages to the first network and a list of ports of the first network that are permitted by the firewall to receive the messages from the second network;
program instructions to generate and display a second arrow in a second, different color having a substantially triangular tip visually pointing from the displayed firewall icon to the displayed network icon to indicate that a second communication is permitted to the first network, the second arrow displayed in the second, different color to represent a security level of a third network from which the second communication originates and to which the firewall is coupled; and
program instructions, responsive to a user selection of the displayed second arrow, to determine and display a list of ports from the third network that are permitted by the firewall to originate messages to the first network and a list of ports of the first network that are permitted by the firewall to receive the messages from the third network; and
wherein the second network has a different security level than the third network as indicated by the first and second arrows being respectively displayed in the first and second, different colors.
1 Assignment
0 Petitions
Accused Products
Abstract
A graphical representation of the firewall and a network coupled to the firewall is generated and displayed. A number of an inbound port of the network is displayed. An arrow adjacent to the port number pointing toward the network is displayed to indicate that a communication is permitted to the port. The port number and the arrow are located between an icon for the network and an icon for the firewall. A port number of a destination of a communication originating from the network is displayed. Also, another arrow adjacent to the destination port number pointing toward the firewall is displayed to indicate that a communication is permitted to the destination port number. The destination port number and the other arrow are located between an icon for the network and an icon for the firewall.
35 Citations
12 Claims
-
1. A computer program product for reporting permitted message flows through a firewall, the computer program product comprising:
-
one or more computer-readable non-transitory storage devices and program instructions stored on the one or more storage devices, the program instructions comprising; program instructions to generate and display a firewall icon representing the firewall and a network icon, the network icon representing a first network; program instructions to generate and display a first arrow in a first color pointing from the displayed firewall icon to the displayed network icon to indicate that a first communication is permitted to the first network, the first arrow displayed in the first color to represent a security level of a second network from which the first communication originates and to which the firewall is coupled; program instructions, responsive to a user selection of the displayed first arrow, to determine and display a list of ports from the second network that are permitted by the firewall to originate messages to the first network and a list of ports of the first network that are permitted by the firewall to receive the messages from the second network; program instructions to generate and display a second arrow in a second, different color having a substantially triangular tip visually pointing from the displayed firewall icon to the displayed network icon to indicate that a second communication is permitted to the first network, the second arrow displayed in the second, different color to represent a security level of a third network from which the second communication originates and to which the firewall is coupled; and program instructions, responsive to a user selection of the displayed second arrow, to determine and display a list of ports from the third network that are permitted by the firewall to originate messages to the first network and a list of ports of the first network that are permitted by the firewall to receive the messages from the third network; and wherein the second network has a different security level than the third network as indicated by the first and second arrows being respectively displayed in the first and second, different colors. - View Dependent Claims (2, 3, 7, 8, 9)
-
-
4. A computer system for reporting permitted message flows through a firewall, the computer system comprising:
-
one or more processors, one or more computer-readable memories, one or more computer-readable non-transitory storage devices, and program instructions stored on the one or more storage devices for execution by the one or more processors via the one or more memories, the program instructions comprising; program instructions to generate and display a firewall icon representing the firewall and a network icon, the network icon representing a first network; program instructions to generate and display a first arrow in a first color pointing from the displayed firewall icon to the displayed network icon to indicate that a first communication is permitted to the first network, the first arrow displayed in the first color to represent a security level of a second network from which the first communication originates and to which the firewall is coupled; program instructions, responsive to a user selection of the displayed first arrow, to determine and display a list of ports from the second network that are permitted by the firewall to originate messages to the first network and a list of ports of the first network that are permitted by the firewall to receive the messages from the second network; program instructions to generate and display a second arrow in a second, different color having a substantially triangular tip visually pointing from the displayed firewall icon to the displayed network icon to indicate that a second communication is permitted to the first network, the second arrow displayed in the second, different color to represent a security level of a third network from which the second communication originates and to which the firewall is coupled; and program instructions, responsive to a user selection of the displayed second arrow, to determine and display a list of ports from the third network that are permitted by the firewall to originate messages to the first network and a list of ports of the first network that are permitted by the firewall to receive the messages from the third network; and wherein the second network has a different security level than the third network as indicated by the first and second arrows being respectively displayed in the first and second, different colors. - View Dependent Claims (5, 6, 10, 11, 12)
-
Specification